CN102571928B - Method and device for selecting application proxy according to application identification - Google Patents
Method and device for selecting application proxy according to application identification Download PDFInfo
- Publication number
- CN102571928B CN102571928B CN201110432037.8A CN201110432037A CN102571928B CN 102571928 B CN102571928 B CN 102571928B CN 201110432037 A CN201110432037 A CN 201110432037A CN 102571928 B CN102571928 B CN 102571928B
- Authority
- CN
- China
- Prior art keywords
- application
- identified
- identification
- proxy
- mapping table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and a device for selecting an application proxy according to application identification. The method includes the steps of receiving a data packet, and judging whether corresponding application of the data packet is identified; and adopting a proxy with the identified application to perform processing when the application is identified. The method and the device can use the application identification for automatic study to obtain application identification results, thereby being capable of selecting the suitable application proxy correctly, improving application efficiency, avoiding customer manual configuration, and greatly reducing configuration complexity.
Description
Technical field
The present invention relates to the Internet agent skill group, specially refer to a kind of method and device of selecting application proxy according to application identification.
Background technology
Normally there is two-way server and client side in network service, utilizes each other various application protocols to communicate, variety of protocols such as CIFS, MAPI and HTTP.The transmitting procedure of data is conventionally as follows: client is initiated a request to the server in network, and then server returns corresponding accordingly; This client and server is not limited to PC, the electronicss such as portable computer, hand-hold electronic equipments.Above-mentioned request and response be when transmit on wide area network, if be subject to postponing on wide area network and the impact of packet loss, it is lower that performance will become.Wide area network accelerator (being not limited to the realization of software or hardware), for the situation of application, adopts the correlation techniques such as agent skill group, Data cache technology and compress technique to improve the efficiency of application layer protocol; Wherein first agent skill group comprises the agency (such as TCP and UDP) to transport layer, is secondly the agency to network layer 7 (application layer) agreement, common deployment as shown in Figure 1.This sentences hardware device is example, also comprises software realization, and proxy module is not limited to CIFS, MAPI and HTTP, can be the agency of any application layer protocol.
In whole network, exist a lot of server and client sides, thereby also exist different application protocol connections, thereby just exist how to distinguish TCP/UDP connection, and select corresponding application proxy module, could resolve its original data flow, thereby reach the object of raising efficiency.
Current traditional wan is optimized manufacturer can support the agency to common agreements such as CIFS, HTTP and MAPI, but for above the correct agency of How to choose, is all but the mode that adopts manual configuration.Because common application protocol all adopts the port of an acquiescence, for example 139 and 445 is exactly the port that CIFS is conventional, HTTP adopts 80 ports conventionally, so traditional manufacturer is configured the corresponding relation of port and protocol by craft, thus the processing of then selecting different proxy modules to connect according to the port of configuration.
Aforesaid way needs the artificial configuration that participates in, convenient not and have easy configuration error, especially to some not configurations of common agreement.Even if adopt the mode of default port to reduce configuration, because most server port can be revised, the problems referred to above still exist.
Summary of the invention
Main purpose of the present invention, for a kind of method of selecting application proxy according to application identification is provided, has promoted the efficiency of agent selection, has reduced the probability of makeing mistakes.
The present invention proposes a kind of method of selecting application proxy according to application identification, comprises step:
Receive packet and judge whether the corresponding application of packet is identified;
When application has been identified, adopt the agency who has identified application to process.
Preferably, described reception packet and judge the step whether corresponding application of packet be identified before, also comprise:
Set up default proxy mapping table.
Preferably, described reception packet and judge the step whether corresponding application of packet be identified after, also comprise:
When application is unrecognized, according to the feature of application, application is identified;
The mode that adopts application to be identified is processed.
Preferably, after the described step of application being identified according to the feature of application, also comprise:
Whether judgement identification is successful;
When identifying successfully, recognition result is added in proxy mapping table, and adopts the agency who has identified application to process;
When identification is unsuccessful, use TCP/UDP agent processes.
Preferably, the described step of application being identified according to the feature of application specifically comprises:
According to the feature of each layer of application in seven layers, network, application is identified; Described identification comprises: keyword match, behavioural analysis and/or data flow feature.
The present invention also proposes a kind of device of selecting application proxy according to application identification, comprising:
The first judging unit, for receiving packet and judging whether the corresponding application of packet is identified;
Application processing unit, for when application has been identified, adopts the agency who has identified application to process.
Preferably, described device also comprises:
Set up unit, for setting up default proxy mapping table.
Preferably, described device also comprises:
Application identification unit, for when application is unrecognized, identifies application according to the feature of application; And by described application processing unit, the mode that adopts application to be identified is processed.
Preferably, described device also comprises:
The second judging unit, for judging that whether identification is successful; When identifying successfully, by application processing unit, recognition result is added in proxy mapping table, and adopts the agency who has identified application to process; When identification is unsuccessful, by application processing unit, use TCP/UDP agent processes.
Preferably, described application identification unit specifically comprises:
According to the feature of each layer of application in seven layers, network, application is identified; Described identification comprises: keyword match, behavioural analysis and/or data flow feature.
The present invention can utilize application identification to carry out automatic learning, the recognition result that is applied, thereby can be correct choose suitable application proxy, promote application efficiency, and avoid client's manual configuration, greatly reduce the complexity of configuration.
Accompanying drawing explanation
Fig. 1 is network communication apparatus deployment architecture schematic diagram in prior art;
Fig. 2 is that the present invention is according to steps flow chart schematic diagram in method one embodiment of application identification selection application proxy;
Fig. 3 is that the present invention is according to another steps flow chart schematic diagram in method one embodiment of application identification selection application proxy;
Fig. 4 is that the present invention is according to steps flow chart schematic diagram in another embodiment of method of application identification selection application proxy;
Fig. 5 is that the present invention is according to structural representation in device one embodiment of application identification selection application proxy;
Fig. 6 is that the present invention is according to another structural representation in device one embodiment of application identification selection application proxy;
Fig. 7 is that the present invention is according to structural representation in another embodiment of device of application identification selection application proxy.
The realization of the object of the invention, functional characteristics and advantage, in connection with embodiment, are described further with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
With reference to Fig. 2, a kind of method one embodiment that selects application proxy according to application identification of the present invention is proposed.The method can comprise:
Step S10, receive packet and judge whether the corresponding application of packet is identified; When application has been identified, carry out step S11; When application is unrecognized, carry out step S12;
The agency that application has been identified in step S11, employing processes;
Step S12, according to application feature to application identify, be converted to step S11.
The above-mentioned method of selecting application proxy according to application identification, can be applicable in the wide area network accelerator of client.This wide area network accelerator can be realized by software or hardware.
With reference to Fig. 3, before above-mentioned steps S10, also can comprise:
Step S100, set up default proxy mapping table.
The present embodiment be take wide area network accelerator as example, can in this wide area network accelerator, set up proxy mapping table in advance.In this proxy mapping table, can comprise in seven layers, network each layer of corresponding application and this each corresponding agent property of application; This agent property at least comprises destination address and port etc.
Above-mentioned proxy mapping table for record data bag destination address (such as object IP) and port (number) belong to which kind of application protocol type, conventionally concerning network connects, source IP and source port can not represent application type, and object IP and destination interface can represent a kind of application, only take object IP and destination interface herein as example.Most application protocol can identify (first packet conventionally connecting in application can be identified) very soon, but certain applications may could be determined protocol type after the request back and forth through after a while and response, for the application that can not identify very soon, proxy mapping table is the equal of just an intermediate object program of record.
Above-mentioned wide area network accelerator receives after the packet of client, judges whether the connection of this packet belongs to the application protocol connection being identified.If the application protocol being identified connects, can adopt the agency who has identified to process, adopt corresponding agent property.If unrecognized application protocol connects, can identify according to the feature of this application, and from default proxy mapping table, obtain corresponding agent property according to recognition result, the client data bag that then output receives.
Above-mentionedly according to the feature of application, application is identified specifically and comprised: according to the feature of each layer of application in seven layers, network, application is identified; This identification can comprise: the recognition technologies such as keyword match, behavioural analysis and/or data flow feature.
With reference to Fig. 4, in another embodiment of the present invention, after above-mentioned steps S12, also comprise:
Whether step S121, judgement are identified successful; When identifying successfully, carry out step S122; When identification is unsuccessful, carry out step S123;
Step S122, recognition result is added in proxy mapping table, and adopts the agency who has identified application to process;
Step S123, use TCP/UDP agent processes.
After carrying out application identification, can further verify that whether this identification is successful.If be proved to be successful, the result of identification can be added in above-mentioned proxy mapping table, and adopted the agency who has identified application to process (going to step S11).If verify unsuccessfully, can use TCP/UDP agent processes.Because TCP/UDP is two agencies the most substantially in various application protocols, it can process any agreement based on TCP/UDP, and it only uses for doing Transparent Proxy without the function of resolving application protocol.
The present embodiment according to application identification, select the method for application proxy, in the middle of the accelerator based on agency that can realize for hardware or software, can together dispose with other equipment (such as route, bridge, single armed pattern etc.).
Proxy mapping table can adopt other similar scheme to substitute, for example, under (SuSE) Linux OS, utilize the ip_conntrack of system can record its application identification result, is not limited to its implementation.
Said method can utilize application identification to carry out automatic learning, the recognition result that is applied, thereby can be correct choose suitable application proxy, promote application efficiency, and avoid client's manual configuration, greatly reduce the complexity of configuration.
With reference to Fig. 5, a kind of device 20 1 embodiment that select application proxy according to application identification of the present invention are proposed.This device 20 can comprise: the first judging unit 21 and application processing unit 23; This first judging unit 21, for receiving packet and judging whether the corresponding application of packet is identified; This applies processing unit 23, for when application has been identified, adopts the agency who has identified application to process.
Said apparatus 20 also comprises: application identification unit 22, for when application is unrecognized, according to the feature of application, application is identified; And by this application processing unit 23, the mode that adopts application to be identified is processed.
The above-mentioned device 20 of selecting application proxy according to application identification, can be applicable in the wide area network accelerator of client.This wide area network accelerator can be realized by software or hardware.
With reference to Fig. 6, said apparatus 20 also comprises: set up unit 24, for setting up default proxy mapping table.
The present embodiment be take wide area network accelerator as example, can in this wide area network accelerator, set up proxy mapping table in advance by setting up unit 24.In this proxy mapping table, can comprise in seven layers, network each layer of corresponding application and this each corresponding agent property of application; This agent property at least comprises destination address and port etc.
Above-mentioned proxy mapping table for record data bag destination address (such as object IP) and port (number) belong to which kind of application protocol type, conventionally concerning network connects, source IP and source port can not represent application type, and object IP and destination interface can represent a kind of application, only take object IP and destination interface herein as example.Most application protocol can identify (first packet conventionally connecting in application can be identified) very soon, but certain applications may could be determined protocol type after the request back and forth through after a while and response, for the application that can not identify very soon, proxy mapping table is the equal of just an intermediate object program of record.
Above-mentioned wide area network accelerator receives after the packet of client, by the first judging unit 21, judges whether the connection of this packet belongs to the application protocol being identified and connect.If the application protocol being identified connects, can use application processing unit 23 to adopt the agency who has identified to process, adopt corresponding agent property.If unrecognized application protocol connects, can use application identification unit 22 to identify according to the feature of this application, and utilize application processing unit 23 according to recognition result, from default proxy mapping table, to obtain corresponding agent property, the client data bag that then output receives.
Above-mentioned application identification unit 22 specifically comprises: according to the feature of each layer of application in seven layers, network, application is identified; This identification can comprise: the recognition technologies such as keyword match, behavioural analysis and/or data flow feature.
With reference to Fig. 7, in another embodiment of the present invention, said apparatus 20 also comprises: the second judging unit 25, for judging that whether identification is successful; When identifying successfully, by application processing unit 23, recognition result is added in proxy mapping table, and adopts the agency who has identified application to process; When identification is unsuccessful, by application processing unit 23, use TCP/UDP agent processes.
After carrying out application identification, further whether this identification of checking is successful can to use the second judging unit 25.If be proved to be successful, can the result of identification be added in above-mentioned proxy mapping table by application processing unit 23, and adopted the agency who has identified application to process (going to step S11).If verify unsuccessfully, can use TCP/UDP agent processes by application processing unit 23.Because TCP/UDP is two agencies the most substantially in various application protocols, it can process any agreement based on TCP/UDP, and it only uses for doing Transparent Proxy without the function of resolving application protocol.
The present embodiment according to application identification, select the device 20 of application proxy, in the middle of the accelerator based on agency that can realize for hardware or software, can together dispose with other equipment (such as route, bridge, single armed pattern etc.).
Proxy mapping table can adopt other similar scheme to substitute, for example, under (SuSE) Linux OS, utilize the ip_conntrack of system can record its application identification result, is not limited to its implementation.
Said apparatus 20 can utilize application identification to carry out automatic learning, the recognition result that is applied, thereby can be correct choose suitable application proxy, promote application efficiency, and avoid client's manual configuration, greatly reduce the complexity of configuration.
The foregoing is only the preferred embodiments of the present invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or conversion of equivalent flow process that utilizes specification of the present invention and accompanying drawing content to do; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (4)
1. according to application identification, select a method for application proxy, it is characterized in that, comprise step:
Set up default proxy mapping table; Described proxy mapping table comprises in seven layers, network each layer of corresponding application and this each corresponding agent property of application;
Receive packet and judge whether the corresponding application of packet is identified;
When application has been identified, adopt the agency who has identified application to process, adopt corresponding agent property;
When application is unrecognized, according to the feature of application, application is identified; Whether judgement identification is successful; When identifying successfully, recognition result is added in proxy mapping table, and adopts the agency who has identified application to process, according to recognition result, from default proxy mapping table, obtain corresponding agent property; When identification is unsuccessful, use TCP/UDP agent processes.
2. the method for selecting application proxy according to application identification according to claim 1, is characterized in that, the described step of application being identified according to the feature of application specifically comprises:
According to the feature of each layer of application in seven layers, network, application is identified; Described identification comprises: keyword match, behavioural analysis and/or data flow feature.
3. according to application identification, select a device for application proxy, it is characterized in that, comprising:
Set up unit, for setting up default proxy mapping table; Described proxy mapping table comprises in seven layers, network each layer of corresponding application and this each corresponding agent property of application;
The first judging unit, for receiving packet and judging whether the corresponding application of packet is identified;
Application processing unit, for when application has been identified, adopts the agency who has identified application to process, and adopts corresponding agent property;
Application identification unit, for when application is unrecognized, identifies application according to the feature of application;
The second judging unit, for judging that whether identification is successful; When identifying successfully, by application processing unit, recognition result is added in proxy mapping table, and adopts the agency who has identified application to process, according to recognition result, from default proxy mapping table, obtain corresponding agent property; When identification is unsuccessful, by application processing unit, use TCP/UDP agent processes.
4. the device of selecting application proxy according to application identification according to claim 3, is characterized in that, described application identification unit specifically comprises:
According to the feature of each layer of application in seven layers, network, application is identified; Described identification comprises: keyword match, behavioural analysis and/or data flow feature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110432037.8A CN102571928B (en) | 2011-12-21 | 2011-12-21 | Method and device for selecting application proxy according to application identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110432037.8A CN102571928B (en) | 2011-12-21 | 2011-12-21 | Method and device for selecting application proxy according to application identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571928A CN102571928A (en) | 2012-07-11 |
| CN102571928B true CN102571928B (en) | 2014-11-05 |
Family
ID=46416392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110432037.8A Active CN102571928B (en) | 2011-12-21 | 2011-12-21 | Method and device for selecting application proxy according to application identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571928B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752217B (en) * | 2012-07-16 | 2016-02-03 | 北京国创富盛通信股份有限公司 | Network acceleration system and network accelerating method |
| CN106936707A (en) * | 2015-12-29 | 2017-07-07 | 北界创想(北京)软件有限公司 | Method for routing and device |
| CN105791315B (en) | 2016-04-25 | 2019-05-14 | 网宿科技股份有限公司 | A kind of udp protocol acceleration method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282333A (en) * | 2008-05-22 | 2008-10-08 | 上海交通大学 | Method for switching information of distributed multiprotocol proxy and center system |
| CN101547207A (en) * | 2009-05-07 | 2009-09-30 | 杭州迪普科技有限公司 | Protocol identification control method and equipment based on application behavior mode |
| CN102006307A (en) * | 2010-12-16 | 2011-04-06 | 中国电子科技集团公司第三十研究所 | Application proxy-based network management system isolation control device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7647623B2 (en) * | 2005-10-17 | 2010-01-12 | Alcatel Lucent | Application layer ingress filtering |
-
2011
- 2011-12-21 CN CN201110432037.8A patent/CN102571928B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282333A (en) * | 2008-05-22 | 2008-10-08 | 上海交通大学 | Method for switching information of distributed multiprotocol proxy and center system |
| CN101547207A (en) * | 2009-05-07 | 2009-09-30 | 杭州迪普科技有限公司 | Protocol identification control method and equipment based on application behavior mode |
| CN102006307A (en) * | 2010-12-16 | 2011-04-06 | 中国电子科技集团公司第三十研究所 | Application proxy-based network management system isolation control device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571928A (en) | 2012-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106856434B (en) | Method and device for converting access request | |
| CN103475726B (en) | A kind of virtual desktop management, server and client side | |
| JP5869513B2 (en) | Fault response system and fault response method | |
| CN109714209B (en) | Method and system for diagnosing website access fault | |
| CN103139157B (en) | A kind of based on the network communication method of socket, Apparatus and system | |
| EP3809222B1 (en) | Vehicle remote diagnosis method and system | |
| CN104079571B (en) | A kind of method and device for recognizing Android simulator | |
| CN103647701B (en) | The control method and device of instantaneous communication system message forwarding | |
| CN105897652A (en) | Standard protocol based heterogeneous terminal dynamic access method | |
| WO2021164261A1 (en) | Method for testing cloud network device, and storage medium and computer device | |
| CN102571928B (en) | Method and device for selecting application proxy according to application identification | |
| CN109327511B (en) | Data request method and server based on HTTP (hyper text transport protocol) | |
| CN103067919B (en) | Connection establishment method and authentication method between computing device and mobile device | |
| CN110290015A (en) | Remote deployment method, apparatus and storage medium | |
| CN104468265A (en) | Method and device for detecting online states of local area network terminals | |
| CN103916492A (en) | Network device access control method and device | |
| CN106851513A (en) | The method of testing and system of a kind of electronic product | |
| CN106656998A (en) | Server communication method and device | |
| CN102984055B (en) | The soft reboot upgrade method of a kind of ISSU and equipment | |
| CN109547430B (en) | Development service gateway system and development service gateway | |
| CN102223266B (en) | Method and device for detecting protocol agent | |
| US20150163327A1 (en) | Correct Port Identification in a Network Host Connection | |
| CN103997437A (en) | Cloud server registration function testing method | |
| CN104038538A (en) | Method and system for local area network host software updating | |
| CN105338187A (en) | Information processing method and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200611 Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SANGFOR TECHNOLOGIES Inc. Address before: 518000 Nanshan Science and Technology Pioneering service center, No. 1 Qilin Road, Guangdong, Shenzhen 418, 419, Patentee before: Shenxin network technology (Shenzhen) Co.,Ltd. |
|
| TR01 | Transfer of patent right |