CN116016646B

CN116016646B - Service access control method, device, equipment and medium

Info

Publication number: CN116016646B
Application number: CN202211388569.0A
Authority: CN
Inventors: 侯文龙; 刘孟昕; 陈溪; 张玉娟
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2022-11-07
Filing date: 2022-11-07
Publication date: 2024-05-28
Anticipated expiration: 2042-11-07
Also published as: CN116016646A

Abstract

The present disclosure provides a service access control method, apparatus, device, and medium, which can be applied to the fields of electronic communication, software testing, and internet financial management. The service access control method comprises the following steps: responsive to determining that the availability of the target traffic service of the first server is in a predetermined state, determining a second server associated with the first server from the historical traffic log; determining a server call link based on the first server and the second server; and performing service access isolation on the server call link.

Description

Service access control method, device, equipment and medium

Technical Field

The present disclosure relates to the fields of electronic communications, software testing, and internet financial management, and more particularly, to a business access control method, apparatus, device, medium, and program product.

Background

The long-chain business transaction mode representation can complete the complete service of the client side once only through interaction cooperative processing of a plurality of servers or application nodes in a complete business processing process. With the development of information technology, the architecture of an information system is more and more complex, and especially the application of a micro-service architecture is more and more widely used today, and a long-chain business transaction mode is more and more common.

In the process of implementing the disclosed concept, the inventor finds that at least the following problems exist in the related art: and the access operation to the unavailable part of service nodes in the long-chain service is controlled, and the access operation to the upstream service nodes of the unavailable part of service nodes is still carried out normally, so dirty data can be generated, and the problem of interference to the data of the subsequent long-chain service is caused.

Disclosure of Invention

In view of this, the present disclosure provides a service access control method, apparatus, device, medium, and program product.

According to a first aspect of the present disclosure, there is provided a service access control method, including:

In response to determining that the availability of a target service of a first server is in a predetermined state, determining a second server associated with the first server from a history service log, wherein the second server and the first server are servers for processing a target service, respectively, and the target service is a service executed by the first server for processing the target service;

determining a server call link based on the first server and the second server, wherein the server call link indicates a service access relationship between a plurality of servers in the service call link; and

And carrying out service access isolation on the server call link.

According to an embodiment of the present disclosure, the determining, from the history service log, a second server associated with the first server includes:

Determining at least one service identification information associated with the first server from the historical service log, wherein each of the at least one service identification information indicates identification information of a service processed by the first server;

Determining target service identification information of the target service from the at least one service identification information based on service type information of the target service; and

And determining the at least one second server from a plurality of third servers based on the target service identification information, wherein the plurality of third servers are servers described in the history service log.

According to an embodiment of the present disclosure, the determining a server call link based on the first server and the second server includes:

Determining execution time information of the service executed by the server for processing the target service from the history service log for each server on the server call link;

determining service access relations among a plurality of servers on the server call link based on the execution time information; and

And determining the server call link based on the plurality of servers and the service access relation.

According to an embodiment of the present disclosure, the service access isolation for the server call link includes:

Determining a target service port of the server for executing the target service for each server on the server call link; and

And based on the target service port, performing service access isolation on the server call link by using a firewall technology.

According to an embodiment of the present disclosure, the determining, for each server on the server call link, a target service port of the server for executing the target service includes:

Determining, for each server on the server call link, service type information of the server for executing the target service from the history service log based on server identification information of the server and the target service identification information; and

And determining the target service port from the at least one service port in a mapping table of service type information and port identification information based on service type information of the server for executing the target service, wherein the mapping table of service type information and port identification information is pre-established, and the mapping table of service type information and port identification information indicates a mapping relationship between the service type information and the service port.

determining a target service access path of the server for executing the target service for each server on the server call link; and

And based on the target service access path, performing service access isolation on the server call link by using a soft load balancing technology.

According to an embodiment of the present disclosure, the determining, for each server on the server call link, a target service access path of the server for executing the target service includes:

Determining the target service access path from the at least one service access path in a service type information and access path identification information mapping table based on service type information of the server for executing the target service, wherein the service type information and access path identification information mapping table is pre-established, and the service type information and access path identification information mapping table indicates a mapping relationship between the service type information and the service access path

According to an embodiment of the present disclosure, the service access control method further includes:

for the target business service, periodically sending availability detection information to the first server; and

And determining that the availability of the target business service of the first server is in the predetermined state when the feedback information from the first server is not received for a predetermined number of times.

And in response to determining that the availability detection of the target business service of the first server is in an available state, invoking a link to the server to perform business access recovery.

A second aspect of the present disclosure provides a service access control apparatus, including:

A second server determining module, configured to determine, from a history service log, a second server associated with a first server in response to determining that availability of a target service of the first server is in a predetermined state, where the second server and the first server are servers for processing a target service, respectively, and the target service is a service executed by the first server for processing the target service;

A server call link determining module, configured to determine a server call link based on the first server and the second server, where the server call link indicates a service access relationship between a plurality of servers in the service call link; and

And the service access isolation module is used for carrying out service access isolation on the server call link.

A third aspect of the present disclosure provides an electronic device, comprising:

one or more processors;

A memory for storing one or more instructions,

Wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method as described above.

A fourth aspect of the present disclosure provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to implement a method as described above.

A fifth aspect of the present disclosure provides a computer program product comprising computer executable instructions which, when executed, are adapted to carry out the method as described above.

According to an embodiment of the present disclosure, a second server associated with a first server is determined from a history service log by responding to determining that availability of a target service of the first server is in a predetermined state, wherein the second server and the first server are servers for processing a target service, respectively, and the target service is a service performed by the first server for processing the target service; determining a server call link based on the first server and the second server, wherein the server call link indicates a service access relationship between a plurality of servers in the service call link; and a technical means for performing service access isolation on the server call link, in response to determining that the availability of the target service of the first server is in a predetermined state, determining a second server associated with the first server from the history service log, so that the service access isolation can be performed on the server call link only by changing the processing capacity of the target service into an unavailable state and further processing other services according to text information about the processing of the target service by the first server and the second server recorded in the history service log, the second server associated with the first server and capable of processing the target service is found, and based on the first server and the second server, the server call link is determined, the service access isolation can be performed on the server call link, so that the processing capacity of the target service is only changed into the unavailable state, the service can be continuously processed, and the service availability is improved while generating dirty data is avoided.

Drawings

The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments thereof with reference to the accompanying drawings in which:

FIG. 1 schematically illustrates an exemplary system architecture to which a business access control method may be applied, according to an embodiment of the present disclosure;

fig. 2 schematically illustrates a flow chart of a service access control method according to an embodiment of the present disclosure;

FIG. 3 schematically illustrates a server call link diagram according to an embodiment of the disclosure;

fig. 4 schematically illustrates a block diagram of a service access control device according to an embodiment of the present disclosure; and

Fig. 5 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.

Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a convention should be interpreted in accordance with the meaning of one of skill in the art having generally understood the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

At present, in a long-chain business transaction mode, a certain business application, a business service node, a testing environment or a version is maintained, so that under the condition that the functions of part of business nodes in the long-chain business transaction are unavailable, the access operation of the part of business nodes which are unavailable in the long-chain business is controlled, and the access operation of the upstream business nodes of the unavailable part of business nodes is still performed normally, dirty data can be generated, and the problem of interference to the data of the subsequent long-chain business is caused. Based on this, embodiments of the present disclosure provide a service access control method, apparatus, device, medium, and program product.

The embodiment of the disclosure provides a service access control method, which comprises the following steps:

In response to determining that the availability of the target service of the first server is in a predetermined state, determining a second server associated with the first server from the historical service log, wherein the second server and the first server are servers for processing the target service, respectively, and the target service is a service executed by the first server for processing the target service; determining a server call link based on the first server and the second server, wherein the server call link indicates a service access relationship between a plurality of servers in the service call link; and performing service access isolation on the server call link.

According to the embodiment of the disclosure, in response to determining that the availability of the target service of the first server is in a predetermined state, determining the second server associated with the first server from the historical service log, it is possible to realize that in the case that the availability of the target service of the first server is determined to be unavailable, according to text information about the processing of the target service by the first server and the second server recorded in the historical service log, find the second server associated with the first server and capable of processing the target service, determine a server call link based on the first server and the second server, determine a time-before-time relation of the processing of the target service by the first server and the second server, perform service access isolation on the server call link, realize that only the processing capacity of the target service is changed to be unavailable, and further continue processing other services, and improve the availability of the server while avoiding generating dirty data.

Fig. 1 schematically illustrates an exemplary system architecture 100 in which a service access control method may be applied according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.

As shown in fig. 1, a system architecture 100 according to this embodiment may include servers 101, 102, and 103, a network 104, and a terminal device 105. The network 104 is the medium used to provide communication links between the servers 101, 102, 103 and the terminal devices 105. The network 104 may include various connection types, such as wired and/or wireless communication links, and the like.

The tester can interact with the servers 101, 102, and 103 through the network using the terminal device 105 through the network 104 to receive or transmit information, etc. Various applications that communicate with the servers 101, 102, 103, such as shopping class applications, search class applications, instant messaging tools, mailbox clients, etc., may be installed on the terminal device 105, as just examples.

The terminal device 105 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to tablet computers, laptop portable computers, desktop computers, and the like.

Servers 101, 102, and 103 may be servers that handle various services, and servers 101, 102, and 103 may each contain multiple ports, each of which may interface with different service requests, respectively. In the case where the services that can be handled by the servers 101, 102, and 103 are on the same link, the terminal device 105 sends service requests to the servers 101, 102, and 103 through the network 104, and the servers 101, 102, and 103 can acquire the service requests through the corresponding ports in order on the link and perform service processing.

Any one of the servers 101, 102 and 103 may also be configured to monitor whether a plurality of service in the servers 101, 102 and 103 are in an available state, and in a case where there is a service in an unavailable state in the servers 101, 102 and 103, perform access control isolation on a transaction link corresponding to the service in the unavailable state.

It should be noted that, the service access control method provided in the embodiments of the present disclosure may be generally executed by the servers 101, 102, and 103. Accordingly, the service access control system provided in the embodiments of the present disclosure may be generally disposed in the servers 101, 102, and 103. The service access control method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the servers 101, 102, and 103 and is capable of communicating with the terminal device 105 and/or the server 105. Accordingly, the service access control system provided by the embodiments of the present disclosure may also be provided in a server or a server cluster different from the servers 101, 102 and 103 and capable of communicating with the terminal device 105 and/or the servers 101, 102 and 103.

It should be understood that the number of client devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of client devices, networks, and servers, as desired for implementation.

Fig. 2 schematically illustrates a flow chart of a service access control method according to an embodiment of the present disclosure.

As shown in fig. 2, the method includes operations S201 to S203.

In response to determining that the availability of the target service of the first server is in a predetermined state, a second server associated with the first server is determined from the history service log, wherein the second server and the first server are servers for processing the target service, respectively, and the target service is a service performed by the first server for processing the target service.

According to the embodiment of the present disclosure, the first server may represent any one of a plurality of servers for executing the service access control method of the present embodiment, and the first server may process a plurality of different services, and may further execute service services corresponding to the plurality of different services, respectively.

According to an embodiment of the present disclosure, the availability of the target traffic service of the first server being in a predetermined state characterizes the availability of the target traffic service of the first server being in an unavailable state.

According to an embodiment of the present disclosure, one target service may include a plurality of service services to be executed, and the plurality of service services may be executed by different servers, respectively.

According to an embodiment of the present disclosure, the second server may be any one of servers that may be used to process the target traffic in addition to the first server, and the first server and the second server may be used to perform different traffic services in the target traffic.

According to the embodiment of the disclosure, the historical service log can characterize and record the processed service of each server, and text description information of calling relations and calling time among different servers under the condition that the different servers jointly process the same target service.

According to the embodiment of the disclosure, the record form of the history service log can be a plain text description, and the content can be recorded in a table.

According to the embodiment of the disclosure, in response to determining that the availability of the target business service of the first server is in a predetermined state, determining the second server associated with the first server from the history business log can realize that the second server associated with the first server which can process the target business is found according to the text information about the processing of the target business by the first server and the second server recorded in the history business log under the condition that the availability of the target business service of the first server is determined to be unavailable.

In operation S202, a server call link is determined based on the first server and the second server, wherein the server call link indicates a business access relationship between a plurality of servers in the service call link.

According to an embodiment of the present disclosure, service access relationships among a plurality of servers characterize, and the plurality of servers process time context of the same target service.

According to the embodiment of the disclosure, based on the first server and the second server, the server call link is determined, and the time and the context of the first server and the second server for processing the target service can be determined.

According to the embodiment of the disclosure, for example, there are three servers, namely, server 1, server 2 and server 3, for processing the first target service, and by querying the history service log, it can be determined that in the process of processing the target service, the call relations between the front and back of the three servers are: the server 1, the server 3 and the server 2, wherein the server 1 executes the first business service in the first target business, the server 2 executes the third business service in the first target business, and the server 3 executes the second business service in the first target business, so that the server call link can be determined as the server 1-first target business-server 3-first target business and the server 2-first target business.

In operation S203, service access isolation is performed on the server call link.

According to the embodiment of the disclosure, service access isolation is performed on the server call link, and the characterization is that the target service on the server call link is in an inaccessible state.

According to the embodiment of the disclosure, service access isolation characterization is performed on the server call link, relevant ports of a plurality of servers for processing target services on the call link are placed in an unavailable state by using a relevant technology, the target services on the server call link are in an inaccessible state, the servers are still in an available state only by placing relevant ports of the plurality of servers for processing the target services in the unavailable state, other services can be continuously processed, and the availability of the servers is improved while dirty data generation is avoided.

According to the embodiment of the disclosure, in response to determining that the availability of the target service of the first server is in a predetermined state, determining the second server associated with the first server from the history service log, it may be realized that in a situation that it is determined that the availability of the target service of the first server is unavailable, according to text information about the processing of the target service by the first server and the second server recorded in the history service log, the second server associated with the first server and capable of processing the target service is found, based on the first server and the second server, a server call link is determined, a time-before-time relation of the processing of the target service by the first server and the second server may be determined, service access isolation is performed on the server call link, and the available implementation may be realized that only relevant ports of a plurality of servers for processing the target service are placed in an unavailable state, the servers are still available, and may also continue to process other services while avoiding generating dirty data, and improving the availability of the servers.

According to an embodiment of the present disclosure, operation S201 includes: determining at least one service identification information associated with the first server from the historical service log, wherein each of the at least one service identification information indicates identification information of a service processed by the first server; determining target service identification information of a target service from at least one service identification information based on service type information of the target service; and determining at least one second server from the plurality of third servers based on the target service identification information, wherein the plurality of third servers are servers recorded in the history service log.

According to the embodiment of the disclosure, the service identification information has uniqueness and global property. Different services correspond to different service identification information. In the case where different servers handle the same service, the different servers use the same service identification information associated with the service. For example, the service identification information of the first service is a, and the service identification information of the first service is denoted by a in a plurality of processors that process the first service.

According to an embodiment of the present disclosure, at least one service identification information related to the first server may be characterized, where there is only one service that the first server can process, and where there is a plurality of services that the first server can process, there is a plurality of service identification information related to the first server.

According to an embodiment of the present disclosure, service type information of a target business service characterizes a plurality of different types of business service operations corresponding to the target business. For example, the target service includes two different types of service operations, where the two different types of service operations are respectively transfer and consumption, the service type of transfer may be denoted by 1, and the service type of consumption may be denoted by 2.

According to an embodiment of the present disclosure, the information recorded in the history service log may be, for example: the number of the servers is four, and the four servers are respectively a server 1, a server 2, a server 3 and a server 4, wherein the server 1, the server 2 and the server 3 can be used for processing different service services in the service A, and the server 1 and the server 4 can be used for processing different service services in the service B.

According to an embodiment of the present disclosure, in the case that the server 1 is determined to be the first server and the availability of the target business service of the server 1 is in an unavailable state, the server 2, the server 3, and the server 4 characterize a plurality of third servers.

According to an embodiment of the present disclosure, the information recorded in the history service log may be, for example: the two services which can be processed by the server 1 are respectively A and B, the service name in the service A processed by the server 1 is the transfer, the transfer can be represented by the service type identification information 1, the service name in the service B processed by the server 1 is the payment, and the payment can be represented by the service type identification information 3.

According to the embodiment of the present disclosure, the service identification information related to the server 1 may be determined as a and B from the history service log, and in the case where the service type information of the target service is determined as 1, the target service identification information of the target service may be determined as a from the service identification information a and B, and the server 2 and the server 3 may be determined as the second server according to the target service identification information a.

According to the embodiment of the disclosure, since the service identification information has uniqueness and global property, after the target service identification information of the target service is determined from the at least one service identification information based on the service type information of the target service, the at least one second server can be quickly determined from the plurality of third servers by means of the historical service log based on the target service identification information, so that the efficiency of searching the servers related to the target service is improved.

According to an embodiment of the present disclosure, operation S202 includes: determining execution time information of a service executed by a server for processing a target service from a history service log for each server on a server call link; determining a business access relationship between a plurality of servers on a server call link based on the execution time information; and determining a server call link based on the plurality of servers and the business access relationship.

According to the embodiment of the present disclosure, the execution time information may include time information of starting execution, time information of starting execution and time information of ending execution, and which execution time information is specifically used may be determined according to actual situations, and the embodiment of the present disclosure does not limit the expression form of the specific execution time information.

According to the embodiment of the disclosure, based on the execution time information, the service access relation among the plurality of servers on the server call link is determined, the time before and after relation of the plurality of servers on the server call link for processing the target service can be determined by using the execution time information, the server call link is determined based on the plurality of servers and the service access relation, the time before and after relation of the plurality of servers for processing the target service can be stored in the server call link, and preparation is made for the subsequent use of the server call link for service access isolation.

Table 1 schematically shows information recorded in a history service log according to an embodiment of the present disclosure.

TABLE 1

As shown in table 1, the number of servers is 4, and four servers are SG1, SG2, SG3 and SG4, respectively.

The number of services which can be processed by the SG1 is two, the service identification information of the two services is UMSP and EPASS respectively, the service name of the service which is executed by the SG1 in the service with the service identification information of UMSP is transfer, the service type information is 1, the service name of the service which is executed by the SG1 in the service with the service identification information of EPASS is repayment, and the service type information is 5.

One of the services that SG2 can process is the service identification information related to the service is UMSP, and SG2 performs service name of the service of consuming in the service of which the service identification information is UMSP, and the service type information is 2.

One of the services that SG3 can process is the service identification information related to the service is UMSP, SG3 executes the service name of the service of repayment in the service with the service identification information of UMSP, and the service type information is 3.

One of the services that SG4 can handle is that the service identification information related to the service is EPASS, SG4 performs the transfer of the service name of the service in the service with service identification information EPASS, and the service type information is 4.

20220520 08:30:01 In the execution time information characterizes that the server SG1 starts to process the service of which the service identification information is the UMSP at the time of 2022, 5, 20, 8, 30 minutes, 1 second. Similarly 20220520 08:30:02 characterizes SG2 as starting to process the service with UMSP as the service identification information at 8:30 min 2s of 20:20 in 2022, 20220520 08:30:03 characterizes SG3 as starting to process the service with UMSP as the service identification information at 8:30 min 3s of 20:20 in 22:5, 20220520 09:30:01 characterizes SG4 as starting to process the service with EPASS as the service identification information at 9:30 min 1 s of 20:20 in 22:5, 20220520 09:30:02 characterizes SG1 as starting to process the service with EPASS as the service identification information at 9:30 min 2s of 20:20 in 2022.

In the event SG1 is determined to be the first server, and the business services in SG1 are in an unavailable state, SG2, SG3, and SG4 characterize a plurality of third servers. The history service log shown in table 1 can be searched to obtain the target service identification information related to SG1 as UMSP and EPASS.

In the case where it is determined that the service type information of the target business service related to SG1 is 5, it is determined that the target business identification information corresponding to the service type information 5 is EPASS by referring to the history business log shown in table 1. Further, according to the target service identification information EPASS, it can be determined that the server which can process the service of which the target service identification information is EPASS other than SG1 is SG4 by referring to table 1. Further, by referring to the execution time information in table 1, it is determined that the time for SG4 to process the service of the target service identification information EPASS is 20220520 09:30:01,SG1 and the time for processing the service of the target service identification information EPASS is 20220520 09:30:02, and thus, the time for SG1 to process the service of the target service identification information EPASS is after SG4 processes the service of the target service identification information EPASS.

Fig. 3 schematically illustrates a server call link diagram according to an embodiment of the present disclosure.

As shown in fig. 3, in the case where the client initiates a service request handling the service identification information as the UMSP, the call order of the plurality of servers handling the service of which the service identification information is the UMSP is SG1-UMSP-SG2-UMSP-SG3-UMSP. In the case where the client initiates a service request handling service identification information EPASS, the call sequence of the plurality of servers handling service of service identification information EPASS is SG4-EPASS-SG1-EPASS.

According to an embodiment of the present disclosure, operation S203 includes: for each server on the server call link, a target service port of the server for executing the target service is determined.

According to an embodiment of the present disclosure, each of a plurality of servers on a server call link includes a plurality of ports that respectively correspond to different ones of the services handled by the server.

According to an embodiment of the present disclosure, determining, for each server on a server call link, a target service port of the server for executing a target service, includes: determining service type information of the server for executing the target service from the history service log based on server identification information and target service identification information of the server for each server on the server call link; and determining a target service port matched with the service type information from at least one service port of the server.

According to the embodiment of the disclosure, since the plurality of ports respectively correspond to different service types in the service processed by the server, and the different service types correspond to different service types, the plurality of ports respectively correspond to the service types of the service processed by the server, and after determining the service type information of the server for executing the target service, the target service port matched with the service type information can be determined from at least one service port of the server.

According to an embodiment of the present disclosure, for each server on a server call link, a target service port matching the service type information may be determined from at least one service port of the server by referring to a table describing a relationship between traffic and ports with respect to each server.

According to an embodiment of the present disclosure, determining a target service port that matches the service type information from at least one service port of the server includes: and determining the target service port from at least one service port in a service type information and port identification information mapping table based on service type information of the server for executing the target service, wherein the service type information and port identification information mapping table is pre-established, and the service type information and port identification information mapping table indicates a mapping relationship between the service type information and the service port.

Based on the target service port, the firewall technology is utilized to isolate service access to the server call link.

According to the embodiment of the disclosure, based on the target service port, the target service port of the server can be set to be in an unavailable state by using a firewall technology, so that service access isolation is realized on a call link of the server, other services of the server are still in an available state, other services can be processed continuously, and the availability of the server is improved while dirty data generation is avoided.

Table 2 schematically illustrates a mapping table of service type information and port identification information according to an embodiment of the present disclosure.

TABLE 2

Table 2 corresponds to the server and the service handled by the server in table 1. As shown in table 2, the IP address of the server whose server identification information is SG1 is a.a.a., the port corresponding to the service type information 1 of the server is 10000, and the port corresponding to the service type information 5 of the server is 10001. The IP address of the server whose server identification information is SG2 is a.a.b.c, and the port corresponding to the service type information 2 of the server is 10009. The IP address of the server whose server identification information is SG3 is a.a.b., and the port corresponding to the service type information 3 of the server is 10003. The IP address of the server whose server identification information is SG4 is a.b.b.c, and the port corresponding to the service type information 4 of the server is 10002.

According to the embodiment of the disclosure, in the case that the server call link is determined to be SG1-UMSP-SG2-UMSP-SG3-UMSP, it may be determined that the identification information of the server is SG1, SG2 and SG3, respectively, and the target identification information is UMSP from the server call link.

By referring to the history service log in table 1, it can be determined that the service type information of the server for executing the target service UMSP, which is the server identification information SG1, is 1. The server whose server identification information is SG2 is used to execute the service type information of the target service UMSP is 2. The server whose server identification information is SG3 is used to execute the service type information of the target service UMSP is 3.

By referring to the service type information and port identification information mapping table in table 2, it can be determined that service port 10000 of the server whose server identification information is SG1 matches with service type information 1. The service port 10009 of the server whose server identification information is SG2 matches with the service type information 2. The service port 10003 of the server whose server identification information is SG3 matches with the service type information 3. Therefore, the firewall technology can be utilized to set the target service port 10000 of the server with the server identification information being SG1 to be in an unavailable state, set the target service port 10009 of the server with the server identification information being SG2 to be in an unavailable state, set the target service port 10003 of the server with the server identification information being SG3 to be in an unavailable state, realize service access isolation for the server calling the links SG1-UMSP-SG2-UMSP-SG3-UMSP, and enable other services of the servers with the server identification information being SG1, SG2 and SG3 to be in an available state respectively, and further enable other services to be processed continuously, so that the availability of the servers with the server identification information being SG1, SG2 and SG3 is improved while dirty data is avoided.

According to an embodiment of the present disclosure, a firewall technology is used to perform service access isolation on a server call link, which is just one specific embodiment provided in the present disclosure, and another specific embodiment may be further adopted in the present disclosure, for example, a soft load balancing technology may be further applied to perform service access isolation on a server call link, and a detailed description of performing service access isolation on a server call link using the soft load balancing technology is as follows.

According to an embodiment of the present disclosure, operation S203 includes: for each server on the server call link, a target service access path for the server for executing the target service is determined.

According to the embodiment of the disclosure, different standard resource (URL) paths can be respectively allocated to the servers according to different service types of the services processed by the servers, and the URL paths are used as service access paths.

According to an embodiment of the present disclosure, determining a target service access path of a server for executing a target service for each server on a server call link includes:

Determining service type information of the server for executing the target service from the history service log based on server identification information and target service identification information of the server for each server on the server call link; and determining a target service access path matching the service type information from at least one service access path of the server.

According to an embodiment of the present disclosure, for each server on a server call link, a target service access path matching the service type information may be determined from at least one service access path of the server by referring to a table describing a relationship between traffic and service access paths for each server.

According to an embodiment of the present disclosure, determining a target service access path matching the service type information from at least one service access path of the server includes: and determining a target service access path from at least one service access path in a service type information and access path identification information mapping table based on service type information of a server for executing the target service, wherein the service type information and access path identification information mapping table is pre-established, and the service type information and access path identification information mapping table indicates a mapping relationship between the service type information and the service access path.

Based on the target service access path, the service access isolation is carried out on the server call link by utilizing a soft load balancing technology.

According to the embodiment of the disclosure, a plurality of servers on a server call link can be used as a server group, the server group is deployed on the same IP server, service requests required to be handled by a client are uniformly acquired by the server, service access paths of related servers in the server group are uniformly distributed according to specific service services requested by the client, and when a part of service services on the server call link for realizing the service are maintained, the service access paths of the related servers for realizing the service can be set to be in an unavailable state, and when the specific service requested by the client is unavailable, the client is prompted: "the current business cannot be handled, please retry later".

According to the embodiment of the disclosure, under the condition that different standard resource URL paths are respectively allocated to the servers based on different service types of the services processed by the servers, the service access paths of the servers can be set to be in an unavailable state by utilizing a soft load balancing technology, so that service access isolation is realized on a server call link, other services of the servers are in an available state, other services can be processed continuously, and the availability of the servers is improved while dirty data generation is avoided.

According to the embodiment of the disclosure, the soft load balancing technology may be Haproxy or nmginx, for example, and the embodiment of the disclosure is not limited to a specific soft load balancing technology, and may be selected according to practical situations.

Table 3 schematically illustrates service type information and service access path mapping tables according to embodiments of the present disclosure.

TABLE 3 Table 3

Table 3 corresponds to the services handled by the server in table 2. As shown in table 3, the URL path characterizes the service access path. Wherein, the port corresponding to the service type information 1 of the server whose server identification information is SG1 is 10000, the Url path is Url/umsp1, the port corresponding to the service type information 5 of the server whose server identification information is SG1 is 10001, the Url path is Url/epass2, the port corresponding to the service type information 3 of the server whose server identification information is SG2 is 10009, the Url path is Url/umsp2, the port corresponding to the service type information 3 of the server whose server identification information is SG3 is 10003, the Url path is Url/umsp3, the port corresponding to the service type information 4 of the server whose server identification information is SG4 is 10002, and the Url path is Url/epass1.

By referring to the history service log in table 1, it can be determined that the service type information of the server SG1 for executing the target service UMSP is 1. The service type information of the server SG2 for executing the target service UMSP is 2. The service type information of the server SG3 for executing the target service UMSP is 3.

By referring to the service type information and the service access path table in table 3, it can be determined that the service access path Url/umsp1 of the server whose server identification information is SG1 matches the service type information 1. The service access path Url/umsp2 of the server whose server identification information is SG2 matches with the service type information of 2. The service access path Url/umsp of the server whose server identification information is SG3 matches with the service type information of 3.

Therefore, by using a soft load balancing technique, for example, an ngginx technique, the service access path Url/UMSP1 of the server whose server identification information is SG1 is set to an unavailable state, the service access path Url/UMSP2 of the server whose server identification information is SG2 is set to an unavailable state, and the service access path Url/UMSP3 of the server whose server identification information is SG3 is set to an unavailable state, so that service access isolation is performed on the server call links SG1-UMSP-SG2-UMSP-SG3-UMSP, and other services of the servers whose server identification information is SG1, SG2 and SG3, respectively, are still available, and other services can be continuously processed, thereby improving availability of the servers whose server identification information is SG1, SG2 and SG3, respectively, while avoiding generation of dirty data.

According to an embodiment of the present disclosure, the service access control method further includes: for a target business service, periodically sending availability detection information to a first server; and determining that the availability of the target business service of the first server is in a predetermined state if it is determined that the feedback information from the first server is not received a predetermined number of times.

According to the embodiment of the disclosure, a standard availability monitoring protocol can be defined for each service in the target service, and the defined availability monitoring protocol is used as the availability detection information.

According to the embodiment of the disclosure, the availability detection information of each business service in the target business can be uniformly distributed and registered, the availability detection information of each business service in the target business is recorded in the availability monitoring registration configuration table, and then the availability detection information is periodically sent to the server for processing each business service of the target business for periodic availability monitoring by the segment batch for each business service in the registered target business through the special server.

According to the embodiments of the present disclosure, the predetermined number of times may be, for example, 3 times, 5 times, 10 times, etc., and the embodiments of the present disclosure are not limited to a specific predetermined number of times, and may be determined according to actual situations.

According to embodiments of the present disclosure, the feedback information reflects that the availability of the target service is in an available state, e.g., the feedback information may be "good", and the target service is considered to be in an available state.

According to the embodiment of the disclosure, the availability detection information is periodically sent to the first server aiming at the target service, and the availability of the target service of the first server is determined to be in a preset state under the condition that the feedback information from the first server for preset times is not received, so that the availability of the target service can be automatically monitored in real time, the target service is timely found to be in an unavailable state, and preparation is made for subsequent timely service isolation, further the problem that access operation of related service is not timely controlled under the condition that the target service is in an unavailable state, service personnel still normally test the upstream service or the client performs service handling at all, dirty data inconsistent with data in the service on the upstream and downstream of the target service is generated, and the data quality in the service is ensured.

Table 4 schematically illustrates an availability monitoring registry configuration table according to an embodiment of the present disclosure.

Table 4 corresponds to the server and the service handled by the server in table 1. As shown in table 4, the availability monitoring service corresponding to the service type information 1 of the server whose server identification information is SG1 is http:// ip1: port1/f5check/F5check health. Jsp, the availability monitoring service corresponding to service type information 5 of the server whose server identification information is SG1 is http: v/ip 5: port5/f5check/F5check health. Jsp, the availability monitoring service corresponding to service type information 2 of the server whose server identification information is SG2 is http: v/ip 2: port2/f5check/F5check health. Jsp, the availability monitoring service corresponding to service type information 3 of the server whose server identification information is SG3 is http: v/ip 3: port3/f5check/F5check health. Jsp, the availability monitoring service corresponding to service type information 4 of the server whose server identification information is SG4 is http: v/ip 5: port5/f5check/F5check health. The feedback information corresponding to each business service corresponding to each server in table 4 is @ the @ health @ is @ good @.

According to the embodiment of the present disclosure, for example, in the case that a server whose server identification information is SG1 is used as a dedicated server, the server may periodically transmit availability probe information to the server of each business service having different processing service type information in table 4 in a segmented batch, perform periodic availability monitoring, and consider that the monitored business service is in an unavailable state in the case that feedback information @ the @ health @ is @ good @ is not received 3 times.

TABLE 4 Table 4

According to an embodiment of the present disclosure, the service access control method further includes: responsive to determining that the availability probe of the target business service of the first server is in an available state, a business access recovery is performed for the server call link.

According to the embodiment of the disclosure, the availability status obtained by detecting the availability of the target business service can be recorded in the access prohibition link configuration table, and when the client side processes the target business, whether access prohibition definitions of the service and a downstream business link related to the service exist in the current access time in the access prohibition link configuration table can be searched first, if yes, a standard access prohibition information message is returned to the client side, and the client side is prohibited from processing the business service, so that dirty data are avoided.

According to the embodiment of the disclosure, in the process of periodically monitoring the availability of each business service in the target business service, when detecting that each business service in the target business service is recovered from the access forbidden state to the available state, the access forbidden link configuration table can be used for recording that the availability state of each business service in the target business service is set to be normal from the forbidden state, so that the target business service is in the available state, and the business access recovery of the server call link is realized.

According to the embodiment of the disclosure, in response to determining that the availability detection of the target business service of the first server is in the available state, business access recovery is performed on the server call link, the accessed target business service can be found and recovered in time, and in the process of testing the related business service by a tester, the data quality in the related business service can be ensured, and meanwhile, the working quality of the testing process is improved.

Table 5 schematically illustrates a forbidden access link configuration table according to an embodiment of the present disclosure.

Table 5 corresponds to the services handled by the server in table 4. As shown in table 5, according to the availability monitoring registration configuration table in table 4, in the process of periodically monitoring availability of each of the target service in table 4, service type information 1 is monitored at a time of 2022, 10/11/23 seconds, and the service of Url path Url/umsp1 is in an unavailable state, and the related service on the service related link with the service type information 1 and Url address Url/umsp1 is placed in an unavailable state by using the soft load balancing technology, that is, url paths Url/umsp2 and Url/umsp are simultaneously set in an unavailable state, service isolation is performed, and simultaneously the service of Url paths Url/umsp1, url/umsp2 and Url/umsp2 are recorded in the access prohibition link configuration table in table 5.

Thus, it can be recorded from table 5 that the service type information is 1 at the time of 2022, 06, 10, 01, 11 minutes, 23 seconds, the service of Url path Url/umsp1 is in the disabled state, the service type information is 2 at the time of 2022, 06, 10, 01, 11 minutes, 30 seconds, the service of Url path Url/umsp2 is in the disabled state, the service type information is 3 at the time of 2022, 06, 10, 01, 11 minutes, 31 seconds, and the service of Url path Url/umsp3 is in the disabled state.

TABLE 5

In the process of periodically monitoring availability of each business service in the target business services in table 4 at 04 th of 10 th of 2022 for 11 minutes and 46 seconds, the business service with the service type information of 1 and the Url path of Url/umsp1 is monitored to be in an available state. At this time, service access recovery can be performed on the server call link corresponding to the service of which the service type information is 1 and the Url path is Url/umsp 1.

Therefore, it can be recorded in table 5 that the service type information is 1 when the time of 04 th 10 th 2022 is 11 minutes and 46 seconds, the service with Url path being Url/umsp1 is in the normal available state, the service type information is 2 when the time of 10 th 2022 is 11 minutes and 50 seconds, the service with Url path being Url/umsp2 is in the normal available state, the service type information is 3 when the time of 10 th 2022 is 11 minutes and 51 seconds, the service with Url path being Url/umsp3 is in the normal available state, and the service access recovery is implemented on the server call link corresponding to the service with Url of 1 and Url path being Url/umspl.

Fig. 4 schematically illustrates a block diagram of a service access control apparatus according to an embodiment of the present disclosure.

As shown in fig. 4, the service access control apparatus 400 of this embodiment includes a second server determination module 410, a server call link determination module 420, and a service access isolation module 430.

The second server determining module 410 is configured to determine, from the history service log, a second server associated with the first server in response to determining that the availability of the target service of the first server is in a predetermined state, where the second server and the first server are servers for processing the target service, and the target service is a service performed by the first server for processing the target service.

The server call link determining module 420 is configured to determine a server call link based on the first server and the second server, where the server call link indicates a service access relationship between a plurality of servers in the service call link.

And the service access isolation module 430 is configured to perform service access isolation on the server call link.

According to an embodiment of the present disclosure, the second server determination module includes:

And a service identification information determining sub-module for determining at least one service identification information related to the first server from the history service log, wherein each service identification information in the at least one service identification information indicates identification information of a service processed by the first server.

The target service identification information determining sub-module is used for determining target service identification information of the target service from at least one service identification information based on service type information of the target service.

And the second server determining submodule is used for determining at least one second server from a plurality of third servers based on the target service identification information, wherein the plurality of third servers are servers recorded in the history service log.

According to an embodiment of the present disclosure, the server invoking the link determination module includes:

and the execution time information determining sub-module is used for determining the execution time information of the service executed by the server for processing the target service from the historical service log aiming at each server on the server call link.

And the service access relation determining sub-module is used for determining the service access relation among a plurality of servers on the server call link based on the execution time information.

The server call link determination submodule is used for determining a server call link based on a plurality of servers and service access relations.

According to an embodiment of the present disclosure, a service access isolation module includes:

and the target service port determining submodule is used for determining a target service port of the server for executing the target service for each server on the server call link.

The first service access isolation sub-module is used for isolating service access of a server call link by using a firewall technology based on the target service port.

According to an embodiment of the present disclosure, a target service port determination submodule includes:

A first service type information determining unit for determining, for each server on the server call link, service type information of the server for executing the target service from the history service log based on the server identification information of the server and the target service identification information.

The target service port determining unit is configured to determine, based on service type information of a server for executing a target service, a target service port from at least one service port in a service type information and port identification information mapping table, where the service type information and port identification information mapping table is pre-established, and the service type information and port identification information mapping table indicates a mapping relationship between the service type information and the service port.

The target service access path determination sub-module is used for determining a target service access path of the server for executing the target service for each server on the server call link.

And the second service access isolation sub-module is used for isolating service access of the server call link by utilizing a soft load balancing technology based on the target service access path.

According to an embodiment of the present disclosure, a target service access path determination submodule includes:

And a second service type information determining unit for determining, for each server on the server call link, service type information of the server for executing the target service from the history service log based on the server identification information of the server and the target service identification information.

The target service access path determining unit is configured to determine, based on service type information of a server for executing a target service, a target service access path from at least one service access path in a service type information and access path identification information mapping table, where the service type information and access path identification information mapping table is pre-established, and the service type information and access path identification information mapping table indicates a mapping relationship between the service type information and the service access path.

According to an embodiment of the present disclosure, the service access control apparatus further includes:

and the availability detection information sending module is used for periodically sending the availability detection information to the first server aiming at the target business service.

The availability is in a predetermined state determining module is used for determining that the availability of the target business service of the first server is in a predetermined state under the condition that the feedback information from the first server is not received for a predetermined number of times.

And the service access recovery module is used for responding to the determination that the availability detection of the target service of the first server is in the available state and calling the link to perform service access recovery on the server.

Any number of modules, sub-modules, units, sub-units, or at least some of the functionality of any number of the sub-units according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented as split into multiple modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in any other reasonable manner of hardware or firmware that integrates or encapsulates the circuit, or in any one of or a suitable combination of three of software, hardware, and firmware. Or one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be at least partially implemented as computer program modules, which, when executed, may perform the corresponding functions.

For example, any of the second server determination module 410, the server call link determination module 420, and the service access isolation module 430 may be combined in one module/unit/sub-unit or any of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Or at least some of the functionality of one or more of these modules/units/sub-units may be combined with at least some of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to embodiments of the present disclosure, at least one of the second server determination module 410, the server call link determination module 420, and the service access isolation module 430 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware, such as any other reasonable manner of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three. Or at least one of the second server determination module 410, the server call link determination module 420, and the service access isolation module 430 may be at least partially implemented as a computer program module which, when executed, performs the corresponding functions.

It should be noted that, in the embodiment of the present disclosure, the service access control device portion corresponds to the service access control method portion in the embodiment of the present disclosure, and the description of the service access control device portion specifically refers to the service access control method portion, which is not described herein again.

Fig. 5 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure. The computer system illustrated in fig. 5 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present disclosure.

As shown in fig. 5, a computer system 500 according to an embodiment of the present disclosure includes a processor 501, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. The processor 501 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 501 may also include on-board memory for caching purposes. The processor 501 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.

In the RAM 503, various programs and data required for the operation of the system 500 are stored. The processor 501, ROM 502, and RAM 503 are connected to each other by a bus 504. The processor 501 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 502 and/or the RAM 503. Note that the program may be stored in one or more memories other than the ROM 502 and the RAM 503. The processor 501 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.

According to an embodiment of the present disclosure, the system 500 may further include an input/output (I/O) interface 505, the input/output (I/O) interface 505 also being connected to the bus 504. The system 500 may also include one or more of the following components connected to the I/O interface 505: an input section 506 including a keyboard, a mouse, and the like; an output portion 507 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker, and the like; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The drive 510 is also connected to the I/O interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed so that a computer program read therefrom is mounted into the storage section 508 as needed.

According to embodiments of the present disclosure, the method flow according to embodiments of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 509, and/or installed from the removable media 511. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 501. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.

According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 502 and/or RAM 503 and/or one or more memories other than ROM 502 and RAM 503 described above.

Embodiments of the present disclosure also include a computer program product comprising a computer program comprising program code for performing the methods provided by the embodiments of the present disclosure, the program code for causing an electronic device to implement the XXX methods provided by the embodiments of the present disclosure when the computer program product is run on the electronic device.

The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 501. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, and/or installed from a removable medium 511 via the communication portion 509. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be combined in various combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.

The embodiments of the present disclosure are described above. These examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. A service access control method, comprising:

In response to determining that the availability of a target service of a first server is in a predetermined state, determining a second server associated with the first server from a historical service log, wherein the second server and the first server are servers for processing target services, respectively, and the target service is a service executed by the first server for processing the target service;

Determining a server call link based on the first server and the second server, wherein the server call link indicates a business access relationship between a plurality of servers in the service call link; and

And carrying out service access isolation on the server call link.

2. The method of claim 1, wherein the determining a second server associated with the first server from a historical traffic log comprises:

And determining the at least one second server from a plurality of third servers based on the target service identification information, wherein the plurality of third servers are servers recorded in the history service log.

3. The method of claim 1, wherein the determining a server call link based on the first server and the second server comprises:

Determining, for each server on the server call link, execution time information of the server for processing the service executed by the target service from the history service log;

And determining a server call link based on the plurality of servers and the service access relation.

4. The method of claim 1, wherein the traffic access isolation for the server call link comprises:

5. The method of claim 4, wherein the determining, for each server on the server call link, a target service port of the server for executing the target service comprises:

And determining the target service port from the at least one service port in a service type information and port identification information mapping table based on service type information of the server for executing the target service, wherein the service type information and port identification information mapping table is pre-established, and the service type information and port identification information mapping table indicates a mapping relationship between the service type information and the service port.

6. The method of claim 1, wherein the traffic access isolation for the server call link comprises:

determining, for each server on the server call link, a target service access path for the server for executing the target service; and

7. The method of claim 6, wherein the determining, for each server on the server call link, a target service access path for the server for executing the target service comprises:

And determining the target service access path from the at least one service access path in a service type information and access path identification information mapping table based on service type information of the server for executing the target service, wherein the service type information and access path identification information mapping table is pre-established, and the service type information and access path identification information mapping table indicates a mapping relationship between the service type information and the service access path.

8. The method of claim 1, further comprising:

In the event that it is determined that no feedback information is received from the first server a predetermined number of times, it is determined that the availability of the target business service of the first server is in the predetermined state.

9. The method of claim 1, further comprising:

And in response to determining that the availability detection of the target business service of the first server is in an available state, invoking a link for business access recovery to the server.

10. A service access control apparatus comprising:

11. An electronic device, comprising:

one or more processors;

A memory for storing one or more instructions,

Wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 9.

12. A computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to implement the method of any of claims 1 to 9.

13. A computer program product comprising computer executable instructions for implementing the method of any one of claims 1 to 9 when executed.