CN109729190B - Network access method, system, device and computer readable storage medium - Google Patents

Network access method, system, device and computer readable storage medium Download PDF

Info

Publication number
CN109729190B
CN109729190B CN201910202675.7A CN201910202675A CN109729190B CN 109729190 B CN109729190 B CN 109729190B CN 201910202675 A CN201910202675 A CN 201910202675A CN 109729190 B CN109729190 B CN 109729190B
Authority
CN
China
Prior art keywords
public network
address
target
routing information
external connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910202675.7A
Other languages
Chinese (zh)
Other versions
CN109729190A (en
Inventor
吴国恩
杨俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201910202675.7A priority Critical patent/CN109729190B/en
Publication of CN109729190A publication Critical patent/CN109729190A/en
Application granted granted Critical
Publication of CN109729190B publication Critical patent/CN109729190B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network access method, a system, equipment and a computer readable storage medium, wherein the method comprises the following steps: receiving a request message aiming at the target IP address and sent by a client; the target IP address is returned to the client by the domain name system DNS server according to the target domain name sent by the client; according to the target IP address, finding out the detail route information which is issued outwards by the public network outlet equipment and corresponds to the target IP address; the detailed routing information comprises address routing of a plurality of the external servers; and forwarding the request message to a plurality of external connection servers corresponding to the detail routing information through the public network outlet equipment so that the external connection servers respond to the request message. The invention solves the problem that the service is damaged for a long time due to the fact that the local DNS server cannot timely sense the fault of the remote external connection server.

Description

Network access method, system, device and computer readable storage medium
Technical Field
The present invention relates to the technical field of science and technology finance, and in particular, to a network access method, system, device and computer storage medium.
Background
With the rapid development of financial technology (Fintech), especially internet technology finance, more and more banks have configured internet areas for users to access. When a traditional internet special area is deployed by applying a main and standby server and a multi-activity architecture, a one-to-many mapping relation between a domain name and an IP address of a machine room is cached in a local domain name system DNS (Domain Name System) server, namely, the IP addresses of a plurality of machine rooms for the same service are different; after the user inputs the domain name, the local DNS server returns an IP address to the user side to guide the user to access the machine room corresponding to the IP address, however, if the external connection server in the machine room corresponding to the IP address returned to the user side has a fault, the local DNS server cannot be timely perceived, and only after the user fails to access the external connection server according to the returned IP address, the local DNS server communicates with the authoritative server to update the mapping relation cached by the local DNS server, and the local DNS server cannot timely perceive the fault of the external connection server, so that the service is damaged for a long time and the high real-time service requirement cannot be met.
Disclosure of Invention
The invention mainly aims to provide a network access method, a system, equipment and a computer storage medium, which aim to solve the problem that the high real-time service requirement cannot be met because a local DNS server cannot timely sense the fault of a remote external server.
In order to achieve the above object, the present invention provides a network access method applied to a public network convergence device, where the public network convergence device is in communication connection with a plurality of machine rooms, the machine rooms include a public network outlet device and an external connection server, and the plurality of external connection servers all have the same target IP address, and the network access method includes the following steps:
receiving a request message aiming at the target IP address and sent by a client; the target IP address is returned to the client by the domain name system DNS server according to the target domain name sent by the client;
according to the target IP address, finding out the detail route information which is issued outwards by the public network outlet equipment and corresponds to the target IP address; the detailed routing information comprises address routing of a plurality of the external servers;
and forwarding the request message to a plurality of external connection servers corresponding to the detail routing information through the public network outlet equipment so that the external connection servers respond to the request message.
Optionally, before the step of searching out the detailed routing information corresponding to the target IP address, which is issued by the public network outlet device, according to the target IP address, the method further includes:
Acquiring detailed routing information which is issued outwards by the public network outlet equipment and corresponds to the target IP address;
storing the obtained detailed route information; and the address routes included in the detail route information are respectively sent to the public network outlet equipment by a plurality of external servers corresponding to each public network outlet equipment based on a preset dynamic route protocol.
Optionally, the step of forwarding, by the public network egress device, the request packet to a plurality of the external connection servers corresponding to the detailed routing information, so that the external connection server responds to the request packet further includes:
if the fact that the detail routing information which is issued by the public network outlet equipment outwards is updated is detected, updated detail routing information which is issued by the public network outlet equipment outwards is obtained;
and replacing the stored detailed routing information with the updated detailed routing information, and issuing the received request message based on the updated detailed routing information.
Optionally, the step of forwarding, by the public network egress device, the request packet to a plurality of the external connection servers corresponding to the detailed routing information, so that the external connection servers respond to the request packet includes:
Dividing the flow of the request message equally based on the number of address routes included in the detail route information;
and forwarding the request message after flow equalization through a plurality of public network outlet devices respectively, so that a plurality of externally connected servers corresponding to the detailed routing information respond to the request message forwarded by the public network outlet devices.
In addition, the invention also provides a network access system, which comprises a public network convergence device and a plurality of machine rooms in communication connection with the public network convergence device, wherein each machine room comprises a public network outlet device and an external connection server, and the external connection servers all have the same target IP address;
the public network outlet equipment is used for issuing out detail routing information corresponding to the target IP address, wherein the detail routing information comprises address routes of a plurality of external servers corresponding to the public network outlet equipment;
the public network convergence device is used for receiving a request message aiming at the target IP address and sent by a client, and searching out the detail routing information which is issued outwards by the public network outlet device and corresponds to the target IP address according to the target IP address;
The public network convergence device is further configured to forward the request packet to a plurality of external connection servers corresponding to the detailed routing information through the public network exit device, so that the external connection servers respond to the request packet.
Optionally, the system further comprises a domain name system DNS server communicatively connected to the client;
the DNS server is used for receiving an analysis request for a target domain name sent by a client, and returning the target IP address to the client based on the unique mapping relation between the target domain name and the target IP address, so that the client sends a request message carrying the target IP address to the public network convergence device based on the established communication connection.
Optionally, the external connection server is configured to send, based on a preset dynamic routing protocol, an address route of the external connection server to a public network outlet device corresponding to the external connection server;
the public network convergence device is further configured to obtain detailed routing information corresponding to the target IP address, which is issued by the public network exit device, and store the obtained detailed routing information.
Optionally, the machine room further comprises an access layer network device, an internal convergence layer device and an external connection fireproof wall which are sequentially arranged between the external connection server and the public network outlet device;
The external connection server is further configured to send, based on the preset dynamic routing protocol, an address route of the external connection server to the internal convergence layer device through the access layer network device;
the internal convergence layer device is configured to establish a protocol neighbor with the public network outlet device through the preset dynamic routing protocol, and send the address route based on the established protocol neighbor, so that the address route passes through the external connection fireproof wall to reach the public network outlet device;
the public network outlet device is further configured to issue the received address routes sent by the plurality of external servers to the public network convergence device as the detailed route information.
Optionally, the public network outlet device is further configured to store the detailed routing information, update the stored detailed routing information based on a preset update condition, and issue the updated detailed routing information to the public network convergence device;
the public network convergence device is further configured to replace the stored detailed routing information with the updated detailed routing information if updated detailed routing information issued by the public network exit device is detected, and forward the received request message based on the updated detailed routing information.
Optionally, the internal convergence layer device and the external fireproof wall, and the external fireproof wall and the public network outlet device are all interconnected by adopting a font networking or by adopting a cross networking.
Optionally, the network convergence device includes:
the equipartition module is used for equipartiting the flow of the request message based on the number of address routes included in the detail route information;
and the issuing module is used for forwarding the request message after flow equalization through a plurality of public network outlet devices respectively so that a plurality of external servers corresponding to the detailed routing information respond to the request message forwarded by the public network outlet devices.
Optionally, the network access system includes at least two public network convergence devices, where the two public network convergence devices and the plurality of public network outlet devices adopt a cross networking to perform network interconnection or adopt a mouth-shaped networking to perform network interconnection.
In addition, the invention also provides a network access device, which comprises: the system comprises a memory, a processor and a network access program stored on the memory and capable of running on the processor, wherein the network access program realizes the steps of the network access method when being executed by the processor.
The present invention also proposes a computer storage medium having stored thereon a network access program which, when executed by a processor, implements the steps of the network access method as described above.
In the invention, the IP addresses of the external connection servers in the multiple machine rooms corresponding to the same domain name are the same, the local DNS server does not need to sense whether the external connection servers have faults or not, and only needs to return to the target IP address uniquely corresponding to the target domain name input by a user, when the client accesses the external connection servers in the machine room according to the target IP address, the request message is firstly sent to the public network convergence device, and because the public network convergence device stores the address routes of the external connection servers in the multiple machine rooms corresponding to the target IP address, the public network convergence device sends the request message containing the target IP address to the external connection servers corresponding to the address routes for access, if the external connection servers have faults, the public network exit device does not issue the address routes of the fault external connection servers outwards, namely the public network convergence device guides the client to access the external connection servers only according to the address routes of the external connection servers issued outwards by the public network exit device, thereby realizing automatic rejection of the fault external connection servers, and meeting the requirements of high real-time service.
Drawings
FIG. 1 is a schematic diagram of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart of a first embodiment of a network access method according to the present invention;
FIG. 3 is a flow chart of a second embodiment of the network access method of the present invention;
fig. 4 is a flowchart of a third embodiment of the network access method of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
As shown in fig. 1, fig. 1 is a schematic structural diagram of a hardware running environment according to an embodiment of the present invention.
It should be noted that fig. 1 may be a schematic structural diagram of a hardware operating environment of a network access device. The network access device in the embodiment of the invention can be terminal devices such as a PC, a portable computer and the like.
As shown in fig. 1, the network access device may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Those skilled in the art will appreciate that the network access device structure shown in fig. 1 does not constitute a limitation of the network access device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a network access program may be included in the memory 1005, which is a type of computer storage medium. The operating system is a program for managing and controlling hardware and software resources of the network access device, and supports the running of the network access program and other software or programs.
In the network access device shown in fig. 1, the user interface 1003 is mainly used for data communication with each terminal; the network interface 1004 is mainly used for connecting a background server and carrying out data communication with the background server; and the processor 1001 may be configured to call a network access program stored in the memory 1005 and perform the following operations:
receiving a request message aiming at the target IP address and sent by a client;
according to the target IP address, finding out the detail route information which is issued outwards by the public network outlet equipment and corresponds to the target IP address;
And forwarding the request message to a plurality of external connection servers corresponding to the detail routing information through the public network outlet equipment so that the external connection servers respond to the request message.
Further, before the step of searching out the detailed routing information corresponding to the target IP address issued by the public network egress device according to the target IP address, the processor 1001 may be further configured to call a network access program stored in the memory 1005, and perform the following steps:
acquiring detailed routing information which is issued outwards by the public network outlet equipment and corresponds to the target IP address;
and storing the acquired detailed routing information.
Further, after the step of forwarding the request message to the plurality of external servers corresponding to the detailed routing information through the public network egress device, so that the external servers respond to the request message, the processor 1001 may be further configured to invoke a network access program stored in the memory 1005, and perform the following steps:
if the fact that the detail routing information which is issued by the public network outlet equipment outwards is updated is detected, updated detail routing information which is issued by the public network outlet equipment outwards is obtained;
And replacing the stored detailed routing information with the updated detailed routing information, and issuing the received request message based on the updated detailed routing information.
Further, the step of forwarding the request message to a plurality of the external connection servers corresponding to the detail routing information through the public network outlet device, so that the external connection servers respond to the request message includes:
dividing the flow of the request message equally based on the number of address routes included in the detail route information;
and forwarding the request message after flow equalization through a plurality of public network outlet devices respectively, so that a plurality of externally connected servers corresponding to the detailed routing information respond to the request message forwarded by the public network outlet devices.
Based on the above-described structure, various embodiments of the network access method of the present invention are presented.
Referring to fig. 2, fig. 2 is a flowchart of a first embodiment of a network access method according to the present invention.
Embodiments of the present invention provide embodiments of network access methods, it being noted that although a logical order is depicted in the flowchart, in some cases the steps shown or described may be performed in a different order than what is depicted.
The network access method of the embodiment is applied to public network convergence equipment, the public network convergence equipment is in communication connection with a plurality of machine rooms, the machine rooms comprise public network outlet equipment and external servers, and the plurality of external servers all have the same target IP addresses, and the network access method of the embodiment comprises the following steps:
step S100, receiving a request message aiming at the target IP address, which is sent by a client; and the target IP address is returned to the client by the domain name system DNS server according to the target domain name sent by the client.
In the prior art, when an internet special area is deployed by applying a main server and a standby server and a multi-activity architecture, the internet special area is generally resolved through a local DNS server, and the local DNS server is cached with a one-to-many mapping relation between a domain name and an IP address of a machine room, namely, the IP addresses of a plurality of machine rooms aiming at the same service are different; after the user inputs the domain name, the local DNS server returns an IP address to the user side to guide the user to access the external server in the machine room corresponding to the IP address, however, whether the external server corresponding to the IP address returned to the user side has a fault or not cannot be perceived in time; only after the user fails to access the external connection server according to the returned IP address, the local DNS server communicates with the authoritative server to update the mapping relationship cached by the local DNS server, which has the following problems in the prior art: the local DNS server cannot timely sense the fault of the external connection server, relies on the authoritative server to detect the fault node, has second detection time delay, and cannot meet the high real-time service requirement; the local DNS cache refreshing is not real-time, and the local DNS can cause a fault external connection server to greatly influence the service due to untimely refreshing; the equipment failure caused by each local DNS refreshing relates to a large number of different institutions and areas, and the related processing means are complicated, low-efficiency and can not be rapidly and thoroughly solved.
In this embodiment, the public network convergence device and the public network exit device may be switches, where the public network convergence device is in communication connection with multiple machine rooms, where the machine room includes a public network exit device and an external server, and multiple external servers all have the same target IP address.
Step S200, according to the target IP address, finding out the detail route information which is issued outwards by the public network outlet equipment and corresponds to the target IP address; the detailed routing information comprises address routing of a plurality of the external servers;
specifically, in this embodiment, the external connection server in the machine room and the public network outlet device of the machine room are in the same local area network, and the external connection server sends its own address route to the public network outlet device; as an embodiment, the extranet server may route its address to the public network egress device via a dynamic routing protocol, which may be one or more combinations of IGPs (Interior Gateway Protocol, interior gateway protocols); it can be understood that the plurality of external connection servers in the machine room continuously and simultaneously send the address routes to the public network outlet equipment, the public network outlet equipment outwards issues the received address routes once to form detailed route information once when receiving the address routes simultaneously sent by the plurality of external connection servers, and the public network convergence equipment updates the summary information of the address routes stored once after acquiring the detailed route information and guides the user to access the external connection server according to the updated address route summary.
It can be understood that in the case of a fault of a certain external connection server in this embodiment, the external connection server will not be able to send its own address route to the public network outlet device, and the public network outlet device will cancel the address route of the external connection server, and stop publishing outwards, so that the corresponding external connection server in the detailed route information received by the public network convergence device is a normal working server, thereby implementing rapid convergence of the automatic linkage cancellation server route at the machine room outlet, and implementing automatic rejection of the fault external connection server.
In this embodiment, the request message sent by the client arrives at the public network convergence device, and as an implementation manner, the public network convergence device uses BGP (Border Gateway Protocol ) and public network exit devices of each machine room to establish a protocol neighbor, and also uses BGP and an operator to establish a protocol neighbor. The public network convergence device issues address route summarization to the operator for drainage, and through receiving detailed route information of public network outlet devices of the machine room, customer access traffic drained from the operator is forwarded to the interior of the machine room and finally reaches an external server. In this embodiment, two public network convergence devices and public network outlet devices of each machine room are in cross interconnection, and are in cross or cross-shaped networking mode and are in interconnection with a public network, so that stability of dynamic protocols of inner and outer layers of the machine room is ensured.
Further, the different machine room external servers all adopt the same IP address to provide services for the outside, the public network convergence device forwards the source address and the destination address in the request message, and because the destination address is consistent, the access flow of the end user can be evenly distributed to the different machine rooms according to the source address, so that the flow load balance is realized, when any machine room server fails or public network outlet device fails, the public network convergence device cannot receive the address route of the failure server, and the address route summary of the public network convergence device can realize real-time update, thereby realizing automatic fault point elimination under the fault scene.
And step S300, forwarding the request message to a plurality of external connection servers corresponding to the detail routing information through the public network outlet equipment so that the external connection servers respond to the request message.
The method comprises the steps that a request message sent by a client arrives at a public network convergence device, the public network convergence device stores address routes of the external servers in a plurality of machine rooms corresponding to the target IP address, and the public network convergence device sends the request message to the external server corresponding to the address routes for access.
The public network convergence device is in communication connection with a plurality of machine rooms, each machine room comprises a public network outlet device and an external connection server, the plurality of external connection servers all have the same target IP address, and the public network convergence device firstly receives a request message aiming at the target IP address and sent by a client; the target IP address is returned to the client by the domain name system DNS server according to the target domain name sent by the client; according to the target IP address, finding out the detail route information which is issued outwards by the public network outlet equipment and corresponds to the target IP address; the detailed routing information comprises address routing of a plurality of the external servers; forwarding the request message to a plurality of external connection servers corresponding to the detail routing information through the public network outlet equipment so that the external connection servers respond to the request message; therefore, the IP addresses of the external servers in the multiple machine rooms corresponding to the same domain name are the same, the local DNS server does not need to sense whether the external servers have faults or not, only needs to return to the target IP address uniquely corresponding to the target domain name input by the user, when the client accesses the external servers in the machine room according to the target IP address, a request message is sent to the public network convergence device, the public network convergence device stores address routes of the external servers in the multiple machine rooms corresponding to the target IP address, the public network convergence device sends the request message to the external servers corresponding to the address routes for access, if the external servers have faults, the public network outlet device does not issue the address routes of the fault external servers outwards, namely, the public network convergence device guides the user to access the external servers only according to the acquired address routes of the external servers, automatic rejection of the fault external servers is realized, the public network convergence device does not depend on the address routes of the DNS servers, and the high real-time service requirements are met.
Further, a second embodiment of the network access method of the present invention is presented.
Referring to fig. 3, fig. 3 is a flowchart of a second embodiment of the network access method according to the present invention, based on the first embodiment of the network access method, in this embodiment, step S200, before the step of searching, according to the target IP address, the detailed routing information corresponding to the target IP address, which is issued by the public network egress device, further includes:
step S110, obtaining detail route information which is issued outwards by the public network outlet equipment and corresponds to the target IP address;
step S120, the obtained detailed route information is stored; and the address routes included in the detail route information are respectively sent to the public network outlet equipment by a plurality of external servers corresponding to each public network outlet equipment based on a preset dynamic route protocol.
In this embodiment, specifically, the client is communicatively connected to a domain name system DNS server, and after receiving a domain name input by a user, the client sends a domain name resolution request to the DNS server for resolution, and the local DNS server receives a resolution request for a target domain name sent by the client; in this embodiment, the multiple machine rooms provide the same service to the outside, and the external servers in each machine room have the same IP address, and the local DNS server only records a pair of mapping relationships, that is, the domain name resolution records of the target domain name are unified into the target IP address, and the local DNS server returns the target IP address uniquely corresponding to the target domain name to the client, and the client sends an access request message carrying the target IP address to the public network convergence device.
Further, in this embodiment, the external connection server and the public network exit device in the same machine room are in the same local area network, the external connection server runs a preset dynamic routing protocol in the local area network, the preset dynamic routing protocol can be set by a network manager, the preset dynamic routing protocol can be one or more combinations of IGPs (Interior Gateway Protocol, internal gateway protocols), and the external connection server sends own address route to the public network exit device through the dynamic routing protocol, in this embodiment, the granularity of the address route of the external connection server is 32-bit mask level, and the mode of converging and publishing the machine room network segments in the traditional mode is abandoned, and because the IP address mask supports 32-bit mask publishing, the refined isolation capability is provided for the subsequent individual server cluster or single application fault; after the public network outlet device of each machine room receives the plurality of address routes sent by the plurality of external connection servers in the machine room, the plurality of address routes are used as the detailed route information of the machine room to be issued outwards for drainage, and it can be understood that the external connection servers of each address route guide are external connection servers which have the same target IP address and have no faults in the machine room.
The public network convergence device acquires the detail route information which is issued outwards by the public network exit device and corresponds to the target IP address, and stores the acquired detail route information, and it can be understood that the detail route information of a plurality of machine rooms corresponding to the target IP address is stored in the public network convergence device, namely the detail route information stored in the public network convergence device is the sum of address routes of the external servers of each machine room under the same service. When a certain external connection server fails, the failure server cannot send the address route of the failure server to public network outlet equipment based on a dynamic routing protocol preset in a machine room, the public network outlet equipment withdraws the address route of the failure server from the detailed routing information, and the detailed routing information of the public network convergence equipment is updated based on the detailed routing information issued by the public network outlet equipment, so that the automatic elimination of the failure server is realized.
Further, in this embodiment, step S300 forwards, through the public network egress device, the request packet to a plurality of the external connection servers corresponding to the detailed routing information, so that the step of responding, by the external connection server, the request packet further includes:
Step S310, if the fact that the detail route information which is issued by the public network outlet equipment outwards is updated is detected, updated detail route information which is issued by the public network outlet equipment outwards is obtained;
step S320, replacing the stored detailed routing information with the updated detailed routing information, and issuing the received request message based on the updated detailed routing information.
Specifically, a plurality of external connection servers in a machine room continuously and simultaneously send own address routes to public network outlet equipment of the machine room, the public network outlet equipment outwards issues the received address routes once when receiving the address routes simultaneously sent by the external connection servers once, public network convergence equipment updates summary information of the address routes stored once after acquiring the detailed route information, and guides a user to access the corresponding external connection servers according to the updated address route summary, the external connection servers cannot send own address routes to the public network outlet equipment under the condition of a fault of one external connection server, and the address routes of the external connection servers are withdrawn from the detailed route information of the public network outlet equipment and are stopped to be outwards issued.
Further, the machine room of the embodiment further comprises an access layer network device, an internal convergence layer device and an external connection fireproof wall which are sequentially arranged between the external connection server and the public network outlet device;
the external connection server sends an address route of the external connection server to the internal convergence layer equipment through the access layer network equipment based on the preset dynamic routing protocol; specifically, the external connection server runs a dynamic routing protocol, a dynamic routing protocol neighbor is established in the external connection server and the access layer network equipment, and the external connection server distributes own address routing to the access layer network equipment through the dynamic routing protocol; the access layer network device issues the address route to the internal convergence layer device through a dynamic routing protocol, and in this embodiment, the access layer network device and the internal convergence layer device may be switches.
The internal convergence layer equipment establishes a protocol neighbor with the public network outlet equipment through the preset dynamic routing protocol, and sends the address route based on the established protocol neighbor so that the address route passes through the external connection fireproof wall to reach the public network outlet equipment; the internal convergence layer equipment establishes a protocol neighbor through a dynamic routing protocol and a public network outlet equipment, the protocol neighbor is established on virtual interfaces of the internal convergence layer equipment and the public network outlet equipment, and the virtual interfaces of different equipment switches are configured with the same local area network section address information, so that the internal convergence layer equipment and the public network outlet equipment are ensured to be in the same local area network so that the dynamic routing protocol is smoothly transmitted.
And the public network outlet equipment takes the received address routes sent by the external servers as detailed route information to be issued to the public network convergence equipment.
The external connection fireproof wall is deployed between the internal convergence layer equipment and the public network outlet equipment based on the safety requirement to conduct message protection, and is set to be transparent, so that the external connection fireproof wall allows the dynamic routing protocol to pass through, and therefore two sides of the external connection fireproof wall are guaranteed to be located in the same local area network. In this embodiment, in order to ensure the stability of the dynamic routing protocols of the inner layer and the outer layer, the inner convergence layer device, the outer joint fireproof wall and the public network outlet device are all connected in a mouth shape. In order to enhance the reliability of the links, all the interconnected links adopt a multi-member binding mode, the external fireproof wall links all the binding links, and the switching is performed under the condition that all member ports of any binding link are faulty.
The dynamic routing protocol can be one or a plurality of combinations of IGP, when different dynamic routing protocols are combined, routing process mutual conductance is adopted to realize the transfer of routes, the public network outlet equipment operates the BGP protocol and externally establishes protocol neighbors, the public network outlet equipment gathers the address routes of the external server through the BGP protocol and externally issues and guides the traffic, and the return traffic is guided through step-by-step transfer default routes.
It should be noted that, as an implementation manner, in other embodiments, the cross networking is adopted from the internal convergence layer device to the external connection fireproof wall, and from the external connection fireproof wall to the public network outlet device, and the BGP protocol is operated. Specifically, two internal convergence layer devices and two public network outlet devices are set to enable the same switch virtual interfaces, the same network segment address is configured, BGP protocol neighbors are established between every two switch virtual interfaces, and the networking mode is not limited in the implementation.
If the external connection server fails, the public network outlet equipment does not receive the address route of the failure server, and the address route of the failure server is not sent to the public network convergence equipment, so that the failure server is removed, and the user request flow only reaches the external connection server which is normally operated and corresponds to the address route received by the public network convergence equipment.
According to the method, the device and the system, through the linkage mode of the external connection server in the machine room and the public network outlet equipment, when a certain external connection server in the machine room fails, the local DNS server does not need to perform fault detection, the domain name analysis result is kept unchanged, the release of the address route of the failure server can be canceled through the linkage of the external connection server and the public network outlet equipment, the automatic rejection of the failure external connection server is realized, the problem that a user cannot access the address of the failure server caused by the local DNS domain name cache is avoided, the dependence of service convergence on a domain name analysis system during the access of the failure is eliminated, the fact that the route information for external release is the address route of the available external connection server is ensured, and the high-real-time service requirement is met.
Further, a third embodiment of the network access method of the present invention is presented.
Referring to fig. 4, fig. 4 is a flowchart of a third embodiment of a network access method according to the present invention, based on the second embodiment of the network access method, in this embodiment, step S300, forwarding, by the public network egress device, the request message to a plurality of the external servers corresponding to the detailed routing information, so that the step of responding, by the external servers, the request message includes:
step S301, equally dividing the flow of the request message based on the number of address routes included in the detail route information;
step S302, forwarding the request message after flow equalization through a plurality of public network outlet devices, so that a plurality of external servers corresponding to the detailed routing information respond to the request message forwarded by the public network outlet devices.
In this embodiment, at least two public network convergence devices are provided, access faults caused by faults of the public network convergence devices are avoided, and the two public network convergence devices and a plurality of public network outlet devices are interconnected by adopting a cross networking or a mouth-shaped networking. The public network convergence device distributes summarized detailed route information to the operator for drainage, and the flow is forwarded to the inside of the machine room and finally reaches the server by receiving the detailed route information of the public network outlet device of the machine room. The public network convergence device forwards the flow of the request message through the source address and the destination address of the request message, and the destination addresses carried by the request messages of all the user terminals are consistent aiming at the same target domain name and are all the target IP addresses, so that the access flow can be evenly distributed to all the external servers of different machine rooms according to the source address, and the flow load balance is realized.
In addition, the embodiment of the invention also provides a network access system, which comprises public network convergence equipment and a plurality of machine rooms in communication connection with the public network convergence equipment, wherein each machine room comprises public network outlet equipment and an external connection server, and the plurality of external connection servers have the same target IP addresses;
the public network outlet equipment is used for issuing out detail routing information corresponding to the target IP address, wherein the detail routing information comprises address routes of a plurality of external servers corresponding to the public network outlet equipment;
the public network convergence device is used for receiving a request message aiming at the target IP address and sent by a client, and searching out the detail routing information which is issued outwards by the public network outlet device and corresponds to the target IP address according to the target IP address;
the public network convergence device is further configured to forward the request packet to a plurality of external connection servers corresponding to the detailed routing information through the public network exit device, so that the external connection servers respond to the request packet.
Preferably, the system further comprises a domain name system DNS server communicatively connected to the client;
The DNS server is used for receiving an analysis request for a target domain name sent by a client, and returning the target IP address to the client based on the unique mapping relation between the target domain name and the target IP address, so that the client sends a request message carrying the target IP address to the public network convergence device based on the established communication connection.
Preferably, the external connection server is configured to send an address route of the external connection server to a public network outlet device corresponding to the external connection server based on a preset dynamic routing protocol;
the public network convergence device is further configured to obtain detailed routing information corresponding to the target IP address, which is issued by the public network exit device, and store the obtained detailed routing information.
Preferably, the machine room further comprises an access layer network device, an internal convergence layer device and an external connection fireproof wall which are sequentially arranged between the external connection server and the public network outlet device;
the external connection server is further configured to send, based on the preset dynamic routing protocol, an address route of the external connection server to the internal convergence layer device through the access layer network device;
The internal convergence layer device is configured to establish a protocol neighbor with the public network outlet device through the preset dynamic routing protocol, and send the address route based on the established protocol neighbor, so that the address route passes through the external connection fireproof wall to reach the public network outlet device;
the public network outlet device is further configured to issue the received address routes sent by the plurality of external servers to the public network convergence device as the detailed route information.
Preferably, the public network outlet device is further configured to store the detailed routing information, update the stored detailed routing information based on a preset update condition, and issue the updated detailed routing information to the public network convergence device;
the public network convergence device is further configured to replace the stored detailed routing information with the updated detailed routing information if updated detailed routing information issued by the public network exit device is detected, and forward the received request message based on the updated detailed routing information.
Preferably, the internal convergence layer device and the external joint fireproof wall and the public network outlet device are all interconnected by adopting a square-shaped networking or are all interconnected by adopting a cross-shaped networking.
Preferably, the network convergence device includes:
the equipartition module is used for equipartiting the flow of the request message based on the number of address routes included in the detail route information;
and the issuing module is used for forwarding the request message after flow equalization through a plurality of public network outlet devices respectively so that a plurality of external servers corresponding to the detailed routing information respond to the request message forwarded by the public network outlet devices.
Preferably, the network access system includes at least two public network convergence devices, and the two public network convergence devices and the plurality of public network outlet devices are interconnected by adopting a cross networking or by adopting a font networking.
The steps of the network access method described above are implemented when each module of the network access system provided in this embodiment is running, and are not described herein.
In addition, the embodiment of the invention also provides a computer readable storage medium, wherein the storage medium stores a network access program, and the network access program realizes the steps of the network access method when being executed by a processor.
The method implemented when the network access program running on the processor is executed may refer to various embodiments of the network access method of the present invention, which are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (14)

1. The network access method is characterized by being applied to public network convergence equipment, wherein the public network convergence equipment is in communication connection with a plurality of machine rooms, each of the plurality of machine rooms comprises public network outlet equipment and at least one external connection server, and target IP addresses of the external connection servers in the plurality of machine rooms corresponding to the same domain name are the same, and comprises the following steps:
receiving a request message aiming at the target IP address and sent by a client; the target IP address is returned to the client by the domain name system DNS server according to the target domain name sent by the client;
according to the target IP address, finding out the detail route information which is issued outwards by the public network outlet equipment and corresponds to the target IP address; the detailed routing information comprises address routing of a plurality of the external servers;
And forwarding the request message to a plurality of external connection servers corresponding to the detail routing information through the public network outlet equipment so that the external connection servers respond to the request message.
2. The network access method according to claim 1, wherein the step of finding out the detailed routing information corresponding to the target IP address, which is issued by the public network egress device, further includes, before the step of finding out the detailed routing information corresponding to the target IP address:
acquiring detailed routing information which is issued outwards by the public network outlet equipment and corresponds to the target IP address;
storing the obtained detailed route information; and the address routes included in the detail route information are respectively sent to the public network outlet equipment by a plurality of external servers corresponding to each public network outlet equipment based on a preset dynamic route protocol.
3. The network access method according to claim 2, wherein the step of forwarding the request message to a plurality of the external connection servers corresponding to the detailed routing information through the public network outlet device, so that the external connection servers respond to the request message, further comprises:
If the fact that the detail routing information which is issued by the public network outlet equipment outwards is updated is detected, updated detail routing information which is issued by the public network outlet equipment outwards is obtained;
and replacing the stored detailed routing information with the updated detailed routing information, and issuing the received request message based on the updated detailed routing information.
4. A network access method according to any one of claims 1 to 3, wherein the step of forwarding the request message to a plurality of the external connection servers corresponding to the detailed routing information through the public network outlet device, so that the external connection servers respond to the request message includes:
dividing the flow of the request message equally based on the number of address routes included in the detail route information;
and forwarding the request message after flow equalization through a plurality of public network outlet devices respectively, so that a plurality of externally connected servers corresponding to the detailed routing information respond to the request message forwarded by the public network outlet devices.
5. The network access system is characterized by comprising public network convergence equipment and a plurality of machine rooms in communication connection with the public network convergence equipment, wherein each of the plurality of machine rooms comprises public network outlet equipment and at least one external connection server, and the target IP addresses of the external connection servers in the plurality of machine rooms corresponding to the same domain name are the same;
The public network outlet equipment is used for issuing out detail routing information corresponding to the target IP address, wherein the detail routing information comprises address routes of a plurality of external servers corresponding to the public network outlet equipment;
the public network convergence device is used for receiving a request message aiming at the target IP address and sent by a client, and searching out the detail routing information which is issued outwards by the public network outlet device and corresponds to the target IP address according to the target IP address;
the public network convergence device is further configured to forward the request packet to a plurality of external connection servers corresponding to the detailed routing information through the public network exit device, so that the external connection servers respond to the request packet.
6. The network access system of claim 5, wherein the system further comprises a domain name system DNS server communicatively coupled to the client;
the DNS server is used for receiving an analysis request for a target domain name sent by a client, and returning the target IP address to the client based on the unique mapping relation between the target domain name and the target IP address, so that the client sends a request message carrying the target IP address to the public network convergence device based on the established communication connection.
7. The network access system of claim 5, wherein the foreign server is configured to send an address route of the foreign server to a public network egress device corresponding to the foreign server based on a preset dynamic routing protocol;
the public network convergence device is further configured to obtain detailed routing information corresponding to the target IP address, which is issued by the public network exit device, and store the obtained detailed routing information.
8. The network access system of claim 7, wherein the machine room further comprises an access layer network device, an internal convergence layer device, and an external fireproof wall sequentially disposed between the external server and the public network outlet device;
the external connection server is further configured to send, based on the preset dynamic routing protocol, an address route of the external connection server to the internal convergence layer device through the access layer network device;
the internal convergence layer device is configured to establish a protocol neighbor with the public network outlet device through the preset dynamic routing protocol, and send the address route based on the established protocol neighbor, so that the address route passes through the external connection fireproof wall to reach the public network outlet device;
The public network outlet device is further configured to issue the received address routes sent by the plurality of external servers to the public network convergence device as the detailed route information.
9. The network access system of claim 8, wherein the public network outlet device is further configured to store the detailed routing information, update the stored detailed routing information based on a preset update condition, and issue the updated detailed routing information to the public network convergence device;
the public network convergence device is further configured to replace the stored detailed routing information with the updated detailed routing information if updated detailed routing information issued by the public network exit device is detected, and forward the received request message based on the updated detailed routing information.
10. The network access system of claim 8, wherein the internal convergence layer device and the external fire-resistant wall, and the external fire-resistant wall and the public network outlet device are all interconnected by a mouth-shaped networking or by a cross-shaped networking.
11. The network access system of any of claims 5-10, wherein the network convergence device comprises:
the equipartition module is used for equipartiting the flow of the request message based on the number of address routes included in the detail route information;
and the issuing module is used for forwarding the request message after flow equalization through a plurality of public network outlet devices respectively so that a plurality of external servers corresponding to the detailed routing information respond to the request message forwarded by the public network outlet devices.
12. The network access system of any of claims 5-10, wherein the network access system comprises at least two public network convergence devices, the two public network convergence devices and a plurality of the public network exit devices being interconnected by a cross-networking or by a orograph networking.
13. A network access device, the device comprising: memory, a processor and a network access program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the network access method according to any one of claims 1 to 4.
14. A computer storage medium, characterized in that the computer readable storage medium has stored thereon a network access program which, when executed by a processor, implements the steps of the network access method according to any of claims 1 to 4.
CN201910202675.7A 2019-03-15 2019-03-15 Network access method, system, device and computer readable storage medium Active CN109729190B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910202675.7A CN109729190B (en) 2019-03-15 2019-03-15 Network access method, system, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910202675.7A CN109729190B (en) 2019-03-15 2019-03-15 Network access method, system, device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109729190A CN109729190A (en) 2019-05-07
CN109729190B true CN109729190B (en) 2024-02-09

Family

ID=66302778

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910202675.7A Active CN109729190B (en) 2019-03-15 2019-03-15 Network access method, system, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109729190B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493252A (en) * 2019-08-30 2019-11-22 深圳前海微众银行股份有限公司 Overseas small routine cut-in method, device, equipment and medium
CN110830606A (en) * 2019-10-31 2020-02-21 瑞斯康达科技发展股份有限公司 Method and device for solving abnormal DNS cache and computer readable storage medium
CN113315848B (en) * 2020-02-27 2023-04-21 阿里巴巴集团控股有限公司 Access control method, device and equipment
CN113824633B (en) * 2020-06-19 2022-12-13 华为技术有限公司 Method for releasing route in campus network and network equipment
CN115225652A (en) * 2021-03-30 2022-10-21 中移(苏州)软件技术有限公司 Method and system for determining edge service platform, electronic equipment and storage medium
CN115150312B (en) * 2021-03-31 2024-05-17 华为技术有限公司 Routing method and device
CN114095415B (en) * 2021-11-26 2024-05-07 山石网科通信技术股份有限公司 Route determination method, device, gateway equipment and storage medium
CN114301837A (en) * 2021-12-16 2022-04-08 山石网科通信技术股份有限公司 Routing data processing method and device
CN115277864B (en) * 2022-07-27 2024-01-26 海通证券股份有限公司 Route determining method and device, computer readable storage medium and terminal

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1128613A2 (en) * 2000-01-18 2001-08-29 Lucent Technologies Inc. Method and apparatus for load balancing of network services
WO2011009326A1 (en) * 2009-07-22 2011-01-27 中兴通讯股份有限公司 Method, device and broadband access server for service control
CN102170380A (en) * 2010-02-25 2011-08-31 杭州华三通信技术有限公司 Method and device for accessing outer network from inner network
CN102710527A (en) * 2012-06-21 2012-10-03 浙江宇视科技有限公司 Switch and management server supporting flexible expansion of services
CN103825826A (en) * 2014-02-28 2014-05-28 杭州华三通信技术有限公司 Method and device for implementing dynamic routing
CN106850876A (en) * 2017-02-28 2017-06-13 浙江宇视科技有限公司 Network equipment access method and device based on identical ip addresses
CN108737584A (en) * 2017-04-19 2018-11-02 中国移动通信集团山西有限公司 The access method of container service, the analytic method of network address, device and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7769886B2 (en) * 2005-02-25 2010-08-03 Cisco Technology, Inc. Application based active-active data center network using route health injection and IGP

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1128613A2 (en) * 2000-01-18 2001-08-29 Lucent Technologies Inc. Method and apparatus for load balancing of network services
WO2011009326A1 (en) * 2009-07-22 2011-01-27 中兴通讯股份有限公司 Method, device and broadband access server for service control
CN102170380A (en) * 2010-02-25 2011-08-31 杭州华三通信技术有限公司 Method and device for accessing outer network from inner network
CN102710527A (en) * 2012-06-21 2012-10-03 浙江宇视科技有限公司 Switch and management server supporting flexible expansion of services
CN103825826A (en) * 2014-02-28 2014-05-28 杭州华三通信技术有限公司 Method and device for implementing dynamic routing
CN106850876A (en) * 2017-02-28 2017-06-13 浙江宇视科技有限公司 Network equipment access method and device based on identical ip addresses
CN108737584A (en) * 2017-04-19 2018-11-02 中国移动通信集团山西有限公司 The access method of container service, the analytic method of network address, device and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Self-Organizing Load Balancing for Network Measurement Server Cluster;Xiaoliang Li;等;《 2011 7th International Conference on Wireless Communications, Networking and Mobile Computing》;全文 *
基于DDNS和NAT的服务器内外网动态映射;鄢萍;易润忠;童亮;;计算机工程(20);全文 *
多出口校园网环境下内外网双向访问DNS链路负载均衡问题分析;刘志勇;;信息与电脑(理论版)(17);全文 *

Also Published As

Publication number Publication date
CN109729190A (en) 2019-05-07

Similar Documents

Publication Publication Date Title
CN109729190B (en) Network access method, system, device and computer readable storage medium
US10516590B2 (en) External health checking of virtual private cloud network environments
US10911398B2 (en) Packet generation method based on server cluster and load balancer
US9674139B2 (en) Detection of a misconfigured duplicate IP address in a distributed data center network fabric
CN109451084A (en) A kind of service access method and device
US20140019621A1 (en) Hierarchical system for managing a plurality of virtual machines, method and computer program
JP6389956B2 (en) Method and system for managing network traffic
JP2006262193A (en) Controller, packet transferring method, and packet processor
CN111698346B (en) Private network address conversion method and device, private network gateway and storage medium
CN111182022B (en) Data transmission method and device, storage medium and electronic device
CN112217843A (en) Service unit switching method, system and equipment
CN104539902A (en) IPC remote access method and system
US11929976B2 (en) Virtual network routing gateway that supports address translation for dataplane as well as dynamic routing protocols (control plane)
JP5157685B2 (en) COMMUNICATION SYSTEM, NETWORK DEVICE, COMMUNICATION RECOVERY METHOD USED FOR THEM, AND PROGRAM THEREOF
JP5580766B2 (en) Server apparatus, packet transmission system, packet transmission method and program
KR101335437B1 (en) Communication method of terminals based on the reuse of network address translation port map
CN114301913B (en) Request processing method and system
CN115225634B (en) Data forwarding method, device and computer program product under virtual network
US11539615B2 (en) Disaggregated border gateway protocol (BGP)
CN116095000B (en) Route issuing method, device, equipment and readable storage medium
JP7230593B2 (en) Relay device and program
KR100678741B1 (en) Method of providing switch data output using mac address table and address resolution protocol table
CN115918047A (en) High availability network address translation
CN116781625A (en) Load balancing method, device, equipment and computer readable storage medium
CN117579352A (en) Service access method, system, electronic equipment and storage medium of business node

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant