Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, some embodiments of the present application will be described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
A first embodiment of the present application relates to an SD-WAN system mainly including: a virtual logical network layer 101, a physical network layer 102, a network interconnect layer 103, and a user layer 104. The virtual logical network layer 101 is physically connected with the physical network layer 102 and is in communication connection with the network interconnection layer 103; the network interconnection layer 103 is physically connected to the physical network layer 102 and communicatively connected to the user layer 104, and the specific structure is shown in fig. 1.
In practical application, the network interconnection layer 103 in the SD-WAN system is mainly configured to receive access data of the user layer 104 to the physical network layer 102, generate an access request according to the received access data, send the generated access request to the virtual logical network layer 101 for processing, and transmit the access data to the physical network layer 102 under the control of the virtual logical network layer 101.
The virtual logical network layer 101 in the SD-WAN system is configured to control the internetworking layer 103 to transmit the access data to the physical network layer 102 according to the access request uploaded by the internetworking layer 103.
Specifically, in the present embodiment, the virtual logical network layer 101 specifically includes an SD-WAN controller 1011.
In this embodiment, the SD-WAN controller 1011 is mainly configured to determine a routing policy (for deciding to which gateway device the access data from the user layer is to jump) according to the access request sent by the internetworking layer 103, and control the gateway device that receives the access data in the internetworking layer 103 to forward the access data to another gateway device according to the routing policy, and the other gateway device transfers the access data to the physical network layer 102.
It should be noted that the routing policy in this embodiment may be specifically generated by the SD-WAN controller 1011 according to the current network situation and the size of the access data, or may be generated in advance by a large amount of analog data, and a specific determination method is not limited here.
The SD-WAN controller 1011 in the present application is only for indicating that the controller can control the entire SD-WAN system, and any device or program having the function may be used as the controller in the SD-WAN system in practical applications.
In addition, the SD-WAN controller 1011 described in the present application may be specifically deployed on a cloud server or a local server, and specifically, a person skilled in the art may set the SD-WAN controller according to needs, which is not limited herein.
In addition, it is worth mentioning that, in order to ensure that the access data requested by the user layer 104 is not leaked in the transmission process, and further ensure the security of the user information, the SD-WAN controller 1011 in this embodiment is further configured to control the gateway device in the internetworking layer 103 to forward and transmit the access data to encrypt the access data.
For example, the SD-WAN controller 1011 first determines whether or not the content in the access data relates to user privacy, and when it is determined that encryption is necessary, generates a control command to control a gateway device in the internetworking layer 103 that transfers and transmits the access data to encrypt the access data.
In addition, the encryption mode can be only to encrypt the access data, or to encrypt the information forwarded to which gateway device, so that the forwarded access data can only be received by the specified gateway device, thereby avoiding stealing the forwarded access data by the equipment accessing the network through other gateway devices.
It should be noted that the above is only an example, and does not limit the technical solution and the scope of protection of the present application, and those skilled in the art can perform the setting according to the needs, and the present invention is not limited herein.
The physical network layer 102 is specifically a WAN network. In this embodiment, the WAN network is a WAN network that has been deployed and put into use by existing enterprises, vendors, and the like, and is not redeployed.
The network interconnection layer 103 specifically includes several gateway devices, which are various gateway devices used in the existing WAN network system, such as an internet protocol "IP" router, a multi-protocol label switching "MPLS", a packet optical switch, an ethernet switch, and the like, and not a gateway device that is specially customized for implementing the SD-WAN system and is used with the SD-WAN controller 1011, 3 gateway devices are taken as an example in fig. 1, and for convenience, the gateway devices are respectively represented by a first gateway device 1031, a second gateway device 1032, and a third gateway device 1033.
Wherein any one of the gateway devices includes: the gateway device comprises a first WAN port, a second WAN port and a third WAN port (none of the 3 WAN ports are shown in FIG. 1), any gateway device is in communication connection with the SD-WAN controller through the first WAN port to form a logic control circuit, any gateway device is in physical connection with a physical network layer through the third WAN port to form a physical communication circuit, and any two gateway devices are in communication connection through the second WAN port to form a logic forwarding circuit.
In addition, the logic control circuit and the logic forwarding circuit may be specifically implemented by GRE (Generic Routing Encapsulation protocol), IPSec (internet protocol Security), VxLAN (Virtual extended Local Area Network), and other technologies, and a specific implementation manner may be selected by a person skilled in the art according to needs, which is not limited herein.
For the sake of understanding the operation principle of the gateway device in the present application, the following description specifically describes the three WAN ports:
in this embodiment, the first WAN port is specifically an interface for establishing a logical control line with the SD-WAN controller.
The second WAN port specifically refers to an interface for forwarding access data, which is established with other gateway devices in the network interconnection layer 103, and any two gateway devices are connected in communication through the interface, so that any two gateway devices can be interconnected and intercommunicated, and thus the gateway device receiving the access data can forward the access data to other gateway devices under the control of the SD-WAN controller, and the other gateway devices transmit the access data to the physical network layer 102.
The third WAN port is specifically an existing interface for data interaction with the WAN network, and is mainly used for transmitting access data from the user layer 104 to the physical network layer 102 (i.e., the WAN network).
In practical applications, the plurality of gateway devices in the internetworking layer 103 may be the same gateway apparatus or different gateway apparatuses, and are not limited herein.
It should be noted that in this embodiment, the reason why the gateway devices in the internetworking layer 103 can forward access data to each other is that the SD-WAN controller 1011 compiles all gateway devices in the internetworking layer 103, so that all gateway devices in the internetworking layer 103 have data forwarding attributes, for example, the attributes of the gateway devices are compiled by an embedded program.
The user layer 104 specifically includes a plurality of user terminals, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, and various devices capable of connecting to a network in a workstation, which are not illustrated herein. In fig. 1, 3 user terminals are taken as an example, and for convenience of distinction, a first user terminal 1041, a second user terminal 1042 and a third user terminal 1043 are respectively used for illustration.
In addition, it is to be noted that, in this embodiment, the physical connection (indicated by a solid line in fig. 1) may specifically be a connection by using a communication bus or an optical cable, and the communication connection (indicated by a dotted line in fig. 1) may specifically be a communication Protocol, such as BGP (Border Gateway Protocol ) to implement communication. In practical applications, a person skilled in the art can reasonably select the connection mode according to needs, and the connection mode is not limited herein.
As can be easily found from the above description, compared with the prior art, in the SD-WAN system provided in this embodiment, a virtual logical network layer is deployed on an existing physical network layer (i.e., a WAN network), and the virtual logical network layer is physically connected to the physical network layer and is in communication connection with the existing network interconnection layer, so that when receiving access data of a user layer to the physical network layer, the network interconnection layer can generate an access request according to the access data and send the access request to the virtual logical network layer, and after receiving the access request, the virtual logical network layer can control the network interconnection layer to transmit the access data to the physical network layer according to the access request. Based on the mode, the WAN network is conveniently and quickly transformed into the SD-WAN network without replacing equipment in the existing network interconnection layer.
A second embodiment of the present application relates to an SD-WAN system. The embodiment is further improved on the basis of the first embodiment, and the specific improvement is as follows: the virtual logical network layer further comprises an SD-WAN manager, and the specific structure is shown in fig. 2.
As shown in fig. 2, the SD-WAN system in the present embodiment includes, in addition to the modules shown in fig. 1, an SD-WAN manager 1012 in the virtual logical network layer 101.
The SD-WAN manager 1012 is physically connected to the SD-WAN controller 1011, and is mainly used for performing service orchestration on the user terminal in the user layer 104.
In addition, the SD-WAN manager 1012 in this embodiment is further configured to control the SD-WAN controller to perform network monitoring on each gateway device in the network interconnection layer 103, and to formulate a routing policy according to an access request generated by the access data.
Specifically, in this embodiment, the physical connection between the SD-WAN manager 1012 and the SD-WAN controller 1011 may be communication via a communication bus or the like, and communication is performed based on a network configuration protocol, such as Netconf protocol and IPFIX (IP Flow Information output) protocol.
In addition, the service arrangement performed by the SD-WAN manager 1012 on the user terminal in the user layer 104 may specifically be that after determining how many gateway devices are in the network interconnection layer 103 of the whole SD-WAN system, corresponding compilation information is generated, the SD-WAN controller 1011 compiles each gateway device, and when determining to which gateway device to forward the access data according to the access request, specific service arrangement content is determined, and those skilled in the art may set the service arrangement content as needed, which is not limited herein.
It should be noted that the SD-WAN manager 1012 is only used to indicate that the manager can implement the routing policy making, the service orchestration operation for the user terminal, and the like, and in practical applications, any device or program having the function may be used as the manager in the SD-WAN system.
In addition, the SD-WAN manager 1012 may be specifically deployed on a cloud server or a local server, and specifically, a person skilled in the art may set the SD-WAN manager according to needs, which is not limited herein.
For a more clear and complete understanding of the SD-WAN system of the present application, reference is now made to FIG. 3.
As shown in fig. 3, the SD-WAN controller and the SD-WAN manager in the virtual logical network layer 101 may specifically be servers respectively deployed with corresponding functions.
The physical network layer 102 may specifically be configured by 4G/LTE (a general term for LTE network systems such as TD-LTE (time division long term evolution) and FDD-LTE (long term evolution technology)), MPLS, broadband internet, and the like.
The internetworking layer 103 lists several common gateway devices such as routers, switches, connectors.
The user terminal in the user layer 104 may specifically be a portable computer (notebook computer), a device capable of networking in a workstation, a host computer, and the like.
It should be noted that the above is only an example, and does not limit the technical solution and the scope of protection of the present application, and those skilled in the art can perform the setting according to the needs, and the present invention is not limited herein.
As can be easily found from the above description, compared with the prior art, in the SD-WAN system provided in this embodiment, by setting the SD-WAN manager physically connected to the SD-WAN controller in the virtual logical network layer, the work of determining the routing policy and performing service arrangement on the user terminal is processed by the SD-WAN manager, so that the working pressure of the SD-WAN controller can be relieved, and the SD-WAN controller can quickly and accurately control the gateway device in the network interconnection layer even when there are many user terminals and the data processing amount is large in the SD-WAN system.
The third embodiment of the present application relates to a method for using an SD-WAN system, which is mainly applied to a virtual logical network layer in the SD-WAN system, and the specific flow is shown in fig. 4.
In step 401, an access request sent by a internetworking layer in the SD-WAN system is obtained.
Specifically, the access request acquired in this embodiment is generated by the network interconnection layer according to the access data of the user layer in the SD-WAN system to the physical network layer in the SD-WAN system.
In step 402, the control network interconnection layer transfers access data to the physical network layer according to the access request.
Specifically, in this embodiment, according to the access request, the control network interconnection layer transfers the access data to the physical network layer, which may specifically be implemented as follows:
and if only the SD-WAN controller exists in the virtual logic network layer, the SD-WAN controller directly determines a routing strategy according to the access request. And then, controlling the gateway device which receives the access data in the network interconnection layer to forward the access data to other gateway devices by the SD-WAN controller according to the routing strategy, and transmitting the access data to the physical network layer by the other gateway devices.
If the virtual logic network layer also comprises the SD-WAN manager, the SD-WAN manager can be directly handed over to the SD-WAN manager to determine a routing strategy according to the access request. Or, according to the current resource occupation condition of the SD-WAN controller, under the condition that the access request cannot be processed in time at present, the SD-WAN controller is handed to the SD-WAN manager for processing.
When the SD-WAN manager determines the routing policy, the SD-WAN manager needs to control the SD-WAN controller to perform network monitoring on each gateway device in the network interconnection layer, and then formulate the routing policy according to an access request generated by access data.
Regarding the manner of determining the routing policy, both the SD-WAN controller and the SD-WAN manager may be implemented in such a manner that, for example, the current network condition of the physical network layer, such as the currently idle gateway device, the available data transmission gateway in the gateway device, the supported bandwidth, and the occupation ratio of the bandwidth at the current time, are obtained first. After the information is obtained, a routing strategy is determined according to the network condition and the network request.
In order to enable the gateway devices in the internetworking layer to mutually forward access data in this embodiment, when the SD-WAN system is constructed, the SD-WAN controller compiles all the gateway devices in the internetworking layer before data forwarding, so that all the gateway devices in the internetworking layer have data forwarding attributes, for example, the attributes of the gateway devices are compiled by an implantation program.
In addition, it should be noted that the SD-WAN manager may also perform service orchestration on the user terminal in the user layer, and a specific orchestration manner may be as follows:
the SD-WAN manager firstly acquires the information and the access request of the user terminal in the user layer, and then performs service arrangement on the user terminal in the user layer according to the information and the access request of the user terminal.
It should be noted that the above is only an example, and does not limit the technical solution and the scope of protection of the present application, and those skilled in the art can perform the setting according to the needs, and the present invention is not limited herein.
It is not difficult to find out through the above description that, compared with the prior art, in the use method of the SD-WAN system provided in this embodiment, a virtual logic network layer is deployed on an existing physical network layer (i.e., WAN network), and the virtual logic network layer is set to be physically connected to the physical network layer, so that when a gateway device requested by a user terminal in the user layer cannot meet a user request, the virtual logic network layer can control the gateway device to forward access data to other gateway devices that can normally operate, and the gateway device that can normally operate uploads the access data of a user to the physical network layer in time, so that while user experience is ensured, the gateway device in the network interconnection layer is reasonably scheduled, and the gateway device is greatly utilized.
A fourth embodiment of the present application relates to a method of use of an SD-WAN system. The embodiment is further improved on the basis of the third embodiment, and the specific improvements are as follows: before controlling the internetworking layer to transmit the access data to the physical network layer according to the access request, a gateway device that forwards and transmits the access data in the internetworking layer needs to be controlled to encrypt the access data, and a specific flow is shown in fig. 5.
Specifically, in this embodiment, steps 501 to 503 are included, where steps 501 and 503 are substantially the same as steps 401 and 402 in the third embodiment, and are not described herein again, and differences are mainly introduced below, and technical details that are not described in detail in this embodiment may refer to a method for using an SD-WAN system provided in the third embodiment of the present application, or an SD-WAN system provided in any embodiment of the present application, and are not described herein again.
In step 502, the gateway device that controls forwarding and transmission of the access data in the internetworking layer encrypts the access data.
Specifically, the encryption operation is controlled by an SD-WAN controller in a virtual logic network layer.
For example, the SD-WAN controller first determines whether the content in the access data relates to user privacy, and when it is determined that encryption is necessary, generates a control command to control the gateway device in the internetworking layer 103 that forwards and transmits the access data to encrypt the access data.
In addition, the encryption mode can be only to encrypt the access data, or to encrypt the information forwarded to which gateway device, so that the forwarded access data can only be received by the specified gateway device, thereby avoiding stealing the forwarded access data by the equipment accessing the network through other gateway devices.
It should be noted that the above is only an example, and does not limit the technical solution and the scope of protection of the present application, and those skilled in the art can perform the setting according to the needs, and the present invention is not limited herein.
As can be easily found from the above description, compared with the prior art, in the use method of the SD-WAN system provided in this embodiment, before controlling the network interconnection layer to transmit the access data to the physical network layer according to the access request, the SD-WAN controller encrypts the access data by controlling the gateway device in the network interconnection layer that forwards and transmits the access data, so that it is ensured that the access data requested by the user terminal in the user layer is not leaked during transmission, and further, the security of the user information is ensured.
A fifth embodiment of the present application relates to a method of use of an SD-WAN system. The using method of the SD-WAN system is mainly applied to a network interconnection layer in the SD-WAN system, and the specific flow is shown in FIG. 6.
In step 601, access data of a user layer in the SD-WAN system to a physical network layer in the SD-WAN system is received.
In step 602, an access request is generated according to the access data, and the access request is sent to a virtual logical network layer in the SD-WAN system.
Specifically, in this embodiment, the operation of sending the access request to the virtual logical network layer in the SD-WAN system may be specifically implemented in such a manner that the gateway device receiving the access data sends the access request to the virtual logical network layer by using the first WAN port, that is, sends the access request to the virtual logical network layer by using a virtual logical control line established with the SD-WAN controller in the virtual path network layer.
In step 603, the access data is transferred to the physical network layer under control of the virtual logical network layer.
Specifically, in this embodiment, the transmission of the access data to the physical network layer under the control of the virtual logical network layer may be specifically implemented in such a manner that, for example, the gateway device that sends the access request forwards the access data to another gateway device by using the second WAN port according to the routing policy determined by the virtual logical network layer, and uploads the access data to the physical network layer by using the third WAN port of the other gateway device.
It should be noted that, since the use method of the SD-WAN system applied to the network interconnection layer provided in this embodiment needs to be used in cooperation with the use method of the SD-WAN system applied to the virtual logic network layer, details of the technique that are not described in detail in this embodiment may be referred to the use method of the SD-WAN system applied to the network interconnection layer in the SD-WAN system and the SD-WAN system provided in any embodiment of this application, and are not described herein again.
In addition, it should be noted that, the embodiment is only a specific implementation, and in practical applications, working logics of each gateway device of the network interconnection layer may be reasonably set by those skilled in the art according to needs, and are not limited herein.
It is not difficult to find out through the above description that, in the using method of the SD-WAN system provided in this embodiment, the existing physical network layer (i.e., WAN network) has a data forwarding attribute according to the compilation of the newly added virtual logic network layer, so that when the gateway device requested by the user terminal in the user layer cannot meet the user request, the access data requested by the user can be forwarded to other gateway devices that can normally operate according to the control instruction of the virtual logic network layer, and the access data of the user is timely uploaded to the physical network layer by the gateway device that can normally operate, so that the gateway device in the network interconnection layer is reasonably scheduled while the user experience is ensured, and the gateway device is greatly utilized.
The sixth embodiment of the present application relates to a use device of an SD-WAN system, which is mainly applied to a virtual logical network layer in the SD-WAN system, and the specific structure is shown in fig. 7.
As shown in fig. 7, the device for using the SD-WAN system mainly includes: an acquisition module 701 and a control module 702.
The obtaining module 701 is configured to obtain an access request sent by a network interconnection layer in the SD-WAN system. And a control module 702, configured to control the network interconnection layer to transmit the access data to the physical network layer according to the access request.
It should be noted that, in this embodiment, the access request is generated by the network interconnection layer according to the access data of the user layer in the SD-WAN system to the physical network layer in the SD-WAN system.
In addition, it should be noted that, since the present embodiment is a virtual device embodiment corresponding to the method embodiment, technical details that are not described in detail in the present embodiment may be referred to a method for using the SD-WAN system applied to the virtual logic network layer in the SD-WAN system provided in any embodiment of the present application, and are not described herein again.
A seventh embodiment of the present application relates to a device for using an SD-WAN system, which is mainly applied to a network interconnection layer in the SD-WAN system, and the specific structure is shown in fig. 8.
As shown in fig. 8, the device for using the SD-WAN system mainly includes: a receiving module 801, a first transmitting module 802 and a second transmitting module 803.
The receiving module 801 is configured to receive access data of a user layer in the SD-WAN system to a physical network layer in the SD-WAN system. And a first sending module 802, configured to generate an access request according to the access data, and send the access request to a virtual logical network layer in the SD-WAN system. A second sending module 803, configured to transfer the access data to the physical network layer under the control of the virtual logical network layer.
It should be noted that, in this embodiment, when the second sending module 803 transfers the access data to the physical network layer, specifically, the receiving module 801 receives the control command issued by the virtual logical network layer, so as to transfer the access data to the physical network layer under the control of the virtual logical network layer.
In addition, it should be noted that, since the present embodiment is a virtual device embodiment corresponding to the method embodiment, technical details that are not described in detail in the present embodiment may be referred to a method for using an SD-WAN system applied to a network interconnection layer in the SD-WAN system provided in any embodiment of the present application, and are not described herein again.
In addition, it should be noted that the above-described embodiments of the apparatus are merely illustrative, and do not limit the scope of the present application, and in practical applications, a person skilled in the art may select some or all of the modules to implement the purpose of the embodiments according to actual needs, and the present invention is not limited herein.
An eighth embodiment of the present application relates to an electronic device, and a specific structure is shown in fig. 9.
Specifically, the electronic device may specifically include at least one processor 901; and a memory 902 communicatively coupled to at least one processor 901, and a communication component 903, the communication component 903 receiving and/or transmitting data under the control of the processor 901. The memory 902 stores instructions executable by the at least one processor 901, and the instructions are executed by the at least one processor 901, so that the at least one processor 901 can execute the usage method of the SD-WAN system applied to the virtual logical network layer provided in any of the above embodiments.
The electronic device in this embodiment may specifically be any electronic device having functions of an SD-WAN controller and an SD-WAN manager, such as a PC, or a server (the server may be local, or may be a cloud server). Specifically, those skilled in the art can reasonably select the compound according to needs, and the compound is not listed here, nor is it limited specifically.
The above description is only an example, and does not limit the technical solution and the scope of the present invention.
A ninth embodiment of the present application relates to a network interconnection device, and a specific structure is shown in fig. 10.
Specifically, the network interconnection device may specifically include at least one processor 1001; and a memory 1002 communicatively coupled to the at least one processor 1001, and a communications component 1003, the communications component 1003 receiving and/or transmitting data under the control of the processor 1001. The memory 1002 stores instructions executable by the at least one processor 1001, and the instructions are executed by the at least one processor 1001 to enable the at least one processor 1001 to execute the method for using the SD-WAN system applied to the internetworking layer provided in any of the above embodiments.
The network interconnection device in this embodiment may be any gateway device, such as a router, a switch, and the like. Specifically, those skilled in the art can reasonably select the compound according to needs, and the compound is not listed here, nor is it limited specifically.
The above description is only an example, and does not limit the technical solution and the scope of the present invention.
In addition, it should be noted that, in practical applications, the processor in the eighth embodiment and the ninth embodiment may be a CPU (Central Processing Unit), the Memory may be a RAM (Random Access Memory), and the communication component may be a communication interface with a communication function, a pin, and the like. In addition, the processor and the memory may be connected by a bus or by other means, and fig. 9 and 10 illustrate the connection by a bus. Memory, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as the routing policies stored in the memory of the embodiments of the present application. The processor executes various functional applications and data processing of the device by executing nonvolatile software programs, instructions, and modules stored in the memory, that is, implementing the above-described usage method of the SD-WAN applied to the virtual logical network layer in the SD-WAN system or the usage method of the SD-WAN applied to the internetworking layer in the SD-WAN system.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store a list of options, etc. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and such remote memory may be connected to the external device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more modules are stored in the memory and, when executed by the one or more processors, perform the method of use of the SD-WAN system in any of the method embodiments described above.
The product can execute the method provided by the embodiment of the invention, has corresponding functional modules and beneficial effects of the execution method, and can refer to the method provided by any embodiment of the invention without detailed technical details in the embodiment.
A tenth embodiment of the present application relates to a computer-readable storage medium, which is a computer-readable storage medium having stored therein computer instructions that enable a computer to execute a method of using a SD-WAN applied to a virtual logical network layer in a SD-WAN system or a method of using a SD-WAN applied to a network interconnection layer in a SD-WAN system, which is described in any of the above embodiments.
Those skilled in the art can understand that all or part of the steps in the method of the foregoing embodiments may be implemented by a program to instruct related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, etc.) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the present application, and that various changes in form and details may be made therein without departing from the spirit and scope of the present application in practice.