CN117061277A - Virtual local area network realization method, server, terminal and system - Google Patents
Virtual local area network realization method, server, terminal and system Download PDFInfo
- Publication number
- CN117061277A CN117061277A CN202311091163.0A CN202311091163A CN117061277A CN 117061277 A CN117061277 A CN 117061277A CN 202311091163 A CN202311091163 A CN 202311091163A CN 117061277 A CN117061277 A CN 117061277A
- Authority
- CN
- China
- Prior art keywords
- local area
- area network
- virtual local
- terminal
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000005540 biological transmission Effects 0.000 claims abstract description 61
- 230000004044 response Effects 0.000 claims abstract description 52
- 238000012545 processing Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 12
- 238000003860 storage Methods 0.000 claims description 7
- 239000003999 initiator Substances 0.000 claims description 4
- 238000009826 distribution Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 11
- 230000007547 defect Effects 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 18
- 230000006855 networking Effects 0.000 description 15
- 238000007726 management method Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 10
- 238000004891 communication Methods 0.000 description 9
- 230000003993 interaction Effects 0.000 description 7
- 238000000638 solvent extraction Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 4
- 238000013468 resource allocation Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000002955 isolation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012857 repacking Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a method, a server, a terminal and a system for realizing a virtual local area network, which comprise the following steps: receiving a network access request, and acquiring information of whether a first terminal requesting network access starts a virtual local area network from a first position of the network access request; when the first terminal starts the virtual local area network, the first virtual local area network is distributed to the first terminal; generating and sending an access response message corresponding to the access request, wherein the second position of the access response message carries the information of the first virtual local area network; wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment. The embodiment of the invention distributes the virtual local area network for the terminal based on the network transmission protocol, realizes virtual link connection and virtual local area network division, and avoids the defects of high equipment dependence requirement and weak adaptability of the dynamic virtual connection network of the virtual local area network technology.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method for implementing a virtual local area network, a server, a terminal, and a system for implementing a virtual local area network.
Background
Virtual local area network (Virtual Local Area Network, VLAN) technology is used in the internet to implement a set of logical devices and users that are organized according to factors such as function, division and application, and communicate with each other as if they were in the same network segment. Dividing the local area network has the following advantages:
(1) The broadcast domain can be limited, and the broadcast domain is limited in one VLAN, so that the bandwidth is saved, and the network processing capacity is improved; (2) The security of the local area network is enhanced, and messages in different VLANs are isolated from each other during transmission, namely, a user in one VLAN cannot directly communicate with users in other VLANs; (3) The robustness of the network is improved, the faults are limited in one VLAN, and the faults in the VLAN can not influence the normal work of other VLANs; (4) The virtual working group is flexibly constructed, different users can be divided into different working groups by using VLAN, the users of the same working group are not limited to a certain fixed physical range, and the network construction and maintenance are more convenient and flexible.
Virtual link connections refer to a set of virtual path connections between endpoints, one virtual channel may connect end users of one network or different networks, and there are two types of virtual link connections in VLAN networks: a so-called permanent virtual connection, which refers to a fixed connection between two endpoints of a network, can be modified by management functions and must be manually configured. This has the advantage that the virtual connection configuration is made every call, so it is fast (less than 30 us), only determined by the corresponding time of the system. A disadvantage is that these connections have to be configured manually and a large number of predefined automatic configurations cannot be made. The other is a dynamic virtual connection, the connection request is initiated by the end user or the end application, and the system is temporarily established. The connection time is determined by the network and may fail when the network is congested. But dynamic virtual connections have higher quality of service (Quality of Service, qoS) adaptations and bandwidth utilization. Both point-to-point connections and point-to-multipoint connections can be made.
However, the partitioning of the VLAN network and the connection of the virtual link are all required to be implemented by hardware devices, for example, by a physical port of a device, by a MAC address of the device, and the like, which have high dependency on the device.
Disclosure of Invention
In view of the foregoing, embodiments of the present invention are provided to provide a method for implementing a virtual local area network, a server, a terminal, and a system for implementing a virtual local area network that overcome or at least partially solve the foregoing problems.
In order to solve the above problem, in a first aspect, an embodiment of the present invention discloses a method for implementing a virtual local area network, where the method includes:
receiving a network access request, and acquiring information of whether a first terminal requesting network access starts a virtual local area network from a first position of the network access request;
when the first terminal starts the virtual local area network, the first virtual local area network is distributed to the first terminal;
generating and sending an access response message corresponding to the access request, wherein the second position of the access response message carries the information of the first virtual local area network;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
The method as above, optionally, the method further comprises:
receiving a request for establishing a service channel, wherein an initiator of the request for establishing the service channel is a second terminal, and the other end of the request for establishing the service channel is a third terminal;
acquiring information of a second virtual local area network to which the second terminal belongs from a third position requested by the service channel establishment, wherein the third position is a field range specified by a transmission protocol of a current network environment;
acquiring information of a third virtual local area network to which the third terminal belongs;
and when the second terminal and the third terminal belong to the same virtual local area network, establishing a service channel for the second terminal and the third terminal according to the information of the second virtual local area network and the information of the third virtual local area network, so that the second terminal and the third terminal process the service through the service channel.
The method as above, optionally, the method further comprises:
generating a corresponding relation between the terminal and the virtual local area network according to the terminal starting the virtual local area network and the corresponding distributed virtual local area network;
the obtaining the information of the third virtual local area network to which the third terminal belongs includes:
And acquiring information of a third virtual local area network to which the third terminal belongs according to the corresponding relation.
In order to solve the above problem, in a second aspect, an embodiment of the present invention discloses a method for implementing a virtual local area network, where the method includes:
sending a network access request, and identifying information for enabling a virtual local area network in a first position of the network access request;
receiving an access response message, and acquiring information of the allocated first virtual local area network from a second position of the access response message;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
The method as above, optionally, further comprising:
sending a request for establishing a service channel with other terminals, and identifying the information of the first virtual local area network at a third position of the request for establishing the service channel;
receiving a successful message for establishing a service channel, which is sent after judging that the virtual local area network to which the other terminal belongs and the first virtual local area network belong to the same virtual local area network;
and processing the service between the terminal and the other terminals according to the service channel.
In order to solve the above-mentioned problem, in a third aspect, an embodiment of the present invention discloses a server, including:
The receiving module is used for receiving a network access request and acquiring information of whether a first terminal requesting network access starts a virtual local area network or not from a first position of the network access request;
the distribution module is used for distributing a first virtual local area network for the first terminal when the first terminal starts the virtual local area network;
the response module is used for generating and sending a network access response message corresponding to the network access request, and the second position of the network access response message carries the information of the first virtual local area network;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
In order to solve the above-mentioned problem, in a fourth aspect, an embodiment of the present invention discloses a terminal, including:
the system comprises a sending module, a receiving module and a receiving module, wherein the sending module is used for sending a network access request and identifying information for enabling a virtual local area network in a first position of the network access request;
the acquisition module is used for receiving the network access response message and acquiring the information of the allocated first virtual local area network from the second position of the network access response message;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
In order to solve the above problem, in a fifth aspect, an embodiment of the present invention discloses a system for implementing a virtual local area network, including: a server as described in the third aspect and a terminal as described in the fourth aspect.
In order to solve the above-mentioned problem, a sixth aspect of an embodiment of the present invention discloses an electronic device, including:
one or more processors; and
one or more machine readable media having instructions stored thereon, which when executed by the one or more processors, cause the electronic device to perform the method of implementing a virtual local area network as described in the first or second aspect.
In order to solve the above-mentioned problems, in a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium storing a computer program for causing a processor to execute the method for implementing a virtual local area network according to the first aspect or the second aspect.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, the virtual local area network is allocated for the equipment for identifying the enabled virtual local area network in the appointed field range of the transmission protocol in the network access authentication stage, and the allocated virtual local area network information is identified in the appointed field range of the transmission protocol, the transmission protocol based on the network environment realizes the division of the virtual local area network, provides a safe network environment for users, does not need hardware equipment to divide the virtual local area network, and avoids the defects that the virtual local area network technology has high equipment dependence requirement and weak adaptability of a dynamic virtual connection network.
Drawings
FIG. 1 is a flow chart of steps of an embodiment of a method of implementing a virtual local area network in accordance with the present invention;
FIG. 2 is a schematic diagram of an embodiment of an autonomous cloud of an Internet of view of the present invention;
FIG. 3 is a schematic diagram of a strategy for implementing a virtual local area network based on the V2V protocol according to the present invention;
FIG. 4 is a flow chart of steps of an embodiment of a method of implementing another virtual local area network of the present invention;
FIG. 5 is a block diagram of one embodiment of a server of the present invention;
FIG. 6 is a block diagram of a terminal embodiment of the present invention;
FIG. 7 is a block diagram of an embodiment of a virtual local area network implementation system of the present invention;
fig. 8 is a block diagram of an embodiment of an electronic device of the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
At present, the division of the VLAN network and the connection of the virtual links are all realized through hardware equipment, such as physical ports of the equipment, MAC addresses of the equipment and the like, and the VLAN network has high dependence on the equipment. In order to solve the problem, in the embodiment of the invention, a server receives a network access request, acquires information of whether a first terminal requesting network access starts a virtual local area network from a first position of the network access request, and distributes the first virtual local area network for the first terminal when the first terminal starts the virtual local area network; generating and sending a network access response message corresponding to the network access request, wherein the second position of the network access response message carries the information of the first virtual local area network; wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment. In the embodiment of the invention, the virtual local area network is allocated for the equipment for identifying the enabled virtual local area network in the appointed field range of the transmission protocol in the network access authentication stage, and the allocated virtual local area network information is identified in the appointed field range of the transmission protocol, the transmission protocol based on the network environment realizes the division of the virtual local area network, provides a safe network environment for users, does not need hardware equipment to divide the virtual local area network, and avoids the defects that the virtual local area network technology has high equipment dependence requirement and weak adaptability of a dynamic virtual connection network.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a method for implementing a virtual local area network of the present invention, applied to a server side, may specifically include the following steps:
step S110, receiving a network access request, and acquiring information of whether a first terminal requesting network access starts a virtual local area network from a first position of the network access request;
specifically, when the terminal needs to divide the virtual local area network, the information of enabling the virtual local area network can be identified at a designated position of the network access request, and the designated position is marked as a first position for convenience of distinguishing, wherein the first position is a field range designated by a transmission protocol of the current network environment. For example, a certain information field location of the transport protocol is taken as the first location.
After the network access request is sent by the terminal, or the server directly receives the network access request or receives the network access request forwarded by other devices, the terminal of the network access request can be determined first and recorded as the first terminal, then the network access request is analyzed according to the transmission protocol of the current network environment, and whether the first terminal needs to start the virtual local area network is checked from the first position of the network access request.
In practical application, the specific identifier can be appointed to be carried in the transmission protocol of the current network environment in advance, and the identifier needs to enable the virtual local area network, so that the server can determine whether the first terminal needs to enable the virtual local area network according to whether the specific identifier is recorded in the first position of the network access request.
Step S120, when the first terminal starts the virtual local area network, the first virtual local area network is allocated to the first terminal;
specifically, after the server judges that the first terminal starts the virtual local area network, the virtual local area network is allocated to the first terminal and is recorded as the first virtual local area network.
In practical application, the server may allocate a virtual local area network for the first terminal based on a preset virtual local area network partitioning policy, so as to implement a function of plug and play of the client or the server. For example, the preset virtual lan partitioning policy is a policy of a combination of "network identifier and device identifier", and the server may allocate a virtual lan to the first terminal according to the partitioning policy.
In practical application, the server can create the virtual local area network which is required to be associated with each policy, synchronize the policies and the virtual local area network information to all servers in the network, create virtual network views and associate different policies, and build a mapping table of specific policies and the virtual local area network so as to determine which terminals can be divided into the virtual local area networks created above.
Step S130, generating and sending a network access response message corresponding to the network access request, wherein the second position of the network access response message carries the information of the first virtual local area network;
Specifically, after the server allocates the first virtual local area network to the first terminal, generating an access response message corresponding to the access request, where the server carries information of the first virtual local area network at a second position of the access response message, where the second position is a field range specified by a transmission protocol of the current network environment, and the second position may be the same as or different from the first position. The server then sends an access response message.
After receiving the network access response message, the first terminal analyzes the network access response message according to the transmission protocol of the current network environment, and acquires the information of the first virtual local area network distributed by the server for the first terminal from the second position of the network access response message.
Taking the view networking as an example, referring to fig. 2, a schematic structural diagram of an embodiment of the view networking autonomous cloud of the present invention is shown, where the autonomous cloud is a basic substructure in the view networking network structure, and is also a minimum structural unit that enables the view networking to operate normally. The autonomous servers are management cores of autonomous clouds, and each autonomous cloud means at least one autonomous server. The functions mainly comprise management and registration of equipment in the autonomous cloud, realization of service logic of the video networking and management network communication of the video networking inside the autonomous cloud and among the autonomous cloud, and the like.
And after one of the sub-control servers receives a network access request sent by a certain terminal (marked as a first terminal), analyzing the network access request according to a video network transmission protocol, judging whether a virtual local area network is required to be divided for the current terminal from a first position, and if so, distributing the virtual local area network to the first terminal by the sub-control server, and marking the virtual local area network as the first virtual local area network.
And after the first terminal receives the network access response message, analyzing the network access response message according to a video network transmission protocol, determining that the virtual local area network is successfully allocated from the second position, and acquiring the information of the first virtual local area network.
Meanwhile, the sub-control server can store the first terminal and the virtual local area network allocated to the first terminal and synchronize the first terminal and the virtual local area network with other sub-control servers and autonomous servers in the network.
In the embodiment of the invention, the virtual local area network is allocated for the equipment for identifying the enabled virtual local area network in the appointed field range of the transmission protocol in the network access authentication stage, and the allocated virtual local area network information is identified in the appointed field range of the transmission protocol, the transmission protocol based on the network environment realizes the division of the virtual local area network, provides a safe network environment for users, does not need hardware equipment to divide the virtual local area network, and avoids the defects that the virtual local area network technology has high equipment dependence requirement and weak adaptability of a dynamic virtual connection network.
In a preferred embodiment of the invention, the method further comprises:
receiving a request for establishing a service channel, wherein an initiator of the request for establishing the service channel is a second terminal, and the other end of the request for establishing the service channel is a third terminal;
acquiring information of a second virtual local area network to which the second terminal belongs from a third position requested by the service channel establishment, wherein the third position is a field range specified by a transmission protocol of a current network environment;
acquiring information of a third virtual local area network to which the third terminal belongs;
and when the second terminal and the third terminal belong to the same virtual local area network, establishing a service channel for the second terminal and the third terminal according to the information of the second virtual local area network and the information of the third virtual local area network, so that the second terminal and the third terminal process the service through the service channel.
Specifically, when the second terminal to which the virtual local area network has been allocated needs to perform service communication with the third terminal, a request for establishing a service channel may be sent to the third terminal, where one end (initiator) of the request for establishing a service channel is the second terminal, and the other end is the third terminal. The second terminal identifies information of a second virtual local area network to which the second terminal belongs in a third position of a request for establishing a service channel, wherein the third position is a field range specified by a transmission protocol of the current network environment.
The server receives the request for establishing the service channel, analyzes the request for establishing the service channel according to the transmission protocol of the current network environment, and acquires the information of the second virtual local area network to which the second terminal belongs from the third position.
And then, the server acquires information of a third virtual local area network to which the third terminal belongs.
And when the two terminals and the third terminal belong to the same virtual local area network according to the information of the second virtual local area network and the information of the third virtual local area network, establishing a service channel for the second terminal and the third terminal. The second terminal and the third terminal can then process the traffic through the traffic channel. The embodiment of the invention realizes dynamic connection of the virtual link through a network transmission protocol and provides safe data isolation through a service channel.
Taking the video networking as an example, after receiving the request for establishing the service channel, the sub-control server acquires the virtual local area network information corresponding to the second terminal for establishing the service channel request, queries the virtual local area network information corresponding to the third terminal for establishing the service channel request in the recorded virtual local area network information, and establishes the service channel for the second terminal and the third terminal if the two are in the same virtual local area network. Specifically, if the second terminal and the third terminal are located in the same sub-control server management range, the sub-control server directly establishes a service channel for the second terminal and the third terminal, if the second terminal and the third terminal are located in different sub-control server management ranges, the second terminal corresponds to the second sub-control server, the third terminal corresponds to the third sub-control server, the second sub-control server establishes a second service channel from the second terminal to the autonomous server, and notifies the autonomous server, the autonomous server sends a request for establishing the service channel to the third sub-control server, and the third sub-control server establishes a third service channel between the third terminal and the autonomous server. And then, synchronizing the second service channel information and the third service channel information between the second sub-control server and the third sub-control server and between the autonomous servers. And the second control server sends the service channel information to the second terminal.
When the second terminal needs to process the service between the second terminal and the third terminal according to the service channel, the second terminal sends a service control instruction to the autonomous server through the second service channel, the appointed position of the service control instruction comprises virtual local area network information and service channel information, the autonomous server reassembles the service control instruction according to the virtual local area network information and the service channel information, and the reassembled instruction is forwarded to the third terminal through the third service channel.
When the third terminal receives the service control instruction, processing is performed to obtain service control data, the service data is sent to the autonomous server through the third service channel, and the autonomous server is used for re-packing the service data and then forwarding the service data to the second terminal through the second service channel, so that service control authentication, service control confirmation, service control response, service resource allocation and the like are performed between the second terminal and the third terminal in the same virtual local area network, and the service channel is established.
Similarly, a data channel can be established for the second terminal and the third terminal in the same manner, for example, the server issues live broadcast, the server performs data encoding processing, then data is sent in a designated channel, and the client receives the data according to the established data channel and performs decoding processing on the data, so that the data can be displayed on the display terminal, and audio and video display and the like are performed.
In the embodiment of the invention, the virtual local area network is allocated for the equipment which starts the virtual local area network in the appointed field range of the transmission protocol in the network access authentication stage, the allocated virtual local area network information is identified in the appointed field range of the transmission protocol, the virtual local area network division is realized based on the transmission protocol of the network environment, the service channel is established for the equipment in the same virtual local area network based on the virtual local area network information in the transmission protocol, the virtual link connection and the virtual local area network division are realized based on the transmission protocol, the safe network environment is provided for the user, the hardware equipment is not required to divide the virtual local area network, and the defects that the virtual local area network technology has high equipment dependence requirement and weak dynamic virtual connection network adaptability are avoided.
In a preferred embodiment of the invention, the method further comprises:
generating a corresponding relation between the terminal and the virtual local area network according to the terminal starting the virtual local area network and the corresponding distributed virtual local area network;
the obtaining the information of the third virtual local area network to which the third terminal belongs includes:
and acquiring information of a third virtual local area network to which the third terminal belongs according to the corresponding relation.
Specifically, after the server allocates the virtual local area network for the terminal, the corresponding relation between the terminal and the virtual local area network can be generated according to the terminal which starts the virtual local area network and the corresponding allocated virtual local area network, so that after the server receives the request for establishing the service channel, the server can acquire the virtual local area network information of the second terminal and the third terminal corresponding to the request for establishing the service channel from the corresponding relation, and when the two information belong to the same virtual local area network, the service channel is established for the two information. The virtual local area network information of the terminal can be acquired more conveniently by storing the corresponding relation between the terminal and the virtual local area network.
Taking the video networking as an example, the video networking is another bottom communication protocol network different from the internet, and the real-time high-definition video exchange technology is adopted, so that the required service, such as a high-definition video conference and the like, can be carried out on a network platform. The communication in the internet of view uses the internet of view V2V (video to video) protocol, so the transmitted data is a V2V data stream, the communication in the internet uses the IP protocol, so the transmitted data is an IP data stream, and the internet network is also called an IP network.
The video networking message is a data packet based on a video networking protocol, and the video networking message can be composed of a video networking protocol header and a data message segment, wherein the data message segment can be used for bearing video/audio messages and also can be used for bearing IP messages, and the IP messages are data packets based on an Internet protocol.
The V2V protocol of the video network is an endogenous safety communication protocol cluster framework (Vsec) based on a link layer, and all safety protocol layers are mutually looped, so that the safety of network communication is protected from bottom to top. The protocol cluster provides security guarantee for confidentiality, integrity, reliability, replay prevention and the like of data in the transmission process.
The V2V protocol of the video network mainly comprises 4 seed protocols, which are respectively from bottom to top: secure exchange protocol, secure management protocol, secure control protocol, secure data protocol. The safety exchange protocol realizes identity recognition, safety information interaction and confirmation; the security management protocol realizes the connection authentication and management of network element equipment in the network; the safety control protocol realizes the safety control scheduling of the data and video service; the secure data protocol enables secure transmission of application data.
The 4 sub-protocols in the V2V protocol of the video network all comprise four parts of a total protocol header, a public message header, a sub-protocol message header and a sub-protocol data message load part, and completely conform to the 802.3 protocol standard on the basis of Ethernet.
TABLE 1 Total protocol header protocol Specification
Referring to table 1, the total protocol header is mainly used for network addressing and message forwarding, and the content includes a switching identifier, a source device address and a destination device address.
The exchange identifier is used for representing the packet type of the exchange protocol packet, different packet types determine the address types of a destination address and a source address, and also determine the type of a transmission protocol in an exchange protocol load, and the method is mainly used for distinguishing and identifying encryption protocols and non-encryption protocols. When the exchange identification bit marks the security protocol, the protocol field is provided with a newly added password application field. When the exchange identifier of the terminal in the total protocol header is set to 0x20, 0x21 and 0x22, the terminal is indicated to enable virtual local area network division.
It can be seen that the field corresponding to the exchange identifier of the total protocol header in the internet of view protocol corresponds to the first position described above. That is, when the terminal initiates a network access request, the value of the field corresponding to the exchange identifier can be set as a corresponding value according to the protocol specification, so as to characterize whether the terminal enables the virtual local area network.
Table 2 common message header protocol specification
| Type identification | Message source domain | Message destination domain | Message content |
| 0x00 | Not involving secret | Not involving secret | Not involving secret |
| 0x11 | Secret-proof | Secret-proof | Secret-proof |
| 0x22 | Secret device | Secret device | Secret device |
| 0x33 | Secret device | Secret device | Secret device |
Referring to table 2, the common message header includes a type identification (which may also be referred to as a security class identification), reserved bits (virtual local area network division), a message number.
Wherein the type identifier is used to represent a privacy level of the message source domain, the message content. Data from high-security source domains is not allowed to flow into low-security domains, and high-security messages are not allowed to flow into low-security domains. The reserved bits are used to identify the virtual local area network information, and the specific settings of the reserved bits can be seen in table 3.
Table 3 reserved bit protocol specification
| Virtual network identification | Message content |
| 0x00 | Virtual network-free partitioning |
| 0x01 | Virtual network 1 |
| 0xXX | Secret device |
Referring to table 3, the reserved bits in the common message header identify the virtual local area network identifier, and after the server allocates the virtual local area network for the terminal, the virtual local area network identifier may be written in the reserved bits in the common message header, for example, 0x01 is written, which indicates that the virtual local area network allocated for the terminal is virtual network 1. It can be seen that the field corresponding to the reserved bit of the common message header in the internet of view protocol corresponds to the second position described above. That is, after the server allocates the virtual local area network to the terminal, the value of the field corresponding to the reserved bit can be set as a corresponding value according to the protocol specification, so as to inform the terminal of the information of the virtual local area network accessed by the terminal.
Referring to fig. 3, a schematic policy diagram of implementing a virtual local area network based on a V2V protocol according to the present invention is shown, where virtual local area network management is implemented through view networking management, sub-control 2K server management, and database cluster management.
As shown in fig. 2 and 3, the policy for implementing the virtual local area network based on the V2V protocol includes the following procedures:
the client and the server carry out identity authentication through a secure interaction protocol, and the negotiation of an identity recognition encryption strategy and information interaction is carried out through the secure interaction protocol, so that the encryption mechanism, the secret key and the digital certificate interaction are determined. The sub-control 2K server performs security exchange protocol interaction with each client or server in a challenge response mode, and completes identity identification, security capability and encryption strategy interaction of each client and server.
And the client or the server performs network access authentication. And acquiring the video network number, the sub-equipment number and the virtual network information. And setting and starting virtual local area network division by the exchange identification in the total protocol header in the network access authentication process.
The sub-control 2K server distributes the virtual local area network. Virtual network division is performed according to a preset strategy, so that the plug-and-play function of a client or a server can be realized, and meanwhile, safe data isolation can be provided. Wherein the policy is mainly a "based on the combination of the internet of view number and the number of the sub-device". After the network access of the terminals such as the client or the server is successful, the sub-control 2K server performs virtual network division on the video network number and the sub-equipment number of the client or the server according to the strategy, and simultaneously synchronizes the corresponding operation of the client or the server to other sub-control 2K servers and autonomous servers, and in the process, a virtual local area network divided by the bit identifiers is reserved in the public message header.
And the client establishes a service channel with the server, and sets a switching identifier in a transmitted total protocol header and a virtual network with a specific reserved bit identifier in a public message header. And the sub-control 2K server establishes a service channel for the client and the server under the same virtual network, and performs resource allocation. And the client and the server in the same virtual network perform service control authentication, service control confirmation, service control response, service resource allocation and the like to establish a service channel.
Specifically, the client sends a service control instruction carrying a virtual network identifier to the autonomous server through a service channel, the autonomous server performs virtual network query, analyzes a target video network number, a sub-equipment number and the like, and then performs data repacking to perform data sending and sending to the target server.
The server acquires the information and extracts the data. And returning corresponding service control data to the autonomous server through the service channel, extracting and reorganizing the data by the autonomous server, and then transmitting the data to the client.
And the client and the server perform service processing, establish a data channel and perform service processing. For example, the server issues live broadcast, the server performs data encoding processing, then data is sent in a designated channel, and the client receives the data according to the established data channel and performs decoding processing on the data, so that the data can be displayed on a display device to display audio and video.
In the embodiment of the invention, the virtual link dynamic connection and the virtual local area network division based on the strategy are realized by adopting the transmission protocol, the virtual local area network division is performed by using the video networking protocol, and then the local area network management is realized, and the defects of high equipment dependence requirement and weak adaptability of the dynamic virtual connection network of the strategy VLAN technology are avoided.
Referring to fig. 4, a flowchart illustrating steps of another embodiment of a method for implementing a virtual local area network of the present invention, applied to a terminal side or a server side, may specifically include the following steps:
step S410, a network access request is sent, and information for enabling a virtual local area network is identified in a first position of the network access request;
step S420, receiving a network access response message, and acquiring information of the allocated first virtual local area network from a second position of the network access response message;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
Specifically, when the terminal needs to divide the virtual local area network, firstly, a network access request is sent to the server, and information for enabling the virtual local area network is identified in a first position of the network access request, so that after the server receives the network access request, the network access request is analyzed according to a transmission protocol of the current network environment, and the virtual local area network needs to be divided for the current equipment terminal, wherein the terminal can be a client or a server.
After receiving the network access request, the server analyzes the network access request according to the transmission protocol of the current network environment, distributes virtual local area network information for the terminal based on a preset virtual local area network division policy, and can realize the plug and play function of the client or the server. After dividing the virtual local area network, sending a network access response message to the terminal, identifying virtual local area network information divided for the terminal in a second position of the network access response message, after the terminal receives the network access response message, analyzing the virtual network allocation success message according to a transmission protocol of the current network environment, determining that the virtual local area network is successfully allocated, and acquiring the virtual local area network information from the second position.
In the embodiment of the invention, the virtual local area network is allocated for the equipment for identifying the enabled virtual local area network in the appointed field range of the transmission protocol in the network access authentication stage, and the allocated virtual local area network information is identified in the appointed field range of the transmission protocol, the transmission protocol based on the network environment realizes the division of the virtual local area network, provides a safe network environment for users, does not need hardware equipment to divide the virtual local area network, and avoids the defects that the virtual local area network technology has high equipment dependence requirement and weak adaptability of a dynamic virtual connection network.
In a preferred embodiment of the invention, the method further comprises:
sending a request for establishing a service channel with other terminals, and identifying the information of the first virtual local area network at a third position of the request for establishing the service channel;
receiving a successful message for establishing a service channel, which is sent after judging that the virtual local area network to which the other terminal belongs and the first virtual local area network belong to the same virtual local area network;
and processing the service between the terminal and the other terminals according to the service channel.
Specifically, when the terminal needs to perform service communication with other terminals, a request for establishing a service channel can be sent to the other terminals, information of the first virtual local area network is identified at a third position of the request for establishing the service channel, the server receives the request for establishing the service channel, analyzes the request for establishing the service channel according to a transmission protocol of the current network environment, determines the information of the virtual local area network of the terminal in the request for establishing the service channel, acquires the information of the virtual local area network of the other terminals, and establishes a service channel for the terminal and the other terminals when the information of the virtual local area networks of the terminal and the other terminals are the same.
When the terminal needs to process the service between the terminal and other terminals according to the service channel, the terminal sends a service control instruction to the server through the service channel, virtual local area network information and service channel information are identified in a designated position of the service control instruction, the server reassembles the service control instruction according to the virtual local area network information and the service channel information, and the reassembled instruction is forwarded to the other terminals through the service channel.
When other terminals receive the service control instruction, processing is performed to obtain service control data, the service data is sent to the server through the service channel, and after the server reassembles the service data, the service data is forwarded to the terminals through the service channel, so that service control authentication, service control confirmation, service control response, service resource allocation and the like are performed between the terminals in the same virtual local area network and the other terminals, and the service channel is established.
In the embodiment of the invention, the virtual local area network is allocated for the equipment which starts the virtual local area network in the appointed field range of the transmission protocol in the network access authentication stage, the allocated virtual local area network information is identified in the appointed field range of the transmission protocol, the virtual local area network division is realized based on the transmission protocol of the network environment, the service channel is established for the equipment in the same virtual local area network based on the virtual local area network information in the transmission protocol, the virtual link connection and the virtual local area network division are realized based on the transmission protocol, the safe network environment is provided for the user, the hardware equipment is not required to divide the virtual local area network, and the defects that the virtual local area network technology has high equipment dependence requirement and weak dynamic virtual connection network adaptability are avoided.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.
Referring to fig. 5, a block diagram of a server embodiment of the present invention is shown, and may specifically include the following modules:
a receiving module 510, configured to receive a network access request, and obtain, from a first location of the network access request, information about whether a first terminal requesting network access enables a virtual local area network;
the allocation module 520 is configured to allocate a first virtual local area network to the first terminal when the first terminal starts the virtual local area network;
a response module 530, configured to generate and send a network access response message corresponding to the network access request, where a second location of the network access response message carries information of the first virtual local area network;
Wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment. For the server embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and the relevant points are referred to in the description of the method embodiment.
Referring to fig. 6, a block diagram of a terminal embodiment of the present invention is shown, and may specifically include the following modules:
a sending module 610, configured to send a network access request, and identify information for enabling a virtual local area network in a first location of the network access request;
an obtaining module 620, configured to receive an access response message, and obtain information of the allocated first virtual local area network from a second location of the access response message;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
For the terminal embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and the relevant points will be referred to in the description of the method embodiment.
Referring to fig. 7, a block diagram illustrating an implementation system of a virtual local area network according to an embodiment of the present invention may specifically include: server 710 and terminal 720, wherein terminal 720 may be a plurality of terminals and server 710 may be a plurality of servers, and for the terminal system embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and the relevant points are referred to in the description of the method embodiments.
Referring to fig. 8, there is shown a block diagram of an embodiment of an electronic device of the present invention, the device comprising: a processor 810, a machine-readable medium 820, and a bus 830;
wherein the processor 810 and the machine-readable medium 820 communicate with each other through the bus 830;
the processor 810 is configured to invoke program instructions in the machine-readable medium 820 to perform the methods provided by the method embodiments described above, including, for example: receiving a network access request, and acquiring information of whether a first terminal requesting network access starts a virtual local area network from a first position of the network access request; when the first terminal starts the virtual local area network, the first virtual local area network is distributed to the first terminal; generating and sending an access response message corresponding to the access request, wherein the second position of the access response message carries the information of the first virtual local area network; wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
Embodiments of the present invention disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the method embodiments described above, for example comprising: receiving a network access request, and acquiring information of whether a first terminal requesting network access starts a virtual local area network from a first position of the network access request; when the first terminal starts the virtual local area network, the first virtual local area network is distributed to the first terminal; generating and sending an access response message corresponding to the access request, wherein the second position of the access response message carries the information of the first virtual local area network; wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
Embodiments of the present invention provide a non-transitory computer readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above-described method embodiments, for example, including: receiving a network access request, and acquiring information of whether a first terminal requesting network access starts a virtual local area network from a first position of the network access request; when the first terminal starts the virtual local area network, the first virtual local area network is distributed to the first terminal; generating and sending an access response message corresponding to the access request, wherein the second position of the access response message carries the information of the first virtual local area network; wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The above description of the method, the server, the terminal and the system for implementing a virtual local area network provided by the present invention applies specific examples to illustrate the principles and embodiments of the present invention, and the above examples are only used to help understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (10)
1. A method for implementing a virtual local area network, the method comprising:
receiving a network access request, and acquiring information of whether a first terminal requesting network access starts a virtual local area network from a first position of the network access request;
when the first terminal starts the virtual local area network, the first virtual local area network is distributed to the first terminal;
generating and sending an access response message corresponding to the access request, wherein the second position of the access response message carries the information of the first virtual local area network;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
2. The method according to claim 1, wherein the method further comprises:
receiving a request for establishing a service channel, wherein an initiator of the request for establishing the service channel is a second terminal, and the other end of the request for establishing the service channel is a third terminal;
acquiring information of a second virtual local area network to which the second terminal belongs from a third position requested by the service channel establishment, wherein the third position is a field range specified by a transmission protocol of a current network environment;
acquiring information of a third virtual local area network to which the third terminal belongs;
and when the second terminal and the third terminal belong to the same virtual local area network, establishing a service channel for the second terminal and the third terminal according to the information of the second virtual local area network and the information of the third virtual local area network, so that the second terminal and the third terminal process the service through the service channel.
3. The method according to claim 2, wherein the method further comprises:
generating a corresponding relation between the terminal and the virtual local area network according to the terminal starting the virtual local area network and the corresponding distributed virtual local area network;
the obtaining the information of the third virtual local area network to which the third terminal belongs includes:
And acquiring information of a third virtual local area network to which the third terminal belongs according to the corresponding relation.
4. A method for implementing a virtual local area network, the method comprising:
sending a network access request, and identifying information for enabling a virtual local area network in a first position of the network access request;
receiving an access response message, and acquiring information of the allocated first virtual local area network from a second position of the access response message;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
5. The method as recited in claim 4, further comprising:
sending a request for establishing a service channel with other terminals, and identifying the information of the first virtual local area network at a third position of the request for establishing the service channel;
receiving a successful message for establishing a service channel, which is sent after judging that the virtual local area network to which the other terminal belongs and the first virtual local area network belong to the same virtual local area network;
and processing the service between the terminal and the other terminals according to the service channel.
6. A server, comprising:
the receiving module is used for receiving a network access request and acquiring information of whether a first terminal requesting network access starts a virtual local area network or not from a first position of the network access request;
The distribution module is used for distributing a first virtual local area network for the first terminal when the first terminal starts the virtual local area network;
the response module is used for generating and sending a network access response message corresponding to the network access request, and the second position of the network access response message carries the information of the first virtual local area network;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
7. A terminal, comprising:
the system comprises a sending module, a receiving module and a receiving module, wherein the sending module is used for sending a network access request and identifying information for enabling a virtual local area network in a first position of the network access request;
the acquisition module is used for receiving the network access response message and acquiring the information of the allocated first virtual local area network from the second position of the network access response message;
wherein, the first location and the second location are both the field ranges specified by the transmission protocol of the current network environment.
8. A system for implementing a virtual local area network, comprising:
a server as claimed in claim 6 and a terminal as claimed in claim 7.
9. An electronic device, comprising:
one or more processors; and
One or more machine readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the method of implementing a virtual local area network as claimed in any one of claims 1 to 3 or claims 4 to 5.
10. A computer readable storage medium, characterized in that it stores a computer program for causing a processor to execute the method of implementing a virtual local area network according to any one of claims 1 to 3 or claims 4-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311091163.0A CN117061277A (en) | 2023-08-25 | 2023-08-25 | Virtual local area network realization method, server, terminal and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311091163.0A CN117061277A (en) | 2023-08-25 | 2023-08-25 | Virtual local area network realization method, server, terminal and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117061277A true CN117061277A (en) | 2023-11-14 |
Family
ID=88655206
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311091163.0A Pending CN117061277A (en) | 2023-08-25 | 2023-08-25 | Virtual local area network realization method, server, terminal and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117061277A (en) |
-
2023
- 2023-08-25 CN CN202311091163.0A patent/CN117061277A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112511611B (en) | Communication method, device and system of node cluster and electronic equipment | |
| EP2905930B1 (en) | Processing method, apparatus and system for multicast | |
| CN106549933B (en) | Data transmission system and method of block chain | |
| CN109120897B (en) | Method and device for sharing video directory of video network monitoring | |
| CN111083102A (en) | Internet of things data processing method, device and equipment | |
| KR20040076856A (en) | System, method, and data structure for multimedia communications | |
| US9756148B2 (en) | Dynamic host configuration protocol release on behalf of a user | |
| US20050226257A1 (en) | Virtual local area network | |
| WO2016180020A1 (en) | Message processing method, device and system | |
| CN109936515B (en) | Access configuration method, information providing method and device | |
| CN110460469B (en) | System upgrading method and device and storage medium | |
| CN111786778A (en) | Method and device for updating key | |
| CN110086771B (en) | Method and device for managing protocol conversion equipment | |
| CN109787873B (en) | Many-to-many network access communication method and device | |
| CN112203149B (en) | Video networking software updating method and device based on domestic password | |
| CN112291072B (en) | Secure video communication method, device, equipment and medium based on management plane protocol | |
| CN112333210B (en) | Method and equipment for realizing data communication function of video network | |
| CN109547392B (en) | Encryption access method and system supporting multi-user isolation in SDN network | |
| CN109376507B (en) | Data security management method and system | |
| WO2020029793A1 (en) | Internet access behavior management system, device and method | |
| CN108965219B (en) | Data processing method and device based on video network | |
| CN117061277A (en) | Virtual local area network realization method, server, terminal and system | |
| CN112291592B (en) | Control plane protocol-based secure video communication method, device, equipment and medium | |
| CN111654728B (en) | Certificate updating method and device | |
| CN110809023B (en) | Communication connection establishing method and device based on video networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |