CN112202795A - Data processing method, gateway equipment and medium - Google Patents
Data processing method, gateway equipment and medium Download PDFInfo
- Publication number
- CN112202795A CN112202795A CN202011069915.XA CN202011069915A CN112202795A CN 112202795 A CN112202795 A CN 112202795A CN 202011069915 A CN202011069915 A CN 202011069915A CN 112202795 A CN112202795 A CN 112202795A
- Authority
- CN
- China
- Prior art keywords
- target gateway
- gateway
- command packet
- access command
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Abstract
The embodiment of the application discloses a data processing method, gateway equipment and a medium, which can be used in the technical field of cloud security to realize network protection. The method comprises the following steps: a first target gateway receives an access request and determines an access command packet corresponding to the access request, wherein the first target gateway is one of the plurality of first gateways; if the first target gateway receives an inquiry request sent by a second target gateway, the first target gateway sends the access command packet to the second target gateway, wherein the second target gateway is a second gateway corresponding to the first target gateway; and the first target gateway receives the data sent by the second target gateway in response to the access command packet. By implementing the method, the network protection effect is promoted, and the network security is guaranteed.
Description
Technical Field
The present application relates to the field of security technologies, and in particular, to a data processing method, a gateway device, and a medium.
Background
With the rapid development of electronic technology and internet technology, more and more enterprises generally have an internal network, i.e., an intranet, and more enterprises also need to access the intranet through an extranet to transmit data, so that the remote cooperative work of the whole enterprise is realized. How to guarantee the safety of the intranet in the data transmission process becomes a current research hotspot problem.
Disclosure of Invention
The embodiment of the application provides a data processing method, a gateway device and a medium, which are beneficial to improving the network protection effect and ensuring the network security.
A first aspect of an embodiment of the present application discloses a data processing method, where the method includes:
a first target gateway receives an access request and determines an access command packet corresponding to the access request, wherein the first target gateway is one of the plurality of first gateways;
if the first target gateway receives an inquiry request sent by a second target gateway, the first target gateway sends the access command packet to the second target gateway, wherein the second target gateway is a second gateway corresponding to the first target gateway;
and the first target gateway receives the data sent by the second target gateway in response to the access command packet.
A second aspect of the present embodiment discloses another data processing method, including:
a second target gateway sends an inquiry request to a first target gateway, wherein the first target gateway is one of the plurality of first gateways, and the second target gateway is a second gateway corresponding to the first target gateway;
the second target gateway receives the access command packet sent by the first target gateway;
and the second target gateway acquires the data corresponding to the access command packet according to the access command packet and sends the data corresponding to the access command packet to the first target gateway.
A third aspect of the embodiments of the present application discloses a data processing apparatus, including:
a determining unit, configured to receive an access request by a first target gateway, and determine an access command packet corresponding to the access request, where the first target gateway is one of the multiple first gateways;
a sending unit, configured to send the access command packet to a second target gateway if the first target gateway receives an inquiry request sent by the second target gateway, where the second target gateway is a second gateway corresponding to the first target gateway;
and the receiving unit is used for receiving the data sent by the second target gateway in response to the access command packet by the first target gateway.
A fourth aspect of the present embodiment discloses another data processing apparatus, including:
a sending unit, configured to send an inquiry request to a first target gateway by a second target gateway, where the first target gateway is one of the multiple first gateways, and the second target gateway is a second gateway corresponding to the first target gateway;
a receiving unit, configured to receive, by the second target gateway, an access command packet sent by the first target gateway;
the sending unit is further configured to obtain, by the second target gateway, data corresponding to the access command packet according to the access command packet, and send the data corresponding to the access command packet to the first target gateway.
A fifth aspect of the embodiments of the present application discloses a gateway device, including a processor, a memory, and a network interface, where the processor, the memory, and the network interface are connected to each other, where the memory is used to store a computer program, and the computer program includes program instructions, and the processor is configured to call the program instructions to execute the method of the first aspect and/or the second aspect.
A sixth aspect of embodiments of the present application discloses a computer-readable storage medium, in which a computer program is stored, the computer program comprising program instructions, which, when executed by a processor, cause the processor to perform the method of the first and/or second aspect.
A seventh aspect of embodiments of the present application discloses a computer program product or a computer program, which includes computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method of the first aspect and/or the second aspect.
In this embodiment of the application, the first target gateway may receive an access request sent by a user through a client, and determine an access command packet corresponding to the access request, and if the first target gateway receives an inquiry request sent by the second target gateway, the first target gateway may send the access command packet to the second target gateway, so that the second target gateway obtains data corresponding to the access command packet according to the access command packet, and further, the first target gateway may receive data sent by the second target gateway in response to the access command packet. By implementing the method, the security of the network can be effectively guaranteed, and the network protection effect is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1a is a schematic architecture diagram of a cloud data system provided in an embodiment of the present application;
fig. 1b is a schematic architecture diagram of another cloud data system provided in an embodiment of the present application;
fig. 1c is a schematic architecture diagram of another cloud data system provided in the embodiment of the present application;
fig. 1d is a schematic diagram of data flow between a first gateway and a second gateway according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a data processing method according to an embodiment of the present application;
fig. 3a is a schematic flowchart of a client accessing a first network through the first network according to an embodiment of the present application;
fig. 3b is a schematic flowchart of another client accessing a first network through the first network according to an embodiment of the present application;
FIG. 4 is a schematic flow chart diagram of another data processing method provided in the embodiments of the present application;
fig. 5 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 6 is a schematic structural diagram of another data processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a gateway device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1a is a schematic diagram of an architecture of a cloud data system according to an embodiment of the present disclosure. The cloud data system described in this embodiment includes a first network and a plurality of second networks. The first network may be an external network, or a network with lower security (e.g., a non-secret-related network), etc., and the second network may be an internal network, or a network with higher security (e.g., a secret-related network), etc. Wherein the first network comprises a plurality of first gateways and each second network comprises a second gateway. The first gateway and the second gateway have a corresponding relation, and a unidirectional connection from the second gateway to the first gateway is established between the first gateway and the second gateway.
In this application, a unidirectional connection may refer to a second network that may first access a first network to establish a connection between the first network and the second network without allowing the first network to directly access the second network. It is understood that the unidirectional connection may also be called unidirectional access or other name, and the application is not limited thereto. Optionally, the second gateway in the second network may send an inquiry request to the first gateway in the first network to inquire whether the first gateway has data to transmit, and if it is determined that there is data to transmit, establish a communication connection between the first network and the second network, that is, establish a communication connection between the first gateway and the second gateway, so as to facilitate subsequent data transmission. The communication connection between the first network and the second network is established by utilizing the unidirectional connection, so that the client can efficiently and reliably access the second network through the first network, and meanwhile, the safety of the second network can be effectively guaranteed.
In one implementation, the cloud data system described above may further include a client, a routing device, a network isolation device, and a server. Fig. 1b is a schematic structural diagram of another cloud data system provided in the embodiment of the present application. As shown in fig. 1b, the first network may include a routing device and a plurality of first gateways, and each of the second networks may include a second gateway and a server. Alternatively, the second gateway may be deployed in a server. The plurality of second networks included in the cloud data system provided in the embodiments of the present application may be isolated different logical regions, which provides assistance for hierarchical management of the networks.
Alternatively, the client may be an access agent deployed in the terminal, and the user may initiate an access request to the second network through the client, for example, an IOA client. The terminal can be a smart phone, a tablet computer, a notebook computer, a desktop computer and the like.
Alternatively, the routing device may be a device having a routing function, such as a Next Generation Network (NGN) gateway or the like, and the routing device may be multi-connected to different second networks according to different second networks visited by users.
Optionally, the network isolation device may include any one of a gatekeeper, an optical gate, and a firewall, and the network isolation device may perform secure isolation between the first network and the second network, so as to ensure high security in the data transmission process and ensure confidentiality of data in the second network.
Optionally, the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, a middleware service, a domain name service, a security service, a CDN, a big Data and artificial intelligence platform, and an Internet Data Center (Internet Data Center, IDC) machine room.
In an implementation manner, as shown in fig. 1c, an architectural diagram of another cloud data system provided in the embodiment of the present application is shown. Fig. 1c may be an architecture diagram of a practical application scenario for a cloud data system. The border gateway marked 11 in fig. 1c may be a first gateway and the border gateway marked 12 may be a second gateway, the security border being the network isolation device. Alternatively, the full-traffic proxy in fig. 1c may be a transmission medium, and after the client receives the access request of the user, the access request may be forwarded to the routing device by the full-traffic proxy. The full-traffic proxy may hijack the access request to take over the access request. After the full-traffic proxy takes over the access request, the access request may be sent to the routing device in a proxy manner.
In one implementation, fig. 1d is a schematic diagram illustrating data flow between a first gateway and a second gateway. Alternatively, the first gateway or the second gateway may include Bridge and Sockman. Wherein, Bridge can be responsible for the creation, maintenance, data reorganization, transceiving and retry of the unidirectional connection channel from the second network to the first network, and Sockman can be responsible for putting the received data, such as the access request data of the user and the application data of the server, into Bridge. The first gateway and the second gateway are border gateways of the first network and the second network respectively, and when a user needs to realize access of the second network through the first network for data transmission, the first gateway needs to respond to an inquiry request sent by the second gateway so as to establish communication connection between the first network and the second network. After the communication connection is established, the access request of the user can be sent to the second gateway through the first gateway, and then the second gateway can obtain the data corresponding to the access request according to the access request and send the data to the first gateway. Therefore, the second network can be communicated with the first network through the first gateway and the second gateway, so that the first network and the second network are communicated, the access stability and the link stability are guaranteed, and the client can reliably cross the network to access the second network.
The implementation details of the technical solution of the embodiment of the present application are set forth in detail below:
please refer to fig. 2, which is a flowchart illustrating a data processing method according to an embodiment of the present disclosure. The data processing method described in this embodiment includes the following steps:
201: the first target gateway receives the access request and determines an access command packet corresponding to the access request, wherein the first target gateway is one of the first gateways.
In one implementation, the first target gateway may receive an access request of a user, and determine, according to the access request, an access command packet corresponding to the access request, where the access command packet includes data to be accessed by the user. The access command packet may include the following three parts: request line, request header and request body. The request line is in the first line of the access command packet and comprises a request method, a request resource path and a protocol version. The request header adds some additional information to the access command packet, such as the length of the request body, etc. The request body is data to be sent by the user through the client.
In one implementation, after receiving the access request, the first target gateway may further perform security verification on the received access request. And after the security verification is passed, determining an access data packet corresponding to the access request. Specifically, the first target gateway may perform security verification on the identity of the user corresponding to the access request or perform security verification on data in the access request.
Optionally, the first target gateway may perform security verification on the identity of the user corresponding to the access request. The first target gateway may preset a user list, and the first target gateway determines whether the identity of the user corresponding to the access request is safe according to the user list. Optionally, the first target gateway presets a white list and a black list. If the user corresponding to the access request is in the white list, the identity of the user is proved to be safe, that is, the security verification of the access request is passed, then the first target gateway may determine the access data packet corresponding to the access request. If the user corresponding to the access request is not in the blacklist or is not in the white list or the blacklist, the identity of the user is proved to be unsafe, that is, the security verification of the access request is not passed, and the first target gateway can intercept the access request without performing subsequent steps. Specifically, the access request carries an account of the user, and the first target gateway may determine whether the account is in a white list or a black list preset by the first target gateway. If the first target gateway determines that the account is in the white list, the first target gateway may determine an access data packet corresponding to the access request. And if the first target gateway judges that the account is in the blacklist or the first target gateway judges that the account is neither in the white list nor in the blacklist, the first target gateway intercepts the access request without performing subsequent steps.
Optionally, the first target gateway may perform security verification on the data in the access request. The access request carries data required by access, the first target gateway can detect whether the data are abnormal data, if the first target gateway detects that the data are not the abnormal data, the security verification of the access request is passed, and the first target gateway can determine an access data packet corresponding to the access request. If the first target gateway detects that the data are abnormal data, the security verification of the access request is not passed, and the first target gateway can intercept the access request without performing subsequent steps. Optionally, the abnormal data may be garbage data or malicious data.
Optionally, the first target gateway may perform security verification on the identity of the user corresponding to the access request, and also perform security verification on data in the access request. And only if the identity security verification of the user corresponding to the access request passes and the data security verification in the access request passes, the first target gateway can determine the access command packet corresponding to the access request. If either of the two security verifications fails, the first target gateway may intercept the access request without performing subsequent steps.
In one implementation, the access request is routed by the routing device to the first target gateway, and optionally, the routing device may be an NGN gateway. Specifically, for example, as shown in fig. 3a, which is a schematic flowchart illustrating that a client accesses a first network through the first network according to an embodiment of the present application, a user may send an access request through the client shown in fig. 3a, and a routing device may receive the access request. Optionally, after the client receives the access request of the user, the access request may be forwarded to the routing device through an intermediary, where the intermediary may be a full-traffic proxy, and the full-traffic proxy may hijack the access request to take over the access request, and after the full-traffic proxy takes over the access request, the access request may be sent to the routing device in a proxy manner. After the routing device receives the access request, the routing device may determine the first target gateway according to the target identifier carried in the access request. After the routing device determines the first target gateway, the access request may be routed to the first target gateway.
Optionally, the target identifier may be a domain name of the second network, and after determining the domain name of the second network, the routing device determines a second target gateway corresponding to the second network, and then determines a first target gateway corresponding to the second target gateway according to a correspondence between the first gateway and the second gateway.
Optionally, the specific implementation of determining, by the routing device, the first target gateway according to the target identifier may be that the routing device stores in advance a correspondence between the second gateway and the domain name and a correspondence between the first gateway and the second gateway. The routing device may determine a second target gateway corresponding to the domain name according to the domain name and a corresponding relationship between the second gateway and the domain name after acquiring the target identifier in the access request, that is, after acquiring the domain name of the second network in the access request, and then determine a first target gateway corresponding to the second target gateway according to the second target gateway and a corresponding relationship between the first gateway and the second gateway.
Optionally, the specific implementation of determining, by the routing device, the first target gateway according to the target identifier may also be that the routing device stores in advance a corresponding relationship among the domain name, the second gateway, and the first gateway. The routing device obtains the target identifier in the access request, that is, after obtaining the domain name in the access request, the routing device may determine the first target gateway corresponding to the domain name according to the domain name and the correspondence between the domain name, the second gateway and the first gateway.
Optionally, after receiving the access request, the routing device may also perform security verification on the access request. If the security authentication passes, the routing device may route the access request to the first target gateway. If the security authentication does not pass, the routing device may intercept the access request without performing subsequent steps. Optionally, the security verification method of the routing device may be consistent with the security verification method of the first target gateway for the access request, and is not described herein again.
202: and the second target gateway sends an inquiry request to the first target gateway, wherein the second target gateway is a second gateway corresponding to the first target gateway.
In one implementation, a plurality of second gateways may send query requests to a plurality of first gateways, where the second gateways and the first gateways have a correspondence, and the second gateways may send query requests to the corresponding first gateways. Optionally, the query request may be used to query the first gateway whether to access the second gateway. If the first gateway is to access the second gateway, the query request may be responded to and an access command packet may be sent to the second gateway. The challenge request may not be responded to if the first gateway does not access the second gateway. Optionally, the second gateway may set a time length for the first gateway to respond to the query request, and if the first gateway does not respond to the query request within the time length after the second gateway sends the query request to the first gateway, it is determined that the first gateway does not need to access the second gateway.
In one implementation manner, a plurality of second gateways send inquiry requests to corresponding first gateways in a polling manner, taking the example that a second target gateway sends an inquiry request to a first target gateway, when a polling opportunity of the second target gateway arrives, the second target gateway sends an inquiry request to the first target gateway.
In an implementation manner, the polling manner may be to sort the plurality of second gateways in advance, and sequentially send the query request to each second gateway to the corresponding first gateway according to a result of the sorting. When the plurality of second gateways are sorted, the plurality of second gateways may be sorted arbitrarily to obtain a sorting result. Or the plurality of second gateways are sorted according to the accessed history of the second gateways to obtain a sorting result. Optionally, the ranking position of the second gateway in a polling period may be determined according to the number of times of the history record that the second gateway is accessed; for example, if the number of times of the history records accessed by a certain second gateway is greater, the ranking corresponding to the second gateway is higher, and correspondingly, if the number of times of the history records accessed by a certain second gateway is lower, the ranking corresponding to the second gateway is higher. And/or, optionally, determining the polling times of the second gateway in a polling period according to the times of the history records that the second gateway is accessed; for example, the more times a history record of a certain second gateway is accessed, the more times the second gateway appears in the polling cycle, that is, the second gateway may participate in the sorting for a plurality of times or have a plurality of polling opportunities; for another example, if the number of times the history of accesses to a second gateway exceeds a threshold, the second gateway increases a polling opportunity in a polling cycle. In addition, other ordering modes are also possible, and the method is not limited in the application. Therefore, the access command packet of the first gateway can be timely sent to the corresponding second gateway, the timeliness of data acquisition is improved, the data can be timely acquired, meanwhile, inquiry request data in the system are reduced, and the polling overhead is reduced.
For example, taking 5 second gateways (second gateway 1, second gateway 2, second gateway 3, second gateway 4, and second gateway 5) as an example, the 5 second gateways are accessed from top to bottom in the history of the number of times, which is sorted into second gateway 3, second gateway 1, second gateway 4, second gateway 5, and second gateway 2. The ranking result of the 5 second gateways according to the ranking from top to bottom of the number of times the second gateway is accessed to may be the second gateway 3, the second gateway 1, the second gateway 4, the second gateway 5 and the second gateway 2. Each polling period may poll in sequence for the second gateway 3, the second gateway 1, the second gateway 4, the second gateway 5 and the second gateway 2 to send an inquiry request.
For another example, taking the above 5 second gateways as an example, according to the ranking of the number of times of the history records accessed by the 5 second gateways from top to bottom, it can be seen that the number of times of the history records accessed by the second gateway 3 is higher, and when ranking the 5 second gateways, the second gateways 3 may be ranked many times. For example, one of the sequencing results may be the second gateway 3, the second gateway 1, the second gateway 4, the second gateway 3, the second gateway 5, and the second gateway 2, each polling cycle may poll in sequence according to the sequence of the second gateway 3, the second gateway 1, the second gateway 4, the second gateway 3, the second gateway 5, and the second gateway 2 to send the query request. If the sequencing result may also be the second gateway 3, the second gateway 1, the second gateway 2, the second gateway 3, the second gateway 4, and the second gateway 5, each polling cycle may poll in sequence according to the order of the second gateway 3, the second gateway 1, the second gateway 2, the second gateway 3, the second gateway 4, and the second gateway 5. Or other sorting modes may be adopted, and it is only necessary to ensure that the second gateway 3 appears in the sorting result for multiple times, which is not listed here.
In one implementation, the polling may be performed by the plurality of second gateways sending inquiry requests to the first gateway at preset time intervals, which may be 1 second, 3 seconds, and so on. Optionally, the plurality of second gateways may correspond to one time interval, or the plurality of second gateways may correspond to different time intervals, where the time interval corresponding to each second gateway is not limited in this application.
For example, taking 3 second gateways (second gateway 1, second gateway 2, and second gateway 3) as an example, the 3 second gateways correspond to one time interval, respectively, the time interval T1 corresponding to the second gateway 1, the time interval T2 corresponding to the second gateway 2, and the time interval T3 corresponding to the second gateway 3. The second gateway 1 transmits a query request to the corresponding first gateway at time interval T1, the second gateway 2 transmits a query request to the corresponding first gateway at time interval T2, and the second gateway 3 transmits a query request to the corresponding first gateway at time interval T3.
203: and if the first target gateway receives the inquiry request sent by the second target gateway, the first target gateway sends an access command packet to the second target gateway.
In one implementation, a plurality of second gateways may each send an inquiry request to the first target gateway, and then the first target gateway may continue to monitor the inquiry requests sent by the second gateways after receiving the access request of the user and determining the access command packet corresponding to the access request, until the second gateway corresponding to the first target gateway is monitored, that is, the second target gateway sends the inquiry request, and then may receive the inquiry request sent by the second target gateway. After the first target gateway receives the inquiry request sent by the second target gateway, the first target gateway can establish a communication connection with the second target gateway, and then the first target gateway can send an access command packet to the second target gateway.
204: and the second target gateway receives the access command packet sent by the first target gateway.
205: and the second target gateway acquires the data corresponding to the access command packet according to the access command packet and sends the data corresponding to the access command packet to the first target gateway.
In an implementation manner, after the second target gateway receives the access command packet sent by the first target gateway, the second target gateway may also send the access command packet to a server corresponding to the second target gateway as shown in fig. 3a, and after receiving the access command packet, the server obtains data corresponding to the access command packet according to the access command packet. And after acquiring the data corresponding to the access command packet, the server sends the data corresponding to the access command packet to the second target gateway. After receiving the data corresponding to the access command packet, the second target gateway may send the data corresponding to the access command packet to the first target gateway.
In an implementation manner, as shown in fig. 3b, another schematic flowchart of the client accessing the first network through the first network according to the embodiment of the present application is provided, and fig. 3b may be a schematic flowchart of an actual application scenario in which the client accesses the first network through the first network. The border gateway marked by 31 in fig. 3b is the first target gateway and the border gateway marked by 32 is the second target gateway.
206: and the first target gateway receives the data sent by the second target gateway in response to the access command packet.
In one implementation, the first target gateway may receive data sent by the second target gateway in response to the access command packet. And after the first target gateway receives the data, the data may be returned to the user. And the first target gateway may disconnect from the second target gateway after receiving the data at the first target gateway.
Optionally, in this application, the communication connection established by the client through the first network and the second network may be a short connection.
In one implementation, the short connection may be implemented by establishing a communication connection between the first target gateway and the second target gateway before the first target gateway sends the access command packet to the second target gateway, and disconnecting the communication connection between the first target gateway and the second target gateway after the first target gateway receives data sent by the second target gateway in response to the access command packet.
In an implementation manner, the specific implementation manner of the short connection may also be that before the first target gateway sends the access command packet to the second target gateway, a communication connection between the first target gateway and the second target gateway is established, if a time length condition is met, for example, a preset time length is reached, the communication connection between the first target gateway and the second target gateway is disconnected, and if a connection time length is determined according to the feature information corresponding to the access command packet, and when the connection is reached (that is, the time length condition is met), the second target gateway disconnects the communication connection with the first target gateway. Alternatively, the operation of disconnecting the communication connection between the first target gateway and the second target gateway may be implemented by a timer preset in the second target gateway. And when the preset time (connection time) of the timer is reached, disconnecting the communication connection between the first target gateway and the second target gateway. Optionally, the preset duration may be determined by the second target gateway. Optionally, the second target gateway may determine the duration according to the data size of the access command packet received by the second target gateway, the priority of the user corresponding to the access command packet, the transmission quality of the current network, or other manners.
For example, if the amount of data of the access command packet received by the second target gateway is large, the preset duration set by the second target gateway is long, so that the second target gateway obtains corresponding data according to the access command packet and returns the corresponding data to the first target gateway. Correspondingly, if the data volume of the access command packet received by the second target gateway is small, the preset time length set by the second target gateway is short.
For another example, the second target gateway presets a user access priority, and the higher the priority, the shorter the preset duration. Optionally, the user access priority may be a preset time length that is determined according to the user access priority corresponding to the user after the first target gateway and the second target gateway receive the access command packet and determine the user corresponding to the access command packet. For another example, the second target gateway may determine the preset time length according to the transmission quality of the current network, where the preset time length is longer if the transmission quality of the current network is poor, and the preset time length is shorter if the transmission quality of the current network is better.
It should be noted that the determination method of the preset time duration is not limited to the above description, and may also be determined according to other manners, for example, the preset time duration may be determined by combining any several determination manners described above, for example, the preset time duration is determined according to the data size of the access command packet received by the second target gateway and the priority of the user corresponding to the access command packet, or the preset time duration is determined according to the priority of the user corresponding to the access command packet and the transmission quality of the current network. The method for determining the preset duration is not limited in this application.
In an implementation manner, a specific implementation manner of the short connection may also be that before the first target gateway sends the access command packet to the second target gateway, a communication connection between the first target gateway and the second target gateway is established, and whether to disconnect the communication connection between the first target gateway and the second target gateway is determined according to the fact that the first target gateway receives data sent by the second target gateway in response to the access command packet and a preset time duration set by the second target gateway. Optionally, before the first target gateway receives the data sent by the second target gateway in response to the access command packet but before the preset time length does not arrive, the communication connection between the first target gateway and the second target gateway may be directly disconnected, so as to ensure the security of the data transmission and the second network. By using the short connection mode in the application, the maintenance of a long connection link is not needed, the consumption level of server connection is lower, the requirement on network quality is lower, the flexibility of network connection can be effectively improved, and the safety of a second network can be ensured.
In this embodiment of the application, the first target gateway may receive the access request and determine an access command packet corresponding to the access request. And a second gateway corresponding to the first target gateway, i.e., the second target gateway, may send an inquiry request to the first target gateway. And if the first target gateway receives the inquiry request sent by the second target gateway, the first target gateway sends an access command packet to the second target gateway. Then, after receiving the access command packet sent by the first target gateway, the second target gateway may obtain data corresponding to the access command packet according to the access command packet, and send the data corresponding to the access command packet to the first target gateway. And the first target gateway receives the data sent by the second target gateway in response to the access command packet. By implementing the method, the security of the network can be effectively guaranteed, and the network protection effect is improved.
Please refer to fig. 4, which is a flowchart illustrating another data processing method according to an embodiment of the present disclosure. The data processing method described in this embodiment includes the following steps:
401: the first target gateway receives the access request and determines an access command packet corresponding to the access request.
402: the second target gateway sends an inquiry request to the first target gateway.
In one implementation, the second target gateway may send an inquiry request to the first target gateway through the network isolated device.
403: if the first target gateway receives the inquiry request sent by the second target gateway, the first target gateway determines the transmission protocol of the network isolation device and determines the access command packet after the protocol is determined according to the transmission protocol.
In one implementation, the first target gateway may determine a transmission protocol of a network isolation device, where the network isolation device may include any one of a firewall, a gatekeeper, and an optical gate, and different network isolation devices may have different transmission protocols. The first target gateway may adapt the transmission protocol of the network isolated device without affecting the security protection capability of the network isolated device. For example, the Transmission Protocol may be a Transmission Control Protocol (TCP), a User Datagram Protocol (UDP), or other protocols, which is not limited in this application. Before the first target gateway sends the access command packet to the second target gateway through the network isolation device, the transmission protocol of the network isolation device needs to be determined, so that the access command packet is converted into the access command packet after the access command packet is converted into the access command packet according to the transmission protocol of the network isolation device.
Optionally, the specific implementation of determining the access command packet after the agreement may also be implemented in the network isolation device. For example, if a first target gateway receives an inquiry request sent by a second target gateway, the first target gateway sends an access command packet to the network isolation device, and after the network isolation device receives the access command packet, the network isolation device may convert the access command packet into a protocol access command packet according to a transmission protocol of the network isolation device.
404: and the first target gateway sends the access command packet after the protocol to the network isolation equipment.
In one implementation, if the first target gateway has a plurality of access command packets after being formatted, the first target gateway may send the access command packets after being formatted to the network isolation device according to the user access priority. Optionally, the first target gateway may sequence the access command packets according to the access priority of the user, where the access command packet corresponding to the high priority is sent to the network isolation device first, and the corresponding access command packet corresponding to the low priority is sent to the network isolation device later. Optionally, the user access priority may be determined according to a historical access rate of the user to the second target gateway through the first target gateway, and the higher the historical access rate of the user to the second target gateway through the first target gateway is, the higher the user access priority of the access command packet corresponding to the user is. The user access priority may also be determined in other manners, which are not limited in this application.
405: and the network isolation equipment sends the access command packet after the protocol to the second target gateway.
In one implementation, after the first target gateway determines the access command packet after the access command packet is formatted, the access command packet after the access command packet is formatted may be sent to the network isolated device. And after receiving the access command packet after the agreement, the network isolation device sends the access command packet after the agreement to the second target gateway.
In one implementation, the network isolation device may set a data size of the data transmission, and then the network isolation device sends the access command packet after the protocol is sent to the second target gateway according to the data size. Specifically, the network isolation device presets a threshold value, which is the maximum amount of data that the network isolation device can send data. Then, after receiving the access command packet after the agreement sent by the first target gateway, the network isolation device may also detect the data size of the access command packet after the agreement. If the network isolation device detects that the data volume of the access command packet is less than the threshold value, the network isolation device may directly send the access command packet to the second target gateway. If the network isolation device detects that the data volume of the access command packet is greater than the threshold value, the network isolation device may split the access command packet into a plurality of sub-access command packets, and after the network isolation device splits the access command packet into the plurality of sub-access command packets, the network isolation device may send the access command packet to the second target gateway in the form of the plurality of sub-access command packets. Optionally, when the access command packet is split into a plurality of sub-access command packets, the access command packet may be split into a plurality of sub-access command packets with equal data size according to the data size of the access command packet, or the access command packet may be split into a plurality of sub-access command packets with unequal data size, and it is only necessary to ensure that the data size of the sub-access command packet is less than or equal to the threshold. The manner of splitting the access command packet into multiple sub-access command packets is not limited in this application.
406: and the second target gateway receives the access command packet after the protocol sent by the network isolation device and acquires data corresponding to the access command packet according to the access command packet.
In one implementation, the second target gateway may receive an access command packet sent by the network isolated device, where the access command packet is a protocol access command packet. The second target gateway receives the access command packet after the agreement, and the access command packet after the agreement is received by the second target gateway is different according to the data size of the access command packet after the agreement. If the data volume of the access command packet is less than or equal to the threshold set by the network isolation device, and the threshold is the maximum data volume of the data which can be sent by the network isolation device, the second target gateway receives a complete access command packet sent by the network isolation device. And if the data volume of the access command packet is greater than the threshold value set by the network isolation device, the second target gateway receives a plurality of sub access command packets sent by the network isolation device. Then, in the case that the second target gateway receives multiple sub access command packets sent by the network isolation device, the second target gateway may further combine the multiple sub access command packets to obtain a complete access command packet.
In one implementation, after the second target gateway receives the access command packet after the access command packet is received, the second target gateway sends the access command packet to a server corresponding to the second target gateway. And after receiving the access command packet, the server acquires the data corresponding to the access command packet according to the access command packet. And after acquiring the data corresponding to the access command packet, the server sends the data corresponding to the access command packet to the second target gateway, wherein the data sent by the server to the second target gateway can be sent in the form of a data packet. After receiving the data packet corresponding to the access command packet, the second target gateway may send the data packet to the network isolation device.
407: and the second target gateway sends the data corresponding to the access command packet to the network isolation device.
In one implementation, before the second target gateway sends the data packet to the network isolation device, it is further required to determine a transmission protocol of the network isolation device, and the second target gateway may adapt to the transmission protocol of the network isolation device without affecting the security protection capability of the network isolation device. After the second target gateway determines the transmission protocol of the network isolation device, the data packet is converted into a data packet after being converted into a protocol according to the transmission protocol, and then the data packet after being converted into the protocol is sent to the network isolation device.
408: and the network isolation equipment sends the data sent by the access command packet to the first target gateway.
In one implementation, after the network isolation device receives data corresponding to the access command packet sent by the second target gateway. Optionally, the data corresponding to the access command packet received by the network isolation device may be in the form of a data packet. Then the network isolation device may send the formatted data packet to the first target gateway after receiving the formatted data packet sent by the second target gateway. Optionally, after receiving the data packet after the protocol, the network isolation device may further detect the data size of the data packet, so that the network isolation device sends the data packet to the first target gateway according to the data size of the data packet. If the data volume of the data packet received by the network isolation device is less than or equal to a threshold set by the network isolation device, where the threshold is the maximum data volume of the data that can be sent by the network isolation device, the network isolation device may directly send the data packet to the first target gateway. If the data amount of the data packet received by the network isolation device is greater than the threshold value, the network isolation device may split the data packet into a plurality of sub-packets. Optionally, when the data packet is split into a plurality of sub-packets, the data packet may be split into a plurality of sub-packets with equal data size according to the data size of the data packet, or the data packet may be split into a plurality of sub-packets with unequal data size, and it is only necessary to ensure that the data size of the sub-packets is less than or equal to the threshold. After the network isolation device splits the data packet into a plurality of sub-packets, the plurality of data packets may be sent to the first target gateway.
409: and the first target gateway receives data sent by the access command packet sent by the network isolation device.
In one implementation, the first target gateway may receive data sent by the network isolated device sending the access command packet, where the data may be sent in the form of a data packet, and the data packet is a data packet after being formatted. The data amount of the data packet after the protocol is received by the first target gateway is different. And if the data volume of the data packet is less than or equal to the threshold value set by the network isolation device, the first target gateway receives a complete data packet sent by the network isolation device. And if the data volume of the data packet is greater than the threshold value set by the network isolation device, the first target gateway receives a plurality of sub data packets sent by the network isolation device. Then, in the case that the first target gateway receives multiple sub-packets sent by the network isolation device, the first target gateway may further combine the multiple sub-packets to obtain a complete data packet.
In one implementation, after receiving the data sent by the access command packet sent by the network isolation device, the first target gateway may return the data to the user. And the first target gateway may disconnect from the second target gateway after receiving the data at the first target gateway.
For specific implementation of steps S401 and S402, reference may be made to the detailed description of steps S201 and S202 in the foregoing embodiment, and details are not described here again.
In this embodiment of the application, the first target gateway may receive the access request and determine an access command packet corresponding to the access request. And a second gateway corresponding to the first target gateway, i.e., the second target gateway, may send an inquiry request to the first target gateway. If the first target gateway receives the inquiry request sent by the second target gateway, the first target gateway determines the transmission protocol of the network isolation device, determines the access command packet after the protocol is determined according to the transmission protocol, and sends the access command packet after the protocol is determined to the network isolation device. Then the network isolation device may send the access command packet to the second target gateway after receiving the access command packet sent by the first target gateway. After the second target gateway receives the access command packet sent by the network isolation device, the second target gateway may obtain data corresponding to the access command packet according to the access command packet, and send the data corresponding to the access command packet to the network isolation device. Further, the network isolation device may receive the data sent by the second target gateway and send the data to the first target gateway. After receiving the data sent by the network isolation device, the first target gateway may return the data to the user. By implementing the method, the security of the network can be effectively guaranteed, and the network protection effect is improved.
Fig. 5 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present disclosure. Optionally, the data processing apparatus may be configured in a gateway device, such as the first target gateway described above. The gateway device, such as a first target gateway, may be deployed in a cloud data system, which may include a plurality of first gateways and a plurality of second gateways, with the first gateway and the second gateways establishing a unidirectional connection from the second gateway to the first gateway. The data processing apparatus described in this embodiment includes:
a determining unit 501, configured to receive an access request by a first target gateway, and determine an access command packet corresponding to the access request, where the first target gateway is one of the multiple first gateways;
a sending unit 502, configured to send the access command packet to a second target gateway if the first target gateway receives an inquiry request sent by the second target gateway, where the second target gateway is a second gateway corresponding to the first target gateway;
a receiving unit 503, configured to receive, by the first target gateway, data sent by the second target gateway in response to the access command packet.
In one implementation, the cloud data system further includes a network isolation device; the sending unit 502 is specifically configured to:
the first target gateway determines a transmission protocol of the network isolation equipment and determines a protocol-converted access command packet according to the transmission protocol;
and the first target gateway sends the access command packet after the protocol to the second target gateway through the network isolation equipment.
In one implementation, the cloud data system further includes a routing device, and the access request includes a target identifier, where the target identifier is used to indicate a first target gateway corresponding to the access request; the access request is routed to the first target gateway by the routing device according to the target identification.
In an implementation manner, the apparatus further includes a connection unit 504, specifically configured to:
if the first target gateway receives an inquiry request sent by a second target gateway according to a preset condition, the first target gateway establishes communication connection with the second target gateway;
after the first target gateway receives the data sent by the second target gateway in response to the access command packet, the first target gateway disconnects communication with the second target gateway.
Fig. 6 is a schematic structural diagram of another data processing apparatus according to an embodiment of the present disclosure. Optionally, the data processing apparatus may be configured in a gateway device, such as the second target gateway described above. The gateway device, such as a second target gateway, may be deployed in a cloud data system, which may include a plurality of first gateways and a plurality of second gateways, the first gateways and the second gateways establishing a unidirectional connection from the second gateway to the first gateway. The data processing apparatus described in this embodiment includes:
a sending unit 601, configured to send an inquiry request to a first target gateway by a second target gateway, where the first target gateway is one of the multiple first gateways, and the second target gateway is a second gateway corresponding to the first target gateway;
a receiving unit 602, configured to receive, by the second target gateway, an access command packet sent by the first target gateway;
the sending unit 601 is further configured to obtain, by the second target gateway, data corresponding to the access command packet according to the access command packet, and send the data corresponding to the access command packet to the first target gateway.
In one implementation manner, the plurality of second gateways send inquiry requests to the corresponding first gateways in a polling manner; the sending unit 601 is specifically configured to:
and when the polling opportunity of the second target gateway arrives, sending an inquiry request to the first target gateway.
In an implementation manner, the apparatus further includes a connection unit 603, specifically configured to:
the second target gateway establishes communication connection with the first target gateway;
determining a connection duration according to the feature information corresponding to the access command packet, wherein the feature information comprises at least one of the following items: the data size of the access command packet, the priority of a user corresponding to the access command packet and the network transmission quality;
and if the connection duration is reached, the second target gateway and the first target gateway are disconnected in communication.
In one implementation, the cloud data system further includes a network isolation device; the sending unit 601 is specifically configured to:
and the second target gateway receives an access command packet sent by the first target gateway through the network isolation device.
Fig. 7 is a schematic structural diagram of a gateway device according to an embodiment of the present application. The gateway device may be the first target gateway and/or the second target gateway, or may perform some or all of the steps performed by the first target gateway and/or the second target gateway. The gateway device described in this embodiment includes: a processor 701, a memory 702, and a network interface 703. Data may be exchanged between the processor 701, the memory 702, and the network interface 703.
The Processor 701 may be a Central Processing Unit (CPU), and may also be other general purpose processors, Digital Signal Processors (DSP), Application Specific Integrated Circuits (ASIC), Field-Programmable Gate arrays (FPGA) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and so on. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 702, which may include both read-only memory and random-access memory, provides program instructions and data to the processor 701. A portion of the memory 702 may also include non-volatile random access memory.
Optionally, in some embodiments, the gateway device may be a first target gateway, or may perform some or all of the steps performed by the first target gateway. The gateway device, such as a first target gateway, may be deployed in a cloud data system, which may include a plurality of first gateways and a plurality of second gateways, with the first gateway and the second gateways establishing a unidirectional connection from the second gateway to the first gateway. For example, the processor 701, when calling the program instruction, is configured to perform:
calling a network interface 703 to receive an access request, and determining an access command packet corresponding to the access request, where the first target gateway is one of the plurality of first gateways;
if an inquiry request sent by a second target gateway is received, calling a network interface 703 to send the access command packet to the second target gateway, wherein the second target gateway is a second gateway corresponding to the first target gateway;
invoking a network interface 703 to receive data sent by the second target gateway in response to the access command packet.
In one implementation, the processor 701 is specifically configured to:
determining a transmission protocol of the network isolation equipment, and determining a protocol access command packet according to the transmission protocol;
and sending the access command packet after the protocol to the second target gateway through the network isolation equipment.
In one implementation, the cloud data system further includes a routing device, and the access request includes a target identifier, where the target identifier is used to indicate a first target gateway corresponding to the access request; the access request is routed to the first target gateway by the routing device according to the target identification.
In one implementation, the processor 701 is further configured to:
if an inquiry request sent by a second target gateway according to a preset condition is received, the first target gateway establishes communication connection with the second target gateway;
after the network interface 703 is invoked to receive the data sent by the second target gateway in response to the access command packet, the first target gateway disconnects communication with the second target gateway.
Optionally, in some embodiments, the gateway device may be a second target gateway, or may perform some or all of the steps performed by the second target gateway. The gateway device, such as a second target gateway, may be deployed in a cloud data system, which may include a plurality of first gateways and a plurality of second gateways, the first gateways and the second gateways establishing a unidirectional connection from the second gateway to the first gateway. For example, the processor 701, when calling the program instruction, is configured to perform:
calling a network interface 703 to send an inquiry request to a first target gateway, where the first target gateway is one of the multiple first gateways, and the second target gateway is a second gateway corresponding to the first target gateway;
calling a network interface 703 to receive an access command packet sent by the first target gateway;
and acquiring data corresponding to the access command packet according to the access command packet, and sending the data corresponding to the access command packet to the first target gateway.
In one implementation manner, the plurality of second gateways send inquiry requests to the corresponding first gateways in a polling manner; the processor 701 is specifically configured to:
and when the polling opportunity of the second target gateway arrives, sending an inquiry request to the first target gateway.
In one implementation, the processor 701 is further configured to:
determining a connection duration according to the feature information corresponding to the access command packet, wherein the feature information comprises at least one of the following items: the data size of the access command packet, the priority of a user corresponding to the access command packet and the network transmission quality;
and if the connection duration is reached, the second target gateway and the first target gateway are disconnected in communication.
In one implementation, the cloud data system further includes a network isolation device; the processor 701 is specifically configured to:
calling a network interface 703 to receive an access command packet sent by the first target gateway through the network isolation device.
The embodiment of the present application also provides a computer storage medium, in which program instructions are stored, and when the program is executed, some or all of the steps of the data processing method in the embodiment corresponding to fig. 2 or fig. 4 may be included.
It should be noted that, for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts or combinations, but those skilled in the art should understand that the present application is not limited by the order of acts described, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Embodiments of the present application also provide a computer program product or computer program, which may include computer instructions, which may be stored in a computer-readable storage medium. The computer instructions may be read by a processor of a computer device from a computer-readable storage medium, and the computer instructions executed by the processor cause the computer device to perform some or all of the steps performed in the embodiments of the methods described above.
The foregoing describes a data processing method, a gateway device, and a medium provided in an embodiment of the present application in detail, and a specific example is applied in the present application to explain the principle and the implementation of the present application, and the description of the foregoing embodiment is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A data processing method is applied to a cloud data system, the cloud data system comprises a plurality of first gateways and a plurality of second gateways, the first gateways and the second gateways establish unidirectional connection from the second gateways to the first gateways, and the method comprises the following steps:
a first target gateway receives an access request and determines an access command packet corresponding to the access request, wherein the first target gateway is one of the plurality of first gateways;
if the first target gateway receives an inquiry request sent by a second target gateway, the first target gateway sends the access command packet to the second target gateway, wherein the second target gateway is a second gateway corresponding to the first target gateway;
and the first target gateway receives the data sent by the second target gateway in response to the access command packet.
2. The method of claim 1, wherein the cloud data system further comprises a network quarantine device; the first target gateway sends the access command packet to the second target gateway through the network isolation device, including:
the first target gateway determines a transmission protocol of the network isolation equipment and determines a protocol-converted access command packet according to the transmission protocol;
and the first target gateway sends the access command packet after the protocol to the second target gateway through the network isolation equipment.
3. The method of claim 1, wherein the cloud data system further comprises a routing device, and wherein the access request comprises a target identifier, wherein the target identifier is used to indicate a first target gateway to which the access request corresponds; the access request is routed to the first target gateway by the routing device according to the target identification.
4. The method of any of claims 1-3, wherein prior to the first target gateway sending the access command packet to the second target gateway, further comprising:
if the first target gateway receives an inquiry request sent by a second target gateway according to a preset condition, the first target gateway establishes communication connection with the second target gateway;
after the first target gateway receives the data sent by the second target gateway in response to the access command packet, the method further includes:
and the first target gateway is disconnected from the second target gateway in communication.
5. A data processing method is applied to a cloud data system, the cloud data system comprises a plurality of first gateways and a plurality of second gateways, the first gateways and the second gateways establish unidirectional connection from the second gateways to the first gateways, and the method comprises the following steps:
a second target gateway sends an inquiry request to a first target gateway, wherein the first target gateway is one of the plurality of first gateways, and the second target gateway is a second gateway corresponding to the first target gateway;
the second target gateway receives the access command packet sent by the first target gateway;
and the second target gateway acquires the data corresponding to the access command packet according to the access command packet and sends the data corresponding to the access command packet to the first target gateway.
6. The method according to claim 5, wherein the plurality of second gateways send inquiry requests to the corresponding first gateways in a polling manner; the second target gateway sends an inquiry request to the first target gateway, and the inquiry request comprises the following steps:
and when the polling opportunity of the second target gateway arrives, sending an inquiry request to the first target gateway.
7. The method according to claim 5 or 6, wherein after the second target gateway sends the query request to the first target gateway and before the second target gateway receives the access command packet sent by the first target gateway, the method further comprises:
the second target gateway establishes communication connection with the first target gateway;
after the second target gateway receives the access command packet sent by the first target gateway, the method further includes:
determining a connection duration according to the feature information corresponding to the access command packet, wherein the feature information comprises at least one of the following items: the data size of the access command packet, the priority of a user corresponding to the access command packet and the network transmission quality;
and if the connection duration is reached, the second target gateway and the first target gateway are disconnected in communication.
8. The method of claim 5 or 6, wherein the cloud data system further comprises a network quarantine device; the second target gateway receiving the access command packet sent by the first target gateway, including:
and the second target gateway receives an access command packet sent by the first target gateway through the network isolation device.
9. A gateway device, comprising a processor, a memory and a network interface, the processor, the memory and the network interface being interconnected, wherein the memory is configured to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any one of claims 1 to 8.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011069915.XA CN112202795B (en) | 2020-09-30 | 2020-09-30 | Data processing method, gateway equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011069915.XA CN112202795B (en) | 2020-09-30 | 2020-09-30 | Data processing method, gateway equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112202795A true CN112202795A (en) | 2021-01-08 |
| CN112202795B CN112202795B (en) | 2023-07-14 |
Family
ID=74013028
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011069915.XA Active CN112202795B (en) | 2020-09-30 | 2020-09-30 | Data processing method, gateway equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112202795B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114202947A (en) * | 2021-12-07 | 2022-03-18 | 北京百度网讯科技有限公司 | Internet of vehicles data transmission method and device and automatic driving vehicle |
| CN114726854A (en) * | 2021-12-27 | 2022-07-08 | 天翼云科技有限公司 | Service request processing method and device and cloud service system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104780215A (en) * | 2015-04-21 | 2015-07-15 | 广州多益网络科技有限公司 | File transfer system and method thereof |
| CN105208043A (en) * | 2015-10-13 | 2015-12-30 | 网易(杭州)网络有限公司 | Outer network agent module, inner network agent module and data transmitting method and system |
| US9992083B1 (en) * | 2015-09-22 | 2018-06-05 | Amazon Technologies, Inc. | System to detect network egress points |
| CN110351379A (en) * | 2019-07-17 | 2019-10-18 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
| CN110365779A (en) * | 2019-07-17 | 2019-10-22 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
-
2020
- 2020-09-30 CN CN202011069915.XA patent/CN112202795B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104780215A (en) * | 2015-04-21 | 2015-07-15 | 广州多益网络科技有限公司 | File transfer system and method thereof |
| US9992083B1 (en) * | 2015-09-22 | 2018-06-05 | Amazon Technologies, Inc. | System to detect network egress points |
| CN105208043A (en) * | 2015-10-13 | 2015-12-30 | 网易(杭州)网络有限公司 | Outer network agent module, inner network agent module and data transmitting method and system |
| CN110351379A (en) * | 2019-07-17 | 2019-10-18 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
| CN110365779A (en) * | 2019-07-17 | 2019-10-22 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114202947A (en) * | 2021-12-07 | 2022-03-18 | 北京百度网讯科技有限公司 | Internet of vehicles data transmission method and device and automatic driving vehicle |
| CN114726854A (en) * | 2021-12-27 | 2022-07-08 | 天翼云科技有限公司 | Service request processing method and device and cloud service system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112202795B (en) | 2023-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112511611B (en) | Communication method, device and system of node cluster and electronic equipment | |
| EP3907973A1 (en) | Method for establishing communication connection and proxy server | |
| CN104994079B (en) | The treating method and apparatus of access request accelerates server | |
| CN112468518B (en) | Access data processing method and device, storage medium and computer equipment | |
| US20060206614A1 (en) | Processing requests transmitted using a first communication directed to an application that uses a second communication protocol | |
| US9843514B2 (en) | Packet processing method and background server | |
| CN102790808A (en) | Domain name resolution method and system, client | |
| CN104580553B (en) | Method and device for identifying network address translation equipment | |
| CN112202795A (en) | Data processing method, gateway equipment and medium | |
| US20230031062A1 (en) | Data processing method and apparatus, related device, and storage medium | |
| CN107528712A (en) | The determination of access rights, the access method of the page and device | |
| US9699139B2 (en) | Communications system | |
| US7218714B2 (en) | Method of calling service among devices in home network | |
| CN114390049A (en) | Application data acquisition method and device | |
| EP3018883B1 (en) | Login method and system for client unit | |
| CN115296866B (en) | Access method and device for edge node | |
| CN113162922B (en) | Client data acquisition method and device, storage medium and electronic equipment | |
| WO2023020606A1 (en) | Method, system and apparatus for hiding source station, and device and storage medium | |
| CN112870692B (en) | Game acceleration method, acceleration system, acceleration device and storage medium | |
| CN112291255B (en) | Method, device and server for pushing messages of gateway | |
| CN112929417B (en) | Message processing method and device | |
| CN115297098A (en) | Edge service acquisition method and device, edge computing system, medium and equipment | |
| CN113746909A (en) | Network connection method, device, electronic equipment and computer readable storage medium | |
| CN108307683A (en) | The means of communication, micro-base station, micro-base station controller, terminal and system | |
| CN110324318A (en) | A kind of Intranet access method and relevant apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |