CN107241254B - Network connection device, network system and networking method - Google Patents
Network connection device, network system and networking method Download PDFInfo
- Publication number
- CN107241254B CN107241254B CN201710358831.XA CN201710358831A CN107241254B CN 107241254 B CN107241254 B CN 107241254B CN 201710358831 A CN201710358831 A CN 201710358831A CN 107241254 B CN107241254 B CN 107241254B
- Authority
- CN
- China
- Prior art keywords
- network
- connection
- network connection
- equipment
- devices
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
The invention discloses a network connection device, comprising: a first network interface controller adapted to communicate with a computing device connected to a network connection device via a first network interface; a second network interface controller adapted to communicate with the network control device via a second network interface; a processor; a memory; and a program stored in the memory, the program configured to be executed by the processor, the program comprising a client and a server providing a virtual private network service, and instructions adapted to be loaded and executed by the processor: establishing connection with a network control device through a virtual private network; receiving a first configuration parameter sent by a network control device on a connection established with the network control device; and establishing connection with another network connection device through the virtual private network according to the first configuration parameter. The invention also discloses a network system, network control equipment, a computer readable storage medium and a networking method based on the software defined network.
Description
Technical Field
The present invention relates to the field of network communications, and in particular, to a network connection device, a network system, and a networking method.
Background
With the rapid development of network communication technology and the increasingly abundant information carried, the internet has become an important infrastructure of human society. Software Defined Networking (SDN) is a new type of network technology, and its core idea is to separate the control plane and the data plane of a network device, and a control plane open Software programmable interface is used for a network user to flexibly call the control capability of the network device.
Generally, the implementation of the SDN network depends on a dedicated network device supporting the OpenFlow protocol, and the conventional network device cannot implement the SDN function. However, the current internet is mainly a traditional network based on an IP protocol, and therefore, in order to promote the deployment and use of the SDN network on the internet, the existing traditional network equipment based on the IP protocol needs to be modified, even a new network infrastructure needs to be established, and the cost is very high. In addition, since the providers of the network facilities autonomously develop the proprietary protocols on the basis of the OpenFlow protocol, the devices supporting the SDN network from the providers have a problem of universality, and the deployment of the SDN network is also affected.
Aiming at the problems of cost and universality existing in the existing SDN technology, a new networking scheme for realizing the SDN network under the condition of not replacing the traditional network infrastructure is urgently needed to be provided.
Disclosure of Invention
To this end, the present invention provides a networking solution implementing an SDN network in an attempt to solve or at least alleviate at least one of the problems presented above.
According to an aspect of the present invention, there is provided a network connection device residing in a network system based on a software defined network, the network system including a network control device, a plurality of network connection devices, and a plurality of computing devices respectively connected to each of the network connection devices, the network connection device including: a first network interface controller adapted to communicate with a computing device connected to a network connection device via a first network interface; a second network interface controller adapted to communicate with the network control device via a second network interface; a processor; a memory; and a program stored in the memory, the program configured to be executed by the processor, the program comprising a client and a server providing a virtual private network service, and instructions adapted to be loaded and executed by the processor: establishing connection with a network control device through a virtual private network; receiving a first configuration parameter sent by a network control device on a connection established with the network control device, the first configuration parameter comprising an IP address of a second network interface of another network connection device to establish a connection with the network connection device over a virtual private network; and establishing a connection with another network connection device through the virtual private network according to the received first configuration parameter.
According to another aspect of the present invention, there is provided a readable storage medium storing a program including instructions stored and executed by a network connection device according to the present invention.
According to another aspect of the present invention, there is provided a network control device residing in a network system based on a software defined network, the network system further including a plurality of network connection devices, and a plurality of computing devices respectively connected to each of the network connection devices, the network control device including: a network interface controller adapted to communicate with a network connection device via a network interface; a processor; a memory; and a program stored in the memory, the program configured to be executed by the processor, the program comprising a client and a server providing a virtual private network service, and instructions adapted to be loaded and executed by the processor: storing device information of a plurality of network connection devices, wherein the device information comprises device identifiers of the network connection devices and IP addresses of a first network interface and a second network interface; further adapted to establish, for each network connection device, a connection with the network connection device over the virtual private network; generating a first configuration parameter of a network connection device, the first configuration parameter comprising an IP address of a second network interface of another network connection device to establish a connection with the network connection device over a virtual private network; and sending the generated first configuration parameter to the network connection device on the connection established with the network connection device, so that the network connection device establishes a connection with another network connection device through a virtual private network according to the first configuration parameter.
According to another aspect of the present invention, there is provided a readable storage medium storing a program including instructions stored and executed by a network control apparatus according to the present invention.
According to another aspect of the present invention, there is provided a network system based on a software defined network, including a plurality of network connection devices according to the present invention, a network control device according to the present invention, and a plurality of computing devices respectively connected to each of the network connection devices.
According to still another aspect of the present invention, there is provided a networking method adapted to be executed in a network system based on a software defined network, the network system including a network control device, a plurality of network connection devices, and a plurality of computing devices, wherein each of the network connection devices is connected to and communicates with a corresponding one of the computing devices via a first network interface, and communicates with the network control device via a second network interface, the plurality of network connection devices being capable of being connected to each other via a virtual private network such that the plurality of computing devices connected thereto are connected to each other, the method including the steps of: for each network connection device, establishing a connection with a network control device over a virtual private network at the network connection device; generating, at a network control device, a first configuration parameter for the network connection device, the first configuration parameter comprising an IP address of a second network interface of another network connection device to establish a connection with the network connection device over a virtual private network; transmitting, at a network control device, the generated first configuration parameter to the network connection device; the method comprises the steps of receiving a first configuration parameter sent by a network control device at a network connection device, and establishing connection with another network connection device through a virtual private network according to the first configuration parameter.
According to the networking scheme for realizing the SDN, provided is a network system based on a software defined network, wherein a network connection device is connected in series on a direct physical line between a computing device and a traditional network device, and can be connected with other network connection devices through a virtual private network or disconnected under the control of a network control device in the network system, so that the connected computing devices are connected or disconnected. The network control device may then control and manage the connections established between the various network connection devices through the virtual private network as needed, and change the network topology between the computing devices by changing the topology of the connections established through the virtual private network. Therefore, the SDN function is realized under the condition that the traditional network infrastructure is not replaced, the universality is good, the method does not depend on a specific network protocol and specific equipment, the existing network infrastructure does not need to be replaced or upgraded, the method can run in parallel with the traditional network, and the smooth transition from the traditional network to the SDN network is realized. Meanwhile, the total input cost of the user is greatly saved.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
Fig. 1 shows a block diagram of a network system 100 based on a software defined network according to an exemplary embodiment of the present invention;
fig. 2 shows a block diagram of a network control device 200 according to an exemplary embodiment of the present invention;
FIG. 3 illustrates a block diagram of a network connection device 300 according to an exemplary embodiment of the present invention;
FIG. 4 illustrates a flow chart of a networking method 400 according to an exemplary embodiment of the present invention; and
fig. 5 shows a schematic diagram of a networking process according to an exemplary embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 shows a block diagram of a network system 100 based on a software defined network according to an exemplary embodiment of the present invention. As shown in fig. 1, the network system 100 includes a network control apparatus 200, a plurality of network connection apparatuses 300, and a plurality of computing apparatuses 120 respectively connected to each of the network connection apparatuses 300. Among them, the network control apparatus 200 is typically deployed in an external network (e.g., the internet), and the computing apparatus 120 is typically deployed in an internal network and communicates with the external network via the network connection apparatus 300 connected thereto.
The communication between the respective network connection devices 300, and between the network control device 200 and the network connection device 300 can be performed through a virtual private network. Thus, the network control device 200 can control and manage the connections established between the network connection devices through the virtual private network as needed, and can change the network topology between the computing devices connected to the network connection devices by changing the connections established between the network connection devices through the virtual private network, thereby implementing networking under the SDN network.
Fig. 2 shows a block diagram of a network control device 200 according to an exemplary embodiment of the present invention. The network control device 200 typically includes memory 206 and one or more processors 204. A memory bus 208 may be used for communication between the processor 204 and the memory 206.
Depending on the desired configuration, the processor 204 may be any type of processor, including but not limited to: the processor 204 may include one or more levels of cache, such as a level one cache 210 and a level two cache 212, a processor core 214, and registers 216. the example processor core 214 may include an Arithmetic Logic Unit (ALU), a Floating Point Unit (FPU), a digital signal processing core (DSP core), or any combination thereof.
Depending on the desired configuration, the memory 206 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. Memory 206 may include an operating system 220, one or more programs 222, and program data 224. In some implementations, the program 222 can be configured to execute instructions on an operating system by a processor using program data 224.
The network control device 200 may also include an interface bus 240 that facilitates communication from various interface devices (e.g., output devices 242, peripheral interfaces 244, and communication devices 246) to the basic configuration 202 via the bus/interface controller 230. The example output device 242 includes a graphics processing unit 248 and an audio processing unit 250. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 252. Example peripheral interfaces 244 can include a serial interface controller 254 and a parallel interface controller 256, which can be configured to facilitate communications with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 258. An example communication device 246 may include a network interface controller 260, which may be arranged to facilitate communications with one or more other devices, such as the network connection device 300, over a network communication link via one or more network interfaces 264.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
Specifically, the network control device 200 may be implemented as a server, such as a file server, a database server, an application server, a web server, and the like, and may also be implemented as a personal computer including a desktop computer and a notebook computer configuration. The network control device 200 may also be implemented as part of a small-sized portable (or mobile) electronic device such as a cellular telephone, a Personal Digital Assistant (PDA), a personal media player device, a wireless web-watch device, a personal headset device, an application specific device, or a hybrid device that include any of the above functions.
Fig. 3 shows a block diagram of a network connection device 300 according to an exemplary embodiment of the present invention. Typically, the network connection device 300 may be implemented as a small-sized portable (or mobile) electronic device wired in series on a direct physical line between the computing device and a conventional network device.
The network connection device 300 typically includes a memory 306 and one or more processors 304. A memory bus 308 may be used for communication between the processor 304 and the memory 306.
Depending on the desired configuration, the processor 304 may be any type of processor, including but not limited to: the processor 304 may include one or more levels of cache, such as a level one cache 310 and a level two cache 312, a processor core 314, and registers 316. the example processor core 314 may include an Arithmetic Logic Unit (ALU), a Floating Point Unit (FPU), a digital signal processing core (DSP core), or any combination thereof. the example memory controller 318 may be used with the processor 304, or in some implementations, the memory controller 318 may be an internal part of the processor 304.
Depending on the desired configuration, memory 306 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. Memory 306 may include an operating system 320, one or more programs 322, and program data 324. In some implementations, the program 322 can be configured to execute instructions on an operating system by a processor using the program data 324.
The network connection device 300 may also include an interface bus 340 that facilitates communication from a communication device 346 to the basic configuration 302 via the bus/interface controller 330. An example communication device 346 may include a first network interface controller 360 and a second network interface controller 370, the first network interface controller 360 may be arranged to facilitate communication over a network communication link with a computing device 120 connected to the network connection device 300 through the first network interface 364 via the first network interface 364, and the second network interface controller 370 may be arranged to facilitate communication over a network communication link with a device such as the network control device 200 via the second network interface 374.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
The programs stored in the network control device 200 and the network connection device 300 each include a client and a server that provide a Virtual Private Network (VPN) service, and communication between the respective network connection devices and between the network control device 200 and the network connection device 300 can be performed through the virtual private network via the client and the server thereon. The programs stored by the network control device 200 and the network connection device 300 also include corresponding instructions that can be loaded to perform any of the networking methods according to the present invention.
Fig. 4 shows a flowchart of a networking method 400 according to an exemplary embodiment of the present invention, which is suitable for being executed in the network system 100 based on the software defined network, wherein it is understood that the actions executed at the network control device 200 are all executed by the instructions stored by the network control device 200 when being loaded by the processor, and the actions executed at the network connection device 300 are all executed by the instructions stored by the network connection device 300 when being loaded by the processor.
First, the network control device 200 may store device information of a plurality of network connection devices 300 in the network system 100. The device information may be manually input or may be acquired by registering the network connection device 300 with the network control device 200 in advance. The device information for a network connection device may generally include a device identification (e.g., a digital certificate, a device ID, etc.) of the network connection device, and IP addresses of the first network interface and the second network interface.
Then, each network connection device 300 is connected to a corresponding one of the computing devices 120 through its first network interface, and the IP address of the first network interface is made to be a gateway of the computing device 120. Thereafter, the network connection device 300 communicates with the computing device 120 to which it is connected via the first network interface. Each network connection device 300 is also accessed to an external network through its second network interface, and thereafter, the network connection device 300 communicates with the network control device 200 via the second network interface.
As shown in fig. 4, the networking method 400 begins at step S410. For each network connection device 300, in step S410, a connection is established with the network control device 200 through the virtual private network at that network connection device 300, so that communication can be performed with the network control device 200 over that connection. For example, the network connection device 300 may establish a connection with the network control device 200 upon power-on start-up.
For each network connection device 300, the network control device 200 establishes a connection with the network connection device 300 through a virtual private network. Before establishing the connection with the network connection device 300, the network connection device 300 may be authenticated at the network control device 200 according to the device identifier, and if the authentication is successful, the connection with the network connection device is established. Specifically, the authentication may be performed by searching whether the network control device 200 stores the device identifier, and if the network control device 200 stores the device identifier, the authentication is passed, otherwise, the authentication is not passed, and the connection with the network connection device 300 may be rejected.
After establishing a connection with the network connection device 300 via the virtual private network, in step S420, according to the service requirement, a first configuration parameter of the network connection device 300 is generated at the network control device 200, where the first configuration parameter specifies that the network connection device 300 should establish a connection with another network connection device 300 via the virtual private network. Specifically, the first configuration parameter may include an IP address of a second network interface of another network connection device to establish a connection with the network connection device through the virtual private network, and may further include a device identifier of the other network connection device, a symmetric key generated for establishing a connection between the two network connection devices, and a dynamic routing protocol (e.g., a routing protocol such as BGP, OSPF, and RIP) that runs after the two network connection devices establish a connection.
Subsequently, at the network control device 200, the generated first configuration parameters are transmitted to the network connection device 300 on the connection established with the network connection device 300, so that the network connection device 300 establishes a connection with another network connection device through a virtual private network according to the first configuration parameters in step S430.
Accordingly, in step S440, after establishing a connection with the network control apparatus 200 through the virtual private network, the network connection apparatus 300 receives, at the network connection apparatus 330, the first configuration parameter transmitted by the network control apparatus 200 on the connection established with the network control apparatus.
Finally, in step S450, at the network connection device 300, according to the received first configuration parameter, a connection is established with another network connection device indicated by the first configuration parameter through the virtual private network.
According to an embodiment of the present invention, before establishing a connection with another network connection device, the network connection device 300 may authenticate the other network connection device according to the device identifier included in the first configuration parameter, and if the authentication is successful, establish a connection with the other network connection device. Specifically, the authentication may be performed by comparing whether the device identifier of the other network connection device is consistent with the device identifier included in the first configuration parameter, if the device identifier of the other network connection device is consistent with the device identifier included in the first configuration parameter, the authentication is passed, otherwise, the authentication is not passed, and the connection with the other network connection device may be rejected.
According to one embodiment of the present invention, when establishing a connection with another network connection device, the transmitted data may be checked at the two network connection devices by the symmetric key comprised by the first configuration parameter.
After establishing a connection with another network connection device, according to one embodiment of the present invention, a dynamic routing protocol specified by the first configuration parameters may be run at both network connection devices such that the computing devices 120 connected to both are route reachable within the network system 100.
According to another embodiment of the present invention, a blog may be transmitted to the network control device 200 at the network connection device 300, facilitating management and maintenance of the network control device 200. The network log comprises the software and hardware running health state, the connection duration, the bandwidth utilization rate and the availability rate of the network connection equipment and a routing table.
Further, according to an embodiment of the present invention, if the connection between the plurality of network connection devices 300 is to be disconnected according to traffic needs, for each of the network connection devices 300, after the connection is established with the network control device through the virtual private network at the network connection device, the second configuration parameter of the network connection device 300 may be generated at the network control device 200, at this time, the second configuration parameter may include an IP address of a second network interface of another network connection device to be disconnected from the network connection device, the connection being established through the virtual private network, a device identification, and a symmetric key generated for the disconnection of the two network connection devices. Then, the generated second configuration parameter is sent to the network connection device 300 at the network control device 200, and finally, the second configuration parameter sent by the network control device 200 is received at the network connection device 300, and the connection established with another network connection device indicated by the second configuration parameter through the virtual private network is disconnected according to the second configuration parameter.
Here, according to different service requirements, the configuration parameters of the network connection device 300 generated at the network control device 200 may also include the contents of the first configuration parameter and the second configuration parameter, so that the network connection device is disconnected from a certain network connection device first, and then establishes a connection with another network connection device.
According to yet another embodiment of the present invention, the network connection device 300 may further implement an address translation (NAT) function, for example, in the network connection device 300, the source IP address of the request, which is received at the second network interface and whose source IP address is the IP address of the first network interface, may be translated into the IP address of the second network interface according to a preconfigured NAT policy.
The following illustrates, for example, a networking process of the network system 100 based on a software defined network.
As shown in fig. 5, it is assumed that the network system 100 includes 6 network connection devices 300, which are numbered #1 to #6, and 6 servers 120, which are numbered 121 to 126, are connected to the network connection devices.
The IP addresses of the 6 servers are 10.1.1.2-10.6.6.2, the IP addresses of the second network ports of the 6 network connection devices are 100.1.1.1-100.6.6.6 respectively, the IP address of the first network port is 10.1.1.1-10.6.6.1, and the IP address of the network port of the network control device 200 is 200.1.1.1.
The network connection device 300 accesses the conventional network device through its second network port, and has its first network port as a gateway of the server 120 to which it is connected. Each network connection device 300 establishes a connection with the network control device 200 through a virtual private network.
According to the service requirement, the 6 servers 120 need to be networked into a dual star topology, that is, the servers 125 and 126 are connected to the server 121, the server 121 is connected to the server 122, and the servers 122 and 123 are connected to the server 124.
The network control apparatus 200 may generate configuration parameters for the 6 network connection apparatuses 300, respectively, according to the network topology intended to be composed as described above, and transmit the generated configuration parameters to the network connection apparatuses 300 over the connections established with the network connection apparatuses.
Taking the network connection device # 5 connected to the server 125 as an example, the configuration parameters are:
100.1.1.1;
a digital certificate of # 1;
a symmetric key generated for establishing a connection for the two network connection devices # 5 and # 1;
BGP, OSPF, RIP routing protocols.
After receiving the configuration parameters sent by the network control device 200, the 6 network connection devices 300 correspondingly establish connections with the indicated other network connection devices through the virtual private network according to the configuration parameters, so that the servers 120 connected thereto are connected to each other, thereby forming a dual-star topology.
In summary, according to the networking scheme for implementing an SDN network of the present invention, a network system based on a software defined network is provided, in which a network connection device is connected in series on a direct physical line between a computing device and a conventional network device, and can be connected or disconnected with other network connection devices through a virtual private network under the control of a network control device in the network system, so that the connected computing devices are connected or disconnected. The network control device may then control and manage the connections established between the various network connection devices through the virtual private network as needed, and change the network topology between the computing devices by changing the topology of the connections established through the virtual private network. Therefore, the SDN function is realized under the condition that the traditional network infrastructure is not replaced, the universality is good, the method does not depend on a specific network protocol and specific equipment, the existing network infrastructure does not need to be replaced or upgraded, the method can run in parallel with the traditional network, and the smooth transition from the traditional network to the SDN network is realized. Meanwhile, the total input cost of the user is greatly saved.
It should be understood that the various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to perform the various methods of the present invention according to instructions in the program code stored in the memory.
By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer-readable media includes both computer storage media and communication media. Computer storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of computer readable media.
It should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
The present invention may further comprise: a6, the apparatus of any one of A1-5, wherein the instructions are adapted to be loaded and executed by the processor to: receiving, over the connection established with the network control device, second configuration parameters sent by the network control device, the second configuration parameters including an IP address of a second network interface of another network connection device to be disconnected from the network connection device by the virtual private network, a device identification, and a symmetric key generated for the disconnection of the two network connection devices; disconnecting the connection established with the other network connection device through the virtual private network according to the received second configuration parameter. A7, the device of any one of A1-6, wherein the instructions are further adapted to be loaded and executed by the processor to: and according to the pre-configured NAT strategy, converting the source IP address of the request which is received at the second network interface and has the source IP address as the IP address of the first network interface into the IP address of the second network interface.
B10, the apparatus as in B9, wherein the instructions are adapted to be loaded and executed by the processor to: before establishing connection with the network connection equipment, the network connection equipment is authenticated according to the equipment identification, and if the authentication is passed, the connection with the network connection equipment is established. B11, the device as in B9 or 10, wherein the first configuration parameters further include the device identification of the other network connection device, a symmetric key generated for the two network connection devices to establish a connection, and a dynamic routing protocol run after the two network connection devices establish a connection. B12, the apparatus as in any one of B9-11, wherein the instructions are adapted to be loaded and executed by the processor to: and receiving a network log from the network connection equipment, wherein the network log comprises the software and hardware running health state, the connection duration, the bandwidth utilization rate and the availability rate of the network connection equipment and a routing table. B13, the apparatus as in any one of B9-12, wherein the instructions are adapted to be loaded and executed by the processor to: generating second configuration parameters of the network connection device after establishing a connection with the network connection device through the virtual private network, the second configuration parameters including an IP address of a second network interface of another network connection device to be disconnected from the network connection device, the connection being established through the virtual private network, a device identification, and a symmetric key generated for the disconnection of the two network connection devices; and sending the generated second configuration parameter to the network connection equipment on the connection established with the network connection equipment, so that the network connection equipment disconnects the connection established with the other network connection equipment through the virtual private network according to the second configuration parameter.
C17, the method as claimed in C16, wherein the method further comprises the steps of: the method comprises the steps of registering and acquiring equipment information of each network connection equipment at the network control equipment, wherein the equipment information comprises IP addresses of a first network interface and a second network interface of the network connection equipment. C18, the method according to C17, wherein the device information includes device identification of the network connection device, the method further comprising the steps of: before the network connection equipment is connected with the network control equipment, the network connection equipment is authenticated at the network control equipment according to the equipment identification, and if the authentication is passed, the connection with the network connection equipment is established. C19, the method according to C16, wherein the first configuration parameter includes a device identification of the other network connection device, the method further comprising the steps of: before the network connection equipment is connected with the other network connection equipment, the other network connection equipment is authenticated at the network connection equipment according to the equipment identification, and if the authentication is passed, the connection is established with the other network connection equipment. C20, the method according to any of the preceding claims C16-19, wherein the first configuration parameters comprise a symmetric key generated for two network connection devices to establish a connection, the method further comprising the steps of: when the network connection device is connected to another network connection device, the transmitted data is checked at both network connection devices by means of the symmetric key. C21, the method according to any of the preceding claims C16-20, wherein the first configuration parameter comprises a dynamic routing protocol that is run after two network connection devices establish a connection, the method comprising the steps of: after a network connection device establishes a connection with another network connection device, the dynamic routing protocol is run at both network connection devices so that computing devices connected to both are route reachable within the network system. C22, the method as claimed in any one of C16-21, wherein the method further comprises the steps of: and sending a network log to the network control equipment at the network connection equipment, wherein the network log comprises the software and hardware running health state, the connection duration, the bandwidth utilization rate and the availability rate of the network connection equipment and a routing table. C23, the method as claimed in any one of C16-22, wherein the method further comprises the steps of: if the connection among the plurality of network connection devices is to be disconnected, for each network connection device, after the network connection device establishes connection with the network control device through the virtual private network, generating second configuration parameters of the network connection device at the network control device, wherein the second configuration parameters comprise an IP address of a second network interface of another network connection device to be disconnected from the network connection device, the device identification and a symmetric key generated for the disconnection of the two network connection devices; transmitting, at a network control device, the generated second configuration parameters to the network connection device; and receiving a second configuration parameter sent by the network control equipment at the network connection equipment, and disconnecting the connection established with the other network connection equipment through the virtual private network according to the second configuration parameter. C24, the method as in any one of C16-23, further comprising the steps of: and converting the source IP address of the request which is received at the second network interface and has the source IP address of the first network interface into the IP address of the second network interface at the network connection equipment according to the pre-configured NAT strategy.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense, and the scope of the present invention is defined by the appended claims.
Claims (24)
1. A network connection device residing in a network system based on a software defined network, the network system comprising a network control device, a plurality of network connection devices and a plurality of computing devices respectively connected to each network connection device, wherein the network connection device is implemented as a small-sized portable electronic device wired in series on a direct physical line between the computing device and a legacy network device, the network connection device comprising:
a first network interface controller adapted to communicate with a computing device connected to the network connection device via a first network interface;
a second network interface controller adapted to communicate with the network control device via a second network interface;
a processor;
a memory; and
a program stored in the memory, the program configured to be executed by the processor, the program comprising a client and a server providing a virtual private network service, and instructions adapted to be loaded and executed by the processor:
establishing a connection with the network control device through a virtual private network;
receiving a first configuration parameter sent by the network control device on a connection established with the network control device, wherein the first configuration parameter comprises an IP address of a second network interface of another network connection device to establish a connection with the network connection device through a virtual private network; and
and establishing connection with the other network connection equipment through the virtual private network according to the received first configuration parameters.
2. The device of claim 1, wherein the first configuration parameter comprises a device identification of the other network connected device, the instructions adapted to be loaded and executed by the processor to:
before a connection is established with another network connection device,
and authenticating the other network connection device according to the device identifier, and if the authentication is passed, establishing connection with the other network connection device.
3. The device of claim 1 or 2, wherein the first configuration parameter comprises a symmetric key generated for two network connection devices to establish a connection, the instructions adapted to be loaded and executed by the processor to:
when a connection is established with another network connection device, the transmitted data is checked at both network connection devices by means of the symmetric key.
4. The device of claim 3, wherein the first configuration parameter comprises a dynamic routing protocol that runs after two network connection devices establish a connection, the instructions adapted to be loaded and executed by the processor to:
after establishing a connection with another network connection device, the dynamic routing protocol is run at both network connection devices such that computing devices connected to both are route reachable within the network system.
5. The apparatus of claim 4, wherein the instructions are adapted to be loaded and executed by the processor to:
and sending a network log to the network control equipment on the connection established with the network control equipment, wherein the network log comprises the software and hardware running health state, the connection duration, the bandwidth utilization rate and the availability rate of the network connection equipment, and a routing table.
6. The apparatus of claim 5, wherein the instructions are adapted to be loaded and executed by the processor to:
receiving, over the connection established with the network control device, second configuration parameters sent by the network control device, the second configuration parameters including an IP address of a second network interface of another network connection device to be disconnected from the network connection device by the virtual private network, a device identification, and a symmetric key generated for the disconnection of the two network connection devices;
disconnecting the connection established with the other network connection device through the virtual private network according to the received second configuration parameter.
7. The apparatus of claim 5, wherein the instructions are further adapted to be loaded and executed by the processor to:
and according to the pre-configured NAT strategy, converting the source IP address of the request which is received at the second network interface and has the source IP address as the IP address of the first network interface into the IP address of the second network interface.
8. A readable storage medium storing a program comprising instructions stored and executed by the network connection device of any of claims 1-7.
9. A network control device residing in a network system based on a software defined network, the network system further comprising a plurality of network connection devices and a plurality of computing devices respectively connected to each network connection device, wherein the network connection devices are implemented as small-sized portable electronic devices wired in series on a direct physical line between the computing devices and a legacy network device, the network control device comprising:
a network interface controller adapted to communicate with the network connection device via a network interface;
a processor;
a memory; and
a program stored in the memory, the program configured to be executed by the processor, the program comprising a client and a server providing a virtual private network service, and instructions adapted to be loaded and executed by the processor:
storing device information of a plurality of network connection devices, wherein the device information comprises device identifiers of the network connection devices and IP addresses of a first network interface and a second network interface; is also suitable for
For each of the network-connected devices,
establishing connection with the network connection device through a virtual private network;
generating a first configuration parameter of the network connection device, the first configuration parameter comprising an IP address of a second network interface of another network connection device to establish a connection with the network connection device over a virtual private network; and
and sending the generated first configuration parameter to the network connection equipment on the connection established with the network connection equipment, so that the network connection equipment establishes connection with the other network connection equipment through a virtual private network according to the first configuration parameter.
10. The apparatus of claim 9, wherein the instructions are adapted to be loaded and executed by the processor to:
before establishing connection with the network connection equipment, the network connection equipment is authenticated according to the equipment identification, and if the authentication is passed, the connection with the network connection equipment is established.
11. The apparatus of claim 9 or 10, wherein the first configuration parameter further comprises
The device identification of the other network connection device, a symmetric key generated for the connection establishment of the two network connection devices, and a dynamic routing protocol run after the connection establishment of the two network connection devices.
12. The apparatus of claim 11, wherein the instructions are adapted to be loaded and executed by the processor to:
and receiving a network log from the network connection equipment, wherein the network log comprises the software and hardware running health state, the connection duration, the bandwidth utilization rate and the availability rate of the network connection equipment and a routing table.
13. The apparatus of claim 12, wherein the instructions are adapted to be loaded and executed by the processor to:
after establishing a connection with a network connection device over a virtual private network,
generating second configuration parameters of the network connection device, the second configuration parameters including an IP address of a second network interface of another network connection device to disconnect a connection established through a virtual private network with the network connection device, a device identification, and a symmetric key generated for the disconnection of the two network connection devices;
and sending the generated second configuration parameter to the network connection equipment on the connection established with the network connection equipment, so that the network connection equipment disconnects the connection established with the other network connection equipment through the virtual private network according to the second configuration parameter.
14. A readable storage medium storing a program comprising instructions stored and executed by the network control device of claim 13.
15. A network system based on a software defined network, comprising a plurality of network connection devices according to any one of claims 1 to 7, a network control device according to any one of claims 9 to 13, and a plurality of computing devices respectively connected to each network connection device.
16. A networking method adapted to be executed in a network system based on a software defined network, the network system including a network control device, a plurality of network connection devices and a plurality of computing devices, wherein the network connection devices are implemented as small-sized portable electronic devices wired in series on a direct physical line between the computing devices and a legacy network device, each network connection device is connected to and communicates with a corresponding one of the computing devices via a first network interface and communicates with the network control device via a second network interface, the plurality of network connection devices are capable of being connected to each other through a virtual private network such that the plurality of computing devices connected thereto are connected to each other, the method comprising the steps of:
for each of the network-connected devices,
establishing a connection with a network control device over a virtual private network at the network connection device;
generating, at a network control device, a first configuration parameter for the network connection device, the first configuration parameter comprising an IP address of a second network interface of another network connection device to establish a connection with the network connection device over a virtual private network;
transmitting, at a network control device, the generated first configuration parameter to the network connection device;
and receiving the first configuration parameter sent by the network control equipment at the network connection equipment, and establishing connection with the other network connection equipment through the virtual private network according to the first configuration parameter.
17. The method of claim 16, wherein the method further comprises the steps of:
the method comprises the steps of registering and acquiring equipment information of each network connection equipment at the network control equipment, wherein the equipment information comprises IP addresses of a first network interface and a second network interface of the network connection equipment.
18. The method of claim 17, wherein the device information includes a device identification of the network connection device, the method further comprising the steps of:
before the network connection equipment is connected with the network control equipment, the network connection equipment is authenticated at the network control equipment according to the equipment identification, and if the authentication is passed, the connection with the network connection equipment is established.
19. The method of claim 16, wherein the first configuration parameter comprises a device identification of the other network connected device, the method further comprising the steps of:
before the network connection equipment is connected with the other network connection equipment, the other network connection equipment is authenticated at the network connection equipment according to the equipment identification, and if the authentication is passed, the connection is established with the other network connection equipment.
20. The method of any of claims 16-19, wherein the first configuration parameter comprises a symmetric key generated for two network connection devices to establish a connection, the method further comprising the steps of:
when the network connection device establishes a connection with another network connection device, the transmitted data is checked at both network connection devices by means of the symmetric key.
21. The method of claim 20, wherein the first configuration parameter comprises a dynamic routing protocol that is run after two network connection devices establish a connection, the method comprising the steps of:
after a network connection device establishes a connection with another network connection device, the dynamic routing protocol is run at both network connection devices so that computing devices connected to both are route reachable within the network system.
22. The method of claim 21, wherein the method further comprises the steps of:
and sending a network log to the network control equipment at the network connection equipment, wherein the network log comprises the software and hardware running health state, the connection duration, the bandwidth utilization rate and the availability rate of the network connection equipment and a routing table.
23. The method of claim 22, wherein the method further comprises the steps of:
if the connection between the plurality of network connection devices is to be disconnected, for each of the network connection devices, after the connection is established at the network connection device with the network control device via the virtual private network,
generating, at a network control device, second configuration parameters of the network connection device, the second configuration parameters including an IP address of a second network interface of another network connection device to disconnect a connection established over a virtual private network with the network connection device, a device identification, and a symmetric key generated for both network connection devices to disconnect;
transmitting, at a network control device, the generated second configuration parameters to the network connection device;
and receiving a second configuration parameter sent by the network control equipment at the network connection equipment, and disconnecting the connection established with the other network connection equipment through the virtual private network according to the second configuration parameter.
24. The method as claimed in claim 23, further comprising the steps of:
and converting the source IP address of the request which is received at the second network interface and has the source IP address of the first network interface into the IP address of the second network interface at the network connection equipment according to the pre-configured NAT strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710358831.XA CN107241254B (en) | 2017-05-19 | 2017-05-19 | Network connection device, network system and networking method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710358831.XA CN107241254B (en) | 2017-05-19 | 2017-05-19 | Network connection device, network system and networking method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107241254A CN107241254A (en) | 2017-10-10 |
| CN107241254B true CN107241254B (en) | 2020-06-05 |
Family
ID=59984452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710358831.XA Active CN107241254B (en) | 2017-05-19 | 2017-05-19 | Network connection device, network system and networking method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107241254B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110083484B (en) * | 2018-01-26 | 2024-03-08 | 阿里巴巴集团控股有限公司 | FPGA reloading method, device, storage medium and system |
| CN112394688B (en) * | 2019-08-19 | 2022-07-15 | 上海明我信息技术有限公司 | Industrial personal computer protection equipment and control method |
| CN113556208B (en) * | 2020-04-24 | 2022-08-26 | 华为技术有限公司 | Hello message transmission method and device and readable storage medium |
| CN114287125A (en) * | 2020-07-17 | 2022-04-05 | 柏思科技有限公司 | Method and system for forwarding data packets through a virtual private network |
| CN116170364B (en) * | 2022-12-09 | 2024-04-05 | 山东有人物联网股份有限公司 | VPN connection method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166909A (en) * | 2011-12-08 | 2013-06-19 | 上海贝尔股份有限公司 | Access method and device and system of virtual network system |
| CN104219149A (en) * | 2014-08-26 | 2014-12-17 | 杭州华三通信技术有限公司 | Virtual connection based message transmission method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3094051B1 (en) * | 2014-01-29 | 2018-08-15 | Huawei Technologies Co., Ltd. | Data transmission method, transmission control method and device |
-
2017
- 2017-05-19 CN CN201710358831.XA patent/CN107241254B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166909A (en) * | 2011-12-08 | 2013-06-19 | 上海贝尔股份有限公司 | Access method and device and system of virtual network system |
| CN104219149A (en) * | 2014-08-26 | 2014-12-17 | 杭州华三通信技术有限公司 | Virtual connection based message transmission method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107241254A (en) | 2017-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107241254B (en) | Network connection device, network system and networking method | |
| US10250646B2 (en) | Method and device for establishing channel | |
| CN108616490B (en) | Network access control method, device and system | |
| JP6594579B2 (en) | Techniques for handling remote web clients from applications on mobile devices | |
| CN104137518B (en) | Internet protocol connection in Service-Oriented Architecture Based bus | |
| CN109547349B (en) | Virtual routing-based traffic management method, device, terminal and storage medium | |
| EP2633667B1 (en) | System and method for on the fly protocol conversion in obtaining policy enforcement information | |
| CN106789526B (en) | method and device for connecting multiple system networks | |
| WO2019128240A1 (en) | Data routing method and terminal | |
| CN114025021B (en) | Communication method, system, medium and electronic equipment crossing Kubernetes cluster | |
| US11800587B2 (en) | Method for establishing subflow of multipath connection, apparatus, and system | |
| EP3447996A1 (en) | Resource subscription method, resource subscription device, and resource subscription system | |
| CN103812900A (en) | Data synchronization method, device and system | |
| CN116325655A (en) | Manipulating traffic on a per-flow basis through a single sign-on service | |
| CN108023736A (en) | Communication means, server device, client device, apparatus and system | |
| CN114025009A (en) | Method, system, proxy server and device for forwarding request | |
| US20210281994A1 (en) | Roaming among different types of networks | |
| CN111405046B (en) | Authorization method for batch equipment | |
| CN110289979B (en) | Bridge and network management method | |
| TWI608749B (en) | Method for controlling a client device to access a network device, and associated control apparatus | |
| CN107302485B (en) | Method, equipment and device for interconnecting equipment in different networks | |
| CN106209670B (en) | Interface control method and device | |
| CN112996137A (en) | Method for establishing data connection on multi-operation system terminal | |
| EP4311280A1 (en) | Communication method and device | |
| CN114979099B (en) | Target service access method, module and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing 100102 Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd. Address before: 100097 Jinwei Building 803, 55 Lanindichang South Road, Haidian District, Beijing Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |