CN108183950A

CN108183950A - A kind of network equipment establishes the method and device of connection

Info

Publication number: CN108183950A
Application number: CN201711459081.1A
Authority: CN
Inventors: 徐勇刚
Original assignee: New H3C Technologies Co Ltd
Current assignee: New H3C Technologies Co Ltd
Priority date: 2017-12-28
Filing date: 2017-12-28
Publication date: 2018-06-19
Anticipated expiration: 2037-12-28
Also published as: CN108183950B

Abstract

An embodiment of the present invention provides the method and devices that a kind of network equipment establishes connection, belong to field of communication technology.The method is applied to management server, the method includes：The connection request that the network equipment is sent is received, the device identification of the network equipment is carried in the connection request；If it is determined that the network equipment is legitimate device, then blacklist list is obtained；If the blacklist list is not sky, judge the device identification of the network equipment whether is included in the blacklist list；If it is, refusal is established websocket with the network equipment and connect, otherwise, establish websocket with the network equipment and connect；If the blacklist list is sky, establishes websocket with the network equipment and connect, and according to preset blacklist generation strategy, device identification is added in the blacklist list.Using the embodiment of the present invention, the connection resource of management server can be effectively saved, avoids the occurrence of the insufficient situation of connection resource.

Description

A kind of network equipment establishes the method and device of connection

Technical field

The present invention relates to fields of communication technology, and the method and device of connection is established more particularly to a kind of network equipment.

Background technology

With the development of cloud computing, the application of cloud computing is more and more extensive, and the type of the network equipment in cloud scene is got over Come more.In order to which these network equipments are carried out with unified monitoring and management, administrator can set cloud platform in a network Management server.User in cloud platform can register the network equipment for needing to supervise, management server in management server The status information of these network equipments can be then obtained and store, so that user is checked.

Specifically processing procedure is：User's registration management account in management server, and the network that needs is set to supervise Equipment.Management server stores the device identification of these network equipments.The network equipment sends Hyper text transfer to management server Agreement (English：Hyper Text Transfer Protocol, referred to as：HTTP it) asks, the net is carried in the HTTP request The device identification of network equipment.In the device identification that management server judgement is locally stored, if there are the device identifications.If it deposits The network equipment is then being judged for legitimate device, and the domain name addresses of access is then sent to the network equipment.The network equipment passes through The domain name addresses sends WebSocket connection requests, and the equipment mark of the network equipment is carried in WebSocket connection requests Know.In the device identification that management server judgement is locally stored, if there are the device identification, if it is present judging the net Network equipment is legitimate device, and access processing is done to the network equipment.The network equipment is connected by WebSocket to management server Sending device status information, status information of equipment can include the information such as cpu busy percentage, memory usage, temperature.Management service Device stores the status information of equipment received into database, so that user is checked.

However, the connection resource of management server is limited, increase with the number of users of cloud platform, management server It is susceptible to the insufficient situation of connection resource.

Invention content

A kind of method and device for being designed to provide network equipment and establishing connection of the embodiment of the present invention, is saved with realizing The connection resource of management server, so as to avoid the occurrence of the insufficient situation of connection resource.Specific technical solution is as follows：

In a first aspect, providing a kind of method that network equipment establishes connection, the method is applied to management server, institute The method of stating includes：

The connection request that the network equipment is sent is received, the equipment mark of the network equipment is carried in the connection request Know；

If it is determined that the network equipment is legitimate device, then blacklist list is obtained；

If the blacklist list is not sky, judge whether include the network equipment in the blacklist list Device identification；If it is, refusal is established websocket with the network equipment and connect, otherwise, established with the network equipment Websocket connections；

If the blacklist list is sky, establishes websocket with the network equipment and connect, and according to preset Blacklist generation strategy adds device identification in the blacklist list.

Optionally, it is described according to preset blacklist generation strategy, device identification is added in the blacklist list, is wrapped It includes：

Obtain equipment letter of each network equipment that the websocket connections have been established in preset first history duration Log-on message of the account executive of breath and each network equipment in preset second history duration；

Item is screened according to the facility information of each network equipment, the log-on message of each account executive and preset equipment Part determines to treat offline destination network device, exceptional condition and/or institute of the equipment screening conditions including the facility information State the liveness condition of log-on message；

The device identification of the destination network device is added in the blacklist list, and is disconnected and the target network The websocket connections of network equipment.

Optionally, it is described according to the corresponding facility information of each network equipment, the corresponding login of each account executive Information and preset equipment screening conditions, determine to treat offline destination network device, including：

When the occupancy of connection resource is in the first preset range, in the network equipment currently connected, set described Standby information meets preset exceptional condition and the log-on message is unsatisfactory for the network equipment of preset liveness condition as institute State destination network device；

When the occupancy of the connection resource is in the second preset range, in the network equipment currently connected, by institute It states facility information and meets the network equipment of preset exceptional condition as the destination network device, second preset range Lower limit is more than the upper limit of first preset range；

When the occupancy of the connection resource is in third preset range, in the network equipment currently connected, by institute State the network equipment that facility information meets preset exceptional condition or the log-on message is unsatisfactory for preset liveness condition As the destination network device, the lower limit of the third preset range is more than the upper limit of second preset range.

Optionally, the facility information includes rate of connections and the status information of equipment reported；

It is described in the network equipment currently connected, the facility information is met to the network equipment of preset exceptional condition As the destination network device, including：

For each network equipment, if the rate of connections of the network equipment is more than predeterminated frequency threshold value, by the network Equipment is determined as the destination network device；

Alternatively,

For each network equipment, the status information of equipment reported according to the network equipment determines the state of the network equipment Stability；

If the in stable condition degree is more than pre-determined stability degree threshold value, which is determined as the target network Equipment.

Optionally, the log-on message includes login time and login times；

It is described in the network equipment currently connected, the network that the log-on message is unsatisfactory for default liveness condition is set It is standby to be used as the destination network device, including：

In each account executive, determine that the time interval of last time login time and current time is more than preset the The objective management account of one duration threshold value；

The corresponding network equipment of the objective management account is determined as the destination network device；

Alternatively,

In each account executive, determine that login times are less than the objective management account of preset times threshold value, by described in The corresponding network equipment of objective management account is determined as the destination network device.

Optionally, the method further includes：

When the logging request for receiving the account identification for carrying the objective management account, from the blacklist list The middle device identification for deleting the corresponding destination network device of the account executive, to establish again and the destination network device Websocket connections.

Optionally, the method further includes：

When reaching preset second duration threshold value, setting for the destination network device is deleted from the blacklist list Standby mark, is connect with the websocket established again with the destination network device.

Second aspect, provides the device that a kind of network equipment establishes connection, and described device is applied to management server, institute Device is stated to include：

For receiving the connection request of network equipment transmission, the network is carried in the connection request for receiving module The device identification of equipment；

Acquisition module if it is determined that being legitimate device for the network equipment, then obtains blacklist list；

First link block, if being not sky for the blacklist list, judge in the blacklist list whether Include the device identification of the network equipment；If it is, refusal is established websocket with the network equipment and is connect, otherwise, Websocket is established with the network equipment to connect；

If being sky for the blacklist list, websocket is established with the network equipment for second link block Connection, and according to preset blacklist generation strategy, device identification is added in the blacklist list.

Optionally, second link block, is specifically used for：

Item is screened according to each network equipment facility information, the log-on message of each account executive and preset equipment Part determines to treat offline destination network device, exceptional condition and/or institute of the equipment screening conditions including the facility information State the liveness condition of log-on message；

Optionally, second link block, is specifically used for：

Second link block, is specifically used for：

Alternatively,

Optionally, the log-on message includes login time and login times；

Second link block, is specifically used for：

Alternatively,

Optionally, described device further includes：

First removing module, for when the logging request for receiving the account identification for carrying the objective management account When, the device identification of the corresponding destination network device of the account executive is deleted from the blacklist list, to establish again It is connect with the websocket of the destination network device.

Optionally, described device further includes：

Second removing module, for when reaching preset second duration threshold value, institute to be deleted from the blacklist list The device identification of destination network device is stated, is connect with the websocket established again with the destination network device.

Therefore, the method for establishing connection by the application network equipment provided in an embodiment of the present invention, management server, which obtains, to be connect The connection request that the network equipment is sent is received, the device identification of the network equipment is carried in the connection request.If management server Judge that the network equipment is legitimate device, then the legal network equipment is identified again by blacklist list.If black name Single-row table is not the device identification for including the network equipment in empty and blacklist list, then management server refusal is built with the network equipment Vertical websocket connections, otherwise, establish websocket with the network equipment and connect.If blacklist list is sky, clothes are managed Business device is established websocket with the network equipment and is connect, and according to preset blacklist generation strategy, added in blacklist list Device identification.

In this way, management server can forbid the network equipment in blacklist list to access, management clothes can be effectively saved The connection resource of business device, avoids the occurrence of the insufficient situation of connection resource.Certainly, it implements any of the products of the present invention or method must not It is certain to need to reach all the above advantage simultaneously.

Description of the drawings

In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.

Fig. 1 is a kind of system framework schematic diagram provided in an embodiment of the present invention；

Fig. 2 is the method flow diagram that a kind of network equipment provided in an embodiment of the present invention establishes connection；

Fig. 3 is a kind of method flow diagram for generating blacklist list provided in an embodiment of the present invention；

Fig. 4 is the method flow diagram that a kind of network equipment provided in an embodiment of the present invention establishes connection；

Fig. 5 is the structure diagram for the device that a kind of network equipment provided in an embodiment of the present invention establishes connection；

Fig. 6 is the structure diagram for the device that a kind of network equipment provided in an embodiment of the present invention establishes connection；

Fig. 7 is the structure diagram for the device that a kind of network equipment provided in an embodiment of the present invention establishes connection；

Fig. 8 is a kind of structure diagram of management server provided in an embodiment of the present invention.

Specific embodiment

Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without making creative work Embodiment shall fall within the protection scope of the present invention.

The embodiment of the present invention additionally provides a kind of method that network equipment establishes connection, and this method is applied to the management in high in the clouds Server, the management server can establish websocket with multiple network equipments and connect.As shown in Figure 1, implement for the present invention The system framework figure that example provides, the system include a management server and multiple network equipments.Wherein, in a kind of application scenarios In, the network equipment can be the equipment such as server, interchanger, sensor, intelligent terminal, AC or AP, the network equipment by itself Facility information is reported to management server.In another application scenarios, the network equipment is connect with user equipment.The network equipment connects The status information of equipment that user equipment is sent is received, and the status information of equipment received is sent to management server.Wherein, it uses Family equipment can be the service server of certain tenant, such as the server of certain video website or the server of certain game etc.；User Equipment can also be the intelligent terminal of certain tenant, such as intelligent air condition, intelligent boiler etc..

In the embodiment of the present invention, management server can be the virtual machine of server or operation in the server.Network Equipment is established WebSocket with management server and is connect, and status information of equipment is reported to management service by WebSocket Device, so that management server stores status information of equipment.

As shown in Fig. 2, the processing procedure of this method may comprise steps of：

Step 201, the connection request that the network equipment is sent is received, the equipment mark of the network equipment is carried in connection request Know.

In the embodiment of the present invention, when network equipment needs establish websocket with management server to be connect, the network equipment HTTP request is sent to management server.The device identification of the network equipment is carried in HTTP request, device identification is used to manage Server carries out authentication to the network equipment.

After being verified, management server is to network equipment transmission for establishing the network of websocket connections Location.The network equipment then can send websocket connection requests according to the network address to management server.The websocket connects Connect and the device identification of the network equipment still carried in request, device identification be still for management server to the network equipment into Row authentication.

Wherein, management server can be when receiving HTTP request, using the network equipment provided in an embodiment of the present invention The method for establishing connection carries out authentication to the network equipment；Alternatively, management server can also receive During websocket connections, the method connected is established using the network equipment provided in an embodiment of the present invention, which is carried out Authentication；Alternatively, management server can also be when receiving HTTP request and being connected with websocket, using the present invention The method that the network equipment that embodiment provides establishes connection carries out authentication to the network equipment, and the embodiment of the present invention does not limit It is fixed.

Correspondingly, above-mentioned connection request can include HTTP request and/or websocket connection requests.

Step 202, if it is decided that the network equipment is legitimate device, then obtains blacklist list.

In the embodiment of the present invention, after management server receives connection request, connection request is parsed, is obtained therein Device identification.Then, in pre-stored registration list of devices, management server searches whether that there are the device identifications.Its In, register the device identification for including the registered network equipment in list of devices.

If it is present illustrating the network equipment for legitimate device, management server obtains blacklist list.Wherein, should Blacklist list can voluntarily be generated by management server, alternatively, can also be manually configured by technical staff.

Step 203, if blacklist list is not sky, judge in blacklist list whether the equipment for including the network equipment Mark；If it is, refusal is established websocket with destination network device and connect, otherwise, established with destination network device Websocket connections.

In the embodiment of the present invention, if management server does not set up blacklist list, alternatively, black name is not configured by technical staff Single-row table, then blacklist list is sky.Therefore, after management server gets blacklist list, first judge the blacklist list Whether it is empty, if blacklist list is not sky, further judges whether include setting for the network equipment in blacklist list Standby mark；If it is, refusal is established websocket with the network equipment and connect, otherwise, established with the network equipment Websocket connections.

Step 204, it if blacklist list is sky, establishes websocket with the network equipment and connect, and according to preset Blacklist generation strategy, adds device identification in blacklist list.

In the embodiment of the present invention, if blacklist list is sky, management server can generate plan according to preset blacklist Slightly, device identification is added in blacklist list.Extended meeting is described in detail after specific processing procedure.

In this way, management server can forbid the network equipment in blacklist list to access, management clothes can be effectively saved The connection resource of business device, avoids the occurrence of the insufficient situation of connection resource.

Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes.

As shown in figure 3, the processing procedure of blacklist list is generated for management server provided in an embodiment of the present invention, specifically It may comprise steps of：

Step 301, each network equipment setting in preset first history duration that websocket connections have been established is obtained Log-on message of the account executive of standby information and each network equipment in preset second history duration.

In the embodiment of the present invention, the network equipment sends connection request to management server, establishes between management server WebSocket connections.The network equipment is periodically to management server reporting equipment status information.Wherein, equipment state is believed Breath is the information for reflecting equipment running status, and status information of equipment can include multiple state parameters, for example CPU is utilized Rate, memory usage, temperature etc..

Management server is received after the network equipment leads to the status information of equipment of transmission, and status information of equipment is deposited Storage.

In addition, after management server receives the connection request of network equipment transmission, it can also record and receive the company Connect the time (i.e. Connection Time) of request.Equally, management server can also record each status information of equipment it is corresponding on give the correct time Between, it can manage the time that management server receives status information of equipment above to call time, alternatively, can in status information of equipment With comprising timestamp, management server can be using the timestamp as above calling time.

When user wants to check the operating status of the network equipment of oneself, user logs in the management of oneself by client Account.Client then sends logging request to management server, and the account identification of account executive can be carried in logging request And password.

After management server receives logging request, authentication is carried out according to the account identification of account executive and password. If the verification passes, then the status information of equipment that the corresponding each network equipment of the account executive reports is obtained.Then, management service Status information of equipment is sent to client by device, so that user is checked.；

In addition, after management server receives logging request, it can also record and receive time of the logging request and (step on Record the time).

When reaching preset trigger condition, each network equipment that websocket connections have been established in management server acquisition exists The login letter of facility information and each account executive in preset second history duration in preset first history duration Breath.Wherein, facility information can include rate of connections and the status information of equipment reported etc.；When log-on message can include logging in Between and login times etc.；First history duration and the second history duration can be the same or different.

Specifically, for any network equipment, in the status information of equipment that management server is reported in the network equipment, obtain The status information of equipment to call time in the first history duration is taken, and counts connection of the Connection Time in the first history duration Number, using the linking number as the rate of connections of the network equipment.In this way, management server can obtain the network equipment The status information of equipment and rate of connections reported in one history duration.For any account executive registered in management server, Management server can record login time of the account executive in the second history duration, and then count the account executive second Login times in history duration, so as to obtain log-on message of the account executive in the second history duration.

It should be noted that preset trigger condition can be diversified.For example, management server can receive During the blacklist list more new command of technical staff's input, step 301 is performed；Alternatively, preset blacklist row can reached During the table update cycle, step 301 is performed；Alternatively, it can be performed when the occupancy for detecting connection resource is more than predetermined threshold value Step 301, the embodiment of the present invention does not limit.

Step 302, according to the corresponding facility information of each network equipment, the corresponding log-on message of each account executive and preset Equipment screening conditions determine to treat offline destination network device.

Wherein, equipment screening conditions include the exceptional condition of facility information and/or the liveness condition of log-on message.

Equipment screening conditions are previously stored in the embodiment of the present invention, in management server, equipment screening conditions include setting The standby exceptional condition of information and/or the liveness condition of log-on message.Management server gets that each network equipment is corresponding to be set After standby information and the corresponding log-on message of account executive, determined to treat offline destination network device according to equipment screening conditions.

For example, the login that facility information is met preset exceptional condition and affiliated account executive by management server is believed Breath is unsatisfactory for the network equipment of preset liveness condition as destination network device；Alternatively, management server is by facility information The log-on message for meeting preset exceptional condition or affiliated account executive is unsatisfactory for the network of preset liveness condition and sets It is standby to be used as destination network device；Alternatively, management server, which can also only use a condition, determines destination network device, specifically Selection strategy after extended meeting be described in detail.

As described above, facility information includes rate of connections and the status information of equipment reported.Correspondingly, management server root The processing procedure of destination network device is screened according to the exceptional condition of facility information to be：In the network equipment currently connected, Using the network equipment of the rate of connections more than predeterminated frequency threshold value as destination network device, alternatively, the equipment state reported is believed The in stable condition degree of breath is more than the network equipment of pre-determined stability degree threshold value as destination network device.

For any network equipment, after management server gets the rate of connections of the network equipment, connection frequency is judged Whether rate is more than the network equipment of predeterminated frequency threshold value.If it is, illustrate the reconnection time of the network equipment and management server Number is excessive, and there may be problem, which is recorded as treating that offline target network is set the network equipment by management server It is standby.Management server sends alarm information to administrator, carry in the alarm information network equipment device identification and Alarm cause (for example rate of connections is excessively high), to prompt the administrator network equipment that there are problems.

In addition, management server can also calculate the in stable condition degree of the status information of equipment of the network equipment, state is steady Surely the calculation spent can be diversified.Management server can first calculate the work of the status information of equipment of the network equipment Jerk.In stable condition degree is calculated using liveness.

In one example, in the case of status information of equipment includes a state parameter, management server determines the In one history duration, the difference of maximum value and minimum value in the parameter value of the state parameter, then both calculating, the difference Absolute value is the liveness of the network equipment.Alternatively, management server can also calculate state ginseng in the first history duration The mean square deviation or standard deviation of several parameter values, obtain the liveness of the status information of equipment of the network equipment.

Management server calculates in stable condition degree according to the liveness, such as the opposite number of the absolute value is steady as state Fixed degree.Alternatively, subtracting this with default value thoroughly deserves in stable condition degree.

After the in stable condition degree of the network equipment is obtained, management server judge the network equipment in stable condition degree whether More than pre-determined stability degree threshold value.If it is, illustrate that the state of the network equipment is held essentially constant (at the possible network equipment In idle state).The network equipment is recorded as treating offline destination network device by management server.

In another example, in the case of status information of equipment includes multiple state parameters, management server can be with Each state parameter is judged respectively.If in the state parameter of the network equipment, in stable condition degree is more than pre-determined stability The number of the state parameter of threshold value is spent, proportion is more than preset ratio threshold in the sum of the state parameter of the network equipment Value, then be determined as destination network device by the network equipment.

As described above, log-on message includes login time and login times.Correspondingly, management server is according to log-on message The processing procedure of liveness conditional filtering destination network device can be：In each account executive, when determining last log in Between be more than the objective management account of preset first duration threshold value with the time interval of current time, then by objective management account pair The network equipment answered is determined as treating offline destination network device；Alternatively, in each account executive, it is pre- to determine that login times are less than If the objective management account of frequency threshold value, the corresponding network equipment of objective management account is determined as to treat that offline target network is set It is standby.

For any account executive in management server, management server gets the log-on message of the account executive Afterwards, it in the login time of the account executive, determines and the immediate login time of current time.That is upper the one of the logon account Secondary login time, then, management server calculate the time interval of last login time and current time.If between the time Every more than preset first duration threshold value, then illustrate that the corresponding user of the account executive does not check equipment state for a long time Information, the user are not the states for being concerned about very much its network equipment, which is recorded as objective management account by management server Family, and the corresponding network equipment of objective management account is recorded as treating offline destination network device.

In addition, management server can also judge whether the login times of the account executive are less than preset times threshold value.Such as Fruit is then to illustrate that the corresponding user of the account executive checks that the frequency of status information of equipment is very low, which is not to be concerned about very much it The account executive is recorded as objective management account by the state of the network equipment, management server, and by the objective management account pair The network equipment answered is recorded as treating offline destination network device.

Optionally, management server detects the occupancy of current connection resource, according to preset occupancy and selection plan Correspondence slightly, management server selection need screening conditions to be used.Then, mesh is determined according to the screening conditions determined Mark the network equipment.

Correspondingly, the processing procedure of step 302 can be as follows：

When the occupancy of connection resource is in the first preset range, in the network equipment currently connected, equipment is believed The log-on message that breath meets preset exceptional condition and affiliated account executive is unsatisfactory for the network of preset liveness condition and sets It is standby to be used as destination network device.

When the occupancy of connection resource is in the second preset range, in the network equipment currently connected, equipment is believed Breath meets the network equipment of preset exceptional condition as destination network device.

When the occupancy of connection resource is in third preset range, in the network equipment currently connected, equipment is believed The log-on message that breath meets preset exceptional condition or affiliated account executive is unsatisfactory for the network of preset liveness condition Equipment is as destination network device.

In the embodiment of the present invention, the range of the occupancy of multiple connection resources can be set in management server.It is for example, pre- If the number of range can be three.For ease of description, the first preset range, the second preset range and third is can be described as to preset Range.Wherein, the lower limit of the second preset range is greater than or equal to the upper limit of the first preset range, and the lower limit of third preset range is big In or equal to the second preset range the upper limit.For example, preset range can be respectively 60%~70%, 70%~80% and 80% ~100%.

When reaching the preset blacklist list update cycle, management server detects the occupancy of current connection resource Rate, and determine the affiliated range of the occupancy.If the occupancy of connection resource connects in the first preset range currently The network equipment in, the login that facility information is met preset exceptional condition and affiliated account executive by management server is believed Breath is unsatisfactory for the network equipment of preset liveness condition as destination network device.

If the occupancy of connection resource is in the second preset range, in the network equipment currently connected, management clothes Corresponding facility information is met the network equipment of preset exceptional condition as destination network device by business device.

If the occupancy of current connection resource is in third preset range, in the network equipment currently connected, pipe Reason server by facility information meet preset exceptional condition or affiliated account executive log-on message be unsatisfactory for it is preset The network equipment of liveness condition is as destination network device.

In this way, management server determines different selection strategies based on different occupancies, when occupancy is relatively low, to few The network equipment of amount carries out offline processing；When occupancy is higher, offline processing is carried out to the more network equipment, so as to improve The network equipment establishes the flexibility of connection.

In addition, management server can also be according to the excellent of the control effects of websocket connections and preset selection strategy First grade determines to need selection strategy to be used.Processing procedure is accordingly：

When management server detects that the occupancy of connection resource reaches predetermined threshold value, in the network equipment currently connected In, by corresponding facility information meet preset exceptional condition and affiliated account executive log-on message be unsatisfactory for it is preset The network equipment of liveness condition is as destination network device.Then, management server disconnects and these destination network devices Websocket connections.

If in preset duration, when management server detects that occupancy reaches predetermined threshold value again, then connect currently In the network equipment connect, corresponding facility information is met into the network equipment of preset exceptional condition as destination network device. Then, management server disconnection is connect with the websocket of these destination network devices.

If in preset duration, when management server detects that occupancy reaches predetermined threshold value again, then connect currently In the network equipment connect, the log-on message of affiliated account executive is unsatisfactory for default liveness condition or affiliated management The log-on message of account is unsatisfactory for the network equipment of preset liveness condition as destination network device.Then, management service Device disconnection is connect with the websocket of these destination network devices.

Optionally, management server according to the exceptional condition of facility information when determining destination network device, for each The network equipment, judges whether the rate of connections of the network equipment is more than predeterminated frequency threshold value.If it is, management server should The network equipment is determined as treating offline destination network device；Alternatively, for each network equipment, reported according to the network equipment Status information of equipment determines the in stable condition degree of the network equipment, if in stable condition degree is more than pre-determined stability degree threshold value, manages The network equipment is determined as treating offline destination network device by reason server.Specific processing procedure reference above description, this Place repeats no more.

Optionally, management server according to the liveness condition of log-on message when determining destination network device, Ke Yi In each account executive, the time interval of determining last time login time and current time is more than the mesh of preset first duration threshold value Mark account executive.The corresponding network equipment of objective management account is determined as treating offline destination network device by management server； Alternatively, can be in each account executive, management server determines that login times are less than the objective management account of preset times threshold value. The corresponding network equipment of objective management account is determined as treating offline destination network device by management server.It is specific processed Journey is with reference to above description, and details are not described herein again.

Step 303, the device identification of destination network device is added in blacklist list, and disconnects and being set with target network Standby websocket connections.

In the embodiment of the present invention, management server is determined after offline destination network device, by destination network device Device identification be added in preset blacklist list.Meanwhile management server disconnects and the destination network device Websocket connections.That is, management server discharges the connection resource of the websocket connections.

In this way, management server determines the idle network equipment and less the equipment state letter of concerned about network equipment The corresponding network equipment of user of breath.Then, management server disconnection is connect with the websocket of these network equipments, so as to The connection resource of these network equipments is discharged, avoids the occurrence of the insufficient situation of connection resource.In the embodiment of the present invention, the network equipment After WebSocket between management server connect disconnection, it will usually which trial establishes WebSocket with management server again Connection.That is, the network equipment can repeat to send connection request to management server, based on current WebSocket connection flows, The connection request can be HTTP request or websocket connection requests.When management server receives destination network device hair During the connection request sent, management server, which can be refused to establish websocket with destination network device, to be connect.To avoid target network Equipment re-establishes WebSocket connections, occupies connection resource.

Optionally, it is also provided with restoring the connection permission of the network equipment in the embodiment of the present invention, in management server Mechanism, specific mode has following two：

Mode one, when reaching preset second duration threshold value, the delete target network equipment sets from blacklist list Standby mark, is connect with establishing again with the websocket of destination network device.

The effective time of the device identification in blacklist can also be prestored in the embodiment of the present invention, in management server (i.e. preset second duration threshold value), which can be configured by technical staff, alternatively, can also be by management service Device is determined according to the in stable condition degree of facility information and/or the liveness of log-on message.Wherein, it is in stable condition degree it is higher or Liveness is lower, and corresponding effective time is longer.

After the device identification of certain network equipment is added in blacklist list by management server, start timing, when reaching During preset second duration threshold value, the device identification of the delete target network equipment from blacklist list, in this way, follow-up management takes When business device receives the connection request of network equipment transmission again, establish websocket with the network equipment and connect.

Mode two, when the logging request for receiving the account identification for carrying objective management account, from blacklist list The middle device identification for deleting the corresponding destination network device of the account executive, to establish again and destination network device Websocket connections.

In the embodiment of the present invention, after management server receives logging request, which is parsed, is obtained The account identification of its account executive carried, and then judge to set with the presence or absence of the corresponding network of the account executive in blacklist list Standby device identification, if it is present deleting the equipment mark of the corresponding destination network device of account executive from blacklist list Know, so that the corresponding network equipment of the account executive establishes websocket with management server connect (i.e. access-in management service Device).In this way, user can client check oneself the network equipment and each network equipment status information of equipment.

It should be noted that when user checks the facility information of the network equipment, management server can be according to the network The historical plant status information that equipment reports generates the equipment shape that the network equipment was added into the period in blacklist list The data creation method of the prior art may be used in state information, specific generation method, and the present embodiment does not limit.

The embodiment of the present invention additionally provides the example that a kind of network equipment establishes connection, in this example, with management server Including being illustrated for network service module, websocket link blocks and authentication module to this method, other situations It is similar therewith, it repeats no more.Wherein, above-mentioned module can be the function module of management server, alternatively, in virtualization scene Under, these modules can also be the virtual machine run in management server.As shown in figure 4, the processing procedure of this method can be as Under：

Step 401, the network equipment is sent according to the address of pre-stored network service module to network service module HTTP request.

Wherein, the device identification of the network equipment is carried in HTTP request.

The address of network service module is prestored in the embodiment of the present invention, in the network equipment, such as oasis.h3c.com.When network equipment needs establish websocket with management server to be connect, the network equipment is according to the ground Location sends HTTP request to the network service module of management server.

Step 402, the device identification of the network equipment is sent to authentication module by network service module.

In the embodiment of the present invention, after network service module receives HTTP request, which is parsed, is obtained Device identification therein, is then sent to authentication module by device identification.

Step 403, authentication module judges whether and the net according to preset authentication strategy and blacklist list Network equipment establishes websocket connections.If it is, performing step 404, otherwise, step 409 is performed.

In the embodiment of the present invention, after authentication module receives device identification, in pre-stored registration list of devices In, search whether that there are the device identifications.The device identification of the registered network equipment is included in registration list of devices.If it deposits Then further in blacklist list, inquiring and whether depositing in blacklist list with the presence or absence of the device identification；If it does not deposit Then performing step 409.If authentication module finds the device identification in blacklist list, step is performed 409, if do not found, perform step 404.

Step 404, authentication module sends the address of websocket link blocks to the network equipment.

Step 405, the network equipment is sent according to the address of websocket link blocks to websocket link blocks Websocket connection requests.

Wherein, the device identification of the network equipment is carried in websocket connection requests.

In the embodiment of the present invention, after the network equipment receives the message of authentication module transmission, which is solved Analysis obtains the addresses of websocket link blocks therein, then according to the address of websocket link blocks, to Websocket link blocks send websocket connection requests.

Step 406, the device identification of the network equipment is sent to authentication module by websocket link blocks.

In the embodiment of the present invention, after websocket link blocks receive websocket connection requests, to websocket Connection request is parsed, and obtains device identification therein, and the device identification then is sent to authentication module.

Step 407, authentication module judges whether and the net according to preset authentication strategy and blacklist list Network equipment establishes websocket connections.If it is, performing step 408, otherwise, step 409 is performed.

In the embodiment of the present invention, after authentication module receives device identification, in pre-stored registration list of devices In, search whether that there are the device identifications.The device identification of the registered network equipment is included in registration list of devices.If it deposits Then further in blacklist list, inquiring and whether depositing in blacklist list with the presence or absence of the device identification；If it does not deposit Then performing step 409.If authentication module finds the device identification in blacklist list, step is performed 409, if do not found, perform step 408.

Step 408, authentication module carries out websocket connection processings to the network equipment.

Step 409, authentication module refuses network equipment access, and the sound of refusal access is sent to the network equipment Answer message.

In the embodiment of the present invention, management server, which obtains, receives the connection request that the network equipment is sent, and is taken in the connection request Device identification with the network equipment.If the management server judgement network equipment is legitimate device, pass through blacklist list The legal network equipment is identified again.If blacklist list in empty and blacklist list not include the network equipment Device identification, then management server refusal establish websocket with the network equipment and connect, otherwise, with network equipment foundation Websocket connections.If blacklist list is sky, management server is established websocket with the network equipment and is connect, and root According to preset blacklist generation strategy, device identification is added in blacklist list.

Based on identical technical concept, the embodiment of the present invention additionally provides the device that a kind of network equipment establishes connection, should Device is applied to management server, which establishes cloud pipeline websocket with multiple network equipments and connect, such as Fig. 5 Shown, which includes

For receiving the connection request of network equipment transmission, the net is carried in the connection request for receiving module 510 The device identification of network equipment；

Acquisition module 520 if it is determined that being legitimate device for the network equipment, then obtains blacklist list；

First link block 530, if for the blacklist list not for sky, judge be in the blacklist list The no device identification for including the network equipment；If it is, refusal is established websocket with the network equipment and is connect, it is no Then, websocket is established with the network equipment to connect；

Second link block 540 if being sky for the blacklist list, is established with the network equipment Websocket connections, and according to preset blacklist generation strategy, device identification is added in the blacklist list.

Optionally, second link block 540, is specifically used for：

Second link block 540, is specifically used for：

Alternatively,

Optionally, the log-on message includes login time and login times；

Second link block 540, is specifically used for：

Alternatively,

Optionally, as shown in fig. 6, described device further includes：

First removing module 550, for being asked when the login for receiving the account identification for carrying the objective management account When asking, the device identification of the corresponding destination network device of the account executive is deleted from the blacklist list, to build again It is vertical to be connect with the websocket of the destination network device.

Optionally, as shown in fig. 7, described device further includes：

Second removing module 560, for when reaching preset second duration threshold value, being deleted from the blacklist list The device identification of the destination network device is connect with the websocket established again with the destination network device.

The embodiment of the present invention additionally provides a kind of management server, as shown in figure 8, including processor 801, communication interface 802nd, memory 803 and communication bus 804, wherein, processor 801, communication interface 802, memory 803 passes through communication bus 804 complete mutual communication,

Memory 803, for storing computer program；

Processor 801, during for performing the program stored on memory 803 so that the management server perform it is as follows Step, the step include：

Optionally, the processor 801 perform that computer program includes according to preset blacklist generation strategy, in institute It states to add device identification in blacklist list and instruct and is specially：

Optionally, the processor 801 perform that computer program includes according to the corresponding equipment of each network equipment Information, each corresponding log-on message of account executive and preset equipment screening conditions, determine to treat that offline target network is set It is specially for instruction：

The processor 801 perform that computer program includes in the network equipment currently connected, the equipment is believed Breath meets the network equipment of preset exceptional condition：

Alternatively,

Optionally, the log-on message includes login time and login times；

The processor 801 perform that computer program includes in the network equipment currently connected, described log in is believed Cease the network equipment for being unsatisfactory for presetting liveness condition is specially as destination network device instruction：

Alternatively,

Optionally, the processor 801 performs computer program and further includes the following instructions of execution：

Machine readable storage medium can include random access memory (English：Random Access Memory, letter Claim：RAM), nonvolatile memory (English can also be included：Non-Volatile Memory, referred to as：NVM), for example, at least One magnetic disk storage.In addition, machine readable storage medium can also be at least one storage for being located remotely from aforementioned processor Device.

Above-mentioned processor can be general processor, including central processing unit (English：Central Processing Unit, CPU), network processing unit (English：Network Processor, referred to as：NP) etc.；It can also be digital signal processor (English：Digital Signal Processing, referred to as：DSP), application-specific integrated circuit (English：Application Specific Integrated Circuit, referred to as：ASIC), field programmable gate array (English：Field- Programmable Gate Array, referred to as：FPGA) either other programmable logic device, discrete gate or transistor logic Device, discrete hardware components.

It should be noted that herein, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any this practical relationship or sequence.Moreover, term " comprising ", "comprising" or its any other variant are intended to Non-exclusive inclusion, so that process, method, article or equipment including a series of elements not only will including those Element, but also including other elements that are not explicitly listed or further include as this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that Also there are other identical elements in process, method, article or equipment including the element.

Each embodiment in this specification is described using relevant mode, identical similar portion between each embodiment Point just to refer each other, and the highlights of each of the examples are difference from other examples.Especially for device reality For applying example, since it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method Part explanation.

The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention It is interior.

Claims

1. a kind of method that network equipment establishes connection, which is characterized in that the method is applied to management server, the method Including：

The connection request that the network equipment is sent is received, the device identification of the network equipment is carried in the connection request；

If the blacklist list is not sky, judge in the blacklist list whether the equipment for including the network equipment Mark；If it is, refusal is established websocket with the network equipment and connect, otherwise, established with the network equipment Websocket connections；

If the blacklist list is sky, establishes websocket with the network equipment and connect, and according to preset black name Single generation strategy adds device identification in the blacklist list.

2. according to the method described in claim 1, it is characterized in that, described according to preset blacklist generation strategy, described Device identification is added in blacklist list, including：

Obtain have been established facility information in preset first history duration of each network equipments of the websocket connections, And log-on message of the account executive of each network equipment in preset second history duration；

According to the facility information of each network equipment, the log-on message of each account executive and preset equipment screening conditions, really Surely offline destination network device is treated, the equipment screening conditions include the exceptional condition of the facility information and/or described step on Record the liveness condition of information；

The device identification of the destination network device is added in the blacklist list, and disconnects and being set with the target network Standby websocket connections.

3. according to the method described in claim 2, it is characterized in that, the facility information according to each network equipment, institute The log-on message of each account executive and preset equipment screening conditions are stated, determine to treat offline destination network device, including：

When the occupancy of connection resource is in the first preset range, in the network equipment currently connected, the equipment is believed Breath meets preset exceptional condition and the log-on message is unsatisfactory for the network equipment of preset liveness condition as the mesh Mark the network equipment；

When the occupancy of the connection resource is in the second preset range, in the network equipment currently connected, set described Standby information meets the network equipment of preset exceptional condition as the destination network device, the lower limit of second preset range More than the upper limit of first preset range；

When the occupancy of the connection resource is in third preset range, in the network equipment currently connected, set described Standby information meets preset exceptional condition or the log-on message is unsatisfactory for the network equipment conduct of preset liveness condition The destination network device, the lower limit of the third preset range are more than the upper limit of second preset range.

4. according to the method described in claim 3, it is characterized in that, the facility information includes rate of connections and the equipment reported Status information；

It is described in the network equipment currently connected, using the facility information meet the network equipment of preset exceptional condition as The destination network device, including：

For each network equipment, if the rate of connections of the network equipment is more than predeterminated frequency threshold value, by the network equipment It is determined as the destination network device；

Alternatively,

For each network equipment, the status information of equipment reported according to the network equipment determines the in stable condition of the network equipment Degree；

If the in stable condition degree is more than pre-determined stability degree threshold value, which is determined as the target network and is set It is standby.

5. according to the method described in claim 3, it is characterized in that, the log-on message includes login time and login times；

It is described in the network equipment currently connected, the network equipment that the log-on message is unsatisfactory for default liveness condition is made For the destination network device, including：

In each account executive, when determining that the time interval of last time login time and current time is more than preset first The objective management account of long threshold value；

Alternatively,

In each account executive, determine that login times are less than the objective management account of preset times threshold value, by the target The corresponding network equipment of account executive is determined as the destination network device.

6. according to the method described in claim 5, it is characterized in that, the method further includes：

When the logging request for receiving the account identification for carrying the objective management account, deleted from the blacklist list Except the device identification of the corresponding destination network device of the account executive, to establish again and the destination network device Websocket connections.

7. according to the method described in claim 2, it is characterized in that, the method further includes：

When reaching preset second duration threshold value, the equipment mark of the destination network device is deleted from the blacklist list Know, connect with the websocket established again with the destination network device.

8. a kind of network equipment establishes the device of connection, which is characterized in that described device is applied to management server, described device Including：

For receiving the connection request of network equipment transmission, the network equipment is carried in the connection request for receiving module Device identification；

First link block if being not sky for the blacklist list, judges whether included in the blacklist list The device identification of the network equipment；If it is, refusal is established websocket with the network equipment and is connect, otherwise, with institute It states the network equipment and establishes websocket connections；

Second link block, if being sky for the blacklist list, establishing websocket with the network equipment connects It connects, and according to preset blacklist generation strategy, device identification is added in the blacklist list.

9. device according to claim 8, which is characterized in that second link block is specifically used for：

According to each network equipment facility information, the log-on message of each account executive and preset equipment screening conditions, Determine to treat offline destination network device, the equipment screening conditions include the exceptional condition of the facility information and/or described The liveness condition of log-on message；

10. device according to claim 9, which is characterized in that second link block is specifically used for：

11. device according to claim 10, which is characterized in that the facility information includes rate of connections and set with what is reported Standby status information；

Second link block, is specifically used for：For each network equipment, if the rate of connections of the network equipment is more than in advance If frequency threshold, then the network equipment is determined as the destination network device；

Alternatively,

12. device according to claim 10, which is characterized in that the log-on message includes login time and logs in secondary Number；

Second link block, is specifically used for：In each account executive, last time login time and current time are determined Time interval be more than preset first duration threshold value objective management account；

Alternatively,

13. device according to claim 12, which is characterized in that described device further includes：

First removing module, for when the logging request for receiving the account identification for carrying the objective management account, from The device identification of the corresponding destination network device of the account executive is deleted in the blacklist list, with establish again with it is described The websocket connections of destination network device.

14. device according to claim 10, which is characterized in that described device further includes：

Second removing module, for when reaching preset second duration threshold value, the mesh to be deleted from the blacklist list The device identification of the network equipment is marked, is connect with the websocket established again with the destination network device.