CN111770077B - Data distribution method, system, medium and device based on edge computing virtual private network - Google Patents
Data distribution method, system, medium and device based on edge computing virtual private network Download PDFInfo
- Publication number
- CN111770077B CN111770077B CN202010590411.6A CN202010590411A CN111770077B CN 111770077 B CN111770077 B CN 111770077B CN 202010590411 A CN202010590411 A CN 202010590411A CN 111770077 B CN111770077 B CN 111770077B
- Authority
- CN
- China
- Prior art keywords
- node
- vpn
- service request
- data service
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Abstract
The invention provides a data distribution method, a system, a medium and a device based on an edge computing virtual private network, comprising the following steps: the VPN network node scheduling module receives VPN access point request information of the terminal equipment, and sends EC VPN node information to the terminal equipment; the EC VPN node receives a VPN connection establishment request sent by the terminal equipment and establishes VPN connection with the terminal equipment; receiving a data service request sent by a terminal device, and judging whether the data service request is a large-flow data service request or not; when the data service request is not a large-flow data service request, sending the data service request to a VPN root access node; receiving result data; sending the result data to the terminal equipment; and when the request is a large-flow data service request, sending the data service request to the CDN node, and acquiring result data sent by the source IDC through the CDN node. The method and the device are used for increasing the security of the terminal equipment accessing the CDN node.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a data distribution method, system, medium, and apparatus based on an edge computing virtual private network.
Background
The current CDN (content delivery network) system is constructed on the open internet, and based on a proxy and cache technology, when a terminal requests a specific resource through the internet, the CDN first checks whether an effective cache exists in an edge node of the CDN, if so, directly returns, and if not, the CDN returns a source to a source station by proxy step by step and pulls the source station.
The technology is operated on the open internet, faces various attacks and challenges, particularly breaks out a large-scale fault for many times in a terminal access network, such as DNS hijacking, pollution, man-in-the-middle attack and the like, and has great risk for application with strict safety requirements, such as television channel live broadcast and the like based on the open internet in the radio and television industry.
As a common scheme of network security, a Virtual Private Network (VPN) is a completely private VPN established by using a VPN dedicated access device based on an open internet, and can effectively resist the above attacks and challenges, and has good security and wide application in the scenarios such as remote office. However, the data processing capability of a single VPN dedicated access device is limited, which is far lower than that of a common HTTP (hypertext transfer protocol) server, and for large-traffic applications such as video, a large number of devices with high price are required to meet the requirement. Meanwhile, the service quality is generally reduced or even the access is impossible due to the access of the cross-network operator, which is limited by the public network export situation of the VPN private access device.
Currently, EC (edge computing) and MEC (mobile edge computing) provide computing and network resources at the metropolitan area network, even at the access network level, along with the development of 5G, and provide new possibilities for network security transmission.
How to establish a safe and economic content delivery network on the open internet based on edge calculation, and how to increase the security of the terminal device accessing the CDN node is the problem handled by the invention.
Disclosure of Invention
In view of the above drawbacks of the prior art, an object of the present invention is to provide a data distribution method, system, medium and apparatus based on an edge computing virtual private network, for solving the problem in the prior art of how to establish a secure and economical content distribution network on the open internet based on edge computing, and how to increase the security of a terminal device accessing a CDN node.
In order to achieve the above and other related objects, the present invention provides a data distribution method based on an edge computing vpn, comprising the steps of: a VPN network node scheduling module receives VPN access point request information sent by terminal equipment, and the VPN network node scheduling module sends ECVPN node information to the terminal equipment based on the VPN access point request information; an ECVPN node corresponding to the ECVPN node information receives a VPN connection establishment request sent by the terminal equipment, and the ECVPN node establishes VPN connection with the terminal equipment; the ECVPN node receives a data service request sent by the terminal equipment, and the ECVPN node judges whether the data service request is a large-flow data service request or not; when the data service request is not a large-flow data service request, the ECVPN node sends the data service request to a VPN root access node, and the VPN root access node is located in a source IDC; the ECVPN node receives result data returned by the VPN root access node based on the data service request; the ECVPN node sends the result data to the terminal equipment; when the data service request is a large-flow data service request, the ECVPN node sends the data service request to a CDN node, and the CDN node and the ECVPN node are located in the same edge IDC; the CDN node judges whether result data of the data service request exist in a cache, if so, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment; if the data service request does not exist in the cache, the CDN node sends the data service request to a source IDC, the CDN node receives result data sent by the source IDC, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment.
In an embodiment of the present invention, the sending, by the VPN network node scheduling module, ECVPN node information to the terminal device based on the VPN access point request information includes: the VPN access point request message includes: IP information and user information of the terminal equipment; and acquiring the network operator information of the terminal equipment based on the IP information, determining an ECVPN node based on the network operator information and the user information, and sending the ECVPN node information to the terminal equipment.
In an embodiment of the present invention, the receiving, by the ECVPN node, the data service request sent by the terminal device, and the determining, by the ECVPN node, whether the data service request is a large-traffic data service request includes: the ECVPN node reads whether a destination IP address contained in the data service request is a video source station or not, and when the destination IP address contained in the data service request is the video source station, the data service request is a large-flow data service request; or the ECVPN node analyzes whether the data service request is a large-flow data service request or not through a data analysis method, and when the data service request is analyzed to be the large-flow data service request through the data analysis method, the data service request is the large-flow data service request.
In an embodiment of the present invention, when the large traffic data service request is not received, the ECVPN node sends the data service request to a VPN relay node, and the VPN relay node sends the data service request to a VPN root access node, where the VPN root access node is located in a source IDC; the VPN transfer node receives result data returned by the VPN root access node based on the data service request; and the VPN transfer node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment.
In order to achieve the above object, the present invention further provides a data distribution system based on an edge computing virtual private network, including: the method comprises the following steps: VPN network node scheduling module, at least two edge IDCs, the said edge IDC includes: ECVPN nodes and CDN nodes; a VPN network node scheduling module receives VPN access point request information sent by terminal equipment, and the VPN network node scheduling module sends ECVPN node information to the terminal equipment based on the VPN access point request information; an ECVPN node corresponding to the ECVPN node information receives a VPN connection establishment request sent by the terminal equipment, and the ECVPN node establishes VPN connection with the terminal equipment; the ECVPN node receives a data service request sent by the terminal equipment, and the ECVPN node judges whether the data service request is a large-flow data service request or not; when the data service request is not a large-flow data service request, the ECVPN node sends the data service request to a VPN root access node, and the VPN root access node is located in a source IDC; the ECVPN node receives result data returned by the VPN root access node based on the data service request; the ECVPN node sends the result data to the terminal equipment; when the data service request is a large-flow data service request, the ECVPN node sends the data service request to a CDN node, and the CDN node and the ECVPN node are located in the same edge IDC; the CDN node judges whether result data of the data service request exist in a cache, if so, the CDN node sends the result data to the ECVPN node, and the EC VPN node sends the result data to the terminal equipment; if the data service request does not exist in the cache, the CDN node sends the data service request to a source IDC, the CDN node receives result data sent by the source IDC, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment.
In an embodiment of the present invention, the sending, by the VPN network node scheduling module, ECVPN node information to the terminal device based on the VPN access point request information includes: the VPN access point request message includes: IP information and user information of the terminal equipment; and acquiring the information of a network operator where the terminal equipment is located based on the IP information, determining an ECVPN node based on the information of the network operator and the user information, and sending the information of the ECVPN node to the terminal equipment.
In an embodiment of the present invention, the receiving, by the ECVPN node, the data service request sent by the terminal device, and the determining, by the ECVPN node, whether the data service request is a large-traffic data service request includes: the ECVPN node reads whether a destination IP address contained in the data service request is a video source station or not, and when the destination IP address contained in the data service request is the video source station, the data service request is a large-flow data service request; or the ECVPN node analyzes whether the data service request is a large-flow data service request or not through a data analysis method, and when the data service request is analyzed to be the large-flow data service request through the data analysis method, the data service request is the large-flow data service request.
To achieve the above object, the present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements any of the above data distribution methods based on an edge computing vpn.
In order to achieve the above object, the present invention further provides a data distribution apparatus based on an edge computing vpn, including: a processor and a memory; the memory is used for storing a computer program; the processor is connected to the memory and configured to execute the computer program stored in the memory, so that the data distribution apparatus based on the edge computing vpn executes any one of the above data distribution methods based on the edge computing vpn.
Finally, the invention also provides a data distribution system based on the edge computing virtual private network, which comprises the data distribution device based on the edge computing virtual private network, terminal equipment and a source IDC; the terminal equipment is used for sending VPN access point request information to a VPN network node scheduling module; receiving ECVPN node information sent by a VPN network node scheduling module; establishing VPN connection with the ECVPN node corresponding to the ECVPN node information; receiving result data sent by the ECVPN node; the source IDC receives a data service request sent by the CDN node, and the source IDC sends result data to the CDN node; and the CDN node sends the result data to the ECVPN node.
As described above, the data distribution method, system, medium, and apparatus based on the edge computing vpn of the present invention have the following advantages: and the security of the terminal equipment accessing the CDN node is increased.
Drawings
FIG. 1a is a flow chart illustrating a data distribution method based on an edge computing VPN according to an embodiment of the present invention;
FIG. 1b is a flow chart illustrating a data distribution method based on an edge computing VPN according to another embodiment of the present invention;
FIG. 1c is a flowchart illustrating a data distribution method based on an edge computing VPN according to another embodiment of the present invention;
FIG. 2 is a schematic diagram of a data distribution system based on an edge computing VPN according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a data distribution device based on an edge computing VPN according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data distribution system based on an edge computing vpn according to another embodiment of the present invention.
Description of the element reference numerals
21 VPN network node scheduling module
22 edge IDC
221 ECVPN node
222 CDN node
31 processor
32 memory
41 data distribution device based on edge computing virtual private network
42 terminal device
43 Source IDC
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, so that the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, the type, quantity and proportion of the components in actual implementation can be changed freely, and the layout of the components can be more complicated.
The data distribution method, the system, the medium and the device based on the edge computing virtual private network are used for increasing the security of the terminal equipment accessing the CDN node.
The invention is characterized in that based on EC technology, VPN access software is deployed on an ECVPN node, a terminal device is connected with the ECVPN node through a VPN protocol, the ECVPN node and an edge node of the CDN are deployed in the same IDC (Internet data center), small flow information such as dynamic interface calling and the like is accessed to a source station CMS (content management System), an OSS (operation support System) and other service systems through the VPN network, large flow static data such as video and the like is accessed to the edge node of the CDN through an IDC intranet, and therefore source station content is obtained through the existing CDN proxy cache network.
Therefore, on one hand, the VPN between the terminal equipment and the ECVPN node isolates a large number of security problems in the access network; on the other hand, large-flow data such as videos are obtained from CDN nodes through an IDC intranet at ECVPN nodes, and bandwidth of the IDC intranet usually has no extra cost. Thus, compared to the existing CDN, the security of the access network is increased by only increasing the cost of renting computing resources of the ECVPN node, which is rapidly decreasing with the large-scale commercialization of EC and 5 GMEC.
As shown in fig. 1a, in an embodiment, the data distribution method based on the edge computing vpn of the present invention includes the following steps:
step S11, the VPN network node scheduling module receives VPN access point request information sent by the terminal device, and the VPN network node scheduling module sends ECVPN node information to the terminal device based on the VPN access point request information.
Specifically, the VPN network node scheduling module obtains ECVPN node information of each ECVPN node in advance. Therefore, the VPN network node scheduling module may select an appropriate ECVPN node for the terminal device based on the VPN access point request information sent by the terminal device, and therefore, the VPN network node scheduling module sends ECVPN node information to the terminal device based on the VPN access point request information.
Specifically, the sending, by the VPN network node scheduling module, ECVPN node information to the terminal device based on the VPN access point request information includes: the VPN access point request message includes: IP information and user information of the terminal equipment; and acquiring the information of a network operator where the terminal equipment is located based on the IP information, determining an ECVPN node based on the information of the network operator and the user information, and sending the information of the ECVPN node to the terminal equipment. The user information includes but is not limited to the grade information of the user, an ECVPN node which is suitable for the grade of the user is selected for the user based on the grade information of the user, and different ECVPN nodes are matched with different network operators. Therefore, the ECVPN node is determined based on the network operator information and the user information, and the ECVPN node information corresponding to the determined ECVPN node is sent to the terminal device.
Step S12, the ECVPN node corresponding to the ECVPN node information receives the VPN connection establishment request sent by the terminal device, and the ECVPN node establishes VPN connection with the terminal device.
Specifically, the terminal device establishes VPN connection with an ECVPN node corresponding to the returned ECVPN node information, and then the device terminal sets a network interface formed by the ECVPN node as a default route, so as to ensure that access data subsequently initiated by the terminal device first reaches the ECVPN node.
Step S13, the ECVPN node receives the data service request sent by the terminal device, and the ECVPN node determines whether the data service request is a large-traffic data service request.
Specifically, the ECVPN node needs to determine whether the data service request is a large traffic data service request, because there are different processing manners based on the large traffic data service request and the large traffic data service request. For example, the large data service request includes, but is not limited to, a video request.
Specifically, the receiving, by the ECVPN node, a data service request sent by the terminal device, and the determining, by the ECVPN node, whether the data service request is a large-traffic data service request includes: and the ECVPN node reads whether a destination IP address contained in the data service request is a video source station or not, and when the destination IP address contained in the data service request is the video source station, the data service request is a large-flow data service request. Or the ECVPN node analyzes whether the data service request is a large-flow data service request or not through a data analysis method, and when the data service request is analyzed to be the large-flow data service request through the data analysis method, the data service request is the large-flow data service request. The data analysis method includes, but is not limited to, DPI (deep packet inspection).
Specifically, the method determines whether the destination IP address of the data service request is a video source station, as an identifier for video access. However, the present invention does not exclude other methods to determine whether the network packet is video data or not, for example, DPI (Deep packet inspection) is used to analyze whether the network packet is video data or not. Other methods may be devised which do not depart from the spirit and scope of the present invention and which are intended to be exemplary of the invention.
Step S14, when the request is not a large-flow data service request, the ECVPN node sends the data service request to a VPN root access node, and the VPN root access node is positioned at a source IDC; the ECVPN node receives result data returned by the VPN root access node based on the data service request; and the ECVPN node sends the result data to the terminal equipment.
Specifically, when the data service request is not a large-traffic data service request, the ECVPN node sends the data service request to a VPN relay node, the VPN relay node sends the data service request to a VPN root access node, and the VPN root access node is located in a source IDC; the VPN transfer node receives result data returned by the VPN root access node based on the data service request; and the VPN transfer node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment.
Specifically, the ECVPN node transmits the data service request to a VPN root access service deployed in a source IDC of the radio and television intranet, and finally reaches a corresponding service end in the source IDC.
Here, if the public network outlet of the source IDC cannot effectively cover the main network operator, a VPN relay node of the BGP machine room needs to be added, that is, the ECVPN first transfers data to the VPN relay node of the BGP machine room, and then accesses the service from the BGP relay node to the VPN root in the source IDC.
Step S15, when the request is a large-flow data service request, the ECVPN node sends the data service request to a CDN node, and the CDN node and the ECVPN node are located at the same edge IDC node; the CDN node judges whether the result data of the data service request exist in a cache, if so, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment; if the data service request does not exist in the cache, the CDN node sends the data service request to a source IDC, the CDN node receives result data sent by the source IDC, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment.
Specifically, the ECVPN node forwards the data service request to a locally deployed proxy service through a Linux system tool iptables, and the proxy service, according to the configuration request, is located at a CDN node of a same edge IDC and initiates access to the CDN node in the same IDC through a proxy application request. And the data service request is sent to a CDN node, and the CDN node and the ECVPN node are positioned in the same edge IDC. The locally deployed proxy service of the ECVPN node depends on the network video protocol used, for example, for hls (HTTP live streaming) protocol, an HTTP service such as Nginx is adopted; for the RTMP (real time messaging protocol), FMS (flahmmediaserver, a streaming media service software of Adobe corporation) and the like are used.
Specifically, the CDN node receives the data service request, checks a self-cache condition according to an existing processing flow of the CDN node, or the CDN node directly returns content of self-cache to the ECVPN node, and if the content does not exist in the cache, the CDN node sends the data service request to the source IDC, the CDN node receives result data sent by the source IDC, and the CDN node sends the result data to the ECVPN node. And after result data returned by the CDN node is returned to the ECVPN node, returning the result data to the terminal equipment through the established VPN connection. And the terminal equipment displays the result data and continues to perform the next operation and request.
As shown in fig. 1b, in an embodiment, the data distribution method based on the edge computing vpn of the present invention includes the following steps:
step S20: and after the terminal equipment is started, accessing a VPN network node scheduling module deployed at the cloud end. The terminal device requests ECVPN node information.
Step S21: the VPN network node scheduling module receives VPN access point request information sent by terminal equipment, and the VPN network node scheduling module sends ECVPN node information to the terminal equipment based on the VPN access point request information.
Step S22: and the ECVPN node corresponding to the ECVPN node information receives a VPN connection establishment request sent by the terminal equipment, and the ECVPN node establishes VPN connection with the terminal equipment.
Step S23: and the data service request sent by the terminal equipment is sent to the ECVPN node.
Step S24: and the ECVPN node receives a data service request sent by the terminal equipment, and judges whether the data service request is a large-flow data service request or not. If not, the process proceeds to step S25, and if so, the process proceeds to step S28.
Step S25: and when the data service request is not a large-flow data service request, the ECVPN node sends the data service request to a VPN root access node, and the VPN root access node is positioned in a source IDC.
Step S26: the ECVPN node receives result data returned by the VPN root access node based on the data service request; and the ECVPN node sends the result data to the terminal equipment.
Step S27: the terminal device displays the result data returned in step S26 and continues to the next operation and request.
Step S28: when the data service request is a large-flow data service request, the ECVPN node sends the data service request to a CDN node, and the CDN node and the ECVPN node are located in the same edge IDC.
Step S29: the CDN node judges whether result data of the data service request exist in a cache, if so, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment; if the data service request does not exist in the cache, the CDN node sends the data service request to a source IDC, the CDN node receives result data sent by the source IDC, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment.
Step S210: the terminal device displays the result data returned in step S29 and continues to the next operation and request.
As shown in fig. 1c, in an embodiment, the data distribution method based on the edge computing vpn of the present invention includes the following steps: the radio and television operators deploy video operation related systems such as CMS/OSS and video source stations in IDC of the internal network. After the terminal device of the user accesses the VPN network node scheduling module to obtain the specific ECVPN node, VPN connection is established with the ECVPN node. The terminal runs the video application of an operator, and for a data packet sent by the video application, the ECVPN node judges whether the data packet is a video request: the non-video request directly accesses a video operation related system through a VPN network; and for the video data request, requesting a CDN node in the same source IDC, and obtaining the content of the video source station through an existing proxy cache mechanism of the CDN node.
Step S31: and the ECVPN nodes deployed at various places and the VPN network node scheduling module synchronize network segment information of the broadcasting and television intranet video source station.
Step S32: and after the terminal equipment is started, accessing a VPN network node scheduling module deployed at the cloud end. The terminal device requests ECVPN node information. The terminal device accesses the VPN network node scheduling module by taking the user information as a parameter, and requests to distribute specific VPN access point information (ECVPN node information) through an HTTP interface.
Step S33: and the data service request sent by the terminal equipment is sent to the ECVPN node. And the terminal equipment establishes VPN connection with the ECVPN node corresponding to the returned ECVPN node information, and then the equipment terminal sets a network interface formed by the ECVPN node as a default route so as to ensure that access data subsequently initiated by the terminal equipment reaches the ECVPN node firstly.
Step S34: after the application on the terminal equipment is started, a network request is initiated to the broadcasting and television service in the source IDC according to the configuration of the application, wherein the network request is a data service request. The data service request first arrives at the ECVPN node through the VPN connection established at step S33.
Step S35: the ECVPN node judging whether the data service request is a large-flow data service request comprises the following steps: and the ECVPN node reads whether a destination IP address contained in the data service request is a video source station or not, and when the destination IP address contained in the data service request is the video source station, the data service request is a large-flow data service request. If not, the process proceeds to step S36, and if so, the process proceeds to step S39.
Step S36: and when the data service request is not a large-flow data service request, the ECVPN node sends the data service request to a VPN root access node, and the VPN root access node is positioned in a source IDC. Here, if the public network outlet of the source IDC cannot effectively cover the main network operator, a VPN relay node of the BGP machine room needs to be added, that is, the ECVPN first transfers data to the VPN relay node of the BGP machine room, and then accesses the service from the BGP relay node to the VPN root in the source IDC.
Step S37: the ECVPN node receives result data returned by the VPN root access node based on the data service request; and the ECVPN node sends the result data to the terminal equipment.
Step S38: the terminal device displays the result data returned in step S37 and continues to the next operation and request.
Step S39: and when the request is a large-flow data service request, the ECVPN node sends the data service request to the CDN node. The CDN node and the ECVPN node are located at the same edge IDC node. The locally deployed proxy service of the ECVPN node depends on the network video protocol used, for example, for hls (HTTP live streaming) protocol, an HTTP service such as Nginx is adopted; for the RTMP (real time messaging protocol), an FMS (flahhmedia server, a streaming media service software of Adobe corporation) and the like are used.
Step S310: the CDN node judges whether result data of the data service request exist in a cache, if so, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment; if the data service request does not exist in the cache, the CDN node sends the data service request to a source IDC, the CDN node receives result data sent by the source IDC, the CDN node sends the result data to the ECVPN node, and the ECVPN node sends the result data to the terminal equipment.
Step S311: the terminal device displays the result data returned in step S310 and continues to the next operation and request.
As shown in fig. 2, in an embodiment of the data distribution system based on an edge computing virtual private network of the present invention, the VPN network node scheduling module 21, and at least one edge IDC22, where the edge IDC includes: ECVPN node 221 and CDN node 222; a VPN network node scheduling module 21 receives VPN access point request information sent by a terminal device, and the VPN network node scheduling module 21 sends ECVPN node 221 information to the terminal device based on the VPN access point request information; the ECVPN node 221 corresponding to the ECVPN node 221 information receives a VPN connection establishment request sent by the terminal device, and the ECVPN node 221 establishes a VPN connection with the terminal device; the ECVPN node 221 receives a data service request sent by the terminal device, and the ECVPN node 221 determines whether the data service request is a large-traffic data service request; when the data service request is not a large-traffic data service request, the ECVPN node 221 sends the data service request to a VPN root access node, where the VPN root access node is located at a source IDC; the ECVPN node 221 receives result data returned by the VPN root access node based on the data service request; the ECVPN node 221 sends the result data to the terminal device; when the data service request is a large-traffic data service request, the ECVPN node 221 sends the data service request to a CDN node 222, and the CDN node 222 and the ECVPN node 221 are located in the same edge IDC 22; the CDN node 222 determines whether result data of the data service request exists in a cache, and if the result data exists in the cache, the CDN node 222 sends the result data to the ECVPN node 221, and the ECVPN node 221 sends the result data to the terminal device; if the data service request does not exist in the cache, the CDN node 222 sends the data service request to the source IDC, the CDN node 222 receives result data sent by the source IDC, the CDN node 222 sends the result data to the ECVPN node 221, and the ECVPN node 221 sends the result data to the terminal device.
Specifically, the step of the VPN network node scheduling module 21 sending the ECVPN node 221 information to the terminal device based on the VPN access point request information includes: the VPN access point request message includes: IP information and user information of the terminal equipment; acquiring the information of a network operator where the terminal equipment is located based on the IP information, determining the ECVPN node 221 based on the information of the network operator and the user information, and sending the information of the ECVPN node 221 to the terminal equipment.
Specifically, the receiving, by the ECVPN node 221, the data service request sent by the terminal device, and the determining, by the ECVPN node 221, whether the data service request is a large-traffic data service request includes: the ECVPN node 221 reads whether a destination IP address included in the data service request is a video source station, and when the destination IP address included in the data service request is the video source station, the data service request is a large-traffic data service request. Or the ECVPN node analyzes whether the data service request is a large-flow data service request or not through a data analysis method, and when the data service request is analyzed to be the large-flow data service request through the data analysis method, the data service request is the large-flow data service request. The data analysis method includes, but is not limited to, DPI (deep packet inspection).
Specifically, when the data service request is not a large-traffic data service request, the ECVPN node 221 sends the data service request to a VPN relay node, and the VPN relay node sends the data service request to a VPN root access node, where the VPN root access node is located in a source IDC; the VPN transfer node receives result data returned by the VPN root access node based on the data service request; the VPN relay node transmits the result data to the ECVPN node 221, and the ECVPN node 221 transmits the result data to the terminal device.
It should be noted that the structures and principles of the VPN network node scheduling module 21, the edge IDC22, the ECVPN node 221, and the CDN node 222 correspond to the steps in the data distribution method based on the edge computing virtual private network one to one, and therefore, the description is omitted here.
It should be noted that the division of the modules of the above system is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the x module may be a processing element that is set up separately, or may be implemented by being integrated in a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and the function of the x module may be called and executed by a processing element of the apparatus. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more specific integrated circuits (ASICs), one or more Microprocessors (MPUs), one or more Field Programmable Gate Arrays (FPGAs), etc. For another example, when one of the above modules is implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. As another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
In an embodiment of the present invention, the invention further includes a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement any one of the above data distribution methods based on an edge computing virtual private network.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the above method embodiments may be performed by hardware associated with a computer program. The aforementioned computer program may be stored in a computer readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
As shown in fig. 3, in an embodiment, the data distribution apparatus based on the edge computing vpn of the present invention includes: a processor 31 and a memory 32; the memory 32 is for storing a computer program; the processor 31 is connected to the memory 32, and is configured to execute the computer program stored in the memory 32, so that the data distribution apparatus based on the edge computing vpn performs any data distribution method based on the edge computing vpn.
Specifically, the memory 32 includes: various media that can store program codes, such as ROM, RAM, magnetic disk, U-disk, memory card, or optical disk.
Preferably, the processor 31 may be a general-purpose processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; the integrated circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, or discrete hardware components.
As shown in fig. 4, in an embodiment, the data distribution system based on the edge computing vpn of the present invention includes a data distribution apparatus 41 based on the edge computing vpn, a terminal device 42, and a source IDC 43;
the terminal device 42 is configured to send VPN access point request information to the VPN network node scheduling module; receiving ECVPN node information sent by a VPN network node scheduling module; establishing VPN connection with the ECVPN node corresponding to the ECVPN node information; and receiving result data sent by the ECVPN node.
The source IDC43 receives a data service request sent by the CDN node, and the source IDC43 sends result data to the CDN node; and the CDN node sends the result data to the ECVPN node.
In summary, the data distribution method, system, medium, and apparatus based on the edge computing vpn of the present invention increase the security of the terminal device accessing the CDN node. Therefore, the invention effectively overcomes various defects in the prior art and has high industrial utilization value.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (10)
1. A data distribution method based on an edge computing virtual private network is characterized by comprising the following steps:
a VPN network node scheduling module receives VPN access point request information sent by terminal equipment, and the VPN network node scheduling module sends EC VPN node information to the terminal equipment based on the VPN access point request information;
an EC VPN node corresponding to the EC VPN node information receives a VPN connection establishment request sent by the terminal equipment, and the EC VPN node establishes VPN connection with the terminal equipment;
the EC VPN node receives a data service request sent by the terminal equipment, and judges whether the data service request is a large-flow data service request or not;
when the data service request is not a large-flow data service request, the EC VPN node sends the data service request to a VPN root access node, and the VPN root access node is positioned in a source IDC; the EC VPN node receives result data returned by the VPN root access node based on the data service request; the EC VPN node sends the result data to the terminal equipment;
when the data service request is a large-flow data service request, the EC VPN node sends the data service request to a CDN node, and the CDN node and the EC VPN node are located in the same edge IDC; the CDN node judges whether result data of the data service request exist in a cache, if so, the CDN node sends the result data to the EC VPN node, and the EC VPN node sends the result data to the terminal equipment; if the data service request does not exist in the cache, the CDN node sends the data service request to a source IDC, the CDN node receives result data sent by the source IDC, the CDN node sends the result data to the EC VPN node, and the EC VPN node sends the result data to the terminal equipment.
2. The data distribution method based on the edge computing virtual private network according to claim 1, wherein the sending of the EC VPN node information to the terminal device by the VPN network node scheduling module based on the VPN access point request information includes:
the VPN access point request message includes: IP information and user information of the terminal equipment; and acquiring the information of a network operator where the terminal equipment is located based on the IP information, determining an EC VPN node based on the information of the network operator and the user information, and sending the EC VPN node information to the terminal equipment.
3. The data distribution method based on the edge computing virtual private network according to claim 1, wherein the EC VPN node receives a data service request sent by the terminal device, and the EC VPN node determines whether the data service request is a large-traffic data service request includes:
the EC VPN node reads whether a destination IP address contained in the data service request is a video source station or not, and when the destination IP address contained in the data service request is the video source station, the data service request is a large-flow data service request;
or the EC VPN node analyzes whether the data service request is a large-flow data service request or not through a data analysis method, and when the data service request is analyzed to be the large-flow data service request through the data analysis method, the data service request is the large-flow data service request.
4. The data distribution method based on the edge computing virtual private network according to claim 1, further comprising the step of sending the data service request to a VPN relay node by the EC VPN node when the data service request is not a large-traffic data service request, sending the data service request to a VPN root access node by the VPN relay node, wherein the VPN root access node is located in a source IDC; the VPN transfer node receives result data returned by the VPN root access node based on the data service request; and the VPN transfer node sends the result data to the EC VPN node, and the EC VPN node sends the result data to the terminal equipment.
5. A data distribution system based on an edge computing virtual private network, comprising: VPN network node scheduling module, at least one edge IDC, the edge IDC includes: an EC VPN node and a CDN node;
a VPN network node scheduling module receives VPN access point request information sent by terminal equipment, and the VPN network node scheduling module sends EC VPN node information to the terminal equipment based on the VPN access point request information;
an EC VPN node corresponding to the EC VPN node information receives a VPN connection establishment request sent by the terminal equipment, and the EC VPN node establishes VPN connection with the terminal equipment;
the EC VPN node receives a data service request sent by the terminal equipment, and judges whether the data service request is a large-flow data service request or not;
when the data service request is not a large-flow data service request, the EC VPN node sends the data service request to a VPN root access node, and the VPN root access node is positioned in a source IDC; the EC VPN node receives result data returned by the VPN root access node based on the data service request; the EC VPN node sends the result data to the terminal equipment;
when the data service request is a large-flow data service request, the EC VPN node sends the data service request to a CDN node, and the CDN node and the EC VPN node are located in the same edge IDC; the CDN node judges whether result data of the data service request exist in a cache, if so, the CDN node sends the result data to the EC VPN node, and the EC VPN node sends the result data to the terminal equipment; if the data service request does not exist in the cache, the CDN node sends the data service request to a source IDC, the CDN node receives result data sent by the source IDC, the CDN node sends the result data to the EC VPN node, and the EC VPN node sends the result data to the terminal equipment.
6. The data distribution system based on the edge computing virtual private network according to claim 5, wherein the VPN network node scheduling module sending EC VPN node information to the terminal device based on the VPN access point request information includes:
the VPN access point request message includes: IP information and user information of the terminal equipment; and acquiring the information of a network operator where the terminal equipment is located based on the IP information, determining an EC VPN node based on the information of the network operator and the user information, and sending the EC VPN node information to the terminal equipment.
7. The data distribution system based on the edge computing virtual private network according to claim 5, wherein the EC VPN node receives a data service request sent by the terminal device, and the EC VPN node determines whether the data service request is a large-traffic data service request includes:
the EC VPN node reads whether a destination IP address contained in the data service request is a video source station or not, and when the destination IP address contained in the data service request is the video source station, the data service request is a large-flow data service request;
or the EC VPN node analyzes whether the data service request is a large-flow data service request or not through a data analysis method, and when the data service request is analyzed to be the large-flow data service request through the data analysis method, the data service request is the large-flow data service request.
8. A computer-readable storage medium having a computer program stored thereon, wherein the computer program is executed by a processor to implement the data distribution method based on the edge computing virtual private network according to any one of claims 1 to 4.
9. A data distribution device based on an edge computing virtual private network is characterized by comprising: a processor and a memory;
the memory is used for storing a computer program;
the processor is connected with the memory and is used for executing the computer program stored in the memory so as to enable the data distribution device based on the edge computing virtual private network to execute the data distribution method based on the edge computing virtual private network according to any one of claims 1 to 4.
10. A data distribution system based on an edge computing virtual private network, characterized by comprising the data distribution device based on the edge computing virtual private network, a terminal device and a source IDC according to claim 9;
the terminal equipment is used for sending VPN access point request information to a VPN network node scheduling module; receiving EC VPN node information sent by a VPN network node scheduling module; establishing VPN connection with EC VPN nodes corresponding to the EC VPN node information; receiving result data sent by the EC VPN node;
the source IDC receives a data service request sent by the CDN node, and the source IDC sends result data to the CDN node; and the CDN node sends the result data to the EC VPN node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010590411.6A CN111770077B (en) | 2020-06-24 | 2020-06-24 | Data distribution method, system, medium and device based on edge computing virtual private network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010590411.6A CN111770077B (en) | 2020-06-24 | 2020-06-24 | Data distribution method, system, medium and device based on edge computing virtual private network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111770077A CN111770077A (en) | 2020-10-13 |
| CN111770077B true CN111770077B (en) | 2022-07-12 |
Family
ID=72721987
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010590411.6A Active CN111770077B (en) | 2020-06-24 | 2020-06-24 | Data distribution method, system, medium and device based on edge computing virtual private network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111770077B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994079A (en) * | 2015-06-10 | 2015-10-21 | 网宿科技股份有限公司 | Access request processing method, access request processing device and acceleration server |
| CN105940644A (en) * | 2013-12-02 | 2016-09-14 | 阿卡麦科技公司 | Virtual private network (VPN)-as-a-service with delivery optimizations while maintaining end-to-end data security |
| CN109640348A (en) * | 2019-01-08 | 2019-04-16 | 中国联合网络通信集团有限公司 | The multi-service MEC network architecture, the processing method and processing device of multi-service data flow |
| CN109962800A (en) * | 2017-12-25 | 2019-07-02 | 中国电信股份有限公司 | Multicast service load sharing method, system and video living transmission system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160335447A1 (en) * | 2015-05-15 | 2016-11-17 | Alcatel-Lucent Usa, Inc. | Secure enterprise cdn framework |
| US10063666B2 (en) * | 2016-06-14 | 2018-08-28 | Futurewei Technologies, Inc. | Modular telecommunication edge cloud system |
| CN110365747B (en) * | 2019-06-24 | 2022-04-01 | 北京奇艺世纪科技有限公司 | Network request processing method and device, server and computer readable storage medium |
-
2020
- 2020-06-24 CN CN202010590411.6A patent/CN111770077B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105940644A (en) * | 2013-12-02 | 2016-09-14 | 阿卡麦科技公司 | Virtual private network (VPN)-as-a-service with delivery optimizations while maintaining end-to-end data security |
| CN104994079A (en) * | 2015-06-10 | 2015-10-21 | 网宿科技股份有限公司 | Access request processing method, access request processing device and acceleration server |
| CN109962800A (en) * | 2017-12-25 | 2019-07-02 | 中国电信股份有限公司 | Multicast service load sharing method, system and video living transmission system |
| CN109640348A (en) * | 2019-01-08 | 2019-04-16 | 中国联合网络通信集团有限公司 | The multi-service MEC network architecture, the processing method and processing device of multi-service data flow |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111770077A (en) | 2020-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109640348B (en) | Multi-service MEC network architecture, and method and device for processing multi-service data stream | |
| Sabella et al. | Developing software for multi-access edge computing | |
| CN110572377B (en) | Data forwarding method, plug-in and domain name server | |
| CN109600246B (en) | Network slice management method and device | |
| CN113596191B (en) | Data processing method, network element equipment and readable storage medium | |
| EP3032859B1 (en) | Access control method and system, and access point | |
| CN111083102A (en) | Internet of things data processing method, device and equipment | |
| CN113572835B (en) | Data processing method, network element equipment and readable storage medium | |
| CN112202930B (en) | Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network | |
| CN113572864B (en) | Data processing method, network element equipment and readable storage medium | |
| CN114390060A (en) | Method for distributing edge computing network and storage medium | |
| CN103152444B (en) | The network address translation of trunking scheme and message transmitting method and device, system | |
| EP3917083A1 (en) | Network device and method for searching for edge service implemented in network device | |
| CN116633934A (en) | Load balancing method, device, node and storage medium | |
| CN113596917A (en) | Method and device for realizing GTP communication data message processing based on signaling assistance | |
| CN111030914B (en) | Data transmission method and data transmission system | |
| US20160028650A1 (en) | Method and system for a user to create favorite server lists for multiple services | |
| CN111770077B (en) | Data distribution method, system, medium and device based on edge computing virtual private network | |
| JP5726302B2 (en) | Secret or protected access to a network of nodes distributed across a communication architecture using a topology server | |
| CN113872933B (en) | Method, system, device, equipment and storage medium for hiding source station | |
| CN114629912B (en) | Communication transmission method and device based on MEC | |
| CN112994928B (en) | Virtual machine management method, device and system | |
| CN113225224B (en) | Network speed measuring method, system, storage medium and computer equipment | |
| EP4161207A1 (en) | Base station device and method for operating base station device | |
| US11792718B2 (en) | Authentication chaining in micro branch deployment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |