CN113315853A - Cloud protection node scheduling method, system and storage medium - Google Patents

Cloud protection node scheduling method, system and storage medium Download PDF

Info

Publication number
CN113315853A
CN113315853A CN202110578577.0A CN202110578577A CN113315853A CN 113315853 A CN113315853 A CN 113315853A CN 202110578577 A CN202110578577 A CN 202110578577A CN 113315853 A CN113315853 A CN 113315853A
Authority
CN
China
Prior art keywords
alias
domain name
protection
node
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110578577.0A
Other languages
Chinese (zh)
Other versions
CN113315853B (en
Inventor
李雅苹
范渊
杨勃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN202110578577.0A priority Critical patent/CN113315853B/en
Publication of CN113315853A publication Critical patent/CN113315853A/en
Application granted granted Critical
Publication of CN113315853B publication Critical patent/CN113315853B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a cloud protection node scheduling method, a system and a storage medium, wherein the method comprises the following steps: when receiving a domain name resolution request sent by a client, a DNS (domain name system) management system extracts a protection domain name in the domain name resolution request and resolves a first alias by using a first alias record corresponding to the protection domain name; the first alias is a domain name alias exclusive to the protection domain name; analyzing the second alias by using a second alias record corresponding to the first alias, and determining a plurality of node IP addresses establishing a binding relationship with the second alias; and inputting the node IP address into a cloud protection node scheduling algorithm, determining an available target node IP address, and sending the target node IP address to the client so that the client sends the data sent to the protection domain name to the cloud protection node corresponding to the target node IP address. The method uniformly schedules the IP addresses of the plurality of cloud protection nodes, can effectively ensure the availability of the nodes, and further avoids the problem that a source station cannot be accessed due to the fact that a single node is offline.

Description

Cloud protection node scheduling method, system and storage medium
Technical Field
The invention relates to the field of cloud protection, in particular to a cloud protection node scheduling method, a cloud protection node scheduling system and a storage medium.
Background
With the continuous enhancement of network security awareness, more and more network stations select to access the source station to the cloud protection platform, and the cloud protection platform is utilized to perform network attack defense. In the related technology, a user sets a domain name alias for a protection domain name to be protected, and points the domain name alias to a node IP address of a cloud protection node, so that other clients can firstly obtain the node IP address through a DNS management system and send data sent to the protection domain name to the node IP address, so that the data is sent to a source station IP address to which the protection domain name points originally after being detected by the attack of the cloud protection node. However, when the cloud protection node has abnormal service or when the node IP address is forbidden by the operator, the data sent to the protection domain name cannot reach the server corresponding to the source station IP address, so that the client cannot access the source station, and normal operation of the source station is affected.
Disclosure of Invention
The invention aims to provide a cloud protection node scheduling method, a cloud protection node scheduling system and a storage medium, which can uniformly schedule node IP addresses of a plurality of cloud protection nodes, and can return the node IP addresses to a client sending a domain name resolution request after the cloud protection nodes corresponding to the node IP addresses are ensured to be available, so that the cloud protection nodes can be effectively ensured to be effective and reliable, and the problem that a source station cannot access a site due to the fact that a single node is offline is avoided.
In order to solve the technical problem, the invention provides a cloud protection node scheduling method, which comprises the following steps:
when receiving a domain name resolution request sent by a client, a DNS (domain name system) management system extracts a protection domain name in the domain name resolution request and resolves a first alias by using a first alias record corresponding to the protection domain name; the first alias is a domain name alias exclusive to the protection domain name;
analyzing a second alias by using a second alias record corresponding to the first alias, and determining a plurality of node IP addresses establishing a binding relationship with the second alias;
and inputting the node IP address into a cloud protection node scheduling algorithm, determining an available target node IP address, and sending the target node IP address to the client, so that the client sends the data sent to the protection domain name to the cloud protection node corresponding to the target node IP address.
Optionally, before the DNS management system receives the domain name resolution request sent by the client, the method further includes:
when a configuration request is received by a cloud protection management platform, extracting a protection domain name to be configured and a corresponding first alias to be configured from the configuration request, setting a first alias record of the protection domain name to be configured to point to the first alias to be configured, and determining a main domain name of the protection domain name to be configured;
judging whether other protection domain names belonging to the main domain name are configured;
if so, searching a second alias corresponding to the main domain name, and setting a second alias record of the first alias to be configured as a second alias corresponding to the main domain name;
if not, determining the number of main domain names corresponding to each second alias, and setting the second alias record of the first alias to be configured as the second alias with the minimum number of the main domain names;
and writing the first alias record of the protection domain name to be configured and the second alias record of the first alias to be configured into the DNS management system.
Optionally, after determining the number of the main domain names corresponding to each of the second aliases, the method further includes:
the cloud protection management platform judges whether the minimum value in the number of the main domain names is greater than or equal to a preset threshold value or not;
if so, generating alarm information, and sending the alarm information to an alarm server so that the alarm server executes alarm operation;
and if not, executing the step of setting the second alias record of the first alias to be configured as the second alias with the minimum number of the main domain names.
Optionally, after writing the first alias record of the protection domain name to be configured and the second alias record of the first alias to be configured into the DNS management system, the method further includes:
when receiving a domain name removing request, the cloud protection management platform sets a protection domain name in the domain name removing request as a protection domain name to be removed, and determines a first alias to be removed by using a first alias record of the protection domain name to be removed;
and the cloud protection management platform removes the first alias record corresponding to the to-be-removed protection domain name and the second alias record of the to-be-removed first alias in the DNS management system.
Optionally, after the DNS management system receives a domain name resolution request sent by a client, the method further includes:
the DNS management system extracts a source IP address in the domain name resolution request;
correspondingly, the cloud protection node scheduling algorithm determines the target node IP address according to the running condition of the cloud protection node corresponding to the node IP address, and the region information and/or the operator information of the source address.
The invention also provides a cloud protection node scheduling system, which comprises: a DNS management system and a cloud guard node, wherein,
the DNS management system is used for extracting a protection domain name in a domain name resolution request when receiving the domain name resolution request sent by a client, and resolving a first alias by using a first alias record corresponding to the protection domain name; the first alias is a domain name alias exclusive to the protection domain name; analyzing a second alias by using a second alias record corresponding to the first alias, and determining a plurality of node IP addresses establishing a binding relationship with the second alias; inputting the node IP address into a cloud protection node scheduling algorithm, determining an available target node IP address, and sending the target node IP address to the client, so that the client sends data sent to the protection domain name to a cloud protection node corresponding to the target node IP address;
and the cloud protection node is used for carrying out attack detection on the data sent by the client to the protection domain name.
Optionally, the method further comprises: a cloud protection management platform, wherein,
the cloud protection management platform is used for extracting a to-be-configured protection domain name and a corresponding to-be-configured first alias from a configuration request when the configuration request is received, setting a first alias record of the to-be-configured protection domain name to point to the to-be-configured first alias, and determining a main domain name of the to-be-configured protection domain name; judging whether other protection domain names belonging to the main domain name are configured; if so, searching a second alias corresponding to the main domain name, and setting a second alias record of the first alias to be configured as a second alias corresponding to the main domain name; if not, determining the number of main domain names corresponding to each second alias, and setting the second alias record of the first alias to be configured as the second alias with the minimum number of the main domain names; writing the first alias record of the protection domain name to be configured and the second alias record of the first alias to be configured into the DNS management system;
the DNS management system is further configured to save the received first alias record and the second alias record.
Optionally, the method further comprises: an alert server, wherein,
the cloud protection management platform is further used for judging whether the minimum value in the number of the main domain names is greater than or equal to a preset threshold value or not; if so, generating alarm information, and sending the alarm information to an alarm server so that the alarm server executes alarm operation; if not, executing the step of setting the second alias record of the first alias to be configured as the second alias with the minimum number of the main domain names;
and the alarm server is used for executing alarm operation when the alarm information is received.
Alternatively,
the cloud protection management platform is further used for setting a protection domain name in the domain name removal request as a protection domain name to be removed when the domain name removal request is received, and determining a first alias to be removed by using the first alias record of the protection domain name to be removed; in the DNS management system, the first alias record corresponding to the guard domain name to be removed and the second alias record of the first alias to be removed are removed.
The present invention also provides a storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of the cloud protection node scheduling method according to any of the above embodiments are implemented.
The invention provides a cloud protection node scheduling method, which comprises the steps that when a domain name resolution request sent by a client is received by a DNS (domain name system), a protection domain name in the domain name resolution request is extracted, and a first alias is resolved by using a first alias record corresponding to the protection domain name; the first alias is a domain name alias exclusive to the protection domain name; analyzing a second alias by using a second alias record corresponding to the first alias, and determining a plurality of node IP addresses establishing a binding relationship with the second alias; and inputting the node IP address into a cloud protection node scheduling algorithm, determining an available target node IP address, and sending the target node IP address to the client, so that the client sends the data sent to the protection domain name to the cloud protection node corresponding to the target node IP address.
The method includes the steps that a plurality of node IP addresses are uniformly scheduled by using a second alias, when a DNS management system analyzes a first alias corresponding to a protection domain name in a domain name resolution request, the second alias corresponding to the first alias is further determined, and the DNS management system can input the node IP addresses into a cloud protection node scheduling algorithm to detect the availability of the node IP addresses and send the target node IP addresses to a client after determining the available target node IP addresses, so that the availability of the cloud protection nodes corresponding to the target node IP addresses can be ensured firstly, and effective attack detection can be carried out on data sent by the client; meanwhile, as the second alias is bound with a plurality of node IP addresses, when a certain node IP address is abnormal and cannot be used, other normal node IP addresses can be switched to carry out attack detection, the problem that a source station cannot access a site due to the fact that attack detection is carried out by adopting a single node IP address in the related technology can be effectively avoided, and the effectiveness and the reliability of the cloud protection node attack detection function are finally improved. The invention also provides a cloud protection node scheduling system and a storage medium, and the cloud protection node scheduling system and the storage medium have the beneficial effects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a cloud protection node scheduling method according to an embodiment of the present invention;
fig. 2 is a flowchart of adding a protection domain name to a cloud protection management platform according to an embodiment of the present invention;
fig. 3 is a flowchart of deleting a protection domain name by the cloud protection management platform according to the embodiment of the present invention;
fig. 4a is a block diagram of a cloud protection node scheduling system according to an embodiment of the present invention;
fig. 4b is a block diagram of another cloud protection node scheduling system according to an embodiment of the present invention;
fig. 4c is a block diagram of a structure of another cloud protection node scheduling system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the related technology, a user sets a domain name alias for a protection domain name to be protected, and points the domain name alias to a node IP address of a cloud protection node, so that other clients can firstly obtain the node IP address through a DNS management system and send data sent to the protection domain name to the node IP address, so that the data is sent to a source station IP address to which the protection domain name points originally after being detected by the attack of the cloud protection node. However, when the cloud protection node has abnormal service or when the node IP address is forbidden by the operator, the data sent to the protection domain name cannot reach the server corresponding to the source station IP address, so that the client cannot access the source station, and normal operation of the source station is affected. In view of this, the present invention provides a cloud protection node scheduling method, which can uniformly schedule node IP addresses of a plurality of cloud protection nodes, and return a node IP address to a client sending a domain name resolution request after ensuring that a cloud protection node corresponding to the node IP address is available, so as to effectively ensure that the cloud protection node is effective and reliable, and further avoid a problem that a source station cannot access a site due to offline of a single node. Referring to fig. 1, fig. 1 is a flowchart of a cloud protection node scheduling method according to an embodiment of the present invention, where the method includes:
s101, when a domain name resolution request sent by a client is received by a DNS (domain name system) management system, extracting a protection domain name in the domain name resolution request, and resolving a first alias by using a first alias record corresponding to the protection domain name; the first alias is a domain alias exclusive to the protection domain name.
A domain name alias (CNAME) is a domain name used to set a mapping relationship between domain names or between a domain name and an IP address. In the embodiment of the invention, the domain name subjected to attack protection by the cloud protection node is the protection domain name, and the first alias is the domain name alias used for mapping to the cloud protection node IP address. It is understood that the first alias is a domain alias specific to the guard domain, in other words, the corresponding relationship between the first alias and the guard domain is one-to-one.
It should be noted that, the embodiment of the present invention does not limit the specific form of the guard domain name, and may refer to the related technology of the network domain name specifically. It is understood that the guard domain name is a domain name provided by the user to the cloud guard node service provider, and the content of the domain name can be freely set by the user. The embodiment of the invention also does not limit the specific form of the first alias, and the first alias can be freely set as the protection domain name. First, it can be understood that, since the first alias serves as mapping to the cloud protection node, the main domain name of the first alias may be set as the main domain name of the cloud protection node server; in addition, for ease of management, the first alias may further set content associated with the guard domain name. For example, when the primary domain name of the cloud guard node facilitator is yunfanghu.com and the guard domain name is www.abc.com, the first alias of the guard domain name may be set to abc-com. Of course, if the protection domain name is example. Further, in order to improve the degree of specification of the first alias for efficient management, the protection domain name may also be adjusted using a uniform naming template to obtain the first alias. It should be noted that, the embodiment of the present invention does not limit the specific naming template, and can be flexibly adjusted according to the actual application situation.
Further, it is understood that the specific content of the first alias record is a mapping relationship between the defense domain name and the first alias. The embodiment of the present invention does not limit the specific form of the first alias record, and may refer to the related technology of the domain Name system (dns) (domain Name system). The invention also does not limit the specific form and content of the domain name resolution request, and can refer to the related technology of the DNS domain name system.
S102, analyzing the second alias by using the second alias record corresponding to the first alias, and determining a plurality of node IP addresses establishing a binding relationship with the second alias.
In the related art, since the first alias directly points to the node IP address, after the DNS management system obtains the first alias through resolution, the DNS management system directly returns the node IP address corresponding to the first alias to the client, so that the client sends data addressed to the protection domain name to the node IP address. However, when the cloud protection node corresponding to the node IP address is unavailable or the node IP address is forbidden by the operator, the data sent to the node IP address by the client cannot be further sent to the IP address of the protection domain name source station, which results in that the source station cannot work normally; similarly, because the node IP address is unavailable, the client cannot trace the IP address of the protection domain name source station through the node IP address, and the source station cannot access the node. In the embodiment of the invention, the first alias does not directly point to the node IP address but points to the second alias, a plurality of node IP addresses are bound under the second alias, and the DNS management system selects available node IP addresses from the node IP addresses and sends the available node IP addresses to the client, so that the availability of the cloud protection node can be effectively ensured, and the condition that the protection domain name source station cannot access the site due to the failure of the cloud protection node is further avoided.
It should be noted that the second alias is also a domain name alias, and the content thereof can be flexibly adjusted according to the actual application requirement. It is to be understood that the second alias is a private domain name alias for the scheduling node IP address, and thus the specific content of the second alias may be related to the main domain name of the cloud protection node facilitator. For example, the primary domain name of the cloud protection node facilitator is yunfanghu.com, and the second alias may be second. The embodiment of the present invention also does not limit the number of the second aliases, and the number can be set according to the actual application requirements. It is to be understood that when the second alias has a plurality, sorting may be performed in naming the second alias, for example, second1.yunfanghu.com, second2.yunfanghu.com … … second n.
Further, it is understood that, in order to improve the utilization rate of the second alias, a plurality of first aliases may be set to point to the same second alias, in other words, the number correspondence between the first alias and the second alias is many-to-one. It will also be appreciated that an upper mapping limit may be set for the second alias, i.e. there may only be a limited number of first aliases pointing to the same second alias. It should be noted that, the embodiment of the present invention does not limit the specific value of the mapping upper limit, and may be set according to the actual application requirement. Of course, since the protection domain names with the same main domain name are usually from the same company, for example, example1.abc.com, example2.abc.com, and example3.abc.com all have the same main domain name abc.com, and the main domain name is usually from the same company, in order to effectively manage the protection domain name of the same company, the second alias may also set an upper mapping limit related to the main domain name, that is, the second alias can only be pointed to by a limited number of main domain names. For example, for the guarded domain names example1.abc.com, example2.abc.com, their first alias is example1-abc-com. yunfanghu. com example2-abc-com. yunfanghu. com, both of which point to the second alias second name third name second name yunfanghu. com, since the guarded domain names all have the same main domain name abc.com, the number of main domain names corresponding to the second alias second name third name second name third name; for another example, for the guardian domains example, example 1.com, example 2c.com, the first alias thereof is example-abc1-com.yunfanghu.com, example-abc2-com.yunfanghu.com, both of which point to the second alias of second. In order to effectively manage the guard domain name of the same company, in the embodiment of the invention, the second alias can set the upper mapping limit related to the main domain name, namely, the second alias can only be pointed to by a limited number of main domain names. It should be noted that, the embodiment of the present invention does not limit the specific value of the mapping upper limit corresponding to each second alias, and the mapping upper limit may be set according to the actual application requirement.
Further, the embodiment of the present invention does not limit the number of the node IP addresses bound by each second alias, and can be set according to the actual application requirements. The invention also does not limit the specific way of determining the IP address of the node establishing the binding relationship with the second alias, for example, the determination can be performed through a (address) record, and the related technology of the DNS can be referred to.
S103, inputting the node IP address into a cloud protection node scheduling algorithm, determining an available target node IP address, and sending the target node IP address to the client, so that the client sends the data sent to the protection domain name to the cloud protection node corresponding to the target node IP address.
It should be noted that the embodiment of the present invention does not limit the specific implementation manner and process of the cloud protection node scheduling algorithm, as long as the algorithm can select an available target node IP address from the input node IP addresses. It can be understood that, in order to ensure that the node IP address is available, the algorithm may use a network diagnostic tool (ping, Packet Internet group) to perform access diagnosis on the node IP address, and may also obtain the operation conditions of the cloud protection node, such as information of normal operation or abnormal operation of the cloud protection service, specific occupation rates of computing resources (CPU, hard disk, and the like), and determine whether the cloud protection node is operating normally according to the operation conditions, so as to determine the available node IP address. Because the specific operation condition of the cloud protection node can effectively reflect the working condition of the cloud protection node as a whole, in the embodiment of the invention, the cloud protection node scheduling algorithm can determine the IP address of the target node according to the operation condition of the cloud protection node corresponding to the IP address of the node.
Further, considering that a cloud protection node may be set with a plurality of regions and operators, in order to further increase the speed of accessing a protection domain name source station by a client, when the DNS management system acquires a domain name resolution request, the DNS management system may further extract a source IP address in the request (i.e., an IP address corresponding to the client), and further determine a node IP address that can be quickly accessed by the client from available node IP addresses according to region information corresponding to the source IP address, belonging operator information, or a combination of the region information and the operator information.
In one possible case, after the DNS management system receives a domain name resolution request sent by a client, the method further includes:
step 11: the DNS management system extracts the source IP address in the domain name resolution request.
Correspondingly, the cloud protection node scheduling algorithm determines the IP address of the target node according to the running condition of the cloud protection node corresponding to the IP address of the node, and the region information and/or the operator information of the source address.
Finally, it should be noted that the embodiment of the present invention does not limit the specific DNS management system, as long as the above functions can be implemented, and the specific DNS management system or the DNS management device may refer to the related technology of the DNS.
Based on the embodiment, the method uses the second alias to uniformly schedule the plurality of node IP addresses, when the DNS management system analyzes the first alias corresponding to the protection domain name in the domain name resolution request, the DNS management system further determines the second alias corresponding to the first alias, and because the second alias is bound with the plurality of node IP addresses, the DNS management system can input the node IP addresses into a cloud protection node scheduling algorithm to detect the availability of the node IP addresses, and sends the target node IP addresses to the client after determining the available target node IP addresses, so that the availability of the cloud protection nodes corresponding to the target node IP addresses can be ensured firstly, and the effective attack detection can be carried out on data sent by the client; meanwhile, as the second alias is bound with a plurality of node IP addresses, when a certain node IP address is abnormal and cannot be used, other normal node IP addresses can be switched to carry out attack detection, the problem that a source station cannot access a site due to the fact that attack detection is carried out by adopting a single node IP address in the related technology can be effectively avoided, and the effectiveness and the reliability of the cloud protection node attack detection function are finally improved.
Based on the above embodiments, it can be understood that in order for the DNS management system to resolve the corresponding node IP address according to the protection domain name, the first alias record and the second alias record of the protection domain name need to be set in the DNS management system. Before the DNS management system receives a domain name resolution request sent by a client, the following may also include:
s201, when receiving a configuration request, a cloud protection management platform extracts a protection domain name to be configured and a corresponding first alias to be configured from the configuration request, sets a first alias record of the protection domain name to be configured to point to the first alias to be configured, and determines a main domain name of the protection domain name to be configured.
In an embodiment of the present invention, the provisioning function of the first alias record and the second alias record may be implemented by a cloud protection management platform, which is a separate platform independent of the DNS management system. It should be noted that, the embodiment of the present invention does not limit the specific hardware structure of the cloud protection management platform, as long as the embodiment of the present invention can complete the corresponding function, and the setting can be performed according to the actual application requirement.
Further, it may be understood that the configuration request is a request for setting the first alias record and the second alias record, the request may be manually input on the cloud protection management platform, or may be sent to the cloud protection management platform by a user through a client, and a generation and sending manner of the configuration request information is not limited in the embodiment of the present invention. Further, in order to effectively set the alias record, the configuration request at least comprises a protection domain name to be configured and a corresponding first alias to be configured; certainly, in order to further set the cloud protection node related to the protection domain name to be configured, the configuration request may also include the source site IP address corresponding to the protection domain name to be configured, so that after the cloud protection management platform completes the setting of the first alias record and the second alias record, the source site IP address of the protection domain name to be configured may be written into the corresponding cloud protection node.
Further, it should be noted that the embodiment of the present invention does not limit the specific manner of determining the main domain name of the protection domain name to be configured, and may refer to the related technology of the domain name.
S202, judging whether other protection domain names belonging to the main domain name are configured or not; if yes, go to step S203; if not, the process proceeds to step S204.
Considering that the protection domain names having the same main domain name usually come from the same company, in order to effectively manage the protection domain names, in the embodiment of the present invention, the protection domain names having the same main domain name are uniformly managed by using the same second alias, so that the purpose of this step is to find whether other protection domain names are configured under the main domain name to which the protection domain name to be configured belongs, and if so, point the first alias of the protection domain name to be configured to the second alias corresponding to the other protection domain names.
S203, searching a second alias corresponding to the main domain name, and setting a second alias record of the first alias to be configured as the second alias corresponding to the main domain name.
S204, determining the number of the main domain names corresponding to each second alias, and setting the second alias record to be configured with the first alias as the second alias with the minimum number of the main domain names.
When the main domain name of the protection domain name to be configured does not have the set protection domain name, the cloud protection management platform determines the number of the main domain name corresponding to each second alias, so as to allocate the protection domain name to be configured to the second alias with the minimum number of the main domain names, thereby ensuring the load balance of each second alias. It is to be understood that when there are a plurality of second aliases having the smallest number of main domain names, one of these second aliases may be selected in a certain order for setting.
Further, if the cloud protection management platform needs to re-determine the number of the main domain names corresponding to the second alias every time the to-be-configured defense domain name is set, the setting efficiency will be reduced, so that a corresponding counter can be set for each second alias to record the number of times the second alias is consumed, and after the step of setting the second alias record to be configured with the first alias to point to the second alias with the smallest number of the main domain names is completed every time, the counter of the corresponding second alias is incremented by one, so that the cloud protection management platform can quickly determine the number of the main domain names corresponding to the second alias only by reading the counter value.
Further, in the embodiment of the present invention, in order to ensure that each second alias only serves a limited number of main domain names, a corresponding main domain name upper limit may be set for the second alias, and after determining the main domain name number corresponding to each second alias, it may be further determined whether the minimum value of the main domain name numbers is greater than the main domain name upper limit. If yes, all the second aliases can be determined to be full, and then corresponding alarm operation can be executed so as to remind management personnel to carry out capacity expansion. It should be noted that, the embodiment of the present invention does not limit the specific numerical value of the upper limit of the number of the main domain names corresponding to each second alias, and the upper limit of the number of the main domain names may be set according to the actual application requirement; the embodiment of the invention also does not limit the specific alarm operation, such as displaying alarm information and playing alarm audio and video; of course, the alarm information may also be generated and sent to the alarm server, so that the alarm server performs the above-mentioned alarm operation. In order to effectively manage the cloud protection node scheduling system and definitely divide the specific functions of each device, in the embodiment of the invention, the cloud protection management platform can generate alarm information and send the alarm information to the alarm server so that the alarm server executes the alarm operation.
In one possible case, after determining the number of primary domain names corresponding to each second alias, the method may further include:
step 21: the cloud protection management platform judges whether the minimum value in the number of the main domain names is greater than or equal to a preset threshold value or not; if yes, go to step 22; if not, go to step 23.
It should be noted that the preset threshold becomes the upper limit of the number of main domain names. Certainly, in order to further improve the management efficiency of the administrator, an early warning threshold may also be set, so that the cloud protection management platform executes a corresponding early warning operation when determining that the minimum value in the number of the main domain names reaches the early warning threshold. It should be noted that the limited description of the warning operation in the present invention is consistent with the above-mentioned limited description of the warning operation.
Step 22: and generating alarm information and sending the alarm information to an alarm server so that the alarm server executes alarm operation.
Step 23: and executing the step of setting the second alias record of the first alias to be configured to point to the second alias with the minimum number of the main domain names.
S205, writing the first alias record of the protection domain name to be configured and the second alias record of the first alias to be configured into the DNS management system.
Further, it can be understood that the cloud protection management platform may also delete the configured protection domain name, and delete the deleted protection domain name in the first alias record and the second alias record in the DNS management system.
In one possible case, after writing the first alias record to be configured with the guard domain name and the second alias record to be configured with the first alias into the DNS management system, the method may further include:
step 31: when receiving a domain name removing request, the cloud protection management platform sets a protection domain name in the domain name removing request as a protection domain name to be removed, and determines a first alias to be removed by using a first alias record of the protection domain name to be removed;
step 32: the cloud protection management platform removes a first alias record corresponding to the protection domain name to be removed and a second alias record corresponding to the first alias to be removed in the DNS management system.
It should be noted that if a counter for recording the number of the main domain names is provided for each second alias, when the protection domain name is removed, the cloud protection management platform also needs to determine whether other protection domain names which are not removed are configured under the main domain name corresponding to the defense domain name to be removed, and if so, the protection domain name to be removed, the corresponding first alias record and the corresponding second alias record are directly removed; if not, the counter of the second alias corresponding to the protection domain name to be removed needs to be decreased by one, and the protection domain name to be removed and the corresponding first alias record and second alias record need to be removed.
Based on the above embodiment, the method can realize effective setting and management of the protection domain name through the cloud protection management platform, and write the corresponding first alias record and second alias record into the DNS management system in the process of setting the protection domain name, so that the DNS management system can perform effective resolution according to the first alias record and the second alias record.
Referring to fig. 2, fig. 2 is a flowchart illustrating a process of setting a protection domain name by a cloud protection management platform, where the process includes:
1. when receiving a configuration request, a cloud protection management platform extracts a protection domain name to be configured and a corresponding first alias to be configured from the configuration request, sets a first alias record of the protection domain name to be configured to point to the first alias to be configured, and determines a main domain name of the protection domain name to be configured;
2. judging whether other protection domain names belonging to the main domain name are configured; if yes, entering step 3; if not, entering the step 4;
3. searching a second alias corresponding to the main domain name, setting a second alias record of the first alias to be configured as a second alias corresponding to the main domain name, and finally exiting the process;
4. acquiring the number of main domain names corresponding to each second alias, and judging whether the minimum value in the number of the main domain names is greater than or equal to an alarm threshold value or not; if yes, entering step 5; if not, entering step 6;
5. generating alarm information, sending the alarm information to an alarm server so that the alarm server executes alarm operation, and entering step 8;
6. judging whether the minimum value in the number of the main domain names is greater than or equal to an early warning threshold value or not; if yes, entering step 7; if not, entering step 8; wherein the early warning threshold is smaller than the warning threshold;
5. generating early warning information, sending the early warning information to an alarm server so that the alarm server executes early warning operation, and entering step 8;
8. setting a second alias record to be configured with the first alias to point to a second alias with the minimum number of the main domain names, adding one to the number of the main domain names corresponding to the second alias,
9. and writing a first alias record of the protection domain name to be configured and a second alias record of the first alias to be configured into the DNS management system.
Referring to fig. 3, fig. 3 is a flowchart illustrating a cloud protection management platform deleting a protection domain name according to an embodiment of the present invention, where the flowchart may include:
1. when receiving a domain name removing request, the cloud protection management platform sets a protection domain name in the domain name removing request as a protection domain name to be removed, and determines a first alias to be removed by using a first alias record of the protection domain name to be removed;
2. judging whether the main domain name of the protection domain name to be removed is configured with other undeleted protection domain names; if yes, entering step 3; if not, entering the step 4;
3. reducing the number of the main domain names of the second alias corresponding to the main domain name by one, and entering the step 4;
4. in the DNS management system, a first alias record corresponding to the protection domain name to be removed and a second alias record corresponding to the first alias to be removed are removed.
In the following, the cloud protection node scheduling system and the storage medium provided by the embodiments of the present invention are introduced, and the cloud protection node scheduling system and the storage medium described below and the cloud protection node scheduling method described above may be referred to correspondingly.
Referring to fig. 4a, fig. 4a is a block diagram of a cloud protection node scheduling system according to an embodiment of the present invention, where the system includes: a DNS management system 401 and a cloud guard node 402, wherein,
the DNS management system 401 is configured to, when receiving a domain name resolution request sent by a client, extract a protection domain name in the domain name resolution request, and resolve a first alias by using a first alias record corresponding to the protection domain name; the first alias is a domain name alias exclusive to the protection domain name; analyzing the second alias by using a second alias record corresponding to the first alias, and determining a plurality of node IP addresses establishing a binding relationship with the second alias; inputting the node IP address into a cloud protection node scheduling algorithm, determining an available target node IP address, and sending the target node IP address to the client, so that the client sends data sent to the protection domain name to a cloud protection node 402 corresponding to the target node IP address;
and the cloud protection node 402 is configured to perform attack detection on data sent by the client to the protection domain name.
Optionally, referring to fig. 4b, fig. 4b is a block diagram of a structure of another cloud protection node scheduling system provided in the embodiment of the present invention, where the system may further include: a cloud protection management platform 403, wherein,
the cloud protection management platform 403 is configured to, when receiving the configuration request, extract the to-be-configured protection domain name and the corresponding to-be-configured first alias from the configuration request, set the first alias record of the to-be-configured protection domain name to point to the to-be-configured first alias, and determine a main domain name of the to-be-configured protection domain name; judging whether other protection domain names belonging to the main domain name are configured; if so, searching a second alias corresponding to the main domain name, and setting a second alias record of the first alias to be configured as a second alias corresponding to the main domain name; if not, determining the number of main domain names corresponding to each second alias, and setting a second alias record to be configured with the first alias as a second alias with the minimum number of the main domain names; writing a first alias record of the protection domain name to be configured and a second alias record of the first alias to be configured into the DNS management system 401;
the DNS management system 401 is further configured to save the received first alias record and the second alias record.
Optionally, referring to fig. 4c, fig. 4c is a block diagram of a structure of another cloud protection node scheduling system according to an embodiment of the present invention, where the system may further include: the alert server 404 may, among other things,
the cloud protection management platform 403 is further configured to determine whether a minimum value in the number of the main domain names is greater than or equal to a preset threshold value; if so, generating alarm information and sending the alarm information to the alarm server 404 so that the alarm server executes alarm operation; if not, executing a step of setting a second alias record of the first alias to be configured as a second alias with the minimum number of the main domain names;
and an alarm server 404 for performing an alarm operation upon receiving the alarm information.
Optionally, the cloud protection management platform 403 is further configured to, when receiving the domain name removal request, set the protection domain name in the domain name removal request as the to-be-removed protection domain name, and determine, by using the first alias record of the to-be-removed protection domain name, the first alias to be removed; in the DNS management system 401, the first alias record corresponding to the guard domain name to be removed and the second alias record from which the first alias is to be removed are removed.
Optionally, the DNS management system 401 is further configured to extract a source IP address in a domain name resolution request when receiving the domain name resolution request sent by the client;
correspondingly, the cloud protection node scheduling algorithm in the DNS management system 401 determines the target node IP address according to the operating condition of the cloud protection node corresponding to the node IP address, and the regional information and/or the operator information to which the source address belongs.
The embodiment of the present invention further provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps of the cloud protection node scheduling method according to any of the above embodiments are implemented.
Since the embodiment of the storage medium portion corresponds to the embodiment of the cloud protection node scheduling method portion, for the embodiment of the storage medium portion, reference is made to the description of the embodiment of the cloud protection node scheduling method portion, and details are not described here for the moment.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The cloud protection node scheduling method, the cloud protection node scheduling system and the storage medium provided by the invention are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.

Claims (10)

1.A cloud protection node scheduling method is characterized by comprising the following steps:
when receiving a domain name resolution request sent by a client, a DNS (domain name system) management system extracts a protection domain name in the domain name resolution request and resolves a first alias by using a first alias record corresponding to the protection domain name; the first alias is a domain name alias exclusive to the protection domain name;
analyzing a second alias by using a second alias record corresponding to the first alias, and determining a plurality of node IP addresses establishing a binding relationship with the second alias;
and inputting the node IP address into a cloud protection node scheduling algorithm, determining an available target node IP address, and sending the target node IP address to the client, so that the client sends the data sent to the protection domain name to the cloud protection node corresponding to the target node IP address.
2. The cloud protection node scheduling method according to claim 1, before the DNS management system receives the domain name resolution request sent by the client, further comprising:
when a configuration request is received by a cloud protection management platform, extracting a protection domain name to be configured and a corresponding first alias to be configured from the configuration request, setting a first alias record of the protection domain name to be configured to point to the first alias to be configured, and determining a main domain name of the protection domain name to be configured;
judging whether other protection domain names belonging to the main domain name are configured;
if so, searching a second alias corresponding to the main domain name, and setting a second alias record of the first alias to be configured as a second alias corresponding to the main domain name;
if not, determining the number of main domain names corresponding to each second alias, and setting the second alias record of the first alias to be configured as the second alias with the minimum number of the main domain names;
and writing the first alias record of the protection domain name to be configured and the second alias record of the first alias to be configured into the DNS management system.
3. The cloud protection node scheduling method of claim 2, wherein after determining the number of primary domain names corresponding to each of the second aliases, the method further comprises:
the cloud protection management platform judges whether the minimum value in the number of the main domain names is greater than or equal to a preset threshold value or not;
if so, generating alarm information, and sending the alarm information to an alarm server so that the alarm server executes alarm operation;
and if not, executing the step of setting the second alias record of the first alias to be configured as the second alias with the minimum number of the main domain names.
4. The cloud protection node scheduling method according to claim 2, wherein after writing the first alias record of the protection domain name to be configured and the second alias record of the first alias to be configured into the DNS management system, the method further comprises:
when receiving a domain name removing request, the cloud protection management platform sets a protection domain name in the domain name removing request as a protection domain name to be removed, and determines a first alias to be removed by using a first alias record of the protection domain name to be removed;
and the cloud protection management platform removes the first alias record corresponding to the to-be-removed protection domain name and the second alias record of the to-be-removed first alias in the DNS management system.
5. The cloud protection node scheduling method according to claim 1, wherein after the DNS management system receives a domain name resolution request sent by a client, the method further comprises:
the DNS management system extracts a source IP address in the domain name resolution request;
correspondingly, the cloud protection node scheduling algorithm determines the target node IP address according to the running condition of the cloud protection node corresponding to the node IP address, and the region information and/or the operator information of the source address.
6. A cloud protection node scheduling system, comprising: a DNS management system and a cloud guard node, wherein,
the DNS management system is used for extracting a protection domain name in a domain name resolution request when receiving the domain name resolution request sent by a client, and resolving a first alias by using a first alias record corresponding to the protection domain name; the first alias is a domain name alias exclusive to the protection domain name; analyzing a second alias by using a second alias record corresponding to the first alias, and determining a plurality of node IP addresses establishing a binding relationship with the second alias; inputting the node IP address into a cloud protection node scheduling algorithm, determining an available target node IP address, and sending the target node IP address to the client, so that the client sends data sent to the protection domain name to a cloud protection node corresponding to the target node IP address;
and the cloud protection node is used for carrying out attack detection on the data sent by the client to the protection domain name.
7. The cloud protection node scheduling system of claim 6, further comprising: a cloud protection management platform, wherein,
the cloud protection management platform is used for extracting a to-be-configured protection domain name and a corresponding to-be-configured first alias from a configuration request when the configuration request is received, setting a first alias record of the to-be-configured protection domain name to point to the to-be-configured first alias, and determining a main domain name of the to-be-configured protection domain name; judging whether other protection domain names belonging to the main domain name are configured; if so, searching a second alias corresponding to the main domain name, and setting a second alias record of the first alias to be configured as a second alias corresponding to the main domain name; if not, determining the number of main domain names corresponding to each second alias, and setting the second alias record of the first alias to be configured as the second alias with the minimum number of the main domain names; writing the first alias record of the protection domain name to be configured and the second alias record of the first alias to be configured into the DNS management system;
the DNS management system is further configured to save the received first alias record and the second alias record.
8. The cloud protection node scheduling system of claim 7, further comprising: an alert server, wherein,
the cloud protection management platform is further used for judging whether the minimum value in the number of the main domain names is greater than or equal to a preset threshold value or not; if so, generating alarm information, and sending the alarm information to an alarm server so that the alarm server executes alarm operation; if not, executing the step of setting the second alias record of the first alias to be configured as the second alias with the minimum number of the main domain names;
and the alarm server is used for executing alarm operation when the alarm information is received.
9. The cloud protection node scheduling system of claim 7,
the cloud protection management platform is further used for setting a protection domain name in the domain name removal request as a protection domain name to be removed when the domain name removal request is received, and determining a first alias to be removed by using the first alias record of the protection domain name to be removed; in the DNS management system, the first alias record corresponding to the guard domain name to be removed and the second alias record of the first alias to be removed are removed.
10. A storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the cloud guard node scheduling method according to any one of claims 1 to 5.
CN202110578577.0A 2021-05-26 2021-05-26 Cloud protection node scheduling method, system and storage medium Active CN113315853B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110578577.0A CN113315853B (en) 2021-05-26 2021-05-26 Cloud protection node scheduling method, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110578577.0A CN113315853B (en) 2021-05-26 2021-05-26 Cloud protection node scheduling method, system and storage medium

Publications (2)

Publication Number Publication Date
CN113315853A true CN113315853A (en) 2021-08-27
CN113315853B CN113315853B (en) 2023-03-24

Family

ID=77374951

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110578577.0A Active CN113315853B (en) 2021-05-26 2021-05-26 Cloud protection node scheduling method, system and storage medium

Country Status (1)

Country Link
CN (1) CN113315853B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143332A (en) * 2021-11-03 2022-03-04 阿里巴巴(中国)有限公司 Content delivery network CDN-based processing method, electronic device and medium
CN114629874A (en) * 2022-02-28 2022-06-14 天翼安全科技有限公司 Cloud protection node switching method, system, equipment and medium of source station server

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574508B1 (en) * 2002-08-07 2009-08-11 Foundry Networks, Inc. Canonical name (CNAME) handling for global server load balancing
US20140283106A1 (en) * 2013-03-14 2014-09-18 Donuts Inc. Domain protected marks list based techniques for managing domain name registrations
US8886750B1 (en) * 2011-09-28 2014-11-11 Amazon Technologies, Inc. Alias resource record sets
CN109413220A (en) * 2018-09-03 2019-03-01 中新网络信息安全股份有限公司 A method of it is accessed in a manner of alias in DDOS cloud guard system and DNS is avoided to propagate
CN109450841A (en) * 2018-09-03 2019-03-08 中新网络信息安全股份有限公司 A kind of Large Scale DDoS Attack detection and system of defense and defence method based on the on-demand linkage pattern of cloud+end equipment
CN109688242A (en) * 2018-12-27 2019-04-26 深信服科技股份有限公司 A kind of cloud guard system and method
US20200106790A1 (en) * 2018-09-28 2020-04-02 Fireeye, Inc. Intelligent system for mitigating cybersecurity risk by analyzing domain name system traffic
CN112100477A (en) * 2020-09-07 2020-12-18 北京视界云天科技有限公司 Multi-cloud scheduling method and device, computer equipment and storage medium
CN112769769A (en) * 2020-12-24 2021-05-07 网根(南京)网络中心有限公司 DNS alias resolution method and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574508B1 (en) * 2002-08-07 2009-08-11 Foundry Networks, Inc. Canonical name (CNAME) handling for global server load balancing
US8886750B1 (en) * 2011-09-28 2014-11-11 Amazon Technologies, Inc. Alias resource record sets
US20140283106A1 (en) * 2013-03-14 2014-09-18 Donuts Inc. Domain protected marks list based techniques for managing domain name registrations
CN109413220A (en) * 2018-09-03 2019-03-01 中新网络信息安全股份有限公司 A method of it is accessed in a manner of alias in DDOS cloud guard system and DNS is avoided to propagate
CN109450841A (en) * 2018-09-03 2019-03-08 中新网络信息安全股份有限公司 A kind of Large Scale DDoS Attack detection and system of defense and defence method based on the on-demand linkage pattern of cloud+end equipment
US20200106790A1 (en) * 2018-09-28 2020-04-02 Fireeye, Inc. Intelligent system for mitigating cybersecurity risk by analyzing domain name system traffic
CN109688242A (en) * 2018-12-27 2019-04-26 深信服科技股份有限公司 A kind of cloud guard system and method
CN112100477A (en) * 2020-09-07 2020-12-18 北京视界云天科技有限公司 Multi-cloud scheduling method and device, computer equipment and storage medium
CN112769769A (en) * 2020-12-24 2021-05-07 网根(南京)网络中心有限公司 DNS alias resolution method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143332A (en) * 2021-11-03 2022-03-04 阿里巴巴(中国)有限公司 Content delivery network CDN-based processing method, electronic device and medium
CN114629874A (en) * 2022-02-28 2022-06-14 天翼安全科技有限公司 Cloud protection node switching method, system, equipment and medium of source station server

Also Published As

Publication number Publication date
CN113315853B (en) 2023-03-24

Similar Documents

Publication Publication Date Title
US9300623B1 (en) Domain name system cache integrity check
CN107229555B (en) Identification generation method and device
US11586673B2 (en) Data writing and reading method and apparatus, and cloud storage system
US9501345B1 (en) Method and system for creating enriched log data
CN113315853B (en) Cloud protection node scheduling method, system and storage medium
CN109302498B (en) Network resource access method and device
CN107656695B (en) Data storage and deletion method and device and distributed storage system
US9954815B2 (en) Domain name collaboration service using domain name dependency server
CN111711716B (en) Domain name resolution method, device and equipment and readable storage medium
CN111585887B (en) Communication method and device based on multiple networks, electronic equipment and storage medium
CN108427619B (en) Log management method and device, computing equipment and storage medium
CN112333289A (en) Reverse proxy access method, device, electronic equipment and storage medium
CN113810230A (en) Method, device and system for carrying out network configuration on containers in container cluster
CN110677475A (en) Micro-service processing method, device, equipment and storage medium
US10944714B1 (en) Multi-factor domain name resolution
CN107819754B (en) Anti-hijacking method, monitoring server, terminal and system
CN114465791A (en) Method and device for establishing white list in network management equipment, storage medium and processor
CN111198756A (en) Application scheduling method and device of kubernets cluster
US8972604B1 (en) Network address retention and assignment
JP2006236040A (en) Distributed server failure response program, server load distribution device and method
CN114553771B (en) Method for virtual router loading and related equipment
CN109347766B (en) Resource scheduling method and device
CN113905092B (en) Method, device, terminal and storage medium for determining reusable agent queue
CN115065664A (en) Internet protocol address recovery method, electronic equipment and storage medium
CN111541675B (en) Network security protection method, device and equipment based on white list

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant