CN107395500B

CN107395500B - Intelligent network architecture integrating perception, calculation and storage and implementation method

Info

Publication number: CN107395500B
Application number: CN201710743012.7A
Authority: CN
Inventors: 杨坚; 姚振; 吴枫; 谭小彬; 郑烇
Original assignee: University of Science and Technology of China USTC
Current assignee: University of Science and Technology of China USTC
Priority date: 2017-08-25
Filing date: 2017-08-25
Publication date: 2020-03-31
Anticipated expiration: 2037-08-25
Also published as: CN107395500A

Abstract

The invention discloses a perception, calculation and storage integrated intelligent network architecture and a realization method thereof, which adopts a model combining Content Identification (CID), equipment identification (GUID) and security identification (SecID): the content is stored in a distributed mode in a network, a content caching strategy is deployed in an LCRS, an aggregation strategy is deployed in a router, and sharing and multiplexing of resources are achieved through mutual cooperation among nodes; a mixed routing mode of equipment identification/address is adopted, and NRS provides two-stage name resolution service, so that the network supports seamless host and network mobility; and an active defense security verification mechanism is adopted, the edge router is used as a trust root, access control and identity verification are carried out on the user by combining the equipment identifier and the security identifier, and illegal contents are effectively intercepted by combining the content identifier. The network architecture can sense the content transmitted by the network, the change of the network environment and the behavior of the network user; seamless host and network mobility is supported, and the extensible and evolutionary capability is realized; active defense and network security.

Description

Intelligent network architecture integrating perception, calculation and storage and implementation method

Technical Field

The invention relates to the technical field of computer networks, in particular to a perception, calculation and storage integrated intelligent network architecture.

Background

With the rapid growth of internet network scale and the rapid development of new applications, the traditional internet architecture faces significant challenges in terms of scalability, controllability, mobility, security, and the like. With such a background, innovative future network architecture research has become a hot area of current global interest.

The traditional internet uses an IP address as a core, and adopts a TCP/IP architecture designed according to an end-to-end principle for the purpose of simple transmission. First, the traffic surge and the drastic inflation of routing tables have seriously affected the scalability of the conventional IP network, and the root of the problem is that the TCP/IP architecture is a point-to-point communication mode based on IP addresses, which results in that all communication traffic is converged on the backbone network, and all backbone routers need to maintain routes to any node (subnet). Secondly, the increasing popularization of portable mobile terminals and the explosive increase of the number of terminals of the internet of things put higher demands on the mobility of the network, and the enhancement of the mobility of the user terminal causes frequent change of a data transmission path, thereby seriously damaging the continuity of the upper-layer application service and influencing the service quality of the IP network user. Finally, the existing network applications put higher requirements on the protection of user security and privacy, while the security means of the traditional IP network is basically in a passive response state and is unaware of attack, the root cause is that the point-to-point communication mode based on the IP address can only provide an end-to-end secure channel, and cannot realize personalized security services for services and contents.

In view of the above problems, the existing solutions are mainly to add functions at the application layer. Such as using Content Delivery Networks (CDNs) and peer-to-peer networks (P2P), provide network services on network edge hosts. The technologies can improve the content distribution efficiency to a certain extent, but because the network state is difficult to be effectively sensed and uniform content identification is lacked, the problems of low routing efficiency, high implementation difficulty and the like exist. The CDN technology is expensive to deploy, specific data optimization for a signed user cannot serve global network users, and the problem of scalability is relieved only by continuously increasing hardware investment under the existing architecture; in an internet architecture taking an IP route as a core, a mutual inductance mechanism is lacked between a service resource and a physical network, and application layer solutions such as P2P cannot fundamentally solve the challenges and problems faced by the network.

Disclosure of Invention

The invention aims to provide an intelligent network architecture integrating sensing, computing and storing and an implementation method thereof, which can sense the content of network transmission, the change of network environment and the behavior of network users; seamless host and network mobility is supported, and the extensible and evolutionary capability is realized; active defense and network security.

The purpose of the invention is realized by the following technical scheme:

an intelligent network architecture for perceptual computing storage integration, comprising: the system comprises a router with sensing, calculating and storing capacity and supporting intra-domain content aggregation, a two-stage name resolution server NRS supporting intra-domain and inter-domain mobility, and a local content resolution server LCRS supporting intra-domain content caching; wherein:

the router provides a security verification service based on the security identifier SecID, a data forwarding service based on the device identifier GUID and a content service based on the content identifier CID;

when a router receives a data packet sent by a user, distinguishing the type of the data packet, and verifying the validity of the content of the data packet through the communication between the SecID, the GUID and the CID of the data packet header and the LCRS and the authenticity of the identity of the user through the communication between the LCRS and the LCRS for the data packet of the intelligent network architecture SCSN integrating sensing, calculation and storage; then, judging that the data packet passing the verification is a content packet or a request packet; for the content packet, if the content packet is a data packet allowing content caching, the routers perform collaborative storage under the scheduling of LCRS, and if the content packet is a data packet supported by mobility, the dynamic binding of the GUID and the address is realized in the routing process based on a GUID forwarding strategy; for the request packet, if the request packet is a content request, the router reports the corresponding CID to the LCRS, and content aggregation is realized according to the content distribution condition returned by the LCRS; if the request is an access request, the router communicates with the NRS to carry out user identity authentication through corresponding SecID and GUID so as to realize access control.

For the content packet, the router firstly performs differential service according to the service identification bit of the data packet header, including:

for the data packet allowing content caching, the routers report the CID to the LCRS to obtain a caching strategy, and the routers perform collaborative storage under the scheduling of the LCRS to realize resource sharing and multiplexing;

for a data packet supported by mobility, a router queries NRS to acquire dynamic binding of GUID and network address, then a next-hop router forwarded by the router is acquired through a local forwarding table, if the data packet forwarding fails, the router stores the data packet, and the router continues to query NRS for storing and forwarding.

The NRS provides dynamic binding service of GUID and network address; the GUID is a global invariant, the network address of the equipment dynamically changes along with the change of the access point, and the NRS ensures correct routing of the equipment under the condition that the access position is continuously migrated;

the NRS adopts a hierarchical structure, comprising: a primary NRS and a secondary NRS; the first-level NRS is used for intra-domain routing, and the second-level NRS is used for inter-domain routing; the first-level NRS updates and maintains the mapping relation between GUIDs and network addresses according to the equipment information reported by the router, and then calculates all equipment which moves between domains and reports the second-level NRS; the intra-domain movement of the device is transparent to the second-level NRS, and only maintains the mapping from the device identifier to the gateway router address GA and is responsible for routing the data packet to the domain where the destination device is located;

the first-level NRS classifies routing inquiry and user access control information and respectively and correspondingly enters a name resolution service and a user management module, and the first-level NRS user management module relates to user access control and identity authentication and sends the add-delete information of users in the domain to the second-level NRS; the second-level NRS receives information from the first-level NRS and the gateway router, enters the user management module and the name resolution service module through the classifier, respectively relates to updating and query operations of local information of the second-level NRS, finally sends confirmation information back to the first-level NRS, and sends a query result back to the gateway router.

The LCRS is used for managing the content stored in the intra-domain network; LCRS updates and maintains a mapping table CAMT from the content to the storage address according to the content cache information reported by the router, and controls the router to store the content and assist in completing content aggregation based on the CAMT, the storage strategy module and the content analysis module; the LCRS also establishes a content filtering table CFT according to a certain content filtering scheme for checking the validity of the content;

the LCRS comprises: the system comprises a classifier, a storage strategy module, a content analysis module and a memory for storing CAMT and CFT; the classifier divides the received information into a content request and a content storage part, wherein the content request is delivered to a content analysis module for subsequent processing, and the content storage is delivered to a storage strategy module for subsequent processing;

the content analysis module and the storage strategy module call the content analysis module to inquire the CFT for checking whether the content is legal or not; if the content contract rule continuously inquires the CAMT to obtain the distribution of the corresponding content, the content analysis module sends the inquired content distribution to the router requesting the related content, and the related router carries out subsequent processing; the storage strategy module determines whether corresponding content needs to be stored according to the storage strategy, updates the CAMT and simultaneously sends related instructions to the router; if the content is not a rule to deny service.

The logic level of the system is respectively an application layer, a transmission layer, a network layer and a link layer from top to bottom; wherein, the router, NRS and LCRS are all positioned on the network layer;

the network layer includes: a data plane and a control plane;

the data plane functions as follows: content perception: the router senses and classifies according to the type of the data packet and performs differential service; and (3) content storage: the router reports CID and packet type information contained in the data packet to LCRS, and the LCRS plans to store the content in one or more routers in a unified manner; content aggregation: after receiving the user content request message, the first hop router reports the CID of the request content to LCRS, the LCRS inquires the CID in the CAMT and returns the distribution information stored by the content, and after receiving the distribution information, the first hop router determines that the relevant content is to be aggregated from a certain router or certain routers according to the content aggregation strategy of the routers; routing and forwarding: the router in the same domain forwards the data packet according to the GUID, a secondary NRS in the NRSs performs routing among a plurality of domains according to the GUID and the binding information of the address, and the data packet format comprises an IP header; and (4) safety verification: after the user permits access, setting the SecID of the user as a field bound with the GUID, and sending the SecID to the edge router as user-level identity authentication; for the data packet generated by the user, the CFT is inquired according to the CID for filtering and is used as the safety verification of the content level;

the management and control of network configuration and policy are realized in a control plane, and the method comprises the following steps: content parsing service: the LCRS inquires the CAMT information to obtain the mapping relation between the content and the network address; name resolution service: a first-level NRS in the NRS provides analysis service from GUIDs to network addresses in domains, and a second-level NRS in the NRS provides analysis service from GUIDs to network addresses in domains; route forwarding service: when routing in the domain, the router analyzes a destination network address according to the primary NRS to transmit a data packet; when routing between domains, the gateway router obtains the destination gateway address by inquiring the secondary NRS, so as to transmit the data packet through the backbone network; access control service: when a user applies for access, the access router reports the GUID of the user to a first-level NRS, the first-level NRS determines whether the user is allowed to access or not according to a blacklist and user permission data provided by an operator, sets the permission of the user, and records safety review and account book information.

A method for implementing an intelligent network architecture integrating perception, calculation and storage comprises the following steps: setting a router with sensing, calculating and storing capacity and supporting intra-domain content aggregation, setting a two-stage name resolution server NRS supporting intra-domain and inter-domain mobility, and setting a local content resolution server LCRS supporting intra-domain content caching; wherein:

the set router provides a security verification service based on a security identifier SecID, a data forwarding service based on an equipment identifier GUID and a content service based on a content identifier CID;

The logic level of the perception, calculation and storage integrated intelligent network architecture is respectively an application layer, a transmission layer, a network layer and a link layer from top to bottom; wherein, the router, NRS and LCRS are all positioned on the network layer;

the network layer includes: a data plane and a control plane;

It can be seen from the above technical solutions that the architecture adopts a model combining Content Identification (CID), device identification (GUID), and security identification (SecID): the content is stored in a distributed mode in a network, a content caching strategy is deployed in an LCRS, an aggregation strategy is deployed in a router, and sharing and multiplexing of resources are achieved through mutual cooperation among nodes; a mixed routing mode of equipment identification/address is adopted, and NRS provides two-stage name resolution service, so that the network supports seamless host and network mobility; and an active defense security verification mechanism is adopted, the edge router is used as a trust root, access control and identity verification are carried out on the user by combining the equipment identifier and the security identifier, and illegal contents are effectively intercepted by combining the content identifier.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.

Fig. 1 is a schematic diagram of an intelligent network architecture integrating sensing, computing and storage according to an embodiment of the present invention;

fig. 2 is a flowchart of a data forwarding service of a router according to an embodiment of the present invention;

FIG. 3 is a flow chart of information processing for an NRS according to an embodiment of the present invention;

FIG. 4 is a flow chart of information processing of LCRS according to an embodiment of the present invention;

fig. 5 is a schematic diagram of a logic architecture of an SCSN network according to an embodiment of the present invention;

FIG. 6 is a schematic diagram of a content aggregation process provided by an embodiment of the present invention;

FIG. 7 is a diagram illustrating a content storage process according to an embodiment of the present invention;

fig. 8 is a schematic diagram of a routing process according to an embodiment of the present invention;

fig. 9 is a schematic diagram of an information interaction process between routers and NRSs in an inter-domain and intra-domain mobile scenario according to an embodiment of the present invention;

fig. 10 is a schematic diagram of a security verification process according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.

Fig. 1 is a schematic diagram of an intelligent network architecture integrating sensing, computing and storage according to an embodiment of the present invention, and as shown in fig. 1, an intelligent network architecture (SCSN) integrating sensing, computing and storage is an edge network architecture. Since the backbone network is mainly used for inter-domain routing, if the sensing, calculating and storing functions are realized in the backbone network, a great time delay and complexity are introduced, and the network efficiency is reduced. By adopting the physical architecture of the edge network, the updating of the existing network equipment can be reduced to the greatest extent, and the cost for deploying the SCSN network is reduced. The high expandability of the edge network architecture enables enterprises, governments, schools and other units to customize and deploy the SCSN network according to the needs of the enterprises, the governments, the schools and the like. Because the SCSN network has good compatibility, its backbone network can continue to adopt an IP network architecture.

The core device of the SCSN includes: routers with perceptual computing storage capabilities and support intra-domain content aggregation, two-level Name Resolution Servers (NRS) supporting intra-domain and inter-domain mobility, and Local Content Resolution Servers (LCRS) supporting intra-domain content caching. The network architecture realizes the routing forwarding function in the domain and between the domains by two levels of name resolution servers and combining a hybrid routing mechanism based on equipment identification and addresses, and supports seamless host and network mobility; the local content management server is used for deploying content caching and content aggregation strategies, so that cooperative storage and resource reuse are realized among the routers, the content distribution efficiency is improved, and the network redundant flow is reduced; the active defense is carried out through a security verification mechanism, the edge router is used as a trust root to carry out identity verification on the user in combination with the identity identification and the security identification, illegal contents are effectively intercepted in combination with the content identification and the identity identification, and the user who issues illegal contents can be tracked and processed.

Routers of the SCSN network provide SecID-based security authentication services, GUID-based data forwarding services, and CID-based content services. When a user accesses a network, the router and the NRS communicate to verify the user identity to realize access control; when a user sends data, the router verifies the user identity and the legality of transmission content through the SecID, the GUID and the CID of the data packet header, and actively checks, processes and avoids network attack behaviors. Through the double security verification service aiming at the content and the user identity, the active defense of the network can be effectively realized. The routers can sense the transmitted content, store the content according to the deployed cache strategy, and cooperatively store the content under the scheduling of the LCRS, so that the sharing and multiplexing of resources are realized. By the aid of a forwarding strategy based on the GUID, dynamic binding of the equipment identifier and the address is realized in the routing process, mobility of equipment and a network can be effectively supported, and an application layer can keep a link uninterrupted in a mobile scene. The router ensures reliable end-to-end data transmission and reduces time delay brought by retransmission data through a hop-by-hop transmission mechanism. In addition, the router can also provide flexible differentiated services according to service types. For data which is not expected to be cached in actual requirements, a non-caching data transmission mode can be specified through a service type, for example, for paid content or private content, the data can be guaranteed not to be copied and spread arbitrarily by a network, and therefore copyright and user privacy are effectively protected. For the data sensitive to time delay, simple data forwarding based on the address can be carried out through the data packet designated by the service type, so that the network does not support mobility any more, the reliability of data transmission is not guaranteed, but the transmission time delay can be effectively reduced, and the method is suitable for real-time scenes. Through the difference service, a service provider can customize a network service mode, and the flexibility of a network is improved; the developer can add network function conveniently, and the expandability of the network is improved. Besides the above characteristics, the router of the SCSN can provide rich distributed computing resources, and support the ubiquitous computing functions of content computing, network computing, service computing and the like.

The SCSN provided by the embodiment of the invention can sense the content transmitted by the network, the change of the network environment and the behavior of the network user; seamless host and network mobility is supported, and the extensible and evolutionary capability is realized; active defense and network security.

For ease of understanding, the following description is made with respect to a router, NRS, and LCRS, respectively.

First, a router.

As shown in fig. 2, it is a data forwarding service flow diagram of a router. In the embodiment of the invention, the router supports the data forwarding service compatible with the IP; when the router receives the data packet, firstly, the data packet type is distinguished, traditional IP forwarding service is provided for the IP data packet, and the SCSN processing flow is executed for the SCSN data packet.

The router verifies the validity of the content of the data packet through the communication between the SecID, the GUID and the CID of the data packet header and the LCRS, and verifies the authenticity of the user identity through the communication with the NRS. And then, judging that the data packet passing the verification is a content packet or a request packet, and respectively processing the content packet and the request packet passing the verification. When the router receives the content packet, differential service is carried out according to the service identification bit of the data packet header. 1) For the data packet allowing content caching, the routers perform collaborative storage under the scheduling of LCRS; specifically, the method comprises the following steps: the routers report the CID to the LCRS to obtain a cache strategy, and the routers perform collaborative storage under the scheduling of the LCRS to realize resource sharing and multiplexing. 2) For a data packet supported by mobility, dynamic binding of a GUID and an address is realized in a routing process based on a GUID forwarding strategy; specifically, the method comprises the following steps: the router inquires NRS to obtain dynamic binding of GUID and network address, then obtains next hop router forwarded by the router through a local forwarding table, if the forwarding of the data packet fails, the router stores the data packet, and the router continues to inquire NRS for storing and forwarding.

When the router receives the request packet, the content request and the access request are distinguished. For the content request packet, the router firstly inquires the LCRS about the storage position of the content in the domain, if the requested content can be provided in the domain, the router informs other related routers of aggregating the content according to an aggregation strategy, and then directly responds to the content request of the terminal at the local router; otherwise, the content request is forwarded to the next hop router based on the GUID until the content request packet reaches the domain or content provider that stores the content. And for the access request packet, the router communicates with the NRS to carry out user identity authentication through corresponding SecID and GUID so as to realize access control.

II, NRS.

In the embodiment of the invention, the NRS provides dynamic binding service of GUID and network address; GUID is a global invariant, the network address of the device changes dynamically with changes in the access point, and the NRS ensures correct routing of the device with constant migration of access locations.

The NRS adopts a hierarchical structure, comprising: a primary NRS and a secondary NRS; the first-level NRS is used for intra-domain routing, and the second-level NRS is used for inter-domain routing; the first-level NRS updates and maintains the mapping relation between GUIDs and network addresses according to the equipment information reported by the router, and then calculates all equipment which moves between domains and reports the second-level NRS; intra-domain movement of devices is transparent to the secondary NRS, which only maintains a mapping of device identification to gateway router address (GA), responsible for routing packets to the domain where the destination device is located; the hierarchical NRS structure effectively realizes the unified routing of the intra-domain autonomy and the inter-domain, and improves the expandability of the network. The first-level NRS can deploy access control service in a personalized way, provides functions of equipment identity authentication and data security check, and sends request authentication information to the first-level NRS by a router for new equipment accessing a network so as to obtain equipment identity validity and access authority and realize the access control function.

As shown in fig. 3, is an information processing flowchart of NRS. The first-level NRS classifies routing inquiry and user access control information and respectively and correspondingly enters a name resolution service and a user management module, and the first-level NRS user management module relates to user access control and identity authentication and sends the add-delete information of users in the domain to the second-level NRS; the second-level NRS receives information from the first-level NRS and the gateway router, enters the user management module and the name resolution service module through the classifier, respectively relates to updating and query operations of local information of the second-level NRS, finally sends confirmation information back to the first-level NRS, and sends a query result back to the gateway router.

And thirdly, LCRS.

The LCRS is used for managing the content stored in the intra-domain network; the LCRS updates and maintains a mapping table (CAMT) from the content to the storage address according to the content caching information reported by the router, and controls the router to store the content and assist in completing content aggregation based on the CAMT, the storage strategy module and the content analysis module; the LCRS also establishes a Content Filtering Table (CFT) according to a certain content filtering scheme for checking the validity of the content;

FIG. 4 shows a flow chart of information processing of LCRS. The LCRS comprises: the system comprises a classifier, a storage strategy module, a content analysis module and a memory for storing CAMT and CFT; the classifier divides the received information into a content request and a content storage part, wherein the content request is delivered to a content analysis module for subsequent processing, and the content storage is delivered to a storage strategy module for subsequent processing;

the content analysis module and the storage strategy module can inquire the CFT and check whether the content is legal or not; if the content contract rule continuously inquires the CAMT to obtain the distribution of the corresponding content, the content analysis module sends the inquired content distribution to the router requesting the content, and the router carries out subsequent processing; the storage strategy module determines whether corresponding content needs to be stored according to the storage strategy, updates the CAMT and simultaneously sends related instructions to the router; if the content is not a regular denial of service; aiming at different service types with different requirements, the storage strategy module can be separated from the LCRS and integrated into the service management server, so that the expandability and the service efficiency are improved.

On the other hand, the logic architecture of the SCSN network provided by the embodiment of the present invention can be seen in fig. 5, where the logic levels thereof are, from top to bottom, an application layer, a transport layer, a network layer, and a link layer, respectively; the application layer runs an application program meeting the requirements of a user; the transport layer adopts a reliable transport layer protocol facing to the user application process; the link layer uses existing network link layer technology.

The core device router, the NRS and the LCRS of the SCSN are all positioned in a network layer. The network layer mainly comprises a data plane and a control plane, and provides complete sensing, calculating and storing services; the main functions of the data plane and the control plane are as follows:

1) the data plane functions as follows: content perception: the router senses and classifies according to the type of the data packet and performs differential service; and (3) content storage: the router reports CID and packet type information contained in the data packet to LCRS, and the LCRS plans to store the content in one or more routers in a unified manner; content aggregation: after receiving the user content request message, the first hop router reports the CID requesting the content to LCRS, the LCRS inquires the CID in the CAMT and returns the distribution information stored in the content, and after receiving the distribution information, the first hop router specifically determines that the content is to be aggregated from a certain router or certain routers according to the content aggregation strategy of the routers; routing and forwarding: the router in the same domain forwards the data packet according to the GUID, a secondary NRS in the NRSs performs routing among a plurality of domains according to the GUID and the binding information of the address, and the data packet format comprises an IP header; and (4) safety verification: after the user permits access, setting the SecID of the user as a field bound with the GUID, and sending the SecID to the edge router as user-level identity authentication; for the data packet generated by the user, the CFT is inquired according to the CID for filtering and is used as the safety verification of the content level;

2) the management and control of network configuration and policy are realized in a control plane, and the method comprises the following steps: content parsing service: the LCRS inquires the CAMT information to obtain the mapping relation between the content and the network address; name resolution service: a first-level NRS in the NRS provides analysis service from GUIDs to network addresses in domains, and a second-level NRS in the NRS provides analysis service from GUIDs to network addresses in domains; route forwarding service: when routing in the domain, the router analyzes a destination network address according to the primary NRS to transmit a data packet; when routing between domains, the gateway router obtains the destination gateway address by inquiring the secondary NRS, so as to transmit the data packet through the backbone network; access control service: when a user applies for access, the access router reports the GUID of the user to a first-level NRS, the first-level NRS determines whether the user is allowed to access or not according to a blacklist and user permission data provided by an operator, sets the permission of the user, and records safety review and account book information.

The above provides the main components and functions of the SCSN according to the embodiment of the present invention, and the following describes some important functions in detail with reference to some examples.

1. The content aggregation process is exemplified.

In the example, it is assumed that the involved content is legal, as shown in fig. 6, ① device C1 accesses router R1 in the network and sends request packet P1 to request content CID1, ② router R1 knows that P1 is request packet of CID1, and reports information by using LCRS communication module, ③ LCRS receives the request, content parsing module queries CAMT to obtain data distribution of CID1 and sends the information back to R1, ④ requests content data from a remote server if data corresponding to CID1 is not stored in the sub-domain, ⑤ router R1 requests content from the received content distribution to relevant routers (in this example, router R2 and router R3), ⑥ router R2 and router R3 send the content data to device C1 via router R1.

2. And (4) a content storage process.

①, when P1 of CID1 packet is forwarded through R1, R1 will buffer the packet while forwarding it, ② when R1 buffers the complete CID1 data, R1 inquires to LCRS whether to store all data of CID1 or its fragment, ③ LCRS's storage policy module inquires about the distribution of CAMT 1 to determine the storage and update operation according to the storage policy, if it needs to store, it issues storage instruction and updates CAMT, otherwise, it issues instruction to delete the buffer of CID 1.

3. A routing mechanism.

The routing process of the SCSN data packet is as shown in fig. 8, a terminal C1 is located in a sub-field D1, a backbone network passing through the middle is an IP network, and a data transmission process from C1 to C1 is divided into the following steps that 1C 1 constructs a data packet by using the device identifier (202) of C1 as a destination GUID, and sends the data packet to a first-hop router R1, 1R 1 sends the data packet to NRS1-Lv1 (primary NRS) to inquire the Network Address (NA) where 202 is located, NRS1-Lv 1-1 does not have address binding information of 202, at this time, the device identifier (111) of the gateway router is returned, the relay NA 1 data packet of the destination terminal reaches the gateway router, the gateway router inquires 1-Lv1 inquires the NA where 202 is located, the gateway 72-1 inquires the NRS1-Lv 1-1 to inquire the destination address (NA) of the destination IP packet as a local address (IP packet) and sends the SCSN 1-lxxxx data packet to a secondary NRS 1-1, and sends the IP packet to obtain a destination IP packet header compatible with the IP address binding information.

4. And mobility support.

The SCSN supports intra-domain and inter-domain mobility of devices, and in this example, information interaction procedures of the router and the NRS in inter-domain and intra-domain mobility scenarios will be described, respectively, as shown in fig. 9.

① equipment C2 moves from router R33 in D3 domain to R24 in D2 domain, ② R33 reports the leaving of C2 to NRS3-Lv1 (primary NRS), ③ R24 reports C2 access to NRS2-Lv1, ④ NRS2-Lv1 judges that C2 belongs to inter-domain movement, reports to NRS-Lv2 (secondary NRS), ⑤ obtains the network address of C33 through NRS of C2 movement, and forwards the data to R33, R33 queries NRS 33-Lv 33, sends the data packet to gateway router R33, R33 forwards the data packet to new path of R33, and sends the data packet to R33.

⑦ equipment C2 moves from R24 to R22 in D2 domain, ⑧ R22 reports C2 access to NRS2-Lv1, at this time, the data packet transmitted between domains still reaches the gateway router of D2 through two-stage NRS inquiry, the data packet transmitted in the domains routes to R22 through inquiring one-stage NRS.

5. And (6) safety verification.

The SCSN system structure can reject the access of a malicious user, support active identity authentication and effectively prohibit the user from requesting and issuing illegal contents. Fig. 10 shows a process of security authentication by the system.

① user A connects an edge router R2, sets a security password (SecID field) corresponding to a GUID by itself to request to access the SCSN network, ② R2 reports the GUID and SecID information provided by the user A to an NRS, the NRS inquires whether the user A exists in a user blacklist or not according to the GUID, if so, the user A is directly refused to access the SCSN network, otherwise, a user management module maintains the GUID and SecID binary information of the user A and informs R2 to record the corresponding relation, and after ③ user A passes access authentication, the security authentication module of R2 finishes identity authentication by checking the SecID field and the GUID of a packet header sent by the user A.

A user B distributes illegal contents to the system, and a user C requests the illegal contents, the system performs a contents security authentication process such as ④ user B distribution of contents, ⑤ edge router R1 extracts a CID of a contents packet sent by user B and sends it to LCRS through LCRS communication module, ⑥ LCRS inquires a Contents Filter Table (CFT) through a contents parsing module to find that the CID corresponds to the illegal contents and informs the edge router to discard the contents and send a warning to user B, ⑦ user C sends a contents request, ⑧ edge router R4 extracts a CID of a request packet sent by user C and sends it to LCRS, and ⑨ LCRS finds that the CID corresponds to the illegal contents and informs the edge router to reject the service of the request and send a warning to user C.

If a user continuously issues multiple illegal contents or requests the illegal contents for multiple times, the system will blacklist the user and refuse to provide network access service for the user within a certain time.

Another embodiment of the present invention further provides a method for implementing an intelligent network architecture integrating sensing, computing and storage, which mainly includes: setting a router with sensing, calculating and storing capacity and supporting intra-domain content aggregation, setting a two-stage name resolution server NRS supporting intra-domain and inter-domain mobility, and setting a local content resolution server LCRS supporting intra-domain content caching; wherein:

Further, for the content packet, the router firstly performs differential service according to the service identification bit of the data packet header, including:

Further, the NRS provides a dynamic binding service of GUID and network address; the GUID is a global invariant, the network address of the equipment dynamically changes along with the change of the access point, and the NRS ensures correct routing of the equipment under the condition that the access position is continuously migrated;

Further, the LCRS is used to manage contents stored in the intra-domain network; LCRS updates and maintains a mapping table CAMT from the content to the storage address according to the content cache information reported by the router, and controls the router to store the content and assist in completing content aggregation based on the CAMT, the storage strategy module and the content analysis module; the LCRS also establishes a content filtering table CFT according to a certain content filtering scheme for checking the validity of the content;

Furthermore, the logic levels of the perception, calculation and storage integrated intelligent network architecture are respectively an application layer, a transmission layer, a network layer and a link layer from top to bottom; wherein, the router, NRS and LCRS are all positioned on the network layer;

the network layer includes: a data plane and a control plane;

It should be noted that the functions, working processes and principles of the router, the NRS and the LCRS in the above embodiments of the method are similar to those described in the foregoing embodiments of the intelligent network architecture, and therefore are not described again.

The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. An intelligent network system integrating perception, calculation and storage is characterized by comprising: the system comprises a router with sensing, calculating and storing capacity and supporting intra-domain content aggregation, a two-stage name resolution server NRS supporting intra-domain and inter-domain mobility, and a local content resolution server LCRS supporting intra-domain content caching; wherein:

when a router receives a data packet sent by a user, distinguishing the type of the data packet, and verifying the validity of the content of the data packet through the communication between the SecID, the GUID and the CID of the data packet header and the LCRS and the authenticity of the identity of the user through the communication between the LCRS and the LCRS for the data packet of the intelligent network architecture SCSN integrating sensing, calculation and storage; then, judging that the data packet passing the verification is a content packet or a request packet; for the content packet, if the content packet is a data packet allowing content caching, the routers perform collaborative storage under the scheduling of LCRS, and if the content packet is a data packet supported by mobility, the dynamic binding of the GUID and the network address is realized in the routing process based on a GUID forwarding strategy; for the request packet, if the request packet is a content request, the router reports the corresponding CID to the LCRS, and content aggregation is realized according to the content distribution condition returned by the LCRS; if the request is an access request, the router communicates with the NRS to carry out user identity authentication through corresponding SecID and GUID so as to realize access control.

2. The intelligent network system of claim 1, wherein for a content packet, the router first performs a differentiated service according to the service identifier of the data packet header, comprising:

3. The intelligent network system of claim 1, wherein the NRS provides dynamic binding services for GUIDs and network addresses; the GUID is a global invariant, the network address of the equipment dynamically changes along with the change of the access point, and the NRS ensures correct routing of the equipment under the condition that the access position is continuously migrated;

4. The intelligent network system integrating perceptual computing and storage according to claim 1, wherein the LCRS is configured to manage content stored in an intra-domain network; LCRS updates and maintains a mapping table CAMT from the content to the storage address according to the content cache information reported by the router, and controls the router to store the content and assist in completing content aggregation based on the CAMT, the storage strategy module and the content analysis module; the LCRS also establishes a content filtering table CFT according to a certain content filtering scheme for checking the validity of the content;

5. The intelligent network system integrating perception, computation and storage according to claim 1 is characterized in that the logic levels are an application layer, a transmission layer, a network layer and a link layer from top to bottom; wherein, the router, NRS and LCRS are all positioned on the network layer;

the network layer includes: a data plane and a control plane;

6. A method for realizing a perception, calculation and storage integrated intelligent network system is characterized by comprising the following steps: setting a router with sensing, calculating and storing capacity and supporting intra-domain content aggregation, setting a two-stage name resolution server NRS supporting intra-domain and inter-domain mobility, and setting a local content resolution server LCRS supporting intra-domain content caching; wherein:

7. The method as claimed in claim 6, wherein for the content packet, the router first performs a differentiated service according to the service identifier of the data packet header, and the method comprises:

8. The method of claim 6, wherein the NRS provides dynamic binding service of GUID and network address; the GUID is a global invariant, the network address of the equipment dynamically changes along with the change of the access point, and the NRS ensures correct routing of the equipment under the condition that the access position is continuously migrated;

9. The method of claim 6, wherein the LCRS is configured to manage content stored in the intra-domain network; LCRS updates and maintains a mapping table CAMT from the content to the storage address according to the content cache information reported by the router, and controls the router to store the content and assist in completing content aggregation based on the CAMT, the storage strategy module and the content analysis module; the LCRS also establishes a content filtering table CFT according to a certain content filtering scheme for checking the validity of the content;

10. The method of claim 6, wherein the logic level of the architecture of the intelligent network is an application layer, a transport layer, a network layer and a link layer from top to bottom; wherein, the router, NRS and LCRS are all positioned on the network layer;

the network layer includes: a data plane and a control plane;