CN113949730A

CN113949730A - Communication method and device of equipment

Info

Publication number: CN113949730A
Application number: CN202010606981.XA
Authority: CN
Inventors: 石磊
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2020-06-29
Filing date: 2020-06-29
Publication date: 2022-01-18

Abstract

The embodiment of the application provides a device communication method and device, which can be applied to an SD-WAN (secure digital-to-WAN), wherein the SD-WAN can comprise a management controller, at least one first access gateway and at least one second access gateway, the management controller can establish a corresponding communication link between the first access gateway and the second access gateway and acquire the communication quality sent by the first access gateway and the second access gateway, and when communication is abnormal, the communication link between the first access gateway and the second access gateway can be adjusted to switch the gateways, so that the abnormal maintenance cost of the SD-WAN is reduced while the communication quality between devices in the SD-WAN is ensured.

Description

Communication method and device of equipment

Technical Field

The present application relates to the field of communications technologies, and in particular, to a communication method for a device and a communication apparatus for a device.

Background

SD-WAN (Software-Defined WAN) is a service formed by applying SDN (Software Defined Network) technology to a wide area Network scenario, and the service is used for connecting enterprise networks, data centers, internet applications, and cloud services in a wide geographic range. Different branches of an enterprise, a data center or a cloud can be effectively connected through the SD-WAN, and data interoperability of the different branches of the enterprise is greatly improved. However, in the SD-WAN, since a common protocol is used for communication, a situation that data flow is limited is likely to occur, and when communication is abnormal, a communication protocol needs to be checked, which is likely to bring a large maintenance cost, and greatly affects communication quality.

Disclosure of Invention

The technical problem to be solved by the embodiments of the present application is to provide a communication method for devices, so as to solve the problems of poor communication quality and high maintenance cost in the communication process between the devices in the prior art.

Correspondingly, the embodiment of the application also provides a communication device of the equipment, which is used for ensuring the realization and the application of the method.

In order to solve the above problem, an embodiment of the present application discloses a communication method of a device, which is applied to a management controller, where the management controller is in communication connection with at least one first access gateway and at least one second access gateway, and the method includes:

sending the communication address of the second access gateway to a first target access gateway;

acquiring a gateway detection result sent by the first target access gateway, wherein the gateway detection result is obtained by the first target access gateway performing link quality detection on the second access gateway according to the communication address;

determining a second target access gateway from the second access gateways according to the gateway detection result;

determining communication configuration information aiming at the first target access gateway and the second target access gateway, and sending the communication configuration information to the first target access gateway and the second target access gateway;

the communication configuration information is used for establishing communication connection between the first target access gateway and the second target access gateway.

Optionally, the determining communication configuration information for the first target access gateway and the second target access gateway, and sending the communication configuration information to the first target access gateway and the second target access gateway includes:

acquiring a target gateway identifier of the second target access gateway and tunnel information aiming at the first target access gateway and the second target access gateway;

generating first communication configuration information aiming at the first target access gateway by adopting the target gateway identification and the tunnel identification;

using the tunnel information as second communication configuration information for the second target access gateway;

and sending the first communication configuration information to the first target access gateway, and sending the second communication configuration information to the second target access gateway.

Optionally, the tunnel information includes at least one of a tunnel identifier, a protocol type, a forward error correction identifier, a security indicator identifier, and a key matching the security indicator identifier.

Optionally, the determining, by the gateway detection result, a second target access gateway from each second access gateway according to the gateway detection result includes:

and determining a second target access gateway from the second access gateway by adopting the link quality detection result.

Optionally, the method further comprises:

acquiring a communication quality message sent by the first target access gateway;

and determining a new second target access gateway from the second access gateways according to the communication quality message.

Optionally, the determining, by the second access gateway, a new second target access gateway from the second access gateways according to the communication quality message includes:

and when the packet loss rate is greater than or equal to a preset threshold value, determining a new second target access gateway from the second access gateways.

and when the time delay information is greater than or equal to a preset threshold value, determining a new second target access gateway from the second access gateways.

The embodiment of the application also discloses a communication method of the device, which is applied to a first access gateway, wherein the first access gateway is in communication connection with a management controller, the management controller is in communication connection with at least one second access gateway, and the method comprises the following steps:

acquiring a communication address of the second access gateway sent by the management server;

according to the communication address, the second access gateway performs link quality detection and generates a gateway detection result aiming at the second access gateway;

sending the gateway detection result to the management server, and acquiring communication configuration information aiming at the gateway detection result sent by the management server;

and determining a second target access gateway according to the communication configuration information, and establishing communication connection with the second target access gateway.

Optionally, the determining, according to the communication configuration information, a second target access gateway and establishing a communication connection with the second target access gateway includes:

determining a second target access gateway corresponding to the target gateway identifier;

and establishing communication connection with the second target access gateway by adopting the tunnel information.

Optionally, the tunnel information includes a tunnel identifier and a protocol type, and establishing a communication connection with the second target access gateway by using the tunnel information includes:

determining a communication tunnel link corresponding to the tunnel identifier;

according to the protocol type, sending a connection request message to the second target access gateway through the communication tunnel link;

acquiring a first response message aiming at the connection request message and sent by the second target access gateway through the communication tunnel link, wherein the first response message comprises a first timestamp, a first IP address and first port information of the second target access gateway;

determining a second response message for the first response message, wherein the second response message comprises a second timestamp for the first timestamp, a second IP address and second port information of the first access gateway, and a message MD5 value corresponding to the second response message;

and sending the second response message to the second target access gateway through the communication tunnel link, and establishing communication connection with the second target access gateway.

Optionally, the method further comprises:

sending a communication detection message to the second target access gateway through the communication tunnel link, and acquiring communication quality information aiming at the detection message sent by the second target access gateway;

and sending the communication quality information to the management controller.

Optionally, the tunnel information further includes a security indicator and a key matching with the security indicator, and the method further includes:

acquiring a first data frame aiming at the second target access gateway;

when the safety indication mark indicates an encryption mode, encrypting the first data frame by adopting the key to generate a second data frame;

and sending the second data frame to the second target access gateway through the communication tunnel link.

Optionally, the tunnel information further includes a forward error correction identifier, and the method further includes:

acquiring a third data frame aiming at the second target access gateway;

when the forward error correction identifier indicates that a forward error correction mode is started, generating a redundant packet for the third data frame;

and sending the third data frame and the redundant packet to the second target access gateway through the communication tunnel link.

Optionally, the performing, by the second access gateway, link quality detection according to the communication address, and generating a gateway detection result for the second access gateway includes:

adopting the communication address to respectively carry out link quality detection on each second access gateway to generate a link quality detection result;

and generating a gateway detection result aiming at each second access gateway by adopting the link quality detection result.

Optionally, the first access gateway includes a software client, and the software client is installed in a user terminal, and the method further includes:

generating a communication request message in response to a user operation acting on the user terminal;

sending the communication request message to the management controller.

Optionally, the first access gateway includes a physical device, and the method further includes:

generating a communication request message in response to a user operation acting on the hardware device;

sending the communication request message to the management controller.

The embodiment of the application also discloses a communication method of the device, which is applied to a second access gateway, wherein the second access gateway is in communication connection with a management controller, the management controller is in communication connection with at least one first access gateway, and the method comprises the following steps:

sending a link quality detection result to a first target access gateway;

when the link quality detection result indicates that the port of the second access gateway meets the communication condition, acquiring communication configuration information sent by the management controller, wherein the communication configuration information is information generated by the management controller according to the gateway detection result sent by the first target access gateway;

and establishing communication connection with the first target access gateway according to the communication configuration information.

Optionally, the establishing a communication connection with the first target access gateway according to the communication configuration information includes:

determining a communication tunnel link corresponding to the tunnel identifier;

acquiring a connection request message sent by the first target access gateway through the communication tunnel link, wherein the connection request message is a message sent by the first target access gateway according to the protocol type;

determining a first response message for the connection request message;

sending the first response message to the first target access gateway through the communication tunnel link, and acquiring a second response message which is sent by the first target access gateway and aims at the first response message;

and establishing communication connection with the first target access gateway by adopting the second response message.

Optionally, the determining a first response message for the connection request message includes:

acquiring a first timestamp, a first IP address and first port information;

and generating a first response message aiming at the first target access gateway by adopting the first timestamp, the first IP address and the first port information.

Optionally, the second response message includes a second timestamp corresponding to the first timestamp, a second IP address and second port information of the first target access gateway, and a message MD5 value corresponding to the second response message; the establishing a communication connection with the first target access gateway by using the second response message includes:

acquiring a current timestamp;

when the second timestamp and the current timestamp are successfully matched, calculating a target MD5 value for the second response message by using the second timestamp, the second IP address and the second port information;

when the target MD5 value is successfully matched with the message MD5 value, generating an identifier for the first target access gateway in a preset connection list;

and according to the identification, configuring the second IP address and the second port information in the connection list.

acquiring a second data frame sent by the first target access gateway;

and when the safety indication mark indicates an encryption mode, decrypting the second data frame by using the key to obtain a first data frame.

acquiring a third data frame and a redundant packet sent by the first target access gateway;

and when the forward error correction identifier indicates that a forward error correction mode is started, restoring the received current data frame by using the redundant packet to obtain the third data frame.

Optionally, the method further comprises:

acquiring a communication detection message sent by the first target access gateway through the communication tunnel link;

carrying out in-band detection on the communication tunnel link by adopting the communication detection message, and generating communication quality information;

and sending the communication quality information to the first target access gateway through the communication tunnel link.

The embodiment of the application discloses a communication device of equipment, which is applied to a management controller, wherein the management controller is in communication connection with at least one first access gateway and at least one second access gateway, and the device comprises:

a communication address sending module, configured to send a communication address of the second access gateway to a first target access gateway;

a gateway detection result obtaining module, configured to obtain a gateway detection result sent by the first target access gateway, where the gateway detection result is obtained by performing link quality detection on the second access gateway by the first target access gateway according to the communication address;

a second access gateway determining module, configured to determine a second target access gateway from the second access gateways according to the gateway detection result;

a communication configuration information sending module, configured to determine communication configuration information for the first target access gateway and the second target access gateway, and send the communication configuration information to the first target access gateway and the second target access gateway;

Optionally, the communication configuration information sending module includes:

an identification and information acquisition submodule, configured to acquire a target gateway identification of the second target access gateway and tunnel information for the first target access gateway and the second target access gateway;

a first communication configuration information generation submodule, configured to generate first communication configuration information for the first target access gateway by using the target gateway identifier and the tunnel identifier;

a second communication configuration information generation submodule, configured to use the tunnel information as second communication configuration information for the second target access gateway;

and the communication configuration information sending submodule is used for sending the first communication configuration information to the first target access gateway and sending the second communication configuration information to the second target access gateway.

Optionally, the gateway detection result includes a link quality detection result for the second access gateway, and the second access gateway determining module is specifically configured to:

Optionally, the method further comprises:

a communication quality message obtaining module, configured to obtain a communication quality message sent by the first target access gateway;

and the second access gateway changing module is used for determining a new second target access gateway from the second access gateway according to the communication quality message.

Optionally, the communication quality message includes a packet loss rate, and the second access gateway changing module is specifically configured to:

Optionally, the communication quality message includes time delay information, and the second access gateway changing module is specifically configured to:

The embodiment of the present application further discloses a communication device of an apparatus, which is applied to a first access gateway, the first access gateway is in communication connection with a management controller, the management controller is in communication connection with at least one second access gateway, and the device includes:

a communication address obtaining module, configured to obtain a communication address of the second access gateway sent by the management server;

the link quality detection module is used for detecting the link quality of the second access gateway according to the communication address and generating a gateway detection result aiming at the second access gateway;

the communication configuration information acquisition module is used for sending the gateway detection result to the management server and acquiring the communication configuration information aiming at the gateway detection result sent by the management server;

and the communication connection establishing module is used for determining a second target access gateway according to the communication configuration information and establishing communication connection with the second target access gateway.

Optionally, the communication configuration information is first communication configuration information, and includes a target gateway identifier and tunnel information, and the communication connection establishing module includes:

a second access gateway determining submodule, configured to determine a second target access gateway corresponding to the target gateway identifier;

and the communication connection establishing submodule is used for establishing communication connection with the second target access gateway by adopting the tunnel information.

Optionally, the tunnel information includes a tunnel identifier and a protocol type, and the communication connection establishing sub-module is specifically configured to:

determining a communication tunnel link corresponding to the tunnel identifier;

Optionally, the method further comprises:

a communication quality detection module, configured to send a communication detection message to the second target access gateway through the communication tunnel link, and obtain communication quality information, which is sent by the second target access gateway and is for the detection message;

and the communication quality information sending module is used for sending the communication quality information to the management controller.

Optionally, the tunnel information further includes a security indication identifier and a key matching with the security indication identifier, and the apparatus further includes:

a first data frame obtaining module, configured to obtain a first data frame for the second target access gateway;

the data frame encryption module is used for encrypting the first data frame by adopting the secret key to generate a second data frame when the safety indication mark indicates an encryption mode;

and the second data frame sending module is used for sending the second data frame to the second target access gateway through the communication tunnel link.

Optionally, the tunnel information further includes a forward error correction identifier, and the apparatus further includes:

a third data frame obtaining module, configured to obtain a third data frame for the second target access gateway;

a redundant packet generating module, configured to generate a redundant packet for the third data frame when the forward error correction flag indicates that a forward error correction mode is turned on;

and the data frame sending module is used for sending the third data frame and the redundant packet to the second target access gateway through the communication tunnel link.

Optionally, the link quality detection module is specifically configured to:

Optionally, the first access gateway includes a software client, and the software client is installed in a user terminal, and the apparatus further includes:

a first communication request message generation module, configured to generate a communication request message in response to a user operation acting on the user terminal;

and the first communication request message sending module is used for sending the communication request message to the management controller.

Optionally, the first access gateway includes a physical device, and the apparatus further includes:

a second communication request message generation module, configured to generate a communication request message in response to a user operation acting on the hardware device;

and the second communication request message sending module is used for sending the communication request message to the management controller.

The embodiment of the present application further discloses a communication device of an apparatus, which is applied to a second access gateway, the second access gateway is in communication connection with a management controller, the management controller is in communication connection with at least one first access gateway, and the device includes:

a link quality detection result sending module, configured to send a link quality detection result to the first target access gateway;

a communication configuration information obtaining module, configured to obtain, when the link quality detection result indicates that the port of the second access gateway meets a communication condition, communication configuration information sent by the management controller, where the communication configuration information is information generated by the management controller according to a gateway detection result sent by the first target access gateway;

and the communication connection establishing module is used for establishing communication connection with the first target access gateway according to the communication configuration information.

Optionally, the communication configuration information is second communication configuration information, and includes tunnel information, where the tunnel information includes a tunnel identifier and a protocol type, and the communication connection establishing module includes:

a communication tunnel link determining submodule for determining a communication tunnel link corresponding to the tunnel identifier;

a connection request message obtaining sub-module, configured to obtain, through the communication tunnel link, a connection request message sent by the first target access gateway, where the connection request message is a message sent by the first target access gateway according to the protocol type;

a first response message determining sub-module, configured to determine a first response message for the connection request message;

a second response message obtaining sub-module, configured to send the first response message to the first target access gateway through the communication tunnel link, and obtain a second response message, which is sent by the first target access gateway and is directed to the first response message;

and the communication connection establishing submodule is used for establishing communication connection with the first target access gateway by adopting the second response message.

Optionally, the first response message determining sub-module is specifically configured to:

acquiring a first timestamp, a first IP address and first port information;

Optionally, the second response message includes a second timestamp corresponding to the first timestamp, a second IP address and second port information of the first target access gateway, and a message MD5 value corresponding to the second response message; the communication connection establishing submodule is specifically configured to:

acquiring a current timestamp;

a second data frame obtaining module, configured to obtain a second data frame sent by the first target access gateway;

and the data frame decryption module is used for decrypting the second data frame by adopting the key to obtain the first data frame when the safety indication identifier indicates an encryption mode.

the data acquisition module is used for acquiring a third data frame and a redundant packet sent by the first target access gateway;

and the data frame restoring module is used for restoring the received current data frame by adopting the redundant packet to obtain the third data frame when the forward error correction identifier indicates that a forward error correction mode is started.

Optionally, the method further comprises:

a communication detection message obtaining module, configured to obtain a communication detection message sent by the first target access gateway through the communication tunnel link;

a communication quality information generating module, configured to perform in-band detection on the communication tunnel link by using the communication detection message, and generate communication quality information;

and the communication quality information sending module is used for sending the communication quality information to the first target access gateway through the communication tunnel link.

The embodiment of the application also discloses an electronic device, which comprises:

one or more processors; and

one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the electronic device to perform the method as described above.

One or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause the processors to perform the methods described above, are also disclosed.

The embodiment of the application has the following advantages:

in the embodiment of the application, the method and the device can be applied to the SD-WAN, and the SD-WAN may include a management controller, at least one first access gateway and at least one second access gateway, so that the management controller may establish a corresponding communication link between the first access gateway and the second access gateway, and acquire the communication quality sent by the first access gateway and the second access gateway, and when communication is abnormal, the communication link between the first access gateway and the second access gateway may be adjusted to switch the gateways, thereby reducing the maintenance cost of the SD-WAN abnormality while ensuring the communication quality between the devices in the SD-WAN.

Drawings

Fig. 1 is a flowchart of the steps of a first embodiment of a method of communication of a device of the present application;

FIG. 2 is a schematic diagram of the SD-WAN architecture in an embodiment of the present application;

fig. 3 is a flowchart of the steps of a second embodiment of a method of communication of a device of the present application;

fig. 4 is a flowchart of the steps of a third embodiment of a method of communication of a device of the present application;

FIG. 5 is a schematic diagram of device communication in an embodiment of the present application;

FIG. 6 is a schematic diagram of SAG certification in the embodiment of the present application;

FIG. 7 is a block diagram of a first embodiment of a communications device of an apparatus of the present application;

fig. 8 is a block diagram of a second embodiment of a communication device of an apparatus of the present application;

fig. 9 is a block diagram of a third embodiment of a communication device of an apparatus according to the present application.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description.

For an SD-WAN, it may include a first access gateway, a second access gateway, and a management controller. The management controller may perform network control on the SD-WAN for the slave control layer, and the first access gateway and the second access gateway may perform data forwarding on the SD-WAN for the slave forwarding layer, and so on. Specifically, the first Access Gateway may be an SAG (intelligent Access Gateway), the SAG may include a physical device and a software client, the physical device may be deployed in an office or a data center of a user and used to Access a user network and a service provider network, and the software client may be installed in a user terminal (including a mobile terminal, a personal computer, and the like) and used to Access the user terminal and the service provider network; the second access gateway may be a cloud server access gateway (hereinafter, cloud access gateway) through which communication with a cloud server deployed in the network is possible.

The management controller may configure a communication link between the SAG and the cloud access gateway, for example, a communication link may be established between the SAG and the cloud access gateway for the physical device using standard IKE and IPSEC protocols; and establishing a communication link between the SAG of the software client and the cloud access gateway by adopting an OpenVPN protocol.

The management controller may be an SD-WAN controller, which may perform centralized management on the network control right of the SD-WAN, for example, for the first router, the second router, the third router, and the like, each corresponds to a controller for controlling the network of the router, and in the SD-WAN network, the first router, the second router, and the third router may be controlled by the SD-WAN to perform centralized management on the network of the first router, the second router, and the third router. Specifically, in the SD-WAN, the SD-WAN controller may be configured in a software-defined manner, so that the hardware device is generalized and simplified in a manner of controlling hardware by software, and the SD-WAN controller has the advantages of uniform interface management, uniform communication link configuration, simple deployment, and the like.

Alternatively, the SD-WAN controller may be an application program for controlling the SD-WAN network, which may be installed and run in a management terminal (e.g., a mobile terminal, a tablet computer, a PC terminal, etc.), in which an administrator may configure the SD-WAN network through the SD-WAN controller, and at the same time, the SD-WAN controller may provide a communication link diagram of network connection, so that the administrator can intuitively know the communication relationship between each device in the SD-WAN, manage the communication between the devices, and the like. It should be noted that the SD-WAN controller may be an Application program, and may also be a console, an API (Application Programming Interface), a cloud monitoring platform, and the like, which exist in a software form, and the Application is not limited to this.

After the corresponding communication link is established, the user terminal can access to the cloud in a one-stop mode through the SAG, so that data in the cloud can be inquired, acquired, processed and the like, and data different-place synchronous processing, data real-time processing and the like are achieved.

However, in the networking process of the SD-WAN, due to the adoption of the public protocol, the situations of blocking and limiting the public protocol are easily caused, and due to the limitations of the IPSEC and OpenVPN protocols, the network optimization expansion function is poor, the maintenance cost at the cloud access gateway side is high, and the communication quality of the SD-WAN is greatly affected.

Therefore, one of the core concepts of the embodiment of the application is that the private protocols are used for establishing communication links between the SAG and the cloud access gateway and between the cloud access gateway and the cloud access gateway through the management controller, so that on one hand, communication connection protocols between the SAG at the user side and the cloud access gateway and between the cloud access gateway and the cloud access gateway are unified, operation and maintenance complexity is greatly simplified, on the other hand, through cooperation between the management controller and the SAG and the cloud access gateway, communication abnormity is favorably checked, the maintenance cost at the gateway side is reduced, and the communication quality of the SD-WAN is greatly improved.

The communication of devices in the SD-WAN is described below from the perspective of the management controller, the first access gateway, and the second access gateway, respectively. The private protocol may be a protocol running over a transmission Control protocol tcp (transmission Control protocol)/user Datagram protocol udp (user Datagram protocol), has a device identifier, can encapsulate any type of data packet, and supports header extension.

Referring to fig. 1, a flowchart illustrating steps of a first embodiment of a communication method of a device according to the present application is shown, and is applied to a management controller, where the management controller is in communication connection with at least one first access gateway and at least one second access gateway, and specifically includes the following steps:

step 101, sending a communication address of the second access gateway to a first target access gateway;

102, acquiring a gateway detection result sent by the first target access gateway, wherein the gateway detection result is obtained by the first target access gateway performing link quality detection on the second access gateway according to the communication address;

step 103, determining a second target access gateway from the second access gateway according to the gateway detection result;

step 104, determining communication configuration information aiming at the first target access gateway and the second target access gateway, and sending the communication configuration information to the first target access gateway and the second target access gateway;

In the embodiment of the application, in an SD-WAN network, SAG and cloud access gateway may be configured through an SD-WAN controller, a communication tunnel is established between SAG and cloud access gateway, and between cloud access gateway and cloud access gateway, and meanwhile, communication quality of a communication link may be included in the SD-WAN controller between SAG and cloud access gateway on time, and negative feedback is provided, so that the SD-WAN controller may adjust an access point of SAG, routing of the communication link, and the like as needed.

As shown in fig. 2, which shows a schematic diagram of an SD-WAN architecture in the embodiment of the present application, an SD-WAN controller may be communicatively connected with at least one SAG, which may include a physical device and a software client, and with at least one cloud access gateway. After the user terminal accesses the internet through the SAG, a communication connection request can be sent to the SD-WAN controller, a request for connection with the cloud access gateway is sent to the SD-WAN controller, and after the SAG is authenticated, the SD-WAN controller can send a gateway list of the cloud access gateway to the SD-WAN controller. Optionally, the gateway list may include communication addresses, i.e., IP (Internet Protocol) information, of respective cloud access gateways in the SD-WAN.

After the SAG obtains the gateway list, link quality detection can be performed on each cloud access gateway in the list according to IP information in the list, communication conditions between the SAG and each cloud access gateway are determined, such as whether the IP can be connected or not, whether communication is delayed or not and the like, then a gateway detection result is generated, and the gateway detection result is sent to the management server. The management server can select a target cloud access gateway for the SAG from the gateway list according to a configuration strategy according to a gateway detection result, determine communication configuration information for the SAG and the target cloud access gateway, and then respectively send the communication configuration information to the SAG and the target cloud access gateway, so that the SAG and the target cloud access gateway can establish communication connection according to the communication configuration information.

In an example, the gateway detection result sent by the SAG may include a link quality detection result for each cloud access gateway, for example, as shown in table 1:

cloud access gateway	Access IP	Time delay
			Cloud access gateway (1)	1	Is low in
Cloud access gateway 2	1	Height of
			Cloud access gateway (c)	0	Is free of

TABLE 1

And if the access IP information is set to be 1, the IP of the cloud access gateway can be communicated, and 0, the IP of the cloud access gateway cannot be communicated, the SD-WAN controller can select the cloud access gateway with lower time delay from the cloud access gateways which can be communicated as the target cloud access gateway of the target SAG.

It should be noted that, the embodiment of the present application includes but is not limited to the foregoing example, and a person skilled in the art may also allocate a cloud access gateway through other configuration policies under the guidance of the idea of the embodiment of the present application, which is not limited in the present application.

In this embodiment of the application, after the SD-WAN controller determines a target cloud access gateway from a plurality of cloud access gateways, a target gateway identifier of the target cloud access gateway and tunnel information for the target SAG and the target cloud access gateway may be obtained, and then, the target gateway identifier and the tunnel identifier are used to generate first communication configuration information for the target SAG, and the tunnel information is used as second communication configuration information for the target cloud access gateway, and then, the first communication configuration information is sent to the target SAG, and the second communication configuration information is sent to the target cloud access gateway, so that the target SAG and the target cloud access gateway establish a corresponding communication link.

In a specific implementation, the tunnel information may include at least one of a tunnel identifier, a protocol type, a forward error correction identifier, a security indication identifier, and a key matching the security indication identifier. After the SD-WAN controller determines the cloud access gateway allocated to the SAG according to the allocation policy, it may issue information such as a tunnel identifier, a protocol type (including TCP or UDP, etc.), a forward error correction identifier, a security indication identifier, and a key matched with the security indication identifier to the target cloud access gateway, and for the target SAG, the SD-WAN controller needs to issue the gateway identifier of the target cloud access gateway together with the tunnel information to the target SAG.

The FEC (Forward Error Correction, Forward Error Correction code) identifier is used to indicate whether to start FEC (Forward Error Correction, Forward Error Correction code), packet loss is inevitable in the data transmission process, the problem of packet loss in the data transmission process can be solved well by introducing a Forward Error Correction mechanism, the FEC can insert a redundant packet when a sending end sends a data packet, and when data received by a receiving end has a certain amount of packet loss (the number of packet loss is not greater than that of the redundant packet), all data packets can be restored.

The security indication mark can indicate whether to start the encryption mode, the security indication mark can be represented by a bit, if the value is 1, the encryption and decryption of the communication link are enabled; if the value is 0, it indicates that encryption or decryption of the communication link is not enabled. Of course, the security indicator may also indicate whether the communication link enables encryption or decryption by other characters.

Optionally, after the target SAG and the target cloud access gateway establish the communication tunnel link, the target SAG and the target cloud access gateway may feed back a communication quality message to the SD-WAN controller in time, so that the SD-WAN controller adjusts an access point of the SAG and routing of the communication tunnel link as needed.

Specifically, the SD-WAN controller can acquire a communication quality message sent by the target SAG, and then determines a new target cloud access gateway from the cloud access gateway according to the communication quality message so as to reestablish a communication tunnel link between the target SAG and the cloud access gateway, so that the SD-WAN controller can flexibly adjust the communication tunnel link between the SAG and the cloud access gateway and check an abnormal communication link under the condition that the communication quality does not meet the condition, thereby not only ensuring the stability of communication, but also being beneficial to checking and processing communication abnormality, reducing the maintenance cost of a gateway side and greatly improving the communication quality of the SD-WAN.

In one example, the communication quality message may include a packet loss rate, and when the packet loss rate is greater than or equal to a preset threshold, the SD-WAN controller may determine a new target cloud access gateway from the cloud access gateways.

In another example, the communication quality message may include time delay information, and when the time delay information is greater than or equal to a preset threshold, the SD-WAN controller may determine a new target cloud access gateway from the cloud access gateways.

Optionally, for the establishment process of the communication tunnel link between the cloud access gateway and the cloud access gateway, reference may be made to the establishment process of the SAG and the cloud access gateway, which is not described herein again.

Referring to fig. 3, a flowchart illustrating steps of a second embodiment of a communication method of a device according to the present application is shown, and is applied to a first access gateway, where the first access gateway is communicatively connected to a management controller, and the management controller is communicatively connected to at least one second access gateway, where the method specifically includes the following steps:

step 301, acquiring a communication address of the second access gateway sent by the management server;

step 302, according to the communication address, the second access gateway performs link quality detection and generates a gateway detection result for the second access gateway;

step 303, sending the gateway detection result to the management server, and acquiring communication configuration information aiming at the gateway detection result sent by the management server;

step 304, according to the communication configuration information, determining a second target access gateway, and establishing a communication connection with the second target access gateway.

In the embodiment of the application, in an SD-WAN network, SAG and cloud access gateway may be configured through an SD-WAN controller, a communication tunnel is established between SAG and cloud access gateway, and between cloud access gateway and cloud access gateway, and meanwhile, communication quality of a communication link may be included in the SD-WAN controller between SAG and cloud access gateway on time, so that negative feedback is improved, and the SD-WAN controller may adjust an access point of SAG, routing of the communication link, and the like as needed.

As shown in fig. 2, which shows a schematic diagram of an SD-WAN architecture in the embodiment of the present application, an SD-WAN controller may be communicatively connected with at least one SAG, which may include a physical device and a software client, and with at least one cloud access gateway. After the user terminal accesses the internet through the SAG, a communication connection request can be sent to the SD-WAN controller, a request for connection with the cloud access gateway is sent to the SD-WAN controller, and after the SAG is authenticated, the SD-WAN controller can send a gateway list of the cloud access gateway to the SD-WAN controller. Optionally, the gateway list may include communication addresses, i.e., IP information, of the respective cloud access gateways in the SD-WAN.

In one example, when the SAG is a software client installed on the user terminal, the SAG may generate a communication request message in response to a user operation acting on the user terminal, and transmit the communication request message to the SD-WAN controller so that the SD-WAN controller allocates a communication tunnel link for the SAG according to the communication request message.

In another example, when the SAG is a physical device, the SAG may generate a communication request message in response to a user operation acting on the hardware device, and then transmit the communication request message to the SD-WAN controller so that the SD-WAN controller allocates a communication tunnel link for the SAG according to the communication request message.

After the SAG obtains the gateway list, link quality detection can be performed on each cloud access gateway in the list according to IP information in the list, communication conditions between the SAG and each cloud access gateway are determined, such as whether the IP can be connected or not, whether communication is delayed or not and the like, then a gateway detection result is generated, and the gateway detection result is sent to the management server. The management server can select a target cloud access gateway for the SAG from the gateway list according to a configuration strategy according to a gateway detection result, determine first communication configuration information for the SAG and second communication configuration information for the target cloud access gateway, then send the first communication configuration information to the SAG, and send the second communication configuration information to the target cloud access gateway, so that communication connection can be established between the SAG and the target cloud access gateway according to the communication configuration information.

In a specific implementation, the first communication configuration information may include a target gateway identifier and tunnel information, and the tunnel information may include at least one of a tunnel identifier, a protocol type, a forward error correction identifier, a security indication identifier, and a key matching the security indication identifier. The SAG can determine a target cloud access gateway corresponding to the target gateway identifier, and then initiate authentication to the target cloud access gateway by adopting the tunnel information to establish communication connection with the target cloud access gateway.

Specifically, the SAG may generate a connection request message for the target cloud access gateway, determine a communication tunnel link corresponding to the tunnel identifier, send the connection request message to the target cloud access gateway through the communication tunnel link according to the protocol type, receive a first response message for the connection request message returned by the target cloud access gateway, determine a second response message for the first response message, send the second response message to the target cloud access gateway, and establish communication connection with the target cloud access gateway.

In an example, the first response message may include a first timestamp, a first IP address of the target cloud access gateway, and first port information, and the target cloud access gateway may generate a "timestamp & IP & port" character string by using the first timestamp, the first IP address, and the first port information, place the character string in payload, and send the message to the SAG. After the SAG receives the message, the first timestamp, the first IP address of the target cloud access gateway and the first port information can be obtained through analysis, then the timestamp is added with one to obtain a second timestamp, the second IP address of the SAG and the second port information are adopted to generate a 'timestamp & IP & port & MD 5' character string, the character string is placed into payload, and a response message is sent to the target cloud access gateway. MD5 may be composed of, among other things, a second timestamp, a second IP address, second port information, and a key.

When the target cloud access gateway receives the response message, a second timestamp, a second IP address, second port information and a message MD5 value are analyzed, then the current timestamp is obtained, the second timestamp is verified, if the difference value between the current timestamp and the second timestamp is smaller than 2, the second timestamp, the second IP address, the second port information and a key are adopted, a target MD5 value is calculated, when the target MD5 value is equal to the message MD5 value in the response message, the target cloud access gateway can generate an identifier corresponding to the SAG in the session table, and the second IP address and the second port information of the SAG are updated in the session table according to the identifier, so that the IP address and the port information in the session table can be used in the subsequent communication process of the SAG and the target cloud access gateway.

Optionally, after the SAG establishes a communication tunnel link with the target cloud access gateway, a communication detection message for the target cloud access gateway may be acquired, and then the communication detection message is sent to the target cloud access gateway through the communication tunnel link, and communication quality information for the detection message sent by the target cloud access gateway is acquired, and then the communication quality information is sent to the SD-WAN controller.

Specifically, the SAG may perform in-band detection on the communication tunnel link, and may evaluate whether the quality of the current communication tunnel link meets the requirement of the communication quality through the in-band detection, so that after the in-band detection is completed, the SAG may send the communication quality information of the current communication tunnel link to the SD-WAN controller, so that the SD-WAN controller may adjust an access point of the SAG and route selection of the communication tunnel link as needed.

Optionally, when the security indication identifier in the tunnel information indicates an encryption mode, the SAG may encrypt, with a key, the first data frame sent to the target cloud access gateway to generate a second data frame, and then send the encrypted data frame to the target cloud access gateway through the communication tunnel link. After receiving the second data frame, the target cloud access gateway can decrypt the second data frame by adopting the secret key to obtain the first data frame, so that the SD-WAN communication quality is guaranteed, and meanwhile, the security of data is guaranteed by encrypting the data frame to and from.

In addition, the FEC (Forward Error Correction, Forward Error Correction code) flag is used to indicate whether to start FEC (Forward Error Correction, Forward Error Correction code), packet loss is inevitable in the data transmission process, the problem of packet loss in the data transmission process can be solved well by introducing a Forward Error Correction mechanism, the FEC can insert a redundant packet when the sending end sends a data packet, and when the receiving end receives data with a certain amount of packet loss (the number of packet loss is not greater than the number of redundant packets), all data packets can also be recovered.

When the forward error correction flag indicates that the forward error correction mode is started, the SAG may generate a redundant packet for a third data frame transmitted to the target cloud access gateway, and then transmit the third data frame and the redundant packet to the target cloud access gateway through the communication tunnel link. After the target cloud access gateway receives the third data frame and the redundant packet, if the packet loss number is smaller than that of the redundant packet, the third data frame can be obtained by restoring according to the redundant packet, so that the data transmission accuracy can be ensured by starting the FEC.

In this embodiment, the method may be applied to an SD-WAN, where the SD-WAN may include a management controller, at least one first access gateway, and at least one second access gateway, the first access gateway on a user side may obtain a communication address of the second access gateway sent by the management controller, perform link quality detection on each second access gateway according to the communication address, generate a gateway detection result, send the gateway detection result to the management controller, determine a second target access gateway by the management controller, then obtain communication configuration information issued by the management controller, establish a communication connection with the second target access gateway according to the communication configuration information, and thereby implement data access to the SD-WAN through a communication tunnel link allocated by the management controller.

For the device communication process of the second access gateway in the SD-WAN, reference may be made to the aforementioned SAG communication process, which is not described herein again.

Specifically, referring to fig. 4, a flowchart of steps of a second embodiment of a communication method of a device according to the present application is shown, and is applied to a second access gateway, where the second access gateway is communicatively connected to a management controller, and the management controller is communicatively connected to at least one first access gateway, where the method specifically includes the following steps:

step 401, sending a link quality detection result to a first target access gateway;

step 402, when the link quality detection result indicates that the communication address of the second access gateway meets the communication condition, acquiring communication configuration information sent by the management controller, where the communication configuration information is information generated by the management controller according to the gateway detection result sent by the first target access gateway;

step 403, establishing a communication connection with the first target access gateway according to the communication configuration information.

In an optional embodiment of the present application, the communication configuration information is second communication configuration information, and includes tunnel information, where the tunnel information includes a tunnel identifier and a protocol type, and the establishing a communication connection with the first target access gateway according to the communication configuration information includes:

determining a communication tunnel link corresponding to the tunnel identifier;

determining a first response message for the connection request message;

In an optional embodiment of the present application, the determining a first response message for the connection request message includes:

acquiring a first timestamp, a first IP address and first port information;

In an optional embodiment of the present application, the second response message includes a second timestamp corresponding to the first timestamp, a second IP address and second port information of the first target access gateway, and a message MD5 value corresponding to the second response message; the establishing a communication connection with the first target access gateway by using the second response message includes:

acquiring a current timestamp;

In an optional embodiment of the present application, the tunnel information further includes a security indicator and a key matching with the security indicator, and the method further includes:

acquiring a second data frame sent by the first target access gateway;

In an optional embodiment of the present application, the tunnel information further includes a forward error correction identifier, and the method further includes:

In an optional embodiment of the present application, further comprising:

In the embodiment of the application, the application can be applied to an SD-WAN, where the SD-WAN may include a management controller, at least one first access gateway, and at least one second access gateway, the second access gateway on the cloud end side may acquire communication configuration information sent by the management controller, and establish a communication connection with a first target access gateway according to tunnel information in the communication configuration information, so that a communication link with the first access gateway is established through a communication tunnel link allocated by the management controller, and a user terminal may access data in the cloud end in the SD-WAN.

In order to enable those skilled in the art to better understand the embodiments of the present application, the following description is given by way of an example:

as shown in fig. 5, a schematic diagram of device communication in the embodiment of the present application is shown. A SD-WAN controller, at least one SAG, at least one cloud access gateway, or a cloud access gateway cluster communicatively connected to the SD-WAN controller may be included in the SD-WAN. The SAG may be a hardware device or a software client installed in the user terminal. The communication process between the SD-WAN devices may include:

1. SAG sends an online request to the SD-WAN controller;

2. after the SD-WAN controller is authenticated, an IP list of a cloud access gateway is issued to the SAG;

3. the SAG carries out tcping detection on the IP of each cloud access gateway in the IP list and then sends a detection result to the SD-WAN controller;

4. after the SD-WAN controller receives the detection result, selecting a target cloud access gateway distributed to the SAG according to a distribution strategy;

5. the target cloud access gateway issues tunnel configuration information, which comprises a tunnel identifier, a protocol type (a TCP protocol or a UDP protocol), whether FEC is started or not, whether an encryption mode is started or not and an encryption key;

6. the SD-WAN controller issues target gateway identifications of one or more target cloud access gateways to the SAG, tunnel identifications, protocol types (TCP protocol or UDP protocol), whether to start FEC (forward error correction), whether to start encryption mode and encryption keys;

7. after receiving the communication configuration information sent by the SD-WAN controller, the SAG can use a source port sent by the SD-WAN controller or randomly select the source port to establish a communication link with a target cloud access gateway, specifically, an online request can be initiated firstly, and after the target cloud access gateway is authenticated, communication connection is established;

8. the target cloud access gateway authenticates the SAG, after the SAG and the target cloud access gateway pass the authentication, normal communication can be started, at the moment, the online process is finished, and data interaction is started;

after establishing the communication tunnel link between the SAG and the target cloud access gateway, the communication process between the SAG and the target cloud access gateway may include:

9. the SAG sends an in-band detection message to a target cloud access gateway, and detects the communication quality of a current communication tunnel link;

10. the target cloud access gateway checks whether the IP and the port are consistent with those recorded in the session or not for each message sent from the SAG, and if so, in-band detection is carried out; if not, the authentication process needs to be initiated again;

11. an in-band detection failure;

12. SAG can switch to another protocol type, and initiate in-band detection again, for example, if the first in-band detection adopts TCP protocol, the second in-band detection adopts UDP protocol;

13. is the same as 10, and is not described in detail herein;

14. once again, the in-band detection fails;

15. the SAG may request a new cloud access gateway from the SD-WAN controller;

16. and the SD-WAN controller deletes the prior communication link configuration and re-issues new communication configuration information.

In addition, as shown in fig. 6, which shows a schematic diagram of SAG authentication in an embodiment of the present application, an authentication process of a cloud access gateway for SAG may include:

1. the SAG sends an online request message to a cloud access gateway;

2. the cloud access gateway generates a timestamp to form a character string of the timestamp and a source IP and a source port, the character string is placed in payload, and a challenge message is sent to the SAG; it can be understood that, when the cloud access gateway cannot find the session identifier corresponding to the SAG in the session table, the cloud access gateway sends a challenge message to the SAG, and if the challenge message exists, the cloud access gateway can directly communicate through the IP and the port number recorded in the session;

3. after the SAG receives the challenge message, analyzing to obtain a timestamp, an IP and a port, adding one to the timestamp to form a 'timestamp & IP & port & MD5 (timestamp & IP & port & key)' character string, and sending a challenge response message to the cloud access gateway in the payload;

4. after receiving the challenge response message, the cloud access gateway analyzes a timestamp, an IP (Internet protocol) and a port, calculates a current timestamp, verifies that the timestamp in the current timestamp-message is less than 2, and calculates an MD5 (timestamp & IP & port & key in the message) -MD 5 value in the message;

5. when the conditions are met, the cloud access gateway can update the IP and the port of the SAG into the session, and then the cloud access gateway sends a data message to the SAG to use the IP and the port number in the session;

6. the cloud access gateway can check whether the source IP and the source port are consistent with those in the session or not for each next in-band detection, data message and the like, and if not, resends the challenge message and restarts the authentication process.

The SAG authentication process is started when the SAG is on line for the first time, once the SAG authentication is passed, the cloud access gateway records the source IP and the source port of the SAG in the session and associates the source IP and the source port with the communication tunnel identifier, and once the cloud access gateway receives the source IP and the source port which belong to the communication tunnel identifier and changes, the authentication process is restarted. In the re-authentication process, the cloud access gateway and the SAG still use the source IP and the source port in the original session. Regardless of the data packet or the in-band detection packet, as long as the source IP and the source port are inconsistent with the session, the re-authentication process is triggered.

In addition, in the communication process, when the security indication identifier in the tunnel information indicates an encryption mode, the SAG may encrypt the first data frame sent to the target cloud access gateway by using a key to generate a second data frame, and then send the encrypted data frame to the target cloud access gateway through the communication tunnel link. After receiving the second data frame, the target cloud access gateway can decrypt the second data frame by adopting the secret key to obtain the first data frame, so that the SD-WAN communication quality is guaranteed, and meanwhile, the security of data is guaranteed by encrypting the data frame to and from.

It should be noted that, in the embodiment of the present application, the communication protocol adopted by the communication tunnel link may include two parts, a basic header and a predefined NextProtocol, which are used to establish a communication link tunnel between two devices; another part is an extension part, which can be used to extend the communication tunnel link, and may include but is not limited to: the method comprises the steps of establishing an authentication mode for a tunnel, expanding health inspection capability, expanding tunnel quality detection capability, expanding message prefix error correction capability (FEC), expanding inner-layer encapsulated message types and the like, so that communication links among devices in the SD-WAN are established through a private protocol, on one hand, communication connection protocols between SAG (service access gateway) at a user side and a cloud access gateway and between the cloud access gateway and the cloud access gateway are unified, operation and maintenance complexity is greatly simplified, and expandability of the communication links is improved.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the embodiments. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required of the embodiments of the application.

Referring to fig. 7, a block diagram of a first embodiment of a communication device of an apparatus according to the present application is shown, and is applied to a management controller, where the management controller is communicatively connected to at least one first access gateway and at least one second access gateway, and specifically includes the following modules:

a communication address sending module 701, configured to send a communication address of the second access gateway to a first target access gateway;

a gateway detection result obtaining module 702, configured to obtain a gateway detection result sent by the first target access gateway, where the gateway detection result is obtained by performing, by the first target access gateway, link quality detection on the second access gateway according to the communication address;

a second access gateway determining module 703, configured to determine a second target access gateway from the second access gateways according to the gateway detection result;

a communication configuration information sending module 704, configured to determine communication configuration information for the first target access gateway and the second target access gateway, and send the communication configuration information to the first target access gateway and the second target access gateway;

In an optional embodiment of the present application, the communication configuration information sending module 704 includes:

In an optional embodiment of the present application, the tunnel information includes at least one of a tunnel identifier, a protocol type, a forward error correction identifier, a security indication identifier, and a key matching the security indication identifier.

In an optional embodiment of the present application, the gateway detection result includes a link quality detection result for the second access gateway, and the second access gateway determining module 703 is specifically configured to:

In an optional embodiment of the present application, further comprising:

In an optional embodiment of the present application, the communication quality message includes a packet loss rate, and the second access gateway changing module is specifically configured to:

In an optional embodiment of the present application, the communication quality message includes delay information, and the second access gateway changing module is specifically configured to:

Referring to fig. 8, a block diagram of a second embodiment of a communication device of an apparatus according to the present application is shown, and is applied to a first access gateway, where the first access gateway is communicatively connected to a management controller, and the management controller is communicatively connected to at least one second access gateway, where the second embodiment of the apparatus specifically includes the following modules:

a communication address obtaining module 801, configured to obtain a communication address of the second access gateway sent by the management server;

a link quality detection module 802, configured to perform link quality detection on the second access gateway according to the communication address, and generate a gateway detection result for the second access gateway;

a communication configuration information obtaining module 803, configured to send the gateway detection result to the management server, and obtain the communication configuration information for the gateway detection result sent by the management server;

a communication connection establishing module 804, configured to determine a second target access gateway according to the communication configuration information, and establish a communication connection with the second target access gateway.

In an optional embodiment of the present application, the communication configuration information is first communication configuration information, and includes a target gateway identifier and tunnel information, and the communication connection establishing module 804 includes:

In an optional embodiment of the present application, the tunnel information includes a tunnel identifier and a protocol type, and the communication connection establishing sub-module is specifically configured to:

determining a communication tunnel link corresponding to the tunnel identifier;

In an optional embodiment of the present application, further comprising:

In an optional embodiment of the present application, the tunnel information further includes a security indicator and a key matching with the security indicator, and the apparatus further includes:

In an optional embodiment of the present application, the tunnel information further includes a forward error correction identifier, and the apparatus further includes:

In an optional embodiment of the present application, the link quality detection module is specifically configured to:

In an optional embodiment of the present application, the first access gateway includes a software client, the software client is installed in a user terminal, and the apparatus further includes:

In an optional embodiment of the present application, the first access gateway comprises a physical device, and the apparatus further comprises:

Referring to fig. 9, a block diagram of a third embodiment of a communication device of an apparatus according to the present application is shown, and is applied to a second access gateway, where the second access gateway is communicatively connected to a management controller, and the management controller is communicatively connected to at least one first access gateway, where the third embodiment of the apparatus specifically includes the following modules:

a link quality detection result sending module 901, configured to send a link quality detection result to the first target access gateway;

a communication configuration information obtaining module 902, configured to obtain, when the link quality detection result indicates that the port of the second access gateway meets a communication condition, communication configuration information sent by the management controller, where the communication configuration information is information generated by the management controller according to a gateway detection result sent by the first target access gateway;

a communication connection establishing module 903, configured to establish a communication connection with the first target access gateway according to the communication configuration information.

In an optional embodiment of the present application, the communication configuration information is second communication configuration information, and includes tunnel information, where the tunnel information includes a tunnel identifier and a protocol type, and the communication connection establishing module 903 includes:

In an optional embodiment of the present application, the first response message determining sub-module is specifically configured to:

acquiring a first timestamp, a first IP address and first port information;

In an optional embodiment of the present application, the second response message includes a second timestamp corresponding to the first timestamp, a second IP address and second port information of the first target access gateway, and a message MD5 value corresponding to the second response message; the communication connection establishing submodule is specifically configured to:

acquiring a current timestamp;

In an optional embodiment of the present application, further comprising:

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

An embodiment of the present application further provides an electronic device, including:

one or more processors; and

one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the electronic device to perform the methods of embodiments of the present application.

Embodiments of the present application also provide one or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause the processors to perform the methods of embodiments of the present application.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

As will be appreciated by one of skill in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more machine-readable media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.

The above detailed description is provided for a communication method of a device and a communication apparatus of a device, and a specific example is applied in this document to explain the principle and the implementation of the present application, and the above description of the embodiment is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims

1. A communication method for a device, the method being applied to a management controller, the management controller being in communication connection with at least one first access gateway and at least one second access gateway, the method comprising:

2. The method of claim 1, wherein determining communication configuration information for the first target access gateway and the second target access gateway and sending the communication configuration information to the first target access gateway and the second target access gateway comprises:

3. The method of claim 2, wherein the tunnel information comprises at least one of a tunnel identifier, a protocol type, a forward error correction identifier, a security indicator identifier, and a key matching the security indicator identifier.

4. The method of claim 1, wherein the gateway detection result comprises a link quality detection result for the second access gateway, and wherein determining a second target access gateway from each of the second access gateways according to the gateway detection result comprises:

5. The method of claim 1, further comprising:

6. The method of claim 5, wherein the communication quality message includes a packet loss rate, and wherein determining a new second target access gateway from the second access gateways according to the communication quality message comprises:

7. The method of claim 5, wherein the communication quality message includes latency information, and wherein determining a new second target access gateway from the second access gateways according to the communication quality message comprises:

8. A method of communication for a device, the method being applied to a first access gateway, the first access gateway being communicatively coupled to a management controller, the management controller being communicatively coupled to at least one second access gateway, the method comprising:

9. The method of claim 8, wherein the communication configuration information is first communication configuration information, and includes a target gateway identifier and tunnel information, and wherein determining a second target access gateway and establishing a communication connection with the second target access gateway according to the communication configuration information includes:

10. The method of claim 9, wherein the tunnel information includes a tunnel identifier and a protocol type, and wherein establishing the communication connection with the second target access gateway using the tunnel information includes:

determining a communication tunnel link corresponding to the tunnel identifier;

11. The method of claim 10, further comprising:

and sending the communication quality information to the management controller.

12. The method of claim 10, wherein the tunnel information further comprises a security indicator and a key matching the security indicator, the method further comprising:

acquiring a first data frame aiming at the second target access gateway;

13. The method of claim 10, wherein the tunnel information further comprises a forward error correction flag, the method further comprising:

acquiring a third data frame aiming at the second target access gateway;

14. The method of claim 8, wherein the performing, by the second access gateway, link quality detection according to the communication address and generating a gateway detection result for the second access gateway comprises:

15. The method of claim 8, wherein the first access gateway comprises a software client installed in a user terminal, the method further comprising:

sending the communication request message to the management controller.

16. The method of claim 8, wherein the first access gateway comprises a physical device, the method further comprising:

sending the communication request message to the management controller.

17. A method of communication for a device, the method being applied to a second access gateway, the second access gateway being communicatively coupled to a management controller, the management controller being communicatively coupled to at least one first access gateway, the method comprising:

sending a link quality detection result to a first target access gateway;

when the link quality detection result indicates that the communication address of the second access gateway meets the communication condition, acquiring communication configuration information sent by the management controller, wherein the communication configuration information is information generated by the management controller according to the gateway detection result sent by the first target access gateway;

18. The method of claim 17, wherein the communication configuration information is a second communication configuration information, and includes tunnel information, the tunnel information includes a tunnel identifier and a protocol type, and the establishing a communication connection with the first target access gateway according to the communication configuration information includes:

determining a communication tunnel link corresponding to the tunnel identifier;

determining a first response message for the connection request message;

19. The method of claim 18, wherein the determining the first response message to the connection request message comprises:

acquiring a first timestamp, a first IP address and first port information;

20. The method of claim 19, wherein the second response message comprises a second timestamp for the first timestamp, a second IP address and second port information of the first target access gateway, and a message MD5 value corresponding to the second response message; the establishing a communication connection with the first target access gateway by using the second response message includes:

acquiring a current timestamp;

21. The method of claim 17, wherein the tunnel information further comprises a security indicator and a key matching the security indicator, the method further comprising:

acquiring a second data frame sent by the first target access gateway;

22. The method of claim 17, wherein the tunnel information further comprises a forward error correction flag, the method further comprising:

23. The method of claim 17, further comprising:

24. A communications apparatus for a device, the apparatus being adapted for use with a management controller communicatively coupled to at least one first access gateway and at least one second access gateway, the apparatus comprising:

25. A communications apparatus for a device, the apparatus being adapted for use with a first access gateway, the first access gateway being communicatively coupled to a management controller, the management controller being communicatively coupled to at least one second access gateway, the apparatus comprising:

26. A communications apparatus for a device, the apparatus being adapted for use with a second access gateway, the second access gateway being communicatively coupled to a management controller, the management controller being communicatively coupled to at least one first access gateway, the apparatus comprising:

27. An electronic device, comprising:

one or more processors; and

one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the electronic device to perform the method of any of claims 1-7 or 8-16 or 17-23.

28. One or more machine readable media having instructions stored thereon that, when executed by one or more processors, cause the processors to perform the method of any of claims 1-7 or 8-16 or 17-23.