1. Overview
As one of the five functions of network management, charge management can detect and control the cost and cost of network operation, record the usage of network resources, and after the cernet has determined the principle of paid use of network resources and share the international communication cost, the international communication cost is from each network unit, Just the billing management in the network management appears particularly important. As the biggest network management function and billing system in Ying County, it has a very important position in the whole network management.
In the process of participating in the construction of Campus network, the author has developed Hnums (hereinafter referred to as Hnums), using Linux system, programming with C language, based on packet filtering, successfully implemented the user-oriented network export (Cernet, Chinanet ...) and a variety of billing standards for flowmeter management software. This billing system has the following characteristics: free choice of network exports by users, custom firewall rules, can accommodate the number of clients can be expanded, applicable to a wide range of campus network.
2, the campus network billing management
The charge management of campus network is to measure the use of campus network resources in a certain way, and then the price can be converted to the corresponding cost, and the measure method can be based on time or flow rate, and most of the campus network adopts the method based on flowmeter fee.
At present, a popular method of campus network flowmeter fee is "based on IP billing Management", in the campus network to collect the client's IP data flow, and then the unit price to convert the corresponding costs, this billing method is characterized by "as well as the", the user is completely transparent, data collection is relatively easy to achieve, But the billing object is IP address, easy to steal IP address to evade the phenomenon of billing, some schools use a strong switch, the switch port and IP binding, although this method can be limited to a certain extent to steal IP (not completely eliminate, Under the Linux only ifconfig can achieve the purpose of modifying the Mac, Windows to modify the registry key value, but the corresponding exchange equipment price is higher, but also limits the user's flexibility, so that users can only in the binding computer online, because this billing method is for the network card machine fees, As a result, some students or workers for free to make "public" machine access to the Internet, these ills will undoubtedly bring great difficulties to the billing of the campus network, is the national or collective interests are damaged.
Another kind of more advanced Campus network Flowmeter Fee method is "based on the user's billing management" (such as Tsinghua University's user Management system http://usereg.tsinghua.edu.cn/), in the campus network through user authentication and other means of collecting user traffic, the advantage of this method is "people-oriented" , the user's traffic is independent of the machine used, whether dial-up Internet, or the Internet, whether in the computing center, or in the student dormitory, billing methods are the same, who internet users who spend money, fair and reasonable, this method through the user authentication means, effectively avoid the phenomenon of IP theft, greatly reducing the burden of network management, It also effectively avoids the loss of national interests.
3, the design and implementation of Hnums
Realize the billing management based on the user, and the collection and preservation of the flow information between the pipe and the user, in general, the network transmission process at the bottom of the collection of "datagram" contains only IP information, the so-called user name as the data section of the datagram can not be decomposed, so to obtain "user information", you must collect information in the application layer, The hnums of the author is a set of network management and billing software which combines the high level user authentication with the underlying IP data traffic, and has the distributed processing function.