CN117640773A - IP pool realization method, system and device based on multi-tenant saas service - Google Patents
IP pool realization method, system and device based on multi-tenant saas service Download PDFInfo
- Publication number
- CN117640773A CN117640773A CN202311593841.3A CN202311593841A CN117640773A CN 117640773 A CN117640773 A CN 117640773A CN 202311593841 A CN202311593841 A CN 202311593841A CN 117640773 A CN117640773 A CN 117640773A
- Authority
- CN
- China
- Prior art keywords
- address
- forwarding
- tenant
- access request
- pool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000012545 processing Methods 0.000 claims abstract description 76
- 238000004590 computer program Methods 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 5
- 230000007547 defect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The invention relates to the technical field of computers, and provides an IP pool realization method, system and device based on multi-tenant saas service, wherein the method comprises the following steps: forwarding an access request sent by a saas tenant to an export gateway; determining an outlet IP address based on a preset corresponding relation between tenant information and the IP address; determining a corresponding intranet IP address based on the exit IP address; forwarding the access request to an intranet IP address; and forwarding the access request to the exit IP address for processing, and returning a processing result. The method and the system are used for solving the defect that a single outlet IP in the saas service of multiple tenants in the prior art cannot be adapted to white lists of the multiple tenants, can provide a dedicated outlet IP for each tenant, and can improve the working efficiency of the saas service.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, a system, and an apparatus for implementing an IP pool based on a multi-tenant saas service.
Background
When the service used by the saas tenant calls the external api of the public network, especially when the enterprise is docked, the situation that the other party needs to configure the IP white list is often encountered, when the service is the saas service, programs of a plurality of companies are often running in an actual server, when the api is encountered and a specific company needs to open the IP white list, the actual IP of the saas service is required to be caused, the situation that the internal white list of a plurality of tenants cannot be adapted is caused, and the saas service cannot be smoothly carried out, so that the working efficiency is influenced.
Disclosure of Invention
The invention provides an IP pool realization method, system and device based on multi-tenant saas service, which are used for solving the defect that a single outlet IP in the multi-tenant saas service in the prior art cannot be adapted to a white list of a plurality of tenants in the interior, providing a dedicated outlet IP for each tenant, and improving the working efficiency of the saas service.
The invention provides an IP pool realization method based on multi-tenant saas service, which comprises the following steps:
forwarding an access request sent by a saas tenant to an export gateway;
determining an outlet IP address based on a preset corresponding relation between tenant information and the IP address;
determining a corresponding intranet IP address based on the exit IP address;
forwarding the access request to an intranet IP address;
and forwarding the access request to the exit IP address for processing, and returning a processing result.
According to the IP pool implementation method based on the multi-tenant saas service, provided by the invention, the corresponding relationship between tenant information and IP addresses is a one-to-one mapping relationship.
The invention also provides a service system, comprising:
the DNS is used for forwarding the access request sent by the saas tenant to the export gateway;
an egress gateway for forwarding the access request to the IP pool;
the configuration center is used for determining an outlet IP address based on the preset corresponding relation between the tenant information and the IP address;
a registration center for determining a corresponding intranet IP address based on the exit IP address
The IP pool is used for forwarding the access request to the network card corresponding to the exit IP address for processing, receiving the processing result of the network card and forwarding the processing result to the exit gateway;
the export gateway is further configured to receive the processing result forwarded by the IP pool, and forward the processing result to the saas tenant that issues the access request.
The invention also provides an IP pool realizing device based on the multi-tenant saas service, which comprises:
the first forwarding module is used for forwarding the access request sent by the saas tenant to the export gateway;
the first determining module is used for determining an outlet IP address based on a preset corresponding relation between tenant information and the IP address;
the second determining module is used for determining a corresponding intranet IP address based on the exit IP address;
the second forwarding module is used for forwarding the access request to the intranet IP address;
and the first processing module is used for forwarding the access request to the outlet IP address for processing and returning a processing result.
The invention also provides an IP pool realization method based on the multi-tenant saas service, which comprises the following steps:
forwarding an access request sent by a saas tenant to an export gateway;
determining a corresponding intranet IP address based on a preset corresponding relation between tenant information and the IP address;
forwarding the access request to an intranet IP address;
and forwarding the access request to a default exit IP address for processing, and returning a processing result.
The invention also provides a service system, comprising:
the DNS is used for forwarding the access request sent by the saas tenant to the export gateway;
an egress gateway for forwarding the access request to the IP pool;
the registration center is used for determining a corresponding intranet IP address IP pool based on a default exit IP address, forwarding an access request to a network card corresponding to the default exit IP address for processing, receiving a processing result of the network card and forwarding the processing result to the exit gateway;
the export gateway is further configured to receive the processing result forwarded by the IP pool, and forward the processing result to the saas tenant that issues the access request.
The invention also provides an IP pool realizing device based on the multi-tenant saas service, which comprises:
the third forwarding module is used for forwarding the access request sent by the saas tenant to the export gateway;
the third determining module is used for determining a corresponding intranet IP address based on a preset corresponding relation between tenant information and the IP address;
the fourth forwarding module is used for forwarding the access request to the intranet IP address;
and the second processing module is used for forwarding the access request to a default exit IP address for processing and returning a processing result.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes any IP pool realization method based on the multi-tenant saas service when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements any of the multi-tenant saas service based IP pool implementation methods described above.
The invention also provides a computer program product comprising a computer program which when executed by a processor implements any of the above-described IP pool implementation methods based on multi-tenant saas services.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow diagram of an IP pool implementation method based on a multi-tenant saas service according to an embodiment of the present invention;
fig. 2 is a second flow chart of an IP pool implementation method based on a multi-tenant saas service according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a service system according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an IP pool implementation apparatus based on a multi-tenant saas service according to an embodiment of the present invention;
fig. 5 is a third flow chart of an IP pool implementation method based on a multi-tenant saas service according to an embodiment of the present invention;
FIG. 6 is a flow chart of a method for implementing an IP pool based on a multi-tenant saas service according to an embodiment of the present invention;
FIG. 7 is a second schematic diagram of a service system according to an embodiment of the present invention;
fig. 8 is a second schematic structural diagram of an IP pool implementation apparatus based on a multi-tenant saas service according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a schematic flow diagram of an IP pool implementation method based on a multi-tenant saas service according to an embodiment of the present invention;
fig. 2 is a second flow chart of an IP pool implementation method based on a multi-tenant saas service according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a service system according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an IP pool implementation apparatus based on a multi-tenant saas service according to an embodiment of the present invention;
as shown in fig. 1-4, the present embodiment provides a method, a system and a device for implementing an IP pool based on a multi-tenant saas service, which may be suitable for making a white list IP egress forwarding case, where the method includes:
step 101, forwarding an access request sent by a saas tenant to an export gateway;
step 102, determining an exit IP address based on a preset corresponding relation between tenant information and the IP address;
step 103, determining a corresponding intranet IP address based on the exit IP address;
step 104, forwarding the access request to the intranet IP address;
and 105, forwarding the access request to the outlet IP address for processing, and returning a processing result.
In implementation, forwarding the access request to the egress IP address for processing, and returning the processing result may include: and forwarding the access request to the egress ip machine, forwarding the network io stream request by the egress ip machine, and acquiring the returned network io stream.
In an exemplary embodiment, the correspondence between tenant information and IP addresses is a one-to-one mapping relationship.
The system comprises:
the DNS is used for forwarding the access request sent by the saas tenant to the export gateway;
an egress gateway for forwarding the access request to the IP pool;
the configuration center is used for determining an outlet IP address based on the preset corresponding relation between the tenant information and the IP address;
a registration center for determining a corresponding intranet IP address based on the exit IP address
The IP pool is used for forwarding the access request to the network card corresponding to the exit IP address for processing, receiving the processing result of the network card and forwarding the processing result to the exit gateway;
the export gateway is further configured to receive the processing result forwarded by the IP pool, and forward the processing result to the saas tenant that issues the access request.
The device comprises:
a first forwarding module 401, configured to forward an access request sent by a saas tenant to an egress gateway;
a first determining module 402, configured to determine an egress IP address based on a preset relationship between tenant information and an IP address;
a second determining module 403, configured to determine a corresponding intranet IP address based on the exit IP address;
a second forwarding module 404, configured to forward the access request to an intranet IP address;
the first processing module 405 is configured to forward the access request to the egress IP address for processing, and return a processing result.
FIG. 5 is a second flow chart of a method for implementing an IP pool based on a multi-tenant saas service according to an embodiment of the present invention;
FIG. 6 is a flow chart of a method for implementing an IP pool based on a multi-tenant saas service according to an embodiment of the present invention;
FIG. 6 is a second schematic diagram of a service system according to an embodiment of the present invention;
fig. 7 is a second schematic structural diagram of an IP pool implementation apparatus based on a multi-tenant saas service according to an embodiment of the present invention;
fig. 5-7 are a method, a system and a device for forwarding a default egress of a public network IP according to an embodiment of the present invention, where the method includes:
step 501, forwarding an access request sent by saas tenant to an export gateway;
step 502, determining a corresponding intranet IP address based on a preset correspondence between tenant information and IP addresses;
step 503, forwarding the access request to the intranet IP address;
and step 504, forwarding the access request to a default exit IP address for processing, and returning a processing result.
The system comprises:
the DNS is used for forwarding the access request sent by the saas tenant to the export gateway;
an egress gateway for forwarding the access request to the IP pool;
the registration center is used for determining a corresponding intranet IP address IP pool based on a default exit IP address, forwarding an access request to a network card corresponding to the default exit IP address for processing, receiving a processing result of the network card and forwarding the processing result to the exit gateway;
the export gateway is further configured to receive the processing result forwarded by the IP pool, and forward the processing result to the saas tenant that issues the access request.
The device comprises:
a third forwarding module 801, configured to forward an access request sent by a saas tenant to an egress gateway;
a third determining module 802, configured to determine a corresponding intranet IP address based on a preset correspondence between tenant information and an IP address;
a fourth forwarding module 803, configured to forward the access request to an intranet IP address;
the second processing module 804 is configured to forward the access request to a default exit IP address for processing, and return a processing result.
The following illustrates, in a specific embodiment, an IP pool implementation method based on a multi-tenant saas service provided by the present invention, including:
s1: aiming at tenants, a configuration center is arranged in an outlet IP pool, and tenant and IP white list mapping is configured;
s2: registering the outlet machine cluster to an IP pool registration center, and registering machines with different intranet IPs and public network outlet network card information to the registration center;
s3: modifying dns to enable the public network outlet to be called through the reverse proxy gateway in a unified way;
s4: the method comprises the steps of unifying proxy gateway clusters, wherein all public network IP calls are exported by adopting a unifying reverse proxy gateway, and tenant information is added in a header of an http request;
s5: the unified proxy gateway obtains mapping of configuration center tenants and the export IP according to tenant information, and determines the export IP;
s6: the unified proxy gateway acquires an intranet IP with the same IP as the public network card of the registration center according to the exit IP;
s7: based on the intranet IP, the unified proxy gateway forwards the api and adds network card information in the header;
s8: the IP pool service repeater selects a corresponding network card to establish public network connection through the network card information;
s9: the IP pool service forwarder initiates http forwarding based on the established public network connection.
Fig. 9 illustrates a physical schematic diagram of an electronic device, as shown in fig. 9, which may include: processor 910, communication interface (Communications Interface), memory 930, and communication bus 940, wherein processor 910, communication interface 920, and memory 930 communicate with each other via communication bus 940. Processor 910 may invoke logic instructions in memory 930 to perform any of the above-described multi-tenant saas service-based IP pool implementation methods, including:
forwarding an access request sent by a saas tenant to an export gateway;
determining an outlet IP address based on a preset corresponding relation between tenant information and the IP address;
determining a corresponding intranet IP address based on the exit IP address;
forwarding the access request to an intranet IP address;
and forwarding the access request to the exit IP address for processing, and returning a processing result.
And/or the number of the groups of groups,
forwarding an access request sent by a saas tenant to an export gateway;
determining a corresponding intranet IP address based on a preset corresponding relation between tenant information and the IP address;
forwarding the access request to an intranet IP address;
and forwarding the access request to a default exit IP address for processing, and returning a processing result.
Further, the logic instructions in the memory 930 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method of the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, randomAccess Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product including a computer program, the computer program being storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of executing any one of the above IP pool implementation methods based on the multi-tenant saas service, the method comprising:
forwarding an access request sent by a saas tenant to an export gateway;
determining an outlet IP address based on a preset corresponding relation between tenant information and the IP address;
determining a corresponding intranet IP address based on the exit IP address;
forwarding the access request to an intranet IP address;
and forwarding the access request to the exit IP address for processing, and returning a processing result.
And/or the number of the groups of groups,
forwarding an access request sent by a saas tenant to an export gateway;
determining a corresponding intranet IP address based on a preset corresponding relation between tenant information and the IP address;
forwarding the access request to an intranet IP address;
and forwarding the access request to a default exit IP address for processing, and returning a processing result.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform any one of the above-described multi-tenant saas service-based IP pool implementation methods, the method comprising:
forwarding an access request sent by a saas tenant to an export gateway;
determining an outlet IP address based on a preset corresponding relation between tenant information and the IP address;
determining a corresponding intranet IP address based on the exit IP address;
forwarding the access request to an intranet IP address;
and forwarding the access request to the exit IP address for processing, and returning a processing result.
And/or the number of the groups of groups,
forwarding an access request sent by a saas tenant to an export gateway;
determining a corresponding intranet IP address based on a preset corresponding relation between tenant information and the IP address;
forwarding the access request to an intranet IP address;
and forwarding the access request to a default exit IP address for processing, and returning a processing result.
The apparatus embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on such understanding, the foregoing technical solutions may be embodied essentially or in part in the form of a software product, which may be stored in a computer-readable storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the various embodiments or methods of some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. The method for realizing the IP pool based on the multi-tenant saas service is characterized by comprising the following steps:
forwarding an access request sent by a saas tenant to an export gateway;
determining an outlet IP address based on a preset corresponding relation between tenant information and the IP address;
determining a corresponding intranet IP address based on the exit IP address;
forwarding the access request to the intranet IP address;
and forwarding the access request to the outlet IP address for processing, and returning a processing result.
2. The method for implementing the IP pool based on the multi-tenant saas service according to claim 1, wherein the correspondence between tenant information and IP addresses is a one-to-one mapping relationship.
3. The system for applying the multi-tenant saas service-based IP pool implementation method of claim 1, comprising:
the DNS is used for forwarding the access request sent by the saas tenant to the export gateway;
an egress gateway for forwarding the access request to an IP pool;
the configuration center is used for determining an outlet IP address based on the preset corresponding relation between the tenant information and the IP address;
a registration center for determining a corresponding intranet IP address based on the exit IP address
The IP pool is used for forwarding the access request to the network card corresponding to the exit IP address for processing, receiving the processing result of the network card and forwarding the processing result to the exit gateway;
the export gateway is further configured to receive a processing result forwarded by the IP pool, and forward the processing result to the saas tenant that issues the access request.
4. An IP pool implementing apparatus based on a multi-tenant saas service, comprising:
the first forwarding module is used for forwarding the access request sent by the saas tenant to the export gateway;
the first determining module is used for determining an outlet IP address based on a preset corresponding relation between tenant information and the IP address;
the second determining module is used for determining a corresponding intranet IP address based on the exit IP address;
the second forwarding module is used for forwarding the access request to the intranet IP address;
and the first processing module is used for forwarding the access request to the outlet IP address for processing and returning a processing result.
5. The method for realizing the IP pool based on the multi-tenant saas service is characterized by comprising the following steps:
forwarding an access request sent by a saas tenant to an export gateway;
determining a corresponding intranet IP address based on a preset corresponding relation between tenant information and the IP address;
forwarding the access request to the intranet IP address;
and forwarding the access request to a default exit IP address for processing, and returning a processing result.
6. The system for applying the multi-tenant saas service-based IP pool implementation method of claim 5, comprising:
the DNS is used for forwarding the access request sent by the saas tenant to the export gateway;
an egress gateway for forwarding the access request to an IP pool;
the registration center is used for determining a corresponding intranet IP address IP pool based on a default exit IP address, forwarding the access request to a network card corresponding to the default exit IP address for processing, receiving a processing result of the network card and forwarding the processing result to the exit gateway;
the export gateway is further configured to receive a processing result forwarded by the IP pool, and forward the processing result to the saas tenant that issues the access request.
7. An IP pool implementing apparatus based on a multi-tenant saas service, comprising:
the third forwarding module is used for forwarding the access request sent by the saas tenant to the export gateway;
the third determining module is used for determining a corresponding intranet IP address based on a preset corresponding relation between tenant information and the IP address;
the fourth forwarding module is used for forwarding the access request to the intranet IP address;
and the second processing module is used for forwarding the access request to a default outlet IP address for processing and returning a processing result.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the IP pool implementation method based on the multi-tenant saas-service as claimed in claim 1 and/or 4 when executing the program.
9. A non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the multi-tenant saas service based IP pool implementation method according to claim 1 and/or 4.
10. A computer program product comprising a computer program which when executed by a processor implements the IP pool implementation method based on a multi-tenant saas-service as claimed in claim 1 and/or 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311593841.3A CN117640773A (en) | 2023-11-27 | 2023-11-27 | IP pool realization method, system and device based on multi-tenant saas service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311593841.3A CN117640773A (en) | 2023-11-27 | 2023-11-27 | IP pool realization method, system and device based on multi-tenant saas service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117640773A true CN117640773A (en) | 2024-03-01 |
Family
ID=90024701
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311593841.3A Pending CN117640773A (en) | 2023-11-27 | 2023-11-27 | IP pool realization method, system and device based on multi-tenant saas service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117640773A (en) |
-
2023
- 2023-11-27 CN CN202311593841.3A patent/CN117640773A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112910692B (en) | Method, system and medium for controlling service grid flow based on micro service gateway | |
| CN109525684B (en) | Message forwarding method and device | |
| US20060221955A1 (en) | IP addressing in joined private networks | |
| CN114025021B (en) | Communication method, system, medium and electronic equipment crossing Kubernetes cluster | |
| US10361901B2 (en) | Registration of SIP-based communications in a hosted VoIP network | |
| US8965342B1 (en) | Method and apparatus for verifying the authenticity of mobile device information | |
| CN112187958A (en) | Method and device for registering, discovering and forwarding microservice | |
| WO2020181735A1 (en) | Method for providing network address translation (nat) service and controller | |
| US8929225B2 (en) | Customer edge device problem identification | |
| US9559935B2 (en) | Virtual interface applications | |
| WO2021080753A1 (en) | Email security in a multi-tenant email service | |
| CN114285852A (en) | Service calling method and device based on multi-stage service platform | |
| JP5729796B1 (en) | Gateway device, communication system, communication method, and communication program | |
| CN113364660A (en) | Data packet processing method and device in LVS load balancing | |
| CN117640773A (en) | IP pool realization method, system and device based on multi-tenant saas service | |
| US9929951B1 (en) | Techniques for using mappings to manage network traffic | |
| US20090292796A1 (en) | Method and device for providing routing policies to user terminals according to applications executed on user terminals | |
| WO2017000583A1 (en) | Terminal access method and corresponding terminal, base station and main core network | |
| CN110351159B (en) | Cross-intranet network performance testing method and device | |
| CN114679370B (en) | Server hosting method, device, system and storage medium | |
| CN106936718B (en) | PPPoE message transmission method and PPPoE server | |
| US11082260B2 (en) | Network system, network device, and recording medium | |
| CN112929277B (en) | Message processing method and device | |
| US20120051261A1 (en) | Determination of bypass zones from network configuration settings | |
| CN111131315A (en) | Session connection method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |