CN116828034A - SDWAN configuration synchronization method and system based on blockchain - Google Patents

SDWAN configuration synchronization method and system based on blockchain Download PDF

Info

Publication number
CN116828034A
CN116828034A CN202310786919.7A CN202310786919A CN116828034A CN 116828034 A CN116828034 A CN 116828034A CN 202310786919 A CN202310786919 A CN 202310786919A CN 116828034 A CN116828034 A CN 116828034A
Authority
CN
China
Prior art keywords
configuration file
check code
cpe
configuration
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202310786919.7A
Other languages
Chinese (zh)
Inventor
李雪莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202310786919.7A priority Critical patent/CN116828034A/en
Publication of CN116828034A publication Critical patent/CN116828034A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/303Terminal profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

The application provides a SDWAN configuration synchronization method and system based on a block chain, which relate to the technical field of network synchronization and comprise the following steps: the controller obtains a first configuration file of a Customer Premise Equipment (CPE); acquiring a first check code of a first configuration file from a block chain network; checking the first configuration file through a first check code; if the verification is passed, modifying the first configuration file to obtain a second configuration file and sending the second configuration file; generating a second check code of the second configuration file and uploading the second check code to the blockchain network; the CPE acquires a second check code from the blockchain network; checking the received second configuration file by using a second check code; and if the verification is passed, carrying out local configuration updating by using the second configuration file. According to the application, the original configuration file and the two verification codes of the modified configuration file are recorded through the blockchain, and the two transmitted configuration files are respectively verified by utilizing the two verification codes, so that the integrity of the two configuration files is ensured, and the safety is improved.

Description

SDWAN configuration synchronization method and system based on blockchain
Technical Field
The application relates to the technical field of blockchains, in particular to a synchronous method and system for SDWAN configuration based on blockchains.
Background
The zero configuration on-line function of the SDWAN allows a network administrator to create the SDWAN node configurations and policies through the SDWAN controller once and then push them to all network devices in their WAN assets. The SDWAN functionality does not require engineers to use standard command line interfaces to configure multiple network devices at different locations. This functionality not only allows for rapid deployment of network devices, but also allows for the most efficient use of dedicated IT resources to reduce cost and improve efficiency. Wherein accurate synchronization of configuration information is critical.
At present, in the configuration synchronization process of the SDWAN, when facing some hacking attacks (such as man-in-the-middle attacks), configuration information is possibly tampered, so that the data integrity problem is caused, and potential safety hazards exist in the configuration synchronization process.
Disclosure of Invention
In view of the above, the present application provides a method and a system for synchronizing SDWAN configuration based on blockchain, so as to solve the technical problem that configuration information existing in the process of synchronizing configuration between an SDWAN controller and a CPE is possibly tampered.
In a first aspect, an embodiment of the present application provides a blockchain-based SDWAN configuration synchronization method, which is applied to a software-defined wide area network SDWAN, where a controller and a plurality of customer premise equipments CPE are disposed in the SDWAN, and the method includes:
the controller obtains a first configuration file of a Customer Premise Equipment (CPE);
the controller obtains a first check code of a first configuration file of the CPE from a blockchain network; checking a first configuration file of the CPE through a first check code;
if the verification is passed, the controller modifies the first configuration file to obtain a second configuration file and sends the second configuration file; generating a second check code of a second configuration file and uploading the second check code to the blockchain network;
the CPE receives a second configuration file;
the CPE acquires a second check code from a blockchain network; checking the second configuration file by using the second check code;
and if the verification is passed, the CPE performs local configuration update by using the second configuration file.
In one possible implementation, the method further includes: and linking the controller and the CPE through a block chain to form a block chain network.
In one possible implementation, the blockchain network is an external network accessible to both the controller and the plurality of customer premise equipments CPE
In one possible implementation, before the controller obtains the first configuration file of the CPE, the method further includes:
the controller sends a configuration synchronization command to a customer premise equipment CPE;
after receiving a configuration synchronization command issued by a controller, the CPE checks a first configuration file to generate a first check code;
the CPE uploads a first check code of a first configuration file to a blockchain network;
the user terminal equipment CPE sends the first configuration file to the controller.
In one possible implementation, the verifying, by the controller, the first configuration file of the CPE using the first check code includes:
the controller checks the first configuration file to generate a first auxiliary check code;
the controller compares the first check code with the first auxiliary check code, and if the first check code and the first auxiliary check code are the same, the check is passed.
In one possible implementation, the verifying, by the CPE, the second configuration file using a second verification code includes:
the CPE checks the second configuration file to generate a second auxiliary check code;
and the CPE compares the second check code with the second auxiliary check code, and if the second check code and the second auxiliary check code are the same, the check is passed.
In one possible implementation, the verification employs an MD5 algorithm; the first check code is a first MD5 value of the first configuration file; the second check code is a second MD5 value of the second configuration file.
In one possible implementation, the method further includes:
the CPE encrypts the first configuration file and sends the encrypted first configuration file to the controller;
and the controller decrypts the received encrypted first configuration file to obtain the first configuration file.
In one possible implementation, the method further includes:
the controller encrypts the second configuration file and sends the encrypted second configuration file to the CPE;
and the CPE decrypts the received encrypted second configuration file to obtain the second configuration file.
In a second aspect, an embodiment of the present application provides a blockchain-based SDWAN configuration synchronization system, including: a controller and a plurality of customer premise equipments CPEs;
the controller is configured to: acquiring a first configuration file of a Customer Premise Equipment (CPE); acquiring a first check code of a first configuration file of user terminal equipment (CPE) from a blockchain network; checking a first configuration file of the CPE by using a first check code, and modifying the first configuration file after the first configuration file passes the check to obtain a second configuration file; transmitting the second configuration file to a customer premise equipment CPE; generating a second check code of a second configuration file and uploading the second check code to the blockchain network;
the customer premise equipment CPE is configured to: receiving a second configuration file and acquiring a second check code from the blockchain network; and checking the second configuration file by using the second check code, and performing configuration updating by using the second configuration file after the second check code passes the check.
According to the application, the original configuration file and the two verification codes of the modified configuration file are recorded through the blockchain, and the two transmitted configuration files are respectively verified by utilizing the two verification codes, so that the integrity of the two configuration files is ensured, and the safety is improved.
Drawings
FIG. 1 is a timing diagram of a block chain based SDWAN configuration synchronization method according to an embodiment of the present application;
FIG. 2 is a flow chart of a blockchain-based SDWAN configuration synchronization method according to an embodiment of the present application;
FIG. 3 is a flow chart of a synchronous method of SDWAN configuration based on block chain according to another embodiment of the present application;
FIG. 4 is a block chain based SDWAN configuration synchronization system according to an embodiment of the present application;
fig. 5 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Various aspects and features of the present application are described herein with reference to the accompanying drawings.
It should be understood that various modifications may be made to the embodiments of the application herein. Therefore, the above description should not be taken as limiting, but merely as exemplification of the embodiments. Other modifications within the scope and spirit of the application will occur to persons of ordinary skill in the art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and, together with a general description of the application given above, and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the application will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It is also to be understood that, although the application has been described with reference to some specific examples, those skilled in the art can certainly realize many other equivalent forms of the application.
The above and other aspects, features and advantages of the present application will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application in unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.
First, technical terms related to the embodiment of the present application will be briefly described.
SDWAN (software defined wide area network): is a service formed by applying SDN technology to a wide area network scenario. Such services are used to connect enterprise networks, data centers, internet applications, and cloud services over a wide geographic range, and are intended to help users reduce the expense of wide area networks and increase the flexibility of network connections. It can replace traditional wide area network circuit (MPLS-VPN, IPSEC-VPN, etc.) with a new technology; the technology solves the problems of unstable traditional Internet lines and expensive special line cost, and can also meet the instantaneity and instantaneity of future lines for application.
Blockchain: in a narrow sense, a distributed ledger is a chained data structure in which blocks of data are combined in a sequential manner in time order, and secured cryptographically, non-tamperable and non-counterfeitable. Broadly speaking, the method is a brand new distributed infrastructure and computing mode which uses a block chain type data structure to verify and store data, uses a distributed node consensus algorithm to generate and update data, uses a cryptography mode to ensure the safety of data transmission and access and uses an intelligent contract consisting of an automatic script code to program and operate the data. Information changes that occur on various nodes of the blockchain are non-tamper-evident and traceable.
Public chain: is a blockchain that anyone can join and participate in, is not controlled by any single central authority, and is completely transparent. A typical case is a bitcoin system.
Alliance chain: it is commonly applied to construction between organizations of known identity, such as payment settlement between banks, logistics supply chain management between enterprises, data sharing between government departments. Therefore, the alliance chain system generally needs strict identity authentication and authority management, and the number of nodes is determined in a certain period of time, so that the alliance chain system is suitable for processing items which need to be agreed between organizations.
Private chain: is a characteristic alliance chain, and only one member in the alliance; has the characteristics of no external opening and use only inside tissues. The private blockchain may run behind a corporate firewall and may even be hosted locally. In a private chain environment, the number of participants and node status are typically deterministic, controllable, and the number of nodes is much smaller than for a public chain.
Transaction: when a node of the blockchain listens to transactions, each transaction is validated and valid transactions are deposited in a transaction pool; the pool will be ready for transactions into blocks to be ordered and returned one, blocks in the ready queue will typically be used to construct blocks; transactions in the ready queue may be broadcast throughout the network. The exact order is used to represent waiting blocks because transactions in front of the queue have higher priority and are more likely to be executed in the next block; the newly constructed blocks are distributed in the whole network, all other nodes in the network can receive and execute the blocks, and all the blocks are connected into a transaction data account book.
After technical terms related to the present application are introduced, the design idea of the embodiment of the present application is briefly described below.
Currently, in the configuration synchronization process of the SDWAN, when facing some hacking attacks (such as man-in-the-middle attacks), there is a risk that the configuration information is tampered, and the security and the integrity are poor.
In order to solve the technical problems, the blockchain-based network has the characteristics of transparency, reliability, information random tampering prevention by hackers, privacy security assurance and high reliability. The application provides a SDWAN configuration synchronization method based on a block chain, as shown in figure 1, comprising the following steps: the SDWAN-controller sends a configuration synchronization command to the SDWAN-CPE; the SDWAN-CPE checks the current configuration file to generate a check code 1; transmitting the check code 1 to a blockchain network; sending the encrypted current configuration file to an SDWAN-controller; the SDWAN-controller decrypts the configuration file, performs verification and generates a verification code 2; acquiring a check code 1 from a block chain network, comparing the check code 1 with the check code 2, if the check codes are the same, modifying the configuration file, and checking the modified configuration file to generate a check code 3; transmitting a check code 3 to the blockchain network; sending the encrypted modified configuration file to the SDWAN-CPE; the SDWAN-CPE decrypts the modified configuration file and verifies the configuration file to generate a verification code 4; acquiring a check code 3 from a blockchain network; and comparing the check code 3 with the check code 4, and if the check codes are the same, finishing updating the configuration.
The method stores the check codes of the original configuration file and the check codes of the modified configuration file in the blockchain network, and ensures that the two check codes are not tampered by utilizing the non-modifiable characteristic of the blockchain network, thereby ensuring the authenticity of the check results of the original configuration file and the modified configuration file after transmission, and further ensuring the safety of configuration synchronization between the SDWAN-controller and the SDWAN-CPE.
After the application scenario and the design idea of the embodiment of the present application are introduced, the technical solution provided by the embodiment of the present application is described below.
As shown in fig. 2, an embodiment of the present application provides a block chain based SDWAN configuration synchronization method, which is applied to a software defined wide area network SDWAN, wherein a controller and a plurality of customer premise equipments CPE are disposed in the SDWAN, and the method includes the following steps:
step 101: the controller obtains a first configuration file of a Customer Premise Equipment (CPE);
step 102: the controller obtains a first check code of a first configuration file of the CPE from a blockchain network; checking a first configuration file of the CPE through a first check code;
step 103: if the verification is passed, the controller modifies the first configuration file to obtain a second configuration file and sends the second configuration file; generating a second check code of a second configuration file and uploading the second check code to the blockchain network;
step 104: the CPE receives a second configuration file;
step 105: the CPE acquires a second check code from a blockchain network; checking the second configuration file by using the second check code;
step 106: and if the verification is passed, the CPE performs local configuration update by using the second configuration file.
In this embodiment, there are two types of blockchain networks:
first type: a blockchain network formed by linking a controller and a plurality of customer premise equipments CPEs through blockchains. The advantages are that: without resorting to an external blockchain network; the disadvantages are: the need to link the controller and the plurality of user terminal devices CP through a blockchain adds additional operations.
Second type: the external private blockchain network, the controller and the plurality of customer premise equipment CPEs are accessible. The advantages are that: only the SDWAN controller and the user terminal equipment CPE are required to be configured and can access the private blockchain network, and the operation is simple; the disadvantages are: an available external private blockchain network needs to be negotiated.
In practical application, which type of blockchain network is specifically selected can be determined according to practical situations.
As an optional implementation manner, before the controller obtains the first configuration file of the CPE, the method further includes:
step S1: the controller sends a configuration synchronization command to a customer premise equipment CPE;
wherein the controller may send configuration synchronization commands to one or more user terminal equipments CPE simultaneously.
Step S2: after receiving a configuration synchronization command issued by a controller, the CPE checks a first configuration file to generate a first check code;
step S3: the CPE uploads a first check code of a first configuration file to a blockchain network;
when the blockchain network is an external private chain, and the user terminal equipment CPE accesses the blockchain network, the user terminal equipment CPE becomes a node of the private chain and can perform writing operation on the transaction pool.
Specifically, the CPE writes the first check code into a transaction pool of the blockchain, the selected packing node packs the transaction into blocks, and issues the blocks in the blockchain, and all the blocks form a transaction data ledger.
Step S4: the user terminal equipment CPE sends the first configuration file to the controller.
For the controller in step 102, the first check code of the first configuration file of the CPE of the user terminal device is obtained from the blockchain network, and when the blockchain network is an external private chain, the controller becomes a node of the private chain when the controller accesses the blockchain network, and can obtain the first check code from the transaction data ledger.
As an alternative embodiment, the controller uses a first check code to check a first configuration file of the CPE, including:
the controller checks the first configuration file to generate a first auxiliary check code;
and the controller compares the first check code with the first auxiliary check code, if the first check code and the first auxiliary check code are the same, checking the first auxiliary check code to pass, otherwise, checking the first auxiliary check code and the second auxiliary check code to pass, and feeding back a result of failed checking to the CPE.
The reason why the verification is not passed is that: the first configuration file received by the controller and the first configuration file sent by the CPE are not the same file, which means that the first configuration file may have its contents tampered during the transmission process, i.e. an integrity problem occurs.
After the CPE receives the result of the failed verification, the CPE needs to send the first configuration file to the controller again, and the controller performs the verification again.
Uploading a second check code of a second profile to the blockchain network for the controller in step 103; when the blockchain network is an external private chain, the controller becomes a node of the private chain when the controller accesses the blockchain network, and can perform a write operation on the transaction pool.
Specifically, the controller writes the second check code into the transaction pool of the blockchain, the selected packing node packs the transaction into blocks, the blocks are issued in the blockchain, and the blocks are added into the transaction data account book.
In this embodiment, the configuration file includes a plurality of independent configuration commands; two modes of synchronization according to configuration: full synchronization and incremental synchronization; two types of second profiles may be generated:
the first type is a full-synchronization profile, which includes all configuration commands: unmodified configuration commands and modified configuration commands.
The second type is an incrementally synchronized configuration file, which includes only modified configuration commands.
As an alternative embodiment, the verifying, by the CPE, the second profile by using a second verification code includes:
the CPE checks the second configuration file to generate a second auxiliary check code;
the CPE compares the second check code with the second auxiliary check code, and if the second check code and the second auxiliary check code are the same, the check is passed; otherwise, checking is not passed; and feeding back the result of the failed verification to the controller.
The reason why the verification is not passed is that: the second configuration file received by the CPE and the second configuration file sent by the controller are not the same file, which means that the second configuration file may have its contents tampered during the transmission process, i.e. an integrity problem occurs.
And after the controller receives the result of failed verification, the second configuration file needs to be sent to the user terminal equipment CPE again, and the user terminal equipment CPE performs verification again.
For the ue CPE in step 105, the second check code is obtained from the blockchain network, and when the blockchain network is an external private chain, the ue CPE becomes a node of the private chain when accessing the blockchain network, and can obtain the second check code from the transaction data ledger.
Preferably, the verification adopts an MD5 algorithm; the first check code is a first MD5 value of the first configuration file; the second check code is a second MD5 value of the second configuration file.
To further improve security, the method further comprises:
the CPE encrypts the first configuration file and sends the encrypted first configuration file to the controller; the controller decrypts the received encrypted first configuration file to obtain the first configuration file;
the controller encrypts the second configuration file and sends the encrypted second configuration file to the CPE; and the CPE decrypts the received encrypted second configuration file to obtain the second configuration file.
In the above embodiment, the modification of the configuration file is implemented by the controller, and then synchronized to the CPE; the configuration modification is directly implemented on the CPE, and after the modification, the CPE needs to synchronize the modified configuration information to the controller.
As shown in fig. 3, an embodiment of the present application provides a block chain based SDWAN configuration synchronization method, which includes the following steps:
step 201: the CPE generates a current configuration file;
specifically, when the user changes the service configuration of the CPE, the user may perform a modification operation through the interactive interface, and the back end modifies the corresponding configuration file according to the content input by the user, and generates the latest configuration file after the modification is completed.
Step 202: the CPE checks the current configuration file to generate a check code; uploading the check code to a blockchain network;
step 203: the CPE sends the current configuration file to a controller;
step 204: the controller receives a configuration file of the CPE;
step 205: the controller acquires a check code of a configuration file of the CPE from a blockchain network; checking the received configuration file through a check code;
step 206: and if the verification is passed, the controller stores the configuration file of the CPE.
As an alternative embodiment, verifying the received configuration file by the verification code includes:
the controller checks the configuration file to generate an auxiliary check code;
the controller compares the check code with the auxiliary check code, and if the check code is the same, the check code passes; otherwise, the verification is not passed, and the result of the verification is fed back to the CPE.
The reason why the verification is not passed is that: the configuration file received by the controller and the configuration file sent by the CPE are not the same file, which means that the configuration file may be tampered with during transmission, i.e. an integrity problem occurs.
After the CPE receives the result of the failed verification, the CPE needs to send the configuration file to the controller again, and the controller performs the verification again.
Preferably, the verification adopts an MD5 algorithm; the check code is the MD5 value of the configuration file.
Based on the same inventive concept, as shown in fig. 4, an embodiment of the present application provides a blockchain-based SDWAN configuration synchronization system 300, the system 300 including: a controller 301 and a plurality of user terminal devices 302;
the controller 301 is configured to: acquiring a first configuration file of a Customer Premise Equipment (CPE); acquiring a first check code of a first configuration file of user terminal equipment (CPE) from a blockchain network; checking a first configuration file of the CPE by using a first check code, and modifying the first configuration file after the first configuration file passes the check to obtain a second configuration file; transmitting the second configuration file to a customer premise equipment CPE; generating a second check code of a second configuration file and uploading the second check code to the blockchain network;
the user terminal device 302 is configured to: receiving a second configuration file and acquiring a second check code from the blockchain network; and checking the second configuration file by using the second check code, and performing configuration updating by using the second configuration file after the second check code passes the check.
As a possible implementation manner, the controller and the plurality of user terminal equipments CPE are linked by a blockchain to form a blockchain network.
As a possible implementation manner, the blockchain network is an external network that is accessible to both the controller and the plurality of user terminal equipments CPE.
As a possible implementation, the controller is further configured to: transmitting a configuration synchronization command to a customer premise equipment CPE; the customer premise equipment CPE is further configured to: after receiving a configuration synchronous command issued by a controller, checking a first configuration file to generate a first check code; uploading a first check code of the first configuration file to a blockchain network; the first configuration file is sent to the controller.
Specifically, the checking the first configuration file of the CPE by using the first check code includes:
checking the first configuration file to generate a first auxiliary check code;
and comparing the first check code with the first auxiliary check code, and if the first check code and the first auxiliary check code are the same, checking the pass.
Specifically, the checking the second configuration file using the second check code includes:
checking the second configuration file to generate a second auxiliary check code;
and comparing the second check code with the second auxiliary check code, and if the second check code and the second auxiliary check code are the same, checking the pass.
Preferably, the verification adopts an MD5 algorithm; the first check code is a first MD5 value of the first configuration file; the second check code is a second MD5 value of the second configuration file.
As a possible implementation, the user terminal equipment CPE is further configured to: encrypting the first configuration file and sending the encrypted first configuration file to the controller; the controller is further configured to: decrypting the received encrypted first configuration file to obtain the first configuration file.
As a possible implementation, the controller is further configured to: encrypting the second configuration file, and transmitting the encrypted second configuration file to the CPE; the customer premise equipment CPE is further configured to: decrypting the received encrypted second configuration file to obtain the second configuration file.
Based on the same inventive concept, an embodiment of the present application further provides an electronic device, as shown in fig. 5, including: a memory and a processor, the memory storing an executable program, the processor executing the executable program to implement a configuration modification method or a configuration update method:
configuration modification method: acquiring a first configuration file of a Customer Premise Equipment (CPE); acquiring a first check code of a first configuration file of user terminal equipment (CPE) from a blockchain network; checking a first configuration file of the CPE by using a first check code, and modifying the first configuration file after the first configuration file passes the check to obtain a second configuration file; transmitting the second configuration file to a customer premise equipment CPE; generating a second check code of a second configuration file and uploading the second check code to the blockchain network; or alternatively
The configuration updating method comprises the following steps: receiving a second configuration file and acquiring a second check code from the blockchain network; and checking the second configuration file by using the second check code, and performing configuration updating by using the second configuration file after the second check code passes the check.
The processor may be a general purpose processor, a digital signal processor, an application-specific integrated circuit (ASIC), a programmable logic device (programmable logic device, PLD), or a combination thereof. The PLD may be a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL) or any combination thereof. The general purpose processor may be a microprocessor or any conventional processor or the like.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
The embodiment of the application also provides a storage medium carrying one or more computer programs which, when executed by a processor, implement the configuration modification method or the configuration updating method as above.
The storage medium in the present embodiment may be contained in an electronic device/system; or may exist alone without being assembled into an electronic device/system. The storage medium carries one or more programs that when executed implement the configuration modification method or the configuration update method as described above.
According to embodiments of the present application, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The above embodiments are only exemplary embodiments of the present application and are not intended to limit the present application, the scope of which is defined by the claims. Various modifications and equivalent arrangements of this application will occur to those skilled in the art, and are intended to be within the spirit and scope of the application.

Claims (10)

1. A blockchain-based SDWAN configuration synchronization method applied to a software-defined wide area network SDWAN, in which a controller and a plurality of customer premise equipment CPE are disposed, the method comprising:
the controller obtains a first configuration file of a Customer Premise Equipment (CPE);
the controller obtains a first check code of a first configuration file of the CPE from a blockchain network; checking a first configuration file of the CPE through a first check code;
if the verification is passed, the controller modifies the first configuration file to obtain a second configuration file and sends the second configuration file; generating a second check code of a second configuration file and uploading the second check code to the blockchain network;
the CPE receives a second configuration file;
the CPE acquires a second check code from a blockchain network; checking the second configuration file by using the second check code;
and if the verification is passed, the CPE performs local configuration update by using the second configuration file.
2. The blockchain-based SDWAN configuration synchronization method of claim 1, wherein the method further comprises: and linking the controller and the CPE through a block chain to form a block chain network.
3. The blockchain-based SDWAN configuration synchronization method of claim 1, wherein the blockchain network is an external network accessible to both a controller and a plurality of user terminal devices CPE.
4. The blockchain-based SDWAN configuration synchronization method of claim 1, wherein before the controller obtains the first configuration file of the user terminal device CPE, further comprising:
the controller sends a configuration synchronization command to a customer premise equipment CPE;
after receiving a configuration synchronization command issued by a controller, the CPE checks a first configuration file to generate a first check code;
the CPE uploads a first check code of a first configuration file to a blockchain network;
the user terminal equipment CPE sends the first configuration file to the controller.
5. The blockchain-based SDWAN configuration synchronization method of claim 1, wherein the controller uses a first check code to check a first configuration file of the CPE, comprising:
the controller checks the first configuration file to generate a first auxiliary check code;
the controller compares the first check code with the first auxiliary check code, and if the first check code and the first auxiliary check code are the same, the check is passed.
6. The blockchain-based SDWAN configuration synchronization method of claim 1, wherein the user terminal device CPE verifies the second configuration file using a second verification code, comprising:
the CPE checks the second configuration file to generate a second auxiliary check code;
and the CPE compares the second check code with the second auxiliary check code, and if the second check code and the second auxiliary check code are the same, the check is passed.
7. The blockchain-based SDWAN configuration synchronization method of claim 1, wherein the checking employs an MD5 algorithm; the first check code is a first MD5 value of the first configuration file; the second check code is a second MD5 value of the second configuration file.
8. The blockchain-based SDWAN configuration synchronization method of claim 1, wherein the method further comprises:
the CPE encrypts the first configuration file and sends the encrypted first configuration file to the controller;
and the controller decrypts the received encrypted first configuration file to obtain the first configuration file.
9. The blockchain-based SDWAN configuration synchronization method of claim 1, wherein the method further comprises:
the controller encrypts the second configuration file and sends the encrypted second configuration file to the CPE;
and the CPE decrypts the received encrypted second configuration file to obtain the second configuration file.
10. A blockchain-based SDWAN configuration synchronization system, comprising: a controller and a plurality of customer premise equipments CPEs;
the controller is configured to: acquiring a first configuration file of a Customer Premise Equipment (CPE); acquiring a first check code of a first configuration file of user terminal equipment (CPE) from a blockchain network; checking a first configuration file of the CPE by using a first check code, and modifying the first configuration file after the first configuration file passes the check to obtain a second configuration file; transmitting the second configuration file to a customer premise equipment CPE; generating a second check code of a second configuration file and uploading the second check code to the blockchain network;
the customer premise equipment CPE is configured to: receiving a second configuration file and acquiring a second check code from the blockchain network; and checking the second configuration file by using the second check code, and performing configuration updating by using the second configuration file after the second check code passes the check.
CN202310786919.7A 2023-06-29 2023-06-29 SDWAN configuration synchronization method and system based on blockchain Withdrawn CN116828034A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310786919.7A CN116828034A (en) 2023-06-29 2023-06-29 SDWAN configuration synchronization method and system based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310786919.7A CN116828034A (en) 2023-06-29 2023-06-29 SDWAN configuration synchronization method and system based on blockchain

Publications (1)

Publication Number Publication Date
CN116828034A true CN116828034A (en) 2023-09-29

Family

ID=88116239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310786919.7A Withdrawn CN116828034A (en) 2023-06-29 2023-06-29 SDWAN configuration synchronization method and system based on blockchain

Country Status (1)

Country Link
CN (1) CN116828034A (en)

Similar Documents

Publication Publication Date Title
JP7316347B2 (en) Systems and methods for providing an interface for blockchain cloud services
US11281457B2 (en) Deployment of infrastructure in pipelines
EP3893433B1 (en) Data isolation in blockchain networks
CN110400221B (en) Data processing method, system, storage medium and computer equipment
US10277409B2 (en) Authenticating mobile applications using policy files
JP2020064668A (en) Network connection automatization
CN111295660A (en) Computer-implemented system and method for connecting blockchains to digital twins
CN110177124B (en) Identity authentication method based on block chain and related equipment
CN111541552B (en) Block chain all-in-one machine and automatic node adding method and device thereof
CN111314172B (en) Block chain-based data processing method, device, equipment and storage medium
CN114567643B (en) Cross-blockchain data transfer method, device and related equipment
CN103561006A (en) Application authentication method and device and application authentication server based on Android
US11689375B2 (en) Data in transit protection with exclusive control of keys and certificates across heterogeneous distributed computing environments
CN110968899B (en) Data blocking confirmation method, device, equipment and medium based on block chain
CN111176677B (en) Server system reinforcement updating method and device
CN110555682B (en) Multi-channel implementation method based on alliance chain
CN103559430A (en) Application account management method and device based on android system
CN113228075A (en) Computer-implemented system and method for controlling or enforcing transfers made on a blockchain
CN110276693B (en) Insurance claim settlement method and system
CN116828034A (en) SDWAN configuration synchronization method and system based on blockchain
CN105049209A (en) Dynamic password generation method and apparatus
US11146594B2 (en) Security incident blockchain
CN111178896B (en) Bus taking payment method, device and storage medium
Kobeissi Verifpal User Manual
US11122081B2 (en) Preventing unauthorized access to information resources by deploying and utilizing multi-path data relay systems and sectional transmission techniques

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20230929