CN113992461B - Data isolation transmission method, system and storage medium - Google Patents
Data isolation transmission method, system and storage medium Download PDFInfo
- Publication number
- CN113992461B CN113992461B CN202111249481.6A CN202111249481A CN113992461B CN 113992461 B CN113992461 B CN 113992461B CN 202111249481 A CN202111249481 A CN 202111249481A CN 113992461 B CN113992461 B CN 113992461B
- Authority
- CN
- China
- Prior art keywords
- subnet
- interface
- data
- client
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 50
- 230000005540 biological transmission Effects 0.000 title claims abstract description 47
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012545 processing Methods 0.000 claims description 15
- 239000000284 extract Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 53
- 230000000903 blocking effect Effects 0.000 description 13
- 239000002699 waste material Substances 0.000 description 13
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000004573 interface analysis Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
- H04L12/1886—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with traffic restrictions for efficiency improvement, e.g. involving subnets or subdomains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
- H04L12/185—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a data isolation transmission method, a system and a medium, wherein the method comprises the following steps: when the client establishes a group with the opposite end, creating a subnet interface corresponding to the group, and configuring a subnet IP network segment for the subnet interface; configuring subnet IP addresses for the client and the opposite terminal by utilizing the subnet IP network segment, and configuring Socket interfaces corresponding to the subnet interfaces by utilizing the subnet IP addresses of the client; when first data sent to the opposite terminal in the group is received, the first data are encapsulated into first IP data packets by utilizing a Socket interface and a subnet IP address, and the first IP data packets are sent to the opposite terminal by utilizing the subnet interface through a VPN link; receiving a second IP data packet sent by the opposite terminal through the VPN link by utilizing a subnet interface, extracting second data from the second IP data packet by utilizing a Socket interface, and sending the second data to the group; dedicated links and interfaces can be set for each group to realize isolated transmission of each group data.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a data isolation transmission method, system, and computer readable storage medium.
Background
In the existing chat and network disk software, in order to facilitate the users to chat collectively and share resources, group services can be provided for the users generally. The users can establish groups according to the requirements, chat and resource sharing are carried out in the groups, and data transmission in the groups is isolated from other groups.
In the related art, a unified data link and Socket interface are generally adopted to receive and transmit communication data of each group, and when the communication data reach an application layer where a client is located, the client accesses a group control block in a memory to realize isolation and blocking of the communication data among different groups. However, the above manner can only isolate and block the communication data after the communication data reaches the application layer, which not only results in that the application layer needs to consume a large amount of resources to isolate the communication data, but also wastes a large amount of network resources of the data link for the transmission of the blocked communication data.
Disclosure of Invention
The invention aims to provide a data isolation transmission method, a system and a computer readable storage medium, which can set a special link and a Socket interface for each group to realize the isolation transmission of each group data, can realize the isolation blocking of each group communication data at a data link layer, avoid the resource waste of the application layer caused by the isolation blocking, and simultaneously avoid the waste of the network resource caused by the blocked communication data.
In order to solve the above technical problems, the present invention provides a data isolation transmission method, including:
when a client establishes a group with an opposite terminal, creating a subnet interface corresponding to the group, and configuring a subnet IP network segment for the subnet interface;
configuring a subnet IP address for the client and the opposite terminal by using the subnet IP network segment, and configuring a Socket interface corresponding to the subnet interface by using the subnet IP address of the client;
when first data sent to the opposite terminal in the group is received, the first data are encapsulated into a first IP data packet by utilizing the Socket interface and the subnet IP address, and the first IP data packet is sent to the opposite terminal by utilizing the subnet interface through a VPN link;
and receiving a second IP data packet sent by the opposite terminal through the VPN link by utilizing the subnet interface, extracting second data from the second IP data packet by utilizing the Socket interface, and sending the second data to the group.
Optionally, after creating the subnet interface corresponding to the group, the method further includes:
the client configures a preset extension service on the subnet interface; the preset extension service comprises any one or a combination of a plurality of resource access control, QOS strategy, identity verification and network speed limit;
correspondingly, the sending the first IP packet to the peer end by using the subnet interface through a VPN link includes:
the subnet interface performs service processing on the first IP data packet by using the preset extension service, and sends the processed first IP data packet to the opposite terminal through the VPN link;
correspondingly, the receiving, by using the subnet interface, the second IP packet sent by the peer end to the group through the VPN link includes:
and the subnet interface performs service processing on the second IP data packet by using the preset extension service, and sends the processed second IP data packet to the Socket interface.
Optionally, the configuring a preset extension service on the subnet interface includes:
and the client configures the preset extension service on the subnet interface in a hook function configuration mode.
Optionally, the configuring the subnet IP address for the client and the peer by using the subnet IP network segment includes:
the client records the group ID of the group, the client information of the client and the opposite information of the opposite end to the subnet interface;
the subnet interface sets a corresponding subnet IP address for the client information and the opposite terminal information by utilizing the subnet IP network segment.
Optionally, the sending the first IP packet to the peer by using the subnet interface through a VPN link includes:
the subnet interface searches the group ID, the client information and the opposite terminal information according to a source IP address and a target IP address in the first IP data packet;
inquiring a corresponding external IP address from a network controller by utilizing the client information and the opposite terminal information; the network controller stores the external IP addresses of all clients;
and encapsulating the first IP data packet by using the external IP address, the group ID, the client information and the opposite terminal information to obtain a first VPN data packet, and sending the first VPN data packet to the opposite terminal.
Optionally, the receiving, by using the subnet interface, the second IP packet sent by the peer end through the VPN link includes:
when receiving a second VPN data packet sent by the opposite terminal through the VPN link, the subnet interface extracts a group ID, client information, opposite terminal information and the second IP data packet in the second VPN data packet;
judging whether the group ID, the client information and the opposite terminal information in the second VPN data packet are recorded or not;
if yes, replacing the source IP address and the target IP address of the second IP data packet by using the corresponding subnet IP address of the client information and the opposite terminal information in the second VPN data packet in the subnet interface; sending the second IP data packet which is completed to be replaced to the Socket interface;
and if not, discarding the second VPN data packet.
The invention also provides a data isolation transmission system, which comprises: client, socket interface and subnet interface, wherein,
the client is used for creating a subnet interface corresponding to a group when the group is established with the opposite terminal, and configuring a subnet IP network segment for the subnet interface; configuring a subnet IP address for the client and the opposite terminal by using the subnet IP network segment, and configuring a Socket interface corresponding to the subnet interface by using the subnet IP address of the client; when first data sent to the opposite terminal in the group is received, the first data are encapsulated into a first IP data packet by utilizing the Socket interface and the subnet IP address, and the first IP data packet is sent to the opposite terminal by utilizing the subnet interface through a VPN link; receiving a second IP data packet sent by the opposite terminal through the VPN link by using the subnet interface, extracting second data from the second IP data packet by using the Socket interface, and sending the second data to the group:
the Socket interface is configured to encapsulate the first data into a first IP data packet by using the subnet IP address; extracting the second data from the second IP data packet and sending the second data to the client;
the subnet interface is configured to send the first IP packet to the peer end through the VPN link; and receiving a second IP data packet sent by the opposite terminal through the VPN link.
Optionally, the method further comprises: a preset extension service comprising any one or a combination of a plurality of resource access control, QOS policy, authentication and network speed limit, wherein,
the client is further configured to configure the preset extension service on the subnet interface;
correspondingly, the subnet interface is further configured to perform service processing on the first IP packet by using the preset extension service, and send the processed first IP packet to the opposite end through the VPN link;
correspondingly, the subnet interface is further configured to perform service processing on the second IP packet by using the preset extension service, and send the processed second IP packet to the Socket interface.
Optionally, the client is further configured to configure the preset extension service on the subnet interface by configuring a hook function.
The invention also provides a computer readable storage medium, wherein the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are loaded and executed by a processor, the data isolation transmission method is realized.
The invention provides a data isolation transmission method, which comprises the following steps: when a client establishes a group with an opposite terminal, creating a subnet interface corresponding to the group, and configuring a subnet IP network segment for the subnet interface; configuring a subnet IP address for the client and the opposite terminal by using the subnet IP network segment, and configuring a Socket interface corresponding to the subnet interface by using the subnet IP address of the client; when first data sent to the opposite terminal in the group is received, the first data are encapsulated into a first IP data packet by utilizing the Socket interface and the subnet IP address, and the first IP data packet is sent to the opposite terminal by utilizing the subnet interface through a VPN link; and receiving a second IP data packet sent by the opposite terminal through the VPN link by utilizing the subnet interface, extracting second data from the second IP data packet by utilizing the Socket interface, and sending the second data to the group.
When the client establishes a group with the opposite terminal, a sub-network interface corresponding to the group is firstly established, a corresponding sub-network IP network segment is configured for the interface, and sub-network IP addresses are distributed for the client and the opposite terminal by utilizing the sub-network IP network segment, in other words, each client added into the same group is distributed into the same virtual local area network; then, the invention uses the subnet IP address of the client to set Socket interfaces corresponding to the subnet interfaces, namely uses the Socket interfaces appointed by the group to receive and send the communication data of the client and the opposite terminal in the group, and does not use the unified Socket interfaces to receive and send the communication data of each group; furthermore, when the client communicates with the opposite terminal in a group, the client encapsulates communication data by using the subnet IP addresses of the client and the opposite terminal to obtain an IP data packet, and transmits the IP data packet to the opposite terminal in a VPN link mode by using the subnet interface, in other words, the client sets a special communication link and Socket interface for each group, and the communication links and Socket interfaces used by each group are different, so that the invention can realize isolation blocking of the communication data of each group at the data link layer, avoid resource waste of the application layer due to isolation blocking, and simultaneously avoid waste of network resources due to the blocked communication data transmission, thereby improving the efficiency of group isolation management. The invention also provides a data isolation transmission system and a computer readable storage medium, which have the beneficial effects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data isolation transmission method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a network structure for data isolation transmission according to an embodiment of the present invention;
fig. 3a is a block diagram of a data isolation transmission system according to an embodiment of the present invention;
fig. 3b is a block diagram of another data isolation transmission system according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the related art, a unified data link and Socket interface are generally adopted to receive and transmit communication data of each group, and when the communication data reach an application layer where a client is located, the client accesses a group control block in a memory to realize isolation and blocking of the communication data among different groups. However, the above manner can only isolate and block the communication data after the communication data reaches the application layer, which not only results in that the application layer needs to consume a large amount of resources to isolate the communication data, but also wastes a large amount of network resources of the data link for the transmission of the blocked communication data. In view of this, the present invention provides a data isolation transmission method, which can set dedicated links and Socket interfaces for each group to realize isolation transmission of each group data, and can realize isolation blocking of each group communication data at the data link layer, so as to avoid resource waste of the application layer due to isolation blocking, and avoid waste of network resources due to blocked communication data transmission. Referring to fig. 1, fig. 1 is a flowchart of a data isolation transmission method according to an embodiment of the present invention, where the method may include:
s101, when the client establishes a group with the opposite end, creating a subnet interface corresponding to the group, and configuring a subnet IP network segment for the subnet interface.
It should be noted that, the embodiment of the present invention is not limited to a specific form of the subnet interface, and the subnet interface should have a basic function of a common network port, for example, with network port configuration information, capable of receiving and transmitting IP data packets, etc., and reference may be made to related technologies of virtual network cards and virtual local area networks (VLANs, virtual Local Area Network). Further, in order to implement communication between the client and the opposite terminal by using the subnet interface, a corresponding subnet IP network segment should be configured for the subnet interface, and the interface will allocate a subnet IP network segment for the client and the opposite terminal, so that the client and the opposite terminal use respective subnet IP network segments for communication. It should be noted that, the subnet IP network segments corresponding to different subnet interfaces are not the same. It will be appreciated that the opposite end also needs to set up the subnet interface. In other words, in the embodiment of the present invention, when the client and the peer end establish a group, the client and the peer end will create a virtual local area network (i.e. a subnet) for the group, and add both communication parties to the subnet, so that the communication of the client and the peer end in the group can be abstracted into the communication in the subnet. Because the sub-network IP network segments corresponding to the sub-network interfaces are not the same, in other words, the sub-networks are isolated from each other, the isolated transmission of the data of each group can be realized; furthermore, because each group data needs to carry IP address information corresponding to the subnet interface when in transmission, the IP address information can not be received by other subnets, the embodiment of the invention can realize isolation blocking of each group data at the data link layer, and can effectively avoid the waste of application layer computing resources and the waste of data link layer network traffic caused by the isolation of the group data at the application layer in the related technology.
It should be noted that, the embodiment of the present invention is not limited to the specific form of the IP network segment of the subnetwork, and may be set by itself according to the specific form and the setting requirement of the network segment. The embodiment of the invention also does not limit the number of the groups established between the client and the opposite terminal, and the number of the groups can be one or a plurality of groups, and the groups can be set according to actual application requirements. It should be noted that, each time a client creates a group with an opposite end, a corresponding subnet interface needs to be set for the group.
S102, configuring subnet IP addresses for the client and the opposite terminal by utilizing the subnet IP network segment, and configuring Socket interfaces corresponding to the subnet interfaces by utilizing the subnet IP addresses of the client.
It should be noted that, the embodiment of the present invention is not limited to how to allocate subnet IP addresses by using subnet IP network segments, and it can be understood that a subnet IP network segment contains a large number of idle subnet IP addresses, so that the allocation can be performed by using idle IP addresses in the subnet IP network segment.
Further, in order to send and receive IP packets using a subnet interface, in the embodiment of the present invention, after obtaining a subnet IP address of a client, a Socket interface of the client is further configured using the IP address, where the Socket is a basic operation unit supporting path communication of TCP/IP protocol. It should be noted that, the embodiment of the present invention is not limited to how to configure the Socket interface, and reference may be made to the related art of Socket. Because the subnet IP addresses of the client in each group are different, it can be understood that each group of the client is provided with a corresponding Socket interface for receiving and transmitting IP data packets, unlike the prior art that a unified Socket interface is adopted for receiving and transmitting data, the isolated transmission of data of each group can be realized.
And S103, when first data sent to the opposite terminal in the group is received, the first data are packaged into a first IP data packet by utilizing a Socket interface and a subnet IP address, and the first IP data packet is sent to the opposite terminal by utilizing the subnet interface through a VPN link.
It will be appreciated that the destination IP address is typically the subnet IP address of the peer and the source IP address is typically the subnet IP address of the local client, and the first data is encapsulated with the destination IP address and the source IP address. The embodiment of the invention is not limited to the specific process of encapsulating the IP data packet by the Socket interface, and can refer to the related technology of the Socket. Further, in the embodiment of the present invention, in order to implement secure transceiving of IP packets, a VPN (Virtual Private Network ) link is used to transceive IP packets between a local client and an opposite end, where the VPN implements remote access through encryption of the packets and destination address translation of the packets. The embodiment of the invention does not limit the construction mode of the VPN link, and can refer to the related technology of VPN.
S104, receiving a second IP data packet sent by the opposite terminal through the VPN link by utilizing the subnet interface, extracting second data from the second IP data packet by utilizing the Socket interface, and sending the second data to the group.
It will be appreciated that in the same group, the second IP packets sent by the peer to the client are also provided with subnet IP addresses having the same subnet IP network segment. In other words, when the opposite terminal encapsulates the second IP packet, the subnet IP address of the client terminal of the opposite terminal is set as the target IP address, the subnet IP address of the opposite terminal is set as the source IP address, and the second data is encapsulated by using the target IP address and the source IP address. Because Socket interface is the bridge between data link layer and the application layer, therefore the mode that the client side can receive the second IP data package through monitoring appointed Socket interface to can directly send the second data that Socket interface analysis obtained to corresponding group, need not to keep apart the blocking to the second data, can effectively avoid the application layer to carry out the resource waste that keeps apart the blocking to the group data that comes from the opposite end and lead to, and then can effectively promote effective isolation and the high-efficient transmission of group data. It should be noted that, the embodiment of the present invention is not limited to how to monitor the Socket interface and how the Socket interface parses the IP packet, and reference may be made to the related art of Socket.
Further, since each group has a dedicated Socket interface and subnet interface, communications in each group can be abstracted to communications in one dedicated subnet link in the data link layer. Since each group has one designated subnet link, a different business extension service can be configured for each subnet link to achieve differentiated services between groups. Specifically, since the subnet interface is an important node for data communication of each group, the client can configure various types of extended services on the subnet interface, such as resource access control, QOS (Quality of Service ) policy, authentication (e.g. blacklist, whitelist), network speed limit, etc., and when the IP data packet passes through the subnet interface, the above extended services can be used to perform corresponding service processing on the IP data packet, so as to achieve a service enhancement effect.
In one possible case, after creating the subnet interface corresponding to the group, it may further include:
step 11: the client configures a preset extension service on a subnet interface; the preset extension service comprises any one or a combination of a plurality of resource access control, QOS strategy, identity verification and network speed limit;
correspondingly, the sending the first IP packet to the peer end by using the subnet interface through the VPN link may include:
step 21: the subnet interface performs business processing on the first IP data packet by using a preset extension service, and sends the processed first IP data packet to an opposite terminal through a VPN link;
correspondingly, receiving, by using the subnet interface, a second IP packet sent by the peer end through the VPN link, including:
step 31: and the subnet interface performs service processing on the second IP data packet by using a preset extension service and sends the processed second IP data packet to the Socket interface.
It should be noted that, the embodiment of the present invention is not limited to specific service processing content, and may be set according to actual application requirements. Because the preset expansion service in the embodiment of the invention is arranged on the subnet interface, and the subnet interface belongs to the data link layer, the effect of carrying out service expansion on the group communication in the data link layer can be realized, the influence of service expansion on the application layer can be avoided, and the overall processing efficiency of the application layer and the group application is further improved.
Furthermore, in order to facilitate the replacement configuration of the preset extension service, a service extension hook (i.e. a corresponding hook function) can be configured on the subnet interface, so that the effect of efficiently configuring the preset extension service on the subnet interface can be realized by configuring the hook function.
In one possible case, configuring the preset extension service on the subnet interface may include:
step 41: the client configures a preset extension service on the subnet interface in a mode of configuring a hook function.
It should be noted that, the embodiment of the present invention is not limited to the specific form and configuration of the hook function, and reference may be made to the related art of the hook function.
Referring to fig. 2, fig. 2 is a schematic diagram of a network structure for data isolation transmission according to an embodiment of the present invention. It can be seen that in the embodiment of the present invention, the network layer is abstracted, a 1:1 subinterface scheme is established for the group of the service layer, and the subsequent further capability expansion, such as access control, QOS policy support, etc., is supported by providing a service expansion hook on the subinterface.
Based on the above embodiment, when the client in the present invention establishes a group with the peer, a subnet interface corresponding to the group is first created, a corresponding subnet IP network segment is configured for the interface, and subnet IP addresses are allocated for the client and the peer by using the subnet IP network segment, in other words, the present invention allocates each client joining the same group to the same virtual lan; then, the invention uses the subnet IP address of the client to set Socket interfaces corresponding to the subnet interfaces, namely uses the Socket interfaces appointed by the group to receive and send the communication data of the client and the opposite terminal in the group, and does not use the unified Socket interfaces to receive and send the communication data of each group; furthermore, when the client communicates with the opposite terminal in a group, the client encapsulates communication data by using the subnet IP addresses of the client and the opposite terminal to obtain an IP data packet, and transmits the IP data packet to the opposite terminal in a VPN link mode by using the subnet interface, in other words, the client sets a special communication link and Socket interface for each group, and the communication links and Socket interfaces used by each group are different, so that the invention can realize isolation blocking of the communication data of each group at the data link layer, avoid resource waste of the application layer due to isolation blocking, and simultaneously avoid waste of network resources due to the blocked communication data transmission, thereby improving the efficiency of group isolation management.
Based on the foregoing embodiments, the configuration and the communication manner of the VPN link provided by the embodiments of the present invention are described below. In one possible scenario, configuring subnet IP addresses for clients and peers with subnet IP network segments may include:
s201, the client records the group ID of the group, the client information of the client and the opposite information of the opposite end to the subnet interface.
In the embodiment of the invention, the subnet interface needs to additionally record the group ID, the client information and the opposite terminal information of the group; the client information and the opposite terminal information may include node IDs of the client device and the opposite terminal device, and may further include user IDs of the client user and the opposite terminal user. It will be appreciated that the group ID, node ID and user ID are capable of identifying not only one group, but also the user in the group and the device used by the user, in other words, the source user and the destination user of the group communication and the source device and the destination device, so that the VPN packet will be constructed using the group ID, the client information and the opposite information, so as to further guarantee the isolated transmission of the group data.
Further, the embodiment of the invention is not limited to the way in which the client and the opposite terminal exchange the client information and the opposite terminal information, and for example, the client and the opposite terminal information can be exchanged in the forms of short messages, mails and the like.
S202, the subnet interface sets a corresponding subnet IP address for the client information and the opposite information by utilizing the subnet IP network segment.
In other words, the subnet interface and the group ID correspond to each other, and the subnet IP address in the interface corresponds to the client information and the opposite terminal information to each other.
Based on the above configuration, the following describes the communication procedure of the VPN link. In one possible scenario, sending the first IP packet to the peer over the VPN link using the subnet interface may include:
step 51: the subnet interface searches the group ID, the client information and the opposite terminal information according to the source IP address and the target IP address in the first IP data packet.
According to the description in the above embodiment, the source IP address and the destination IP address of the first IP packet are both subnet IP addresses, that is, the subnet IP address of the client is the source IP address, and the subnet IP address of the opposite terminal is the destination IP address; in addition, the subnet IP addresses of the same group have the same subnet IP network segment, and meanwhile, the subnet IP addresses have corresponding relations with the client information and the opposite terminal information, so that the corresponding group ID, the client information and the opposite terminal information can be inquired directly according to the source IP address and the target IP address.
Step 52: inquiring the corresponding external IP address from the network controller by using the client information and the opposite terminal information; the network controller stores the external IP addresses of all clients;
it will be appreciated that in order to communicate in the public network, it is necessary to obtain external IP addresses of the client device and the peer device in the public network. In the embodiment of the invention, the network controller can be adopted to allocate an external IP address for each client device, and then the corresponding external IP address can be obtained from the network controller by directly utilizing the client information.
Step 53: and encapsulating the first IP data packet by using the external IP address, the group ID, the client information and the opposite terminal information to obtain a first VPN data packet, and transmitting the first VPN data packet to the opposite terminal.
It should be noted that, the embodiment of the present invention is not limited to the specific structure of the VPN packet, for example, the IP header may be generated by using an external IP address, the VPN frame header may be generated by using the group ID, the client information, and the peer information, and then the IP header and the VPN frame header may be used to encapsulate the IP packet to obtain the VPN packet, and when the VPN packet may also have other forms, the VPN packet may be set by referring to the related technology of VPN and combining with the actual application requirements.
Further, because the group ID, the client information and the opposite terminal information not only can identify a group, but also can identify a user in the group and equipment used by the user, namely, source users, target users, source equipment and target equipment of group communication and communication, in the embodiment of the invention, the group communication data can be identified by the group ID, the client information and the opposite terminal information, so that communication isolation is realized; on this basis, the subnet IP address may be only used to provide communication support for the application layer and facilitate the corresponding query of the subnet interface, in other words, when the VPN packet includes the group ID, the client information and the peer information, the client may not unify the subnet IP network segment with the peer when creating the subnet interface, but only create a subnet IP network segment that is valid locally at the client, and the peer may also do so. In short, when the VPN packet includes the group ID, the client information, and the peer information, the subnet IP network segments set for the same group by the client and the peer may be different. Further, because the network segment information is different, when the client receives the VPN data packet sent by the opposite end and determines the group corresponding to the VPN data packet and the opposite end information, the source IP address and the destination IP address of the IP data packet encapsulated by the VPN data packet can be replaced with the local effective subnet IP address of the client, so that the application layer can perform corresponding analysis. The setting has the advantages that extra steps caused by unification of the sub-network IP network segments between the client and the opposite terminal can be further avoided, the process of establishing the group between the client and the opposite terminal is further simplified, and the convenience of group establishment is improved.
In one possible scenario, receiving, by the subnet interface, the second IP packet sent by the peer through the VPN link may include:
step 61: when receiving a second VPN data packet sent by the opposite terminal through the VPN link, the subnet interface extracts the group ID, the client information, the opposite terminal information and the second IP data packet in the second VPN data packet.
Step 61: judging whether the group ID, the client information and the opposite terminal information in the second VPN data packet are recorded or not; if yes, go to step 62; if not, go to step 63;
step 62: replacing the source IP address and the target IP address of the second IP data packet by utilizing the corresponding subnet IP address of the client information and the opposite terminal information in the second VPN data packet in the subnet interface; sending the second IP data packet which is completed to be replaced to a Socket interface;
of course, other information in the IP data packet may be involved in the replacement process of the IP address, for example, the payload value needs to be modified according to the replaced IP address, and reference may be made to the related art of the IP data packet.
Step 63: the second VPN packet is discarded.
It can be understood that if the group ID is not recorded in the client subnet interface, or the group ID does not include the client information or the peer information, it is indicated that the second VPN packet does not belong to the communication data of the group corresponding to the group ID, and the second VPN packet may be discarded.
Based on the above embodiment, the client of the present invention can store the group ID, the client information and the user information to the subnet interface when creating the subnet interface, so that the subnet interface can use the above information to construct the VPN data packet and identify the group data, and further improve the isolation degree of the group communication.
The data isolation transmission system and the computer readable storage medium provided by the embodiments of the present invention are described below, and the intelligent gateway described below and the message information processing method of the home intelligent gateway described above may be referred to correspondingly.
Referring to fig. 3a, fig. 3a is a block diagram of a data isolation transmission system according to an embodiment of the present invention, where the system may include: a client 301, a Socket interface 302, and a subnet interface 303, wherein,
the client 301 is configured to create a subnet interface 303 corresponding to a group when the group is established with the peer, and configure a subnet IP network segment for the subnet interface 303; configuring subnet IP addresses for the client 301 and the opposite terminal by utilizing the subnet IP network segment, and configuring a Socket interface 302 corresponding to the subnet interface 303 by utilizing the subnet IP address of the client 301; when first data sent to the opposite terminal in the group is received, the first data is encapsulated into a first IP data packet by utilizing the Socket interface 302 and the subnet IP address, and the first IP data packet is sent to the opposite terminal by utilizing the subnet interface 303 through the VPN link; receiving a second IP data packet sent by the opposite terminal through the VPN link by using the subnet interface 303, extracting second data from the second IP data packet by using the Socket interface 302, and sending the second data to the group;
socket interface 302, configured to encapsulate the first data into a first IP packet by using a subnet IP address; extracting second data from the second IP packet and sending the second data to the client 301;
a subnet interface 303, configured to send the first IP packet to the peer through the VPN link; and receiving a second IP data packet sent by the opposite terminal through the VPN link.
Optionally, referring to fig. 3b, fig. 3b is a block diagram of another data isolation transmission system according to an embodiment of the present invention, and further includes: a preset extension service 304, the preset extension service 304 comprising a combination of any one or more of resource access control, QOS policies, authentication, and network speed limiting, wherein,
the client 301 is further configured to configure a preset extension service 304 on the subnet interface 303;
correspondingly, the subnet interface 303 is further configured to perform service processing on the first IP data packet by using the preset extension service 304, and send the processed first IP data packet to the opposite end through the VPN link;
correspondingly, the subnet interface 303 is further configured to perform service processing on the second IP packet by using the preset extension service 304, and send the processed second IP packet to the Socket interface 302.
Optionally, the client 301 is further configured to configure a preset extension service 304 on the subnet interface 303 by configuring a hook function.
Optionally, the client 301 is further configured to record a group ID of the group, client 301 information of the client 301, and peer information of the peer to the subnet interface 303;
the subnet interface 303 is further configured to set corresponding subnet IP addresses for the client 301 information and the peer information by using the subnet IP network segment.
Optionally, the method further comprises: a network controller, wherein,
the subnet interface 303 is further configured to search the group ID, the client 301 information, and the peer information according to the source IP address and the destination IP address in the first IP packet; inquiring the corresponding external IP address from the network controller by using the client 301 information and the opposite terminal information; and encapsulating the first IP data packet by using the external IP address, the group ID, the client 301 information and the opposite terminal information to obtain a first VPN data packet, and sending the first VPN data packet to the opposite terminal.
A network controller, configured to store external IP addresses of all clients 301;
optionally, the subnet interface 303 is further configured to extract, when receiving a second VPN packet sent by the peer end through the VPN link, a group ID, client 301 information, peer end information, and a second IP packet in the second VPN packet; judging whether the group ID, the client 301 information and the opposite terminal information in the second VPN data packet are recorded or not; if so, replacing the source IP address and the target IP address of the second IP data packet by using the subnet IP address corresponding to the client side 301 information and the opposite side information in the subnet interface 303 in the second VPN data packet; sending the second IP packet with the replacement completed to Socket interface 302; if not, discarding the second VPN data packet.
The embodiment of the invention also provides a computer readable storage medium, and a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of the data isolation transmission method of any embodiment are realized.
Since the embodiments of the computer readable storage medium portion and the embodiments of the data isolation transmission method portion correspond to each other, the embodiments of the computer readable storage medium portion are referred to the description of the embodiments of the data isolation transmission method portion, and are not repeated herein.
In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The data isolation transmission method, system and computer readable storage medium provided by the invention are described in detail above. The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to facilitate an understanding of the method of the present invention and its core ideas. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the invention can be made without departing from the principles of the invention and these modifications and adaptations are intended to be within the scope of the invention as defined in the following claims.
Claims (10)
1. A data isolation transmission method, comprising:
when a client establishes a group with an opposite terminal, creating a subnet interface corresponding to the group, and configuring a subnet IP network segment for the subnet interface; the sub-network IP network segments corresponding to different sub-network interfaces are different;
configuring a subnet IP address for the client and the opposite terminal by using the subnet IP network segment, and configuring a Socket interface corresponding to the subnet interface by using the subnet IP address of the client;
when first data sent to the opposite terminal in the group is received, the first data are encapsulated into a first IP data packet by utilizing the Socket interface and the subnet IP address, and the first IP data packet is sent to the opposite terminal by utilizing the subnet interface through a VPN link;
and receiving a second IP data packet sent by the opposite terminal through the VPN link by utilizing the subnet interface, extracting second data from the second IP data packet by utilizing the Socket interface, and sending the second data to the group.
2. The data isolation transmission method according to claim 1, further comprising, after creating the subnet interface corresponding to the group:
the client configures a preset extension service on the subnet interface; the preset extension service comprises any one or a combination of a plurality of resource access control, QOS strategy, identity verification and network speed limit;
correspondingly, the sending the first IP packet to the peer end by using the subnet interface through a VPN link includes:
the subnet interface performs service processing on the first IP data packet by using the preset extension service, and sends the processed first IP data packet to the opposite terminal through the VPN link;
correspondingly, the receiving, by using the subnet interface, the second IP packet sent by the peer end through the VPN link includes:
and the subnet interface performs service processing on the second IP data packet by using the preset extension service, and sends the processed second IP data packet to the Socket interface.
3. The method for data isolation transmission according to claim 2, wherein configuring a preset extension service on the subnet interface comprises:
and the client configures the preset extension service on the subnet interface in a hook function configuration mode.
4. The method for data isolation transmission according to claim 1, wherein configuring the subnet IP address for the client and the peer by using the subnet IP network segment comprises:
the client records the group ID of the group, the client information of the client and the opposite information of the opposite end to the subnet interface;
the subnet interface sets a corresponding subnet IP address for the client information and the opposite terminal information by utilizing the subnet IP network segment.
5. The method of claim 4, wherein the sending the first IP packet to the peer by the subnet interface via a VPN link comprises:
the subnet interface searches the group ID, the client information and the opposite terminal information according to a source IP address and a target IP address in the first IP data packet;
inquiring a corresponding external IP address from a network controller by utilizing the client information and the opposite terminal information; the network controller stores the external IP addresses of all clients;
and encapsulating the first IP data packet by using the external IP address, the group ID, the client information and the opposite terminal information to obtain a first VPN data packet, and sending the first VPN data packet to the opposite terminal.
6. The method for data isolation transmission according to claim 5, wherein said receiving, by the subnet interface, the second IP packet sent by the peer through the VPN link, includes:
when receiving a second VPN data packet sent by the opposite terminal through the VPN link, the subnet interface extracts a group ID, client information, opposite terminal information and the second IP data packet in the second VPN data packet;
judging whether the group ID, the client information and the opposite terminal information in the second VPN data packet are recorded or not;
if yes, replacing the source IP address and the target IP address of the second IP data packet by using the corresponding subnet IP address of the client information and the opposite terminal information in the second VPN data packet in the subnet interface; sending the second IP data packet which is completed to be replaced to the Socket interface;
and if not, discarding the second VPN data packet.
7. A data isolation transmission system, comprising: client, socket interface and subnet interface, wherein,
the client is used for creating a subnet interface corresponding to a group when the group is established with the opposite terminal, and configuring a subnet IP network segment for the subnet interface; the sub-network IP network segments corresponding to different sub-network interfaces are different; configuring a subnet IP address for the client and the opposite terminal by using the subnet IP network segment, and configuring a Socket interface corresponding to the subnet interface by using the subnet IP address of the client; when first data sent to the opposite terminal in the group is received, the first data are encapsulated into a first IP data packet by utilizing the Socket interface and the subnet IP address, and the first IP data packet is sent to the opposite terminal by utilizing the subnet interface through a VPN link; receiving a second IP data packet sent by the opposite terminal through the VPN link by utilizing the subnet interface, extracting second data from the second IP data packet by utilizing the Socket interface, and sending the second data to the group;
the Socket interface is configured to encapsulate the first data into a first IP data packet by using the subnet IP address; extracting the second data from the second IP data packet and sending the second data to the client;
the subnet interface is configured to send the first IP packet to the peer end through the VPN link; and receiving a second IP data packet sent by the opposite terminal through the VPN link.
8. The data isolated transmission system of claim 7, further comprising: a preset extension service comprising any one or a combination of a plurality of resource access control, QOS policy, authentication and network speed limit, wherein,
the client is further configured to configure the preset extension service on the subnet interface;
correspondingly, the subnet interface is further configured to perform service processing on the first IP packet by using the preset extension service, and send the processed first IP packet to the opposite end through the VPN link;
correspondingly, the subnet interface is further configured to perform service processing on the second IP packet by using the preset extension service, and send the processed second IP packet to the Socket interface.
9. The data isolation transmission system of claim 7, wherein,
the client is further configured to configure a preset extension service on the subnet interface by configuring a hook function.
10. A computer readable storage medium having stored therein computer executable instructions which when loaded and executed by a processor implement a data isolated transmission method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111249481.6A CN113992461B (en) | 2021-10-26 | 2021-10-26 | Data isolation transmission method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111249481.6A CN113992461B (en) | 2021-10-26 | 2021-10-26 | Data isolation transmission method, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113992461A CN113992461A (en) | 2022-01-28 |
| CN113992461B true CN113992461B (en) | 2024-01-30 |
Family
ID=79741776
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111249481.6A Active CN113992461B (en) | 2021-10-26 | 2021-10-26 | Data isolation transmission method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992461B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0922391A (en) * | 1995-07-05 | 1997-01-21 | Matsushita Electric Ind Co Ltd | Client/server system |
| JP2005354341A (en) * | 2004-06-10 | 2005-12-22 | Matsushita Electric Ind Co Ltd | Information consent and communication system |
| EP1650930A1 (en) * | 2004-10-21 | 2006-04-26 | Lucent Technologies Inc. | Method, apparatus and network architecture for enforcing security policies using an isolated subnet |
| EP1699181A1 (en) * | 2005-03-01 | 2006-09-06 | Swisscom AG | Method and System for automatic configuration of a subnet inside a network |
| WO2006128157A3 (en) * | 2005-05-26 | 2007-01-18 | Symbol Technologies Inc | METHOD, SYSTEM AND WIRELESS ROUTER APPARATUS SUPPORTING MULTIPLE SUBNETS FOR LAYER 3 ROAMING IN WIRELESS LOCAL AREA NETWORKS (WLANs) |
| WO2007022660A1 (en) * | 2005-08-22 | 2007-03-01 | Zte Corporation | A method for transmitting group dedicated signaling using data interface in group communication |
| CN102195933A (en) * | 2010-03-05 | 2011-09-21 | 杭州华三通信技术有限公司 | Method for realizing call between isolated Internet protocol (IP) sub-networks and communication unit |
| CN104660479A (en) * | 2015-02-13 | 2015-05-27 | 南京华讯方舟通信设备有限公司 | Networking method and network system |
| CN107078921A (en) * | 2014-09-16 | 2017-08-18 | 云端吉尼斯公司 | The method and system for characterizing, monitoring and controlling for the Network that strategy is driven based on commercial intention |
| US9954763B1 (en) * | 2014-02-27 | 2018-04-24 | Amazon Technologies, Inc. | Pre-configured virtual gateways for isolated virtual networks |
| CN109587028A (en) * | 2018-11-29 | 2019-04-05 | 麒麟合盛网络技术股份有限公司 | A kind of method and apparatus controlling client traffic |
| CN110710168A (en) * | 2017-04-04 | 2020-01-17 | Netapp股份有限公司 | Intelligent thread management across isolated network stacks |
| US10560431B1 (en) * | 2016-12-05 | 2020-02-11 | Amazon Technologies, Inc. | Virtual private gateway for encrypted communication over dedicated physical link |
| WO2021159461A1 (en) * | 2020-02-14 | 2021-08-19 | Nokia Shanghai Bell Co., Ltd. | Method for network slice isolation management |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160072787A1 (en) * | 2002-08-19 | 2016-03-10 | Igor V. Balabine | Method for creating secure subnetworks on a general purpose network |
| US7533407B2 (en) * | 2003-12-16 | 2009-05-12 | Microsoft Corporation | System and methods for providing network quarantine |
| US8064455B2 (en) * | 2008-06-08 | 2011-11-22 | Apple Inc. | Outbound transmission of packet based on routing search key constructed from packet destination address and outbound interface |
| US8893261B2 (en) * | 2011-11-22 | 2014-11-18 | Vmware, Inc. | Method and system for VPN isolation using network namespaces |
| CN109525601B (en) * | 2018-12-28 | 2021-04-27 | 杭州迪普科技股份有限公司 | Method and device for isolating transverse flow between terminals in intranet |
-
2021
- 2021-10-26 CN CN202111249481.6A patent/CN113992461B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0922391A (en) * | 1995-07-05 | 1997-01-21 | Matsushita Electric Ind Co Ltd | Client/server system |
| JP2005354341A (en) * | 2004-06-10 | 2005-12-22 | Matsushita Electric Ind Co Ltd | Information consent and communication system |
| EP1650930A1 (en) * | 2004-10-21 | 2006-04-26 | Lucent Technologies Inc. | Method, apparatus and network architecture for enforcing security policies using an isolated subnet |
| EP1699181A1 (en) * | 2005-03-01 | 2006-09-06 | Swisscom AG | Method and System for automatic configuration of a subnet inside a network |
| WO2006128157A3 (en) * | 2005-05-26 | 2007-01-18 | Symbol Technologies Inc | METHOD, SYSTEM AND WIRELESS ROUTER APPARATUS SUPPORTING MULTIPLE SUBNETS FOR LAYER 3 ROAMING IN WIRELESS LOCAL AREA NETWORKS (WLANs) |
| WO2007022660A1 (en) * | 2005-08-22 | 2007-03-01 | Zte Corporation | A method for transmitting group dedicated signaling using data interface in group communication |
| CN102195933A (en) * | 2010-03-05 | 2011-09-21 | 杭州华三通信技术有限公司 | Method for realizing call between isolated Internet protocol (IP) sub-networks and communication unit |
| US9954763B1 (en) * | 2014-02-27 | 2018-04-24 | Amazon Technologies, Inc. | Pre-configured virtual gateways for isolated virtual networks |
| CN107078921A (en) * | 2014-09-16 | 2017-08-18 | 云端吉尼斯公司 | The method and system for characterizing, monitoring and controlling for the Network that strategy is driven based on commercial intention |
| CN104660479A (en) * | 2015-02-13 | 2015-05-27 | 南京华讯方舟通信设备有限公司 | Networking method and network system |
| US10560431B1 (en) * | 2016-12-05 | 2020-02-11 | Amazon Technologies, Inc. | Virtual private gateway for encrypted communication over dedicated physical link |
| CN110710168A (en) * | 2017-04-04 | 2020-01-17 | Netapp股份有限公司 | Intelligent thread management across isolated network stacks |
| CN109587028A (en) * | 2018-11-29 | 2019-04-05 | 麒麟合盛网络技术股份有限公司 | A kind of method and apparatus controlling client traffic |
| WO2021159461A1 (en) * | 2020-02-14 | 2021-08-19 | Nokia Shanghai Bell Co., Ltd. | Method for network slice isolation management |
Non-Patent Citations (2)
| Title |
|---|
| 一种高效的虚拟网络结构;陈涛;马威;刘刚;;信息安全与技术(第08期);全文 * |
| 基于IP加密的VBIC系统原理及实现;黄海涛, 杨宗源, 黄德浩;计算机工程(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113992461A (en) | 2022-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP4221150A1 (en) | System, apparatus and method to support data server selection | |
| CN112019428B (en) | Gateway | |
| US9467327B2 (en) | Server-mediated setup and maintenance of peer-to-peer client computer communications | |
| US9838261B2 (en) | Method, apparatus, and system for providing network traversing service | |
| EP2332370B1 (en) | Method for enabling a home base station to choose between local and remote transportation of uplink data packets | |
| EP3459318B1 (en) | Using wlan connectivity of a wireless device | |
| KR101590569B1 (en) | Simultaneous packet data network (pdn) access | |
| US11337084B2 (en) | Control apparatus for gateway in mobile communication system | |
| WO2023015815A1 (en) | Access system for internet of things terminal, method, apparatus, and storage medium | |
| US11647069B2 (en) | Secure remote computer network | |
| US9413590B2 (en) | Method for management of a secured transfer session through an address translation device, corresponding server and computer program | |
| JP2004328029A (en) | Network access system | |
| WO2018054272A1 (en) | Data transmission method and device, and computer storage medium | |
| CN113992461B (en) | Data isolation transmission method, system and storage medium | |
| CN116488958A (en) | Gateway processing method, virtual access gateway, virtual service gateway and related equipment | |
| EP3926932A1 (en) | Duplex load balancing for massive iot applications | |
| CN115622833A (en) | Device management method, system, device and medium for cross-terminal communication based on bus | |
| CN111614539B (en) | Service data processing method and device and communication transmission equipment | |
| CN114303346A (en) | Method for managing at least one communication of a terminal device in a communication network, method for processing a communication established with a terminal device in a communication network, corresponding device, terminal device, proxy device and computer program | |
| CN113067910A (en) | NAT traversal method, device, electronic equipment and storage medium | |
| CN110474984B (en) | Internet of things communication network system | |
| CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging | |
| US20230328620A1 (en) | Multipath communication and control | |
| CN109660439B (en) | Terminal mutual access management system and method | |
| WO2023244853A1 (en) | High-performance communication link and method of operation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |