CN114553795A - Message processing method and device based on virtual switch matrix - Google Patents

Message processing method and device based on virtual switch matrix Download PDF

Info

Publication number
CN114553795A
CN114553795A CN202210171417.9A CN202210171417A CN114553795A CN 114553795 A CN114553795 A CN 114553795A CN 202210171417 A CN202210171417 A CN 202210171417A CN 114553795 A CN114553795 A CN 114553795A
Authority
CN
China
Prior art keywords
equipment
slave
message
master device
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210171417.9A
Other languages
Chinese (zh)
Inventor
徐强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN202210171417.9A priority Critical patent/CN114553795A/en
Publication of CN114553795A publication Critical patent/CN114553795A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/10Packet switching elements characterised by the switching fabric construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure relates to a message processing method and device based on a virtual switch matrix, electronic equipment and a computer readable medium. The method comprises the following steps: the user equipment establishes connection with the main equipment in the virtual switching matrix; acquiring a message from the user equipment based on the connection of the main equipment; the master equipment forwards the message to slave equipment in a virtual switching matrix for processing; the slave device forwards a processing result to the master device; and the master equipment forwards the message to the target equipment based on the processing result. The message processing method, device, electronic equipment and computer readable medium based on the virtual switch matrix can dynamically expand the processing performance of the virtual private network of the secure socket protocol, reduce the configuration risk in the virtual switch matrix and reduce the operation and maintenance cost.

Description

Message processing method and device based on virtual switch matrix
Technical Field
The present disclosure relates to the field of computer information processing, and in particular, to a method and an apparatus for processing a packet based on a virtual switch matrix, an electronic device, and a computer-readable medium.
Background
With the continuous development of network technology and the popularization of the internet, more and more government and enterprise organizations begin to process work things by means of network tools. To secure internal data, VPN technology has become the first option to access internal sensitive data from an external network. With the increasing requirements of remote access, remote office and the like, the SSL VPN equipment is deployed more and more, and after the number of users is increased gradually, the performance of the SSL VPN server cannot keep up with the increase of the number of users, so that the user login is slow, the network forwarding is slow, and the user experience is worse and worse.
The IP access of the SSL VPN is used in a large amount as the simplest and most safe technology for solving the problem that a remote user accesses internal sensitive data, and as the data encryption and decryption consumption performance of a message is huge, a single network device always has the bottleneck of insufficient performance.
Therefore, a message processing method, device, electronic device and computer readable medium based on a virtual switch matrix are needed.
The above information disclosed in this background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present application provides a message processing method, device, electronic device and computer readable medium based on a virtual switch matrix, which can dynamically extend the processing performance of a virtual private network of a secure socket protocol, reduce configuration risks in the virtual switch matrix, and reduce operation and maintenance costs.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of the present application, a method for processing a packet based on a virtual switch matrix is provided, where the method includes: the user equipment establishes connection with the main equipment in the virtual switching matrix; acquiring a message from the user equipment based on the connection of the main equipment; the master equipment forwards the message to slave equipment in a virtual switching matrix for processing; the slave device forwards a processing result to the master device; and the master equipment forwards the message to the target equipment based on the processing result.
In an exemplary embodiment of the present application, further comprising: establishing a virtual switching matrix through a master device and at least two slave devices; the master device manages the at least two slave devices based on a virtual private network of a condom interface protocol.
In an exemplary embodiment of the present application, the master device manages the at least two slave devices based on a virtual private network of a condom interface protocol, including: starting a configuration thread in the at least two slave devices; and the master device configures the at least two slave devices through a virtual private network of a secure socket protocol based on the configuration thread.
In an exemplary embodiment of the present application, the master device manages the at least two slave devices based on a virtual private network of a condom interface protocol, including: and the at least two slave devices synchronize the dynamic memory information thereof to the master device through a virtual private network of a secure socket protocol.
In an exemplary embodiment of the present application, the establishing a connection between a user equipment and a master device in a virtual switch matrix includes: the user equipment and the main equipment in the virtual switching matrix establish connection based on a safe sleeve interface protocol; after the connection is successfully established, the master device synchronizes connection data to the slave devices of the virtual switch matrix.
In an exemplary embodiment of the present application, further comprising: and after the connection is disconnected, the master device deletes the connection data in the slave device of the virtual switching matrix.
In an exemplary embodiment of the present application, synchronizing, by the master device, connection data to the slave devices of the virtual switch matrix includes: the master device synchronizes user negotiation information to the slave device; the master device synchronizes user session information to the slave device.
In an exemplary embodiment of the present application, the forwarding, by the master device, the packet to a slave device in a virtual switch matrix for processing includes: the master device determines a target slave device from the slave devices based on a load balancing mode and the IP address of the message; and the master equipment forwards the message to the target slave equipment for processing.
In an exemplary embodiment of the present application, the slave device forwards the processing result to the master device, further including: and the slave equipment decrypts and/or decrypts the message to generate a processing result.
According to an aspect of the present application, a message processing apparatus based on a virtual switch matrix is provided, the apparatus including: the connection module is used for establishing connection between the user equipment and the main equipment in the virtual switching matrix; a message module, configured to obtain a message from the user equipment based on the connection with the master device; the processing module is used for the master equipment to forward the message to the slave equipment in the virtual switching matrix for processing; a result module, configured to forward a processing result to the master device by the slave device; and the forwarding module is used for forwarding the message to the destination equipment by the main equipment based on the processing result.
According to an aspect of the present application, an electronic device is provided, the electronic device including: one or more processors; storage means for storing one or more programs; when executed by one or more processors, cause the one or more processors to implement a method as above.
According to an aspect of the application, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, carries out the method as above.
According to the message processing method and device based on the virtual switching matrix, the electronic equipment and the computer readable medium, connection is established between the user equipment and the main equipment in the virtual switching matrix; acquiring a message from the user equipment based on the connection of the main equipment; the master equipment forwards the message to slave equipment in a virtual switching matrix for processing; the slave device forwards a processing result to the master device; the main device can dynamically expand the processing performance of the virtual private network of the secure socket protocol, reduce the configuration risk in the virtual switching matrix and reduce the operation and maintenance cost based on the mode that the main device forwards the message to the target device based on the processing result.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application, and other drawings may be derived from those drawings by those skilled in the art without inventive effort.
Fig. 1 is a system block diagram illustrating a method for message processing based on a virtual switch matrix according to an exemplary embodiment.
Fig. 2 is a schematic diagram illustrating a message processing method based on a virtual switch matrix according to an exemplary embodiment.
Fig. 3 is a flowchart illustrating a method for message processing based on a virtual switch matrix according to an exemplary embodiment.
Fig. 4 is a flowchart illustrating a method for virtual switch matrix based message processing according to another exemplary embodiment.
Fig. 5 is a flowchart illustrating a method for virtual switch matrix based message processing according to another exemplary embodiment.
Fig. 6 is a block diagram illustrating a virtual switch matrix based message processing apparatus according to an example embodiment.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
FIG. 8 is a block diagram illustrating a computer-readable medium in accordance with an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the present concepts. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It will be appreciated by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present application and are, therefore, not intended to limit the scope of the present application.
The technical abbreviations referred to in this application are explained as follows:
SSL, Security Socket Layer interface Layer, a standard for secure data transmission used on the Internet. It uses encryption technology to transmit data on the internet, ensuring that the data is not intercepted and not modified.
VPN: virtual Private Network (Virtual Private Network) belongs to remote access technology, and simply, a Private Network is established by using a public Network.
VSM: virtual Switch Matrix, Virtual Switch Matrix. A novel network device virtualization technology for virtualizing a plurality of network devices into one network device.
Load balancing: the load balancing is that a plurality of servers form a server set, each server can independently provide the same service, an external request is distributed to one server set through a certain load algorithm, the server provides service for a request device, the load balancing can provide high-reliability and high-stability service to the outside, and meanwhile, the pressure of a single server is reduced.
The applicant of the present application finds that the prior art can solve the problem of insufficient performance only by directly exporting the existing configuration upgrade, upgrading a single device and importing the device, or increasing the number of devices and re-planning the resource network by configuring the disabled SSL VPN.
If the new equipment is upgraded, the cost is high, and the old equipment is useless, so that the waste is caused; if equipment is added, the network needs to be re-planned, the operation is complex, a user can only log in one SSL VPN to access the resource of the user, if the user wants to access the resource of another SSL VPN, the user needs to log in another SSL VPN server, the two servers need to be configured respectively, and the operation and maintenance difficulty is increased.
The applicant of the present application proposes that the processing performance of the SSL VPN can be dynamically extended by using a cluster, and the operation and maintenance cost can be reduced. Based on the mode of the virtual switching matrix, the capacity expansion requirement of the SSL VPN server can be met by increasing the number of devices and then configuring, so that more users are supported, and the network quality of the users is ensured.
The following is a detailed description with the aid of specific examples.
Fig. 1 is a system block diagram illustrating a method for message processing based on a virtual switch matrix according to an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include user devices 101, 102, 103, a network 104 and a virtual switch fabric system 105. The network 104 serves as a medium for providing communication links between the user equipment 101, 102, 103 and the virtual switch matrix system 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use user devices 101, 102, 103 to interact with the virtual switch matrix system 105 over the network 104 to receive or send messages or the like. The user devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, and the like.
The user devices 101, 102, 103 may be various electronic devices having display screens and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The virtual switch matrix system 105 may include a master device and a plurality of slave devices, and the virtual switch matrix system 105 may form a server providing various services, such as a message filtering system for performing preliminary processing and forwarding on messages sent by users viewed by the user devices 101, 102, 103.
The user equipment 101, 102, 103 and the master device in the virtual switching matrix 105 may for example establish a connection; acquiring messages from the user equipment 101, 102 and 103 based on the connection of the main equipment; the master equipment forwards the message to slave equipment in a virtual switching matrix for processing; the slave device forwards a processing result to the master device; and the main equipment forwards the message to other user equipment based on the processing result.
It should be noted that the message processing method based on the virtual switch matrix provided in the embodiment of the present application may be executed by the virtual switch matrix system 105, and accordingly, the message processing apparatus based on the virtual switch matrix may be disposed in the virtual switch matrix system 105.
Fig. 2 is a schematic diagram illustrating a message processing method based on a virtual switch matrix according to an exemplary embodiment. As shown in fig. 2, the message in the user equipment is uniformly entered from a Master device (Master) in the virtual switch matrix, and more specifically, the message may be forwarded through a message original IP, sent to other Slave devices (Slave) in the virtual switch matrix, encrypted or decrypted by the Slave devices, and then re-sent to the Master device, and then forwarded to the corresponding (message destination address) device.
Fig. 3 is a flowchart illustrating a method for message processing based on a virtual switch matrix according to an exemplary embodiment. The message processing method 30 based on the virtual switch matrix at least includes steps S302 to S310.
As shown in fig. 3, in S302, the user equipment establishes a connection with the master device in the virtual switch matrix. The user equipment and the main equipment in the virtual switching matrix establish connection based on a safe sleeve interface protocol; after the connection is successfully established, the master device synchronizes connection data to the slave devices of the virtual switch matrix.
More specifically, the master device may synchronize user negotiation information into the slave device; the master device may synchronize user session information to the slave device.
In one embodiment, the master device may delete connection data in the slave devices of the virtual switching matrix, e.g., after a connection is disconnected. When the user is off-line, the related information of SSL connection is deleted from the Slave, and the synchronous conversation is also deleted, so that the user can skip the login process and directly access the internal resources.
In S304, a message from the user equipment is acquired based on the connection of the master device.
In S306, the master device forwards the packet to a slave device in a virtual switch matrix for processing.
In one embodiment, the master device determines a target slave device from the slave devices based on a load balancing mode and an IP address of a packet; and the master equipment forwards the message to the target slave equipment for processing. And the dynamic allocation is carried out through the user IP, so that all the flow of the user can be processed on the same equipment, and the management of the related session of the user is facilitated.
More specifically, the slave device performs decryption and/or decryption processing on the packet to generate a processing result.
In S308, the slave device forwards the processing result to the master device.
In S310, the master device forwards the packet to a destination device based on the processing result. The message can be forwarded according to the destination address of the message, and can be discarded according to the processing result in the slave device.
According to the message processing method based on the virtual switching matrix, connection is established between user equipment and main equipment in the virtual switching matrix; acquiring a message from the user equipment based on the connection of the main equipment; the master equipment forwards the message to slave equipment in a virtual switching matrix for processing; the slave device forwards a processing result to the master device; the main device can dynamically expand the processing performance of the virtual private network of the secure socket protocol, reduce the configuration risk in the virtual switching matrix and reduce the operation and maintenance cost based on the mode that the main device forwards the message to the target device based on the processing result.
It should be clearly understood that this application describes how to make and use particular examples, but the principles of this application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 4 is a flowchart illustrating a method for virtual switch matrix based message processing according to another exemplary embodiment. The flow 40 shown in fig. 4 is a supplementary description of the flow shown in fig. 3.
As shown in fig. 4, in S402, a virtual switch matrix is constructed by a master device and at least two slave devices. Multiple devices can be virtualized into one device through the VSM technology, the device is divided into a Master host and a Slave host, the device configuration is uniformly managed through the Master host, messages are distributed to the Slave host in a load balancing mode, and the Slave host encrypts or decrypts the messages and then forwards the messages to the host for subsequent message sending.
In one embodiment, the VSM virtualizes two or more devices into one device for unified management, and all configurations of the two or more devices are kept consistent. Therefore, when a user logs in the system through the management port, the user always logs in the main frame to uniformly manage all the devices in the system.
In one embodiment, the VSM logs in a management page of the master device to perform unified management on the devices. The configuration conditions of all the member devices can be seen in the management page, the configuration is carried out on the management page, and the configuration is issued to all the member devices.
In one embodiment, through the configuration mode in the present application, when any device in the virtual switch matrix is manually restarted or restarted in a failure, the configuration is not lost, the slave device requests batch synchronous configuration information from the Master device in the starting process, then the slave completes initialization with new configuration, and it is ensured that the slave device seamlessly adds the VSM after the slave device gets up.
In S404, a configuration thread is started in the at least two slave devices.
In S406, the master device configures the at least two slave devices through a virtual private network of a secure socket protocol based on the configuration thread.
For example, the SSL VPN configuration synchronization enables related configuration threads on all slave devices, and receives a broadcast message sent by a Master, where the broadcast message includes all configurations of the current device, so as to ensure that a new slave device subsequently added to the VSM can acquire all configurations immediately.
In S408, the at least two slave devices synchronize their dynamic memory information to the master device through a virtual private network of a secure socket protocol.
Although the VSM virtualizes a device as a device, data of a single CPU and a memory cannot be directly accessed, for example, dynamic memory information of the SSLVPN user may be synchronized, otherwise, when traffic runs in the Slave 1 device, the Slave 1 device is removed, and the user needs to log in again to log in another Slave 2 device. By the synchronization mode, when the Slave 1 fails and is disconnected, other Slave devices can receive uncompleted message data of the Slave 1 in real time for subsequent processing, and the timeliness of message processing is guaranteed.
Fig. 5 is a flowchart illustrating a method for virtual switch matrix based message processing according to another exemplary embodiment. The process 50 shown in fig. 5 is a detailed description of the process shown in fig. 3.
As shown in fig. 5, in S501, a login request of a user is received.
In S502, an SSL connection is established.
In S503, whether the connection is successfully established.
In S504, the username and password are checked.
In S505, the master device issues the user negotiation information and the session information to the slave device.
In S506, a resource request of a user is received.
In S507, the master device shunts the packet according to the IP address.
In S508, the slave device processes the packet and forwards the result to the master device.
In S509, the master device sends the message to the destination device.
In S510, the process ends.
The method comprises the steps of firstly establishing SSL connection according to a connection request of a user and user equipment, then obtaining a user name and a password for verification, receiving message data of the user after the verification is successful, and directly finishing the current connection after the verification is failed.
After the user logs in successfully, the SSL connection data can be synchronized to other slave devices by the master device, and the mode can ensure that the user does not need to log in again when the other slave devices continue to process the message of the user when the slave devices are switched.
After the user logs in successfully, the related content of the session is established, and the session information can also be synchronized to other slave devices from the master device, so that the original traffic cannot be interrupted when the user traffic is switched, the other slave devices can continue to process the traffic request of the user, and the user traffic can continue to be sent or received.
After the user is off-line, the related information of the SSL connection related to the user can be deleted from the master device and the slave device, and the synchronous session is also deleted, so that the processing mode can prevent the user from skipping the login process to directly access the internal resources in the slave device.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. When executed by the CPU, performs the functions defined by the methods provided herein. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to exemplary embodiments of the present application, and are not intended to be limiting. It will be readily appreciated that the processes illustrated in the above figures are not intended to indicate or limit the temporal order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Fig. 6 is a block diagram illustrating a virtual switch matrix based message processing apparatus according to an example embodiment. As shown in fig. 6, the message processing apparatus 60 based on the virtual switch matrix includes: a connection module 602, a message module 604, a processing module 606, a result module 608, and a forwarding module 610.
The connection module 602 is configured to establish a connection between a user equipment and a master device in a virtual switch matrix; the connection module 602 is further configured to establish a connection between the user equipment and a master device in the virtual switch matrix based on a secure socket interface protocol; after the connection is successfully established, the master device synchronizes connection data to the slave devices of the virtual switch matrix. The connection module 602 is further configured to delete, by the master device, connection data in the slave device of the virtual switch matrix after the connection is disconnected.
The message module 604 is configured to obtain a message from the user equipment based on the connection with the master device;
the processing module 606 is configured to forward the packet to a slave device in a virtual switch matrix for processing by the master device; the processing module 606 is further configured to determine, by the master device, a target slave device from the slave devices based on a load balancing manner and an IP address of the packet; and the master equipment forwards the message to the target slave equipment for processing.
A result module 608 for the slave device to forward the processing result to the master device;
the forwarding module 610 is configured to forward, by the master device, the packet to a destination device based on the processing result.
According to the message processing device based on the virtual switching matrix, connection is established between user equipment and main equipment in the virtual switching matrix; acquiring a message from the user equipment based on the connection of the main equipment; the master equipment forwards the message to slave equipment in a virtual switching matrix for processing; the slave device forwards a processing result to the master device; the main device can dynamically expand the processing performance of the virtual private network of the secure socket protocol, reduce the configuration risk in the virtual switching matrix and reduce the operation and maintenance cost based on the mode that the main device forwards the message to the target device based on the processing result.
FIG. 7 is a block diagram of an electronic device shown in accordance with an example embodiment.
An electronic device 700 according to this embodiment of the present application is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 7, electronic device 700 is embodied in the form of a general purpose computing device. The components of the electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 that connects the various system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that can be executed by the processing unit 710 such that the processing unit 710 performs the steps according to various exemplary embodiments of the present application described in the present specification. For example, the processing unit 710 may perform the steps as shown in fig. 3, 4, 5.
The memory unit 720 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)7201 and/or a cache memory unit 7202, and may further include a read only memory unit (ROM) 7203.
The memory unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 730 may be any representation of one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), such that a user can communicate with devices with which the electronic device 700 interacts, and/or any devices (e.g., router, modem, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 750. Also, the electronic device 700 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) via the network adapter 760. The network adapter 760 may communicate with other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, as shown in fig. 8, the technical solution according to the embodiment of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiment of the present application.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to perform the functions of: the user equipment establishes connection with the main equipment in the virtual switching matrix; acquiring a message from the user equipment based on the connection of the main equipment; the master equipment forwards the message to slave equipment in a virtual switching matrix for processing; the slave device forwards a processing result to the master device; and the master equipment forwards the message to the target equipment based on the processing result. The computer readable medium may also implement the following functions: establishing a virtual switching matrix through a master device and at least two slave devices; the master device manages the at least two slave devices based on a virtual private network of a condom interface protocol.
Generally, the present disclosure aims to increase the number of devices and then perform simple configuration to fulfill the capacity expansion requirement of the SSLVPN server, support more users, and ensure the network quality of the users.
According to the method, a plurality of devices can be virtualized into one device through the VSM technology, the device is divided into a Master host and a Slave host, the Master host is used for uniformly managing device configuration, messages are distributed to the Slave host in a load balancing mode, and the Slave host encrypts or decrypts the messages and then forwards the messages to the host for subsequent message sending. The VSM virtualizes two or more devices into one device for unified management, and all configurations of the two devices are kept consistent. Therefore, when a user logs in the system through the management port, the user always logs in the main frame to uniformly manage all the devices in the system. And the VSM logs in a management page of the main equipment to uniformly manage the equipment. The configuration conditions of all the member devices can be seen in the management page, the configuration is carried out on the management page, and the configuration is issued to all the member devices. When the equipment is manually restarted or restarted in a fault, the configuration cannot be lost, the slave equipment requests the Master equipment for batch synchronous configuration information in the starting process, then the slave equipment completes initialization in a new configuration mode, and the slave equipment is enabled to be added into the VSM in a seamless mode after the slave equipment is started. The synchronization of the SSLVPN configuration receives the broadcast message sent by the Master by enabling the relevant configuration threads on all the slave devices, where the broadcast message includes all the configurations of the current device, and is used to ensure that a new slave device subsequently added to the VSM can acquire all the configurations at once. Although the VSM virtualizes the device as a device, the data of a single CPU and a memory cannot be directly accessed, the dynamic memory information of the SSLVPN user needs to be synchronized, otherwise, when the traffic runs in the Slave 1 device, the Slave 1 device is removed, and the user needs to log in again to be able to log in again in another Slave 2 device. The invention also solves the problem of flow sharing, and all the flows of the user can run on the same equipment by the dynamic allocation of the user IP, thereby facilitating the management of the related sessions of the user. The message enters from the Master in a unified mode, flow forwarding is carried out through the original IP of the message, the message is sent to other slave devices, the slave devices encrypt or decrypt the message, the encrypted or decrypted message is sent to the Master again, and the message is forwarded to corresponding devices. When the SSLVPN user logs in to service access, the SSLVPN user firstly establishes SSL connection with the equipment, then sends a user name and a password for verification, and issues accessible resources, the SSL connection data needs to be synchronized to other slave equipment when the user logs in successfully, and the user flow does not need to log in again when equipment is switched. When a user accesses resources, session related content can be established, session information also needs to be synchronized to other slave devices, and it is guaranteed that original traffic can be continuously sent or received when the user traffic is switched between devices. When the user logs off the network, the related information of the SSL connection needs to be deleted from the Slave, and the synchronous sessions are also deleted, so that the user is prevented from skipping the login process and directly accessing the internal resources.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiment of the present application.
Exemplary embodiments of the present application are specifically illustrated and described above. It is to be understood that the application is not limited to the details of construction, arrangement, or method of implementation described herein; on the contrary, the intention is to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (10)

1. A message processing method based on a virtual switch matrix is characterized by comprising the following steps:
the user equipment establishes connection with the main equipment in the virtual switching matrix;
acquiring a message from the user equipment based on the connection of the main equipment;
the master equipment forwards the message to slave equipment in a virtual switching matrix for processing;
the slave device forwards a processing result to the master device;
and the master equipment forwards the message to the target equipment based on the processing result.
2. The method of claim 1, further comprising:
establishing a virtual switching matrix by a master device and at least two slave devices;
the master device manages the at least two slave devices based on a virtual private network of a condom interface protocol.
3. The method of claim 2, wherein the master device manages the at least two slave devices based on a virtual private network of a condom interface protocol, comprising:
starting a configuration thread in the at least two slave devices;
and the master device configures the at least two slave devices through a virtual private network of a secure socket protocol based on the configuration thread.
4. The method of claim 2, wherein the master device manages the at least two slave devices based on a virtual private network of a condom interface protocol, comprising:
and the at least two slave devices synchronize the dynamic memory information thereof to the master device through a virtual private network of a secure socket protocol.
5. The method of claim 1, wherein establishing a connection between the user equipment and a master device in the virtual switching matrix comprises:
the user equipment and the main equipment in the virtual switching matrix establish connection based on a safe sleeve interface protocol;
after the connection is successfully established, the master device synchronizes connection data to the slave devices of the virtual switch matrix.
6. The method of claim 5, further comprising:
and after the connection is disconnected, the master device deletes the connection data in the slave device of the virtual switching matrix.
7. The method of claim 5, wherein the master device synchronizing connection data to the slave devices of the virtual switch matrix comprises:
the master device synchronizes user negotiation information to the slave device;
the master device synchronizes user session information to the slave device.
8. The method of claim 1, wherein the master device forwarding the packet to a slave device in a virtual switch matrix for processing comprises:
the master device determines a target slave device from the slave devices based on a load balancing mode and the IP address of the message;
and the master equipment forwards the message to the target slave equipment for processing.
9. The method of claim 1, wherein the slave device forwards processing results to the master device, further comprising:
and the slave equipment decrypts and/or decrypts the message to generate a processing result.
10. A message processing apparatus based on a virtual switch matrix, comprising:
the connection module is used for establishing connection between the user equipment and the main equipment in the virtual switching matrix;
a message module, configured to obtain a message from the user equipment based on the connection with the master device;
the processing module is used for the master equipment to forward the message to the slave equipment in the virtual switching matrix for processing;
a result module, configured to forward a processing result to the master device by the slave device;
and the forwarding module is used for forwarding the message to the destination equipment by the main equipment based on the processing result.
CN202210171417.9A 2022-02-24 2022-02-24 Message processing method and device based on virtual switch matrix Pending CN114553795A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210171417.9A CN114553795A (en) 2022-02-24 2022-02-24 Message processing method and device based on virtual switch matrix

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210171417.9A CN114553795A (en) 2022-02-24 2022-02-24 Message processing method and device based on virtual switch matrix

Publications (1)

Publication Number Publication Date
CN114553795A true CN114553795A (en) 2022-05-27

Family

ID=81676924

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210171417.9A Pending CN114553795A (en) 2022-02-24 2022-02-24 Message processing method and device based on virtual switch matrix

Country Status (1)

Country Link
CN (1) CN114553795A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080263209A1 (en) * 2007-04-20 2008-10-23 Array Networks, Inc. Active-active operation for a cluster of SSL virtual private network (VPN) devices with load distribution
CN101296238A (en) * 2008-06-17 2008-10-29 杭州华三通信技术有限公司 Method and equipment for remaining persistency of security socket layer conversation
US20090235067A1 (en) * 2008-03-12 2009-09-17 Joseph Miller Method and system for configuring a server and dynamically loading ssl information
CN104202409A (en) * 2014-09-12 2014-12-10 成都卫士通信息产业股份有限公司 Balanced load SSL VPN (security socket layer, virtual private network) device cluster system and operating method thereof
CN112822054A (en) * 2021-01-19 2021-05-18 太仓市同维电子有限公司 Remote management method and system for multiple related devices by using same network element
CN113076192A (en) * 2021-03-05 2021-07-06 深圳前海微众银行股份有限公司 Load balancing method and device, equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080263209A1 (en) * 2007-04-20 2008-10-23 Array Networks, Inc. Active-active operation for a cluster of SSL virtual private network (VPN) devices with load distribution
US20090235067A1 (en) * 2008-03-12 2009-09-17 Joseph Miller Method and system for configuring a server and dynamically loading ssl information
CN101296238A (en) * 2008-06-17 2008-10-29 杭州华三通信技术有限公司 Method and equipment for remaining persistency of security socket layer conversation
CN104202409A (en) * 2014-09-12 2014-12-10 成都卫士通信息产业股份有限公司 Balanced load SSL VPN (security socket layer, virtual private network) device cluster system and operating method thereof
CN112822054A (en) * 2021-01-19 2021-05-18 太仓市同维电子有限公司 Remote management method and system for multiple related devices by using same network element
CN113076192A (en) * 2021-03-05 2021-07-06 深圳前海微众银行股份有限公司 Load balancing method and device, equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈传伟: "《基于SSL VPN技术构建企业移动访问系统》" *

Similar Documents

Publication Publication Date Title
US11501057B2 (en) Enabling file attachments in calendar events
US9753786B2 (en) Client server communication system
CN113347206A (en) Network access method and device
US11659058B2 (en) Provider network connectivity management for provider network substrate extensions
US9577982B2 (en) Method and apparatus for extending remote network visibility of the push functionality
US10135763B2 (en) System and method for secure and efficient communication within an organization
WO2024032660A1 (en) Method and apparatus for changing account data, computer device, and storage medium
US11483305B2 (en) Windows single sign-on mechanism
AU2019356039A1 (en) Local mapped accounts in virtual desktops
CN113364587A (en) System, method, device, medium and equipment for processing streaming media data
US10721719B2 (en) Optimizing caching of data in a network of nodes using a data mapping table by storing data requested at a cache location internal to a server node and updating the mapping table at a shared cache external to the server node
US11411771B1 (en) Networking in provider network substrate extensions
US9760412B2 (en) Client server communication system
US11405369B1 (en) Distributed encrypted session resumption
US11374789B2 (en) Provider network connectivity to provider network substrate extensions
US11032073B2 (en) Seamless abort and reinstatement of TLS sessions
CN111787048A (en) Terminal device connection method, scheduling server and Internet of things system
EP3987397A1 (en) Provider network connectivity management for provider network substrate extensions
CN114553795A (en) Message processing method and device based on virtual switch matrix
US20230195824A1 (en) Smart Content Redirection System
US11809735B1 (en) Snapshot management for cloud provider network extensions
US20210281561A1 (en) Certification for connection of virtual communication endpoints
CN113765866A (en) Method and device for logging in remote host
CN111526128B (en) Encryption management method and device
US20240103990A1 (en) Computing device with bridge to native app for security and resiliency

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination