CN112910790B - Diversion system and method thereof - Google Patents
Diversion system and method thereof Download PDFInfo
- Publication number
- CN112910790B CN112910790B CN202110184241.6A CN202110184241A CN112910790B CN 112910790 B CN112910790 B CN 112910790B CN 202110184241 A CN202110184241 A CN 202110184241A CN 112910790 B CN112910790 B CN 112910790B
- Authority
- CN
- China
- Prior art keywords
- network
- traffic
- diversion
- flow
- acceleration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
- H04L41/083—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for increasing network speed
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The embodiment of the invention relates to the technical field of computer networks and discloses a diversion system and a diversion method. The diversion system comprises: the first switch, the first diversion device, the first network exit device; the first exchanger is connected with first diversion equipment; the first diversion device is connected with the network outlet device; the first switch is used for receiving the traffic of the user node and transmitting the traffic to the first diversion equipment; the first flow guiding device is used for receiving the flow transmitted by the first switch, transmitting the flow to be accelerated to an acceleration network through the first network outlet device according to the identification result of the flow, and transmitting the flow which does not need to be accelerated to a common network through the network outlet device; the first diversion equipment is also used for transmitting the traffic received through the first network outlet equipment to the user node through the switch, so that the identification and guidance of the traffic can be realized without changing the original network topology and configuration, and the deployment mode is simple.
Description
Technical Field
The embodiment of the invention relates to the technical field of computer networks, in particular to a diversion system and a diversion method.
Background
As enterprise size and business grow, the types of traffic for enterprises become increasingly rich, and in an enterprise's network, many different types of lines are typically required to carry different types of traffic. In order to implement the routing of different types of traffic to different networks, the related art often directs the traffic to corresponding devices in the original network by means of static routing or dynamic routing, thereby directing the traffic to the different networks.
However, the related art needs to change the original network configuration or network topology of the lan by performing the diversion through the static routing or dynamic routing, and especially in the lan with many network nodes, it is complicated and difficult to implement the diversion by changing the configuration and deployment of the network.
Disclosure of Invention
The embodiment of the invention aims to provide a diversion system and a diversion method, which can conduct flow guidance without changing the original network configuration or network topology and simplify the deployment mode.
In order to solve the above technical problems, an embodiment of the present invention provides a diversion system, including: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network; the first switch, the first diversion device and the first network egress device are deployed in a first local area network; the first exchanger is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device; the first switch is used for receiving the traffic of the user node and transmitting the traffic to the first diversion equipment; the first diversion equipment is used for receiving the traffic transmitted by the first switch, sending the traffic to be accelerated to the acceleration network through the first network outlet equipment according to the identification result of the traffic, and sending the traffic which does not need to be accelerated to the Internet through the first network outlet equipment; the flow identification result is determined according to the flow characteristics; the first network outlet device is configured to receive the traffic transmitted by the first diversion device, and send the traffic to the acceleration network or the internet; the accelerating network is in communication connection with the second diversion device and is used for transmitting the traffic received from the first network outlet device to the second diversion device or an application server; or the acceleration network is in communication connection with the second network outlet device and is used for transmitting the traffic received from the first network outlet device to the second network outlet device or an application server; wherein the second flow directing device and the second network egress device are both deployed in a second local area network; the first flow directing device is further configured to transmit traffic received through the first network egress device to the user node via the first switch.
The embodiment of the invention also provides a diversion method which is applied to the diversion system, wherein the diversion system comprises a first exchanger, first diversion equipment, first network outlet equipment and an acceleration network; the first switch, the first diversion device and the first network egress device are deployed in a first local area network; the first exchanger is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device, and the diversion method comprises the following steps: the first switch receives the traffic of the user node and transmits the traffic to the first diversion equipment; after receiving the traffic transmitted by the first switch, the first diversion device sends the traffic to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic, and sends the traffic which does not need to be accelerated to the Internet through the first network outlet device; the flow identification result is determined according to the flow characteristics; the first network outlet device sends the traffic to the acceleration network or the internet after receiving the traffic transmitted by the first diversion device; the accelerating network is in communication connection with the second diversion device, and the accelerating network transmits the traffic received from the first network outlet device to the second diversion device or the application server after receiving the traffic from the first network outlet device; or the accelerating network is in communication connection with the second network outlet device, and the accelerating network transmits the traffic received from the first network outlet device to a second network outlet device or an application server after receiving the traffic from the first network outlet device; the second diversion equipment and the second network outlet equipment are both deployed in a second local area network; and if the first diversion equipment receives the traffic from the first network outlet equipment, transmitting the traffic received from the first network outlet equipment to the user node.
In contrast to the related art, the flow guiding system of the embodiment of the present invention includes: the first switch, the first diversion equipment, the first network exit equipment and the accelerating network, wherein the first switch is connected with the first diversion equipment, and the first diversion equipment is connected with the first network exit equipment; in addition, the first switch of the embodiment is configured to receive a traffic of a user node, and transmit the traffic to the first diversion device; the first flow guiding device transmits the flow which does not need to be accelerated to the Internet through the network outlet device according to the identification result of the flow, the flow which needs to be accelerated is transmitted to the acceleration network through the first network outlet device, the acceleration network transmits the flow to the application server or the network device in another local area network, the flow which accesses the other local area network or the flow which accesses the cloud can be accelerated, the network quality service of the flow which needs to be accelerated is ensured, in addition, different flows can be accelerated or not accelerated, the requirements of users on the flow transmission speed are met, and the user experience is improved.
In addition, a bypass network card is installed on the first diversion equipment, and the bypass network card is used for transmitting the flow received from the first switch to the first network outlet equipment when the first diversion equipment is down or has service failure. By installing the bypass network card on the diversion equipment, when the diversion equipment is deployed in series, even if the diversion equipment fails, the diversion equipment can still transmit the flow through the bypass network card, namely the local area network can still access the network, and the stability and the robustness of the transmission flow of the diversion system are improved.
In addition, the acceleration network includes: a first acceleration network for accelerating traffic to be transmitted to an application server, and a second acceleration network for accelerating traffic to be transmitted to the second local area network; the first acceleration network and the second acceleration network each include: an access device; the first and second flow directing devices also each include: a tunnel module and an agent module; the proxy module of the first diversion device is configured to establish a TCP long connection with the access device of the first acceleration network, and transmit, through the established TCP long connection, the traffic to be transmitted to the application server to the access device of the first acceleration network through the first network egress device; the tunnel module of the first diversion device is configured to establish a VPN tunnel with the access device of the second acceleration network, and transmit, through the established VPN tunnel, the traffic to be transmitted to the second local area network to the access device of the second acceleration network through the first network egress device. By establishing the TCP long connection, a plurality of data packets can be continuously sent on one TCP connection, so that the consumption of TCP connection establishment and closing is saved, and the efficiency of accessing an application server is improved; by establishing the VPN tunnel, the safety of traffic transmission between local area networks is ensured, and compared with the prior art that traffic transmission between different local area networks is realized by establishing a physical private line, the embodiment of the invention simplifies the complexity of network deployment and reduces the cost of network deployment.
In addition, the tunnel module of the first diversion device is further configured to encapsulate the traffic to be transmitted to the second local area network based on a VPN protocol, so as to obtain an encapsulated traffic; after receiving the encapsulated traffic, the tunnel module of the second diversion device decapsulates the encapsulated traffic based on a VPN protocol, and transmits the decapsulated traffic to a user node through the second switch. Based on VPN protocol, traffic is encapsulated, so that traffic can be transmitted through VPN tunnel, and traffic transmission safety is ensured.
In addition, the access device of the first acceleration network is configured to receive the traffic to be transmitted to the application server, select an optimal network line for the traffic to be transmitted to the application server, and transmit the traffic to be transmitted to the application server to the optimal network line; the access device of the second acceleration network is configured to receive the traffic to be transmitted to the second local area network, select an optimal network line for the traffic to be transmitted to the second diversion device, and transmit the traffic to be transmitted to the second diversion device to the optimal network line. The access equipment of the acceleration network obtains an optimal website line by detecting the network line, and the flow is transmitted by the optimal network line, so that the flow transmission efficiency is further improved.
In addition, the second local area network further includes: a second switch; when the accelerating network is in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device. The second diversion equipment in the embodiment of the invention is deployed on the second local area network in a side hanging mode.
In addition, the second local area network further includes: a second switch; when the acceleration network is in communication connection with the second network egress device, the second network egress device is connected with the second flow guiding device, and the second flow guiding device is connected with the second switch. The second diversion equipment in the embodiment of the invention is serially arranged in the second local area network.
Drawings
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings.
FIG. 1 is a network schematic diagram of a first local area network in a diversion system in accordance with a first embodiment of the present invention;
FIG. 2 is a schematic diagram of a diversion system in accordance with a first embodiment of the present invention;
FIG. 3 is a network diagram of a second local area network in a diversion system in accordance with a second embodiment of the present invention;
FIG. 4 is a network schematic diagram of a local area network according to the related art;
FIG. 5 is a schematic diagram of an enterprise deployment diversion system in accordance with a second embodiment of the present invention;
fig. 6 is a flow chart of a diversion method in a third embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, those of ordinary skill in the art will understand that in various embodiments of the present invention, numerous technical details have been set forth in order to provide a better understanding of the present application. However, the technical solutions claimed in the present application can be implemented without these technical details and with various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not be construed as limiting the specific implementation of the present invention, and the embodiments can be mutually combined and referred to without contradiction.
A first embodiment of the invention relates to a diversion system. The diversion system of the present embodiment includes: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network; the first switch, the first diversion device and the first network egress device are deployed in a first local area network; the first exchanger is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device; the first switch is used for receiving the traffic of the user node and transmitting the traffic to the first diversion equipment; the first diversion equipment is used for receiving the traffic transmitted by the first switch, sending the traffic to be accelerated to the acceleration network through the first network outlet equipment according to the identification result of the traffic, and sending the traffic which does not need to be accelerated to the Internet through the first network outlet equipment; the flow identification result is determined according to the flow characteristics; the first network outlet device is configured to receive the traffic transmitted by the first diversion device, and send the traffic to the acceleration network or the internet; the accelerating network is in communication connection with the second diversion device and is used for transmitting the traffic received from the first network outlet device to the second diversion device or an application server; or the acceleration network is in communication connection with the second network outlet device and is used for transmitting the traffic received from the first network outlet device to the second network outlet device or an application server; wherein the second flow directing device and the second network egress device are both deployed in a second local area network; the first flow directing device is further configured to transmit traffic received through the first network egress device to the user node via the first switch.
In contrast to the related art, the flow guiding system of the embodiment of the present invention includes: the first switch, the first diversion equipment, the first network exit equipment and the accelerating network, wherein the first switch is connected with the first diversion equipment, and the first diversion equipment is connected with the first network exit equipment; in addition, the first switch of the embodiment is configured to receive a traffic of a user node, and transmit the traffic to the first diversion device; the first flow guiding device transmits the flow which does not need to be accelerated to the Internet through the network outlet device according to the identification result of the flow, the flow which needs to be accelerated is transmitted to the acceleration network through the first network outlet device, the acceleration network transmits the flow to the application server or the network device in another local area network, the flow which accesses the other local area network or the flow which accesses the cloud can be accelerated, the network quality service of the flow which needs to be accelerated is ensured, in addition, different flows can be accelerated or not accelerated, the requirements of users on the flow transmission speed are met, and the user experience is improved.
The implementation details of the diversion system of the present embodiment are specifically described below, and the following details are provided only for facilitating understanding, and are not necessary for implementing the present embodiment.
In the first embodiment of the present invention, the diversion system may provide services for users of two local area networks, which may be two local area networks deployed at two office sites by the same enterprise. The deployment structure of the diversion system in the first local area network is shown in fig. 1, and the first local area network may include: network egress device 101, flow directing device 102, switch 103.
Each user node 104 in the local area network is in communication connection with the switch 103, the traffic sent by each user node 104 to the external network can be forwarded through the switch 103, and the switch 103 is connected with the diversion equipment 102; the diversion device 102 is connected with the network exit device 101; the network outlet device 101 is connected to an internet network and an acceleration network.
The network egress device may be a router, a firewall, a switch, etc., and the embodiment does not limit the type of the network egress device. The acceleration network may be a service network constructed by a network service provider, for example, a content delivery network (Content Delivery Network, abbreviated as "CDN network"), a software-defined wide area network SD-WAN, etc., and the acceleration network may have a plurality of service nodes, including POP (point-of-presence) nodes, i.e., access devices, between which communication lines may be laid according to actual needs, where the communication lines may include physical dedicated lines, and multiprotocol label switching (Multi-Protocol Label Switching, abbreviated as "MPLS") dedicated lines. The accelerating networks can provide proxy service for the traffic, so that the traffic can reach the destination address quickly and safely, or can get a response quickly. The present embodiment does not limit the type of acceleration network. Long connection is established between POP points of the CDN through TCP, and connection is established between POP points of the SD-WAN through IPsec. In the process of accelerating network transmission, the flow can walk the route and path with the best network quality from the entrance POP point to the exit POP point according to the network detection result among the POP points, and access the source station through the exit POP point.
The switch 103 is configured to receive traffic from each user node 104 in the lan, and forward the traffic sent by the user node to the flow guiding device 102.
The flow guiding device 102 is configured to receive the traffic transmitted by the switch, identify the traffic based on the characteristics of the traffic, transmit the traffic to be accelerated to the acceleration network through the network outlet device according to the identification result of the traffic, transmit the traffic to the destination address of the request through the acceleration network, and transmit the traffic without acceleration to the internet through the network outlet device, and transmit the traffic to the destination address of the traffic through the internet. The characteristics of the traffic may include five-tuple of the traffic, i.e. an IP address, a source port, a destination IP address, a destination port and a transport layer protocol, or application message characteristics, such as a data format in a message, specific content included in a message, etc., after receiving the traffic, the first flow guiding device may identify the traffic based on the five-tuple of the traffic and/or the application message characteristics, so as to determine whether the traffic needs to be accelerated, and a corresponding acceleration network, and specifically, may set an identification rule on the flow guiding device according to actual requirements, for example, may determine that the traffic accessing other internal networks in the enterprise and the traffic of some target application services need to be accelerated, and determine other traffic except for the traffic as the traffic that does not need to be accelerated.
Fig. 1 is a device architecture of a diversion system deployed in one local area network, and when the diversion system needs to provide services for a plurality of local area network users, corresponding diversion devices need to be deployed in each local area network, specifically, the device architecture deployed in each local area network may be the same as that shown in fig. 1, or may be deployment based on other structures, for example, the diversion devices may be deployed between an original switch and a network egress device of the local area network in a side-hanging manner, and the invention is not limited thereto. This embodiment will briefly illustrate the application architecture of the diversion system serving two lans based on the same deployment in different lans as shown in fig. 2.
In the second local area network of fig. 2, the accelerating network is communicatively coupled to a second network egress device, the second network egress device is coupled to a second flow directing device, and the second flow directing device is coupled to a second switch. That is, the device architecture of the first lan deployment and the device architecture of the second lan deployment in fig. 2 are the same as those shown in fig. 1, and will not be described here again.
In the network deployment of the first local area network and the second local area network in this embodiment, the flow guiding device is connected in series between the switch and the network exit device, at least one local area network card and at least one wide area network card exist on the flow guiding device, the flow guiding device is connected with the switch through the local area network card and is connected with the network exit device through the wide area network card, the flow guiding device recognizes the flow after receiving the flow, and the flow to be accelerated is guided to the service link of the acceleration network.
In one example, the first diversion device may further have a bypass network card installed thereon, where the bypass network card is configured to transmit the traffic received from the first switch to the first network egress device when the first diversion device is down or has a service failure. According to the embodiment, the bypass network card is arranged on the flow guiding equipment, so that when the flow guiding equipment is deployed in the local area network in series, even if the flow guiding equipment fails, the flow can still be transmitted through the bypass network card, namely the local area network can still access the network, and the stability of the transmission flow of the flow guiding system is improved. The second diversion device in the second local area network of the embodiment may also be provided with a bypass network card.
In one example, the acceleration network includes: a first acceleration network for accelerating traffic to be transmitted to an application server, such as: a CDN network, and a second acceleration network for accelerating traffic to be transmitted to the second local area network, for example: an SD-WAN network; the first acceleration network and the second acceleration network each include: the access device, the POP point in fig. 2; the first and second flow directing devices also each include: a tunnel module and an agent module; the proxy module of the first diversion device is used for establishing a TCP long connection with the access device of the first acceleration network, transmitting the traffic to be transmitted to the application server to the access device of the first acceleration network through the established TCP long connection via the first network outlet device, the tunnel module of the first diversion device is used for establishing a VPN tunnel, such as an IPSec (Internet Protocol Security, internet security protocol) tunnel, with the access device of the second acceleration network, establishing BGP neighbors with the POP point and releasing local networks respectively, realizing network intercommunication, and transmitting the traffic to be transmitted to the second local area network to the access device of the second acceleration network through the established VPN tunnel via the first network outlet device. In this embodiment the connection established between the second local area network and the accelerating network is the same as the first local area network. The application server of the present embodiment may be a server providing a SAAS (Software-as-a-Service) application.
After the connection establishment is completed, traffic transmission can be performed, and the traffic transmission process is described below.
After the flow identification module of the first diversion device receives the flow forwarded by the first switch, the flow is identified based on the characteristics of the flow, for example, the flow is identified to be the flow A to be transmitted to the second local area network, the flow B1 to be transmitted to the application server or the network device in another local area network, the flow C1 which does not need acceleration is set, and the flow A and the flow B1 are all set to be flows which need acceleration.
And transmitting the traffic A identified to be transmitted to the second local area network to a tunnel module, wherein the tunnel module encapsulates the traffic A based on a VPN protocol to obtain encapsulated traffic A, transmitting the encapsulated traffic A to a POP point nearby the first local area network through an established VPN tunnel, so that the traffic enters a second accelerating network, transmitting the traffic to second network outlet equipment through the second accelerating network, transmitting the traffic to the tunnel module by the second network outlet equipment, decapsulating the traffic A by the tunnel module, transmitting the decapsulated traffic A to a second switch, and transmitting the decapsulated traffic A to a target node by the second switch. The present embodiment uses tunneling to encapsulate, route, and decapsulate traffic based on VPN protocols. The tunnel module encapsulates (or conceals) the original data packet within a new data packet based on the VPN protocol, the new data packet (i.e., the encapsulated traffic) including new addressing and routing information, thereby enabling the encapsulated traffic to be transported over the accelerated network. Because the traffic is encapsulated, a person eavesdropping on the network cannot acquire the original data packet data, the original source address and the original target address, and data confidentiality is improved. After the encapsulated data packet, i.e. the encapsulated traffic, reaches the diversion device, the encapsulation is deleted, i.e. the decapsulation is performed, so that the original data packet header in the decapsulated traffic is exposed, and the data packet is conveniently routed to the final destination, i.e. the user node.
For the traffic B1 identified by the traffic identification module as being to be transmitted to the application server or to the network device in another local area network, the traffic identification module of the first flow guiding device transmits the traffic B1 to the proxy module, the proxy module encapsulates the traffic using a proxy technology, such as based on a TCP protocol, the traffic B1 is transmitted to a POP point through the first network egress device through the established TCP long connection, the POP point proxies the access request of the first local area network, and the access is returned through the first acceleration network, the POP point transmits the obtained traffic to the proxy module of the second flow guiding device through the first network egress device, the proxy module of the second flow guiding device decapsulates the traffic based on the TCP protocol, the decapsulated traffic is transmitted to the switch, and the switch routes the traffic to the user node according to the original data packet header in the decapsulated traffic.
In one example, the first network outlet device transmits the traffic to be accelerated to the access device of the first acceleration network or the second acceleration network, and after the access device of the first acceleration network receives the traffic to be transmitted to the application server, the access device of the first acceleration network may select an optimal network line for the traffic to be transmitted to the application server, and transmit the traffic to be transmitted to the application server to the optimal network line; and after the access equipment of the second accelerating network receives the flow transmitted to the second local area network, selecting an optimal network line for the flow to be transmitted to the second diversion equipment, and transmitting the flow to be transmitted to the second diversion equipment to the optimal network line. The evaluation standard of the network line can be set according to the actual application requirement, for example, the network line can be evaluated by comprehensively considering factors such as line delay, packet loss rate, cost and the like according to the actual requirement of a client.
And the flow identification module of the first diversion equipment identifies the flow C1 which does not need acceleration, namely does not need to provide any acceleration service, the first diversion equipment does not process the flow C1, the flow C1 is transmitted to the first network outlet equipment, and the network outlet equipment transmits the flow C1 to the user node through an internet network provided by a network operator.
It should be noted that, the above-mentioned diversion system may provide acceleration service for the traffic accessing another lan and acceleration service for the traffic accessing the application server, and in practical application, the user may set the traffic that needs to provide acceleration service according to his own requirement, for example, only provide acceleration service for the traffic accessing the application server, or only provide acceleration access for the traffic accessing another lan. The above-mentioned two accelerating networks are taken as an example, the flow guiding system of the embodiment can also support multiple accelerating networks, identify different flows, and guide the flows into different networks, thereby realizing accelerating or non-accelerating processing on the networks, and meeting the transmission speed requirements of users on different flows.
According to the embodiment, the first diversion equipment is connected in series to the original network, namely, the first diversion equipment is respectively connected with the original first switch and the original first network outlet equipment in the local area network, so that diversion can be realized, the original network topology and the original network configuration are not required to be changed, and the deployment mode is simple; in addition, the first switch of the embodiment is configured to receive a traffic of a user node, and transmit the traffic to the first diversion device; the first flow guiding device transmits the flow which does not need to be accelerated to the Internet through the network outlet device according to the identification result of the flow, the flow which needs to be accelerated is transmitted to the acceleration network through the first network outlet device, the acceleration network transmits the flow to the application server or the network device in another local area network, the flow which accesses the other local area network or the flow which accesses the cloud can be accelerated, the network quality service of the flow which needs to be accelerated is ensured, in addition, different flows can be accelerated or not accelerated, the requirements of users on the flow transmission speed are met, and the user experience is improved.
A second embodiment of the invention relates to a diversion system. The second embodiment is substantially identical to the first embodiment, with the main differences: in the second local area network, the accelerating network is directly connected with second diversion equipment in a communication way, the second diversion equipment is connected with a second switch, and the second switch is connected with second network outlet equipment.
The network deployment architecture of the second lan is shown in fig. 3.
The switch 302 is respectively connected with the network outlet device 301 and the diversion device 303, and the diversion device 303 communicates with the network outlet device 101 through the switch 102, in other words, the diversion device 103 is hung beside the switch 102 of the local area network; in a local area network, traffic sent from user nodes 304 in each network to the external network is forwarded through a switch 302, a network outlet device 301 is in communication connection with the switch 302, and can access the internet network, and a diversion device 303 is connected with an acceleration network.
The switch 302 is configured to receive traffic sent by the user node 304 in the lan and forward the traffic to the diversion device 303; the flow guiding device 303 is configured to receive the traffic forwarded by the switch 102, transmit the traffic to be accelerated to the application server or the network exit device of the first local area network through the acceleration network according to the identification result of the traffic, forward the traffic without acceleration to the switch 302, and transmit the traffic to the network exit device 301 through the switch 302; the network egress device 301 may transmit traffic received from the switch 302 to the Internet network, through which the traffic is transmitted to its requested destination address; wherein the diversion device 303 is further configured to transmit traffic received over the acceleration network to the user node via the switch 302. In addition, in practical application, the switch 302 may forward all the received traffic from the intranet user node to the diversion device 303, or may set a distribution rule on the switch 302 according to practical requirements, so that only part of the traffic is forwarded to the diversion device, and other parts of the traffic may be directly forwarded to the network outlet device 301.
The above-mentioned network deployment structure of the second local area network in the flow guiding system is substantially the same as the network deployment structure of the first local area network in the first embodiment of the present invention described in fig. 1, which is not described herein, and hereinafter, the flow guiding system of the present embodiment is briefly described in conjunction with an actual application scenario.
For enterprise a, as shown in fig. 4, the network deployment structure of the lan 1 of enterprise a is that the user node 403 is communicatively connected to the switch 402, the switch 402 is communicatively connected to the network outlet device 401, and as the scale of enterprise a increases, an enterprise division is newly built, and the lan 2 is built in the enterprise division, where the lan 1 and the lan 2 can only communicate through the Internet network provided by the network operator without accessing the network service provider, but the quality of the Internet network is poor and the security is not high. Therefore, the diversion system of the embodiment can be used to provide high-quality network service for enterprise users, and the diversion device can be connected between the original switch and the original network outlet device in the local area network 1 in a serial connection manner, namely, the deployment structure shown in fig. 1; the local area network 2 may use a bypass mode to connect the diversion device with the original switch, i.e. the deployment structure shown in fig. 2. The flow guiding devices in the local area network 1 and the local area network 2 are used for identifying the flow sent by the user nodes in the network, so that the acceleration service of the flow is realized, the network communication quality of the inter-network and specific external network applications is improved, and the flow guiding systems of the enterprise local area network 1 and the enterprise local area network 2 are shown in fig. 5.
Two accelerating networks are deployed in the diversion system shown in fig. 5: an IPsec tunnel can be established between the POP points of the SD-WAN network and the CDN network, and network communication can be performed between the POP points of the CDN network based on TCP or UDP protocols. The POP nodes of the acceleration network can periodically detect the line quality among each other, such as parameters of time delay, packet loss rate and the like, share detection results, and each POP node which is in butt joint with the user local area network can determine the optimal network line according to the detection results and the client requirements.
The flow guiding device 1 of the enterprise local area network 1 is provided with a LAN card and a WAN card, the LAN port is directly connected with an original switch, the WAN port is connected with an original network outlet device, a tunnel module of the flow guiding device 1 is connected with a POP point (same region and operator) of an SD-WAN network to establish a VPN tunnel, and an agent module of the flow guiding device 1 is connected with the POP point (same region and operator) of the CDN network in a TCP long way. Wherein, the VPN tunnel and the TCP long connection are both logic connection.
The diversion equipment 2 of the enterprise local area network 2 is provided with three network interfaces, namely a WAN1 port, a WAN2 port and a WAN3 port, which correspond to the three network cards WAN1, WAN2 and WAN3 respectively. The diversion equipment 2 is deployed in a local area network of a corresponding site in a side hanging mode, a VPN tunnel is established between a tunnel module of the diversion equipment 2 and a POP point (same region and operator) of the SD-WAN network, and a TCP long connection is established between an agent module of the diversion equipment 2 and the POP point (same region and operator) of the CDN network.
Taking the example that the enterprise local area network 1 transmits the traffic to the enterprise local area network 2, the traffic of the user node of the enterprise local area network 1 is forwarded to the diversion equipment 1 from the original switch, and the traffic identification module of the diversion equipment 1 identifies the traffic according to the traffic characteristics carried by the traffic, so that the following three traffic types are identified:
(1) Flow a: intranet traffic interworking with the enterprise lan 2, i.e. traffic to be transmitted to the second lan;
(2) Flow B1: accessing a cloud service target application, such as traffic of SAAS service, namely traffic to be transmitted to an application server;
(3) Flow C1: no traffic to accelerate the service is required.
The flow A and the flow B1 are flows which need to be accelerated, and the flows A and B1 send corresponding POP points of an acceleration network through the original network outlet equipment by the flow guiding equipment 1; the flow C1 needs not to be accelerated and needs to be sent to the Internet network through the network outlet device.
The transmission of the flow B1 and the flow C1 is substantially the same as that of the flow B1 and the flow C1 in the first embodiment, and will not be described here.
For the flow A, the flow identification module of the flow guiding device 1 is used for identifying the flow A to be transmitted to the second local area network, namely, the flow A communicated with the enterprise local area network 2 is transmitted to the tunnel module of the flow guiding device 1, the tunnel module of the flow guiding device 1 is packaged based on VPN protocol to obtain the packaged flow A, the packaged flow A is transmitted to a POP point nearby the first local area network through the established VPN tunnel via the original network exit device, so that the flow enters the SD-WAN network and is transmitted to the tunnel module of the flow guiding device 2 through the second accelerating network, the tunnel module of the flow guiding device 2 is used for unpacking the flow A, the unpacked flow A is transmitted to the original switch of the enterprise local area network 2, and the original switch of the enterprise local area network 2 is used for transmitting the unpacked flow A to the target node. The present embodiment uses tunneling to encapsulate, route, and decapsulate traffic based on VPN protocols. The tunnel module encapsulates (or conceals) the original data packet within a new data packet based on the VPN protocol, the new data packet (i.e., the encapsulated traffic) including new addressing and routing information, thereby enabling the encapsulated traffic to be transported over the accelerated network. Because the traffic is encapsulated, a person eavesdropping on the network cannot acquire the original data packet data, the original source address and the original target address, and data confidentiality is improved. After the encapsulated data packet, i.e. the encapsulated traffic, reaches the diversion device, the encapsulation is deleted, i.e. the decapsulation is performed, so that the original data packet header in the decapsulated traffic is exposed, and the data packet is conveniently routed to the final destination, i.e. the user node.
The above flow a is the flow of the enterprise lan 1 accessing the enterprise lan 2, and the flow a is taken as the flow of the enterprise lan 2 to be transmitted to the enterprise lan 1 as an example, and the process of transmitting the flow of the enterprise lan 2 to the enterprise lan 1 will be described.
The flow guiding device 2 receives the flow A from the original switch of the enterprise local area network 2, the flow identification module of the flow guiding device 2 transmits the flow A which is identified to be transmitted to the second local area network to the tunnel module of the flow guiding device 2, the tunnel module of the flow guiding device 2 encapsulates the flow A based on VPN protocol to obtain the encapsulated flow A, the encapsulated flow A is transmitted to a POP point nearby the enterprise local area network 2 through an established VPN tunnel, so that the flow enters an SD-WAN network, the POP point performs network detection, an optimal network line is selected in the SD-WAN network to transmit the flow A to the POP point nearby the enterprise local area network 1, the POP point nearby the enterprise local area network 1 transmits the flow A to the tunnel module of the flow guiding device 1 through the established VPN tunnel, the tunnel module of the flow guiding device 1 decapsulates the flow A based on VPN protocol, the decapsulated flow A is transmitted to the original switch of the enterprise local area network 2, and the original switch of the enterprise local area network 2 transmits the decapsulated flow A to a target node.
In one example, the diversion device 1 of the enterprise lan 1 is further provided with a pair of bypass network cards, which transmit the traffic received from the original switch to the original network egress device.
The diversion equipment of the first local area network in the embodiment supports deployment to the original network in a serial connection manner, does not need to change the original network topology and network configuration, does not need to additionally deploy other lines by a user, and only needs to use the deployment lines in the original local area network. After the user flow passes through the flow guiding device, the flow guiding device identifies the flow, the flow which does not need to be accelerated is not processed, the flow which needs to be accelerated is guided into a corresponding acceleration network, and the flow guiding device of the second local area network can also use a side hanging mode, so that the deployment mode is flexible. The flow guiding system of the embodiment can acquire the requested data from the cloud faster to accelerate the transmission of the flow accessing the cloud, so that the response efficiency of the data request is improved, the user experience is enhanced, the acceleration transmission of the intranet flow among different nodes of the enterprise is also realized by establishing a communication link with the second acceleration network, the flow transmission speed of each local area network among the enterprises is improved, compared with the case that a special line is established among the local area networks of the enterprise, such as MPLS (multi-protocol label switching) to realize the flow acceleration transmission, or a tunnel is established on the Internet, such as IPsec to realize the flow acceleration transmission, the deployment time of the embodiment is short, the cost is lower, in addition, the flow guiding device is bypass function, and the bypass function is realized by installing the bypass network card on the flow guiding device, so that the flow guiding device can still access the network through the bypass network when in fault, and the stability of the transmission flow of the flow guiding system is improved.
A third embodiment of the present invention relates to a flow guiding method applied to a flow guiding system, the flow guiding system comprising: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network; the first switch, the first diversion device and the first network exit device are deployed in a first local area network; the first exchanger is connected with first diversion equipment; the first diversion device is connected with the first network outlet device, and the diversion method comprises the following steps: the first switch receives the traffic of the user node and transmits the traffic to the first diversion equipment; after receiving the traffic transmitted by the first switch, the first diversion device sends the traffic to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic, and sends the traffic which does not need to be accelerated to the Internet through the first network outlet device; the flow identification result is determined according to the flow characteristics; the first network outlet device sends the traffic to the acceleration network or the internet after receiving the traffic transmitted by the first diversion device; the accelerating network is in communication connection with the second diversion device, and the accelerating network transmits the traffic received from the first network outlet device to the second diversion device or the application server after receiving the traffic from the first network outlet device; or the accelerating network is in communication connection with the second network outlet device, and the accelerating network transmits the traffic received from the first network outlet device to a second network outlet device or an application server after receiving the traffic from the first network outlet device; the second diversion equipment and the second network outlet equipment are both deployed in a second local area network; and if the first diversion equipment receives the traffic from the first network outlet equipment, transmitting the traffic received from the first network outlet equipment to the user node.
According to the embodiment, the first diversion equipment is connected in series to the original network, namely, the first diversion equipment is respectively connected with the original first switch and the original first network outlet equipment in the local area network, so that diversion can be realized, the original network topology and the original network configuration are not required to be changed, and the deployment mode is simple; in addition, after receiving the traffic of the user node, the first switch of the embodiment forwards the traffic to the first diversion device; the first flow guiding device transmits the flow which does not need to be accelerated to the Internet through the network outlet device according to the identification result of the flow, the flow which needs to be accelerated is transmitted to the acceleration network through the first network outlet device, the acceleration network transmits the flow to the application server or the network device in another local area network, the flow which accesses the other local area network or the flow which accesses the cloud can be accelerated, the network quality service of the flow which needs to be accelerated is ensured, in addition, different flows can be accelerated or not accelerated, the requirements of users on the flow transmission speed are met, and the user experience is improved.
The implementation details of the flow guiding method of this embodiment are specifically described below, and the following description is merely provided for understanding the implementation details, and is not necessary to implement this embodiment. The flow rate transmission method of this embodiment is shown in fig. 6.
In step 601, the first switch receives traffic from the user node and transmits the traffic to the first flow guiding device.
Illustratively, a first switch receives traffic from a user node in a first local area network, and the traffic from the first switch is forwarded to a traffic identification module of the flow guiding device via the LAN port.
In step 602, the first diversion device identifies traffic after receiving traffic transmitted by the first switch.
The flow guiding device identifies the flow according to the flow characteristics of the flow, and an identification result of the flow is obtained; the characteristics of the traffic may include five-tuple of the traffic, i.e. an IP address, a source port, a destination IP address, a destination port and a transport layer protocol, or application message characteristics, such as a data format in a message, specific content included in a message, etc., after receiving the traffic, the first flow guiding device may identify the traffic based on the five-tuple of the traffic and/or the application message characteristics, so as to determine whether the traffic needs to be accelerated, and a corresponding acceleration network, and specifically, may set an identification rule on the flow guiding device according to actual requirements, for example, may determine that the traffic accessing other internal networks in the enterprise and the traffic of some target application services need to be accelerated, and determine other traffic except for the traffic as the traffic that does not need to be accelerated.
After the recognition is completed, when it is determined that the flow is the flow that needs acceleration, step 603 is performed.
In step 603, the first diversion device sends the traffic to be accelerated to the acceleration network through the first network egress device.
In one example, the acceleration network includes: a first acceleration network for accelerating traffic to be transmitted to an application server, and a second acceleration network for accelerating traffic to be transmitted to the second local area network; the first acceleration network and the second acceleration network each include: an access device; the access equipment of the first acceleration network is used for establishing TCP long connection with the first diversion equipment; the access equipment of the second acceleration network is used for establishing a VPN tunnel with the first diversion equipment; the flow guiding device transmits the flow to be transmitted to the application server to the access device of the first acceleration network through the first network outlet device through the established TCP long connection; and transmitting the traffic to be transmitted to the second local area network to the access device of the second acceleration network through the first network outlet device through the established VPN tunnel.
In one example, if the traffic is to be transmitted to the second local area network, before the traffic is sent to the acceleration network, the first diversion device encapsulates the traffic to be transmitted to the second local area network based on a VPN protocol to obtain an encapsulated traffic; and after receiving the encapsulated traffic, the second diversion equipment of the second local area network de-encapsulates the encapsulated traffic based on a VPN protocol, and transmits the de-encapsulated traffic to a user node through the second switch.
In one example, after receiving the traffic to be transmitted to the application server, the access device of the first acceleration network selects an optimal network line for the traffic to be transmitted to the application server, and transmits the traffic to be transmitted to the application server to the optimal network line; and after the access equipment of the second acceleration network receives the flow to be transmitted to the second local area network, selecting an optimal network line for the flow to be transmitted to the second diversion equipment, and transmitting the flow to be transmitted to the second diversion equipment to the optimal network line.
In one example, the second local area network further comprises: a second switch; when the accelerating network is in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device. That is, in the diversion system, the diversion device of the second local area network may be deployed using a side-hanging approach.
In another example, the second local area network further comprises: a second switch; when the acceleration network is in communication connection with the second network egress device, the second network egress device is connected with the second flow guiding device, and the second flow guiding device is connected with the second switch. That is, in a diversion system, the second local area network may be deployed using a tandem approach.
When the flow rate is determined to be the flow rate that does not need acceleration, step 604 is performed.
In step 604, traffic that does not require acceleration is transmitted to the generic network through the network egress device.
In the above example, the traffic without acceleration is directly transmitted to the network egress device without any processing, and the network egress device is transmitted to the normal network, i.e., the original network.
In one example, if the traffic received from the network egress device is encapsulated traffic, the encapsulated traffic is decapsulated.
In order to avoid the failure of the diversion device, the enterprise local area network cannot access other networks, and the diversion device of the embodiment can integrate the bypass function, that is, when the failure of the diversion device is detected, namely, the downtime of the diversion device or the failure of the diversion function is detected, the flow is directly transmitted to the network outlet device, the original flow transmission is not affected, and the stability of the flow transmission of the local area network is improved.
In addition, the flow to be accelerated is transmitted to an acceleration network through the network outlet equipment, and the network to be accelerated is transmitted to a common network through the network outlet equipment, so that different flows can be accelerated or not accelerated, the requirements of users on the flow transmission speed are met, the user experience is improved, and in addition, when the downtime or the flow guiding function failure of the flow guiding equipment is detected, the flow can be directly transmitted to the network outlet equipment through the flow guiding equipment without influencing the original flow transmission, and the stability of the flow transmission of the local area network is improved.
The above steps of the methods are divided, for clarity of description, and may be combined into one step or split into multiple steps when implemented, so long as they include the same logic relationship, and they are all within the protection scope of this patent; it is within the scope of this patent to add insignificant modifications to the algorithm or flow or introduce insignificant designs, but not to alter the core design of its algorithm and flow.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples of carrying out the invention and that various changes in form and details may be made therein without departing from the spirit and scope of the invention.
Claims (14)
1. A diversion system, comprising: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network; the first switch, the first diversion device and the first network egress device are deployed in a first local area network; the first exchanger is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device;
the first switch is used for receiving the traffic of the user node and transmitting the traffic to the first diversion equipment;
the first diversion equipment is used for receiving the traffic transmitted by the first switch, sending the traffic to be accelerated to the acceleration network through the first network outlet equipment according to the identification result of the traffic, and sending the traffic which does not need to be accelerated to the Internet through the first network outlet equipment; the flow identification result is determined according to the flow characteristics; the flow characteristics comprise five-tuple of flow;
The first network outlet device is configured to receive the traffic transmitted by the first diversion device, and send the traffic to the acceleration network or the internet;
the accelerating network is in communication connection with a second diversion device and is used for transmitting the traffic received from the first network outlet device to the second diversion device or an application server; or, the acceleration network is in communication connection with a second network egress device for transmitting traffic received from the first network egress device to the second network egress device or an application server;
wherein the second flow directing device and the second network egress device are both deployed in a second local area network;
the first flow directing device is further configured to transmit traffic received through the first network egress device to the user node via the first switch.
2. The diversion system of claim 1, wherein the first diversion device has a bypass network card installed thereon, the bypass network card being configured to transmit traffic received from the first switch to the first network egress device when the first diversion device is down or has a service failure.
3. The diversion system of claim 1, wherein the acceleration network comprises: a first acceleration network for accelerating traffic to be transmitted to an application server, and a second acceleration network for accelerating traffic to be transmitted to the second local area network;
the first acceleration network and the second acceleration network each include: an access device;
the first and second flow directing devices also each include: a tunnel module and an agent module;
the proxy module of the first diversion device is configured to establish a TCP long connection with the access device of the first acceleration network, and transmit, through the established TCP long connection, the traffic to be transmitted to the application server to the access device of the first acceleration network through the first network egress device;
the tunnel module of the first diversion device is configured to establish a VPN tunnel with the access device of the second acceleration network, and transmit, through the established VPN tunnel, the traffic to be transmitted to the second local area network to the access device of the second acceleration network through the first network egress device.
4. A diversion system according to claim 3 wherein a second switch is also disposed in the second local area network, the second switch being connected to the second diversion device;
The tunnel module of the first diversion device is further configured to encapsulate the traffic to be transmitted to the second local area network based on a VPN protocol, so as to obtain an encapsulated traffic;
after receiving the encapsulated traffic, the tunnel module of the second diversion device decapsulates the encapsulated traffic based on a VPN protocol, and transmits the decapsulated traffic to a user node through the second switch.
5. A diversion system according to claim 3, wherein the access device of the first acceleration network is configured to receive the traffic to be transmitted to an application server, select an optimal network line for the traffic to be transmitted to the application server, and transmit the traffic to be transmitted to the application server to the optimal network line;
the access device of the second acceleration network is configured to receive the traffic to be transmitted to the second local area network, select an optimal network line for the traffic to be transmitted to the second diversion device, and transmit the traffic to be transmitted to the second diversion device to the optimal network line.
6. The diversion system of any one of claims 1-5 wherein the second local area network further comprises: a second switch;
When the accelerating network is in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device.
7. The diversion system of any one of claims 1-5 wherein the second local area network further comprises: a second switch;
when the acceleration network is in communication connection with the second network egress device, the second network egress device is connected with the second flow guiding device, and the second flow guiding device is connected with the second switch.
8. The diversion method is characterized by being applied to a diversion system, wherein the diversion system comprises a first switch, first diversion equipment, first network outlet equipment and an acceleration network; the first switch, the first diversion device and the first network egress device are deployed in a first local area network; the first exchanger is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device, and the diversion method comprises the following steps:
the first switch receives the traffic of the user node and transmits the traffic to the first diversion equipment;
After receiving the traffic transmitted by the first switch, the first diversion device sends the traffic to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic, and sends the traffic which does not need to be accelerated to the Internet through the first network outlet device; the flow identification result is determined according to the flow characteristics; the flow characteristics comprise five-tuple of flow;
the first network outlet device sends the traffic to the acceleration network or the internet after receiving the traffic transmitted by the first diversion device;
the accelerating network is in communication connection with a second diversion device, and the accelerating network transmits the traffic received from the first network outlet device to the second diversion device or an application server after receiving the traffic from the first network outlet device; or the accelerating network is in communication connection with a second network outlet device, and the accelerating network transmits the traffic received from the first network outlet device to the second network outlet device or an application server after receiving the traffic from the first network outlet device;
The second diversion equipment and the second network outlet equipment are both deployed in a second local area network;
and if the first diversion equipment receives the traffic from the first network outlet equipment, transmitting the traffic received from the first network outlet equipment to the user node.
9. The method of claim 8, wherein the first diversion device has a bypass network card installed thereon; the diversion method further comprises the following steps:
and when the first diversion equipment is down or has service failure, the bypass network card transmits the flow received from the first switch to the first network outlet equipment.
10. The method of claim 8, wherein the acceleration network comprises: a first acceleration network for accelerating traffic to be transmitted to an application server, and a second acceleration network for accelerating traffic to be transmitted to the second local area network;
the first acceleration network and the second acceleration network each include: an access device; the access equipment of the first acceleration network is used for establishing TCP long connection with the first diversion equipment; the access equipment of the second acceleration network is used for establishing a VPN tunnel with the first diversion equipment;
The step of sending the traffic to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic comprises the following steps:
transmitting the traffic to be transmitted to an application server through the established TCP long connection to an access device of the first acceleration network through the first network outlet device;
and transmitting the traffic to be transmitted to the second local area network to the access device of the second acceleration network through the first network outlet device through the established VPN tunnel.
11. The method of claim 10, wherein a second switch is further disposed in the second local area network, the second switch being connected to the second flow guiding device;
before the traffic to be accelerated is sent to the acceleration network through the first network outlet device according to the identification result of the traffic, the method comprises the following steps:
the first diversion equipment encapsulates the flow to be transmitted to the second local area network based on a VPN protocol to obtain encapsulated flow;
and after receiving the encapsulated traffic, the second diversion equipment of the second local area network de-encapsulates the encapsulated traffic based on a VPN protocol, and transmits the de-encapsulated traffic to a user node through the second switch.
12. The method according to claim 10, wherein after receiving the traffic to be transmitted to the application server, the access device of the first acceleration network selects an optimal network line for the traffic to be transmitted to the application server, and transmits the traffic to be transmitted to the application server to the optimal network line;
and after the access equipment of the second acceleration network receives the flow to be transmitted to the second local area network, selecting an optimal network line for the flow to be transmitted to the second diversion equipment, and transmitting the flow to be transmitted to the second diversion equipment to the optimal network line.
13. The diversion method according to any one of claims 8-12, wherein the second local area network further comprises: a second switch;
when the accelerating network is in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device.
14. The diversion method according to any one of claims 8-12, wherein the second local area network further comprises: a second switch;
When the acceleration network is in communication connection with the second network egress device, the second network egress device is connected with the second flow guiding device, and the second flow guiding device is connected with the second switch.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110184241.6A CN112910790B (en) | 2021-02-08 | 2021-02-08 | Diversion system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110184241.6A CN112910790B (en) | 2021-02-08 | 2021-02-08 | Diversion system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112910790A CN112910790A (en) | 2021-06-04 |
| CN112910790B true CN112910790B (en) | 2023-06-30 |
Family
ID=76123527
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110184241.6A Active CN112910790B (en) | 2021-02-08 | 2021-02-08 | Diversion system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112910790B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109617778A (en) * | 2018-11-22 | 2019-04-12 | 西安佰才邦网络技术有限公司 | Implementation method, the device and system of cross-domain double layer network business |
| CN110311861A (en) * | 2019-05-31 | 2019-10-08 | 厦门网宿有限公司 | A kind of method and apparatus guiding data traffic |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7873060B2 (en) * | 2008-10-18 | 2011-01-18 | Fortinet, Inc. | Accelerating data communication using tunnels |
| CN101841387A (en) * | 2009-03-19 | 2010-09-22 | 中国移动通信集团江西有限公司 | Wide area network data speed acceleration method, device and system |
| CN105284080B (en) * | 2014-03-31 | 2018-12-07 | 华为技术有限公司 | The virtual network management method and data center systems of data center |
| US9912774B2 (en) * | 2015-12-22 | 2018-03-06 | Intel Corporation | Accelerated network packet processing |
| US20170310594A1 (en) * | 2016-04-25 | 2017-10-26 | Linkedin Corporation | Expedited fabric paths in switch fabrics |
| CN106911539B (en) * | 2017-04-26 | 2019-08-09 | 优刻得科技股份有限公司 | Analyze the methods, devices and systems of the network parameter between user terminal and server-side |
| CN107154876A (en) * | 2017-05-18 | 2017-09-12 | 贵州斯曼特信息技术开发有限责任公司 | A kind of large-scale data based on cloud service platform calculates acceleration system |
| CN108429701B (en) * | 2018-02-08 | 2021-08-03 | 四川速宝网络科技有限公司 | Network acceleration system |
| CN109150725B (en) * | 2018-07-09 | 2021-07-16 | 网宿科技股份有限公司 | Traffic grooming method and server |
| CN112221121A (en) * | 2020-10-20 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Application software networking acceleration method and device and storage medium |
| CN112202930B (en) * | 2020-12-03 | 2021-03-19 | 观脉科技(北京)有限公司 | Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network |
-
2021
- 2021-02-08 CN CN202110184241.6A patent/CN112910790B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109617778A (en) * | 2018-11-22 | 2019-04-12 | 西安佰才邦网络技术有限公司 | Implementation method, the device and system of cross-domain double layer network business |
| CN110311861A (en) * | 2019-05-31 | 2019-10-08 | 厦门网宿有限公司 | A kind of method and apparatus guiding data traffic |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112910790A (en) | 2021-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109873760B (en) | Method and device for processing route, and method and device for data transmission | |
| CN107911258B (en) | SDN network-based security resource pool implementation method and system | |
| US10313235B2 (en) | Internet control message protocol enhancement for traffic carried by a tunnel over internet protocol networks | |
| EP2579544B1 (en) | Methods and apparatus for a scalable network with efficient link utilization | |
| US10412008B2 (en) | Packet processing method, apparatus, and system | |
| US8451752B2 (en) | Seamless handoff scheme for multi-radio wireless mesh network | |
| US8825829B2 (en) | Routing and service performance management in an application acceleration environment | |
| CN110290093A (en) | The SD-WAN network architecture and network-building method, message forwarding method | |
| US20220078114A1 (en) | Method and Apparatus for Providing Service for Traffic Flow | |
| US8861547B2 (en) | Method, apparatus, and system for packet transmission | |
| WO2016197344A1 (en) | Method, device and system for realizing service link | |
| US20070165603A1 (en) | Access network system, subscriber station device, and network terminal device | |
| KR20140027455A (en) | Centralized system for routing ethernet packets over an internet protocol network | |
| CN109274570B (en) | VPN construction method and device and computer readable storage medium | |
| US20150341263A1 (en) | Associating internet protocol (ip) addresses with ethernet virtualisation interconnection (evi) links | |
| CN108512755B (en) | Method and device for learning routing information | |
| CN112910791B (en) | Diversion system and method thereof | |
| CN110086720B (en) | Method and system for realizing L3VPN based on two-dimensional routing protocol | |
| CN112910790B (en) | Diversion system and method thereof | |
| WO2022142905A1 (en) | Packet forwarding method and apparatus, and network system | |
| CN102611603B (en) | The foundation of the static tunnel MPLS forwarding table, data transmission method and device | |
| CN214799523U (en) | Flow guiding system | |
| CN113542441B (en) | Communication processing method and device | |
| US20220294665A1 (en) | Packet Forwarding Between Hybrid Tunnel Endpoints | |
| CN214799524U (en) | Flow guiding system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |