CN113660313A - Node scheduling method and device based on cloud protection, electronic device and storage medium - Google Patents
Node scheduling method and device based on cloud protection, electronic device and storage medium Download PDFInfo
- Publication number
- CN113660313A CN113660313A CN202110846437.7A CN202110846437A CN113660313A CN 113660313 A CN113660313 A CN 113660313A CN 202110846437 A CN202110846437 A CN 202110846437A CN 113660313 A CN113660313 A CN 113660313A
- Authority
- CN
- China
- Prior art keywords
- label
- node
- label information
- scheduling
- matching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
- H04L67/63—Routing a service request depending on the request content or context
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The application relates to a node scheduling method, a node scheduling device, an electronic device and a storage medium based on cloud protection, wherein the node scheduling method based on cloud protection comprises the following steps: acquiring an access request of a terminal, and acquiring label information of a corresponding access site according to the access request; matching a scheduling algorithm corresponding to the label information of the access site by using the sorting selector; and determining a target node of the access request according to the matched scheduling algorithm so as to complete the scheduling of the node. The method solves the problems that access requests under different scenes are matched with improper nodes, so that access request delay time is long, node load is overhigh and access request processing efficiency is affected.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a node scheduling method and apparatus based on cloud protection, an electronic apparatus, and a storage medium.
Background
While the network security is more and more emphasized, the network security also faces high-risk situations, such as: 0day outbreak, DDOS, tampering, information leakage, scanning/crawler and other attack threats, and great influence is generated on the society and the economy. The cloud protection platform gradually has the tendency of replacing hardware Waf due to the advantages of no need of construction cost, operation and maintenance cost, convenience and no perception in deployment, no need of occupying hardware space and the like.
At present, a cloud protection platform guides an access request initiated by a terminal to a cloud protection node in a drainage manner, and after detection and protection interception, the access request is fixedly sent to a corresponding node for scheduling according to relevant configuration deployed in the node. The fixed access node mode has the problem that access requests under different scenes are matched with unsuitable nodes, so that the access request delay time is long, the node load is too high, and the access request processing efficiency is influenced.
At present, no effective solution is provided for the problem that access requests under different scenes are matched with unsuitable nodes in the related art, so that the delay time of the access requests is long, the node load is too high, and the access request processing efficiency is influenced.
Disclosure of Invention
The embodiment of the application provides a node scheduling method, a node scheduling device, an electronic device and a storage medium based on cloud protection, so as to solve at least the problem that access requests under different scenes are matched with unsuitable nodes in the related art, thereby causing the problems of large delay time of the access requests, overhigh node load and influence on the efficiency of processing the access requests.
In a first aspect, an embodiment of the present application provides a node scheduling method based on cloud protection, including:
acquiring an access request of a terminal, and acquiring label information of a corresponding access site according to the access request;
matching a scheduling algorithm corresponding to the label information of the access site by using a classification selector;
and determining a target node of the access request according to the matched scheduling algorithm so as to complete node scheduling.
In some embodiments, the cloud protection-based node scheduling method provided by the present application further includes:
when a station needing protection is accessed to cloud protection, marking the station information of the station to obtain the label information.
In some embodiments, the cloud protection-based node scheduling method provided by the present application further includes:
and after the node scheduling is finished, screening the target node according to a preset bandwidth condition to determine an optimal target node.
In some embodiments, the screening the target node according to a preset bandwidth condition to determine a preferred target node includes:
and judging whether the target node meets a preset bandwidth condition, and screening a preferred target node meeting the preset bandwidth condition as the preferred target node.
In some embodiments, the cloud protection-based node scheduling method provided by the present application further includes:
after the target nodes are screened according to preset bandwidth conditions to determine preferred target nodes, the access requests are washed on the preferred target nodes to obtain washed access requests, and the washed access requests are sent to a source-returning site by using the preferred target nodes.
In some embodiments, the matching, by the category selector, a scheduling algorithm corresponding to the tag information of the visited site includes:
carrying out scheduling algorithm matching on the label information of the access site by using the classification selector;
if the traffic demand label in the label information meets a threshold condition, matching a weighted minimum traffic priority scheduling algorithm;
if a second service traffic label in the label information is smaller than a second traffic threshold, matching a bandwidth proportional scheduling algorithm;
if the traffic demand label in the label information does not meet the threshold condition, the second service traffic label is greater than or equal to the second traffic threshold, and the area label in the label information belongs to a remote area library, matching the local priority scheduling algorithm;
if the unit label in the label information belongs to the official unit library, matching an RT-thread minimum scheduling algorithm;
and if the traffic demand label in the label information does not meet the threshold condition, the second service traffic label is smaller than a second traffic threshold, the area label in the label information does not belong to a remote area library, and the unit label in the label information does not belong to an official unit library, matching a polling scheduling algorithm.
In some embodiments, the matching a weighted minimum traffic-first scheduling algorithm if the traffic demand label in the label information satisfies a threshold condition includes:
if a first service flow label in the label information is smaller than a first flow threshold value;
or, the label information has a video flow label;
or, the label information has a large-volume picture label;
then the weighted minimum traffic-first scheduling algorithm is matched.
In a second aspect, an embodiment of the present application provides a node scheduling apparatus based on cloud protection, including an obtaining module, a matching module, and a selecting module;
the acquisition module is used for acquiring an access request of a terminal and acquiring the label information of a corresponding access site according to the access request;
the matching module is used for matching a scheduling algorithm corresponding to the label information of the access site by using the classification selector;
and the selection module is used for determining a target node of the access request according to the matched scheduling algorithm so as to complete node scheduling.
In a third aspect, an embodiment of the present application provides an electronic apparatus, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor, when executing the computer program, implements the cloud protection-based node scheduling method according to the first aspect.
In a fourth aspect, an embodiment of the present application provides a storage medium, on which a computer program is stored, where the program, when executed by a processor, implements the cloud protection-based node scheduling method according to the first aspect.
Compared with the related art, the node scheduling method, the node scheduling device, the electronic device and the storage medium based on cloud protection provided by the embodiment of the application acquire the access request of the terminal and acquire the tag information of the corresponding access site according to the access request; matching a scheduling algorithm corresponding to the label information of the access site by using a classification selector; and determining a target node of the access request according to the matched scheduling algorithm so as to complete node scheduling. The method solves the problems that access requests under different scenes are matched with improper nodes, so that access request delay time is long, node load is overhigh and access request processing efficiency is affected.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart of a node scheduling method based on cloud protection according to an embodiment of the present application;
fig. 2 is a flowchart of a node scheduling method based on cloud protection according to a first preferred embodiment of the present application;
fig. 3 is a flowchart of a node scheduling method based on cloud protection according to a second preferred embodiment of the present application;
FIG. 4 is a flowchart of step S220 in FIG. 1;
fig. 5 is a block diagram illustrating a structure of a node scheduling apparatus based on cloud protection according to an embodiment of the present application.
In the figure: 210. an acquisition module; 220. a matching module; 230. and selecting a module.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference herein to "a plurality" means greater than or equal to two. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
It should be noted that the cloud protection of the present application may be established on a cloud protection platform. Such as: one site is accessed to a cloud protection platform, and the cloud protection platform acquires the label information of the site. The label information has a mapping relationship with the domain name or the IP address of the site, and it can be considered that the label information of the corresponding site can be obtained through the domain name or the IP address. The label information refers to a traffic demand label (a first service traffic label, a video traffic label, a large-volume picture label), a second service traffic label, a region label, a unit label, a node ip white list label, a bandwidth label, and the like. Based on the labels, the actual requirements of the sites can be known. In other embodiments, the cloud protection may take other forms, such as: in a local area network, one host may be used as a cloud protection center, and other hosts are terminals, which is not limited to this.
The embodiment provides a node scheduling method based on cloud protection, and fig. 1 is a flowchart of a node scheduling method based on cloud protection according to an embodiment of the present application, and as shown in fig. 1, the flowchart includes the following steps:
step S210, obtaining an access request of a terminal, and obtaining label information of a corresponding access site according to the access request;
step S220, matching a scheduling algorithm corresponding to the label information of the access site by using the sorting selector;
and step S230, determining a target node of the access request according to the matched scheduling algorithm so as to complete node scheduling.
In this embodiment, the terminal may be an intelligent terminal such as a computer terminal, a mobile phone terminal, a tablet terminal, and the like, and may be regarded as the terminal in this embodiment as long as the terminal can initiate an access request. The domain name or IP address of the site to be accessed can be obtained by analyzing the access request; because the domain name or the IP address has a mapping relation with the label information, the corresponding label information can be obtained through the domain name or the IP address. In the next time, it should be noted that the access station is a station that the terminal initiates an access request and needs to access.
The category selector may be a distribution selector or a load balancer, which may match the corresponding scheduling algorithm according to the site's label information. Optionally, the scheduling algorithm mainly relates to a weighted minimum traffic priority scheduling algorithm, a bandwidth proportion scheduling algorithm, a regional immediate priority scheduling algorithm, an RT-thread minimum scheduling algorithm, and a round robin scheduling algorithm; determining target nodes which accord with different scenes in the access request by utilizing the five algorithms; the scheduling mode of the nodes can be optimized, the occurrence probability of the unsmooth condition of the accessed target nodes is reduced, and the access speed is improved. And matching the target node with a scheduling algorithm, namely processing according to the scheduling algorithm to determine the target node of the access request. Such as: the matching is a regional nearest priority scheduling algorithm, namely, the nodes are selected nearby according to the region to which the website belongs. The same is true for other scheduling algorithms, which do not evolve here.
Through the steps, the problems that access requests are matched to improper nodes in different scenes, so that access request delay time is long, node load is too high, and access request processing efficiency is affected are solved.
The embodiments of the present application are described and illustrated below by means of preferred embodiments.
In some embodiments, on the basis of fig. 1, the cloud protection-based node scheduling method provided in the present application further includes the following steps:
and S200, marking the site information of the site when the site needing protection is accessed to cloud protection to obtain label information.
Specifically, when a station needing protection is connected to the cloud protection platform, marking is carried out on station information, and therefore label information is obtained. The site information is the actual situation of the site, and includes but is not limited to domain name, IP address, area, traffic, video, picture, etc. The label information obtained by marking has a corresponding relation with a domain name or an IP address. Wherein marking may be achieved by training the model. In one embodiment, when a station needing protection accesses to cloud protection, marking is carried out on station information of the station, meanwhile, a scheduling algorithm corresponding to label information of the station can be matched by using a classification selector, and then when a terminal initiates an access request, subsequent processing is directly carried out according to the matched scheduling algorithm, so that the access speed can be further improved.
In some embodiments, on the basis of fig. 1, as shown in fig. 2, the cloud protection-based node scheduling method provided in the present application further includes the following steps:
step S240, after the node scheduling is completed, the target node is screened according to a preset bandwidth condition to determine a preferred target node.
Specifically, whether the target node meets a preset bandwidth condition is judged, and a preferred target node meeting the preset bandwidth condition is screened out to serve as the preferred target node. And excluding the target nodes which do not meet the preset bandwidth condition, and only reserving the preferred target nodes which meet the preset bandwidth condition. It is necessary to know that by schedulingThe target node number determined by the algorithm may be multiple or only one. If the target nodes do not meet the preset bandwidth condition, the scheduling algorithm corresponding to the label information of the access site needs to be matched by the classification selector again; and determining a target node of the access request according to the matched scheduling algorithm. Wherein the preset bandwidth condition is
And the nodes of the target node are screened from the aspect of bandwidth, so that the load of the nodes is effectively controlled, and the efficiency of accessing the website can be improved. In this embodiment, the target node is mainly screened according to a preset bandwidth condition to obtain the target node. Or, a configuration condition or an agent condition may be set to filter the target node, which is not limited.
In some embodiments, on the basis of fig. 2, as shown in fig. 3, the cloud protection-based node scheduling method provided in the present application further includes the following steps:
and step S250, after the target nodes are screened according to the preset bandwidth condition to determine the preferred target nodes, the access requests are washed on the preferred target nodes to obtain washed access requests, and the washed access requests are sent to the source-returning site by using the preferred target nodes.
In the embodiment, the access request is flushed by using the attack characteristic data packet, so that interception and flushing of abnormal access and attack in the external network are realized. In this embodiment, the bandwidth capability and the defense capability of the device can be adjusted as required, and the normal flow passing capability of 10M is equipped with the flushing capability of 1G, so that the device can efficiently defend against DDOS attacks of SYNFlood, ACK Flood, ICMP Flood, udpfflood and DNS Flood. And effectively processing: and application layer attacks such as connection exhaustion, HTTPget Flood, DNS Query Flood and CC attack. And for various new varieties of attacks, the latest attack characteristics can be analyzed and extracted in time according to the attack characteristic data packet, and the defense means can be updated in real time.
And the flushing on the target node is equivalent to that in a virtual network, anyone detects only the IP of the target node for flushing defense, but not the real IP address of the real data, and is equivalent to that a plurality of layers of protective nets are added to block attacks outside the protective nets. And finally, the flushed access request is sent to the source-returning site by using the target node, so that the access of the terminal access request is completed, and the protection capability is improved.
In some embodiments, as shown in fig. 4, step S220 includes the following steps;
step S221, the sorting selector is used for carrying out scheduling algorithm matching on the label information of the access site;
step S222, if the traffic demand label in the label information meets a threshold condition, matching a weighted minimum traffic priority scheduling algorithm;
step S223, if the second service flow label in the label information is smaller than the second flow threshold, matching the bandwidth proportional scheduling algorithm;
step S224, if the traffic demand label in the label information does not meet the threshold condition, the second service traffic label is greater than or equal to the second traffic threshold, and the area label in the label information belongs to the remote area library, matching the local priority scheduling algorithm;
step S225, if the unit label in the label information belongs to the official party unit library, matching with an RT-thread minimum scheduling method;
step S226, if the traffic demand label in the label information does not satisfy the threshold condition, the second traffic flow label is smaller than the second traffic flow threshold, the area label in the label information does not belong to the remote area library, and the unit label in the label information does not belong to the official unit library, then the polling scheduling algorithm is matched.
In the embodiment, the classification selector is used for matching with five scheduling algorithms according to the label information. Specifically, if the traffic demand label in the label information meets the threshold condition, a weighted minimum traffic priority scheduling algorithm is matched; the traffic demand label comprises a first service traffic label, a video traffic label or a large-volume picture label, and the threshold condition corresponds to the traffic demand label. That is to say if the first traffic flow label in the label information is smaller than the first traffic flow threshold; or, the label information has a video flow label; or, the label information has a large-volume picture label; then the weighted minimum traffic-first scheduling algorithm is matched. The first traffic threshold is 50M, that is, if the traffic in the first service traffic label is greater than 50M, the first traffic threshold is satisfied. Wherein, the weighted minimum traffic priority scheduling algorithm is to select the node with the minimum bandwidth utilization rate (the sum of the current traffic/uplink and downlink bandwidths). Therefore, the selection of the nodes under the scene that the access service flow demand is large, the video flow demand exists or the page has the large-volume picture demand is met, the load of the access nodes is reduced, and the user access experience is improved.
The second traffic threshold is 10M, that is, if the traffic in the second service traffic label is less than 10M, the bandwidth proportional scheduling algorithm is matched. The bandwidth proportional scheduling algorithm is the proportion of the node bandwidth in the sum of all the node bandwidths, and the probability of selecting a node is in direct proportion to the sum of the uplink bandwidth and the downlink bandwidth of the node. Therefore, the selection of the nodes under the scene with small access service flow requirement is met, the access efficiency is improved, and the user access experience is improved.
If the traffic demand label in the label information does not meet the threshold condition, the second service traffic label is greater than or equal to the second traffic threshold, and the area label in the label information belongs to the remote area library, then the matching area near-priority scheduling algorithm is performed; the regional nearest priority scheduling algorithm is that the nodes are selected nearby according to the region of the website. If the local area is remote area library, the matching area near priority scheduling algorithm selects the nodes near. Therefore, the selection of the nodes in the scene of the remote area library is met. The remote area library can be regarded as a set of IP addresses, or can be regarded as an IP library, and the area labels are compared with the IP library one by one, and if the area labels have the same IP in the IP library, the area labels belong to the remote area library. Therefore, the selection of the nodes under the scene of visiting remote areas is met, the visiting success rate and timeliness are improved, and the user visiting experience is improved.
If the unit label in the label information belongs to the official unit library, matching an RT-thread minimum scheduling algorithm; the RT-thread minimum scheduling algorithm is to detect RTT of a destination address through each link, and select a node with the minimum RTT value according to the RTT obtained by detection. The official unit library can be regarded as a set of domain names, and the unit labels are compared with the official unit library one by one, and if the unit labels have the same domain name in the official unit library, the unit labels belong to the official unit library. Therefore, the selection of the nodes under the scene of visiting official units is met, the visiting delay is reduced, and the visiting experience of the user is improved.
If the label information does not meet the above condition, namely the flow demand label in the label information does not meet the threshold condition, the second service flow label is smaller than the second flow threshold, the area label does not belong to the remote area library, and the unit label does not belong to the official unit library; then the polling scheduling algorithm is matched. The polling scheduling algorithm is used for scheduling all nodes in turn and has the characteristic of equal opportunity. The selection of the nodes under the residual scenes can be met. Therefore, the method and the device can be suitable for various scenes and meet different requirements.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here. For example: the sequence from step S222 to step S223 may be interchanged, and if the traffic demand label in the label information satisfies the threshold condition, the weighted minimum traffic priority scheduling algorithm is performed first; and then executing a bandwidth proportion scheduling algorithm if a second service flow label in the label information is smaller than a second flow threshold. This is not an example.
The present embodiment further provides a node scheduling apparatus based on cloud protection, where the apparatus is used to implement the foregoing embodiments and preferred embodiments, and the description of the apparatus is omitted here. As used hereinafter, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 5 is a block diagram illustrating a structure of a node scheduling apparatus based on cloud protection according to an embodiment of the present application, and as shown in fig. 5, the apparatus includes an obtaining module 210, a matching module 220, and a selecting module 230;
an obtaining module 210, configured to obtain an access request of a terminal, and obtain tag information of a corresponding access site according to the access request;
a matching module 220, configured to match, by using the sorting selector, a scheduling algorithm corresponding to the tag information of the visited site;
and a selecting module 230, configured to determine a target node of the access request according to the matched scheduling algorithm, so as to complete node scheduling.
By the aid of the device, the problems that access requests are matched with improper nodes in different scenes, access request delay time is long, node load is too high, and access request processing efficiency is affected are solved.
In some embodiments, the cloud protection-based node scheduling apparatus provided by the present application further includes a marking module on the basis of fig. 5;
and the marking module is used for marking the site information of the site to obtain the label information when the site to be protected is accessed to the cloud protection.
In some embodiments, the cloud protection-based node scheduling apparatus provided in the present application further includes a screening module on the basis of fig. 5;
and the screening module is used for screening the target node according to a preset bandwidth condition after the node scheduling is finished so as to determine the preferred target node. The method specifically comprises the following steps: and judging whether the target node meets a preset bandwidth condition, and screening out an optimal target node meeting the preset bandwidth condition to determine the optimal target node.
In some embodiments, the cloud protection-based node scheduling apparatus provided in the present application further includes a flushing access module on the basis of fig. 5;
and the flushing access module is used for flushing the access request on the preferred target node after the target node is screened according to the preset bandwidth condition to determine the preferred target node, so as to obtain the flushed access request, and sending the flushed access request to the source site by using the preferred target node.
In some embodiments, the matching module 220 is further configured to perform scheduling algorithm matching on the tag information of the visited site by using the category selector;
if the traffic demand label in the label information meets the threshold condition, matching a weighted minimum traffic priority scheduling algorithm;
if a second service flow label in the label information is smaller than a second flow threshold, matching a bandwidth proportion scheduling algorithm;
if the traffic demand label in the label information does not meet the threshold condition, the second service traffic label is greater than or equal to the second traffic threshold, and the area label in the label information belongs to a remote area library, matching the local priority scheduling algorithm;
if the unit label in the label information belongs to the official unit library, matching an RT-thread minimum scheduling algorithm;
and if the flow demand label in the label information does not meet the threshold condition, the second service flow label is smaller than the second flow threshold, the area label in the label information does not belong to the remote area library, and the unit label in the label information does not belong to the official unit library, matching the polling scheduling algorithm.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
The present embodiment also provides an electronic device comprising a memory having a computer program stored therein and a processor configured to execute the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, acquiring an access request of the terminal, and acquiring label information of a corresponding access site according to the access request;
s2, matching a scheduling algorithm corresponding to the label information of the accessed site by using the sorting selector;
and S3, determining the target node of the access request according to the matched scheduling algorithm to complete the node scheduling.
It should be noted that, for specific examples in this embodiment, reference may be made to examples described in the foregoing embodiments and optional implementations, and details of this embodiment are not described herein again.
In addition, in combination with the cloud protection-based node scheduling method in the foregoing embodiment, the embodiment of the present application may provide a storage medium to implement. The storage medium having stored thereon a computer program; when executed by a processor, the computer program implements any one of the cloud protection-based node scheduling methods in the above embodiments.
It should be understood by those skilled in the art that various features of the above-described embodiments can be combined in any combination, and for the sake of brevity, all possible combinations of features in the above-described embodiments are not described in detail, but rather, all combinations of features which are not inconsistent with each other should be construed as being within the scope of the present disclosure.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A node scheduling method based on cloud protection is characterized by comprising the following steps:
acquiring an access request of a terminal, and acquiring label information of a corresponding access site according to the access request;
matching a scheduling algorithm corresponding to the label information of the access site by using a classification selector;
and determining a target node of the access request according to the matched scheduling algorithm so as to complete node scheduling.
2. The cloud protection-based node scheduling method of claim 1, further comprising:
when a station needing protection is accessed to cloud protection, marking the station information of the station to obtain the label information.
3. The cloud protection-based node scheduling method of claim 1, further comprising:
and after the node scheduling is finished, screening the target node according to a preset bandwidth condition to determine an optimal target node.
4. The cloud protection-based node scheduling method of claim 3, wherein the screening the target node according to a preset bandwidth condition to determine a preferred target node comprises:
and judging whether the target node meets a preset bandwidth condition or not, and screening the target node meeting the preset bandwidth condition as the optimal target node.
5. The cloud protection-based node scheduling method of claim 3, further comprising:
after the target nodes are screened according to preset bandwidth conditions to determine preferred target nodes, the access requests are washed on the preferred target nodes to obtain washed access requests, and the washed access requests are sent to a source-returning site by using the preferred target nodes.
6. The cloud protection-based node scheduling method according to any one of claims 1 to 5, wherein the matching, by using the class selector, a scheduling algorithm corresponding to the tag information of the visited site includes:
carrying out scheduling algorithm matching on the label information of the access site by using the classification selector;
if the traffic demand label in the label information meets a threshold condition, matching a weighted minimum traffic priority scheduling algorithm;
if a second service traffic label in the label information is smaller than a second traffic threshold, matching a bandwidth proportional scheduling algorithm;
if the traffic demand label in the label information does not meet the threshold condition, the second service traffic label is greater than or equal to the second traffic threshold, and the area label in the label information belongs to a remote area library, matching the local priority scheduling algorithm;
if the unit label in the label information belongs to the official unit library, matching an RT-thread minimum scheduling algorithm;
and if the traffic demand label in the label information does not meet the threshold condition, the second service traffic label is smaller than a second traffic threshold, the area label in the label information does not belong to a remote area library, and the unit label in the label information does not belong to an official unit library, matching a polling scheduling algorithm.
7. The cloud protection-based node scheduling method of claim 6, wherein if a traffic demand label in the label information satisfies a threshold condition, matching a weighted minimum traffic-first scheduling algorithm comprises:
if a first service flow label in the label information is smaller than a first flow threshold value;
or, the label information has a video flow label;
or, the label information has a large-volume picture label;
then the weighted minimum traffic-first scheduling algorithm is matched.
8. A node scheduling device based on cloud protection is characterized by comprising an acquisition module, a matching module and a selection module;
the acquisition module is used for acquiring an access request of a terminal and acquiring the label information of a corresponding access site according to the access request;
the matching module is used for matching a scheduling algorithm corresponding to the label information of the access site by using the classification selector;
and the selection module is used for determining a target node of the access request according to the matched scheduling algorithm so as to complete node scheduling.
9. An electronic apparatus comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the cloud protection-based node scheduling method according to any one of claims 1 to 7.
10. A storage medium having a computer program stored therein, wherein the computer program is configured to execute the cloud protection-based node scheduling method according to any one of claims 1 to 7 when running.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110846437.7A CN113660313B (en) | 2021-07-26 | 2021-07-26 | Node scheduling method and device based on cloud protection, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110846437.7A CN113660313B (en) | 2021-07-26 | 2021-07-26 | Node scheduling method and device based on cloud protection, electronic device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113660313A true CN113660313A (en) | 2021-11-16 |
| CN113660313B CN113660313B (en) | 2022-12-20 |
Family
ID=78478735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110846437.7A Active CN113660313B (en) | 2021-07-26 | 2021-07-26 | Node scheduling method and device based on cloud protection, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113660313B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277565A (en) * | 2022-08-09 | 2022-11-01 | 北京有竹居网络技术有限公司 | Traffic channel scheduling method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160330135A1 (en) * | 2013-12-24 | 2016-11-10 | Le Holdings (Beijing) Co., Ltd. | Node distribution method and control center |
| CN108399101A (en) * | 2017-02-06 | 2018-08-14 | 腾讯科技(深圳)有限公司 | The methods, devices and systems of scheduling of resource |
| CN111464659A (en) * | 2020-04-27 | 2020-07-28 | 广州虎牙科技有限公司 | Node scheduling method, node pre-selection processing method, device, equipment and medium |
| CN112235248A (en) * | 2020-09-17 | 2021-01-15 | 杭州安恒信息技术股份有限公司 | Web application firewall protection site collection method and device and electronic device |
-
2021
- 2021-07-26 CN CN202110846437.7A patent/CN113660313B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160330135A1 (en) * | 2013-12-24 | 2016-11-10 | Le Holdings (Beijing) Co., Ltd. | Node distribution method and control center |
| CN108399101A (en) * | 2017-02-06 | 2018-08-14 | 腾讯科技(深圳)有限公司 | The methods, devices and systems of scheduling of resource |
| CN111464659A (en) * | 2020-04-27 | 2020-07-28 | 广州虎牙科技有限公司 | Node scheduling method, node pre-selection processing method, device, equipment and medium |
| CN112235248A (en) * | 2020-09-17 | 2021-01-15 | 杭州安恒信息技术股份有限公司 | Web application firewall protection site collection method and device and electronic device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277565A (en) * | 2022-08-09 | 2022-11-01 | 北京有竹居网络技术有限公司 | Traffic channel scheduling method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113660313B (en) | 2022-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10200402B2 (en) | Mitigating network attacks | |
| US9742795B1 (en) | Mitigating network attacks | |
| US9794281B1 (en) | Identifying sources of network attacks | |
| US10097566B1 (en) | Identifying targets of network attacks | |
| CN108173812B (en) | Method, device, storage medium and equipment for preventing network attack | |
| US10135857B2 (en) | Structuring data and pre-compiled exception list engines and internet protocol threat prevention | |
| US8578051B2 (en) | Reputation based load balancing | |
| US8661522B2 (en) | Method and apparatus for probabilistic matching to authenticate hosts during distributed denial of service attack | |
| US8910282B2 (en) | System and method for protecting devices on dynamically configured network | |
| US20070130350A1 (en) | Web Reputation Scoring | |
| CN109660593B (en) | Internet of things platform access management method, device and system | |
| CN110768999B (en) | Method and device for detecting illegal external connection of equipment | |
| US7854000B2 (en) | Method and system for addressing attacks on a computer connected to a network | |
| WO2020037781A1 (en) | Anti-attack method and device for server | |
| CN113765846B (en) | Intelligent detection and response method and device for network abnormal behaviors and electronic equipment | |
| CN108418780A (en) | Filter method and device, system, the dns server of IP address | |
| CN113660313B (en) | Node scheduling method and device based on cloud protection, electronic device and storage medium | |
| CN107968765A (en) | A kind of network inbreak detection method and server | |
| US11616796B2 (en) | System and method to protect resource allocation in stateful connection managers | |
| CN107690004B (en) | Method and device for processing address resolution protocol message | |
| CN113810381B (en) | Crawler detection method, web application cloud firewall device and storage medium | |
| CN111314236A (en) | Message forwarding method and device | |
| Martin et al. | Data centric approach to analyzing security threats in underwater sensor networks | |
| Doshi et al. | Game theoretic modeling of gray hole attacks in wireless ad hoc networks | |
| CN113992368A (en) | Honeypot cluster detection method and system based on directional drainage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |