公开(公告)号：US20140156823A1

公开(公告)日：2014-06-05

申请号：US14088665

申请日：2013-11-25

Applicant: Huawei Technologies Co., Ltd.

Inventor： Hewei Liu ,  Yunlong Shi

IPC: H04L12/24

CPC classification number: H04L41/0893 ,  H04L41/20 ,  H04L63/0263

Abstract: A policy processing method and network device. The method includes: performing a mixed orchestration on all service rules corresponding to multiple services, so as to construct multiple condition sets; performing, according to the constructed multiple condition sets, unified condition matching on packet feature information of a received network packet, and outputting a condition matching result set; and calling, a service application to execute a policy action corresponding to each condition identifier in the condition matching result set. In solutions of the embodiments of the present invention, by performing a mixed orchestration on multiple service rules, all service rules are organized in a unified manner, information required by all services is extracted in one packet scanning process, and only one matching and rule verification process is required. Thereby, redundant operations between multiple services are reduced, and device integration and performance are improved.

Abstract translation: 策略处理方法和网络设备。 该方法包括：对与多个业务相对应的所有业务规则进行混合编排，构建多个条件集; 根据构造的多个条件集合，对接收到的网络分组的分组特征信息进行统一条件匹配，并输出条件匹配结果集; 并且调用服务应用来执行与条件匹配结果集中的每个条件标识符相对应的策略动作。 在本发明实施例的解决方案中，通过对多个业务规则进行混合编排，所有业务规则以统一的方式组织，所有业务所需的信息在一个分组扫描过程中被提取，只有一个匹配和规则验证 过程是必需的。 因此，减少了多个业务之间的冗余操作，提高了设备​​集成度和性能。

公开(公告)号：US10567422B2

公开(公告)日：2020-02-18

申请号：US15606855

申请日：2017-05-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zechao Meng ,  Hewei Liu

IPC: H04L29/06 ,  G06F9/455 ,  H04L29/08 ,  H04W12/12

Abstract: An apparatus for processing an attack behavior of a cloud application in a cloud computing system, including a policy manager configured to store a security determining rule and a malicious application processing rule, a security analyzer configured to receive application behavior data from a security detector, and send the application behavior data to a security processor when the cloud application running on the cloud host has an attack behavior, and the security processor is configured to invoke, according to the malicious application processing rule, an interface provided by a cloud controller in order to process the cloud application having an attack behavior. The apparatus performs security protection based on an application level of cloud computing, which can prevent mutual attack between different applications on a same host, and reduce impact on a normal application.

公开(公告)号：US20170331705A1

公开(公告)日：2017-11-16

申请号：US15663140

申请日：2017-07-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Enlong Jiang ,  Hewei Liu

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L41/5025 ,  H04L29/08 ,  H04L41/147 ,  H04L41/5096 ,  H04L43/0817

Abstract: A resource scaling method for dynamically allocating resources to an application deployed on a cloud platform. The method includes predicting, at a first moment according to a prediction policy, a service indicator of a service that is at a second moment later than the first moment, to obtain a predicted service indicator, determining, according to the predicted service indicator and a mapping relationship between a service indicator and a resource amount required by the application, a resource amount required by the application at the second moment, and adjusting, before the second moment arrives, a resource amount of the application to the determined resource amount.

公开(公告)号：US09461888B2

公开(公告)日：2016-10-04

申请号：US14088665

申请日：2013-11-25

Applicant: Huawei Technologies Co., Ltd.

Inventor： Hewei Liu ,  Yunlong Shi

IPC: G06F15/177 ,  H04L12/24 ,  H04L29/06

CPC classification number: H04L41/0893 ,  H04L41/20 ,  H04L63/0263

Abstract: A policy processing method and network device. The method includes: performing a mixed orchestration on all service rules corresponding to multiple services, so as to construct multiple condition sets; performing, according to the constructed multiple condition sets, unified condition matching on packet feature information of a received network packet, and outputting a condition matching result set; and calling, a service application to execute a policy action corresponding to each condition identifier in the condition matching result set. In solutions of the embodiments of the present invention, by performing a mixed orchestration on multiple service rules, all service rules are organized in a unified manner, information required by all services is extracted in one packet scanning process, and only one matching and rule verification process is required. Thereby, redundant operations between multiple services are reduced, and device integration and performance are improved.

Abstract translation: 策略处理方法和网络设备。 该方法包括：对与多个业务相对应的所有业务规则进行混合编排，构建多个条件集; 根据构造的多个条件集合，对接收到的网络分组的分组特征信息进行统一条件匹配，并输出条件匹配结果集; 并且调用服务应用来执行与条件匹配结果集中的每个条件标识符相对应的策略动作。 在本发明实施例的解决方案中，通过对多个业务规则进行混合编排，所有业务规则以统一的方式组织，所有业务所需的信息在一个分组扫描过程中被提取，只有一个匹配和规则验证 过程是必需的。 因此，减少了多个业务之间的冗余操作，提高了设备​​集成度和性能。

公开(公告)号：US11016806B2

公开(公告)日：2021-05-25

申请号：US16677459

申请日：2019-11-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Azoulay Iko ,  Hewei Liu ,  Kun Li

IPC: G06F9/48 ,  G06F9/54 ,  H04L29/08 ,  H04L29/06 ,  H04L12/851

Abstract: A service scheduling method, including: obtaining scheduling information of multiple services deployed on a network device; generating scheduling logic according to the scheduling information, invoking, according to the generated scheduling logic, each processing module to process a packet received by the network device, and invoking, according to the scheduling point information of each service, a corresponding service at a scheduling point of each service. Accordingly, the embodiments of the present invention also provide a service scheduling apparatus and a network device.

公开(公告)号：US10225150B2

公开(公告)日：2019-03-05

申请号：US15269381

申请日：2016-09-19

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Hewei Liu ,  Yunlong Shi

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/06

Abstract: A policy processing method and network device. The method includes: performing a mixed orchestration on all service rules corresponding to multiple services, so as to construct multiple condition sets; performing, according to the constructed multiple condition sets, unified condition matching on packet feature information of a received network packet, and outputting a condition matching result set; and calling, a service application to execute a policy action corresponding to each condition identifier in the condition matching result set. In solutions of the embodiments of the present invention, by performing a mixed orchestration on multiple service rules, all service rules are organized in a unified manner, information required by all services is extracted in one packet scanning process, and only one matching and rule verification process is required. Thereby, redundant operations between multiple services are reduced, and device integration and performance are improved.

公开(公告)号：US20170300497A1

公开(公告)日：2017-10-19

申请号：US15641137

申请日：2017-07-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Fangmin Pan ,  Hewei Liu ,  Chao Gao

IPC: G06F17/30 ,  H04L12/24 ,  H04L29/08

CPC classification number: G06F16/24578 ,  G06F16/00 ,  G06F16/9535 ,  H04L41/50 ,  H04L67/10

Abstract: A cloud platform application-orientated service recommendation method includes obtaining service status information of a cloud platform, and obtaining a target service type, where the target service type is a service type required by a target application, and the target application is an application that runs on the cloud platform and requires service recommendation. The method further includes obtaining, according to the service status information, a service that matches the target service type, and using the service as a to-be-recommended service.

公开(公告)号：US10785309B2

公开(公告)日：2020-09-22

申请号：US16138649

申请日：2018-09-21

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Lei Qiao ,  Hewei Liu

IPC: H04L29/08 ,  H04L29/06

Abstract: A session monitoring method is used for determining session information in a service server, and the session information includes at least one type of current session information or historical session information. The current session information is sent to a control device, and the current session information is used by the control device to determine a control instruction. The historical session information is sent to an analysis device, and the historical session information is used by the analysis device to analyze a historical session. The current session information is analyzed, so as to obtain an analysis result of the current session information. Therefore, data is separately processed according to a requirement. This facilitates implementation of a session monitoring solution, reduces resource consumption, and meets a service requirement of session monitoring.

公开(公告)号：US20170264637A1

公开(公告)日：2017-09-14

申请号：US15606855

申请日：2017-05-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zechao Meng ,  Hewei Liu

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1441 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1466 ,  H04L69/329 ,  H04W12/12

Abstract: An apparatus for processing an attack behavior of a cloud application in a cloud computing system, including a policy manager configured to store a security determining rule and a malicious application processing rule, a security analyzer configured to receive application behavior data from a security detector, and send the application behavior data to a security processor when the cloud application running on the cloud host has an attack behavior, and the security processor is configured to invoke, according to the malicious application processing rule, an interface provided by a cloud controller in order to process the cloud application having an attack behavior. The apparatus performs security protection based on an application level of cloud computing, which can prevent mutual attack between different applications on a same host, and reduce impact on a normal application.

公开(公告)号：US20150121385A1

公开(公告)日：2015-04-30

申请号：US14587666

申请日：2014-12-31

Applicant: Huawei Technologies Co., Ltd.

Inventor： Azoulay Iko ,  Hewei Liu ,  Kun Li

IPC: G06F9/48 ,  G06F9/54

CPC classification number: G06F9/4881 ,  G06F9/54 ,  H04L63/0263 ,  H04L67/327

Abstract: A service scheduling method, including: obtaining scheduling information of multiple services deployed on a network device; generating scheduling logic according to the scheduling information, invoking, according to the generated scheduling logic, each processing module to process a packet received by the network device, and invoking, according to the scheduling point information of each service, a corresponding service at a scheduling point of each service. Accordingly, the embodiments of the present invention also provide a service scheduling apparatus and a network device. In the embodiments of the present invention, by using the foregoing technical solutions, a conventional packet processing process is segmented in detail, multiple service scheduling points are defined, and a required service is flexibly scheduled according to a packet processing result, which avoids repeated scheduling, improves flexibility and performance of service scheduling, and increases competitiveness of a network device.

Abstract translation: 一种业务调度方法，包括：获取部署在网络设备上的多个业务的调度信息; 根据调度信息生成调度逻辑，根据生成的调度逻辑调用每个处理模块处理由网络设备接收的分组，并根据每个业务的调度点信息调度对应的业务， 每个服务点。 因此，本发明的实施例还提供了一种业务调度装置和网络装置。 在本发明的实施例中，通过使用上述技术方案，对传统的分组处理过程进行细分，定义了多个业务调度点，根据分组处理结果灵活地调度所需的业务，避免重复调度 提高业务调度的灵活性和性能，提高网络设备的竞争力。