CN109547162B - Data communication method based on two sets of one-way boundaries - Google Patents

Data communication method based on two sets of one-way boundaries Download PDF

Info

Publication number
CN109547162B
CN109547162B CN201811487436.2A CN201811487436A CN109547162B CN 109547162 B CN109547162 B CN 109547162B CN 201811487436 A CN201811487436 A CN 201811487436A CN 109547162 B CN109547162 B CN 109547162B
Authority
CN
China
Prior art keywords
data
packet
instruction
message
confirmation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811487436.2A
Other languages
Chinese (zh)
Other versions
CN109547162A (en
Inventor
刘波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pcd Beijing Digital Technology Co ltd
Original Assignee
Pcd Beijing Digital Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pcd Beijing Digital Technology Co ltd filed Critical Pcd Beijing Digital Technology Co ltd
Priority to CN201811487436.2A priority Critical patent/CN109547162B/en
Publication of CN109547162A publication Critical patent/CN109547162A/en
Application granted granted Critical
Publication of CN109547162B publication Critical patent/CN109547162B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/0001Systems modifying transmission characteristics according to link quality, e.g. power backoff
    • H04L1/0006Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the transmission format
    • H04L1/0007Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the transmission format by modifying the frame length
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/18Automatic repetition systems, e.g. Van Duuren systems
    • H04L1/1822Automatic repetition systems, e.g. Van Duuren systems involving configuration of automatic repeat request [ARQ] with parallel processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

The invention relates to a communication method which solves the problems of low efficiency and high expansion cost caused by disk IO. The method comprises the following steps: on the basis of not changing the original network security level, UDP is used as a data transmission mode to realize real-time instruction query and data security transmission; in two sets of physically isolated network environments, a bidirectional UDP protocol is used for forming a communication link from and to, and data transmission confirmation, data combination and data processing are realized according to the message type, the message number and the message length; the two ends of the boundary are respectively provided with a set of sending service and a set of receiving service, the received data are directly written into a memory, the multithreading processing technology is utilized to carry out encapsulation, instruction analysis and instruction execution on the data, a confirmation data packet is sent immediately after the data are received, and a message retransmission mechanism is started for the data without the returned confirmation packet to prevent the data from being lost.

Description

Data communication method based on two sets of one-way boundaries
Technical Field
The invention relates to a communication method, in particular to a data communication method based on two sets of one-way boundaries.
Background
In the current public security industry, two common data interaction methods based on two sets of unidirectional boundaries exist in two networks which are completely physically isolated: the first method is to transmit data through an FTP file: the requested data is put in the FTP of one network segment and is synchronized to the FTP of the other network segment from the boundary, so that the data transmission is realized, but the efficiency and concurrency are not ensured, and the transmission state of the data cannot be known. The second method, like the first, replaces FTP with DB, which, although somewhat advantageous in data query and categorization, is less efficient than the first and more costly to maintain DB.
Specifically, the prior art has the following defects 1: in a traditional boundary synchronization mode, whether FTP or DB is adopted, the phenomena of multiple landing and continuous polling of data exist, the IO reading and writing of a disk are frequent, the cost for maintaining an FTP cluster and a database is high, and the interaction efficiency is improved by increasing more hardware resources. Defect 2: due to the polling mode, the data interaction delay is serious, the data state cannot be acquired in time, and the influence on the service scene with high real-time requirement is very large.
The characteristics of the public security service determine that high requirements are placed on real-time performance and concurrency efficiency of data transmission, in order to solve the problem that real-time instruction query, real-time comparison and data packet loss cannot be achieved by crossing boundary data, the problem is solved by considering a boundary UDP protocol, the packet loss problem of the UDP is solved by using a confirmation mechanism, the problems of data storage and interaction speed are solved by using a memory, two unidirectional UDP accesses are converted into HTTP requests, the data receiving and processing processes are completed in the memory, and the speed and the timeliness of the data transmission are well solved due to the fact that no file falls to the ground.
Disclosure of Invention
The invention provides a data communication method based on two sets of one-way boundaries, aiming at providing an efficient and high-concurrency data interaction mode based on UDP (user datagram protocol), solving the problems of low efficiency and high expansion cost caused by disk IO (input/output), solving the resource consumption caused by polling and realizing the purposes of high concurrency, high efficiency and easy expansion by using the least resources and maintenance cost.
In order to achieve the purpose, the invention adopts the following technical scheme that: on the basis of not changing the original network security level, UDP is used as a data transmission mode to realize real-time instruction query and data security transmission; in two sets of physically isolated network environments, a two-way UDP protocol is used for forming a communication link between a user and a mobile terminal, and data transmission confirmation, data combination and data processing are realized according to the message type, the message number and the message length.
The two ends of the boundary are respectively provided with a set of sending service and a set of receiving service, the received data are directly written into a memory, the multithreading processing technology is utilized to carry out encapsulation, instruction analysis and instruction execution on the data, a confirmation data packet is sent immediately after the data are received, and a message retransmission mechanism is started for the data without the returned confirmation packet to prevent the data from being lost.
As a preferable embodiment of the present invention, the method comprises the following steps.
Step one, defining a packet header and a packet body of a data packet, wherein the packet header comprises a data packet type, a packet body length, a data packet ID and a data packet sequence number.
And step two, receiving the data instruction by using the HTTP gateway, and delivering the data instruction to an instruction generating end to split the data packet.
And step three, judging the length of the data instruction when the data packet is unpacked, and unpacking the data according to the standard of the step one when the length of the instruction exceeds the length of the specified single data packet.
And step four, directly storing the data packets split in the step three in a message queue, constructing a thread pool to consume and send the data in the message queue through UDP, and sending the data to an instruction execution end.
And step five, the instruction execution end starts the data receiving module and the multi-thread data processing module, and after receiving the data, the messages are classified and stored in the memory by using the multi-thread mechanism.
And step six, generating the acknowledgement packet defined in the step one while receiving the data, and sending out the acknowledgement packet by using a UDP protocol.
Step seven, after the data sending module sends the data, if the corresponding confirmation packet is not received within the specified time, starting a data retransmission mechanism until the retry times are reached; and entering a result receiving waiting state after receiving the confirmation packet.
Step eight: when the received data is an end packet, taking out the serial number of the end packet, starting to detect the integrity of the message at regular time to form a complete processing instruction, and calling a message processing module to process the message; incomplete messages are discarded after the message is overtime, and the gateway prompts the user to operate overtime.
Step nine: after the instruction is executed, the instruction result is sent back to the instruction generating end through UDP; refer to the procedure of step three and step four specifically.
Step ten: and the instruction generating end transmits the instruction result to the HTTP gateway for result display, and completes the processing of the HTTP instruction by using UDP.
As another preferred solution of the present invention, the types of the data packets are: an end packet, a normal data packet, and an acknowledgement packet.
Compared with the prior art, the invention has the beneficial effects.
The invention utilizes UDP communication in two sets of boundaries in two physically isolated networks, and has the following advantages.
1. The problem that the HTTP can be used only under the condition of TCP communication is solved, and the complexity of project development is reduced.
2. The problem of data real-time interaction which cannot be realized by the traditional boundary technology is solved.
3. And the bottleneck of disk IO is broken through by using memory calculation, and high concurrency is realized.
4. The method has low requirements on server configuration and can run in a virtualization environment.
Drawings
The invention is further described with reference to the following figures and detailed description. The scope of the invention is not limited to the following expressions.
FIG. 1 is a block diagram of the system of the present invention.
Detailed Description
The data communication method based on two sets of unidirectional boundaries provided by the invention realizes real-time instruction query and data safe transmission by using UDP as a data transmission mode on the basis of not changing the original network safety level, forms a communication link in two sets of physically isolated network environments by using a bidirectional UDP protocol, and realizes data transmission confirmation, data combination and data processing according to message types, message numbers and message lengths.
The two ends of the boundary are respectively provided with a set of sending service and a set of receiving service, the received data are directly written into a memory, the multithreading processing technology is utilized to carry out encapsulation, instruction analysis and instruction execution on the data, a confirmation data packet is sent immediately after the data are received, and a message retransmission mechanism is started for the data without the returned confirmation packet to prevent the data from being lost.
Specifically, as shown in fig. 1, it is a structural diagram of the present invention. The left end and the right end of the boundary are two physically isolated networks, the data interaction middleware is realized by the product of the invention, and a service caller can call a service cluster in the other network by calling the data interaction middleware.
The message is written into the memory computing unit after being transmitted, the scheduling of the thread is realized through a message mechanism, the unpacking and the packing of the data are realized by utilizing the data interaction center, the service gateway on the left side provides an HTTP protocol for a service caller, and the instruction processing unit on the right side performs instruction execution work.
Specifically, the data communication method based on two sets of unidirectional boundaries comprises the following steps.
Step one, defining a packet header and a packet body of a data packet, wherein the packet header comprises a data packet type, a packet body length, a data packet ID and a data packet sequence number.
And step two, receiving the data instruction by using the HTTP gateway, and delivering the data instruction to an instruction generating end to split the data packet.
And step three, judging the length of the data instruction when the data packet is unpacked, and unpacking the data according to the standard of the step one when the length of the instruction exceeds the length of the specified single data packet.
And step four, directly storing the data packets split in the step three in a message queue, constructing a thread pool to consume and send the data in the message queue through UDP, and sending the data to an instruction execution end.
And step five, the instruction execution end starts the data receiving module and the multi-thread data processing module, and after receiving the data, the messages are classified and stored in the memory by using the multi-thread mechanism.
And step six, generating the acknowledgement packet defined in the step one while receiving the data, and sending out the acknowledgement packet by using a UDP protocol.
Step seven, after the data sending module sends the data, if the corresponding confirmation packet is not received within the specified time, starting a data retransmission mechanism until the retry times are reached; and entering a result receiving waiting state after receiving the confirmation packet.
Step eight: when the received data is an end packet, taking out the serial number of the end packet, starting to detect the integrity of the message at regular time to form a complete processing instruction, and calling a message processing module to process the message; incomplete messages are discarded after the message is overtime, and the gateway prompts the user to operate overtime.
Step nine: after the instruction is executed, the instruction result is sent back to the instruction generating end through UDP; refer to the procedure of step three and step four specifically.
Step ten: and the instruction generating end transmits the instruction result to the HTTP gateway for result display, and completes the processing of the HTTP instruction by using UDP.
Preferably, the types of the data packets are: an end packet, a normal data packet, and an acknowledgement packet.
A specific embodiment is provided for a data communication method based on two sets of unidirectional UDP boundaries.
Preparation work: two physically isolated networks A and B are prepared, A, B are provided with two unidirectional boundaries A and B, each of the A and B networks deploys a SERVER SERVER1 and a SERVER SERVER2, the service of the invention is deployed in the two SERVERs, and the A network segment prepares a user machine for instruction query.
Take the example where a user sends an HTTP service to SERVER 1.
1) An HTTP request is sent to SERVER1 using the user machine.
2) SERVER1 parses the HTTP request to encapsulate and unpack.
3) The SERVER1 sends the well-made data packet to the SERVER2 through the boundary A.
4) After receiving the data packet, the SERVER2 sends an acknowledgement packet to the SERVER1 through the boundary b.
5) After receiving the acknowledgement packet, SERVER1 knows that the transmission is successful and starts to wait for the return of the query result.
6) The SERVER2 starts to analyze and merge data packets after sending the confirmation packet, and restores the data packets to the execution instruction.
7) SERVER2 sends the results after the instruction is executed to SERVER1 through boundary B.
8) Upon receipt of the data, SERVER1 sends an acknowledgement packet to SERVER2 over boundary a.
9) The SERVER2 releases the resources after receiving the acknowledgement packet.
10) The SERVER1 sorts and combines the received data packets and returns the data packets to the user machine, and the SERVER1 releases the operation resources.
11) The user machine implements the instruction query through HTTP.
The present invention has the following features.
1. The UDP protocol is used for realizing rapid data sending and receiving, the memory is used for data processing, and the performance bottleneck caused by writing files into a disk is avoided.
2. Because the UDP has the possibility of packet loss, the data can safely arrive by using an information confirmation mechanism and a message retransmission mechanism.
3. The data transmission process supports the use of ciphertext transmission, and the data security is ensured.
4. The deployment is convenient, the requirement of a single point on the server is low, and the expansion is easy.
It should be understood that the detailed description of the present invention is only for illustrating the present invention and is not limited by the technical solutions described in the embodiments of the present invention, and those skilled in the art should understand that the present invention can be modified or substituted equally to achieve the same technical effects; as long as the use requirements are met, the method is within the protection scope of the invention.

Claims (2)

1. The data communication method based on two sets of one-way boundaries is characterized by comprising the steps of realizing real-time instruction query and data safe transmission by using UDP as a data transmission mode on the basis of not changing the original network safety level; in two sets of physically isolated network environments, a bidirectional UDP protocol is used for forming a communication link from and to, and data transmission confirmation, data combination and data processing are realized according to the message type, the message number and the message length;
the two ends of the boundary are respectively provided with a set of sending service and receiving service, the received data is directly written into the memory, the multithreading processing technology is utilized to carry out encapsulation, instruction analysis and instruction execution on the data, a confirmation data packet is sent immediately after the data is received, and a message retransmission mechanism is started for the data without the returned confirmation packet to prevent the data from being lost;
the method comprises the following steps:
step one, defining a packet header and a packet body of a data packet, wherein the packet header comprises a data packet type, a packet body length, a data packet ID and a data packet sequence number;
step two, receiving a data instruction by using an HTTP gateway, and delivering the data instruction to an instruction generating end to split a data packet;
step three, judging the length of a data instruction when the data packet is unpacked, and unpacking the data according to the standard of the step one when the length of the instruction exceeds the length of a specified single data packet;
step four, directly storing the data packet split in the step three in a message queue, constructing a thread pool to consume and send UDP (user datagram protocol) data in the message queue, and sending the data to an instruction execution end;
step five, the instruction execution end starts the data receiving module and the multi-thread data processing module, and after receiving the data, messages are classified and stored in the memory by using a multi-thread mechanism;
step six, generating a confirmation packet defined in the step one while receiving the data, and sending out the confirmation packet by using a UDP protocol;
step seven, after the data sending module sends the data, if the corresponding confirmation packet is not received within the specified time, starting a data retransmission mechanism until the retry times are reached; if the acknowledgement packet is received, entering a result waiting receiving state;
step eight: when the received data is an end packet, taking out the serial number of the end packet, starting to detect the integrity of the message at regular time to form a complete processing instruction, and calling a message processing module to process the message; the incomplete message is discarded after the message is overtime, and the gateway prompts the user to operate overtime;
step nine: after the instruction is executed, the instruction result is sent back to the instruction generating end through UDP;
step ten: and the instruction generating end transmits the instruction result to the HTTP gateway for result display, and completes the processing of the HTTP instruction by using UDP.
2. The data communication method based on two sets of unidirectional boundaries of claim 1, wherein: the type of the data packet of the first step is divided into: an end packet, a normal data packet, and an acknowledgement packet.
CN201811487436.2A 2018-12-06 2018-12-06 Data communication method based on two sets of one-way boundaries Active CN109547162B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811487436.2A CN109547162B (en) 2018-12-06 2018-12-06 Data communication method based on two sets of one-way boundaries

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811487436.2A CN109547162B (en) 2018-12-06 2018-12-06 Data communication method based on two sets of one-way boundaries

Publications (2)

Publication Number Publication Date
CN109547162A CN109547162A (en) 2019-03-29
CN109547162B true CN109547162B (en) 2021-06-29

Family

ID=65852985

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811487436.2A Active CN109547162B (en) 2018-12-06 2018-12-06 Data communication method based on two sets of one-way boundaries

Country Status (1)

Country Link
CN (1) CN109547162B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112436998B (en) * 2020-11-12 2023-05-02 北京天融信网络安全技术有限公司 Data transmission method and electronic equipment
CN112637129A (en) * 2020-11-30 2021-04-09 招商华软信息有限公司 Multi-node communication method, electronic device, storage medium and system in network isolation environment
CN114598700B (en) * 2022-01-25 2024-03-29 阿里巴巴(中国)有限公司 Communication method and communication system
CN114528319A (en) * 2022-02-22 2022-05-24 厦门四信通信科技有限公司 Method, device and equipment for acquiring data of multiple PLCs (programmable logic controllers) and readable storage medium
CN114979233A (en) * 2022-07-19 2022-08-30 深圳市亿联无限科技有限公司 Method and system for realizing synchronous and asynchronous call between modules based on domain socket

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102035843A (en) * 2010-12-17 2011-04-27 北京锐安科技有限公司 System and method for transmitting data in one direction
CN108462679A (en) * 2017-02-21 2018-08-28 杭州海康威视数字技术股份有限公司 Data transmission method and device
CN108881158A (en) * 2018-05-04 2018-11-23 北京明朝万达科技股份有限公司 Data interaction system and method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7665118B2 (en) * 2002-09-23 2010-02-16 Credant Technologies, Inc. Server, computer memory, and method to support security policy maintenance and distribution
CN102088393B (en) * 2009-12-02 2013-07-03 南京南瑞继保电气有限公司 Method for transmitting positive and negative data across safety zone

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102035843A (en) * 2010-12-17 2011-04-27 北京锐安科技有限公司 System and method for transmitting data in one direction
CN108462679A (en) * 2017-02-21 2018-08-28 杭州海康威视数字技术股份有限公司 Data transmission method and device
CN108881158A (en) * 2018-05-04 2018-11-23 北京明朝万达科技股份有限公司 Data interaction system and method

Also Published As

Publication number Publication date
CN109547162A (en) 2019-03-29

Similar Documents

Publication Publication Date Title
CN109547162B (en) Data communication method based on two sets of one-way boundaries
CN108270732B (en) A kind of Streaming Media processing method and system
CN106034084B (en) Data transmission method and device
CN111580995B (en) Synchronous communication method and system of distributed cloud platform and Internet of things intelligent terminal based on MQTT asynchronous communication scene
WO2017067391A1 (en) Data sharing method and device for virtual machines
CN108494817A (en) Data transmission method, relevant apparatus and system
CN102546612B (en) Remote procedure call implementation method based on remote direct memory access (RDMA) protocol in user mode
WO2014180407A1 (en) Pushing method and device therefor
US10609125B2 (en) Method and system for transmitting communication data
CN112631788B (en) Data transmission method and data transmission server
WO2022032984A1 (en) Mqtt protocol simulation method and simulation device
CN112261142B (en) RDMA network data retransmission method, device and FPGA
CN112910909B (en) Data packet processing method based on conversion of CoAP protocol and HTTP protocol
CN111522663B (en) Data transmission method, device and system based on distributed storage system
CN114095901A (en) Communication data processing method and device
CN108234595B (en) Log transmission method and system
WO2019015487A1 (en) Data retransmission method, rlc entity and mac entity
CN109656705A (en) A kind of method and apparatus of data processing
Yang et al. Research and Design of a Real-Time Interactive Application Development Model Based on the android Platform
CN111198840B (en) GOOSE and MMS common network communication method and system suitable for dual-core system
WO2016176942A1 (en) Link multiplexing method and system based on load balancer
CN110380991A (en) A kind of IOCP mechanism and the Internet of Things Network Communication acceleration system based on eFPGA and IOCP
CN113411266B (en) Cloud data transmission method and system based on isolation device, terminal and storage medium
CN114390014B (en) Service processing method and system for improving communication concurrency in high-speed network environment
CN114650279B (en) Instance processing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant