Disclosure of Invention
The invention provides a remote login method and a remote login device for an edge computing node, aiming at realizing the purpose of penetrating an intranet of the edge computing node with low cost, high security and less port resource occupation.
In order to achieve the purpose, the invention adopts the following technical scheme:
provided is a remote login method for an edge computing node, comprising the following steps:
step S1, the gateway management and control server receives the bridge building instruction initiated by the user end and registers the conversation, and allocates an intranet open port to wait for the port pairing, wherein the intranet open port is marked as a 20XX port;
step S2, the gateway management and control server informs the gateway client that there is a port pairing request currently, and simultaneously starts a server bridging tool to establish a forwarding node B of the 20XX port so as to construct a bidirectional data forwarding channel Y from the 20XX port to the forwarding node B, and then the server bridging tool requests the outer network IP port of the edge computing node for data forwarding processing;
step S3, after receiving the notification instruction, the gateway client starts an edge computing node bridging tool to establish a forwarding node A of a remote login port of the edge computing node to construct a bidirectional data forwarding channel X from the remote login port to the forwarding node A, and then the edge computing node bridging tool requests the same external network IP port for data forwarding processing;
step S4, the gateway management and control server receives, through the external network IP port, data forwarding processing requests from the server bridging tool and the edge computing node bridging tool, and then constructs a bidirectional data forwarding channel Z of the forwarding node a, the external network IP port, and the forwarding node B, thereby completing port pairing between the telnet port and the internal network open port;
and step S5, the user accesses the 20XX port allocated to the edge computing node through an SSH terminal and finally connects to the remote login port of the edge computing node along the communication path of the channel Y-the channel Z-the channel X, so as to realize remote operation and maintenance of the edge computing node.
As a preferred scheme of the present invention, the external network IP port is a 9022 port of the edge computing node.
As a preferred solution of the present invention, the remote login port is an SSH service 22 port of the edge computing node.
As a preferred scheme of the present invention, the gateway management and control server internally includes an instruction processing module and a pairing forwarding module, and the method for processing the bridge building instruction initiated by the user by the instruction processing module includes:
step A1, receiving the bridge building instruction initiated by the user;
step A2, parsing sessionId and gateway number boxId from the bridge building instruction, and allocating the 20XX port;
step a3, registering said sessionId and initializing a session state to "state = INIT";
step A4, issuing the bridge building instruction to the gateway client corresponding to the boxId;
step A5, locally invoking the server bridging tool, and assigning one of the 20XX ports to each edge compute node from the allocated 20XX ports;
step A6, waiting for the subsequent bridge construction process of the pairing forwarding module, and updating the session state of the session according to the bridge construction result of the pairing forwarding module;
step a7, determining whether the session status changes to "stat = SUCC" for a duration period,
if so, indicating that the port pairing is successful and informing the user that the bridge building is successful;
if not, indicating that the port pairing is failed and informing the user that the bridge building is failed.
As a preferred scheme of the present invention, the step of bridging the paired forwarding modules includes:
step B1, creating a socket client, and receiving the data forwarding processing requests of the forwarding node A and the forwarding node B from the external network IP port of the edge computing node through the socket client;
step B2, parsing sessionId and request source type of the session from the data forwarding processing request, where the request source type is the server-side bridging tool and/or the edge computing node-side bridging tool;
step B3, determining whether the parsed sessionId is already registered,
if not, notifying a user that bridge building fails and closing the socket client;
if yes, go to step B4;
step B4, if the analyzed request source type is the server bridging tool, registering the socket client to the current server client under the sessionId;
if the analyzed request source type is the edge computing node end bridging tool, registering the socket client to the box client under the current sessionId;
step B5, waiting for the server client and the box client to register, and judging whether the registration is successful,
if all the registrations are successful, determining that the 20XX port of the edge computing node is successfully paired with the SSH service 22 port, generating a session state update instruction, sending the session state update instruction to the instruction processing module, and performing step B6;
if the server client or the box client fails to register, logging off the sessionId;
step B6, notifying the forwarding node a and the forwarding node B that the bridge establishment is successful can start data forwarding.
As a preferred aspect of the present invention, the bridge building process of the server bridging tool includes:
step C1, the server bridging tool parses the sessionId of the session and the allocated port information of the 20XX port from the instruction sent by the gateway management and control server;
step C2, starting a socket server to monitor the 20XX port;
step C3, establishing the forwarding node B of the 20XX port monitored;
step C4, a socket client is started to send the data forwarding processing request to the extranet IP port of the edge computing node, wherein the data forwarding processing request contains the sessionId and the request source type of the session;
step C5, waiting for the response of the gateway management and control service end to the data forwarding processing request,
if the response is successful, the step C6 is carried out;
if the response fails, closing the monitored 20XX port, and exiting the bridge building process;
step C6, waiting for the SSH terminal to connect the 20XX port listened to,
if the connection is successful, establishing a data forwarding channel between the 20XX port, the forwarding node B and the external network IP port, and starting data forwarding of the 20XX port and the external network IP port;
and if the connection fails, closing the 20XX port and exiting the bridge building process.
As a preferred aspect of the present invention, the bridge building process of the edge computing node-side bridging tool includes:
step D1, the edge computing node end bridging tool resolves sessionId of the session from the instruction sent by the gateway client;
step D2, starting a socket client to connect the remote login port of the edge computing node;
step D3, establishing the forwarding node A of the remote login port;
step D4, sending the data forwarding processing request to the extranet IP port of the edge computing node by using the socket client, wherein the data forwarding processing request contains the sessionId and the request source type of the session;
a step D5, waiting for the response of the gateway management and control server to the data forwarding processing request,
if the response is successful, establishing a data forwarding channel between the remote login port, the forwarding node A and the external network IP port, and starting data forwarding between the remote login port and the external network IP port;
and if the response fails, closing the socket client and exiting the bridge building process.
The invention also provides an edge computing node remote login device which can realize the remote login method and is characterized by comprising a management and control server and a gateway end in communication connection with the management and control server, wherein the management and control server comprises a gateway management and control server and a server bridging tool, the gateway end comprises a gateway client and an edge computing node bridging tool, the gateway management and control server registers a session after receiving a bridging instruction initiated by a user end, and allocates an intranet open port to wait for port pairing, and the intranet open port is marked as a 20XX port;
the gateway management and control server informs the gateway client that a port pairing request exists currently, simultaneously starts the server bridging tool to establish a forwarding node B of the 20XX port so as to establish a bidirectional data forwarding channel Y from the 20XX port to the forwarding node B, and then the server bridging tool requests data forwarding processing to an external network IP port of an edge computing node;
after the gateway client receives the notification instruction, the gateway client starts the edge computing node end bridging tool to establish a forwarding node A of a remote login port of the edge computing node so as to establish a bidirectional data forwarding channel X from the remote login port to the forwarding node, and then the edge computing node end bridging tool requests the same external network IP port for data forwarding processing;
the gateway management and control server receives data forwarding processing requests of the server bridging tool and the edge computing node bridging tool through the external network IP port, then a bidirectional data forwarding channel Z of the forwarding node A, the external network IP port and the forwarding node B is constructed, and port pairing between the remote login port and the 20XX port is completed;
and a user accesses the 20XX port distributed to the edge computing node through an SSH terminal and is finally connected to the remote login port of the edge computing node along a communication path of the channel Y-the channel Z-the channel X, so that remote operation and maintenance of the edge computing node are realized.
As a preferred scheme of the present invention, the gateway management and control server internally includes an instruction processing module and a pairing forwarding module, where the instruction processing module includes:
the bridge building instruction receiving unit is used for receiving the bridge building instruction initiated by a user;
the instruction analysis unit is connected with the bridge building instruction receiving unit and used for analyzing the sessionId and the boxId from the bridge building instruction;
an intranet open port allocation unit, configured to allocate the 20XX port;
a session registration and initialization unit, connected to the instruction parsing unit, configured to register a session according to the parsed sessionId, and initialize a session state of the session to "state = INIT";
the bridge building instruction issuing unit is connected with the bridge building instruction receiving unit and the instruction analyzing unit and is used for issuing the bridge building instruction to the gateway client corresponding to the boxId;
an intranet open port assigning unit connected to the intranet open port assigning unit, configured to locally invoke the server bridging tool, and assign one 20XX port from the allocated 20XX ports for each edge computing node;
the session state updating unit is connected with the session registration and initialization unit and used for updating the session state of the session according to the session state updating instruction generated by the pairing forwarding module;
a unit for judging whether bridge building is successful or not, connected to the session state updating unit, and used for judging whether the session state of the session is updated to 'stat = SUCC',
if so, indicating that the port pairing is successful and informing the user that the bridge building is successful;
if not, indicating that the port pairing is failed and informing the user that the bridge building is failed.
As a preferred aspect of the present invention, the pairing forwarding module includes:
a socket client creating unit for creating a socket client;
a data forwarding processing request receiving unit connected to the socket client creating unit and configured to receive the data forwarding processing requests of the forwarding node a and the forwarding node B through the external network IP port of the edge computing node;
a request content parsing unit, connected to the data forwarding processing request receiving unit, configured to parse the sessionId and a request source type of the session from the data forwarding processing request, where the request source type is the server-side bridging tool and/or the edge computing node-side bridging tool;
an ID registration judging unit connected with the request content analyzing unit and used for judging whether the analyzed sessionId is registered;
the socket client closing unit is connected with the ID registration judging unit and used for closing the socket client when the sessionId is judged to be unregistered;
a socket client registration unit, connected to the ID registration judgment unit and the request content parsing unit, and configured to register the socket client to a server client and/or a box client under the current sessionId according to a parsed request source type when it is judged that the sessionId is registered;
the server client registration unit is connected with the socket client registration unit and used for registering the server client;
the box client registration unit is connected with the socket client registration unit and used for registering the box client;
a registration judging unit, respectively connected to the server client registration unit and the box client registration unit, for judging whether the server client or the box client is successfully registered;
a session state update instruction generating and sending unit, connected to the registration judging unit, for generating the session state update instruction and sending the session state update instruction to the session state update unit in the instruction processing module after judging that all the server client and the box client are successfully registered,
a sessionId deregistration unit, connected to the registration judgment unit, for deregistering the sessionId when the server client or the box client is judged to be failed to register;
the notification unit is connected with the registration judging unit, and is used for generating a bridge establishment success notification to be pushed to a user after judging that the server client and the box client are all successfully registered, generating response success information to be sent to the server side bridging tool and the edge computing node side bridging tool, and generating a bridge establishment failure notification to be pushed to the user when judging that the server client or the box client is failed to be registered, generating response failure information to be sent to the server side bridging tool and the edge computing node side bridging tool;
and the open data forwarding notification unit is connected with the registration judging unit and used for generating an open data forwarding notification and sending the open data forwarding notification to the forwarding node A and the forwarding node B after judging that the server client and the box client are all successfully registered.
As a preferred aspect of the present invention, the server bridging tool includes:
the instruction analysis unit is used for analyzing the sessionId of the session and the allocated port information of the 20XX port from an instruction sent by the gateway management and control server to the server bridging tool;
the socket server creation unit is connected with the instruction analysis unit and used for creating and starting a socket server;
the port monitoring unit is connected with the socket server creation unit and the instruction analysis unit and is used for monitoring the 20XX port through the socket server;
a forwarding node establishing unit connected to the port monitoring unit, configured to establish the forwarding node B of the monitored 20XX port;
a data forwarding processing request generating unit, configured to generate the data forwarding processing request associated with the server bridging tool;
a data forwarding processing request sending unit, connected to the data forwarding processing request generating unit and the socket server creating unit, configured to send the data forwarding processing request to the extranet IP port of the edge computing node, where the data forwarding processing request includes the sessionId and a request source type of the session;
a response information receiving unit, configured to receive response information of the gateway management and control server for the data forwarding processing request;
a first port closing unit, connected to the response information receiving unit and the port monitoring unit, configured to close the monitored 20XX port when the gateway management and control server fails to respond;
a port connection judging unit, configured to judge whether the SSH terminal is connected to the monitored 20XX port;
the data forwarding starting unit is connected with the port connection judging unit and used for starting data forwarding of the 20XX port and the external network IP port after judging that the SSH terminal is successfully connected with the 20XX port;
and the second port closing unit is connected with the port connection judging unit and used for closing the 20XX port to exit the bridge building process after judging that the SSH terminal fails to be connected with the 20XX port.
As a preferred aspect of the present invention, the edge-computing-node-end bridging tool includes:
the instruction analysis unit is used for analyzing sessionId of the session from an instruction sent to the edge computing node end bridging tool by the gateway client;
the socket client creating unit is connected with the instruction analyzing unit and used for creating and starting a socket client;
the remote login port connecting unit is connected with the socket client creating unit and is used for connecting the remote login port of the edge computing node through the socket client;
a forwarding node establishing unit connected to the telnet port connecting unit, for establishing the forwarding node a of the telnet port connected thereto;
a data forwarding processing request generating unit, configured to generate the data forwarding processing request associated with the edge computing node-side bridging tool;
a data forwarding processing request sending unit, connected to the data forwarding processing request generating unit and the socket client creating unit, and configured to send the data forwarding processing request to the extranet IP port of the edge computing node through the socket client, where the data forwarding processing request includes the sessionId and a request source type of the session;
a response information receiving unit, configured to receive response information of the gateway management and control server for the data forwarding processing request;
the socket client closing unit is connected with the response information receiving unit and used for closing the socket client when the gateway management and control server fails to respond so as to quit the bridge building process;
and the data forwarding starting unit is connected with the response information receiving unit and used for starting data forwarding between the remote login port and the external network IP port when the gateway control server side successfully responds.
The invention has the following beneficial effects:
1. the remote login method for the edge computing node is realized by utilizing an open source programming technology, is low in cost and can be customized;
2. the bridge is built according to the requirement, the bridge is built to realize intranet penetration when the remote login to the edge computing node is required, and the bridge is closed when the login exits, so that the port resource of the edge computing node is not occupied for a long time;
3. the single bridge is only connected with a single user, and is safe and controllable;
4. only one external network IP port is provided to keep network connection with a plurality of edge computing nodes, and the remote login port is only accessed by an internal network user, so that the remote login safety of the edge computing nodes is ensured.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings.
Wherein the showings are for the purpose of illustration only and are shown by way of illustration only and not in actual form, and are not to be construed as limiting the present patent; to better illustrate the embodiments of the present invention, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product; it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if the terms "upper", "lower", "left", "right", "inner", "outer", etc. are used for indicating the orientation or positional relationship based on the orientation or positional relationship shown in the drawings, it is only for convenience of description and simplification of description, but it is not indicated or implied that the referred device or element must have a specific orientation, be constructed in a specific orientation and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes and are not to be construed as limitations of the present patent, and the specific meanings of the terms may be understood by those skilled in the art according to specific situations.
In the description of the present invention, unless otherwise explicitly specified or limited, the term "connected" or the like, if appearing to indicate a connection relationship between the components, is to be understood broadly, for example, as being fixed or detachable or integral; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or may be connected through one or more other components or may be in an interactive relationship with one another. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Fig. 1 is a schematic structural diagram illustrating an edge computing node telnet apparatus according to an embodiment of the present invention. As shown in fig. 1, the apparatus includes a management and control server 1 and a gateway 2 communicatively connected to the management and control server 1, where the management and control server 1 includes a gateway management and control server 11 and a server bridging tool 12, the gateway 2 includes a gateway client 21 and an edge computing node bridging tool 22 (the "box bridging tool" shown in fig. 1 is an edge computing node bridging tool), the gateway management and control server 11 registers a session after receiving a bridge building (bridge) instruction initiated by a user side, and allocates an intranet open port to wait for port pairing, and the intranet open port is denoted as a 20XX port;
the gateway management and control server 11 notifies the gateway client 21 that a port pairing request is currently provided, and simultaneously starts the server bridging tool 12 to establish the forwarding node B with the 20XX port, so as to establish a bidirectional data forwarding channel Y from the 20XX port to the forwarding node B (communication data can be bidirectionally forwarded between the 20XX port and the forwarding node B), and the server bridging tool 12 completes requesting data forwarding processing to an external network IP port 3 of an edge computing node (in this embodiment, the external network IP port 3 adopts a 9022 port of the edge computing node) after establishing the channel Y;
after receiving the notification instruction, the gateway client 21 starts the edge-computing-node-side bridging tool 22 to establish a forwarding node a of the telnet port 4 of the edge computing node (in this embodiment, the telnet port 4 uses an SSH service 22 port of the edge computing node), so as to establish a bidirectional data forwarding channel X from the telnet port 4 to the forwarding node a (communication data can be bidirectionally forwarded between the telnet port 4 and the forwarding node a), and the edge-computing-node-side bridging tool 22 requests the same external network IP port 3 for data forwarding after completing establishment of the channel X;
after receiving a data forwarding processing request of a server side bridging tool 12 and an edge computing node side bridging tool 22 through an external network IP port 3, a gateway management and control server 11 establishes a bidirectional data forwarding channel Z of a forwarding node A-an external network IP port-a forwarding node B (communication data can be bidirectionally forwarded between the forwarding node A-the external network IP port-the forwarding node B), thereby completing port pairing between a remote login port 4 and a 20XX port;
the user accesses the 20XX port allocated to the edge computing node through the SSH terminal and finally connects to the remote login port 4 of the edge computing node along the communication path of the channel Y-channel Z-channel X, so as to realize the remote operation and maintenance of the edge computing node.
The gateway management and control server 11 internally includes an instruction processing module 111 and a pairing forwarding module 112. Fig. 5 shows a schematic diagram of an internal structure of the instruction processing module, and as shown in fig. 5, the instruction processing module specifically includes:
the bridge building instruction receiving unit is used for receiving the bridge building instruction initiated by a user;
the instruction analysis unit is connected with the bridge building instruction receiving unit and used for analyzing sessionId (session ID) and boxId (gateway number) from the bridge building instruction;
the intranet open port distribution unit is used for distributing a 20XX port for connecting the SSH terminal;
a session registration and initialization unit connected to the instruction parsing unit, configured to register a session according to the parsed sessionId, and initialize a session state of the session to "state = INIT";
the bridge building instruction issuing unit is connected with the bridge building instruction receiving unit and the instruction analyzing unit and is used for issuing a bridge building instruction to the gateway client corresponding to the boxId;
the internal network open port assigning unit is connected with the internal network open port assigning unit and is used for locally calling a server bridging tool and assigning a 20XX port from each assigned 20XX port for each edge computing node;
the session state updating unit is used for updating the session state of the session according to the session state updating instruction generated by the pairing forwarding module;
a unit for judging whether the bridge is built successfully or not, a session state updating unit is connected, and is used for judging whether the session state of the session is updated to 'stat = SUCC',
if so, indicating that the port pairing is successful and informing the user that the bridge building is successful;
if not, indicating that the port pairing is failed and informing the user that the bridge building is failed.
Fig. 6 shows a schematic internal structure diagram of the pairing forwarding module. As shown in fig. 6, the pairing forwarding module includes:
a socket client creating unit for creating a socket client;
the data forwarding processing request receiving unit is connected with the socket client creating unit and used for receiving data forwarding processing requests of the forwarding node A and the forwarding node B through the external network IP port of the edge computing node;
the request content analyzing unit is connected with the data forwarding processing request receiving unit and is used for analyzing the sessionId and the request source type of the session from the data forwarding processing request, and the request source type is a service end bridging tool and/or an edge computing node end bridging tool;
an ID registration judging unit, a connection request content analyzing unit, for judging whether the analyzed sessionId is registered;
the socket client closing unit is connected with the ID registration judging unit and used for closing the socket client when the sessionId is judged to be unregistered;
a socket client registration unit connected with the ID registration judgment unit and the request content analysis unit and used for registering the socket client to the server client and/or the box client (gateway client corresponding to the boxID) under the current sessionId according to the analyzed request source type when the sessionId is judged to be registered; registering the socket client to the server client and the boxID client under the current sessionId is a 'bridging' process, the management and control server already establishes a data forwarding channel Y, the gateway already establishes a data forwarding channel X, and the purpose of registering the socket client to the server client and the boxID client under the current sessionId is to establish a third bridging channel Z between the channel X and the channel Y to complete bridging between the channel X and the channel Y.
The server client registration unit is connected with the socket client registration unit and used for registering the server client;
the box client registration unit is connected with the socket client registration unit and used for registering a box client (a gateway client corresponding to the boxID);
the system comprises a server client registration unit, a box client registration unit and a registration judging unit, wherein the server client registration unit and the box client registration unit are respectively connected with the server client registration unit and the box client registration unit and are used for judging whether the server client or the box client is successfully registered;
a session state update instruction generating and sending unit connected with the registration judging unit for generating a session state update instruction and sending the session state update instruction to the session state update unit in the instruction processing module after judging that the server client and the box client are all successfully registered,
the sessionId logout unit is connected with the registration judgment unit and used for logging off the sessionId when judging that the server client or the box client fails to register;
the notification unit is connected with the registration judging unit, is used for generating a bridge construction success notification to be pushed to a user and generating response success information to be sent to the server side bridging tool and the edge computing node side bridging tool after judging that the server client side and the box client side are completely registered successfully, and is used for generating a bridge construction failure notification to be pushed to the user and generating response failure information to be sent to the server side bridging tool and the edge computing node side bridging tool when judging that the server client side or the box client side is not registered successfully;
and the opening data forwarding notification unit is connected with the registration judging unit and is used for generating opening data forwarding notification and sending the opening data forwarding notification to the forwarding node A and the forwarding node B after judging that the server client and the box client are completely registered successfully.
Fig. 7 shows an internal structural diagram of the service-side bridging tool. As shown in fig. 7, the server bridging tool includes:
the instruction analysis unit is used for analyzing sessionId of the session and the allocated port information of the 20XX port from an instruction sent by the gateway management and control server to the server bridging tool;
the socket server creation unit is used for creating and starting a socket server;
the port monitoring unit is connected with the socket server creation unit and used for monitoring the 20XX port through the socket server;
the forwarding node establishing unit is connected with the port monitoring unit and used for establishing a forwarding node B of the monitored 20XX port;
the data forwarding processing request generating unit is used for generating a data forwarding processing request of the bridging tool of the associated service end;
a data forwarding processing request sending unit, connected to the data forwarding processing request generating unit and the socket server creating unit, configured to send a data forwarding processing request to an extranet IP port of the edge computing node, where the data forwarding processing request includes a sessionId of a session and a request source type (where the request source type is a server bridging tool);
a response information receiving unit, configured to receive response information of the gateway management and control server for the data forwarding processing request (the response information includes response success information and response failure information);
the first port closing unit is connected with the response information receiving unit and the port monitoring unit and is used for closing the monitored 20XX port when the response of the gateway management and control server fails;
a port connection judging unit, configured to judge whether the SSH terminal is connected to the monitored 20XX port;
the data forwarding starting unit is used for starting data forwarding of the 20XX port and the IP port of the external network after judging that the SSH terminal is successfully connected with the 20XX port;
and the second port closing unit is connected with the judging unit for judging whether the port is connected with the port, and is used for closing the 20XX port to exit the bridge building process after judging that the SSH terminal is failed to be connected with the 20XX port.
Fig. 8 shows an internal structural diagram of the edge computing node-side bridging tool. As shown in fig. 8, the edge-computing-node-side bridging tool includes:
the instruction analysis unit is used for analyzing sessionId of the session from an instruction sent by the gateway client to the bridging tool of the edge computing node end;
the socket client creating unit is used for creating and starting a socket client;
the remote login port connecting unit is connected with the socket client creating unit and is used for connecting a remote login port of the edge computing node through the socket client;
a forwarding node establishing unit connected with the remote login port connecting unit and used for establishing a forwarding node A of the connected remote login port;
the data forwarding processing request generating unit is used for generating a data forwarding processing request of a bridging tool of the associated edge computing node end;
the data forwarding processing request sending unit is connected with the data forwarding processing request generating unit and the socket client creating unit and is used for sending a data forwarding processing request to an extranet IP port of the edge computing node through the socket client, wherein the data forwarding processing request contains a sessionId of a session and a request source type (the request source is an edge computing node end bridging tool);
a response information receiving unit, configured to receive response information of the gateway management and control server for the data forwarding processing request (the response information includes response success information and response failure information, and if sessionId carried in the data forwarding processing request from the server bridging tool and from the edge computing node bridging tool is consistent, the gateway management and control server generates response success information, otherwise, the gateway management and control server generates response failure information);
the Socket client closing unit is connected with the response information receiving unit and used for closing the Socket client when the gateway management and control server fails to respond so as to quit the bridge building process;
and the data forwarding starting unit is connected with the response information receiving unit and used for starting data forwarding between the remote login port and the external network IP port when the gateway control server side successfully responds.
The method for realizing the remote login of the edge computing node by the device is specifically described as follows:
an instruction processing module in the gateway management and control server is responsible for receiving a bridge building instruction of a user, issuing the bridge building instruction, registering a session after receiving the bridge building instruction, allocating an intranet open port (20 XX port) and waiting for port pairing.
The server bridging tool is used for establishing a forwarding node B and realizing data forwarding from a 20XX port to a 9022 port, and the specific implementation mode is as follows:
and establishing a forwarding node B with a 20XX port, and establishing a bidirectional data forwarding channel Y between the 20XX port and the forwarding node B. The create socket service listens for the 20XX port to wait for SSH terminals to connect to the 20XX port (only one SSH terminal is connected to one 20XX port to improve the security of telnet). And creating a socket client to establish connection between the forwarding node B and the 9022 port, so that the communication connection between the 20XX port and the 9022 port is realized, and mutual forwarding of messages is realized.
And the gateway client is communicated with the gateway management and control server through a wireless communication network (such as a 4G network) and is responsible for receiving the instruction.
The edge computing node end bridging tool is used for establishing a forwarding node A and realizing data forwarding from an SSH service 22 port to a 9022 port, and the specific implementation mode is as follows:
the establishment socket client establishes connection between the forwarding node A and the 9022 port, and establishes connection between the forwarding node A and the SSH service 22 port, so that communication connection between the SSH service 22 port and the 9022 port is realized, and mutual forwarding of messages between the two ports is realized.
After receiving the data forwarding processing request of the forwarding node a and the forwarding node B, the pairing forwarding module in the gateway management and control server completes pairing of the SSH service 22 port and the 20XX port according to the session, and the specific implementation manner is as follows:
a socket server monitoring 9022 port is created, data forwarding processing requests of a forwarding node A and a forwarding node B are waited, when the forwarding node A and the forwarding node B are connected with the 9022 port for the first time, session IDs and request sources are carried (the request source is a server bridging tool or an edge computing node bridging tool), a gateway management and control server judges whether the session IDs carried in the data forwarding processing requests from the server bridging tool and the edge computing node bridging tool are consistent or not,
and if the two ports are consistent, completing the port pairing of the forwarding node A and the forwarding node B, and establishing a communication channel between the 20XX port of the edge computing node, the forwarding node B-9022 port and the forwarding node A-SSH service 22 port.
Finally, the user accesses the 20XX port of the edge computing node through the SSH terminal to connect with the SSH service 22 port, so as to realize the remote operation and maintenance of the edge computing node.
Fig. 2 shows a bridge building flow chart of the gateway management and control server. More specifically, as shown in fig. 2, the gateway management and control server 11 includes an instruction processing module 111 and a pairing forwarding module 112, and the method for processing the bridge building instruction initiated by the user by the instruction processing module 111 includes:
step A1, receiving a bridge building instruction initiated by a user;
step A2, parsing sessionId and boxId from the bridge building instruction, and allocating 20XX ports;
step a3, registering sessionId and initializing session state as "stat = INIT";
step A4, issuing a bridge building instruction to a gateway client corresponding to the gateway number boxId;
step A5, locally calling a server bridging tool, and assigning a 20XX port from the distributed 20XX ports for each edge computing node;
step A6, waiting for the subsequent bridge construction process of the pairing forwarding module, and updating the session state according to the bridge construction result of the pairing forwarding module;
step a7, determining whether the session status changes to "stat = SUCC" for a duration period,
if so, indicating that the port pairing is successful and informing the user that the bridge building is successful;
if not, indicating that the port pairing is failed and informing the user that the bridge building is failed.
Referring to fig. 2, the bridge establishment process of the pairing forwarding module 112 includes:
step B1, creating a socket client, and receiving data forwarding processing requests of a forwarding node A and a forwarding node B from an external network IP port (9022 port) of an edge computing node through the socket client;
step B2, parsing sessionId and request source type from the data forwarding processing request (the request source type is a service-side bridging tool or an edge-computing node-side bridging tool);
step B3, determine whether the parsed sessionId is already registered,
if not, notifying the user that the bridge building is failed and closing the socket client created in the step B1;
if yes, go to step B4;
step B4, if the analyzed request source type is a server bridging tool, registering the socket client to the server client (serverclinet) under the current sessionId;
if the analyzed request source type is an edge computing node end bridging tool, registering the socket client to a box client (boxclinet) under the current sessionId;
step B5, waiting for the server client and box client to register, and judging whether the registration is successful,
if all the registrations are successful, judging that the 20XX port of the edge computing node is successfully paired with the SSH service 22 port, generating a session state updating instruction, sending the session state updating instruction to the instruction processing module, and turning to the step B6;
if the server client or the box client fails to register (for example, if the server client or the box client registers overtime, the client is determined to be failed to register), the sessionId is cancelled;
step B6, informing forwarding node a and forwarding node B that the bridge establishment is successful can start data forwarding.
Fig. 3 shows a bridge building flow diagram of the server side bridging tool. As shown in fig. 3, the bridge building process of the server-side bridge tool includes:
step C1, the server bridging tool resolves sessionId of the session and the allocated port information of the 20XX port from the instruction sent by the gateway control server;
step C2, starting the socket server to monitor the 20XX port;
step C3, establishing the data forwarding node B of the monitored 20XX port;
step C4, starting the socket client to send a data forwarding processing request to the extranet IP port (9022 port) of the edge computing node, where the data forwarding processing request includes the sessionId of the session and the request source type (where the request source type is a server bridging tool);
step C5, waiting for the response of the gateway management and control service end to the data forwarding processing request,
if the response is successful, the step C6 is carried out;
if the response fails, closing the monitored 20XX port and exiting the bridge building process;
step C6, wait for the SSH terminal to connect the listened 20XX port,
if the connection is successful, establishing a data forwarding channel between the 20XX port and the forwarding node B-9022 port, and starting data forwarding of the 20XX port and the 9022 port;
if the connection fails (for example, if the connection fails if the connection is not connected after time out), closing the 20XX port and exiting the bridge building process.
In the technical scheme, the gateway client is responsible for communication between the SSH terminal and the edge computing node, and long connection with the gateway management and control server is kept through wireless communication networks such as 4G and the like. Meanwhile, the gateway client is also used for receiving an instruction to call the bridging tool of the edge computing node segment.
FIG. 4 shows a bridge building flow diagram of the edge compute node-side bridging tool. As shown in fig. 4, the process of building a bridge by the edge computing node-side bridging tool includes:
step D1, the edge computing node end bridging tool analyzes sessionId of the session from the instruction sent by the gateway client;
step D2, starting the SSH service 22 port (remote login port) of the socket client connecting edge computing node;
step D3, establishing a forwarding node A of the SSH service 22 port, and establishing a communication channel between the SSH service 22 port and the forwarding node A;
step D4, sending a data forwarding processing request to the 9022 port of the edge computing node by using the socket client, where the data forwarding processing request includes a sessionId of the session and a request source type (where the request source type is an edge computing node-side bridging tool);
step D5, waiting for the response of the gateway management and control server to the data forwarding processing request,
if the response is successful, establishing a data forwarding channel between the SSH 22 port and the forwarding node A-9022 port, and starting data forwarding of the SSH 22 port and the 9022 port;
if the response fails, closing the socket client and exiting the bridge building process.
In summary, the edge computing node remote login apparatus provided by the present invention only needs to provide one extranet IP port (9022 port), and the port is not a port of the direct proxy edge computing node, and data accessing the port needs to be forwarded by the forwarding node a or the forwarding node B, so that the communication security is high. In addition, the 20XX port is an internal network open port, is not exposed to an external network, is only accessed by an internal network user, and ensures the safety of remote operation and maintenance operation. One agent of one session, namely the port mapping between the established 20XX port and the SSH service 22 port is temporary bridging, only one user is allowed to pass through each time, the session is closed, the port resources are immediately released, and the port resources of the edge computing node are not occupied for a long time.
The present invention also provides a remote login method for an edge computing node, as shown in fig. 9, the remote login method includes:
step S1, the gateway management and control server side registers the conversation after receiving the bridge building instruction initiated by the user side, and allocates an intranet open port to wait for port pairing, and the intranet open port is recorded as a 20XX port;
step S2, the gateway management and control server informs the gateway client that there is a port pairing request currently, and simultaneously starts the server bridging tool to establish a 20XX port forwarding node B to construct a bidirectional data forwarding channel Y from the 20XX port to the forwarding node B, and then the server bridging tool requests the outer network IP port of the edge computing node for data forwarding processing;
step S3, after the gateway client receives the notification instruction, the gateway client starts the edge computing node bridging tool to establish the forwarding node A of the remote login port of the edge computing node so as to construct a bidirectional data forwarding channel X from the remote login port to the forwarding node A, and then the edge computing node bridging tool requests the same external network IP port for data forwarding processing;
step S4, the gateway management and control server receives the data forwarding processing request of the server bridging tool and the edge computing node bridging tool through the external network IP port, and then constructs a bidirectional data forwarding channel Z of a forwarding node A-the external network IP port-a forwarding node B, and completes port pairing between the remote login port and the internal network open port;
in step S5, the user accesses the 20XX port allocated to the edge computing node through the SSH terminal and finally connects to the telnet port of the edge computing node along the communication path of the Y-channel Z-channel X, thereby implementing remote operation and maintenance of the edge computing node.
It should be understood that the above-described embodiments are merely preferred embodiments of the invention and the technical principles applied thereto. It will be understood by those skilled in the art that various modifications, equivalents, changes, and the like can be made to the present invention. However, such variations are within the scope of the invention as long as they do not depart from the spirit of the invention. In addition, certain terms used in the specification and claims of the present application are not limiting, but are used merely for convenience of description.