CN106027356A - Tunnel identifier conversion method and device - Google Patents
Tunnel identifier conversion method and device Download PDFInfo
- Publication number
- CN106027356A CN106027356A CN201610523935.7A CN201610523935A CN106027356A CN 106027356 A CN106027356 A CN 106027356A CN 201610523935 A CN201610523935 A CN 201610523935A CN 106027356 A CN106027356 A CN 106027356A
- Authority
- CN
- China
- Prior art keywords
- node
- address
- tunnel identifier
- identification
- vpn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a tunnel identifier conversion method and device. The method comprises the following steps of: receiving a control message from VPN equipment, wherein an IP address of the VPN equipment and a first tunnel identifier are carried in the control message; obtaining an equipment identifier corresponding to the IP address of the VPN equipment, and obtaining a node identifier of the smallest available node according to a pre-set rule; obtaining a second tunnel identifier according to the equipment identifier and the node identifier; and replacing the first tunnel identifier in the control message by the second tunnel identifier, and forwarding the control message to a client side. Due to application of the embodiment, for different VPN equipment, even the first tunnel identifiers appointed by two client sides are same, the obtained second tunnel identifiers are also different because both the equipment identifier and the node identifier are different; therefore, the two client sides can be distinguished by load balancing equipment; and thus, normal services of the client sides can be ensured.
Description
Technical field
The application relates to network communication technology field, particularly relates to conversion method and the device of a kind of Tunnel Identifier.
Background technology
VPN (Virtual Private Network, VPN (virtual private network)) equipment is for setting up in common network
Dedicated network, is encrypted communication.In actual applications, the demand the most online for meeting multiple client,
Need to use multiple stage VPN device, when client accesses vpn service, access request message is sent extremely
Load-balancing device, load-balancing device is the access request message distribution VPN device of client, and should
Access request message is sent in the VPN device of distribution, and this VPN device is the distribution of this access request message
Tunnel Identifier, and this Tunnel Identifier is returned to client by load-balancing device, load-balancing device will
This Tunnel Identifier adds to facility information IP (the Internet Protocol Internet protocol) address of VPN device
In list item, thus, load-balancing device is receiving the business carrying this Tunnel Identifier that client sends
During message, obtain the IP address device information of VPN device corresponding to this Tunnel Identifier, and by this service message
Sending to VPN device corresponding to this facility information, this service message is forwarded to server by VPN device again
On, thus client realizes the access of vpn service.
But, owing to the scope of Tunnel Identifier assignable in all VPN device is the most identical, two VPN
Equipment may be that two clients distribute same Tunnel Identifier, and load-balancing device only records last
The facility information of VPN device and the corresponding relation of Tunnel Identifier, so, the business that the two client sends
Message all can be supported balancing equipment and send in the VPN device that the facility information of record is corresponding to list item, and
Cause the service exception of one of them client.
Summary of the invention
In view of this, the application provides conversion method and the device of a kind of Tunnel Identifier, to solve existing access
Mode can cause the problem that client traffic is abnormal.
First aspect according to the embodiment of the present application, it is provided that the conversion method of a kind of Tunnel Identifier, described method
Being applied on load-balancing device, described method includes:
Receiving the control message from VPN device, described control message carries the IP of described VPN device
Address and the first Tunnel Identifier;
Obtain the device identification that the IP address of described VPN device is corresponding, and obtain I according to preset rules
With the node identification of node;
Described device identification and described node identification is utilized to obtain the second Tunnel Identifier;
Described second Tunnel Identifier is utilized to replace the first Tunnel Identifier in described control message, and by described control
Message processed is forwarded in client.
Second aspect according to the embodiment of the present application, it is provided that the conversion equipment of a kind of Tunnel Identifier, described device
Being applied on load-balancing device, described device includes:
Receiving unit, for receiving the control message from VPN device, described control message carries described
The IP address of VPN device and the first Tunnel Identifier;
Acquiring unit, for obtaining the device identification that the IP address of described VPN device is corresponding, and according to presetting
The node identification of Rule minimum enabled node;
Obtain unit, be used for utilizing described device identification and described node identification to obtain the second Tunnel Identifier;
Replacement unit, for utilizing described second Tunnel Identifier to replace the first tunnel mark in described control message
Know;
Retransmission unit, for being forwarded to client by described control message.
Application the embodiment of the present application, load-balancing device when receiving the control message from VPN device,
Obtain and control message and carry the device identification that the IP address of VPN device is corresponding, and obtain according to preset rules
The node identification of little enabled node, then recycles this device identification and this node identification obtains the second tunnel mark
Know, and utilize this second Tunnel Identifier to replace the first Tunnel Identifier carried in this control message, and by this control
Message processed is forwarded in client.Based on above-mentioned implementation, owing to load-balancing device is by utilizing equipment
Mark and node identification obtain the second Tunnel Identifier, for different VPN device, even if being two clients
The first Tunnel Identifier specified is identical, owing to device identification and node identification are the most different, and the second tunnel obtained
Mark is also different, thus, this two client can utilize the second different Tunnel Identifiers to load-balancing device
Sending service message, load-balancing device can distinguish this two client by the second different Tunnel Identifiers
The IP address of corresponding VPN device and the first Tunnel Identifier, and replace the second tunnel mark with the first Tunnel Identifier
Know, and service message is sent in the VPN device of IP address sensing of this VPN device, it is ensured that visitor
The business of family end is normal.
Accompanying drawing explanation
Fig. 1 is the application conversion application scenarios figure according to a kind of Tunnel Identifier shown in an exemplary embodiment;
Fig. 2 is the application enforcement according to the conversion method of a kind of Tunnel Identifier shown in an exemplary embodiment
Example flow chart;
Fig. 3 is the application hardware structure diagram according to a kind of load-balancing device shown in an exemplary embodiment;
Fig. 4 is the application enforcement according to the conversion equipment of a kind of Tunnel Identifier shown in an exemplary embodiment
Example structure chart.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following retouches
Stating when relating to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.
Embodiment described in following exemplary embodiment does not represent all embodiment party consistent with the application
Formula.On the contrary, they only with describe in detail in appended claims, the application some in terms of mutually one
The example of the apparatus and method caused.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting this
Application." a kind of ", " described " of singulative used in the application and appended claims and
" it is somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.It is also understood that
Term "and/or" used herein refer to and comprise any of one or more project of listing being associated or
Likely combine.
Although should be appreciated that may use term first, second, third, etc. to describe various letter in the application
Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information district each other
Separately.Such as, in the case of without departing from the application scope, the first information can also be referred to as the second information,
Similarly, the second information can also be referred to as the first information.Depend on linguistic context, word as used in this
" if " can be construed to " ... time " or " when ... time " or " in response to determining ".
Fig. 1 is the application conversion application scenarios figure according to a kind of Tunnel Identifier shown in an exemplary embodiment,
Fig. 1 includes that client, load-balancing device, multiple stage VPN device (list 3 VPN to set in figure
Standby), server.Wherein, described client can be PC (Personal Computer, personal computer),
Mobile phone, tablet device etc., access server, with reality for the Tunnel Identifier utilizing VPN device to be its distribution
Existing vpn service accesses;Described load-balancing device can be fire wall, for by the flow of all clients
It is dispatched in different VPN device, to alleviate the pressure of VPN device;The quantity of described VPN device can
Arrange with the quantity according to client, for distributing Tunnel Identifier for client, and by taking that client sends
Service message with this Tunnel Identifier is forwarded to server.
In the prior art, such as, when client 1 and client 2 need to access vpn service, client
1 and client 2 send access request message 1 and access request message 2, load to load-balancing device respectively
Balancing equipment utilizes load balance scheduling algorithm to distribute VPN for access request message 1 and access request message 2
Equipment, it is assumed that access request message 1 distribution is VPN device 1, access request message 2 distribution is VPN
Equipment 2, access request message 1 is forwarded in VPN device 1 by load-balancing device, by access request report
Literary composition 2 is forwarded to VPN device 2, VPN device 1 and VPN device 2 according to the access request report received
Literary composition, is authenticated, after the authentication has been successful, for client the information accessing the client carried in request message
End distribution Tunnel Identifier, it is assumed that VPN device 1 distributes Tunnel Identifier 1 for client 1, and VPN device 2 is
Client 2 is also assigned with Tunnel Identifier 1, when responding (alternatively referred to as controlling message) to client,
The response that VPN device 1 returns first passes through load-balancing device, through negative after the response that VPN device 2 returns
Carry balancing equipment, thus in the list item of load-balancing device final entry be Tunnel Identifier 1 and VPN device
The facility information of 2, after client 1 and client 2 receive response, all can send to load-balancing device
Carrying the service message of Tunnel Identifier 1, load-balancing device utilizes Tunnel Identifier 1 to get the VPN of correspondence
The facility information of equipment 2, and the service message of client 1 and client 2 is all forwarded to VPN device 2
On, owing to described client 1 is not authenticated in VPN device 2, so when VPN device 2 connects
Will not process when receiving the service message of client 1 transmission, cause the service exception of client 1.
In the embodiment of the present application, when load-balancing device receive VPN device return response (referred to below as
For controlling message) time, first obtain the device identification that the IP address of this VPN device is corresponding, and according to presetting
The node identification of Rule minimum enabled node, by the tunnel utilizing device identification and node identification to generate
Mark replaces the Tunnel Identifier controlled in message, to avoid different VPN device for different client distribution phases
Same Tunnel Identifier, causes the problem that client traffic is abnormal.
Fig. 2 is the application enforcement according to the conversion method of a kind of Tunnel Identifier shown in an exemplary embodiment
Example flow chart, in the embodiment of the present application, when client carries out vpn service access, with VPN device
Be alternately based on L2TP (Layer 2Tunneling Protocol, Level 2 Tunnel Protocol) carry out mutual,
Owing to L2TP supports to use between two-end-point Multiple tunnel, therefore, client can utilize Tunnel Identifier to pass through
VPN device carries out vpn service access.As in figure 2 it is shown, this embodiment is applied on load-balancing device,
Comprise the following steps:
Step 201: receiving the control message from VPN device, this control message carries VPN device
IP address and the first Tunnel Identifier.
Before performing step 201, client, when accessing vpn service, can send to load-balancing device
Access request, load-balancing device passes through load balance scheduling algorithm (such as, Weight Round Robin algorithm)
Distribute VPN device for this access request, then this access request be sent in the VPN device of distribution,
Then VPN device is that the access request of this client specifies a first available Tunnel Identifier, and by this
One Tunnel Identifier sends to load-balancing device.
It follows that load-balancing device can receive the control message from VPN device, and this control
Message carries the IP address of the first Tunnel Identifier and VPN device.Wherein, the source IP of this control message
Address is the IP address of this VPN device.
The process of a first available Tunnel Identifier is specified for the access request that VPN device is this client,
In one example, the access request of this client can be carried expectation Tunnel Identifier, therefore VPN device
Can first obtain the expectation Tunnel Identifier carried in access request, if the tunnel that this expectation Tunnel Identifier points to is not
Available, then VPN device reassigns a tunnel that can carry out business transmission, this tunnel be designated the
One Tunnel Identifier;If the tunnel that this expectation Tunnel Identifier points to can be used, then VPN device is by this expectation tunnel mark
Know as the first Tunnel Identifier.In another example, VPN device can be directly the access of this client
A first available Tunnel Identifier is specified in request.
Step 202: obtain the device identification that the IP address of this VPN device is corresponding, and obtain according to preset rules
Take the node identification of minimum enabled node.
Before performing step 202, load-balancing device can obtain institute from default VPN device cluster
There is the quantity of VPN device, and utilize this quantity to determine the labelling figure place of device identification, the most again for each
VPN device, is that this VPN device is numbered according to changing labelling figure place, and this numbering is defined as this VPN
The device identification of equipment, finally adds the IP address of this VPN device and this device identification to address and mark
In corresponding table.
Wherein, the VPN device cluster preset refers to all VPN device being connected with load-balancing device,
And record has the IP address of all VPN device in VPN device cluster;The device identification of VPN device can
With numeral, it is also possible to be character, it is also possible to be the combination of numeral and character, say as a example by numeral below
Bright, such as, the quantity of the VPN device in VPN device cluster is 7, due under normal circumstances, at meter
Storing numeral in calculation machine is to store in binary form, thus may determine that the labelling figure place of device identification
Be 3, i.e. can respectively by numbered for 7 VPN device 000 (numeral 0), 001 (numeral 1), 010
(numeral 2), 011 (numeral 3), 100 (numerals 4), 101 (numerals 5), 110 (numerals 6), such as table
Shown in 1, for a kind of exemplary address and the corresponding table of mark.
| The IP address of VPN device | Device identification |
| IP0 | 000 |
| IP1 | 001 |
| IP2 | 010 |
| IP3 | 011 |
| IP4 | 100 |
| IP5 | 101 |
| IP6 | 110 |
Table 1
For the process of device identification corresponding to IP address obtaining this VPN device, load-balancing device is permissible
Utilize IP address search address and the corresponding table of mark of this VPN device, and obtain IP of this VPN device
The device identification that location is corresponding.As described in Table 1, such as, the IP address of VPN device is IP1, then permissible
The device identification getting correspondence is 001.
For the process of the node identification obtaining minimum enabled node according to preset rules, load-balancing device can
To obtain the address of minimum enabled node from array linked list, then the address obtaining this minimum enabled node refers to
To the node identification that recorded of node.
For the process of the address obtaining minimum enabled node from array linked list, load-balancing device can be by
The address of the next enabled node that the first node in array linked list is recorded as the address of minimum enabled node,
And utilize the address of next enabled node that this minimum enabled node recorded to replace first node to be recorded down
The address of one enabled node.
Wherein, this array linked list includes N number of node, and in each node, record has this node identification and the next one
The address of enabled node, described N is marker bit side, this node identification for several times of the node identification of default value
Can be the numeral numbering of array linked list interior joint, i.e. the subscript of array linked list, due to computer generally with two
Binary form storage numeral, therefore, default value is 2, and the nodes of array linked list is the node identification of 2
Marker bit side for several times, the labelling figure place of this node identification is by the labelling figure place of the second Tunnel Identifier and device identification
Labelling figure place determine.
For the labelling figure place of this node identification by the labelling of the labelling figure place of the second Tunnel Identifier Yu device identification
The process that figure place determines, the second Tunnel Identifier is by presetting marker bit array one-tenth, the labelling figure place of this node identification
Difference for this default labelling figure place Yu the labelling figure place of device identification.Wherein, due to tunnel in L2TP agreement
Mark is formed for bit number by 16, and therefore this default labelling figure place can be 16, such as, the mark of device identification
Note figure place is 3, then the labelling figure place of this node identification is 16-3=13.
Below with the acquisition process of an example explanation node identification, such as, the first node institute in array linked list
The address of the enabled node of record is the 4th address of node, and this node identification is 0,000 0,000 0000
0 (numeral 0), then the node identification that the node of the 4th address of node sensing is recorded is 0,000 0000
0001 1 (numerals 3), represent that node identification 1 and node identification 2 are by with, the most minimum enabled node
Node identification be 0,000 0,000 0,001 1, and, load-balancing device can utilize the 4th node institute record
The address of next enabled node, i.e. the 5th address of node, replace that first node is recorded the 4th
Address of node, when load-balancing device obtains the node identification of minimum enabled node the most again, can obtain
Get the node identification 0,000 0,000 0,010 0 (numeral 4) of the 5th node.
Step 203: utilize this device identification and this node identification to obtain the second Tunnel Identifier.
Specifically, load-balancing device can be according to default built-up sequence, by this device identification and this node mark
Knowledge is combined, and obtains the second Tunnel Identifier.
Wherein, this default built-up sequence can be device identification front, node identification is rear, it is also possible to be to set
Standby mark is rear, and node identification, front, does not the most limit.
Illustrating with an example below, such as, device identification is front, and node identification is rear, and VPN sets
The standby 1 control message 1 returned for client 1, the control report that VPN device 2 returns for client 2
The first Tunnel Identifier that literary composition 2, control message 1 and control message 2 carry is 0,010 0,000 0,010 1101
(numeral 45), it is assumed that for controlling message 1, load-balancing device gets the node mark of minimum enabled node
Knowledge is 0,000 0,000 0,001 1, and the device identification of VPN device 1 is 001;For controlling message 2, obtain
Node identification to minimum enabled node is 0,000 0,000 0,010 0, and the device identification of VPN device 2 is 010,
Thus, the second Tunnel Identifier obtaining controlling message 1 is 0,010 0,000 0,000 0011, controls message 2
Second Tunnel Identifier is 0,100 0,000 0,000 0100.
Described from step 201 to step 203, for different VPN device, even if specify first
Tunnel Identifier is identical, and owing to its device identification is different, and the node identification got is the most different, therefore bears
The second Tunnel Identifier that load balancing equipment utilizes device identification and node identification to obtain is also the most different, such that
Making two clients be assigned to the first identical Tunnel Identifier, the second Tunnel Identifier of its correspondence is different, negative
Carry balancing equipment and can also distinguish the corresponding different VPN device of different clients equally.
Step 204: utilize this second Tunnel Identifier to replace the first Tunnel Identifier controlled in message, and by this control
Message processed is forwarded in client.
For controlling the process that message is forwarded in client, can carry out turning according to existing forwarding process
Send out, repeat no more.Client is when receiving control message, it is possible to use the second Tunnel Identifier carries out VPN
Operational Visit.
Load-balancing device, can be by the first tunnel before replacing the first Tunnel Identifier with the second Tunnel Identifier
The IP address of mark, the second Tunnel Identifier and VPN device recorded session and keeps in list item, and, negative
Load balancing equipment, after being forwarded in client by this control message, receives the business from this client
Message (forward service message), this service message carries this second Tunnel Identifier, it is possible to use this second tunnel
Road identifier lookup session keeps list item, obtains the first corresponding Tunnel Identifier and the IP address of VPN device, and
Utilize this first Tunnel Identifier to replace the second Tunnel Identifier in this service message, and this service message is sent
In the VPN device that the IP address of this VPN device is pointed to, additionally, VPN device is again by this forward business
Message is forwarded on server, and server returns reverse traffic message for this forward service message to client.
Meanwhile, when load-balancing device receives the reverse traffic message forwarded from this VPN device, profit
Keep list item with the IP address search session of the first Tunnel Identifier and this VPN device, get the second of correspondence
Tunnel Identifier, and replace the first Tunnel Identifier with the second Tunnel Identifier, and this reverse traffic message is forwarded to
In this client.Thus, it is ensured that the business of client is normal.
It should be noted that under normal circumstances, the message direction that user end to server sends " just can be
To ", the message direction that server returns according to the forward message received can be " reversely ".
Need it is further noted that in this array linked list in addition to first node, all right in each node
Record the address of an enabled node, and at this node by with afterwards, will add this joint to by mark
In point, to indicate this node to have been used, when client disconnects vpn service, array linked list can be discharged
In node identification, below the process of release array linked list is described in detail, in order to distinguish description
Convenient, previous address of node that the node having been used is recorded and later address of node, permissible
It is referred to as a upper address of node and the address of next node that this node is recorded.
When load-balancing device receive from client roll off the production line message time, obtain this and roll off the production line what message carried
Second Tunnel Identifier, and obtain corresponding node identification according to default built-up sequence, and from the joint having been used
Point obtains the node that this node identification is corresponding, and deletes the mark of use that this node is recorded.Then judge
The node that upper address of node that this node is recorded is pointed to whether by with, if being not used by, then utilize
On this, the next node that this node is recorded is replaced in the address of the next enabled node that node is recorded
Address, and utilize this address of node to replace the address of next enabled node that a upper node is recorded;
If having been used, then the node having been used for this, continues to judge what this node having been used was recorded
The node that upper address of node is pointed to whether by with, until finding the node being not used by, and with this
The next joint that this node is recorded is replaced in the address of the next enabled node that the node being not used by is recorded
The address of point, and utilize this address of node to replace the next available section that this node being not used by is recorded
The address of point.
Describing based on step 204 and understand, load-balancing device is by node mark in release array linked list
Know, the node in array linked list can be avoided to run out, and the second Tunnel Identifier cannot be obtained.
From above-described embodiment, load-balancing device when receiving the control message from VPN device,
Obtain and control message and carry the device identification that the IP address of VPN device is corresponding, and obtain according to preset rules
The node identification of little enabled node, then recycles this device identification and this node identification obtains the second tunnel mark
Know, and utilize this second Tunnel Identifier to replace the first Tunnel Identifier carried in this control message, and by this control
Message processed is forwarded in client.Based on above-mentioned implementation, owing to load-balancing device is by utilizing equipment
Mark and node identification obtain the second Tunnel Identifier, for different VPN device, even if being two clients
The first Tunnel Identifier specified is identical, owing to device identification and node identification are the most different, and the second tunnel obtained
Mark is also different, thus, this two client can utilize the second different Tunnel Identifiers to load-balancing device
Sending service message, load-balancing device can distinguish this two client by the second different Tunnel Identifiers
The IP address of corresponding VPN device and the first Tunnel Identifier, and replace the second tunnel mark with the first Tunnel Identifier
Know, and service message is sent in the VPN device of IP address sensing of this VPN device, it is ensured that visitor
The business of family end is normal.
Corresponding with the embodiment of the conversion method of aforementioned Tunnel Identifier, present invention also provides Tunnel Identifier
The embodiment of conversion equipment.
The embodiment of the conversion equipment of the application Tunnel Identifier can be applied on load-balancing device.Device is real
Execute example to be realized by software, it is also possible to realize by the way of hardware or software and hardware combining.With software
As a example by realization, as the device on a logical meaning, it is that the processor by its place equipment is by non-volatile
Property memorizer in corresponding computer program instructions read internal memory runs and formed.For hardware view,
As it is shown on figure 3, tie according to the hardware of a kind of load-balancing device shown in an exemplary embodiment for the application
Composition, in addition to the processor shown in Fig. 3, internal memory, network interface and nonvolatile memory,
In embodiment, the equipment at device place is generally according to the actual functional capability of this equipment, it is also possible to include other hardware,
This is repeated no more.
Fig. 4 is the application enforcement according to the conversion equipment of a kind of Tunnel Identifier shown in an exemplary embodiment
Example structure chart, as shown in Figure 4, this embodiment is applied on load-balancing device, and this device includes: receive
Unit 410, acquiring unit 420, acquisition unit 430, replacement unit 440, retransmission unit 450.
Wherein, receive unit 410, for receiving the control message from VPN device, described control message
Carry IP address and first Tunnel Identifier of described VPN device;
Acquiring unit 420, for obtaining the device identification that the IP address of described VPN device is corresponding, and according to
Preset rules obtains the node identification of minimum enabled node;
Obtain unit 430, be used for utilizing described device identification and described node identification to obtain the second Tunnel Identifier;
Replacement unit 440, for utilizing described second Tunnel Identifier to replace the first tunnel in described control message
Mark;
Retransmission unit 450, for being forwarded to client by described control message.
In an optional implementation, acquiring unit 420, specifically for obtaining described VPN device
Device identification corresponding to IP address during, utilize the IP address search address of described VPN device with
The corresponding table of mark;Obtain the device identification that the IP address of described VPN device is corresponding.
In another optional implementation, described device also includes (not shown in Fig. 4): corresponding table
Set up unit;
Described corresponding table sets up unit, for obtaining all VPN device from default VPN device cluster
Quantity;Described quantity is utilized to determine the labelling figure place of device identification;For each VPN device, according to institute
Stating labelling figure place is that described VPN device is numbered, and described numbering is defined as described VPN device
Device identification;The IP address of described VPN device and described device identification are added described address to right with mark
Answer in table.
In another optional implementation, described second Tunnel Identifier is by presetting marker bit array one-tenth, institute
State the difference that labelling figure place is described default labelling figure place and the labelling figure place of described device identification of node identification;
Acquiring unit 420, also particularly useful for the process at the node identification obtaining minimum enabled node according to preset rules
In, the address of the next enabled node recorded by the first node in array linked list is as minimum enabled node
Address;Wherein, described array linked list includes N number of node, in each node record have this node identification and
The address of next enabled node, described N is the marker bit side for several times of the node identification of default value;Obtain
The node identification that the node that the address of described minimum enabled node is pointed to is recorded, and by true for described node identification
It is set to the node identification of minimum enabled node;Utilize the next available section that described minimum enabled node is recorded
The address of the next enabled node that first node is recorded is replaced in the address of point.
In another optional implementation, it is thus achieved that unit 430, specifically for according to default built-up sequence,
Described device identification is combined with described node identification, obtains the second Tunnel Identifier.
In another optional implementation, described device also includes (not shown in Fig. 4):
Record unit, for utilizing described second Tunnel Identifier to replace described control at described replacement unit 440
Before the first Tunnel Identifier in message, by described first Tunnel Identifier, described second Tunnel Identifier and institute
The IP address stating VPN device recorded in session holding list item;
Described device also includes (not shown in Fig. 4):
Service message processing unit, for being forwarded to client at described retransmission unit 450 by described control message
After on end, receiving the service message from described client, described service message carries the second tunnel mark
Know;Utilize described second Tunnel Identifier to search described session and keep list item, obtain the first corresponding Tunnel Identifier
IP address with VPN device;Described first Tunnel Identifier is utilized to replace the second tunnel in described service message
Mark, and described service message is sent to the VPN device of the IP address sensing of described VPN device.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method
Rapid realizes process, does not repeats them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees
The part of embodiment of the method illustrates.Device embodiment described above is only schematically, wherein
The described unit illustrated as separating component can be or may not be physically separate, as unit
The parts of display can be or may not be physical location, i.e. may be located at a place, or also may be used
To be distributed on multiple NE.Some or all of module therein can be selected according to the actual needs
Realize the purpose of the application scheme.Those of ordinary skill in the art in the case of not paying creative work,
I.e. it is appreciated that and implements.
From above-described embodiment, load-balancing device when receiving the control message from VPN device,
Obtain and control message and carry the device identification that the IP address of VPN device is corresponding, and obtain according to preset rules
The node identification of little enabled node, then recycles this device identification and this node identification obtains the second tunnel mark
Know, and utilize this second Tunnel Identifier to replace the first Tunnel Identifier carried in this control message, and by this control
Message processed is forwarded in client.Based on above-mentioned implementation, owing to load-balancing device is by utilizing equipment
Mark and node identification obtain the second Tunnel Identifier, for different VPN device, even if being two clients
The first Tunnel Identifier specified is identical, owing to device identification and node identification are the most different, and the second tunnel obtained
Mark is also different, thus, this two client can utilize the second different Tunnel Identifiers to load-balancing device
Sending service message, load-balancing device can distinguish this two client by the second different Tunnel Identifiers
The IP address of corresponding VPN device and the first Tunnel Identifier, and replace the second tunnel mark with the first Tunnel Identifier
Know, and service message is sent in the VPN device of IP address sensing of this VPN device, it is ensured that visitor
The business of family end is normal.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all in this Shen
Within spirit please and principle, any modification, equivalent substitution and improvement etc. done, should be included in this Shen
Within the scope of please protecting.
Claims (12)
1. the conversion method of a Tunnel Identifier, it is characterised in that described method is applied to load-balancing device
On, described method includes:
Receiving the control message from VPN (virtual private network) VPN device, described control message carries described
The Internet protocol IP address of VPN device and the first Tunnel Identifier;
Obtain the device identification that the IP address of described VPN device is corresponding, and obtain I according to preset rules
With the node identification of node;
Described device identification and described node identification is utilized to obtain the second Tunnel Identifier;
Described second Tunnel Identifier is utilized to replace the first Tunnel Identifier in described control message, and by described control
Message processed is forwarded in client.
Method the most according to claim 1, it is characterised in that the described VPN device of described acquisition
The process of the device identification that IP address is corresponding, specifically includes:
Utilize IP address search address and the corresponding table of mark of described VPN device;
Obtain the device identification that the IP address of described VPN device is corresponding.
Method the most according to claim 2, it is characterised in that right with mark for setting up described address
Answer the process of table, specifically include:
The quantity of all VPN device is obtained from default VPN device cluster;
Described quantity is utilized to determine the labelling figure place of device identification;
For each VPN device, it is that described VPN device is numbered according to described labelling figure place, and will
Described numbering is defined as the device identification of described VPN device;By the IP address of described VPN device with described
Device identification is added described address to and is identified in corresponding table.
Method the most according to claim 3, it is characterised in that described second Tunnel Identifier is by pre-bidding
Note figure place composition, the labelling figure place of described node identification is described default labelling figure place and described device identification
The difference of labelling figure place, the process of the described node identification obtaining minimum enabled node according to preset rules, specifically
Including:
The address of the next enabled node recorded by the first node in array linked list is as minimum enabled node
Address;Wherein, described array linked list includes N number of node, in each node record have this node identification and
The address of next enabled node, described N is the marker bit side for several times of the node identification of default value;
The node identification that the node of the address sensing obtaining described minimum enabled node is recorded, and by described joint
Point identification is defined as the node identification of minimum enabled node;
First node institute record is replaced in the address utilizing the next enabled node that described minimum enabled node recorded
The address of next enabled node.
Method the most according to claim 1, it is characterised in that described utilize described device identification and institute
State node identification and obtain the process of the second Tunnel Identifier, specifically include:
According to default built-up sequence, described device identification is combined with described node identification, obtains second
Tunnel Identifier.
Method the most according to claim 1, it is characterised in that described utilize described second Tunnel Identifier
Before replacing the first Tunnel Identifier in described control message, described method also includes:
IP address record by described first Tunnel Identifier, described second Tunnel Identifier and described VPN device
Keep in list item to session;
Described described control message is forwarded in client after, described method also includes:
Receiving the service message from described client, described service message carries the second Tunnel Identifier;
Utilize described second Tunnel Identifier to search described session and keep list item, obtain the first corresponding Tunnel Identifier
IP address with VPN device;
Described first Tunnel Identifier is utilized to replace the second Tunnel Identifier in described service message, and by described industry
Business message sends to the VPN device of the IP address sensing of described VPN device.
7. the conversion equipment of a Tunnel Identifier, it is characterised in that described device is applied to load-balancing device
On, described device includes:
Receive unit, for receiving the control message from VPN (virtual private network) VPN device, described control report
Literary composition carries Internet protocol IP address and first Tunnel Identifier of described VPN device;
Acquiring unit, for obtaining the device identification that the IP address of described VPN device is corresponding, and according to presetting
The node identification of Rule minimum enabled node;
Obtain unit, be used for utilizing described device identification and described node identification to obtain the second Tunnel Identifier;
Replacement unit, for utilizing described second Tunnel Identifier to replace the first tunnel mark in described control message
Know;
Retransmission unit, for being forwarded to client by described control message.
Device the most according to claim 7, it is characterised in that
Described acquiring unit, specifically for the device identification corresponding in the IP address obtaining described VPN device
During, utilize IP address search address and the corresponding table of mark of described VPN device;Obtain described VPN
The device identification that the IP address of equipment is corresponding.
Device the most according to claim 8, it is characterised in that described device also includes: corresponding table is built
Vertical unit;
Described corresponding table sets up unit, for obtaining all VPN device from default VPN device cluster
Quantity;Described quantity is utilized to determine the labelling figure place of device identification;For each VPN device, according to institute
Stating labelling figure place is that described VPN device is numbered, and described numbering is defined as described VPN device
Device identification;The IP address of described VPN device and described device identification are added described address to right with mark
Answer in table.
Device the most according to claim 9, it is characterised in that described second Tunnel Identifier is by presetting
Marker bit array becomes, and the labelling figure place of described node identification is described default labelling figure place and described device identification
The difference of labelling figure place;
Described acquiring unit, also particularly useful at the node identification obtaining minimum enabled node according to preset rules
During, the address of the next enabled node recorded by the first node in array linked list is as I
Use address of node;Wherein, described array linked list includes N number of node, and in each node, record has this node
Mark and the address of next enabled node, described N is the marker bit side for several times of the node identification of default value;
The node identification that the node of the address sensing obtaining described minimum enabled node is recorded, and by described node mark
Know the node identification being defined as minimum enabled node;The next one utilizing described minimum enabled node to be recorded can
The address of the next enabled node that first node is recorded is replaced with address of node.
11. devices according to claim 7, it is characterised in that described acquisition unit, specifically for
According to default built-up sequence, described device identification is combined with described node identification, obtains the second tunnel
Mark.
12. devices according to claim 7, it is characterised in that described device also includes:
Record unit, for utilizing described second Tunnel Identifier to replace described control message at described replacement unit
In the first Tunnel Identifier before, by described first Tunnel Identifier, described second Tunnel Identifier and described VPN
The IP address of equipment recorded session and keeps in list item;
Described device also includes:
Service message processing unit, for being forwarded to client at described retransmission unit by described control message
Afterwards, receiving the service message from described client, described service message carries the second Tunnel Identifier;
Utilize described second Tunnel Identifier to search described session and keep list item, obtain the first corresponding Tunnel Identifier and
The IP address of VPN device;Described first Tunnel Identifier is utilized to replace the second tunnel mark in described service message
Know, and described service message is sent to the VPN device of the IP address sensing of described VPN device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610523935.7A CN106027356B (en) | 2016-07-04 | 2016-07-04 | A kind of conversion method and device of Tunnel Identifier |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610523935.7A CN106027356B (en) | 2016-07-04 | 2016-07-04 | A kind of conversion method and device of Tunnel Identifier |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106027356A true CN106027356A (en) | 2016-10-12 |
| CN106027356B CN106027356B (en) | 2019-09-17 |
Family
ID=57107453
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610523935.7A Active CN106027356B (en) | 2016-07-04 | 2016-07-04 | A kind of conversion method and device of Tunnel Identifier |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106027356B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019105462A1 (en) * | 2017-11-30 | 2019-06-06 | 中兴通讯股份有限公司 | Method and apparatus for sending packet, method and apparatus for processing packet, pe node, and node |
| CN110650062A (en) * | 2018-06-26 | 2020-01-03 | 中国电信股份有限公司 | Link performance detection method, system, device and computer readable storage medium |
| CN110677426A (en) * | 2019-09-30 | 2020-01-10 | 北京天融信网络安全技术有限公司 | Data transmission method and device, storage medium and VPN (virtual private network) equipment |
| CN113595911A (en) * | 2021-09-28 | 2021-11-02 | 深圳艾灵网络有限公司 | Data forwarding method and device, electronic equipment and storage medium |
| CN116303474A (en) * | 2023-05-09 | 2023-06-23 | 新华三技术有限公司 | Tunnel information statistical method, device, network equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100197267A1 (en) * | 2009-01-28 | 2010-08-05 | Headwater Partners I Llc | Device group partitions and settlement platform |
| US20120036220A1 (en) * | 2008-12-19 | 2012-02-09 | Openpeak Inc. | Systems for accepting and approving applications and methods of operation of same |
| CN102394889A (en) * | 2011-11-15 | 2012-03-28 | 迈普通信技术股份有限公司 | Network server access method and access system |
| CN102857363A (en) * | 2012-05-04 | 2013-01-02 | 运软网络科技(上海)有限公司 | Automatic computing system and method for virtual networking |
| CN104090891A (en) * | 2013-12-12 | 2014-10-08 | 深圳市腾讯计算机系统有限公司 | Method and device for data processing and server and system for data processing |
| US20150281963A1 (en) * | 2013-07-18 | 2015-10-01 | Fortinet, Inc. | Remote wireless adapter |
-
2016
- 2016-07-04 CN CN201610523935.7A patent/CN106027356B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120036220A1 (en) * | 2008-12-19 | 2012-02-09 | Openpeak Inc. | Systems for accepting and approving applications and methods of operation of same |
| US20100197267A1 (en) * | 2009-01-28 | 2010-08-05 | Headwater Partners I Llc | Device group partitions and settlement platform |
| CN102394889A (en) * | 2011-11-15 | 2012-03-28 | 迈普通信技术股份有限公司 | Network server access method and access system |
| CN102857363A (en) * | 2012-05-04 | 2013-01-02 | 运软网络科技(上海)有限公司 | Automatic computing system and method for virtual networking |
| US20150281963A1 (en) * | 2013-07-18 | 2015-10-01 | Fortinet, Inc. | Remote wireless adapter |
| CN104090891A (en) * | 2013-12-12 | 2014-10-08 | 深圳市腾讯计算机系统有限公司 | Method and device for data processing and server and system for data processing |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019105462A1 (en) * | 2017-11-30 | 2019-06-06 | 中兴通讯股份有限公司 | Method and apparatus for sending packet, method and apparatus for processing packet, pe node, and node |
| CN110650062A (en) * | 2018-06-26 | 2020-01-03 | 中国电信股份有限公司 | Link performance detection method, system, device and computer readable storage medium |
| CN110677426A (en) * | 2019-09-30 | 2020-01-10 | 北京天融信网络安全技术有限公司 | Data transmission method and device, storage medium and VPN (virtual private network) equipment |
| CN110677426B (en) * | 2019-09-30 | 2021-11-16 | 北京天融信网络安全技术有限公司 | Data transmission method and device, storage medium and VPN (virtual private network) equipment |
| CN113595911A (en) * | 2021-09-28 | 2021-11-02 | 深圳艾灵网络有限公司 | Data forwarding method and device, electronic equipment and storage medium |
| CN113595911B (en) * | 2021-09-28 | 2021-12-03 | 深圳艾灵网络有限公司 | Data forwarding method and device, electronic equipment and storage medium |
| CN116303474A (en) * | 2023-05-09 | 2023-06-23 | 新华三技术有限公司 | Tunnel information statistical method, device, network equipment and storage medium |
| CN116303474B (en) * | 2023-05-09 | 2023-08-18 | 新华三技术有限公司 | Tunnel information statistical method, device, network equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106027356B (en) | 2019-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106027356A (en) | Tunnel identifier conversion method and device | |
| CN105897444B (en) | Multicast group management method and device | |
| EP3596600B1 (en) | Systems and methods for compute node management protocols | |
| CN106878483A (en) | A kind of IP address distribution method and device | |
| CN107196982A (en) | A kind for the treatment of method and apparatus of user's request | |
| CN101371556A (en) | Arrangement for using ERP-systems on, preferably, mobile devices | |
| CN107241270A (en) | Message processing method and device | |
| CN109525684A (en) | Message forwarding method and device | |
| CN108259218A (en) | A kind of IP address distribution method and device | |
| CN105939240A (en) | Load balancing method and device | |
| CN108243266A (en) | Canonical name processing method, configuration method and device | |
| CN110351364A (en) | Date storage method, equipment and computer readable storage medium | |
| CN107547346A (en) | A kind of message transmitting method and device | |
| CN104798347A (en) | Local Partitioning in a Distributed Communication System | |
| CN105978868A (en) | Method and apparatus for searching IP address authority | |
| CN104092751A (en) | Service access method and device | |
| CN106130926B (en) | A kind of processing method and processing device of message | |
| CN104539538B (en) | The IP address matching process of router and the data packet forwarding method of router | |
| CN103634298B (en) | A kind of data base's connection processing method and device | |
| CN106446050A (en) | Method and system for subscription by aiming at changed data of database | |
| CN113067824A (en) | Data scheduling method, system, virtual host and computer readable storage medium | |
| US12063307B2 (en) | Contract apparatus and method of blockchain using location information | |
| CN104506440B (en) | The data packet sending method and routing table amending method of router | |
| JP5190922B2 (en) | Community communication network and communication control method | |
| CN105959252A (en) | Method and device for processing conversion log |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210616 Address after: 310051 05, room A, 11 floor, Chung Cai mansion, 68 Tong Xing Road, Binjiang District, Hangzhou, Zhejiang. Patentee after: Hangzhou Dip Information Technology Co.,Ltd. Address before: 310051, 6 floor, Chung Cai mansion, 68 Tong he road, Binjiang District, Hangzhou, Zhejiang. Patentee before: Hangzhou DPtech Technologies Co.,Ltd. |