CN108769016A

CN108769016A - A kind of processing method and processing device of service message

Info

Publication number: CN108769016A
Application number: CN201810532382.0A
Authority: CN
Inventors: 夏添
Original assignee: New H3C Security Technologies Co Ltd
Current assignee: New H3C Security Technologies Co Ltd
Priority date: 2018-05-29
Filing date: 2018-05-29
Publication date: 2018-11-06
Anticipated expiration: 2038-05-29
Also published as: CN108769016B

Abstract

The embodiment of the present application provides a kind of processing method and processing device of service message, is related to field of communication technology, and the method is applied to access device, the method includes：Destination server into Verification System sends Status Enquiry Packet；The feedback message that destination server is sent is received, feeds back in message and carries destination service state of a process information；According to the status information received, when judging that destination server breaks down, if the feedback message sent according to other servers in Verification System in addition to destination server, determine that all first servers identical with destination server service type break down in Verification System, then when receiving the service message of user terminal transmission, according to the purpose IP address that service message carries, processing is forwarded to service message.It can ensure that user normally accesses network using the application.

Description

A kind of processing method and processing device of service message

Technical field

This application involves fields of communication technology, more particularly to a kind of processing method and processing device of service message.

Background technology

Portal certifications are a kind of common identification authentication modes.Portal certifications are also commonly referred to as web authentication, Portal Authentication website can be described as portal website.In Portal certifications, when unverified user terminal is reached the standard grade, user needs in portal Website carries out authentication, and only certification can just access Internet resources after passing through.Portal certification system generally comprises more The server of a type, for example (Authentication, Authorization, Accounting recognize by certificate server, AAA Card authorizes, charging) server and Security Policy Server etc..In practical networking, certificate server may include that Portal recognizes Demonstrate,prove server and Portal Web servers.When user terminal is reached the standard grade, certificate server can carry out Portal to user terminal Certification (i.e. username and password certification), after certification passes through, aaa server can be authenticated the user terminal, authorize and count The processing such as take, also, during user terminal access wireless network, Security Policy Server can carry out the user terminal Safety detection.

User's escape mechanism is usually provided in the network system based on Portal certifications, in access device, specifically Processing procedure is：Keepalive mechanism based on portal protocol, certificate server periodically can send keep-alive report to access device Text judges the authentication service if access device does not receive the keep Alive Packet of certificate server transmission in preset duration Device failure, at this point, if access device receive user terminal transmission service message when, even if the user terminal does not carry out Portal certifications, access device can also be forwarded the service message, are not necessarily to according to the purpose IP address in the service message Portal certifications are carried out, to allow the terminal to normally access network.

However, in the prior art, communicated by portal protocol between certificate server and access device, therefore, Certificate server can send keep Alive Packet to access device, and other servers in portal certification system and access device it Between be not to be communicated by portal protocol, will not to access device send keep Alive Packet.So access device is only in certification When server fail, user's escape mechanism is just opened.And for other servers in portal certification system, such as Aaa server and Security Policy Server etc., if these server fails, user terminal will be unable to access network.

Invention content

The embodiment of the present application is designed to provide a kind of processing method and processing device of service message, and user is opened to improve The promptness of escape mechanism, to ensure that user normally accesses network.Specific technical solution is as follows：

In a first aspect, providing a kind of processing method of service message, the method is applied to access device, the method Including：

Destination server into Verification System sends Status Enquiry Packet, is carried in the Status Enquiry Packet described The mark of destination service process in destination server；

The feedback message that the destination server is sent is received, the destination service process is carried in the feedback message Status information；

According to the status information received, when judging that the destination server breaks down, if according in Verification System The feedback message that other servers in addition to destination server are sent, determine in Verification System with the destination server service The identical all first servers of type break down, then when receiving the service message of user terminal transmission, according to institute The purpose IP address for stating service message carrying, processing is forwarded to the service message.

With reference to first aspect, in the first possible realization method of the first aspect, when the judgement destination server When breaking down, further include：

If according to the feedback message that other servers in Verification System in addition to destination server are sent, at least one is determined First server does not break down, then any service being forwarded to the service message in an at least first server Device；Or,

If according to the feedback message that other servers in Verification System in addition to destination server are sent, certification system is determined Have at least that a server does not break down in system in the server of each service type, then forwards the service message received To the Verification System.

With reference to first aspect, second of the first aspect may in realization method, according to the status information received, Judge whether the destination server breaks down in the following manner：

If in the status information received, there is the status information for indicating the destination service process normal operation, then Judge that the destination server does not break down；

If in the status information received, the status information for indicating the destination service process normal operation is not present, Then judge that the destination server breaks down.

With reference to first aspect, it in the third possible realization method of the first aspect, is also carried in the feedback message There are the resource utilization of the destination server, the method to further include：

If according to the feedback message that other servers in Verification System in addition to destination server are sent, certification system is determined Have at least that a server does not break down in system in the server of each service type, then in an at least server, Determine the minimum server of resource utilization；

The service message is sent to the minimum server of the resource utilization.

With reference to first aspect, in the 4th kind of possible realization method of the first aspect, the method further includes：

When receiving the service message of user terminal transmission, according to pre-stored certification user list, described in judgement Whether user terminal is terminal to be certified；

If the user terminal is terminal to be certified, judge in pre-stored escape domain list, if include institute State the purpose IP address of service message carrying, the address being able to access that comprising terminal to be certified in the escape domain list；

If the purpose IP address carried comprising the service message in the escape domain list, executes described according to institute The step of stating the purpose IP address that service message carries, processing be forwarded to the service message；

If not including the purpose IP address that the service message carries in the escape domain list, the business is abandoned Message.

With reference to first aspect and any possible realization method of above-mentioned first aspect, the 5th kind in the first aspect can In energy realization method, the method further includes：

Obtain the message characteristic of the user information and the service message of the user terminal；

In preset escape user list, the corresponding list item of the user terminal is added, the list item, which includes at least, to be used The message characteristic of the user information of family terminal and the service message.

With reference to first aspect, in the 6th kind of possible realization method of the first aspect, the method further includes：

When the feedback message sent according to server in Verification System, the service of each service type in Verification System is determined When having that at least a server does not break down in device, the user information in the escape user list is sent to described first Any server not broken down in server；

Receive the authentication response returned；

If determining that the user information authentication fails according to the authentication response, at least one of following operation is executed：It deletes Except the corresponding user of the user information reach the standard grade information, the corresponding user of the user information is added to blacklist, when according to recognizing The feedback message that server is sent in card system, determines that the Servers-all of at least one service type in Verification System is sent out When raw failure, refuses the corresponding user of the user information and reach the standard grade.

Second aspect, provides a kind of processing method of service message, and the method is applied to access device, the method Including：

According to the status information received, when judging the destination service process failures, if according to Verification System In the feedback message that sends of other servers in addition to destination server, determine in Verification System with the destination service process The identical all first service processes of service type break down, then when receiving the service message of user terminal transmission, According to the purpose IP address that the service message carries, processing is forwarded to the service message.

In conjunction with second aspect, in the first possible realization method of the second aspect, when judge the destination service into When journey breaks down, further include：

If according to the feedback message that other servers in Verification System in addition to destination server are sent, at least one is determined First service process does not break down, then any being forwarded to the service message where an at least first service process Server；Or,

If according to the feedback message that other servers in Verification System in addition to destination server are sent, certification system is determined Have at least that a service processes do not break down in system in the service processes of each service type, then the service message that will be received It is forwarded to the Verification System.

It is also carried in the feedback message in second of possible realization method of the second aspect in conjunction with second aspect There are the resource utilization of the destination server, the method to further include：

If according to the feedback message that other servers in Verification System in addition to destination server are sent, certification system is determined Have at least that a service processes do not break down in system in the service processes of each service type, then described at least one service into In server where journey, the minimum server of resource utilization is determined；

The service message is sent to the minimum server of the resource utilization.

In conjunction with any possible realization method of second aspect and above-mentioned second aspect, the third in the second aspect can In energy realization method, the method further includes：

In conjunction with second aspect, in the 4th kind of possible realization method of the second aspect, the method further includes：

When the feedback message sent according to server in Verification System, the service of each service type in Verification System is determined When having that at least a service processes do not break down in process, the user information in the escape user list is sent to and is not sent out Server where any first service process of raw failure；

Receive the authentication response returned；

If determining that the user information authentication fails according to the authentication response, at least one of following operation is executed：It deletes Except the corresponding user of the user information reach the standard grade information, the corresponding user of the user information is added to blacklist, when according to recognizing The feedback message that server is sent in card system, determines that all service processes of at least one service type in Verification System are equal When breaking down, refuses the corresponding user of the user information and reach the standard grade.

The third aspect, provides a kind of processing method of service message, and the method is applied to the service in Verification System Device, the method includes：

The Status Enquiry Packet that access device is sent is received, destination service process is carried in the Status Enquiry Packet Mark；

According to the mark of the destination service process, the destination service state of a process information is obtained；

Feedback message is sent to the access device, the destination service state of a process is carried in the feedback message Information.

It is described to be sent out to the access device in the first possible realization method of the third aspect in conjunction with the third aspect Feedback message is sent, further includes before：The current resource utilization of this equipment is obtained, according to the resource utilization, destination service State of a process information encapsulates the feedback message.

Fourth aspect, provides a kind of processing unit of service message, and described device is applied to access device, described device Including the first sending module, the first receiving module and the first forwarding module, alternatively, described device includes the second sending module, the Two receiving modules and the second forwarding module, wherein：

First sending module sends status request message, the shape for the destination server into Verification System The mark of the destination service process in the destination server is carried in state request message；

First receiving module, the feedback message sent for receiving the destination server, in the feedback message Carry the destination service state of a process information；

First forwarding module, for the status information that basis receives, when event occurs for the judgement destination server When barrier, if according to the feedback message that other servers in Verification System in addition to destination server are sent, Verification System is determined In all first servers identical with the destination server service type break down, then when receive user terminal hair When the service message sent, according to the purpose IP address that the service message carries, processing is forwarded to the service message；

Second sending module sends Status Enquiry Packet, the shape for the destination server into Verification System The mark of the destination service process in the destination server is carried in state request message；

Second receiving module, the feedback message sent for receiving the destination server, in the feedback message Carry the destination service state of a process information；

Second forwarding module, for the status information that basis receives, when the judgement destination service process occurs When failure, if according to the feedback message that other servers in Verification System in addition to destination server are sent, certification system is determined All first service processes identical with the destination service process service type break down in system, then when receiving user When the service message that terminal is sent, according to the purpose IP address that the service message carries, the service message is forwarded Processing.

In conjunction with fourth aspect, in the first possible realization method of the fourth aspect, described device further includes that third turns Module or the 4th forwarding module are sent out, wherein：

The third forwarding module, if for being sent according to other servers in Verification System in addition to destination server Feedback message, determine that an at least first server does not break down, then the service message be forwarded to described at least 1 the Any server in one server；If or, for being sent out according to other servers in Verification System in addition to destination server The feedback message sent, determining in Verification System has at least that a server does not break down in the server of each service type, The service message received is then forwarded to the Verification System；

4th forwarding module, if for being sent according to other servers in Verification System in addition to destination server Feedback message, at least first service process of determination do not break down, then the service message is forwarded to described at least one Any server where first service process；If or, for according to other clothes in Verification System in addition to destination server The feedback message that business device is sent, determines in Verification System there is an at least service processes not in the service processes of each service type It breaks down, then the service message received is forwarded to the Verification System.

In conjunction with fourth aspect, in second of possible realization method of the fourth aspect, first forwarding module passes through Following manner judges whether the destination server breaks down：

In conjunction with fourth aspect, in the third possible realization method of the fourth aspect, also carried in the feedback message There is the resource utilization of the destination server, described device further includes the first determining module and third sending module, alternatively, institute It further includes the second determining module and the 4th sending module to state device, wherein：

First determining module, if for being sent according to other servers in Verification System in addition to destination server Feedback message, determining in Verification System has at least that a server does not break down in the server of each service type, then In an at least server, the minimum server of resource utilization is determined；

The third sending module, for the service message to be sent to the minimum server of the resource utilization；

Second determining module, if for being sent according to other servers in Verification System in addition to destination server Feedback message, determine in Verification System have in the service processes of each service type an at least service processes do not occur therefore Barrier, then in the server where an at least service processes, determine the minimum server of resource utilization；

4th sending module, for the service message to be sent to the minimum server of the resource utilization.

In conjunction with fourth aspect, in the 4th kind of possible realization method of the fourth aspect, described device further includes second sentencing Disconnected module, third judgment module, first processing module and discard module, wherein：

Second judgment module, for when receive user terminal transmission service message when, according to pre-stored Certification user list judges whether the user terminal is terminal to be certified, the certification user list include certification by The mark of user terminal；

The third judgment module judges pre-stored escape if being terminal to be certified for the user terminal In raw domain list, if include end to be certified in the escape domain list comprising the purpose IP address that the service message carries Hold the address being able to access that；

The first processing module, if the destination IP for being carried comprising the service message in the escape domain list Address then triggers the first forwarding module and executes the purpose IP address carried according to the service message, to the business report Text is forwarded the step of processing；

The discard module, if for the destination IP not comprising service message carrying in the escape domain list Location then abandons the service message.

In conjunction with any possible realization method of fourth aspect and above-mentioned fourth aspect, the 5th kind in the fourth aspect can Can be in realization method, described device further includes acquisition module and add module, wherein：

The acquisition module, the message characteristic of user information and the service message for obtaining the user terminal；

The add module, in preset escape user list, adding the corresponding list item of the user terminal, institute State message characteristic of the list item including at least the user information and the service message of user terminal.

In conjunction with fourth aspect, in the 6th kind of possible realization method of the fourth aspect, described device further includes the 5th hair Module, third receiving module and the first execution module are sent, alternatively, described device further includes the 6th sending module, the 4th reception mould Block and the second execution module, wherein：

5th sending module, for when the feedback message sent according to server in Verification System, determining certification system It, will be in the escape user list when having that at least a server does not break down in system in the server of each service type User information is sent to any server not broken down in the first server；

The third receiving module, for receiving the authentication response returned；

If first execution module is held for determining that the user information authentication fails according to the authentication response At least one following operation of row：Delete the corresponding user of the user information reach the standard grade information, by the corresponding use of the user information Blacklist is added, when the feedback message sent according to server in Verification System in family, determines that at least one in Verification System takes When the Servers-all of service type breaks down, refuses the corresponding user of the user information and reach the standard grade；

6th sending module, for when the feedback message sent according to server in Verification System, determining certification system When having that at least a service processes do not break down in system in the service processes of each service type, by the escape user list In user information be sent to the server where any first service process not broken down；

4th receiving module, for receiving the authentication response returned；

If second execution module is held for determining that the user information authentication fails according to the authentication response At least one following operation of row：

Delete the corresponding user of the user information reach the standard grade information, black name is added in the corresponding user of the user information Single,

When the feedback message sent according to server in Verification System, at least one service type in Verification System is determined All service processes when breaking down, refuse the corresponding user of the user information and reach the standard grade.

5th aspect, provides a kind of processing unit of service message, and described device is applied to the service in Verification System Device, described device include：

Receiving module, the status request message for receiving access device transmission carry in the status request message The mark of destination service process；

First acquisition module obtains the shape of the destination service process for the mark according to the destination service process State information；

Sending module carries the target for sending feedback message to the access device in the feedback message The status information of service processes.

It is also carried in the feedback message in the first possible realization method of the 5th aspect in conjunction with the 5th aspect There are the resource utilization of the server, described device to further include：Second acquisition module, the resource current for obtaining this equipment Utilization rate encapsulates the feedback message according to the resource utilization, destination service state of a process information.

6th aspect, provides a kind of access device, including processor and machine readable storage medium, described machine readable Storage medium is stored with the machine-executable instruction that can be executed by the processor, and the processor can perform by the machine Instruction promotes：Execute first aspect or its any realization method and second aspect or its any realization method.

7th aspect, provides a kind of machine readable storage medium, is stored with machine-executable instruction, by processor tune When with executing, the machine-executable instruction promotes the processor：Execute first aspect or its any realization method, with And second aspect or its any realization method.

Eighth aspect, provides a kind of server, including processor and machine readable storage medium, described machine readable to deposit Storage media is stored with the machine-executable instruction that can be executed by the processor, and the processor is by the executable finger of the machine Order promotes：Execute the third aspect or its any realization method.

9th aspect, provides a kind of machine readable storage medium, is stored with machine-executable instruction, by processor tune When with executing, the machine-executable instruction promotes the processor：Execute the third aspect or its any realization method.

A kind of processing method and processing device of service message provided by the embodiments of the present application, access device can be to Verification Systems In destination server send Status Enquiry Packet, the destination service process in destination server is carried in Status Enquiry Packet Mark.Access device receives the feedback message that destination server is sent, and feeds back the shape that destination service process is carried in message State information.Access device is according to the status information received, when judging that destination server breaks down, if according to Verification System In the feedback message that sends of other servers in addition to destination server, determine in Verification System and service class with destination server The identical all first servers of type break down, then when receiving the service message of user terminal transmission, according to business The purpose IP address that message carries, processing is forwarded to service message.In this way, access device can be to every in Verification System A server is monitored, if the server of a certain service type all breaks down, access device can open use in time Family escape mechanism, to ensure that user terminal can normally access network.Certainly, any product or method for implementing the application must It is not necessarily required to reach all the above advantage simultaneously.

Description of the drawings

Fig. 1 is a kind of schematic diagram of network system provided by the embodiments of the present application；

Fig. 2 is a kind of method flow diagram of the processing method of service message provided by the embodiments of the present application；

Fig. 3 is a kind of method flow diagram of the processing method of service message provided by the embodiments of the present application；

Fig. 4 is a kind of interaction schematic diagram of access device and server provided by the embodiments of the present application；

Fig. 5 is a kind of method flow diagram of the processing method of service message provided by the embodiments of the present application；

Fig. 6 is a kind of method flow diagram of the processing method of service message provided by the embodiments of the present application；

Fig. 7 is a kind of method flow diagram of the processing method of service message provided by the embodiments of the present application；

Fig. 8 is a kind of method flow diagram of the processing method of service message provided by the embodiments of the present application；

Fig. 9 is a kind of system interaction flow chart of the processing method of service message provided by the embodiments of the present application；

Figure 10 is a kind of exemplary method flow diagram of the processing method of service message provided by the embodiments of the present application；

Figure 11 is a kind of structural schematic diagram of the processing unit of service message provided by the embodiments of the present application；

Figure 12 is a kind of structural schematic diagram of the processing unit of service message provided by the embodiments of the present application；

Figure 13 is a kind of structural schematic diagram of the processing unit of service message provided by the embodiments of the present application；

Figure 14 is the structural schematic diagram of access device provided by the embodiments of the present application；

Figure 15 is the structural schematic diagram of server provided by the embodiments of the present application.

Specific implementation mode

The embodiment of the present application provides a kind of processing method of service message, and this method can be by access device and certification system Server in system is realized jointly.The access device can be interchanger, router or wireless controller etc.；The Verification System can To be for the system to user terminal progress authentication, the present embodiment is (usual by portal certification system of Verification System Alternatively referred to as web authentication system) for illustrate, this programme be applied to other Verification Systems processing procedure it is similar therewith, It repeats no more.Portal certification system generally comprises the server of multiple service types, for example the server of auth type (can claim For certificate server), the server of the server (such as aaa server) of charge type and security type (such as security strategy Server).Wherein, certificate server may include Portal certificate servers, Portal Web servers, aaa server, Portal Web servers are usually integrated with Portal certificate servers, can also be independent server-side system.Clothes Service type can also be divided with the service function of offer, for example provide the Portal certificate servers of Portal certifications, provide web The Portal Web servers of certification, provide the aaa server of aaa authentication, charging, provide the security strategy of security strategy function Server.The quantity of the server of each service type can be multiple.

As shown in Figure 1, for the schematic diagram of network system provided by the embodiments of the present application, which includes user terminal (can be described as Portal clients), access device and portal certification system, portal certification system may include that Portal recognizes Demonstrate,prove server, Portal Web servers, aaa server and Security Policy Server.Wherein, Portal Web servers are used for The page data that certification page is provided to user terminal, so that user inputs identity information (such as user name in certification page With password etc.)；Portal certificate servers can carry out authentication according to the identity information to the user terminal；AAA is serviced Device is for being authenticated user terminal, authorizing and charging etc.；Security Policy Server is used to carry out safe inspection to user terminal It surveys, and security certificate operation etc. is carried out to user terminal.

In the embodiment of the present application, access device can monitor the shape of each service type service device in portal certification system State, to judge whether the server of each service type breaks down.In one implementation, it can be provided in access device Monitoring modular and Track modules can be communicated between access device and each server by Track agreements, in this way, can be with The state of each service type service device is uniformly monitored by Track modules, and is analyzed, to shield the difference of different monitoring objects It is different.When the server fail of a certain service type (such as the Web process exceptions in Portal Web servers, or When aaa server goes offline), access device can start user's escape mechanism in time, so that user can normally access network.It needs It is noted that access device can also only monitor the state of the server of sub-service service type in the middle part of portal certification system.

Embodiment one

An embodiment of the present invention provides the processing procedure when processing method that a kind of access device executes above-mentioned service message, As shown in Fig. 2, including the following steps.

Step 201, the destination server into Verification System sends Status Enquiry Packet, is carried in Status Enquiry Packet The mark of destination service process in destination server.

Wherein, destination server can be any server in Verification System.Destination service process is to provide the mesh The process of service business in server is marked, such as destination service process in Portal certificate servers is Portal-server.

Step 202, the feedback message that destination server is sent is received, the shape for carrying destination service process in message is fed back State information.

Step 203, according to the status information received, when judging that destination server breaks down, if according to certification system The feedback message that other servers in addition to destination server are sent in system, determine in Verification System with destination server service The identical all first servers of type break down, then when receiving the service message of user terminal transmission, according to industry The purpose IP address that business message carries, processing is forwarded to service message.

In the embodiment of the present invention, access device can send Status Enquiry Packet to the destination server in Verification System, The mark of the destination service process in destination server is carried in Status Enquiry Packet.Access device receives destination server hair The feedback message sent feeds back in message and carries destination service state of a process information.Access device is according to the state received Information, when judging that destination server breaks down, if according to other servers in Verification System in addition to destination server The feedback message of transmission determines that event occurs for all first servers identical with destination server service type in Verification System Barrier, then when receiving the service message of user terminal transmission, according to the purpose IP address that service message carries, to service message It is forwarded processing.In this way, access device can be monitored each server in Verification System, if a certain service class The server of type all breaks down, and access device can open user's escape mechanism in time, to ensure that user terminal can It is normal to access network.

Embodiment two

Based on the processing method of service message shown in Fig. 2, the embodiment of the present invention additionally provides a kind of access device execution The detailed process when processing method of above-mentioned service message, as shown in figure 3, including the following steps.

Step 301, the destination server into Verification System sends Status Enquiry Packet.

Wherein, the mark of the destination service process in destination server is carried in Status Enquiry Packet.

Above-mentioned destination server can be any server in Verification System.Destination service process is to provide the target Destination service process in server in the process of service business, such as Portal certificate servers is Portal processes.

In force, can service type (the i.e. destination service class for the server for needing to monitor be set in access device Type).Specifically, the monitoring item (alternatively referred to as track) of Track modules can be configured in access device, access device is then The state of corresponding server can be monitored according to the monitoring item of configuration.For example, it is desired to which the service type of monitoring is Portal certifications Server, Portal Web servers, aaa server and Security Policy Server can then configure following 4 in access device A monitoring item：

1, Portal track 1detect web-server indicate the state of monitoring Portal Web authentication servers；

2, Portal track 2detect Portal-server indicate the state of monitoring Portal server；

3, Portal track 3detect aaa indicate the state of monitoring aaa server；

4, Portal track 4detect seczone indicate the state of monitoring security policy service.

The track items that these needs monitor can form the monitoring list of " boolean and type ", that is, if in monitoring list The states of all monitoring items be all Positive (i.e. normal), then monitoring result is Positive, indicate link it is reachable or Process is normal；If it is Negative (i.e. failure) there are the state of one or more monitoring item to monitor in list, monitor As a result it is Negative, indicates that link is unreachable or process exception.Specific deterministic process is subsequently discussed in greater detail.

For the server (for ease of description, can be described as destination server) for any service type for needing to monitor, also The mark for the destination service process for needing to monitor in the destination server can be configured in access device.For different service classes The server of type needs the destination service process monitored can be different, for example, in Portal certificate servers, needs to supervise The destination service process of survey can be Portal processes；In Portal Web servers, need the destination service process monitored can Think Web processes.In addition, the number of destination service process can be one, or multiple, the embodiment of the present application does not limit It is fixed.

Access device can be established with each destination server and be connected, and can periodically be sent to each destination server Status Enquiry Packet.Status Enquiry Packet can be that UDP (User Datagram Protocol, User Datagram Protocol) is reported Text, such as port numbers are 722 UDP messages.

Referring to table one, the message format example sent for access device provided by the embodiments of the present application.

Table one

Type	Length	Vlaue
			1 byte	2 bytes	The mark of destination service process

Wherein, Type is used to indicate the type of Status Enquiry Packet.In the embodiment of the present application, Status Enquiry Packet can wrap It includes but is not limited to following three types：

1, new escape detection connection is established, that is, instruction server starts to be monitored destination service process, such The corresponding Type values of type can be 0.The Status Enquiry Packet that type values are 0 is first detection when escaping function is opened Message.

2, refresh the escape detection connection having built up, that is, instruction server reports current operating status (such as mesh Mark the status information and the current resource utilization etc. of the server of service processes), the corresponding Type values of the type can be with It is 1.The Status Enquiry Packet that type values are 1 is to establish the probe messages sent after escape detection connection.

3, the escape detection connection having built up is deleted, that is, instruction server cancels the monitoring to destination service process, The corresponding Type values of the type can be 2.The Status Enquiry Packet that type values are 2 is sent after escaping function closing Probe messages.

Length indicates the length of Status Enquiry Packet.

Vlaue is the name of the mark of destination service process, the process for indicating to need to detect, such as destination service process Claim etc..

Under normal circumstances, process status has following several：

PROCESS STATE：describe the state of a process.

R Running or runnable(on run queue)

S Interruptible sleep(waiting for an event to complete)

X dead(should never be seen)

Z Defunct("zombie")process,terminated but not reaped by its parent.

Wherein R, S are normal condition, and X and Z is abnormality.

It should be noted that when the message is above-mentioned first two type (i.e. Type values are 0 or 1), which is shape State request message, when the message is third type (when i.e. Type values are 2), which is the notice message for cancelling monitoring.

After destination server receives Status Enquiry Packet, destination service can be obtained according to the mark of destination service process State of a process information, and send feedback message to access device.Extended meeting carries out specifically after the processing procedure of destination server It is bright.

Step 302, the feedback message that destination server is sent is received.

Wherein, it feeds back in message and carries destination service state of a process information.

In force, access device can receive destination server transmission feedback message, then to the feedback message into Row parsing, obtains destination service state of a process information in destination server.In this way, access device can get destination service Destination service running state of a process in each server of type.For monitoring multiple destination servers in portal certification system The case where state, access device can get destination service running state of a process in each server of each service type, from And generate server state table.

It is the example of server state table provided by the embodiments of the present application with reference to table two.

Table two

In above-mentioned server state table, include the server of 4 kinds of service types, i.e. Portal certificate servers, Web service Device, aaa server and Security Policy Server.Wherein, Portal certificate servers include 1 He of Portal certificate servers Portal certificate servers 2.

Step 303, judge in the status information received, if there is the state for indicating destination service process normal operation Information.

In force, there is normally only a kind of destination service processes of service type, such as target to take in destination server Business device is Portal certificate servers, and destination service process is Portal processes；Destination server is Web server, target clothes Business process is Web processes.There may be the destination service process of multiple same services types in destination server, correspondingly, Multiple destination service state of a process information can be carried in feedback message.Wherein, destination service process is for executing service trade In the main steps of business, such as Portal certificate servers, destination service process is Portal processes.Access device receives this After the feedback message that destination server is sent, multiple destination service state of a process information can be got.If got In multiple status informations, there is the status information for indicating destination service process normal operation, then illustrate that the destination server can The business is executed, access device judgement destination server does not break down, and access device executes step 309.If received In status information, there is no the status informations for indicating destination service process normal operation, then illustrate that the destination server can not The business is executed, access device judgement destination server breaks down, and then executes step 304~308.

It should be noted that being also likely to be present in a server the case where integrating a variety of authentication functions, target in practice The destination service process that may also can have multiple and different service types in server exists at this point, if in destination server One destination service process is failure, then access device judges target server failure；If each target in destination server Service processes are normal, then access device judgement destination server is normal.

Step 304, when judge destination server break down when, if according in Verification System in addition to destination server The feedback message that other servers are sent, determines all first services identical with destination server service type in Verification System Device breaks down, then when receiving the service message of user terminal transmission, executes step 305~step 308.

In force, it is previously stored with the server list of Verification System in access device, includes in the server list The mark of each server and the service type of each server in Verification System.For either objective server, access device can With the status information sent according to the destination server, judge whether the destination server breaks down.If access device is sentenced The fixed destination server breaks down, then according to pre-stored server list, judges whether to take with destination server The identical server of service type (i.e. first server).If there is first service identical with destination server service type Device, then access device judgement can get each first server from the feedback message that each first server received is sent Middle destination service state of a process information.Access device can be believed according to destination service state of a process in each first server Breath, judges whether each first server breaks down.Specific deterministic process can refer to the related description of above-mentioned steps 303, no It repeats again.

If all first servers identical with destination server service type break down, when receiving user When the service message that terminal is sent, according to the purpose IP address that service message carries, processing is forwarded to service message, with reality Current family escape.For example, referring to above-mentioned table three, destination service state of a process is X in aaa server, is indicated in aaa server Destination service process failure, then access device can be determined that aaa server failure, open user and escape mechanism, that is, above four In kind service type, if it is failure to have the corresponding monitoring result of any one service type, portal certification system event is judged Barrier opens user's escape mechanism.

Based on above-mentioned processing, for multiple servers of same service type, if there are a clothes in multiple servers Business device does not break down, then corresponding track of the service type is positive.For example, there are two in above-mentioned table three Portal certificate servers, if the destination service process status of Portal certificate servers 1 is R (i.e. normal), Portal recognizes The destination service process status for demonstrate,proving server 2 is Z (i.e. failure), then the track items of " Portal certificate servers " remain as positive。

If in all first servers identical with destination server service type, there are the first clothes not broken down Business device, then illustrate that the server of the service type does not break down.

For the server of multiple service types present in network, if event does not occur for the server of each service type Barrier, according to pre-stored certification user list, judges user terminal then when receiving the service message of user terminal transmission Whether be terminal to be certified, the certification user list include certification by user terminal mark.If certification user arranges The mark for not including the user terminal in table then judges that the user terminal is terminal to be certified, then access device passes through certification System is authenticated processing to user terminal, and specific processing procedure belongs to the prior art, repeats no more.If certification user arranges Table includes the mark of the user terminal, then the user terminal is certification terminal, then access device is taken according to service message The purpose IP address of band is forwarded processing to service message.Wherein, access device carries out user terminal by Verification System The processing procedure of certification belongs to the prior art, and the embodiment of the present application repeats no more.

As shown in figure 4, being a kind of interactive examples of access device and server provided by the embodiments of the present application, access device Status Enquiry Packet can be sent to server by Track modules, and receive the feedback message of server transmission, the feedback report Destination service state of a process information is carried in text.Track modules parse each feedback message received, generate server shape Then the server state table is sent to monitoring modular, is analyzed by monitoring modular by state table, obtain monitoring result (such as Portal certification system failure or portal certification system are normal).Track modules then can according to the monitoring result received, It is determined whether to enable user's escape mechanism, if monitoring result indicates portal certification system failure, open user's escape machine System is not turned on user's escape mechanism if monitoring result indicates that portal certification system is normal.

Optionally, when judge destination server break down when, if access device according in Verification System remove destination service The feedback message that other servers except device are sent determines that an at least first server does not break down, then by service message Any server being forwarded in an at least first server；If or, according to its in Verification System in addition to destination server The feedback message that his server is sent, determines in Verification System there is an at least server not in the server of each service type It breaks down, then the service message received is forwarded to Verification System.

In force, as described above, if access device judges that the destination server breaks down, access device can be with Further judge whether each first server identical with destination server service type breaks down.If access device determines At least a first server does not break down, then the service message is forwarded in an at least first server by access device Any server, in this way, the server of the type can be authenticated the service message processing in Verification System.

If alternatively, the feedback report that access device is sent according to other servers in Verification System in addition to destination server Text, determining in Verification System has at least that a server does not break down in the server of each service type, then illustrates certification System can normal processing business, the service message received is forwarded to Verification System by access device.

Optionally, the resource utilization that destination server is also carried in message is fed back, the above method further includes：If according to The feedback message that other servers in Verification System in addition to destination server are sent, determines and each services class in Verification System There is an at least server not break down in the server of type, then in an at least server, determines that resource utilization is minimum Server；Service message is sent to the minimum server of resource utilization.

In force, each server can obtain the current resource utilization of this equipment, then take the resource utilization Band is sent to access device in feeding back message.After access device receives the feedback message, which is solved Analysis, obtains the resource utilization of the server.

When access device need to destination server send message identifying when, if access device according in Verification System remove mesh The feedback message that other servers except server are sent is marked, is determined equal in the server of each service type in Verification System Have at least that a server does not break down, be then directed to each service type, access device can not occur in the service type In the server of failure, determines the minimum server of resource utilization, the message identifying is then sent to the resource utilization Minimum server.For example, referring to table three, the occupancy of the CPU of Portal certificate servers 1 is 10%, the occupancy of memory It is 5%, and the occupancy of the CPU of Portal certificate servers 2 is 0%, the occupancy of memory is 0%, then when certain user terminal When reaching the standard grade, the message identifying of the user terminal is sent to Portal certificate servers 2.

Step 305, when receiving the service message of user terminal transmission, according to pre-stored certification user list, Judge whether user terminal is terminal to be certified.

In force, in the state that access device opens user's escape mechanism, when access device receives user terminal When the service message of transmission, access device can obtain the mark of the user terminal of service message carrying, then can sentence In disconnected pre-stored certification user list, if there are the marks of the user terminal.Wherein, certification user list includes certification By user terminal mark.

If the mark of the user terminal is not present in certification user list, illustrate that the user terminal is end to be certified End, access device execute step 306；If there are the mark of the user terminal in certification user list, illustrate user end End is certification terminal, access device can execute step 307.

Step 306, judge in pre-stored escape domain list, if the purpose IP address carried comprising service message.

Wherein, the address being able to access that comprising terminal to be certified in escape domain list.

In force, if the mark of the user terminal is not present in certification user list, illustrate that the user terminal is Terminal to be certified, access device can further obtain the purpose IP address of service message carrying, then judge to prestore Escape domain list in, if comprising the purpose IP address that service message carries, i.e., comprising allowing to wait recognizing in the escape domain list Demonstrate,prove the address of terminal access.If the purpose IP address carried comprising the service message in the escape domain list, thens follow the steps 307；If not including the purpose IP address that the service message carries in the escape domain list, 308 are thened follow the steps.

Step 307, the purpose IP address carried according to service message, processing is forwarded to service message.

In force, if the purpose IP address carried comprising the service message in the escape domain list, illustrates to wait recognizing Card terminal is able to access that the target ip address, the purpose IP address that access device is carried according to service message, to service message into Row forward process.

Optionally, if the purpose IP address carried comprising the service message in the escape domain list, access device is also The user information of user terminal and the message characteristic of service message can be obtained；In preset escape user list, addition is used The corresponding list item of family terminal, list item include at least the message characteristic of the user information and service message of user terminal.

In force, in the state that access device opens user's escape mechanism, when access device detects that certain is to be certified When terminal access network resource, it is to be certified can also to record this other than being forwarded processing to service message for access device The user information of terminal and the message characteristic of the service message, to obtain escape user list.Wherein, user information can wrap Include username and password etc..The message characteristic of service message may include service message source IP (Internet Protocol, Internet protocol) flow information etc. that carries of address, purpose IP address, port numbers and the service message.

With reference to table three, for the example of escape user list provided by the embodiments of the present application.

Table three

User name	Password	Flow information	Source IP address	User domain
					XXX	******	722123	1.2.3.4	escape group

Wherein, the content of username and password can be sky；Flow information is the data content of service message；Source IP address For the IP address of the terminal to be certified.The information of user domain is escape group, indicates escape domain.

For example, with reference to table two, the destination service process failure in aaa server, access device opens user and escapes mechanism, When certain user terminal is reached the standard grade, it can normally pass through web server and Portal certificate servers, access device does not need later The processing such as certification, mandate, the charging for carrying out user are interacted to aaa server, but escape domain directly is added in the user Escape group, and allow the Internet resources in the user terminal access escape domain, and generate escape as shown in Table 3 User list.

It should be noted that since access device periodically sends Status Enquiry Packet to each destination server, when connecing After entering opening of device user's escape mechanism, if access device detects each destination server in portal certification system not It breaks down, then certification can be continued to each user terminal in escape user list according to above-mentioned escape user list Processing.For example, for by the user terminal of Portal certificate server certifications, can be recorded in above-mentioned escape user list The username and password can be sent to aaa server by the corresponding username and password of the user terminal, access device, so as to The user terminal is authenticated, is authorized, the processing such as charging.In this way, re-starting certification without user terminal, certification is improved Efficiency and user experience.

If the user end certification passes through, the mark of the user terminal can be added to and above-mentioned recognized by access device It demonstrate,proves in user list, and deletes the corresponding escape user list of the user terminal.If the user end certification does not pass through, connect Enter equipment and offline processing is carried out to the user terminal.In addition, be also provided with blacklist in access device, access device can be with The corresponding user name of the user terminal is added in blacklist, if mechanism not even if follow-up access device unlatching user escapes Allow the corresponding user terminal access Internet resources of the user name.

Step 308, the service message is abandoned.

Step 309, service message is forwarded to destination server.

In force, if access device judgement destination server does not break down, access device if, can be by business report Text is forwarded to destination server, and destination server then can be authenticated place according to the service message received to the user terminal Reason, authentication processing process belong to the prior art, and details are not described herein again.

The processing method of service message provided in an embodiment of the present invention at least has following technology effect compared with prior art Fruit：

1, in the prior art, the reachable state of Portal certificate servers and Portal Web servers can only be detected, If it is Portal processes or web process exceptions, can not detect；And in the embodiment of the present invention, access device is to clothes Service processes in business device are monitored, and whether service processes that can be in time in monitoring server break down, in this way, Portal processes or web processes etc. break down, and access device can open user's escape mechanism in time, to ensure user Terminal can normally access network.

2, in the prior art, only have Portal certificate servers and Portal Web servers can be in Portal systems Access device sends keep Alive Packet, and aaa server, Security Policy Server do not send keep Alive Packet to access device.Therefore, Access device can only monitor Portal certificate servers and Portal Web servers whether failure, and be to open in detection failure User escapes mechanism, be unable to monitor aaa server and Security Policy Server whether failure, can not be in aaa server or safety Strategic server fail-open user escape mechanism, causes user terminal that can not normally access network.However, if for each The different server of kind, specially develops different escape mechanism, development amount is too big, and software processing flow is cumbersome, Yong Hupei It is also inconvenient to set.

And in the present solution, access device can be monitored different types of server, and detecting a certain service The server of type all breaks down, and user's escape mechanism is opened in time, to ensure that user terminal can normally access net Network.Also, it is based on this programme, without being directed to a variety of different servers, different escape mechanism is developed, reduces development Amount, simplifies software processing flow, and user configuration is simple.

Optionally, in the embodiment of the present invention, access device can also be when detecting that Verification System is normal, by user information It is sent to the server skipped before to be authenticated, specific processing procedure includes the following steps：

Step 1: when the feedback message sent according to server in Verification System, determines and each service class in Verification System When having that at least a server does not break down in the server of type, the user information in user list of escaping is sent to first Any server not broken down in server.

The concrete processing procedure of this step is referred to above-mentioned 302~304 related description, and details are not described herein again.

Step 2: receiving the authentication response returned.

Wherein, authentication response can indicate user end certification success or authentification failure.

If Step 3: determining that user information authentication fails according to authentication response, at least one of following operation is executed：

1, it deletes the corresponding user of user information to reach the standard grade information, that is, kicks corresponding user offline；

2, blacklist is added in the corresponding user of user information；

3, when the feedback message sent according to server in Verification System, at least one service class in Verification System is determined When the Servers-all of type breaks down, the corresponding user of refusal user information reaches the standard grade, even if that is, follow-up access device is opened User's escape mechanism, does not allow the corresponding customer access network resource of the user information yet.

In the processing method of service message provided by the invention, access device can detect Portal systems by track modules The state of Servers-all in system, when the server of a certain service type all breaks down, access device can be opened in time User's escape mechanism, skips the server to break down, does not influence user and reach the standard grade.Track modules in access device are the periods Property monitoring, when all Obj States of track module monitors are all in Positive states, directly will escape domain in it is existing User information is sent to the server skipped before and is authenticated, and ensures the safety of network, also, this process normal users Unaware, better user experience.

Embodiment three

The case where for that may integrate a variety of authentication functions or a variety of service business functions in a server, the present invention are real It applies example and additionally provides processing procedure when another access device executes the processing method of above-mentioned service message, as shown in figure 5, packet Include following steps.

Step 501, the destination server into Verification System sends Status Enquiry Packet, is carried in Status Enquiry Packet The mark of destination service process in destination server.

Step 502, the feedback message that destination server is sent is received, the shape for carrying destination service process in message is fed back State information.

Step 503, according to the status information received, when judging destination service process failures, if according to certification The feedback message that other servers in addition to destination server are sent in system, determine in Verification System with destination service process The identical all first service processes of service type break down, then when receiving the service message of user terminal transmission, According to the purpose IP address that service message carries, processing is forwarded to service message.

Example IV

Based on the processing method of service message shown in fig. 5, the embodiment of the present invention additionally provides a kind of access device execution The detailed process when processing method of above-mentioned service message, as shown in fig. 6, including the following steps.

Step 601, the destination server into Verification System sends Status Enquiry Packet.

The processing procedure of the step is referred to the related description of above-mentioned steps 301, repeats no more.

Step 602, the feedback message that destination server is sent is received.

The processing procedure of the step is referred to the related description of above-mentioned steps 302, repeats no more.

Step 603, judge in the status information received, if there is the state for indicating destination service process normal operation Information.

If in the status information received, there is the status information for indicating destination service process normal operation, then judge Destination server does not break down, executes step 609.

If in the status information received, there is no the status informations for indicating destination service process normal operation, then sentence Set the goal server fail, executes step 604~608.

The processing procedure of the step is referred to the related description of above-mentioned steps 303, repeats no more.

Step 604, when judging destination service process failures, if according in Verification System in addition to destination server Other servers send feedback message, determine identical with destination service process service type all first in Verification System Service processes break down, then when receiving the service message of user terminal transmission, execute step 605~step 608.

Optionally, when judging destination service process failures, if access device according in Verification System remove target take The feedback message that other servers except business device are sent, at least first service process of determination does not break down, then by business Message is forwarded to any server at least where a first service process；If or, according to destination server is removed in Verification System Except other servers send feedback message, determining in Verification System has at least in the service processes of each service type One service processes do not break down, then the service message received are forwarded to Verification System.

Optionally, the resource utilization of destination server can also be carried by feeding back in message.If access device is according to recognizing The feedback message that other servers in card system in addition to destination server are sent, determines each service type in Verification System Service processes in have at least that a service processes do not break down, then in the server where an at least service processes, really Determine the minimum server of resource utilization, service message is then sent to the minimum server of resource utilization.

The processing procedure of the step and its optional mode is similar with the processing procedure of above-mentioned steps 304, repeats no more.

Step 605, when receiving the service message of user terminal transmission, according to pre-stored certification user list, Judge whether user terminal is terminal to be certified.

If the user terminal is terminal to be certified, 606 are thened follow the steps, if the user terminal is certification terminal, Then follow the steps 607.

The processing procedure of the step is referred to the related description of above-mentioned steps 305, repeats no more.

Step 606, judge in pre-stored escape domain list, if include the purpose IP address of service message carrying, The address being able to access that comprising terminal to be certified in escape domain list.

If the purpose IP address carried comprising service message in domain list of escaping, thens follow the steps 606, if escape domain Do not include the purpose IP address that service message carries in list, thens follow the steps 608.

The processing procedure of the step is referred to the related description of above-mentioned steps 306, repeats no more.

Step 607, the purpose IP address carried according to service message, processing is forwarded to service message.

Optionally, if the purpose IP address carried comprising the service message in the escape domain list, access device is also The user information of user terminal and the message characteristic of service message can be obtained, then in preset escape user list, is added The corresponding list item of user terminal, list item is added to include at least the message characteristic of the user information and service message of user terminal.

The processing procedure of the step and its optional mode is referred to the related description of above-mentioned steps 307, repeats no more.

Step 608, discarding traffic message.

Step 609, service message is forwarded to destination server.

Step 1: when the feedback message sent according to server in Verification System, determines and each service class in Verification System When having that at least a service processes do not break down in the service processes of type, the user information in user list of escaping is sent to Server where any first service process not broken down.

Step 2: receiving the authentication response returned.

1, the corresponding user of user information is deleted to reach the standard grade information；

2, blacklist is added in the corresponding user of user information；

3, when the feedback message sent according to server in Verification System, at least one service class in Verification System is determined When all service processes of type break down, the corresponding user of refusal user information reaches the standard grade.

Embodiment five

An embodiment of the present invention provides when the processing method that the server in a kind of Verification System executes above-mentioned service message Processing procedure, as shown in fig. 7, comprises following steps.

Step 701, receive the Status Enquiry Packet that access device is sent, carry in Status Enquiry Packet destination service into The mark of journey.

Step 702, according to the mark of destination service process, destination service state of a process information is obtained.

Step 703, feedback message is sent to access device, feeds back and carries destination service state of a process letter in message Breath.

In the embodiment of the present invention, access device can send Status Enquiry Packet to the destination server in Verification System, The mark of the destination service process in destination server is carried in Status Enquiry Packet.Destination server sends feedback message, Destination service state of a process information is carried in feedback message.Access device is according to the status information received, when judgement mesh When marking server fail, if the feedback report sent according to other servers in Verification System in addition to destination server Text determines that all first servers identical with destination server service type break down in Verification System, then work as reception To user terminal send service message when, according to service message carry purpose IP address, place is forwarded to service message Reason.In this way, access device can be monitored each server in Verification System, if the server of a certain service type It all breaks down, access device can open user's escape mechanism in time, to ensure that user terminal can normally access net Network.

Embodiment six

Based on the processing method of service message shown in Fig. 7, the embodiment of the present invention additionally provides in a kind of Verification System Server executes the detailed process when processing method of above-mentioned service message, as shown in figure 8, including the following steps.

Step 801, receive the Status Enquiry Packet that access device is sent, carry in Status Enquiry Packet destination service into The mark of journey.

In force, destination server can receive the Status Enquiry Packet of access device transmission, then can be to state Request message is parsed, and the mark for having destination service process of its carrying is obtained, to carry out subsequent processing.For example, target Server can with listening port number be 722 UDP messages parse the message after receiving the message, with obtain destination service into The mark of journey.

Step 802, according to the mark of destination service process, destination service state of a process information is obtained.

In force, destination server can record the state of a process information being currently running in real time.When target takes After business device gets the mark of destination service process, corresponding state of a process can be inquired according to the mark of destination service process Information.

It should be noted that the case where message sent for access device includes above-mentioned three types, server can be with The message is parsed, if Type values are 0 or 1, illustrate that the message is Status Enquiry Packet, step 803 is executed, if Type Value is 2, then illustrates that the message is the notice message for cancelling monitoring, server cancels the monitoring to the destination service process.

Step 803, the current resource utilization of this equipment is obtained, according to resource utilization, destination service state of a process Information, encapsulation feedback message.

In force, destination server can also obtain the current resource utilization of this equipment, then according to destination service State of a process information and current resource utilization generate feedback message.That is, target clothes can be carried in feedback message State of a process information of being engaged in and the current resource utilization of destination server.It, can be with after destination server generates feedback message Feedback message is sent to access device.

With reference to table four, for the format sample of feedback message provided by the embodiments of the present application.

Table four

TYPE	Length	Vlaue1	Vlaue2	Vlaue3
					1 byte	2 bytes	Process status	Occupy CPU	Committed memory

Wherein, Type is used to indicate the Query Information of destination service process.In the embodiment of the present application, destination service process Query Information can be that destination service process is not present or destination service process exists.In a kind of reality of the embodiment of the present application In existing mode, Type values can indicate that process is not present for 0, and Type values can indicate that process exists for 1.

Length indicates the length of feedback message.

Vlaue1 indicates that destination service running state of a process, the operating status include but not limited to 4 kinds following：

1, Running or runnable, i.e. operating status can be indicated with R；

2, Interruptible sleep, i.e. disrupted sleep state, can be indicated with S；

3, Dead, i.e. malfunction can be indicated with X；

4, Defunct process, i.e. final state can be indicated with Z.

Vlaue2 indicates the current CPU usage of the server.

Vlaue3 indicates the current memory usage of the server.

It should be noted that destination service state of a process information may include the Query Information of above-mentioned destination service process And operating status.When destination service process Query Information be destination service process be not present, alternatively, the fortune of destination service process When row state is X or Z, destination service process failure is indicated；When the Query Information of destination service process is that destination service process is deposited , and destination service running state of a process be R or S when, indicate destination service process it is normal.

Step 804, feedback message is sent to access device.Wherein, destination service process can be carried by feeding back in message Status information, the current resource utilization of destination server can also be carried.

In the embodiment of the present invention, the current resource utilization of this equipment can also be sent to access and set by destination server It is standby, so that service message is forwarded in server that be capable of normal use and that resource utilization is minimum by access device, improve Resource utilization.

Embodiment seven

The embodiment of the present invention additionally provides a kind of system interaction flow of the processing method based on above-mentioned service message, such as schemes Shown in 9, concrete processing procedure can be as follows.

Step 901, destination server of the access device into Verification System sends status request message.

Step 902, server receives the status request message that access device is sent.

Step 903, server obtains destination service state of a process information according to the mark of destination service process.

Step 904, server sends feedback message to access device.

Step 905, access device receives the feedback message that destination server is sent.

Step 906, access device is according to the status information received, when judging that destination server breaks down, if root According to the feedback message that other servers in Verification System in addition to destination server are sent, determines in Verification System and taken with target The identical all first servers of business device service type break down, then when the service message for receiving user terminal transmission When, according to the purpose IP address that service message carries, processing is forwarded to service message.

Embodiment eight

As shown in Figure 10, it is a kind of example of the processing method of service message provided in an embodiment of the present invention, this method can To be applied to access device, monitoring modular, Track modules and message processing module (MPM) are provided in the access device, it is specific to handle Process can be as follows.

Step 1001, Track modules are established with each destination server in Verification System and are connected.

Step 1002, Track modules periodically send Status Enquiry Packet to each destination server.

Wherein, the mark of the destination service process in destination server is carried in Status Enquiry Packet；

Step 1003, Track modules receive the feedback message that destination server is sent.

After Track modules receive feedback message, server state table as shown in Table 2, then, Track can will be generated The server state table is sent to monitoring modular by module, so that monitoring modular judges whether Verification System can work.Alternatively, In alternatively possible realization method, destination service state of a process information can also be sent to monitoring mould by Track modules Block is generated server state table as shown in Table 2 by monitoring modular, then judges that Verification System is according to server state table It is no to work.

Step 1004, monitoring modular is according to the status information received, judge in server state table each Track whether There are Negative states.

If there are Negative states in Track each, judge Verification System can not normal use, execute step 1005, if in Track each be not present Negative states, judge Verification System can normal use, execute step 1010。

Monitoring modular will determine that result is sent to Track modules, and Track modules receive the judgement knot of monitoring modular transmission Fruit, if the judging result indicate Verification System can not normal use, Track modules can call at the message in access device Module is managed, message processing module (MPM) starts user's escape process, to open user's escape mechanism；If it is judged that indicating certification system System can normal use, Track modules without processing.

Step 1005, when receiving the service message of user terminal transmission, message processing module (MPM) is according to pre-stored Certification user list judges whether user terminal is terminal to be certified.

If user terminal be terminal to be certified, then follow the steps 1006, if user terminal be certification by terminal, Then step 1007.Step 1006, message processing module (MPM) judges in pre-stored escape domain list, if is taken comprising service message The purpose IP address of band.

Wherein, the address being able to access that comprising terminal to be certified in escape domain list；

If the purpose IP address carried comprising service message in domain list of escaping, thens follow the steps 1007, if escape Do not include the purpose IP address that service message carries in domain list, thens follow the steps 1008.

Step 1007, the purpose IP address that message processing module (MPM) is carried according to service message, is forwarded service message Processing, and record the user information of the user terminal and the message characteristic of service message in user list of escaping.

Step 1008, message processing module (MPM) discarding traffic message.

Step 1009, it when the feedback message that monitoring modular is sent according to server in Verification System, determines Track all All restore positive states, the user information that triggering message processing module (MPM) will record in user list of escaping, before being sent to The service skipped continues Portal identifying procedures.

Step 1010, message processing module (MPM) is normally carried out Portal identifying procedures.

Embodiment nine

Based on the same technical idea, the embodiment of the present application also provides a kind of processing unit of service message, the devices Applied to access device, as shown in figure 11, which includes the first sending module 1110, the first receiving module 1120 and first turn Module 1130 is sent out, alternatively, as shown in figure 12, device includes the second sending module 1210, the second receiving module 1220 and second turn Module 1230 is sent out, wherein：

First sending module 1110 sends status request message, institute for the destination server into Verification System State the mark that the process of the destination service in the destination server is carried in status request message；

First receiving module 1120, the feedback message sent for receiving the destination server, the feedback disappear The destination service state of a process information is carried in breath；

First forwarding module 1130, for the status information that basis receives, when the judgement destination server hair When raw failure, if according to the feedback message that other servers in Verification System in addition to destination server are sent, certification is determined All first servers identical with the destination server service type break down in system, then whole when receiving user When holding the service message sent, according to the purpose IP address that the service message carries, place is forwarded to the service message Reason；

Second sending module 1210 sends Status Enquiry Packet, institute for the destination server into Verification System State the mark that the process of the destination service in the destination server is carried in Status Enquiry Packet；

Second receiving module 1220, the feedback message sent for receiving the destination server, the feedback report The destination service state of a process information is carried in text；

Second forwarding module 1230, for the status information that basis receives, when the judgement destination service process When breaking down, if according to the feedback message that other servers in Verification System in addition to destination server are sent, determination is recognized All first service processes identical with the destination service process service type break down in card system, then when receiving When the service message that user terminal is sent, according to the purpose IP address that the service message carries, the service message is carried out Forward process.

Optionally, described device further includes third forwarding module or the 4th forwarding module, wherein：

Optionally, first forwarding module 1130 judges whether the destination server occurs event in the following manner Barrier：

Optionally, the resource utilization of the destination server is also carried in the feedback message, described device is also wrapped The first determining module and third sending module are included, alternatively, described device further includes the second determining module and the 4th sending module, In：

Optionally, described device further includes the second judgment module, third judgment module, first processing module and abandons mould Block, wherein：

The first processing module, if the destination IP for being carried comprising the service message in the escape domain list Address then triggers the first forwarding module 1130 and executes the purpose IP address carried according to the service message, to the industry The step of business message is forwarded processing；

Optionally, described device further includes acquisition module and add module, wherein：

Optionally, described device further includes the 5th sending module, third receiving module and the first execution module, alternatively, institute It further includes the 6th sending module, the 4th receiving module and the second execution module to state device, wherein：

If first execution module is held for determining that the user information authentication fails according to the authentication response At least one following operation of row：Delete the corresponding user of the user information reach the standard grade information, by the corresponding use of the user information Family addition blacklist,

When the feedback message sent according to server in Verification System, at least one service type in Verification System is determined Servers-all when breaking down, refuse the corresponding user of the user information and reach the standard grade；

4th receiving module, for receiving the authentication response returned；

If second execution module is held for determining that the user information authentication fails according to the authentication response At least one following operation of row：Delete the corresponding user of the user information reach the standard grade information, by the corresponding use of the user information Family addition blacklist,

Embodiment ten

Based on the same technical idea, as shown in figure 13, the embodiment of the present application also provides a kind of processing of service message Device, the device are applied to the server in Verification System, which includes：

Receiving module 1310, the status request message for receiving access device transmission are taken in the status request message Mark with destination service process；

First acquisition module 1320 obtains the destination service process for the mark according to the destination service process Status information；

Sending module 1330 carries described for sending feedback message to the access device in the feedback message Destination service state of a process information.

Optionally, the resource utilization of the server is also carried in the feedback message, described device further includes：The Two acquisition modules, the resource utilization current for obtaining this equipment, according to the shape of the resource utilization, destination service process State information encapsulates the feedback message.

Embodiment 11

The embodiment of the present application also provides a kind of access devices, as shown in figure 14, including processor 1401, communication interface 1402, memory 1403 and communication bus 1404, wherein processor 1401, communication interface 1402, memory 1403 pass through communication Bus 1404 completes mutual communication,

Memory 1403, for storing computer program；

Processor 1401, when for executing the program stored on memory 1403, so that access device execution is above-mentioned Step in the processing method of service message.Machine readable storage medium may include RAM (Random Access Memory, Random access memory), can also include NVM (Non-Volatile Memory, nonvolatile memory), for example, at least one A magnetic disk storage.In addition, machine readable storage medium can also be at least one storage dress for being located remotely from aforementioned processor It sets.

Above-mentioned processor can be general processor, including CPU (Central Processing Unit, central processing Device), NP (Network Processor, network processing unit) etc.；Can also be DSP (Digital Signal Processing, Digital signal processor), ASIC (Application Specific Integrated Circuit, application-specific integrated circuit), FPGA (Field-Programmable Gate Array, field programmable gate array) or other programmable logic device are divided Vertical door or transistor logic, discrete hardware components.

Embodiment 12

The embodiment of the present application also provides a kind of servers, as shown in figure 15, including processor 1501, communication interface 1502, memory 1503 and communication bus 1504, wherein processor 1501, communication interface 1502, memory 1503 pass through communication Bus 1504 completes mutual communication,

Memory 1503, for storing computer program；

Processor 1501, when for executing the program stored on memory 1503, so that the server executes above-mentioned industry The step being engaged in the processing method of message.

Machine readable storage medium may include RAM (Random Access Memory, random access memory), also may be used To include NVM (Non-Volatile Memory, nonvolatile memory), for example, at least a magnetic disk storage.In addition, machine Device readable storage medium storing program for executing can also be at least one storage device for being located remotely from aforementioned processor.

In conclusion in the embodiment of the present invention, access device can send state to the destination server in Verification System Request message carries the mark of the destination service process in destination server in Status Enquiry Packet.Access device receives mesh The feedback message that server is sent is marked, feeds back in message and carries destination service state of a process information.Access device is according to connecing The status information received, when judge destination server break down when, if according in Verification System in addition to destination server The feedback message that other servers are sent, determines all first services identical with destination server service type in Verification System Device breaks down, then when receive user terminal transmission service message when, according to service message carry purpose IP address, Processing is forwarded to service message.In this way, access device can be monitored each server in Verification System, if The server of a certain service type all breaks down, and access device can open user's escape mechanism in time, to ensure to use Family terminal can normally access network.

It should be noted that herein, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.

Each embodiment in this specification is all made of relevant mode and describes, identical similar portion between each embodiment Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality For applying example, since it is substantially similar to the method embodiment, so description is fairly simple, related place is referring to embodiment of the method Part explanation.

The foregoing is merely the preferred embodiments of the application, are not intended to limit the protection domain of the application.It is all Any modification, equivalent replacement, improvement and so within spirit herein and principle are all contained in the protection domain of the application It is interior.

Claims

1. a kind of processing method of service message, which is characterized in that the method is applied to access device, the method includes：

Destination server into Verification System sends Status Enquiry Packet, and the target is carried in the Status Enquiry Packet The mark of destination service process in server；

The feedback message that the destination server is sent is received, the shape of the destination service process is carried in the feedback message State information；

According to the status information received, when judging that the destination server breaks down, if according to mesh is removed in Verification System Mark server except other servers send feedback message, determine in Verification System with the destination server service type Identical all first servers break down, then when receiving the service message of user terminal transmission, according to the industry The purpose IP address that business message carries, processing is forwarded to the service message.

2. according to the method described in claim 1, it is characterized in that, when judging that the destination server breaks down, also wrap It includes：

If according to the feedback message that other servers in Verification System in addition to destination server are sent, at least one first is determined Server does not break down, then any server being forwarded to the service message in an at least first server；

Or,

If according to the feedback message that other servers in Verification System in addition to destination server are sent, determine in Verification System Have at least that a server does not break down in the server of each service type, then the service message received is forwarded to institute State Verification System.

3. according to the method described in claim 1, it is characterized in that, according to the status information received, sentence in the following manner Whether the destination server that breaks breaks down：

If in the status information received, there is the status information for indicating the destination service process normal operation, then judge The destination server does not break down；

If in the status information received, there is no the status informations for indicating the destination service process normal operation, then sentence The fixed destination server breaks down.

4. according to the method described in claim 1, it is characterized in that, also carrying the destination server in the feedback message Resource utilization, the method further includes：

If according to the feedback message that other servers in Verification System in addition to destination server are sent, determine in Verification System Have at least that a server does not break down in the server of each service type, then in an at least server, determines The minimum server of resource utilization；

The service message is sent to the minimum server of the resource utilization.

5. according to the method described in claim 1, it is characterized in that, the method further includes：

When receiving the service message of user terminal transmission, according to pre-stored certification user list, the user is judged Whether terminal is terminal to be certified；

If the user terminal is terminal to be certified, judge in pre-stored escape domain list, if include the industry It is engaged in the purpose IP address that message carries, the address being able to access that comprising terminal to be certified in the escape domain list；

If the purpose IP address carried comprising the service message in the escape domain list, executes described according to the industry It is engaged in the purpose IP address that message carries, the step of processing is forwarded to the service message；

If not including the purpose IP address that the service message carries in the escape domain list, the business report is abandoned Text.

6. according to any methods of claim 1-5, which is characterized in that the method further includes：

In preset escape user list, the corresponding list item of the user terminal is added, it is whole that the list item includes at least user The message characteristic of the user information at end and the service message.

7. according to the method described in claim 6, it is characterized in that, the method further includes：

When the feedback message sent according to server in Verification System, determine in Verification System in the server of each service type When having that at least a server does not break down, the user information in the escape user list is sent to the first service Any server not broken down in device；

Receive the authentication response returned；

If determining that the user information authentication fails according to the authentication response, at least one of following operation is executed：

Delete the corresponding user of the user information reach the standard grade information,

By the corresponding user of the user information be added blacklist,

When the feedback message sent according to server in Verification System, the institute of at least one service type in Verification System is determined When thering is server to break down, refuses the corresponding user of the user information and reach the standard grade.

8. a kind of processing method of service message, which is characterized in that the method is applied to access device, the method includes：

According to the status information received, when judging the destination service process failures, if being removed according in Verification System The feedback message that other servers except destination server are sent, determine in Verification System with the destination service process service The identical all first service processes of type break down, then when receiving the service message of user terminal transmission, according to The purpose IP address that the service message carries, processing is forwarded to the service message.

9. according to the method described in claim 8, it is characterized in that, when judging the destination service process failures, go back Including：

If according to the feedback message that other servers in Verification System in addition to destination server are sent, at least one first is determined Service processes do not break down, then any service being forwarded to the service message where an at least first service process Device；

Or,

If according to the feedback message that other servers in Verification System in addition to destination server are sent, determine in Verification System Have at least that a service processes do not break down in the service processes of each service type, then forwards the service message received To the Verification System.

10. according to the method described in claim 8, it is characterized in that, also carrying the destination service in the feedback message The resource utilization of device, the method further include：

If according to the feedback message that other servers in Verification System in addition to destination server are sent, determine in Verification System Have at least that a service processes do not break down in the service processes of each service type, then in an at least service processes institute Server in, determine the minimum server of resource utilization；

The service message is sent to the minimum server of the resource utilization.

11. according to any methods of claim 8-10, which is characterized in that the method further includes：

12. according to the method for claim 11, which is characterized in that the method further includes：

When the feedback message sent according to server in Verification System, the service processes of each service type in Verification System are determined In when having that at least a service processes do not break down, the user information in the escape user list is sent to do not occur therefore Server where any first service process of barrier；

Receive the authentication response returned；

By the corresponding user of the user information be added blacklist,

When the feedback message sent according to server in Verification System, the institute of at least one service type in Verification System is determined When there are service processes to break down, refuses the corresponding user of the user information and reach the standard grade.

13. a kind of processing method of service message, which is characterized in that the method is applied to the server in Verification System, institute The method of stating includes：

The Status Enquiry Packet that access device is sent is received, the mark of destination service process is carried in the Status Enquiry Packet Know；

Feedback message is sent to the access device, the destination service state of a process letter is carried in the feedback message Breath.

14. according to the method for claim 13, which is characterized in that it is described to send feedback message to the access device, it Before further include：

The current resource utilization of this equipment is obtained, according to the resource utilization, destination service state of a process information, encapsulation The feedback message.

15. a kind of processing unit of service message, which is characterized in that described device is applied to access device, and described device includes First sending module, the first receiving module and the first forwarding module, alternatively, described device connects including the second sending module, second Module and the second forwarding module are received, wherein：

First sending module sends status request message for the destination server into Verification System, and the state is asked Seek the mark that the process of the destination service in the destination server is carried in message；

First receiving module, the feedback message sent for receiving the destination server carry in the feedback message There is the destination service state of a process information；

First forwarding module, for the status information that basis receives, when judging that the destination server breaks down, If according to the feedback message that other servers in addition to destination server in Verification System are sent, determine in Verification System with institute It states the identical all first servers of destination server service type to break down, then when the industry for receiving user terminal transmission When business message, according to the purpose IP address that the service message carries, processing is forwarded to the service message；

Second sending module sends Status Enquiry Packet for the destination server into Verification System, and the state is asked Seek the mark that the process of the destination service in the destination server is carried in message；

Second receiving module, the feedback message sent for receiving the destination server carry in the feedback message There is the destination service state of a process information；

Second forwarding module, for the status information that basis receives, when the judgement destination service process failures When, if according to the feedback message that other servers in Verification System in addition to destination server are sent, determine in Verification System All first service processes identical with the destination service process service type break down, then when receiving user terminal When the service message of transmission, according to the purpose IP address that the service message carries, processing is forwarded to the service message.