CN116647572A - Access endpoint switching method, device, electronic equipment and storage medium - Google Patents
Access endpoint switching method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116647572A CN116647572A CN202310925785.2A CN202310925785A CN116647572A CN 116647572 A CN116647572 A CN 116647572A CN 202310925785 A CN202310925785 A CN 202310925785A CN 116647572 A CN116647572 A CN 116647572A
- Authority
- CN
- China
- Prior art keywords
- access
- endpoint
- client
- access endpoint
- switching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 103
- 238000003860 storage Methods 0.000 title claims abstract description 40
- 230000002159 abnormal effect Effects 0.000 claims abstract description 81
- 238000004891 communication Methods 0.000 claims description 138
- 230000006854 communication Effects 0.000 claims description 136
- 230000000903 blocking effect Effects 0.000 claims description 110
- 238000001514 detection method Methods 0.000 claims description 50
- 230000004044 response Effects 0.000 claims description 37
- 238000005516 engineering process Methods 0.000 abstract description 17
- 230000000414 obstructive effect Effects 0.000 abstract 1
- 230000008569 process Effects 0.000 description 40
- 230000006870 function Effects 0.000 description 24
- 239000003795 chemical substances by application Substances 0.000 description 18
- 238000010586 diagram Methods 0.000 description 18
- 230000008859 change Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 8
- 238000013475 authorization Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000007704 transition Effects 0.000 description 6
- 230000002688 persistence Effects 0.000 description 5
- 230000007613 environmental effect Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000005856 abnormality Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 239000008186 active pharmaceutical agent Substances 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005094 computer simulation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011981 development test Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/101—Server selection for load balancing based on network conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1034—Reaction to server failures by a load balancer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The application discloses an access endpoint switching method, an access endpoint switching device, electronic equipment and a storage medium. The embodiment of the application relates to the technical fields of cloud technology and the like. The method comprises the following steps: determining that the abnormal access proportion of the key service interface in the first access endpoint exceeds a target proportion threshold according to the access information of the service interface in the first access endpoint which is accessed by the client in the target period, determining that the network environment of the terminal is normal according to the actual running environment information of the terminal where the client is located, and determining the corresponding obstructive indexes of a plurality of preset access endpoints; determining a second access endpoint from a plurality of preset access endpoints; switching a connection from a first access endpoint to a second access endpoint. The method can accurately determine that the first access endpoint is abnormal and the terminal network is normal, thereby accurately determining that the client needs to switch the access endpoint and is connected to the second access endpoint, and improving the success rate of switching the access endpoints.
Description
Technical Field
The present application relates to the field of cloud technologies, and in particular, to a method and apparatus for switching access endpoints, an electronic device, and a storage medium.
Background
Multi-set image deployment is one of deployment strategies of a multi-set deployment scheme, generally refers to deploying copies of the same application or service on a plurality of different servers or instances (servers where copies of the application or service are deployed are also called access endpoints), and through this deployment scheme, the purposes of improving the availability and reliability of the system, and simultaneously achieving load balancing and improving fault tolerance are expected to be achieved.
In multi-set mirror deployment, in order to ensure performance and reliability, a server side distributes network traffic among a plurality of access endpoints through a load balancer, and if an access endpoint is abnormal, the load balancer can automatically divert a request initiated by a terminal to other access endpoints with normal running states.
However, with the existing method, it is difficult to determine whether an access endpoint is abnormal, resulting in a situation where access failure occurs when a terminal accesses a new access endpoint.
Disclosure of Invention
In view of the above, the embodiments of the present application provide a method, an apparatus, an electronic device, and a storage medium for switching access endpoints.
In a first aspect, an embodiment of the present application provides an access endpoint switching method, applied to a client, where the method includes: acquiring actual running environment information of a terminal where a client is located and access information of a service interface in a first access endpoint which is accessed by the client currently in a target period; if the abnormal access proportion of the key service interface in the first access endpoint exceeds the target proportion threshold value according to the access information of the service interface in the first access endpoint, and the network environment of the terminal is normal according to the actual operation environment information, determining the corresponding blocking indexes of a plurality of preset access endpoints, wherein the blocking indexes of the preset access endpoints are used for indicating the network blocking degree between the preset access endpoints and the client; determining a second access endpoint from the preset access endpoints according to the respective blocking indexes of the preset access endpoints, wherein the blocking index corresponding to the second access endpoint is lower than a blocking index threshold; switching a connection from a first access endpoint to a second access endpoint.
In a second aspect, an embodiment of the present application provides an access endpoint switching apparatus, applied to a client, where the apparatus includes: the acquisition module is used for acquiring the actual running environment information of the terminal where the client is located and the access information of the service interface in the first access endpoint which is accessed by the client currently in the target period; the first determining module is used for determining that the abnormal access proportion of the key service interface in the first access endpoint exceeds a proportion threshold according to the access information of the service interface in the first access endpoint, determining that the network environment of the terminal is normal according to the actual operation environment information, and determining the corresponding blocking index of each of a plurality of preset access endpoints, wherein the blocking index corresponding to the preset access endpoint is used for indicating the network blocking degree between the preset access endpoint and the client; the second determining module is used for determining a second access endpoint from the preset access endpoints according to the respective blocking indexes of the preset access endpoints, wherein the blocking index of the second access endpoint is lower than a blocking index threshold; and the switching module is used for switching connection from the first access endpoint to the second access endpoint.
Optionally, the second determining module is further configured to determine, from the plurality of preset access endpoints, a plurality of third access endpoints with an obstruction index lower than the obstruction index threshold according to the obstruction index of each of the plurality of preset access endpoints; determining a degree of association index between each third access endpoint and the client; and determining the second access endpoint from the plurality of third access endpoints according to the association degree index between each third access endpoint and the client.
Optionally, the acquiring module is further configured to determine an abnormal service interface that meets an abnormal access condition according to access information of the service interface in the first access endpoint; the abnormal access condition includes at least one of: the duration time of the continuous access exception in the target period exceeds a preset period threshold, the number of access sessions of the continuous access exception in the target period exceeds a session number threshold, the number of sessions which are not accessed in the target period is larger than a first proportion threshold, the ratio of the size of the time period of the continuous access exception in the target period to the target period is larger than a second proportion threshold, the number of times of network delay exceeding an expected value for an access endpoint in the target period exceeds a preset number of times, and the ratio of access specific abnormal network error codes for a service interface in the target period exceeds a third proportion threshold; if the abnormal service interface comprises the appointed key service interface, determining the duty ratio of the appointed key service interface in the abnormal service interface as the abnormal access proportion of the key service interface in the first access endpoint.
Optionally, the switching module is further configured to determine an actual connection stability between the client and the second access endpoint; if the actual communication stability between the client and the second access endpoint meets the communication standard, the client and the second access endpoint are kept connected.
Optionally, the device further includes a state switching module, configured to control, in response to determining the second access endpoint from the plurality of preset access endpoints, the state machine corresponding to the client to switch from the original access state to the pre-switch state; responsive to switching connection from the first access endpoint to the second access endpoint, controlling a state machine corresponding to the client to switch from a pre-switching state to an in-switching state; and controlling a state machine corresponding to the client to switch from the in-switching state to the switching state in response to the fact that the actual communication stability between the client and the second access endpoint meets the communication standard.
Optionally, the switching module is further configured to determine a fourth access endpoint from a candidate access endpoint set, where the candidate access endpoint set is configured according to a third access endpoint, where the blocking index is lower than the blocking index threshold, from the plurality of preset access endpoints, if the actual stability of the communication between the client and the second access endpoint does not meet the connectivity standard; the fourth access endpoint is a different access endpoint than the second access endpoint; the state switching module is further used for controlling the state machine corresponding to the client to be switched from the in-switching state to the pre-switching state in response to determining a fourth access endpoint from the candidate access endpoint set; the switching module is also used for switching connection from the second access endpoint to the fourth access endpoint; and the state switching module is also used for controlling the state machine corresponding to the client to be switched from the pre-switching state to the switching state in response to the switching connection from the second access endpoint to the fourth access endpoint.
Optionally, the switching module is further configured to switch and connect to the first access endpoint if the switch-back switch corresponding to the client is in an on state and the client meets a preset condition; the preset conditions include at least one of the following: the actual communication stability of the first access endpoint and the client in the checking period accords with the communication standard, the accumulated switching times of the state machine of the client before the switching is finished reach the time threshold value, and the connectivity of all the access endpoints in the candidate access endpoint set and the client does not accord with the communication standard; and the state switching module is also used for controlling the state machine of the client to be switched to the original access state in response to the client being switched and connected back to the first access endpoint.
Optionally, the first determining module is further configured to determine, if the abnormal access proportion of the key service interface in the first access endpoint exceeds the proportion threshold according to the access information of the service interface in the first access endpoint, determine that the network environment of the terminal is normal according to the actual operating environment information, and determine network state parameters of the client and each preset access endpoint; and determining the blocking index of each preset access endpoint according to the network state parameters of the client and each preset access endpoint.
Optionally, the switching module is further configured to receive an instruction of an appointed access endpoint sent by the server, where the instruction of the appointed access endpoint is used to instruct connection to the target access endpoint; in response to a specified access endpoint instruction, switching to the target access endpoint.
Optionally, the obtaining module is further configured to obtain, if the automatic switch and the detection switch corresponding to the client are both in an on state, actual running environment information of the terminal where the client is located and access information of the service interface in the first access endpoint to which the client is currently accessed in the target period.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory; one or more programs are stored in the memory and configured to be executed by the processor to implement the methods described above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having program code stored therein, wherein the program code, when executed by a processor, performs the method described above.
In a fifth aspect, a computer program product comprising computer instructions carried on a computer readable medium, which computer instructions, when executed by a processor, implement the method described above.
According to the access endpoint switching method, the device, the electronic equipment and the storage medium, when the abnormal access proportion of the key service interface in the first access endpoint exceeds the proportion threshold and the network environment of the terminal is normal, the first access endpoint is indicated to be abnormal and the terminal network is normal, the client is determined to need to switch the access endpoint, the second access endpoint with the blocking index lower than the blocking index threshold is determined from the preset access endpoints, then the client is switched and connected to the second access endpoint, the situation that the access of the client to the second access endpoint fails due to the fact that the second access endpoint is misjudged under the condition that the network environment of the terminal is abnormal is avoided, and the success rate of the access endpoint switching is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a zero trust control process in an embodiment of the application;
FIG. 2 is a schematic diagram of a zero trust network architecture in accordance with an embodiment of the present application;
fig. 3 shows a schematic diagram of an application scenario to which an embodiment of the present application is applicable;
FIG. 4 is a flow chart illustrating a method for switching access endpoints according to one embodiment of the present application;
FIG. 5 is a schematic diagram of a presentation interface in an embodiment of the application;
FIG. 6 is a schematic diagram of a presentation interface of the full access point list update of FIG. 5;
FIG. 7 is a flow chart illustrating a method for switching access endpoints according to yet another embodiment of the present application;
FIG. 8 is a schematic diagram of a prompt interface in accordance with an embodiment of the present application;
FIG. 9 is a flow chart illustrating a method for switching access endpoints according to yet another embodiment of the present application;
FIG. 10 is a schematic diagram of a switching process of a state machine of a client according to an embodiment of the present application;
FIG. 11 is a schematic diagram of a switching process of a state machine of a further client according to an embodiment of the present application;
FIG. 12 is a schematic diagram of a manual switching process in an embodiment of the application;
FIG. 13 is a schematic diagram of an automatic switching process in an embodiment of the application;
FIG. 14 is a block diagram of an access endpoint switching apparatus according to one embodiment of the present application;
Fig. 15 shows a block diagram of an electronic device for performing an access endpoint switching method according to an embodiment of the application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the application, are within the scope of the application in accordance with embodiments of the present application.
In the following description, the terms "first", "second", and the like are merely used to distinguish between similar objects and do not represent a particular ordering of the objects, it being understood that the "first", "second", or the like may be interchanged with one another, if permitted, to enable embodiments of the application described herein to be practiced otherwise than as illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the application only and is not intended to be limiting of the application.
It should be noted that: references herein to "a plurality" means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., a and/or B may represent: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
Non-generic abbreviations or custom nouns in embodiments of the application are explained as follows:
trusted application: the terminal can access the application carrier of the internal service system, including application name, application MD5, signature information, etc.
Accessible area: the end user may access the enterprise set list of internal sites through a zero trust network.
Login credentials: after the user successfully logs in the client, the server side indicates an encryption string appointed by the user, and login authorization information of the user, including user information and authorization validity period, is stored in the client in an encrypted manner.
Network request credentials: the server side issues authorization information for a single network request to identify the authorization status of the network request.
Zero trust access control policy: consists of process information (trusted applications) available to the user and accessible service sites (reachable areas), and in case of a right opening, the user can access any one of the reachable areas through any one of the trusted applications. The granularity of the zero-trust access control policy is for the login user, allowing different zero-trust policies to be formulated for different login users.
Zero trust gateway: the system is deployed at the entrance of enterprise application programs and data resources and is responsible for verifying and forwarding each session request for accessing the enterprise resources.
Access agent: the terminal access agent is deployed at the terminal agent of the controlled equipment for initiating the security access, is responsible for initiating the request of the trusted identity authentication of the access main body, verifies the trusted identity, can establish encrypted access connection with the access gateway, and is also a policy execution point of access control.
Direct access: in the zero-trust network access architecture, a certain application initiates a network access request to a station, after hijacking traffic by a full-traffic agent, network access is initiated to the target station via the full-traffic agent, namely direct connection access is initiated, and the full-traffic agent sends a network response of the target station to the application, wherein the access mode is called direct connection access.
Proxy access: in the zero-trust network access architecture, a certain application initiates a network access request to a station, after hijacking traffic by a full-traffic agent, the full-traffic agent initiates traffic forwarding to an intelligent gateway, the intelligent gateway agent accesses a target service station, the intelligent gateway sends a network response of the target station to the full-traffic agent after accessing, and the full-traffic agent forwards the network response of the target station to the application, and the access mode is called agent access.
Accessing a subject: in the network, the party initiating the access, the person/equipment/application/accessing the intranet business resource, is a digital entity formed by single or combination of factors such as person, equipment, application and the like.
Accessing an object: in the network, the accessed party, i.e. the business resources of the enterprise intranet, includes applications, systems (development test environment, operation and maintenance environment, production environment, etc.), data, interfaces, functions, etc.
Service addressing: in the distributed cascade deployment mode, different services are deployed in different servers, and the process of searching the network address of the server where the background service concerned by different service modules of the client is deployed is service addressing.
Persistent library: data persistence is the generic term for converting a data structure or an object model in a memory into a relational model, XML, JSON, binary stream, etc., and converting a storage model into a data model in a memory, and a persistence library is a storage medium storing a content such as a relational model, XML, JSON, binary stream, etc., converted from a data structure or an object model in a memory in a disk file or a data file local to a device, and can be implemented using an encrypted file, an embedded database, etc.
Network session: the user performs a process of information interaction with the service system, for example, a process of data transmission or reception after the client establishes a network link with the server. Including connection establishment and termination, or transmission and reception of data.
Access session: based on a web session and contains a set of related features. An access session is an abstract concept that is bound to a device, a person, a network attribute, a process attribute, and an endpoint attribute combination for each network session that accesses business resources (including business applications, core systems, asset data, function interfaces, etc.) of an enterprise intranet.
Five-tuple: communication terminology. Refers to a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol associated with a network session.
API: application Programming Interface the application programming interface is a predefined interface or function, and is composed of basic information of the interface or function, request paths, parameters and request related protocols of front and back ends. Applications typically encapsulate their own service capabilities into APIs that are opened for use by callers.
IDC: internet data center, an abbreviation for Internet Data Center. I.e. a facility in which a large number of servers and network devices are contained. Are often designed to be highly reliable environments to ensure stable, secure storage of data and execution of various computing tasks.
Multiple set deployment scheme: i.e., multi-set development, the core idea of this approach is to distribute tasks or work over multiple entities to achieve an apportioned load, typically meaning that a certain application or system is distributed across multiple instances, nodes, or components in order to improve system performance, scalability, and availability.
set: refers to a group of computing resources that provide the same functionality, achieving scalability, high availability, load balancing, and high fault tolerance through cooperation with each other. In the context of multi-set deployment, a set typically represents a different instance, server, or node for running the same application or service.
Multiple set mirror deployment: one of the deployment strategies of the multi-set deployment scheme is generally to deploy copies of the same application program or service on a plurality of different servers or instances, and through the deployment scheme, the purposes of improving the availability and reliability of the system, realizing load balancing and improving fault tolerance can be expected to be achieved.
An access point: access Point, abbreviated as AP, is a network hardware device (also known as a hardware Access Point, and also a wireless Access Point implemented in software on a computer or other device, known as softAP) that primarily functions to extend a wired network connection to a wireless device. Connecting other devices to the wired network via a radio technology such as Wi-Fi may be implemented to provide network access to the devices. Through the access point, wireless devices such as notebook computers, tablet computers and smart phones can be connected to a local area network or the Internet, so that stable and high-speed network connection in a coverage range is realized.
Accessing an endpoint: endpoint, in a multi-set deployment, an application or system may be deployed in a distributed manner through multiple instances, nodes, or components, where each node typically has a separate domain name or subdomain name for identifying and accessing the node, which may be referred to as an access portal, endpoint, or access Endpoint, which allows the system to provide services in a distributed manner, sending requests from clients to the appropriate nodes through the load balancer.
Finite state machines, abbreviated FSM, also known as finite state automata, state machines for short, represent mathematical computational models of finite states and transitions and actions between these states.
In the application, the client and the server in the terminal act as a zero-trust network security service provider. As shown in fig. 1, a user accesses an enterprise internal resource through a system, an access control policy and a unified access portal, so that the user can refer to the enterprise internal resource.
The user refers to the data plane formed by the zero trust access agent and the access gateway as an access subject, and can also access the application program of the target system or the resource to provide a unified access entrance through the network request for accessing the resource of the object. The client provides flow monitoring and authentication operations for the unified access portal based on the access control policy, only network flow passing through flow authentication can be forwarded to the access gateway by the zero-trust access proxy, and the access request aiming at enterprise resources is forwarded to the corresponding back-end service through the access gateway to complete the whole access process.
The data flow is composed of a terminal access agent and an intelligent gateway to form a strategy unified execution point, the client and the server together form a strategy unified decision point, the session flow initiated by the access main body is authenticated based on the access control strategy engine, and the operations such as safety detection and the like are performed on the environmental state in the equipment. Explicit dynamic trust is given to a particular session within a trusted device that authenticates a user for access to enterprise resources through a trusted application through the co-action of a data stream and a control stream. Only through this link can the resource be successfully accessed, other untrusted traffic would be access failure.
As shown in FIG. 2, FIG. 2 illustrates a complete zero trust system process for a user to initiate network access to a business server of an enterprise using an application. The main functional components include a security management client (client in fig. 2), a server, an access endpoint (including service server a, service server B, and service server C in fig. 2), an access proxy, and an intelligent gateway. Wherein both the client and the access agent are installed on the user equipment, the access agent is an important component of the client, and fig. 2 is for distinguishing in logic flow.
Access agent: the device traffic is hijacked by TUN (Network tunel for short)/TAP (Network TAP for short), and after authentication by the client, the request is forwarded to the intelligent gateway, and if the authentication is not passed, the connection is directly connected or interrupted. Both TUN and TAP refer to virtual network devices in the operating system kernel.
Client side: the security Agent running on the terminal is responsible for verifying the trusted identity of the user on the terminal, verifying whether the terminal is trusted and whether the application is trusted; and applying the unknown process to the server for process inspection.
The server side: and carrying out safe scheduling on the service flow through a policy control engine, and authorizing according to the granularity of the person-equipment-software-application. The identity verification module verifies the identity of the user, the equipment trusted module verifies the equipment hardware information and the equipment safety state, and the application detection module detects whether an application process is safe or not, if so, whether a vulnerability exists, whether a virus Trojan exists or not and the like. The server side periodically initiates file inspection to the threat information cloud inspection service, and if a malicious process is identified, the client side is informed to execute asynchronous blocking operation.
And (3) an intelligent gateway: the application program and the data resource are deployed at the entrance of the application program and the data resource, and are responsible for verification, authorization and forwarding of each session request for accessing the resource.
Access endpoints (service server a, service server B, and service server C): each service accessible to the client is deployed, and in response to the client's access request, a service (i.e., a ticket service in this scenario) corresponding to the access request is provided to the client.
The overall flow of fig. 2 is: the access subject initiates a network request for accessing the object through the application; the client hijacking to the network request through the access proxy, the access proxy initiates an authentication request to the client, namely the proxy applies the access credential of the current network request to the client, and the request parameters comprise a source IP (or domain name), a source port, a destination IP (or domain name), a destination port and a process PID (Process Identifier ) corresponding to the session original application process.
The client applies for the access ticket to the server based on the original application process PID, hash of the application process, process path, latest modification time of the application process executable file, copyright information, digital signature information and other application characteristic information in the request parameters when the access proxy executes the flow authentication, and the parameters of the source IP or domain name, source port, destination IP or domain name, destination port and the like of the network request in the request parameters, if the ticket application is successful, the access ticket, the maximum use times and the effective time of the ticket are used as response data to be sent to the access proxy, and the access proxy initiates an Https request to the access gateway in the next step.
The method comprises the steps that network request credentials (bills) transmitted by a client are carried in an Authorization header field, after an access gateway receives a request of an access proxy, the access bill in the header field is analyzed, next, a verification request of the access bill is initiated to a server, if the server responds to information of successful verification of the access bill, connection is successfully established between the access proxy and the access gateway, then the access proxy forwards an original request sent by an application to the access gateway, and the gateway forwards the original request to a corresponding service server to finish proxy work of application network access; if the access gateway receives the response of the ticket checking failure, the connection between the access proxy and the access gateway is interrupted, and the access proxy is directly connected with the target service server or blocks the current session.
The application discloses an access endpoint switching method, an access endpoint switching device, electronic equipment and a storage medium, and relates to cloud technology and the like.
Cloud technology (Cloud technology) refers to a hosting technology for integrating hardware, software, network and other series resources in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.
Cloud technology (Cloud technology) is based on the general terms of network technology, information technology, integration technology, management platform technology, application technology and the like applied by Cloud computing business models, and can form a resource pool, so that the Cloud computing business model is flexible and convenient as required. Cloud computing technology will become an important support. Background services of technical networking systems require a large amount of computing, storage resources, such as video websites, picture-like websites, and more portals. Along with the high development and application of the internet industry, each article possibly has an own identification mark in the future, the identification mark needs to be transmitted to a background system for logic processing, data with different levels can be processed separately, and various industry data needs strong system rear shield support and can be realized only through cloud computing.
Cloud storage (cloud storage) is a new concept that extends and develops in the concept of cloud computing, and a distributed cloud storage system (hereinafter referred to as a storage system for short) refers to a storage system that integrates a large number of storage devices (storage devices are also referred to as storage nodes) of various types in a network to work cooperatively through application software or application interfaces through functions such as cluster application, grid technology, and a distributed storage file system, so as to provide data storage and service access functions for the outside.
As shown in fig. 3, an application scenario to which the embodiment of the present application is applicable includes a server 30, a terminal 20, and an access endpoint 10, where the server 30, the terminal 20, and the access endpoint 10 are communicatively connected through a wired network or a wireless network.
The server 30 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content delivery networks), basic cloud computing services such as big data and artificial intelligent platforms, and the like.
The terminal 20 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart home appliance, a vehicle-mounted terminal, an aircraft, a wearable device terminal, a virtual reality device, and other terminal devices capable of page presentation, or other applications (e.g., instant messaging applications, shopping applications, search applications, game applications, forum applications, map traffic applications, etc.) capable of invoking page presentation applications.
The accessing endpoint 10 may refer to the above set, one set as one accessing endpoint. The access endpoint may be a cloud server based on cloud technology. The access endpoint 10 may be deployed with various services accessed by clients to facilitate access by the terminal 20 to various services in the access endpoint through the clients.
In the application, the terminal 20 may be provided with a client, the terminal 20 reports operation data to the server 30 through the client, the server 30 may specify a target access endpoint according to the received operation data reported by the terminal 20, the server 30 may also send a control policy to the terminal 20, and the terminal 20 may control a switch state of a switch-back switch, an automatic switch, and a detection switch in its own client according to the control policy.
The terminal may further access the first access endpoint 101 through the client, determine the actual running environment information of the terminal and the access information of the service interface in the first access endpoint 101 through the client, determine that the abnormal access proportion of the key service interface in the first access endpoint 101 exceeds the proportion threshold according to the access information of the service interface in the first access endpoint 101, determine that the network environment of the terminal 20 is normal according to the actual running environment information, determine the blocking index corresponding to each of the plurality of preset access endpoints 102, then determine the second access endpoint from the plurality of preset access endpoints 102 according to the blocking index of each of the plurality of preset access endpoints 102, and finally, the terminal 20 switches to connect to the second access endpoint through the client.
The client may refer to an application installed in the terminal 20, where the terminal 20 communicates with the server 30, so as to implement control (such as specifying a target access endpoint and sending a control policy) of the server 30 to the terminal 20. The terminal 20 may also access any of the access endpoints 10 through clients; after the terminal 20 accesses the access endpoint through the client, the terminal 20 may view and manage data within the access endpoint through the client.
Referring to fig. 4, fig. 4 shows a flowchart of a method for switching access endpoints according to an embodiment of the present application, which may be applied to the terminal 20 in fig. 3, and more specifically, the method is performed by a client running on the terminal 20, and the method includes:
s110, acquiring the actual running environment information of the terminal where the client is located and the access information of the service interface in the first access endpoint which is accessed by the client currently in a target period.
The actual operating environment information of the terminal may include network environment information of the terminal, which may include network card driving information of the terminal, certificate information, start information of a network authentication access service, system clock synchronization information, system setup proxy configuration information, and the like.
The first access endpoint may refer to an access endpoint to which a client of the terminal is currently accessing. The user may manually select the first access endpoint through the client, and then access the first access endpoint by the client based on the first access endpoint manually selected by the user. The client may also automatically select the first access endpoint and access the first access endpoint.
As one embodiment, the process of accessing the first access endpoint by the client may include: the client acquires and displays a full access point list, wherein the full access point list comprises a plurality of initial access endpoints (the initial access endpoints in the full access point list refer to the identification of the initial access endpoints and the like); the plurality of initial access endpoints includes a first access endpoint; the client accesses the first access endpoint selected by the access endpoint selection operation in response to the access endpoint selection operation for the full access point list.
The initial access endpoint may refer to an access endpoint that a client may access, and the initial access endpoint may include access endpoints disposed in different regions. For example, the initial access endpoints may include an access endpoint of a B1 urban area of A1 country, an access endpoint of a B2 urban area of A2 country, an access endpoint of a B3 urban area of A3 country, and an access endpoint of a B4 urban area of A4 country.
The full access point list may further include network state parameters corresponding to each of the plurality of initial access endpoints, where the network state parameters of the initial access endpoints are used to indicate a network connection condition between the client and the initial access endpoint, and the network state parameters of the initial access endpoints may include information such as network delay and packet loss rate when the client accesses the initial access endpoint. And displaying network state parameters corresponding to each of the plurality of initial access endpoints through the full access point list so as to facilitate the user to select a first access endpoint with a better network state through the network state parameters corresponding to each of the plurality of initial access endpoints.
The client may request full access point information from the server, where the full access point information may refer to names or identifications of the multiple initial access endpoints, the full access point information is returned from the server to the client, the client may obtain, according to the full access point information, access endpoint connection quality of each initial access endpoint according to an acquisition period (for example, the acquisition period may be every hour), and aggregate the access endpoint connection quality of each initial access endpoint to obtain a full access point list, and then the terminal may store the full access list and display the full access point list by the client. The server may refer to the server 30 in fig. 3 above.
In this embodiment, the server may obtain access endpoint connection qualities of a plurality of initial access endpoints according to a set request period (for example, the request period may be an hour), and aggregate the access endpoint connection qualities of the plurality of initial access endpoints to obtain a full access point list. The client may send a list acquisition request to the server, and the server returns the full access point list to the client, where the client may display the full access point list.
The client can display a display interface through which the volume access list is displayed. As shown in fig. 5, a full access point list 501 is shown in a presentation interface 50 of the client, where the full access point list 501 includes 6 initial access endpoints, which are an A1 access endpoint of an A1 area, an A2 access endpoint of an A1 area, an a3 access endpoint of an A1 area, an a4 access endpoint of an A2 area, an a5 access endpoint of an A2 area, and an a6 access endpoint of an A2 area, and the full access point list 501 further includes access endpoint connection qualities corresponding to the 6 initial access endpoints, where the access endpoint connection quality of each initial access endpoint includes a network delay and a packet loss rate.
The access endpoint connectivity quality of each initial access endpoint is presented in a presentation control (one dashed rectangle in the full access point list 501 is one presentation control). For example, the access endpoint a1 exposes the access endpoint connectivity quality in its own exposure control, and the initial access endpoint a1 access endpoint connectivity quality includes a network delay of 7ms and a packet loss rate of 0%.
The access endpoint selection operation refers to an operation of selecting an access endpoint from a full list of access points. The presentation interface of the client may further include a determination control, and the client may detect an access endpoint selection operation of the user through the determination control.
As shown in fig. 5, the presentation interface 50 includes a determination control 502, and the user may click on the presentation control where the initial access endpoint is located and the determination control 502 sequentially, and the client determines, according to the detected access endpoint selection operation of the determination control 502 and by sequentially clicking on the presentation control where the initial access endpoint is located, that the initial access endpoint corresponding to the access endpoint selection operation is the initial access endpoint to which the clicked presentation control belongs. For example, the user sequentially clicks the presentation control and the determination control 502 where the access endpoint a2 is located to send an access endpoint selection operation for the full access point list, where the access endpoint corresponding to the access endpoint selection operation is a2, and a2 is determined to be the first access endpoint.
The presentation interface of the client may also include a cancel control by which the client may detect a user selection operation of a certain initial access endpoint. For example, as shown in fig. 5, the presentation interface 50 includes a cancel control 503, and after the user clicks the presentation control where the access endpoint a3 is located, the user continues to click the cancel control 503, and when detecting the operation of the cancel control 503 by the user, the client cancels the selection operation on the access endpoint a 3.
In this embodiment, the full access point list may also be updated, and the updating process may include: the client responds to the refreshing operation aiming at the full access point list, and the communication quality of the refreshed access endpoints corresponding to each of the plurality of initial access endpoints is determined; and the client updates the full access point list according to the refreshed access point communication quality corresponding to each of the plurality of initial access points, and displays the updated full access point list.
After the full access point list is displayed, the user can send a refreshing operation to the full access point list, the client responds to the refreshing operation, the client determines the connection quality of the access endpoints corresponding to each of the plurality of initial access endpoints at the receiving time of the refreshing operation as the connection quality of the refreshed access endpoints corresponding to each of the plurality of initial access endpoints, and then the client replaces the connection quality of the access endpoints corresponding to each of the plurality of initial access endpoints in the full access point list by using the connection quality of the access endpoints corresponding to each of the plurality of initial access endpoints after refreshing to obtain an updated full access point list.
The full access point list may be presented at a presentation interface, which may include a refresh control through which refresh operations may be sent, which may be sent by clicking, double clicking, and long pressing the refresh control. As shown in fig. 5, the presentation interface includes a refresh control 504, the user clicks the refresh control 504 to send a refresh operation, and the client determines an updated full access point list according to the refresh operation, where the updated full access point list is shown in fig. 6, and the connection quality of the access endpoints of the initial access endpoint a1 and the access endpoint a3 in the updated full access point list is changed (the packet loss rate of a1 is increased from 0% to 2%, and the delay of a3 is increased from 8ms to 18 ms).
It will be appreciated that the refresh operation may be sent before the access endpoint selection operation is sent, and then the access endpoint selection operation is sent for the updated full access point list, so that the user may select the first access endpoint to be required according to the updated full access point list.
As an embodiment, the full access point list may also include one or more of the name of each initial access endpoint, a unique identifier, a geographic location of deployment, an operator name and code number, each server usage type, domain name, access path and port, etc.
For example, the C1 city telecommunications and C2 city mobile access points respectively include network addresses D1, D2, …, D10 and E1, E2, …, E10 of 10 access endpoints, where each network address of an access endpoint respectively includes a corresponding domain name, a port, an access path, a usage description, and the like, and the domain name can point to different access endpoints through DNS. The user may access the same type of service S1 through D7 and E7 (i.e., the access endpoint to which D7 belongs and the access endpoint to which E7 belongs are both access endpoints for deploying service S1, service S1 may include multiple types of different services), or may access the same type of service S2 through D9 and E9 (i.e., the access endpoint to which D9 belongs and the access endpoint to which E9 belongs are both access endpoints for deploying service S2, and service S2 may include multiple types of different services).
The access information of the service interface of the first access endpoint is information reflecting the access condition of the service interface in the first access endpoint. The access information of the service interface of the first access endpoint in the target time period may include at least one of the following: the method comprises the steps of continuously accessing an abnormal duration time period in a target time period, continuously accessing the abnormal number of access sessions in the target time period, occupying ratio of the number of sessions which are not accessed in the target time period, ratio of the size of the time period which is not accessed in the target time period to the target time period, number of times that network delay for an access endpoint exceeds an expected value in the target time period, and occupying ratio of access specific abnormal network error codes for a service interface in the target time period. The target period may be any period set according to requirements, and the present application is not limited.
S120, if the abnormal access proportion of the key service interface in the first access endpoint exceeds the target proportion threshold value according to the access information of the service interface in the first access endpoint, and the network environment of the terminal is determined to be normal according to the actual operation environment information, determining the corresponding blocking indexes of the preset access endpoints, wherein the blocking indexes of the preset access endpoints are used for indicating the network blocking degree between the preset access endpoints and the client.
In this embodiment, according to the access information of the service interface in the first access endpoint, it is determined that the abnormal access proportion of the key service interface in the first access endpoint exceeds the target proportion threshold, and according to the actual operating environment information, it is determined that the network environment of the terminal is normal, it is determined that the client is not connected to the first access endpoint, and the access endpoint needs to be switched, and at this time, the blocking indexes corresponding to the preset access endpoints can be determined. The service interfaces may be interfaces for providing different services for the client, for example, the access endpoints may provide a query service and a modification service for the user, and the interfaces may include a query interface corresponding to the query service and a modification interface corresponding to the modification service; the key service interfaces may be one or more service interfaces selected from all service interfaces of the first access endpoint according to requirements and scenarios. The target proportion threshold may be a value set based on demand, for example, 0.2.
As an implementation manner, an abnormal service interface meeting an abnormal access condition may be determined according to access information of the service interface in the first access endpoint; if the abnormal service interface comprises the appointed key service interface, determining the duty ratio of the appointed key service interface in the abnormal service interface as the abnormal access proportion of the key service interface in the first access endpoint. Wherein the abnormal access condition includes at least one of: the duration of the continuous access anomaly in the target period exceeds a preset period threshold, the number of access sessions of the continuous access anomaly in the target period exceeds a session number threshold, the number of sessions of the continuous access anomaly in the target period is larger than a first proportion threshold, the ratio of the size of the time period of the continuous access anomaly in the target period to the target period is larger than a second proportion threshold, the number of times of network delay exceeding an expected value for an access endpoint in the target period exceeds a preset number of times, and the ratio of access specific abnormal network error codes for a service interface in the target period exceeds a third proportion threshold. The specific values of the preset time period threshold, the session number threshold, the first proportional threshold, the second proportional threshold, the expected value, the preset times and the third proportional threshold can be determined according to the requirement and the target time period, and the application is not limited.
As an implementation manner, when the network card driving information of the terminal is an available active network card (wireless or wired network card is not disabled), the certificate information is that the certificate is not expired and the certificate is set to be always trusted, the network authentication access service starting information is that the network (wireless or limited) authentication access service is started, the system clock synchronization information is that the system clock is synchronous, and the system setting proxy configuration information is that the system setting normal proxy configuration is performed, the network environment of the terminal is determined to be normal; and determining that the network environment of the terminal is abnormal when at least one of the network card driving information of the terminal is an unavailable active network card (wireless and wired network cards are not disabled), the certificate information is certificate expired or the certificate is not set to be always trusted, the network authentication access service starting information is that the network (wireless or limited) authentication access service is not started, the system clock synchronization information is that the system clock is not synchronized, and the system setting proxy configuration information is that the system setting abnormal proxy configuration occurs.
The blocking index corresponding to each preset access endpoint may be a numerical value for indicating a network blocking degree between the preset access endpoint and the client; the greater the blocking index, the greater the degree of network blocking between the preset access endpoint and the client, the worse the network connectivity between the client and the preset access endpoint, the lower the success rate when the client accesses the preset access endpoint, whereas the smaller the blocking index, the smaller the degree of network blocking between the preset access endpoint and the client, the higher the network connectivity between the client and the preset access endpoint, and the higher the success rate when the client accesses the preset access endpoint.
The network state parameters of the client and each preset access endpoint can be obtained by sending ping, telnet and other commands to the preset access endpoint by the client; and determining the blocking index of each preset access endpoint according to the network state parameters of the client and each preset access endpoint. The network state parameter of the preset access endpoint may include at least one of an average access delay and a packet loss rate when the client accesses the preset access endpoint in a first detection period, and the first detection period may be a period set according to requirements. For example, the first detection period may be 10 seconds after determining that the abnormal access proportion of the critical traffic interface in the first access endpoint exceeds the target proportion threshold and that the network environment of the terminal is normal.
The product of the packet loss rate of the preset access endpoint and the target value can be calculated, and then the product result and the average access delay of the preset access endpoint are summed to be used as the blocking index of the preset access endpoint. For example, when the target value is 10, the blocking index=delayavg+loss of the preset access endpoint is 10, where DelayAvg is the average network delay of the preset access endpoint, and loss is the packet loss rate of the preset access endpoint.
The abnormal service interfaces meeting the abnormal access conditions exist in the service interfaces of the first access endpoint in the target time period, the single abnormal network access is defined according to the network access delay, the access result (whether the interfaces can be connected) or the abnormal network error code, and then whether the connection quality of the client for the current first access endpoint is in a normal state or not is determined according to the comparison of the absolute number or the duty ratio of the abnormal network access in the target time period and the set threshold value, but the situation that the client access is not feasible due to the fact that part of the service interfaces in the first access endpoint are abnormal is also required to be eliminated.
However, the fact that the connection quality of the client for the current first access endpoint is not in a normal state may be caused by the abnormality of the partial service interfaces of the first access endpoint, or may be caused by the general non-communication of the first access endpoint, that is, it is difficult to determine the specific reason that the connection quality of the client for the current first access endpoint is not in a normal state. In this case, if the service interface with abnormal access includes a specified critical service interface and the service interface with abnormal access includes a specified critical service interface exceeding the target proportion threshold, normally, the service interface with continuous and stable access may be used as the critical service interface, and since the critical service interface may be generally and continuously accessed, it may be determined that the reason that the connection quality of the client with respect to the current first access endpoint is not in a normal state is caused by the general failure of the first access endpoint. If the service interface with abnormal access does not contain the designated key service interface or the service interface with abnormal access contains the designated key service interface and does not exceed the target proportion threshold, determining that the partial service interfaces of the first access endpoint cause failure and cause the connection quality of the client for the current first access endpoint to be in a normal state. That is, by determining whether the abnormal access service interface includes a designated key service interface and whether the abnormal access service interface includes a designated key service interface exceeding a target proportion threshold, the abnormal scene of some service interfaces is distinguished from the whole access endpoint.
It should be noted that, the connection between the client and the first access endpoint may be abnormal due to the access abnormality of the service interface of the first access endpoint or the network environment abnormality of the terminal itself, so that the service interface access information and the actual running environment information of the terminal are combined to determine whether the service interface is abnormal or the terminal is abnormal.
If the abnormal access proportion of the key service interface in the first access endpoint exceeds the target proportion threshold and the terminal network environment is normal, determining that the service interface of the first access endpoint is abnormal in access, and switching the access endpoint is needed, namely determining the corresponding blocking index of each of the preset access endpoints.
If the network environment of the terminal is abnormal, the terminal can be repaired by the terminal itself or a third party tool, and when the repair is completed, a new target period is determined, and the execution is returned to S110.
S130, determining a second access endpoint from the preset access endpoints according to the respective blocking indexes of the preset access endpoints, wherein the blocking index corresponding to the second access endpoint is lower than a blocking index threshold.
The qualified access endpoint below the blocking index threshold may be selected from a plurality of preset access endpoints, and one access endpoint is determined as the second access endpoint from among the selected qualified access endpoints, or one access endpoint is randomly determined as the second access endpoint from among the qualified access endpoints, or one access endpoint with the lowest blocking index is determined as the second access endpoint from among the qualified access endpoints.
The smaller the blocking index is, the smaller the network blocking degree between the preset access endpoint and the client is, the higher the network connectivity between the client and the preset access endpoint is, and the higher the success rate of the client accessing the preset access endpoint is. Therefore, the network connectivity between the screened second access endpoint and the client is higher, and the success rate of the client accessing the second access endpoint is higher.
As an embodiment, S130 may include: determining a plurality of third access endpoints with the blocking index lower than the blocking index threshold value from the plurality of preset access endpoints according to the blocking index of each of the plurality of preset access endpoints; determining a degree of association index between each third access endpoint and the client; determining a second access endpoint from the plurality of third access endpoints according to the association index between each third access endpoint and the client
The association degree index between the third access endpoint and the client is used for indicating the association degree between the third access endpoint and the client, and the higher the association degree index between the third access endpoint and the client is, the lower the association degree between the third access endpoint and the client is.
The association index between the third access endpoint and the client may be determined based on an environmental state of the third access endpoint and an environmental state of the client, which may include a geographic location and a network location. For example, the closer the distance between the third access endpoint and the client is, the higher the association index between the third access endpoint and the client is, and for example, the more similar the network address between the third access endpoint and the client is, the more similar the network location between the third access endpoint and the client is, the higher the association index between the third access endpoint and the client is.
A third access endpoint whose association index reaches the association index threshold may be screened as a qualified access endpoint, and then one access endpoint is determined among the qualified access endpoints as a second access endpoint. And selecting the access endpoint with the maximum association index from the third access endpoints as the second access endpoint.
For example, a plurality of preset access endpoints may be used as a set, where, expressed by APSet, apset= { AP1, AP2 … APn }, where n is greater than or equal to 1, and the client screens, according to the blocking index of each of the plurality of preset access endpoints, the access endpoints with blocking index lower than the threshold value of the blocking index to form a set, where, apset= { AP1, AP2 … APm }, where 1 is greater than or equal to m is less than or equal to n. And then, the association degree index of each access endpoint in the Apsubset and the client can be obtained, and one access endpoint with the largest association degree index in the Apsubset is selected as the second access endpoint.
If the blocking indexes of the preset access endpoints are not lower than the blocking index threshold, the switching of the access endpoints can be stopped, and prompt information is output to prompt the user that no access endpoint with better connectivity exists currently.
S140, switching connection from the first access endpoint to the second access endpoint.
In this embodiment, the terminal may store the link addresses (i.e., network addresses) of a plurality of initial access endpoints, and the client switches connection from the first access endpoint to the second access endpoint according to the link address of the second access endpoint.
In this embodiment, when the abnormal access proportion of the key service interface in the first access endpoint exceeds the proportion threshold and the network environment of the terminal is normal, the first access endpoint is instructed to be abnormal and the terminal network is normal, the client is determined to need to switch the access endpoint, the second access endpoint with the blocking index lower than the blocking index threshold is determined from a plurality of preset access endpoints, then the client is switched to be connected to the second access endpoint, the situation that the client fails to access the second access endpoint due to the fact that the second access endpoint is misjudged under the condition that the network environment of the terminal is abnormal is avoided, and the success rate of switching the access endpoints is improved.
Meanwhile, in the embodiment, the access endpoint does not need to be manually switched, so that the steps of manually switching the access endpoint are reduced, and the switching efficiency of the access endpoint is greatly improved. In addition, in the embodiment, the association degree index of the access endpoint and the client is introduced, and the second access endpoint is determined according to the association degree index and the blocking index, so that the determination of the access endpoint according to the terminal and the change of the environment state of the access endpoint is realized, and the flexibility and the applicability of the access endpoint switching are improved.
Referring to fig. 7, fig. 7 shows a flowchart of a method for switching access endpoints according to another embodiment of the present application, which may be applied to the terminal 20 in fig. 3, and more specifically, the method is performed by a client running on the terminal 20, and the method includes:
s210, acquiring actual running environment information of a terminal where the client is located and access information of a service interface in a first access endpoint which is currently accessed by the client in a target period.
The description of S210 refers to the description of S110 above, and will not be repeated here.
S220, if the abnormal access proportion of the key service interface in the first access endpoint exceeds the target proportion threshold value according to the access information of the service interface in the first access endpoint, and the network environment of the terminal is determined to be normal according to the actual operation environment information, determining the corresponding blocking index of each of the preset access endpoints; and determining a second access endpoint from the plurality of preset access endpoints according to the respective blocking indexes of the plurality of preset access endpoints.
In this embodiment, the client packages the connectivity detection component and the communication component, and the persistence of the communication component stores the feature information of the connectivity detection component corresponding to the connectivity detection component, and the persistence of the connectivity detection component stores the feature information of the communication component corresponding to the communication component; after determining that the abnormal access proportion of the key service interface in the first access endpoint exceeds a target proportion threshold according to the access information of the service interface in the first access endpoint and determining that the network environment of the terminal is normal according to the actual operation environment information, acquiring the feature information of the communication component to be verified, which corresponds to the communication component, through the communication component, and acquiring the feature information of the communication component to be verified, which corresponds to the communication component, through the communication component; if the client-side successfully verifies the feature information of the communication component to be verified according to the feature information of the communication component through the communication component, and successfully verifies the feature information of the communication component to be verified according to the feature information of the communication component through the communication component, the client-side determines the network state parameter of each preset access endpoint through the communication component, and determines the corresponding blocking index of each preset access endpoint according to the network state parameter of each preset access endpoint.
When the client initiates network requests of all services or service interfaces to the access endpoints, the communication component automatically collects relevant parameter information of the network requests and service responses of the client to the current access endpoints, and the communication component sends the collected relevant parameter information to the connectivity detection component in modes of inter-process communication and the like. The relevant parameters obtained by the connectivity detection component may include current access endpoint information (including information such as a server domain name and a port), a path or command word of service access (for distinguishing different service requests for the same access endpoint, and distinguishing the service requests by using an access path, and distinguishing the service requests by using the command word under the same access path), a network status code, a service status code, an uplink and downlink traffic size, a network delay, an average packet loss rate (which may refer to an average packet loss rate in the first detection period above), and so on.
The communication component of the client may be a plurality of modules (different parameters correspond to different modules, for example, the current access endpoint information corresponds to one module, and the network delay corresponds to one module) and is common, at this time, the communication component directly sends the acquired related parameter information to the connectivity detection component, and the connectivity detection component determines the blocking index of each preset access endpoint according to the network state parameters (i.e. delay and average packet loss rate) in the related parameter information.
The communication assembly of the client may further include respective sub-communication assemblies of each module, corresponding parameter information is obtained through each sub-communication assembly, the respective parameter information is sent to the connectivity detection assembly by each sub-communication assembly, and the connectivity detection assembly determines the blocking index of each preset access endpoint according to network state parameters (i.e. delay and average packet loss rate) in the relevant parameter information.
The communication component can obtain information such as executable file hash, digital signature, copyright and the like of the communication detection component in advance to serve as communication component characteristic information, and the communication detection component can also obtain information such as executable file hash, digital signature, copyright and the like of the communication component in advance to serve as communication component characteristic information. When executing S220, the communication component acquires information such as executable file hash, digital signature, copyright and the like of the communication detection component in real time as feature information of the communication detection component to be verified, and similarly, the communication detection component can acquire information such as executable file hash, digital signature, copyright and the like of the communication component in real time as feature information of the communication component to be verified.
If the communication component is successfully verified according to the communication component characteristic information, the communication component is trusted, and the communication component can determine the blocking indexes corresponding to the preset access endpoints respectively through the communication component.
If the communication component fails to verify the feature information of the communication component to be verified according to the feature information of the communication component (the communication component is unsafe), or the communication component fails to verify the feature information of the communication component to be verified according to the feature information of the communication component to be verified (the communication component is unsafe), which means that at least one of the communication component and the communication component is unsafe, the communication component determines that the corresponding blocking index of the preset access endpoint is unreliable, and can stop executing the access endpoint switching, and output fault prompt information to prompt that at least one of the communication component and the communication component of the user client is unsafe.
The method comprises the steps that a receiver and a sender (a communication detection component and a communication component are the receiver and the sender) compare real-time feature information to be verified of an opposite end with feature information in a persistence library by collecting the feature information to be verified of the opposite end, so that the comparison is used as a basis for whether to continue to send or process data, a trust root which is established by each module through legal source codes and standardized version construction flow in a trusted compiling environment is used as a trust root, network access parameters collected by the communication component are uniformly sent to the communication detection component by taking the trust root as a starting point, and accordingly, the connectivity detection component also recognizes that received data is fake data which is formed by interaction of a client and an access endpoint. Based on the method, a trusted trust chain for continuously detecting the connectivity of the access endpoint is constructed, the idea of zero trust is introduced in the communication process of the communication component and the connectivity detection component, the logic of dynamically and reversely analyzing or intervening the connectivity judgment of a client program by eliminating the false parameter values sent by a third party outside the communication component and the connectivity detection component maliciously can be avoided, the safety of the client is improved, and the accuracy of the blocking index determined by the client is further improved.
S230, in response to determining a second access endpoint from a plurality of preset access endpoints, controlling a state machine corresponding to the client to switch from an original access state to a pre-switch state.
In this embodiment, the client is provided with a state machine, which may refer to the finite state machine described above. The states of the State machine of the client include an original access State (Def-State), a Pre-Switch State (Pre-State), an in-Switch State (Switch-State), and a Switch-over State (Switch over-State).
The state machine switches from one state to another as a Transition process, e.g., the state machine switches from the original access state to the pre-switch state as a Transition process. At the same time, the time of each switching process can also be recorded, and the switching process of the time is taken as a time Event (Event).
The original access state refers to a state in which the client accesses the access endpoint before performing the automatic switching of the access endpoint flow (the access endpoint accessed before performing the automatic switching of the access endpoint flow may refer to the first access endpoint determined above, or a target access endpoint specified below), the pre-switching state refers to a state in which the client determines a new access endpoint (e.g., a second access endpoint) and then prepares to switch to the new access endpoint, the in-switching state refers to a state in which the client has been connected to the determined new access endpoint, and the in-switching state refers to a state in which the client continues to remain connected to the new access endpoint after having been connected to the new access endpoint.
The state machine switches from one state to another as a Transition process, e.g., the state machine switches from the original access state to the pre-switch state as a Transition process.
After determining the second access endpoint, the client is about to switch from the first access endpoint to the second access endpoint, the client is about to switch from the original access state to the pre-switch state, and the state machine of the client enters the pre-switch state, which indicates that the client is ready to disconnect from the first access endpoint and is ready to connect to the second access endpoint.
In this embodiment, the switching logic of the access endpoint is abstracted into a time Event (Event) of state switching of the state machine, so that the current state of the client, the client and the completed operation are intuitively displayed through the state of the state machine of the client, the operation which is completed and the operation which is about to be completed by the client are conveniently and directly determined through the state of the state machine of the client, and the access endpoint which is switched by the client can also be directly determined through the times of the switching process.
S240, switching connection from the first access endpoint to the second access endpoint; and in response to switching connection from the first access endpoint to the second access endpoint, controlling a state machine corresponding to the client to switch from the pre-switching state to the in-switching state.
After the client switches connection from the first access endpoint to the second access endpoint, the client connects with the second access endpoint, and the client changes the state of the state machine: switching from the pre-switching state to the in-switching state. The state machine of the client enters an in-handoff state indicating that the client has been connected to the second access endpoint.
S250, if the actual communication stability between the client and the second access endpoint meets the communication standard, the client and the second access endpoint are kept connected.
After the client is connected to the second access endpoint, connectivity detection can be continuously performed on the second access endpoint, the actual communication stability between the client and the second access endpoint is determined, if the actual communication stability accords with the communication standard, the client and the second access endpoint are determined to have better communication, and connection between the client and the second access endpoint can be maintained.
As an embodiment, after the client switches connection to the second access endpoint, the second detection period is maintained, and the connectivity detection component continuously detects the accessibility proportion of the key service interface and the access quality (the access quality may be an average delay, a packet loss rate, etc. in the second detection period) in the second access endpoint as the actual communication stability between the client and the second access endpoint. The connectivity standard may refer to that the accessibility ratio of the key service interface of the second access endpoint reaches the preset accessibility ratio and the accessibility quality reaches the preset accessibility quality. The second detection period may refer to a period of time after the client switches connection to the second access endpoint, e.g., the second detection period may refer to a period of 1 minute after the client switches connection to the second access endpoint. The preset access proportion and the preset access quality are not particularly limited in the present application.
As a further embodiment, after the client switches connection to the second access endpoint, the client initiates access to some pre-buried interfaces in the second access endpoint through the communication component, so as to obtain an access result of the pre-buried interfaces as actual communication stability between the client and the second access endpoint, where the pre-buried interfaces do not perform service access, data query or change operations, and are only used as detection service connectivity. At this time, the connectivity standard may mean that all pre-buried interfaces may be successfully accessed.
In the two methods for determining the actual communication stability between the client and the second access endpoint, the former is to continuously collect the index data, so the duration is longer, but the former is to set a certain two detection time period to continuously detect the network parameters of the actual service request of the second access endpoint, so the actual communication stability between the client and the second access endpoint determined by the former is more accurate than the latter.
If the actual communication stability between the client and the second access endpoint meets the communication standard, controlling the state machine corresponding to the client to switch from the in-switching state to the in-switching state in response to the fact that the actual communication stability between the client and the second access endpoint meets the communication standard, wherein the state machine corresponding to the client is switched from the in-switching state to the in-switching state in the in-switching state, and the client is kept connected with the second access endpoint.
When the state machine corresponding to the client is switched from the in-switching state to the switching state and the client is determined to keep the connection with the second access endpoint, the switching success prompt information can be output, and the switching success prompt information is used for prompting that the second access endpoint is successfully accessed. As shown in fig. 8, the alert interface 80 includes alert information: it is detected that the current operator access point (i.e. the first access endpoint) is not available, has been handed over to the optimal access point (i.e. the second access endpoint) for you.
S260, if the actual communication stability between the client and the second access endpoint does not meet the communication standard, determining a fourth access endpoint from the candidate access endpoint set; responsive to determining a fourth access endpoint from the candidate access endpoint set, controlling a state machine corresponding to the client to switch from a state in switch to a pre-switch state; switching connection from the second access endpoint to the fourth access endpoint; and in response to switching connection from the second access endpoint to the fourth access endpoint, controlling a state machine corresponding to the client to switch from the pre-switching state to the in-switching state.
The candidate access endpoint set is constructed according to a third access endpoint with the blocking index lower than the blocking index threshold value in the plurality of preset access endpoints; the fourth access endpoint is a different access endpoint than the second access endpoint. The third access endpoints with the blocking index lower than the blocking index threshold value can be summarized to obtain a candidate access endpoint set, or the association index between the client and each third access endpoint can be obtained, one or more third access endpoints (for example, the third access endpoints with the association index reaching the association index threshold value are screened) are screened from the third access endpoints through the association index between the client and each third access endpoint, and the screened access endpoints are summarized to obtain the candidate access endpoint set.
The method comprises the steps of selecting an access endpoint which is different from a second access endpoint in a candidate access endpoint set (which can be selected randomly or has the maximum association index or the minimum blocking index) as a fourth access endpoint, determining the fourth access endpoint, and entering a pre-switching state from a switching state by a state machine corresponding to the client, so that the client is ready to disconnect from the second access endpoint and access the fourth access endpoint. Then, switching connection from the second access endpoint to the fourth access endpoint; and in response to switching connection from the second access endpoint to the fourth access endpoint, controlling a state machine corresponding to the client to switch from the pre-switching state to the switching state, wherein the state machine of the client enters the switching state to indicate that the client is linked with the fourth access endpoint.
As an implementation, after S260, the actual connectivity stability between the client and the fourth access endpoint may also be determined; if the actual communication stability between the client and the fourth access endpoint meets the communication standard, the state machine of the client enters a pre-switching state from the switching state and is connected with the second access endpoint; if the actual communication stability between the client and the fourth access endpoint does not meet the communication standard, taking the fourth access endpoint as a new second access endpoint, returning to execute S260 until the determined actual communication stability between the access endpoint and the client meets the communication standard, and enabling the state machine of the client to enter a switched state from the switched state and keep connection with the access endpoint of which the actual communication stability meets the communication standard; or stopping switching until all access endpoints in the candidate access endpoint set cannot be determined, and outputting prompt information to prompt a user that switching cannot be completed.
In this example, the operation that the client has completed and the operation that is about to complete can be intuitively determined by the state machine of the client, and the access endpoint that the client has switched can also be directly determined by the number of times of the conversion process. Meanwhile, when the actual communication stability between the client and the second access endpoint does not meet the communication standard, the fourth access endpoint can be continuously determined, and the connection to the fourth access endpoint is switched, so that multiple switching is realized under the condition that the network quality of the switched access endpoint is poor, and the switching success rate is improved.
Referring to fig. 9, fig. 9 shows a flowchart of a method for switching access endpoints according to still another embodiment of the present application, the method includes:
and S310, if the automatic change-over switch and the detection switch corresponding to the client are in the on state, acquiring the actual running environment information of the terminal where the client is located and the access information of the service interface in the first access endpoint to which the client is currently accessed in the target period.
The client may include an automatic change-over switch for controlling on or off of the automatic change-over function, and a detection switch for controlling on or off of the automatic acquisition function.
The automatic change-over switch is in an open state, the automatic change-over function is started, and the client can automatically change over the access endpoint; the automatic change-over switch corresponding to the client is in a closed state, the automatic change-over function is closed, the client cannot automatically change over the access endpoint, and the user can manually select the changed-over access endpoint.
The detection switch is in an on state, an automatic acquisition function is started, and the client can automatically acquire actual running environment information of the terminal, access information of a service interface in a first access endpoint which is accessed by the client currently in a target period and respective blocking indexes of a plurality of preset access endpoints; the detection switch is in a closed state, the automatic acquisition function is closed, and the client cannot automatically acquire actual running environment information of the terminal, access information of a service interface in a first access endpoint to which the client is currently accessed in a target period and respective blocking indexes of a plurality of preset access endpoints.
Only if the automatic change-over switch and the detection switch are in the on state, the client can automatically change the access endpoint, the client can automatically change the actual running environment information of the terminal, the access information of the service interface in the first access endpoint which the client is currently accessed to in the target period and the respective blocking indexes of the preset access endpoints, at this time, the actual running environment information of the terminal where the client is located and the access information of the service interface in the first access endpoint which the client is currently accessed to in the target period can be obtained, and the subsequent steps are continued.
If the automatic change-over switch is in the off state or the detection switch is in the off state, the client cannot automatically change over the access endpoint or cannot automatically acquire information, and then no subsequent steps are executed. Meanwhile, the connection with the first access endpoint is maintained all the time without manual selection by the user.
S320, if the abnormal access proportion of the key service interface in the first access endpoint exceeds the target proportion threshold value according to the access information of the service interface in the first access endpoint, and the network environment of the terminal is determined to be normal according to the actual operation environment information, determining the corresponding blocking index of each of the preset access endpoints; determining a second access endpoint from the plurality of preset access endpoints according to the respective blocking index of the plurality of preset access endpoints; switching connection from a first access endpoint to a second access endpoint; and in response to switching connection from the first access endpoint to the second access endpoint, controlling a state machine corresponding to the client to switch from the pre-switching state to the in-switching state.
The description of S320 refers to the descriptions of S210 to S40 above, and will not be repeated here.
S330, if the switch-back switch corresponding to the client is in an on state, and the client meets the preset condition, switching back to the first access endpoint.
Wherein the preset conditions include at least one of the following: the connectivity of the first access endpoint and the client in the checking period accords with the connectivity standard, the accumulated switching times of the state machine of the client before the state machine is switched is up to the time threshold, and the connectivity of all the access endpoints in the candidate access endpoint set and the client does not accord with the connectivity standard;
the client comprises a switch back switch, and the switch back switch is used for controlling the switch back function to be switched on or off. A switch back on state, a switch back function on, allowing the client to reconnect to the access endpoint before the switch (e.g., the first access endpoint in the present application); the switch back is turned off and the switch back function is turned off, not allowing the client to reconnect to the access endpoint before the switch.
The check period may be a period set based on demand, for example, within 1 minute after the client disconnects from the first access endpoint. And detecting the actual communication stability of the first access endpoint and the client in the detection period, and if the communication of the first access endpoint and the client in the detection period is detected to be in accordance with the communication standard, determining that the client meets the preset condition, and determining that the connection can be switched back to the first access endpoint.
As an embodiment, the accessibility proportion and the access quality (the access quality may be an average delay and a packet loss rate in the detection period, etc.) of the key service interface in the first access endpoint may be continuously detected by the connectivity detection component during the detection period, as the actual connectivity stability between the client and the first access endpoint.
As yet another embodiment, the client initiates access to some pre-buried interfaces in the first access endpoint through the communication component to obtain an access result of the pre-buried interfaces as the actual connectivity stability.
As shown in fig. 10, after determining the blocking index of each of the plurality of preset access endpoints, the client determines, according to the blocking index of each of the plurality of preset access endpoints, a second access endpoint with a better network state (the blocking index is lower than the blocking index threshold), the client switches the state machine of the client from the original access state to the pre-switch state (1 switch), the client switches to connect to the second access endpoint, and switches to connect to the second access endpoint, the state machine of the client enters the in-switch state (2 switches) from the pre-switch state, then determines that the actual communication stability between the client and the second access endpoint meets the communication standard, the state machine of the client enters the in-switch state (3 switches) from the in-switch state, and then determines that the communication between the first access endpoint and the client in the check period meets the communication standard, the state machine of the client enters the original access state (4 switches) from the switch state, and the client switches to connect to the first access endpoint.
Each time the state of the state machine of the client changes, the transition process of the state machine of the client increases, and in turn, the accumulated switching times of the state machine of the client increases by 1. Based on the above description, the state machine of the client enters a switching completion state, which means that the client keeps connected with the access endpoint currently connected, and the state machine of the client does not switch any more; before the state machine of the client does not enter the switching completion state, the state of the state machine of the client may be an original access state, a pre-switching state and an in-switching state, and the state of the state machine of the client may be continuously switched between the pre-switching state and the in-switching state.
Therefore, before the state machine of the client is switched to the finished state, the switching times of the state machine of the client are accumulated, when the accumulated switching times of the state machine of the client reach a time threshold, the excessive switching times are determined, and in order to avoid the problem that the access endpoint drifts under the condition of automatic switching failure, the client is determined to meet the preset condition, and the client can be switched to be connected back to the first access endpoint and is switched to be connected to the first access endpoint.
As shown in fig. 11, after determining the blocking index of each of the plurality of preset access endpoints, the client determines, according to the blocking index of each of the plurality of preset access endpoints, that the network state is good (the blocking index is lower than the blocking index threshold), that the access endpoint AP1, the client switches the state machine of the client from the original access state to the pre-switching state (1 switch), the client switches to connect to AP1, and in response to switching to connect to AP1, the state machine of the client enters the in-switch state (2 switches) from the pre-switching state; the actual communication stability between the client and the AP1 does not meet the communication standard, the client determines a new access endpoint AP2, and in response to determining the access endpoint AP2, the in-switching state of the client is switched to a pre-switching state (3 times of switching), the client is switched to be connected to the AP2, and in response to switching to be connected to the AP2, the state machine of the client enters the in-switching state (4 times of switching) from the pre-switching state; the actual communication stability between the client and the AP2 does not meet the communication standard, the client determines a new access endpoint AP3, in response to determining the access endpoint AP3, the in-switching state of the client is switched to a pre-switching state (5 times of switching), the client is switched to be connected to the AP3, in response to switching to be connected to the AP3, the state machine of the client enters the in-switching state (6 times of switching) from the pre-switching state, at the moment, the client determines that the accumulated switching times of the state machine before the switching is completed state is 6 times, the threshold of the times is reached for 6 times, the client determines that the switching is connected back to the first access endpoint, the state machine of the client is switched from the in-switching state to the original access state (7 times of switching), and the client is switched to be connected to the first access endpoint which is originally accessed.
Under the condition that connectivity between all access endpoints in the candidate access endpoint set and the client is not in accordance with the connectivity standard, the condition indicates that the access endpoints in the candidate access endpoint set cannot be stably connected with the client section, and at the moment, the client is determined to meet the preset condition, and the connection can be switched back to the first access endpoint and is switched to the first access endpoint.
In some embodiments, the client may further receive an access endpoint specification sent by the server, where the access endpoint specification is used to instruct connection to the target access endpoint; in response to a specified access endpoint instruction, switching to the target access endpoint. When the client receives the command of the specified access endpoint sent by the server, the state machine of the client may be in any state, for example, the state machine of the client may receive the command of the specified access endpoint sent by the server when in an original access state connected with the first access endpoint, for example, the state machine of the client may receive the command of the specified access endpoint sent by the server when in a state of being switched in connection with the second access endpoint.
As one embodiment, the client may request the operation of the interface from the server to determine whether the interface of the server is connected, and if it is determined that the interface of the server is connected, the server may designate a target access endpoint, generate a designated access endpoint instruction according to the target access endpoint, and switch to the target access endpoint according to the designated access endpoint instruction by the client. The client can store the link address of the target access endpoint so that the client can directly respond to the instruction of the designated access endpoint and connect to the target access endpoint according to the stored link address of the target access endpoint. The specified access endpoint instructions may include a link address of the target access endpoint to which the client is connected based on the link address of the target access endpoint in the specified access endpoint instructions.
The client can acquire the switched access endpoints and the number of the switched access endpoints as operation data, report the operation data to the server, and the server determines a target access endpoint according to the operation data. For example, the server determines, from among the switched access endpoints, the access endpoint having the smallest number of times of being switched as the target access endpoint.
It should be noted that, if the server designates the target access endpoint, the client switches the State machine of the client to the original access State (Def-State) and connects with the designated target access endpoint no matter what State the State machine of the client is in. That is, the original access state as above includes a state in which the client is connected to the target access endpoint specified by the server.
In the application, the server can manage a plurality of terminals, can determine whether the terminals exceeding the set proportion deviate from the original first access endpoints based on the respective operation data of the plurality of terminals, if so, the target access endpoint suitable for each terminal is determined through forced scheduling, and each terminal is connected to the corresponding target access endpoint.
In addition, in the application, the server side can also determine whether the terminal frequently switches access endpoints according to the operation data of the terminal, if so, the terminal is included in the alarm list, so as to further analyze whether the terminal is caused by the change of the environmental state, or caused by network reasons, software faults or access endpoints.
In this embodiment, when the preset condition is met, the first access endpoint is switched back, so that serious terminal performance consumption caused by repeated switching in a scene where the preset condition is met and the switching is not necessary is reduced, the energy consumption of the terminal is effectively saved, and the endpoint switching effect is improved. Meanwhile, the server can forcedly designate the target access endpoint, and the security requirement of the access endpoint can be flexibly controlled.
In order to more clearly explain the technical solution of the present application, the access endpoint switching method of the present application is explained below in conjunction with an exemplary scenario. The access endpoint switching process includes a manual switching and an automatic switching process.
1. Manual switching process
As shown in fig. 12, a client starts an access endpoint switching service, the client requests full access point information from a server, the server returns encrypted full access point information, the client decrypts the encrypted full access point information to obtain a plurality of initial access endpoints, the client detects the connection quality of the access endpoints of the plurality of initial access endpoints to obtain a full access point list, and the full access point list is displayed by the client.
The client can display a refreshing control, detect refreshing operation of a user for the full access point list through the refreshing control, and continuously detect the connection quality of the access endpoints of each of the plurality of initial access endpoints when the client detects refreshing operation of the user for the full access point list through the refreshing control, obtain an updated full access point list and display the updated full access point list.
The client side can display a determination control, detect the access endpoint selection operation of the user for the full access point list through the determination control, determine a first access endpoint selected by the access endpoint selection operation when the client side detects the access endpoint selection operation of the user for the updated full access point list through the determination control, access the first access endpoint by the client side, and display prompt information: the first access endpoint accesses successfully.
And then, the client can encrypt the information accessed to the first access endpoint to obtain encrypted operation data, and report the encrypted operation data to the server, so that the server can manage the access endpoint according to the encrypted operation data, for example, the target access endpoint is designated.
2. Automatic switching process
As shown in fig. 13, after the client is connected to the first access endpoint, an automatic switching logic component in the client detects whether a switching combination condition is reached, and when the access information of the service interfaces in the first access endpoint determines that the abnormal access proportion of the key service interfaces in the first access endpoint exceeds the target proportion threshold and determines that the network environment of the terminal is normal according to the actual operation environment information, the switching combination condition is determined to be reached.
If the combination condition of the switching is reached, the client automatically detects an occlusion index of an initial access endpoint (other initial access endpoints except the first access endpoint among the plurality of initial access endpoints). The automatic switching logic component in the client selects an optimal access point, namely a second access endpoint, according to the blocking index of the preset access endpoint, the client accesses the second access endpoint according to the network address of the second access endpoint, and the actual communication stability between the second access endpoint and the client is determined.
The client determines that the actual connectivity stability between the second access endpoint and the client meets the connectivity criteria, and the client maintains a connection with the second access endpoint. The automatic switching logic component of the client may also report the encrypted operation data to the server according to the switching result (which is already kept connected to the second access endpoint), so that the server can manage the access endpoint according to the encrypted operation data.
The automatic switching logic component of the client determines that the switch back switch is in an on state, indicating that switching back to the first access endpoint is allowed, the client determines that the actual stability of communication between the client and the first access endpoint meets the connectivity criteria, and the client switches to connect to the first access endpoint. The automatic switching logic component of the client may also report the encrypted operation data to the server according to the switching result (the second access endpoint is switched back to be connected to the first access endpoint), so that the server can manage the access endpoint according to the operation data.
The user queries to obtain the optimal access endpoint, and then manually selects the access endpoint as a means for adjusting the endpoint based on the base, but the method cannot be automatically adapted to the geographic position of the terminal and the change of the network position. Meanwhile, the forced scheduling of the server (for example, the instruction of the designated access endpoint for designating the target access endpoint sent by the server to the client) is that a problem occurs in a background service on a certain access endpoint or deployment adjustment is needed, the terminals on the network endpoint are forced to be cut to other access endpoints in batches, the terminals are used in emergency scenes, the priority is higher than that of the manual selection of the terminal user, but if the terminal is not connected with the server (the connection of the current access endpoint fails), the scheduling instruction issued by the server cannot be received and executed by the client, and the mode is naturally disabled.
Therefore, the terminal provided in the present scenario automatically executes the detection and automatic switching scheme of the access endpoint when necessary, effectively avoids the situations that the access endpoint is difficult to automatically adapt when manually selected and the switching failure caused by the abnormal terminal network when the server schedules the access endpoint occurs, and can effectively and automatically detect and switch the access endpoint when the server schedule fails. Moreover, according to the blocking index and the association index of the dynamic change of the access terminal, the terminal can be adapted to the access terminal which is more matched with the current environment, and the switching accuracy, flexibility and efficiency are greatly improved.
Furthermore, in the present scenario, manual switching and automatic switching are combined, so that flexible control of access endpoints can be achieved. In other embodiments, three switching modes of manual switching, automatic switching and a switching instruction issued by the server (for example, the instruction of the specified access endpoint sent by the server above) may be combined, so as to adapt to more application scenarios.
Referring to fig. 14, fig. 14 is a block diagram of an access endpoint switching apparatus according to an embodiment of the present application, where the apparatus 1400 includes:
the obtaining module 1410 is configured to obtain actual operating environment information of a terminal where the client is located and access information of a service interface in a first access endpoint to which the client is currently accessed in a target period;
A first determining module 1420, configured to determine, if an abnormal access proportion of a key service interface in the first access endpoint exceeds a proportion threshold according to access information of the service interface in the first access endpoint, and determine that a network environment of the terminal is normal according to actual operation environment information, determine blocking indexes corresponding to a plurality of preset access endpoints, where the blocking indexes corresponding to the preset access endpoints are used to indicate a network blocking degree between the preset access endpoint and the client;
a second determining module 1430 configured to determine a second access endpoint from the plurality of preset access endpoints according to the respective blocking index of the plurality of preset access endpoints, the blocking index of the second access endpoint being lower than the blocking index threshold;
the switching module 1440 is configured to switch connection from the first access endpoint to the second access endpoint.
Optionally, the second determining module 1430 is further configured to determine, from the plurality of preset access endpoints, a plurality of third access endpoints having an blocking index lower than the blocking index threshold according to the blocking index of each of the plurality of preset access endpoints; determining a degree of association index between each third access endpoint and the client; and determining the second access endpoint from the plurality of third access endpoints according to the association degree index between each third access endpoint and the client.
Optionally, the obtaining module 1410 is further configured to determine, according to access information of the service interfaces in the first access endpoint, an abnormal service interface that meets an abnormal access condition; the abnormal access condition includes at least one of: the duration time of the continuous access exception in the target period exceeds a preset period threshold, the number of access sessions of the continuous access exception in the target period exceeds a session number threshold, the number of sessions which are not accessed in the target period is larger than a first proportion threshold, the ratio of the size of the time period of the continuous access exception in the target period to the target period is larger than a second proportion threshold, the number of times of network delay exceeding an expected value for an access endpoint in the target period exceeds a preset number of times, and the ratio of access specific abnormal network error codes for a service interface in the target period exceeds a third proportion threshold; if the abnormal service interface comprises the appointed key service interface, determining the duty ratio of the appointed key service interface in the abnormal service interface as the abnormal access proportion of the key service interface in the first access endpoint.
Optionally, the switching module 1440 is further configured to determine an actual connection stability between the client and the second access endpoint; if the actual communication stability between the client and the second access endpoint meets the communication standard, the client and the second access endpoint are kept connected.
Optionally, the device further includes a state switching module, configured to control, in response to determining the second access endpoint from the plurality of preset access endpoints, the state machine corresponding to the client to switch from the original access state to the pre-switch state; responsive to switching connection from the first access endpoint to the second access endpoint, controlling a state machine corresponding to the client to switch from a pre-switching state to an in-switching state; and controlling a state machine corresponding to the client to switch from the in-switching state to the switching state in response to the fact that the actual communication stability between the client and the second access endpoint meets the communication standard.
Optionally, the switching module 1440 is further configured to determine, if the actual connectivity stability between the client and the second access endpoint does not meet the connectivity standard, a fourth access endpoint from a candidate access endpoint set, where the candidate access endpoint set is constructed according to a third access endpoint having an occlusion index lower than an occlusion index threshold among the plurality of preset access endpoints; the fourth access endpoint is a different access endpoint than the second access endpoint; the state switching module is further used for controlling the state machine corresponding to the client to be switched from the in-switching state to the pre-switching state in response to determining a fourth access endpoint from the candidate access endpoint set; a switching module 1440, configured to switch connection from the second access endpoint to the fourth access endpoint; and the state switching module is also used for controlling the state machine corresponding to the client to be switched from the pre-switching state to the switching state in response to the switching connection from the second access endpoint to the fourth access endpoint.
Optionally, the switching module 1440 is further configured to switch back to the first access endpoint if the switch back switch corresponding to the client is in an on state and the client meets a preset condition; the preset conditions include at least one of the following: the actual communication stability of the first access endpoint and the client in the checking period accords with the communication standard, the accumulated switching times of the state machine of the client before the switching is finished reach the time threshold value, and the connectivity of all the access endpoints in the candidate access endpoint set and the client does not accord with the communication standard; and the state switching module is also used for controlling the state machine of the client to be switched to the original access state in response to the client being switched and connected back to the first access endpoint.
Optionally, the first determining module 1420 is further configured to determine, if it is determined according to the access information of the service interfaces in the first access endpoint that the abnormal access proportion of the key service interfaces in the first access endpoint exceeds the proportion threshold, and determine, according to the actual operating environment information, that the network environment of the terminal is normal, and determine network state parameters of the client and each preset access endpoint; and determining the blocking index of each preset access endpoint according to the network state parameters of the client and each preset access endpoint.
Optionally, the switching module 1440 is further configured to receive an access endpoint specification sent by the server, where the access endpoint specification is used to instruct connection to the target access endpoint; in response to a specified access endpoint instruction, switching to the target access endpoint.
Optionally, the obtaining module 1410 is further configured to obtain, if the automatic change-over switch and the detection switch corresponding to the client are both in an on state, the actual running environment information of the terminal where the client is located and the access information of the service interface in the first access endpoint to which the client is currently accessed in the target period.
It should be noted that, in the present application, the device embodiment and the foregoing method embodiment correspond to each other, and specific principles in the device embodiment may refer to the content in the foregoing method embodiment, which is not described herein again.
Fig. 15 shows a block diagram of an electronic device for performing an access endpoint switching method according to an embodiment of the application. The electronic device may be the terminal 20 in fig. 3, etc., and it should be noted that the computer system 1200 of the electronic device shown in fig. 15 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.
As shown in fig. 15, the computer system 1200 includes a central processing unit (Central Processing Unit, CPU) 1201 which can perform various appropriate actions and processes, such as performing the methods in the above-described embodiments, according to a program stored in a Read-Only Memory (ROM) 1202 or a program loaded from a storage section 1208 into a random access Memory (Random Access Memory, RAM) 1203. In the RAM 1203, various programs and data required for the system operation are also stored. The CPU1201, ROM1202, and RAM 1203 are connected to each other through a bus 1204. An Input/Output (I/O) interface 1205 is also connected to bus 1204.
The following components are connected to the I/O interface 1205: an input section 1206 including a keyboard, a mouse, and the like; an output portion 1207 including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and a speaker, etc.; a storage section 1208 including a hard disk or the like; and a communication section 1209 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 1209 performs communication processing via a network such as the internet. The drive 1210 is also connected to the I/O interface 1205 as needed. A removable medium 1211 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed on the drive 1210 as needed, so that a computer program read out therefrom is installed into the storage section 1208 as needed.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1209, and/or installed from the removable media 1211. When executed by a Central Processing Unit (CPU) 1201, performs the various functions defined in the system of the present application.
It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
As another aspect, the present application also provides a computer-readable storage medium that may be contained in the electronic device described in the above embodiment; or may exist alone without being incorporated into the electronic device. The computer readable storage medium carries computer readable instructions which, when executed by a processor, implement the method of any of the above embodiments.
According to one aspect of an embodiment of the present application, there is provided a computer program product comprising computer instructions stored in a computer readable storage medium. The processor of the electronic device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the electronic device to perform the method of any of the embodiments described above.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause an electronic device (may be a personal computer, a server, a touch terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the application has been described in detail with reference to the foregoing embodiments, it will be appreciated by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not drive the essence of the corresponding technical solutions to depart from the spirit and scope of the technical solutions of the embodiments of the present application.
Claims (13)
1. An access endpoint switching method, applied to a client, comprising:
acquiring the actual running environment information of a terminal where the client is located and the access information of a service interface in a first access endpoint which is accessed by the client currently in a target period;
if the abnormal access proportion of the key service interface in the first access endpoint exceeds a target proportion threshold value according to the access information of the service interface in the first access endpoint, and the network environment of the terminal is determined to be normal according to the actual operation environment information, determining the corresponding blocking indexes of a plurality of preset access endpoints, wherein the blocking index of the preset access endpoint is used for indicating the network blocking degree between the preset access endpoint and the client;
Determining a second access endpoint from the preset access endpoints according to the respective blocking indexes of the preset access endpoints, wherein the blocking index corresponding to the second access endpoint is lower than a blocking index threshold;
and switching connection from the first access endpoint to the second access endpoint.
2. The method of claim 1, wherein said determining a second access endpoint from said plurality of preset access endpoints based on respective blocking metrics of said plurality of preset access endpoints comprises:
determining a plurality of third access endpoints with the blocking index lower than a blocking index threshold value from the plurality of preset access endpoints according to the blocking index of each of the plurality of preset access endpoints;
determining a relevancy index between each third access endpoint and the client;
and determining the second access endpoint from a plurality of third access endpoints according to the association index between each third access endpoint and the client.
3. The method according to claim 1, wherein before determining that the abnormal access proportion of the critical service interface in the first access endpoint exceeds the target proportion threshold according to the access information of the service interface in the first access endpoint, and determining that the network environment of the terminal is normal according to the actual running environment information, the method further comprises:
Determining an abnormal service interface meeting abnormal access conditions according to the access information of the service interface in the first access endpoint; the abnormal access condition includes at least one of: the duration time of the continuous access exception in the target period exceeds a preset period threshold, the number of access sessions of the continuous access exception in the target period exceeds a session number threshold, the number of sessions which are not accessed in the target period is larger than a first proportion threshold, the ratio of the size of the time period of the continuous access exception in the target period to the target period is larger than a second proportion threshold, the number of times of network delay exceeding an expected value for an access endpoint in the target period exceeds a preset number of times, and the ratio of access specific abnormal network error codes for a service interface in the target period exceeds a third proportion threshold;
if the abnormal service interface comprises a designated key service interface, determining the duty ratio of the designated key service interface in the abnormal service interface as the abnormal access proportion of the key service interface in the first access endpoint.
4. The method of claim 1, wherein after the client switches a communication access point from the first access endpoint to the second access endpoint, the method further comprises:
Determining an actual communication stability between the client and the second access endpoint;
and if the actual communication stability between the client and the second access endpoint meets the communication standard, the client is connected with the second access endpoint.
5. The method according to claim 4, wherein the method further comprises:
responsive to determining a second access endpoint from the plurality of preset access endpoints, controlling a state machine corresponding to the client to switch from an original access state to a pre-switch state;
responsive to switching connection from the first access endpoint to the second access endpoint, controlling a state machine corresponding to the client to switch from the pre-switching state to an in-switching state;
and controlling a state machine corresponding to the client to switch from a switching state to a switching state in response to the fact that the actual communication stability between the client and the second access endpoint meets the communication standard.
6. The method of claim 5, wherein in response to switching connection from the first access endpoint to the second access endpoint, the method further comprises, after controlling the state machine corresponding to the client to switch from the pre-switch state to the in-switch state:
If the actual communication stability between the client and the second access endpoint does not meet the communication standard, determining a fourth access endpoint from a candidate access endpoint set, wherein the candidate access endpoint set is constructed according to a third access endpoint with the blocking index lower than a blocking index threshold value in the preset access endpoints; the fourth access endpoint is a different access endpoint than the second access endpoint;
responsive to determining a fourth access endpoint from the candidate access endpoint set, controlling a state machine corresponding to the client to switch from the in-switch state to a pre-switch state;
switching connection from the second access endpoint to a fourth access endpoint;
and controlling the state machine corresponding to the client to switch from the pre-switching state to the switching state in response to switching connection from the second access endpoint to the fourth access endpoint.
7. The method of claim 6, wherein, in response to switching connection from the first access endpoint to the second access endpoint, the method further comprises, after controlling the state machine corresponding to the client to switch from the pre-switch state to the in-switch state:
If the switch-back switch corresponding to the client is in an on state and the client meets a preset condition, switching and connecting to the first access endpoint; the preset conditions include at least one of the following: the actual communication stability of the first access endpoint and the client in the checking period accords with the communication standard, the accumulated switching times of the state machine of the client before the state machine is switched is up to the time threshold value, and the connectivity of all the access endpoints in the candidate access endpoint set and the client does not accord with the communication standard;
and controlling the state machine of the client to switch to the original access state in response to the client switching connection back to the first access endpoint.
8. The method according to claim 1, wherein if it is determined that the abnormal access proportion of the critical service interface in the first access endpoint exceeds the proportion threshold according to the access information of the service interface in the first access endpoint, and the network environment of the terminal is determined to be normal according to the actual running environment information, determining the blocking index corresponding to each of the plurality of preset access endpoints includes:
if the abnormal access proportion of the key service interface in the first access endpoint exceeds a proportion threshold value according to the access information of the service interface in the first access endpoint, and the network environment of the terminal is determined to be normal according to the actual operation environment information, determining network state parameters of the client and each preset access endpoint;
And determining the blocking index of each preset access endpoint according to the network state parameters of the client and each preset access endpoint.
9. The method according to claim 1, wherein the method further comprises:
receiving an appointed access endpoint instruction sent by a server, wherein the appointed access endpoint instruction is used for indicating connection to a target access endpoint;
and responding to the instruction of the appointed access endpoint, and switching to the target access endpoint.
10. The method of claim 1, wherein the obtaining the actual operating environment information of the terminal where the client is located and the access information of the service interface in the first access endpoint currently accessed by the client in the target period includes:
and if the automatic change-over switch and the detection switch corresponding to the client are in the on state, acquiring the actual running environment information of the terminal where the client is located and the access information of the service interface in the first access endpoint to which the client is currently accessed in the target period.
11. An access endpoint switching apparatus, for application to a client, the apparatus comprising:
the acquisition module is used for acquiring the actual running environment information of the terminal where the client is located and the access information of the service interface in the first access endpoint which is accessed by the client currently in a target period;
The first determining module is configured to determine, if the abnormal access proportion of the key service interface in the first access endpoint exceeds a proportion threshold according to the access information of the service interface in the first access endpoint, determine that the network environment of the terminal is normal according to the actual operation environment information, determine blocking indexes corresponding to a plurality of preset access endpoints, where the blocking indexes corresponding to the preset access endpoints are used to indicate a network blocking degree between the preset access endpoint and the client;
a second determining module, configured to determine a second access endpoint from the plurality of preset access endpoints according to respective blocking indexes of the plurality of preset access endpoints, where the blocking index of the second access endpoint is lower than a blocking index threshold;
and the switching module is used for switching connection from the first access endpoint to the second access endpoint.
12. An electronic device, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the method of any of claims 1-10.
13. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a program code, which is callable by a processor for performing the method according to any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310925785.2A CN116647572B (en) | 2023-07-26 | 2023-07-26 | Access endpoint switching method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310925785.2A CN116647572B (en) | 2023-07-26 | 2023-07-26 | Access endpoint switching method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116647572A true CN116647572A (en) | 2023-08-25 |
| CN116647572B CN116647572B (en) | 2023-11-14 |
Family
ID=87625139
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310925785.2A Active CN116647572B (en) | 2023-07-26 | 2023-07-26 | Access endpoint switching method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116647572B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117294745A (en) * | 2023-11-24 | 2023-12-26 | 中关村科学城城市大脑股份有限公司 | Network connection state information sending method, device, electronic equipment and medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935638A (en) * | 2015-04-30 | 2015-09-23 | 重庆大学 | P2P downloading algorithm based on blocking switching servers |
| CN107105309A (en) * | 2017-04-25 | 2017-08-29 | 北京潘达互娱科技有限公司 | Live dispatching method and device |
| CN108377240A (en) * | 2018-02-07 | 2018-08-07 | 平安科技(深圳)有限公司 | Exceptional interface detection method, device, computer equipment and storage medium |
| CN108563499A (en) * | 2018-04-27 | 2018-09-21 | 努比亚技术有限公司 | CDN server switching method, mobile terminal and computer readable storage medium |
| CN110460732A (en) * | 2019-09-24 | 2019-11-15 | 腾讯科技(深圳)有限公司 | Network quality monitoring method, device and the communication server |
| EP3629507A1 (en) * | 2018-09-28 | 2020-04-01 | Intel IP Corporation | Methods and devices for device-to-device communications |
| CN111427728A (en) * | 2019-12-31 | 2020-07-17 | 杭州海康威视数字技术股份有限公司 | State management method, main/standby switching method and electronic equipment |
| WO2021147481A1 (en) * | 2020-01-22 | 2021-07-29 | 北京字节跳动网络技术有限公司 | Monitoring method and apparatus, and electronic device |
| US20230124166A1 (en) * | 2021-10-15 | 2023-04-20 | Dell Products L.P. | Application programming interface anomaly detection |
| CN116319421A (en) * | 2023-03-17 | 2023-06-23 | 中国工商银行股份有限公司 | Fault detection method and device based on cloud platform, fault detection system and medium |
| CN116488989A (en) * | 2023-04-13 | 2023-07-25 | 平安银行股份有限公司 | Method for monitoring abnormality of interface access data, computer equipment and computer readable storage medium |
-
2023
- 2023-07-26 CN CN202310925785.2A patent/CN116647572B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935638A (en) * | 2015-04-30 | 2015-09-23 | 重庆大学 | P2P downloading algorithm based on blocking switching servers |
| CN107105309A (en) * | 2017-04-25 | 2017-08-29 | 北京潘达互娱科技有限公司 | Live dispatching method and device |
| CN108377240A (en) * | 2018-02-07 | 2018-08-07 | 平安科技(深圳)有限公司 | Exceptional interface detection method, device, computer equipment and storage medium |
| CN108563499A (en) * | 2018-04-27 | 2018-09-21 | 努比亚技术有限公司 | CDN server switching method, mobile terminal and computer readable storage medium |
| EP3629507A1 (en) * | 2018-09-28 | 2020-04-01 | Intel IP Corporation | Methods and devices for device-to-device communications |
| CN110460732A (en) * | 2019-09-24 | 2019-11-15 | 腾讯科技(深圳)有限公司 | Network quality monitoring method, device and the communication server |
| CN111427728A (en) * | 2019-12-31 | 2020-07-17 | 杭州海康威视数字技术股份有限公司 | State management method, main/standby switching method and electronic equipment |
| WO2021147481A1 (en) * | 2020-01-22 | 2021-07-29 | 北京字节跳动网络技术有限公司 | Monitoring method and apparatus, and electronic device |
| US20230124166A1 (en) * | 2021-10-15 | 2023-04-20 | Dell Products L.P. | Application programming interface anomaly detection |
| CN116319421A (en) * | 2023-03-17 | 2023-06-23 | 中国工商银行股份有限公司 | Fault detection method and device based on cloud platform, fault detection system and medium |
| CN116488989A (en) * | 2023-04-13 | 2023-07-25 | 平安银行股份有限公司 | Method for monitoring abnormality of interface access data, computer equipment and computer readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117294745A (en) * | 2023-11-24 | 2023-12-26 | 中关村科学城城市大脑股份有限公司 | Network connection state information sending method, device, electronic equipment and medium |
| CN117294745B (en) * | 2023-11-24 | 2024-02-02 | 中关村科学城城市大脑股份有限公司 | Network connection state information sending method, device, electronic equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116647572B (en) | 2023-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5961638B2 (en) | System and method for application certification | |
| CN109492380B (en) | Equipment authentication method and device and block link point | |
| WO2020057163A1 (en) | Mec platform deployment method and device | |
| CN113746633B (en) | Internet of things equipment binding method, device, system, cloud server and storage medium | |
| CN116647572B (en) | Access endpoint switching method, device, electronic equipment and storage medium | |
| CN114902612A (en) | Edge network based account protection service | |
| CN114995214A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
| CN111555920B (en) | Intelligent operation and maintenance method, system, equipment and user side | |
| WO2022121589A1 (en) | Data information acquisition methods and apparatus, related device, and medium | |
| CN111866993B (en) | Wireless local area network connection management method, device, software program and storage medium | |
| US20230254146A1 (en) | Cybersecurity guard for core network elements | |
| CN115633359A (en) | PFCP session security detection method, device, electronic equipment and storage medium | |
| US20200351259A1 (en) | Runtime credential requirement identification for incident response | |
| CN114157472A (en) | Network access control method, device, equipment and storage medium | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN115189897A (en) | Access processing method and device for zero trust network, electronic equipment and storage medium | |
| CN114124556A (en) | Network access control method, device, equipment and storage medium | |
| CN113746909A (en) | Network connection method, device, electronic equipment and computer readable storage medium | |
| CN115801292A (en) | Access request authentication method and device, storage medium and electronic equipment | |
| CN112241535A (en) | Server security policy configuration method based on flow data analysis | |
| CN113297629B (en) | Authentication method, device, system, electronic equipment and storage medium | |
| US20220377105A1 (en) | Intelligent orchestration to combat denial of service attacks | |
| WO2023011291A1 (en) | Node scheduling method and apparatus, medium, and device | |
| CN116980164A (en) | Access request processing method, system, device, computer equipment and storage medium | |
| CN117439745A (en) | Process communication control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40091013 Country of ref document: HK |