CN113301184B - Remote access method, device, computer equipment and storage medium - Google Patents

Remote access method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN113301184B
CN113301184B CN202110773069.8A CN202110773069A CN113301184B CN 113301184 B CN113301184 B CN 113301184B CN 202110773069 A CN202110773069 A CN 202110773069A CN 113301184 B CN113301184 B CN 113301184B
Authority
CN
China
Prior art keywords
target
site
address
access
remote user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110773069.8A
Other languages
Chinese (zh)
Other versions
CN113301184A (en
Inventor
顾玮
单延晋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lingrui Lanxin Technology Beijing Co ltd
Original Assignee
Lingrui Lanxin Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lingrui Lanxin Technology Beijing Co ltd filed Critical Lingrui Lanxin Technology Beijing Co ltd
Priority to CN202110773069.8A priority Critical patent/CN113301184B/en
Publication of CN113301184A publication Critical patent/CN113301184A/en
Application granted granted Critical
Publication of CN113301184B publication Critical patent/CN113301184B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to a remote access method, a remote access device, computer equipment and a storage medium. The method comprises the following steps: responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring the target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs; determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site used for accessing a target access object corresponding to the alias in a backbone network; and sending the external IP address of the target edge site to the remote user equipment so that the remote user can access the target access object through the target edge site. By adopting the method, the remote user can be ensured to have high-quality access to enterprise applications, so that excellent user access experience is realized.

Description

Remote access method, device, computer equipment and storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a remote access method, apparatus, computer device, and storage medium.
Background
With the rapid development of internet technology, as the bandwidth of a network is larger and the network speed is faster, the access demand of a user is also increased, for example, the user needs to access a relatively long-distance enterprise application based on the traditional internet.
In the related technology, a CDN technology is usually adopted to implement an enterprise application in which a user has a long access distance based on the internet, and specifically, the CDN technology caches static data of an enterprise in storage servers of multiple sites through a Cache technology, and the user can access the storage servers in nearby sites to read content required by the user and implement remote access of the user, where the static data of the enterprise may include pictures, static page data, and the like.
However, the current CDN technology has the following problems: data needs to be stored in storage servers in a plurality of sites, respectively, resulting in an increase in hardware cost.
Disclosure of Invention
In view of the above, it is necessary to provide a remote access method, an apparatus, a computer device, and a storage medium capable of reducing hardware cost.
A remote access method, the method comprising:
responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring the target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs;
determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site in a backbone network for accessing the target access object corresponding to the alias;
and sending the external IP address of the target edge site to the remote user equipment so that the remote user accesses the target access object through the target edge site.
In one embodiment, the determining the target edge site matching the sub-area and the alias comprises:
and determining a target edge site matched with the sub-area and the alias according to the corresponding relation between the pre-configured edge site and the sub-area and the alias.
In one embodiment, the method further comprises the following steps:
responding to an access request which is sent by remote user equipment and aims at a target access object, forwarding the access request to a source site in the backbone network through the target edge site;
and forwarding the access request to the source server of the target access object through the source site.
In one embodiment, the forwarding, by the target edge site, an access request for a target access object sent by a remote user equipment to a source site in the backbone network includes:
determining an internal IP address of the target edge site according to the external IP address of the target edge site; determining the internal IP address of the source site corresponding to the internal IP address of the target edge site according to the pre-stored corresponding relation between the internal IP address of the edge site and the internal IP address of the source site; and forwarding the second access request to the source site through the target edge site based on the determined internal IP address of the source site.
In one embodiment, the forwarding, by the source site, the second access request to the source server of the target access object includes:
and performing NAT (network address translation) conversion on the second access request through the source site to generate a converted second access request, and forwarding the converted second access request to the source server of the target access object.
A remote access system, the remote access system comprising: the system comprises a global backbone network system and remote user equipment, wherein the global backbone network system comprises a local DNS server, an authorized DNS server, an intelligent DNS server and a backbone network, and the global backbone network system comprises:
the remote user equipment is used for sending a domain name resolution request aiming at a target access object;
the local DNS server is used for responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring a target domain name of the target access object and a public network IP address of the remote user equipment, and determining an authorized DNS server corresponding to the target domain name according to the target domain name;
the authorized DNS server is used for determining an alias corresponding to the target domain name according to the target domain name; according to the alias, determining the IP address of the intelligent DNS server corresponding to the alias, and returning the alias and the IP address of the intelligent DNS server corresponding to the alias to the local DNS server;
the local DNS server is further used for sending the domain name resolution request to the IP address of the intelligent DNS server corresponding to the alias according to the IP address of the intelligent DNS server;
the intelligent DNS server is used for responding to a domain name resolution request aiming at the target access object sent by the local DNS server, determining a sub-region to which the public network IP address belongs according to the public network IP address of the remote user equipment, determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site in a backbone network and used for accessing the target access object corresponding to the alias, and returning an external IP address of the target edge site to the local DNS server.
The local DNS server is also used for sending the IP of the target edge site returned by the intelligent DNS server to remote user equipment so that the remote user can access the target access object through the target edge site.
In one embodiment, the remote access system further comprises, an origin server, wherein:
the remote user equipment is also used for sending a second access request aiming at the target access object; the edge site is used for responding to a second access request which is sent by remote user equipment and aims at a target access object, and forwarding the second access request to a source site in the backbone network; the source site is used for forwarding the second access request to the source server of the target access object.
A remote access device, the device comprising:
the system comprises an analysis module, a domain name analysis module and a sub-area analysis module, wherein the analysis module is used for responding to a domain name analysis request aiming at a target access object sent by remote user equipment, acquiring a target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and the sub-area to which the public network IP address belongs;
a target edge site determining module, configured to determine a target edge site that matches the sub-region and the alias, where the target edge site is a site in a backbone network, where the site is used to access the target access object corresponding to the alias;
a sending module, configured to send the external IP address of the target edge site to the remote user equipment, so that the remote user accesses the target access object through the target edge site.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring the target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs;
determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site in a backbone network for accessing the target access object corresponding to the alias;
and sending the external IP address of the target edge site to the remote user equipment so that the remote user accesses the target access object through the target edge site.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring the target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs;
determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site in a backbone network for accessing the target access object corresponding to the alias;
and sending the external IP address of the target edge site to the remote user equipment so that the remote user accesses the target access object through the target edge site.
According to the remote access method, the remote access device, the computer equipment and the storage medium, the edge site corresponding to the remote user equipment can be determined quickly and efficiently by responding to the access request sent by the remote user equipment, the problem of high hardware cost in the related technology is solved, the alias of the target access object is determined and the sub-area where the remote user equipment is located is determined, so that the remote user can be ensured to access enterprise application with high quality, specifically, the packet loss rate during access can be reduced, the delay during access is reduced, the jitter during access is reduced, and excellent user access experience is realized; and the content of the target access object does not need to be cached to a plurality of sites which are close to the user, so that the cost for purchasing a large number of storage servers is saved, and the hardware cost of the system is further reduced.
Drawings
FIG. 1 is a diagram of an application environment of a remote access method in one embodiment;
FIG. 2 is a block diagram of the architecture of the remote access system in one embodiment;
FIG. 3 is a flow diagram that illustrates a remote access method in one embodiment;
FIG. 4 is a flowchart that illustrates the steps of determining a target edge site that matches a sub-region and an alias, in one embodiment;
FIG. 5 is a block diagram of the architecture of a remote access device in one embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The remote access method provided by the application can be applied to the application environment shown in fig. 1. Where remote user device 102 communicates with origin server 104 over a global backbone system, for example, remote user device 102 may be in data communication with a target access object on origin server 104. The remote user device may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the source server 104 may be implemented by an independent server or a server cluster composed of a plurality of servers.
The above application environment may include a plurality of remote user devices, a global backbone system, and an origin server, as shown in fig. 2. The global backbone system may include a backbone network, a local DNS server, an authoritative DNS server, and an intelligent DNS server. The backbone network may include a plurality of POP (point-of-presence) sites, where a POP site refers to an access point, a location, or a facility that connects to the Internet and the cloud or helps other devices to establish a connection with the Internet and the cloud, specifically may refer to a point where two or more different networks establish a connection with each other, and may also refer to a point where two or more different communication devices establish a connection with each other. Wherein, part of POP sites are edge sites, and part of POP sites are source sites. The backbone network can be divided into a plurality of sub-areas according to geographic positions, each sub-area can comprise one or more edge sites, and the edge sites can access the source server according to the access request sent by the remote user equipment. The source server may have stored thereon data for a plurality of target access objects.
For any access object on the source server, an edge site matched with the access object is configured in each sub-area, and the matched edge sites of different access objects in the same sub-area may be the same or different. For any access object on the source server, a source site corresponding to the access object is configured on the backbone network.
In one embodiment, as shown in fig. 3, a remote access method is provided, which is exemplified by the method applied to the global backbone system in fig. 1, and includes the following steps:
step 201, in response to a domain name resolution request for a target access object sent by a remote user equipment, acquiring a target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs;
the remote user equipment may be a user side connected to the global backbone network system. The target access object may be a remote data terminal that the remote user equipment wants to access, an application program on the remote data terminal, a network site on the internet, a database storing a large amount of dynamic data, a big data analysis system, and the like, for example, an enterprise application. In an actual application scenario, the enterprise application may refer to a company website, an SSLVPN (Security Socket Layer-SSL) gateway, a Citrix server, a File Transfer Protocol (FTP) server, a remote desktop, a game server, and the like of a certain company. The distance of the remote user device from the enterprise application may be generally across provinces or across countries. The domain name resolution request may be an access request generated by a remote user device that is sent to the global backbone system. The target domain name is a character type address of a target access object; the alias of the target domain name is also the alias of the target access object (CNAME). For example, the target domain name for the enterprise application may be www.abc.com and the alias name for the domain name for the enterprise application may be www.abc.infoquick.net.
Specifically, when the remote user equipment needs to perform remote access, the remote user equipment sends a domain name resolution request to the global backbone network system, where the domain name resolution request includes a public network IP address of the remote user equipment, is used to determine a sub-region to which the public network IP address belongs, and a domain name of a target access object of the remote user equipment, and is used to obtain an IP address corresponding to the domain name of the target access object. After receiving the domain name resolution request, the global backbone network system determines an alias corresponding to a target domain name of a target access object in the domain name resolution request according to a preset corresponding relation between the domain name of each access object and each individual name, and determines a sub-area to which the public network IP address belongs according to the public network IP address of the remote user equipment.
Step 202, determining a target edge site matched with the sub-region and the alias, where the target edge site is a site in the backbone network for accessing a target access object corresponding to the alias.
The target edge site is a site in the backbone network for accessing a target access object corresponding to the alias. Further, the target edge site is a site in a sub-area to which the remote user equipment belongs, that is, an edge site closest to the remote user equipment. The remote user device may access the target access object via the target edge site.
Specifically, the global backbone network system determines a sub-area closest to the remote user equipment according to a public network IP address of the remote user equipment, determines a matched edge site in the sub-area closest to the remote user equipment according to an alias of a target domain name of a target access object of the remote user equipment, namely, determines a target edge site matched with the sub-area and the alias, and returns the determined target edge site IP to the remote user equipment.
Step 203, sending the external IP address of the target edge site to the remote user equipment, so that the remote user accesses the target access object through the target edge site.
Wherein, the external IP address of the target edge site can be a unique IP address in the world Internet range and is only allocated to one network device; the internal IP address of the destination edge site is the IP address assigned by the router to each network device for use within the local area network.
Specifically, after the target edge site is determined, that is, the external IP address of the target edge site, that is, the IP address when the target edge site communicates with the external network device, is determined, after the target edge site corresponding to the target access object of the remote user equipment is determined by the global backbone network system, the external IP address of the target edge site may be returned to the remote user equipment, and at this time, the remote user equipment may access the target edge site in the global backbone network system through the external IP address of the edge site, and then access the target access object through the target edge site.
In the remote access method, the edge site corresponding to the remote user equipment can be quickly and efficiently determined by responding to the access request sent by the remote user equipment, so that the problem of high hardware cost in the related technology is solved. By determining the alias of the target access object and determining the sub-area where the remote user equipment is located, the remote user can be ensured to access the enterprise application with high quality, specifically, the packet loss rate during access can be reduced, the delay during access can be reduced, and the jitter during access can be reduced, so that excellent user access experience can be realized. And the content of the target access object does not need to be cached to a plurality of sites which are close to the user, so that the cost for purchasing a large number of storage servers is saved, and the hardware cost of the system is further reduced.
In one embodiment, step 202 comprises: and determining a target edge site matched with the sub-area and the alias according to the preset corresponding relation between the edge site and the sub-area and the alias.
The process of the preconfigured correspondence between the edge site and the sub-area and the alias may be: first, a corresponding alias is configured for a target domain name of a target access object in the global backbone system, for example, the target domain name is www.abc.com, the corresponding alias (CNAME) is www.abc.infoquick.net, and announcement (synchronization) is performed in the global backbone system, so that domain name resolution of www.abc.com points to www.abc.infoquick.net. Secondly, the backbone network in the global backbone network system is divided into a plurality of sub-areas according to the geographical position, and aiming at the alias 'www.abc.infoquick.net', edge sites are respectively configured for the sub-areas. That is, the correspondence is used to characterize a first sub-correspondence of the domain name to the alias, and a second sub-correspondence of the alias to an edge site of a plurality of sub-regions within the target region.
Specifically, after the global backbone network system extracts a sub-area to which the remote user equipment belongs and an alias of a domain name of a target access object accessed by the remote user equipment, a target edge site matched with the sub-area and the alias is determined according to a pre-stored correspondence relationship between the sub-area and the alias. Two examples are specifically provided below, depending on the different ways in which the remote user device sends the access request.
In one example, an intelligent DNS server is arranged in the global backbone system, and a local DNS server and an authorized DNS server are arranged in the global backbone system. The corresponding relation between the edge site and the sub-area and the alias is configured on the intelligent DNS server, and the domain name, the alias and the IP address of the corresponding intelligent DNS server are configured on the authorized DNS server. The user equipment can send a domain name resolution request to the authorized DNS through the local DNS, the authorized DNS returns an IP address of the intelligent DNS through a corresponding relation between an alias and the intelligent DNS, the local DNS further sends an access request to the intelligent DNS according to the received IP address of the intelligent DNS, and after the intelligent DNS receives the domain name resolution request of the user equipment through the local DNS, a target edge site of the user equipment can be determined according to a public network IP address carried in the domain name resolution request of the user equipment and alias information of a target domain name of a target access object, and an external IP address of the target edge site is returned to the user equipment through the local DNS.
In another example, an intelligent DNS server is provided in the global backbone system along with a local DNS server and an authoritative DNS server. The corresponding relation between the edge site and the sub-area and the alias is configured on the intelligent DNS server, and the domain name, the alias and the corresponding intelligent DNS server are configured on the authorized DNS server. And after the configuration of the corresponding relationship is finished, announcing the corresponding relationship in the global backbone system, specifically synchronizing the corresponding relationship between the edge site and the sub-area as well as the alias to the local DNS server.
At this time, the user equipment directly sends an access request to the local DNS server, and after receiving the access request of the user equipment, the local DNS server may determine a target edge site of the user equipment according to the synchronized correspondence, the public network IP address carried in the access request of the user equipment, and alias information of the target domain name of the target access object, and directly return an external IP address of the target edge site to the user equipment.
In the remote access method, the corresponding target edge site can be quickly and accurately determined through the pre-configured corresponding relationship, the sub-area to which the remote user equipment belongs and the alias of the target access object, and the user side is not aware.
In one embodiment, as shown in fig. 4, the remote access method further includes:
step 301, in response to an access request for a target access object sent by a remote user equipment, forwarding the access request to a source site in a backbone network through a target edge site.
The access request may be an access request generated after the remote user equipment receives an external IP address of the target edge site, where the access request includes a content access request of the remote user equipment and the external IP address of the target edge site, the global backbone network system may include a plurality of POP nodes and a backbone network, the POP nodes may include a source site and an edge site, where the backbone network may be divided into a plurality of sub-areas according to a geographical location, and each sub-area may include one or more edge sites.
Specifically, when the remote user equipment receives an external IP address of a target edge site returned by the global backbone system, an access request is generated and sent to the global backbone system. The information carried in the access request is the external IP address of the target edge station. When the global backbone system receives an access request of a remote user equipment, the access request is forwarded to a source site in the backbone network based on an external IP address of a target edge site in the access request.
Step 302, forwarding the access request to the source server of the target access object through the source site.
In the remote access method, the access request of the remote user equipment can be directionally forwarded to the nearest edge site on the backbone network through the edge site and the source site in the global backbone network system, the access stream between the edge site and the source site can be transmitted in an accelerated way through the backbone network without any cache on the access data, and the data between different remote user equipment are mutually isolated through the IPSec tunnel, so that the risk of data leakage is prevented, the safety and reliability of data transmission and access are ensured, and the problem of unsatisfactory remote access effect caused by poor network quality due to long-distance Internet access is thoroughly solved.
In one embodiment, step S301 includes:
step one, according to the external IP address of the target edge site, determining the internal IP address of the target edge site.
Wherein, the external IP address of the target edge site can be a unique IP address in the world Internet range and is only allocated to one network device; the internal IP address of the destination edge site is the IP address assigned by the router to each network device for use within the local area network.
Specifically, after the external IP address of the target edge is determined, the internal IP address of the target edge site may be determined according to a correspondence between the external IP address of the edge site and the internal IP address of the edge site stored in the preset address database.
And step two, determining the internal IP address of the source site corresponding to the internal IP address of the target edge site according to the pre-stored corresponding relation between the internal IP address of the edge site and the internal IP address of the source site.
Specifically, the target edge node is actually a POP node, specifically, the external IP address of the target edge node may be a public network IP address of the POP node, and then the internal IP address of the source site corresponding to the internal IP address of the target edge site is determined according to a correspondence between the internal IP address of the edge site and the internal IP address of the source site, which is stored in advance in the preset address database, that is, the internal IP address of the target edge site corresponds to the internal IP address of the source site.
And step three, based on the determined internal IP address of the source site, forwarding the access request to the source site through the target edge site.
Specifically, after the internal IP address of the source site is determined, the source site corresponding to the target access object to be accessed by the remote user may be determined, and then the target edge site may forward the access request to the source site (the internal interface of the source site) based on the internal IP address of the source site.
In this embodiment, the access request of the remote user equipment may be directionally forwarded to the nearest edge site on the backbone network through the edge site and the source site in the global backbone network system, the access stream between the edge site and the source site may be transmitted in an accelerated manner through the backbone network without any cache for the access data, and the data between different remote user equipments are isolated from each other through an ipsec (internet Protocol security) tunnel, thereby preventing the risk of data leakage, ensuring the security and reliability of data transmission and access, and completely solving the problem of poor network quality caused by long-distance internet access and unsatisfactory effect of remote access.
In one embodiment, step S302 includes:
and performing NAT (network Address translation) conversion on the access request through the source site to generate a converted access request, and forwarding the converted access request to a source server of a target access object.
The internal IP address of the source site is an internal port IP address, and the external IP address of the source site is a public network IP address corresponding to the PoP node.
Specifically, after an internal port of a source site receives an access request of remote user equipment sent by an edge site, performing Network Address Translation (NAT) on the access request on the source site, and forwarding the translated access request to a source server of a target access object; that is, the access traffic of the remote user equipment is accessed to the source server.
In the remote access method, the access request of the remote user equipment can be directionally forwarded to the nearest edge site on the backbone network through the edge site and the source site in the global backbone network system, the access stream between the edge site and the source site can be transmitted in an accelerated way through the backbone network without any cache on the access data, and the data between different remote user equipment are mutually isolated through the IPSec tunnel, so that the risk of data leakage is prevented, the safety and reliability of data transmission and access are ensured, and the problem of unsatisfactory remote access effect caused by poor network quality due to long-distance Internet access is thoroughly solved.
It should be understood that, although the steps in the flowcharts of fig. 3 and 4 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in fig. 3 and 4 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a part of the steps or stages in other steps.
In one embodiment, as shown in FIG. 2, there is provided a remote access system comprising: the system comprises a global backbone network system, remote user equipment and a source server, wherein the global backbone network system comprises a local DNS server, an authorized DNS server, an intelligent DNS server and a backbone network, the backbone network comprises a plurality of POP nodes, and the POP nodes are any one of edge sites or source sites. Wherein:
the remote user equipment is used for sending a domain name resolution request aiming at the target access object;
the local DNS server is used for responding to a domain name resolution request aiming at a target access object sent by the remote user equipment, acquiring a target domain name of the target access object and a public network IP address of the remote user equipment, determining an authorized DNS server corresponding to the target domain name according to the target domain name, and sending the domain name resolution request to the authorized server;
the authorized DNS server is used for responding to the domain name resolution request, acquiring a target domain name and determining an alias corresponding to the target domain name; according to the alias, determining the IP address of the intelligent DNS server corresponding to the alias, and returning the alias and the IP address of the intelligent DNS server corresponding to the alias to the local DNS server;
the local DNS server is also used for sending a domain name resolution request to the IP address of the intelligent DNS server corresponding to the alias according to the IP address of the intelligent DNS server;
the intelligent DNS server is used for responding to a domain name resolution request aiming at a target access object sent by the local DNS server, determining a sub-region to which a public network IP address belongs according to the public network IP address of the remote user equipment, determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site in a backbone network and used for accessing the target access object corresponding to the alias, and returning an external IP address of the target edge site to the local DNS server.
The local DNS server is also used for sending the IP of the target edge site returned by the intelligent DNS server to the remote user equipment so that the remote user can access the target access object through the target edge site.
Specifically, the target edge site of remote user equipment 1 may be edge site 1, the target edge site of remote user equipment 2 may be edge site 2, and the target edge site of remote user equipment 3 may be edge site 3.
In the remote access system, the local DNS server, the authorized DNS server and the intelligent DNS server respectively respond to the access request sent by the remote user equipment, so that the edge site corresponding to the remote user equipment can be quickly and efficiently determined, the problem of high hardware cost in the related technology is solved, the alias of a target access object is determined and the sub-area where the remote user equipment is located is determined, so that the remote user can be ensured to have high-quality access to enterprise application, specifically, the packet loss rate during access can be reduced, the delay during access is reduced, and the jitter during access is reduced, thereby realizing excellent user access experience; and the content of the target access object does not need to be cached to a plurality of sites which are close to the user, so that the cost for purchasing a large number of storage servers is saved, and the hardware cost of the system is further reduced.
In one embodiment, a backbone network includes an edge site and a source site, wherein:
the edge site is used for responding to an access request which is sent by the remote user equipment and aims at the target access object, and forwarding the access request to a source site in the backbone network;
the source site is used for forwarding the access request to a source server of the target access object.
In the embodiment, the access request of the remote user equipment can be directionally forwarded to the nearest edge site on the backbone network through the edge site and the source site in the global backbone network system, the access stream between the edge site and the source site can be transmitted in an accelerated manner through the backbone network without any cache for the access data, and the data between different remote user equipment are isolated from each other through the IPSec tunnel, so that the risk of data leakage is prevented, the safety and reliability of data transmission and access are ensured, and the problem of poor network quality and unsatisfactory remote access effect caused by long-distance internet access is thoroughly solved.
In an embodiment, the edge site is specifically configured to forward the access request to the source site based on the determined internal IP address of the source site. The source site is specifically configured to perform NAT translation on the access request, generate a translated access request, and forward the translated access request to the source server of the target access object.
The functions of the various parts of the remote access system described above are described in detail below with reference to a specific embodiment:
first, a corresponding alias is configured on the authoritative DNS server for the domain name of the target access object of the remote user equipment. For example, when the domain name of the target access object is "www.abc.com", it is set with alias "www.abc.infoquick.net", and alias "www.abc.infoquick.net" is directed to the intelligent DNS server, i.e., the alias is associated with the IP address of the corresponding intelligent DNS server. And then configuring edge sites corresponding to the aliases for a plurality of sub-areas of the backbone network in the global backbone network system on the intelligent DNS server, and storing the corresponding relation.
The remote user equipment may then request resolution of the IP address of the target access object from the local DNS server, i.e. send a domain name resolution request to the local DNS server. When a local DNS server in the global backbone network system receives a domain name resolution request, determining an authorized DNS server corresponding to a target domain name according to the target domain name of a target access object carried in the domain name resolution request, and sending the domain name resolution request to the corresponding authorized DNS server; when the authority server receives the domain name resolution request, the alias name 'www.abc.infoquick.net' corresponding to the target domain name 'www.abc.com' of the target access object in the domain name resolution request and the IP address of the intelligent DNS server corresponding to the alias name are determined according to the preset corresponding relation between the domain name and the alias name, and the IP address of the intelligent DNS server is returned to the local DNS server.
Next, the local DNS server sends a domain name resolution request to the intelligent DNS server based on the IP address of the intelligent DNS server, requesting the intelligent DNS server to resolve the IP address corresponding to alias "www.abc.infoquick.net". An intelligent DNS server in the global backbone system determines a corresponding target edge site according to a public network IP address and an alias of remote user equipment, returns an external IP address of the target edge site to a local DNS server, and then returns the external IP address of the target edge site to the remote user equipment.
After the remote user equipment receives the external IP address of the target edge site returned by the intelligent DNS server, an access request can be generated based on the external IP address, and the access request is sent to the target edge site in the global backbone network system. The destination edge station may determine the internal IP address of the source station based on its own internal IP address. The access request is forwarded to the source site based on the source site's internal IP address. And after receiving the access request, the source site performs NAT (network Address translation) conversion on the access request to generate a converted access request, and forwards the converted access request to the source server of the target access object, so that the process of accessing the target access object by the remote user equipment is completed.
In one embodiment, as shown in fig. 5, there is provided a remote access apparatus including:
the resolution module 401 is configured to, in response to a domain name resolution request for a target access object sent by a remote user equipment, obtain a target domain name of the target access object and a public network IP address of the remote user equipment, and determine an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs;
a target edge site determining module 402, configured to determine a target edge site matching the sub-region and the alias, where the target edge site is a site in a backbone network for accessing the target access object corresponding to the alias;
a sending module 403, configured to send the external IP address of the target edge site to the remote user equipment, so that the remote user accesses the target access object through the target edge site.
In one embodiment, the remote access device further comprises:
a forwarding module, configured to forward, in response to an access request for a target access object sent by a remote user equipment, the access request to a source site in a backbone network through a target edge site; and forwarding the access request to the source server of the target access object through the source site.
In one embodiment, the forwarding module is specifically configured to: determining an internal IP address of the target edge site according to the external IP address of the target edge site; determining the internal IP address of the source site corresponding to the internal IP address of the target edge site according to the pre-stored corresponding relation between the internal IP address of the edge site and the internal IP address of the source site; and forwarding the third access request to the source site through the target edge site based on the determined internal IP address of the source site. And performing NAT (network Address translation) conversion on the access request through the source site to generate a converted access request, and forwarding the converted access request to a source server of a target access object.
For specific limitations of the remote access device, reference may be made to the above limitations of the remote access method, which are not described in detail herein. The various modules in the remote access device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a remote access method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring the target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs;
determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site used for accessing a target access object corresponding to the alias in a backbone network;
and sending the external IP address of the target edge site to the remote user equipment so that the remote user can access the target access object through the target edge site.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and determining a target edge site matched with the sub-area and the alias according to the preset corresponding relation between the edge site and the sub-area and the alias.
In one embodiment, the processor, when executing the computer program, further performs the steps of: responding to an access request aiming at a target access object sent by remote user equipment, and forwarding the access request to a source site in a backbone network through a target edge site; and forwarding the access request to the source server of the target access object through the source site.
In one embodiment, the processor, when executing the computer program, further performs the steps of: determining an internal IP address of the target edge site according to the external IP address of the target edge site; determining the internal IP address of the source site corresponding to the internal IP address of the target edge site according to the pre-stored corresponding relation between the internal IP address of the edge site and the internal IP address of the source site; and forwarding the access request to the source site through the target edge site based on the determined internal IP address of the source site.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and performing NAT (network Address translation) conversion on the access request through the source site to generate a converted access request, and forwarding the converted access request to a source server of a target access object.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring the target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs;
determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site used for accessing a target access object corresponding to the alias in a backbone network;
and sending the external IP address of the target edge site to the remote user equipment so that the remote user can access the target access object through the target edge site.
In one embodiment, the computer program when executed by the processor further performs the steps of: and determining a target edge site matched with the sub-area and the alias according to the preset corresponding relation between the edge site and the sub-area and the alias.
In one embodiment, the computer program when executed by the processor further performs the steps of: responding to an access request aiming at a target access object sent by remote user equipment, and forwarding the access request to a source site in a backbone network through a target edge site; and forwarding the access request to the source server of the target access object through the source site.
In one embodiment, the computer program when executed by the processor further performs the steps of: determining an internal IP address of the target edge site according to the external IP address of the target edge site; determining the internal IP address of the source site corresponding to the internal IP address of the target edge site according to the pre-stored corresponding relation between the internal IP address of the edge site and the internal IP address of the source site; and forwarding the access request to the source site through the target edge site based on the determined internal IP address of the source site.
In one embodiment, the computer program when executed by the processor further performs the steps of: and performing NAT (network Address translation) conversion on the access request through the source site to generate a converted access request, and forwarding the converted access request to a source server of a target access object.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (9)

1. A remote access method, the method comprising:
responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring the target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and a sub-region to which the public network IP address belongs;
determining a target edge site matched with the sub-area and the alias, wherein the target edge site is a site in a backbone network for accessing the target access object corresponding to the alias, the backbone network is divided into a plurality of sub-areas according to geographic positions, and each sub-area comprises one or more edge sites;
sending an external IP address of the target edge site to the remote user equipment so that the remote user can access the target access object through the target edge site;
the determining a target edge site matching the sub-region and the alias comprises:
and determining a target edge site matched with the sub-area and the alias according to the corresponding relation between the pre-configured edge site and the sub-area and the alias.
2. The method of claim 1, further comprising:
responding to an access request which is sent by remote user equipment and aims at a target access object, forwarding the access request to a source site in the backbone network through the target edge site;
and forwarding the access request to the source server of the target access object through the source site.
3. The method of claim 2, wherein the forwarding, by the target edge site, the access request to a source site in the backbone network in response to an access request sent by a remote user equipment for a target access object comprises:
determining an internal IP address of the target edge site according to the external IP address of the target edge site;
determining the internal IP address of the source site corresponding to the internal IP address of the target edge site according to the pre-stored corresponding relation between the internal IP address of the edge site and the internal IP address of the source site;
and forwarding the access request to the source site through the target edge site based on the determined internal IP address of the source site.
4. The method of claim 2, wherein forwarding, by the source site, the access request to the source server of the target access object comprises:
and performing NAT (network Address translation) conversion on the access request through the source site to generate a converted access request, and forwarding the converted access request to the source server of the target access object.
5. A remote access system, the remote access system comprising: the system comprises a global backbone network system and remote user equipment, wherein the global backbone network system comprises a local DNS server, an authorized DNS server, an intelligent DNS server and a backbone network, and the global backbone network system comprises:
the remote user equipment is used for sending a domain name resolution request aiming at a target access object;
the local DNS server is used for responding to a domain name resolution request aiming at a target access object sent by remote user equipment, acquiring a target domain name of the target access object and a public network IP address of the remote user equipment, and determining an authorized DNS server corresponding to the target domain name according to the target domain name;
the authorized DNS server is used for determining an alias corresponding to the target domain name according to the target domain name; according to the alias, determining the IP address of the intelligent DNS server corresponding to the alias, and returning the alias and the IP address of the intelligent DNS server corresponding to the alias to the local DNS server;
the local DNS server is further used for sending the domain name resolution request to the IP address of the intelligent DNS server corresponding to the alias according to the IP address of the intelligent DNS server;
the intelligent DNS server is used for responding to a domain name resolution request which is sent by the local DNS server and aims at the target access object, determining a sub-region to which the public network IP address belongs according to the public network IP address of the remote user equipment, determining a target edge site matched with the sub-region and the alias, wherein the target edge site is a site which is used for accessing the target access object corresponding to the alias in a backbone network, and returning an external IP address of the target edge site to the local DNS server, the backbone network is divided into a plurality of sub-regions according to geographic positions, and each sub-region comprises one or more edge sites;
the local DNS server is also used for sending the IP of the target edge site returned by the intelligent DNS server to remote user equipment so that the remote user can access the target access object through the target edge site.
6. The system of claim 5, wherein the remote access system further comprises an origin server, wherein:
the remote user equipment is also used for sending an access request aiming at the target access object;
the edge site is used for responding to an access request which is sent by remote user equipment and aims at a target access object, and forwarding the access request to a source site in the backbone network;
the source site is used for forwarding the access request to a source server of the target access object.
7. A remote access apparatus, the apparatus comprising:
the system comprises an analysis module, a domain name analysis module and a sub-area analysis module, wherein the analysis module is used for responding to a domain name analysis request aiming at a target access object sent by remote user equipment, acquiring a target domain name of the target access object and a public network IP address of the remote user equipment, and determining an alias corresponding to the target domain name and the sub-area to which the public network IP address belongs;
a target edge site determining module, configured to determine a target edge site that matches the sub-area and the alias, where the target edge site is a site in a backbone network, where the site is used to access the target access object corresponding to the alias, the backbone network is divided into multiple sub-areas according to a geographic location, and each sub-area includes one or more edge sites;
a sending module, configured to send the external IP address of the target edge site to the remote user equipment, so that the remote user accesses the target access object through the target edge site;
the target edge site determining module is specifically configured to determine a target edge site matched with the sub-area and the alias according to a pre-configured correspondence between the edge site and the sub-area and the alias.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 4.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 4.
CN202110773069.8A 2021-07-08 2021-07-08 Remote access method, device, computer equipment and storage medium Active CN113301184B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110773069.8A CN113301184B (en) 2021-07-08 2021-07-08 Remote access method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110773069.8A CN113301184B (en) 2021-07-08 2021-07-08 Remote access method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113301184A CN113301184A (en) 2021-08-24
CN113301184B true CN113301184B (en) 2021-10-26

Family

ID=77330718

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110773069.8A Active CN113301184B (en) 2021-07-08 2021-07-08 Remote access method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113301184B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143332B (en) * 2021-11-03 2024-06-11 阿里巴巴(中国)有限公司 Processing method, electronic equipment and medium based on content delivery network CDN
CN114500376B (en) * 2021-12-30 2024-04-09 网络通信与安全紫金山实验室 Method, system, server and storage medium for accessing cloud resource pool
CN115150382B (en) * 2022-07-25 2024-04-12 浪潮卓数大数据产业发展有限公司 Method, equipment and medium for remotely executing command by server based on VNC
WO2024104147A1 (en) * 2022-11-14 2024-05-23 华为云计算技术有限公司 Elastic ip configuration method, device, and system based on cloud computing technology
CN117278628B (en) * 2023-11-16 2024-03-19 凌锐蓝信科技(北京)有限公司 Data transmission method, device, system, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152396A (en) * 2013-02-05 2013-06-12 华南师范大学 Data placement method and device applied to content distribution network system
CN103999071A (en) * 2011-11-02 2014-08-20 阿卡麦科技公司 Multi-domain configuration handling in an edge network server
CN110198307A (en) * 2019-05-10 2019-09-03 深圳市腾讯计算机系统有限公司 A kind of selection method of mobile edge calculations node, apparatus and system
CN110460652A (en) * 2019-07-26 2019-11-15 网宿科技股份有限公司 A kind of resource acquiring method and edge calculations dispatch server
CN113067909A (en) * 2020-01-02 2021-07-02 中国移动通信有限公司研究院 Edge node addressing method, device, equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040205162A1 (en) * 2003-04-11 2004-10-14 Parikh Jay G. Method of executing an edge-enabled application in a content delivery network (CDN)
CN112671836A (en) * 2020-12-07 2021-04-16 深圳市高德信通信股份有限公司 Method for accelerating user request based on CDN technology

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103999071A (en) * 2011-11-02 2014-08-20 阿卡麦科技公司 Multi-domain configuration handling in an edge network server
CN103152396A (en) * 2013-02-05 2013-06-12 华南师范大学 Data placement method and device applied to content distribution network system
CN110198307A (en) * 2019-05-10 2019-09-03 深圳市腾讯计算机系统有限公司 A kind of selection method of mobile edge calculations node, apparatus and system
CN110460652A (en) * 2019-07-26 2019-11-15 网宿科技股份有限公司 A kind of resource acquiring method and edge calculations dispatch server
CN113067909A (en) * 2020-01-02 2021-07-02 中国移动通信有限公司研究院 Edge node addressing method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN113301184A (en) 2021-08-24

Similar Documents

Publication Publication Date Title
CN113301184B (en) Remote access method, device, computer equipment and storage medium
US20230133809A1 (en) Traffic forwarding and disambiguation by using local proxies and addresses
US10122677B2 (en) Delegation of content delivery to a local service
US10938884B1 (en) Origin server cloaking using virtual private cloud network environments
JP6008467B2 (en) Session migration on content-centric network
US9712422B2 (en) Selection of service nodes for provision of services
US11902243B2 (en) Resolving domain name system (DNS) requests via proxy mechanisms
US10069792B2 (en) Geolocation via internet protocol
US9515988B2 (en) Device and method for split DNS communications
US20130336221A1 (en) Method and Apparatus for Enabling DNS Redirection in Mobile Telecommunication Systems
US10341288B2 (en) Methods circuits devices systems and associated computer executable code for providing conditional domain name resolution
US20200396202A1 (en) Service Obtaining and Providing Methods, User Equipment, and Management Server
CN114051714B (en) System and method for generating context labels
CN103997479B (en) A kind of asymmetric services IP Proxy Methods and equipment
US20230291706A1 (en) Method for accessing network, media gateway, electronic device and storage medium
CN110336793B (en) Intranet access method and related device
WO2022068484A1 (en) Service chain address pool slicing method, device and system
CN112769970B (en) Method and system for DNS ECS intelligent transparent transmission
CN110324826B (en) Intranet access method and related device
JP6314500B2 (en) COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND COMMUNICATION CONTROL PROGRAM
KR20220051646A (en) Edgde computing router, and control method thereof
US20200127923A1 (en) System and method of performing load balancing over an overlay network
WO2023123308A1 (en) Packet forwarding method, device, electronic equipment, and medium
KR101807695B1 (en) Mobile communication router apparatus and ip sharing system comprising the same
EP3166284B1 (en) Methods circuits devices systems and associated computer executable code for providing conditional domain name resolution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant