CN114513468A - Method, device, equipment, storage medium and product for protecting flow in Sentinel - Google Patents
Method, device, equipment, storage medium and product for protecting flow in Sentinel Download PDFInfo
- Publication number
- CN114513468A CN114513468A CN202210132327.9A CN202210132327A CN114513468A CN 114513468 A CN114513468 A CN 114513468A CN 202210132327 A CN202210132327 A CN 202210132327A CN 114513468 A CN114513468 A CN 114513468A
- Authority
- CN
- China
- Prior art keywords
- sentinel
- flow control
- protection
- control rule
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000006870 function Effects 0.000 claims description 66
- 230000000875 corresponding effect Effects 0.000 claims description 32
- 238000004590 computer program Methods 0.000 claims description 24
- 238000012544 monitoring process Methods 0.000 claims description 13
- 230000008859 change Effects 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 230000002596 correlated effect Effects 0.000 claims description 3
- 230000002265 prevention Effects 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims description 2
- 230000002085 persistent effect Effects 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 6
- 230000015556 catabolic process Effects 0.000 description 5
- 238000006731 degradation reaction Methods 0.000 description 5
- 238000001595 flow curve Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000002688 persistence Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000007493 shaping process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/22—Traffic shaping
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/20—Traffic policing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a device, equipment, a storage medium and a product for protecting flow in Sentinel. The method comprises the following steps: receiving a flow protection request generated by the Sentinel service after the Sentinel service is monitored to be started; analyzing and obtaining a protection function item in the flow protection request, and determining a target flow control rule corresponding to the protection function item according to a pre-established local database; and loading the target flow control rule, and performing flow protection on the externally connected network service to be protected. Compared with the prior art that the required flow control rule is determined by relying on the Sentinel console after service is started in the flow protection, the flow control rule required by the protection can be obtained only through the flow control rule which is persistent in the local database without relying on the Sentinel console, and the effectiveness and the timeliness of the flow protection are guaranteed.
Description
Technical Field
The embodiment of the invention relates to the technical field of flow control, in particular to a method, a device, equipment, a storage medium and a product for flow protection in Sentinel.
Background
Traffic protection is a common concept in network transmission, and is used to adjust the transmitted data of network packets. However, from the viewpoint of system stability, there are many studies on the speed of processing requests. Requests arriving at any time are often randomly uncontrollable and the processing power of the system is limited. We need to control the flow according to the processing power of the system.
At present, a Sentinel technology is generally used, a Sentinel (flow defense and defense of a distributed system) is a lightweight flow control component oriented to a distributed service architecture, flow is mainly used as an entry point, and the stability of distributed services is guaranteed from multiple dimensions such as flow limiting, flow shaping, service degradation, system load protection and the like.
Although the Sentinel console can provide the traffic protection service by pushing the rules, when the rules change, the rules need to be changed by programming the console codes, and the console codes need to be modified once when the rules are adjusted, so that the implementation process is relatively complex, the rules cannot be changed in time, and a plurality of traffic protection requests cannot be handled simultaneously.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment, a storage medium and a product for protecting flow in Sentinel, which realize flow protection of network services and ensure the effectiveness and timeliness of the flow protection.
In a first aspect, an embodiment of the present invention provides a method for protecting a flow in Sentinel, including:
receiving a flow protection request generated by the Sentinel service after the Sentinel service is monitored to be started;
analyzing and obtaining a protection function item in the flow protection request, and determining a target flow control rule corresponding to the protection function item according to a pre-established local database;
and loading the target flow control rule, and performing flow protection on the externally connected network service to be protected.
In a second aspect, an embodiment of the present invention further provides a device for protecting a flow in Sentinel, where the device includes:
the system comprises a first receiving module, a second receiving module and a sending module, wherein the first receiving module is used for receiving a traffic protection request generated by a Sentinel service after monitoring that the Sentinel service is started;
the analysis module is used for analyzing and obtaining the protection function item in the flow protection request and determining a target flow control rule corresponding to the protection function item according to a pre-established local database;
and the loading module is used for loading the target flow control rule and carrying out flow protection on the externally connected network service to be protected.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the method of traffic protection in Sentinel according to any of the embodiments of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where computer instructions are stored, and the computer instructions are configured to, when executed by a processor, implement a method for flow protection in Sentinel according to any embodiment of the present invention.
In a fifth aspect, an embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the computer program implements the method for flow protection in Sentinel according to any embodiment of the present invention.
According to the method and the device, after the start of the Sentinel service is monitored, a flow protection request generated by the Sentinel service is received, a protection function item in the flow protection request is analyzed and obtained, a target flow control rule corresponding to the protection function item is determined according to a pre-established local database, the target flow control rule is loaded, and the flow protection is carried out on the external network service to be protected.
Drawings
Fig. 1 is a flowchart of a method for flow protection in Sentinel according to an embodiment of the present invention;
FIG. 2 is a diagram of an implementation architecture for traffic protection provided by the prior art;
FIG. 3 is a flow chart of a method for flow protection in a Sentinel according to a second embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a flow protection device in a Sentinel according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a method for traffic protection in Sentinel according to an embodiment of the present invention, where this embodiment is applicable to a case where traffic protection needs to be performed on a server according to different rules, and the method may be executed by a device for traffic protection in Sentinel according to an embodiment of the present invention, where the device may be implemented in a software and/or hardware manner and is generally integrated in a computer device, where the computer device may be a mobile terminal or a server. The Sentinel refers to a Sentinel client, which can receive the rules configured by the console and can also perform flow control according to the rules provided by the console.
It should be noted that before the method provided in this embodiment is introduced, a description of an existing flow control protection is given. Fig. 2 is an implementation architecture diagram of traffic protection provided in the prior art, and as shown in fig. 2, a traffic protection Sentinel platform 1 is implemented, where the Sentinel platform 1 includes a Sentinel console 10 and a Sentinel client 11, where the Sentinel console is connected to the Sentinel client through an API interface. When the flow control protection is carried out, flow control rule configuration needs to be carried out on a Sentinel console, a configured flow control rule is obtained, a Sentinel client side obtains the required flow control rule from the Sentinel console, wherein in order to guarantee the persistence of the flow control rule, the Sentinel console needs to participate in management and persistence operation of the configured flow control rule, for example, the Sentinel console persists the formed flow control rule into a third-party database loaded on other equipment, when the Sentinel client side needs the flow control rule, the Sentinel console obtains the rule from the third-party database, pushes the rule to the Sentinel client side and then updates the rule into an internal memory, and then the Sentinel client side calls the rule to carry out flow control. Because the method depends on the push rule of the console, the code of the console needs to be modified once when the rule is adjusted once, and when the Sentinel client is restarted each time, the previous memory is cleaned, so that the cached rule is covered and lost, and the whole flow control process cannot be controlled by the console.
In order to solve the above problem, an embodiment of the present invention provides a method for protecting a flow in Sentinel, so that the flow protection does not depend on a console any more, and the efficiency and timeliness of the flow protection are improved.
As shown in fig. 1, the method specifically includes the following steps:
and S110, receiving a flow protection request generated by the Sentinel service after monitoring that the Sentinel service is started.
The Sentinel client can be used as a monitoring platform to monitor the Sentinel service, a plurality of interfaces are arranged on the Sentinel client, an external server can access the service through the interfaces, and the Sentinel client can also receive data transmitted by the external server through the interfaces. The Sentinel service start may be a Sentinel service start performed when the computer device integrated with the Sentinel client is powered on and started, and generally, data information cached in the memory after the computer device is powered off is also cleared. And the flow control rule depended by the Sentinel service for flow protection is cached in the memory, and when the computer equipment is shut down, the cached flow control rule is also cleared. In the implementation of the current flow control protection, when the current flow control protection is powered on and started again, the current flow control protection needs to be determined by a Sentinel console in a Sentinel platform and a flow control rule.
In the implementation of the present embodiment, the execution subject of the implementation is equivalent to a computer device integrated with a Sentinel client, and a specific implementation of the embodiment that performs traffic protection may be implemented only by the Sentinel client. The Sentinel services monitored by the Sentinel client may include: the method comprises the following steps that a Sentinel client receives flow protection requests generated by the Sentinel service after monitoring that the Sentinel service is started, wherein different flow protection requests correspond to different Sentinel services, and the flow protection requests contain basic information of an object to be protected, and the method comprises the following steps: the name of the object to be protected, the port address, the interface, the protection function item and the like.
And S120, analyzing and obtaining the protection function item in the flow protection request, and determining a target flow control rule corresponding to the protection function item according to a pre-established local database.
It should be noted that the Sentinel client cannot directly read the traffic protection request, and needs to read the traffic protection request through a set parsing format and obtain a protection function item in the traffic protection request, where the protection function item is used to help the Sentinel client to screen out a target traffic control rule matching the traffic protection request from a pre-created local database. The local database has a function of storing and managing a data set, and can be understood as a warehouse storing target flow control rules such as a flow control rule, a fusing degradation rule, a system protection rule, a source access control rule, a hotspot parameter rule and the like.
Illustratively, table 1 provides a flow control rule:
TABLE 1
Wherein, the flow control rule comprises: resource name, current limiting threshold type, calling source of flow control target, calling relation current limiting strategy, flow control effect, whether cluster current limiting is performed or not, and the like. The resource name is used to define the object acted on by the flow control rule; the flow limiting threshold value specifies the maximum value of the allowed flow after the flow limitation; the current limit threshold types include: a QPS mode (query rate per second) and a concurrent thread number mode default to the QPS mode; the default of the calling source of the flow control is default, which represents that the calling source is not distinguished; invoking the relational throttling policy comprises: direct, link, association; the flow control effect does not support flow limitation according to a calling relation, and the default is direct rejection; and finally, judging whether the cluster current limiting default state is negative.
Illustratively, Table 2 provides a fuse degradation rule:
TABLE 2
Wherein, the fusing degradation rule comprises: resource name, fusing strategy, threshold value corresponding to slow-calling critical RT (exceeding the value as slow calling) in slow-calling proportional mode, abnormal proportion/abnormal number mode, fusing duration, minimum request number triggered by fusing, statistical duration, slow-calling proportional threshold value and the like. The resource name refers to an action object of a fusing downgrading rule; the fusing strategy comprises the following steps: the strategy of slow calling proportion, abnormal proportion and abnormal number is defaulted to be a strategy of slow calling proportion; the count is a slow-calling critical RT (exceeding the value is slow calling) in a slow-calling proportion mode, and is a corresponding threshold in an abnormal proportion or abnormal number mode; fusing duration is in units of seconds; the meaning of the minimum number of requests for a fuse trigger is: not fusing even if the abnormality ratio exceeds the threshold when the number of requests is less than the value; the unit of the statistical time length is millisecond, such as 60 x 1000 represents a minute scale; finally, the slow call scale threshold is only valid in the slow call scale mode.
And S130, loading a target flow control rule, and performing flow protection on the externally connected network service to be protected.
After determining a target flow control rule corresponding to a traffic protection request of an object to be protected, a Sentinel client needs to load the target flow control rule from a pre-created local database and apply the target flow control rule to an external network service to be protected, the external network service to be protected mainly comprises different flow protection services required to be applied by different devices after an external server or a device with an interaction function establishes connection with the Sentinel client through an interface, and the Sentinel client can simultaneously distribute the required flow control rule to different external servers or devices with the interaction function according to different interfaces.
According to the technical scheme of the embodiment, after the Sentinel service is monitored to be started, the flow protection request generated by the Sentinel service is received, the protection function item in the flow protection request is analyzed and obtained, the target flow control rule corresponding to the protection function item is determined according to the pre-established local database, the target flow control rule is loaded, and the flow protection is performed on the external network service to be protected, so that on one hand, the flow protection rule can be adjusted in real time on the basis of not depending on a control console, the code of the control console does not need to be modified, and the intrusiveness to the code of the control console is greatly improved; on the other hand, the consistency of the flow protection rule can be kept, and after the Sentinel client is restarted, the rule in the local database can be directly called, so that the cached rule is prevented from being formatted.
Furthermore, initial flow control rules set relative to each protection function item can be received from the Sentinel console, and each initial flow control rule is used as a standard flow control rule and is written into a set position of the local database in association with the corresponding protection function item.
It should be noted that, although the present embodiment does not depend on the Sentinel console, the present embodiment may still be used in cooperation with the Sentinel console, the Sentinel console has a function of pushing rules, and when the Sentinel console is connected to the Sentinel client through an interface, the Sentinel console pushes rules, such as a flow control rule, a fusing degradation rule, a system protection rule, a source access control rule, and a hotspot parameter rule, to the Sentinel client. The initial flow control rules refer to the rules pushed by the Sentinel console that have already been configured in the Sentinel console, and each parameter is configured with a default value, for example: and a parameter flow limiting threshold type in the flow control rule, wherein the parameter value is configured as a QPS mode by default. And after the initial flow control rule is pushed to the Sentinel client, the client uses the initial flow control rule as a standard flow control rule for the first time use of the Sentinel client. The protection function item is already mentioned to correspond to the target flow control rule, the client screens the target flow control rule according to the protection function item, similarly, the protection function item and the standard flow control rule are also in a one-to-one correspondence relationship, after each initial flow control rule is taken as the standard flow control rule, the correspondence relationship between the protection function item and the standard flow control rule needs to be established, the protection function item and the standard flow control rule are stored in a local database by pre-establishing a path of each standard flow control rule, and when the standard flow control rule needs to be called by external equipment, the client analyzes and obtains the protection function item in the flow protection request, and searches the target flow control rule corresponding to the protection function item.
Furthermore, rule change monitoring can be carried out according to a set polling mechanism, and the changed flow control rules are written into a local database in a correlated mode.
The polling mechanism set by the Sentinel client mainly means that the client can query an external flow protection request at regular time, the rule change monitoring means that a target flow control rule corresponding to a protection function item is updated, a file can be directly modified locally to update the rule, the rule can also be pushed by a Sentinel console, and after the flow control rule is changed, the changed rule needs to be stored in a database according to a preset path or covered on the original flow control rule.
Furthermore, the protection result information of the flow protection can be fed back to the Sentinel console in real time so as to be displayed to related personnel through the Sentinel console.
The Sentinel console is software installed in a client, a user needs to communicate with the internet to download the software as required, a flow curve can be generated to visually reflect the effect of flow protection, and protection result information represents flow transmission information under different rules, for example: the flow control rule can limit the flow in the flow limiting threshold value, the client can feed back the protection result information of the flow protection to the Sentinel console in real time through the API, the Sentinel console can generate a flow curve according to the protection result information, and related personnel observe the flow protection effect through the flow curve.
For example, in the present embodiment, when the client is used in cooperation with a Sentinel console, the client may interact with the console, and the Sentinel console has different style display panels, so that the display of the flow control effect under different rules can be performed on the console side, so as to facilitate viewing and recording of the flow control result by the flow control protection personnel. For example, the upper left frame of the display panel may display the role of the rule, the center of the display panel is a flow graph through the QPS and reject QPS at different time points, and by switching the display panel, the flow control conditions through the QPS and reject QPS can be further embodied in the form of a data table, where the flow values through the QPS and reject QPS and the response time duration at different time points are recorded in the table. For example: the target flow control rule is a flow control rule, after external network services to be protected pass through the flow control service, the type of a flow limiting threshold is defaulted to be a QPS mode, the flow limiting threshold is set to be 10, a parameter value passing through the QPS is constantly 10, a parameter value refusing the QPS is far beyond the QPS, the flow control rule is effective, and related personnel can determine the flow protection effect through a flow curve graph or a data table.
Example two
Fig. 3 is a schematic flow chart of a flow protection method in Sentinel according to a second embodiment of the present invention, and the present embodiment is further optimized based on the first embodiment, and the method can be executed by a flow protection device in Sentinel. As shown in fig. 3, the method for protecting the flow in Sentinel provided in this embodiment specifically includes the following steps:
s210, after the Sentinel service is monitored to be started, a flow protection request generated by the Sentinel service is received.
It should be noted that the specific implementation steps of accessing the Sentinel client to the Sentinel include:
1) sentinel dependencies are introduced in the pom document. This file is used to manage: source code, configuration files, information and roles of developers, problem tracking systems, organizational information, project authorization, url of project, dependencies of project, and the like. The sentinel dependency is the dependency required for the microservice to interact with the sentinel communication.
2) Configuration is added. Creating a configuration directory under the resource library, then adding a file, and adding a full path of a configuration class in the file.
3) And developing an implementation interface. And defining an interface, wherein when receiving the rule pushed by the console, the Sentinel can preferentially update the rule to the memory and then write the rule into a file.
4) And configuring a flow control rule.
5) And introducing annotation support dependence and defining resources by using the annotation. A resource is what the Sentinel needs to protect, can be any content in an application, can be a service, can be a method, and can even be a piece of code.
And after the Sentinel client accesses the Sentinel, starting monitoring the start of the Sentinel service.
And S220, analyzing and obtaining the protection function item in the flow protection request.
The client can obtain the protection function item by inquiring key fields or byte data in the traffic protection request.
S230, searching a pre-established local database, reading a corresponding standard flow control rule from the local database if the local database comprises a protection function item, and recording the standard flow control rule as a target flow control rule; if the local database does not include the protection function item, rule searching failure information is displayed, and flow control rule information submitted by a user in a rule editing page relative to the protection function item is received.
It can be understood that, after the client obtains the external service request, the protection function item is analyzed, and then whether the flow control rule applicable to the protection function item exists or not needs to be searched in the local database. Because the rules stored in the local database are limited, when the local database includes the flow control rule corresponding to the protection function item, the client can mark the path of the corresponding standard flow control rule, and use the path of the standard flow control rule as a target flow control rule required by the external network service to be protected for subsequent loading and calling; and when the flow control rule corresponding to the protection function item cannot be searched in the local database, feeding the query result back to the relevant personnel, performing networking query on the protection function item in the flow protection request, receiving the corresponding flow control rule provided by other servers or control consoles and storing the flow control rule in the local database, or opening a rule editing page for the relevant personnel to edit the flow control rule corresponding to the protection function item.
And S240, externally connecting the network service to be protected through the set monitoring interface, and caching the acquired target flow control rule into a memory.
It can be understood that the external network service to be protected is a service request provided by connecting an external server with a client through an interface, and the client can monitor the external request and the traffic transmission condition through the interface. After the client determines the target flow control rule corresponding to the protection function item, the flow control rule is not directly applied to the action object, the target flow control rule is cached preferentially, and the memory can be resources such as folders and databases, is stored in a position different from the local database, and has the same function as the local database.
And S250, loading the target flow control rule from the memory, and protecting the network service to be protected according to the target flow control rule.
The client applies the target flow control rule to the action object, and the rule is loaded in the memory and applied to the action object by searching the action object instead of directly calling the rule in the local database. In an alternative embodiment, the target flow control rule may be directly loaded from the local database, and the construction of the cache memory may be abandoned.
The method and the device for protecting the flow of the network service, disclosed by the embodiment of the invention, have the advantages that after the start of the Sentinel service is monitored, the flow protection request generated by the Sentinel service is received, the protection function item in the flow protection request is analyzed and obtained, the target flow control rule corresponding to the protection function item is determined according to the pre-established local database, the target flow control rule is loaded, the flow protection is carried out on the external network service to be protected, the flow control rule can be directly obtained from the local database, when the required rule cannot be searched in the local database, the rule of the console can be pushed to the local database or obtained from other servers, or fed back to related personnel to construct a rule editing page, the efficiency and the timeliness of the flow protection are improved, and the operation is very strong.
EXAMPLE III
Fig. 4 is a schematic structural diagram of a flow protection device in Sentinel according to an embodiment of the present invention. The present embodiment may be applicable to a case where different rules of traffic protection are required for a server, where the apparatus may be implemented in a software and/or hardware manner, and the apparatus may be integrated in any device that provides a function of traffic protection in Sentinel, as shown in fig. 4, where the apparatus for traffic protection in Sentinel specifically includes:
a first receiving module 310, configured to receive a traffic protection request generated by a Sentinel service after it is monitored that the Sentinel service is started;
the analysis module 320 is configured to analyze and obtain a protection function item in the flow protection request, and determine a target flow control rule corresponding to the protection function item according to a pre-created local database;
and the loading module 330 is configured to load a target flow control rule, and perform flow protection on an external network service to be protected.
Optionally, the apparatus further comprises:
the second receiving module is used for receiving the initial flow control rule set corresponding to each protection function item from the Sentinel console end;
and taking each initial flow control rule as a standard flow control rule, and writing the standard flow control rule and the corresponding protection function item into a set position of a local database in a correlated manner.
Optionally, the parsing module 320 is further configured to:
searching a pre-established local database;
if the local database comprises the protection function item, reading the corresponding standard flow control rule from the local database and recording the standard flow control rule as a target flow control rule;
if the local database does not include the protection function item, rule searching failure information is displayed, and flow control rule information submitted by a user in a rule editing page relative to the protection function item is received.
Optionally, the apparatus further comprises:
and the change module is used for carrying out rule change monitoring according to a set polling mechanism and writing the changed flow control rule into a local database in a correlation manner.
Optionally, the loading module 330 is further configured to:
the network service to be protected is externally connected through a set monitoring interface, and the obtained target flow control rule is cached to a memory;
and loading the target flow control rule from the memory, and protecting the network service to be protected according to the target flow control rule.
Optionally, the apparatus further comprises:
and the feedback module is used for feeding back the protection result information of the flow protection to the Sentinel console in real time so as to be displayed to related personnel through the Sentinel console.
The product can execute the method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
According to the method and the device for protecting the flow of the network service, after the start of the Sentinel service is monitored, the flow protection request generated by the Sentinel service is received, the protection function item in the flow protection request is analyzed and obtained, the target flow control rule corresponding to the protection function item is determined according to the pre-established local database, the target flow control rule is loaded, and the flow protection is carried out on the external network service to be protected.
Example four
FIG. 5 illustrates a schematic diagram of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 5, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a Read Only Memory (ROM)12, a Random Access Memory (RAM)13, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 11 can perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM)12 or the computer program loaded from a storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 can also be stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
A number of components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, or the like; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, or the like. The processor 11 performs the above-described methods and processes, for example, implementing the method for protecting the flow in Sentinel provided by the above-described embodiment of the present invention:
receiving a flow protection request generated by the Sentinel service after the Sentinel service is monitored to be started;
analyzing and obtaining a protection function item in the flow protection request, and determining a target flow control rule corresponding to the protection function item according to a pre-established local database;
and loading a target flow control rule, and performing flow protection on the externally connected network service to be protected.
In some embodiments, the flow prevention method in Sentinel may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the flow prevention method in Sentinel described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the traffic guard method in Sentinel by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired result of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for protecting flow in Sentinel is characterized by comprising the following steps:
receiving a flow protection request generated by the Sentinel service after the Sentinel service is monitored to be started;
analyzing and obtaining a protection function item in the flow protection request, and determining a target flow control rule corresponding to the protection function item according to a pre-established local database;
and loading the target flow control rule, and performing flow protection on the externally connected network service to be protected.
2. The method of claim 1, further comprising:
receiving initial flow control rules set corresponding to each protection function item from a Sentinel console end;
and taking each initial flow control rule as a standard flow control rule, and writing the standard flow control rule and the corresponding protection function item into a set position of a local database in a correlated manner.
3. The method according to claim 1, wherein the determining the target flow control rule corresponding to the protection function item according to the pre-created local database includes:
searching a pre-established local database;
if the local database comprises the protection function item, reading a corresponding standard flow control rule from the local database, and recording the standard flow control rule as a target flow control rule;
if the local database does not include the protection function item, rule search failure information is displayed, and flow control rule information submitted by a user in a rule editing page relative to the protection function item is received.
4. The method of claim 1, further comprising:
and carrying out rule change monitoring according to a set polling mechanism, and writing the changed flow control rule into the local database in a correlation manner.
5. The method according to claim 1, wherein the loading the target flow control rule to perform flow protection on the externally connected network traffic to be protected includes:
the network service to be protected is externally connected through a set monitoring interface, and the obtained target flow control rule is cached to a memory;
and loading the target flow control rule from the memory, and protecting the network service to be protected according to the target flow control rule.
6. The method of any one of claims 1-5, further comprising:
and feeding back the protection result information of the flow protection to the Sentinel console in real time so as to be displayed to related personnel through the Sentinel console.
7. A flow guard in a Sentinel, comprising:
the system comprises a first receiving module, a second receiving module and a sending module, wherein the first receiving module is used for receiving a traffic protection request generated by a Sentinel service after monitoring that the Sentinel service is started;
the analysis module is used for analyzing and obtaining the protection function item in the flow protection request and determining a target flow control rule corresponding to the protection function item according to a pre-established local database;
and the loading module is used for loading the target flow control rule and carrying out flow protection on the externally connected network service to be protected.
8. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the method of traffic protection in Sentinel of any of claims 1-6.
9. A computer-readable storage medium storing computer instructions for causing a processor to perform the method of traffic protection in Sentinel of any of claims 1-6 when executed.
10. A computer program product, characterized in that it comprises a computer program which, when being executed by a processor, implements the method for flow prevention in Sentinel according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210132327.9A CN114513468B (en) | 2022-02-14 | 2022-02-14 | Method, device, equipment, storage medium and product for protecting flow in Sentinel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210132327.9A CN114513468B (en) | 2022-02-14 | 2022-02-14 | Method, device, equipment, storage medium and product for protecting flow in Sentinel |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114513468A true CN114513468A (en) | 2022-05-17 |
| CN114513468B CN114513468B (en) | 2024-05-10 |
Family
ID=81550885
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210132327.9A Active CN114513468B (en) | 2022-02-14 | 2022-02-14 | Method, device, equipment, storage medium and product for protecting flow in Sentinel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114513468B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115604344A (en) * | 2022-10-18 | 2023-01-13 | 中电金信软件(上海)有限公司(Cn) | Micro-service current limiting method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812393A (en) * | 2016-05-24 | 2016-07-27 | 浪潮电子信息产业股份有限公司 | Website protection device and method |
| US20190222594A1 (en) * | 2018-01-15 | 2019-07-18 | International Business Machines Corporation | Network flow control of Internet Of Things (IoT) devices |
| CN113179222A (en) * | 2021-04-30 | 2021-07-27 | 康键信息技术(深圳)有限公司 | Current-limiting control method, device and equipment for hotspot data and storage medium |
| CN113220482A (en) * | 2021-04-30 | 2021-08-06 | 北京达佳互联信息技术有限公司 | Call request processing method and device, electronic equipment and storage medium |
| CN113411208A (en) * | 2021-05-28 | 2021-09-17 | 青岛海尔科技有限公司 | System, device for distributed traffic management |
| CN113938430A (en) * | 2021-09-15 | 2022-01-14 | 山东有人物联网股份有限公司 | Flow control method, device, equipment and storage medium |
-
2022
- 2022-02-14 CN CN202210132327.9A patent/CN114513468B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812393A (en) * | 2016-05-24 | 2016-07-27 | 浪潮电子信息产业股份有限公司 | Website protection device and method |
| US20190222594A1 (en) * | 2018-01-15 | 2019-07-18 | International Business Machines Corporation | Network flow control of Internet Of Things (IoT) devices |
| CN113179222A (en) * | 2021-04-30 | 2021-07-27 | 康键信息技术(深圳)有限公司 | Current-limiting control method, device and equipment for hotspot data and storage medium |
| CN113220482A (en) * | 2021-04-30 | 2021-08-06 | 北京达佳互联信息技术有限公司 | Call request processing method and device, electronic equipment and storage medium |
| CN113411208A (en) * | 2021-05-28 | 2021-09-17 | 青岛海尔科技有限公司 | System, device for distributed traffic management |
| CN113938430A (en) * | 2021-09-15 | 2022-01-14 | 山东有人物联网股份有限公司 | Flow control method, device, equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115604344A (en) * | 2022-10-18 | 2023-01-13 | 中电金信软件(上海)有限公司(Cn) | Micro-service current limiting method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114513468B (en) | 2024-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20110264704A1 (en) | Methods and Systems for Deleting Large Amounts of Data From a Multitenant Database | |
| EP3905071A1 (en) | Comments-ordering method, apparatus, device and computer storage medium | |
| CN112422484A (en) | Method, apparatus, and storage medium for determining a scenario for processing a security event | |
| EP2674868A1 (en) | Database update notification method | |
| CN113961510A (en) | File processing method, device, equipment and storage medium | |
| CN116611411A (en) | Business system report generation method, device, equipment and storage medium | |
| CN114513468A (en) | Method, device, equipment, storage medium and product for protecting flow in Sentinel | |
| US20230269304A1 (en) | Method and apparatus for processing notification trigger message | |
| CN113378093A (en) | Method and device for determining resource release strategy, electronic equipment and storage medium | |
| CN113010535A (en) | Cache data updating method, device, equipment and storage medium | |
| CN113676531B (en) | E-commerce flow peak clipping method and device, electronic equipment and readable storage medium | |
| CN114691781A (en) | Data synchronization method, system, device, equipment and medium | |
| CN113553074A (en) | Applet distribution control method, device, electronic equipment and storage medium | |
| US10185729B2 (en) | Index creation method and system | |
| CN112887426A (en) | Information flow pushing method and device, electronic equipment and storage medium | |
| CN107423375B (en) | Application program searching method and device | |
| CN114416414B (en) | Fault information positioning method, device, equipment and storage medium | |
| CN111769965B (en) | Information processing method, device and equipment | |
| US20230306031A1 (en) | Method for data processing, computing device, and storage medium | |
| CN110262756B (en) | Method and device for caching data | |
| EP4131017A2 (en) | Distributed data storage | |
| CN114969536A (en) | Searching method, searching device, electronic equipment and storage medium | |
| CN116032686A (en) | Multi-terminal data interaction method, device and equipment | |
| CN114491674A (en) | Log processing method, device and equipment based on block chain | |
| CN115587091A (en) | Data storage method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |