CN115865605A - Network communication system - Google Patents

Network communication system Download PDF

Info

Publication number
CN115865605A
CN115865605A CN202211478464.4A CN202211478464A CN115865605A CN 115865605 A CN115865605 A CN 115865605A CN 202211478464 A CN202211478464 A CN 202211478464A CN 115865605 A CN115865605 A CN 115865605A
Authority
CN
China
Prior art keywords
forwarding node
node
forwarding
destination
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211478464.4A
Other languages
Chinese (zh)
Inventor
王启超
张首斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202211478464.4A priority Critical patent/CN115865605A/en
Publication of CN115865605A publication Critical patent/CN115865605A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a network communication system, which relates to the field of communication and comprises a central node and a plurality of forwarding nodes which are mutually connected; the central node manages and controls the forwarding nodes in a centralized management mode; and the forwarding nodes carry out network communication in a distributed mode. Compared with the prior art, the network communication system provided by the embodiment of the invention has the advantages of high data security and high disaster tolerance.

Description

Network communication system
Technical Field
The present invention relates to the field of communications, and in particular, to a network communication system.
Background
With the continuous development of networks and the increasing diversification of network service applications, networking modes of network service nodes are diversified according to specific service requirements, and the secure communication between communication nodes is more and more important. There are two different ways of communication and management, centralized and decentralized (i.e., distributed) between a large number of communication nodes.
The centralized network topology provides one-to-many services through the centralized server, has high autonomous control performance on resources, can manage information of all communication nodes communicated with the central node, and has higher safety of communication data in the centralized network topology because the central node participates in the data communication process. However, the server of the centralized networking is easy to cause network request blocking due to short-time high-concurrency network requests, the central server does not have disaster tolerance capability, and once the service node is offline, the service cannot be provided.
The distributed network topology protocol can enable a plurality of communication nodes to synchronize data and find paths in real time, the distributed network nodes can finish quick retrieval of other nodes by maintaining routing tables of the distributed network nodes, data resources correspond to hash values of unique IDs of the nodes, and the hash values of the unique IDs of the nodes can also be quickly positioned at storage positions of the resources in a network, so that the network topology has the advantages of disaster tolerance, load balance, expandability and the like. However, the data communication process between the communication nodes in the distributed network topology is not participated in by the central node, so that the security of the communication data in the distributed network topology is low.
Disclosure of Invention
The invention aims to provide a network communication system which has high data security and high disaster tolerance.
The present invention provides a network communication system, comprising: the system comprises a central node and a plurality of forwarding nodes which are connected with each other; the central node manages and controls the forwarding nodes in a centralized management mode; and the forwarding nodes carry out network communication in a distributed mode.
Compared with the prior art, the network communication system provided by the embodiment of the invention is provided with the central node and the plurality of forwarding nodes, and the central node manages and controls the forwarding nodes in a centralized management mode, so that the whole network communication system has higher data security; meanwhile, the forwarding nodes carry out network communication in a distributed mode, and the central nodes do not participate in the network communication process of the forwarding nodes, so that even if the central nodes are down, the communication tasks among the forwarding nodes can still be finished through a distributed network structure, and the whole network communication has high disaster tolerance capability. Therefore, the effect of high disaster tolerance is achieved while high data security is achieved.
In some embodiments, said governing the number of forwarding nodes comprises: one or more of identity authentication of the forwarding nodes, collection of node states of the forwarding nodes, and sending of control commands to the forwarding nodes.
In some embodiments, said sending control commands to said forwarding nodes comprises: acquiring a communication node, wherein the communication node is any one of the forwarding nodes; when the working state of the communication node is in an off-line state, acquiring a target node corresponding to the communication node, and sending the control command to the target node; and after the communication node is on line, acquiring the control command from the target node.
When the communication node is in an off-line state and cannot receive the control command, the communication node can directly acquire the control command from the target node after being on-line again by acquiring the target node and sending the control command of the communication node to the target node, so that the communication node can acquire the control command at the first time after being on-line again, the timeliness of the control command is improved, and in addition, the control command can be stored in the target node to improve the safety of the control command.
In some embodiments, the obtaining a target node corresponding to the communication node comprises: and acquiring a forwarding node closest to the communication node as the target node, or acquiring a forwarding node corresponding to the communication node as the target node according to a preset corresponding relation.
In some embodiments, the network communication among the forwarding nodes in a distributed manner includes: a source forwarding node constructs a destination communication path between the source forwarding node and a destination forwarding node, wherein the destination communication path comprises a plurality of intermediate forwarding nodes; the source forwarding node forwards the communication data one by one through the plurality of intermediate forwarding nodes so as to send the communication data to the destination forwarding node; for any intermediate forwarding node, after receiving communication data sent by the previous forwarding node, decrypting the communication data by using a first key to obtain decrypted data, encrypting the decrypted data by using a second key to obtain encrypted data, and forwarding the encrypted data to the next forwarding node; the first key is a temporary key between the any intermediate forwarding node and the previous forwarding node, and the second key is a temporary key between the any intermediate forwarding node and the next forwarding node.
The communication data are decrypted and encrypted again when being forwarded each time, so that the forwarding safety of the communication data can be effectively enhanced, and the anti-traceability capacity of the forwarding process of the communication data can be improved by using the keys.
In some embodiments, said forwarding communication data one by one via said number of intermediate forwarding nodes comprises: the source forwarding node encrypts the communication data by using a third key to obtain first encrypted data, and forwards the first encrypted data one by one through the plurality of intermediate forwarding nodes; the third key is a temporary key between the source forwarding node and the destination forwarding node.
The communication data is encrypted for the second time, so that the safety of the communication data in the communication process can be further improved.
In some embodiments, the constructing a destination communication path between the destination forwarding node and the destination forwarding node includes: the source forwarding node acquires identification information of the destination forwarding node, and inquires whether the identification information of the destination forwarding node exists in a local path table, wherein known forwarding nodes of the source forwarding node and network communication paths corresponding to the known forwarding nodes are stored in the local path table; and if the identification information of the destination forwarding node exists in the local path table, directly acquiring a network communication path corresponding to the identification information of the destination forwarding node in the local path table as the destination communication path.
In some embodiments, the constructing a destination communication path between the destination forwarding node and the destination forwarding node further includes: if the local path table does not have the identification information of the target forwarding node, the source forwarding node sends the identification information of the target forwarding node to a first-level forwarding node, and queries whether a network communication path between the source forwarding node and the target forwarding node exists in the local path table of the first-level forwarding node or not; if a network communication path between the first-level forwarding node and the destination forwarding node exists in the local path table of the first-level forwarding node, the first-level forwarding node is used as an intermediate forwarding node to construct a destination communication path between the source forwarding node and the destination forwarding node; the first-level forwarding node is a forwarding node closest to the source forwarding node, or the first-level forwarding node is a forwarding node known to the source forwarding node.
In some embodiments, the constructing a destination communication path between the destination forwarding node and the destination forwarding node further includes: if the local path table of the first-level forwarding node does not have a network communication path with the destination forwarding node, the first-level forwarding node sends identification information of the destination forwarding node to a second-level forwarding node, and queries whether the local path table of the second-level forwarding node has a network communication path with the destination forwarding node; if a network communication path between the local path table of the second-level forwarding node and the destination forwarding node exists, constructing a destination communication path between the source forwarding node and the destination forwarding node by taking the first-level forwarding node and the second-level forwarding node as intermediate forwarding nodes; if the local path table of the second-level forwarding node does not have a network communication path with the target forwarding node, the second-level forwarding node sends identification information of the target forwarding node to a third-level forwarding node, and queries whether a network communication path with the target forwarding node exists in the local path table of the third-level forwarding node until the forwarding times of the identification information of the target forwarding node reach preset times or a network communication path with the target forwarding node exists in the local path table of any forwarding node is found; the second-level forwarding node is a forwarding node closest to the first-level forwarding node, or the second-level forwarding node is a forwarding node known to the first-level forwarding node; the third-level forwarding node is a forwarding node closest to the second-level forwarding node, or the third-level forwarding node is a forwarding node known to the second-level forwarding node.
The communication path of the target forwarding node can be searched by the source forwarding node under the condition that the source forwarding node does not know the communication path of the target forwarding node step by step, and in addition, the forwarding times of the identification information of the target forwarding node are set to reach the preset times to stop searching, so that long-time program locking can be effectively avoided.
In some embodiments, after the constructing, by using the primary forwarding node as an intermediate forwarding node, a destination communication path between the source forwarding node and the destination forwarding node, the method further includes: and storing the destination forwarding node and the destination communication path into the local path table.
And storing the destination forwarding node and the destination communication path into a local path table of the source forwarding node, so that the destination communication path does not need to be searched when network communication is performed between the source forwarding node and the destination forwarding node next time, and the stored data in the local path table can be directly called.
In some embodiments, the forwarding nodes perform network communication in a distributed manner, and further include: and after receiving the communication data, the destination forwarding node stores the source forwarding node and the destination communication path into a local path table of the destination forwarding node.
The destination forwarding node stores the source forwarding node and the destination communication path in a local path table of the destination forwarding node, so that the destination communication path does not need to be searched again when network communication is carried out between the destination forwarding node and the source forwarding node next time, and the stored data in the local path table can be directly called.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic topology diagram of a network communication system provided in some embodiments of the present invention;
fig. 2 is a schematic flow chart illustrating a process of a central node sending a control command to a forwarding node in a network communication system according to some embodiments of the present invention;
fig. 3 is a flow diagram illustrating a process for communication between forwarding nodes in a network communication system in accordance with some embodiments of the present invention;
fig. 4 is a flow chart illustrating obtaining a destination communication path in a network communication system according to some embodiments of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings or the orientations or positional relationships that the products of the present invention are conventionally placed in use, and are only used for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the devices or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
Furthermore, the terms "horizontal", "vertical", "overhang" and the like do not imply that the components are required to be absolutely horizontal or overhang, but may be slightly inclined. For example, "horizontal" merely means that the direction is more horizontal than "vertical" and does not mean that the structure must be perfectly horizontal, but may be slightly inclined.
In the description of the present invention, it should also be noted that, unless otherwise explicitly specified or limited, the terms "disposed," "mounted," "connected," and "connected" are to be construed broadly and may, for example, be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Some embodiments of the invention are described in detail below with reference to the accompanying drawings. The embodiments and features of the embodiments described below can be combined with each other without conflict.
An embodiment of the present invention provides a network communication system, specifically as shown in fig. 1, including: a central node 101 and several forwarding nodes 102 connected to each other. The central node 101 manages and controls the forwarding nodes 102 in a centralized management mode; several forwarding nodes 102 communicate in a distributed manner over the network.
Specifically, in some embodiments of the present invention, the process of the central node 101 performing management and control on the forwarding nodes 102 in a centralized management manner includes performing identity authentication on the forwarding nodes 102, collecting node states of the forwarding nodes 102, and sending a control command to the forwarding nodes 102.
Taking the central node 101 as an example of performing identity authentication on the forwarding node 102, when a new forwarding node 102 is added to access a network communication system, the forwarding node 102 first generates a public and private key, uses a public key to hash to generate data such as a virtual IPV6 address, and sends the data and information of an access point in the network communication system to which the forwarding node 102 needs to access to the central node 101, and the central node 101 uses the public key generated by the forwarding node 102, the virtual IPV6 address, the physical IPV4 address of the forwarding node 102, the node type, the IPV4 address of the access point, and the public key of the access point to issue a certificate to the forwarding node 102. After receiving the certificate issued by the central node 101, the forwarding node 102 initiates a connection with the access point by using the certificate, and performs identity authentication. Forwarding node 102 performs ECDH key negotiation with the access point, dynamically generates a temporary public and private key pair, encrypts the key pair by using a fixed public and private key, and sends the key pair to the other party, completes the exchange of a temporary public key, and generates a temporary shared key for encrypted communication after being responsible for. Thereby completing the authentication and access process for forwarding node 102 to access the network communication system.
Taking the collection of the node states of the forwarding nodes 102 as an example, each forwarding node 102 collects link information in the network communication system, which includes a transceiving flow, a delay time, a packet loss rate, a system resource utilization rate, and sends the link information to the central node 101.
Furthermore, in some embodiments of the present invention, the process of central node 101 sending control commands to forwarding nodes 102 is shown in fig. 2, and includes the following steps:
step S201: and acquiring a communication node, wherein the communication node is any forwarding node.
In this step, the central node 101 acquires the forwarding node 102 that needs to send the control command as a communication node according to the control task that needs to be completed, and the communication node may be any node in the forwarding nodes 102 to which the central node 101 needs to issue the control command.
Step S202: and when the working state of the communication node is in an off-line state, acquiring a target node corresponding to the communication node, and sending a control command to the target node.
In some embodiments of the present invention, if the communication node can receive the control command sent by the central node 101 when the communication node works normally, the central node 101 may directly send the control command to the communication node after negotiating with the communication node. And when the working state of the communication node is in the off-line state, which means that the communication node cannot receive the control command, and at the moment, the target node corresponding to the communication node is acquired and the control command is sent to the target node. For the target node, the control command of the communication node is stored in the target node after the control command of the communication node is received. For the communication node, after the communication node is on-line again, the communication node acquires the control command from the target node, so that the control command is issued when the communication node is in an off-line state.
The working state of the communication node may be an offline state, such as that the communication node is damaged, that the communication node is actively offline, or that a communication channel between the central node 101 and the communication node is failed, and the communication node is in the offline state in the embodiment of the present invention as long as the communication node is in a state of being unable to receive the control command.
For the communication node, after the communication node is on-line again, the communication node actively inquires whether a control command exists in the period of the communication node being in an off-line state or not from a corresponding target node, and if the control command exists, the control command is acquired from the target node.
Further, in some embodiments of the present invention, the target node may be the forwarding node 102 closest to the communication node, that is, when finding that the communication node cannot receive the control command, the central node 101 acquires the forwarding node 102 closest to the communication node as the target node, and then sends the control command of the communication node to the target node. In some other embodiments of the present invention, the target node may also be a forwarding node 102 having a preset corresponding relationship with the communication node, that is, another forwarding node 102 corresponding to each forwarding node 102 is set in advance in the network communication system, and when any forwarding node 102 is taken as a communication node and is in an offline state, the forwarding node 102 corresponding to the communication node is directly obtained as the target node according to the preset corresponding relationship. It will be appreciated that the foregoing is merely illustrative of some embodiments of the invention and that other embodiments of the invention are not limited to these two approaches.
When the communication node is in an off-line state and cannot receive the control command, the communication node can directly acquire the control command from the target node after being on-line again by acquiring the target node and sending the control command of the communication node to the target node, so that the communication node can acquire the control command at the first time after being on-line again, the timeliness of the control command is improved, and in addition, the control command can be stored in the target node to improve the safety of the control command.
In some embodiments of the present invention, in the process of performing network communication by using a distributed manner by several forwarding nodes 102, a communication process between any two forwarding nodes 102 is shown in fig. 3, and includes the following steps:
step S301: and the source forwarding node constructs a destination communication path between the source forwarding node and the destination forwarding node, wherein the destination communication path comprises a plurality of intermediate forwarding nodes.
In some embodiments of the present invention, the source forwarding node is a forwarding node that sends communication data in the two forwarding nodes that communicate this time, and the destination forwarding node is a forwarding node that receives communication data in the two forwarding nodes that communicate this time.
In this step, the source forwarding node first obtains the identification information of the destination forwarding node, each forwarding node has unique identification information corresponding to the forwarding node in the network communication system, and the source forwarding node can obtain the destination forwarding node that needs to communicate by obtaining the identification information of the destination forwarding node. In some embodiments of the invention, the identification information may be routing information for each forwarding node. It is understood that the identification information may be routing information of each forwarding node, which is only an illustration in some embodiments of the present invention, and in other embodiments of the present invention, the identification information may also be other types of information, such as IP address information.
After the source forwarding node acquires the identification information of the destination forwarding node, the identification information of the destination forwarding node is compared with the identification information of the forwarding node stored in the local path table, and whether the identification information of the destination forwarding node exists in the local path table is inquired. The local path table stores forwarding nodes known by the active forwarding node and network communication paths corresponding to the known forwarding nodes. In some embodiments of the present invention, after the access network communication system completes the authentication, each forwarding node establishes a local path table, and broadcasts its own position and identification information to other forwarding nodes in the network communication system, and after receiving the position and identification information broadcast by the newly accessed forwarding node, the other forwarding nodes will send a path confirmation message as the newly accessed forwarding node, where the path confirmation message includes the identification information and the communication path, and the newly accessed forwarding node stores the identification information and the communication path of the corresponding forwarding node in the local path table according to the received path confirmation message. In some embodiments of the present invention, each forwarding node may number other forwarding nodes adjacent to the forwarding node, so that the communication path is a number sequence of other forwarding nodes that need to be passed through in the communication process. It is understood that the use of the number sequence to identify the communication path is merely illustrative of some embodiments of the present invention, and in other embodiments of the present invention, the communication path may be identified by other means such as an IP address sequence.
And if the identification information of the destination forwarding node exists in the local path table, directly acquiring a network communication path corresponding to the identification information of the destination forwarding node in the local path table as a destination communication path.
If the identification information of the destination forwarding node does not exist in the local path table, the step of acquiring the destination communication path at this time is shown in fig. 4, and includes the following steps:
step S401: the source forwarding node sends identification information of the destination forwarding node to the first-level forwarding node, and inquires whether a network communication path between the source forwarding node and the destination forwarding node exists in a local path table of the first-level forwarding node, if so, step S402 is executed, and if not, step S403 is executed.
In some embodiments of the invention, the primary forwarding node is the closest forwarding node to the source forwarding node. It is to be understood that, in some other embodiments of the present invention, the first-level forwarding node may also be a forwarding node that is preset to have a preset corresponding relationship with the source forwarding node, and may specifically be flexibly selected according to actual needs.
In this step, after receiving the identification information of the destination forwarding node sent by the source forwarding node, the first-level forwarding node queries whether the destination forwarding node exists in the local path table of the first-level forwarding node, if the destination forwarding node exists in the local path table of the first-level forwarding node, step S402 is executed, and if the destination forwarding node is not queried in the local path table of the first-level forwarding node, step S403 is executed.
Step S402: and constructing a destination communication path between the source forwarding node and the destination forwarding node by taking the primary forwarding node as an intermediate forwarding node.
In some embodiments of the present invention, if the destination forwarding node exists in the local path table of the first-level forwarding node, the communication path between the first-level forwarding node and the destination forwarding node is directly obtained from the local path table of the first-level forwarding node, and then the communication path between the first-level forwarding node and the source forwarding node is added to form the destination communication path.
Step S403: the first-level forwarding node sends identification information of a destination forwarding node to the second-level forwarding node, and queries whether a network communication path between the second-level forwarding node and the destination forwarding node exists in a local path table of the second-level forwarding node, if so, step S404 is executed, and if not, step S405 is executed.
In some embodiments of the present invention, after receiving the identification information of the destination forwarding node sent by the primary forwarding node, the secondary forwarding node queries whether the destination forwarding node exists in a local path table of the secondary forwarding node, if the destination forwarding node exists in the local path table of the secondary forwarding node, step S404 is executed, and if the destination forwarding node is not queried in the local path table of the secondary forwarding node, step S405 is executed.
In some embodiments of the invention, the secondary forwarding node is the forwarding node closest in distance to the primary forwarding node. It may be understood that, in some other embodiments of the present invention, the secondary forwarding node may also be a forwarding node that is preset and has a preset corresponding relationship with the primary forwarding node, and may specifically be flexibly selected according to actual needs.
Step S404: and constructing a destination communication path between the source forwarding node and the destination forwarding node by taking the primary forwarding node and the secondary forwarding node as intermediate forwarding nodes.
Step S405: and the second-level forwarding node sends the identification information of the destination forwarding node to the third-level forwarding node, and inquires whether a network communication path between the second-level forwarding node and the destination forwarding node exists in a local path table of the third-level forwarding node, if so, step S406 is executed, and if not, step S407 is executed.
In some embodiments of the invention, the tertiary forwarding node is the forwarding node closest in distance to the secondary forwarding node. It is understood that, in some other embodiments of the present invention, the third-level forwarding node may also be a forwarding node that is preset to have a preset corresponding relationship with the second-level forwarding node, and may specifically be flexibly selected according to actual needs.
Step S406: and constructing a target communication path between the source forwarding node and the target forwarding node by taking the first-level forwarding node, the second-level forwarding node and the third-level node as intermediate forwarding nodes.
Step S407: and judging that the forwarding times of the identification information of the destination forwarding node reach preset times, if so, executing step S408, and if not, executing step S405.
In some embodiments of the present invention, the communication path of the destination forwarding node is searched step by step through the above steps until the communication path of the destination forwarding node is found, and then the communication connection between the source forwarding node and the destination forwarding node is established; or the forwarding number of the identification information of the destination forwarding node reaches the preset number and the communication path of the destination forwarding node is not found yet, at this time, step S408 is executed.
Step S408: the lookup process is ended and a communication failure is reported.
The communication path of the target forwarding node can be searched by the source forwarding node under the condition that the source forwarding node does not know the communication path of the target forwarding node step by step, and in addition, the forwarding times of the identification information of the target forwarding node are set to reach the preset times to stop searching, so that long-time program locking can be effectively avoided.
In some embodiments of the present invention, after the source forwarding node finds a destination communication path between the source forwarding node and the destination forwarding node via a first-level forwarding node, a second-level forwarding node, and other forwarding nodes, the source forwarding node stores the destination forwarding node and the destination communication path in the local path table.
And storing the destination forwarding node and the destination communication path into a local path table of the source forwarding node, so that the destination communication path does not need to be searched again when network communication is carried out between the source forwarding node and the destination forwarding node next time, and the stored data in the local path table can be directly called.
In some embodiments of the present invention, after the destination forwarding node receives the communication data, the source forwarding node and the destination communication path are stored in the local path table of the destination forwarding node.
The destination forwarding node stores the source forwarding node and the destination communication path in a local path table of the destination forwarding node, so that the destination communication path does not need to be searched again when network communication is carried out between the destination forwarding node and the source forwarding node next time, and the stored data in the local path table can be directly called.
Step S302: the source forwarding node forwards the communication data one by one through a plurality of intermediate forwarding nodes so as to send the communication data to the destination forwarding node.
In some embodiments of the present invention, the source forwarding node first sends the communication data to the intermediate forwarding node, and then the intermediate forwarding node sequentially forwards the communication data along the destination communication path, so as to send the communication data to the destination forwarding node.
In some embodiments of the present invention, for any intermediate forwarding node, after receiving communication data sent by a previous forwarding node, the intermediate forwarding node decrypts the communication data by using a first key to obtain decrypted data, encrypts the decrypted data by using a second key to obtain encrypted data, and forwards the encrypted data to a next forwarding node; the first key is a temporary key between any intermediate forwarding node and the previous forwarding node, and the second key is a temporary key between any intermediate forwarding node and the next forwarding node. Before sending communication data to a next forwarding node, an upper forwarding node firstly generates a first key with a next forwarding node protocol, encrypts the communication data by using the first key, sends the encrypted communication data to the next forwarding node, decrypts the encrypted communication data by using the first key after receiving the encrypted communication data sent by the upper forwarding node, then generates a second key with a next forwarding node protocol, and repeatedly uses the encryption and decryption processes of the second key.
The communication data are decrypted and encrypted again when being forwarded each time, so that the forwarding safety of the communication data can be effectively enhanced, and the anti-traceability capacity of the forwarding process of the communication data can be improved by using the keys.
In some embodiments of the present invention, the source forwarding node encrypts the communication data using the third key to obtain first encrypted data, and forwards the first encrypted data one by one via a plurality of intermediate forwarding nodes; the third key is a temporary key between the source forwarding node and the destination forwarding node. The source forwarding node firstly encrypts the communication data by using a temporary key generated by a protocol with a destination forwarding node, secondly encrypts the communication data after primary encryption by using a temporary key generated by a protocol with an intermediate forwarding node, and transmits the communication data after secondary encryption to the intermediate forwarding node, wherein the intermediate forwarding node performs repeated encryption and decryption processes on the communication data after primary encryption in the forwarding process.
The communication data is encrypted for the second time, so that the safety of the communication data in the communication process can be further improved.
In addition, in some embodiments of the present invention, when the forwarding node uploads the resource file, the resource file is hashed by hash, and a plurality of forwarding nodes closest to the hash value of the file in the network are searched to send the information of the actual storage location of the file to the forwarding nodes.
When any forwarding node needs to download the resource file, the hash value of the file is obtained according to the seed file, and the real storage position of the file is inquired at the node closest to the hash value of the file in the network. And after the file storage position is acquired, a file downloading request is initiated to the file storage position.
That is, as can be understood by those skilled in the art, all or part of the steps in the method according to the above embodiments may be implemented by a program instructing relevant hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and these modifications or substitutions do not depart from the spirit of the corresponding technical solutions of the embodiments of the present invention.

Claims (11)

1. A network communication system, comprising:
the system comprises a central node and a plurality of forwarding nodes which are connected with each other;
the central node manages and controls the forwarding nodes in a centralized management mode;
and the forwarding nodes carry out network communication in a distributed mode.
2. The system of claim 1, wherein said managing said plurality of forwarding nodes comprises:
one or more of identity authentication of the forwarding nodes, collection of node states of the forwarding nodes, and sending of control commands to the forwarding nodes.
3. The system of claim 2, wherein said sending control commands to said plurality of forwarding nodes comprises:
acquiring a communication node, wherein the communication node is any one of the forwarding nodes;
when the working state of the communication node is in an off-line state, acquiring a target node corresponding to the communication node, and sending the control command to the target node;
and after the communication node is on line, acquiring the control command from the target node.
4. The system of claim 3, wherein the obtaining a target node corresponding to the communication node comprises:
and acquiring a forwarding node closest to the communication node as the target node, or acquiring a forwarding node corresponding to the communication node as the target node according to a preset corresponding relation.
5. The system of claim 1, wherein the plurality of forwarding nodes communicate in a distributed manner over the network, comprising:
a source forwarding node constructs a destination communication path between the source forwarding node and a destination forwarding node, wherein the destination communication path comprises a plurality of intermediate forwarding nodes;
the source forwarding node forwards the communication data one by one through the plurality of intermediate forwarding nodes so as to send the communication data to the destination forwarding node;
for any intermediate forwarding node, after receiving communication data sent by a previous forwarding node, decrypting the communication data by using a first key to obtain decrypted data, encrypting the decrypted data by using a second key to obtain encrypted data, and forwarding the encrypted data to a next forwarding node;
the first key is a temporary key between the any intermediate forwarding node and the previous forwarding node, and the second key is a temporary key between the any intermediate forwarding node and the next forwarding node.
6. The system according to claim 5, wherein said forwarding communication data via said plurality of intermediate forwarding nodes seriatim comprises:
the source forwarding node encrypts the communication data by using a third key to obtain first encrypted data, and forwards the first encrypted data one by one through the plurality of intermediate forwarding nodes;
the third key is a temporary key between the source forwarding node and the destination forwarding node.
7. The system of claim 5, wherein the constructing a destination communication path with a destination forwarding node comprises:
the source forwarding node acquires the identification information of the destination forwarding node, and inquires whether the identification information of the destination forwarding node exists in a local path table, wherein the known forwarding nodes of the source forwarding node and network communication paths corresponding to the known forwarding nodes are stored in the local path table;
and if the identification information of the destination forwarding node exists in the local path table, directly acquiring a network communication path corresponding to the identification information of the destination forwarding node in the local path table as the destination communication path.
8. The system of claim 7, wherein the constructing a destination communication path with a destination forwarding node further comprises:
if the identification information of the destination forwarding node does not exist in the local path table, the source forwarding node sends the identification information of the destination forwarding node to a first-level forwarding node, and queries whether a network communication path between the source forwarding node and the destination forwarding node exists in the local path table of the first-level forwarding node;
if a network communication path between the first-level forwarding node and the destination forwarding node exists in the local path table of the first-level forwarding node, the first-level forwarding node is used as an intermediate forwarding node to construct a destination communication path between the source forwarding node and the destination forwarding node;
the first-level forwarding node is a forwarding node closest to the source forwarding node, or the first-level forwarding node is a forwarding node known by the source forwarding node.
9. The system of claim 8, wherein the constructing a destination communication path with a destination forwarding node further comprises:
if the local path table of the first-level forwarding node does not have a network communication path with the destination forwarding node, the first-level forwarding node sends identification information of the destination forwarding node to a second-level forwarding node, and queries whether the local path table of the second-level forwarding node has a network communication path with the destination forwarding node;
if a network communication path between the local path table of the second-level forwarding node and the destination forwarding node exists, constructing a destination communication path between the source forwarding node and the destination forwarding node by taking the first-level forwarding node and the second-level forwarding node as intermediate forwarding nodes;
if the local path table of the second-level forwarding node does not have a network communication path with the target forwarding node, the second-level forwarding node sends identification information of the target forwarding node to a third-level forwarding node, and queries whether a network communication path with the target forwarding node exists in the local path table of the third-level forwarding node until the forwarding times of the identification information of the target forwarding node reach preset times or a network communication path with the target forwarding node exists in the local path table of any forwarding node is found;
the second-level forwarding node is a forwarding node closest to the first-level forwarding node, or the second-level forwarding node is a forwarding node known to the first-level forwarding node;
the third-level forwarding node is a forwarding node closest to the second-level forwarding node, or the third-level forwarding node is a forwarding node known to the second-level forwarding node.
10. The system according to claim 7, wherein after the constructing a destination communication path between the source forwarding node and the destination forwarding node by using the primary forwarding node as an intermediate forwarding node, further comprises:
and storing the destination forwarding node and the destination communication path into the local path table.
11. The system according to any one of claims 5 to 10, wherein the forwarding nodes perform network communication in a distributed manner, further comprising:
and after receiving the communication data, the destination forwarding node stores the source forwarding node and the destination communication path into a local path table of the destination forwarding node.
CN202211478464.4A 2022-11-23 2022-11-23 Network communication system Pending CN115865605A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211478464.4A CN115865605A (en) 2022-11-23 2022-11-23 Network communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211478464.4A CN115865605A (en) 2022-11-23 2022-11-23 Network communication system

Publications (1)

Publication Number Publication Date
CN115865605A true CN115865605A (en) 2023-03-28

Family

ID=85665567

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211478464.4A Pending CN115865605A (en) 2022-11-23 2022-11-23 Network communication system

Country Status (1)

Country Link
CN (1) CN115865605A (en)

Similar Documents

Publication Publication Date Title
US9544282B2 (en) Changing group member reachability information
JP6240273B2 (en) Authentication using DHCP service in mesh networks
JP5384745B2 (en) Method for managing a P2P network based on cellular communication
US10372775B2 (en) Anonymous identity in identity oriented networks and protocols
CN112055048B (en) P2P network communication method and system for high-throughput distributed account book
US8914867B2 (en) Method and apparatus for redirecting data traffic
CN101895535B (en) Network authentication method, device and system for identifying separate mapping network
JP4902878B2 (en) Link management system
US9647876B2 (en) Linked identifiers for multiple domains
JP7476366B2 (en) Relay method, relay system, and relay program
US10827345B1 (en) Methods and systems for LoRaWAN traffic routing and control
US20160142213A1 (en) Authentication service and certificate exchange protocol in wireless ad hoc networks
JP2010141497A (en) Service server and communication system using the same
CN104081801A (en) Intelligent edge device
US20220368681A1 (en) Systems and methods for group messaging using blockchain-based secure key exchange
CN115865605A (en) Network communication system
US20230113457A1 (en) Systems and Methods for Establishing and Operating a Resilient and Low-Latency Outband Overlay Communication Network
US11196666B2 (en) Receiver directed anonymization of identifier flows in identity enabled networks
Lee et al. Cross-layered architecture for securing IPv6 ITS communication: example of pseudonym change
CN108259292B (en) Method and device for establishing tunnel
CN117749364B (en) Wide area network networking method for quantum security
KR101293303B1 (en) System and method for simultaneously transmitting data in heterogeneous network
US10841283B2 (en) Smart sender anonymization in identity enabled networks
US20220368546A1 (en) Systems and methods for group messaging using blockchain-based secure key exchange with key escrow fallback
CN117749364A (en) Wide area network networking method for quantum security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination