CN117278360A - Network communication method, device and storage medium based on virtual private network - Google Patents
Network communication method, device and storage medium based on virtual private network Download PDFInfo
- Publication number
- CN117278360A CN117278360A CN202311559274.XA CN202311559274A CN117278360A CN 117278360 A CN117278360 A CN 117278360A CN 202311559274 A CN202311559274 A CN 202311559274A CN 117278360 A CN117278360 A CN 117278360A
- Authority
- CN
- China
- Prior art keywords
- data packet
- transmission
- application
- packet
- vpn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000006854 communication Effects 0.000 title claims abstract description 41
- 238000004891 communication Methods 0.000 title claims abstract description 39
- 230000005540 biological transmission Effects 0.000 claims abstract description 284
- 238000001514 detection method Methods 0.000 claims description 22
- 238000012545 processing Methods 0.000 claims description 17
- 238000005538 encapsulation Methods 0.000 claims description 10
- 230000008859 change Effects 0.000 claims description 9
- 238000007477 logistic regression Methods 0.000 claims description 9
- 238000012544 monitoring process Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 4
- 101100264195 Caenorhabditis elegans app-1 gene Proteins 0.000 description 17
- 238000010586 diagram Methods 0.000 description 12
- 238000004458 analytical method Methods 0.000 description 5
- 230000003111 delayed effect Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000010276 construction Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012858 packaging process Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2425—Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
- H04L47/2433—Allocation of priorities to traffic types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/62—Queue scheduling characterised by scheduling criteria
- H04L47/622—Queue service order
- H04L47/6225—Fixed service order, e.g. Round Robin
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/62—Queue scheduling characterised by scheduling criteria
- H04L47/625—Queue scheduling characterised by scheduling criteria for service slots or service orders
- H04L47/6275—Queue scheduling characterised by scheduling criteria for service slots or service orders based on priority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2212/00—Encapsulation of packets
Abstract
The application discloses a network communication method, device and storage medium based on a virtual private network. Relates to the technical field of network communication. The method comprises the following steps: receiving a first IP data packet which needs to be transmitted through a virtual private network; analyzing a header related to a transport layer protocol in a first IP data packet, and reading port information contained in the header; determining a first transmission priority of a first application related to the first IP data packet according to the port information; transmitting the first IP data packet to a first target transmission queue corresponding to the first transmission priority; according to the priority of each first transmission queue, polling a plurality of first transmission queues according to a corresponding polling strategy, and reading a first IP data packet from a first target transmission queue; and encapsulating the first IP data packet into a corresponding first VPN data packet, and transmitting the first VPN data packet through the virtual private network. The problem of the condition emergence of key business transmission card in the network tunnel is solved.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a network communication method and apparatus based on a virtual private network, and a storage medium.
Background
Virtual private networks (VPN for short) are a technology that securely extends private networks through public networks (typically the internet). It ensures privacy and security of communications by encrypting communication data and using tunneling protocols. Thus, the virtual private network technology is widely used in network communication. For example, a remote user or branch office may be allowed secure access to an enterprise internal network resource over the Internet via a virtual private network.
For example, the published patent application (CN 116938639 a) discloses a virtual private network VPN access method, device and storage medium, where the method includes: the control equipment receives an access authentication request sent by a VPN client; the access authentication request at least comprises identity information and first position information of the VPN client; acquiring a first pre-selected point-of-presence PoP equipment list based on the first position information of the VPN client; the first pre-selected PoP equipment list comprises at least one PoP equipment and second position information corresponding to each PoP equipment; determining access PoP equipment based on the first location information of the VPN client and the second location information corresponding to each PoP equipment in the first pre-selected PoP equipment list; creating a VPN Server corresponding to the VPN client on the access PoP equipment; and sending the second configuration information of the VPN Server to the VPN client so that the VPN client creates a VPN tunnel between the VPN client and the access PoP equipment according to the second configuration information of the VPN Server.
Further, the disclosed invention patent (CN 116781428A) discloses a forwarding system based on VPN traffic, comprising: the encapsulation module is used for encapsulating private network traffic sent by each node to form encapsulated traffic; the identification module is used for determining corresponding private network traffic according to the encapsulation traffic; the positioning module is used for identifying the corresponding server according to the private network flow and sending the server to the corresponding server; the closing module is used for identifying private network traffic and transmitting the identified private network traffic to each server; the invention sets up the VPN channel on the public network by setting up the above-mentioned module, and cut apart and encrypt private network traffic, and send the encrypted information and private network traffic to different servers separately, while having reduced VPN traffic and intercepted effectively, have reduced the probability that the flow direction is unusual because of IP pollution, thus has promoted the security of the private network data effectively.
However, in the network communication process based on the virtual private network, the following problems still exist: because the data of each service is transmitted through the network tunnel of the virtual private network, the situation that the irrelevant flow in the network tunnel congests the key service and the key service transmission is blocked occurs.
Disclosure of Invention
The embodiment of the application provides a network communication method, device and storage medium based on a virtual private network, which at least solve the technical problem in the prior art that the situation that the key service transmission is blocked due to the fact that the data of each service are transmitted through a network tunnel of the virtual private network, and therefore the key service is jammed by irrelevant traffic in the network tunnel.
According to an aspect of the embodiments of the present application, there is provided a network communication method based on a virtual private network, for a VPN server, including: receiving a first IP packet from a local area network associated with a VPN server that needs to be transmitted over a virtual private network; analyzing a header related to a transport layer protocol in a first IP data packet, and reading port information contained in the header; determining a first transmission priority of a first application related to the first IP data packet according to the port information; transmitting the first IP data packet to a first target transmission queue corresponding to a first transmission priority, wherein the first target transmission queue is one transmission queue of a plurality of first transmission queues corresponding to different priorities; according to the priority of each first transmission queue, polling a plurality of first transmission queues according to a corresponding polling strategy, and reading a first IP data packet from a first target transmission queue; and encapsulating the first IP data packet into a corresponding first VPN data packet, and transmitting the first VPN data packet through the virtual private network.
According to another aspect of the embodiments of the present application, there is also provided a storage medium including a stored program, wherein the method described above is performed by a processor when the program is run.
According to another aspect of the embodiments of the present application, there is also provided a network communication device based on a virtual private network, for a VPN server, including: a first IP packet receiving module, configured to receive, from a local area network associated with a VPN server, a first IP packet that needs to be transmitted through a virtual private network; the first analyzing module is used for analyzing the header related to the transport layer protocol in the first IP data packet and reading port information contained in the header; a first priority determining module, configured to determine, according to the port information, a first transmission priority of a first application related to the first IP packet; the first IP data packet queue module is used for sending the first IP data packet to a first target transmission queue corresponding to a first transmission priority, wherein the first target transmission queue is one of a plurality of first transmission queues corresponding to different priorities; the first queue polling module is used for polling the plurality of first transmission queues according to the priority of each first transmission queue and the corresponding polling strategy, and reading the first IP data packet from the first target transmission queue; and the first VPN data packet encapsulation module is used for encapsulating the first IP data packet into a corresponding first VPN data packet and transmitting the first VPN data packet through the virtual private network.
According to another aspect of the embodiments of the present application, there is also provided a network communication device based on a virtual private network, for a VPN server, including: a processor; and a memory, coupled to the processor, for providing instructions to the processor for processing the steps of: receiving a first IP packet from a local area network associated with a VPN server that needs to be transmitted over a virtual private network; analyzing a header related to a transport layer protocol in a first IP data packet, and reading port information contained in the header; determining a first transmission priority of a first application related to the first IP data packet according to the port information; transmitting the first IP data packet to a first target transmission queue corresponding to a first transmission priority, wherein the first target transmission queue is one transmission queue of a plurality of first transmission queues corresponding to different priorities; according to the priority of each first transmission queue, polling a plurality of first transmission queues according to a corresponding polling strategy, and reading a first IP data packet from a first target transmission queue; and encapsulating the first IP data packet into a corresponding first VPN data packet, and transmitting the first VPN data packet through the virtual private network.
In the embodiment of the application, the user can set the corresponding transmission priority for the application transmitting the data through the virtual private network according to the importance degree of the service. For example, in a critical business of an enterprise, it is desired that data to be transmitted is not blocked or delayed as much as possible, in this case, by setting the transmission priority of an application program corresponding to the critical business to be the highest, the transmission priority corresponding to the application program is determined by the VPN server according to a pre-deployed priority configuration table before the IP packet transmitted by the application program is encapsulated into the VPN packet. And sending the IP data packet to a queue corresponding to the transmission priority. And according to the polling strategy corresponding to the transmission priority, the IP data packet is preferentially packaged into a VPN data packet from the queue for transmission. Therefore, the data of the key service can be transmitted preferentially through the virtual private network in the mode, the transmission of irrelevant traffic in the virtual private network is reduced, and the situation that the traffic congestion of the key service in the network tunnel causes the transmission of the key service to be blocked is avoided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a block diagram of the hardware architecture of a computing device for implementing the method according to embodiment 1 of the present application;
fig. 2 is a schematic diagram of a network communication system based on a virtual private network according to embodiment 1 of the present application;
fig. 3 is a schematic diagram of protocol stacks of a first VPN server and a second VPN server of a virtual private network-based network communication system according to embodiment 1 of the present application;
fig. 4 is a flow chart of a network communication method based on a virtual private network according to the first aspect of embodiment 1 of the present application;
FIG. 5 is a diagram showing the data formats of the various layers when transmitting data based on TCP/IP or based on UDP/IP protocols;
fig. 6 further shows a schematic diagram of encapsulating IP packets into VPN packets;
fig. 7 is a schematic diagram of a network communication device based on a virtual private network according to embodiment 2 of the present application; and
fig. 8 is a schematic diagram of a network communication device based on a virtual private network according to embodiment 3 of the present application.
Detailed Description
In order to better understand the technical solutions of the present application, the following descriptions of the technical solutions of the embodiments of the present application will be clearly and completely described with reference to the drawings in the embodiments of the present application. It will be apparent that the described embodiments are merely some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
According to the present embodiment, there is provided a method embodiment of a network communication method based on a virtual private network, it should be noted that the steps shown in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is shown in the flowchart, in some cases the steps shown or described may be performed in an order different from that herein.
The method embodiments provided by the present embodiments may be performed in a server or similar computing device. Fig. 1 shows a block diagram of a hardware architecture of a computing device for implementing a virtual private network-based network communication method. As shown in fig. 1, the computing device may include one or more processors (which may include, but are not limited to, a microprocessor MCU, a processing device such as a programmable logic device FPGA), memory for storing data, transmission means for communication functions, and input/output interfaces. Wherein the memory, the transmission device and the input/output interface are connected with the processor through a bus. In addition, the method may further include: a display connected to the input/output interface, a keyboard, and a cursor control device. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 1 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the computing device may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
It should be noted that the one or more processors and/or other data processing circuits described above may be referred to herein generally as "data processing circuits. The data processing circuit may be embodied in whole or in part in software, hardware, firmware, or any other combination. Furthermore, the data processing circuitry may be a single stand-alone processing module, or incorporated in whole or in part into any of the other elements in the computing device. As referred to in the embodiments of the present application, the data processing circuit acts as a processor control (e.g., selection of the path of the variable resistor termination to interface).
The memory may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the network communication method based on the virtual private network in the embodiments of the present application, and the processor executes the software programs and modules stored in the memory, thereby executing various functional applications and data processing, that is, implementing the network communication method based on the virtual private network of the application program. The memory may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, the memory may further include memory remotely located with respect to the processor, which may be connected to the computing device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission means is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communications provider of the computing device. In one example, the transmission means comprises a network adapter (Network Interface Controller, NIC) connectable to other network devices via the base station to communicate with the internet. In one example, the transmission device may be a Radio Frequency (RF) module, which is used to communicate with the internet wirelessly.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the computing device.
It should be noted herein that in some alternative embodiments, the computing device shown in FIG. 1 described above may include hardware elements (including circuitry), software elements (including computer code stored on a computer-readable medium), or a combination of both hardware and software elements. It should be noted that fig. 1 is only one example of a particular specific example and is intended to illustrate the types of components that may be present in the computing devices described above.
Fig. 2 is a schematic diagram of a network communication system based on a virtual private network according to the present embodiment. Referring to fig. 2, the system includes: a first VPN server 100 located in an area 310; and a second VPN server 200 located in an area 320. Where, for example, region 310 may be a headquarter of an enterprise, the computing devices deployed by region 310 include an employee's office computer 311 and a business server 312 associated with the business of the enterprise. The area 320 may be, for example, an area where a branch of the enterprise is located, and the deployed computing device includes an employee's office computer 321. Wherein, a network communication connection is established between the area 310 and the area 320 through a virtual private network between the first VPN server 100 and the second VPN server 200, so that the computing devices 311 and 312 of the area 310 and the computing device 321 of the area 320 can virtually operate in the same local area network environment.
It should be noted that the hardware configuration described above may be applied to both the first VPN server 100 and the second VPN server 200 in the system.
Further, fig. 3 simply shows a schematic diagram of protocol stacks of the first VPN server 100 and the second VPN server 200. Referring to fig. 3, according to the technical solution of the present application, corresponding program modules are deployed in the network layer in the protocol stacks of the first VPN server 100 and the second VPN server 200, where the program modules include: the device comprises a transport layer protocol analysis module, a queue polling module and a VPN encapsulation module. In addition, the first VPN server 100 and the second VPN server 200 are further deployed with a scheduling monitor module at the application layer.
In the above-described operation environment, according to the first aspect of the present embodiment, there is provided a network communication method based on a virtual private network, which is implemented by the first VPN server 100 or the second VPN server 200 shown in fig. 2. Fig. 4 shows a schematic flow chart of the method, and referring to fig. 4, the method includes:
s402: receiving a first IP packet from a local area network associated with a VPN server that needs to be transmitted over a virtual private network;
s404: analyzing a header related to a transport layer protocol in a first IP data packet, and reading port information contained in the header;
S406: determining a first transmission priority of an application related to the first IP data packet according to the port information;
s408: transmitting the first IP data packet to a first target transmission queue corresponding to a first transmission priority, wherein the first target transmission queue is one transmission queue of a plurality of first transmission queues corresponding to different priorities;
s410: according to the priority of each first transmission queue, polling a plurality of first transmission queues according to a corresponding polling strategy, and reading a first IP data packet from a first target transmission queue; and
s412: and encapsulating the first IP data packet into a corresponding first VPN data packet, and transmitting the VPN data packet through the virtual private network.
Specifically, fig. 5 shows a schematic diagram of data formats of respective layers when data is transmitted based on TCP/IP or based on UDP/IP protocols. The first VPN server 100 is described as an example. When the service server 312 of the area 310 transmits application data to the office computer 321 of the area 320, the application data may be split into different transport layer protocol messages (e.g., TCP messages or UDP messages) according to the TCP/IP protocol or the UDP/IP protocol. The transport layer protocol packet is then encapsulated into an IP packet (i.e., a first IP packet), and further encapsulated into an ethernet frame, which is sent to the first VPN server 100. Thus, referring to fig. 3, the first VPN server 100 receives the ethernet frame through the facilities of the physical layer of the area 310 and parses the IP packet at the network layer (S402).
Referring further to fig. 3, after receiving the IP packet sent by the server 312, the first VPN server 100 parses a transport layer protocol header of the IP packet by a transport layer protocol parsing module disposed in a network layer, and reads port information included in the transport layer protocol header (S404). Specifically, the transport layer protocol parsing module may read a pseudo header of the IP packet before the transport layer protocol header, and determine, according to information of the 4 th field in the pseudo header, a specific protocol used by the transport layer protocol packet in the IP packet, for example, if the field is "6", it indicates that the transport layer protocol is the TCP protocol, and if the field is "17", it indicates that the transport layer protocol is the UDP protocol.
And then, the transport layer protocol analysis module reads port information related to the IP data packet from the corresponding field according to the specific format of the TCP message or the UDP message. Wherein the port information comprises port information of the source port and/or the destination port. For example, the port information of the source port and the port information of the destination port may be read from the TCP packet; or the port information of the destination port may be read from the UDP message, and the port information of the source port is read in the case where the port information of the source port is provided in the UDP message (S404).
And then, the transport layer protocol analysis module determines the application related to the IP data packet according to the read port information. Specifically, for applications transmitting data in the environment shown in fig. 2 (e.g., OA systems of the enterprise, video conferencing, etc.), the ports used by the different applications are different, and the same application corresponds to the same port. In the transport layer protocol, different applications are determined by different ports. Thus, the transport layer protocol parsing module may determine which application the IP packet is transmitted by based on the port information in the transport layer protocol header in the IP packet.
In turn, the transport layer protocol parsing module may determine a transport priority (i.e., a first transport priority) for the application. Specifically, for example, the transport layer protocol parsing module may determine the transport priority of the application according to a preset priority configuration table as follows:
TABLE 1
Thus, referring to table 1, according to the technical solution of the present application, the transmission priorities of different applications are different. The priority is classified into 01-04 grades according to the technical scheme, and delays corresponding to different transmission priorities are different. Wherein, in case the delay requirements of the application programs with the priority levels cannot be simultaneously met due to congestion, the delay requirements of the application programs with the higher priority levels are preferentially met. Further, from the illustration with reference to fig. 3, the user may adjust the priority configuration table through the application layer deployed scheduling monitor module, thereby adjusting the priority levels of the respective applications.
According to the technical solution of the present application, the priority configuration table shown in table 1 may be deployed in the first VPN server 100 in advance, so that the transport layer protocol parsing module may determine the transport priority (i.e., the first transport priority) of the application corresponding to the IP data packet according to the priority configuration table (S406). For example, in this embodiment, the application corresponding to the IP packet is app_1 (i.e., the first application), and its corresponding transmission priority is "01".
And then, the queue polling module deployed on the network layer sends the IP data packet to a first transmission queue corresponding to the transmission priority according to the transmission priority of the application. For example, in the technical solution of the present application, respective transmission queues may be deployed for respective transmission priorities, for example, a queue 1 corresponding to a transmission priority 01, a queue 2 corresponding to a transmission priority 02, a queue 3 corresponding to a transmission priority 03, and a queue 4 corresponding to a transmission priority 04.
The queue polling module can send the IP data packet to the corresponding queue according to the transmission priority determined by the transmission layer protocol analysis module. For example, if the parsing module determines that the transmission priority of the application corresponding to the IP packet is "01", the IP packet is transmitted to the queue 1, if the transmission priority of the application corresponding to the IP packet is "02", the IP packet is transmitted to the queue 2, and so on, if the transmission priority of the application corresponding to the IP packet is "04", the IP packet is transmitted to the queue 4 (S408). For example, in this embodiment, an IP packet corresponding to app_1 is sent to queue 1 (i.e., the first target transmission queue).
And the queue polling module polls each transmission queue 1-4 according to the transmission priority of each queue and the corresponding polling strategy. Specifically, for example, at least 1 IP packet is read per polling period for queue 1, at least 1 IP packet is read per two polling periods for queue 2, at least 1 IP packet is read per three polling periods for queue 3, and so on.
In addition, when the current network condition does not support that the IP data packet in the queue 1 is transmitted with a delay within 60ms, the number of polling cycles for the queues 2-4 to read the IP data packet (i.e. the time interval for reading the corresponding queue) is increased, so that more transmission bandwidth is used for transmitting the IP data packet of the application program with the transmission priority of 01. Or further increases the time interval for queues 3 and 4 to read IP packets when the current network conditions do not support simultaneous satisfaction of the delay of 60ms or less for IP packets in queue 1 and the delay of 90ms or less for IP packets in queue 2. So as to realize the priority processing of the IP data packets with higher priority by analogy.
Thus, the queue polling module reads the IP packet in the transmission queue corresponding to the IP packet (S410), for example, reads the IP packet corresponding to app_1 in queue 1.
Then, referring to fig. 3, the VPN encapsulation module deployed at the network layer of the first VPN server 100 encapsulates the IP data packets further in corresponding VPN data packets. Fig. 6 further illustrates a schematic diagram of encapsulating an IP packet into a VPN packet. Referring to fig. 6, the VPN encapsulating module may set a header based on an IP protocol on the basis of the IP packet, for example, so as to transmit the IP packet as a payload of the VPN packet to the second VPN server through the VPN network (S412). The specific packaging process is not described here in detail.
However, in the network communication process based on the virtual private network, the following problems still exist: because the data of each service is transmitted through the network tunnel of the virtual private network, the situation that the irrelevant flow in the network tunnel congests the key service and the key service transmission is blocked occurs.
In view of this, according to the technical solution of the present application, the user can set the corresponding transmission priority according to the importance level of the service of the application for transmitting data through the virtual private network. For example, in a critical business of an enterprise, it is desired that data to be transmitted is not blocked or delayed as much as possible, in this case, by setting the transmission priority of an application program corresponding to the critical business to be the highest, the transmission priority corresponding to the application program is determined by the VPN server according to a pre-deployed priority configuration table before the IP packet transmitted by the application program is encapsulated into the VPN packet. And sending the IP data packet to a queue corresponding to the transmission priority. And according to the polling strategy corresponding to the transmission priority, the IP data packet is preferentially packaged into a VPN data packet from the queue for transmission. Therefore, the data of the key service can be transmitted preferentially through the virtual private network in the mode, the transmission of irrelevant traffic in the virtual private network is reduced, and the situation that the traffic congestion of the key service in the network tunnel causes the transmission of the key service to be blocked is avoided.
Optionally, the operation of sending the first IP packet to the first target transmission queue corresponding to the first transmission priority includes: determining the arrangement sequence of a first IP data packet and a second IP data packet transmitted by a second application according to the arrangement sequence of the first application and the second application, wherein the priority of the second application is the same as that of the first application; and transmitting the first IP data packet and the second IP data packet to a first target transmission queue according to the arrangement sequence.
Specifically, when the queue polling module of the first VPN server 100 transmits the IP packet (i.e., the first IP packet) of the app_1 (i.e., the first application) to the queue 1 corresponding to the transmission priority "01" (i.e., the first transmission priority), it is possible to encounter a situation in which the IP packet (i.e., the second IP packet) of the application (i.e., the app_6, i.e., the second application) of the same priority as the app_1 is also transmitted to the queue 1 (i.e., the first target transmission queue).
In this case, the queue poll module invokes a ranking order between applications app_1 and app_6. Specifically, for example, the first VPN server 100 further has an application order table disposed therein for indicating an order of arrangement between different applications of the same transmission priority, specifically as follows:
TABLE 2
Thus in this case, the queue poll module orders the IP packets with app_1 (i.e., the first IP packet) and app_6 (i.e., the second IP packet) according to the order of app_1 and app_6 arranged in table 2, and then sends them to queue 1 in the ordered order.
Thus, in this case, even if IP packets of different applications with the same transmission priority are transmitted, the VPN server may perform sequencing in the corresponding queues according to a preset order. Therefore, the technical scheme of the application can more accurately transmit the key service preferentially through the VPN network, so that the situation that the key service is blocked due to congestion is avoided as much as possible.
Optionally, before determining the arrangement sequence of the first IP data packet and the second IP data packet transmitted by the second application according to the arrangement sequence of the first application and the second application, the method further includes: acquiring a first Qos detection index related to a first application and a first Qos reference index related to the first application, which are detected in a preset monitoring period; determining a first transmission quality integral related to the first application according to the first Qos detection index and the first Qos reference index; acquiring a second Qos detection index related to a second application and a second Qos reference index related to the second application, which are detected in a preset monitoring period; determining a second transmission quality integral associated with a second application according to a second Qos detection indicator and a second Qos reference indicator; and determining the arrangement sequence of the first application and the second application according to the first transmission quality integral and the second transmission quality integral.
Specifically, referring to fig. 3, in order to enable the queue polling module to order the IP packets of each application under the same priority in a correct order and input the IP packets to a corresponding queue, the scheduling monitor module disposed at the application layer detects Qos indexes of each application every predetermined period. Specifically, in the solution of the present embodiment, the detected Qos index includes: throughput (a), delay (B), delay variation (C), and packet loss rate (D).
For example, for application app_1, the scheduling monitor module detects the Qos indicator associated with app_1, thereby obtaining a detected Qos indicator associated with app_1: throughput (As) 1 ) Delay (Bs) 1 ) Time delay variation (Cs) 1 ) Packet loss ratio (Ds 1 ). Then, the scheduling monitor module acquires a reference Qos index related to app_1: throughput (Ar) 1 ) Time delay (Br) 1 ) Time delay variation (Cr 1 ) Packet loss rate (Dr 1 )。
Then, the transmission quality integral (i.e., the first transmission quality integral) of app_1 is calculated by the following formula (1):
(1)
wherein w is a Is a weight parameter corresponding to throughput, w b Is a weight parameter corresponding to the time delay, w c Is a weight parameter corresponding to the time delay change, w d Is a weight parameter corresponding to the packet loss rate, w 0 Is a constant term.
Then, for the application program app_6, the scheduling monitor module detects the Qos index related to app_6, thereby obtaining a detected Qos index related to app_6: throughput (As) 6 ) Delay (Bs) 6 ) Time delay variation (Cs) 6 ) Packet loss ratio (Ds 6 ). Then, the scheduling monitor module acquires a reference Qos index related to app_6: throughput (Ar) 6 ) Time delay (Br) 6 ) Time delay variation (Cr 6 ) Packet loss rate (Dr 6 )。
Then, the transmission quality integral (i.e., second transmission quality integral) of app_6 is calculated by the following formula (2):
(2)。
then, the scheduling monitor module determines the arrangement order of the application programs app_1 and app_6 according to the sizes of st_1 and st_6. If St_1 is greater than St_6, then arranging APP_6 in front of APP_1; if St_1 is less than St_6, then APP_1 is arranged in front of APP_6.
Thus, according to the above mode, the scheduling and monitoring module can calculate the transmission quality integral for each application program with the same priority level at intervals of a period, and the application program with the minimum transmission quality integral is arranged in the front, and the application program with the maximum transmission quality integral is arranged in the rear. In this way, the transmission quality of the IP packets of the individual applications in the VPN network can be balanced as much as possible within the same priority.
Wherein the parameter w a 、w b 、w c 、w d W 0 The training can be achieved by the following steps:
firstly, constructing a formula (3) for calculating transmission quality integral:
(3)
where As represents the actual throughput of the sample signal, bs represents the actual delay of the sample signal, cs represents the actual delay variation of the sample signal, and Ds represents the actual packet loss rate of the sample signal. Ar represents the reference throughput of the sample signal, br represents the reference delay of the sample signal, cr represents the reference delay variation of the sample signal, and Dr represents the reference packet loss rate of the sample signal. St represents the transmission quality integral of the sample signal.
Then, a logistic regression model is constructed based on the formula (3):
(4)。
a sample set is constructed, wherein each sample in the sample set is as follows:
wherein the label result may be manually indexed. For example, the expert can judge whether the sample signal corresponding to the sample is good or bad according to the parameter value of each sample. If "good", the label result is marked as "1", and if "bad", the label result is marked as "0".
Then according to the samples, determining the parameter w by utilizing a gradient descent algorithm to converge according to a loss function of logistic regression a 、w b 、w c 、w d W 0 。
Therefore, the weight value of the transmission quality integral calculation formula can be more accurately determined through the machine learning mode, so that the key service can be more accurately determined.
Optionally, the operation of encapsulating the first IP data packet into a corresponding first VPN data packet includes: deploying a first transmission priority of a first application at the tail of a first IP data packet; and deploying a header of the first VPN packet before the first IP packet.
Specifically, referring to fig. 6, when encapsulating a VPN packet (i.e., a first VPN packet), the VPN encapsulation module deploys a VPN tail of the first VPN at a tail of an IP packet (first IP packet). In generating the VPN tail of the first VPN, the transmission priority of the application app_1 (i.e. the first transmission priority) is deployed in the VPN tail. The VPN encapsulation module then deploys the VPN header before the first IP packet, thereby generating the first VPN packet.
The first VPN server 100 may then transmit the generated first VPN data packet to the second VPN server 200 through the VPN network. When the second VPN server 200 parses the first VPN packet, the transmission priority corresponding to the first IP packet may be read from the VPN tail, so that the first IP packet may be preferentially transmitted to the target device according to the transmission priority. Thus, after the VPN data packet of the key service reaches the VPN server on the other side through the VPN network, the VPN server on the other side can send the IP data packet of the key service to the target device according to the transmission priority.
Optionally, the method further comprises: receiving a second VPN data packet from the virtual private network sent to the target device of the local area network; analyzing the second VPN data packet, extracting a second IP data packet corresponding to the second VPN data packet, analyzing the tail part of the second VPN data packet, and determining a second transmission priority of a second application related to the second VPN data packet; transmitting the second IP data packet to a second target transmission queue corresponding to a second transmission priority, wherein the second target transmission queue is one of a plurality of second transmission queues corresponding to different priorities; according to the priority of each second transmission queue, polling the plurality of transmission queues according to a corresponding polling strategy, and reading second IP data packets from a second target transmission queue; and transmitting the second IP data packet to the target device through the local area network.
Specifically, referring to fig. 3, when the office computer 321 in the area 320 transmits data to the computing device (e.g., the service server 312) in the area 310, the IP packet (i.e., the second IP packet) transmitted by the office computer 321 is encapsulated into a VPN packet (i.e., the second VPN packet) at the second VPN server 200.
Wherein, as described above, in the process of encapsulating the VPN packet, the second VPN server 200 determines the transmission priority (i.e., the second transmission priority) of the application program (i.e., the second application) corresponding to the IP packet. For example, the second VPN server 200 determines that the application program corresponding to the IP packet is app_6 (i.e., the second application), and the transmission priority thereof is "01" (i.e., the second transmission priority). The second VPN server 200 then deploys the transmission priority as the tail of the VPN packet after the IP packet, encapsulates the corresponding VPN packet, and transmits the VPN packet to the first VPN server 100 through the VPN network.
The queue polling module of the first VPN server 100 thus parses the VPN data packet and determines that the transmission priority of the corresponding IP data packet is "01" according to the transmission priority included in the tail of the VPN data packet.
The first VPN server 100 then transmits the IP packet to a second target transmission queue corresponding to the priority "01". For example, the first VPN server 100 further has a plurality of queues (i.e., second queues) disposed therein for queuing IP packets sent from the VPN network to target devices within the local area network of the area 310. For example, queue 1 'corresponding to transmission priority 01, queue 2' corresponding to transmission priority 02, queue 3 'corresponding to transmission priority 03, and queue 4' corresponding to transmission priority 04 are included. The queue polling module thus transmits the IP data packet to the queue 1' according to the priority of the IP data packet.
And the queue polling module polls each transmission queue 1-4 according to the transmission priority of each queue and the corresponding polling strategy. Specifically, for example, at least 1 IP packet is read per polling period for queue 1', at least 1 IP packet is read per polling period for queue 2', at least 1 IP packet is read per polling period for queue 3', and so on.
Thus, the queue polling module reads the IP packet in queue 1' and sends it to the traffic server 312 within the local area network of area 310.
Therefore, in this way, the technical solution of this embodiment not only can preferentially transmit the critical service in the VPN network transmission process, but also can preferentially transmit the IP data packet of the critical service in the area of the other side when transmitting the data packet of the critical service to the other side of the VPN network, thereby further enhancing the transmission efficiency of the critical service and reducing the occurrence of the critical service blocking condition due to congestion.
Further, referring to fig. 1, according to a second aspect of the present embodiment, there is provided a storage medium. The storage medium includes a stored program, wherein the method described above is performed by a processor when the program is run.
Thus, according to the present embodiment, the user can set the corresponding transmission priority for the application transmitting data through the virtual private network according to the importance level of the service thereof. For example, in a critical business of an enterprise, it is desired that data to be transmitted is not blocked or delayed as much as possible, in this case, by setting the transmission priority of an application program corresponding to the critical business to be the highest, the transmission priority corresponding to the application program is determined by the VPN server according to a pre-deployed priority configuration table before the IP packet transmitted by the application program is encapsulated into the VPN packet. And sending the IP data packet to a queue corresponding to the transmission priority. And according to the polling strategy corresponding to the transmission priority, the IP data packet is preferentially packaged into a VPN data packet from the queue for transmission. Therefore, the data of the key service can be transmitted preferentially through the virtual private network in the mode, the transmission of irrelevant traffic in the virtual private network is reduced, and the situation that the traffic congestion of the key service in the network tunnel causes the transmission of the key service to be blocked is avoided.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present invention is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present invention. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present invention.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
Example 2
Fig. 7 shows a network communication device 700 based on a virtual private network according to the present embodiment, the device 700 being used for a VPN server, corresponding to the method according to the first aspect of embodiment 1. Referring to fig. 7, the apparatus 700 includes: a first IP packet receiving module 710, configured to receive, from a local area network associated with a VPN server, a first IP packet that needs to be transmitted through a virtual private network; a first parsing module 720, configured to parse a header related to a transport layer protocol in the first IP packet, and read port information included in the header; a first priority determining module 730, configured to determine, according to the port information, a first transmission priority of a first application related to the first IP packet; a first IP packet queue module 740, configured to send a first IP packet to a first target transmission queue corresponding to a first transmission priority, where the first target transmission queue is one of a plurality of first transmission queues corresponding to different priorities; a first queue polling module 750, configured to poll the plurality of first transmission queues according to the priority of each first transmission queue and a corresponding polling policy, and read a first IP packet from a first target transmission queue; and a first VPN data packet encapsulation module 760, configured to encapsulate the first IP data packet into a corresponding first VPN data packet, and transmit the first VPN data packet through the virtual private network.
Optionally, the first IP packet queue module 740 includes: the first sequencing sub-module is used for determining the sequence of the first IP data packet and the second IP data packet transmitted by the second application according to the sequence of the first application and the second application, wherein the priority of the second application is the same as that of the first application; and the first transmission sub-module is used for transmitting the first IP data packet and the second IP data packet to the first target transmission queue according to the arrangement sequence.
Optionally, the apparatus further comprises: the first Qos index acquisition module is used for acquiring a first Qos detection index related to the first application and a first Qos reference index related to the first application, which are detected in a preset monitoring period; a first transmission quality integral determining module, configured to determine a first transmission quality integral related to a first application according to a first Qos detection indicator and a first Qos reference indicator; a second Qos index obtaining module, configured to obtain a second Qos detection index related to a second application and a second Qos reference index related to the second application, where the second Qos detection index is detected in a preset monitoring period; a second transmission quality integral determining module, configured to determine a second transmission quality integral related to a second application according to a second Qos detection indicator and a second Qos reference indicator; and the application ordering module is used for determining the ordering sequence of the first application and the second application according to the first transmission quality integral and the second transmission quality integral.
Optionally, the first transmission quality integral determining module includes a first transmission quality integral determining sub-module for determining the first transmission quality integral according to the following formula:
(1),
wherein As 1 、Bs 1 、Cs 1 Ds 1 Respectively representing detected throughput, time delay change and packet loss rate related to the first application; ar (Ar) 1 、Br 1 、Cr 1 Dr 1 Representing reference throughput, reference delay variation and reference packet loss rate related to the first application respectively; st_1 represents a first transmission quality integral; and a second transmission quality integral determination module including a second transmission qualityAn integral determination sub-module for determining a second transmission quality integral associated with a second application based on a second Qos detection indicator and a second Qos reference indicator, comprising determining the second transmission quality integral according to the following formula:
(2),
wherein As 6 、Bs 6 、Cs 6 Ds 6 Respectively representing detected throughput, time delay change and packet loss rate related to the second application; ar (Ar) 6 、Br 6 、Cr 6 Dr 6 Representing reference throughput, reference delay variation and reference packet loss rate related to the second application respectively; st_6 represents a second transmission quality integral, and wherein w a Is a weight parameter corresponding to throughput, w b Is a weight parameter corresponding to the time delay, w c Is a weight parameter corresponding to the time delay change, w d Is a weight parameter corresponding to the packet loss rate, w 0 Is a constant term.
Optionally, the method further comprises a parameter determining module, wherein the parameter determining module comprises: a formula construction sub-module for constructing formula (3) for calculating the transmission quality integral:
(3),
wherein As represents the actual throughput of the sample signal, bs represents the actual delay of the sample signal, cs represents the actual delay variation of the sample signal and Ds represents the actual packet loss rate of the sample signal; ar represents the reference throughput of the sample signal, br represents the reference delay of the sample signal, cr represents the reference delay variation of the sample signal and Dr represents the reference packet loss rate of the sample signal; st represents the transmission quality integral of the sample signal;
the logistic regression model construction submodule is used for constructing a logistic regression model:
(4) The method comprises the steps of carrying out a first treatment on the surface of the And
a parameter determination submodule for determining a parameter w by performing gradient descent calculation based on a loss function of logistic regression by using samples in the sample set a 、w b 、w c 、w d W 0 。
Optionally, the first VPN data packet encapsulation module includes: the tail deployment sub-module is used for deploying the first transmission priority of the first application at the tail of the first IP data packet; and a header deployment sub-module for deploying a header of the first VPN data packet before the first IP data packet.
Optionally, the apparatus further comprises: a second VPN packet receiving module, configured to receive, from a virtual private network, a second VPN packet sent to a target device of a local area network; the second VPN data packet analysis module is used for analyzing the second VPN data packet, extracting a second IP data packet corresponding to the second VPN data packet, analyzing the tail part of the second VPN data packet and determining a second transmission priority of a second application related to the second VPN data packet; a second IP packet queue module, configured to send a second IP packet to a second target transmission queue corresponding to a second transmission priority, where the second target transmission queue is one of a plurality of second transmission queues corresponding to different priorities; the second queue polling module is used for polling the plurality of second transmission queues according to the priority of each second transmission queue and the corresponding polling strategy, and reading the second IP data packets from the second target transmission queues; and the second IP data packet transmission module is used for transmitting the second IP data packet to the target equipment through the local area network.
Thus, according to the present embodiment, the user can set the corresponding transmission priority for the application transmitting data through the virtual private network according to the importance level of the service thereof. For example, in a critical business of an enterprise, it is desired that data to be transmitted is not blocked or delayed as much as possible, in this case, by setting the transmission priority of an application program corresponding to the critical business to be the highest, the transmission priority corresponding to the application program is determined by the VPN server according to a pre-deployed priority configuration table before the IP packet transmitted by the application program is encapsulated into the VPN packet. And sending the IP data packet to a queue corresponding to the transmission priority. And according to the polling strategy corresponding to the transmission priority, the IP data packet is preferentially packaged into a VPN data packet from the queue for transmission. Therefore, the data of the key service can be transmitted preferentially through the virtual private network in the mode, the transmission of irrelevant traffic in the virtual private network is reduced, and the situation that the traffic congestion of the key service in the network tunnel causes the transmission of the key service to be blocked is avoided.
Example 3
Fig. 8 shows a network communication device 800 based on a virtual private network according to the present embodiment, the device 800 being used for a VPN server, corresponding to the method according to the first aspect of embodiment 1. Referring to fig. 8, the apparatus 800 includes: a processor 810; and a memory 820 coupled to the processor 810 for providing instructions to the processor 810 for processing the following processing steps: receiving a first IP packet from a local area network associated with a VPN server that needs to be transmitted over a virtual private network; analyzing a header related to a transport layer protocol in a first IP data packet, and reading port information contained in the header; determining a first transmission priority of a first application related to the first IP data packet according to the port information; transmitting the first IP data packet to a first target transmission queue corresponding to a first transmission priority, wherein the first target transmission queue is one transmission queue of a plurality of first transmission queues corresponding to different priorities; according to the priority of each first transmission queue, polling a plurality of first transmission queues according to a corresponding polling strategy, and reading a first IP data packet from a first target transmission queue; and encapsulating the first IP data packet into a corresponding first VPN data packet, and transmitting the first VPN data packet through the virtual private network.
Optionally, the operation of sending the first IP packet to the first target transmission queue corresponding to the first transmission priority includes: determining the arrangement sequence of a first IP data packet and a second IP data packet transmitted by a second application according to the arrangement sequence of the first application and the second application, wherein the priority of the second application is the same as that of the first application; and transmitting the first IP data packet and the second IP data packet to a first target transmission queue according to the arrangement sequence.
Optionally, the memory 820 is also used to provide instructions for the processor 810 to process the following processing steps: before determining the arrangement sequence of the first IP data packet and the second IP data packet transmitted by the second application according to the arrangement sequence of the first application and the second application: acquiring a first Qos detection index related to a first application and a first Qos reference index related to the first application, which are detected in a preset monitoring period; determining a first transmission quality integral related to the first application according to the first Qos detection index and the first Qos reference index; acquiring a second Qos detection index related to a second application and a second Qos reference index related to the second application, which are detected in a preset monitoring period; determining a second transmission quality integral associated with a second application according to a second Qos detection indicator and a second Qos reference indicator; and determining the arrangement sequence of the first application and the second application according to the first transmission quality integral and the second transmission quality integral.
Optionally, determining a first transmission quality integral associated with the first application according to the first Qos detection indicator and the first Qos reference indicator includes determining the first transmission quality integral according to the following formula:
(1),
wherein As 1 、Bs 1 、Cs 1 Ds 1 Respectively representing detected throughput, time delay change and packet loss rate related to the first application; ar (Ar) 1 、Br 1 、Cr 1 Dr 1 Representing reference throughput, reference delay variation and reference packet loss rate related to the first application respectively; st_1 represents a first transmission quality integral; and
determining a second transmission quality integral associated with a second application based on the second Qos detection indicator and the second Qos reference indicator, comprising determining the second transmission quality integral according to the following equation:
(2),
wherein As 6 、Bs 6 、Cs 6 Ds 6 Respectively representing detected throughput, time delay change and packet loss rate related to the second application; ar (Ar) 6 、Br 6 、Cr 6 Dr 6 Representing reference throughput, reference delay variation and reference packet loss rate related to the second application respectively; st _6 represents a second transmission quality integral, and wherein,
w a is a weight parameter corresponding to throughput, w b Is a weight parameter corresponding to the time delay, w c Is a weight parameter corresponding to the time delay change, w d Is a weight parameter corresponding to the packet loss rate, w 0 Is a constant term.
Optionally, the memory is further used to provide instructions for the processor 810 to process the following processing steps: the parameter w is determined by the following operations a 、w b 、w c 、w d W 0 :
Constructing a formula (3) for calculating transmission quality integral:
(3),
wherein As represents the actual throughput of the sample signal, bs represents the actual delay of the sample signal, cs represents the actual delay variation of the sample signal and Ds represents the actual packet loss rate of the sample signal; ar represents the reference throughput of the sample signal, br represents the reference delay of the sample signal, cr represents the reference delay variation of the sample signal and Dr represents the reference packet loss rate of the sample signal; st represents the transmission quality integral of the sample signal;
constructing a logistic regression model:
(4) The method comprises the steps of carrying out a first treatment on the surface of the And
using samples in the sample set, performing gradient descent calculation based on a loss function of logistic regression, and determining a parameter w a 、w b 、w c 、w d W 0 。
Optionally, the operation of encapsulating the first IP data packet into a corresponding first VPN data packet includes: deploying a first transmission priority of a first application at the tail of a first IP data packet; and deploying a header of the first VPN packet before the first IP packet.
Optionally, the memory 820 is further configured to provide instructions for the processor 810 to process the following processing steps: receiving a second VPN data packet from the virtual private network sent to the target device of the local area network; analyzing the second VPN data packet, extracting a second IP data packet corresponding to the second VPN data packet, analyzing the tail part of the second VPN data packet, and determining a second transmission priority of a second application related to the second VPN data packet; transmitting the second IP data packet to a second target transmission queue corresponding to a second transmission priority, wherein the second target transmission queue is one of a plurality of second transmission queues corresponding to different priorities; according to the priority of each second transmission queue, polling the plurality of second transmission queues according to a corresponding polling strategy, and reading second IP data packets from a second target transmission queue; and transmitting the second IP data packet to the target device through the local area network.
Thus, according to the present embodiment, the user can set the corresponding transmission priority for the application transmitting data through the virtual private network according to the importance level of the service thereof. For example, in a critical business of an enterprise, it is desired that data to be transmitted is not blocked or delayed as much as possible, in this case, by setting the transmission priority of an application program corresponding to the critical business to be the highest, the transmission priority corresponding to the application program is determined by the VPN server according to a pre-deployed priority configuration table before the IP packet transmitted by the application program is encapsulated into the VPN packet. And sending the IP data packet to a queue corresponding to the transmission priority. And according to the polling strategy corresponding to the transmission priority, the IP data packet is preferentially packaged into a VPN data packet from the queue for transmission. Therefore, the data of the key service can be transmitted preferentially through the virtual private network in the mode, the transmission of irrelevant traffic in the virtual private network is reduced, and the situation that the traffic congestion of the key service in the network tunnel causes the transmission of the key service to be blocked is avoided.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, such as the division of the units, is merely a logical function division, and may be implemented in another manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.
Claims (10)
1. A network communication method based on a virtual private network, for a VPN server, comprising:
receiving a first IP packet from a local area network associated with the VPN server that is to be transmitted over a virtual private network;
analyzing a header related to a transport layer protocol in the first IP data packet, and reading port information contained in the header;
determining a first transmission priority of a first application related to the first IP data packet according to the port information;
transmitting the first IP data packet to a first target transmission queue corresponding to the first transmission priority, wherein the first target transmission queue is one of a plurality of first transmission queues corresponding to different priorities;
according to the priority of each first transmission queue, polling the plurality of first transmission queues according to a corresponding polling strategy, and reading the first IP data packet from the first target transmission queue; and
And encapsulating the first IP data packet into a corresponding first VPN data packet, and transmitting the first VPN data packet through the virtual private network.
2. The network communication method of claim 1, wherein the act of sending the first IP packet into a first target transmission queue corresponding to the first transmission priority comprises:
determining the arrangement sequence of the first IP data packet and the second IP data packet transmitted by the second application according to the arrangement sequence of the first application and the second application, wherein the priority of the second application is the same as that of the first application; and
and transmitting the first IP data packet and the second IP data packet to the first target transmission queue according to the arrangement sequence.
3. The network communication method according to claim 2, wherein before determining the arrangement order of the first IP data packet and the second IP data packet transmitted by the second application according to the arrangement order of the first application and the second application, the method further comprises:
acquiring a first Qos detection index related to the first application and a first Qos reference index related to the first application, which are detected in a preset monitoring period;
Determining a first transmission quality integral related to the first application according to the first Qos detection index and the first Qos reference index;
acquiring a second Qos detection index related to the second application and a second Qos reference index related to the second application, which are detected in a preset monitoring period;
determining a second transmission quality integral associated with the second application according to the second Qos detection index and the second Qos reference index; and
and determining the arrangement sequence of the first application and the second application according to the first transmission quality integral and the second transmission quality integral.
4. A network communication method according to claim 3, wherein,
determining a first transmission quality integral associated with the first application based on the first Qos detection indicator and the first Qos reference indicator, comprising determining the first transmission quality integral according to the following formula:
(1),
wherein As 1 、Bs 1 、Cs 1 Ds 1 Respectively representing detected throughput, time delay change and packet loss rate related to the first application; ar (Ar) 1 、Br 1 、Cr 1 Dr 1 Representing reference throughput, reference delay variation and reference packet loss rate related to the first application respectively; st_1 represents the first transmission quality integral; and
Determining a second transmission quality integral associated with the second application based on the second Qos detection indicator and the second Qos reference indicator, comprising determining the second transmission quality integral according to the following formula:
(2),
wherein As 6 、Bs 6 、Cs 6 Ds 6 Respectively representing detected throughput, time delay change and packet loss rate related to the second application; ar (Ar) 6 、Br 6 、Cr 6 Dr 6 Respectively represent the relation with the second applicationReference throughput, reference delay variation, and reference packet loss rate; st _6 represents the second transmission quality integral, and wherein,
w a is a weight parameter, w, corresponding to the throughput b Is a weight parameter, w, corresponding to the time delay c Is a weight parameter, w, corresponding to the time delay variation d Is a weight parameter corresponding to the packet loss rate, w 0 Is a constant term.
5. The network communication method of claim 4, further comprising determining the parameter w by a 、w b 、w c 、w d W 0 :
Constructing a formula (3) for calculating transmission quality integral:
(3),
wherein As represents the actual throughput of the sample signal, bs represents the actual delay of the sample signal, cs represents the actual delay variation of the sample signal and Ds represents the actual packet loss rate of the sample signal; ar represents the reference throughput of the sample signal, br represents the reference delay of the sample signal, cr represents the reference delay variation of the sample signal and Dr represents the reference packet loss rate of the sample signal; st represents the transmission quality integral of the sample signal;
Constructing a logistic regression model:
(4) The method comprises the steps of carrying out a first treatment on the surface of the And
using the samples in the sample set to perform gradient descent calculation based on the loss function of logistic regression, and determining the parameter w a 、w b 、w c 、w d W 0 。
6. The network communication method according to claim 1, wherein the operation of encapsulating the first IP packets into corresponding first VPN packets comprises:
deploying a first transmission priority of the first application at the tail of the first IP data packet; and
a header of the first VPN data packet is deployed before the first IP data packet.
7. The network communication method according to claim 1, further comprising:
receiving a second VPN data packet from the virtual private network sent to a target device of the local area network;
analyzing the second VPN data packet, extracting a second IP data packet corresponding to the second VPN data packet, analyzing the tail of the second VPN data packet, and determining a second transmission priority of a second application related to the second VPN data packet;
transmitting the second IP data packet to a second target transmission queue corresponding to the second transmission priority, wherein the second target transmission queue is one of a plurality of second transmission queues corresponding to different priorities;
According to the priority of each second transmission queue, polling the plurality of second transmission queues according to a corresponding polling strategy, and reading the second IP data packet from the second target transmission queue; and
and transmitting the second IP data packet to the target equipment through the local area network.
8. A storage medium comprising a stored program, wherein the method of any one of claims 1 to 7 is performed by a processor when the program is run.
9. A virtual private network-based network communication apparatus for a VPN server, comprising:
a first IP packet receiving module, configured to receive, from a local area network associated with the VPN server, a first IP packet that needs to be transmitted through a virtual private network;
the first analyzing module is used for analyzing the header related to the transport layer protocol in the first IP data packet and reading port information contained in the header;
a first priority determining module, configured to determine, according to the port information, a first transmission priority of a first application related to the first IP packet;
a first IP packet queue module, configured to send the first IP packet to a first target transmission queue corresponding to the first transmission priority, where the first target transmission queue is one of a plurality of first transmission queues corresponding to different priorities;
The first queue polling module is used for polling the plurality of first transmission queues according to the priority of each first transmission queue and the corresponding polling strategy, and reading the first IP data packet from the first target transmission queue; and
and the first VPN data packet encapsulation module is used for encapsulating the first IP data packet into a corresponding first VPN data packet and transmitting the first VPN data packet through the virtual private network.
10. A virtual private network-based network communication apparatus for a VPN server, comprising:
a processor; and
a memory, coupled to the processor, for providing instructions to the processor to process the following processing steps:
receiving a first IP packet from a local area network associated with the VPN server that is to be transmitted over a virtual private network;
analyzing a header related to a transport layer protocol in the first IP data packet, and reading port information contained in the header;
determining a first transmission priority of a first application related to the first IP data packet according to the port information;
transmitting the first IP data packet to a first target transmission queue corresponding to the first transmission priority, wherein the first target transmission queue is one of a plurality of first transmission queues corresponding to different priorities;
According to the priority of each first transmission queue, polling the plurality of first transmission queues according to a corresponding polling strategy, and reading the first IP data packet from the first target transmission queue; and
and encapsulating the first IP data packet into a corresponding first VPN data packet, and transmitting the first VPN data packet through the virtual private network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311559274.XA CN117278360B (en) | 2023-11-22 | 2023-11-22 | Network communication method, device and storage medium based on virtual private network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311559274.XA CN117278360B (en) | 2023-11-22 | 2023-11-22 | Network communication method, device and storage medium based on virtual private network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117278360A true CN117278360A (en) | 2023-12-22 |
| CN117278360B CN117278360B (en) | 2024-02-09 |
Family
ID=89218200
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311559274.XA Active CN117278360B (en) | 2023-11-22 | 2023-11-22 | Network communication method, device and storage medium based on virtual private network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117278360B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1649320A (en) * | 2004-01-20 | 2005-08-03 | 华为技术有限公司 | System and its method for guaranteeing service quality in virtual special net based network |
| CN101212467A (en) * | 2006-12-29 | 2008-07-02 | 中兴通讯股份有限公司 | MPLS network service scheduling method |
| CN101212412A (en) * | 2006-12-30 | 2008-07-02 | 中兴通讯股份有限公司 | MPLS network service scheduling system |
| CN101594296A (en) * | 2008-05-30 | 2009-12-02 | 原创信通电信技术(北京)有限公司 | IP Telecommunication Network edge gateway equipment resource management method based on fair algorithm |
| CN102546395A (en) * | 2011-12-14 | 2012-07-04 | 中兴通讯股份有限公司 | Service scheduling method and service scheduling device based on Layer 2 Virtual Private Networks (L2VPN) |
| CN105897512A (en) * | 2016-05-10 | 2016-08-24 | 国网冀北电力有限公司信息通信分公司 | Method and system for monitoring virtual private network (VPN) |
| KR20170126584A (en) * | 2016-05-10 | 2017-11-20 | 배재대학교 산학협력단 | SYSTEM AND METHOD FOR REAL-TIME TRAFFIC SHAPING BY MULTI-QUEUING FOR QoS OF VIRTUAL PRIVATE NETWORK TUNNELING |
-
2023
- 2023-11-22 CN CN202311559274.XA patent/CN117278360B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1649320A (en) * | 2004-01-20 | 2005-08-03 | 华为技术有限公司 | System and its method for guaranteeing service quality in virtual special net based network |
| CN101212467A (en) * | 2006-12-29 | 2008-07-02 | 中兴通讯股份有限公司 | MPLS network service scheduling method |
| CN101212412A (en) * | 2006-12-30 | 2008-07-02 | 中兴通讯股份有限公司 | MPLS network service scheduling system |
| CN101594296A (en) * | 2008-05-30 | 2009-12-02 | 原创信通电信技术(北京)有限公司 | IP Telecommunication Network edge gateway equipment resource management method based on fair algorithm |
| CN102546395A (en) * | 2011-12-14 | 2012-07-04 | 中兴通讯股份有限公司 | Service scheduling method and service scheduling device based on Layer 2 Virtual Private Networks (L2VPN) |
| CN105897512A (en) * | 2016-05-10 | 2016-08-24 | 国网冀北电力有限公司信息通信分公司 | Method and system for monitoring virtual private network (VPN) |
| KR20170126584A (en) * | 2016-05-10 | 2017-11-20 | 배재대학교 산학협력단 | SYSTEM AND METHOD FOR REAL-TIME TRAFFIC SHAPING BY MULTI-QUEUING FOR QoS OF VIRTUAL PRIVATE NETWORK TUNNELING |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117278360B (en) | 2024-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3278514B1 (en) | Data transmission | |
| US9680870B2 (en) | Software-defined networking gateway | |
| US8863269B2 (en) | Frontend system and frontend processing method | |
| US9369398B2 (en) | Method, device, and system to prioritize encapsulating packets in a plurality of logical network connections | |
| CN112438038A (en) | Method and device for transmitting data | |
| EP2683123B1 (en) | Flow management gateway for machine-to-machine network | |
| US9197561B2 (en) | Facilitating network flows | |
| EP3293919B1 (en) | Data stream monitoring | |
| CN103414725A (en) | Method and device used for detecting and filtering data message | |
| EP2664178B1 (en) | Adaptive relative bit-rate manager for TCP depending flow control | |
| CN107566273A (en) | Auto-bandwidth adjustable strategies are generated according to label switched path | |
| CN107154917B (en) | Data transmission method and server | |
| Alani et al. | OSI model | |
| US11765094B2 (en) | Communication system with de-jitter buffer for reducing jitter | |
| CN112217685B (en) | Tunnel detection method, terminal device, system, computer device and storage medium | |
| US20160315867A1 (en) | Method of controlling data exchange between a mobile communication network and a data provider | |
| EP4007350A1 (en) | Communication device, data recording method, and non-transient computer readable medium | |
| CN117278360B (en) | Network communication method, device and storage medium based on virtual private network | |
| CN110166518B (en) | Session information transmission method, device, storage medium and electronic device | |
| US9877357B2 (en) | Changing wireless carriers during a mobile gateway session | |
| US20240048334A1 (en) | Method and apparatus for bandwidth adaptive scheduling in cloud based virtual network functions for traffic over point-to-point overlay tunnels | |
| US11251906B2 (en) | Conditional hardware acceleration of secure forward error correction (FEC) processing | |
| US20220131789A1 (en) | Communication system and method of verifying continuity | |
| JP6645931B2 (en) | QoS control system and method | |
| Teigen | Opportunities and Limitations in Network Quality Optimization: Quality Attenuation Models of WiFi Network Variability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |