CN116033020B - Method, device, equipment and storage medium for enhancing physical gateway computing power - Google Patents
Method, device, equipment and storage medium for enhancing physical gateway computing power Download PDFInfo
- Publication number
- CN116033020B CN116033020B CN202211684591.XA CN202211684591A CN116033020B CN 116033020 B CN116033020 B CN 116033020B CN 202211684591 A CN202211684591 A CN 202211684591A CN 116033020 B CN116033020 B CN 116033020B
- Authority
- CN
- China
- Prior art keywords
- virtual private
- private network
- physical
- mapping table
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000002708 enhancing effect Effects 0.000 title claims abstract description 25
- 238000013507 mapping Methods 0.000 claims abstract description 70
- 238000004422 calculation algorithm Methods 0.000 claims description 10
- 230000005641 tunneling Effects 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 abstract description 16
- 238000004891 communication Methods 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 24
- 230000003287 optical effect Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000006855 networking Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method for enhancing the computing power of a physical gateway, and belongs to the technical field of communication. The method for enhancing the computing power of the physical gateway comprises the following steps: obtaining virtual private network configuration files corresponding to a plurality of physical gateways issued by a management system; establishing virtual private network mapping table items of N physical gateways according to the virtual private network configuration file, wherein N is an integer greater than 1, and the N physical gateways belong to the plurality of physical gateways; after the access request of the user terminal sent by any physical gateway is obtained, executing access control on the access request based on the virtual private network mapping table item. The method for enhancing the computing power of the physical gateway solves the problem of poor network convergence due to the fact that the functions of the physical gateway are less in the prior art.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a storage medium for enhancing computing power of a physical gateway.
Background
The physical gateway, such as Customer premises equipment (Customer PremisesEquipment, CPE), at the Customer side has a logical identity (Identity document, ID) that corresponds only to the Customer one-to-one, and does not change with the physical address (MEDIA ACCESS ControlAddress, MAC, interpreted as a media access control bit) of the physical gateway.
The physical gateway is connected with Bras/SR (broadband access server (Broadband Remote AccessServer, bras)), and a Service Router (SR) through an optical network. The optical network may be a passive optical network. The users (subscribers) may be home users, government users. A user has a unique user account number (e.g., point-to-Point Protocol overEthernet (PPPoE) account number on ethernet) in an operator business support system and a network management system, where the user account number corresponds to the logical ID one by one, and the user is uniquely identified. A customer may have one or more subscribers. The customer (e.g., a natural person or legal person) may be a home customer or a government enterprise customer.
Such as one (government) customer for one or more physical gateways, each physical gateway for a logical ID. When the physical gateway is replaced, the MAC address of the new physical gateway is changed, but the logic ID is unchanged, and the network management system (such as a remote management system) of an operator and the service support system update the corresponding relation between the MAC address and the logic ID. The logical ID consists of at least 2 bytes, the 1 st byte identifying the number of the physical gateway under the (government) client name, the remaining bytes identifying the ID of the government client.
The user, the data and the computing power are connected through a network, and the network and the computing power are fused to form a computing power network. CPE (such as home gateway or enterprise gateway) of user side is single in function, can fuse with the function of calculating power network relatively less, if strengthen the calculating power of CPE of user side alone, cause the wasting of resources because of the application scene is few again.
Content of the application
Therefore, the application provides a method, a device, equipment and a storage medium for enhancing the computing power of a physical gateway, so as to solve the problem of poor network convergence due to the fact that the functions of the physical gateway are less in the prior art.
To achieve the above object, a first aspect of the present application provides a method for enhancing computing power of a physical gateway, applied to a cloud gateway, including:
Obtaining virtual private network configuration files corresponding to a plurality of physical gateways issued by a management system;
Establishing virtual private network mapping table items of N physical gateways according to the virtual private network configuration file, wherein N is an integer greater than 1, and the N physical gateways belong to the plurality of physical gateways;
After the access request of the user terminal sent by any physical gateway is obtained, executing access control on the access request based on the virtual private network mapping table item.
Optionally, the virtual private network configuration file includes: the port number and the IP address of the virtual private network, the type of the virtual private network, an encryption algorithm and the logical identity of the user corresponding to the physical gateway;
The virtual private network mapping table entry comprises: the virtual private network type, the encryption algorithm, the IP address and the port number of the N physical gateways in the virtual private network.
Optionally, the virtual private network type includes at least one of: the second layer tunneling protocol, the internet key exchange protocol, and the internet protocol security.
Optionally, the establishing a virtual private network mapping table entry with the N physical gateways according to the virtual private network configuration file includes:
obtaining logical identity identifiers corresponding to the physical gateways from the virtual private network configuration file;
Analyzing the logic identity to obtain identity bytes, and obtaining the N physical gateways corresponding to the same identity byte;
And establishing virtual private network mapping table entries of the N physical gateways according to the virtual private network configuration file.
Optionally, the performing access control on the access request based on the virtual private network mapping table entry includes:
And based on the virtual private network mapping table entry, when the destination of the access request is determined to belong to the virtual private network mapping table entry, directly forwarding the access request to the physical gateway corresponding to the destination.
Optionally, the executing the access control on the access request based on the virtual private network mapping table item includes:
Based on the virtual private network mapping table item, when the destination of the access request is determined not to belong to the virtual private network mapping table item, resolving a domain name in the access request to obtain a destination IP address of a request access resource;
judging whether an edge data center stores the resource corresponding to the destination IP address according to the destination IP address of the resource access request;
If yes, returning the IP address of the resource in the edge data center to the user terminal;
otherwise, the destination IP address is returned to the user terminal.
Optionally, before the performing the access control on the access request based on the virtual private network mapping table entry, the method further includes:
If the destination address of the access request is determined to be allowed to be accessed based on a pre-configured access control list, executing the step of executing access control on the access request based on the virtual private network mapping table item;
And if the destination address of the access request is determined not to be allowed to be accessed based on a pre-configured access control list, returning prompt information of unsafe access to the user terminal, stopping executing the access control step based on the virtual private network mapping table item and executing the access control to the access request.
The second aspect of the present application provides a device for enhancing computing power of a physical gateway, which is applied to a cloud gateway, and comprises:
The configuration module is used for acquiring virtual private network configuration files corresponding to a plurality of physical gateways issued by the management system;
The network construction module is used for constructing virtual private network mapping table items of N physical gateways according to the virtual private network configuration file, wherein N is an integer greater than 1, and the N physical gateways belong to the plurality of physical gateways;
And the transmission module is used for executing access control on the access request based on the virtual private network mapping table entry after acquiring the access request of the user terminal sent by any physical gateway.
A third aspect of the present application provides an electronic apparatus, comprising:
One or more processors;
a memory having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement the method according to any of the first aspects;
one or more I/O interfaces coupled between the processor and the memory configured to enable information interaction of the processor with the memory.
A third aspect of the application provides a computer-readable medium having stored thereon a computer program which, when executed by a processor, implements a method according to any of the first aspects.
The application has the following advantages:
The cloud gateway establishes virtual private network mapping table entries of N physical gateways, the access request of the physical gateway is sent to the cloud gateway, the cloud gateway executes access control on the access request of the physical gateway based on the established virtual private network mapping table entries, so that partial functions of the physical gateway are transferred to the cloud gateway, the access control originally executed by the physical gateway is realized by utilizing rich resources of the cloud gateway, the resources of the cloud gateway are used by the physical gateway, and the computing power of the physical gateway is enhanced on the premise of not increasing the hardware cost of the physical gateway.
Drawings
The accompanying drawings are included to provide a further understanding of the application, and are incorporated in and constitute a part of this specification, illustrate the application and together with the description serve to explain, without limitation, the application.
Fig. 1 is a logic topology diagram of connection between a home network and a cloud gateway according to an embodiment of the present application;
Fig. 2 is a schematic diagram of physical gateway and cloud gateway networking provided in an embodiment of the present application;
FIG. 3 is a flowchart of a method for enhancing computing power of a physical gateway according to an embodiment of the present application;
Fig. 4 is a schematic diagram of a domain name resolution flow provided in an embodiment of the present application;
Fig. 5 is a schematic structural diagram of a device for enhancing computing power of a physical gateway according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following describes specific embodiments of the present application in detail with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the application, are not intended to limit the application.
As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used herein, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
When the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and the present application and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The embodiment of the application provides a method for enhancing the computing power of a physical gateway, which is applied to a cloud gateway.
The cloud gateway is located at the network side and can be in a server form, and the cloud gateway is exemplarily implemented by adopting a container technology and a network virtualization technology, and virtualized 'cloud gateways' corresponding to physical gateways with different logic IDs run in different containers. The main functions of the physical gateway include physical layer and data link layer functions, and functions of a part of the IP layer and above.
In the embodiment of the application, the logic topology of the connection between the home network and the cloud gateway is shown in fig. 1. The IP layer of the physical gateway and the functions of the layers above the IP layer are deployed in a cloud gateway in a containerization mode by adopting a virtualization technology, wherein the cloud gateway is positioned in an edge data center of the metropolitan area network. Wherein, the functions of the IP layer and above mainly include: VPN service configuration, classification of broadband internet traffic, diversion and other functions; domain Name System (DNS); and managing the terminal hung under the physical gateway. Terminals (e.g., smartphones, personal computers, etc.) in the home network of the user are connected to the telecommunications access network through a physical gateway (e.g., a home gateway, or enterprise gateway). Under the optical access scene, the physical gateway can be in the form of an optical network unit (Optical Network Unit, ONU), the ONU is connected with an optical cable terminal (optical LINE TERMINAL, OLT) at a network side through an optical distribution network, and then is connected to the Internet through a cloud gateway, bras and a Core Router (CR), the access of the user home intranet to network resources can be realized according to the logic topology, the access of the user home intranet is controlled by the cloud gateway, and the physical gateway can utilize the network resources of the cloud gateway.
In the embodiment of the application, the cloud gateway initiates a PPPoE dialing request to the special Bras to perform broadband authentication in the special Bras. Fig. 2 is a schematic diagram of networking of a physical gateway and a cloud gateway, wherein the cloud gateway interfaces with a service support system on one hand to provide configuration management and service monitoring for service opening; on the other hand, the interfacing network management system (such as a service arrangement system of a cloud gateway, a comprehensive network management system and the like) is realized: the physical gateway and the cloud gateway establish a virtual private network; accurately identifying and shunting the traffic, directly terminating the traffic accessing the local edge cloud in an edge data center, completing traffic forwarding of the traffic accessing the third party acceleration service by interfacing a third party access point (POP point), and forwarding the traffic of the common Internet to Internet access through an original path; and the cloud gateway performs access control on the access request transmitted by the physical gateway. The cloud gateway is connected with the existing BRAS equipment of the metropolitan area network, the BRAS guides the user traffic of the cloud gateway in the coverage area of the BRAS into the cloud gateway, and the related user PPPoE authentication and the common Internet traffic convergence forwarding keep using the original BRAS equipment. The networking scheme is closer to the logic topological structure of FIG. 1, the flow revolution is less, and the network construction cost is lower; the cloud of the lower edge of the networking scheme is closer to the user, so that the perception of application services on the cloud of the user can be further improved, and the local termination of local traffic is realized.
As shown in fig. 3, the detailed method flow for enhancing the computing power of the physical gateway mainly includes the following steps 301-303:
step 301, a cloud gateway acquires virtual private network configuration files corresponding to a plurality of physical gateways issued by a management system.
The plurality of physical gateways are at least one physical gateway for constructing the VPN, and can be one or more.
The management system generates a virtual private network configuration file for each physical gateway of the VPN to be built.
In an exemplary embodiment, the management system may be a network management system or a remote management system. The corresponding relation between the physical identification of each managed physical gateway and the logical ID of the user is stored in the management system, wherein the logical ID consists of at least two bytes, the first byte identifies the number of the physical gateway under the name of the government enterprise client (customer), and the other bytes identify the IDs of the government enterprise client.
The management system issues VPN configuration information for the physical gateway, wherein the VPN configuration information comprises VPN configuration files, and a VPN between the physical gateway and the cloud gateway is established through the VPN configuration files. In the management system, a logical ID of a user is used to uniquely identify a user, and a VPN configuration file issued to a physical gateway is in one-to-one correspondence with the logical ID of the user. Typically, a logical ID uniquely corresponds to a VPN profile. When the VPN configuration file is issued to the physical gateway, the TR069 protocol family of broadband forum (BBF) is adopted.
The VPN configuration file issued to the physical gateway includes: port number and IP address of VPN; a VPN type; a user name/password; VPN remote ID, local (home) ID, server address (cloud gateway IP address in this embodiment), etc.
Wherein the VPN type includes at least one of: layer two tunneling protocol (Layer Two Tunneling Protocol, L2 TP), internet key Exchange protocol Version 2 (INTERNET KEY Exchange Version 2, ikev 2), internet protocol security (Internet Protocol Security, IPSec), and the like.
In an exemplary embodiment, the network management system issues VPN configuration files corresponding to a plurality of physical gateways to be configured into a VPN to the cloud gateway. In an exemplary embodiment, the virtual private network configuration file issued by the management system for the cloud gateway includes: the port number and IP address of the virtual private network, the type of the virtual private network, the encryption algorithm and the logical identity of the user corresponding to the physical gateway.
Step 302, the cloud gateway establishes virtual private network mapping table entries of N physical gateways according to the virtual private network configuration file, N is an integer greater than 1, and the N physical gateways belong to a plurality of physical gateways.
In an exemplary embodiment, the N physical gateways belong to the same government and enterprise user, that is, the cloud gateway identifies N physical gateways belonging to the same government and enterprise user according to the logical IDs in each VPN configuration file, and maps VPN mapping entries between the N physical gateways. Specifically, the cloud gateway establishes virtual private network mapping table entries of the cloud gateway and the N physical gateways according to the virtual private network configuration file, including: obtaining logical identity identifiers corresponding to a plurality of physical gateways from the virtual private network configuration file; analyzing the logic identity to obtain identity bytes, and obtaining the N physical gateways corresponding to the same identity byte; and establishing virtual private network mapping table entries of the N physical gateways according to the virtual private network configuration file. The first byte identifies the number of the physical gateway under the client name of the government enterprise, and the logical IDs of the N physical gateways all contain the same first byte, which may be a high-order byte.
The cloud gateway extracts a plurality of logic IDs from a plurality of configured virtual private network configuration files, analyzes bytes used for identifying the enterprise client IDs in the plurality of logic IDs, and obtains N physical gateways with the bytes of the same enterprise client ID through comparison, wherein N is an integer larger than 1. The cloud gateway establishes VPN mapping table entries of the N physical gateways. Based on the VPN mapping table item, the data among N physical gateways of the same government and enterprise user can be forwarded through VPN without needing to pass through a metropolitan area network. Wherein the physical gateway of the same government enterprise user adopts the VPN of the same type.
In an exemplary embodiment, the virtual private network mapping table entry includes: the virtual private network type, the encryption algorithm, and the IP address and the port number of each of N physical gateways in the virtual private network.
Step 303, after the cloud gateway obtains the access request of the user terminal sent by any physical gateway, based on the mapping table item of the virtual private network, executing the access control on the access request.
Any physical gateway may be any one of the N physical gateways, or any other physical gateway other than the N physical gateways.
In an exemplary embodiment, the cloud gateway performs access control for the access request based on the virtual private network mapping table entry, including: and based on the virtual private network mapping table entry, when the destination of the access request is determined to belong to the virtual private network mapping table entry, directly forwarding the access request to the physical gateway corresponding to the destination. The cloud gateway directly forwards the access request belonging to the VPN mapping table according to the IP address and the port number corresponding to the destination in the mapping table, and directly completes access in the VPN without sending the access request to the metropolitan area network, thereby reducing traffic occupation of the metropolitan area network.
When determining that the destination of the access request belongs to the virtual private network mapping table entry, the cloud gateway may be: after the cloud gateway decrypts the access request according to the encryption algorithm in the virtual private network mapping table entry, the VPN type carried in the access request is obtained, after the VPN type carried in the access request is the same as the VPN type in the virtual private network mapping table entry, the destination IP and the port number carried in the access request are compared with the IP and the port number of each physical gateway in the VPN mapping table entry, and when the matched physical gateway exists, the destination of the access request is determined to belong to the virtual private network mapping table entry. And the cloud gateway forwards the access request according to the IP address and the port number of the matched physical gateway.
In an exemplary embodiment, the cloud gateway performs a response operation to the access request based on the virtual private network mapping table item, including: the cloud gateway analyzes the domain name in the access request to obtain a destination IP address of the request access resource when determining that the destination of the access request does not belong to the virtual private network mapping table item based on the virtual private network mapping table item; judging whether an edge data center stores the resource corresponding to the target IP address according to the target IP address of the resource access request; if yes, returning the IP address of the resource in the edge data center to the user terminal; otherwise, the destination IP address is returned to the user terminal. And the content stored in the edge data center, such as web services, videos and other applications, is directly obtained from the edge data center by the cloud gateway control terminal, so that the flow of the metropolitan area network is reduced, and the time delay is reduced.
The cloud gateway has a Domain name system (Domain NAME SYSTEM, DNS) function, and performs Domain name resolution and resource judgment after receiving a Domain name (such as a Domain name of an application such as web service, video, etc.) of an access request of a terminal hung under the physical gateway; if the edge data center has the resource, the cloud gateway returns the IP address of the corresponding resource in the edge data center to the terminal, and the terminal directly acquires the IP address from the edge data center, so that the flow of the metropolitan area network is reduced; if the resource is not deployed at the edge data center, the cloud gateway either requests domain name resolution from the superior DNS server or returns the IP address of the resource for the other data center.
For example, as shown in fig. 4, the terminal requests to access an application a with a domain name of "a.com", the application of "a.com" has a deployment in an edge data center and a core data center, the cloud gateway judges an access request of broadband network access when a user, the cloud gateway returns an address "10.2.3.5" of "a.com" in the edge data center after resolving a domain name, and the terminal accesses the application of the edge data center according to "10.2.3.5" resolved by the cloud gateway DNS. The terminal accesses application B of "b.com", which is not deployed in the edge data center, and the DNS resolution address in the cloud gateway is only "211.30.1.4", i.e. the address is returned to the terminal, and the terminal accesses "211.30.1.4". The signal flows 1,2,3 on the left side of the figure correspond to the access procedure of application B, and the signal flows 1,2,3 on the right side of the figure correspond to the access procedure of application a.
In an exemplary embodiment, before the cloud gateway performs the response operation to the access request based on the virtual private network mapping table entry, the method further includes: if the cloud gateway determines that the destination address of the access request is allowed to be accessed based on a pre-configured access control list, executing the response operation to the access request based on the virtual private network mapping table item; and if the destination address of the access request is determined not to be allowed to be accessed based on a pre-configured access control list, returning prompt information of unsafe access to the user terminal, stopping executing the response operation to the access request based on the virtual private network mapping table item.
The access control list may be a blacklist including a destination address list for which access is prohibited, a whitelist including a destination address list for which access is permitted, or both. For example, after receiving a domain name or an IP address of an access request of a terminal hung under a physical gateway, the cloud gateway searches a blacklist table entry, if the domain name or the IP address is in the blacklist, DNS resolution and forwarding are refused, and an unsafe prompt message of the access request is returned to the terminal.
In the embodiment of the application, the cloud gateway establishes the virtual private network mapping table entries of N physical gateways, the access request of the physical gateway is sent to the cloud gateway, and the cloud gateway executes the access control of the access request of the physical gateway based on the established virtual private network mapping table entries, so that part of functions of the physical gateway are transferred to the cloud gateway, and the access control originally executed by the physical gateway is realized by utilizing rich resources of the cloud gateway, thereby using the resources of the cloud gateway for the physical gateway, and enhancing the calculation power of the physical gateway on the premise of not increasing the hardware cost of the physical gateway.
The above steps of the methods are divided, for clarity of description, and may be combined into one step or split into multiple steps when implemented, so long as they include the same logic relationship, and they are all within the protection scope of this patent; it is within the scope of this patent to add insignificant modifications to the algorithm or flow or introduce insignificant designs, but not to alter the core design of its algorithm and flow.
The embodiment of the application provides a method for enhancing the computing power of a physical gateway, which is applied to the physical gateway and mainly comprises the following steps: acquiring a virtual private network configuration file issued by a management system; and sending an access request to a cloud gateway according to the virtual private network configuration file.
Wherein, the virtual private network configuration file issued by the management system to the physical gateway comprises: port number and IP address of VPN; a VPN type; a user name/password; VPN remote ID, local (home) ID, server address (cloud gateway IP address in this embodiment), etc.
Wherein the VPN type includes at least one of: layer two tunneling protocol (Layer Two Tunneling Protocol, L2 TP), internet key Exchange protocol Version 2 (INTERNET KEY Exchange Version 2, ikev 2), internet protocol security (Internet Protocol Security, IPSec), and the like.
The embodiment of the application provides a method for enhancing the computing power of a physical gateway, which is applied to a management system and mainly comprises the following steps:
respectively issuing respective VPN configuration files to a physical gateway and a cloud gateway;
the virtual private network configuration file issued by the management system for the cloud gateway comprises the following steps: the port number and the IP address of the virtual private network, the type of the virtual private network, an encryption algorithm and the logical identity of the user corresponding to the physical gateway;
The virtual private network configuration file issued by the management system to the physical gateway comprises: port number and IP address of VPN; a VPN type; a user name/password; VPN remote ID, local (home) ID, server address (cloud gateway IP address in this embodiment), etc.
The physical gateway establishes an encrypted VPN tunnel between the local gateway, the cloud gateway and the remote ID through the parameters configured in the configured virtual private network configuration file, sends an access request to the cloud gateway through the VPN tunnel, and performs access control by the cloud gateway according to the parameters configured in the configured virtual private network configuration file.
The embodiment of the application provides a device for enhancing the computing power of a physical gateway, which is applied to a cloud gateway, and the specific implementation of the device can be seen from the specific description of the cloud gateway in the embodiment of the method, and is not repeated here. As shown in fig. 5, the apparatus mainly includes:
the configuration module 501 is configured to obtain configuration files of the virtual private network corresponding to a plurality of physical gateways issued by the management system;
The network creation module 502 is configured to create virtual private network mapping table entries of N physical gateways according to the virtual private network configuration file, where N is an integer greater than 1, and the N physical gateways belong to the plurality of physical gateways;
And a transmission module 503, configured to execute access control on the access request based on the virtual private network mapping table entry after obtaining the access request of the user terminal sent by any physical gateway.
The functions or modules included in the apparatus provided by the embodiments of the present application may be used to perform the method described in the method embodiment of the first aspect, and the specific implementation and technical effects thereof may refer to the description of the method embodiment of the foregoing, which is not repeated herein for brevity.
In this embodiment, each module is a logic module, and in practical application, one logic unit may be one physical unit, or may be a part of one physical unit, or may be implemented by a combination of a plurality of physical units. In addition, in order to highlight the innovative part of the present application, units that are not so close to solving the technical problem presented by the present application are not introduced in the present embodiment, but this does not indicate that other units are not present in the present embodiment.
Referring to fig. 6, an embodiment of the present application provides an electronic device including:
One or more processors 601;
a memory 602 having one or more programs stored thereon, which when executed by one or more processors cause the one or more processors to implement the method of enhancing physical gateway computing power of any of the above;
One or more I/O interfaces 603, coupled between the processor and the memory, are configured to enable information interaction of the processor with the memory.
Wherein the processor 601 is a device having data processing capabilities including, but not limited to, a Central Processing Unit (CPU) or the like; memory 602 is a device with data storage capability including, but not limited to, random access memory (RAM, more specifically SDRAM, DDR, etc.), read-only memory (ROM), electrically charged erasable programmable read-only memory (EEPROM), FLASH memory (FLASH); an I/O interface (read/write interface) 603 is connected between the processor 601 and the memory 602, and enables information interaction between the processor 601 and the memory 602, including but not limited to a data Bus (Bus) or the like.
In some embodiments, processor 601, memory 602, and I/O interface 603 are interconnected by a bus to further connect with other components of a computing device.
The present embodiment also provides a computer readable medium, on which a computer program is stored, where the program when executed by a processor implements the method for enhancing the computing power of a physical gateway provided in the present embodiment, and in order to avoid repetitive description, specific steps of the method for enhancing the computing power of a physical gateway are not described herein.
Those of ordinary skill in the art will appreciate that all or some of the steps in the methods, systems, functional modules/units in the apparatus as applied above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the embodiments and form different embodiments.
It is to be understood that the above embodiments are merely illustrative of the application of the principles of the present application, but not in limitation thereof. Various modifications and improvements may be made by those skilled in the art without departing from the spirit and substance of the application, and are also considered to be within the scope of the application.
Claims (7)
1. A method for enhancing computing power of a physical gateway, which is applied to a cloud gateway, comprising:
Obtaining virtual private network configuration files corresponding to a plurality of physical gateways issued by a management system;
Establishing virtual private network mapping table items of N physical gateways according to the virtual private network configuration file, wherein N is an integer greater than 1, and the N physical gateways belong to the plurality of physical gateways;
After an access request of a user terminal sent by any physical gateway is obtained, executing access control on the access request based on the virtual private network mapping table item;
Wherein, the establishing virtual private network mapping table entries of the N physical gateways according to the virtual private network configuration file includes:
obtaining logical identity identifiers corresponding to the physical gateways from the virtual private network configuration file;
Analyzing the logic identity to obtain identity bytes, and obtaining the N physical gateways corresponding to the same identity byte;
Establishing virtual private network mapping table items of the N physical gateways according to the virtual private network configuration file;
wherein the performing access control for the access request based on the virtual private network mapping table entry includes:
based on the virtual private network mapping table entry, when the destination of the access request is determined to belong to the virtual private network mapping table entry, directly forwarding the access request to the physical gateway corresponding to the destination;
Based on the virtual private network mapping table item, when the destination of the access request is determined not to belong to the virtual private network mapping table item, resolving a domain name in the access request to obtain a destination IP address of a request access resource;
Judging whether an edge center stores the resource corresponding to the destination IP address according to the destination IP address of the resource access request;
If yes, returning the IP address of the resource in the edge center to the user terminal;
otherwise, the destination IP address is returned to the user terminal.
2. The method for enhancing physical gateway computing power according to claim 1, wherein the virtual private network configuration file comprises: the port number and the IP address of the virtual private network, the type of the virtual private network, an encryption algorithm and the logical identity of the user corresponding to the physical gateway;
The virtual private network mapping table entry comprises: the virtual private network type, the encryption algorithm, the IP address and the port number of the N physical gateways in the virtual private network.
3. The method of enhancing physical gateway computing power of claim 2, wherein the virtual private network type comprises at least one of: the second layer tunneling protocol, the internet key exchange protocol, and the internet protocol security.
4. The method of enhancing physical gateway computing power of claim 1, wherein prior to performing access control of the access request based on the virtual private network mapping table entry, the method further comprises:
If the destination address of the access request is determined to be allowed to be accessed based on a pre-configured access control list, executing the step of executing access control on the access request based on the virtual private network mapping table item;
And if the destination address of the access request is determined not to be allowed to be accessed based on a pre-configured access control list, returning prompt information of unsafe access to the user terminal, stopping executing the access control step based on the virtual private network mapping table item and executing the access control to the access request.
5. An apparatus for enhancing computing power of a physical gateway, applied to a cloud gateway, comprising:
The configuration module is used for acquiring virtual private network configuration files corresponding to a plurality of physical gateways issued by the management system;
The network construction module is used for constructing virtual private network mapping table items of N physical gateways according to the virtual private network configuration file, wherein N is an integer greater than 1, and the N physical gateways belong to the plurality of physical gateways; wherein, the establishing virtual private network mapping table entries of the N physical gateways according to the virtual private network configuration file includes: obtaining logical identity identifiers corresponding to the physical gateways from the virtual private network configuration file; analyzing the logic identity to obtain identity bytes, and obtaining the N physical gateways corresponding to the same identity byte; establishing virtual private network mapping table items of the N physical gateways according to the virtual private network configuration file;
the transmission module is used for executing access control on the access request based on the virtual private network mapping table item after acquiring the access request of the user terminal sent by any physical gateway; wherein the performing access control for the access request based on the virtual private network mapping table entry includes: based on the virtual private network mapping table entry, when the destination of the access request is determined to belong to the virtual private network mapping table entry, directly forwarding the access request to the physical gateway corresponding to the destination; based on the virtual private network mapping table item, when the destination of the access request is determined not to belong to the virtual private network mapping table item, resolving a domain name in the access request to obtain a destination IP address of a request access resource; judging whether an edge center stores the resource corresponding to the destination IP address according to the destination IP address of the resource access request; if yes, returning the IP address of the resource in the edge center to the user terminal; otherwise, the destination IP address is returned to the user terminal.
6. An electronic device, comprising:
One or more processors;
A memory having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-4;
one or more I/O interfaces coupled between the processor and the memory configured to enable information interaction of the processor with the memory.
7. A computer readable medium having stored thereon a computer program which, when executed by a processor, implements a method according to any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211684591.XA CN116033020B (en) | 2022-12-27 | 2022-12-27 | Method, device, equipment and storage medium for enhancing physical gateway computing power |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211684591.XA CN116033020B (en) | 2022-12-27 | 2022-12-27 | Method, device, equipment and storage medium for enhancing physical gateway computing power |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116033020A CN116033020A (en) | 2023-04-28 |
| CN116033020B true CN116033020B (en) | 2024-05-10 |
Family
ID=86077240
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211684591.XA Active CN116033020B (en) | 2022-12-27 | 2022-12-27 | Method, device, equipment and storage medium for enhancing physical gateway computing power |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116033020B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1864439A1 (en) * | 2005-03-28 | 2007-12-12 | KTFreetel Co., Ltd. | Method for mobile node's connection to virtual private network using mobile ip |
| CN101399742A (en) * | 2007-09-28 | 2009-04-01 | 中国移动通信集团公司 | Data service network system and access method of data service |
| CN104753930A (en) * | 2015-03-17 | 2015-07-01 | 成都盛思睿信息技术有限公司 | Cloud desktop management system based on security gateway and security access control method thereof |
| CN106027354A (en) * | 2016-05-19 | 2016-10-12 | 杭州迪普科技有限公司 | Backflow method and device for VPN (Virtual Private Network) client |
| CN107171857A (en) * | 2017-06-21 | 2017-09-15 | 杭州迪普科技股份有限公司 | A kind of network virtualization method and apparatus based on user's group |
| CN107317792A (en) * | 2016-03-30 | 2017-11-03 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus for realizing access control in virtual proprietary network |
| CN107547404A (en) * | 2017-07-31 | 2018-01-05 | 新华三技术有限公司 | Flow table generation method and device and message forwarding method and device |
| CN108886540A (en) * | 2018-06-13 | 2018-11-23 | 深圳前海达闼云端智能科技有限公司 | Domain name resolution method, device and computer readable storage medium |
| CN109587290A (en) * | 2019-01-04 | 2019-04-05 | 平安科技(深圳)有限公司 | A kind of method and relevant apparatus of domain name mapping |
| CN110493337A (en) * | 2019-08-16 | 2019-11-22 | 武汉麦品科技有限公司 | Data access method, gateway, system, storage medium and device |
| CN111800468A (en) * | 2020-06-05 | 2020-10-20 | 腾讯科技(深圳)有限公司 | Cloud-based multi-cluster management method, device, medium and electronic equipment |
| CN114422283A (en) * | 2021-12-31 | 2022-04-29 | 中国电信股份有限公司 | Tenant isolation method, network virtual switching system and storage medium |
| CN114726773A (en) * | 2022-03-23 | 2022-07-08 | 阿里云计算有限公司 | Cloud network system, message forwarding method, chip and cloud gateway equipment |
| CN114760652A (en) * | 2022-04-19 | 2022-07-15 | 周徐 | Full wireless peer edge computing power network method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090271523A1 (en) * | 2007-11-30 | 2009-10-29 | Darrell Gentry | System, Method and Software for Using One Computer Network to Bypass a Portion of Another Computer Network |
| CN104579887A (en) * | 2013-10-16 | 2015-04-29 | 宇宙互联有限公司 | Cloud gateway as well as cloud gateway creation and configuration system and method |
| US11102147B2 (en) * | 2019-04-02 | 2021-08-24 | Elear Solutions Tech Private Limited | Method and system for managing access to a resource in a decentralized peer-to-peer network |
-
2022
- 2022-12-27 CN CN202211684591.XA patent/CN116033020B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1864439A1 (en) * | 2005-03-28 | 2007-12-12 | KTFreetel Co., Ltd. | Method for mobile node's connection to virtual private network using mobile ip |
| CN101399742A (en) * | 2007-09-28 | 2009-04-01 | 中国移动通信集团公司 | Data service network system and access method of data service |
| CN104753930A (en) * | 2015-03-17 | 2015-07-01 | 成都盛思睿信息技术有限公司 | Cloud desktop management system based on security gateway and security access control method thereof |
| CN107317792A (en) * | 2016-03-30 | 2017-11-03 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus for realizing access control in virtual proprietary network |
| CN106027354A (en) * | 2016-05-19 | 2016-10-12 | 杭州迪普科技有限公司 | Backflow method and device for VPN (Virtual Private Network) client |
| CN107171857A (en) * | 2017-06-21 | 2017-09-15 | 杭州迪普科技股份有限公司 | A kind of network virtualization method and apparatus based on user's group |
| CN107547404A (en) * | 2017-07-31 | 2018-01-05 | 新华三技术有限公司 | Flow table generation method and device and message forwarding method and device |
| CN108886540A (en) * | 2018-06-13 | 2018-11-23 | 深圳前海达闼云端智能科技有限公司 | Domain name resolution method, device and computer readable storage medium |
| CN109587290A (en) * | 2019-01-04 | 2019-04-05 | 平安科技(深圳)有限公司 | A kind of method and relevant apparatus of domain name mapping |
| CN110493337A (en) * | 2019-08-16 | 2019-11-22 | 武汉麦品科技有限公司 | Data access method, gateway, system, storage medium and device |
| CN111800468A (en) * | 2020-06-05 | 2020-10-20 | 腾讯科技(深圳)有限公司 | Cloud-based multi-cluster management method, device, medium and electronic equipment |
| CN114422283A (en) * | 2021-12-31 | 2022-04-29 | 中国电信股份有限公司 | Tenant isolation method, network virtual switching system and storage medium |
| CN114726773A (en) * | 2022-03-23 | 2022-07-08 | 阿里云计算有限公司 | Cloud network system, message forwarding method, chip and cloud gateway equipment |
| CN114760652A (en) * | 2022-04-19 | 2022-07-15 | 周徐 | Full wireless peer edge computing power network method and device |
Non-Patent Citations (1)
| Title |
|---|
| 电信运营商的多云接入网络架构及其技术实现;程德怿;乔健;;电信工程技术与标准化;20200315(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116033020A (en) | 2023-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103580980B (en) | The method and device thereof that virtual network finds and automatically configures automatically | |
| US9967237B2 (en) | Systems and methods for implementing a layer two tunnel for personalized service functions | |
| US9331998B2 (en) | Dynamic secured network in a cloud environment | |
| US6622220B2 (en) | Security-enhanced network attached storage device | |
| CN107819732B (en) | Method and device for user terminal to access local network | |
| US8094663B2 (en) | System and method for authentication of SP ethernet aggregation networks | |
| CN101141492B (en) | Method and system for implementing DHCP address safety allocation | |
| CN107046506B (en) | Message processing method, flow classifier and service function example | |
| JP2004013778A (en) | Secure storage system | |
| WO2018019299A1 (en) | Virtual broadband access method, controller, and system | |
| US20130227673A1 (en) | Apparatus and method for cloud networking | |
| US20170279689A1 (en) | Software defined network controller for implementing tenant specific policy | |
| CN109617753B (en) | Network platform management method, system, electronic equipment and storage medium | |
| US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
| CN108200039B (en) | Non-perception authentication and authorization system and method based on dynamic establishment of temporary account password | |
| US9553861B1 (en) | Systems and methods for managing access to services provided by wireline service providers | |
| US20210266234A1 (en) | Over The Top Access Framework and Distributed NFVI Architecture | |
| WO2020029793A1 (en) | Internet access behavior management system, device and method | |
| US20150049643A1 (en) | Method and apparatus for providing default services to prospective subscribers in a communication network | |
| CN116033020B (en) | Method, device, equipment and storage medium for enhancing physical gateway computing power | |
| US11757827B2 (en) | Network security from host and network impersonation | |
| US9319416B2 (en) | Priority based radius authentication | |
| CN100477609C (en) | Method for implementing dedicated network access | |
| CN109962831B (en) | Virtual client terminal device, router, storage medium, and communication method | |
| US9684774B2 (en) | Flexible authentication using multiple radius AVPs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |