CN108173937A - Access control method and device - Google Patents
Access control method and device Download PDFInfo
- Publication number
- CN108173937A CN108173937A CN201711454336.5A CN201711454336A CN108173937A CN 108173937 A CN108173937 A CN 108173937A CN 201711454336 A CN201711454336 A CN 201711454336A CN 108173937 A CN108173937 A CN 108173937A
- Authority
- CN
- China
- Prior art keywords
- server node
- resource
- server
- access request
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1008—Server selection for load balancing based on parameters of servers, e.g. available memory or workload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1014—Server selection for load balancing based on the content of a request
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
This application provides a kind of access control method and device, this method includes:The resource access request to server set pocket transmission is received, resource access request carries the identification information of sender;According to hash algorithm, the cryptographic Hash corresponding to the identification information of sender is calculated;It detects whether to be stored with the corresponding at least one server node of cryptographic Hash, the server node that sender accessed before the corresponding at least one server node of cryptographic Hash is current time;When being stored with the corresponding at least one server node of cryptographic Hash, from least one server node, at least one candidate server node of the load less than predetermined threshold value is determined;From at least one candidate server node, determine for the target server node of process resource access request;Resource access request is distributed into target server node processing.The scheme of the application can improve the process performance of server, reduce the wasting of resources.
Description
Technical field
This application involves technical field of data processing more particularly to a kind of access control methods and device.
Background technology
With the continuous development of network technology, the quantity of network access user also increasingly increases, and with user's visit capacity
Increase, the problem of can bring about high concurrent.It, can be by more in server cluster in order to solve the problems, such as high concurrent
Platform server node carrys out the access request of parallel processing of user.
In server cluster, the access request of user is received by load-balanced server, and will by load equalizer
Access request is transmitted in server cluster and is handled for the server (e.g., web server) of processing business.Wherein, load is equal
In weighing apparatus can preset some load-balancing algorithms, and according to load-balancing algorithm, determine the server of currently processed access request,
However, the required access handled of server node distribution that load equalizer but can not be rationally into server cluster at present please
It asks, it is easy to since the traffic assignments of access request are unreasonable, influence the process performance of server and cause the wasting of resources.
Invention content
In view of this, this application provides a kind of access control method and device, to realize more reasonably for server
Node distributes access request, improves the process performance of server, and reduce the wasting of resources.
To achieve the above object, on the one hand, this application provides a kind of access control method, including:
The resource access request to server set pocket transmission is received, the resource access request carries the mark of sender
Information;
According to hash algorithm, the cryptographic Hash corresponding to the identification information of described sender is calculated;
It detects whether to be stored with the corresponding at least one server node of the cryptographic Hash, the cryptographic Hash is corresponding at least
Load equalizer is the server node that described sender was distributed before one server node is current time;
When being stored with the corresponding at least one server node of the cryptographic Hash, from least one server node
In, determine at least one candidate server node of the load less than predetermined threshold value;
From at least one candidate server node, the target clothes for handling the resource access request are determined
Business device node;
The resource access request is distributed into the target server node processing.
Preferably, it further includes:
When there is no the corresponding at least one server node of the cryptographic Hash or the cryptographic Hash corresponding at least one
There is no candidate server node of the load less than predetermined threshold value in a server node, then according to clothes each in server cluster
The load state of business device node, selects the target server node for handling the resource access request.
Preferably, it is described the resource access request is distributed to the target server node processing after, also wrap
It includes:
The correspondence between the cryptographic Hash and the target server node is stored, by the destination server section
Point identification is the server node that described sender accessed.
Preferably, described according to hash algorithm, before calculating the cryptographic Hash corresponding to the identification information of described sender,
It further includes:
Parse the resource request type that the resource access request is included, the money that the resource access request is included
Source request type includes:One or both of static resource is asked and dynamic resource is asked;
If the resource access request is asked including static resource, static resource request is transmitted to static generation
Server is managed, requested target quiescent resource is asked to obtain the static resource by static agent server;
The target quiescent resource that the static agent server returns is sent to described sender;
If the resource access request includes dynamic resource request, perform it is described according to hash algorithm, described in calculating
The operation of cryptographic Hash corresponding to the identification information of sender;
It is described that the resource access request is distributed into the target server node processing, including:
The dynamic resource is requested assignment into the target server node processing.
Preferably, it is described from least one candidate server node, it determines to access for handling the resource
The target server node of request, including:
If there is a candidate server node, then the candidate server node is determined as the destination server
Node;
If there is multiple candidate server nodes, then it will load minimum candidate server node and be determined as destination service
Device node.
On the other hand, present invention also provides a kind of access control apparatus, including:
Request reception unit, for receiving the resource access request to server set pocket transmission, the resource access request
Carry the identification information of sender;
Hash calculation unit, for according to hash algorithm, calculating the cryptographic Hash corresponding to the identification information of described sender;
Relationship detection unit, for detecting whether being stored with the corresponding at least one server node of the cryptographic Hash, institute
It is the server node that current time foregoing description sender accessed to state the corresponding at least one server node of cryptographic Hash;
Node screening unit, for when being stored with the corresponding at least one server node of the cryptographic Hash, from described
In at least one server node, at least one candidate server node of the load less than predetermined threshold value is determined;
First determination unit, for from least one candidate server node, determining to handle the money
The target server node of source access request;
Allocation unit is asked, is handled for the resource access request to be distributed to the target server node.
Preferably, it further includes:
Second determination unit, for when there is no the corresponding at least one server nodes of the cryptographic Hash or described
Candidate server node of the load less than predetermined threshold value is not present in the corresponding at least one server node of cryptographic Hash, then basis
The load state of each server node in server cluster, selects the destination service for handling the resource access request
Device node.
Preferably, it further includes:
Relationship storage unit, for the resource access request to be distributed to described second really in the request allocation unit
After the target server node that order member is determined, store between the cryptographic Hash and the target server node
The target server node is identified as the server node that described sender accessed by correspondence.
Preferably, it further includes:
Request analysis unit, for calculating the Kazakhstan corresponding to the identification information of described sender in the Hash calculation unit
Before uncommon value, the resource request type that the resource access request is included is parsed, what the resource access request was included
Resource request type includes:One or both of static resource is asked and dynamic resource is asked;
Static treatment unit, if going out the resource access request for the request analysis unit resolves includes static provide
Source is asked, then static resource request is transmitted to static agent server, described in being obtained by static agent server
Static resource asks requested target quiescent resource;
Static returning unit, the target quiescent resource for the static agent server to be returned are sent to described
Sender;
Dynamic processing elements provide if going out the resource access request for the request analysis unit resolves and including dynamic
Source is asked, then performs the operation of the Hash calculation unit;
The request allocation unit, specifically, for the dynamic resource to be requested assignment to the destination server section
Point processing.
Preferably, the node screening unit, including:
First screening subelement, for if there is a candidate server node, then by the candidate server node
It is determined as the target server node;
Second screening subelement, for if there is multiple candidate server nodes, then minimum candidate service will to be loaded
Device node is determined as target server node.
As known from the above, in the embodiment of the present application, if forward direction load equalizer of the sender at current time is sent
Resource access request is crossed, load equalizer can be stored with the mark of the sender after the sender is assigned with server node
Know the corresponding cryptographic Hash of information and the correspondence of the server node.In this way, when the load equalizer is being currently received this
After the resource access request that sender sends, it can determine to work as according to cryptographic Hash corresponding to the identification information of the sender
Once at least one server node of the resource access request of the sender is processed before the preceding moment, and from least one clothes
It is engaged in choosing candidate server node of the load less than predetermined threshold value in device node as the target clothes for handling the resource access request
Business node, the resource access request so as to which same sender is sent are directed to fixed one or more server sections
Point is conducive to the load state with reference to server node, the number of the access request handled by each server node of reasonable distribution
Amount can be realized a large amount of resource access request assigning to different server node, and then realize more reasonable distribution resource
Access request, reduces that part server node load is excessive, and the situation that part server node is more idle, is conducive to subtract
Few wasting of resources, and improve the process performance of server node process resource access request.
Description of the drawings
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or it will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The embodiment of application, for those of ordinary skill in the art, without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 shows a kind of application scenarios schematic diagram that the access control method of the application is applicable in;
Fig. 2 shows a kind of flow diagrams of access control method one embodiment of the application;
Fig. 3 shows a kind of composition structure diagram of access control apparatus one embodiment of the application.
Specific embodiment
The access control method and device of the application can be applied to server cluster, which can be included extremely
A few load equalizer and multiple servers node.
Such as, referring to Fig. 1, it illustrates the signals of a kind of server cluster that a kind of access control method of the application is applicable in
Figure, in this scenario, the server cluster which is applicable in includes a load equalizer 101 and Duo Tai is serviced
Device node 102.
Such as, which can be web server.
Load equalizer 101 is responsible for distributing to the access request for being sent to the server cluster at server node
Reason.
Server node is the node for being used to handle the requested related service of access request in server cluster.
To be introduced by taking a load equalizer as an example in Fig. 1, it is contemplated that the reliability of server cluster and
Stability, can also set more load equalizers in server cluster, and will a wherein main load equalizer of conduct, and incite somebody to action
Remaining load equalizer is as spare load equalizer.
Specifically, in the embodiment of the present application, resource of the load equalizer for receiving to server set pocket transmission is visited
Ask request, which carries the identification information of sender;According to hash algorithm, the mark letter of the sender is calculated
The corresponding cryptographic Hash of breath;It detects whether to be stored with the corresponding at least one server node of the cryptographic Hash, which corresponds to
At least one server node be current time before load equalizer be server node that the sender distributed;When depositing
When containing the corresponding at least one server node of the cryptographic Hash, from least one server node, determine to bear
Carry at least one candidate server node less than predetermined threshold value;From at least one candidate server node, determine
For handling the target server node of the resource access request;The resource access request is distributed into the destination server section
Point processing.
Wherein, the identification information of sender can include:The IP address and MAC Address of the terminal of access request are sent, with
And it initiates one or more in the relevant informations such as the login name of the user of the access request, password.
As it can be seen that in the embodiment of the present application, if forward direction load equalizer of the sender at current time is transmitted across resource
Access request, and load equalizer is assigned with server node for elder generation sender, then the load equalizer can be stored with the hair
Cryptographic Hash corresponding to the identification information of the side of sending and the correspondence of the server node.In this way, when the load equalizer currently connects
It, can be according to cryptographic Hash corresponding to the identification information of the sender, really after the resource access request for receiving sender transmission
Once at least one server node of the resource access request of the sender was processed before making current time, and from this at least
Candidate server node of the load less than predetermined threshold value is chosen in one server node as the processing resource access request
Destination service node, the resource access request so as to which same sender is sent are directed to fixed one or more clothes
Business device node is conducive to determine the quantity of the access request handled by each server node, in this way with reference to server node
Load state is conducive to a large amount of resource access request assigning to different server node, so as to fulfill more reasonable distribution
Resource access request, reduces that part server node load is excessive, and the situation that part server node is more idle, favorably
In the reduction wasting of resources, and improve the process performance of server node process resource access request.
Further, when there is no at least one server sections corresponding with the cryptographic Hash calculated in load equalizer
There is no candidate server section of the load less than predetermined threshold value in point or the corresponding at least one server node of the cryptographic Hash
Point, then load equalizer can select to handle this according to the load state of server node each in server cluster
The target server node of resource access request.
Correspondingly, it is visited in load equalizer there is no in the case of the corresponding server node of cryptographic Hash by resource
Ask after requesting assignment to target server node processing, can also store the cryptographic Hash and the target server node it
Between correspondence, the target server node is identified as the server node that described sender accessed, in this way, after
The resource access request that the sender sends is reassigned to the server node by continuous foundation based on the correspondence.
Alternatively, in order to enable server node can the service logic be good at of single-minded processing, with
The read-write efficiency of server node is improved, can also be included and load equalizer phase in the server cluster of the embodiment of the present application
Static agent server 103 even.In this way, load equalizer can will ask the access of static resource in resource access request
It asks and is transmitted to the static agent server 103 to handle, without being handled in the server node by being used for processing business.
Wherein, static resource or static agent server 103 and text can be stored in the static agent server
Part server 104 is connected, which can obtain requested static resource from file server.
Certainly, database 105 can also be included in the server cluster, which can be from database 105
Obtain the related data needed for processing business.The database 105 may alternatively be a data-base cluster, not limited herein
System.
With reference to more than general character, referring to Fig. 2, it illustrates a kind of flows of access control method one embodiment of the application to show
It is intended to, the present embodiment is described from the angle of load equalizer, and the method for the present embodiment can include:
S201 receives the resource access request that client is sent.
Such as, the resource address where requested resource can be included in the resource access request, which can be with
For uniform resource locator (Uniform Resource Location, URL) etc..
It is understood that in addition to including the resource for asking to access in the resource access request sent in the client
Except relevant information, the relevant information of the sender of the resource access request can also be sent, e.g., the IP address of sender, with
And the equipment phase with sender such as media access control (Media Access Control, MAC) address of the equipment of sender
The information of pass can also include the relevant information of the corresponding user of sender, such as the user name of user, password.
S202 parses resource request type included in the resource access request.
Wherein, ask the resource type accessed that can include in static resource and dynamic resource in resource access request
One or two, correspondingly, resource request type can be divided into static resource request and dynamic resource asks two kinds.An and money
It can include in the access request of source:One or both of static resource is asked and dynamic resource is asked.
Wherein, static resource request is for asking static resource, and e.g., static resource can include:Pictorial information, static page
Face, document, template, js files etc..
And dynamic resource request is used for request dynamic resource, dynamic resource is the resource except static resource.
S203 includes static resource request if parsed, which is asked in the resource access request
Static agent server is sent to, requested target quiescent is asked to provide to obtain the static resource by static agent server
Source.
It is understood that specific business logic processing is carried out since static resource does not need to server, at this
Apply in embodiment, in order to reduce the burden of the server node for processing business logic, for being wrapped in resource access request
The static resource request contained, then can ask to be transmitted to static agent server to handle by the static resource.
Such as, in one implementation, static agent server can be asked according to static resource, from file server
It obtains the static resource and asks requested target quiescent resource, and the target quiescent resource got is returned into load balancing
Device, so that the target quiescent resource directly is returned to the client by load equalizer.
S204, when receiving static agent server for the returned target quiescent resource of static resource request,
The target quiescent resource is sent to the client.
It should be noted that above step S202 to S204 is a kind of optional step, without the concern for reduction server
In the case of the type of service that node is born, as above step S202 and step S204 can not also be performed.
Certainly, in the resource access request is parsed do not include static resource request in the case of, without perform with
Upper step S203 and S204.
S205 includes dynamic resource request if parsed in the resource access request, obtaining resource access please
The identification information of entrained sender is sought, and the cryptographic Hash that the identification information for calculating the sender is corresponding.
Such as, the identification information of the sender can be parsed from resource access request.
Wherein, the identification information of the sender can include the IP address of the terminal of sender noted earlier, send
The MAC Address of terminal, the user name of user of sender, the password of user of sender and the user-association of sender of side
User information etc. in it is one or more.
It is understood that after the identification information of sender is determined, preset hash algorithm can be utilized, to count
Calculate cryptographic Hash corresponding to the identification information of the sender, in the case that the identification information of sender determines, the Hash that calculates
Value is fixed, so as to be conducive to subsequently be based on cryptographic Hash, determines to process the server of the resource access request of the sender
Node.
Wherein, it when calculating cryptographic Hash corresponding to identification information of the transmission, can calculate preset different Hash as needed
Method does not limit herein.
S206 is detected and the corresponding node set of the cryptographic Hash whether is stored in the load equalizer, if it is, performing
Step S207;If it is not, then perform step S209.
Wherein, which includes at least one server node.Clothes in the corresponding node set of the cryptographic Hash
Business device node be:Load equalizer is the server node of sender distribution before current time.It may also be said that the set of node
Server node in conjunction is:By the server node for the resource access request for processing the sender before current time.
It should be noted that in the present embodiment, for ease of description, with load equalizer store different cryptographic Hash with
It is introduced for the correspondence of node set, but it is understood that, in practical applications, for each cryptographic Hash,
Load equalizer can also directly store the correspondence of the cryptographic Hash and at least one server node.
S207 is detected at least one server node that the node set includes, if be there is load and is less than default threshold
At least one candidate server node of value, if it is, performing step S208;If it is not, then perform step S209.
It should be noted that in the embodiment of the present application, for the ease of distinguishing, by the corresponding at least one service of cryptographic Hash
In device node, load is known as candidate server node less than the server node of predetermined threshold value.
Wherein, which can be set as needed, and e.g., load is less than the CPU that predetermined threshold value can be server
It is used using, memory, IO consumption etc. is less than preset ratio etc..
It is understood that in order to avoid the load excessive of some server node, the corresponding section of cryptographic Hash is being determined
After point set, it is also necessary to whether the load for detecting each server node in the node set is less than predetermined threshold value, so as to
Portfolio handled by balanced each server node.
If correspondingly, there is candidate server node of the load less than predetermined threshold value in the node set, can hold
The follow-up step S208 of row, to determine the service for handling the dynamic resource access request from candidate server node
Device node;If there is no loads in the node set to be less than default preset candidate server node, illustrate currently to have divided
The load of multiple server nodes of the dispensing sender is larger, and the resource access for being not suitable for continuing with the sender please
It asks, in that case, needs to perform step S209 to be that the sender determines server node again.
S208 from least one candidate server node, determines the target for handling dynamic resource request
Dynamic resource request is sent to the target server node by server node.
Wherein, after dynamic resource request being sent to target server node, the destination server section can be passed through
Point for the client return the dynamic resource request request access dynamic resource.
It is understood that load might have one or more less than the candidate server node of predetermined threshold value, waiting
The candidate server node only there are one in the case of, then can be determined as handling the dynamic resource by election server node
The target server node of request.
Candidate server node have it is multiple in the case of, random algorithm may be used, from multiple candidate server section
A candidate server node is randomly selected out in point as the target server node.Optionally, in order to further closing
Reason is server node distribution resource access request, in multiple candidate server node, can will load minimum candidate
Server node is determined as the target server node.
It should be noted that above step S205 to S208 is introduced for handling dynamic resource request, still
It is understood that if load equalizer after resource access request is received, is wrapped in uncertain resource access request
The type of the resource request contained can also directly perform step S205 to step S208, so that load equalizer determines to be used for
Handle the target server node of the resource access request.
S209 from server cluster, determines have the corresponding business processing permission of dynamic resource request extremely
A few server node undetermined.
It is understood that since different dynamic resources asks requested dynamic resource difference, only server section
Point has the function of handling the corresponding dynamic resource of dynamic resource request, can just handle dynamic resource request, therefore,
It needs first to determine have the server node for handling the corresponding business processing permission of dynamic resource request.
For the ease of distinguishing, the embodiment of the present application will be provided with handling the corresponding business processing power of dynamic resource request
The server node of limit is known as server node undetermined.
S210, according to the load state of at least one server node undetermined, from least one server section undetermined
The target server node for handling dynamic resource request is determined in point, dynamic resource request is sent to the target
Server node.
Such as, from least one server node undetermined, the minimum server node undetermined of load is selected as mesh
Mark server node.Either, in the server node undetermined from load less than targets threshold, a server is randomly selected out
Node is as the target server node.
As it can be seen that the corresponding at least one server node of the cryptographic Hash or the Kazakhstan are not present in load equalizer
It wishes and candidate server node of the load less than predetermined threshold value is not present in the corresponding at least one server node of value, then load equal
Weighing apparatus selects to handle the resource access request according to the load state of server node each in server cluster
Target server node.It is understood that above step S209 and S210 choose for load equalizer from server cluster
A kind of realization method of target server node is applied equally to the embodiment of the present application, herein not for other realization methods
It limits.
S211 stores the correspondence between the cryptographic Hash and the target server node.
Wherein, the purpose for storing the correspondence between the cryptographic Hash and target server node is to take the target
Business device node identification is the server node that sender accessed, i.e., it is the sender that target server node, which is load equalizer,
The server node of the resource access request for being used to handle sender transmission of distribution.
A kind of access control method of corresponding the application, present invention also provides a kind of access control apparatus.
Such as, referring to Fig. 3, it illustrates a kind of composition structure diagram of access control apparatus one embodiment of the application,
Device is applied to the load equalizer in server cluster, which can include:
Request reception unit 301, for receiving the resource access request to server set pocket transmission, the resource accesses please
Seek the identification information for carrying sender;
Hash calculation unit 302, for according to hash algorithm, calculating the Hash corresponding to the identification information of described sender
Value;
Relationship detection unit 303, for detecting whether the corresponding at least one server node of the cryptographic Hash is stored with,
The corresponding at least one server node of the cryptographic Hash is the server node that current time foregoing description sender accessed;
Node screening unit 304, for when being stored with the corresponding at least one server node of the cryptographic Hash, from institute
It states at least one server node, determines at least one candidate server node of the load less than predetermined threshold value;
First determination unit 305, it is described for handling for from least one candidate server node, determining
The target server node of resource access request;
Allocation unit 306 is asked, is handled for the resource access request to be distributed to the target server node.
In one implementation, which can also include:
Second determination unit, for when there is no the corresponding at least one server nodes of the cryptographic Hash or described
Candidate server node of the load less than predetermined threshold value is not present in the corresponding at least one server node of cryptographic Hash, then basis
The load state of each server node in server cluster, selects the destination service for handling the resource access request
Device node.
Further, which can also include:
Relationship storage unit, for the resource access request to be distributed to described second really in the request allocation unit
After the target server node that order member is determined, store between the cryptographic Hash and the target server node
The target server node is identified as the server node that described sender accessed by correspondence.
In a kind of possible realization method, which can also include:
Request analysis unit, for calculating the Kazakhstan corresponding to the identification information of described sender in the Hash calculation unit
Before uncommon value, the resource request type that the resource access request is included is parsed, what the resource access request was included
Resource request type includes:One or both of static resource is asked and dynamic resource is asked;
Static treatment unit, if going out the resource access request for the request analysis unit resolves includes static provide
Source is asked, then static resource request is transmitted to static agent server, described in being obtained by static agent server
Static resource asks requested target quiescent resource;
Static returning unit, the target quiescent resource for the static agent server to be returned are sent to described
Sender;
Dynamic processing elements provide if going out the resource access request for the request analysis unit resolves and including dynamic
Source is asked, then performs the operation of the Hash calculation unit;
The request allocation unit, specifically, for the dynamic resource to be requested assignment to the destination server section
Point processing.
Alternatively, the node screening unit, including:
First screening subelement, for if there is a candidate server node, then by the candidate server node
It is determined as the target server node;
Second screening subelement, for if there is multiple candidate server nodes, then minimum candidate service will to be loaded
Device node is determined as target server node.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight
Point explanation is all difference from other examples, and just to refer each other for identical similar part between each embodiment.
For device class embodiment, since it is basicly similar to embodiment of the method, so description is fairly simple, related part is joined
See the part explanation of embodiment of the method.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or equipment including a series of elements not only include that
A little elements, but also including other elements that are not explicitly listed or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except also there are other identical elements in the process including element, method, article or equipment.
The foregoing description of the disclosed embodiments enables those skilled in the art to realize or use the present invention.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can
Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited
The embodiments shown herein is formed on, and is to fit to consistent with the principles and novel features disclosed herein most wide
Range.
It the above is only the preferred embodiment of the present invention, it is noted that those skilled in the art are come
It says, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications also should be regarded as
Protection scope of the present invention.
Claims (10)
1. a kind of access control method, which is characterized in that including:
The resource access request to server set pocket transmission is received, the resource access request carries the mark letter of sender
Breath;
According to hash algorithm, the cryptographic Hash corresponding to the identification information of described sender is calculated;
It detects whether to be stored with the corresponding at least one server node of the cryptographic Hash, the cryptographic Hash is corresponding at least one
Load equalizer is the server node that described sender was distributed before server node is current time;
When being stored with the corresponding at least one server node of the cryptographic Hash, from least one server node,
Determine at least one candidate server node of the load less than predetermined threshold value;
From at least one candidate server node, the destination server for handling the resource access request is determined
Node;
The resource access request is distributed into the target server node processing.
2. access control method according to claim 1, which is characterized in that further include:
When there is no the corresponding at least one server node of the cryptographic Hash or the corresponding at least one clothes of the cryptographic Hash
It is engaged in device node there is no candidate server node of the load less than predetermined threshold value, then according to server each in server cluster
The load state of node selects the target server node for handling the resource access request.
3. access control method according to claim 2, which is characterized in that distribute the resource access request described
After target server node processing, further include:
The correspondence between the cryptographic Hash and the target server node is stored, by the target server node mark
Know the server node accessed for described sender.
4. access control method according to claim 1 or 2, which is characterized in that described according to hash algorithm, calculate institute
Before stating the cryptographic Hash corresponding to the identification information of sender, further include:
The resource request type that the resource access request is included is parsed, the resource that the resource access request is included please
Type is asked to include:One or both of static resource is asked and dynamic resource is asked;
If the resource access request is asked including static resource, static resource request is transmitted to static agent clothes
Business device obtains the requested target quiescent resource of the static resource request to pass through static agent server;
The target quiescent resource that the static agent server returns is sent to described sender;
If the resource access request is asked including dynamic resource, the foundation hash algorithm is performed, calculates the transmission
The operation of cryptographic Hash corresponding to the identification information of side;
It is described that the resource access request is distributed into the target server node processing, including:
The dynamic resource is requested assignment into the target server node processing.
5. access control method according to claim 1 or 2, which is characterized in that described from least one candidate clothes
It is engaged in device node, determines the target server node for handling the resource access request, including:
If there is a candidate server node, then the candidate server node is determined as the destination server section
Point;
If there is multiple candidate server nodes, then it will load minimum candidate server node and be determined as destination server section
Point.
6. a kind of access control apparatus, which is characterized in that including:
Request reception unit, for receiving the resource access request to server set pocket transmission, the resource access request carries
There is the identification information of sender;
Hash calculation unit, for according to hash algorithm, calculating the cryptographic Hash corresponding to the identification information of described sender;
Relationship detection unit, for detecting whether being stored with the corresponding at least one server node of the cryptographic Hash, the Kazakhstan
The corresponding at least one server node of uncommon value is the server node that current time foregoing description sender accessed;
Node screening unit, for when being stored with the corresponding at least one server node of the cryptographic Hash, from it is described at least
In one server node, at least one candidate server node of the load less than predetermined threshold value is determined;
First determination unit, for from least one candidate server node, determining to visit for handling the resource
Ask the target server node of request;
Allocation unit is asked, is handled for the resource access request to be distributed to the target server node.
7. access control apparatus according to claim 6, which is characterized in that further include:
Second determination unit, for when there is no the corresponding at least one server node of the cryptographic Hash or the Hash
It is worth in corresponding at least one server node there is no candidate server node of the load less than predetermined threshold value, then according to service
The load state of each server node in device cluster selects the destination server section for handling the resource access request
Point.
8. access control apparatus according to claim 7, which is characterized in that further include:
Relationship storage unit determines list for the resource access request to be distributed to described second in the request allocation unit
After the target server node that member is determined, store corresponding between the cryptographic Hash and the target server node
The target server node is identified as the server node that described sender accessed by relationship.
9. the access control apparatus described according to claim 6 or 7, which is characterized in that further include:
Request analysis unit, for calculating the cryptographic Hash corresponding to the identification information of described sender in the Hash calculation unit
Before, the resource request type that the resource access request is included, the resource that the resource access request is included are parsed
Request type includes:One or both of static resource is asked and dynamic resource is asked;
Static treatment unit, please including static resource if going out the resource access request for the request analysis unit resolves
It asks, then static resource request is transmitted to static agent server, to obtain the static state by static agent server
The requested target quiescent resource of resource request;
Static returning unit, the target quiescent resource for the static agent server to be returned are sent to the transmission
Side;
Dynamic processing elements, please including dynamic resource if going out the resource access request for the request analysis unit resolves
It asks, then performs the operation of the Hash calculation unit;
The request allocation unit, specifically, for the dynamic resource to be requested assignment at the target server node
Reason.
10. the access control apparatus described according to claim 6 or 7, which is characterized in that the node screening unit, including:
First screening subelement, for if there is a candidate server node, then determining the candidate server node
For the target server node;
Second screening subelement, for if there is multiple candidate server nodes, then minimum candidate server section will to be loaded
Point is determined as target server node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711454336.5A CN108173937A (en) | 2017-12-28 | 2017-12-28 | Access control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711454336.5A CN108173937A (en) | 2017-12-28 | 2017-12-28 | Access control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108173937A true CN108173937A (en) | 2018-06-15 |
Family
ID=62518988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711454336.5A Pending CN108173937A (en) | 2017-12-28 | 2017-12-28 | Access control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173937A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109189578A (en) * | 2018-09-06 | 2019-01-11 | 北京京东尚科信息技术有限公司 | Storage server distribution method, device, management server and storage system |
| CN109767341A (en) * | 2018-12-13 | 2019-05-17 | 平安医疗健康管理股份有限公司 | A kind of service request processing method, processing unit and terminal |
| CN110086886A (en) * | 2019-05-14 | 2019-08-02 | 北京天融信网络安全技术有限公司 | Dynamic session keeping method and device |
| CN110708374A (en) * | 2019-09-30 | 2020-01-17 | 北京高途云集教育科技有限公司 | Distribution method and distribution device of edge nodes and readable storage medium |
| CN110874371A (en) * | 2018-08-31 | 2020-03-10 | 杭州海康威视数字技术股份有限公司 | Data analysis system, method and device |
| CN111124532A (en) * | 2019-11-29 | 2020-05-08 | 北京浪潮数据技术有限公司 | Service loading method and device, electronic equipment and storage medium |
| CN111225059A (en) * | 2020-01-10 | 2020-06-02 | 中移(杭州)信息技术有限公司 | Network request resource scheduling method and device, electronic equipment and storage medium |
| CN111338793A (en) * | 2020-02-14 | 2020-06-26 | 拉扎斯网络科技(上海)有限公司 | Cluster task distribution method, device, equipment and storage medium |
| CN111683144A (en) * | 2020-06-08 | 2020-09-18 | 北京字节跳动网络技术有限公司 | Method and device for processing access request, computer equipment and storage medium |
| CN112231108A (en) * | 2020-11-02 | 2021-01-15 | 网易(杭州)网络有限公司 | Task processing method and device, computer readable storage medium and server |
| WO2021018183A1 (en) * | 2019-07-31 | 2021-02-04 | 华为技术有限公司 | Resource allocation method and resource offloading method |
| CN113141260A (en) * | 2021-06-22 | 2021-07-20 | 深圳市光联世纪信息科技有限公司 | Secure access method, system and equipment based on software-defined wide area network (SD-WAN) |
| CN113296924A (en) * | 2020-04-28 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Content distribution method, device, system and storage medium |
| CN113377866A (en) * | 2021-06-10 | 2021-09-10 | 全球能源互联网研究院有限公司 | Load balancing method and device for virtualized database proxy service |
| CN114285903A (en) * | 2021-12-16 | 2022-04-05 | 奇安信科技集团股份有限公司 | Request processing method, device and system and electronic equipment |
| CN114777928A (en) * | 2022-05-09 | 2022-07-22 | 华能国际电力股份有限公司井冈山电厂 | Infrared imaging monitoring and early warning method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102056333A (en) * | 2009-11-05 | 2011-05-11 | 中国移动通信集团河南有限公司 | WAP (wireless application protocol) gateway, service processing method thereof and WAP proxy server |
| CN103347089A (en) * | 2013-07-16 | 2013-10-09 | 星云融创(北京)信息技术有限公司 | Method and device for separating and accelerating dynamic resources and static resources of website |
| CN106998370A (en) * | 2017-06-15 | 2017-08-01 | 北京微影时代科技有限公司 | Access control method, device and system |
| CN107026907A (en) * | 2017-03-30 | 2017-08-08 | 上海斐讯数据通信技术有限公司 | A kind of load-balancing method, load equalizer and SiteServer LBS |
| WO2017146333A1 (en) * | 2016-02-22 | 2017-08-31 | (주)코인플러그 | Forgery/tampering verification system and method for financial institution certificates based on blockchain |
| CN107426332A (en) * | 2017-08-10 | 2017-12-01 | 华南理工大学 | The load-balancing method and system of a kind of web server cluster |
-
2017
- 2017-12-28 CN CN201711454336.5A patent/CN108173937A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102056333A (en) * | 2009-11-05 | 2011-05-11 | 中国移动通信集团河南有限公司 | WAP (wireless application protocol) gateway, service processing method thereof and WAP proxy server |
| CN103347089A (en) * | 2013-07-16 | 2013-10-09 | 星云融创(北京)信息技术有限公司 | Method and device for separating and accelerating dynamic resources and static resources of website |
| WO2017146333A1 (en) * | 2016-02-22 | 2017-08-31 | (주)코인플러그 | Forgery/tampering verification system and method for financial institution certificates based on blockchain |
| CN107026907A (en) * | 2017-03-30 | 2017-08-08 | 上海斐讯数据通信技术有限公司 | A kind of load-balancing method, load equalizer and SiteServer LBS |
| CN106998370A (en) * | 2017-06-15 | 2017-08-01 | 北京微影时代科技有限公司 | Access control method, device and system |
| CN107426332A (en) * | 2017-08-10 | 2017-12-01 | 华南理工大学 | The load-balancing method and system of a kind of web server cluster |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110874371A (en) * | 2018-08-31 | 2020-03-10 | 杭州海康威视数字技术股份有限公司 | Data analysis system, method and device |
| CN109189578A (en) * | 2018-09-06 | 2019-01-11 | 北京京东尚科信息技术有限公司 | Storage server distribution method, device, management server and storage system |
| CN109189578B (en) * | 2018-09-06 | 2022-04-12 | 北京京东尚科信息技术有限公司 | Storage server allocation method, device, management server and storage system |
| CN109767341A (en) * | 2018-12-13 | 2019-05-17 | 平安医疗健康管理股份有限公司 | A kind of service request processing method, processing unit and terminal |
| CN109767341B (en) * | 2018-12-13 | 2024-04-16 | 深圳平安医疗健康科技服务有限公司 | Service request processing method, processing device and terminal |
| CN110086886A (en) * | 2019-05-14 | 2019-08-02 | 北京天融信网络安全技术有限公司 | Dynamic session keeping method and device |
| WO2021018183A1 (en) * | 2019-07-31 | 2021-02-04 | 华为技术有限公司 | Resource allocation method and resource offloading method |
| CN110708374A (en) * | 2019-09-30 | 2020-01-17 | 北京高途云集教育科技有限公司 | Distribution method and distribution device of edge nodes and readable storage medium |
| CN110708374B (en) * | 2019-09-30 | 2022-02-22 | 北京高途云集教育科技有限公司 | Distribution method and distribution device of edge nodes and readable storage medium |
| CN111124532A (en) * | 2019-11-29 | 2020-05-08 | 北京浪潮数据技术有限公司 | Service loading method and device, electronic equipment and storage medium |
| CN111225059A (en) * | 2020-01-10 | 2020-06-02 | 中移(杭州)信息技术有限公司 | Network request resource scheduling method and device, electronic equipment and storage medium |
| CN111338793A (en) * | 2020-02-14 | 2020-06-26 | 拉扎斯网络科技(上海)有限公司 | Cluster task distribution method, device, equipment and storage medium |
| CN113296924A (en) * | 2020-04-28 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Content distribution method, device, system and storage medium |
| CN113296924B (en) * | 2020-04-28 | 2022-07-22 | 阿里巴巴集团控股有限公司 | Content distribution method, device, system and storage medium |
| CN111683144A (en) * | 2020-06-08 | 2020-09-18 | 北京字节跳动网络技术有限公司 | Method and device for processing access request, computer equipment and storage medium |
| CN111683144B (en) * | 2020-06-08 | 2022-06-17 | 北京字节跳动网络技术有限公司 | Method and device for processing access request, computer equipment and storage medium |
| CN112231108A (en) * | 2020-11-02 | 2021-01-15 | 网易(杭州)网络有限公司 | Task processing method and device, computer readable storage medium and server |
| CN113377866A (en) * | 2021-06-10 | 2021-09-10 | 全球能源互联网研究院有限公司 | Load balancing method and device for virtualized database proxy service |
| CN113141260A (en) * | 2021-06-22 | 2021-07-20 | 深圳市光联世纪信息科技有限公司 | Secure access method, system and equipment based on software-defined wide area network (SD-WAN) |
| CN114285903A (en) * | 2021-12-16 | 2022-04-05 | 奇安信科技集团股份有限公司 | Request processing method, device and system and electronic equipment |
| CN114285903B (en) * | 2021-12-16 | 2024-04-19 | 奇安信科技集团股份有限公司 | Request processing method, device and system and electronic equipment |
| CN114777928A (en) * | 2022-05-09 | 2022-07-22 | 华能国际电力股份有限公司井冈山电厂 | Infrared imaging monitoring and early warning method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108173937A (en) | Access control method and device | |
| CN103716251B (en) | For the load-balancing method and equipment of content distributing network | |
| US11245770B2 (en) | Locality based content distribution | |
| CN107317879B (en) | A kind of distribution method and system of user's request | |
| US8959225B2 (en) | Cooperative caching method and contents providing method using request apportioning device | |
| KR101383905B1 (en) | method and apparatus for processing server load balancing with the result of hash function | |
| CN103544324B (en) | A kind of data access method of kernel state, apparatus and system | |
| CN108173774B (en) | Client upgrading method and system | |
| US20020069279A1 (en) | Apparatus and method for routing a transaction based on a requested level of service | |
| US20020032777A1 (en) | Load sharing apparatus and a load estimation method | |
| CN109302498A (en) | A kind of network resource access method and device | |
| CN108933829A (en) | A kind of load-balancing method and device | |
| CN107332908A (en) | A kind of data transmission method and its system | |
| CN105337786A (en) | Server performance detection method, apparatus and equipment | |
| CN110336848A (en) | A kind of dispatching method and scheduling system, equipment of access request | |
| CN106230992B (en) | A kind of load-balancing method and load balancing node | |
| CN110086886A (en) | Dynamic session keeping method and device | |
| CN105915621A (en) | Data access method and pretreatment server | |
| CN107347015A (en) | A kind of recognition methods of content distributing network, apparatus and system | |
| US8166100B2 (en) | Cross site, cross domain session sharing without database replication | |
| CN110650209A (en) | Method and device for realizing load balance | |
| CN107172214A (en) | A kind of service node with load balancing finds method and device | |
| CN106899564A (en) | A kind of login method and device | |
| JP2007219637A (en) | Load balancing system and program therefor | |
| CN105025042B (en) | A kind of method and system of determining data information, proxy server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 building 710 room research Applicant after: BEIJING CHINA POWER INFORMATION TECHNOLOGY Co.,Ltd. Applicant after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. Applicant after: STATE GRID CORPORATION OF CHINA Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 building 710 room research Applicant before: BEIJING CHINA POWER INFORMATION TECHNOLOGY Co.,Ltd. Applicant before: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. Applicant before: State Grid Corporation of China |
|
| CB02 | Change of applicant information | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190722 Address after: 100085 Building 32-3-4108-4109, Pioneer Road, Haidian District, Beijing Applicant after: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd. Applicant after: STATE GRID CORPORATION OF CHINA Applicant after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 building 710 room research Applicant before: BEIJING CHINA POWER INFORMATION TECHNOLOGY Co.,Ltd. Applicant before: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. Applicant before: STATE GRID CORPORATION OF CHINA |
|
| TA01 | Transfer of patent application right | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180615 |
|
| RJ01 | Rejection of invention patent application after publication |