CN114244906B - Data traffic distribution method, device, equipment and medium - Google Patents
Data traffic distribution method, device, equipment and medium Download PDFInfo
- Publication number
- CN114244906B CN114244906B CN202111539176.0A CN202111539176A CN114244906B CN 114244906 B CN114244906 B CN 114244906B CN 202111539176 A CN202111539176 A CN 202111539176A CN 114244906 B CN114244906 B CN 114244906B
- Authority
- CN
- China
- Prior art keywords
- private network
- vpn
- local area
- enterprise
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000009826 distribution Methods 0.000 title claims abstract description 21
- 238000003860 storage Methods 0.000 claims description 17
- 238000004806 packaging method and process Methods 0.000 claims description 10
- 230000006855 networking Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 230000003993 interaction Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000013439 planning Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000011144 upstream manufacturing Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000013068 supply chain management Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the disclosure provides a data traffic distribution method, a device, equipment and a medium, and relates to the technical field of communication. The method comprises the following steps: establishing a virtual private network VPN between a private network terminal of an enterprise private network and an enterprise local area network; identifying and acquiring first VPN data sent to the enterprise local area network by the private network terminal through the VPN by the private network distribution equipment, and routing the first VPN data to the enterprise local area network; and receiving second VPN data sent to the private network terminal by the enterprise local area network through the VPN by the private network distribution equipment, and routing the second VPN data to the private network terminal. According to the technical scheme of the embodiment of the disclosure, local diversion of private network traffic can be realized, and detouring of private network data in an operator network is avoided.
Description
Technical Field
The disclosure relates to the technical field of communication, and in particular relates to a data traffic distribution method, a device, electronic equipment and a computer readable medium.
Background
With the acceleration of 5G business pace and the strong push of new infrastructure to 5G applications, the demands for realizing the intelligent and digital transformation and transformation of industry and enterprise production modes by using 5G are more and more remarkable.
In one technical solution, the private network of the enterprise adopts a private network 5G as its private network solution, the private network 5G as an extension of its local lan, and the private network is incorporated into the local lan to make a general plan, such as an IP (Internet Protocol ) address field of the private network 5G, an IP address of the terminal 5G, and so on. However, in this technical solution, the private network solutions based on the operator 5G network are all related planning by the operators, and it is difficult to flexibly distinguish the private network traffic of the private network of the enterprise from the public network traffic of the operator network.
Therefore, how to flexibly realize the split of private network traffic and public network traffic becomes a technical problem to be solved.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
An objective of the disclosed embodiments is to provide a data traffic splitting method, a device, an electronic apparatus, and a computer readable medium, so as to flexibly split private network traffic and public network traffic at least to a certain extent.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to a first aspect of an embodiment of the present disclosure, there is provided a data traffic splitting method, including: establishing a virtual private network VPN between a private network terminal of an enterprise private network and an enterprise local area network; identifying and acquiring first VPN data sent to the enterprise local area network by the private network terminal through the VPN by private network splitting equipment, and routing the first VPN data to the enterprise local area network; and receiving second VPN data sent to the private network terminal by the enterprise local area network through the VPN by the private network distribution equipment, and routing the second VPN data to the private network terminal.
According to a first aspect, in some example embodiments, the identifying and acquiring, by the private network splitting device, first VPN data sent by the private network terminal to the enterprise local area network through the VPN includes: determining whether current data sent to the enterprise local area network by the private network terminal contains a preset VPN identifier or not through the private network distribution equipment; and if the preset VPN identifier is included, determining that the current data is first VPN data sent to the enterprise local area network by the private network terminal through the VPN.
According to a first aspect, in some example embodiments, the routing the second VPN data to the private network terminal comprises: combining the context information corresponding to the private network terminal, and grouping and packaging the second VPN data to generate downlink data; transmitting the downlink data to a private network base station of the enterprise private network; and transmitting the downlink data to the private network terminal through the private network base station.
According to a first aspect, in some example embodiments, the method further comprises: monitoring uplink and downlink data packets interacted by the private network terminal to the core network user plane; and acquiring and analyzing the monitored uplink and downlink data packets to obtain the context information corresponding to the private network terminal.
According to a first aspect, in some example embodiments, the enterprise local area network comprises a plurality of local area network terminals, the method further comprising: networking the private network terminal and the plurality of local area network terminals through the VPN to construct a multilayer local area network; and expanding the private network terminal to the enterprise local area network through the multilayer local area network.
According to a first aspect, in some example embodiments, the expanding the private network terminal to the enterprise local area network through the multi-layer local area network includes: receiving VPN data sent to the local area network terminal by the private network terminal; packaging the VPN data to generate a VPN data packet; and routing the VPN data packet to the local area network terminal through the multilayer local area network.
According to a first aspect, in some example embodiments, the client of the VPN is located at the private network terminal and the server of the VPN is located at the private network offload device.
According to a second aspect of embodiments of the present disclosure, there is provided a data traffic splitting device comprising: the VPN establishing module is used for establishing a virtual private network VPN between a private network terminal of an enterprise private network and an enterprise local area network; the private network distribution equipment is used for identifying and acquiring first VPN data sent to the enterprise local area network by the private network terminal through the VPN, and routing the first VPN data to the enterprise local area network; and the second shunt module is used for receiving second VPN data sent to the private network terminal by the enterprise local area network through the VPN by the private network shunt equipment and routing the second VPN data to the private network terminal.
According to a second aspect, in some example embodiments, the first splitting module is further configured to: determining whether current data sent to the enterprise local area network by the private network terminal contains a preset VPN identifier or not through the private network distribution equipment; and if the preset VPN identifier is included, determining that the current data is first VPN data sent to the enterprise local area network by the private network terminal through the VPN.
According to a second aspect, in some example embodiments, the second flow splitting module is further to: combining the context information corresponding to the private network terminal, and grouping and packaging the second VPN data to generate downlink data; transmitting the downlink data to a private network base station of the enterprise private network; and transmitting the downlink data to the private network terminal through the private network base station.
According to a second aspect, in some example embodiments, the apparatus further comprises: the monitoring module is used for monitoring the uplink and downlink data packets which are transmitted to the core network user plane interaction by the private network terminal; and the context information determining module is used for acquiring and analyzing the monitored uplink and downlink data packets to obtain the context information corresponding to the private network terminal.
According to a second aspect, in some example embodiments, the enterprise local area network comprises a plurality of local area network terminals, the apparatus further comprising: the networking module is used for networking the private network terminal and the plurality of local area network terminals through the VPN to construct a multilayer local area network; and the network expansion module is used for expanding the private network terminal to the enterprise local area network through the multilayer local area network.
According to a second aspect, in some example embodiments, the network expansion module is further to: receiving VPN data sent to the local area network terminal by the private network terminal; packaging the VPN data to generate a VPN data packet; and routing the VPN data packet to the local area network terminal through the multilayer local area network.
According to a second aspect, in some example embodiments, the client of the VPN is located at the private network terminal and the server of the VPN is located at the private network offload device.
According to a third aspect of embodiments of the present disclosure, there is provided a computer readable medium having stored thereon a computer program which, when executed by a processor, implements a data traffic splitting method as described in the first aspect of the above embodiments.
According to a fourth aspect of embodiments of the present disclosure, there is provided an electronic device, comprising: one or more processors; and a storage device for storing one or more programs, which when executed by the one or more processors, cause the one or more processors to implement the data traffic splitting method according to the first aspect of the embodiment.
The technical scheme provided by the embodiment of the disclosure can comprise the following beneficial effects:
in some embodiments of the present disclosure, a VPN is established between a private network terminal and an enterprise local area network of an enterprise private network through a network architecture of a private network terminal-a private network splitting device-the enterprise local area network, private network traffic of the private network terminal and the enterprise local area network is split through the private network splitting device, local splitting of private network traffic can be achieved, detouring of private network data in an operator network is avoided, data is not guaranteed to go out of the enterprise park network, and ultra-low latency communication can be provided.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort. In the drawings:
fig. 1 illustrates a schematic diagram of a network architecture implementing a data traffic splitting method of some example embodiments of the present disclosure;
FIG. 2 illustrates a flow diagram of a data traffic splitting method according to some example embodiments of the present disclosure;
fig. 3 shows a schematic diagram of a network architecture implementing data traffic splitting methods of other example embodiments of the present disclosure;
fig. 4 illustrates a schematic diagram of an extension of an enterprise local area network to an enterprise private network in accordance with further example embodiments of the present disclosure;
FIG. 5 illustrates a schematic diagram of a data flow splitting device according to an embodiment of the present disclosure;
fig. 6 illustrates a schematic structure of an electronic device in an exemplary embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosed aspects may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
Fig. 1 illustrates a schematic diagram of a network architecture implementing a data traffic splitting method of some example embodiments of the present disclosure.
Referring to fig. 1, the network architecture includes: enterprise networks and public networks, the enterprise networks include private network base stations 105, private network terminals 110, private network offload devices 115, VPN (Virtual Private Network ) servers 120, enterprise local area networks 125. The public network includes a core network 130, a UPF (User Plane Function ) 135, and the internet 140.
The private network splitting device 115 is disposed between the private network base station 105 and the UPF135, and is used for splitting private network data and public network data. A virtual private network is established between private network terminal 110 and enterprise lan 125, VPN client is provided on private network terminal 110, and VPN server 120 is provided between private network offload device 115 and enterprise lan 125.
According to the technical scheme of the disclosed example, through the network architecture of private network terminal (VPN Client) -local shunt equipment-VPN Server-enterprise local area network, the local shunt of private network traffic can be realized, the detour of private network data in an operator network is avoided, the data is not ensured to go out of the enterprise park network, and the communication with ultra-low time delay can be provided.
Hereinafter, technical solutions in exemplary embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.
Fig. 2 illustrates a flow diagram of a data traffic splitting method according to some example embodiments of the present disclosure. The execution subject of the data traffic splitting method provided by the embodiments of the present disclosure may be a computing device with computing capabilities, such as a digital switch. The data flow splitting method includes steps S210 to S230, and the data flow splitting method in the exemplary embodiment is described in detail below with reference to the accompanying drawings.
Referring to fig. 2, in step S210, a VPN is established between a private network terminal of an enterprise private network and an enterprise local area network.
In an example embodiment, the enterprise private network is a 5G private network and the private network terminal is a 5G terminal. A VPN (Virtual Private Network ) client module is arranged in a private network terminal of an enterprise private network, a VPN server module is deployed on an enterprise local area network side, and a VPN between the private network terminal and the enterprise local area network is established, so that intercommunication between the enterprise private network and the enterprise local area network is realized.
For example, the interworking between the private network and the enterprise lan can be achieved by establishing a VPN tunnel between the private network terminal and the enterprise lan by means of IPSec (Internet Protocol Security, IP security protocol). It should be noted that other manners, such as GRE (General Routing Encapsulation, generic routing encapsulation), may be used to establish a VPN between a private network terminal and an enterprise local area network, which is also within the scope of the present disclosure.
In step S220, the private network splitting device identifies and acquires the first VPN data sent to the enterprise lan by the private network terminal through the VPN, and routes the first VPN data to the enterprise lan.
In an example embodiment, the private network splitting device may be a digital switch. Private network distribution equipment is arranged between an enterprise private network and an enterprise local area network, for example, private network distribution equipment which can be routed to the enterprise intranet can be arranged on a link between a 5G private network base station and a core network. And intercepting VPN traffic sent to the enterprise local area network by the private network terminal through the VPN by the private network distribution equipment, and forwarding the intercepted VPN traffic to the enterprise local area network by a route.
Further, in an example embodiment, determining, by the private network splitting device, whether current data sent by the private network terminal to the enterprise local area network includes a predetermined VPN identification; if the private network terminal comprises the preset VPN identifier, determining that the current data is first VPN data which is sent to the enterprise local area network through the VPN by the private network terminal, and routing the first VPN data to the enterprise local area network.
It should be noted that, it is also within the scope of the present disclosure that the predetermined VPN identifier may be an IP of the VPN server, a port of the VPN server, or the like, or other suitable VPN identifier.
In step S230, the private network splitting device receives the second VPN data sent by the enterprise lan to the private network terminal through the VPN, and routes the second VPN data to the private network terminal.
In an example embodiment, the private network splitting device receives second VPN data sent to the 5G private network terminal by the intranet through the VPN server, and combines context information corresponding to the private network terminal to package the second VPN data in a packet manner to generate downlink data; and transmitting the downlink data to a private network base station of the private network of the enterprise.
For example, the private network offloading device encapsulates the second VPN data packet into a downlink GTP-U data packet according to the IP port from the VPN Server and in combination with the context information of the known private network terminal, and sends the downlink GTP-U data packet to the private network base station, so as to complete sending of VPN downlink data to the private network terminal.
According to the technical solution in the example embodiment of fig. 2, through the network architecture of "private network terminal-private network splitting device-enterprise local area network", a VPN is established between the private network terminal of the enterprise private network and the enterprise local area network, and private network traffic of the private network terminal and the enterprise local area network is split through the private network splitting device, so that local splitting of private network traffic can be realized, detouring of private network data in an operator network is avoided, data is not guaranteed to go out of the enterprise park network, and communication with ultra-low delay can be provided.
Further, in the exemplary embodiment, the private network splitting device 115 is connected in series between the private network base station 105 and the core network 130, and monitors, acquires and parses the uplink and downlink data packets interacted by the UPF135 sent by the private network terminal 110 to the core network 130, so as to obtain the context information of the private network terminal 110 user. In an example embodiment, the context information includes one or more of a gNB side N3 interface IP, a gNB side GTP (GPRS Tunnel Protocol, GPRS tunneling protocol) TEID, a UPF135 side N3 interface IP, a UPF135 side GTP TEID, a private network terminal IP. It should be noted that the context information may also include other suitable information, such as destination IP, etc., which is also within the scope of the present disclosure.
For upstream data sent by private network terminal 110 to enterprise lan 125, private network offload device 115 identifies VPN traffic based on a predetermined identification, such as a GTP header, an IP of VPN server 120, or a port of VPN server 120, and forwards the identified VPN traffic to enterprise lan 125; for downstream data sent by enterprise lan 125 to private network terminal 110, private network offload device 115 encapsulates the VPN data packets into downstream GTP-U data packets according to the IP port from VPN server 120 in combination with the known context information of private network terminal 110, sends the downstream GTP-U data packets to private network base station 105, and sends the VPN downstream data to private network terminal 110.
Fig. 3 shows a schematic diagram of a network architecture implementing data traffic splitting methods of other example embodiments of the present disclosure.
As described with reference to fig. 3, VPN client 140 is added to the 5G private network terminal 110 of the enterprise private network, and a VPN tunnel of over IP is established with VPN server 120 deployed on the enterprise lan 125 side, so as to implement interworking with the intra-enterprise lan 125; on the link between the 5G private network base station 105 and the core network 130, a private network splitting device 115 that can be routed to the enterprise lan 125 is provided, and a VPN server 120 is provided on the private network splitting device 115. Private network offload device 115 intercepts traffic sent by private network terminal 110 to VPN server 120 and routes the intercepted traffic to enterprise lan 125; receiving VPN traffic sent by the enterprise lan 125 to the private network terminal 110 through the VPN, and packaging the VPN traffic to the private network terminal 110, thereby implementing splitting of local traffic of the 5G private network.
Further, the private network splitting device 115 is connected in series between the private network base station 105 and the core network 130, and monitors, acquires and parses the uplink and downlink data packets of the UPF135 sent by the private network terminal 110 to the 5G core network 130, so as to obtain the context information of the private network terminal 110 user. The context information includes: one or more of gNB side N3 interface IP, gNB side GTP TEID, UPF side N3 interface IP, UPF side GTP TEID, UE IP and destination IP.
For upstream data sent by private network terminal 110 to enterprise lan 125, private network offload device 115 identifies VPN traffic based on a predetermined identification, such as a GTP header, an IP of VPN server 120, or a port of VPN server 120, and forwards the identified VPN traffic to enterprise lan 125; for downstream data sent by enterprise lan 125 to private network terminal 110, private network offload device 115 encapsulates the VPN data packets into downstream GTP-U data packets according to the IP port from VPN server 120 in combination with the known context information of private network terminal 110, sends the downstream GTP-U data packets to private network base station 105, and sends the VPN downstream data to private network terminal 110.
According to the technical solution in the exemplary embodiment of fig. 3, the public network traffic and the private network traffic are identified and split by the private network splitting device 115, and the public network traffic is not processed.
Further, the private network splitting apparatus 115 may integrate and embed the VPN server 120 as a functional module into its own system. The private network distribution device 115 is deployed at the enterprise side, and is accessed to the enterprise local area network 125 nearby, so that enterprise and park data cannot go out of the public network and is limited to local network circulation.
According to the technical solution in the exemplary embodiment of fig. 3, on the one hand, the private network splitting device is connected in series between the 5G private network base station and the core network, and only monitors, acquires and parses the uplink and downlink data packets which are sent by the terminal to the 5G core network user plane for interaction, so as to obtain the context related information of the terminal user. The private network splitting device only recognizes VPN traffic containing the special identifier and forwards the traffic to the enterprise LAN. On the other hand, through a 'UE (VPN Client) -local distribution device-VPN Server-enterprise local area network' architecture, private network traffic to the enterprise local area network is specifically identified, and the distribution device is assisted to identify and forward.
Fig. 4 illustrates a schematic diagram of an extension of an enterprise local area network to an enterprise private network in accordance with further example embodiments of the present disclosure.
Referring to fig. 4, enterprise lan 125 includes: a product lifecycle management module, a customer relationship management module, a supply chain management module, an enterprise resource planning module, a manufacturing execution system module, an internet of things module, a video module, a security module, and a plurality of local area network terminals. Networking a private network terminal and a plurality of local area network terminals through VPN to construct a multilayer local area network; and expanding the private network terminal to the enterprise local area network through the multilayer local area network.
Further, as shown in fig. 4, the private network terminal 110 and the wired or wireless terminal under the private network terminal 110 may access the enterprise lan 125 through a two-layer or three-layer lan, and the enterprise lan 125 may manage, for example, network planning, IP address allocation, etc. in a unified manner.
In the example embodiment of fig. 4, the two/three layer lan of the enterprise is extended to 5G private network terminals, and wired or wireless networks underlying the private network terminals, through a point-to-point, point-to-multipoint VPN network built by a "private network terminal (VPN Client) -local splitter-VPN Server-enterprise lan" architecture.
As shown in fig. 4, for the scenario where downstream traffic of the enterprise lan 125 to the 5G private network terminal 110 arrives first, the 5G private network terminal, and the wired or wireless terminal under it, remain online due to the maintenance of the point-to-point or point-to-multipoint VPN tunnel, and downstream data can reach the private network terminal 110 at any time.
It should be noted that, private network terminals of the private network of the enterprise include various types of terminals such as 5G mobile phones, 5G CPE (Customer Premise Equipment, client terminal equipment), 5G DTU (Data Transfer unit, data transmission unit), and the like.
According to the technical solution in the example embodiment of fig. 4, through the architecture of "UE (VPN Client) -local splitter-VPN Server-enterprise lan", the constructed point-to-point and point-to-multipoint VPN network can extend the two/three layer lan of the enterprise to the 5G private network terminal and the wired or wireless network under the 5G private network terminal, so that the 5G private network terminal and the wired or wireless terminal under the 5G private network terminal can establish symmetric communication with the two/three layer lan of the enterprise, i.e. uplink and downlink can be reached at any time.
It is noted that the above-described figures are merely schematic illustrations of processes involved in a method according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following describes embodiments of the apparatus of the present disclosure that may be used to perform the data traffic splitting methods described above in the present disclosure.
Fig. 5 shows a schematic structural diagram of a data traffic splitting device according to an embodiment of the present disclosure.
Referring to fig. 5, there is provided a data traffic splitting device 500 including: a VPN establishment module 510, configured to establish a virtual private network VPN between a private network terminal of an enterprise private network and an enterprise local area network; a first offloading module 520, configured to identify and obtain, by using a private network offloading device, first VPN data sent by the private network terminal to the enterprise lan through the VPN, and route the first VPN data to the enterprise lan; and the second splitting module 530 is configured to receive, by using the private network splitting device, second VPN data sent by the enterprise local area network to the private network terminal through the VPN, and route the second VPN data to the private network terminal.
In some example embodiments, the first splitting module 520 is further configured to: determining whether current data sent to the enterprise local area network by the private network terminal contains a preset VPN identifier or not through the private network distribution equipment; and if the preset VPN identifier is included, determining that the current data is first VPN data sent to the enterprise local area network by the private network terminal through the VPN.
In some example embodiments, the second splitting module 530 is further configured to: combining the context information corresponding to the private network terminal, and grouping and packaging the second VPN data to generate downlink data; transmitting the downlink data to a private network base station of the enterprise private network; and transmitting the downlink data to the private network terminal through the private network base station.
In some example embodiments, the apparatus further comprises: the monitoring module is used for monitoring the uplink and downlink data packets which are transmitted to the core network user plane interaction by the private network terminal; and the context information determining module is used for acquiring and analyzing the monitored uplink and downlink data packets to obtain the context information corresponding to the private network terminal.
In some example embodiments, the enterprise local area network includes a plurality of local area network terminals, the apparatus further comprising: the networking module is used for networking the private network terminal and the plurality of local area network terminals through the VPN to construct a multilayer local area network; and the network expansion module is used for expanding the private network terminal to the enterprise local area network through the multilayer local area network.
In some example embodiments, the network expansion module is further to: receiving VPN data sent to the local area network terminal by the private network terminal; packaging the VPN data to generate a VPN data packet; and routing the VPN data packet to the local area network terminal through the multilayer local area network.
In some example embodiments, the client of the VPN is located at the private network terminal and the server of the VPN is located at the private network offload device.
Since each functional module of the data traffic splitting apparatus according to the exemplary embodiment of the present disclosure corresponds to a step of the foregoing exemplary embodiment of the data traffic splitting method, for details not disclosed in the embodiments of the network device of the present disclosure, please refer to the foregoing embodiment of the data traffic splitting method of the present disclosure.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, a computer storage medium capable of implementing the above method is also provided. On which a program product is stored which enables the implementation of the method described above in the present specification. In some possible embodiments, the various aspects of the present disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device.
The program product may take the form of a portable compact disc read-only memory (CD-ROM) and comprises program code and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product described above may take the form of any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
In addition, in an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 600 according to such an embodiment of the present disclosure is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.
As shown in fig. 6, the electronic device 600 is in the form of a general purpose computing device. Components of electronic device 600 may include, but are not limited to: the at least one processing unit 610, the at least one memory unit 620, and a bus 630 that connects the various system components, including the memory unit 620 and the processing unit 610.
Wherein the storage unit stores program code that is executable by the processing unit 610 such that the processing unit 610 performs steps according to various exemplary embodiments of the present disclosure described in the section "exemplary methods" of the present specification. For example, the processing unit 610 described above may perform the operations as shown in fig. 2: step S210, establishing a virtual private network VPN between a private network terminal of an enterprise private network and an enterprise local area network; step S220, identifying and acquiring first VPN data sent to the enterprise local area network by the private network terminal through the VPN by the private network diversion equipment, and routing the first VPN data to the enterprise local area network; step S230, the private network diversion equipment receives second VPN data sent to the private network terminal by the enterprise local area network through the VPN, and routes the second VPN data to the private network terminal.
The processing unit 610 may also perform the data traffic splitting method in the embodiments described above.
The storage unit 620 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 6201 and/or cache memory unit 6202, and may further include Read Only Memory (ROM) 6203.
The storage unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 630 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 690 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 600, and/or any device (e.g., router, modem, etc.) that enables the electronic device 600 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 650. Also, electronic device 600 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 660. As shown, network adapter 660 communicates with other modules of electronic device 600 over bus 630. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 600, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Furthermore, the above-described figures are only schematic illustrations of processes included in the method according to the exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (8)
1. A method of data traffic splitting, comprising:
establishing a virtual private network VPN between a private network terminal of an enterprise private network and an enterprise local area network;
identifying and acquiring first VPN data sent to the enterprise local area network by the private network terminal through the VPN by private network splitting equipment, and routing the first VPN data to the enterprise local area network;
receiving, by the private network splitting device, second VPN data sent by the enterprise local area network to the private network terminal through the VPN, and routing the second VPN data to the private network terminal, including: combining the context information corresponding to the private network terminal, and grouping and packaging the second VPN data to generate downlink data; transmitting the downlink data to a private network base station of the enterprise private network; transmitting the downlink data to the private network terminal through the private network base station;
the private network splitting device is used for identifying and acquiring first VPN data sent to the enterprise local area network by the private network terminal through the VPN, and the method comprises the following steps: determining whether current data sent to the enterprise local area network by the private network terminal contains a preset VPN identifier or not through the private network distribution equipment; if the private network terminal comprises a preset VPN identifier, determining that the current data is first VPN data sent to the enterprise local area network by the private network terminal through the VPN; wherein the predetermined VPN identification comprises an IP of the VPN server and/or a port of the VPN server.
2. The method according to claim 1, wherein the method further comprises:
monitoring uplink and downlink data packets interacted by the private network terminal to the core network user plane;
and acquiring and analyzing the monitored uplink and downlink data packets to obtain the context information corresponding to the private network terminal.
3. The method of claim 1, wherein the enterprise local area network comprises a plurality of local area network terminals, the method further comprising:
networking the private network terminal and the plurality of local area network terminals through the VPN to construct a multilayer local area network;
and expanding the private network terminal to the enterprise local area network through the multilayer local area network.
4. The method of claim 3, wherein said expanding the private network terminal to the enterprise local area network through the multi-layer local area network comprises:
receiving VPN data sent to the local area network terminal by the private network terminal;
packaging the VPN data to generate a VPN data packet;
and routing the VPN data packet to the local area network terminal through the multilayer local area network.
5. The method according to any of claims 1 to 4, wherein the client of the VPN is located at the private network terminal and the server of the VPN is located at the private network distribution device.
6. A data flow splitting device, comprising:
the VPN establishing module is used for establishing a virtual private network VPN between a private network terminal of an enterprise private network and an enterprise local area network;
the private network distribution equipment is used for identifying and acquiring first VPN data sent to the enterprise local area network by the private network terminal through the VPN, and routing the first VPN data to the enterprise local area network;
a second splitting module, configured to receive, by using the private network splitting device, second VPN data sent by the enterprise local area network to the private network terminal through the VPN, and route the second VPN data to the private network terminal, where the second VPN data includes: combining the context information corresponding to the private network terminal, and grouping and packaging the second VPN data to generate downlink data; transmitting the downlink data to a private network base station of the enterprise private network; transmitting the downlink data to the private network terminal through the private network base station;
the private network splitting device is used for identifying and acquiring first VPN data sent to the enterprise local area network by the private network terminal through the VPN, and the method comprises the following steps: determining whether current data sent to the enterprise local area network by the private network terminal contains a preset VPN identifier or not through the private network distribution equipment; if the private network terminal comprises a preset VPN identifier, determining that the current data is first VPN data sent to the enterprise local area network by the private network terminal through the VPN; wherein the predetermined VPN identification comprises an IP of the VPN server and/or a port of the VPN server.
7. A computer readable medium on which a computer program is stored, characterized in that the program, when executed by a processor, implements the data traffic splitting method according to any of claims 1 to 5.
8. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the data traffic splitting method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111539176.0A CN114244906B (en) | 2021-12-15 | 2021-12-15 | Data traffic distribution method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111539176.0A CN114244906B (en) | 2021-12-15 | 2021-12-15 | Data traffic distribution method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114244906A CN114244906A (en) | 2022-03-25 |
| CN114244906B true CN114244906B (en) | 2024-03-19 |
Family
ID=80756661
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111539176.0A Active CN114244906B (en) | 2021-12-15 | 2021-12-15 | Data traffic distribution method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114244906B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615080B (en) * | 2022-03-30 | 2023-12-05 | 阿里巴巴(中国)有限公司 | Remote communication method and device for industrial equipment and equipment |
| CN114727291B (en) * | 2022-03-31 | 2023-09-29 | 中国电信股份有限公司 | Local shunting system, method, device, network equipment and storage medium |
| CN115134806B (en) * | 2022-08-31 | 2024-04-19 | 北京博特数通技术有限公司 | IPSec security reinforcement transmission method, CPE and network transmission system |
| CN115866654A (en) * | 2023-02-07 | 2023-03-28 | 阿里巴巴(中国)有限公司 | Data processing method, storage medium, electronic device and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901387A (en) * | 2020-07-01 | 2020-11-06 | 中国联合网络通信集团有限公司 | Connection method and device of cloud special line |
| CN112752306A (en) * | 2020-12-31 | 2021-05-04 | 西安抱朴通信科技有限公司 | Service distribution method, terminal, system and storage medium |
| CN113765874A (en) * | 2020-11-09 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Private network and dual-mode networking method based on 5G mobile communication technology |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130205025A1 (en) * | 2012-02-07 | 2013-08-08 | Cisco Technology, Inc. | Optimized Virtual Private Network Routing Through Multiple Gateways |
| US20210306300A1 (en) * | 2020-03-31 | 2021-09-30 | Fortinet, Inc. | Portable, hardware-based authentication client to enforce user-to-site network access control restrictions |
-
2021
- 2021-12-15 CN CN202111539176.0A patent/CN114244906B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901387A (en) * | 2020-07-01 | 2020-11-06 | 中国联合网络通信集团有限公司 | Connection method and device of cloud special line |
| CN113765874A (en) * | 2020-11-09 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Private network and dual-mode networking method based on 5G mobile communication technology |
| CN112752306A (en) * | 2020-12-31 | 2021-05-04 | 西安抱朴通信科技有限公司 | Service distribution method, terminal, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114244906A (en) | 2022-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114244906B (en) | Data traffic distribution method, device, equipment and medium | |
| US20240022650A1 (en) | Computing power application traffic forwarding method and apparatus | |
| CN109088820B (en) | Cross-device link aggregation method and device, computing device and storage medium | |
| CN102571587B (en) | Method and equipment for forwarding messages | |
| CN114727291B (en) | Local shunting system, method, device, network equipment and storage medium | |
| CN111935017B (en) | Cross-network application calling method and device and routing equipment | |
| CN113746717A (en) | Network equipment communication method and network equipment communication device | |
| CN107770027B (en) | Implementation method for providing GRE tunnel service based on OpenStack architecture | |
| Li et al. | 6G cloud-native system: Vision, challenges, architecture framework and enabling technologies | |
| CN107294849B (en) | Method, device and system for establishing service path | |
| CN113596917B (en) | Method and device for processing GTP communication data message based on signaling assistance | |
| CN113765801B (en) | Message processing method and device applied to data center, electronic equipment and medium | |
| WO2023179457A1 (en) | Method, apparatus and system for identifying service connection, and storage medium | |
| CN116010130B (en) | Cross-card link aggregation method, device, equipment and medium for DPU virtual port | |
| WO2023072291A1 (en) | Multi-hop relay connection establishment method, apparatus, and device, and medium | |
| CN114867077B (en) | Multi-hop route realization method, device, equipment and storage medium | |
| CN113726648B (en) | Multipath communication method, device, electronic equipment and computer readable medium | |
| US11743180B2 (en) | System and method for routing traffic onto an MPLS network | |
| WO2014117474A1 (en) | Routing method, system, and related device | |
| CN114339943A (en) | Network access method, data distribution method, system, equipment and storage medium | |
| CN104255014A (en) | Method, device and server for setting and processing interactive connectivity establishment address | |
| CN115529631A (en) | Communication system, method, apparatus, first device, and storage medium | |
| CN113163443A (en) | Core network data transmission method and system | |
| CN115297529A (en) | Special network access method, device, storage medium and electronic equipment | |
| CN113114565B (en) | Data message forwarding method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |