CN106027356B - A kind of conversion method and device of Tunnel Identifier - Google Patents

A kind of conversion method and device of Tunnel Identifier Download PDF

Info

Publication number
CN106027356B
CN106027356B CN201610523935.7A CN201610523935A CN106027356B CN 106027356 B CN106027356 B CN 106027356B CN 201610523935 A CN201610523935 A CN 201610523935A CN 106027356 B CN106027356 B CN 106027356B
Authority
CN
China
Prior art keywords
node
tunnel identifier
address
identification
vpn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610523935.7A
Other languages
Chinese (zh)
Other versions
CN106027356A (en
Inventor
郑言
丁金岩
孙艳杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPtech Information Technology Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201610523935.7A priority Critical patent/CN106027356B/en
Publication of CN106027356A publication Critical patent/CN106027356A/en
Application granted granted Critical
Publication of CN106027356B publication Critical patent/CN106027356B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application provides the conversion method and device of a kind of Tunnel Identifier, which comprises receives the control message from VPN device, the control message carries the IP address and the first Tunnel Identifier of the VPN device;The corresponding device identification of IP address of the VPN device is obtained, and obtains the node identification of minimum enabled node according to preset rules;The second Tunnel Identifier is obtained using the device identification and the node identification;The first Tunnel Identifier in the control message is replaced using second Tunnel Identifier, and the control message is forwarded in client.Using the embodiment of the present application, for different VPN devices, even if identical for the first Tunnel Identifier that two clients are specified, since device identification and node identification are different, the second obtained Tunnel Identifier is also different, to which load-balancing device can distinguish two clients, it is ensured that the business of client is normal.

Description

A kind of conversion method and device of Tunnel Identifier
Technical field
This application involves network communication technology field more particularly to the conversion methods and device of a kind of Tunnel Identifier.
Background technique
VPN (Virtual Private Network, Virtual Private Network) equipment is dedicated for establishing in common network Network carries out encryption communication.In practical applications, it to meet the needs of multiple client is concurrent online, needs using more VPN Access request message is sent to load-balancing device, load-balancing device is visitor when client accesses vpn service by equipment The access request message at family end distributes VPN device, and sends the access request message in the VPN device of distribution, which sets It is standby to distribute Tunnel Identifier for the access request message, and the Tunnel Identifier is returned into client by load-balancing device, it bears Equalizing equipment is carried to add facility information IP (Internet Protocol Internet protocol) address of the Tunnel Identifier and VPN device Be added in list item, thus, load-balancing device receive client transmission the service message for carrying the Tunnel Identifier when, The IP address facility information of the corresponding VPN device of the Tunnel Identifier is obtained, and the service message is sent to the facility information pair In the VPN device answered, which is forwarded on server by VPN device again, so that client realizes the visit of vpn service It asks.
But since the range of assignable Tunnel Identifier in all VPN devices is all the same, two VPN devices may be Two clients distribute the same Tunnel Identifiers, and load-balancing device only record the facility information of the last one VPN device with The corresponding relationship of Tunnel Identifier, in this way, the service message that the two clients are sent can be supported equalizing equipment and be sent to table In the corresponding VPN device of facility information recorded in, and lead to the service exception of one of client.
Summary of the invention
In view of this, the application provides the conversion method and device of a kind of Tunnel Identifier, to solve existing access mode meeting Lead to the problem of client traffic exception.
According to the embodiment of the present application in a first aspect, providing a kind of conversion method of Tunnel Identifier, the method is applied to On load-balancing device, which comprises
The control message from VPN device is received, the control message carries the IP address and first of the VPN device Tunnel Identifier;
The corresponding device identification of IP address of the VPN device is obtained, and obtains minimum enabled node according to preset rules Node identification;
The second Tunnel Identifier is obtained using the device identification and the node identification;
The first Tunnel Identifier in the control message is replaced using second Tunnel Identifier, and by the control message It is forwarded in client.
According to the second aspect of the embodiment of the present application, a kind of conversion equipment of Tunnel Identifier is provided, described device is applied to On load-balancing device, described device includes:
Receiving unit, for receiving the control message from VPN device, the control message carries the VPN device IP address and the first Tunnel Identifier;
Acquiring unit, the corresponding device identification of IP address for obtaining the VPN device, and obtained according to preset rules The node identification of minimum enabled node;
Obtaining unit, for obtaining the second Tunnel Identifier using the device identification and the node identification;
Replacement unit, for replacing the first Tunnel Identifier in the control message using second Tunnel Identifier;
Retransmission unit, for the control message to be forwarded to client.
Using the embodiment of the present application, load-balancing device obtains control when receiving the control message from VPN device Message carries the corresponding device identification of IP address of VPN device, and the node mark of minimum enabled node is obtained according to preset rules Know, then recycles the device identification and the node identification to obtain the second Tunnel Identifier, and replace using second Tunnel Identifier The first Tunnel Identifier carried in the control message, and the control message is forwarded in client.Based on above-mentioned implementation, Since load-balancing device is by obtaining the second Tunnel Identifier using device identification and node identification, for different VPN devices, Even if identical for the first Tunnel Identifier that two clients are specified, since device identification and node identification are different, obtain the Two Tunnel Identifiers are also different, thus, this two client can be sent using the second different Tunnel Identifiers to load-balancing device Service message, load-balancing device can distinguish this corresponding VPN device of two clients by the second different Tunnel Identifiers IP address and the first Tunnel Identifier, and the second Tunnel Identifier is replaced with the first Tunnel Identifier, and send the VPN for service message In the VPN device that the IP address of equipment is directed toward, it ensure that the business of client is normal.
Detailed description of the invention
Fig. 1 is a kind of the application conversion application scenario diagram of Tunnel Identifier shown according to an exemplary embodiment;
Fig. 2 is a kind of the application embodiment process of the conversion method of Tunnel Identifier shown according to an exemplary embodiment Figure;
Fig. 3 is a kind of the application hardware structure diagram of load-balancing device shown according to an exemplary embodiment;
Fig. 4 is a kind of the application example structure of the conversion equipment of Tunnel Identifier shown according to an exemplary embodiment Figure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
Fig. 1 is a kind of the application conversion application scenario diagram of Tunnel Identifier shown according to an exemplary embodiment, in Fig. 1 Including client, load-balancing device, more VPN devices (listing 3 VPN devices in figure), servers.Wherein, the visitor Family end can be PC (Personal Computer, personal computer), mobile phone, tablet device etc., for being using VPN device Its Tunnel Identifier distributed accesses server, to realize that vpn service accesses;The load-balancing device can be firewall, use In by the flow scheduling of all clients to different VPN devices, to mitigate the pressure of VPN device;The number of the VPN device Amount can be arranged according to the quantity of client, for distributing Tunnel Identifier for client, and carry this for what client was sent The service message of Tunnel Identifier is forwarded to server.
In the prior art, for example, when client 1 and client 2 need to access vpn service, client 1 and client 2 Access request message 1 and access request message 2 are sent to load-balancing device respectively, load-balancing device utilizes load balancing tune Spending algorithm is that access request message 1 and access request message 2 distribute VPN device, it is assumed that access request message 1 distributes is VPN Equipment 1, what access request message 2 distributed is VPN device 2, and access request message 1 is forwarded to VPN device 1 by load-balancing device On, access request message 2 is forwarded to VPN device 2, VPN device 1 and VPN device 2 according to the access request message received, The information of the client carried in access request message is authenticated, after the authentication has been successful, distributes Tunnel Identifier for client, Assuming that VPN device 1 is that client 1 distributes Tunnel Identifier 1, VPN device 2 is that client 2 is also assigned with Tunnel Identifier 1, to visitor When family end responds (alternatively referred to as control message), the response that VPN device 1 returns first passes through load-balancing device, VPN device Through overload equalizing equipment after 2 responses returned, thus in the list item of load-balancing device final entry be Tunnel Identifier 1 with The facility information of VPN device 2 can send to load-balancing device and carry after client 1 and client 2 receive response The service message of Tunnel Identifier 1, load-balancing device get the facility information of corresponding VPN device 2 using Tunnel Identifier 1, And be forwarded to the service message of client 1 and client 2 in VPN device 2, since the client 1 is not in VPN device It is authenticated on 2, so not will do it processing when VPN device 2 receives the service message of the transmission of client 1, leads to client The service exception at end 1.
In the embodiment of the present application, when load-balancing device receives response (the hereinafter referred to as control report of VPN device return Text) when, the corresponding device identification of IP address of the VPN device is obtained first, and obtains minimum enabled node according to preset rules Node identification, by the Tunnel Identifier in the Tunnel Identifier replacement control message that is generated using device identification and node identification, It is that different clients distributes same tunnel mark to avoid different VPN devices, leads to the problem of client traffic exception.
Fig. 2 is a kind of the application embodiment process of the conversion method of Tunnel Identifier shown according to an exemplary embodiment Figure, in the embodiment of the present application, when client carries out vpn service access, the interaction with VPN device is based on L2TP (Layer 2Tunneling Protocol, Level 2 Tunnel Protocol) carry out interaction, due to L2TP support two-end-point between use Multiple tunnel, Therefore, client can use Tunnel Identifier and carry out vpn service access by VPN device.As shown in Fig. 2, the embodiment application In on load-balancing device, comprising the following steps:
Step 201: receiving the control message from VPN device, which carries the IP address and the of VPN device One Tunnel Identifier.
Before executing step 201, client can send access request to load-balancing device when accessing vpn service, Load-balancing device is that access request distribution VPN is set by load balance scheduling algorithm (for example, Weight Round Robin algorithm) It is standby, it then sends the access request in the VPN device of distribution, then VPN device is that the access request of the client is specified One available first Tunnel Identifier, and first Tunnel Identifier is sent to load-balancing device.
It follows that load-balancing device can receive the control message from VPN device, and taken in the control message IP address with the first Tunnel Identifier and VPN device.Wherein, the source IP address of the control message is the IP of the VPN device Location.
The process that available first Tunnel Identifier is specified for the access request that VPN device is the client, one In a example, desired Tunnel Identifier can be carried in the access request of the client, therefore VPN device can first obtain access and ask The expectation Tunnel Identifier of middle carrying is sought, if the tunnel that the expectation Tunnel Identifier is directed toward is unavailable, VPN device reassigns one The tunnel of business transmission can be carried out, which is identified as the first Tunnel Identifier;If the tunnel that the expectation Tunnel Identifier is directed toward It can use, then VPN device is using the expectation Tunnel Identifier as the first Tunnel Identifier.In another example, VPN device can be direct Available first Tunnel Identifier is specified for the access request of the client.
Step 202: obtaining the corresponding device identification of IP address of the VPN device, and obtaining minimum according to preset rules can With the node identification of node.
Before executing step 202, load-balancing device can obtain all VPN from preset VPN device cluster and set Standby quantity, and determine using the quantity label digit of device identification, is then directed to each VPN device again, according to changing label Digit is that the VPN device is numbered, and the number is determined as to the device identification of the VPN device, finally by the VPN device IP address and the device identification are added in address and the corresponding table of mark.
Wherein, preset VPN device cluster refers to all VPN devices connecting with load-balancing device, and VPN is set Record has the IP address of all VPN devices in standby cluster;The device identification of VPN device can be digital, is also possible to character, can also To be the combination of number with character, it is illustrated by taking number as an example below, for example, the quantity of the VPN device in VPN device cluster It is 7, since under normal conditions, storing number in a computer is to be stored in binary form, thus may determine that setting The label digit of standby mark is 3, that is, can be respectively 000 (number 0), 001 (number 1), 010 (number by 7 VPN device numbers Word 2), 011 (number 3), 100 (numbers 4), 101 (numbers 5), 110 (numbers 6) be as shown in table 1 a kind of illustrative address Table corresponding with mark.
The IP address of VPN device Device identification
IP0 000
IP1 001
IP2 010
IP3 011
IP4 100
IP5 101
IP6 110
Table 1
For the process for the corresponding device identification of IP address for obtaining the VPN device, load-balancing device can use this The IP address of VPN device searches address table corresponding with mark, and the corresponding device identification of IP address for obtaining the VPN device.Such as Described in table 1, for example, the IP address of VPN device be IP1, then it is available to corresponding device identification be 001.
For the process for the node identification for obtaining minimum enabled node according to preset rules, load-balancing device can be from number The address of minimum enabled node is obtained in group chained list, then obtains the section that the node of the address direction of the minimum enabled node is recorded Point identification.
For the process for the address for obtaining minimum enabled node from array linked list, load-balancing device can be by array chain Address of the address for next enabled node that first node in table is recorded as minimum enabled node, and can using the minimum The address for next enabled node that the address replacement first node of the next enabled node recorded with node is recorded.
Wherein, which includes N number of node, and record has this node identification and next enabled node in each node Address, the N is the marker bit side for several times of the node identification of default value, which can be array linked list interior joint Digital number, i.e. the subscript of array linked list, due to computer usually storage number in binary form, default value It is 2, the marker bit for the node identification that the number of nodes of array linked list is 2 is square for several times, and the label digit of the node identification is by the second tunnel The label digit of road mark and the label digit of device identification determine.
For the node identification label digit by the label digit of the second Tunnel Identifier and the label digit of device identification Determining process, the second Tunnel Identifier are made of preset mark digit, and the label digit of the node identification is the preset mark position The difference of several and device identification label digit.Wherein, due in L2TP agreement Tunnel Identifier by 16 for bit array at, The preset mark digit can be 16, for example, the label digit of device identification is 3, then the label digit of the node identification is 16- 3=13.
The acquisition process for illustrating node identification with an example below, for example, what the first node in array linked list was recorded The address of enabled node is the 4th address of node and this node identification is 0,000 0,000 0,000 0 (numbers 0), then The node identification that the node that 4th address of node is directed toward is recorded is 0,000 0,000 0,001 1 (numbers 3), indicates node Mark 1 and node identification 2 are by with the node identification of minimum enabled node is 0,000 0,000 0,001 1 at present, also, negative Carrying equalizing equipment can be using the address for next enabled node that the 4th node is recorded, i.e. the 5th address of node is replaced The 4th address of node that first node is recorded is changed, when next time load-balancing device obtains the node of minimum enabled node again When mark, the node identification 0,000 0,000 0,010 0 (number 4) of the 5th node can be got.
Step 203: obtaining the second Tunnel Identifier using the device identification and the node identification.
Specifically, load-balancing device can carry out the device identification and the node identification according to default built-up sequence Combination, obtains the second Tunnel Identifier.
Wherein, which can be device identification preceding, and node identification is also possible to device identification and exists rear Afterwards, node identification is preceding, here and without limitation.
It is illustrated below with an example, for example, device identification is preceding, node identification is rear, and VPN device 1 is for visitor The control message 1 that family end 1 returns, VPN device 2 are directed to the control message 2 that client 2 returns, control message 1 and control message 2 The first Tunnel Identifier carried is 0,010 0,000 0,010 1101 (numbers 45), it is assumed that for control message 1, load balancing The node identification that equipment gets minimum enabled node is 0,000 0,000 0,001 1, and the device identification of VPN device 1 is 001;Needle To control message 2, the node identification for getting minimum enabled node is 0,000 0,000 0,010 0, the device identification of VPN device 2 It is 010, thus, the second Tunnel Identifier for obtaining control message 1 is 0,010 0,000 0,000 0011, controls the second tunnel of message 2 Road is identified as 0,100 0,000 0,000 0100.
It is described by step 201 to step 203 it is found that different VPN devices is directed to, even if the first specified Tunnel Identifier phase Together, since its device identification difference, and the node identification got are also different, therefore load-balancing device utilizes device identification The second Tunnel Identifier obtained with node identification is also just different, in this way, even if two clients have been assigned to identical first tunnel Road mark, corresponding second Tunnel Identifier is different, and it is corresponding not that load-balancing device can also equally distinguish different clients Same VPN device.
Step 204: replacing the first Tunnel Identifier in control message using second Tunnel Identifier, and by the control message It is forwarded in client.
For the process that will be controlled message and be forwarded in client, can be forwarded according to existing forwarding process, no It repeats again.Client can use the second Tunnel Identifier and carry out vpn service access when receiving control message.
Load-balancing device with the second Tunnel Identifier replace the first Tunnel Identifier before, can by the first Tunnel Identifier, The IP address of second Tunnel Identifier and VPN device is recorded session and keeps in list item, also, load-balancing device is by the control After message processed is forwarded in client, the service message (positive service message) from the client, the business report are received Text carries second Tunnel Identifier, can use second Tunnel Identifier and searches session holding list item, obtains corresponding first The IP address of Tunnel Identifier and VPN device, and the second Tunnel Identifier in the service message is replaced using first Tunnel Identifier, And in the VPN device for being directed toward the IP address that the service message is sent to the VPN device, in addition, VPN device is again by the forward direction industry Business message is forwarded on server, and server returns to reverse traffic message to client for the forward direction service message.It is same with this When, when load-balancing device is received from the reverse traffic message of VPN device forwarding, using the first Tunnel Identifier and it is somebody's turn to do The IP address of VPN device searches session and keeps list item, gets corresponding second Tunnel Identifier, and replaced with the second Tunnel Identifier First Tunnel Identifier, and the reverse traffic message is forwarded in the client.To ensure that the business of client is normal.
It should be noted that under normal conditions, the message direction that user end to server is sent can be " forward direction ", service Device can be " reversed " according to the message direction that the positive message received returns.
It should be further noted that can also be recorded in each node in the array linked list other than first node The address of one enabled node, and will be added in the node with mark, by with later to indicate the node in the node It has been used, when client disconnects vpn service, node identification in array linked list can be discharged, below to release number The process of group chained list is described in detail, convenient in order to distinguish description, the previous node that the node having been used is recorded Address and the latter address of node are properly termed as the ground of upper an address of node and next node that the node is recorded Location.
When load-balancing device receives the offline message from client, the second tunnel that the offline message carries is obtained Road mark, and corresponding node identification is obtained according to default built-up sequence, and the node mark is obtained from the node having been used Know corresponding node, and that deletes that the node recorded has used mark.Then judge the upper node that the node is recorded The node that address is directed toward whether by with, if being not used by, next enabled node for being recorded using a node on this The address for the next node that the node is recorded is replaced in address, and replaces a upper node using the address of node and recorded Next enabled node address;If having been used, it is directed to the node having been used, continues to judge what this had been used Whether the node that a upper address of node that node is recorded is directed toward is by with being used in combination until finding the node being not used by Replace the ground for the next node that the node is recorded in the address for next enabled node that the node being not used by is recorded Location, and replace using the address of node address for next enabled node that the node being not used by is recorded.
It, can be with based on step 204 description it is found that load-balancing device is by node identification in release array linked list It avoids the node in array linked list from running out, and the second Tunnel Identifier can not be obtained.
As can be seen from the above embodiments, load-balancing device obtains control when receiving the control message from VPN device Message carries the corresponding device identification of IP address of VPN device, and the node mark of minimum enabled node is obtained according to preset rules Know, then recycles the device identification and the node identification to obtain the second Tunnel Identifier, and replace using second Tunnel Identifier The first Tunnel Identifier carried in the control message, and the control message is forwarded in client.Based on above-mentioned implementation, Since load-balancing device is by obtaining the second Tunnel Identifier using device identification and node identification, for different VPN devices, Even if identical for the first Tunnel Identifier that two clients are specified, since device identification and node identification are different, obtain the Two Tunnel Identifiers are also different, thus, this two client can be sent using the second different Tunnel Identifiers to load-balancing device Service message, load-balancing device can distinguish this corresponding VPN device of two clients by the second different Tunnel Identifiers IP address and the first Tunnel Identifier, and the second Tunnel Identifier is replaced with the first Tunnel Identifier, and send the VPN for service message In the VPN device that the IP address of equipment is directed toward, it ensure that the business of client is normal.
Corresponding with the embodiment of the conversion method of aforementioned Tunnel Identifier, present invention also provides the converting means of Tunnel Identifier The embodiment set.
The embodiment of the conversion equipment of the application Tunnel Identifier can be applied on load-balancing device.Installation practice can Can also be realized by way of hardware or software and hardware combining by software realization.Taking software implementation as an example, as one Device on logical meaning is to be referred to computer program corresponding in nonvolatile memory by the processor of equipment where it It enables and is read into memory what operation was formed.For hardware view, as shown in figure 3, being the application according to an exemplary embodiment A kind of hardware structure diagram of the load-balancing device shown, in addition to processor shown in Fig. 3, memory, network interface and it is non-easily Except the property lost memory, the equipment in embodiment where device can also include other generally according to the actual functional capability of the equipment Hardware repeats no more this.
Fig. 4 is a kind of the application example structure of the conversion equipment of Tunnel Identifier shown according to an exemplary embodiment Figure, as shown in figure 4, the embodiment be applied to load-balancing device on, the device include: receiving unit 410, acquiring unit 420, Obtaining unit 430, replacement unit 440, retransmission unit 450.
Wherein, receiving unit 410, for receiving the control message from VPN device, the control message carries described The IP address of VPN device and the first Tunnel Identifier;
Acquiring unit 420, the corresponding device identification of IP address for obtaining the VPN device, and according to preset rules Obtain the node identification of minimum enabled node;
Obtaining unit 430, for obtaining the second Tunnel Identifier using the device identification and the node identification;
Replacement unit 440, for replacing the first Tunnel Identifier in the control message using second Tunnel Identifier;
Retransmission unit 450, for the control message to be forwarded to client.
In an optional implementation, acquiring unit 420, specifically in the IP address for obtaining the VPN device During corresponding device identification, address table corresponding with mark is searched using the IP address of the VPN device;Described in acquisition The corresponding device identification of the IP address of VPN device.
In another optional implementation, described device further includes (being not shown in Fig. 4): corresponding table establishes unit;
The corresponding table establishes unit, for obtaining the quantity of all VPN devices from preset VPN device cluster;Benefit The label digit of device identification is determined with the quantity;It is that the VPN is set according to the label digit for each VPN device It is standby to be numbered, and described number is determined as the device identification of the VPN device;By the IP address of the VPN device and institute Device identification is stated to be added in the table corresponding with mark of the address.
In another optional implementation, second Tunnel Identifier is made of preset mark digit, the node The label digit of mark is the difference of the label digit of the preset mark digit and the device identification;Acquiring unit 420, also has Body is used for during obtaining the node identification of minimum enabled node according to preset rules, by the first node institute in array linked list Address of the address of next enabled node of record as minimum enabled node;Wherein, the array linked list includes N number of section Point, record has the address of this node identification and next enabled node in each node, and the N is the node identification of default value Marker bit for several times side;The node identification that the node of the address direction of the minimum enabled node is recorded is obtained, and will be described Node identification is determined as the node identification of minimum enabled node;The next available section recorded using the minimum enabled node The address for next enabled node that the address replacement first node of point is recorded.
In another optional implementation, obtaining unit 430 is specifically used for according to default built-up sequence, will be described Device identification is combined with the node identification, obtains the second Tunnel Identifier.
In another optional implementation, described device further includes (being not shown in Fig. 4):
Recording unit, for being replaced in the control message in the replacement unit 440 using second Tunnel Identifier The first Tunnel Identifier before, by the IP address of first Tunnel Identifier, second Tunnel Identifier and the VPN device Session is recorded to keep in list item;
Described device further includes (being not shown in Fig. 4):
Service message processing unit, for the control message to be forwarded in client it in the retransmission unit 450 Afterwards, the service message from the client is received, the service message carries the second Tunnel Identifier;Utilize second tunnel Session described in road identifier lookup keeps list item, obtains the IP address of corresponding first Tunnel Identifier and VPN device;Utilize described One Tunnel Identifier replaces the second Tunnel Identifier in the service message, and the service message is sent to the VPN device IP address be directed toward VPN device on.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
As can be seen from the above embodiments, load-balancing device obtains control when receiving the control message from VPN device Message carries the corresponding device identification of IP address of VPN device, and the node mark of minimum enabled node is obtained according to preset rules Know, then recycles the device identification and the node identification to obtain the second Tunnel Identifier, and replace using second Tunnel Identifier The first Tunnel Identifier carried in the control message, and the control message is forwarded in client.Based on above-mentioned implementation, Since load-balancing device is by obtaining the second Tunnel Identifier using device identification and node identification, for different VPN devices, Even if identical for the first Tunnel Identifier that two clients are specified, since device identification and node identification are different, obtain the Two Tunnel Identifiers are also different, thus, this two client can be sent using the second different Tunnel Identifiers to load-balancing device Service message, load-balancing device can distinguish this corresponding VPN device of two clients by the second different Tunnel Identifiers IP address and the first Tunnel Identifier, and the second Tunnel Identifier is replaced with the first Tunnel Identifier, and send the VPN for service message In the VPN device that the IP address of equipment is directed toward, it ensure that the business of client is normal.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (12)

1. a kind of conversion method of Tunnel Identifier, which is characterized in that the method is applied on load-balancing device, the method Include:
The control message from Virtual Private Network VPN device is received, the control message carries the internet of the VPN device Protocol IP address and the VPN device are the first Tunnel Identifier of client distribution;
The corresponding device identification of IP address of the VPN device is obtained, and obtains the section of minimum enabled node according to preset rules Point identification;
The second Tunnel Identifier is obtained using the device identification and the node identification;
The first Tunnel Identifier in the control message is replaced using second Tunnel Identifier, and the control message is forwarded Onto the client;
The service message from the client is received, the second Tunnel Identifier corresponding first that the service message carries is obtained The IP address of Tunnel Identifier and VPN device;
The second Tunnel Identifier in the service message is replaced using the first Tunnel Identifier of acquisition, and the service message is sent out It send to the VPN device of the IP address direction of the VPN device.
2. being set the method according to claim 1, wherein the IP address for obtaining the VPN device is corresponding The process of standby mark, specifically includes:
Address table corresponding with mark is searched using the IP address of the VPN device;
Obtain the corresponding device identification of IP address of the VPN device.
3. according to the method described in claim 2, it is characterized in that, for the process of address table corresponding with mark is established, It specifically includes:
The quantity of all VPN devices is obtained from preset VPN device cluster;
The label digit of device identification is determined using the quantity;
It is that the VPN device is numbered, and the number is determined as according to the label digit for each VPN device The device identification of the VPN device;The IP address of the VPN device and the device identification are added to the address and mark In corresponding table.
4. according to the method described in claim 3, it is characterized in that, second Tunnel Identifier is made of preset mark digit, The label digit of the node identification is the difference of the label digit of the preset mark digit and the device identification, the basis Preset rules obtain the process of the node identification of minimum enabled node, specifically include:
The address for next enabled node that first node in array linked list is recorded is as the address of minimum enabled node;Its In, the array linked list includes N number of node, and record has the address of this node identification and next enabled node in each node, The N is that the marker bit of the node identification of default value is square for several times;
The node identification that the node of the address direction of the minimum enabled node is recorded is obtained, and the node identification is determined For the node identification of minimum enabled node;
The address replacement first node of the next enabled node recorded using the minimum enabled node is recorded next The address of enabled node.
5. the method according to claim 1, wherein described obtained using the device identification and the node identification The process for obtaining the second Tunnel Identifier, specifically includes:
According to default built-up sequence, the device identification and the node identification are combined, obtain the second Tunnel Identifier.
6. the method according to claim 1, wherein described replace the control using second Tunnel Identifier Before the first Tunnel Identifier in message, the method also includes:
Session is recorded in the IP address of first Tunnel Identifier, second Tunnel Identifier and the VPN device to keep In list item;
It is described the control message is forwarded in client after, the method also includes:
The service message from the client is received, the service message carries the second Tunnel Identifier;
The session is searched using second Tunnel Identifier and keeps list item, obtains corresponding first Tunnel Identifier and VPN device IP address;
The second Tunnel Identifier in the service message is replaced using first Tunnel Identifier, and the service message is sent In the VPN device being directed toward to the IP address of the VPN device.
7. a kind of conversion equipment of Tunnel Identifier, which is characterized in that described device is applied on load-balancing device, described device Include:
Receiving unit, for receiving the control message from Virtual Private Network VPN device, the control message carries described The Internet protocol IP address and the VPN device of VPN device are the first Tunnel Identifier of client distribution;
Acquiring unit, the corresponding device identification of IP address for obtaining the VPN device, and minimum is obtained according to preset rules The node identification of enabled node;
Obtaining unit, for obtaining the second Tunnel Identifier using the device identification and the node identification;
Replacement unit, for replacing the first Tunnel Identifier in the control message using second Tunnel Identifier;
Retransmission unit, for the control message to be forwarded to the client;
The service message from the client is received, the second Tunnel Identifier corresponding first that the service message carries is obtained The IP address of Tunnel Identifier and VPN device;
The second Tunnel Identifier in the service message is replaced using the first Tunnel Identifier of acquisition, and the service message is sent out It send to the VPN device of the IP address direction of the VPN device.
8. device according to claim 7, which is characterized in that
The acquiring unit, specifically for utilizing during the IP address for obtaining the VPN device corresponding device identification The IP address of the VPN device searches address table corresponding with mark;Obtain the corresponding equipment mark of IP address of the VPN device Know.
9. device according to claim 8, which is characterized in that described device further include: corresponding table establishes unit;
The corresponding table establishes unit, for obtaining the quantity of all VPN devices from preset VPN device cluster;Using institute State the label digit that quantity determines device identification;For each VPN device, according to the label digit be the VPN device into Row number, and described number is determined as the device identification of the VPN device;The IP address of the VPN device is set with described Standby mark is added in the table corresponding with mark of the address.
10. device according to claim 9, which is characterized in that second Tunnel Identifier is made of preset mark digit, The label digit of the node identification is the difference of the label digit of the preset mark digit and the device identification;
The acquiring unit, also particularly useful for during obtaining the node identification of minimum enabled node according to preset rules, The address for next enabled node that first node in array linked list is recorded is as the address of minimum enabled node;Wherein, The array linked list includes N number of node, and record has the address of this node identification and next enabled node in each node, described N is that the marker bit of the node identification of default value is square for several times;The node for obtaining the address direction of the minimum enabled node is remembered The node identification of record, and the node identification is determined as to the node identification of minimum enabled node;Utilize the minimum available section The address for next enabled node that the address replacement first node for next enabled node that point is recorded is recorded.
11. device according to claim 7, which is characterized in that the obtaining unit is specifically used for suitable according to default combination The device identification and the node identification are combined by sequence, obtain the second Tunnel Identifier.
12. device according to claim 7, which is characterized in that described device further include:
Recording unit, for replacing first tunnel controlled in message using second Tunnel Identifier in the replacement unit Before road mark, meeting is recorded in the IP address of first Tunnel Identifier, second Tunnel Identifier and the VPN device Words are kept in list item;
Described device further include:
Service message processing unit, for receiving after the control message is forwarded in client by the retransmission unit Service message from the client, the service message carry the second Tunnel Identifier;Utilize second Tunnel Identifier It searches the session and keeps list item, obtain the IP address of corresponding first Tunnel Identifier and VPN device;Utilize first tunnel Mark replaces the second Tunnel Identifier in the service message, and with being sent to the IP of the VPN device by the service message In the VPN device that location is directed toward.
CN201610523935.7A 2016-07-04 2016-07-04 A kind of conversion method and device of Tunnel Identifier Active CN106027356B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610523935.7A CN106027356B (en) 2016-07-04 2016-07-04 A kind of conversion method and device of Tunnel Identifier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610523935.7A CN106027356B (en) 2016-07-04 2016-07-04 A kind of conversion method and device of Tunnel Identifier

Publications (2)

Publication Number Publication Date
CN106027356A CN106027356A (en) 2016-10-12
CN106027356B true CN106027356B (en) 2019-09-17

Family

ID=57107453

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610523935.7A Active CN106027356B (en) 2016-07-04 2016-07-04 A kind of conversion method and device of Tunnel Identifier

Country Status (1)

Country Link
CN (1) CN106027356B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109861924B (en) * 2017-11-30 2022-06-21 中兴通讯股份有限公司 Message sending and processing method and device, PE node and node
CN110650062A (en) * 2018-06-26 2020-01-03 中国电信股份有限公司 Link performance detection method, system, device and computer readable storage medium
CN110677426B (en) * 2019-09-30 2021-11-16 北京天融信网络安全技术有限公司 Data transmission method and device, storage medium and VPN (virtual private network) equipment
CN113595911B (en) * 2021-09-28 2021-12-03 深圳艾灵网络有限公司 Data forwarding method and device, electronic equipment and storage medium
CN116303474B (en) * 2023-05-09 2023-08-18 新华三技术有限公司 Tunnel information statistical method, device, network equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102394889A (en) * 2011-11-15 2012-03-28 迈普通信技术股份有限公司 Network server access method and access system
CN102857363A (en) * 2012-05-04 2013-01-02 运软网络科技(上海)有限公司 Automatic computing system and method for virtual networking
CN104090891A (en) * 2013-12-12 2014-10-08 深圳市腾讯计算机系统有限公司 Method and device for data processing and server and system for data processing

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8548428B2 (en) * 2009-01-28 2013-10-01 Headwater Partners I Llc Device group partitions and settlement platform
US8788655B2 (en) * 2008-12-19 2014-07-22 Openpeak Inc. Systems for accepting and approving applications and methods of operation of same
US10536850B2 (en) * 2013-07-18 2020-01-14 Fortinet, Inc. Remote wireless adapter

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102394889A (en) * 2011-11-15 2012-03-28 迈普通信技术股份有限公司 Network server access method and access system
CN102857363A (en) * 2012-05-04 2013-01-02 运软网络科技(上海)有限公司 Automatic computing system and method for virtual networking
CN104090891A (en) * 2013-12-12 2014-10-08 深圳市腾讯计算机系统有限公司 Method and device for data processing and server and system for data processing

Also Published As

Publication number Publication date
CN106027356A (en) 2016-10-12

Similar Documents

Publication Publication Date Title
CN106027356B (en) A kind of conversion method and device of Tunnel Identifier
KR100984384B1 (en) System, network device, method, and computer program product for active load balancing using clustered nodes as authoritative domain name servers
KR101464452B1 (en) Processing method, proxy processing agent, system and method for filling a routing table of a dht client node, router and dht client node
CN104158891B (en) A kind of trans-regional data transmission method, device, system and server
US10715479B2 (en) Connection redistribution in load-balanced systems
CN103597471A (en) Methods and systems for caching data communications over computer networks
CN103401800B (en) A kind of balancing link load method and apparatus
US20170339228A1 (en) Decentralized, hierarchical, and overlay-driven mobility support architecture for information-centric networks
CN108777640B (en) Server detection method, device, system and storage medium
JP2017516399A (en) Method, system, and computer program for load balancing anycast data traffic
CN109525684B (en) Message forwarding method and device
US8868756B1 (en) Sticky routing
CN108737224A (en) A kind of message processing method and device based on micro services framework
US20130297703A1 (en) Peer node and method for improved peer node selection
CN102624916A (en) Method, node manager and system for load balancing in cloud computing system
CN105871591A (en) Method and device for distributing CDN (Content Delivery Network) addresses
CN106487768A (en) A kind of file sharing method and device
CN109150936A (en) The sharing method and device of session object Session in a kind of distributed type assemblies
CN110581784B (en) Node health check method, device and equipment
CN106130926B (en) A kind of processing method and processing device of message
CN106027354A (en) Backflow method and device for VPN (Virtual Private Network) client
CN109743357A (en) A kind of successional implementation method of business access and device
CN108089934A (en) Cluster management method and cluster server
KR100788631B1 (en) Resource pooling in an internet protocol-based communication system
US7711780B1 (en) Method for distributed end-to-end dynamic horizontal scalability

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant after: Hangzhou Dipu Polytron Technologies Inc

Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant before: Hangzhou Dipu Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210616

Address after: 310051 05, room A, 11 floor, Chung Cai mansion, 68 Tong Xing Road, Binjiang District, Hangzhou, Zhejiang.

Patentee after: Hangzhou Dip Information Technology Co.,Ltd.

Address before: 310051, 6 floor, Chung Cai mansion, 68 Tong he road, Binjiang District, Hangzhou, Zhejiang.

Patentee before: Hangzhou DPtech Technologies Co.,Ltd.