CN111901387B - Connection method and device of cloud special line - Google Patents
Connection method and device of cloud special line Download PDFInfo
- Publication number
- CN111901387B CN111901387B CN202010621691.2A CN202010621691A CN111901387B CN 111901387 B CN111901387 B CN 111901387B CN 202010621691 A CN202010621691 A CN 202010621691A CN 111901387 B CN111901387 B CN 111901387B
- Authority
- CN
- China
- Prior art keywords
- terminal
- cloud
- controller
- router
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000004891 communication Methods 0.000 claims abstract description 33
- 238000005516 engineering process Methods 0.000 claims abstract description 15
- 230000005540 biological transmission Effects 0.000 claims description 12
- 230000006870 function Effects 0.000 description 20
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000010276 construction Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
The embodiment of the application provides a connection method and device of a cloud private line, relates to the technical field of communication, and is used for solving the problem that confidentiality and high efficiency cannot be guaranteed simultaneously when an enterprise goes through a network to be cloud. The method is applied to a cloud special line connection system. The connection method of the cloud special line comprises the following steps: the method comprises the steps that a controller obtains enterprise cloud request information of a terminal; the cloud request information on the enterprise comprises the following steps: a first terminal identification and an internet protocol, IP, address; the cloud request information on the enterprise is used for requesting to transmit data to the cloud server; if the database of the controller stores the first terminal identification, the controller respectively sends configuration information to the terminal and the service router; the configuration information is used for indicating the terminal and the service router to establish communication connection of a cloud special line according to a network tunnel technology; the first terminal identification is used for marking the terminal and the service type of the terminal.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for connecting a cloud special line.
Background
The cloud-on-enterprise process refers to a process that an enterprise performs information infrastructure, management, business and other aspects of application on the basis of the internet, and connects social resources, shared services and capabilities through the internet and a cloud computing means.
The existing enterprises mainly adopt the following two modes through the cloud on the network: one is that the enterprise accesses the cloud server directly through the public network. The method has low confidentiality and is easy to cause information leakage. And the other is that the enterprise accesses the cloud server through a deployment private network. The method has high confidentiality, but the deployment engineering is complex, time-consuming and labor-consuming, and the efficiency is low.
Disclosure of Invention
The invention provides a cloud private line connection method and device, and solves the problem that when an enterprise goes through a network, confidentiality and high efficiency cannot be guaranteed at the same time.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, a method for connecting a cloud-dedicated line is provided, which is applied to a connection system of the cloud-dedicated line. The connecting system of the cloud private line comprises: the system comprises a terminal, core network equipment, a service router, an edge router, a cloud server and a controller; the controller is respectively connected with the terminal, the core network equipment, the service router, the edge router and the cloud server. The connection method of the cloud special line comprises the following steps: the method comprises the steps that a controller obtains enterprise cloud request information of a terminal; the cloud request information on the enterprise comprises: a first terminal identification and an Internet Protocol (IP) address for marking the terminal and the service type of the terminal; the cloud request information on the enterprise is used for requesting to transmit data to the cloud server; if the database of the controller stores the first terminal identification, the controller respectively sends configuration information to the terminal and the service router; the configuration information is used for indicating the terminal and the service router to establish communication connection of the cloud special line according to the network tunnel technology.
It can be seen that, after acquiring the enterprise cloud request information of the terminal, the controller in the application sends configuration information to the terminal and the service router respectively, so that the terminal and the service router establish communication connection of a cloud dedicated line according to a network tunnel technology. Therefore, data can be transmitted between the terminal and the service router through the private transmission channel, and physical construction between the service router and the terminal is not required to be established, so that the cloud security of an enterprise is guaranteed, and the cloud efficiency of the enterprise is improved.
In a second aspect, a method for connecting a cloud-dedicated line is provided, which is applied to a connection system of the cloud-dedicated line, and the connection system of the cloud-dedicated line includes: the system comprises a terminal, core network equipment, a service router, an edge router, a cloud server and a controller; the controller is respectively connected with the terminal, the core network equipment, the service router, the edge router and the cloud server, and the connection method of the cloud special line comprises the following steps: core network equipment acquires service request information of a terminal; the service request information includes: a second terminal identification; the service request information is used for acquiring an Internet Protocol (IP) address; the IP address is used for transmitting the cloud request information on the enterprise to the controller by the terminal; and if the database of the core network equipment stores the second terminal identification, the core network equipment sends the IP address corresponding to the second terminal identification to the terminal.
In a third aspect, a connection device for a cloud-dedicated line is provided, which is applied to a controller belonging to a connection system for the cloud-dedicated line, and the connection system for the cloud-dedicated line includes: the system comprises a terminal, core network equipment, a service router, an edge router, a cloud server and a controller; the controller is connected terminal, core network equipment, business router, edge router and high in the clouds server respectively, and the connecting device of cloud private line includes: an acquisition unit and a transmission unit; the acquisition unit is used for acquiring enterprise cloud request information of the terminal; the cloud request information on the enterprise comprises: a first terminal identification and an internet protocol, IP, address; the cloud request information on the enterprise is used for requesting to transmit data to the cloud server; the first terminal identification is used for marking the terminal and the service type of the terminal; a sending unit, configured to send configuration information to the terminal and the service router, respectively, if the database of the controller stores the first terminal identifier; the configuration information is used for indicating the terminal and the service router to establish communication connection of the cloud special line according to the network tunnel technology.
In a fourth aspect, a connection device for a cloud-dedicated line is provided, which is applied to a core network device belonging to a connection system for a cloud-dedicated line, where the connection system for a cloud-dedicated line includes: the system comprises a terminal, core network equipment, a service router, an edge router, a cloud server and a controller; the controller is connected terminal, core network equipment, business router, edge router and high in the clouds server respectively, and the connecting device of cloud private line includes: an acquisition unit and a transmission unit; the acquiring unit is used for acquiring service request information of the terminal; the service request information includes: a second terminal identification; the service request information is used for acquiring an Internet Protocol (IP) address; the IP address is used for transmitting the cloud request information on the enterprise to the controller by the terminal; and the sending unit is used for sending the IP address corresponding to the second terminal identifier to the terminal if the second terminal identifier is stored in the database of the core network equipment.
In a fifth aspect, a connection device for a cloud-dedicated line is provided, which includes a memory and a processor. The memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus. When the connection device of the cloud-dedicated line is operated, the processor executes the computer execution instructions stored in the memory, so that the connection device of the cloud-dedicated line executes the connection method of the cloud-dedicated line according to the first aspect or the second aspect.
The connection device of the cloud dedicated line may be a network device, or may be a part of a device in the network device, for example, a chip system in the network device. The chip system is configured to support the network device to implement the functions related to the first aspect or the second aspect and any one of the possible implementations thereof, for example, to receive, determine, and shunt data and/or information related to the connection method of the cloud-dedicated line. The chip system includes a chip and may also include other discrete devices or circuit structures.
In a sixth aspect, a computer-readable storage medium is provided, and the computer-readable storage medium includes computer-executable instructions, which, when executed on a computer, cause the computer to perform the method for connecting a cloud-dedicated line according to the first aspect or the second aspect.
In a seventh aspect, a computer program product is provided, which includes computer instructions that, when executed on a computer, cause the computer to execute the method for connecting a cloud-dedicated line according to the first or second aspect and various possible implementations thereof.
It should be noted that all or part of the above computer instructions may be stored on the first computer readable storage medium. The first computer readable storage medium may be packaged together with the processor of the cloud-only connection device, or may be packaged separately from the processor of the cloud-only connection device, which is not limited in this application.
For the description of the second, third, fourth, fifth, sixth and seventh aspects of the present invention, reference may be made to the detailed description of the first aspect; in addition, for the beneficial effects described in the second aspect, the third aspect, the fourth aspect, the fifth aspect, the sixth aspect, and the seventh aspect, reference may be made to the beneficial effect analysis of the first aspect, and details are not repeated here.
In the present application, the name of the connection device of the cloud private line does not limit the device or the function module itself, and in an actual implementation, the device or the function module may appear by other names. Insofar as the functions of the respective devices or functional blocks are similar to those of the present invention, they are within the scope of the claims of the present invention and their equivalents.
These and other aspects of the invention will be more readily apparent from the following description.
Drawings
Fig. 1 is a schematic structural diagram of a connection system of a cloud dedicated line according to an embodiment of the present disclosure;
fig. 2 is a schematic hardware structure diagram of a connection device for a cloud dedicated line according to an embodiment of the present disclosure;
fig. 3 is a schematic hardware structure diagram of another connection device for a cloud dedicated line according to an embodiment of the present application;
fig. 4 is a schematic flowchart of a connection method of a cloud dedicated line according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a connection device for a cloud-dedicated line according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of another connection device for a cloud-dedicated line according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that in the embodiments of the present application, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
For the convenience of clearly describing the technical solutions of the embodiments of the present application, in the embodiments of the present application, the terms "first" and "second" are used to distinguish the same items or similar items with basically the same functions and actions, and those skilled in the art can understand that the terms "first" and "second" are not used to limit the quantity and execution order.
As described in the background, existing on-enterprise clouds are mainly achieved by two ways: one is that the enterprise accesses the cloud server directly through the public network. The method has low confidentiality and is easy to cause information leakage. And the other is that the enterprise accesses the cloud server through a deployment private network. The method has high confidentiality, but has complex deployment engineering, time and labor consumption and low efficiency.
In order to solve the above problem, an embodiment of the present application provides a connection method for a cloud-dedicated line, where after acquiring cloud request information of an enterprise of a terminal, a controller respectively sends configuration information to the terminal and a service router, so that the terminal and the service router establish communication connection of the cloud-dedicated line according to a network tunnel technology. Therefore, data can be transmitted between the terminal and the service router through the private transmission channel, and physical construction between the service router and the terminal is not required to be established, so that the cloud security of an enterprise is guaranteed, and the cloud efficiency of the enterprise is improved.
The connection method of the cloud dedicated line provided by the embodiment of the application is suitable for the connection system 10 of the cloud dedicated line. Fig. 1 shows one configuration of the connection system 10 of the cloud-dedicated line. As shown in fig. 1, the cloud dedicated line connection system 10 includes: the system comprises a terminal 11, a core network device 12, a traffic router 13, an edge router 14, a cloud server 15 and a controller 16.
The controller 16 is connected to the terminal 11, the core network device 12, the service router 13, the edge router 14, and the cloud server 15, respectively.
It should be noted that the terminal 11, the core network device 12, the service router 13, the edge router 14, and the cloud server 15 shown in fig. 1 are only one implementation manner provided in the embodiment of the present application, and in practical applications, the terminal 11, the core network device 12, the service router 13, the edge router 14, and the cloud server 15 may have other implementation manners or numbers, which is not limited in the present application.
The terminal 11 in this embodiment may be a CPE (customer premise equipment) in an enterprise, or may be various handheld devices, vehicle-mounted devices, wearable devices, computers, smart home devices, or smart office devices having a communication function in the enterprise, which is not limited in this embodiment. For example, the handheld device may be a smartphone. The in-vehicle device may be an in-vehicle navigation system. The wearable device may be a smart bracelet. The computer may be a Personal Digital Assistant (PDA) computer, a tablet computer, and a laptop computer. The intelligent household equipment can be an intelligent curtain and an intelligent water meter. The intelligent office equipment may be an intelligent printer.
The core network device 12 in this embodiment may be a PGW (public data network gateway) in a 5G (5th generation mobile communication technology) non-standard networking, may also be an UPF (user port function) and an SMF (session management function) in a 5G standard networking, and may also be a device in other core networks.
The service router 13 in the embodiment of the present application is a multi-type, multi-port router device, which can connect to local area networks and wide area networks with different transmission rates and operate in various environments, and may also adopt different protocols.
The edge router 14 in the embodiment of the present application is a router located at the periphery (edge) of the network, and is used for tandem connection of a user from the local area network to the wide area network.
The cloud server 15 in the embodiment of the present application refers to a server in a cloud platform that provides computing, networking, and storage capabilities based on services of hardware resources and software resources.
The basic hardware structures of the terminal 11, the core network device 12, the traffic router 13, the edge router 14, the cloud server 15, and the controller 16 in the connection system 10 of the cloud-dedicated line are similar, and all include elements included in the connection device of the cloud-dedicated line shown in fig. 2. The following describes the hardware structures of the terminal 11, the core network device 12, the service router 13, the edge router 14, the cloud server 15, and the controller 16 in the cloud-dedicated-line connection system 10, by taking the connection apparatus of the cloud-dedicated line shown in fig. 2 as an example.
Fig. 2 shows a hardware structure schematic diagram of a connection device of a cloud dedicated line provided in an embodiment of the present application. As shown in fig. 2, the connection device of the cloud dedicated line includes a processor 21, a memory 22, a communication interface 23, and a bus 24. The processor 21, the memory 22 and the communication interface 23 may be connected by a bus 24.
The processor 21 is a control center of a connection device of a cloud dedicated line, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 21 may be a Central Processing Unit (CPU), other general-purpose processors, or the like. Wherein a general purpose processor may be a microprocessor or any conventional processor or the like.
For one embodiment, processor 21 may include one or more CPUs, such as CPU 0 and CPU 1 shown in FIG. 2.
The memory 22 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
In a possible implementation, the memory 22 may exist separately from the processor 21, and the memory 22 may be connected to the processor 21 via a bus 24 for storing instructions or program codes. When the processor 21 calls and executes the instructions or program codes stored in the memory 22, the connection method of the cloud dedicated line provided by the embodiment of the present invention can be implemented.
In another possible implementation, the memory 22 may also be integrated with the processor 21.
And a communication interface 23 for connecting with other devices through a communication network. The communication network may be an ethernet network, a radio access network, a Wireless Local Area Network (WLAN), or the like. The communication interface 23 may include a receiving unit for receiving data, and a transmitting unit for transmitting data.
The bus 24 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an extended ISA (enhanced industry standard architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 2, but it is not intended that there be only one bus or one type of bus.
It is to be noted that the structure shown in fig. 2 does not constitute a limitation of the connection means of the cloud private line. In addition to the components shown in fig. 2, the cloud-only connection may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.
Fig. 3 shows another hardware structure of the connection device of the cloud dedicated line in the embodiment of the present application. As shown in fig. 3, the connection means of the cloud dedicated line may include a processor 31 and a communication interface 32. The processor 31 is coupled to a communication interface 32.
The function of the processor 31 may refer to the description of the processor 21 above. The processor 31 also has a memory function, and the function of the memory 22 can be referred to.
The communication interface 32 is used to provide data to the processor 31. The communication interface 32 may be an internal interface of a connection device of a cloud-dedicated line, or may be an external interface (corresponding to the communication interface 23) of the connection device of the cloud-dedicated line.
It is noted that the structure shown in fig. 2 (or fig. 3) does not constitute a limitation of the connection means of the cloud-dedicated line, which may comprise more or less components than those shown in the figure, or a combination of some components, or a different arrangement of components, in addition to those shown in fig. 2 (or fig. 3).
The connection method of the cloud dedicated line provided in the embodiment of the present application is described in detail below with reference to the connection system of the cloud dedicated line shown in fig. 1 and the connection device of the cloud dedicated line shown in fig. 2 (or fig. 3).
Fig. 4 is a schematic flow chart of a connection method of a cloud dedicated line according to an embodiment of the present application. As shown in fig. 4, the connection method of the cloud dedicated line includes the following S401 to S407.
S401, the terminal sends service request information to the core network equipment.
Wherein, the service request information includes: and the second terminal identification. The service request information is used for acquiring an Internet Protocol (IP) address, and the IP address is used for transmitting the cloud request information on the enterprise to the controller by the terminal; the second terminal identification is used for marking the data network name corresponding to the user identification card of the terminal.
For example, the second terminal identifier may be used to mark a network name (DNN) under a fifth generation mobile communication technology (5th generation mobile networks, 5G) network signed by an operator Subscriber Identity Module (SIM) card of the terminal, may also be used to mark a wireless Access Point Name (APN) under a fourth generation mobile communication technology (4th generation mobile networks, 4G) network signed by an operator subscriber SIM card of the terminal, and may also be used to mark a data network name under other standard networks signed by the operator subscriber SIM card of the terminal, which is not limited in this application.
When using the service of the enterprise cloud, the terminal first needs to sign a contract with the operator for the service of the enterprise cloud. After the terminal signs a service of cloud on an enterprise with an operator, the core network device stores a signed second terminal identifier. And after the terminal is accessed into the wireless network, the terminal sends service request information including the second terminal identifier to the core network equipment to request the IP address of the cloud request information on the enterprise transmitted by the orientation controller.
S402, if the database of the core network equipment stores the second terminal identification, the core network equipment sends the IP address corresponding to the second terminal identification to the terminal.
After the core network device obtains the service request information of the terminal, it is determined whether a second terminal identifier is stored in a database of the core network device, that is, the core network device determines whether the terminal signs a contract for the cloud service on the enterprise. And if the database of the core network equipment stores the second terminal identification, the core network equipment sends the IP address corresponding to the second terminal identification to the terminal.
Optionally, the core network device includes multiple IP addresses, and each IP address corresponds to an enterprise cloud service signed by the terminal one to one. When the core network device sends the IP address to the terminal, one IP address can be randomly allocated to the terminal from a plurality of IP addresses, so that the terminal transmits data to the controller according to the IP address.
And S403, the terminal sends the cloud request information of the enterprise to the controller.
Wherein, cloud solicited message on the enterprise includes: a first terminal identity and an IP address. The cloud request information on the enterprise is used for requesting data transmission to the cloud server. The first terminal identification includes: international Mobile Equipment Identity (IMEI), Serial Number (SN), and service type of the terminal; the first terminal identification is used for marking the terminal and the service type of the terminal.
After receiving the IP address sent by the core network equipment, the terminal sends enterprise cloud request information to the controller by taking the IP address as a source address to request for transmitting data to the cloud server.
Optionally, when the terminal sends the cloud request information on the enterprise to the controller, two modes may be included. The first method is that the IP address of the controller is stored in the terminal, and the terminal can send enterprise cloud request information to the controller according to the IP address of the controller. The second method is that a fixed domain name is stored in the terminal, when the terminal sends the enterprise cloud request information to the controller, the terminal firstly analyzes the fixed domain name to obtain an analyzed IP address, and then sends the enterprise cloud request information to the controller according to the analyzed IP address.
S404, if the database of the controller stores the first terminal identification, the controller respectively sends configuration information to the terminal and the service router.
The configuration information is used for indicating the terminal and the service router to establish communication connection of the cloud special line according to a network tunnel technology.
After the controller acquires the enterprise cloud request information of the terminal, the controller judges whether a database of the controller stores a first terminal identifier or not, and if the database of the controller stores the first terminal identifier, the controller respectively sends configuration information to the terminal and the service router.
Optionally, before the controller sends the configuration information to the terminal and the service router, the controller sends a Virtual Private Network (VPN) corresponding to the terminal, the service router, the edge router, and the cloud server.
Specifically, if the database of the controller stores the first terminal identifier, the controller respectively sends VPNs corresponding to the terminals, the service router, the edge router and the cloud server, and then respectively sends configuration information to the terminals and the service router, so that the terminals and the service router establish communication connection of a cloud dedicated line according to the configuration information, the VPNs and a network tunnel technology.
And S405, the terminal and the service router establish communication connection of the cloud special line according to the configuration information.
After the terminal and the service router receive the VPN and the configuration information, the terminal and the service router establish a communication connection of a cloud-dedicated line (for example, establish a generic routing encapsulation tunnel) according to the configuration information, the VPN, and a network tunnel technology, so that the terminal can perform the communication connection of the cloud-dedicated line with the service router through an independent communication link. The privacy of the communication link is improved since the VPN is different for each terminal.
S406, the controller sends the routing information to the service router and the edge router.
The routing information is used for indicating the service router and the edge router to transmit data to the cloud server according to the VPN.
And S407, the service router and the edge router transmit data to the cloud server according to the routing information.
After receiving the data sent by the terminal through the generic routing encapsulation tunnel, the service router can send the data to the edge router according to the routing information sent by the controller. Correspondingly, after receiving the data sent by the service router, the edge router can access an enterprise network multi-protocol label switching (MPLS) VPN network according to the routing information sent by the controller, and then access the VPN network to regional access points or cloud business POP access points in various places through the enterprise network, so that communication network connection from the 5G wireless access terminal device of the enterprise to an enterprise private network and a cloud platform is established, and private network transmission from the enterprise data to the cloud is realized.
It can be seen that, after acquiring the enterprise cloud request information of the terminal, the controller in the application sends configuration information to the terminal and the service router respectively, so that the terminal and the service router establish communication connection of a cloud dedicated line according to a network tunnel technology. Therefore, data can be transmitted between the terminal and the service router through the private transmission channel, and physical construction between the service router and the terminal is not required to be established, so that the cloud security of an enterprise is guaranteed, and the cloud efficiency of the enterprise is improved.
The scheme provided by the embodiment of the application is mainly introduced from the perspective of a method. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiment of the present application, the functional modules of the connection device of the cloud dedicated line may be divided according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. Optionally, the division of the modules in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
Fig. 5 is a schematic structural diagram of a connection device 50 for a dedicated cloud line according to an embodiment of the present disclosure. The cloud-dedicated-line connection device 50 is used to solve the problem that confidentiality and high efficiency cannot be guaranteed simultaneously when an enterprise goes to the cloud, and is used to implement a cloud-dedicated-line connection method shown in fig. 4, for example. This connecting device 50 of cloud private line is applied to the controller, and the controller belongs to the connected system of cloud private line, and the connected system of cloud private line includes: the system comprises a terminal, core network equipment, a service router, an edge router, a cloud server and a controller; the controller is connected terminal, core network equipment, business router, edge router and high in the clouds server respectively, and the connecting device of cloud private line includes: an acquisition unit 501 and a transmission unit 502.
An obtaining unit 501, configured to obtain cloud request information on an enterprise of a terminal; the cloud request information on the enterprise comprises: a first terminal identification and an internet protocol, IP, address; the cloud request information on the enterprise is used for requesting to transmit data to the cloud server; the first terminal identification is used for marking the terminal and the service type of the terminal.
A sending unit, configured to send configuration information to the terminal and the service router, respectively, if the database of the controller stores the first terminal identifier; the configuration information is used for indicating the terminal and the service router to establish communication connection of the cloud special line according to the network tunnel technology. For example, in conjunction with fig. 4, the sending unit 502 is configured to execute S404.
Optionally, the sending unit 502 is further configured to send the virtual private network VPN corresponding to the terminal, the service router, the edge router, and the cloud server.
Optionally, the sending unit 502 is further configured to send routing information to the service router and the edge router; and the routing information is used for indicating the service router and the edge router to transmit data to the cloud server according to the VPN. For example, in connection with fig. 4, the sending unit 502 is configured to execute S406.
Fig. 6 is a schematic structural diagram of another connection device 60 for a dedicated cloud line according to an embodiment of the present disclosure. The connection device 60 for the cloud-dedicated line is used to solve the problem that confidentiality and high efficiency cannot be simultaneously ensured when an enterprise goes to the cloud, and is used to implement a connection method for the cloud-dedicated line shown in fig. 4, for example. This connecting device 60 of cloud private line is applied to core network equipment, and core network equipment belongs to the connected system of cloud private line, and the connected system of cloud private line includes: the system comprises a terminal, core network equipment, a service router, an edge router, a cloud server and a controller; the controller is connected terminal, core network equipment, business router, edge router and high in the clouds server respectively, and the connecting device of cloud private line includes: an acquisition unit 601 and a transmission unit 602.
An obtaining unit 601, configured to obtain service request information of a terminal; the service request information includes: a second terminal identification; the service request information is used for acquiring an Internet Protocol (IP) address; the IP address is used for transmitting the cloud request information on the enterprise to the controller by the terminal; the second terminal identification is used for marking the data network name corresponding to the user identification card of the terminal.
A sending unit 602, configured to send an IP address corresponding to the second terminal identifier to the terminal if the database of the core network device stores the second terminal identifier. For example, in conjunction with fig. 4, the sending unit 602 is configured to execute S402.
Embodiments of the present application also provide a computer-readable storage medium, which includes computer-executable instructions. When the computer executes the instructions to run on the computer, the computer is caused to execute the steps executed by the cloud-dedicated connection device in the cloud-dedicated connection method provided in the above embodiment.
The embodiment of the present application further provides a computer program product, where the computer program product may be directly loaded into the memory and contains a software code, and after the computer program product is loaded and executed by the computer, the computer program product can implement each step executed by the cloud-dedicated connection device in the cloud-dedicated connection method provided in the foregoing embodiment.
In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The processes or functions according to the embodiments of the present application are generated in whole or in part when the computer-executable instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. Computer-readable storage media can be any available media that can be accessed by a computer or can comprise one or more data storage devices, such as servers, data centers, and the like, that can be integrated with the media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), among others.
Through the description of the foregoing embodiments, it will be clear to those skilled in the art that, for convenience and simplicity of description, only the division of the functional modules is illustrated, and in practical applications, the above function distribution may be completed by different functional modules as needed, that is, the internal structure of the apparatus may be divided into different functional modules to complete all or part of the above described functions.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical function division, and there may be other division ways in actual implementation. For example, various elements or components may be combined or may be integrated into another device, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. Units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. The integrated unit, if implemented as a software functional unit and sold or used as a separate product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A cloud-dedicated line connection method is applied to a cloud-dedicated line connection system, and the cloud-dedicated line connection system comprises: the system comprises a terminal, core network equipment, a service router, an edge router, a cloud server and a controller; the controller is respectively connected with the terminal, the core network device, the service router, the edge router and the cloud server, and the connection method of the cloud dedicated line comprises the following steps:
the controller acquires enterprise cloud request information of the terminal; the cloud request information on the enterprise comprises: a first terminal identification and an internet protocol, IP, address; the cloud request information on the enterprise is used for requesting to transmit data to the cloud server; the first terminal identification is used for marking the terminal and the service type of the terminal; the IP address is a source address of the enterprise cloud request information sent by the terminal to the controller, the source address is an IP address corresponding to a second terminal identifier sent by the core network device to the terminal under the condition that the second terminal identifier is stored in a database of the core network device, the service request information of the terminal acquired by the core network device includes the second terminal identifier, the service request information is used for acquiring the source address, and the second terminal identifier is used for marking a data network name corresponding to a user identification card of the terminal;
if the first terminal identification is stored in the database of the controller, the controller respectively sends configuration information to the terminal and the service router; and the configuration information is used for indicating the terminal and the service router to establish the communication connection of the special cloud line according to a network tunnel technology.
2. The method according to claim 1, wherein before the controller sends configuration information to the terminal and the service router, the method further comprises:
and the controller respectively sends the virtual private network VPN corresponding to the terminal, the service router, the edge router and the cloud server.
3. The method for connecting a cloud-dedicated line according to claim 2, further comprising:
the controller sends routing information to the service router and the edge router; and the routing information is used for indicating the service router and the edge router to transmit the data to the cloud server according to the VPN.
4. The utility model provides a connecting device of special line of cloud which characterized in that is applied to the controller, the controller belongs to the connected system of special line of cloud, the connected system of special line of cloud includes: the system comprises a terminal, core network equipment, a service router, an edge router, a cloud server and the controller; the controller is respectively connected with the terminal, the core network equipment, the service router, the edge router and the cloud server, and the connecting device of the cloud special line comprises: an acquisition unit and a transmission unit;
the acquisition unit is used for acquiring enterprise cloud request information of the terminal; the cloud request information on the enterprise comprises: a first terminal identification and an internet protocol, IP, address; the cloud request information on the enterprise is used for requesting data transmission to the cloud server; the first terminal identification is used for marking the terminal and the service type of the terminal; the IP address is a source address of the enterprise cloud request information sent by the terminal to the controller, the source address is an IP address corresponding to a second terminal identifier sent by the core network device to the terminal under the condition that the second terminal identifier is stored in a database of the core network device, the service request information of the terminal acquired by the core network device includes the second terminal identifier, the service request information is used for acquiring the source address, and the second terminal identifier is used for marking a data network name corresponding to a user identification card of the terminal;
the sending unit is configured to send configuration information to the terminal and the service router, respectively, if the first terminal identifier is stored in the database of the controller; and the configuration information is used for indicating the terminal and the service router to establish the communication connection of the cloud special line according to a network tunnel technology.
5. The apparatus according to claim 4, wherein the sending unit is further configured to:
and sending a Virtual Private Network (VPN) corresponding to the terminal, the service router, the edge router and the cloud server.
6. The device according to claim 5, wherein the sending unit is further configured to:
sending routing information to the service router and the edge router; and the routing information is used for indicating the service router and the edge router to transmit the data to the cloud server according to the VPN.
7. The connecting device of the special cloud line is characterized by comprising a memory and a processor; the memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus; when the connection device of the cloud-specific line is operated, the processor executes the computer-executable instructions stored in the memory to cause the connection device of the cloud-specific line to perform the connection method of the cloud-specific line according to any one of claims 1 to 3.
8. A computer storage medium comprising computer-executable instructions that, when executed on a computer, cause the computer to perform the method of cloud-specific connection of any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010621691.2A CN111901387B (en) | 2020-07-01 | 2020-07-01 | Connection method and device of cloud special line |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010621691.2A CN111901387B (en) | 2020-07-01 | 2020-07-01 | Connection method and device of cloud special line |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111901387A CN111901387A (en) | 2020-11-06 |
| CN111901387B true CN111901387B (en) | 2022-07-08 |
Family
ID=73191889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010621691.2A Active CN111901387B (en) | 2020-07-01 | 2020-07-01 | Connection method and device of cloud special line |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111901387B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113285941B (en) * | 2021-05-18 | 2023-09-08 | 中国联合网络通信集团有限公司 | Enterprise external network system and network request processing method |
| CN113810512B (en) * | 2021-08-11 | 2023-06-30 | 天翼物联科技有限公司 | Internet of things terminal access system, method, device and storage medium |
| CN114244906B (en) * | 2021-12-15 | 2024-03-19 | 中国电信股份有限公司 | Data traffic distribution method, device, equipment and medium |
| CN114268578B (en) * | 2021-12-16 | 2024-04-02 | 平安证券股份有限公司 | Data transmission method, device, equipment and storage medium for switching line |
| CN115802361B (en) * | 2022-11-28 | 2023-08-11 | 广州通则康威智能科技有限公司 | Network management and control method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102577255A (en) * | 2009-09-30 | 2012-07-11 | 阿尔卡特朗讯公司 | Layer 2 seamless site extension of enterprises in cloud computing |
| CN102868749A (en) * | 2012-09-20 | 2013-01-09 | 张晋 | Agricultural planting and breeding-based Internet of things cloud service system and service flow method |
| CN104168173A (en) * | 2010-08-20 | 2014-11-26 | 华为技术有限公司 | Method and device for terminal to achieve private network traversal to be in communication with server in IMS core network and network system |
| CN109151916A (en) * | 2018-08-28 | 2019-01-04 | 北京佰才邦技术有限公司 | The network transfer method of mobile network's business, device and system |
| CN110198363A (en) * | 2019-05-10 | 2019-09-03 | 深圳市腾讯计算机系统有限公司 | A kind of selection method of mobile edge calculations node, apparatus and system |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080069101A1 (en) * | 2006-09-15 | 2008-03-20 | Nokia Corporation | System and method of routing packets |
| CN103297470B (en) * | 2012-02-29 | 2016-03-30 | 中国移动通信集团公司 | The processing method of always online business, application server, user terminal and system |
| CN106465096B (en) * | 2015-08-28 | 2019-08-23 | 华为技术有限公司 | It accesses network and obtains method, terminal and the core net of client identification module information |
| US10440058B2 (en) * | 2016-06-09 | 2019-10-08 | LGS Innovations LLC | Methods and systems for controlling traffic to VPN servers |
| CN109587009B (en) * | 2018-12-28 | 2019-11-08 | 华为技术有限公司 | The method and apparatus for configuring seamless two-way converting detection SBFD mechanism |
| CN113489772B (en) * | 2019-08-08 | 2022-09-09 | 腾讯科技(深圳)有限公司 | Network request processing method and device and electronic equipment |
| CN111163105A (en) * | 2020-01-02 | 2020-05-15 | 中国联合网络通信集团有限公司 | Method and device for accessing IPTV service of network protocol television |
-
2020
- 2020-07-01 CN CN202010621691.2A patent/CN111901387B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102577255A (en) * | 2009-09-30 | 2012-07-11 | 阿尔卡特朗讯公司 | Layer 2 seamless site extension of enterprises in cloud computing |
| CN104168173A (en) * | 2010-08-20 | 2014-11-26 | 华为技术有限公司 | Method and device for terminal to achieve private network traversal to be in communication with server in IMS core network and network system |
| CN102868749A (en) * | 2012-09-20 | 2013-01-09 | 张晋 | Agricultural planting and breeding-based Internet of things cloud service system and service flow method |
| CN109151916A (en) * | 2018-08-28 | 2019-01-04 | 北京佰才邦技术有限公司 | The network transfer method of mobile network's business, device and system |
| CN110198363A (en) * | 2019-05-10 | 2019-09-03 | 深圳市腾讯计算机系统有限公司 | A kind of selection method of mobile edge calculations node, apparatus and system |
Non-Patent Citations (2)
| Title |
|---|
| "Interworking between the Public Land Mobile Network (PLMN)supporting GPRS and Packet Data Networks (PDN)";3GPP;《3G TS 29.061 V3.1.0》;19990928;全文 * |
| 4over6隧道技术的应用及网络性能分析;李清平等;《成都大学学报(自然科学版)》;20160930(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111901387A (en) | 2020-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111901387B (en) | Connection method and device of cloud special line | |
| CN111953576B (en) | Virtual network communication method, equipment and system | |
| CN109845303B (en) | Management method and management unit for network slices | |
| CN110972092B (en) | Local area network communication method, device and system | |
| TWI244295B (en) | Method and system for simulating multiple independent client devices in a wired or wireless network | |
| WO2020057469A1 (en) | Data processing method, related device, and computer storage medium | |
| CN111431803A (en) | Routing method and device | |
| CN112203274B (en) | Home information display method and device | |
| CN101510793A (en) | Method for implementing a plurality of Bluetooth device networking through Bluetooth server, software program and server | |
| CN108667638A (en) | A kind of network service configuration method and network management device | |
| CN111885185A (en) | Resource scheduling method and device | |
| CN112019378B (en) | Troubleshooting method and device | |
| CN113645258A (en) | Data transmission method and device, storage medium, processor and electronic equipment | |
| CN114158038A (en) | Communication method, device and storage medium | |
| CN104951417A (en) | Method for achieving USB combined device suitable for high-capacity USIM | |
| CN115190087B (en) | Data transmission method, device, equipment and medium based on two-layer intermediate equipment | |
| CN108934058B (en) | Communication method and device | |
| CN107979619A (en) | A kind of TWAMP session negotiation methods, client and server-side | |
| CN212463256U (en) | Wireless terminal equipment of Internet of things and communication module | |
| US8036218B2 (en) | Technique for achieving connectivity between telecommunication stations | |
| CN103401877A (en) | Method and system for acquiring control information of driver layer data packet | |
| CN113115400B (en) | Communication method and device | |
| CN105471768B (en) | CAPWAP message transmission method and the network switch | |
| CN110753358B (en) | Configuration method and device | |
| CN113923114B (en) | VLAN configuration method and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |