CN108183950B

CN108183950B - Method and device for establishing connection of network equipment

Info

Publication number: CN108183950B
Application number: CN201711459081.1A
Authority: CN
Inventors: 徐勇刚
Original assignee: Hangzhou H3C Technologies Co Ltd
Current assignee: Hangzhou H3C Technologies Co Ltd
Priority date: 2017-12-28
Filing date: 2017-12-28
Publication date: 2020-11-06
Anticipated expiration: 2037-12-28
Also published as: CN108183950A

Abstract

The embodiment of the invention provides a method and a device for establishing connection of network equipment, belonging to the technical field of communication. The method is applied to a management server and comprises the following steps: receiving a connection request sent by network equipment, wherein the connection request carries an equipment identifier of the network equipment; if the network equipment is judged to be legal equipment, a blacklist list is obtained; if the blacklist is not empty, judging whether the blacklist contains the equipment identifier of the network equipment; if so, refusing to establish the websocket connection with the network equipment, otherwise, establishing the websocket connection with the network equipment; and if the blacklist is empty, establishing websocket connection with the network equipment, generating a strategy according to a preset blacklist, and adding equipment identification in the blacklist. By adopting the embodiment of the invention, the connection resources of the management server can be effectively saved, and the situation of insufficient connection resources is avoided.

Description

Method and device for establishing connection of network equipment

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for establishing a connection between network devices.

Background

With the development of cloud computing, the application of cloud computing is more and more extensive, and the types of network devices in a clouding scene are more and more. In order to uniformly monitor and manage the network devices, an administrator may set up a management server of the cloud platform in the network. The user in the cloud platform can register the network devices to be monitored in the management server, and the management server can acquire and store the state information of the network devices so that the user can check the state information conveniently.

The specific treatment process comprises the following steps: the user registers the management account in the management server and sets the network equipment needing to be supervised. The management server stores device identifications for these network devices. The network device sends a hypertext Transfer Protocol (HTTP) request to the management server, where the HTTP request carries a device identifier of the network device. The management server judges whether the equipment identification exists in the locally stored equipment identification. If the domain name address exists, the network equipment is judged to be legal equipment, and then the accessed domain name address is sent to the network equipment. And the network equipment sends a WebSocket connection request through the domain name address, wherein the WebSocket connection request carries the equipment identifier of the network equipment. The management server judges whether the equipment identification exists in the locally stored equipment identification, if so, the network equipment is judged to be legal equipment, and the network equipment is accessed. The network device sends device state information to the management server through the WebSocket connection, wherein the device state information can comprise information such as CPU utilization rate, memory utilization rate and temperature. And the management server stores the received equipment state information in a database for the user to view.

However, the connection resources of the management server are limited, and as the number of users of the cloud platform increases, the management server is prone to have insufficient connection resources.

Disclosure of Invention

The embodiment of the invention aims to provide a method and a device for establishing connection of network equipment, so as to save connection resources of a management server and avoid the situation of insufficient connection resources. The specific technical scheme is as follows:

in a first aspect, a method for establishing a connection by a network device is provided, where the method is applied to a management server, and the method includes:

receiving a connection request sent by network equipment, wherein the connection request carries an equipment identifier of the network equipment;

if the network equipment is judged to be legal equipment, a blacklist list is obtained;

if the blacklist is not empty, judging whether the blacklist contains the equipment identifier of the network equipment; if so, refusing to establish the websocket connection with the network equipment, otherwise, establishing the websocket connection with the network equipment;

and if the blacklist is empty, establishing websocket connection with the network equipment, generating a strategy according to a preset blacklist, and adding equipment identification in the blacklist.

Optionally, the generating a policy according to a preset blacklist and adding a device identifier to the blacklist includes:

acquiring equipment information of each network equipment which establishes the websocket connection within a preset first historical time and login information of a management account of each network equipment within a preset second historical time;

determining target network equipment to be offline according to the equipment information of each network equipment, the login information of each management account and preset equipment screening conditions, wherein the equipment screening conditions comprise abnormal conditions of the equipment information and/or activeness conditions of the login information;

and adding the device identification of the target network device into the blacklist, and disconnecting the websocket connection with the target network device.

Optionally, the determining, according to the device information corresponding to each network device, the login information corresponding to each management account, and a preset device screening condition, a target network device to be offline includes:

when the occupancy rate of the connection resource is within a first preset range, taking the network equipment of which the equipment information meets a preset abnormal condition and the login information does not meet a preset activeness condition as the target network equipment in the currently connected network equipment;

when the occupancy rate of the connection resource is within a second preset range, taking the network equipment of which the equipment information meets a preset abnormal condition as the target network equipment in the currently connected network equipment, wherein the lower limit of the second preset range is larger than the upper limit of the first preset range;

and when the occupancy rate of the connection resource is within a third preset range, taking the network equipment of which the equipment information meets a preset abnormal condition or the login information does not meet a preset activeness condition as the target network equipment in the currently connected network equipment, wherein the lower limit of the third preset range is larger than the upper limit of the second preset range.

Optionally, the device information includes connection frequency and reported device state information;

the step of, in the currently connected network device, regarding a network device whose device information satisfies a preset abnormal condition as the target network device, includes:

for each network device, if the connection frequency of the network device is greater than a preset frequency threshold, determining the network device as the target network device;

alternatively, the first and second electrodes may be,

for each network device, determining the state stability of the network device according to the device state information reported by the network device;

and if the state stability is greater than a preset stability threshold, determining the network equipment as the target network equipment.

Optionally, the login information includes login time and login times;

the step of taking the network device of which the login information does not meet the preset liveness condition as the target network device in the currently connected network devices comprises:

determining a target management account of which the time interval between the last login time and the current time is greater than a preset first time threshold value in each management account;

determining the network device corresponding to the target management account as the target network device;

alternatively, the first and second electrodes may be,

and determining a target management account with the login times smaller than a preset time threshold value in the management accounts, and determining the network equipment corresponding to the target management account as the target network equipment.

Optionally, the method further includes:

and when a login request carrying the account identifier of the target management account is received, deleting the equipment identifier of the target network equipment corresponding to the management account from the blacklist to establish the websocket connection with the target network equipment again.

Optionally, the method further includes:

and when the preset second duration threshold is reached, deleting the equipment identifier of the target network equipment from the blacklist to establish the websocket connection with the target network equipment again.

In a second aspect, an apparatus for establishing a connection with a network device is provided, where the apparatus is applied to a management server, and the apparatus includes:

a receiving module, configured to receive a connection request sent by a network device, where the connection request carries a device identifier of the network device;

the obtaining module is used for obtaining a blacklist list if the network equipment is judged to be legal equipment;

the first connection module is used for judging whether the blacklist list contains the equipment identifier of the network equipment or not if the blacklist list is not empty; if so, refusing to establish the websocket connection with the network equipment, otherwise, establishing the websocket connection with the network equipment;

and the second connection module is used for establishing websocket connection with the network equipment if the blacklist is empty, generating a strategy according to a preset blacklist and adding an equipment identifier in the blacklist.

Optionally, the second connection module is specifically configured to:

the second connection module is specifically configured to:

alternatively, the first and second electrodes may be,

Optionally, the login information includes login time and login times;

the second connection module is specifically configured to:

alternatively, the first and second electrodes may be,

Optionally, the apparatus further comprises:

and the first deleting module is used for deleting the equipment identifier of the target network equipment corresponding to the management account from the blacklist when a login request carrying the account identifier of the target management account is received, so as to establish websocket connection with the target network equipment again.

Optionally, the apparatus further comprises:

and the second deleting module is used for deleting the equipment identifier of the target network equipment from the blacklist when a preset second duration threshold is reached so as to establish the websocket connection with the target network equipment again.

Therefore, by applying the method for establishing the connection of the network device provided by the embodiment of the present invention, the management server receives the connection request sent by the network device, where the connection request carries the device identifier of the network device. And if the management server judges that the network equipment is legal equipment, identifying the legal network equipment again through the blacklist. And if the blacklist is not empty and the blacklist contains the equipment identifier of the network equipment, the management server refuses to establish the websocket connection with the network equipment, otherwise, the management server establishes the websocket connection with the network equipment. And if the blacklist is empty, the management server establishes websocket connection with the network equipment, generates a strategy according to a preset blacklist, and adds equipment identification in the blacklist.

Therefore, the management server can forbid the network equipment in the blacklist from accessing, the connection resource of the management server can be effectively saved, and the condition of insufficient connection resource is avoided. Of course, it is not necessary for any product or method of practicing the invention to achieve all of the above-described advantages at the same time.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 is a system framework diagram according to an embodiment of the present invention;

fig. 2 is a flowchart of a method for establishing a connection between network devices according to an embodiment of the present invention;

fig. 3 is a flowchart of a method for generating a blacklist according to an embodiment of the present invention;

fig. 4 is a flowchart of a method for establishing a connection between network devices according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of an apparatus for establishing a connection between network devices according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an apparatus for establishing a connection between network devices according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of an apparatus for establishing a connection between network devices according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a management server according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The embodiment of the invention also provides a method for establishing connection of network equipment, which is applied to a management server at the cloud end, wherein the management server can establish websocket connection with a plurality of network equipment. Fig. 1 is a system framework diagram provided in an embodiment of the present invention, and the system includes a management server and a plurality of network devices. In an application scenario, the network device may be a server, a switch, a sensor, an intelligent terminal, an AC or an AP, and the network device reports device information of itself to the management server. In another application scenario, a network device is connected to a user device. The network equipment receives the equipment state information sent by the user equipment and sends the received equipment state information to the management server. The user equipment may be a service server of a tenant, such as a server of a video website or a server of a game; the user equipment can also be an intelligent terminal of a tenant, such as an intelligent air conditioner, an intelligent boiler and the like.

In the embodiment of the present invention, the management server may be a server or a virtual machine running in the server. The network device and the management server establish Websocket connection, and report the device state information to the management server through the Websocket so that the management server stores the device state information.

As shown in fig. 2, the processing procedure of the method may include the following steps:

step 201, receiving a connection request sent by a network device, where the connection request carries a device identifier of the network device.

In the embodiment of the invention, when the network equipment needs to establish the websocket connection with the management server, the network equipment sends an HTTP request to the management server. The HTTP request carries an equipment identifier of the network equipment, and the equipment identifier is used for the management server to perform identity authentication on the network equipment.

And after the authentication is passed, the management server sends a network address for establishing the websocket connection to the network equipment. The network device sends a websocket connection request to the management server according to the network address. The websocket connection request still carries the device identifier of the network device, and the device identifier is still used for the management server to perform identity authentication on the network device.

When receiving the HTTP request, the management server may perform authentication on the network device by using the method for establishing connection with the network device according to the embodiment of the present invention; or, the management server may also adopt the method for establishing a connection with a network device provided by the embodiment of the present invention when receiving a websocket connection, to perform authentication on the network device; or, the management server may also perform authentication on the network device by using the method for establishing connection between the network device and the websocket provided by the embodiment of the present invention when receiving the HTTP request and the websocket connection, which is not limited in the embodiment of the present invention.

Accordingly, the connection request may include an HTTP request and/or a websocket connection request.

Step 202, if the network device is judged to be a legal device, a blacklist list is obtained.

In the embodiment of the invention, after receiving the connection request, the management server analyzes the connection request to obtain the equipment identifier in the connection request. Then, in the pre-stored registered device list, the management server searches whether the device identification exists. The registered device list includes device identifiers of the registered network devices.

If the network equipment is legal, the network equipment is indicated to be legal, and the management server acquires the blacklist. The blacklist may be generated by the management server itself, or may be configured manually by a technician.

Step 203, if the blacklist is not empty, judging whether the blacklist contains the device identifier of the network device; if so, refusing to establish the websocket connection with the target network equipment, otherwise, establishing the websocket connection with the target network equipment.

In the embodiment of the present invention, if the management server does not establish the blacklist, or the technical staff does not configure the blacklist, the blacklist is empty. Therefore, after the management server obtains the blacklist, whether the blacklist is empty or not is judged, and if the blacklist is not empty, whether the blacklist contains the equipment identifier of the network equipment is further judged; if so, refusing to establish the websocket connection with the network equipment, otherwise, establishing the websocket connection with the network equipment.

And 204, if the blacklist is empty, establishing websocket connection with the network equipment, generating a strategy according to a preset blacklist, and adding equipment identification in the blacklist.

In the embodiment of the invention, if the blacklist is empty, the management server generates a strategy according to a preset blacklist, and adds the equipment identifier in the blacklist. The specific processing will be described in detail later.

Therefore, the management server can forbid the network equipment in the blacklist from accessing, the connection resource of the management server can be effectively saved, and the condition of insufficient connection resource is avoided.

The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.

As shown in fig. 3, the processing procedure for generating the blacklist for the management server provided in the embodiment of the present invention may specifically include the following steps:

step 301, acquiring device information of each network device with established websocket connection within a preset first historical time and login information of a management account of each network device within a preset second historical time.

In the embodiment of the invention, the network equipment sends a connection request to the management server to establish WebSocket connection with the management server. The network equipment reports the equipment state information to the management server periodically. The device state information is information for reflecting an operating state of the device, and the device state information may include a plurality of state parameters, such as a CPU utilization rate, a memory utilization rate, a temperature, and the like.

And after receiving the equipment state information sent by the network equipment, the management server stores the equipment state information.

In addition, after receiving the connection request sent by the network device, the management server may also record the time when the connection request is received (i.e., the connection time). Similarly, the management server may also record reporting time corresponding to each piece of device state information, where the reporting time may be time when the management server receives the device state information, or the device state information may include a timestamp, and the management server may use the timestamp as the reporting time.

When a user wants to check the running state of the network equipment, the user logs in the management account of the user through the client. The client sends a login request to the management server, and the login request may carry an account identifier and a password of the management account.

And after receiving the login request, the management server performs identity authentication according to the account identification and the password of the management account. And if the verification is passed, acquiring the equipment state information reported by each network equipment corresponding to the management account. The management server then sends the device status information to the client for viewing by the user. (ii) a

In addition, the management server may record the time when the login request is received (i.e., the login time) after receiving the login request.

When a preset trigger condition is reached, the management server obtains the device information of each network device which has established the websocket connection within a preset first historical time and the login information of each management account within a preset second historical time. The device information may include connection frequency, reported device state information, and the like; the login information may include login time, login times, and the like; the first history duration and the second history duration may be the same or different.

Specifically, for any network device, the management server obtains the device state information of the reporting time within the first historical duration from the device state information reported by the network device, counts the number of connections of the connection time within the first historical duration, and uses the number of connections as the connection frequency of the network device. Thus, the management server can obtain the device state information and the connection frequency reported by the network device in the first historical duration. For any management account registered in the management server, the management server records the login time of the management account in the second historical duration, and further counts the login times of the management account in the second historical duration, so that the login information of the management account in the second historical duration is obtained.

It should be noted that the preset trigger condition may be various. For example, the management server may execute step 301 when receiving a blacklist update instruction input by a technician; or, the step 301 may be executed when a preset blacklist update period is reached; alternatively, step 301 may be executed when it is detected that the occupancy rate of the connection resource exceeds a preset threshold, which is not limited in the embodiment of the present invention.

Step 302, determining a target network device to be offline according to the device information corresponding to each network device, the login information corresponding to each management account, and preset device screening conditions.

The equipment screening condition comprises an abnormal condition of the equipment information and/or an activity condition of the login information.

In the embodiment of the invention, the management server stores the equipment screening conditions in advance, and the equipment screening conditions comprise abnormal conditions of equipment information and/or activity conditions of login information. And after the management server acquires the equipment information corresponding to each network equipment and the login information corresponding to the management account, determining the target network equipment to be offline according to the equipment screening conditions.

For example, the management server takes the network device whose device information meets a preset abnormal condition and whose login information of the belonging management account does not meet a preset activeness condition as a target network device; or, the management server takes the network device of which the device information meets a preset abnormal condition or the login information of the belonging management account does not meet a preset activeness condition as the target network device; alternatively, the management server may determine the target network device using only one condition, and the detailed selection policy will be described later.

As described above, the device information includes the connection frequency and the reported device status information. Correspondingly, the processing procedure of the management server for screening the target network device according to the abnormal condition of the device information may be as follows: in the currently connected network devices, the network device with the connection frequency greater than the preset frequency threshold is taken as a target network device, or the network device with the reported device state information state stability greater than the preset stability threshold is taken as a target network device.

For any network device, after acquiring the connection frequency of the network device, the management server judges whether the connection frequency is greater than a preset frequency threshold value. If the network device is offline, the network device is reconnected with the management server for too many times, the network device may have a problem, and the management server records the network device as a target network device to be offline. The management server sends an alarm message to the administrator, where the alarm message carries the device identifier of the network device and an alarm reason (such as too high connection frequency) to prompt the administrator that the network device has a problem.

In addition, the management server may also calculate the state stability of the device state information of the network device, and the calculation manner of the state stability may be various. The management server may first calculate the activity of the device status information of the network device. And calculating the stability of the state by using the activity.

In one example, for the case that the device status information includes a status parameter, the management server determines a maximum value and a minimum value of parameter values of the status parameter within the first historical time period, and then calculates a difference value between the maximum value and the minimum value, where an absolute value of the difference value is the activity of the network device. Or, the management server may further calculate a mean square error or a standard deviation of the parameter value of the state parameter within the first history duration to obtain the activity of the device state information of the network device.

The management server calculates the state stability according to the activity, for example, the opposite number of the absolute value is used as the state stability. Alternatively, the absolute value is subtracted from a preset value to obtain the state stability.

After the state stability of the network device is obtained, the management server judges whether the state stability of the network device is greater than a preset stability threshold. If so, it indicates that the status of the network device remains substantially unchanged (possibly the network device is in an idle state). And the management server records the network equipment as target network equipment to be offline.

In another example, for a case where the device status information includes a plurality of status parameters, the management server may determine each status parameter separately. And if the proportion of the state parameters of which the state stability is greater than the preset stability threshold in the state parameters of the network equipment in the total number of the state parameters of the network equipment is greater than the preset proportion threshold, determining the network equipment as the target network equipment.

As described above, the login information includes the login time and the login number. Correspondingly, the processing procedure of the management server screening the target network device according to the activity condition of the login information may be as follows: determining a target management account with a time interval between the last login time and the current time larger than a preset first time threshold value in each management account, and determining the network equipment corresponding to the target management account as the target network equipment to be offline; or, in each management account, determining a target management account with the login times smaller than a preset time threshold, and determining the network device corresponding to the target management account as the target network device to be offline.

For any management account in the management server, after the management server acquires the login information of the management account, the login time closest to the current time is determined in the login time of the management account. I.e., the last login time for the login account, and then the management server calculates the time interval between the last login time and the current time. If the time interval is greater than the preset first time threshold, it indicates that the user corresponding to the management account has not viewed the device status information for a long time, and the user is not concerned about the status of the network device, the management server records the management account as a target management account, and records the network device corresponding to the target management account as a target network device to be offline.

In addition, the management server can also judge whether the login times of the management account are smaller than a preset time threshold value. If the network equipment is offline, the management server records the management account as a target management account, and records the network equipment corresponding to the target management account as the target network equipment to be offline.

Optionally, the management server detects the occupancy rate of the current connection resource, and selects the screening condition to be used according to the preset corresponding relationship between the occupancy rate and the selection policy. And then, determining the target network equipment according to the determined screening conditions.

Accordingly, the process of step 302 may be as follows:

and when the occupancy rate of the connection resources is within a first preset range, taking the network equipment of which the equipment information meets a preset abnormal condition and the login information of the management account does not meet a preset activeness condition as target network equipment in the currently connected network equipment.

And when the occupancy rate of the connection resources is within a second preset range, taking the network equipment of which the equipment information meets the preset abnormal condition as the target network equipment in the currently connected network equipment.

And when the occupancy rate of the connection resource is within a third preset range, taking the network equipment of which the equipment information meets a preset abnormal condition or the login information of the management account does not meet a preset activeness condition as the target network equipment in the currently connected network equipment.

In the embodiment of the present invention, the management server may set the occupancy rate ranges of the plurality of connection resources. For example, the number of the preset ranges may be three. For convenience of description, it may be referred to as a first preset range, a second preset range, and a third preset range. The lower limit of the second preset range is greater than or equal to the upper limit of the first preset range, and the lower limit of the third preset range is greater than or equal to the upper limit of the second preset range. For example, the predetermined ranges may be 60% to 70%, 70% to 80%, and 80% to 100%, respectively.

And when the preset blacklist list updating period is reached, the management server detects the occupancy rate of the current connection resource and determines the range of the occupancy rate. If the occupancy rate of the connection resource is within a first preset range, in the currently connected network equipment, the management server takes the network equipment of which the equipment information meets a preset abnormal condition and the login information of the belonging management account does not meet a preset activeness condition as target network equipment.

And if the occupancy rate of the connection resources is within a second preset range, the management server takes the network equipment of which the corresponding equipment information meets the preset abnormal condition as the target network equipment in the currently connected network equipment.

And if the occupancy rate of the current connection resource is within a third preset range, in the currently connected network equipment, the management server takes the network equipment of which the equipment information meets a preset abnormal condition or the login information of the belonged management account does not meet a preset activeness condition as the target network equipment.

Thus, the management server determines different selection strategies based on different occupancy rates, and performs offline processing on a small amount of network equipment when the occupancy rates are low; when the occupancy rate is higher, more network devices are offline, so that the flexibility of establishing connection of the network devices is improved.

In addition, the management server can also determine the selection strategy to be used according to the control effect of the websocket connection and the priority of the preset selection strategy. The corresponding treatment process comprises the following steps:

when the management server detects that the occupancy rate of the connection resource reaches a preset threshold value, in the currently connected network device, the network device, of which the corresponding device information meets a preset abnormal condition and the login information of the belonging management account does not meet a preset activeness condition, is taken as a target network device. The management server then disconnects the websocket connections with the target network devices.

And if the management server detects that the occupancy rate reaches the preset threshold value again within the preset time length, taking the network equipment of which the corresponding equipment information meets the preset abnormal condition as the target network equipment in the currently connected network equipment. The management server then disconnects the websocket connections with the target network devices.

If the management server detects that the occupancy rate reaches the preset threshold value again within the preset time length, the network device, in the currently connected network device, with the login information of the belonging management account not meeting the preset liveness condition or the login information of the belonging management account not meeting the preset liveness condition is taken as the target network device. The management server then disconnects the websocket connections with the target network devices.

Optionally, when determining the target network device according to the abnormal condition of the device information, the management server determines, for each network device, whether the connection frequency of the network device is greater than a preset frequency threshold. If yes, the management server determines the network equipment as target network equipment to be offline; or, for each network device, determining the state stability of the network device according to the device state information reported by the network device, and if the state stability is greater than a preset stability threshold, determining the network device as a target network device to be offline by the management server. For the specific processing, reference is made to the above description, which is not repeated herein.

Optionally, when the management server determines the target network device according to the activity condition of the login information, the management server may determine, in each management account, a target management account whose time interval between the last login time and the current time is greater than a preset first duration threshold. The management server determines the network equipment corresponding to the target management account as the target network equipment to be offline; alternatively, among the management accounts, the management server may determine a target management account whose login number is less than a preset number threshold. And the management server determines the network equipment corresponding to the target management account as the target network equipment to be offline. For the specific processing, reference is made to the above description, which is not repeated herein.

Step 303, add the device identifier of the target network device to the blacklist, and disconnect the websocket connection with the target network device.

In the embodiment of the invention, after the management server determines the target network equipment to be offline, the equipment identification of the target network equipment is added into the preset blacklist. And simultaneously, the management server disconnects the websocket connection with the target network equipment. That is, the management server releases the connection resources of the websocket connection.

In this way, the management server determines the idle network device and the network device corresponding to the user who is not concerned about the device state information of the network device. Then, the management server disconnects the websocket connection with the network devices, so that the connection resources of the network devices are released, and the situation that the connection resources are insufficient is avoided. In the embodiment of the invention, after the WebSocket connection between the network equipment and the management server is disconnected, the WebSocket connection with the management server is usually tried to be established again. That is, the network device may repeatedly send a connection request to the management server, and based on the current WebSocket connection process, the connection request may be an HTTP request or a WebSocket connection request. When the management server receives a connection request sent by the target network equipment, the management server refuses to establish the websocket connection with the target network equipment. Therefore, the target network device is prevented from reestablishing the Websocket connection and occupying connection resources.

Optionally, in the embodiment of the present invention, a mechanism for recovering the connection permission of the network device may be further provided in the management server, and specific ways include the following two ways:

in the first mode, when the preset second duration threshold is reached, the device identifier of the target network device is deleted from the blacklist to establish the websocket connection with the target network device again.

In the embodiment of the present invention, the management server may further pre-store an effective duration (i.e. a preset second duration threshold) of the device identifier in the blacklist, where the effective duration may be set by a technician, or may also be determined by the management server according to the state stability of the device information and/or the activity of the login information. Wherein, the higher the state stability or the lower the activity, the longer the corresponding effective duration.

And after adding the equipment identifier of a certain network equipment into the blacklist, the management server starts timing, and deletes the equipment identifier of the target network equipment from the blacklist when a preset second time threshold is reached, so that the subsequent management server establishes websocket connection with the network equipment when receiving the connection request sent by the network equipment again.

And secondly, when a login request carrying the account identifier of the target management account is received, deleting the device identifier of the target network device corresponding to the management account from the blacklist to establish the websocket connection with the target network device again.

In the embodiment of the invention, after receiving the login request, the management server analyzes the login request, acquires the account identifier of the management account carried by the login request, further judges whether the device identifier of the network device corresponding to the management account exists in the blacklist, and if the device identifier of the target network device corresponding to the management account exists in the blacklist, deletes the device identifier of the target network device corresponding to the management account from the blacklist so as to establish websocket connection (namely, access the management server) between the network device corresponding to the management account and the management server. In this way, the user can view the network device of the user and the device state information of each network device at the client.

It should be noted that, when the user views the device information of the network device, the management server may generate the device state information in the time period in which the network device is added to the blacklist according to the historical device state information reported by the network device, and a specific generation method may adopt a data generation method in the prior art, which is not limited in this embodiment.

In this example, the method is described by taking an example in which the management server includes a network service module, a websocket connection module, and an identity authentication module, and other cases are similar to the above and are not described again. The modules may be functional modules of the management server, or in a virtualization scenario, the modules may also be virtual machines running in the management server. As shown in fig. 4, the processing procedure of the method may be as follows:

step 401, the network device sends an HTTP request to the network service module according to the address of the network service module stored in advance.

The HTTP request carries the device identifier of the network device.

In the embodiment of the present invention, the network device stores the address of the network service module in advance, for example, oasis.h3c.com. And when the network equipment needs to establish websocket connection with the management server, the network equipment sends an HTTP request to a network service module of the management server according to the address.

In step 402, the network service module sends the device identifier of the network device to the authentication module.

In the embodiment of the invention, after receiving the HTTP request, the network service module analyzes the HTTP request to obtain the equipment identifier therein, and then sends the equipment identifier to the identity authentication module.

Step 403, the identity authentication module determines whether to establish a websocket connection with the network device according to a preset identity authentication policy and a blacklist. If so, step 404 is performed, otherwise, step 409 is performed.

In the embodiment of the invention, after the identity authentication module receives the equipment identifier, whether the equipment identifier exists is searched in a pre-stored registered equipment list. The registered device list includes device identifications of the registered network devices. If the equipment identifier exists, further inquiring whether the equipment identifier exists in the blacklist or not in the blacklist; if not, step 409 is performed. If the identity module finds the device identifier in the blacklist, step 409 is executed, and if the identity module does not find the device identifier, step 404 is executed.

Step 404, the authentication module sends the address of the websocket connection module to the network device.

Step 405, the network device sends a websocket connection request to the websocket connection module according to the address of the websocket connection module.

The websocket connection request carries the device identifier of the network device.

In the embodiment of the invention, after receiving the message sent by the identity authentication module, the network equipment analyzes the message to obtain the address of the websocket connection module, and then sends the websocket connection request to the websocket connection module according to the address of the websocket connection module.

Step 406, the websocket connection module sends the device identifier of the network device to the authentication module.

In the embodiment of the invention, after receiving the websocket connection request, the websocket connection module analyzes the websocket connection request to obtain the equipment identifier, and then sends the equipment identifier to the identity authentication module.

Step 407, the identity authentication module determines whether to establish a websocket connection with the network device according to a preset identity authentication policy and a blacklist. If so, step 408 is performed, otherwise, step 409 is performed.

In the embodiment of the invention, after the identity authentication module receives the equipment identifier, whether the equipment identifier exists is searched in a pre-stored registered equipment list. The registered device list includes device identifications of the registered network devices. If the equipment identifier exists, further inquiring whether the equipment identifier exists in the blacklist or not in the blacklist; if not, step 409 is performed. If the identity module finds the device identifier in the blacklist, step 409 is executed, and if the identity module does not find the device identifier, step 408 is executed.

And step 408, the authentication module performs websocket connection processing on the network equipment.

Step 409, the authentication module rejects the access of the network device and sends a response message of rejecting the access to the network device.

In the embodiment of the invention, the management server receives the connection request sent by the network equipment, wherein the connection request carries the equipment identification of the network equipment. And if the management server judges that the network equipment is legal equipment, identifying the legal network equipment again through the blacklist. And if the blacklist is not empty and the blacklist contains the equipment identifier of the network equipment, the management server refuses to establish the websocket connection with the network equipment, otherwise, the management server establishes the websocket connection with the network equipment. And if the blacklist is empty, the management server establishes websocket connection with the network equipment, generates a strategy according to a preset blacklist, and adds equipment identification in the blacklist.

Based on the same technical concept, an embodiment of the present invention further provides an apparatus for establishing a connection between network devices, where the apparatus is applied to a management server, and the management server establishes a cloud pipe websocket connection with a plurality of network devices, as shown in fig. 5, the apparatus includes

A receiving module 510, configured to receive a connection request sent by a network device, where the connection request carries a device identifier of the network device;

an obtaining module 520, configured to obtain a blacklist if it is determined that the network device is a legal device;

a first connection module 530, configured to determine whether the blacklist includes a device identifier of the network device if the blacklist is not empty; if so, refusing to establish the websocket connection with the network equipment, otherwise, establishing the websocket connection with the network equipment;

and the second connection module 540 is configured to establish a websocket connection with the network device if the blacklist is empty, generate a policy according to a preset blacklist, and add a device identifier to the blacklist.

Optionally, the second connection module 540 is specifically configured to:

the second connection module 540 is specifically configured to:

alternatively, the first and second electrodes may be,

Optionally, the login information includes login time and login times;

the second connection module 540 is specifically configured to:

alternatively, the first and second electrodes may be,

Optionally, as shown in fig. 6, the apparatus further includes:

a first deleting module 550, configured to, when a login request carrying an account identifier of the target management account is received, delete the device identifier of the target network device corresponding to the management account from the blacklist to establish a websocket connection with the target network device again.

Optionally, as shown in fig. 7, the apparatus further includes:

and a second deleting module 560, configured to delete the device identifier of the target network device from the blacklist when a preset second duration threshold is reached, so as to establish a websocket connection with the target network device again.

The embodiment of the present invention further provides a management server, as shown in fig. 8, which includes a processor 801, a communication interface 802, a memory 803, and a communication bus 804, where the processor 801, the communication interface 802, and the memory 803 complete mutual communication through the communication bus 804,

a memory 803 for storing a computer program;

the processor 801 is configured to, when executing the program stored in the memory 803, cause the management server to execute the following steps, including:

Optionally, the executing of the policy by the processor 801 according to the preset blacklist according to the computer program includes that the adding of the device identification instruction in the blacklist specifically includes:

Optionally, the determining, by the processor 801 executing a computer program, a target network device instruction to be offline according to the device information corresponding to each network device, the login information corresponding to each management account, and a preset device screening condition specifically includes:

the specific steps of taking the network device whose device information meets the preset abnormal condition as the target network device instruction in the currently connected network devices executed by the processor 801 through the computer program are as follows:

alternatively, the first and second electrodes may be,

Optionally, the login information includes login time and login times;

the specific steps of the processor 801 executing the network device whose login information does not satisfy the preset liveness condition among the currently connected network devices in the computer program as the target network device instruction are:

alternatively, the first and second electrodes may be,

Optionally, the processor 801 executing the computer program further includes executing the following instructions:

The machine-readable storage medium may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Additionally, the machine-readable storage medium may be at least one memory device located remotely from the aforementioned processor.

The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, or discrete hardware components.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims

1. A method for establishing connection of network equipment is applied to a management server, and the method comprises the following steps:

if the blacklist is empty, establishing websocket connection with the network equipment, generating a strategy according to a preset blacklist, and adding equipment identification in the blacklist;

the generating a policy according to a preset blacklist, and adding a device identifier in the blacklist, includes:

2. The method according to claim 1, wherein the determining a target network device to be offline according to the device information of each network device, the login information of each management account, and a preset device screening condition includes:

3. The method of claim 2, wherein the device information comprises connection frequency and reported device status information;

alternatively, the first and second electrodes may be,

4. The method of claim 2, wherein the login information includes login time and login times;

alternatively, the first and second electrodes may be,

5. The method of claim 4, further comprising:

6. The method of claim 1, further comprising:

7. An apparatus for establishing connection of network devices, the apparatus being applied to a management server, the apparatus comprising:

the second connection module is used for establishing websocket connection with the network equipment if the blacklist list is empty, generating a strategy according to a preset blacklist and adding an equipment identifier in the blacklist list;

the second connection module is specifically configured to:

8. The apparatus according to claim 7, wherein the second connection module is specifically configured to:

9. The apparatus of claim 8, wherein the device information comprises connection frequency and reported device status information;

the second connection module is specifically configured to: for each network device, if the connection frequency of the network device is greater than a preset frequency threshold, determining the network device as the target network device;

alternatively, the first and second electrodes may be,

10. The apparatus of claim 8, wherein the login information comprises a login time and a login number;

the second connection module is specifically configured to: determining a target management account of which the time interval between the last login time and the current time is greater than a preset first time threshold value in each management account;

alternatively, the first and second electrodes may be,

11. The apparatus of claim 10, further comprising:

12. The apparatus of claim 7, further comprising: