CN112866091A - Instant communication system and communication method - Google Patents

Instant communication system and communication method Download PDF

Info

Publication number
CN112866091A
CN112866091A CN202110080305.8A CN202110080305A CN112866091A CN 112866091 A CN112866091 A CN 112866091A CN 202110080305 A CN202110080305 A CN 202110080305A CN 112866091 A CN112866091 A CN 112866091A
Authority
CN
China
Prior art keywords
user
instant communication
server group
linked
instant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110080305.8A
Other languages
Chinese (zh)
Other versions
CN112866091B (en
Inventor
黄玉阔
高志亮
周宾
聂元正
贺文斌
张�诚
徐松松
宋颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Instant Match Shanghai Network Technology Co ltd
Original Assignee
Instant Match Shanghai Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Instant Match Shanghai Network Technology Co ltd filed Critical Instant Match Shanghai Network Technology Co ltd
Priority to CN202110080305.8A priority Critical patent/CN112866091B/en
Publication of CN112866091A publication Critical patent/CN112866091A/en
Application granted granted Critical
Publication of CN112866091B publication Critical patent/CN112866091B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An instant communication system and communication method, including user end, access point server, instant communication server group, the instant communication server group is a plurality of independent server groups of the distributed network architecture, in the instant communication system, user end and instant communication server group adopt TCP transport layer protocol communication to transmit XMPP/JINGLE application layer protocol data after STL/SASL verification, after callback authentication between instant communication server groups, establish end-to-end direct connection channel; after the channel is established, the user sides adopt UDP-RTP and UDP-RTCP protocols to carry out real-time streaming media data communication, the system is based on a distributed network, the instant communication server group of each node adopts a spring group micro-service architecture, the problems of large load bearing user quantity and high concurrency of the server are well solved, the safety is high, the occupied bandwidth is small during real-time streaming media communication, and the time delay is low.

Description

Instant communication system and communication method
Technical Field
The present invention relates to the field of instant messaging, and in particular, to an instant messaging system and a communication method.
Background
Instant Messaging (IM) refers to a service capable of instantly sending and receiving internet messages and the like. After the user registers, the user can log in the instant messaging software on the user side through the login information during registration, and the user side can carry out instant messaging and information interaction through the instant messaging system. The current instant messaging technology generally has the following problems:
1. a central server is adopted for management, and the server bears a large amount of users and high concurrency;
2. the data storage capacity of the central server is large, and the reading and writing pressure of the server is large;
3. the safety and the privacy of communication contents between the user sides are lower;
4. when transferring real-time streaming media data, there is a certain delay and the bandwidth occupation is large.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide an instant messaging system and a communication method, which can better solve the above technical problems, ensure the long-term stable operation of the whole instant messaging system architecture, and easily flexibly expand the capacity according to the increase of the user amount.
The invention is realized by the following technical scheme:
an instant messaging system, comprising:
the user side comprises different user terminals with the same registration name node;
the access point server distributes an accessible instant messaging server to the user terminal which newly applies for registration according to the registration request of the user terminal;
the instant communication server group links and identifies the user end according to the access request of the user end, and completes the end-to-end safe connection between the initiator user end and the receiver user end according to the instant communication request of the initiator user end linked with the user end;
the instant communication server group is a plurality of independent server groups of a distributed network architecture, each instant communication server group respectively bears and manages a plurality of user terminals, and a single instant communication server group adopts a spring group micro-service architecture and respectively comprises a gateway and the following parts hidden behind the gateway:
a service management unit including an Eureka server which provides a registration service for the service providing unit and the service calling unit, issues a list of various services in the service providing unit, and automatically detects a state thereof;
the service providing part comprises a plurality of processes independent services constructed around the instant messaging service, service data are divided into different data tables by adopting a horizontal database-dividing table-dividing structure, a common data table is stored in a redis cluster data buffer area, and an abnormal data table is stored in a mysql cluster data storage library with separated reading and writing and master-slave synchronization;
a service calling part for searching and calling various services provided by the service providing part and distributed in the service management part;
in the instant communication system, after STL/SASL verification between a user side and an instant communication server group and callback authentication between the instant communication server groups, XMPP/JINGLE application layer protocol data is transmitted by adopting TCP (transmission control protocol) transmission layer protocol communication, and an end-to-end direct connection safety channel is established; after the channel is established, the user terminals adopt UDP-RTP and UDP-RTCP protocols to carry out real-time streaming media data communication;
the instant communication system implements the following registration operations:
the access point server distributes an instant messaging server group with a unique domain name to the user side according to the registration request of the user side applying for registration;
the user applying for registration requests to link the instant communication server group according to the returned domain name;
the instant communication server group completes the link with the user terminal according to the access request of the user terminal applying for registration, and assigns an identification name to the user terminal, wherein the identification name comprises the domain name domain of the instant communication server group and the label resource of different user terminals with the same registration name;
the instant messaging system implements the following instant messaging end-to-end direct connection operations:
a TCP secure communication channel based on STL/SASL verification is established between an initiator user side and an instant messaging server group linked with the initiator user side;
the instant communication server group linked by the initiator user side judges whether the receiver user side is also linked under the instant communication server group according to the identification name of the receiver user side:
if yes, the instant communication server group directly acquires an external network IP address of a user end or penetrates an internal network, acquires a candidate network address of the user end and returns the candidate network address to the user end, the user ends of the two parties transmit the external network IP address or the candidate network address of the user end to the other party through the instant communication server group which is linked together, then end-to-end connectivity detection is carried out until the connection is achieved, and end-to-end UDP-RTP and UDP-RTCP instant communication is started;
if not, a TCP secure communication channel is established between two instant communication server groups respectively linked by the two user ends through callback authentication, a TCP secure communication channel based on STL/SASL is established between the receiver user end and the instant communication server group linked with the receiver user end, then the two instant communication server groups respectively acquire an external network IP address of the linked user end or acquire a candidate network address of the linked user end through an internal network and return to the user end, the two user ends transmit the candidate network address or IP address of the linked user end to the other user end through the instant communication server groups respectively linked with the two user ends, then end-to-end connectivity detection is carried out until the two user ends are communicated, and end-to-end UDP-RTP and UDP-RTCP instant communication is started.
Firstly, the system architecture is based on a distributed network, the whole instant communication system is divided into different areas, each area is provided with an instant communication server group, user data in different areas are distributed, managed and maintained by the instant communication server group responsible for managing the area, the whole system is formed by interconnecting servers (or server groups) distributed in different places, a central node with excessively concentrated bearing capacity does not exist in the network, and the problems of large bearing user quantity and high concurrency of the central network architecture are better solved; moreover, the instant messaging server group of each node adopts a spring closed micro-service architecture, each service module is divided into a plurality of micro-services, each micro-service operates in the process of the service module, communication cooperation is carried out among the services, each service maintains the data storage of the service module, and the condition that the instant messaging server group corresponding to a certain area in the distributed architecture has large load-bearing user quantity and high concurrency is avoided; in addition, the distributed network also has good capacity expansion capability, and when the system architecture can not bear the user quantity which is increased rapidly, one or more instant permission servers with unique domain names can be added into the system to solve the problem.
Secondly, the system architecture is based on a distributed network, database read-write separation and database-based and table-based architecture, and the system architecture can well solve the problem of data storage of the instant communication system. Because the system adopts a distributed area architecture, each area corresponds to an instant messaging server group, and the user data of the whole system is naturally dispersed to different instant messaging server groups along with the distributed area architecture. And each instant communication server group has a redis cluster data buffer and a mysql cluster data storage bank, different service data of a user are split by adopting a horizontal sub-bank and sub-table structure, common service data is stored in the former, high-speed and frequent reading of the data is facilitated, the non-common service data is stored in the latter, and reading, writing, separation and master-slave synchronization are performed, so that the conditions of high user quantity and high concurrency of the system can be better met.
Then, the end-to-end direct communication connection of the system is established based on STL/SASL verification between the user end and the instant communication server group linked with the user end and callback authentication between different instant communication server groups, so that the problems of safety and privacy of the instant communication system can be well solved. The callback authentication mechanism is used for avoiding the situation that two instant messaging server groups use server cheating to forge information of a party in the communication process. Through callback authentication, an instant messaging server group can confirm that the instant messaging server group communicated with the instant messaging server group is legally authorized.
Finally, the system architecture realizes an end-to-end streaming media real-time communication architecture based on a JINGLE protocol, and can well solve the problems of insecurity caused by using services provided by a third-party real-time streaming media service provider by other instant communication tools, or delay and bandwidth occupation of real-time data packets caused by transferring real-time streaming media data through an intermediate server.
Furthermore, the redis cluster data buffer comprises a twempxy proxy server and a plurality of independent redis caches managed by the same, a redis cluster architecture is adopted, the twempxy is used as the proxy server of the redis cluster architecture, and the space of data buffer can be flexibly expanded along with the service requirement.
Still further, the mysql clustered data storage library comprises a mycat read-write separation proxy server, the function of mycat read-write separation can obviously reduce the pressure of the database at high concurrency, a main mysql database directly managed by the mycat read-write separation proxy server, and a plurality of slave mysql databases managed by a HAProxy proxy server, wherein the HAProxy proxy server is used for balancing the load among the plurality of slave mysql databases; the master mysql database is a writing database, the slave mysql database is a reading database, and data synchronization is carried out between the master mysql database and the redis cache. The master mysql database is responsible for data writing operation, the slave mysql database is responsible for data reading operation, and the HAProxy proxy server ensures load balancing among the multiple slave mysql databases managed by the master mysql database, thereby remarkably providing database reading speed at high concurrency. When data are written into the master mysql database, new data are synchronized into the slave mysql database by adopting a replication data synchronization technology, and data consistency is guaranteed.
Further, the authentication server of the callback authentication is an independent server group or server in the instant messaging system, or an instant messaging server group itself linked with the user side of the initiator. The authentication server can provide a verification query to the originating server.
A registration method of an instant communication system comprises the following steps:
s1, the access point server distributes an instant communication server group with a unique domain name to the user end applying for registration according to the registration request of the user end;
s2, the instant communication server group completes the link with the user end according to the access request of the user end applying for registration, and assigns an identification name to the user end, the identification name contains the domain name domain of the instant communication server group, and the label resource of different user ends with the same registration name.
For example, the instant messaging server group uses the node @ domain/resource form identifier for the accessed client, where: the node represents a user registration name, the resource represents different user terminals of the same registration name, and the domain represents a unique domain name of the instant messaging server group.
An end-to-end direct communication method of an instant messaging system, comprising:
s1, the instant communication server group linked with the initiator user side obtains the identification name of the receiver user side according to the received instant communication request of the initiator user side and the receiver user side;
s2, establishing TCP safety communication channel based on STL/SASL verification between the communication initiator user terminal and the instant communication server group linked with the communication initiator user terminal;
s3, the instant messaging server group linked by the initiator user determines whether the receiver user is also linked under the instant messaging server group according to the identifier of the receiver user:
if so, proceed to S4;
if not, the process proceeds to S8;
s4, the group of the instant messaging server linked by the two clients together judges whether the two clients are both under the external network:
if so, proceed to S5;
if not, the process proceeds to S6;
s5, the instant communication server group linked by the two user terminals obtains the external network IP addresses of the two users and transmits the addresses to the other user terminal, and the process goes to S14;
s6, the instant communication server group penetrates the intranet to obtain the candidate network address of the user end under the intranet linked with the intranet and return the candidate network address to the user end;
s7, the user end transmits the candidate network address or outer IP address to the other end through the instant communication server group linked together, and then the process goes to S14;
s8, the instant communication server groups linked by the two user terminals establish a TCP secure communication channel between the instant communication server groups through callback authentication;
s9, a TCP secure communication channel based on STL/SASL verification is established between the receiver user side and the instant communication server group linked with the receiver user side;
s10, the instant communication server group linked with both user terminals respectively judges whether the user terminal linked with the both user terminals is under the external network:
if both the user terminals are under the external network, the process goes to S11;
if not, the process proceeds to S12;
s11, the instant communication server groups of both parties receive the external network IP address of the user end linked with the user end and transmit the external network IP address to the other party through the instant communication server group linked with the other party, and the process goes to S14;
s12, the instant communication server group penetrates the intranet to obtain the user terminal candidate network address linked with the intranet and return the network address to the user terminal;
s13, the client of both parties transmits the candidate network address or IP address of the client to the other party through the instant communication server group linked with the client of both parties;
s14, the user ends of the two parties start to carry out connectivity detection between end to end until the two parties are communicated;
s15, starting instant communication with end-to-end direct communication between two user ends;
and S16, the instant communication is finished, and the end-to-end direct connection is disconnected between the two user sides.
Further, in S2 or S9, a TCP secure communication channel based on STL/SASL authentication is established between the communication initiator user side and the instant communication server group linked thereto, or between the receiving user side and the instant communication server group linked thereto, according to the following steps:
the client and the instant communication server group linked with the client carry out SSL/TLS security channel negotiation;
after the secure channel is negotiated, the user side and the instant messaging server group linked with the user side perform SASL simple authentication;
after the SASL authentication is passed, a secure transmission channel between the SASL authentication and the SASL is established, and XMPP/JINGLE protocol data starts to be transmitted.
The SSL/TLS network security protocol is realized by using OPENSL with default operating system, SASL simple authentication adopts a basic PLAIN mechanism, and the user terminal transmits a user registration name and a hash value to the instant messaging server group, wherein the hash value is the hash value after the password is processed by SHA 1. Therefore, the security of group data transmission of the instant messaging client and the instant messaging server is ensured.
Further, in S8, the instant messaging server group linked between the two user terminals performs callback authentication according to the following steps:
establishing a safe link channel between the instant communication server group linked by the initiator user side and the instant communication server group linked by the receiver user side;
the instant communication server group linked by the receiver user end returns an authentication session ID to the instant communication server group linked by the initiator user end;
the instant communication server group linked with the initiator user side sends an authentication session ID and an authentication key to the instant communication server group linked with the receiver user side;
the instant communication server group and the authentication server linked by the receiver user side establish a safe link channel;
the authentication server transmits a verification session ID back to the instant communication server group linked with the receiver user side;
the instant communication server group linked with the receiver user side sends a verification session ID and an authentication key to the authentication server;
the authentication server returns a verification result of the instant messaging server group linked to the receiver user side;
and the instant communication server group linked with the receiver user side returns the verification result to the instant communication server group linked with the initiator user side.
The invention has the beneficial effects that:
1. the system architecture is based on a distributed network, and the instant messaging server group of each node adopts a spring closed micro-service architecture, so that the problems of large load bearing user quantity and high concurrency of the server are solved.
2. The system architecture is based on a distributed network, database read-write separation and database-based and table-based architecture, and can well solve the problem of mass data storage faced by an instant communication system.
3. The end-to-end direct communication connection of the system is established based on re-authentication between the user side and the instant communication server groups linked with the user side and between different instant communication server groups linked with the user sides of the user sides, so that the problems of safety and privacy of the instant communication system can be well solved.
4. The system architecture realizes an end-to-end streaming media real-time communication architecture based on a JINGLE protocol, and can well solve the problems of insecurity caused by using services provided by a third-party real-time streaming media service provider by other instant communication tools or delay and bandwidth occupation of real-time data packets caused by transferring real-time streaming media data through an intermediate server.
Drawings
FIG. 1 is a macro-architecture diagram of an instant messaging system
FIG. 2 is a flow chart illustrating a registration procedure of the instant messaging system
FIG. 3 is a schematic diagram of a micro-service architecture of an instant messaging server group
FIG. 4 is a schematic diagram of a data read/write storage architecture of a service provider
FIG. 5 is a communication protocol level diagram of the instant messaging system
FIG. 6 is a schematic diagram of an end-to-end direct communication secure channel connection establishment procedure of the instant messaging system
FIG. 7 is a communication timing diagram of STL/SASL authentication between a client and an instant messaging server group
FIG. 8 is a communication timing diagram of callback authentication between groups of instant messaging servers
FIG. 9 is a schematic diagram of system architecture for P2P end-to-end real-time streaming media transmission based on JINGLE protocol
FIG. 10 is a communication timing diagram illustrating establishment of an end-to-end direct communication channel when both clients are in an intranet
Detailed Description
The invention will be further explained with reference to the drawings.
The instant messaging system shown in fig. 1 includes a client, an ap server and an instant messaging server group. Each instant communication server group bears and manages a plurality of instant communication clients linked to the group. For example, the ue 1-1 to the ue 1-n are linked to the instant messaging server group 1, the ue 2-1 to the ue 2-m are linked to the instant messaging server group 1, and so on. The distributed network architecture has good capacity expansion capability, can better solve the problems of large load bearing user quantity and high concurrency frequently faced by the current instant communication system, and can solve the problem by adding one or more instant communication server groups with unique domain names into the architecture when the system architecture can not bear excessive user quantity.
In fig. 1, when a user side 1-1 registers, a registration request with a node name is first sent to an access point server through an HTTP service; then, the access point server distributes an instant messaging server group 1 with a unique domain name domain1 to the user end applying for registration according to the registration request; then, the user terminal 1-1 applying for registration requests to link the instant messaging server group 1 according to the returned domain name 1; finally, the instant communication server group 1 completes the link with the user end according to the access request of the user end 1-1, and allocates an identification name to the user end: node @ domain1/resource, wherein: the node represents the user registration name, resource represents different user terminals of the same registration name, and domain1 is the unique domain name of the instant messaging server group, and the process is shown in fig. 2.
Before communication, friends need to be added among users. After the addition is completed, the two sides of the user end acquire the identification name of the other side. When a user end linked to different instant messaging server groups communicates, before establishing an end-to-end direct communication connection, the user end 1-1 needs to transmit data to the instant messaging server group 1 through the transfer of the instant messaging server group linked by the user end, for example, when the user end 1-1 in fig. 1 needs to initiate a communication request to the user end 2-1, the user end 1-1 must first transmit the data to the instant messaging server group 1, then the instant messaging server group 1 queries a DNS domain name system according to domain information in a receiver user end identification name carried by the data, an external network IP address of the instant messaging server group 2 corresponding to the domain name of the DNS domain name system is returned to the instant messaging server group 1, then the instant messaging server group 1 transmits the data to the instant messaging server group 2 through a TCP transport layer protocol, and the instant messaging server group 2 transmits the data to the user end 2-1, therefore, communication between the user terminals before end-to-end direct communication is realized.
An example of a microservice architecture for a group of instant messaging servers is shown in fig. 3. The single instant communication server group adopts a spring group micro-service architecture and respectively comprises a gateway, a service management part hidden behind the gateway, a service providing part and a service calling part. The service manager of the micro service is an Eureka server, the service providing unit and the service calling unit exist as clients of Eureka, services 1 to n of the service providing unit are registered in an Eureka container, and Eureka maintains a list of these services and automatically detects their states. The service calling part is used for discovering and calling services, and service callers can search and call services issued to the Eureka server. The HAproxy gateway hides all the services of the cluster behind the gateway, so that the cluster does not need to expose too many services, and meanwhile, the security of the cluster is improved. The gateway acts as the gate of the cluster and can select a HAProxy gateway that is very friendly to TCP support.
Conventional services provided by the instant messaging server group to the outside, such as a client-server communication component, a session management component, a central routing component, a domain name resolution component, a server-server communication component, and the like, are all services provided by the service provider. The SERVER-SERVER communication component is used for communication among instant messaging SERVER groups in different areas in the whole distributed network, the client-SERVER communication component is used for TCP-linked communication service between a client and the instant messaging SERVER group linked with the client, and NETTY can be adopted as a communication framework of TCP-SERVER. The spring group server architecture can better solve the problems of large load bearing user quantity and high concurrency of an instant messaging server group corresponding to one area in the whole distributed architecture.
As shown in the data read-write storage architecture of fig. 4, the service provider of each instant messaging server group has an independent redis clustered data buffer and mysql clustered data storage. The redis cluster data buffer area comprises a TwyProxy proxy server and a plurality of independent redis caches managed by the proxy server, and can flexibly expand the space of data buffer according to the service requirement; the mysql clustered data storage library comprises a mycat read-write separation proxy server, a master mysql database directly managed by the mysql clustered data storage library and a plurality of slave mysql databases managed by a HAproxy server, wherein the read-write separation proxy server can obviously reduce the pressure of the databases at high concurrency; the master mysql database is a writing database and is responsible for writing data, the slave mysql database is a reading database and is responsible for reading data, the HAproxy server is used for balancing loads among the plurality of slave mysql databases, accordingly, the database reading speed during high concurrency is obviously increased, data synchronization between the master mysql database and the redis cache is achieved, and when data are written into the master mysql database, new data are synchronized into the slave mysql database by adopting a replication data synchronization technology, and data consistency is guaranteed.
In addition to using the data cache region cluster and the data storage library cluster, the data storage also adopts a horizontal sub-library and sub-table structure to provide user bearing capacity and data storage capacity. After different service data of a user are divided into a plurality of data tables, the divided data tables are stored in different database redis cluster data buffers or mysql cluster data storage banks according to the popularity of the data tables, so that the problems of high user quantity and high concurrency can be better solved.
In order to solve the problem of final consistency of distributed transactions such as a horizontal database and table partitioning method and a micro-service architecture, a message middleware ROCKETMQ can be used. For business operations that require multiple services to complete successfully, for example, what do the consumption fails? Consumption failure is divided into two cases, namely overtime and true consumption failure. The timeout condition can be retried, and if true consumption fails, a compensation mechanism of manual account checking and T +1 account checking is generally adopted.
As shown in fig. 6, when the initiator ue requests to directly communicate with the receiver ue, the end-to-end direct communication secure channel connection of the instant messaging system can be established according to the steps shown in the figure: a TCP secure communication channel based on STL/SASL verification is established between an initiator user side and an instant messaging server group linked with the initiator user side; the instant communication server group linked by the initiator user side judges whether the receiver user side is also linked under the instant communication server group according to the identification name of the receiver user side:
if yes, the instant communication server group directly acquires an external network IP address of a user end or penetrates an internal network, acquires a candidate network address of the user end and returns the candidate network address to the user end, the user ends of the two parties transmit the external network IP address or the candidate network address of the user end to the other party through the instant communication server group which is linked together, then end-to-end connectivity detection is carried out until the connection is achieved, and end-to-end UDP-RTP and UDP-RTCP instant communication is started;
if not, a TCP secure communication channel is established between two instant communication server groups respectively linked by the two user ends through callback authentication, a TCP secure communication channel based on STL/SASL is established between the receiver user end and the instant communication server group linked with the receiver user end, then the two instant communication server groups respectively acquire an external network IP address of the linked user end or acquire a candidate network address of the linked user end through an internal network and return to the user end, the two user ends transmit the candidate network address or IP address of the linked user end to the other user end through the instant communication server groups respectively linked with the two user ends, then end-to-end connectivity detection is carried out until the two user ends are communicated, and end-to-end UDP-RTP and UDP-RTCP instant communication is started.
As shown in fig. 5, the communication protocol hierarchy of the instant messaging system is a TCP transport layer, a transport layer security protocol SSL/TLS is provided on the TCP transport layer, a simple authentication and security layer protocol SASL is provided on the TCP transport layer, and an extensible protocol JINGLE for extensible messaging and presentation protocols XMPP and XMPP is provided on the top. Wherein SSL/TLS is provided by an operating system, and SASL, XMPP and JINGLE are also provided by an application layer. For SASL, two important identifier authentication ids (authid) and authorization ids (userid) are included for user use. The authentication ID (authid) is a user ID used to authenticate a user, and the authentication ID (authid) grants the user system access. The authorization id (userid) is used to check whether the user is allowed to use a particular option.
Fig. 7 is a communication timing diagram of STL/SASL authentication between the client and the group of instant messaging servers, in S2 or S9 of fig. 6, a TCP secure communication channel based on STL/SASL authentication may be established between the communication initiator client and the group of instant messaging servers linked thereto, or between the receiver client and the group of instant messaging servers linked thereto, according to the communication timing steps shown in fig. 6:
firstly, a client and an instant messaging server group linked with the client carry out SSL/TLS security channel negotiation;
after the secure channel is negotiated, the user side and the instant messaging server group linked with the user side perform SASL simple authentication;
after the SASL authentication is passed, a secure transmission channel between the SASL and the SASL is established, and XMPP/JINGLE protocol data starts to be transmitted.
The SSL/TLS network security protocol is realized by using OPENSL with an operating system default, SASL simple authentication adopts a basic PLAIN mechanism, the user side transmits a user registration name and a hash value to the instant messaging server group, and the hash value is the hash value after the password is processed by SHA1, so that the security of data transmission of the instant messaging user side and the instant messaging server group is ensured.
In S8 of fig. 6, callback authentication between the groups of instant messaging servers may be performed according to the communication timing shown in fig. 8:
firstly, establishing a safe link channel between an instant messaging server group linked by an initiator user side and an instant messaging server group linked by a receiver user side;
secondly, the instant communication server group linked by the receiver user end returns an authentication session ID to the instant communication server group linked by the initiator user end;
the instant communication server group linked with the initiator user side sends an authentication session ID and an authentication secret key to the instant communication server group linked with the receiver user side;
establishing a safe link channel between the instant communication server group and the authentication server linked by the receiver user side;
the authentication server returns a verification session ID to the instant communication server group linked with the receiver user side;
sixthly, the instant communication server group linked with the receiver user side sends a verification session ID and an authentication key to the authentication server;
seventhly, the authentication server returns a verification result of the instant messaging server group linked with the receiver user side;
and allowing the instant messaging server group linked by the receiver user side to return the verification result to the instant messaging server group linked by the initiator user side.
The callback authentication mechanism is used for avoiding the situation that two instant messaging server groups use server cheating to forge information of a party in the communication process. Through callback authentication, an instant messaging server group can confirm that the instant messaging server group communicated with the instant messaging server group is legally authorized. The authentication server can provide a verification query to the initiating server, and the authentication server can be an independent server group or a server in the instant messaging system, or an instant messaging server group linked with the user end of the initiating party.
The real-time streaming media function related to the currently developed instant messaging tools in the market is a real-time streaming media service provided by a third-party real-time streaming media service provider, and safety and privacy risks exist. The other is to use a self-set transit server for transit in the instant messaging system, and the traditional transit streaming media service generally has two research and development ideas:
one idea is that the instant messaging server provides signaling control for connection session and video data forwarding, Client1 ← → instant messaging server ← → Client2 completes signaling control and video data forwarding.
Another idea is that the instant messaging server only provides signaling control for connecting sessions, and additionally adds an audio/video server for processing the video data of the Client, i.e. first, Client1 ← → instant messaging server ← → Client2 completes signaling control, then Client1 ← → streaming media server ← → instant messaging Client2 completes video data communication, and finally, the instant messaging server cancels the session link between the instant messaging Client1 and the instant messaging Client 2.
However, the above two conventional research and development ideas have two problems, one is that the resources of the server are greatly occupied under the condition of large user quantity, and the bandwidth of the server is occupied. Another is that the relay of the streaming media server causes a delay of real-time streaming media data, which results in a certain time delay for the user during real-time audio/video communication.
As shown in fig. 9, the instant messaging system is a system architecture for implementing P2P end-to-end real-time streaming media transmission based on the JINGLE protocol, the instant messaging server group provides XMPP/JINGLE service and STUN service, the two instant messaging server groups use TCP link and callback authentication mechanism for verification, and then the two clients use UDP-RTP and UDP-RTCP for data communication and flow control of real-time streaming media.
In practical applications, the user terminal is generally behind the NAT network translation of the ROUTER. To establish end-to-end real-time streaming media transmission, an initiator client needs to know a network link address of a receiver client, and in a general network environment, because of the existence of NAT network conversion of a Router ROUTER, if the initiator client does not have the help of an instant messaging server group, the initiator client cannot directly acquire the network link address of the receiver client, and needs the instant messaging server group to help the initiator client to acquire the network address.
For the ROUTER NAT network conversion equipment, according to different implementation mechanisms, the ROUTER NAT network conversion equipment can be divided into four types, namely Full Cone NAT, managed Cone NAT, Port managed Cone NAT and symmetry NAT in sequence. In order to implement end-to-end P2P real-time streaming media transmission, there are three following technical solutions of NAT network penetration, which are STUN, TURN, and ICE in sequence.
In S2-S14 of fig. 6, when both user terminals are in the intranet, an end-to-end direct communication channel is established according to the steps shown in fig. 10 to realize real-time streaming media communication:
firstly, a safe TCP channel based on STL/SASL verification is established between an initiator user side and an instant messaging server group linked with the initiator user side, a safe TCP channel is established between the instant messaging server group linked with the initiator user side and the instant messaging server group linked with a receiver user side through a callback authentication mechanism, a safe TCP channel based on STL/SASL verification is established between the receiver user side and the instant messaging server group linked with the receiver user side, and the establishment of the safe TCP channel transferred through the instant messaging server group is completed.
And after the XMPP/JINGLE service of the instant messaging server group sends out a signaling, the user terminal responds to the signaling and initiates a request for acquiring the candidate network address to the STUN service of the instant messaging server group linked with the user terminal, and the STUN service of the instant messaging server group acquires the candidate network address through the STUN penetration technology and returns the candidate network address to the user terminal. The client and the instant messaging server group XMPP/JINGLE service transmit the candidate network address of one client to the other client through a JINGLE signaling protocol. And finally, performing end-to-end connectivity detection on the two user sides, and after the connectivity detection is passed, starting data communication of real-time streaming media of UDP-RTP and UDP-RTCP by the two user sides under the control of a JINGLE signaling protocol of the XMPP/JINGLE service of the instant messaging server group.

Claims (8)

1. An instant messaging system, comprising:
the user side comprises different user terminals with the same registration name node;
the access point server distributes an accessible instant messaging server to the user terminal which newly applies for registration according to the registration request of the user terminal;
the instant communication server group links and identifies the user end according to the access request of the user end, and completes the end-to-end safe connection between the initiator user end and the receiver user end according to the instant communication request of the initiator user end linked with the user end;
the instant communication server group is a plurality of independent server groups of a distributed network architecture, each instant communication server group respectively bears and manages a plurality of user terminals, and a single instant communication server group adopts a spring group micro-service architecture and respectively comprises a gateway and the following parts hidden behind the gateway:
a service management unit including an Eureka server which provides a registration service for the service providing unit and the service calling unit, issues a list of various services in the service providing unit, and automatically detects a state thereof;
the service providing part comprises a plurality of processes independent services constructed around the instant messaging service, service data are divided into different data tables by adopting a horizontal database-dividing table-dividing structure, a common data table is stored in a redis cluster data buffer area, and an abnormal data table is stored in a mysql cluster data storage library with separated reading and writing and master-slave synchronization;
a service calling part for searching and calling various services provided by the service providing part and distributed in the service management part;
in the instant communication system, after STL/SASL verification between a user side and an instant communication server group and callback authentication between the instant communication server groups, XMPP/JINGLE application layer protocol data is transmitted by adopting TCP (transmission control protocol) transmission layer protocol communication, and an end-to-end direct connection safety channel is established; after the channel is established, the user terminals adopt UDP-RTP and UDP-RTCP protocols to carry out real-time streaming media data communication;
the instant communication system implements the following registration operations:
the access point server distributes an instant messaging server group with a unique domain name to the user side according to the registration request of the user side applying for registration;
the instant communication server group completes the link with the user terminal according to the access request of the user terminal applying for registration, and assigns an identification name to the user terminal, wherein the identification name comprises the domain name domain of the instant communication server group and the label resource of different user terminals with the same registration name;
the instant messaging system implements the following instant messaging end-to-end direct connection operations:
a TCP secure communication channel based on STL/SASL verification is established between an initiator user side and an instant messaging server group linked with the initiator user side;
the instant communication server group linked by the initiator user side judges whether the receiver user side is also linked under the instant communication server group according to the identification name of the receiver user side:
if yes, the instant communication server group directly acquires an external network IP address of a user end or penetrates an internal network, acquires a candidate network address of the user end and returns the candidate network address to the user end, the user ends of the two parties transmit the external network IP address or the candidate network address of the user end to the other party through the instant communication server group which is linked together, then end-to-end connectivity detection is carried out until the connection is achieved, and end-to-end UDP-RTP and UDP-RTCP instant communication is started;
if not, a TCP secure communication channel is established between two instant communication server groups respectively linked by the two user ends through callback authentication, a TCP secure communication channel based on STL/SASL is established between the receiver user end and the instant communication server group linked with the receiver user end, then the two instant communication server groups respectively acquire an external network IP address of the linked user end or acquire a candidate network address of the linked user end through an internal network and return to the user end, the two user ends transmit the candidate network address or IP address of the linked user end to the other user end through the instant communication server groups respectively linked with the two user ends, then end-to-end connectivity detection is carried out until the two user ends are communicated, and end-to-end UDP-RTP and UDP-RTCP instant communication is started.
2. The instant messaging system of claim 1, wherein the redis clustered data buffer comprises a twempy proxy server and a plurality of independent redis caches managed thereby.
3. The instant messaging system of claim 2, wherein the mysql clustered data store comprises a mycat read-write split proxy server, a master mysql database managed directly by the mycat read-write split proxy server, and a plurality of slave mysql databases managed by the HAProxy proxy server, the HAProxy proxy server being configured to balance loads among the plurality of slave mysql databases; the master mysql database is a writing database, the slave mysql database is a reading database, and data synchronization is carried out between the master mysql database and the slave mysql database and between the master mysql database and the redis cache.
4. The instant messaging system of claim 1, wherein the authentication server for callback authentication is an independent server or a group of servers in the instant messaging system, or is an instant messaging server group itself linked to the initiator client.
5. A registration method of an instant messaging system is characterized by comprising the following steps:
s1, the access point server distributes an instant communication server group with a unique domain name to the user end applying for registration according to the registration request of the user end;
s2, the instant communication server group completes the link with the user end according to the access request of the user end applying for registration, and assigns an identification name to the user end, the identification name contains the domain name domain of the instant communication server group, and the label resource of different user ends with the same registration name.
6. An end-to-end direct communication method of an instant messaging system, comprising:
s1, the instant communication server group linked with the initiator user side obtains the identification name of the receiver user side according to the received instant communication request of the initiator user side and the receiver user side;
s2, establishing TCP safety communication channel based on STL/SASL verification between the communication initiator user terminal and the instant communication server group linked with the communication initiator user terminal;
s3, the instant messaging server group linked by the initiator user determines whether the receiver user is also linked under the instant messaging server group according to the identifier of the receiver user:
if so, proceed to S4;
if not, the process proceeds to S8;
s4, the group of the instant messaging server linked by the two clients together judges whether the two clients are both under the external network:
if so, proceed to S5;
if not, the process proceeds to S6;
s5, the instant communication server group linked by the two user terminals obtains the external network IP addresses of the two users and transmits the addresses to the other user terminal, and the process goes to S14;
s6, the instant communication server group penetrates the intranet to obtain the candidate network address of the user end under the intranet linked with the intranet and return the candidate network address to the user end;
s7, the user end transmits the candidate network address or outer IP address to the other end through the instant communication server group linked together, and then the process goes to S14;
s8, the instant communication server groups linked by the two user terminals establish a TCP secure communication channel between the instant communication server groups through callback authentication;
s9, a TCP secure communication channel based on STL/SASL verification is established between the receiver user side and the instant communication server group linked with the receiver user side;
s10, the instant communication server group linked with both user terminals respectively judges whether the user terminal linked with the both user terminals is under the external network:
if both the user terminals are under the external network, the process goes to S11;
if not, the process proceeds to S12;
s11, the instant communication server groups of both parties receive the external network IP address of the user end linked with the user end and transmit the external network IP address to the other party through the instant communication server group linked with the other party, and the process goes to S14;
s12, the instant communication server group penetrates the intranet to obtain the user terminal candidate network address linked with the intranet and return the network address to the user terminal;
s13, the client of both parties transmits the candidate network address or IP address of the client to the other party through the instant communication server group linked with the client of both parties;
s14, the user ends of the two parties start to carry out connectivity detection between end to end until the two parties are communicated;
s15, starting instant communication with end-to-end direct communication between two user ends;
and S16, the instant communication is finished, and the end-to-end direct connection is disconnected between the two user sides.
7. The method of claim 6, wherein in step S2 or S9, a TCP secure communication channel based on STL/SASL authentication is established between the client of the communication initiator and the group of the instant communication servers linked thereto, or between the client of the receiver and the group of the instant communication servers linked thereto, according to the following steps:
the client and the instant communication server group linked with the client carry out SSL/TLS security channel negotiation;
after the secure channel is negotiated, the user side and the instant messaging server group linked with the user side perform SASL simple authentication;
after the SASL authentication is passed, a secure transmission channel between the SASL authentication and the SASL is established, and XMPP/JINGLE protocol data starts to be transmitted.
8. The method of claim 6, wherein in S8, the group of instant messaging servers linked by both clients dial-back authentication comprises the following steps:
establishing a safe link channel between the instant communication server group linked by the initiator user side and the instant communication server group linked by the receiver user side;
the instant communication server group linked by the receiver user end returns an authentication session ID to the instant communication server group linked by the initiator user end;
the instant communication server group linked with the initiator user side sends an authentication session ID and an authentication key to the instant communication server group linked with the receiver user side;
the instant communication server group and the authentication server linked by the receiver user side establish a safe link channel;
the authentication server transmits a verification session ID back to the instant communication server group linked with the receiver user side;
the instant communication server group linked with the receiver user side sends a verification session ID and an authentication key to the authentication server;
the authentication server returns a verification result of the instant messaging server group linked to the receiver user side;
and the instant communication server group linked with the receiver user side returns the verification result to the instant communication server group linked with the initiator user side.
CN202110080305.8A 2021-01-21 2021-01-21 Instant communication system and communication method Active CN112866091B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110080305.8A CN112866091B (en) 2021-01-21 2021-01-21 Instant communication system and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110080305.8A CN112866091B (en) 2021-01-21 2021-01-21 Instant communication system and communication method

Publications (2)

Publication Number Publication Date
CN112866091A true CN112866091A (en) 2021-05-28
CN112866091B CN112866091B (en) 2022-09-13

Family

ID=76008543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110080305.8A Active CN112866091B (en) 2021-01-21 2021-01-21 Instant communication system and communication method

Country Status (1)

Country Link
CN (1) CN112866091B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101237422A (en) * 2007-01-30 2008-08-06 张雪云 Organization instant messaging system and method
US7466810B1 (en) * 2004-12-20 2008-12-16 Neltura Technology, Inc. Distributed system for sharing of communication service resources between devices and users
CN102075456A (en) * 2011-02-25 2011-05-25 中国科学院计算技术研究所 Group creating and member adding method in distributed domain management system
CN104821909A (en) * 2015-04-22 2015-08-05 北京云艾科技有限公司 Peer-to-peer data transmission method and system
WO2016161857A1 (en) * 2015-04-09 2016-10-13 北京易掌云峰科技有限公司 Multi-tenant high-concurrency instant messaging cloud platform
CN108123912A (en) * 2016-11-28 2018-06-05 央视国际网络无锡有限公司 A kind of micro services system for supporting P2P
CN111211971A (en) * 2020-01-03 2020-05-29 西安新能技术有限公司 Cluster type instant message system supporting internet inquiry service and implementation method thereof

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7466810B1 (en) * 2004-12-20 2008-12-16 Neltura Technology, Inc. Distributed system for sharing of communication service resources between devices and users
CN101237422A (en) * 2007-01-30 2008-08-06 张雪云 Organization instant messaging system and method
CN102075456A (en) * 2011-02-25 2011-05-25 中国科学院计算技术研究所 Group creating and member adding method in distributed domain management system
WO2016161857A1 (en) * 2015-04-09 2016-10-13 北京易掌云峰科技有限公司 Multi-tenant high-concurrency instant messaging cloud platform
CN104821909A (en) * 2015-04-22 2015-08-05 北京云艾科技有限公司 Peer-to-peer data transmission method and system
CN108123912A (en) * 2016-11-28 2018-06-05 央视国际网络无锡有限公司 A kind of micro services system for supporting P2P
CN111211971A (en) * 2020-01-03 2020-05-29 西安新能技术有限公司 Cluster type instant message system supporting internet inquiry service and implementation method thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
丁忠等: "多服务器分布式即时通讯系统模型的设计", 《微计算机信息》 *
陈伟等: "基于XMPP的iOS客户端和服务器通信设计与实现", 《青岛大学学报(工程技术版)》 *

Also Published As

Publication number Publication date
CN112866091B (en) 2022-09-13

Similar Documents

Publication Publication Date Title
US9077738B1 (en) Systems and methods for setting up a collaborative communication system
US20070100944A1 (en) Uniform resource identifier decoration to enable connectivity for instant messaging providers serving non-authoritative namespaces
US9432408B2 (en) Signalling gateway, method, computer program and computer program product for communication between HTTP and SIP
US20030126213A1 (en) Establishing direct instant messaging communication between wireless devices
Leggio et al. Session initiation protocol deployment in ad-hoc networks: a decentralized approach
US8665860B2 (en) Relay device and method for continuing service
WO2014029276A1 (en) Communication method and device
US8489695B2 (en) Proxy communications on a social network
WO2014014909A1 (en) Control system for conferencing applications in named-data networks
US9473316B2 (en) Resource consumption reduction via meeting affinity
US20040034705A1 (en) Connecting devices in a data network
US20110238810A1 (en) System and method for state management based on instant messaging platform
WO2018192241A1 (en) Server deployment structure and method for implementing inter-network communication
CN112866091B (en) Instant communication system and communication method
US9667614B1 (en) Systems and methods for setting up a collaborative communication system
CN109639565B (en) Decentralized instant messaging multi-service node interconnection and intercommunication system
WO2017185934A1 (en) Management device and method for managing device
EP2671366B1 (en) Determining a location address for shared data
CN111491007A (en) SIP center signaling control service load balancing method and load balancer thereof
CN109120578B (en) Method and device for realizing link connection processing
CN110753071B (en) Information acquisition method and device
US20150200980A1 (en) Hybrid Client/Server Online Conference Session Management
CN110677417A (en) Anti-crawler system and method
CN113497790B (en) Data transmission method and system based on gatekeeper and computer storage medium
US20070010272A1 (en) Gateway between a push-to-talk type network and a second telecommunications network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant