CN116032538A - Method for distributing clients to access low-delay server based on master control service - Google Patents
Method for distributing clients to access low-delay server based on master control service Download PDFInfo
- Publication number
- CN116032538A CN116032538A CN202211535629.7A CN202211535629A CN116032538A CN 116032538 A CN116032538 A CN 116032538A CN 202211535629 A CN202211535629 A CN 202211535629A CN 116032538 A CN116032538 A CN 116032538A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- service
- information
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for distributing clients to access a low-delay server based on a master control service, which comprises the following steps: the client acquires the local feature code and sends login account information to a main control server; the main control server checks login information; the main control server obtains client region information and telecommunication network information according to client ip information, and obtains service server information close to the client; selecting two service server node information, and synchronizing login information and feature codes of a client to the two service servers; the master control server distributes service server address information to the client and returns token data and a data encryption key to the client; the client preferentially selects one service server to connect; the client performs business data interaction through the token data and the data encryption key. The invention has the beneficial effects that: the logic decoupling of system login and service data interaction is realized, and the possibility that a background service system can be deployed across territories or different telecommunication networks is realized.
Description
Technical Field
The invention belongs to the technical field of network communication, and particularly relates to a method for distributing clients to access a low-delay server based on a master control service.
Background
The C/S architecture is a software system architecture, and typically adopts a two-layer structure, i.e., a Server-Client (Client-Server) structure, in which a front end is a Client and a back end is a Server in a general sense. The client is responsible for completing interaction with a user, such as user interface display, accepting data input, checking the validity of the data, sending a request to the server, receiving a return result, processing application logic and displaying on a page. The server is responsible for data management, e.g., accepting requests from clients, running the DBMS, providing queries and management of databases, and submitting data to clients.
In practical project applications, clients are distributed throughout the provinces due to the landing and popularization of the project, and meanwhile, clients are located in different telecommunication networks, such as mobile networks, communication networks and the like, and sub-area networks constructed by a plurality of network companies scattered around. If a single background service system is adopted, different time delays of client connection of different areas or different networks may occur, which affects the data acquisition efficiency of the client, even the situation that the client interface is blocked and the data loading is slow may occur, and in severe cases, the phenomenon that the background service system cannot be accessed may occur.
Disclosure of Invention
In view of the foregoing, the present invention aims to overcome the above-mentioned drawbacks of the prior art, and proposes a method for allocating clients to access a low-latency server based on a hosting service.
In order to achieve the above purpose, the technical scheme of the invention is realized as follows:
a method for distributing clients to access a low latency server based on a hosting service, comprising the steps of:
s1, starting a client;
s2, the client program acquires the characteristic code of the client, is connected with the main control server, and sends login account information of the client to the main control server;
s3, after receiving the connection information of the client, the master control server performs login information verification, after the verification is passed, the feature code of the client is cached to the redis server, and the access record of the client is recorded in the master control server;
s4, the master control server acquires the region information and the telecommunication network information of the client according to the ip information of the client, and acquires the service server information close to the client through a service server list by the master control server through the acquired region information and the telecommunication network information;
s5, the master control server selects two service server node information in the service server cluster, the two service servers are alternative servers, login information and feature codes of the client are synchronized to the two service servers, and legal login requests of the client are notified to the two service servers;
s6, the master control server distributes service server address information to the client, and returns token data and a data encryption key to the client;
s7, the client saves login information of the two business servers;
s8, the client performs network speed measurement on the two service servers, and preferentially selects one service server to connect;
s9, the client performs service data interaction through the token data and the data encryption key returned by the preferred service server, and simultaneously the client uses token data and the data encryption key generated by another alternative server to inform the alternative server to give up access, so that the alternative server releases the service resource of the connection request of the client;
s10, the client performs data interaction with the service server by using token data and a data encryption key of the service server which are preferentially selected, and normal service operation is performed;
s11, exiting the application program and ending.
Further, in step S1, the client is a PC desktop application or an App application based on a mobile terminal.
Further, in step S2, the client and the master server communicate with each other in Https mode, the data content of the communication message is symmetrically encrypted by using the sm4 key randomly generated by the client, and the data of the communication message is encrypted and protected by using the sm2 public key of the master server.
Further, after the master control server performs step S5, the client of the service server performs login initialization, and after the service server obtains the login information of the client, the token data of the client and the communication key of sm4 are generated.
Further, the login information of the service server in step S7 includes the IP address of the service server, the login token data of the service server, and the data encryption sm4 key data.
Further, in step S8, the network speed measurement mode is: and (3) delaying the speed measurement in a ping mode or sending the return time delay of the heartbeat packet to perform network speed measurement, and if the network speed measurement is performed in the heartbeat packet mode, the service server judges whether the client can perform login connection access or not by sending login token data corresponding to the service server and data after sm4 key encryption.
Further, the service server performs data decryption and token verification on the access request, and performs ip blackout on the access request which cannot be decrypted or is abnormal in token for multiple requests.
Compared with the prior art, the invention has the following advantages:
the method for distributing the client to access the low-delay server based on the master control service utilizes a national cryptographic algorithm, combines the thought of token authority control of background service access, improves the defect of a single service system of the C/S background service, realizes logical decoupling of system login and service data interaction after improvement, is respectively realized on different background server systems, enhances timeliness and reliability of data exchange of normal services of the client and the background system service, greatly reduces deployment conditions of the background system service under the C/S architecture in a certain region or a certain network, and realizes the possibility that the background service system can be deployed across regions or different telecommunication networks.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention. In the drawings:
fig. 1 is a flowchart of a method for allocating clients to access a low latency server based on a hosting service according to an embodiment of the present invention.
Detailed Description
It should be noted that, without conflict, the embodiments of the present invention and features of the embodiments may be combined with each other.
The invention will be described in detail below with reference to the drawings in connection with embodiments.
As shown, a method for distributing clients to access a low latency server based on a hosting service, comprising the steps of:
s1, starting a client;
s2, the client program obtains a characteristic code of the client, such as a CPU or a main board serial number, and performs md5 hash operation on the characteristic code to form the characteristic code of the client, and the characteristic code is connected with the main control server to send login account information of the client to the main control server;
s3, after receiving the connection information of the client, the master control server performs login information verification, after the verification is passed, the feature code of the client is cached to the redis server, and the access record of the client is recorded in the master control server;
s4, the master control server acquires the region information and the telecommunication network information of the client according to the ip information of the client, such as province information and telecommunication network parameters, and acquires service server information close to the client through a service server list by the master control server through the acquired region information and the telecommunication network information, such as that the service server and the client are in the same province or the service server and the client are in the same telecommunication operator network, so that the number of route hops of network access is reduced;
s5, the master control server selects two service server node information in a service server cluster, one server is used as a master service server accessed by a client, the other server is used as an alternative access server accessed by the client, the two service servers are alternative servers, login information and feature codes of the client are synchronized to the two service servers, and legal login requests of the clients of the two service servers are notified;
s6, the master control server distributes service server address information to the client, and returns token data and a data encryption key to the client;
s7, the client saves login information of the two business servers;
s8, the client performs network speed measurement on the two service servers, and preferentially selects one service server to connect;
s9, the client performs service data interaction through the token data and the data encryption key returned by the preferred service server, and simultaneously the client uses token data and the data encryption key generated by another alternative server to inform the alternative server to give up access, so that the alternative server releases the service resource of the connection request of the client;
s10, the client performs data interaction with the service server by using token data and a data encryption key of the service server which are preferentially selected, and normal service operation is performed;
s11, exiting the application program and ending.
In step S1, the client is a PC desktop application program, a mobile terminal-based App application program or other client programs based on a C/S architecture.
In the step S2, the client and the main control server communicate in Https mode, the data content of the communication message is symmetrically encrypted by adopting a sm4 key randomly generated by the client, and the communication message data is encrypted and protected by adopting a public key of sm2 of the main control server.
After the master control server performs step S5, the client of the service server performs login initialization, and after the service server obtains the login information of the client, the service server generates token data of the client and a communication key of sm4, and because random parameters exist in the generated token data and the communication key of sm4, the token data and the sm4 generated by the same client by two service servers are different.
In step S6, after finishing step S5, the master control server obtains the login token data and the sm4 key returned by the two service servers, and returns the login token data and the sm4 key to the client.
The login information of the service server in step S7 includes the IP address of the service server, the login token data of the service server, and the data encryption sm4 key data.
In step S8, the network speed measurement mode is: and (3) delaying the speed measurement in a ping mode or sending the return time delay of the heartbeat packet to perform network speed measurement, and if the network speed measurement is performed in the heartbeat packet mode, the service server judges whether the client can perform login connection access or not by sending login token data corresponding to the service server and data after sm4 key encryption.
The service server performs data decryption and token verification on the access request, and performs ip blackout on the access request which cannot be decrypted or is abnormal in token for a plurality of requests. The method prevents the third party from maliciously performing heuristic access and aggressive access to the service server, and the service server can pull in an ip restriction list or refuse access after maliciously judging access connection.
In this embodiment, in order to implement efficient communication of service data between a client and a server, a traditional single back-end service system mode is abandoned, and a login function and a service data exchange function are implemented in different servers, namely, a main control server and a service server, so as to implement a total distribution mode, a 1-N mode and even an M-N mode of a background service.
The communication between the client and the master server adopts the combination of two national encryption algorithms sm4 and sm2, the key of the sm4 algorithm is randomly generated when the client accesses the master server, the data message is encrypted by the sm4 algorithm for the inner layer message of the communication message, and the communication message is encrypted by the sm2 by using the public key provided by the master server.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
Claims (7)
1. A method for distributing clients to access a low latency server based on a hosting service, comprising the steps of:
s1, starting a client;
s2, the client program acquires the characteristic code of the client, is connected with the main control server, and sends login account information of the client to the main control server;
s3, after receiving the connection information of the client, the master control server performs login information verification, after the verification is passed, the feature code of the client is cached to the redis server, and the access record of the client is recorded in the master control server;
s4, the master control server acquires the region information and the telecommunication network information of the client according to the ip information of the client, and acquires the service server information close to the client through a service server list by the master control server through the acquired region information and the telecommunication network information;
s5, the master control server selects two service server node information in the service server cluster, the two service servers are alternative servers, login information and feature codes of the client are synchronized to the two service servers, and legal login requests of the client are notified to the two service servers;
s6, the master control server distributes service server address information to the client, and returns token data and a data encryption key to the client;
s7, the client saves login information of the two business servers;
s8, the client performs network speed measurement on the two service servers, and preferentially selects one service server to connect;
s9, the client performs service data interaction through the token data and the data encryption key returned by the preferred service server, and simultaneously the client uses token data and the data encryption key generated by another alternative server to inform the alternative server to give up access, so that the alternative server releases the service resource of the connection request of the client;
s10, the client performs data interaction with the service server by using token data and a data encryption key of the service server which are preferentially selected, and normal service operation is performed;
s11, exiting the application program and ending.
2. A method of assigning clients to access a low latency server based on a hosting service as recited in claim 1, wherein: in step S1, the client is a PC desktop application or an App application based on a mobile terminal.
3. A method of assigning clients to access a low latency server based on a hosting service as recited in claim 1, wherein: in the step S2, the client and the main control server communicate in Https mode, the data content of the communication message is symmetrically encrypted by adopting a sm4 key randomly generated by the client, and the communication message data is encrypted and protected by adopting a public key of sm2 of the main control server.
4. A method of assigning clients to access a low latency server based on a hosting service as recited in claim 1, wherein: after the main control server performs step S5, the client of the service server performs login initialization, and after the service server obtains the login information of the client, the service server generates token data of the client and a communication key of sm 4.
5. The method for assigning clients to access the low-latency server based on the hosting service of claim 4, wherein the method further comprises: the login information of the service server in step S7 includes the IP address of the service server, the login token data of the service server, and the data encryption sm4 key data.
6. The method for assigning clients to access to low-latency servers based on master services according to claim 5, wherein in step S8, the network speed measurement method is as follows: and (3) delaying the speed measurement in a ping mode or sending the return time delay of the heartbeat packet to perform network speed measurement, and if the network speed measurement is performed in the heartbeat packet mode, the service server judges whether the client can perform login connection access or not by sending login token data corresponding to the service server and data after sm4 key encryption.
7. A method of assigning clients to access a low latency server based on a hosting service as recited in claim 1, wherein: the service server performs data decryption and token verification on the access request, and performs ip blackout on the access request which cannot be decrypted or is abnormal in token for a plurality of requests.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211535629.7A CN116032538A (en) | 2022-12-02 | 2022-12-02 | Method for distributing clients to access low-delay server based on master control service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211535629.7A CN116032538A (en) | 2022-12-02 | 2022-12-02 | Method for distributing clients to access low-delay server based on master control service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116032538A true CN116032538A (en) | 2023-04-28 |
Family
ID=86074949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211535629.7A Pending CN116032538A (en) | 2022-12-02 | 2022-12-02 | Method for distributing clients to access low-delay server based on master control service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116032538A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116980231A (en) * | 2023-09-19 | 2023-10-31 | 成都交大光芒科技股份有限公司 | Double-link redundancy safety communication method and device |
-
2022
- 2022-12-02 CN CN202211535629.7A patent/CN116032538A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116980231A (en) * | 2023-09-19 | 2023-10-31 | 成都交大光芒科技股份有限公司 | Double-link redundancy safety communication method and device |
| CN116980231B (en) * | 2023-09-19 | 2023-11-28 | 成都交大光芒科技股份有限公司 | Double-link redundancy safety communication method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108683747B (en) | Resource obtaining, distributing and downloading method, device, equipment and storage medium | |
| US11115418B2 (en) | Registration and authorization method device and system | |
| CN110808989B (en) | HTTPS acceleration method and system based on content distribution network | |
| US10893032B2 (en) | Encryption key management system for cloud services | |
| CN107517179B (en) | Authentication method, device and system | |
| CN109327481B (en) | Block chain-based unified online authentication method and system for whole network | |
| US8621655B2 (en) | Enforcing single stream per sign-on from a content delivery network (CDN) media server | |
| CN111327637B (en) | Service key management method and system | |
| US20040039925A1 (en) | Key management | |
| US8046826B2 (en) | Resource server proxy method and system | |
| US20050216473A1 (en) | P2P network system | |
| JP2017519269A5 (en) | ||
| US8434156B2 (en) | Method, access node, and system for obtaining data | |
| CN109756337B (en) | Secure access method and device for service interface | |
| CN102263828A (en) | Load balanced sharing method and equipment | |
| WO2021057348A1 (en) | Server security defense method and system, communication device, and storage medium | |
| CN106936945B (en) | Distributed domain name resolution method and device | |
| CN115189913B (en) | Data message transmission method and device | |
| CN112948842A (en) | Authentication method and related equipment | |
| CN105282624A (en) | Desktop cloud video play processing method and device | |
| CN116032538A (en) | Method for distributing clients to access low-delay server based on master control service | |
| CN110138765B (en) | Data processing method, data processing device, computer equipment and computer readable storage medium | |
| CN111988262B (en) | Authentication method, authentication device, server and storage medium | |
| CN109743357B (en) | Method and device for realizing service access continuity | |
| CN111866993B (en) | Wireless local area network connection management method, device, software program and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |