CN106656648B - Application flow dynamic protection method and system based on home gateway and home gateway - Google Patents

Application flow dynamic protection method and system based on home gateway and home gateway Download PDF

Info

Publication number
CN106656648B
CN106656648B CN201510738650.0A CN201510738650A CN106656648B CN 106656648 B CN106656648 B CN 106656648B CN 201510738650 A CN201510738650 A CN 201510738650A CN 106656648 B CN106656648 B CN 106656648B
Authority
CN
China
Prior art keywords
home gateway
domain name
vpn
cloud platform
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510738650.0A
Other languages
Chinese (zh)
Other versions
CN106656648A (en
Inventor
侍芯蕊
万象
钱逸群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201510738650.0A priority Critical patent/CN106656648B/en
Publication of CN106656648A publication Critical patent/CN106656648A/en
Application granted granted Critical
Publication of CN106656648B publication Critical patent/CN106656648B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a dynamic application flow protection method and system based on a home gateway and the home gateway. The method comprises the following steps: the home gateway receives VPN information issued by the cloud platform; the home gateway establishes an L2TP connection with the LNS server according to the VPN information; and when receiving an internet request data packet sent by the terminal, the home gateway sends the internet request data packet to the LNS server through the VPN channel. The invention can realize the protection of various specified service flows under the home gateway, does not need an access terminal to install a client, can realize the protection of the specified service flows such as delay reduction in a self-adaptive way by the access terminal under the gateway, does not influence other service experiences, and has the advantages of accuracy, convenience and universality.

Description

Application flow dynamic protection method and system based on home gateway and home gateway
Technical Field
The invention relates to the field of communication terminals, in particular to a method and a system for dynamically protecting application traffic based on a home gateway and the home gateway.
Background
With the vigorous development of the internet, the number of users of the sea panning and online games is larger and larger, users have protection requirements on the flow of the directional applications, that is, the requirements on Network delay are higher and higher, and at present, methods for reducing the Network delay by flow protection mainly include methods such as local setting, Virtual Private Network (VPN) account number special line, bandwidth adjustment and the like.
The local setting can only improve the delay effect in a small degree by clearing the cache, adjusting the configuration parameters of the system and the like; bandwidth adjustment needs to be combined with the large network capability of the operator, and delay cannot be effectively reduced for some services.
The VPN mode can reduce delay in a dedicated line secondary dialing mode for fixed applications, however, each terminal is required to be provided with a client, configuration complexity is increased when the VPN is opened, some local service experience is affected, once the VPN is started, all traffic enters a VPN channel, and the VPN cannot be adjusted in real time according to a network state.
Disclosure of Invention
The technical problem to be solved by the invention is how to reduce network delay through flow protection.
According to an aspect of the present invention, a method for dynamically protecting application traffic based on a home gateway is provided, including: the home gateway receives VPN information issued by the cloud platform; the home gateway establishes an L2TP connection with an LNS server according to the VPN information; and when receiving an internet request data packet sent by a terminal, the home gateway sends the internet request data packet to the LNS server through a VPN channel.
Further, before the step of receiving the VPN information issued by the cloud platform, the home gateway receives the configuration policy issued by the cloud platform, and reports the dynamic monitoring result to the cloud platform.
Further, the configuration policy includes a MAC address, a domain name/IP list, a detection mode, a detection period, and/or a reporting period of the home gateway.
Further, the dynamic monitoring result includes recorded time and delay information of page downloading through the HTTP protocol.
Further, the VPN information includes a VPN account, password information, an accelerated domain name and an IP list, where the accelerated domain name is that the cloud platform determines, according to the dynamic monitoring result reported by the home gateway, whether delay can be reduced by the VPN for an application related to the domain name, and if delay can be reduced by the VPN, determines that the domain name is an accelerated domain name.
Further, the home gateway analyzes the access domain name from the internet access request data packet, and determines whether the access domain name is an acceleration domain name, and if so, sends the data packet related to the acceleration domain name to the LNS server through a VPN channel.
According to another aspect of the present invention, there is also provided a home gateway, including: the information receiving and sending unit is used for receiving VPN information issued by the cloud platform; a connection establishing unit, configured to establish an L2TP connection with an LNS server according to the VPN information; and the data sending unit is used for sending the internet request data packet to the LNS server through the VPN channel when receiving the internet request data packet sent by the terminal.
Further, the information transceiver unit is configured to receive a configuration policy issued by a cloud platform and report a dynamic monitoring result to the cloud platform before the step of receiving VPN information issued by the cloud platform.
Further, the configuration policy includes a MAC address, a domain name/IP list, a detection mode, a detection period, and/or a reporting period of the home gateway.
Further, the dynamic monitoring result includes recorded time and delay information of page downloading through the HTTP protocol.
Further, the VPN information includes a VPN account, password information, an accelerated domain name and an IP list, where the accelerated domain name is that the cloud platform determines, according to the dynamic monitoring result reported by the information transceiver, whether the delay of the application related to the domain name can be reduced by the VPN, and if the delay can be reduced by the VPN, determines that the domain name is an accelerated domain name.
Further, the data sending unit is configured to analyze an access domain name from the internet access request data packet, determine whether the access domain name is an acceleration domain name, and send the data packet related to the acceleration domain name to the LNS server through a VPN channel if the access domain name is the acceleration domain name.
According to another aspect of the present invention, there is also provided a home gateway-based application traffic dynamic protection system, including the home gateway, the user terminal, the cloud platform, and the LNS server as claimed in the above claims: the user terminal is used for sending an internet access request data packet to the home gateway; the cloud platform is used for issuing VPN information and configuration strategies and receiving dynamic monitoring results reported by the home gateway; and the LNS server is used for establishing L2TP connection with the home gateway and receiving an internet request data packet.
Compared with the prior art, the home gateway receives VPN information issued by a cloud platform; the home gateway establishes an L2TP connection with the LNS server according to the VPN information; and when receiving an internet request data packet sent by the terminal, the home gateway sends the internet request data packet to the LNS server through the VPN channel. The invention can realize the protection of various specified service flows under the home gateway, does not need an access terminal to install a client, can realize the protection of the specified service flows such as delay reduction in a self-adaptive way by the access terminal under the gateway, does not influence other service experiences, and has the advantages of accuracy, convenience and universality.
Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description, serve to explain the principles of the invention.
The invention will be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a schematic flowchart of an embodiment of a dynamic protection method for application traffic based on a home gateway according to the present invention.
Fig. 2 is a schematic flowchart of another embodiment of the dynamic protection method for application traffic based on a home gateway according to the present invention.
Fig. 3 is a schematic structural diagram of an embodiment of the home gateway of the present invention.
Fig. 4 is a schematic structural diagram of an embodiment of the dynamic protection system for application traffic based on a home gateway according to the present invention.
Detailed Description
Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
Fig. 1 is a schematic flowchart of an embodiment of a dynamic protection method for application traffic based on a home gateway according to the present invention. The method comprises the following steps:
in step 110, the home gateway receives VPN information delivered by the cloud platform.
The VPN information comprises a VPN account number, password information, an acceleration domain name and an IP list, the acceleration domain name is that the cloud platform judges whether the delay of the application related to the domain name can be reduced through the VPN according to a dynamic monitoring result reported by the home gateway, and if the delay can be reduced through the VPN, the domain name is judged to be the acceleration domain name.
In step 120, the home gateway establishes an L2TP connection with the LNS server according to the VPN information.
In step 130, when receiving the internet access request data packet sent by the terminal, the home gateway sends the internet access request data packet to the LNS server through the VPN channel.
In the embodiment, the home gateway receives VPN information issued by a cloud platform; the home gateway establishes an L2TP connection with the LNS server according to the VPN information; and when receiving an internet request data packet sent by the terminal, the home gateway sends the internet request data packet to the LNS server through the VPN channel. Therefore, the invention has the following advantages: 1. the method is convenient to use, namely, a user does not need to download the VPN client aiming at the internet access terminal and performs complicated client parameter setting; 2. the method can only realize VPN channel flow protection service for the directional service capable of realizing the acceleration effect, and for other services, the original network connection path is still taken, so that the user experience of the user on other services is not influenced, and the effect of flow protection can be ensured; 3. the self-adaptive characteristic, namely the method can carry out dynamic configuration on each service needing flow protection, does not need user operation, and can realize self-adaptive triggering.
Fig. 2 is a schematic flowchart of another embodiment of the dynamic protection method for application traffic based on a home gateway according to the present invention. The method comprises the following steps:
in step 210, the cloud platform issues a configuration policy to the home gateway.
The cloud platform issues all domain names or IP lists supported by the product to the home gateway. The configuration strategy issued by the cloud platform comprises an MAC address, a domain name/IP list, a detection mode, a detection period and/or a reporting period of the home gateway. The detection mode comprises an HTTP get mode (recording the downloading time of a page frame) or a ping mode (recording the time delay).
The information interaction between the cloud platform and the home gateway is realized by using an HTTPS request to transmit information, most interfaces use a POST method, and a small number of interfaces need to be participated by an end user, and a GET method is used as a first link for initiating an interface request. Wherein, the request and the response both use JSON format and adopt UTF-8 coding.
In step 220, the home gateway reports the dynamic monitoring result to the cloud platform.
The dynamic monitoring result comprises recorded time and time delay information of page downloading through the HTTP protocol.
In step 230, the cloud platform issues the VPN account number, the password information, and the accelerated domain name and the IP list to the home gateway.
The acceleration domain name is that the cloud platform judges whether the application related to the domain name can reduce delay through the VPN according to a dynamic detection result reported by the home gateway, and if the delay can be reduced through the VPN, the cloud platform judges that the domain name is the acceleration domain name.
At step 240, the home gateway invokes the VPN capability.
In step 250, the home gateway initiates an L2TP connection to an LNS (L2TP Network Server) Server through the VPN account.
At step 260, the user logs on to the internet and launches the specified application.
The home gateway detects the directional application used by the user based on the domain name or IP address, step 270.
In step 280, the home gateway encapsulates the traffic of the directional application into a VPN, and sends the traffic to the LNS server through a VPN channel.
In this embodiment, the present invention utilizes the network access characteristic of the home gateway, performs domain name configuration management policy and VPN dialing management in the home gateway, and implements service flow for identifying a user to use a directional application based on a destination IP or a domain name in a plug-in manner in an operating system of the home gateway, and encapsulates traffic of a specific application into a VPN connection, thereby implementing a self-adaptive directional service traffic protection function, and achieving a directional application self-adaptive delay reduction effect. In addition, the invention can realize the concurrent execution of multiple terminals under the home gateway access network, and has the characteristics of no need of installing a client, directional flow dynamic routing selection, no influence on other service experience and the like.
Fig. 3 is a schematic structural diagram of an embodiment of the home gateway of the present invention. The home gateway includes an information transceiving unit 310, a connection establishing unit 320, and a data transmitting unit 330, wherein:
the information transceiver 310 is configured to receive VPN information issued by the cloud platform.
The VPN information comprises a VPN account number, password information, an acceleration domain name and an IP list, the acceleration domain name is that the cloud platform judges whether the delay of the application related to the domain name can be reduced through the VPN according to a dynamic monitoring result reported by the home gateway, and if the delay can be reduced through the VPN, the domain name is judged to be the acceleration domain name.
A connection establishing unit 320, configured to establish an L2TP connection with the LNS server according to the VPN information.
The data sending unit 330 is configured to send an internet request data packet to the LNS server through the VPN channel when receiving the internet request data packet sent by the terminal.
In the embodiment, the home gateway receives VPN information issued by a cloud platform; establishing L2TP connection with the LNS server according to the VPN information; and when receiving an internet request data packet sent by the terminal, sending the internet request data packet to the LNS server through the VPN channel. Therefore, the invention has the following advantages: 1. the method is convenient to use, namely, a user does not need to download the VPN client aiming at the internet access terminal and performs complicated client parameter setting; 2. the method and the system have the advantages that accurate protection is realized, namely, the VPN channel flow protection service can be realized only for the directional service capable of realizing the acceleration effect, and other services still go through the original network connection path, so that the user experience of the user on other services is not influenced, and the flow protection effect can be ensured; 3. the invention can dynamically configure various services which need flow protection, does not need user operation, and can realize self-adaptive triggering.
In another embodiment of the present invention, the information transceiver 310 receives a configuration policy issued by the cloud platform, reports the dynamic monitoring result to the cloud platform, and receives a VPN account and password information issued by the cloud platform and an accelerated domain name and IP list.
And the cloud platform issues all domain names or IP lists supported by the product to the home gateway. The configuration strategy issued by the cloud platform comprises an MAC address, a domain name/IP list, a detection mode, a detection period and/or a reporting period of the home gateway. The detection mode comprises an HTTP get mode (recording the downloading time of a page frame) or a ping mode (recording the time delay). The dynamic monitoring result comprises recorded time and time delay information of page downloading through the HTTP protocol.
The acceleration domain name is that the cloud platform judges whether the application related to the domain name can reduce delay through the VPN according to a dynamic detection result reported by the home gateway, and if the delay can be reduced through the VPN, the cloud platform judges that the domain name is the acceleration domain name.
The connection establishing unit 320 is configured to invoke VPN capability, and initiate an L2TP connection to an LNS (L2TP Network Server) Server through a VPN account.
And the data sending unit 330 is configured to detect a directional application used by the user based on the domain name or the IP address, encapsulate a traffic of the directional application into the VPN, and send the traffic to the LNS server through a VPN channel.
In this embodiment, the present invention utilizes the network access characteristic of the home gateway, performs domain name configuration management policy and VPN dialing management in the home gateway, and implements service flow for identifying a user to use a directional application based on a destination IP or a domain name in a plug-in manner in an operating system of the home gateway, and encapsulates traffic of a specific application into a VPN connection, thereby implementing a self-adaptive directional service traffic protection function, and achieving a directional application self-adaptive delay reduction effect. In addition, the invention can realize the concurrent execution of multiple terminals under the home gateway access network, and has the characteristics of no need of installing a client, directional flow dynamic routing selection, no influence on other service experience and the like.
Fig. 4 is a schematic structural diagram of an embodiment of the dynamic protection system for application traffic based on a home gateway according to the present invention. The system includes a home gateway 410, a user terminal 420, a cloud platform 430, and an LNS server 440.
The home gateway 410 includes an information transceiving unit 310, a connection establishing unit 320, and a data transmitting unit 330, each of which has been described in embodiment 3.
The user terminal 420 sends an internet request packet to the home gateway 410, and starts a directional application.
The cloud platform 430 is configured to issue VPN information and a configuration policy to the home gateway 410, and receive a dynamic monitoring result reported by the home gateway 410.
LNS server 440, which is used to establish L2TP connection with home gateway 410 and receive internet request data packet.
Where home gateway 410 interacts with LNS server 440 via L2TP protocol. The information interaction between the cloud platform 430 and the home gateway 410 is performed by using an HTTPS request to transmit information, most interfaces use a POST method, a small number of interfaces need to be participated by an end user, and a GET method is used as a first link for initiating an interface request. Wherein, the request and the response both use JSON format and adopt UTF-8 coding. The interfaces are shown below, table 1 for message content to create a WAN-side L2TP VPN tunnel, table 2 for message content to remove a WAN-side L2TP VPN tunnel, and table 3 for message content to associate data flows to a L2TP VPN tunnel.
Figure BDA0000838335720000081
Figure BDA0000838335720000091
Table 1-message content for creation of WAN-side L2TP VPN tunnel
Figure BDA0000838335720000092
Figure BDA0000838335720000101
Table 2-message content to remove WAN side L2TP VPN tunnel
Figure BDA0000838335720000102
Figure BDA0000838335720000111
TABLE 3-message content for associated data flow to L2TP VPN tunnel
In this embodiment, the present invention utilizes the network access characteristic of the home gateway, performs domain name configuration management policy and VPN dialing management in the home gateway, and implements service flow for identifying a user to use a directional application based on a destination IP or a domain name in a plug-in manner in an operating system of the home gateway, and encapsulates traffic of a specific application into a VPN connection, thereby implementing a self-adaptive directional service traffic protection function, and achieving a directional application self-adaptive delay reduction effect. In addition, the invention can realize the concurrent execution of multiple terminals under the home gateway access network, and has the characteristics of no need of installing a client, directional flow dynamic routing selection, no influence on other service experience and the like.
Thus far, the present invention has been described in detail. Some details well known in the art have not been described in order to avoid obscuring the concepts of the present invention. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and apparatus of the present invention may be implemented in a number of ways. For example, the methods and apparatus of the present invention may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustrative purposes only, and the steps of the method of the present invention are not limited to the order specifically described above unless specifically indicated otherwise. Furthermore, in some embodiments, the present invention may also be embodied as a program recorded in a recording medium, the program including machine-readable instructions for implementing a method according to the present invention. Thus, the present invention also covers a recording medium storing a program for executing the method according to the present invention.
Although some specific embodiments of the present invention have been described in detail by way of illustration, it should be understood by those skilled in the art that the above illustration is only for the purpose of illustration and is not intended to limit the scope of the invention. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the invention. The scope of the invention is defined by the appended claims.

Claims (9)

1. A dynamic protection method for application traffic based on a home gateway is characterized by comprising the following steps:
the method comprises the steps that a home gateway receives VPN information issued by a cloud platform, wherein the VPN information comprises a VPN account, password information, an acceleration domain name and an IP list, the acceleration domain name is that whether delay of applications related to the domain name can be reduced through VPN or not is judged by the cloud platform according to a dynamic monitoring result reported by the home gateway, and if the delay can be reduced through VPN, the domain name is judged to be the acceleration domain name;
the home gateway establishes an L2TP connection with an LNS server according to the VPN information;
when an internet request data packet sent by a terminal is received, the home gateway analyzes an access domain name from the internet request data packet, judges whether the access domain name is an acceleration domain name or not, and sends the data packet related to the acceleration domain name to the LNS server through a VPN channel if the access domain name is the acceleration domain name.
2. The method of claim 1, further comprising:
before the step of receiving VPN information issued by a cloud platform, the home gateway receives a configuration strategy issued by the cloud platform and reports a dynamic monitoring result to the cloud platform.
3. The method of claim 2, wherein:
the configuration strategy comprises an MAC address, a domain name/IP list, a detection mode, a detection period and/or a reporting period of the home gateway.
4. The method of claim 3, wherein:
and the dynamic monitoring result comprises recorded time and time delay information of page downloading through an HTTP protocol.
5. A home gateway, comprising:
the system comprises an information receiving and sending unit and a processing unit, wherein the information receiving and sending unit is used for receiving VPN information sent by a cloud platform, the VPN information comprises a VPN account number, password information, an acceleration domain name and an IP list, the acceleration domain name is that the cloud platform judges whether the delay of an application related to the domain name can be reduced through the VPN according to a dynamic monitoring result reported by a home gateway, and if the delay can be reduced through the VPN, the domain name is judged to be the acceleration domain name;
a connection establishing unit, configured to establish an L2TP connection with an LNS server according to the VPN information;
and the data sending unit is used for analyzing an access domain name from the internet request data packet when receiving the internet request data packet sent by the terminal, judging whether the access domain name is an acceleration domain name or not, and sending the data packet related to the acceleration domain name to the LNS server through a VPN (virtual private network) channel if the access domain name is the acceleration domain name.
6. A home gateway as claimed in claim 5, wherein:
the information transceiving unit is used for receiving the configuration strategy issued by the cloud platform and reporting the dynamic monitoring result to the cloud platform before the step of receiving the VPN information issued by the cloud platform.
7. The home gateway of claim 6, wherein:
the configuration strategy comprises an MAC address, a domain name/IP list, a detection mode, a detection period and/or a reporting period of the home gateway.
8. The home gateway of claim 7, wherein:
and the dynamic monitoring result comprises recorded time and time delay information of page downloading through an HTTP protocol.
9. A dynamic protection system for application traffic based on a home gateway, comprising the home gateway, a user terminal, a cloud platform and an LNS server as claimed in any one of claims 5 to 8:
the user terminal is used for sending an internet access request data packet to the home gateway;
the cloud platform is used for issuing VPN information and configuration strategies and receiving dynamic monitoring results reported by the home gateway;
and the LNS server is used for establishing L2TP connection with the home gateway and receiving an internet request data packet.
CN201510738650.0A 2015-11-04 2015-11-04 Application flow dynamic protection method and system based on home gateway and home gateway Active CN106656648B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510738650.0A CN106656648B (en) 2015-11-04 2015-11-04 Application flow dynamic protection method and system based on home gateway and home gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510738650.0A CN106656648B (en) 2015-11-04 2015-11-04 Application flow dynamic protection method and system based on home gateway and home gateway

Publications (2)

Publication Number Publication Date
CN106656648A CN106656648A (en) 2017-05-10
CN106656648B true CN106656648B (en) 2020-06-05

Family

ID=58810850

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510738650.0A Active CN106656648B (en) 2015-11-04 2015-11-04 Application flow dynamic protection method and system based on home gateway and home gateway

Country Status (1)

Country Link
CN (1) CN106656648B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547270A (en) * 2019-01-04 2019-03-29 烽火通信科技股份有限公司 A kind of method for network access control and system based on vCPE
CN110478897B (en) * 2019-08-28 2023-07-25 太仓市同维电子有限公司 Intelligent gateway game acceleration method based on vpn technology
CN110557320B (en) * 2019-09-11 2022-01-28 太仓市同维电子有限公司 System and method for realizing VPN plug-in sea panning acceleration function based on home intelligent gateway
CN112995049B (en) * 2019-12-18 2022-09-20 中国电信股份有限公司 Application acceleration method, user side network equipment and system
CN111200646A (en) * 2019-12-29 2020-05-26 航天信息股份有限公司 Billing system optimization method and device based on operator network capacity
CN111314112B (en) * 2020-01-19 2022-01-04 烽火通信科技股份有限公司 Service acceleration method and system based on home gateway

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103650424A (en) * 2013-08-20 2014-03-19 华为技术有限公司 Implementation method and server of home gateway service function
CN104468315A (en) * 2014-12-16 2015-03-25 上海市共进通信技术有限公司 Method for accelerating VPN based on intelligent gateway

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4418402B2 (en) * 2005-05-31 2010-02-17 日本電信電話株式会社 IP packet processing apparatus and traffic counting method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103650424A (en) * 2013-08-20 2014-03-19 华为技术有限公司 Implementation method and server of home gateway service function
CN104468315A (en) * 2014-12-16 2015-03-25 上海市共进通信技术有限公司 Method for accelerating VPN based on intelligent gateway

Also Published As

Publication number Publication date
CN106656648A (en) 2017-05-10

Similar Documents

Publication Publication Date Title
CN106656648B (en) Application flow dynamic protection method and system based on home gateway and home gateway
US10659354B2 (en) Processing data packets using a policy based network path
US11683401B2 (en) Correlating packets in communications networks
CN100474819C (en) A deep message detection method, network device and system
EP3334093A1 (en) Subscriber-aware twamp data monitoring in computer networks
EP3110081B1 (en) Methods for controlling service chain of service flow
EP2991292B1 (en) Network collaborative defense method, device and system
EP3188440B1 (en) Network session data sharing
US7970878B1 (en) Method and apparatus for limiting domain name server transaction bandwidth
US20130305362A1 (en) Mitigating Threats in a Network
US20050120090A1 (en) Device, method and program for band control
US20170180382A1 (en) Method and Apparatus for Using Software Defined Networking and Network Function Virtualization to Secure Residential Networks
CN115989661A (en) Securing control and user plane separation in a mobile network
WO2017143897A1 (en) Method, device, and system for handling attacks
WO2014075485A1 (en) Processing method for network address translation technology, nat device and bng device
CN113872933B (en) Method, system, device, equipment and storage medium for hiding source station
US11082309B2 (en) Dynamic and interactive control of a residential gateway connected to a communication network
US20240089178A1 (en) Network service processing method, system, and gateway device
CN100428748C (en) Dual-status-based multi-party communication method
WO2015024523A1 (en) Ip bearer network failure determining method and system
CN105850091B (en) For providing method, border networks device and the IP server of the connection between communication service providers and the IP server for providing service
CN114465744A (en) Safety access method and network firewall system
CN115499410B (en) NAT penetration method, device, equipment and storage medium based on Linux
CN103685021A (en) Data transmission method and device
US20220311747A1 (en) Method and system for securing connections to iot devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant