CN107395500A - Perceive the intelligent network architecture and implementation method for calculating storage integration - Google Patents
Perceive the intelligent network architecture and implementation method for calculating storage integration Download PDFInfo
- Publication number
- CN107395500A CN107395500A CN201710743012.7A CN201710743012A CN107395500A CN 107395500 A CN107395500 A CN 107395500A CN 201710743012 A CN201710743012 A CN 201710743012A CN 107395500 A CN107395500 A CN 107395500A
- Authority
- CN
- China
- Prior art keywords
- content
- nrs
- router
- level
- lcrs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
- H04L45/04—Interdomain routing, e.g. hierarchical routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/20—Hop count for routing purposes, e.g. TTL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Abstract
The invention discloses a kind of perceive to calculate storage integrated intelligent network architecture and implementation method, employs the model that content identification (CID), device identification (GUID) and secure ID (SecID) are combined:Content distributed storage in a network, content caching strategy is disposed in LCRS, aggregation strategy is affixed one's name in router interior, by cooperating between node, realize the shared and multiplexing of resource;Using the mixed logic dynamic mode of device identification/address, the name resolution service of two-stage is provided by NRS, makes main frame and network mobility that network support is seamless;Using the secure authentication mechanisms of Initiative Defense, Access Control and authentication are carried out to user as root of trust, bonding apparatus mark and secure ID by edge router, combined content mark is effectively intercepted to illegal content.The network architecture can be with the change for the content, network environment that sensing network transmits, the behavior of the network user;Seamless main frame and network mobility are supported, there is expansible and developmental capacity;Initiative Defense, there is internet security.
Description
Technical field
The present invention relates to technical field of the computer network, more particularly to a kind of perceive to calculate the integrated intelligent network of storage
Framework.
Background technology
With the fast development of the swift and violent growth and new application of Internet scale, traditional Internet architecture
Significant challenge is faced in scalability, controllability, mobility and security etc..In this context, it is innovative not
Carrying out network architecture research already turns into the hot fields of Present Global concern.
Traditional internet by IP address for core, for the purpose of simple transmission, using what is designed according to end-to-end principle
TCP/IP architectures.First, flow increases sharply and routing table drastically expands and seriously affected the expansible of traditional IP
Property, the TCP/IP architectures that have its source in of its problem are IP address-based point to point link patterns, and this essential characteristic is led
All communication flows are caused all to be accumulated on backbone network, and all P are required for being maintained into up to arbitrary node
The route of (subnet).Secondly, portable mobile termianl becomes increasingly popular the explosive growth with internet-of-things terminal quantity to network
Mobility propose requirements at the higher level, the ambulant enhancing of user terminal causes data transfer path frequent changes, heavy damage
The continuity of upper layer application service, have impact on the service quality of IP network user.Finally, the network application occurred at present to
The protection of family safety and privacy proposes higher requirement, and the security means of traditional IP is substantially at passive reply shape
State, to attacking unaware, basic reason is that IP address-based point to point link pattern is merely able to provide end-by-end security
Passage, the personalized secure service for service and content can not be realized.
In view of the above-mentioned problems, existing solution mainly increases function in application layer.For example use content delivery network
Network (CDN) and peer-to-peer network (P2P), network service is provided on network edge main frame.These technologies to a certain extent can be with
Content distribution efficiency is improved, but due to being difficult to carry out network state effectively perceive and lacking unified content identification, because
The problems such as router efficiency is low, enforcement difficulty is big be present in this.And the deployment of CDN technologies is expensive, for the specific data of contracted user
Optimization, can not service global network user, only alleviate scale sex chromosome mosaicism by being continuously increased hardware investment under existing framework;
Using IP routes as in the internet architecture of core, Service Source lacks mutually perception mechanism, P2P etc. application with physical network
Layer solution can not fundamentally solve network institute's facing challenges and problem.
The content of the invention
It is an object of the invention to provide kind to perceive calculating storage integrated intelligent network architecture and implementation method, can feel
Know change, the behavior of the network user of the content, network environment of network transmission;Seamless main frame and network mobility are supported, is had
There is expansible and developmental capacity;Initiative Defense, there is internet security.
The purpose of the present invention is achieved through the following technical solutions:
A kind of perceive calculates the integrated intelligent network architecture of storage, including:Storage capacity is calculated with supporting with perceiving
Two-stage name resolution server NRS ambulant between domain in content-aggregated router, support region in domain, and in support region
The local area content resolution server LCRS of content caching;Wherein:
Router provides the security authentication services based on secure ID SecID, the data forwarding based on device identification GUID
Service and the content service based on content identification CID;
When router receives the packet of user's transmission, type of data packet is first distinguished, storage one is calculated for perceiving
The intelligent network architecture SCSN of body packet, pass through SecID, GUID and CID and LCRS authentication numbers of data packet head
According to the legitimacy of bag content, the authenticity with NRS authentication user identity;Afterwards, judge that by the packet verified be interior
Hold bag or request bag;For content bag, then enter if the packet of content caching is allowed under LCRS scheduling between router
Row collaboration storage, if the packet of mobility support, the forwarding strategy based on GUID, realizes GUID and ground in routing procedure
The dynamic binding of location;For request bag, corresponding CID is then reported into LCRS by router if content requests, then according to LCRS
The distribution of content situation of return is realized content-aggregated;If access request, then passed through by router with NRS communications corresponding
SecID and GUID realizes Access Control to carry out subscriber authentication.
For content bag, router carries out differential service according to the service identifiers position of data packet head first, including:
CID is reported LCRS to obtain cache policy by the packet to allowing content caching, router, between router
Collaboration storage is carried out under LCRS scheduling, realizes the shared and multiplexing of resource;
To the packet of mobility support, query router NRS obtains GUID and the dynamic binding of network address, then passes through
Local forward table obtains the next hop router of routing forwarding, if packet retransmission failure, router data storage bag, continues
Inquiry NRS carries out storage forwarding.
The NRS provides the dynamic binding service of GUID and network address;GUID is global invariant, the network of equipment
Location dynamic change with the change of access point, the NRS ensure in the case of constantly being migrated in on-position to equipment just
Really route;
The NRS uses hierarchy, including:One-level NRS and two level NRS;Wherein one-level NRS is used for intra-area routes, and two
Level NRS is used for inter-domain routing;The device information update and safeguard GUID reflecting to network address that one-level NRS reports according to router
Relation is penetrated, the equipment moved between all generation domains is then calculated and reports two level NRS;Movement is to two level NRS in the domain of equipment
Transparent, it only maintains mapping of the device identification to gateway router address GA, is responsible for routing a data packet to purpose equipment institute
In domain;
One-level NRS classifies to routing inquiry and user access control information, and enters name resolving corresponding to difference
Service and user management module, one-level NRS user management modules are related to user access control and authentication, and by intra domain user
Additions and deletions information be sent to two level NRS;Two level NRS receives the information from one-level NRS and gateway router, is entered by grader
User management module and name resolution service module, renewal and the inquiry operation of two level NRS local informations are related separately to, most at last
Confirmation sends back one-level NRS, and Query Result sends back gateway router.
LCRS is used for the content stored in management domain in network;The content caching information updating that LCRS reports according to router
With the mapping table CAMT of maintenance content to storage address, and CAMT, storage strategy module and Context resolution module are based on, control road
By device carry out content storage and assisting complete it is content-aggregated;LCRS establishes information filtering table always according to certain information filtering scheme
CFT, the legitimacy for the scope of examination;
The LCRS includes:Grader, storage strategy module, Context resolution module and for depositing CAMT and CFT
Memory;The information received is divided into content requests and stores two parts with content by grader, and content requests therein are given
Context resolution module carries out subsequent treatment, and content storage gives storage strategy module to carry out subsequent treatment;
Context resolution module and storage strategy module can all call Context resolution module polls CFT, be for the scope of examination
It is no legal;Continue to inquire about the distribution that CAMT obtains corresponding contents if content legality, in Context resolution module will inquire
Hold the router that distribution is sent to request related content, subsequent treatment is carried out by associated router;Storage strategy module then basis
Storage strategy determines the need for storing corresponding contents, and updates CAMT, while sends relevant instruction to router;If content
Non- rule refusal service.
Its logical level is respectively application layer, transport layer, Internet and link layer from top to bottom;Wherein, router, NRS
And LCRS is respectively positioned on Internet;
The Internet includes:Datum plane and control plane;
The function of the datum plane is as follows:Perception of content:Router is perceived and classified according to type of data packet, and
Carry out differential service;Content stores:Router is by CID and type of data packet information reporting LCRS, LCRS contained in packet
Unified planning is stored content in single or multiple router;It is content-aggregated:First hop router receives user content request
After message, LCRS, LCRS is reported to inquire about the distributed intelligence that the CID and returned content store in CAMT the CID of request content,
, will be from some or some routes according to the content-aggregated strategy decision of router after first hop router receives distributed intelligence
It polymerize related content in device;Routing forwarding:Same intradomain router according to GUID forward packet, between multiple domains by
Two level NRS in NRS is route according to the binding information of GUID and address, and because data packet format includes IP heads;
Safety verification:After user permits access, the SecID of user is arranged to the field with GUID bindings, and send it to side
Edge router, the authentication as user class;And for packet caused by user, CFT will be inquired about according to CID and carried out
Filter, the safety verification as content-level;
Realize in the control plane and network configuration and strategy are managed and controlled, including:Context resolution service:By
LCRS inquires about CAMT information, obtains the mapping relations of content and network address;Name resolution service:One-level NRS in NRS is provided
To the analysis service of network address, the two level NRS in NRS provides parsing clothes of the GUID between domain to network address by GUID in domain
Business;Routing forwarding service:During intra-area routes, router parses purpose network address come transmission packet according to one-level NRS;Domain
Between when routeing, gateway router obtains purpose gateway address by inquiring about two level NRS, and packet is carried out so as to pass through backbone network
Transmission;Access Control service:Apply for that couple in router reports the GUID of the user, one-level to one-level NRS when accessing in user
Blacklist that NRS provides according to operator and user right data determine the user whether access, and the power of the user is set
Limit, while record security examines and account book information.
A kind of implementation method for perceiving the calculating storage integral intelligent network architecture, including:Setting, there is perception calculating to deposit
Content-aggregated router, the interior two-stage name resolution server ambulant between domain of setting support region in energy storage power and support region
NRS, and the local area content resolution server LCRS of content caching in support region is set;Wherein:
Set router provides the security authentication services based on secure ID SecID, based on device identification GUID's
Data forwarding service and the content service based on content identification CID;
When router receives the packet of user's transmission, type of data packet is first distinguished, storage one is calculated for perceiving
The intelligent network architecture SCSN of body packet, pass through SecID, GUID and CID and LCRS authentication numbers of data packet head
According to the legitimacy of bag content, the authenticity with NRS authentication user identity;Afterwards, judge that by the packet verified be interior
Hold bag or request bag;For content bag, then enter if the packet of content caching is allowed under LCRS scheduling between router
Row collaboration storage, if the packet of mobility support, the forwarding strategy based on GUID, realizes GUID and ground in routing procedure
The dynamic binding of location;For request bag, corresponding CID is then reported into LCRS by router if content requests, then according to LCRS
The distribution of content situation of return is realized content-aggregated;If access request, then passed through by router with NRS communications corresponding
SecID and GUID realizes Access Control to carry out subscriber authentication.
For content bag, router carries out differential service according to the service identifiers position of data packet head first, including:
CID is reported LCRS to obtain cache policy by the packet to allowing content caching, router, between router
Collaboration storage is carried out under LCRS scheduling, realizes the shared and multiplexing of resource;
To the packet of mobility support, query router NRS obtains GUID and the dynamic binding of network address, then passes through
Local forward table obtains the next hop router of routing forwarding, if packet retransmission failure, router data storage bag, continues
Inquiry NRS carries out storage forwarding.
The NRS provides the dynamic binding service of GUID and network address;GUID is global invariant, the network of equipment
Location dynamic change with the change of access point, the NRS ensure in the case of constantly being migrated in on-position to equipment just
Really route;
The NRS uses hierarchy, including:One-level NRS and two level NRS;Wherein one-level NRS is used for intra-area routes, and two
Level NRS is used for inter-domain routing;The device information update and safeguard GUID reflecting to network address that one-level NRS reports according to router
Relation is penetrated, the equipment moved between all generation domains is then calculated and reports two level NRS;Movement is to two level NRS in the domain of equipment
Transparent, it only maintains mapping of the device identification to gateway router address GA, is responsible for routing a data packet to purpose equipment institute
In domain;
One-level NRS classifies to routing inquiry and user access control information, and enters name resolving corresponding to difference
Service and user management module, one-level NRS user management modules are related to user access control and authentication, and by intra domain user
Additions and deletions information be sent to two level NRS;Two level NRS receives the information from one-level NRS and gateway router, is entered by grader
User management module and name resolution service module, renewal and the inquiry operation of two level NRS local informations are related separately to, most at last
Confirmation sends back one-level NRS, and Query Result sends back gateway router.
LCRS is used for the content stored in management domain in network;The content caching information updating that LCRS reports according to router
With the mapping table CAMT of maintenance content to storage address, and CAMT, storage strategy module and Context resolution module are based on, control road
By device carry out content storage and assisting complete it is content-aggregated;LCRS establishes information filtering table always according to certain information filtering scheme
CFT, the legitimacy for the scope of examination;
The LCRS includes:Grader, storage strategy module, Context resolution module and for depositing CAMT and CFT
Memory;The information received is divided into content requests and stores two parts with content by grader, and content requests therein are given
Context resolution module carries out subsequent treatment, and content storage gives storage strategy module to carry out subsequent treatment;
Context resolution module and storage strategy module can all call Context resolution module polls CFT, be for the scope of examination
It is no legal;Continue to inquire about the distribution that CAMT obtains corresponding contents if content legality, in Context resolution module will inquire
Hold the router that distribution is sent to request related content, subsequent treatment is carried out by associated router;Storage strategy module then basis
Storage strategy determines the need for storing corresponding contents, and updates CAMT, while sends relevant instruction to router;If content
Non- rule refusal service.
Perceive calculate storage the integral intelligent network architecture logical level from top to bottom be respectively application layer, transport layer,
Internet and link layer;Wherein, router, NRS and LCRS are respectively positioned on Internet;
The Internet includes:Datum plane and control plane;
The function of the datum plane is as follows:Perception of content:Router is perceived and classified according to type of data packet, and
Carry out differential service;Content stores:Router is by CID and type of data packet information reporting LCRS, LCRS contained in packet
Unified planning is stored content in single or multiple router;It is content-aggregated:First hop router receives user content request
After message, LCRS, LCRS is reported to inquire about the distributed intelligence that the CID and returned content store in CAMT the CID of request content,
, will be from some or some routes according to the content-aggregated strategy decision of router after first hop router receives distributed intelligence
It polymerize related content in device;Routing forwarding:Same intradomain router according to GUID forward packet, between multiple domains by
Two level NRS in NRS is route according to the binding information of GUID and address, and because data packet format includes IP heads;
Safety verification:After user permits access, the SecID of user is arranged to the field with GUID bindings, and send it to side
Edge router, the authentication as user class;And for packet caused by user, CFT will be inquired about according to CID and carried out
Filter, the safety verification as content-level;
Realize in the control plane and network configuration and strategy are managed and controlled, including:Context resolution service:By
LCRS inquires about CAMT information, obtains the mapping relations of content and network address;Name resolution service:One-level NRS in NRS is provided
To the analysis service of network address, the two level NRS in NRS provides parsing clothes of the GUID between domain to network address by GUID in domain
Business;Routing forwarding service:During intra-area routes, router parses purpose network address come transmission packet according to one-level NRS;Domain
Between when routeing, gateway router obtains purpose gateway address by inquiring about two level NRS, and packet is carried out so as to pass through backbone network
Transmission;Access Control service:Apply for that couple in router reports the GUID of the user, one-level to one-level NRS when accessing in user
Blacklist that NRS provides according to operator and user right data determine the user whether access, and the power of the user is set
Limit, while record security examines and account book information.
As seen from the above technical solution provided by the invention, framework employs content identification (CID), device identification
And the model that is combined of secure ID (SecID) (GUID):Content distributed storage in a network, in LCRS dispose content and delay
Strategy is deposited, aggregation strategy is affixed one's name in router interior, by cooperating between node, realizes the shared and multiplexing of resource;Adopt
With the mixed logic dynamic mode of device identification/address, the name resolution service of two-stage is provided by NRS, makes the master that network support is seamless
Machine and network mobility;Using the secure authentication mechanisms of Initiative Defense, by edge router as root of trust, bonding apparatus mark
Access Control and authentication are carried out to user with secure ID, combined content mark is effectively blocked to illegal content
Cut.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is that a kind of perceive provided in an embodiment of the present invention calculates the integrated intelligent network architecture schematic diagram of storage;
Fig. 2 is the data forwarding service flow chart of router provided in an embodiment of the present invention;
Fig. 3 is NRS provided in an embodiment of the present invention message processing flow figure;
Fig. 4 is LCRS provided in an embodiment of the present invention message processing flow figure;
Fig. 5 is the logical architecture schematic diagram of SCSN networks provided in an embodiment of the present invention;
Fig. 6 is content-aggregated process schematic provided in an embodiment of the present invention;
Fig. 7 is content storage process schematic diagram provided in an embodiment of the present invention;
Fig. 8 is routing procedure schematic diagram provided in an embodiment of the present invention;
Fig. 9 router and NRS information interactive process under mobile context between domain provided in an embodiment of the present invention and in domain
Schematic diagram;
Figure 10 is safety verification process schematic provided in an embodiment of the present invention.
Embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Based on this
The embodiment of invention, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to protection scope of the present invention.
Fig. 1 is that a kind of perceive provided in an embodiment of the present invention calculates the integrated intelligent network architecture schematic diagram of storage, such as
Shown in Fig. 1, it is a kind of edge network framework to perceive and calculate the integrated intelligent network architecture (SCSN) of storage.Due to key host
It is used for inter-domain routing, perceives, calculates, store function if being realized in backbone network, being introduced into very big time delay and complexity, instead
And the efficiency of network can be reduced.Using the physical structure of edge network, can farthest reduce to conventional network equipment
Renewal, reduce the cost of deployment SCSN networks.The highly scalable of this edge network framework causes enterprise, government, school
Can according to their needs etc. unit, personalized customization and deployment SCSN networks.Because SCSN networks have good compatibility,
Its backbone network can continue to use IP network framework.
SCSN nucleus equipment includes:Storage capacity and router content-aggregated in support region, branch are calculated with perceiving
Hold in domain the ambulant two-stage name resolution server (NRS) between domain, and in support region content caching local area content solution
Analyse server (LCRS).The network architecture is by two-stage name resolution server, with reference to the mixing based on device identification and address
Routing mechanism, the route forwarding function between domain in domain is realized, support seamless main frame and network mobility;Pass through local area content
Management server carries out content caching and content-aggregated tactful deployment so that realizes that collaboration storage and resource are answered between router
With, raising content distribution efficiency, reduction network redundancy flow;Initiative Defense is carried out by secure authentication mechanisms, with reference to identity mark
Knowledge and secure ID, authentication, combined content mark and identity are carried out to user as root of trust by edge router
Illegal content is effectively intercepted, and the user of issue illegal contents can be followed the trail of, it is handled.
The routers of SCSN networks provide the security authentication services based on SecID, the data forwarding service based on GUID and
Content service based on CID.In user access network, router realizes Access Control with NRS authentication user identity;
When user sends data, router verifies the conjunction of user identity and transferring content by SecID, GUID and CID of data packet head
Method, check on one's own initiative, handle, evade attack.Tested by this dual safety for content and user identity
Card service, it can effectively realize the Initiative Defense of network.Router can perceive the content of transmission, and according to the caching plan of deployment
Slightly content is stored, carries out collaboration storage between router under LCRS scheduling, realizes the shared and multiplexing of resource.It is logical
The forwarding strategy based on GUID is crossed, the dynamic binding of device identification and address is realized in routing procedure, can effectively be supported
The mobility of equipment and network so that application layer can keep link not interrupt under mobile context.Router is passed by hop-by-hop
Defeated mechanism, both ensure that reliable data transmission end to end, reduce the time delay for retransmitting data band again.In addition, router is also
Flexible differential service can be provided according to service type.It can pass through clothes for being not intended to buffered data in actual demand
Service type specifies the data-transmission mode without caching, such as pay content or private content, it is ensured that not by network
Copy propagation wantonly, so as to be effectively protected copyright and privacy of user.For the data of delay sensitive, again may be by servicing
Type specifies packet to carry out the simple data forwarding based on address, so that network no longer supports mobility, does not also ensure
The reliability of data transfer, but propagation delay time can be effectively reduced, suitable for real-time scene.By this differential service,
Make service provider that the flexibility of network with self-defined network service mode, can be improved;Developer is set easily to add net
Network function, improve the scalability of network.In addition to These characteristics, SCSN router can also provide abundant Distributed Calculation
Resource, support the function of the ubiquitous computations such as content calculating, network calculations and service calculating.
SCSN provided in an embodiment of the present invention can be with the content of sensing network transmission, the change of network environment, the network user
Behavior;Seamless main frame and network mobility are supported, there is expansible and developmental capacity;Initiative Defense, there is network security
Property.
In order to make it easy to understand, it is introduced respectively below for router, NRS, and LCRS.
First, router.
As shown in Fig. 2 the data forwarding service flow chart for router.In the embodiment of the present invention, router is supported
The data forwarding service compatible with IP;When router receives packet, type of data packet is first distinguished, is carried for IP packets
Forward and service for Traditional IP, SCSN handling processes are performed for SCSN packets.
Router passes through SecID, GUID and CID and LCRS authentication data of data packet head to SCSN packet
The legitimacy of bag content, the authenticity with NRS authentication user identity.Afterwards, judge by the packet verified as content
Bag or request bag, to being respectively processed by the content bag and request bag of checking.When router receives content bag, according to number
Differential service is carried out according to the service identifiers position in packet header.1) to the packet of permission content caching, then LCRS's between router
Collaboration storage is carried out under scheduling;Specifically:CID is reported LCRS to obtain cache policy by router, in LCRS between router
Scheduling under carry out collaboration storage, realize the shared of resource and multiplexing.2) to the packet of mobility support, turned based on GUID
Hair strategy, realizes GUID and the dynamic binding of address in routing procedure;Specifically:Query router NRS obtains GUID and net
The dynamic binding of network address, then the next hop router of routing forwarding is obtained by local forward table, if packet forwarding is lost
Lose, router data storage bag, continue inquiry NRS and carry out storage forwarding.
When router receives request bag, content requests and access request are distinguished.For content requests bag, router first to
LCRS inquires about storage location of the content in domain, if can provide the content of request in domain, router is according to aggregation strategy
Other associated router aggregated contents are notified, the content requests of terminal are then directly locally responded in router;Otherwise, it is based on
Content requests are forwarded to next hop router by GUID, until content requests bag reaches the domain for storing the content or content provides
Side.For access request bag, then communicated by router with NRS by corresponding SecID and GUID to carry out subscriber authentication
Realize Access Control.
2nd, NRS.
In the embodiment of the present invention, the NRS provides the dynamic binding service of GUID and network address;GUID is global constant
Amount, the network address of equipment with the change of access point and dynamic change, the NRS ensure the feelings constantly migrated in on-position
To the correct route of equipment under condition.
The NRS uses hierarchy, including:One-level NRS and two level NRS;Wherein one-level NRS is used for intra-area routes, and two
Level NRS is used for inter-domain routing;The device information update and safeguard GUID reflecting to network address that one-level NRS reports according to router
Relation is penetrated, the equipment moved between all generation domains is then calculated and reports two level NRS;Movement is to two level NRS in the domain of equipment
Transparent, it only maintains mapping of the device identification to gateway router address (GA), is responsible for routing a data packet to purpose equipment
Place domain;The NRS structures of this classification, which effectively realize, unifies route between autonomous and domain in domain, improve the expansible of network
Property.One-level NRS can be personalized deployment Access Control service, there is provided authentication and the function of data safety verification,
To the new equipment of access network network, router sends requests verification information to one-level NRS, to obtain equipment identities legitimacy and access
Authority, realize access control function.
As shown in figure 3, the message processing flow figure for NRS.One-level NRS enters to routing inquiry and user access control information
Row classification, and enter name resolution service and user management module corresponding to difference, one-level NRS user management modules are related to user
Access Control and authentication, and the additions and deletions information of intra domain user is sent to two level NRS;Two level NRS receive from one-level NRS and
The information of gateway router, user management module and name resolution service module are entered by grader, relate separately to two level NRS
The renewal of local information and inquiry operation, it finally will confirm that information sends back one-level NRS, Query Result sends back gateway route
Device.
3rd, LCRS.
LCRS is used for the content stored in management domain in network;The content caching information updating that LCRS reports according to router
With the mapping table (CAMT) of maintenance content to storage address, and CAMT, storage strategy module and Context resolution module are based on, controlled
Router carry out content storage and assisting complete it is content-aggregated;LCRS establishes information filtering always according to certain information filtering scheme
Table (CFT), the legitimacy for the scope of examination;
As shown in figure 4, the message processing flow figure for LCRS.The LCRS includes:Grader, storage strategy module,
Context resolution module and the memory for depositing CAMT and CFT;Grader by the information received be divided into content requests with
Content stores two parts, and content requests therein give Context resolution module to carry out subsequent treatment, and storage plan is given in content storage
Slightly module carries out subsequent treatment;
Context resolution module and storage strategy module can all inquire about CFT, and whether the scope of examination is legal;If content legality
Then continue to inquire about the distribution that CAMT obtains corresponding contents, the distribution of content inquired is sent to by Context resolution module asks this interior
The router of appearance, subsequent treatment is carried out by the router;Storage strategy module then determines the need for storing according to storage strategy
Corresponding contents, and CAMT is updated, while send relevant instruction to router;If the non-rule refusal service of content;For difference
The type of service of demand, storage strategy module can be separated from LCRS, be incorporated into service managing server, to carry
Enhanced scalability and efficiency of service.
On the other hand, the logical architecture of SCSN networks provided in an embodiment of the present invention can be found in Fig. 5, and its its logical level is certainly
Upper and lower respectively application layer, transport layer, Internet and link layer;Wherein, application layer operation meets the application journey of user's request
Sequence;Transport layer is using user oriented application process, reliable transport layer protocol;Link layer uses existing network link layer skill
Art.
Nucleus equipment router, NRS and the LCRS of SCSN described in the embodiment of the present invention is respectively positioned on Internet.Internet master
To be made up of datum plane and control plane, there is provided complete perception, calculating and storage service;Datum plane and control plane
Major function it is as follows:
1) function of the datum plane is as follows:Perception of content:Router is perceived and classified according to type of data packet,
And carry out differential service;Content stores:Router by CID and type of data packet information reporting LCRS contained in packet,
LCRS unified plannings are stored content in single or multiple router;It is content-aggregated:First hop router receives user content
After request message, LCRS, LCRS is reported to inquire about the distribution that the CID and returned content store in CAMT the CID of request content
Information, after the first hop router receives distributed intelligence, according to the content-aggregated tactful concrete decision of router will from some or
It polymerize the content in some routers of person;Routing forwarding:Packet is forwarded according to GUID in same intradomain router, multiple
It is route between domain by the two level NRS in NRS according to the binding information of GUID and address, and because data packet format includes IP
Head;Safety verification:After user permits access, the SecID of user is arranged to the field with GUID bindings, and be sent to
To edge router, the authentication as user class;And for packet caused by user, CFT will be inquired about according to CID and entered
Row filtering, the safety verification as content-level;
2) realize in the control plane and network configuration and strategy are managed and controlled, including:Context resolution service:By
LCRS inquires about CAMT information, obtains the mapping relations of content and network address;Name resolution service:One-level NRS in NRS is provided
To the analysis service of network address, the two level NRS in NRS provides parsing clothes of the GUID between domain to network address by GUID in domain
Business;Routing forwarding service:During intra-area routes, router parses purpose network address come transmission packet according to one-level NRS;Domain
Between when routeing, gateway router obtains purpose gateway address by inquiring about two level NRS, and packet is carried out so as to pass through backbone network
Transmission;Access Control service:Apply for that couple in router reports the GUID of the user, one-level to one-level NRS when accessing in user
Blacklist that NRS provides according to operator and user right data determine the user whether access, and the power of the user is set
Limit, while record security examines and account book information.
It is SCSN provided in an embodiment of the present invention main composition and its function above, below in conjunction with some examples to it
In more important function elaborate.
1st, content-aggregated process citing.
SCSN supports content-aggregated.Involved content legality is assumed in this example, as shown in Figure 6:1. equipment C1 is accessed
Router R1 into network is simultaneously sent to request bag P1, to request content CID1;2. router R1 learns that P1 is CID1
Request bag, using LCRS communication modules by information reporting;After 3. LCRS receives request, Context resolution module polls CAMT is obtained
CID1 data distribution, the information is sent back into R1;4. if data corresponding to CID1 do not store in the subdomain, to distal end
Server request content data;5. router R1 according to the distribution of content received to associated router (be router in this example
R2 and router R3) ask the content;6. router R2 and router R3 sends the content number via router R1 to equipment C1
According to.
2nd, content storage process.
SCSN supports content storage.As shown in Figure 7:1. when CID1 packet P1 forwards by router R1, R1 can be incited somebody to action
The packet caches while forwarding;2. when R1 has cached complete CID1 data, R1 asks whether to store CID1 to LCRS
Total data or its fragment;3. LCRS storage strategy module polls CAMT learns CID1 distribution situation, according to storage strategy
Storage and renewal operation are determined, if desired stores, issues store instruction and update CAMT, otherwise send instructions down and allow it to delete
CID1 caching.
3rd, routing mechanism.
For the routing procedure of SCSN packets as shown in figure 8, terminal C1 is located at subdomain D1, terminal C2 is located at subdomain D2, middle
The backbone network of process is IP network, and C1 to C2 data transmission procedure is divided into the following steps:1. C1 is with C2 device identification (202)
Packet is constructed for purpose GUID, and issues the first hop router R12.2. R12 inquires about 202 institutes to NRS1-Lv1 (one-level NRS)
Network address (NA).There is no 202 address binding information in NRS1-Lv1, now return to the device identification of gateway router
(111), the relaying NA as purpose terminal.3. packet reaches gateway router, gateway router inquires about 202 to NRS1-Lv1
The NA at place.4. NRS1-Lv1, in the case of no local address binding information, he can be by the inquiry request of gateway router
It is forwarded to NRS-Lv2 (two level NRS).NRS-Lv2 returns to D2 gateway routers R12 device identification (221) and IP address
(xxx.xxx.xxx.221).5. R11 using 221 as purpose NA write SCSN data packet heads, using xxx.xxx.xxx.221 as
The compatible IP packet header of purpose IP constructions, and packet is sent to backbone network.Packet reaches R21 by IP backbone.6. R21 is solved
SCSN packets are analysed, to the network address of local domain one-level NRS inquiries 202, the network address for obtaining 202 is 224.7. R21 will
Packet is sent to 224,224 and packet is handed into destination host 202.
4th, mobility support.
Moved in the domain of SCSN holding equipments between domain, road under mobile context will be introduced between domain and domain in this example respectively
By device and NRS information interactive process, as shown in Figure 9.
Inter-domain routing:1. equipment C2 is moved to the R24 in D2 domains from the router R33 in D3 domains.2. R33 is to NRS3-Lv1 (one
Level NRS) report leaving for C2.3. R24 reports C2 to access to NRS2-Lv1.4. NRS2-Lv1 judges that C2 is moved between belonging to domain, to
NRS-Lv2 (two level NRS) is reported.5. due to C2 movement, storage forwarding will be carried out by having arrived at R33 data.R33 is inquired about
NRS3-Lv1, packet is sent to gateway router R31.R31 inquires about to obtain C2 network address by two-stage NRS, by data
Bag is forwarded to R21.R21 inquires about NRS2-Lv1, forwards the packet to R24.6. the data that C1 is newly sent will turn along new route
It is sent to R24.
Intra-area routes:7. equipment C2 is moved to R22 in D2 domains from R24.8. R22 reports C2 access to NRS2-Lv1.
The packet transmitted between this time domain still inquires the gateway router up to D2 by two-stage NRS.The packet transmitted in domain leads to
Cross inquiry one-level NRS and route a data packet to R22.
5th, safety verification.
SCSN architectures can refuse the access of malicious user, support active authentication, and can effectively forbid user
Ask and issue illegal content.Figure 10 illustrates the process that system carries out safety verification.
User A request access SCSN networks.System refusal malicious user access and completion authentication process itself are as follows:①
User A connection edge router R2, security password (SecID fields) corresponding with GUID, request access SCSN nets are voluntarily set
Network;2. R2 by GUID the and SecID information reportings that user A is provided to NRS, NRS according to GUID inquire about in subscriber blacklist whether
Have user A, the direct refusal user A accesses SCSN networks if having, otherwise by user management module safeguard user A GUID and
SecID binary group informations, and notify R2 to record the corresponding relation;After 3. user A is by access authentication, R2 secure verification module
By examining, user A sends the SecID fields of packet header and its GUID completes authentication.
User B distributes illegal content to system, and user C asks illegal content.It is authenticated that system carries out content safety
Journey is as follows:4. user B issues content;5. edge router R1 extractions user B sends the CID of content bag, communicated mould by LCRS
Block sends it to LCRS;Do not conform to 6. LCRS has found that the CID corresponds to by Context resolution module polls information filtering table (CFT)
Method content, notice edge router abandon the content and user B are given a warning;7. user C sends content requests;8. edge road
The CID of request bag is sent by device R4 extractions user C, is sent to LCRS;9. LCRS has found that the CID corresponds to illegal content, lead to
Know that edge router refusal services the request and user C is given a warning.
If a user continuously issues a variety of illegal contents or repeatedly asks illegal content, system can use this
Family pipes off, and refusal provides network insertion service for the user within a certain period of time.
Another embodiment of the present invention also provides the implementation method for perceiving and calculating the storage integral intelligent network architecture, main bag
Include:Set and calculate router content-aggregated in storage capacity and support region with perception, set in support region and moved between domain
Property two-stage name resolution server NRS, and set support region in content caching local area content resolution server LCRS;Its
In:
Set router provides the security authentication services based on secure ID SecID, based on device identification GUID's
Data forwarding service and the content service based on content identification CID;
When router receives the packet of user's transmission, type of data packet is first distinguished, storage one is calculated for perceiving
The intelligent network architecture SCSN of body packet, pass through SecID, GUID and CID and LCRS authentication numbers of data packet head
According to the legitimacy of bag content, the authenticity with NRS authentication user identity;Afterwards, judge that by the packet verified be interior
Hold bag or request bag;For content bag, then enter if the packet of content caching is allowed under LCRS scheduling between router
Row collaboration storage, if the packet of mobility support, the forwarding strategy based on GUID, realizes GUID and ground in routing procedure
The dynamic binding of location;For request bag, corresponding CID is then reported into LCRS by router if content requests, then according to LCRS
The distribution of content situation of return is realized content-aggregated;If access request, then passed through by router with NRS communications corresponding
SecID and GUID realizes Access Control to carry out subscriber authentication.
Further, differential service, bag are carried out according to the service identifiers position of data packet head first for content bag, router
Include:
CID is reported LCRS to obtain cache policy by the packet to allowing content caching, router, between router
Collaboration storage is carried out under LCRS scheduling, realizes the shared and multiplexing of resource;
To the packet of mobility support, query router NRS obtains GUID and the dynamic binding of network address, then passes through
Local forward table obtains the next hop router of routing forwarding, if packet retransmission failure, router data storage bag, continues
Inquiry NRS carries out storage forwarding.
Further, the NRS provides the dynamic binding service of GUID and network address;GUID is global invariant, if
Standby network address is with the change of access point and dynamic change, the NRS ensure in the case of constantly being migrated in on-position
To the correct route of equipment;
The NRS uses hierarchy, including:One-level NRS and two level NRS;Wherein one-level NRS is used for intra-area routes, and two
Level NRS is used for inter-domain routing;The device information update and safeguard GUID reflecting to network address that one-level NRS reports according to router
Relation is penetrated, the equipment moved between all generation domains is then calculated and reports two level NRS;Movement is to two level NRS in the domain of equipment
Transparent, it only maintains mapping of the device identification to gateway router address GA, is responsible for routing a data packet to purpose equipment institute
In domain;
One-level NRS classifies to routing inquiry and user access control information, and enters name resolving corresponding to difference
Service and user management module, one-level NRS user management modules are related to user access control and authentication, and by intra domain user
Additions and deletions information be sent to two level NRS;Two level NRS receives the information from one-level NRS and gateway router, is entered by grader
User management module and name resolution service module, renewal and the inquiry operation of two level NRS local informations are related separately to, most at last
Confirmation sends back one-level NRS, and Query Result sends back gateway router.
Further, LCRS is used for the content stored in management domain in network;The content that LCRS reports according to router is delayed
Information updating and maintenance content are deposited to the mapping table CAMT of storage address, and is based on CAMT, storage strategy module and Context resolution
Module, control router carry out content storage and assisting complete it is content-aggregated;LCRS is built always according to certain information filtering scheme
Vertical information filtering table CFT, the legitimacy for the scope of examination;
The LCRS includes:Grader, storage strategy module, Context resolution module and for depositing CAMT and CFT
Memory;The information received is divided into content requests and stores two parts with content by grader, and content requests therein are given
Context resolution module carries out subsequent treatment, and content storage gives storage strategy module to carry out subsequent treatment;
Context resolution module and storage strategy module can all call Context resolution module polls CFT, be for the scope of examination
It is no legal;Continue to inquire about the distribution that CAMT obtains corresponding contents if content legality, in Context resolution module will inquire
Hold the router that distribution is sent to request related content, subsequent treatment is carried out by associated router;Storage strategy module then basis
Storage strategy determines the need for storing corresponding contents, and updates CAMT, while sends relevant instruction to router;If content
Non- rule refusal service.
Further, the logical level respectively application from top to bottom for calculating the storage integral intelligent network architecture is perceived
Layer, transport layer, Internet and link layer;Wherein, router, NRS and LCRS are respectively positioned on Internet;
The Internet includes:Datum plane and control plane;
The function of the datum plane is as follows:Perception of content:Router is perceived and classified according to type of data packet, and
Carry out differential service;Content stores:Router is by CID and type of data packet information reporting LCRS, LCRS contained in packet
Unified planning is stored content in single or multiple router;It is content-aggregated:First hop router receives user content request
After message, LCRS, LCRS is reported to inquire about the distributed intelligence that the CID and returned content store in CAMT the CID of request content,
, will be from some or some routes according to the content-aggregated strategy decision of router after first hop router receives distributed intelligence
It polymerize related content in device;Routing forwarding:Same intradomain router according to GUID forward packet, between multiple domains by
Two level NRS in NRS is route according to the binding information of GUID and address, and because data packet format includes IP heads;
Safety verification:After user permits access, the SecID of user is arranged to the field with GUID bindings, and send it to side
Edge router, the authentication as user class;And for packet caused by user, CFT will be inquired about according to CID and carried out
Filter, the safety verification as content-level;
Realize in the control plane and network configuration and strategy are managed and controlled, including:Context resolution service:By
LCRS inquires about CAMT information, obtains the mapping relations of content and network address;Name resolution service:One-level NRS in NRS is provided
To the analysis service of network address, the two level NRS in NRS provides parsing clothes of the GUID between domain to network address by GUID in domain
Business;Routing forwarding service:During intra-area routes, router parses purpose network address come transmission packet according to one-level NRS;Domain
Between when routeing, gateway router obtains purpose gateway address by inquiring about two level NRS, and packet is carried out so as to pass through backbone network
Transmission;Access Control service:Apply for that couple in router reports the GUID of the user, one-level to one-level NRS when accessing in user
Blacklist that NRS provides according to operator and user right data determine the user whether access, and the power of the user is set
Limit, while record security examines and account book information.
It should be noted that router involved in above method embodiment, NRS and LCRS function, the course of work
And principle, it is similar with described in aforementioned intelligent network architecture embodiment, therefore repeat no more.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art is in the technical scope of present disclosure, the change or replacement that can readily occur in,
It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claims
Enclose and be defined.
Claims (10)
1. a kind of perceive the intelligent network architecture for calculating storage integration, it is characterised in that including:Storage energy is calculated with perceiving
Two-stage name resolution server NRS ambulant between domain in content-aggregated router, support region in power and support region, and
The local area content resolution server LCRS of content caching in support region;Wherein:
Router provides the security authentication services based on secure ID SecID, the data forwarding service based on device identification GUID
With the content service based on content identification CID;
When router receives the packet of user's transmission, type of data packet is first distinguished, storage integration is calculated for perceiving
Intelligent network architecture SCSN packet, pass through SecID, GUID and CID and LCRS authentication packets of data packet head
The legitimacy of content, the authenticity with NRS authentication user identity;Afterwards, judge by the packet verified as content bag
Or request bag;For content bag, then assisted if the packet of content caching is allowed under LCRS scheduling between router
With storage, if the packet of mobility support, the forwarding strategy based on GUID, GUID and address are realized in routing procedure
Dynamic binding;For request bag, corresponding CID is then reported into LCRS by router if content requests, then returned according to LCRS
Distribution of content situation realize it is content-aggregated;If access request, then by router and NRS communications by corresponding SecID with
GUID realizes Access Control to carry out subscriber authentication.
2. a kind of perceive according to claim 1 calculates the integrated intelligent network architecture of storage, it is characterised in that for
Content bag, router carry out differential service according to the service identifiers position of data packet head first, including:
Packet to allowing content caching, CID is reported LCRS to obtain cache policy by router, in LCRS between router
Scheduling under carry out collaboration storage, realize the shared of resource and multiplexing;
To the packet of mobility support, query router NRS obtains GUID and the dynamic binding of network address, then passes through local
Forward table obtains the next hop router of routing forwarding, if packet retransmission failure, router data storage bag, continues to inquire about
NRS carries out storage forwarding.
3. a kind of perceive according to claim 1 calculates the integrated intelligent network architecture of storage, it is characterised in that described
NRS provides the dynamic binding service of GUID and network address;GUID is global invariant, and the network address of equipment is with access point
Change and dynamic change, the NRS ensure in the case of constantly being migrated in on-position to the correct route of equipment;
The NRS uses hierarchy, including:One-level NRS and two level NRS;Wherein one-level NRS is used for intra-area routes, two level NRS
For inter-domain routing;The device information update and safeguard that the mapping of GUID to network address is closed that one-level NRS reports according to router
System, then calculate the equipment moved between all generation domains and report two level NRS;Movement is transparent to two level NRS in the domain of equipment
, it only maintains mapping of the device identification to gateway router address GA, is responsible for domain where routing a data packet to purpose equipment;
One-level NRS classifies to routing inquiry and user access control information, and enters name resolution service corresponding to difference
And user management module, one-level NRS user management modules are related to user access control and authentication, and by the increasing of intra domain user
Delete information and be sent to two level NRS;Two level NRS receives the information from one-level NRS and gateway router, enters access customer by grader
Management module and name resolution service module, renewal and the inquiry operation of two level NRS local informations are related separately to, finally will confirm that
Information sends back one-level NRS, and Query Result sends back gateway router.
4. a kind of perceive according to claim 1 calculates the integrated intelligent network architecture of storage, it is characterised in that LCRS
For the content stored in network in management domain;The content caching information updating and maintenance content that LCRS reports according to router are arrived
The mapping table CAMT of storage address, and CAMT, storage strategy module and Context resolution module are based on, control router carries out content
Store and assist to complete content-aggregated;LCRS establishes information filtering table CFT always according to certain information filtering scheme, for checking
The legitimacy of content;
The LCRS includes:Grader, storage strategy module, Context resolution module and for depositing depositing for CAMT and CFT
Reservoir;The information received is divided into content requests and stores two parts with content by grader, and content requests therein give content
Parsing module carries out subsequent treatment, and content storage gives storage strategy module to carry out subsequent treatment;
Whether Context resolution module and storage strategy module can all call Context resolution module polls CFT, closed for the scope of examination
Method;Continue to inquire about the distribution that CAMT obtains corresponding contents if content legality, Context resolution module divides the content inquired
Cloth is sent to the router of request related content, and subsequent treatment is carried out by associated router;Storage strategy module is then according to storage
Strategy determines the need for storing corresponding contents, and updates CAMT, while sends relevant instruction to router;If content is illegal
Then refusal service.
5. a kind of perceive according to claim 1 calculates the integrated intelligent network architecture of storage, it is characterised in that it is patrolled
It is respectively application layer, transport layer, Internet and link layer from top to bottom to collect level;Wherein, router, NRS and LCRS are respectively positioned on
Internet;
The Internet includes:Datum plane and control plane;
The function of the datum plane is as follows:Perception of content:Router is perceived and classified according to type of data packet, and is carried out
Differential service;Content stores:Router is unified by CID contained in packet and type of data packet information reporting LCRS, LCRS
Planning is stored content in single or multiple router;It is content-aggregated:First hop router receives user content request message
Afterwards, by the CID of request content report LCRS, LCRS inquired about in CAMT the CID and returned content storage distributed intelligence, first
, will be from some or some routers according to the content-aggregated strategy decision of router after hop router receives distributed intelligence
It polymerize related content;Routing forwarding:Packet is forwarded according to GUID in same intradomain router, by NRS between multiple domains
Two level NRS route according to the binding information of GUID and address, and because data packet format includes IP heads;Safety is tested
Card:After user permits access, the SecID of user is arranged to the field with GUID bindings, and send it to edge route
Device, the authentication as user class;And for packet caused by user, will inquire about CFT according to CID is filtered, and is made
For the safety verification of content-level;
Realize in the control plane and network configuration and strategy are managed and controlled, including:Context resolution service:Looked into by LCRS
CAMT information is ask, obtains the mapping relations of content and network address;Name resolution service:One-level NRS in NRS is provided in domain
For GUID to the analysis service of network address, the two level NRS in NRS provides analysis services of the GUID between domain to network address;Road
Serviced by forwarding:During intra-area routes, router parses purpose network address come transmission packet according to one-level NRS;Yu Jian roads
By when, gateway router by inquire about two level NRS obtain purpose gateway address, so as to pass through backbone network carry out packet biography
It is defeated;Access Control service:Apply for that couple in router reports the GUID of the user, one-level NRS to one-level NRS when accessing in user
Blacklist and the user right data provided according to operator determine the user whether access, and the authority of the user is set,
Record security examines and account book information simultaneously.
6. a kind of perceive the implementation method for calculating the storage integral intelligent network architecture, it is characterised in that including:Setting has sense
Know and calculate router content-aggregated in storage capacity and support region, two-stage title solution ambulant between domain in support region is set
Server NRS is analysed, and the local area content resolution server LCRS of content caching in support region is set;Wherein:
Set router provides the security authentication services based on secure ID SecID, the data based on device identification GUID
Forwarding service and the content service based on content identification CID;
When router receives the packet of user's transmission, type of data packet is first distinguished, storage integration is calculated for perceiving
Intelligent network architecture SCSN packet, pass through SecID, GUID and CID and LCRS authentication packets of data packet head
The legitimacy of content, the authenticity with NRS authentication user identity;Afterwards, judge by the packet verified as content bag
Or request bag;For content bag, then assisted if the packet of content caching is allowed under LCRS scheduling between router
With storage, if the packet of mobility support, the forwarding strategy based on GUID, GUID and address are realized in routing procedure
Dynamic binding;For request bag, corresponding CID is then reported into LCRS by router if content requests, then returned according to LCRS
Distribution of content situation realize it is content-aggregated;If access request, then by router and NRS communications by corresponding SecID with
GUID realizes Access Control to carry out subscriber authentication.
7. a kind of implementation method for perceiving the calculating storage integral intelligent network architecture according to claim 6, its feature
It is, for content bag, router carries out differential service according to the service identifiers position of data packet head first, including:
Packet to allowing content caching, CID is reported LCRS to obtain cache policy by router, in LCRS between router
Scheduling under carry out collaboration storage, realize the shared of resource and multiplexing;
To the packet of mobility support, query router NRS obtains GUID and the dynamic binding of network address, then passes through local
Forward table obtains the next hop router of routing forwarding, if packet retransmission failure, router data storage bag, continues to inquire about
NRS carries out storage forwarding.
8. a kind of implementation method for perceiving the calculating storage integral intelligent network architecture according to claim 6, its feature
It is, the NRS provides the dynamic binding service of GUID and network address;GUID is global invariant, the network address of equipment
With the change of access point, dynamic change, the NRS ensure in the case of constantly being migrated in on-position to the correct of equipment
Route;
The NRS uses hierarchy, including:One-level NRS and two level NRS;Wherein one-level NRS is used for intra-area routes, two level NRS
For inter-domain routing;The device information update and safeguard that the mapping of GUID to network address is closed that one-level NRS reports according to router
System, then calculate the equipment moved between all generation domains and report two level NRS;Movement is transparent to two level NRS in the domain of equipment
, it only maintains mapping of the device identification to gateway router address GA, is responsible for domain where routing a data packet to purpose equipment;
One-level NRS classifies to routing inquiry and user access control information, and enters name resolution service corresponding to difference
And user management module, one-level NRS user management modules are related to user access control and authentication, and by the increasing of intra domain user
Delete information and be sent to two level NRS;Two level NRS receives the information from one-level NRS and gateway router, enters access customer by grader
Management module and name resolution service module, renewal and the inquiry operation of two level NRS local informations are related separately to, finally will confirm that
Information sends back one-level NRS, and Query Result sends back gateway router.
9. a kind of implementation method for perceiving the calculating storage integral intelligent network architecture according to claim 6, its feature
It is, LCRS is used for the content stored in management domain in network;Content caching information updating that LCRS is reported according to router and
Maintenance content and is based on CAMT, storage strategy module and Context resolution module, control route to the mapping table CAMT of storage address
Device carry out content storage and assisting complete it is content-aggregated;LCRS establishes information filtering table always according to certain information filtering scheme
CFT, the legitimacy for the scope of examination;
The LCRS includes:Grader, storage strategy module, Context resolution module and for depositing depositing for CAMT and CFT
Reservoir;The information received is divided into content requests and stores two parts with content by grader, and content requests therein give content
Parsing module carries out subsequent treatment, and content storage gives storage strategy module to carry out subsequent treatment;
Whether Context resolution module and storage strategy module can all call Context resolution module polls CFT, closed for the scope of examination
Method;Continue to inquire about the distribution that CAMT obtains corresponding contents if content legality, Context resolution module divides the content inquired
Cloth is sent to the router of request related content, and subsequent treatment is carried out by associated router;Storage strategy module is then according to storage
Strategy determines the need for storing corresponding contents, and updates CAMT, while sends relevant instruction to router;If content is illegal
Then refusal service.
10. a kind of implementation method for perceiving the calculating storage integral intelligent network architecture according to claim 6, its feature
It is, it is respectively application layer, transport layer, network from top to bottom to perceive and calculate the logical level for storing the integral intelligent network architecture
Layer and link layer;Wherein, router, NRS and LCRS are respectively positioned on Internet;
The Internet includes:Datum plane and control plane;
The function of the datum plane is as follows:Perception of content:Router is perceived and classified according to type of data packet, and is carried out
Differential service;Content stores:Router is unified by CID contained in packet and type of data packet information reporting LCRS, LCRS
Planning is stored content in single or multiple router;It is content-aggregated:First hop router receives user content request message
Afterwards, by the CID of request content report LCRS, LCRS inquired about in CAMT the CID and returned content storage distributed intelligence, first
, will be from some or some routers according to the content-aggregated strategy decision of router after hop router receives distributed intelligence
It polymerize related content;Routing forwarding:Packet is forwarded according to GUID in same intradomain router, by NRS between multiple domains
Two level NRS route according to the binding information of GUID and address, and because data packet format includes IP heads;Safety is tested
Card:After user permits access, the SecID of user is arranged to the field with GUID bindings, and send it to edge route
Device, the authentication as user class;And for packet caused by user, will inquire about CFT according to CID is filtered, and is made
For the safety verification of content-level;
Realize in the control plane and network configuration and strategy are managed and controlled, including:Context resolution service:Looked into by LCRS
CAMT information is ask, obtains the mapping relations of content and network address;Name resolution service:One-level NRS in NRS is provided in domain
For GUID to the analysis service of network address, the two level NRS in NRS provides analysis services of the GUID between domain to network address;Road
Serviced by forwarding:During intra-area routes, router parses purpose network address come transmission packet according to one-level NRS;Yu Jian roads
By when, gateway router by inquire about two level NRS obtain purpose gateway address, so as to pass through backbone network carry out packet biography
It is defeated;Access Control service:Apply for that couple in router reports the GUID of the user, one-level NRS to one-level NRS when accessing in user
Blacklist and the user right data provided according to operator determine the user whether access, and the authority of the user is set,
Record security examines and account book information simultaneously.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710743012.7A CN107395500B (en) | 2017-08-25 | 2017-08-25 | Intelligent network architecture integrating perception, calculation and storage and implementation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710743012.7A CN107395500B (en) | 2017-08-25 | 2017-08-25 | Intelligent network architecture integrating perception, calculation and storage and implementation method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107395500A true CN107395500A (en) | 2017-11-24 |
CN107395500B CN107395500B (en) | 2020-03-31 |
Family
ID=60346793
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710743012.7A Active CN107395500B (en) | 2017-08-25 | 2017-08-25 | Intelligent network architecture integrating perception, calculation and storage and implementation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107395500B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108737176A (en) * | 2018-05-20 | 2018-11-02 | 湖北九州云仓科技发展有限公司 | A kind of data gateway control method, electronic equipment, storage medium and framework |
CN109151070A (en) * | 2018-10-26 | 2019-01-04 | 平安科技(深圳)有限公司 | Service scheduling method, the electronic device of point-to-point CDN based on block chain |
CN109474577A (en) * | 2018-10-17 | 2019-03-15 | 太原市高远时代科技有限公司 | A kind of Internet of Things network edge O&M equipment with safety permission function |
CN109525304A (en) * | 2018-12-06 | 2019-03-26 | 中国科学技术大学 | Perceptual computing stores the integrated space intelligent network architecture |
CN109768935A (en) * | 2019-03-14 | 2019-05-17 | 海南梯易易智能科技有限公司 | Wireless router and its method for safe operation with intelligent recognition and filtering function |
CN110650194A (en) * | 2019-09-23 | 2020-01-03 | 中国科学技术大学 | Task execution method based on edge calculation in computer network |
CN112449371A (en) * | 2019-08-30 | 2021-03-05 | 中国移动通信集团广东有限公司 | Performance evaluation method of wireless router and electronic equipment |
CN113206796A (en) * | 2021-04-30 | 2021-08-03 | 网络通信与安全紫金山实验室 | Transfer, calculation and storage integrated cooperative system and method |
WO2022127938A1 (en) * | 2020-12-15 | 2022-06-23 | 中国科学院声学研究所 | Data transmission system having in-network storage capability |
CN114885443A (en) * | 2022-07-01 | 2022-08-09 | 之江实验室 | Multi-mode network control system and method supporting mobile access of terminal |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102143199A (en) * | 2010-10-19 | 2011-08-03 | 华为技术有限公司 | Content acquisition method, node and content network |
CN103686807A (en) * | 2013-12-05 | 2014-03-26 | 中国科学院计算机网络信息中心 | CCN subnet mobile data transmission method |
CN106105135A (en) * | 2014-01-02 | 2016-11-09 | 华为技术有限公司 | Extensible content route and mobility method and device in name data network |
US9678998B2 (en) * | 2014-02-28 | 2017-06-13 | Cisco Technology, Inc. | Content name resolution for information centric networking |
-
2017
- 2017-08-25 CN CN201710743012.7A patent/CN107395500B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102143199A (en) * | 2010-10-19 | 2011-08-03 | 华为技术有限公司 | Content acquisition method, node and content network |
CN103686807A (en) * | 2013-12-05 | 2014-03-26 | 中国科学院计算机网络信息中心 | CCN subnet mobile data transmission method |
CN106105135A (en) * | 2014-01-02 | 2016-11-09 | 华为技术有限公司 | Extensible content route and mobility method and device in name data network |
US9678998B2 (en) * | 2014-02-28 | 2017-06-13 | Cisco Technology, Inc. | Content name resolution for information centric networking |
Non-Patent Citations (1)
Title |
---|
YUANZUN ZHANG ; XIAOBIN TAN ; HAO LIU ; WEIPING LI: "GUID-based mobile visual communication using NDN mechanism", 《2016 VISUAL COMMUNICATIONS AND IMAGE PROCESSING (VCIP)》 * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108737176A (en) * | 2018-05-20 | 2018-11-02 | 湖北九州云仓科技发展有限公司 | A kind of data gateway control method, electronic equipment, storage medium and framework |
CN108737176B (en) * | 2018-05-20 | 2021-10-22 | 湖北九州云仓科技发展有限公司 | Data gateway control method, electronic equipment, storage medium and architecture |
CN109474577A (en) * | 2018-10-17 | 2019-03-15 | 太原市高远时代科技有限公司 | A kind of Internet of Things network edge O&M equipment with safety permission function |
CN109151070A (en) * | 2018-10-26 | 2019-01-04 | 平安科技(深圳)有限公司 | Service scheduling method, the electronic device of point-to-point CDN based on block chain |
CN109151070B (en) * | 2018-10-26 | 2022-04-15 | 平安科技(深圳)有限公司 | Block chain-based service scheduling method and electronic device for point-to-point CDN (content delivery network) |
CN109525304A (en) * | 2018-12-06 | 2019-03-26 | 中国科学技术大学 | Perceptual computing stores the integrated space intelligent network architecture |
CN109525304B (en) * | 2018-12-06 | 2020-10-27 | 中国科学技术大学 | Space intelligent network architecture integrating perception, calculation and storage |
CN109768935A (en) * | 2019-03-14 | 2019-05-17 | 海南梯易易智能科技有限公司 | Wireless router and its method for safe operation with intelligent recognition and filtering function |
CN109768935B (en) * | 2019-03-14 | 2023-10-10 | 海南梯易易智能科技有限公司 | Wireless router with intelligent recognition and filtering functions and safe operation method thereof |
CN112449371A (en) * | 2019-08-30 | 2021-03-05 | 中国移动通信集团广东有限公司 | Performance evaluation method of wireless router and electronic equipment |
CN112449371B (en) * | 2019-08-30 | 2023-08-15 | 中国移动通信集团广东有限公司 | Performance evaluation method of wireless router and electronic equipment |
CN110650194A (en) * | 2019-09-23 | 2020-01-03 | 中国科学技术大学 | Task execution method based on edge calculation in computer network |
WO2022127938A1 (en) * | 2020-12-15 | 2022-06-23 | 中国科学院声学研究所 | Data transmission system having in-network storage capability |
CN113206796A (en) * | 2021-04-30 | 2021-08-03 | 网络通信与安全紫金山实验室 | Transfer, calculation and storage integrated cooperative system and method |
CN114885443A (en) * | 2022-07-01 | 2022-08-09 | 之江实验室 | Multi-mode network control system and method supporting mobile access of terminal |
WO2024000937A1 (en) * | 2022-07-01 | 2024-01-04 | 之江实验室 | Multi-modal network control system and method supporting mobile access of terminal |
US11917523B2 (en) | 2022-07-01 | 2024-02-27 | Zhejiang Lab | Polymorphic network control system and method supporting mobile access of terminal |
Also Published As
Publication number | Publication date |
---|---|
CN107395500B (en) | 2020-03-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107395500A (en) | Perceive the intelligent network architecture and implementation method for calculating storage integration | |
US9521659B2 (en) | Methods and apparatuses for communicating content data to a communications terminal from a local data store | |
CN103581019B (en) | A kind of information centre's network mobility management method of content-based popularity | |
Ahmed et al. | Named data networking for software defined vehicular networks | |
US7933978B2 (en) | Method, device and system for implementing VPN configuration service | |
EP1164754B1 (en) | Methods and arrangements in a telecommunications system | |
US20130188598A1 (en) | Local storage of content in a wireless network | |
CN208656813U (en) | A kind of enterprise branch office's access request processing system | |
CN105553711B (en) | Realize the network architecture and method of land, sea, air, outer space network integration | |
US20130188599A1 (en) | Wireless communication terminal to receive content data from an edge node | |
CN109412953A (en) | A kind of routing iinformation exchange method based on block chain overlay network | |
CN101321384A (en) | Triggering routing optimization method, device and proxy mobile IP system | |
Li et al. | A new method for providing network services: Service function chain | |
CN109525304A (en) | Perceptual computing stores the integrated space intelligent network architecture | |
CN102780701B (en) | Access control method and equipment | |
JP4604142B2 (en) | COMMUNICATION SYSTEM USING NETWORK AND COMMUNICATION DEVICE AND PROGRAM USED FOR THE COMMUNICATION SYSTEM | |
CN101465788A (en) | Method and device for intercommunication of routes between various domain, and route calculation unit | |
CN106888171B (en) | A kind of processing method and processing device of data service | |
CN103997459B (en) | Initiate communication, the forwarding of information/data message and method for configuring route/system | |
CN103095580A (en) | Location information query method, policy server, location server and system | |
Fekih et al. | Secure SDN-based in-network caching scheme for CCN | |
KR101356721B1 (en) | Method for managing host location of router | |
Windmill | Hierarchical network topographical routing | |
CN114189843A (en) | Information processing method and device, control plane network element and proxy network element | |
Bostami et al. | The information-centric networking |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |