CN112235239B - SD-WAN service system based on block chain and implementation method thereof - Google Patents
SD-WAN service system based on block chain and implementation method thereof Download PDFInfo
- Publication number
- CN112235239B CN112235239B CN202010923513.5A CN202010923513A CN112235239B CN 112235239 B CN112235239 B CN 112235239B CN 202010923513 A CN202010923513 A CN 202010923513A CN 112235239 B CN112235239 B CN 112235239B
- Authority
- CN
- China
- Prior art keywords
- user
- operator
- contract
- scheduling
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Abstract
The invention discloses a block chain-based SD-WAN service system and an implementation method thereof, wherein the system comprises three roles of a user, an operator and a third-party platform, the user and the operator comprise an administrator and equipment, the third-party platform comprises an SD-WAN controller, a platform service end and an authentication platform, and the block chain platform is maintained by the three roles; the system business process can be divided into five parts of registration, signing, scheduling, acquisition and settlement, the customized network service requirement of a user under a wide area network is realized, the user can be automatically optimized among a plurality of operators, and meanwhile, the automatic settlement between the operators and the user can be realized by utilizing a block chain technology.
Description
Technical Field
The invention discloses an SD-WAN service system based on a block chain and an implementation method thereof, belonging to the technical field of block chains.
Background
The software defined wide area network (SD-WAN) is a typical application of a Software Defined Network (SDN) in a wide area private network service scene, and in combination with the automatic configuration and scheduling capability of a network controller, an enterprise user can flexibly access to a wide area private network of an operator by using an Internet construction tunnel. However, in this scenario, the network controller of the SD-WAN is currently provided by an operator, and the operator can uniquely schedule the traffic of the enterprise user to its own wide area private network for its own business interests, so that the enterprise user faces the problem of locking by a single operator when using the SD-WAN, which restricts the development of the SD-WAN to some extent.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a mode for improving the traditional operator user settlement, so that a user can customize network services, and automatic settlement can be carried out between an operator and the user.
The invention relates to a SD-WAN service system based on a block chain, which comprises
The system comprises a block chain node module, a block chain node module and a block chain control module, wherein the block chain node module comprises equipment nodes which are divided into third-party platform side nodes, user side nodes and operator side nodes;
the intelligent contract module is used for realizing the functions of signing, accounting, settlement and punishment among a third-party platform, a user and an operator;
the system comprises a block chain user module, a block chain user module and a block chain management module, wherein the block chain user module is used for providing a client side for a user to interact with a block chain;
the SD-WAN service module is responsible for carrying out intelligent network scheduling according to subscription data and network quality conditions;
the platform server module is used for implementing registration and signing functions on users and operators;
the authentication platform service module is responsible for providing an operation maintenance function for the block chain, is responsible for member identity authentication and permission admission management, issues a signature certificate, a communication certificate and a service certificate to an account or a node which is successfully authenticated, and is responsible for certificate management.
Further, the SD-WAN service module is divided into four units of scheduling, collecting, network probe and scheduling agent, wherein,
the dispatching unit is responsible for network traffic dispatching, and the acquisition unit is responsible for real-time traffic acquisition at two ends;
the network probe and the scheduling agent unit are both deployed on user and operator equipment.
Further, the intelligent contract module is divided into:
identity verification, authorization and authentication module: the system is responsible for identifying the read-write permission of the user;
a signing module: is responsible for all signing processes;
and an accounting module: in the scheduling process, acquiring a flow use record from an acquisition system;
a settlement module: the system is responsible for settling the bill flow between the user and the operator;
a penalty module: and the system is responsible for recording the violation conditions of the operator, the third party and the user and is used as a certificate for punishment in the later period.
The application also provides a block chain-based SD-WAN service implementation method, which comprises the following steps:
step one, an operator and a user respectively register and sign in a block chain authentication platform service module;
secondly, the SD-WAN controller carries out intelligent network scheduling according to the subscription data and the network quality condition;
and step three, the intelligent contract module performs accounting and settlement on the flow generated by the user according to the mode specified in the contract.
Further, the signing of the user in the blockchain authentication platform service module includes the following two modes:
a direct labeling mode: the two parties signing in the direct signing mode are operators and users, and in the mode, the third-party platform provides different operators for the users to select and does not participate in the contract signing process;
the agent signing mode comprises the following steps: the two signing parties in the proxy signing mode are a third-party platform and a user, and when the third-party platform party signs a contract agreeing to be freely scheduled with an operator, the operator can be freely scheduled in the network traffic scheduling process.
Further, the second step is specifically:
step 2.1, the SD-WAN controller firstly identifies the signing form of the user on the block chain authentication platform service module, if the signing form is a direct signing mode, the block chain scheduling unit sends a scheduling instruction to the user and an operator scheduling agent unit, and the user and the operator establish connection to start communication;
if the contract is the agent signing mode, the block chain scheduling unit searches for an operator matched with the flow parameters in the signing contract, then sends a scheduling instruction to a user and an operator scheduling agent, and the user and the operator establish connection to start communication;
step 2.2, the network probe of the user and the operator equipment pushes the flow record to an acquisition unit of the SD-WAN controller;
step 2.3, when the user equipment probe detects that the network quality is reduced, the network quality is fed back to the acquisition unit, and in the proxy signing mode, the user requests the flow scheduling to the scheduling unit;
and 2.4, the scheduling unit sends a scheduling instruction to the user scheduling agent unit according to the user signing condition.
Further, the third step is specifically:
in the direct signing mode, the settlement is carried out according to a mode specified by a contract, the user directly settles the account with the operator, and the operator clears the record of the payment to be paid on the chain after the settlement.
The third step is specifically as follows: in the proxy-sign mode, the user may,
step 3.1, the platform server side provides settlement application to the block chain at the time of contract agreement;
step 3.2, the block chain platform generates a bill of the user according to the contract, the bill enters a state to be settled, and then the bill is sent back to the platform server;
step 3.3, the platform server side sends the bill to the corresponding user;
step 3.4, the user and the third party platform perform offline settlement;
step 35, after the offline settlement is completed, the platform server side submits the settled transaction of the bill to the block chain platform;
step 3.6, the blockchain platform updates the bill status and notifies the user that the bill has been settled.
As a preferred embodiment of the present application, the method further comprises: a procedure in which the operator changes contracts and/or the user changes contracts,
the contract change process of the operator comprises the following steps: in the direct sign mode, the contract change of the operator is specified by the operator, if the user is not satisfied with the change result, the contract with the operator is selected to be terminated, and a new operator is reselected;
in the agent signing mode, an operator submits a change application to a blockchain platform, the blockchain records the change application and then sends a contract change message of the operator to the SD-WAN scheduling module, then the SD-WAN scheduling module disconnects the equipment of the operator, the contract state is changed by the blockchain and a contract template is sent to an operator manager, and the operator manager submits the contract to the blockchain after adding an electronic signature; the third party platform adds an electronic signature after finding the electronic contract to be stamped and uploads the electronic contract to the block chain, and the block chain informs the SD-WAN scheduling module of new service parameters and expenses of the operator after changing the contract state;
the user contract changing process is that in the direct signing mode, the user requires to change the contract and directly negotiates with an operator, and a new contract is uploaded to a block chain after the contract is changed; in the agent signing mode, an enterprise user submits a contract change application to a blockchain platform, the blockchain records the change application and then sends a message to an SD-WAN scheduling module to inform the user that the contract is changed, and the SD-WAN scheduling module disconnects the equipment of the user; then, the block chain changes the contract state and sends the contract template to the corresponding user, and the user submits the contract to the block chain after adding the electronic signature; the platform server adds an electronic signature after finding the electronic contract to be sealed and uploads the electronic contract to the block chain; and after the last block chain receives the contract signed by the two parties, the SD-WAN scheduling module, the user and the platform party are informed of the completion of contract change, and the SD-WAN controller starts scheduling.
Compared with the prior art, the SD-WAN service system based on the block chain and the implementation method thereof have the following beneficial effects:
(1) a third party is introduced as a neutral SD-WAN platform, dynamic scheduling of enterprise user traffic among a plurality of operator wide area private networks is realized through a network controller of the third party, the flexibility of accessing the SD-WAN through an Internet tunnel in the last kilometer is fully exerted, the problem of locking of a single operator is solved, and meanwhile, automatic optimization can be performed among a plurality of operators for enterprise users.
(2) By utilizing a block chain and an intelligent contract technology, business processes of signing, scheduling, collecting, settling and the like of the SD-WAN platform are designed, data can not be falsified in the process of optimized SD-WAN traffic scheduling, the problem that enterprise users face multiple operators and do not trust each other can be effectively solved, and an important guarantee mechanism is provided for the operation of a SD-WAN platform business system.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the present invention will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without inventive labor.
FIG. 1 is a block chain-based SD-WAN service system architecture diagram according to the present invention;
FIG. 2 is a flow chart of operator subscription in the present invention;
FIG. 3 is a flow chart of a user signing direct sign mode in the present invention;
FIG. 4 is a flow chart of a user signing up for a proxy signing mode of the present invention;
FIG. 5 is a flow chart of the conventional dispatch direct tagging mode of the present invention;
FIG. 6 is a flow chart of a conventional dispatch agent sign mode of the present invention;
FIG. 7 is a data collection flow chart;
FIG. 8 is a flow chart for a data feedback direct signature mode;
FIG. 9 is a flow chart of a data feedback proxy sign-on mode;
FIG. 10 is a flow chart of settlement process in the proxy sign mode;
FIG. 11 is a flow chart of operator contract change in the proxy sign-on mode;
FIG. 12 is a flow chart of a user contract change procedure in the proxy sign-on mode;
FIG. 13 is a diagram illustrating a network scenario structure according to an embodiment;
FIG. 14 is a schematic structural diagram of a Web end and an authentication platform in third-party platform deployment;
FIG. 15 is a schematic structural diagram of a scheduling agent client and an acquisition agent client in third party platform deployment;
FIG. 16 is a schematic structural diagram of a fabric node in a third party platform deployment;
FIG. 17 is a schematic diagram of an operator organization authentication server in operator deployment;
FIG. 18 is a data structure diagram of a device client binding with a carrier's SD-WAN probe in a carrier deployment;
fig. 19 is a schematic structural diagram of an operator fabric node in operator deployment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The invention provides a block chain-based SD-WAN service system and an implementation method thereof, which can meet the customized network service requirements of users under a wide area network, can perform automatic optimization among a plurality of operators for the users, and can realize automatic settlement among the operators and the users by using a block chain technology.
Embodiment 1 System Overall architecture
The system comprises three roles of a user, an operator and a third-party platform, wherein the user and the operator comprise an administrator and equipment, the third-party platform comprises an SD-WAN (secure digital-Wide area network) controller, a platform server and an authentication platform, a block chain platform is jointly maintained by the SD-WAN controller, and the block chain platform is mainly divided into a block chain part and a non-block chain part:
1. block chain part
Block link point module: the module comprises all nodes in the block chain network, and the nodes are provided by a third-party platform, a user and an operator.
The intelligent contract module: the module is divided according to functions, and specifically comprises the following steps:
identity verification, authorization and authentication module: and the system is responsible for authenticating the read-write authority of the user.
A signing module: and is responsible for all subscription processes.
And an accounting module: and in the scheduling process, acquiring a flow use record from the acquisition system and the like.
A settlement module: and the system is responsible for settling the bill flow between the user and the operator.
A penalty module: and the system is responsible for recording the violation conditions of the operator, the third party and the user and is used as a certificate for punishment in the later period.
2. Non-blockchain part
Block chain user module: a client for providing a user with interaction with the blockchain. The user module is divided into a common user and a device user. Common users are user administrator clients, operator administrator clients, platform side clients and the like. The device user refers to a device which is registered as a block chain user and interacts with the block chain through the provided SDK. Such as user device clients, operator device clients, SD-WAN device clients, etc.
SD-WAN service Module: and the intelligent network scheduling system is responsible for carrying out intelligent network scheduling according to the subscription data and the network quality condition. The components can be divided into four parts of scheduling, collecting, network probe and scheduling agent, wherein the scheduling module is responsible for network scheduling; the acquisition module is responsible for real-time flow acquisition at two ends. In addition, the network probe and the scheduling agent are deployed on the user as well as on the operator equipment.
The authentication platform service module: the centralized platform is responsible for providing an operation maintenance function for the block chain, is responsible for member identity authentication and permission admission management, issues a signature certificate, a communication certificate and a service certificate to an account or a node which is successfully authenticated, and is responsible for certificate management.
A platform server module: the system mainly has the functions of service display, registration, subscription and the like, and is generally in a C/S framework.
The system service process can be divided into five parts of registration, signing, scheduling, acquisition and settlement:
1. operator and user registration
1) The operator or user manager submits the application and registration of the data through the platform service server.
2) The platform checks the qualification data of the operator or the user.
3) And submitting the certificate application to the authentication platform after the platform passes the verification.
4) The authentication platform issues a certificate.
From there, the user or operator can interact with the platform, blockchain.
2. Operator subscription process
The operator subscription flow chart is as follows:
1) the operator administrator initiates a subscription request to the platform service server (the information such as the service quality, the tariff and the like that can be provided by the operator is included in the subscription request).
2) After the platform service server checks the signing request, a contract template is requested from the block chain platform, a contract (at the moment, the contract comprises a party A and a party B, service parameters and the like) is generated, and then the contract is sent to an operator manager.
3) And after confirming that the operator does not have errors, the operator administrator adds an electronic signature and then sends the electronic signature to the block chain platform.
4) Contract status is stored and initialized on the chain.
5) And after the initialization is finished, sending the information to a platform service server, and waiting for adding a third-party electronic signature.
6) And submitting the third party with the electronic signature to the block chain.
7) And updating the contract state on the chain, and enabling the contract to take effect.
8) And broadcasting to a third party and an operator after the contract takes effect.
3. User subscription process
The user subscription can be divided into two modes: direct sign mode, proxy sign mode.
A direct labeling mode: in the direct signing mode, two parties signing are operators and enterprise users, and in the mode, the third-party platform only provides a series of operators to be selected by the enterprise users without participating in the contract signing process.
1) The enterprise user administrator initiates a direct subscription request (the information of the service quality required by the enterprise user, the estimated charge and the like is contained in the subscription request) or selects the operator by a specified operator name.
2) And the platform server side returns the operator list meeting the conditions after verifying the signing request.
3) The enterprise user administrator selects one operator to submit to the platform service end.
4) The platform server requests a contract template from the blockchain platform and generates a contract (the contract contains the Party A and the Party B, the requirement parameters and the like) and then sends the contract template to the enterprise user manager.
5) And after confirming that the error is not found, the enterprise user administrator adds an electronic signature and then sends the electronic signature to the blockchain platform.
6) Contract status is stored and initialized on the chain.
7) And after the initialization is finished, sending the information to an operator manager to wait for adding an operator electronic signature.
8) The operator administrator submits the signature to the blockchain after adding the electronic signature.
9) And updating the contract state on the chain, and enabling the contract to take effect.
10) And after the contract takes effect, the contract is broadcasted to a third party, an enterprise user and an operator.
11) The SD-WAN scheduling system starts.
The agent signing mode comprises the following steps: the two parties signing in the proxy signing mode are a third-party platform and enterprise users, when the platform party signs with the operator, the operator needs to sign a contract agreeing to be freely scheduled, and all the operators signing the contract are in the proxy mode contract scheduling option.
1) The enterprise user administrator initiates a proxy subscription request (the information of the service quality required by the enterprise user, the estimated tariff and the like is included in the subscription request).
2) After the platform service server checks the signing request, a contract template is requested from the block chain platform, a contract (the contract comprises a party A and a party B, demand parameters and the like) is generated, and then the contract is sent to an enterprise user manager.
3) And after confirming that the error is not found, the enterprise user administrator adds an electronic signature and then sends the electronic signature to the blockchain platform.
4) Contract status is stored and initialized on the chain.
5) And after the initialization is finished, sending the information to a third-party platform server to wait for adding a third-party electronic signature.
6) And submitting the third party with the electronic signature to the block chain.
7) And updating the contract state on the chain, and enabling the contract to take effect.
8) And after the contract takes effect, broadcasting the contract to a third party and an enterprise user.
9) The SD-WAN scheduling system starts.
4. Initial scheduling process
A direct labeling mode:
1) and after the direct signing contract is signed, the block chain platform informs the SD-WAN scheduling module that the contract is effective.
2) And the scheduling module sends scheduling instructions to scheduling agents of users and operators.
3) From which the user establishes a connection with the operator to start communication.
The agent signing mode comprises the following steps:
1) and after the contract signing of the agent contract is finished, the block chain platform informs the SD-WAN scheduling module that the contract is effective and the user requirement parameters are attached.
2) The scheduling module searches the matched operator and then sends a scheduling instruction to the user and the operator scheduling agent.
3) From which the user establishes a connection with the operator to start communication.
5. Collection process
Direct sign mode/proxy sign mode:
1) the user and the operator equipment network probe push the flow record to the acquisition module.
2) And the acquisition module checks and arranges the flow records and links the flow records.
3) And the acquisition module reads the data on the chain from the operator equipment client after the data are linked, and checks whether an error exists between the data and the local.
4) And after the operator equipment finds obvious errors, submitting error records and entering an error adjustment arbitration process.
5) And the acquisition system reads the data on the chain from the enterprise user equipment client after the data are linked, and checks whether an error exists between the data and the local.
6) After the enterprise user equipment finds obvious errors, error records are submitted, and an error adjustment arbitration process is entered.
The difference adjustment arbitration flow involved in the steps 4) and 6) is as follows:
1. and after finding the error, the operator or the user equipment submits an error record to the block chain platform through the equipment client.
2. And the third-party platform checks the flow records in the SD-WAN acquisition module after obtaining the error records, rejects the error adjustment request if no error exists, and submits the new flow records to the block chain platform and informs an operator or user equipment if errors exist.
3. And after receiving the notification, the operator or the user equipment verifies the data on the link and the local data again, and if errors exist, the process is repeated until the data are correct.
6. Acquisition feedback flow
A direct labeling mode:
1) and when finding that the network quality is reduced, the enterprise user feeds back the network quality problem to the block chain platform.
2) And the block chain platform generates a feedback record and feeds the feedback record back to the acquisition module.
3) The acquisition module searches for network quality data records, analyzes and finds out corresponding records, and links the corresponding records.
4) And the block chain writes the record into the account book and returns a feedback result to the enterprise user.
The agent signing mode comprises the following steps:
1) and when the user equipment probe detects that the network quality is reduced, feeding back the network quality to the acquisition module and requesting for scheduling.
2) The scheduling module obtains the quality detection parameters from the acquisition module, and then the acquisition module chains the network quality information.
3) The scheduling module sends a scheduling instruction to the user scheduling agent.
4) And after the user equipment finishes scheduling, pushing a scheduling result to the acquisition module.
7. Settlement process
A direct labeling mode:
the direct sign mode settlement is according to the mode that stipulates in the contract, and the user directly settles with the operator. And clearing the record of the fee to be paid on the chain by the operator after settlement.
The agent signing mode comprises the following steps:
1) and the platform server side provides settlement application to the block chain at a specific time.
2) And generating a bill of the specific enterprise user by the block chain platform, wherein the bill enters a to-be-settled state. And then sends the bill back to the platform service end.
3) And the platform server side sends the bill to the enterprise user.
4) The enterprise user makes offline settlement with the third party platform.
5) And after the offline settlement is finished, the platform server side submits the settled transaction of the bill to the block chain.
6) The blockchain platform updates the bill status and notifies the enterprise user that the bill has been settled.
The settlement process between the operator and the third party is consistent with the above, and the process is as follows:
1) and the platform server side provides settlement application to the block chain at a specific time.
2) And the block chain platform generates a bill of a specific operator, the bill enters a state to be settled, and then the bill is sent back to the platform server.
3) And the platform service side sends the bill to the operator.
4) And the operator and the third-party platform perform offline settlement.
5) And after the offline settlement is finished, the platform server side submits the settled transaction of the bill to the block chain.
6) The blockchain platform updates the billing status and notifies the carrier that the bill has been settled.
8. Contract change process of operator
A direct labeling mode:
the contract change of the operator in the direct signing process is specified by the operator, and if the user is not satisfied with the change result, the contract with the operator can be selected to be terminated, and a new operator can be reselected.
The agent signing mode comprises the following steps:
1) the operator submits a change application (containing subscription data).
2) The third party submits a change application to the blockchain.
3) And sending a message to the SD-WAN scheduling module after the block chain record change application, and informing the operator that the contract is about to be changed.
4) The SD-WAN scheduling module disconnects the operator's equipment.
5) And after the disconnection is successful, the SD-WAN controller uploads the disconnection completion information to the block chain.
6) And the block chain changes the contract state and sends the contract template to the platform server.
7) And the platform server sends the contract to an operator manager.
8) The operator administrator submits the contract to the blockchain after adding the electronic signature.
9) And the third-party platform adds the electronic signature after finding the electronic contract to be sealed and uploads the electronic contract to the block chain.
10) And after the block chain changes the contract state, the SD-WAN scheduling module is informed of the new service parameters and the tariff of the operator.
9. Contract change flow for user
A direct labeling mode:
the user of the direct signing process requires to change the contract and directly negotiates with the operator, and the chain linking can be carried out on the new contract after the contract is completed.
The agent signing mode comprises the following steps:
1) the enterprise user submits a contract change application (containing a requirement parameter) to the platform.
2) And after the platform verification requirement is reasonable, submitting a change application to the block chain.
3) And sending a message to the SD-WAN scheduling module after the block chain record change application, and informing the user that the contract is about to be changed.
4) The SD-WAN scheduling module disconnects the device of the user.
5) And after the disconnection is successful, the SD-WAN scheduling module uploads the disconnection completion information to the block chain.
6) And the block chain changes the contract state and sends the contract template to the platform server.
7) The platform server sends the contract to the enterprise user.
8) And submitting the contract to the blockchain after the enterprise user adds the electronic signature.
9) And the platform server adds the electronic signature after finding the electronic contract to be sealed and uploads the electronic contract to the block chain.
10) And after receiving the contract signed by the two parties, the block chain informs the SD-WAN scheduling module, the enterprise user and the platform party of the completion of contract change.
11) The SD-WAN controller starts scheduling.
Take the following implementation scenarios as an example:
a blockchain part:
the block chain platform selects hyper-ridger fabric, and comprises three types of organizations: the system comprises a third-party platform, an operator and a user, wherein each organization needs to deploy Peer nodes, and all organizations belong to the same channel. The Orderer node is provided by a third-party platform and an operator and is selectable for a user. And each module of the intelligent contract is realized by chain code.
Non-blockchain portion:
the equipment client side: the user equipment, the operator equipment and the SD-WAN controller need to be deployed with a fabric client.
A user client: user administrator, operator administrator, platform administrator interact with the fabric through the fabric client of the platform web side (the platform server side is realized by using web).
The SD-WAN component, the authentication platform and the platform web end are maintained and managed by a third party, wherein the fabric supports secondary authentication, the root authentication platform is maintained by the third party, and the organization authentication platform is maintained by each organization.
The specific deployment is illustrated as follows:
1. third party platform deployment schematic
1) Web end and authentication platform deployment (non-blockchain part)
The web side has the following functions:
web function backend: registration/login page (need to distinguish user from operator), operator registration, all user registration.
A root authentication platform: and the operator obtains the access and the enterprise user obtains the access.
fabric client: the method comprises the following steps of signing a contract by an operator, signing a contract by all users, authorizing third-party agency signing by all users, settling accounts by the operator and the users, inquiring flow of all users, submitting a flow quality problem work order (debugging/punishing place) by all users, and changing contracts by all users/operators.
A third party organization authentication platform: the third party organizes internal members to obtain access and independent users to obtain access (the independent users refer to users who are not provided with an organization authentication server or enterprises and cannot be authenticated by the block chain).
2) SD-WAN device (non-blockchain part)
The SD-WAN equipment deployed by the third party comprises a scheduling and acquisition module which is responsible for intelligent scheduling of the network, and in addition, SD-WAN equipment clients are divided into scheduling agent clients and acquisition agent clients. The deployment locations of the dispatching agent client and the collection agent client are shown in fig. 15.
The scheduling agent client: the system is mainly responsible for recording the scheduling records of the scheduling system, arranging the scheduling records into a format specified by the fabric network, submitting the scheduling records to a block chain platform, and recording the scheduling records to the block chain as a certificate of a later punishment. And simultaneously, acquiring the requirement parameters signed by the user from the block chain for the scheduling module to perform initial scheduling.
The collection agent client side: the system is mainly responsible for recording data of an acquisition system, arranging the data into a format specified by a fabric network, submitting the data to a blockchain platform and forming bill data on a chain.
3) Fabric node deployment (blockchain part)
The initial state is that no operator platform needs to provide a complete block chain structure, and the specific structure is shown in fig. 16.
As a platform side, 3 Orderer nodes (raft recognizes the number of Orderer nodes required by each channel as singular) and 2 Peer nodes (avoiding single point) are needed to be provided at first, so that the system of the conservation block chain can operate normally. The late platform side can properly reduce the holding amount of Orderer nodes and Peer nodes, and meanwhile, the initial chain code is installed and instantiated.
2. Operator deployment schematic
1) Operator organization authentication server deployment (non blockchain part)
The organization authentication server of the operator should have the following functions:
web backend: the management function of the member group book in the operator is provided for the operator.
Operator organization authentication platform: the method comprises the steps that members inside an operator obtain access, the operator obtains access through own equipment, and the operator node obtains access.
2) Operator equipment deployment (non-blockchain part)
The operator device client requires the operator to have a certificate for submitting transactions over the blockchain to his own organizational certification platform. The device client binds with the operator's SD-WAN probe. The schematic diagram is as follows:
operator device client functions: and acquiring a scheduling record and a traffic use condition, writing the scheduling record and the traffic use condition into a block chain, and acquiring a network quality condition, and writing the network quality condition into the block chain.
3) Operator fabric node deployment (blockchain part)
An operator is considered an organization in a fabric network. The operator therefore needs to deploy the following servers: peer node Orderer node the number of Peer nodes is decided by the operator. The operator installs the chain code through the fabric cli, the steps are the same as the platform synchronization chain code.
3. User deployment schematic
1) User organization authentication server deployment (non-blockchain part)
The organization authentication server of the user should have the following functions:
web backend: the management function of the member group book in the user is provided for the user.
User organization authentication platform: the method comprises the steps of obtaining access by members in a user, obtaining access by equipment of the user and obtaining access by a user node.
2) User equipment deployment (non-blockchain part)
The user device client requires the user to have his credentials through his own organizational authentication platform for submitting transactions over the blockchain. The device client binds with the user's SD-WAN probe. The schematic diagram is as follows:
user equipment client functions: and acquiring a scheduling record and a traffic use condition, writing the scheduling record and the traffic use condition into a block chain, and acquiring a network quality condition, and writing the network quality condition into the block chain.
3) User fabric node deployment (blockchain part)
An enterprise user is considered an organization in the fabric network. The user deploys the Peer node according to the actual situation, and can also select to provide the Orderer node (not deployed by default). The user installs the chain code through the fabric cli, and the steps are the same as the platform synchronization chain code.
System startup procedure
1. Platform side initial start
1) Deploying SD-WAN controller devices
2) Web end and authentication platform deployment
3) Generating organizational relationships and identity certificates
4) Ordering service starts initial blocks
5) Peer node startup
6) Creating an application channel
7) Installing and instantiating a project chain code
8) Upload preliminary contract template
2. Operator affiliation
1) Deploying SD-WAN operator devices
2) Web side and organization authentication platform deployment
3) Generating organizational relationships and identity certificates
4) Ordering service initiation and joining
5) Peer node startup
6) Peer node joining application channel
7) Chain code for installation project
3. User joining
1) Deploying SD-WAN user equipment
2) Web side and organization authentication platform deployment
3) Generating organizational relationships and identity certificates
4) Peer node startup
5) Peer node joining application channel
6) Chain code for installation project
Therefore, the user, the operator and the third-party platform are deployed and the system is started, and then business processes such as registration, signing, scheduling, acquisition, settlement and the like can be performed.
The network quality related in the application is embodied through network quality data, the contracts signed by users and third parties, the contracts signed by operators and third parties, and the contracts signed between operators and users all have appointments for the network quality, specifically embodied as flow parameters, demand parameters, service parameters and the like, quality detection parameters are arranged in the acquisition unit and are used for describing network performance indexes within a period of time, and the quality detection parameters generally comprise the following parameters: recording start time begintime, recording end time endtime, maximum jitter maxsake, average rate, delay, bandwidth, packet loss rate packetLoss, and the like.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (8)
1. SD-WAN service system based on block chain, characterized in that the service system comprises
The system comprises a block chain node module, a block chain node module and a block chain control module, wherein the block chain node module comprises equipment nodes which are divided into third-party platform side nodes, user side nodes and operator side nodes;
the intelligent contract module is used for realizing the functions of signing, accounting, settlement and punishment among a third-party platform, a user and an operator;
the system comprises a block chain user module, a block chain user module and a block chain management module, wherein the block chain user module is used for providing a client side for a user to interact with a block chain;
the SD-WAN service module is responsible for carrying out intelligent network scheduling according to subscription data and network quality conditions;
the SD-WAN service module is divided into four units of scheduling, collecting, network probe and scheduling agent, wherein,
the dispatching unit is responsible for network traffic dispatching, and the acquisition unit is responsible for real-time traffic acquisition at two ends;
the network probe unit and the scheduling agent unit are both deployed on the user side node and the operator side node;
the scheduling unit and the acquisition unit are deployed on a side node of the third-party platform;
the SD-WAN service module implements network scheduling according to the following procedures:
the SD-WAN service module firstly identifies a mode signed by a user on a block chain authentication platform service module, a scheduling unit sends scheduling instructions to the user and a scheduling agent unit in an operator side node, and the user and the operator establish connection to start communication;
the network probe unit on the user and operator side node pushes the flow record to the acquisition unit of the SD-WAN service module, and the acquisition unit checks and sorts the flow record and uploads the flow record to the block chain;
when a network probe unit on a user side node detects that the network quality is reduced, the network quality is fed back to an acquisition unit, an acquisition module searches network quality data records, analyzes and finds out corresponding records, and then uploads the corresponding records to a block chain;
the scheduling unit sends a scheduling instruction to a scheduling agent unit on a user side node according to the user signing condition;
the platform server module is used for implementing registration and signing functions for users and operators;
the authentication platform service module is responsible for providing an operation maintenance function for the block chain, is responsible for member identity authentication and permission admission management, issues a signature certificate, a communication certificate and a service certificate to an account or a node which is successfully authenticated, and is responsible for certificate management.
2. The block chain based SD-WAN service system according to claim 1, wherein the intelligent contract module is divided into according to its functions:
identity verification, authorization and authentication module: the system is responsible for identifying the read-write permission of the user;
a signing module: is responsible for all signing processes;
and an accounting module: in the scheduling process, acquiring a flow use record from an acquisition system;
a settlement module: the system is responsible for settling the bill flow between the user and the operator;
a penalty module: and the system is responsible for recording the violation conditions of the operator, the third party and the user and is used as a certificate for punishment in the later period.
3. The SD-WAN service implementation method based on the block chain is characterized by comprising the following steps:
firstly, an operator and a user respectively register and sign in a platform server module;
secondly, the SD-WAN service module carries out intelligent network scheduling according to the subscription data and the network quality condition;
the SD-WAN service module is divided into four units of scheduling, collecting, network probe and scheduling agent, wherein,
the dispatching unit is responsible for network traffic dispatching, and the acquisition unit is responsible for real-time traffic acquisition at two ends;
the network probe unit and the scheduling agent unit are both deployed on the user side node and the operator side node;
the scheduling unit and the acquisition unit are deployed on a side node of the third-party platform;
the second step is specifically as follows:
step 2.1, the SD-WAN service module firstly identifies a mode signed by a user on the block chain authentication platform service module, a scheduling unit sends a scheduling instruction to a scheduling agent unit on the side nodes of the user and an operator, and the user and the operator establish connection to start communication;
step 2.2, the network probe unit on the user and operator side node pushes the flow record to the acquisition unit of the SD-WAN service module, and the acquisition unit checks and sorts the flow record and uploads the flow record to the block chain;
step 2.3, when the network probe unit on the user side node detects that the network quality is reduced, feeding back the network quality to the acquisition unit, searching a network quality data record by an acquisition module, analyzing and finding out a corresponding record, and uploading the corresponding record to a block chain;
step 2.4, the scheduling unit sends a scheduling instruction to a scheduling agent unit on a user side node according to the user signing condition;
and step three, the intelligent contract module performs accounting and settlement on the flow generated by the user according to the mode specified in the contract.
4. The service implementation method of claim 3, wherein the subscription of the user in the blockchain authentication platform service module includes the following two modes:
a direct labeling mode: the two parties signing in the direct signing mode are operators and users, and in the mode, the third-party platform provides different operators for the users to select and does not participate in the contract signing process;
the agent signing mode comprises the following steps: the two signing parties in the proxy signing mode are a third-party platform and a user, and when the third-party platform party signs a contract agreeing to be freely scheduled with an operator, the operator can be freely scheduled in the network traffic scheduling process.
5. The service implementing method of claim 4, wherein in the step 2.1, if the mode is the direct sign mode, the scheduling unit sends a scheduling instruction to the scheduling agent units on the user and operator side nodes, and the user establishes a connection with the operator to start communication;
if the contract is the agent signing mode, the scheduling unit searches for an operator matched with the flow parameters in the signing contract, then sends scheduling instructions to the scheduling agents on the user and operator side nodes, and the user and the operator establish connection to start communication.
6. The service implementation method according to claim 3, wherein the step three specifically comprises:
in the direct signing mode, the settlement is carried out according to a mode specified by a contract, the user directly settles the account with the operator, and the operator clears the record of the payment to be paid on the chain after the settlement.
7. The service implementation method according to claim 3, wherein the step three specifically comprises: in the proxy-sign mode, the user may,
step 3.1, the platform server module provides settlement application to the block chain platform at the time of contract agreement;
step 3.2, the block chain platform generates a bill of the user according to the contract, the bill enters a state to be settled, and then the bill is sent back to the platform server module;
step 3.3, the platform server module sends the bill to the corresponding user;
step 3.4, the user and the third party platform perform offline settlement;
step 35, after the offline settlement is completed, the platform server module submits the settled transaction of the bill to the block chain platform;
step 3.6, the blockchain platform updates the bill status and notifies the user that the bill has been settled.
8. The service implementation method of claim 3, wherein the method further comprises:
a procedure in which the operator changes contracts and/or the user changes contracts,
the contract change process of the operator comprises the following steps: in the direct sign mode, the contract change of the operator is specified by the operator, if the user is not satisfied with the change result, the contract with the operator is selected to be terminated, and a new operator is reselected;
in the agent signing mode, an operator submits a change application to a blockchain platform, the blockchain platform records the change application and then sends a message of changing a contract of the operator to a scheduling unit in the SD-WAN service module, then the scheduling unit in the SD-WAN service module disconnects a side node of the operator, the contract state of the blockchain is changed and a contract template is sent to an operator manager, and the operator manager submits the contract to the blockchain after adding an electronic signature; the third party platform adds an electronic signature after finding an electronic contract to be stamped and uploads the electronic contract to the block chain, and the block chain informs a scheduling unit in the SD-WAN service module of new service parameters and charges of the operator after changing the contract state;
the user contract changing process is that in the direct signing mode, the user requires to change the contract and directly negotiates with an operator, and a new contract is uploaded to a block chain after the contract is changed; in the agent signing mode, an enterprise user submits a contract change application to a blockchain platform, the blockchain platform records the change application and then sends a message to a scheduling unit in an SD-WAN service module to inform the user that the contract is changed, and the scheduling unit in the SD-WAN service module disconnects a user side node; then, the block chain platform changes the contract state and sends the contract template to the corresponding user, and the user submits the contract to the block chain after adding the electronic signature; the platform server module adds an electronic signature after finding the electronic contract to be stamped and uploads the electronic contract to the block chain; and after receiving the contract signed by the two parties, the block chain informs a scheduling unit, a user and a third party platform party in the SD-WAN service module that the contract is changed and completed, and the SD-WAN service module starts scheduling.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010923513.5A CN112235239B (en) | 2020-09-04 | 2020-09-04 | SD-WAN service system based on block chain and implementation method thereof |
| PCT/CN2020/120651 WO2022047890A1 (en) | 2020-09-04 | 2020-11-06 | Blockchain-based sd-wan service system, and implementation method for same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010923513.5A CN112235239B (en) | 2020-09-04 | 2020-09-04 | SD-WAN service system based on block chain and implementation method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112235239A CN112235239A (en) | 2021-01-15 |
| CN112235239B true CN112235239B (en) | 2021-08-24 |
Family
ID=74116365
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010923513.5A Active CN112235239B (en) | 2020-09-04 | 2020-09-04 | SD-WAN service system based on block chain and implementation method thereof |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112235239B (en) |
| WO (1) | WO2022047890A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113961571B (en) * | 2021-12-22 | 2022-03-22 | 太极计算机股份有限公司 | Multi-mode data sensing method and device based on data probe |
| CN114390460A (en) * | 2022-01-17 | 2022-04-22 | 湖南塔澳通信有限公司 | Cloud SIM service subscription and management platform |
| CN115348211B (en) * | 2022-07-04 | 2024-03-19 | 深圳市高德信通信股份有限公司 | Method for processing computing tasks using available network nodes |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136864A (en) * | 2007-09-30 | 2008-03-05 | 中兴通讯股份有限公司 | Service information based resource demand admittance controlled method |
| CN107645715A (en) * | 2016-07-22 | 2018-01-30 | 华为终端(东莞)有限公司 | The method and apparatus for formulating user's set meal |
| CN109447643A (en) * | 2018-10-31 | 2019-03-08 | 中国银联股份有限公司 | A kind of data-sharing systems and data sharing method based on block chain |
| CN109840845A (en) * | 2018-11-23 | 2019-06-04 | 北京太一智源科技有限公司 | Communicate settlement method |
| CN109961281A (en) * | 2017-12-22 | 2019-07-02 | 中国电信股份有限公司 | Flow settlement method, system and base station and computer readable storage medium |
| CN110248351A (en) * | 2019-07-02 | 2019-09-17 | 中国联合网络通信集团有限公司 | A kind of communication means based on block chain, local number portability home location register |
| CN110490684A (en) * | 2018-07-09 | 2019-11-22 | 江苏恒宝智能系统技术有限公司 | A kind of railway booking management system based on block chain |
| CN111353783A (en) * | 2018-12-21 | 2020-06-30 | 西安佰才邦网络技术有限公司 | Block chain based signing method and equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2278539A1 (en) * | 2009-07-17 | 2011-01-26 | Tomasz Hundt | Method for performing financial operations and mobility account system |
| US11251963B2 (en) * | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
-
2020
- 2020-09-04 CN CN202010923513.5A patent/CN112235239B/en active Active
- 2020-11-06 WO PCT/CN2020/120651 patent/WO2022047890A1/en active Application Filing
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136864A (en) * | 2007-09-30 | 2008-03-05 | 中兴通讯股份有限公司 | Service information based resource demand admittance controlled method |
| CN107645715A (en) * | 2016-07-22 | 2018-01-30 | 华为终端(东莞)有限公司 | The method and apparatus for formulating user's set meal |
| CN109961281A (en) * | 2017-12-22 | 2019-07-02 | 中国电信股份有限公司 | Flow settlement method, system and base station and computer readable storage medium |
| CN110490684A (en) * | 2018-07-09 | 2019-11-22 | 江苏恒宝智能系统技术有限公司 | A kind of railway booking management system based on block chain |
| CN109447643A (en) * | 2018-10-31 | 2019-03-08 | 中国银联股份有限公司 | A kind of data-sharing systems and data sharing method based on block chain |
| CN109840845A (en) * | 2018-11-23 | 2019-06-04 | 北京太一智源科技有限公司 | Communicate settlement method |
| CN111353783A (en) * | 2018-12-21 | 2020-06-30 | 西安佰才邦网络技术有限公司 | Block chain based signing method and equipment |
| CN110248351A (en) * | 2019-07-02 | 2019-09-17 | 中国联合网络通信集团有限公司 | A kind of communication means based on block chain, local number portability home location register |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022047890A1 (en) | 2022-03-10 |
| CN112235239A (en) | 2021-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112235239B (en) | SD-WAN service system based on block chain and implementation method thereof | |
| US7653933B2 (en) | System and method of network authentication, authorization and accounting | |
| CN108876669B (en) | Course notarization system and method applied to multi-platform education resource sharing | |
| US20060212574A1 (en) | Policy interface description framework | |
| CN109300038B (en) | Resource flow transaction system | |
| EP3069562B1 (en) | Method of managing resources | |
| CN111027936A (en) | Workflow realization method, equipment and medium based on intelligent contract in alliance network | |
| JP7226858B2 (en) | Method and device for providing roaming service using blockchain | |
| EP1217762A2 (en) | A resource management and billing system for a broadband satellite communications system | |
| US20060080438A1 (en) | Brokering network resources | |
| WO2022095022A1 (en) | Method and apparatus for scheduling computing resources, computer device, and storage medium | |
| CN111786817B (en) | Safe high-speed data channel in block chain wireless access network and design method thereof | |
| CN111338906A (en) | Terminal equipment, edge node and block chain-based application supervision method and system | |
| CN112468537A (en) | Block chain network building structure based on local area network environment and data processing method | |
| CN103139772A (en) | Method for processing terminal accessed to local area network and method and device for used data statistic | |
| CN110138779A (en) | A kind of Hadoop platform security control method based on multi-protocols reverse proxy | |
| CN116761148A (en) | V2X identity management system and authentication method based on blockchain | |
| CN116402605A (en) | Subscription transaction system of user-defined network based on blockchain and interaction method thereof | |
| CN116186749A (en) | Block chain-based service processing method and device, electronic equipment and readable medium | |
| CN105530242B (en) | Comprehensive service processing method and system for satellite communication network | |
| CN116186786A (en) | Block chain-based service processing method and device, electronic equipment and readable medium | |
| CN113596082A (en) | Method and system for determining equipment data and electronic device | |
| JP2022518621A (en) | How to provide neutral network services using blockchain and systems and equipment for that purpose | |
| JP3621324B2 (en) | Virtual private network usage rule management method and apparatus | |
| CN115277686B (en) | Data transmission method, device, equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |