CN110611607A - Tunnel connection method, control device, storage medium and apparatus - Google Patents

Tunnel connection method, control device, storage medium and apparatus Download PDF

Info

Publication number
CN110611607A
CN110611607A CN201910951780.0A CN201910951780A CN110611607A CN 110611607 A CN110611607 A CN 110611607A CN 201910951780 A CN201910951780 A CN 201910951780A CN 110611607 A CN110611607 A CN 110611607A
Authority
CN
China
Prior art keywords
branch
headquarter
configuration
vpn
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910951780.0A
Other languages
Chinese (zh)
Other versions
CN110611607B (en
Inventor
乔敬翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201910951780.0A priority Critical patent/CN110611607B/en
Publication of CN110611607A publication Critical patent/CN110611607A/en
Application granted granted Critical
Publication of CN110611607B publication Critical patent/CN110611607B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery

Abstract

The invention relates to the technical field of software defined networks and discloses a tunnel connection method, control equipment, a storage medium and a device. Selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network; generating a headquarter VPN configuration corresponding to a first headquarter device and a branch VPN configuration corresponding to a first branch device; and issuing the headquarter VPN configuration to a first headquarter device, and issuing the branch VPN configuration to a first branch device. Obviously, the invention adopts an automatic mode to generate the headquarter VPN configuration and the branch VPN configuration, and automatically establishes the VPN connection between forwarding devices, thereby greatly improving the VPN configuration efficiency and solving the technical problem of low deployment efficiency when the VPN connection is deployed in the SD-WAN.

Description

Tunnel connection method, control device, storage medium and apparatus
Technical Field
The present invention relates to the field of software defined networking technologies, and in particular, to a tunnel connection method, a control device, a storage medium, and an apparatus.
Background
With the increasing popularity of Software-Defined networking (SDN) as a new Network architecture, SDN can also be applied to a Wide Area Network scenario to form a special service, which can be referred to as a Wide-Area Software-Defined networking (SD-WAN).
In the case of the SD-WAN, the SD-WAN is suitable for connecting enterprise networks, data centers, internet applications, and cloud services over a wide geographical range. A configuration function of a Virtual Private Network (VPN) is a core function of an SD-WAN, but the configuration function of the VPN mostly requires a user to establish individual VPN connections one by one through a click operation, and the deployment efficiency is low. Especially, when the number of devices is large and the network topology is complex, the deployment efficiency is low.
It can be seen that there is a technical problem of low deployment efficiency when deploying VPN connections in SD-WAN.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a tunnel connection method, control equipment, a storage medium and a device, and aims to solve the technical problem of low deployment efficiency when VPN connection is deployed in SD-WAN.
In order to achieve the above object, the present invention provides a tunnel connection method, including the steps of:
selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network;
generating a headquarters virtual private network, VPN, configuration corresponding to the first headquarters device and a branch VPN configuration corresponding to the first branch device;
and issuing the headquarter VPN configuration to the first headquarter device, and issuing the branch VPN configuration to the first branch device.
Preferably, after the issuing the headquarter VPN configuration to the first headquarter device and the issuing the branch VPN configuration to the first branch device, the tunnel connection method further includes:
acquiring a first topological configuration corresponding to the first total device and a second topological configuration corresponding to the first branch device;
and displaying the first topological configuration and the second topological configuration in a preset topological display interface.
Preferably, after the issuing the headquarter VPN configuration to the first headquarter device and the issuing the branch VPN configuration to the first branch device, the tunnel connection method further includes:
detecting a VPN connection state between the first bus device and the first branch device;
the displaying the first topology configuration and the second topology configuration in a preset topology display interface specifically includes:
and displaying the first topology configuration, the second topology configuration and the VPN connection state in a preset topology display interface.
Preferably, after the issuing the headquarter VPN configuration to the first headquarter device and the issuing the branch VPN configuration to the first branch device, the tunnel connection method further includes:
selecting a second branch device and a third branch device, and recording intermediate devices respectively connected to the second branch device and the third branch device as second headquarter devices;
generating a first inter-tunnel routing configuration corresponding to the second branch device and a second inter-tunnel routing configuration corresponding to the third branch device based on the second headquarters device;
and issuing the first inter-tunnel routing configuration to the second branch device, and issuing the second inter-tunnel routing configuration to the third branch device, so that the second branch device and the third branch device perform mutual access through the second headquarter device.
Preferably, the selecting a second branch device and a third branch device, and marking an intermediate device respectively connected to the second branch device and the third branch device as a second headquarters device specifically include:
selecting a second branch device and a third branch device;
determining a first headquarter device to be selected and a second headquarter device to be selected which are connected with the second branch device, and inquiring a first priority corresponding to the first headquarter device to be selected and a second priority corresponding to the second headquarter device to be selected;
and if the first priority is higher than the second priority, taking the first to-be-selected headquarters equipment as second headquarters equipment respectively connected to the second branch equipment and the third branch equipment.
Preferably, after the issuing the headquarter VPN configuration to the first headquarter device and the issuing the branch VPN configuration to the first branch device, the tunnel connection method further includes:
selecting a fourth branch device and a third headquarter device, and determining transfer routing devices respectively connected to the fourth branch device and the third headquarter device;
generating a third inter-tunnel routing configuration corresponding to the fourth branch device and a fourth inter-tunnel routing configuration corresponding to the third headquarters device based on the transit routing device;
and sending the routing configuration between the third tunnels to the fourth branch equipment, and sending the routing configuration between the fourth tunnels to the third headquarter equipment, so that the fourth branch equipment and the third headquarter equipment can mutually visit through the transfer routing equipment.
Preferably, after the issuing the headquarter VPN configuration to the first headquarter device and the issuing the branch VPN configuration to the first branch device, the tunnel connection method further includes:
if a networking request is monitored, determining to-be-networked branch equipment corresponding to the networking request and fourth headquarter equipment connected with the to-be-networked branch equipment, wherein the to-be-networked branch equipment is not configured with a networking port;
generating a fifth inter-tunnel routing configuration corresponding to the branch equipment to be networked and a sixth inter-tunnel routing configuration corresponding to the fourth headquarter equipment;
and issuing the routing configuration among the fifth tunnels to the branch equipment to be networked, and issuing the routing configuration among the sixth tunnels to the fourth headquarter equipment, so that the branch equipment to be networked is networked through the fourth headquarter equipment.
Furthermore, to achieve the above object, the present invention also proposes a control device comprising a memory, a processor and a tunneling program stored on the memory and executable on the processor, the tunneling program being configured to implement the steps of the tunneling method as described above.
Furthermore, to achieve the above object, the present invention further proposes a storage medium having stored thereon a tunnel connection program, which when executed by a processor, implements the steps of the tunnel connection method as described above.
In addition, to achieve the above object, the present invention also provides a tunnel connection device, including:
the device selection module is used for selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network;
a configuration generation module configured to generate a headquarter virtual private network VPN configuration corresponding to the first headquarter device and a branch VPN configuration corresponding to the first branch device;
and the configuration issuing module is used for issuing the headquarter VPN configuration to the first headquarter equipment and issuing the branch VPN configuration to the first branch equipment.
Selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network; generating a headquarter VPN configuration corresponding to a first headquarter device and a branch VPN configuration corresponding to a first branch device; and issuing the headquarter VPN configuration to a first headquarter device, and issuing the branch VPN configuration to a first branch device. Obviously, the invention adopts an automatic mode to generate the headquarter VPN configuration and the branch VPN configuration, and automatically establishes the VPN connection between forwarding devices, thereby greatly improving the VPN configuration efficiency and solving the technical problem of low deployment efficiency when the VPN connection is deployed in the SD-WAN.
Drawings
FIG. 1 is a schematic diagram of a control device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a tunnel connection method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating a tunnel connection method according to a second embodiment of the present invention;
FIG. 4 is a flowchart illustrating a tunnel connection method according to a third embodiment of the present invention;
fig. 5 is a block diagram of a tunnel connection apparatus according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a control device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the control apparatus may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), the optional user interface 1003 may also include a standard wired interface and a wireless interface, and the wired interface of the user interface 1003 may be a Universal Serial Bus (USB) interface in the present invention. The network interface 1004 may optionally include a standard wired interface as well as a wireless interface (e.g., WI-FI interface). The Memory 1005 may be a high speed Random Access Memory (RAM); or a stable Memory, such as a Non-volatile Memory (Non-volatile Memory), and may be a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of the control device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a tunneling program.
In the control device shown in fig. 1, the network interface 1004 is mainly used for connecting to a background server and performing data communication with the background server; the user interface 1003 is mainly used for connecting peripheral equipment; the control apparatus calls the tunnel connection program stored in the memory 1005 by the processor 1001, and performs the following operations:
selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network;
generating a headquarters virtual private network, VPN, configuration corresponding to the first headquarters device and a branch VPN configuration corresponding to the first branch device;
and issuing the headquarter VPN configuration to the first headquarter device, and issuing the branch VPN configuration to the first branch device.
Further, processor 1001 may call a tunneling program stored in memory 1005, and also perform the following operations:
acquiring a first topological configuration corresponding to the first total device and a second topological configuration corresponding to the first branch device;
and displaying the first topological configuration and the second topological configuration in a preset topological display interface.
Further, processor 1001 may call a tunneling program stored in memory 1005, and also perform the following operations:
detecting a VPN connection state between the first bus device and the first branch device;
the displaying the first topology configuration and the second topology configuration in a preset topology display interface specifically includes:
and displaying the first topology configuration, the second topology configuration and the VPN connection state in a preset topology display interface.
Further, processor 1001 may call a tunneling program stored in memory 1005, and also perform the following operations:
selecting a second branch device and a third branch device, and recording intermediate devices respectively connected to the second branch device and the third branch device as second headquarter devices;
generating a first inter-tunnel routing configuration corresponding to the second branch device and a second inter-tunnel routing configuration corresponding to the third branch device based on the second headquarters device;
and issuing the first inter-tunnel routing configuration to the second branch device, and issuing the second inter-tunnel routing configuration to the third branch device, so that the second branch device and the third branch device perform mutual access through the second headquarter device.
Further, processor 1001 may call a tunneling program stored in memory 1005, and also perform the following operations:
selecting a second branch device and a third branch device;
determining a first headquarter device to be selected and a second headquarter device to be selected which are connected with the second branch device, and inquiring a first priority corresponding to the first headquarter device to be selected and a second priority corresponding to the second headquarter device to be selected;
and if the first priority is higher than the second priority, taking the first to-be-selected headquarters equipment as second headquarters equipment respectively connected to the second branch equipment and the third branch equipment.
Further, processor 1001 may call a tunneling program stored in memory 1005, and also perform the following operations:
selecting a fourth branch device and a third headquarter device, and determining transfer routing devices respectively connected to the fourth branch device and the third headquarter device;
generating a third inter-tunnel routing configuration corresponding to the fourth branch device and a fourth inter-tunnel routing configuration corresponding to the third headquarters device based on the transit routing device;
and sending the routing configuration between the third tunnels to the fourth branch equipment, and sending the routing configuration between the fourth tunnels to the third headquarter equipment, so that the fourth branch equipment and the third headquarter equipment can mutually visit through the transfer routing equipment.
Further, processor 1001 may call a tunneling program stored in memory 1005, and also perform the following operations:
if a networking request is monitored, determining to-be-networked branch equipment corresponding to the networking request and fourth headquarter equipment connected with the to-be-networked branch equipment, wherein the to-be-networked branch equipment is not configured with a networking port;
generating a fifth inter-tunnel routing configuration corresponding to the branch equipment to be networked and a sixth inter-tunnel routing configuration corresponding to the fourth headquarter equipment;
and issuing the routing configuration among the fifth tunnels to the branch equipment to be networked, and issuing the routing configuration among the sixth tunnels to the fourth headquarter equipment, so that the branch equipment to be networked is networked through the fourth headquarter equipment.
In this embodiment, a first total device and a first branch device are selected, where the first total device and the first branch device are forwarding devices in a software defined network; generating a headquarter VPN configuration corresponding to a first headquarter device and a branch VPN configuration corresponding to a first branch device; and issuing the headquarter VPN configuration to a first headquarter device, and issuing the branch VPN configuration to a first branch device. Obviously, in the embodiment, an automated manner is adopted to generate the headquarter VPN configuration and the branch VPN configuration, and the VPN connection between forwarding devices is automatically established, so that the VPN configuration efficiency is greatly improved, and the technical problem of low deployment efficiency when the VPN connection is deployed in the SD-WAN is solved.
Based on the above hardware structure, an embodiment of the tunnel connection method of the present invention is provided.
Referring to fig. 2, fig. 2 is a flowchart illustrating a tunnel connection method according to a first embodiment of the present invention.
In a first embodiment, the tunnel connection method includes the steps of:
step S10: selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network.
It is understood that both SDN and SD-WAN separate data control from data forwarding to simplify management and operation of the network. The difference is that SDN is a Network architecture for data centers and SD-WAN is a Network architecture for Wide Area Networks (WAN).
In a specific implementation, the execution subject of this embodiment is a control device, specifically, the control device is an SDN control device for data control, and similarly, the first total device and the first branch device are SDN forwarding devices for data forwarding. The headquarters equipment is equipment on the headquarters side of the company, and the branch equipment is equipment on the branch (e.g., branch or local office) side of the company. If further subdivided, the control device may be an SD-WAN control device, and similarly, the first total device and the first branch device may be SD-WAN forwarding devices.
It should be understood that, in order to optimize the VPN configuration function of the SD-WAN to improve the deployment efficiency, it is not necessary for a user to manually establish individual VPN connections one by one, and after one is established, another VPN connection is established. In this embodiment, the VPN configuration function of the SD-WAN may be referred to as an Auto VPN (Automation VPN) function.
It is understood that, if the VPN connection between the first bus device and the first branch device is to be deployed, the first bus device and the first branch device may be selected first. The number of the first branch devices may be N, where N is a positive integer.
In view of the expandability of the automation process, since the batch processing of the VPN connection is possible, N may be 2 or more. Thus, multiple branch VPN configurations may be automatically generated.
Of course, N may also be 1.
Step S20: generating a headquarters virtual private network, VPN, configuration corresponding to the first headquarters device and a branch VPN configuration corresponding to the first branch device.
In a specific implementation, after the first total device and the 4 first branch devices are selected, a total VPN configuration corresponding to the first total device and a branch VPN configuration corresponding to the first branch devices can be automatically generated, so that deployment and management of the enterprise VPNs are greatly simplified. There will also be 4 configurations of branch VPN configurations corresponding to the 4 first branch devices, respectively.
The headquarter VPN configuration comprises an access account name, an access password (or an access certificate), an authentication mode, grouping information and the like, and the branch VPN configuration comprises a headquarter name, an access address, an access account name, an access password (or an access certificate), an authentication mode, a shared key and the like. As for the authentication mode that the access account name and the access password correspond to the account password, the access certificate corresponds to the authentication mode of the certificate.
Step S30: and issuing the headquarter VPN configuration to the first headquarter device, and issuing the branch VPN configuration to the first branch device.
It is understood that the headquarter VPN configuration is issued to the first headquarter device, and the branch VPN configuration is issued to the first branch device, so that the first branch device initiates a VPN connection towards the first headquarter device.
In a specific implementation, after the configuration generated automatically is issued to the corresponding device, in view of the existence of a headquarter name, an access address, an access account name, an access password (or an access certificate) and an authentication method corresponding to the first headquarter device in the branch VPN configuration of the first branch device, a connection of a VPN tunnel may be automatically initiated to the first headquarter device, so as to successfully establish a VPN connection between the first headquarter device and each first branch device.
In this embodiment, a first total device and a first branch device are selected, where the first total device and the first branch device are forwarding devices in a software defined network; generating a headquarter VPN configuration corresponding to a first headquarter device and a branch VPN configuration corresponding to a first branch device; and issuing the headquarter VPN configuration to a first headquarter device, and issuing the branch VPN configuration to a first branch device. Obviously, in the embodiment, an automated manner is adopted to generate the headquarter VPN configuration and the branch VPN configuration, and the VPN connection between forwarding devices is automatically established, so that the VPN configuration efficiency is greatly improved, and the technical problem of low deployment efficiency when the VPN connection is deployed in the SD-WAN is solved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a tunnel connection method according to a second embodiment of the present invention, and the tunnel connection method according to the second embodiment of the present invention is proposed based on the first embodiment illustrated in fig. 2.
In the second embodiment, after the step S30, the tunnel connection method further includes:
step S40: and acquiring a first topological configuration corresponding to the first bus equipment and a second topological configuration corresponding to the first branch equipment.
It should be understood that, in addition to automatically generating the headquarter VPN configuration corresponding to the first headquarter device and the branch VPN configuration corresponding to the first branch device, the first topology configuration corresponding to the first headquarter device and the second topology configuration corresponding to the first branch device may be obtained in real time to show the operation state of the network in real time. Wherein the first topological configuration relates to the topology of the first total device and the second topological configuration relates to the topology of the first branch device.
Step S50: and displaying the first topological configuration and the second topological configuration in a preset topological display interface.
It is understood that the display of the topology structure can be performed in a preset topology display interface which is preset.
Further, after the issuing the headquarter VPN configuration to the first headquarter device and the issuing the branch VPN configuration to the first branch device, the tunnel connection method further includes:
detecting a VPN connection state between the first bus device and the first branch device;
the displaying the first topology configuration and the second topology configuration in a preset topology display interface specifically includes:
and displaying the first topology configuration, the second topology configuration and the VPN connection state in a preset topology display interface.
In a specific implementation, the VPN connection status between the first main device and the first branch device may be periodically detected, and if the connection is successful, that is, the VPN connection status is a successful connection status, the VPN connection status is reported in real time, and the connection status of the VPN tunnel is displayed in a preset topology display interface. The VPN connection state includes a delay condition, a receiving flow rate, a sending flow rate, and the like.
Further, the related information of the access account may also be managed, for example, the name and password of the access account that allows access to the VPN may be set, whether hardware binding authentication or DKEY authentication is enabled may be set, whether virtual Internet Protocol (IP) is enabled may be set, an encryption algorithm used by the access account, the valid time of the access account, and the intranet authority of the access account may be set. Wherein DKEY is a token.
In addition, the users can be grouped and user policies such as public attributes of group members can be set. In order to realize interconnection among a plurality of network nodes, management can be performed on the interconnection of the network nodes.
In this embodiment, the operation state of each device in the SD-WAN architecture can be shown in real time.
Referring to fig. 4, fig. 4 is a flowchart illustrating a tunnel connection method according to a third embodiment of the present invention, and the tunnel connection method according to the third embodiment of the present invention is proposed based on the first embodiment shown in fig. 2.
In the third embodiment, after the step S30, the tunnel connection method further includes:
step S401: selecting a second branch device and a third branch device, and marking the intermediate devices respectively connected to the second branch device and the third branch device as second headquarter devices.
It can be understood that, in the case of a Tunnel Route (Tunnel Route), the Tunnel Route may implement interconnection between multiple devices (or software), but most of the Tunnel routes only provide end-to-end connection and cannot provide cross-end access capability. However, the present embodiment will provide cross-end access capability at the time of VPN connection.
In a specific implementation, for cross-end access, if there are a second branch device and a third branch device, the second branch device may be connected to a second headquarters device, and the second headquarters device may be connected to the third branch device, but the second branch device and the third branch device cannot be directly connected, that is, the second branch device and the third branch device cannot be cross-end accessed.
Step S501: generating, based on the second headquarters device, a first inter-tunnel routing configuration corresponding to the second branch device and a second inter-tunnel routing configuration corresponding to the third branch device.
It will be appreciated that in order for a VPN connection to be established between the second branch device and the third branch device, forwarding may be delivered at the intermediate device. Therefore, when the inter-tunnel routing configuration is automatically generated, the first inter-tunnel routing configuration corresponding to the second branch device establishes a tunnel from the second branch device to the intermediate device, and the second inter-tunnel routing configuration corresponding to the third branch device establishes a tunnel from the intermediate device to the third branch device.
Step S601: and issuing the first inter-tunnel routing configuration to the second branch device, and issuing the second inter-tunnel routing configuration to the third branch device, so that the second branch device and the third branch device perform mutual access through the second headquarter device.
It should be understood that, through the automatically generated first inter-tunnel routing configuration and the second inter-tunnel routing configuration, the second branch device and the third branch device can perform routing forwarding by means of a common head office device to achieve mutual access of the second branch device and the third branch device.
Here, the branch device and the headquarters device are named differently only to express different operation flows. Therefore, the first branch device and the second branch device may be the same branch device, or may not be the same branch device, and the embodiment is not limited. Headquarters equipment is likewise not limiting.
Further, the selecting a second branch device and a third branch device, and marking an intermediate device respectively connected to the second branch device and the third branch device as a second headquarters device specifically includes:
selecting a second branch device and a third branch device;
determining a first headquarter device to be selected and a second headquarter device to be selected which are connected with the second branch device, and inquiring a first priority corresponding to the first headquarter device to be selected and a second priority corresponding to the second headquarter device to be selected;
and if the first priority is higher than the second priority, taking the first to-be-selected headquarters equipment as second headquarters equipment respectively connected to the second branch equipment and the third branch equipment.
In a specific implementation, if there are a plurality of intermediate devices between the second branch device and the third branch device, for example, the first to-be-selected headquarters device and the second to-be-selected headquarters device are both intermediate devices between the second branch device and the third branch device, that is, the first to-be-selected headquarters device and the second to-be-selected headquarters device are both connected to the second branch device and the third branch device, respectively. Priority may be introduced to make the transit device selection. For example, if the first priority is higher than the second priority, the first to-be-selected headquarters equipment can be selected as the transfer equipment for routing forwarding, and the second to-be-selected headquarters equipment which also meets the position condition is not used.
Further, after the issuing the headquarter VPN configuration to the first headquarter device and the issuing the branch VPN configuration to the first branch device, the tunnel connection method further includes:
selecting a fourth branch device and a third headquarter device, and determining transfer routing devices respectively connected to the fourth branch device and the third headquarter device;
generating a third inter-tunnel routing configuration corresponding to the fourth branch device and a fourth inter-tunnel routing configuration corresponding to the third headquarters device based on the transit routing device;
and sending the routing configuration between the third tunnels to the fourth branch equipment, and sending the routing configuration between the fourth tunnels to the third headquarter equipment, so that the fourth branch equipment and the third headquarter equipment can mutually visit through the transfer routing equipment.
It should be understood that, in terms of cross-end access, the above gives an inter-access scenario of the second branch device and the third branch device, i.e. an inter-access scenario of branch inter-access, and the present embodiment may also provide other inter-access scenarios.
In a specific implementation, for example, if the VPN connection cannot be directly established between the fourth branch device and the third headquarters device, the fourth branch device may access the third headquarters device by using a transit routing device commonly connected to the fourth branch device and the third headquarters device as a transit. Therefore, when the inter-tunnel routing configuration is automatically generated, the third inter-tunnel routing configuration corresponding to the fourth branch device establishes a tunnel from the fourth branch device to the relay routing device, and the fourth inter-tunnel routing configuration corresponding to the third headquarters device establishes a tunnel from the relay routing device to the third headquarters device.
Further, after the issuing the headquarter VPN configuration to the first headquarter device and the issuing the branch VPN configuration to the first branch device, the tunnel connection method further includes:
if a networking request is monitored, determining to-be-networked branch equipment corresponding to the networking request and fourth headquarter equipment connected with the to-be-networked branch equipment, wherein the to-be-networked branch equipment is not configured with a networking port;
generating a fifth inter-tunnel routing configuration corresponding to the branch equipment to be networked and a sixth inter-tunnel routing configuration corresponding to the fourth headquarter equipment;
and issuing the routing configuration among the fifth tunnels to the branch equipment to be networked, and issuing the routing configuration among the sixth tunnels to the fourth headquarter equipment, so that the branch equipment to be networked is networked through the fourth headquarter equipment.
In a specific implementation, in addition to the above two types of inter-access scenarios of cross-end access, the embodiment may also provide a network access function of branch network access. For example, if the branch device to be networked is not configured with a networking port, that is, it means that a certain branch company has no networking outlet, centralized internet access can be achieved by connecting the branch device to be networked to the headquarters device and routing and forwarding the branch device to be networked by the headquarters device.
Further, data backup between headquarter devices can be performed, for example, a headquarter device a and a headquarter device B can both access a certain service system, if a certain branch device accesses the service system through the headquarter device a, the service system can still be continuously accessed through the headquarter device B after the branch device is disconnected from the headquarter device a, and backup facing multiple headquarters is realized.
In view of that most of the inter-tunnel routes only provide end-to-end connection and cannot provide the access capability of cross-end access, the present embodiment will provide the access capability of cross-end access during VPN connection to overcome this drawback. Meanwhile, the embodiment also enables the branch equipment without the networking outlet to carry out internet surfing operation.
In addition, an embodiment of the present invention further provides a storage medium, where a tunnel connection program is stored on the storage medium, and the tunnel connection program, when executed by a processor, implements the following operations:
selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network;
generating a headquarters virtual private network, VPN, configuration corresponding to the first headquarters device and a branch VPN configuration corresponding to the first branch device;
and issuing the headquarter VPN configuration to the first headquarter device, and issuing the branch VPN configuration to the first branch device.
Further, the tunneling program when executed by the processor further performs the following operations:
acquiring a first topological configuration corresponding to the first total device and a second topological configuration corresponding to the first branch device;
and displaying the first topological configuration and the second topological configuration in a preset topological display interface.
Further, the tunneling program when executed by the processor further performs the following operations:
detecting a VPN connection state between the first bus device and the first branch device;
accordingly, the following operations are also implemented:
and displaying the first topology configuration, the second topology configuration and the VPN connection state in a preset topology display interface.
Further, the tunneling program when executed by the processor further performs the following operations:
selecting a second branch device and a third branch device, and recording intermediate devices respectively connected to the second branch device and the third branch device as second headquarter devices;
generating a first inter-tunnel routing configuration corresponding to the second branch device and a second inter-tunnel routing configuration corresponding to the third branch device based on the second headquarters device;
and issuing the first inter-tunnel routing configuration to the second branch device, and issuing the second inter-tunnel routing configuration to the third branch device, so that the second branch device and the third branch device perform mutual access through the second headquarter device.
Further, the tunneling program when executed by the processor further performs the following operations:
selecting a second branch device and a third branch device;
determining a first headquarter device to be selected and a second headquarter device to be selected which are connected with the second branch device, and inquiring a first priority corresponding to the first headquarter device to be selected and a second priority corresponding to the second headquarter device to be selected;
and if the first priority is higher than the second priority, taking the first to-be-selected headquarters equipment as second headquarters equipment respectively connected to the second branch equipment and the third branch equipment.
Further, the tunneling program when executed by the processor further performs the following operations:
selecting a fourth branch device and a third headquarter device, and determining transfer routing devices respectively connected to the fourth branch device and the third headquarter device;
generating a third inter-tunnel routing configuration corresponding to the fourth branch device and a fourth inter-tunnel routing configuration corresponding to the third headquarters device based on the transit routing device;
and sending the routing configuration between the third tunnels to the fourth branch equipment, and sending the routing configuration between the fourth tunnels to the third headquarter equipment, so that the fourth branch equipment and the third headquarter equipment can mutually visit through the transfer routing equipment.
Further, the tunneling program when executed by the processor further performs the following operations:
if a networking request is monitored, determining to-be-networked branch equipment corresponding to the networking request and fourth headquarter equipment connected with the to-be-networked branch equipment, wherein the to-be-networked branch equipment is not configured with a networking port;
generating a fifth inter-tunnel routing configuration corresponding to the branch equipment to be networked and a sixth inter-tunnel routing configuration corresponding to the fourth headquarter equipment;
and issuing the routing configuration among the fifth tunnels to the branch equipment to be networked, and issuing the routing configuration among the sixth tunnels to the fourth headquarter equipment, so that the branch equipment to be networked is networked through the fourth headquarter equipment.
In this embodiment, a first total device and a first branch device are selected, where the first total device and the first branch device are forwarding devices in a software defined network; generating a headquarter VPN configuration corresponding to a first headquarter device and a branch VPN configuration corresponding to a first branch device; and issuing the headquarter VPN configuration to a first headquarter device, and issuing the branch VPN configuration to a first branch device. Obviously, in the embodiment, an automated manner is adopted to generate the headquarter VPN configuration and the branch VPN configuration, and the VPN connection between forwarding devices is automatically established, so that the VPN configuration efficiency is greatly improved, and the technical problem of low deployment efficiency when the VPN connection is deployed in the SD-WAN is solved.
In addition, referring to fig. 5, an embodiment of the present invention further provides a tunnel connection device, where the tunnel connection device includes:
the device selecting module 10 is configured to select a first total device and a first branch device, where the first total device and the first branch device are forwarding devices in a software-defined network.
It is understood that both SDN and SD-WAN separate data control from data forwarding to simplify management and operation of the network. The difference is that SDN is a Network architecture for data centers and SD-WAN is a Network architecture for Wide Area Networks (WAN).
In a specific implementation, the control device is an SDN control device for data control, and similarly, the first total device and the first branch device are SDN forwarding devices for data forwarding. The headquarters equipment is equipment on the headquarters side of the company, and the branch equipment is equipment on the branch (e.g., branch or local office) side of the company. If further subdivided, the control device may be an SD-WAN control device, and similarly, the first total device and the first branch device may be SD-WAN forwarding devices.
It should be understood that, in order to optimize the VPN configuration function of the SD-WAN to improve the deployment efficiency, it is not necessary for a user to manually establish individual VPN connections one by one, and after one is established, another VPN connection is established. In this embodiment, the VPN configuration function of the SD-WAN may be referred to as an Auto VPN (Automation VPN) function.
It is understood that, if the VPN connection between the first bus device and the first branch device is to be deployed, the first bus device and the first branch device may be selected first. The number of the first branch devices may be N, where N is a positive integer.
In view of the expandability of the automation process, since the batch processing of the VPN connection is possible, N may be 2 or more. Thus, multiple branch VPN configurations may be automatically generated.
Of course, N may also be 1.
A configuration generating module 20, configured to generate a headquarter virtual private network VPN configuration corresponding to the first headquarter device and a branch VPN configuration corresponding to the first branch device.
In a specific implementation, after the first total device and the 4 first branch devices are selected, a total VPN configuration corresponding to the first total device and a branch VPN configuration corresponding to the first branch devices may be automatically generated. There will also be 4 configurations of branch VPN configurations corresponding to the 4 first branch devices, respectively.
The headquarter VPN configuration comprises an access account name, an access password (or an access certificate), an authentication mode, grouping information and the like, and the branch VPN configuration comprises a headquarter name, an access address, an access account name, an access password (or an access certificate), an authenticator, a shared key and the like.
A configuration issuing module 30, configured to issue the headquarter VPN configuration to the first headquarter device, and issue the branch VPN configuration to the first branch device.
It is understood that the headquarter VPN configuration is issued to the first headquarter device, and the branch VPN configuration is issued to the first branch device, so that the first branch device initiates a VPN connection towards the first headquarter device.
In a specific implementation, after the configuration generated automatically is issued to the corresponding device, in view of the existence of a headquarter name, an access address, an access account name, an access password (or an access certificate) and an authentication method corresponding to the first headquarter device in the branch VPN configuration of the first branch device, a connection of a VPN tunnel may be automatically initiated to the first headquarter device, so as to successfully establish a VPN connection between the first headquarter device and each first branch device.
In this embodiment, a first total device and a first branch device are selected, where the first total device and the first branch device are forwarding devices in a software defined network; generating a headquarter VPN configuration corresponding to a first headquarter device and a branch VPN configuration corresponding to a first branch device; and issuing the headquarter VPN configuration to a first headquarter device, and issuing the branch VPN configuration to a first branch device. Obviously, in the embodiment, an automated manner is adopted to generate the headquarter VPN configuration and the branch VPN configuration, and the VPN connection between forwarding devices is automatically established, so that the VPN configuration efficiency is greatly improved, and the technical problem of low deployment efficiency when the VPN connection is deployed in the SD-WAN is solved.
In one embodiment, the tunnel connection apparatus further includes:
the topology display module is used for acquiring a first topology configuration corresponding to the first total device and a second topology configuration corresponding to the first branch device;
and displaying the first topological configuration and the second topological configuration in a preset topological display interface.
In one embodiment, the tunnel connection apparatus further includes:
a state detection module, configured to detect a VPN connection state between the first bus device and the first branch device;
the topology display module is further configured to display the first topology configuration, the second topology configuration, and the VPN connection state in a preset topology display interface.
In one embodiment, the tunnel connection apparatus further includes:
the first cross-terminal module is used for selecting a second branch device and a third branch device, and recording intermediate devices respectively connected to the second branch device and the third branch device as second headquarter devices; generating a first inter-tunnel routing configuration corresponding to the second branch device and a second inter-tunnel routing configuration corresponding to the third branch device based on the second headquarters device; and issuing the first inter-tunnel routing configuration to the second branch device, and issuing the second inter-tunnel routing configuration to the third branch device, so that the second branch device and the third branch device perform mutual access through the second headquarter device.
In an embodiment, the first cross-end module is further configured to select a second branch device and a third branch device; determining a first headquarter device to be selected and a second headquarter device to be selected which are connected with the second branch device, and inquiring a first priority corresponding to the first headquarter device to be selected and a second priority corresponding to the second headquarter device to be selected; and if the first priority is higher than the second priority, taking the first to-be-selected headquarters equipment as second headquarters equipment respectively connected to the second branch equipment and the third branch equipment.
In one embodiment, the tunnel connection apparatus further includes:
the second cross-terminal module is used for selecting a fourth branch device and a third headquarter device and determining transfer routing devices respectively connected to the fourth branch device and the third headquarter device; generating a third inter-tunnel routing configuration corresponding to the fourth branch device and a fourth inter-tunnel routing configuration corresponding to the third headquarters device based on the transit routing device; and sending the routing configuration between the third tunnels to the fourth branch equipment, and sending the routing configuration between the fourth tunnels to the third headquarter equipment, so that the fourth branch equipment and the third headquarter equipment can mutually visit through the transfer routing equipment.
In one embodiment, the tunnel connection apparatus further includes:
the networking module is used for determining a branch device to be networked corresponding to the networking request and a fourth headquarter device connected with the branch device to be networked if the networking request is monitored, wherein the branch device to be networked is not provided with a networking port; generating a fifth inter-tunnel routing configuration corresponding to the branch equipment to be networked and a sixth inter-tunnel routing configuration corresponding to the fourth headquarter equipment; and issuing the routing configuration among the fifth tunnels to the branch equipment to be networked, and issuing the routing configuration among the sixth tunnels to the fourth headquarter equipment, so that the branch equipment to be networked is networked through the fourth headquarter equipment.
Other embodiments or specific implementation manners of the tunnel connection device according to the present invention may refer to the above method embodiments, and are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order, but rather the words first, second, third, etc. are to be interpreted as names.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as a read-only memory, a RAM, a magnetic disk, and an optical disk), and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A tunnel connection method, characterized by comprising the steps of:
selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network;
generating a headquarters virtual private network, VPN, configuration corresponding to the first headquarters device and a branch VPN configuration corresponding to the first branch device;
and issuing the headquarter VPN configuration to the first headquarter device, and issuing the branch VPN configuration to the first branch device.
2. The tunneling method of claim 1, wherein after issuing the headquarter VPN configuration to the first headquarter device and issuing the branch VPN configuration to the first branch device, the tunneling method further comprises:
acquiring a first topological configuration corresponding to the first total device and a second topological configuration corresponding to the first branch device;
and displaying the first topological configuration and the second topological configuration in a preset topological display interface.
3. The tunneling method of claim 2, wherein after issuing the headquarter VPN configuration to the first headquarter device and issuing the branch VPN configuration to the first branch device, the tunneling method further comprises:
detecting a VPN connection state between the first bus device and the first branch device;
the displaying the first topology configuration and the second topology configuration in a preset topology display interface specifically includes:
and displaying the first topology configuration, the second topology configuration and the VPN connection state in a preset topology display interface.
4. The tunneling method according to any one of claims 1-3, wherein after issuing the headquarter VPN configuration to the first headquarter device and issuing the branch VPN configuration to the first branch device, the tunneling method further comprises:
selecting a second branch device and a third branch device, and recording intermediate devices respectively connected to the second branch device and the third branch device as second headquarter devices;
generating a first inter-tunnel routing configuration corresponding to the second branch device and a second inter-tunnel routing configuration corresponding to the third branch device based on the second headquarters device;
and issuing the first inter-tunnel routing configuration to the second branch device, and issuing the second inter-tunnel routing configuration to the third branch device, so that the second branch device and the third branch device perform mutual access through the second headquarter device.
5. The tunnel connection method according to claim 4, wherein the selecting a second branch device and a third branch device, and marking an intermediate device respectively connected to the second branch device and the third branch device as a second head office device specifically comprises:
selecting a second branch device and a third branch device;
determining a first headquarter device to be selected and a second headquarter device to be selected which are connected with the second branch device, and inquiring a first priority corresponding to the first headquarter device to be selected and a second priority corresponding to the second headquarter device to be selected;
and if the first priority is higher than the second priority, taking the first to-be-selected headquarters equipment as second headquarters equipment respectively connected to the second branch equipment and the third branch equipment.
6. The tunneling method according to any one of claims 1-3, wherein after issuing the headquarter VPN configuration to the first headquarter device and issuing the branch VPN configuration to the first branch device, the tunneling method further comprises:
selecting a fourth branch device and a third headquarter device, and determining transfer routing devices respectively connected to the fourth branch device and the third headquarter device;
generating a third inter-tunnel routing configuration corresponding to the fourth branch device and a fourth inter-tunnel routing configuration corresponding to the third headquarters device based on the transit routing device;
and sending the routing configuration between the third tunnels to the fourth branch equipment, and sending the routing configuration between the fourth tunnels to the third headquarter equipment, so that the fourth branch equipment and the third headquarter equipment can mutually visit through the transfer routing equipment.
7. The tunneling method according to any one of claims 1-3, wherein after issuing the headquarter VPN configuration to the first headquarter device and issuing the branch VPN configuration to the first branch device, the tunneling method further comprises:
if a networking request is monitored, determining to-be-networked branch equipment corresponding to the networking request and fourth headquarter equipment connected with the to-be-networked branch equipment, wherein the to-be-networked branch equipment is not configured with a networking port;
generating a fifth inter-tunnel routing configuration corresponding to the branch equipment to be networked and a sixth inter-tunnel routing configuration corresponding to the fourth headquarter equipment;
and issuing the routing configuration among the fifth tunnels to the branch equipment to be networked, and issuing the routing configuration among the sixth tunnels to the fourth headquarter equipment, so that the branch equipment to be networked is networked through the fourth headquarter equipment.
8. A control apparatus, characterized in that the control apparatus comprises: memory, processor and a tunneling program stored on the memory and executable on the processor, the tunneling program when executed by the processor implementing the steps of the tunneling method according to any one of claims 1 to 7.
9. A storage medium having stored thereon a tunnel connection program which, when executed by a processor, implements the steps of the tunnel connection method according to any one of claims 1 to 7.
10. A tunnel connection device, comprising:
the device selection module is used for selecting a first total device and a first branch device, wherein the first total device and the first branch device are forwarding devices in a software defined network;
a configuration generation module configured to generate a headquarter virtual private network VPN configuration corresponding to the first headquarter device and a branch VPN configuration corresponding to the first branch device;
and the configuration issuing module is used for issuing the headquarter VPN configuration to the first headquarter equipment and issuing the branch VPN configuration to the first branch equipment.
CN201910951780.0A 2019-10-08 2019-10-08 Tunnel connection method, control device, storage medium and apparatus Active CN110611607B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910951780.0A CN110611607B (en) 2019-10-08 2019-10-08 Tunnel connection method, control device, storage medium and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910951780.0A CN110611607B (en) 2019-10-08 2019-10-08 Tunnel connection method, control device, storage medium and apparatus

Publications (2)

Publication Number Publication Date
CN110611607A true CN110611607A (en) 2019-12-24
CN110611607B CN110611607B (en) 2021-10-19

Family

ID=68894063

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910951780.0A Active CN110611607B (en) 2019-10-08 2019-10-08 Tunnel connection method, control device, storage medium and apparatus

Country Status (1)

Country Link
CN (1) CN110611607B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067416A (en) * 2011-10-18 2013-04-24 华为技术有限公司 Virtual private cloud (VPC) access authentication method and correlation apparatus
CN103118443A (en) * 2013-01-15 2013-05-22 杭州华三通信技术有限公司 Configuration method and configuration device for long-distance branch device
US20140301396A1 (en) * 2013-04-09 2014-10-09 Electronics & Telecommunications Research Institute Method for constructing virtual private network, method for packet forwarding, and gateway apparatus using the methods
CN104753713A (en) * 2013-12-31 2015-07-01 华为技术有限公司 SDN (Self-Defending Network) service deployment method and SDN controller
CN104980362A (en) * 2014-04-04 2015-10-14 华为技术有限公司 Business tunnel establishment method and business tunnel establishment device
CN105119934A (en) * 2015-09-11 2015-12-02 北京星网锐捷网络技术有限公司 Deployment method of virtual private network branch, headquarter equipment and branch equipment
US20160359811A1 (en) * 2015-02-11 2016-12-08 Pismo Labs Technology Limited Methods and systems for establishing vpn connections at a vpn gateway
CN108809797A (en) * 2018-07-26 2018-11-13 哈尔滨工业大学(威海) A kind of VPN control devices define VPN and realize system and method
CN109274570A (en) * 2017-07-18 2019-01-25 中国电信股份有限公司 Construction method, device and the computer readable storage medium of VPN
CN109474508A (en) * 2018-12-28 2019-03-15 深信服科技股份有限公司 A kind of VPN network-building method, system, VPN host node device and medium
WO2019164907A1 (en) * 2018-02-20 2019-08-29 Huawei Technologies Co. Ltd. Stitching enterprise virtual private networks (vpns) with cloud virtual private clouds (vpcs)

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067416A (en) * 2011-10-18 2013-04-24 华为技术有限公司 Virtual private cloud (VPC) access authentication method and correlation apparatus
CN103118443A (en) * 2013-01-15 2013-05-22 杭州华三通信技术有限公司 Configuration method and configuration device for long-distance branch device
US20140301396A1 (en) * 2013-04-09 2014-10-09 Electronics & Telecommunications Research Institute Method for constructing virtual private network, method for packet forwarding, and gateway apparatus using the methods
CN104753713A (en) * 2013-12-31 2015-07-01 华为技术有限公司 SDN (Self-Defending Network) service deployment method and SDN controller
CN104980362A (en) * 2014-04-04 2015-10-14 华为技术有限公司 Business tunnel establishment method and business tunnel establishment device
US20160359811A1 (en) * 2015-02-11 2016-12-08 Pismo Labs Technology Limited Methods and systems for establishing vpn connections at a vpn gateway
CN105119934A (en) * 2015-09-11 2015-12-02 北京星网锐捷网络技术有限公司 Deployment method of virtual private network branch, headquarter equipment and branch equipment
CN109274570A (en) * 2017-07-18 2019-01-25 中国电信股份有限公司 Construction method, device and the computer readable storage medium of VPN
WO2019164907A1 (en) * 2018-02-20 2019-08-29 Huawei Technologies Co. Ltd. Stitching enterprise virtual private networks (vpns) with cloud virtual private clouds (vpcs)
CN108809797A (en) * 2018-07-26 2018-11-13 哈尔滨工业大学(威海) A kind of VPN control devices define VPN and realize system and method
CN109474508A (en) * 2018-12-28 2019-03-15 深信服科技股份有限公司 A kind of VPN network-building method, system, VPN host node device and medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
何莉: "企业分支机构VPN解决方案的设计与实现", 《创新·融合·发展——创新型煤炭企业发展与信息化高峰论坛论文集》 *

Also Published As

Publication number Publication date
CN110611607B (en) 2021-10-19

Similar Documents

Publication Publication Date Title
US11682055B2 (en) Partitioned private interconnects to provider networks
US9954763B1 (en) Pre-configured virtual gateways for isolated virtual networks
JP5782484B2 (en) Network task execution method and system based on target network
CN113950816A (en) System and method for providing multi-cloud micro-service gateway using sidecar agency
US8670349B2 (en) System and method for floating port configuration
US8549124B2 (en) Network management discovery tool
EP2760174A1 (en) Virtual private cloud access authentication method and related apparatus
CN107733795B (en) Ethernet virtual private network EVPN and public network intercommunication method and device
JP7416919B2 (en) Data processing methods and devices and computer storage media
CN112956158B (en) Structural data plane monitoring
JP6378442B2 (en) Method and apparatus for deploying services in a virtualized network
CN109768906B (en) Private subnet line configuration method and device
KR20210088677A (en) Method and device for vehicle Internet message notification
CN105939240A (en) Load balancing method and device
JP6558273B2 (en) Control program, notification program, control device, and notification method
JP2000324104A (en) Security policy setting method in virtual communication network, security policy manager and virtual communication network system using it
CN107659930A (en) A kind of AP connection control methods and device
CN108600225B (en) Authentication method and device
CN105939344A (en) TCP (Transmission Control Protocol) connection establishing method and device
CN110611607B (en) Tunnel connection method, control device, storage medium and apparatus
CN110336793B (en) Intranet access method and related device
CN110266674B (en) Intranet access method and related device
CN108768861B (en) Method and device for sending service message
CN1957582B (en) Route server monitor
US7971244B1 (en) Method of determining network penetration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant