CN111683164A - IP address configuration method and VPN service system - Google Patents
IP address configuration method and VPN service system Download PDFInfo
- Publication number
- CN111683164A CN111683164A CN202010650459.1A CN202010650459A CN111683164A CN 111683164 A CN111683164 A CN 111683164A CN 202010650459 A CN202010650459 A CN 202010650459A CN 111683164 A CN111683164 A CN 111683164A
- Authority
- CN
- China
- Prior art keywords
- address
- server
- vpn
- central
- address set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Abstract
The embodiment of the invention discloses a configuration method of an IP address and a VPN service system, wherein the method comprises the steps that a central arrangement server receives an address allocation request sent by a VPN server, wherein the address allocation request is generated and sent by the VPN server after receiving an access request sent by a user through a client; the central arranging server determines a second IP address set from the first IP address set, configures the second IP address set to the VPN server, selects an IP address from the second IP address set, and responds to the address allocation request based on the IP address. Based on the method, the IP address of the client is distributed through the central arrangement server, and flexible distribution and management can be realized according to the actual access amount of each VPN server.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method for configuring an IP address and a VPN service system.
Background
Generally, a VPN (Virtual Private Network) server, which is a server dedicated to access a VPN client, is used in a process of enabling a user to access an intranet through the VPN client. The following describes the process of accessing the intranet by the VPN client:
first, a VPN client connects to a VPN server. In the connection process, the VPN client requests access to a VPN server through an actual IP address; then, the VPN server will distribute a virtual IP address for the user requesting to access according to the access request, and send to the VPN client. The VPN client may send a request to a service of the intranet based on the obtained virtual IP address.
In the above flow, when allocating a virtual IP address to a VPN client, the VPN server directly selects one IP address from a pre-configured fixed network segment to allocate to the VPN client.
The above method of pre-configuring the network segment for the VPN server has the disadvantage of "not enough flexibility". The concrete expression is as follows:
the VPN client of the user establishes a connection with which VPN server, which is determined by the VPN client itself, and the VPN server cannot control the access amount. For this reason, a commonly used method is to pre-configure all VPN servers with the same number of IP segments, for example, to equally distribute a 16-bit segment to multiple VPN servers. Therefore, the situation that a part of VPN servers have a large number of VPN clients and a part of VPN servers have a small number of VPN clients can occur. Therefore, the VPN servers with a large number of VPN clients may have insufficient IP addresses to be allocated, and the VPN servers with a small number of VPN clients may have many IP addresses left unused.
In view of the above problems, the prior art cannot provide a method for flexibly and reasonably allocating an IP address to a VPN client.
Disclosure of Invention
The embodiment of the invention provides an IP address configuration method and a VPN service system, which are used for solving the problem that the IP address cannot be flexibly and reasonably allocated to a VPN client in the prior art.
In a first aspect, an embodiment of the present invention provides a method for configuring an IP address, where the method includes: the method comprises the steps that a central arranging server receives an address distribution request sent by a VPN server, wherein the address distribution request is generated and sent by the VPN server after receiving an access request sent by a user through a client; the central arranging server determines a second IP address set from the first IP address set, configures the second IP address set to the VPN server, selects an IP address from the second IP address set, and responds to the address allocation request based on the IP address; the first IP address set is an IP address set which is configured by the central arranging server to a VPN network to which the VPN server belongs.
Based on the scheme, the central arranging server allocates the IP addresses to the client sides accessed to the VPN network, and the central arranging server can perform centralized management on the address allocation of all the VPN servers according to the actual access condition of each VPN server, so that the flexible and reasonable allocation and management of the IP addresses are realized. When the VPN server needs to distribute the IP address for the accessed client, the IP address distributed to the client can be obtained only by sending an address distribution request to the central arrangement server, so that the problem of unreasonable IP address distribution caused by pre-configuring an IP address set for the VPN server in the background technology is solved.
In a possible implementation method, after the central orchestration server configures the second set of IP addresses for the VPN server, the method further includes: and the central arranging server carries out routing release on the corresponding relation between the VPN server and the second IP address set.
Based on the scheme, after the central arranging server configures a second IP address set for the VPN server, the central arranging server also performs routing distribution on the corresponding relation between the VPN server and the second IP address set, so that other network nodes in the VPN network to which the VPN server belongs can learn the routing information to the VPN server, and finally, the purpose that the client can normally access resources in the network is achieved.
In one possible implementation method, the determining, by the central orchestration server, a second set of IP addresses from the first set of IP addresses includes: the central arranging server judges whether a third IP address set exists or not, wherein the third IP address set is the IP address set which is configured to the VPN server and has an idle IP address; if the third IP address set exists, determining that the third IP address set is the second IP address set; and if the third IP address set does not exist, acquiring a preset number of idle IP addresses from the first IP address set as the second IP address set.
Based on the scheme, when the central arranging server determines the second IP address set from the first IP address set, whether a third IP address set already exists is judged, and if the third IP address set exists and a free IP address exists in the third IP address set, the central arranging server can determine the third IP address set as the second IP address set; otherwise, the central arranging server acquires a preset number of idle IP addresses from the first IP address set and takes the idle IP addresses as a second IP address set.
In one possible implementation, the central orchestration server receives an address recovery request sent by the VPN server, wherein the address recovery request is generated and issued by the VPN server after determining that the client has disconnected; and the central editing server determines the IP address distributed to the client based on the address recovery request and configures the IP address to be idle.
Based on the scheme, when the VPN server determines that the client is disconnected with the VPN server, the VPN server can send an address recovery request to the central arrangement server, and the central arrangement server can recover the IP addresses according to the received address recovery request, so that the recovered IP addresses can be reused conveniently, and the use of the IP addresses is more efficient.
In a possible implementation method, when the central orchestration server determines that all IP addresses in the second set of IP addresses are free, the central orchestration server recycles the second set of IP addresses, and deletes the second set of IP addresses and the configuration information of the VPN server.
Based on the scheme, the central arrangement server can periodically check the IP address state in each second IP address set configured with each VPN server, and can recycle the second IP address set if all the IP addresses in the second IP address set are found to be idle, and delete the configuration information of the second IP address set and the VPN server, so that the central arrangement server can redistribute the IP addresses in the second IP address set at a later stage.
In one possible implementation, there is no intersection between the first set of IP addresses that the central orchestration server configures for different VPN networks.
Based on the scheme, the central arranging server can provide IP address distribution service for a plurality of different VPN networks at the same time, and in this case, different first IP address sets can be configured for different VPN networks aiming at the different VPN networks in order to realize mutual isolation among the VPN networks.
In a possible implementation method, the central orchestration server records the correspondence between the IP address and the user after selecting an IP address from the second IP address set, and directly responds to the IP address when receiving an address allocation request corresponding to the user again.
Based on the scheme, the user and the allocated IP address are bound, so that the same user is ensured to have the unique IP address in the same VPN network, and the authority management and the access record of the user are conveniently realized.
In one possible implementation method, after receiving the response from the central orchestration server, the VPN server sends the IP address allocated in the response message to the client.
In a second aspect, an embodiment of the present invention provides a VPN service system, where the VPN service system includes a central orchestration server and at least one VPN server, where the VPN server is configured to generate an address allocation request after receiving an access request sent by a user through a client, and send the address allocation request to the central orchestration server; the central arranging server is used for receiving an address allocation request sent by the VPN server, determining a second IP address set from a first IP address set, configuring the second IP address set to the VPN server, selecting an IP address from the second IP address set, and responding to the address allocation request based on the IP address, wherein the first IP address set is an IP address set which is configured to a VPN network to which the VPN server belongs by the central arranging server; and the VPN server is also used for sending the IP address in the response information to the client after receiving the response of the central arranging server so that the client accesses a VPN network based on the IP address.
In a third aspect, an embodiment of the present invention provides a computing device, including:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to perform a method according to any of the first aspects in accordance with the obtained program.
In a fourth aspect, the present invention provides a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the method according to any one of the first aspect.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a diagram of a possible system architecture according to an embodiment of the present invention;
fig. 2 is a method for configuring an IP address according to an embodiment of the present invention;
fig. 3 is a VPN service system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a diagram illustrating a possible system architecture according to an embodiment of the present invention. The system comprises a central orchestration server 110 and at least one VPN server 120.
The central organization server 110 may be an independent server or a server cluster formed by a plurality of servers. The central orchestration server 110 responds to the address allocation request by receiving the address allocation request sent by the VPN server. The address allocation request is generated and sent after the VPN server receives a request for accessing the client to the VPN network and successfully verifies the identity of the client.
At least one VPN server 120 serves the same VPN network. Illustratively, referring to fig. 1, the at least one VPN server 120 includes two VPN servers, and is referred to as VPN server 1201 and VPN server 1202.
One possible implementation is that the system further comprises a client 130. During the process of accessing a VPN network, the client 130 may optionally select a VPN server from the VPN network to be accessed for connection, and after the VPN server connected to the client 130 passes the authentication of the client, the VPN server sends an address allocation request to the central orchestration server 110 for the client 130. Exemplarily, referring to fig. 1, the VPN server 1201 has access to 300 clients, which are denoted as a client 13001, a client 13002, and a client 13003 … …, and a client 13300, respectively; VPN server 1202 has access to 1 client, denoted as client 13301.
Based on the system architecture shown in fig. 1, an embodiment of the present invention provides a method for configuring an IP address. As shown in fig. 2, the method includes:
in step 201, the central orchestration server receives an address allocation request sent by the VPN server.
The VPN server generates and sends the address allocation request after receiving an access request sent by a user through a client.
In one embodiment, the access request sent by the user through the client may include identity information, such as a user name and a password; after receiving the access request, the VPN server may verify the identity information of the user to determine whether the user is allowed to access, and if the verification is successful, an address allocation request of the user may be generated and sent to the central orchestration server.
In another embodiment, the access request sent by the user through the client may include identity information, such as a user name and password; after receiving the access request, the VPN server can directly generate an address allocation request and send the identity information of the user to the central arranging server; the central orchestration server may first verify the identity information of the user to determine whether the user is allowed access, and if the verification is successful, may respond to the address assignment request.
In the above embodiment, if the authentication of the identity information of the user fails, the access request of the user may be directly rejected.
The first IP address set is an IP address set which is configured to a VPN network to which a VPN server belongs by the central arranging server.
The above steps will be described in detail with reference to examples.
In one implementation of step 201, when a user requests to access a VPN network through a client, the user may send an authentication request (i.e., an access request) to any VPN server in the VPN network; after receiving the authentication request, the VPN server can verify the identity information of the client, and when the verification is successful, the VPN server can send an address allocation request to the central arranging server to request the central arranging server to allocate an IP address for the user, so that the client obtaining the IP address can be accessed into a corresponding VPN network; accordingly, the central orchestration server will receive the address assignment request sent by the VPN server.
Referring to fig. 1, when a user requests to access to a VPN network through a client 13001, the client 13001 may select a VPN server 1201 in the VPN network nearby or randomly to connect to the VPN network, and after the client 13001 and the VPN server achieve connection based on a real IP address, the client 13001 may submit authentication information, which may include a user name and a password, to the VPN server 1201; the VPN server 1201 that receives the authentication information can authenticate the client 13001; if the verification is successful, that is, the identity information of the client is valid, the VPN server 1201 may send an address allocation request to the central orchestration server 110 to request the central orchestration server 110 to allocate an IP address to the client 13001, so that the client 13001 may access the VPN network based on the IP address, and based on this, the central orchestration server 110 may receive the address allocation request sent by the VPN server 1201.
In one implementation of step 202, after the central organization server receives the address allocation request, a second set of IP addresses may be determined from the first set of IP addresses and configured to the VPN server that sent the address allocation request; further, the central orchestration server may also select an IP address from the second set of IP addresses to respond to the address allocation request based on the IP address. The first IP address set is an IP address set that the central orchestration server configures to a VPN network to which the VPN server belongs, in other words, the first IP address set is used by all VPN servers in the same VPN network.
For example, in fig. 1, the VPN server 1201 and the VPN server 1202 serve the same VPN network, and the VPN network is referred to as an a _ VPN network, which can be used to provide VPN services for a-enterprise users. For an a _ VPN network, the central orchestration server 110 may configure a first set of IP addresses for all VPN servers (e.g., VPN server 1201 and VPN server 1202 in the illustration) serving the a _ VPN network, the first set of IP addresses being a set of IP addresses shared by VPN server 1201 and VPN server 1202.
In an implementation, when the central orchestration server configures the first set of IP addresses for all VPN servers in the VPN network, a control command may be issued to the VPN servers so that the VPN servers pass through the first set of IP addresses when receiving a request issued based on the IP addresses in the first set of IP addresses, and it is noted that the configured first set of IP addresses is not a set of IP addresses that the VPN servers can directly allocate to VPN clients.
In an implementation, the central orchestration server determining the second set of IP addresses from the first set of IP addresses may include identifying a subset from the first set of IP addresses as the second set of IP addresses, wherein all IP addresses in the subset are idle, i.e., not currently allocated for use by any user. In this implementation, the second IP address set may only include one IP address, and the central orchestration server may directly allocate the IP address to the user, and may record the correspondence between the user and the IP address, and when the user requests to access the VPN network again, no matter whether his access request is received by any VPN server in the VPN network, the central server may directly find out the IP address allocated to the user according to the recorded correspondence, and allocate the IP address to the user again, thereby implementing the binding between the user and the IP address, and facilitating the implementation of the rights management and log tracking for the user.
In an implementation, the central orchestration server determining the second set of IP addresses from the first set of IP addresses may include: the central arranging server judges whether a third IP address set exists or not, wherein the third IP address set is the IP address set which is configured to the VPN server and has an idle IP address; if the third IP address set exists, determining that the third IP address set is the second IP address set; and if the third IP address set does not exist, acquiring a preset number of idle IP addresses from the first IP address set as the second IP address set.
In the embodiment of the present invention, after the central orchestration server determines the second IP address set from the first IP address set, the central orchestration server may perform routing distribution on the correspondence between the second IP address set and the VPN server in the related network device, so that the related network device automatically routes the network request to the network device where the VPN server is located when receiving the network request related to the second IP address set. In one implementation, the central orchestration server may be published based on a dynamic routing Protocol, for example, BGP (Border Gateway Protocol), so that other network nodes in the VPN network can learn the routing information to the VPN server 1201, and finally, the purpose that the client can normally access resources in the network is achieved.
In the embodiment of the present invention, the first IP address set may correspond to a network segment, for example, 192.169.0.0/16, and the second IP address set and the third IP address set may correspond to subnet segments in the network segment, for example, 192.169.0.0/24, and the sizes of the network segment and the subnet segment may be set based on actual requirements, which is not limited by the present invention.
It should be appreciated that the central orchestration server 110 provided by embodiments of the present invention may serve different enterprise users simultaneously. If there are a second enterprise user, a third enterprise user, and a greater number of other enterprise users than enterprise user a, central orchestration server 110 may configure a first set of IP addresses for the VPN network of each enterprise user, where the first set of IP addresses may be pre-allocated or may be configured in real-time when an address allocation request is received for the first time.
In an embodiment of the present invention, the method may further include performing state management on the allocated IP address, specifically, the initial state of the IP address in the second IP address set may be marked as idle, and after responding to the address allocation request based on the selected IP address, the central orchestration server may mark the state of the IP address as non-idle, so as to avoid being allocated again. After receiving the response, the VPN server may send the IP address in the response message to the client. After receiving the IP address, the client can access the VPN network based on the IP address and access the target resource through the VPN network. When the client end completes the service request, the connection with the VPN server is cut off, when the VPN server finds that the client end is cut off, the cut-off client end information can be reported to the central arranging server, for example, an address recovery request is sent to the central arranging server, and then the central arranging server marks the state of the IP address distributed to the user as idle according to the cut-off information reported by the VPN server, so that the IP address can be redistributed. Furthermore, the central arranging server can confirm the state of each second IP address set configured to the VPN server in real time or periodically, and when the central arranging server finds that all IP addresses in a certain second IP address set configured to a certain VPN server are in idle states, the central arranging server can recycle the second IP address set, delete the configuration related information of the second IP address and the VPN server, and cancel the release of related routes. Based on the method, the idle IP address set can be recovered in time, so that the idle IP address set can be allocated to other VPN servers with large access quantity for use.
It will be appreciated that the IP address assigned to the user by the central orchestration server is a virtual IP address.
In summary, in the IP address configuration method provided in the embodiment of the present invention, the central arrangement server allocates the user IP addresses, so that the central arrangement server can perform reasonable configuration of the IP addresses according to the actual access amount of each VPN server, control the number of the IP addresses allocated to each VPN server by configuring the second address set for the VPN server, and further, by timely recovering the idle IP addresses and sets, flexible configuration and efficient utilization of the IP addresses can be achieved.
Based on the same conception, the embodiment of the invention also provides a VPN service system. As shown in fig. 3, the system comprises a central orchestration server 301, at least one VPN server 302, wherein:
a VPN server 302, configured to generate an address allocation request after receiving an access request sent by a user through a client, and send the address allocation request to the central orchestration server 301;
the central orchestration server 301 may be configured to receive an address allocation request sent by the VPN server 302, determine a second IP address set from the first IP address set, configure the second IP address set to the VPN server 302, select an IP address from the second IP address set, and respond to the address allocation request based on the IP address, where the first IP address set is an IP address set that the central orchestration server 301 configures to a VPN network to which the VPN server 302 belongs. It should be noted that the central orchestration server 301 may implement the allocation of the IP addresses based on the above method embodiments, which may specifically refer to the above description and will not be described herein again.
After receiving the response from the central orchestration server 301, the VPN server 302 may send the IP address in the response message to the client, so that the client accesses a VPN network based on the IP address.
In one implementation, the VPN system may be deployed in an enterprise network architecture implemented based on an SD-WAN (Software Defined WAN), and provides an intranet access service implemented based on a VPN for an enterprise. The VPN server in the VPN system can be deployed on a POP node in the SD-WAN network.
The embodiment of the invention also provides a computing device, which can be specifically a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA) and the like. The computing device may include a Central Processing Unit (CPU), memory, input/output devices, etc., the input devices may include a keyboard, mouse, touch screen, etc., and the output devices may include a Display device, such as a Liquid Crystal Display (LCD), a Cathode Ray Tube (CRT), etc.
Memory, which may include Read Only Memory (ROM) and Random Access Memory (RAM), provides the processor with program instructions and data stored in the memory. In an embodiment of the present invention, the memory may be configured to store program instructions of a configuration method of an IP address;
and the processor is used for calling the program instruction stored in the memory and executing the configuration method of the IP address according to the obtained program.
The embodiment of the invention also provides a computer-readable storage medium, which stores computer-executable instructions, and the computer-executable instructions are used for enabling a computer to execute the configuration method of the IP address.
It should be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (11)
1. A method for configuring an IP address, comprising:
the method comprises the steps that a central arranging server receives an address distribution request sent by a VPN server, wherein the address distribution request is generated and sent by the VPN server after receiving an access request sent by a user through a client;
the central arranging server determines a second IP address set from the first IP address set, configures the second IP address set to the VPN server, selects an IP address from the second IP address set, and responds to the address allocation request based on the IP address;
the first IP address set is an IP address set which is configured by the central arranging server to a VPN network to which the VPN server belongs.
2. The method of claim 1, wherein after said central orchestration server configures said second set of IP addresses for said VPN server, further comprising:
and the central arranging server carries out routing release on the corresponding relation between the VPN server and the second IP address set.
3. The method of claim 1 or 2, wherein the central orchestration server determining a second set of IP addresses from the first set of IP addresses, comprising:
the central arranging server judges whether a third IP address set exists or not, wherein the third IP address set is the IP address set which is configured to the VPN server and has an idle IP address;
if the third IP address set exists, determining that the third IP address set is the second IP address set;
and if the third IP address set does not exist, acquiring a preset number of idle IP addresses from the first IP address set as the second IP address set.
4. The method of claim 1 or 2, wherein the method further comprises:
the central arranging server receives an address recovery request sent by the VPN server, wherein the address recovery request is generated and sent by the VPN server after the VPN server determines that the client is disconnected;
and the central editing server determines the IP address distributed to the client based on the address recovery request and configures the IP address to be idle.
5. The method of claim 1 or 2, wherein the method further comprises:
and when the central arranging server determines that all the IP addresses in the second IP address set are idle, recovering the second IP address set and deleting the configuration information of the second IP address set and the VPN server.
6. The method of claim 1, wherein there is no intersection between the first set of IP addresses that the central orchestration server configures for different VPN networks.
7. The method of claim 1, wherein the central orchestration server records the correspondence between the IP address and the user after selecting an IP address from the second set of IP addresses, and directly responds to the IP address when receiving an address allocation request corresponding to the user again.
8. The method of claim 1, wherein the method further comprises:
and after receiving the response of the central arranging server, the VPN server sends the IP address distributed in the response information to the client.
9. A VPN service system, comprising a central orchestration server, at least one VPN server, wherein,
the VPN server is used for generating an address allocation request after receiving an access request sent by a user through a client and sending the address allocation request to the central arranging server;
the central arranging server is used for receiving an address allocation request sent by the VPN server, determining a second IP address set from a first IP address set, configuring the second IP address set to the VPN server, selecting an IP address from the second IP address set, and responding to the address allocation request based on the IP address, wherein the first IP address set is an IP address set which is configured to a VPN network to which the VPN server belongs by the central arranging server;
and the VPN server is also used for sending the IP address in the response information to the client after receiving the response of the central arranging server so that the client accesses a VPN network based on the IP address.
10. A computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any one of claims 1 to 8 in accordance with the obtained program.
11. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010650459.1A CN111683164B (en) | 2020-07-08 | 2020-07-08 | IP address configuration method and VPN service system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010650459.1A CN111683164B (en) | 2020-07-08 | 2020-07-08 | IP address configuration method and VPN service system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111683164A true CN111683164A (en) | 2020-09-18 |
| CN111683164B CN111683164B (en) | 2022-11-04 |
Family
ID=72457367
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010650459.1A Active CN111683164B (en) | 2020-07-08 | 2020-07-08 | IP address configuration method and VPN service system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111683164B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113923076A (en) * | 2021-09-06 | 2022-01-11 | 长沙市同迅计算机科技有限公司 | SD-WAN-based Ethernet two-layer data exchange method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080043749A1 (en) * | 2006-08-21 | 2008-02-21 | Citrix Systems, Inc. | Methods for Associating an IP Address to a User Via an Appliance |
| CN101662511A (en) * | 2009-10-10 | 2010-03-03 | 中国电信股份有限公司 | Network address distributing method, DHCP server, access system and method thereof |
| CN102917081A (en) * | 2012-09-27 | 2013-02-06 | 汉柏科技有限公司 | IP (internet protocol) address distribution method for VPN (virtual private network) client, message transmission method, and VPN server |
| US20130343175A1 (en) * | 2012-06-22 | 2013-12-26 | Sriganesh Kini | Internetworking and ip address management in unified mpls and ip networks |
| CN107005603A (en) * | 2016-08-30 | 2017-08-01 | 深圳前海达闼云端智能科技有限公司 | Method, device, system and the computer program product distributed for IP address |
| CN109639851A (en) * | 2019-01-17 | 2019-04-16 | 安徽云探索网络科技有限公司 | A kind of Dynamic VPN address distribution method |
| CN111107173A (en) * | 2018-10-29 | 2020-05-05 | 中国移动通信集团浙江有限公司 | IP address planning method and system of IP bearing network |
-
2020
- 2020-07-08 CN CN202010650459.1A patent/CN111683164B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080043749A1 (en) * | 2006-08-21 | 2008-02-21 | Citrix Systems, Inc. | Methods for Associating an IP Address to a User Via an Appliance |
| CN101662511A (en) * | 2009-10-10 | 2010-03-03 | 中国电信股份有限公司 | Network address distributing method, DHCP server, access system and method thereof |
| US20130343175A1 (en) * | 2012-06-22 | 2013-12-26 | Sriganesh Kini | Internetworking and ip address management in unified mpls and ip networks |
| CN102917081A (en) * | 2012-09-27 | 2013-02-06 | 汉柏科技有限公司 | IP (internet protocol) address distribution method for VPN (virtual private network) client, message transmission method, and VPN server |
| CN107005603A (en) * | 2016-08-30 | 2017-08-01 | 深圳前海达闼云端智能科技有限公司 | Method, device, system and the computer program product distributed for IP address |
| CN111107173A (en) * | 2018-10-29 | 2020-05-05 | 中国移动通信集团浙江有限公司 | IP address planning method and system of IP bearing network |
| CN109639851A (en) * | 2019-01-17 | 2019-04-16 | 安徽云探索网络科技有限公司 | A kind of Dynamic VPN address distribution method |
Non-Patent Citations (1)
| Title |
|---|
| 刘振海: "利用VPN技术实现远程网络互联", 《网络安全技术与应用》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113923076A (en) * | 2021-09-06 | 2022-01-11 | 长沙市同迅计算机科技有限公司 | SD-WAN-based Ethernet two-layer data exchange method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111683164B (en) | 2022-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113169952B (en) | Container cloud management system based on block chain technology | |
| US10700947B2 (en) | Life cycle management method and device for network service | |
| WO2020186909A1 (en) | Virtual network service processing method, apparatus and system, and controller and storage medium | |
| CN108924268B (en) | Container cloud service system and pod creation method and device | |
| CN107196982B (en) | User request processing method and device | |
| EP3618352B1 (en) | Virtual machine management | |
| CN103078965B (en) | The IP address management method of virtual machine | |
| CN103384237A (en) | Method for sharing IaaS cloud account, shared platform and network device | |
| CN112532675A (en) | Method, device and medium for establishing network edge computing system | |
| CN111585887B (en) | Communication method and device based on multiple networks, electronic equipment and storage medium | |
| JP2016522509A (en) | Automatic configuration of access to virtual infrastructure manager by virtual network function manager | |
| WO2020253634A1 (en) | Data processing method, system and device | |
| EP3442201B1 (en) | Cloud platform construction method and cloud platform | |
| CN110704167A (en) | Method, device, equipment and storage medium for creating virtual machine | |
| US9264339B2 (en) | Hosted network management | |
| CN110008019B (en) | Method, device and system for sharing server resources | |
| CN112948842A (en) | Authentication method and related equipment | |
| EP3629160B1 (en) | Method and device for managing vnf instantiation | |
| WO2020216038A1 (en) | Data management method, lepm, and mepm | |
| CN109743357B (en) | Method and device for realizing service access continuity | |
| CN106533961B (en) | Flow control method and device | |
| CN111683164B (en) | IP address configuration method and VPN service system | |
| CN113177179A (en) | Data request connection management method, device, equipment and storage medium | |
| CN109005071B (en) | Decision deployment method and scheduling equipment | |
| CN115333863A (en) | Internet of things system building method based on dynamic domain name service and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |