CN116800810A - QUIC handshake method and device, electronic equipment and storage medium - Google Patents

QUIC handshake method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116800810A
CN116800810A CN202210271165.7A CN202210271165A CN116800810A CN 116800810 A CN116800810 A CN 116800810A CN 202210271165 A CN202210271165 A CN 202210271165A CN 116800810 A CN116800810 A CN 116800810A
Authority
CN
China
Prior art keywords
certificate
domain name
client
handshake
receiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210271165.7A
Other languages
Chinese (zh)
Inventor
曾伟城
李逸骏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Baishancloud Technology Co Ltd
Original Assignee
Guizhou Baishancloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Baishancloud Technology Co Ltd filed Critical Guizhou Baishancloud Technology Co Ltd
Priority to CN202210271165.7A priority Critical patent/CN116800810A/en
Publication of CN116800810A publication Critical patent/CN116800810A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol

Abstract

The invention provides a QUIC handshake method, a device, an electronic device and a storage medium, wherein the method comprises the following steps: receiving a domain name certificate sent by a certificate center, wherein the domain name certificate is a domain name certificate which is preconfigured and indicated to be loaded for the target edge equipment; receiving a handshake request sent by a client based on a QUIC protocol; acquiring configuration information, wherein the configuration information comprises domain name certificates and other server parameters required by completing a connection establishment process with the client; and sending the configuration information to the client to complete a connection establishment process. Therefore, the certificate to be loaded is loaded before the handshake request of the client is received, and the corresponding domain name certificate is directly returned after the handshake request of the client is received, so that the connection establishment process is completed, and the time required by handshake is greatly reduced.

Description

QUIC handshake method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a QUIC handshake method, apparatus, electronic device, and storage medium.
Background
Edge cloud computing, for short, is a cloud computing platform built on an edge infrastructure based on the core of cloud computing technology and the capability of edge computing. An elastic cloud platform with comprehensive capabilities of edge position calculation, network, storage, safety and the like is formed through a large number of edge devices, an end-to-end technical architecture of cloud edge end three-body cooperation is formed with a central cloud and an Internet of things terminal, and work such as network forwarding, storage, calculation, intelligent data analysis and the like is put on edge processing, so that response time delay can be reduced, cloud pressure is reduced, bandwidth cost is reduced, and cloud services such as whole network scheduling, calculation power distribution and the like are provided.
For the importance of security, most of the traffic accessed by the edge cloud network is https traffic nowadays. However, conventional https requests are transmitted based on the TCP protocol, which has some problems including TCP queue head blocking, handshake delay, protocol rigidification, etc.
In order to solve the problems, part of users adopt a QUIC (Quick UDP Internet Connection) protocol request mode, the QUIC protocol is based on the UDP protocol to carry out data transmission, and the method has the characteristics of reliability, order, safety, rapidness and the like, but in the process of handshake, the validity of a domain name certificate to be read is checked after the current edge device receives a handshake request of a client, so that the handshake time is greatly increased, and in addition, the edge device needs to repeatedly read the domain name certificate in the process of handshake, so that the handshake performance is reduced.
Disclosure of Invention
The invention solves the problem that the edge equipment repeatedly reads the domain name certificate in the handshake process of the existing QUIC protocol, thereby reducing the handshake performance.
To solve the above problem, a first aspect of the present invention provides a quitc handshake method, applied to a target edge device, including:
receiving a domain name certificate sent by a certificate center, wherein the domain name certificate is a domain name certificate which is preconfigured and indicated to be loaded for the target edge equipment;
Receiving a handshake request sent by a client based on a QUIC protocol;
acquiring configuration information, wherein the configuration information comprises domain name certificates and other server parameters required by completing a connection establishment process with the client;
and sending the configuration information to the client to complete a connection establishment process.
In one embodiment, before the receiving the handshake request sent by the client based on the qic protocol, the method further includes:
detecting whether a domain name certificate in a local storage area is in a valid state;
if not, sending a certificate loading request to the certificate center, and replacing the domain name certificate in the invalid state with the new domain name certificate received from the certificate center.
In one embodiment, before the receiving the handshake request sent by the client based on the qic protocol, the method further includes:
receiving a new domain name certificate sent by the certificate center;
and replacing the domain name certificate in the state to be updated with the new domain name certificate.
In one embodiment, the method further comprises:
detecting whether the access frequency of the domain name certificate reaches a preset value;
if yes, the domain name certificate is loaded to a shared memory.
In one embodiment, after the receiving the handshake request sent by the client based on the qic protocol, the method includes:
detecting whether the handshake request contains QUIC version information and connection ID, and determining whether the handshake request can be multiplexed;
if multiplexing is possible, directly completing a connection establishment process with the client;
if the multiplexing is not possible, acquiring configuration information, and sending the configuration information to the client to complete the connection establishment process.
In one embodiment, the receiving the domain name certificate sent by the certificate authority includes:
sending a certificate loading request to the certificate center, wherein identification information is recorded in the certificate loading request and is used for identifying the processing priority of the certificate loading request in the certificate center;
and receiving a domain name certificate returned by the certificate center.
A second aspect of the present invention provides a quench handshake apparatus for use with a target edge device, comprising:
the first receiving module is used for receiving a domain name certificate sent by a certificate center, and the domain name certificate is a domain name certificate which is preconfigured and indicates to be loaded for the target edge equipment;
the second receiving module is used for receiving a handshake request sent by the client based on the QUIC protocol;
The handshake module is used for acquiring configuration information, wherein the configuration information comprises domain name certificates and other server parameters required by completing a connection establishment process with the client;
and the first sending module is used for sending the configuration information to the client to complete the connection establishment process.
A third aspect of the invention provides an electronic device comprising a computer readable storage medium storing a computer program and a processor, the computer program implementing a method as described above when read and executed by the processor.
A fourth aspect of the invention provides a computer readable storage medium storing a computer program which, when read and run by a processor, implements a method as described above.
A fifth aspect of the invention provides a computer program product comprising a computer program for execution by a processor to perform a method as described above.
Therefore, the edge device loads the certificate to be loaded before receiving the handshake request of the client, and directly returns the corresponding domain name certificate after receiving the handshake request of the client, so that the connection establishment process is completed, and the time required by handshake is greatly reduced.
According to the application, the edge device actively loads the certificate, so that the time consumption for loading the certificate before handshake is reduced, and the labor cost is reduced by automatic arrangement of the certificate; realizing the hot loading of the certificate and quickly replacing the valid certificate; by detecting the use frequency of the certificate in a period of time, some high-frequency certificates are loaded into the shared memory as hot certificates, so that repeated I/O reading and writing are avoided, and resources are wasted.
Drawings
FIG. 1 is a schematic diagram of a QUIC handshake system according to an embodiment of the present application;
FIG. 2 is a first flowchart of a QUIC handshake method according to an embodiment of the present applications;
FIG. 3 is a second flowchart of a QUIC handshake method according to embodiments of the present applications;
FIG. 4 is a third flowchart of a QUIC handshake method according to an embodiment of the present application;
FIG. 5 is a fourth flowchart of a QUIC handshake method according to embodiments of the present applications;
FIG. 6 is a fifth flowchart of a QUIC handshake method according to embodiments of the present applications;
FIG. 7 is a sixth flowchart of a QUIC handshake method according to embodiments of the present applications;
FIG. 8 is a first flowchart of a target edge device side QUIC handshake method according to an embodiment of the present applications;
FIG. 9 is a second flowchart of a target edge device side QUIC handshake method according to an embodiment of the present applications;
FIG. 10 is a third flowchart of a target edge device side QUIC handshake method according to an embodiment of the present applications;
FIG. 11 is a fourth flowchart of a target edge device side QUIC handshake method according to an embodiment of the present applications;
FIG. 12 is a fifth flowchart of a target edge device side QUIC handshake method according to an embodiment of the present applications;
FIG. 13 is a sixth flowchart of a target edge device side QUIC handshake method according to an embodiment of the present applications;
FIG. 14 is a block diagram of the target edge device side QUIC handshake apparatus according to an embodiment of the present applications;
FIG. 15 is a block diagram of the target edge device side QUIC handshake apparatus according to another embodiment of the present applications;
fig. 16 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Various exemplary embodiments of the present application will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present application unless it is specifically stated otherwise.
The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the application, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
In addition, the technical solutions of the embodiments of the present application may be combined with each other, but it is necessary to be based on the fact that those skilled in the art can implement the technical solutions, and when the technical solutions are contradictory or cannot be implemented, the combination of the technical solutions should be considered as not existing, and not falling within the scope of protection claimed by the present application.
A method for performing a QUIC handshake according to an exemplary embodiment of the present application is described below in connection with fig. 1-13. It should be noted that the following application scenarios are only shown for facilitating understanding of the spirit and principles of the present application, and embodiments of the present application are not limited in this respect. Rather, embodiments of the application may be applied to any scenario where applicable.
The embodiment of the application provides a QUIC handshake method, which is based on a network system architecture comprising a client, target edge equipment and a certificate center, referring to fig. 1. Communication modes can be established among the client, the target edge device and the certificate center through physical ports and the like.
It should be noted that, one or more clients may be deployed in the network system architecture, where the same client may be connected to multiple target edge devices, and the same target edge device may also be connected to multiple clients in a communication manner; the same certificate authority may also be communicatively coupled to one or more target edge devices.
The client and the target edge device are not determined hardware products for the whole network system architecture, and the same hardware, such as a computer, a server, etc., may be used as a client in one case and may be used as a target edge device in another case.
The division of the client and the server in the application can represent the correspondence relationship in the communication mode, for example, one target edge device can correspond to a plurality of clients; also represented are different usage functions, such as a client for user use and a server for storing certificate transfers. In order to facilitate more accurate judgment, the application does not limit the functions, roles and the like of the client and the target edge device, and only considers the client sending the connection request in communication connection, and receives the connection request or connects the certificate center to store the certificate as the target edge device.
Only one client, one target edge device and one certificate authority are schematically depicted in fig. 1, the client being in communication with the target edge device, the target edge device being in communication with the certificate authority. A session connection can be established between the client and the target edge device, wherein the session connection is an outbound connection between the client and the target edge device, namely an outbound communication connection; the target edge device may also establish a session connection with the certificate authority, the session connection being an outbound connection between the target edge device to the certificate authority. Other types of session connection may be established between the client and the target edge device, and between the target edge device and the certificate authority, which is not particularly limited in the present application.
It should be noted that the numbers of the client, the target edge device, and the certificate authority in fig. 1 are merely illustrative, and the specific numbers may be adjusted according to implementation requirements or description requirements in the present application.
Implementation details of the technical solution of the embodiment of the present application are set forth in detail below.
The application provides a QUIC handshake method, which can be executed by a QUIC handshake device, and the QUIC handshake device can be integrated in electronic equipment such as a computer, a server, a computer and the like. FIG. 2 is a first flowchart of a QUIC handshake method according to an embodiment of the present application; the QUIC handshake method comprises the following steps:
S101, a certificate center sends a domain name certificate to target edge equipment, wherein the domain name certificate pre-configures the domain name certificate which indicates to be loaded for the target edge equipment;
domain name certificates to be loaded can be preconfigured in the target edge equipment, and the domain name certificates are loaded in advance.
The edge device may provide a Web service based on a certificate, including but not limited to an edge server, an edge gateway, an edge controller, an edge router, or a network set-top box of an edge cloud network, which is not limited herein, and any other form of edge device that is present or appears in the future should be included in the protection scope of the present application if the present application is applicable.
In one embodiment, a domain name certificate list is set in the target edge device, and the domain name certificate to be loaded is recorded in the list; the domain name certificate in the domain name certificate list is preloaded through a certificate center.
In another embodiment, a domain name list is set in the target edge device, and the domain name to be loaded is recorded in the list; and preloading a domain name certificate corresponding to the domain name in the domain name list through a certificate center.
In another embodiment, a configuration file, such as a conf file of the QUICER component, is set in the target edge device, and a domain name certificate to be loaded is configured through the configuration file; and preloading the domain name certificate configured by the configuration file through a certificate center.
Wherein conf is shorthand of configuration file config, and is used for accessing installation configuration information of hardware driver.
In another embodiment, the domain name certificate list, the domain name list or the configuration file is disposed in the certificate authority, and the domain name certificate is loaded through the certificate authority.
In one embodiment, the domain name certificates to be loaded at least comprise at least one of domain name certificates of newly added domain names, domain name certificates to be updated and domain name certificates to be deleted.
In one embodiment, the domain name certificate that needs to be updated is a domain name certificate whose caching time expires, a domain name certificate whose validity period expires, or an invalid certificate other than the foregoing two cases.
In one embodiment, a detection list is set in the edge device, the cache time or the validity period of the domain name certificate is recorded through the detection list, the corresponding domain name certificate is set to be required to be loaded after the cache time or the validity period expires, a request is sent to a certificate center, and the domain name certificate returned by the certificate center is received to update the expired domain name certificate.
In another embodiment, a detection list is set in the certificate center, the cache time or the validity period of the domain name certificate is recorded through the detection list, the corresponding domain name certificate is issued or loaded into the corresponding edge device after the cache time or the validity period expires, and the edge device updates the corresponding domain name certificate.
After the domain name certificate is loaded to the corresponding edge device, the certificate center sets a cache time and a validity period for the loaded domain name certificate, for example, the validity period is set to be one or two years, and the setting of the cache time is set to be one month before the expiration of the validity period, so that the domain name certificate can be updated by searching whether the cache time is expired, and the certificate can be updated before the expiration of the cache time and one month of the validity period interval, thereby avoiding handshake time delay caused by the expiration of the certificate.
In addition, the specific setting time of the validity period may be three months, six months, nine months or other times, and the interval between the buffering time and the expiration time of the validity period may be half month, ten days, five days or other times; the specific setting time of the validity period and the specific value of the interval between the cache time and the expiration time of the validity period are not limited in the present application.
In addition, it should be noted that when the certificate center loads or issues the domain name certificate, the version number will be generated according to the time of issuing or loading and other information, so that one version number on each edge device corresponds to one domain name certificate, the version numbers of the domain name certificates of different domain names are different, and the version numbers of the domain name certificates issued at different times corresponding to the same domain name are also different; thus for domain name certificates, the version update is a domain name certificate update.
In one embodiment, when the certificate center issues or loads the domain name certificate of the same domain name to a plurality of edge devices, different batches of edge devices in the plurality of edge devices are respectively loaded through at least two time points (for example, the edge devices are divided into a plurality of batches, and each time point loads one batch of edge devices); thus, the loading or updating time of the domain name certificate of the edge equipment aiming at the same domain name is staggered, so that the expiration time of the domain name certificate of the same domain name is staggered, the congestion of the peak period of data transmission is avoided, and the loading or issuing efficiency of the certificate is improved.
For example, the certificate center needs to issue the domain name certificate of the domain name www.abc.com to 3000 edge devices, then the domain name certificate may be issued to 500 edge devices in the domain name certificate at the first time, and after a preset time interval, the domain name certificate may be issued to another 500 edge devices, so as to cycle until all edge devices issue.
In one embodiment, the domain name certificate of the newly added domain name may be determined by notifying a certificate authority after determining the newly added domain name, or otherwise notifying the certificate authority; after receiving the notification, the certificate center issues or loads the corresponding domain name certificate into the corresponding edge device, and the edge device loads the corresponding domain name certificate. The present application is not limited to a specific way of notifying the certificate authority.
In one embodiment, the domain name certificate that needs to be deleted may be determined by notifying the certificate authority after determining the deletion, or otherwise notifying the certificate authority; and the certificate center sends a corresponding deleting instruction or deleting information to the corresponding edge equipment after receiving the notification, and the edge equipment deletes the corresponding domain name certificate. The present application is not limited to a specific way of notifying the certificate authority.
S102, the client sends a handshake request to the target edge device based on the QUIC protocol;
the target edge device is selected from edge devices and is used as a certificate center or the device at the other end of the client for establishing connection; one of the edge devices is selected as the target edge device, and the selection can be performed in a load balancing mode.
The load balancing device may determine, according to a certain allocation policy, to which server in the CDN node (edge device) the access request sent by the client should be sent for processing. As a scheduler between the client and the server, the load balancing device sets an allocation policy for the purpose of sending the access request sent by the client to each server in the CDN node as uniformly as possible. It can be understood that the load balancing device distributes network traffic from the client to different servers in the CDN node through a set allocation policy, so that each server cooperatively provides service to the outside, and jointly bears access service from the client, so that uneven load of each server in the CDN node is avoided, overload of a part of servers of the node occurs, and usability of the whole system is improved.
It should be noted that the load balancing device may distribute the load on the plurality of servers using a loop selection, or distribute the load by selecting a server having the lowest CPU load and/or network load, or distribute the load on the plurality of servers according to the number of concurrent requests, and/or distribute the load on the plurality of servers according to an average request latency over an arbitrary period of time, the load balancing device may also distribute the load according to a geographical route, and so on. It should be understood that the load balancing device may also distribute the load in a manner other than the above-described distribution manner, which is not particularly limited.
In one embodiment, the load balancing is polling.
In one embodiment, the load balancing is performed by mapping to the QUIC software through hash when the client requests to the QUICER component through the QUIC protocol.
In one embodiment, the version of the QUIC protocol may be Q039, Q043, Q44, Q046, Q047, etc.
In one embodiment, the handshake request sent by the client to the target edge device is an initial packet or inchoate Client Hello (CHLO) message.
S103, the target edge equipment acquires configuration information, wherein the configuration information comprises domain name certificates and other server parameters required by completing a connection establishment process with the client;
In the configuration information, the domain name certificate can be obtained and directly read from the target edge device.
And S104, the target edge equipment sends the configuration information to the client to complete the connection establishment process.
In one embodiment, the sending the configuration information to the client to complete the connection establishment procedure may specifically include: after receiving the CHLO message (initial packet), the target edge device replies Rejection (REJ) message, wherein the message contains configuration information of the target edge device, and the configuration information comprises a corresponding domain name certificate; the client receives REJ information, extracts and stores configuration information, sends full client hello information to the target edge equipment, and starts formal handshake, wherein the information comprises the disclosure number selected by the client; at this time, the client can calculate an initial key according to the acquired configuration information and the disclosure number selected by the client; the target edge device receives full client hello information, if the target edge device agrees to connect, an initial key is calculated according to the disclosure number of the client, a Server Hello (SHLO) information is replied, the SHLO information is encrypted by the initial key, and the SHLO information comprises a temporary disclosure number selected by the target edge device; the client receives the reply of the target edge device, if the reply is SHLO message, the client tries to decrypt by using the initial key and extracts the temporary public number; the client and the target edge device respectively derive a session key based on an SHA-256 algorithm according to the temporary disclosure number and the initial key; the two parties exchange to use the session key for communication, the initial key is useless at the moment, and the QUIC handshake process is finished. The specific handshake process can also be other modes after partial improvement, and the process is not repeated in the application.
Therefore, the certificate to be loaded is loaded before the handshake request of the client is received, and the corresponding domain name certificate is directly returned after the handshake request of the client is received, so that the connection establishment process is completed, and the time required by handshake is greatly reduced.
The embodiment of the present application provides another quit handshake method, which is similar to the quit handshake method described above, and is different in that, as shown in fig. 3, before the client sends a handshake request to the target edge device based on the quit protocol in S102, the method further includes:
s111, the target edge device detects whether a domain name certificate in a local storage area is in a valid state;
and S112, if not, the target edge equipment sends a certificate loading request to the certificate center, and replaces the domain name certificate in the invalid state with the new domain name certificate received from the certificate center.
Therefore, the dead domain name certificate is replaced before the handshake begins, so that the required domain name certificate is directly loaded in the handshake process, and the handshake time is shortened.
In one embodiment, steps S111-S112 may be performed when the service program is started up when a faulty device is replaced or a new edge device is used; it is also possible to set a certain time interval in each of which steps S111-S112 are performed.
Wherein, a certificate list can be set in the target edge device, the domain name certificate in the local storage area is recorded in the certificate list, and whether the domain name certificate is in a valid state or not is detected through the certificate list.
The local storage area may include a disk storage area and a memory storage area, where files stored in the disk storage area need to consume I/O performance to perform reading and writing, and files stored in the memory storage area may be directly read.
In one embodiment, the target edge device sends a certificate loading request to the certificate authority, and the request may be made by way of a python script, or by using an interface of the QUICER software, or by using other methods. In the present application, the specific request mode is not limited.
In one embodiment, if multiple domain name certificates in failure state are detected at the same time, the loading request of each domain name certificate may be sent successively, or the loading request of multiple domain name certificates may be sent at the same time, for example, an array composed of identifiers of many domain names is sent as the loading request.
In one embodiment, as shown in fig. 4, before the step S102, the step of receiving the handshake request sent by the client based on the qic protocol further includes:
S121, the target edge equipment receives a new domain name certificate sent by the certificate center;
s122, the target edge device replaces the domain name certificate in the state to be updated with the new domain name certificate.
The new domain name certificate sent by the certificate center can be at least one of a domain name certificate of a newly added domain name, a domain name certificate needing to be updated and a domain name certificate needing to be deleted.
The steps S121 to S122 may be independent of the steps S111 to S112, or may be steps after the steps S111 to S112.
In one embodiment, the certificate authority determines a domain name certificate to be updated and sends the domain name certificate to the target edge device; thus, the target edge device can complete the maintenance of the validity of the domain name certificate only by receiving the new domain name certificate for replacement.
In one embodiment, as shown in fig. 5, the method further comprises:
s105, the target edge device detects whether the access frequency of the domain name certificate reaches a preset value;
and S106, if so, the target edge device loads the domain name certificate into the shared memory.
The shared memory of the target edge device is a memory space in which all processes in the target edge device can read or write; the target edge device is provided with a plurality of processes for processing a plurality of requests, the domain name certificate is stored in the memory space of a certain process, and the domain name certificates of the memory spaces of other processes cannot be read or read and written between different processes; by setting the shared memory and storing the domain name certificate, the domain name certificate can be directly loaded when needed, and the duration of the handshake process is greatly shortened.
In one embodiment, the maximum space of the shared memory is limited, and domain name certificates with access frequency reaching a preset value can be always loaded when the shared memory is idle.
For convenience of description and understanding, a domain name certificate with access frequency reaching a preset value is defined as a hot certificate, and a domain name corresponding to the hot certificate is a hot domain name. Thus, the hot domain names and the hot certificates are in one-to-one correspondence, and each hot domain name has a corresponding hot certificate.
In one embodiment, when the judgment of the thermal certificate is performed, whether the access frequency of the domain name certificate reaches a preset value, specifically, whether the access frequency (the number of requests in a unit time) reaches a preset value of the number of times or not in a certain time, whether the access frequency (the number of requests in a unit time) reaches a preset value of the frequency or not, and whether the access frequency is the thermal certificate or not may also be judged by the service type, for example, whether the large client VIP defaults to be a thermal domain name; the judgment of the hot certificate/hot domain name can be one or more of the judgment modes.
The client performs a handshake process to the target edge device, that is, an access number or a request number of the corresponding domain name.
The domain name certificate is judged to be a thermal certificate through the access times or the access frequency in a certain time, the thermal certificate has timeliness, and the thermal certificate is restored to be a common domain name certificate after exceeding the timeliness; when the service type is judged to be the hot certificate, the time efficiency is associated with the service type, for example, the domain name of the VIP client is the hot domain name.
For the specific setting of timeliness, a specific judging strategy and corresponding time length can be set, and under the condition that the time length is exceeded and the judging strategy is not met, the hot certificate is restored to be a common domain name certificate; other setting strategies are also possible, as are not limiting in the present application.
The hot certificate is loaded into the shared memory, and the hot certificate can be loaded into the common handshake process in a plurality of processes in time when needed by utilizing the advantage of extremely high access speed of the memory and the characteristic that a plurality of processes in the target edge device can be shared, so that the handshake speed of the handshake process is greatly increased.
In the actual use process, the thermal certificate/thermal domain name can be counted and judged according to real-time real requests, and can also be detected and judged periodically.
It should be noted that, the hot certificate is stored in the shared memory in a preloaded manner, so as to achieve local persistence, the hot certificate is cleaned from the memory when the shared memory cache expires, and the local persistence and the cache in the shared memory are cleaned when the hot certificate is restored to the common domain name certificate.
In one embodiment, as shown in fig. 6, after receiving the handshake request sent by the client based on the qic protocol, the step S102 includes:
S131, the target edge device detects whether the handshake request contains QUIC version information and connection ID, and determines whether the handshake request can be multiplexed;
in one embodiment, the initial package contains version information (typically a default version, a generic version, a version that is predetermined based on history version, generic version, specific conventions, etc., e.g., Q039, Q043, Q44, Q046, Q047, etc.); if the target edge device can support the version of the client, the target edge device will use this protocol version for the entire lifecycle of the connection; if the target edge device does not support the version, the target edge device responds to the version negotiation packet (Version Negotiation packet) with the version set it supports, which increases the delay overhead of 1-RTT (Round-Trip Time).
Examples are as follows: one multiplexing process is:
one multiplexing procedure involving Retry packets (Retry) is:
as can be seen from the above two multiplexing processes, the Initial packet (Initial) contains a connection ID, where dcid= Destination Connection ID is a destination ID, scid= Source Connection ID is a requester ID, and for a Client (Client), the destination is a Server (Server) (which may be used to represent a destination edge device in the present application), the requester is a Client, and for a Server, the destination is a Server, and the requester is a Client.
After receiving the initial packet of the client, the server analyzes whether the target ID of the initial packet is available, returns the initial packet containing the random ID (S3) if the target ID is available, and returns a retry packet containing the available random ID (S2) if the target ID is not available; the client receives the initial packet, then establishes connection with the server directly, and then communicates with the server through the returned target ID; if a retry packet is received, the returned random ID (S2) is retransmitted to the original packet.
The server is UDP, which has no long connection concept, so S3 is reassigned as the target ID of the client.
S132, if multiplexing is possible, the target edge device directly completes a connection establishment process with the client;
S103-S104, if multiplexing is not possible, the target edge device acquires configuration information and sends the configuration information to the client to complete the connection establishment process.
In this way, the handshake can be directly completed under the condition that the handshake request can be multiplexed, so that the connection can be completed at 0rtt, and the time for establishing the connection is greatly reduced.
In one embodiment, as shown in fig. 7, the S101/S121, receiving a domain name certificate sent by a certificate center, includes:
s141, the target edge device sends a certificate loading request to the certificate center, wherein identification information is recorded in the certificate loading request and is used for identifying the processing priority of the certificate loading request in the certificate center;
The specific form of the identification information may be selected according to the actual situation, which is not limited in the present application.
Illustrating: setting the processing priority to be a weight value of 1-25, wherein the higher the weight value is, the higher the priority is; if the certificate loading request is: http (s)// httpscan. Api. Com/ddn = www.test.com & type=1; then, type=1 is the identification information, which represents that the weight value of the load request is 1.
And S142, the target edge equipment receives the domain name certificate returned by the certificate center.
In this way, the high priority of the certificate loading request is determined through the identification information, so that the aim of quick loading and replacement is fulfilled.
It should be noted that, in steps S141 to S142, the specific scheme of step S101 may be the specific scheme of step S121.
The normal certificate center issues the domain name certificate in a whole network, and at least half an hour is needed from the beginning of issuing to the full effectiveness, and the loading or issuing time of the domain name certificate can be greatly shortened by setting high priority to issue the fast channel.
In one embodiment, the identification information may be a predetermined identification, and the certificate authority preferentially processes the request information having the predetermined identification.
In another embodiment, an interface of a fast channel is preset, and a certificate loading request is transmitted to a certificate center through the fast channel, so that the purpose of fast loading is achieved.
In the application, the QUIC connection is established, version negotiation and transmission layer handshake are combined to be completed, so as to reduce the waiting time for establishing connection; by actively loading the certificate, the time consumption for loading the certificate before handshake is reduced, and the labor cost is reduced by automatic arrangement of the certificate; realizing the hot loading of the certificate and quickly replacing the valid certificate; by detecting the use frequency of the certificate in a period of time, some high-frequency certificates are loaded into the shared memory as hot certificates, so that repeated I/O reading and writing are avoided, and resources are wasted.
The present embodiment provides another quit handshake method, which is similar to the quit handshake method described above, except that, as shown in fig. 8, the quit handshake method in the present embodiment is applied to a target edge device, and includes:
s201, receiving a domain name certificate sent by a certificate center, wherein the domain name certificate is a domain name certificate which is preconfigured and indicates to be loaded for the target edge equipment;
s202, receiving a handshake request sent by a client based on a QUIC protocol;
S203, acquiring configuration information, wherein the configuration information comprises domain name certificates and other server parameters required by the connection establishment process with the client;
s204, the configuration information is sent to the client to complete the connection establishment process.
In one embodiment, as shown in fig. 9, before the step S202, the step of receiving the handshake request sent by the client based on the qic protocol further includes:
s211, detecting whether a domain name certificate in a local storage area is in a valid state;
s212, if not, sending a certificate loading request to the certificate center, and replacing the domain name certificate in the invalid state with the new domain name certificate received from the certificate center.
In one embodiment, as shown in fig. 10, before the step S202, the step of receiving the handshake request sent by the client based on the qic protocol further includes:
s221, receiving a new domain name certificate sent by the certificate center;
s222, replacing the domain name certificate in the state to be updated with the new domain name certificate.
In one embodiment, as shown in fig. 11, the method further comprises:
s205, detecting whether the access frequency of the domain name certificate reaches a preset value;
S206, if yes, loading the domain name certificate into a shared memory.
In one embodiment, as shown in fig. 12, the step S202, after receiving the handshake request sent by the client based on the qic protocol, includes:
s231, detecting whether the handshake request contains QUIC version information and connection ID, and determining whether the handshake request can be multiplexed;
s232, if multiplexing is possible, directly completing a connection establishment process with the client;
S203-S204, if multiplexing is not possible, acquiring configuration information, and sending the configuration information to the client to complete a connection establishment process.
In one embodiment, as shown in fig. 13, the S201/S221, receiving a domain name certificate sent by a certificate center, includes:
s241, sending a certificate loading request to the certificate center, wherein identification information is recorded in the certificate loading request and is used for identifying the processing priority of the certificate loading request in the certificate center;
s242, receiving domain name certificates returned by the certificate center.
The specific technical scheme and steps S201 to S242 in this embodiment, which are the same as those of the QUIC handshake method and steps S101 to S142 provided in the embodiments of the present application, have the same beneficial effects as those of the method adopted, operated or implemented by the application program stored therein, because of the same inventive concept.
The present application provides a QUIC handshake device for executing the QUIC handshake method described in the foregoing, and the QUIC handshake device is described in detail below.
As shown in fig. 14, the quench handshake apparatus, applied to a target edge device, includes:
a first receiving module 201, configured to receive a domain name certificate sent by a certificate center, where the domain name certificate is a domain name certificate that is preconfigured by the target edge device and indicates to be loaded;
a second receiving module 202, configured to receive a handshake request sent by the client based on the qic protocol;
a handshake module 203, configured to obtain configuration information, where the configuration information includes a domain name certificate and other server parameters required for completing a connection establishment process with the client;
a first sending module 204, configured to send the configuration information to the client to complete a connection establishment procedure.
In one embodiment, as shown in fig. 15, the quitc handshake apparatus further comprises a certificate update module 205 for: detecting whether a domain name certificate in a local storage area is in a valid state; if not, sending a certificate loading request to the certificate center, and replacing the domain name certificate in the invalid state with the new domain name certificate received from the certificate center.
In one embodiment, the credential update module 205 is further configured to: receiving a new domain name certificate sent by the certificate center; and replacing the domain name certificate in the state to be updated with the new domain name certificate.
In one embodiment, the QUIC handshake device further comprises a certificate sharing module 206 for: detecting whether the access frequency of the domain name certificate reaches a preset value; if yes, the domain name certificate is loaded to a shared memory.
In one embodiment, the QUIC handshake device further comprises a connection multiplexing module 207 for: detecting whether the handshake request contains QUIC version information and connection ID, and determining whether the handshake request can be multiplexed; if multiplexing is possible, directly completing a connection establishment process with the client; if the multiplexing is not possible, acquiring configuration information, and sending the configuration information to the client to complete the connection establishment process.
In one embodiment, the first receiving module 201 is further configured to: sending a certificate loading request to the certificate center, wherein identification information is recorded in the certificate loading request and is used for identifying the processing priority of the certificate loading request in the certificate center; and receiving a domain name certificate returned by the certificate center.
The quitc handshake device provided by the above embodiment of the present application and the quitc handshake method provided by the embodiment of the present application have the same advantageous effects as the method adopted, operated or implemented by the application program stored therein, because of the same inventive concept.
An embodiment of the present application provides an electronic device, as shown in fig. 16, comprising a computer readable storage medium 401 storing a computer program and a processor 402, the computer program implementing a method as described above when being read and executed by the processor.
The electronic device provided by the above embodiment of the present application and the quitc handshake method provided by the embodiment of the present application have the same beneficial effects as the method adopted, operated or implemented by the application program stored therein, because of the same inventive concept.
Embodiments of the present application provide a computer readable storage medium storing a computer program which, when read and executed by a processor, implements a method as described above.
The technical solution of the embodiment of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be an air conditioner, a refrigeration apparatus, a personal computer, a server, or a network device, etc.) or processor to perform all or part of the steps of the method of the embodiment of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
The computer readable storage medium provided by the above embodiment of the present application has the same advantages as the method adopted, operated or implemented by the application program stored in the computer readable storage medium, for the same inventive concept as the quitc handshake method provided by the embodiment of the present application.
Embodiments of the present application provide a computer program product comprising a computer program for execution by a processor to perform a method as described above.
The computer program product provided by the above-mentioned embodiment of the present application has the same advantageous effects as the method adopted, operated or implemented by the application program stored therein, because of the same inventive concept as the QUIC handshake method provided by the embodiment of the present application.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiments of the present application are described in a related manner, and the same similar parts between the embodiments are all mutually referred, and each embodiment is mainly described in the differences from the other embodiments. In particular, with respect to the QUIC handshake method, system, apparatus, electronic device, machine readable storage medium embodiments, since they are substantially similar to the front end described QUIC handshake method embodiments, the description is relatively simple, and the relevant points are found in the section of the front end described QUIC handshake method embodiments.
Although the present application is disclosed above, the present application is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the application, and the scope of the application should be assessed accordingly to that of the appended claims.

Claims (10)

1. A QUIC handshake method, applied to a target edge device, comprising:
receiving a domain name certificate sent by a certificate center, wherein the domain name certificate is a domain name certificate which is preconfigured and indicated to be loaded for the target edge equipment;
receiving a handshake request sent by a client based on a QUIC protocol;
acquiring configuration information, wherein the configuration information comprises domain name certificates and other server parameters required by completing a connection establishment process with the client;
And sending the configuration information to the client to complete a connection establishment process.
2. The method according to claim 1, characterized in that before said receiving a handshake request sent by a client based on the QUIC protocol, it further comprises:
detecting whether a domain name certificate in a local storage area is in a valid state;
if not, sending a certificate loading request to the certificate center, and replacing the domain name certificate in the invalid state with the new domain name certificate received from the certificate center.
3. The method according to claim 1, characterized in that before said receiving a handshake request sent by a client based on the QUIC protocol, it further comprises:
receiving a new domain name certificate sent by the certificate center;
and replacing the domain name certificate in the state to be updated with the new domain name certificate.
4. The method according to claim 1, wherein the method further comprises:
detecting whether the access frequency of the domain name certificate reaches a preset value;
if yes, the domain name certificate is loaded to a shared memory.
5. Method according to claim 1, characterized in that said receiving a handshake request sent by a client based on the QUIC protocol is followed by:
Detecting whether the handshake request contains QUIC version information and connection ID, and determining whether the handshake request can be multiplexed;
if multiplexing is possible, directly completing a connection establishment process with the client;
if the multiplexing is not possible, acquiring configuration information, and sending the configuration information to the client to complete the connection establishment process.
6. The method of claim 1, wherein receiving the domain name certificate sent by the certificate authority comprises:
sending a certificate loading request to the certificate center, wherein identification information is recorded in the certificate loading request and is used for identifying the processing priority of the certificate loading request in the certificate center;
and receiving a domain name certificate returned by the certificate center.
7. A QUIC handshake apparatus, for application to a target edge device, comprising:
the first receiving module is used for receiving a domain name certificate sent by a certificate center, and the domain name certificate is a domain name certificate which is preconfigured and indicates to be loaded for the target edge equipment;
the second receiving module is used for receiving a handshake request sent by the client based on the QUIC protocol;
the handshake module is used for acquiring configuration information, wherein the configuration information comprises domain name certificates and other server parameters required by completing a connection establishment process with the client;
And the first sending module is used for sending the configuration information to the client to complete the connection establishment process.
8. An electronic device comprising a computer readable storage medium storing a computer program and a processor, the computer program implementing the method of any of claims 1-6 when read and executed by the processor.
9. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when read and run by a processor, implements the method according to any of claims 1-6.
10. Computer program product comprising a computer program, characterized in that it is executed by a processor to perform the operations of implementing the QUIC handshake method according to any of claims 1-6.
CN202210271165.7A 2022-03-18 2022-03-18 QUIC handshake method and device, electronic equipment and storage medium Pending CN116800810A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210271165.7A CN116800810A (en) 2022-03-18 2022-03-18 QUIC handshake method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210271165.7A CN116800810A (en) 2022-03-18 2022-03-18 QUIC handshake method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116800810A true CN116800810A (en) 2023-09-22

Family

ID=88042496

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210271165.7A Pending CN116800810A (en) 2022-03-18 2022-03-18 QUIC handshake method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116800810A (en)

Similar Documents

Publication Publication Date Title
US9438601B2 (en) Operating group resources in sub-groups and nested groups
US9985927B2 (en) Managing content delivery network service providers by a content broker
US8989706B2 (en) Automated secure pairing for wireless devices
US8583776B2 (en) Managing content delivery network service providers
US10419531B2 (en) Method for setting gateway device identity, and management gateway device
US20140257891A1 (en) Request routing utilizing cost information
US20100146272A1 (en) Method of controlling information requests
US20080104170A1 (en) Collaborative Networks for Parallel Downloads of Content
KR20160019361A (en) Probabilistic Lazy-Forwarding Technique Without Validation In A Content Centric Network
US20190182270A1 (en) System and method for inquiring ioc information by p2p protocol
Mershad et al. SSUM: smart server update mechanism for maintaining cache consistency in mobile environments
Park et al. Smart base station-assisted partial-flow device-to-device offloading system for video streaming services
JP4340733B2 (en) Load balancing system, method, and program
Artail et al. A framework of mobile cloudlet centers based on the use of mobile devices as cloudlets
JP4801169B2 (en) Distributed service site registration method and registration system
CN116800810A (en) QUIC handshake method and device, electronic equipment and storage medium
Bhargavi et al. A trust based secure routing scheme for MANETS
JP4784617B2 (en) Distributed management system, client terminal, distributed management method, and distributed management program
US11689611B2 (en) Network optimization system using server latency measurements
CN116938946A (en) Method for responding to acquisition request, electronic device, electronic equipment and medium
CN114268631B (en) Low-delay network system, communication connection method thereof and readable storage medium
JP5545127B2 (en) Message exchange system, message exchange method, and message exchange program
KR20180110456A (en) Interworking System for Linking oneM2M-based Service
Kimmatkar et al. Applications sharing using binding server for distributed environment
CN117793112A (en) Access processing method and service platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination