CN117713908A - High-flux satellite network interconnection method and system for distributed sites - Google Patents
High-flux satellite network interconnection method and system for distributed sites Download PDFInfo
- Publication number
- CN117713908A CN117713908A CN202311742378.4A CN202311742378A CN117713908A CN 117713908 A CN117713908 A CN 117713908A CN 202311742378 A CN202311742378 A CN 202311742378A CN 117713908 A CN117713908 A CN 117713908A
- Authority
- CN
- China
- Prior art keywords
- firewall
- internet
- broadband access
- access server
- service data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000013461 design Methods 0.000 claims abstract description 25
- 230000005540 biological transmission Effects 0.000 claims description 13
- ABEXEQSGABRUHS-UHFFFAOYSA-N 16-methylheptadecyl 16-methylheptadecanoate Chemical compound CC(C)CCCCCCCCCCCCCCCOC(=O)CCCCCCCCCCCCCCC(C)C ABEXEQSGABRUHS-UHFFFAOYSA-N 0.000 claims description 9
- 241000764238 Isis Species 0.000 claims description 9
- 238000005417 image-selected in vivo spectroscopy Methods 0.000 claims description 9
- 238000012739 integrated shape imaging system Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 7
- 230000003068 static effect Effects 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims description 2
- 238000005538 encapsulation Methods 0.000 claims description 2
- 238000010276 construction Methods 0.000 abstract description 7
- 238000012423 maintenance Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000013467 fragmentation Methods 0.000 description 4
- 238000006062 fragmentation reaction Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- DWSYCUKCNSVBRA-UHFFFAOYSA-N 4-(5-methylsulfonyltetrazol-1-yl)phenol Chemical compound CS(=O)(=O)C1=NN=NN1C1=CC=C(C=C1)O DWSYCUKCNSVBRA-UHFFFAOYSA-N 0.000 description 2
- 101710167643 Serine/threonine protein phosphatase PstP Proteins 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Abstract
The embodiment of the invention discloses a high-flux satellite network interconnection method and a system for distributed sites, which are used for distributing gateway stations on a plurality of different physical sites based on satellite feed beam design; transmitting service data through a baseband system; judging whether MTU of service data to be transmitted is within a designated size through a slicing server, and executing message slicing treatment on the service data to be transmitted when the MTU exceeds the designated size; forwarding the service data carried by the gateway station through a service convergence switch; traffic redirection authentication is carried out for the user through the broadband access server; the firewall converts the intranet address into a public network address through NAT so as to realize the access control of the gateway station; the public network is connected through an Internet outlet; and the gateway stations are interconnected and communicated through the PSEC VPN. The method solves the problems of high construction cost, high operation and maintenance cost and low efficiency of high-flux satellite network interconnection of the distributed site in the prior art.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a high-flux satellite network interconnection method, a system, electronic equipment and a storage medium for distributed sites.
Background
The existing high-flux satellite network is designed into a single star topology structure, each gateway station uniformly gathers service data to a central data exchange node for processing and transmission through a long-distance MSTP dedicated line, and in an Internet service demand mode, two link resources need to be rented to support service transmission, namely an MSTP dedicated line link from the gateway station to the central data exchange node and an Internet link of a local outlet of the central data exchange node.
Along with the continuous expansion of the number of satellites, the number of gateway stations is greatly increased, and the traffic of the high-flux satellites is greatly increased, if the interconnection design of the star network topology is continued, extremely high link leasing cost is generated, and the development of the high-flux satellite traffic is not facilitated.
The central data exchange node serves as a centralized outlet of all services, traffic flows of all gateway stations are converged, and the bearing pressure and cost are increased sharply. From the reliability perspective, the single star topology has the possibility of single failure because the traffic of the gateway station is totally converged to the central data exchange node for forwarding. If an uncontrollable disaster occurs, all services are interrupted, and a great deal of manpower and material resource support is needed for establishing disaster backup data exchange nodes, so that the disaster backup data exchange nodes are not suitable for early investment and have good expansibility.
Therefore, there is a need for a high throughput satellite network interconnection solution for distributed sites that reduces construction and operation costs, provides high efficiency, high reliability service support capabilities.
Disclosure of Invention
The embodiment of the invention aims to provide a high-flux satellite network interconnection method, a system, electronic equipment and a storage medium for distributed sites, which are used for solving the problems of higher construction cost, higher operation and maintenance cost and lower efficiency of the high-flux satellite network interconnection of the distributed sites in the prior art.
In order to achieve the above objective, an embodiment of the present invention provides a high-throughput satellite network interconnection method for a distributed site, where the method specifically includes:
deploying gateway stations at a plurality of different physical locations based on satellite feed beam design distribution;
transmitting service data through a baseband system;
judging whether MTU of service data to be transmitted is within a designated size through a slicing server, and executing message slicing treatment on the service data to be transmitted when the MTU exceeds the designated size;
forwarding the service data carried by the gateway station through a service convergence switch;
traffic redirection authentication is carried out for the user through the broadband access server;
the firewall converts the intranet address into a public network address through NAT so as to realize the access control of the gateway station;
the public network is connected through an Internet outlet;
the gateway stations are interconnected and intercommunicated through IPSEC VPN.
Based on the technical scheme, the invention can also be improved as follows:
further, the internet outlet comprises a first internet outlet and a second internet outlet;
the firewall comprises a first firewall and a second firewall;
the broadband access server comprises a first broadband access server and a second broadband access server;
the baseband system comprises a baseband switch and baseband equipment, and is connected with a network route and an antenna radio frequency system through the baseband system.
Further, the gateway station comprises a three-layer internet traffic transmission design and a two-layer private network traffic transmission design.
Further, the three-layer internet traffic transmission design includes:
uploading the baseband system to the service convergence switch;
the service data route is learned between the baseband switch and the service convergence switch through an operation protocol, wherein the operation protocol comprises an operation OSPF protocol and an operation IBGP protocol;
the service convergence switch and the broadband access server forward the three-layer service flow to a broadband access server authentication sub-interface in a redirection mode, and service authentication control is realized through a BOSS system;
the broadband access server and the firewall operate an ISIS protocol, and the broadband access server configures a routing policy call prefix list to be introduced into the ISIS protocol;
the firewall performs NAT address translation, configures a default route to point to an operator Internet outlet, redistributes the default route into an ISIS protocol, and connects three layers of Internet traffic to the Internet.
Further, the two-layer private network traffic transmission design includes:
the baseband switch transparently transmits the two-layer private network traffic to the slicing server, and the MTU value of the two-layer private network traffic is adjusted so as to ensure that the two-layer private network traffic after protocol encapsulation can normally cross the Internet;
continuing to transmit the two-layer private network flow after MTU value adjustment to the service convergence switch;
the service convergence switches establish VXLAN tunnels to transmit MAC routes in a static mode, and three layers of routes are reachable through OSPF;
when the GRE flow reaches the firewall, the flows of the source address and the destination address of the GRE are configured as the interested flows of IPSec, and the flows are led to enter an IPSec tunnel to realize the intercommunication of the two-layer private line flows.
A high throughput satellite network interconnection system for distributed sites, comprising:
deploying gateway stations at a plurality of different physical locations based on satellite feed beam design distribution;
the baseband system is used for transmitting service data;
the slicing server is used for judging whether the MTU of the service data to be transmitted is within a specified size, and when the MTU exceeds the specified size, the slicing server performs message slicing treatment on the service data to be transmitted;
a service convergence switch for forwarding the service data carried by the gateway station;
the broadband access server is used for carrying out traffic redirection authentication for the user;
the firewall is used for converting the intranet address into the public network address through the NAT so as to realize the access control of the gateway station;
the Internet outlet is used for connecting a public network;
and the gateway stations are interconnected and communicated through IPSEC VPN.
Further, the internet outlet comprises a first internet outlet and a second internet outlet;
the firewall comprises a first firewall and a second firewall, the first Internet outlet is connected with the first firewall, and the second Internet outlet is connected with the second firewall;
the broadband access server comprises a first broadband access server and a second broadband access server, and the broadband access server is interconnected with the firewall.
Further, the baseband system comprises a baseband switch and baseband equipment, and the baseband system is connected with a network route and an antenna radio frequency system.
An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method when the computer program is executed.
A non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method.
The embodiment of the invention has the following advantages:
the invention discloses a high-flux satellite network interconnection method facing to a distributed site, which comprises the steps of distributing and arranging gateway stations at a plurality of different physical sites based on satellite feed wave beam design; transmitting service data through a baseband system; judging whether MTU of service data to be transmitted is within a designated size through a slicing server, and executing message slicing treatment on the service data to be transmitted when the MTU exceeds the designated size; forwarding the service data carried by the gateway station through a service convergence switch; traffic redirection authentication is carried out for the user through the broadband access server; the firewall converts the intranet address into a public network address through NAT so as to realize the access control of the gateway station; the public network is connected through an Internet outlet; the gateway stations are interconnected and communicated through IPSEC VPN; the problems of high construction cost, high operation and maintenance cost and low efficiency of high-flux satellite network interconnection of the distributed site in the prior art are solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It will be apparent to those skilled in the art from this disclosure that the drawings described below are merely exemplary and that other embodiments may be derived from the drawings provided without undue effort.
The structures, proportions, sizes, etc. shown in the present specification are shown only for the purposes of illustration and description, and are not intended to limit the scope of the invention, which is defined by the claims, so that any structural modifications, changes in proportions, or adjustments of sizes, which do not affect the efficacy or the achievement of the present invention, should fall within the scope of the invention.
FIG. 1 is a flow chart of a high throughput satellite network interconnection method for distributed sites of the present invention;
FIG. 2 is a first architecture diagram of the distributed site oriented high throughput satellite network interconnection system of the present invention;
FIG. 3 is a second architecture diagram of the distributed site oriented high throughput satellite network interconnection system of the present invention;
fig. 4 is a schematic diagram of an entity structure of an electronic device according to the present invention.
Wherein the reference numerals are as follows:
gateway station 10, internet outlet 20, first internet outlet 201, second internet outlet 202, firewall 30, first firewall 301, second firewall 302, broadband access server 40, first broadband access server 401, second broadband access server 402, service convergence switch 50, fragmentation server 60, baseband system 70, electronic device 80, processor 801, memory 802, bus 803.
Detailed Description
Other advantages and advantages of the present invention will become apparent to those skilled in the art from the following detailed description, which, by way of illustration, is to be read in connection with certain specific embodiments, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples
Fig. 1 is a flowchart of an embodiment of a high-throughput satellite network interconnection method for a distributed site, and as shown in fig. 1, the high-throughput satellite network interconnection method for a distributed site provided by the embodiment of the invention includes the following steps:
s101, deploying gateway stations at a plurality of different physical sites based on satellite feed beam design distribution;
s102, transmitting service data through a baseband system;
s103, judging whether MTU of the service data to be transmitted is within a specified size or not through a fragmentation server, and executing message fragmentation treatment on the service data to be transmitted when the MTU exceeds the specified size;
s104, forwarding the service data carried by the gateway station through the service convergence switch;
s105, carrying out flow redirection authentication for the user through the broadband access server;
s106, the firewall converts the intranet address into a public network address through NAT to realize the access control of the gateway station;
s107, connecting a public network through an Internet outlet;
s108, the gateway stations are interconnected and communicated through IPSEC VPN;
the gateway station 10 is connected through IPSEC VPN, the gateway station 10 comprises an Internet outlet 20, a firewall 30, a broadband access server 40, a service convergence switch 50, a fragmentation server 60 and a baseband system 70;
"firewall 30" refers to a method of separating an intranet from a public access network (e.g., the Internet), which is essentially an application-based security technology, an isolation technology, based on modern communication network technology and information security technology. Increasingly, the method is applied to the interconnection environment of private networks and public networks, and particularly, the method is used for accessing the Internet.
Firewall 30 essentially creates a protective barrier between the environment acting on the internal and external networks by means of hardware and software, thereby achieving a blocking of computer unsafe network factors. Only if the firewall 30 agrees, the user can enter the computer, if the firewall 30 disagrees and is blocked outside, the firewall 30 has very powerful alarm function, when the external user needs to enter the computer, the firewall 30 can quickly send out corresponding alarm and remind the user to act, and make self judgment to determine whether to allow the external user to enter the computer, so that the firewall 30 can effectively inquire the user in the network environment, and display the information to the user, and then the user needs to implement corresponding setting on the firewall 30 according to the self requirement to block the impermissible user act. The firewall 30 can also be used for effectively checking the flow of information data, grasping the uploading and downloading speeds of the data information, facilitating the user to judge the use condition of the computer, checking the internal condition of the computer through the firewall 30, and starting and closing the program, and the log function in the computer system, which is the summary and arrangement of the firewall 30 on the real-time security condition and daily flow condition of the internal system of the computer.
The broadband access server 40 (Broadband Remote Access Server, abbreviated as BRAS) is a novel access gateway for broadband network application, is located at an edge layer of a backbone network, and can complete data access of an IP/ATM network with a user bandwidth (access means is mainly based on xDSL/Cable Modem/high-speed ethernet technology (LAN)/wireless broadband data access (WLAN)/FTTx, etc.), so as to realize broadband internet surfing of commercial buildings and residential homes, IP VPN service based on IPSec (IP Security Protocol), build an internal Intranet of an enterprise, support wholesale service of an ISP to the user, etc.
The broadband access server 40 (BRAS) mainly performs two functions:
firstly, network bearing function: the PPPoE (Point-to-PointPotocol Over Ethernet, a mode of transmitting PPP session on Ethernet) connection and user flow aggregation function responsible for terminating users;
secondly, the control implementation function: and the authentication, charging and management functions of user access are realized by matching with the authentication system, the charging system, the client management system and the service policy control system.
Broadband access server 40 (BRAS) is a new type of access gateway for broadband network applications. It is a bridge between broadband access network and backbone network, providing basic access means and management functions of broadband access network. The broadband access system is positioned at the edge of the network, provides broadband access service, realizes convergence and forwarding of various services, and can meet the requirements of different users on transmission capacity and bandwidth utilization rate, so that the broadband access system is core equipment for broadband user access.
The BRAS is used as authentication equipment to redirect Portal pages for users, or is configured with functions of black-and-white list, authentication-free access and the like, and transmits user authentication data and the like with the AAA server through protocols such as Radius and the like.
The maximum transmission unit (Maximum Transmission Unit, MTU) is used to inform the partner of the maximum size of the acceptable data service units, indicating the size of the payload that the sender can accept.
Is the maximum length of a packet or frame, typically in bytes. If the MTU is too large, forwarding is rejected when a router is encountered because it cannot handle too large a packet. If too small, the amount of data actually transferred is too small, and thus not practical, because the protocol must have a header added to the packet (or frame). Most operating systems will provide the user with a default value that is generally appropriate for the user.
The internet outlet 20 includes a first internet outlet 201 and a second internet outlet 202;
the firewall 30 includes a first firewall 301 and a second firewall 302;
the broadband access server 40 includes a first broadband access server 401 and a second broadband access server 402;
the baseband system 70 includes a baseband switch and baseband equipment.
The baseband system 70 includes a baseband switch, baseband equipment, etc., and the baseband system 70 is connected to a network routing and antenna radio frequency system, and is mainly used for completing conversion between an IP data packet and a satellite protocol data packet.
The antenna radio frequency system is a single system, and the antenna radio frequency subsystem is responsible for up-converting, amplifying and transmitting intermediate frequency signals to a satellite, and receiving, amplifying and down-converting satellite link radio frequency (Ka frequency band) signals;
the data processing sequence among the systems is as follows: antenna radio frequency system-baseband system-network routing system (i.e. service convergence switch, broadband access server, firewall, etc.);
the gateway station 10 includes a three-layer internet traffic transport design and a two-layer private network traffic transport design.
The three-layer internet traffic transmission design comprises:
linking up the baseband system 70 to the service convergence switch 50;
the service data route is learned between the baseband switch and the service convergence switch 50 through an operation protocol, wherein the operation protocol comprises an operation OSPF protocol and an operation IBGP protocol;
the service convergence switch 50 and the broadband access server 40 forward the three-layer service flow to the authentication sub-interface of the broadband access server 40 in a redirection mode, and service authentication control is realized through a BOSS system;
the broadband access server 40 and the firewall 30 operate an ISIS protocol, and the broadband access server 40 configures a routing policy invocation prefix list to be introduced into the ISIS protocol;
firewall 30 performs NAT address translation, configures a default route to point to carrier internet outlet 20, and redistributes the default route into ISIS protocol, connecting the three-tier internet traffic to the internet.
The two-layer private network traffic transmission design comprises:
the baseband switch transparently transmits the two-layer private network traffic to the slicing server 60, adjusts the MTU value of the two-layer private network traffic, and adjusts the MTU value of the two-layer private network data from a default 1500 to below 1300, thereby ensuring that the two-layer data packaged by VXLAN and IPSEC over GRE protocol can normally cross the Internet;
continuing to transmit the two-layer private network traffic subjected to MTU value adjustment to the service convergence switch 50;
the service convergence switch 50 establishes a VXLAN tunnel to transmit an MAC route in a static mode, and three layers of routes are reachable through OSPF among the service convergence switches 50;
when the GRE traffic reaches the firewall 30, the traffic of the source address and the destination address of the GRE is configured as the interested flow of IPSec, and the traffic is led to enter an IPSec tunnel, so that the two-layer private line traffic intercommunication is realized.
According to the high-flux satellite network interconnection method for the distributed site, gateway stations 10 are distributed and deployed at a plurality of different physical sites based on satellite feed beam design; transmitting service data through the baseband system 70; judging whether the MTU of the service data to be transmitted is within a specified size through the slicing server 60, and executing message slicing treatment on the service data to be transmitted when the MTU exceeds the specified size; forwarding the service data carried by the gateway station 10 through a service convergence switch 50; traffic redirection authentication for the user through the broadband access server 40; the firewall 30 converts the intranet address into the public network address through the NAT to realize the access control of the gateway station 10; connect to the public network through the internet outlet 20; gateway stations 10 are interconnected by IPSEC VPN. The problems of high construction cost, high operation and maintenance cost and low efficiency of high-flux satellite network interconnection of the distributed site in the prior art are solved.
The high-throughput satellite network interconnection method for the distributed sites adopts the distributed sites to deploy the Internet outlet 20, and the gateway stations 10 adopt IPSEC VPN connection, are regarded as point-to-point virtual links, and transmit service and management data. The whole network topology is in a logic mesh network structure, all nodes of the architecture are interconnected and communicated, and any two nodes have connection channels. Compared with the network topology design of a star network, the distributed mesh network structure designed by the invention presents an obvious decentralization situation, has the characteristics of high reliability, no single-point fault, multi-path intelligent regulation and control and the like, creates a wide area bearing network, and can bear the data of the Internet service, the end-to-end private network service and the like of a plurality of high-flux satellites. GRE over IPSec can take advantage of GRE and IPSec, multicast, broadcast and non-IP packets are encapsulated into common IP packets by GRE, and the encapsulated IP packets are provided with secure communications by IPSec, so that broadcast, multicast services, such as video conferencing or dynamic routing protocol messages, can be securely transmitted between gateway stations 10.
The centralized data exchange node is not arranged any more, the data exchange node is adopted to sink and disperse to each gateway station 10, each gateway station 10 respectively bears a part of service flow, the service flow is dispersed to each station, the internet service data is locally outgoing at the gateway station 10, two link resources of original private line and internet are optimized into one internet link resource, and the cost problem caused by huge bandwidth due to the fact that all the gateway station 10 services are converged to a single data exchange node after the service volume is greatly increased is avoided.
Each gateway station 10 will deploy two internet outlets 20 in active-standby mode of operation for forwarding traffic. The solution designed by the invention can save 47.8% of ground link lease cost after the initial construction is finished compared with the traditional star topology network by calculating the 200Mbps bandwidth traffic of each gateway station 10 per month, and the more obvious the cost saving proportion is when the single-station traffic is improved.
In addition, the architecture has high flexibility and expandability. If the link bandwidth is insufficient due to the increase of the traffic flow along with the development of the traffic, the capacity expansion can be realized by only increasing the exit bandwidth of the gateway station 10 and the equipment board card, and the capacity expansion of the single gateway station 10 can be performed according to the traffic flow of different stations.
The IGP and EGP protocols are matched with SDN intelligent management and control, the whole network uniformly distributes resources such as IP addresses, VLANs and the like, and a uniform operation platform with uniform management, uniform resource scheduling, intelligent link distribution, high reliability, sustainable development and high compatibility of the whole network is realized.
FIGS. 2-3 are architecture diagrams of embodiments of a distributed site oriented high throughput satellite network interconnection system of the present invention; as shown in fig. 2-3, the high-throughput satellite network interconnection system facing to the distributed site provided by the embodiment of the invention includes the following steps:
deploying gateway station 10 at a plurality of different physical locations based on a satellite feed beam design distribution;
a baseband system 70 for transmitting service data;
the slicing server 60 is configured to determine whether an MTU of service data to be transmitted is within a specified size, and perform message slicing treatment on the service data to be transmitted when the MTU exceeds the specified size;
a service convergence switch 50, configured to forward the service data carried by the gateway station 10;
a broadband access server 40 for performing traffic redirection authentication for the user;
a firewall 30, configured to convert an intranet address into a public network address through NAT, so as to implement access control of the gateway station 10;
an internet outlet 20 for connecting to a public network;
the gateway stations 10 are interconnected and intercommunicated through IPSEC VPN.
The internet outlet 20 includes a first internet outlet 201 and a second internet outlet 202;
the firewall 30 includes a first firewall 301 and a second firewall 302, the first internet outlet 201 is connected to the first firewall 301, and the second internet outlet 202 is connected to the second firewall 302;
the broadband access server 40 includes a first broadband access server 401 and a second broadband access server 402, and the broadband access server 40 is interconnected with the firewall 30.
The baseband system 70 includes a baseband switch and baseband equipment, and the baseband system 70 is connected to a network routing and antenna radio frequency system.
The high-flux satellite network interconnection system for the distributed sites solves the problems of high construction cost, high operation and maintenance cost and low efficiency of the high-flux satellite network interconnection of the distributed sites in the prior art.
Fig. 4 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present invention, as shown in fig. 4, an electronic device 80 includes: a processor 801 (processor), a memory 802 (memory), and a bus 803;
the processor 801 and the memory 802 complete communication with each other through the bus 803;
the processor 801 is configured to invoke program instructions in the memory 802 to perform the methods provided by the above-described method embodiments, including, for example: deploying gateway station 10 at a plurality of different physical locations based on a satellite feed beam design distribution; transmitting service data through the baseband system 70; judging whether the MTU of the service data to be transmitted is within a specified size through the slicing server 60, and executing message slicing treatment on the service data to be transmitted when the MTU exceeds the specified size; forwarding the service data carried by the gateway station 10 through a service convergence switch 50; traffic redirection authentication for the user through the broadband access server 40; the firewall 30 converts the intranet address into the public network address through the NAT to realize the access control of the gateway station 10; connect to the public network through the internet outlet 20; gateway stations 10 are interconnected by IPSEC VPN.
The present embodiment provides a non-transitory computer readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above-described method embodiments, for example, including: deploying gateway station 10 at a plurality of different physical locations based on a satellite feed beam design distribution; transmitting service data through the baseband system 70; judging whether the MTU of the service data to be transmitted is within a specified size through the slicing server 60, and executing message slicing treatment on the service data to be transmitted when the MTU exceeds the specified size; forwarding the service data carried by the gateway station 10 through a service convergence switch 50; traffic redirection authentication for the user through the broadband access server 40; the firewall 30 converts the intranet address into the public network address through the NAT to realize the access control of the gateway station 10; connect to the public network through the internet outlet 20; gateway stations 10 are interconnected by IPSEC VPN.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various storage media such as ROM, RAM, magnetic or optical disks may store program code.
The apparatus embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on such understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the embodiments or the methods of some parts of the embodiments.
While the invention has been described in detail in the foregoing general description and specific examples, it will be apparent to those skilled in the art that modifications and improvements can be made thereto. Accordingly, such modifications or improvements may be made without departing from the spirit of the invention and are intended to be within the scope of the invention as claimed.
Claims (10)
1. The high-throughput satellite network interconnection method for the distributed site is characterized by comprising the following steps of:
deploying gateway stations at a plurality of different physical locations based on satellite feed beam design distribution;
transmitting service data through a baseband system;
judging whether MTU of service data to be transmitted is within a designated size through a slicing server, and executing message slicing treatment on the service data to be transmitted when the MTU exceeds the designated size;
forwarding the service data carried by the gateway station through a service convergence switch;
traffic redirection authentication is carried out for the user through the broadband access server;
the firewall converts the intranet address into a public network address through NAT so as to realize the access control of the gateway station;
the public network is connected through an Internet outlet;
the gateway stations are interconnected and intercommunicated through IPSEC VPN.
2. The high-throughput satellite network interconnection method for distributed sites of claim 1, wherein said internet outlets comprise a first internet outlet and a second internet outlet;
the firewall comprises a first firewall and a second firewall;
the broadband access server comprises a first broadband access server and a second broadband access server;
the baseband system comprises a baseband switch and baseband equipment, and is connected with a network route and an antenna radio frequency system through the baseband system.
3. The method of claim 1, wherein the gateway station comprises a three-layer internet traffic transmission design and a two-layer private network traffic transmission design.
4. The high-throughput satellite network interconnection method for distributed sites of claim 3, wherein said three-layer internet traffic transport design comprises:
uploading the baseband system to the service convergence switch;
the service data route is learned between the baseband switch and the service convergence switch through an operation protocol, wherein the operation protocol comprises an operation OSPF protocol and an operation IBGP protocol;
the service convergence switch and the broadband access server forward the three-layer service flow to a broadband access server authentication sub-interface in a redirection mode, and service authentication control is realized through a BOSS system;
the broadband access server and the firewall operate an ISIS protocol, and the broadband access server configures a routing policy call prefix list to be introduced into the ISIS protocol;
and the firewall performs NAT address conversion, configures a default route to point to the Internet outlet, redistributes the default route into an ISIS protocol, and connects three layers of Internet traffic to the Internet.
5. The method for interconnecting high-throughput satellite networks for distributed sites of claim 3, wherein said two-layer private network traffic transport design comprises:
the baseband switch transparently transmits the two-layer private network traffic to the slicing server, and the MTU value of the two-layer private network traffic is adjusted so as to ensure that the two-layer private network traffic after protocol encapsulation can normally cross the Internet;
continuing to transmit the two-layer private network flow after MTU value adjustment to the service convergence switch;
the service convergence switches establish VXLAN tunnels to transmit MAC routes in a static mode, and three layers of routes are reachable through OSPF;
when the GRE flow reaches the firewall, the flows of the source address and the destination address of the GRE are configured as the interested flows of IPSec, and the flows are led to enter an IPSec tunnel to realize the intercommunication of the two-layer private line flows.
6. A high-throughput satellite network interconnection system for distributed sites, comprising:
deploying gateway stations at a plurality of different physical locations based on satellite feed beam design distribution;
the baseband system is used for transmitting service data;
the slicing server is used for judging whether the MTU of the service data to be transmitted is within a specified size, and when the MTU exceeds the specified size, the slicing server performs message slicing treatment on the service data to be transmitted;
a service convergence switch for forwarding the service data carried by the gateway station;
the broadband access server is used for carrying out traffic redirection authentication for the user;
the firewall is used for converting the intranet address into the public network address through the NAT so as to realize the access control of the gateway station;
the Internet outlet is used for connecting a public network;
and the gateway stations are interconnected and communicated through IPSEC VPN.
7. The distributed site oriented high throughput satellite network interconnection system of claim 6, wherein said internet outlets comprise a first internet outlet and a second internet outlet;
the firewall comprises a first firewall and a second firewall, the first Internet outlet is connected with the first firewall, and the second Internet outlet is connected with the second firewall;
the broadband access server comprises a first broadband access server and a second broadband access server, and the broadband access server is interconnected with the firewall.
8. The distributed site oriented high throughput satellite network interconnection system of claim 6, wherein said baseband system comprises a baseband switch and baseband equipment, said baseband system connecting a network routing and antenna radio frequency system.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 5 when the computer program is executed.
10. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311742378.4A CN117713908A (en) | 2023-12-18 | 2023-12-18 | High-flux satellite network interconnection method and system for distributed sites |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311742378.4A CN117713908A (en) | 2023-12-18 | 2023-12-18 | High-flux satellite network interconnection method and system for distributed sites |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117713908A true CN117713908A (en) | 2024-03-15 |
Family
ID=90160327
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311742378.4A Pending CN117713908A (en) | 2023-12-18 | 2023-12-18 | High-flux satellite network interconnection method and system for distributed sites |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117713908A (en) |
-
2023
- 2023-12-18 CN CN202311742378.4A patent/CN117713908A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10680704B2 (en) | Layer-2 connectivity from switch to access node/gateway | |
| US11962397B2 (en) | Layer-2 connectivity from switch to access node/gateway | |
| US8374129B2 (en) | Circuit switched millimeter wave communication network | |
| CN100583773C (en) | Method and device for controlling data link layer elements with network layer elements | |
| US8948149B2 (en) | Access node/gateway to access node/gateway layer-2 connectivity (end-to-end) | |
| US8555352B2 (en) | Controlling access nodes with network transport devices within wireless mobile networks | |
| US9887766B2 (en) | Layer-2 extension services | |
| US20030185169A1 (en) | Wireless internet access system | |
| CN107517488A (en) | The method and apparatus of Message processing | |
| CN104023006A (en) | Multi-path transmission system and method based on application layer relaying | |
| US20110170526A1 (en) | Base stations backhaul network with redundant paths | |
| Keukeleire et al. | Increasing broadband reach with hybrid access networks | |
| CN105453499A (en) | System, apparatus and method for providing improved performance of aggregated/bonded network connections between remote sites | |
| CN114338422B (en) | Middle-large enterprise network based on MPLS and realization method thereof | |
| CN117713908A (en) | High-flux satellite network interconnection method and system for distributed sites | |
| CN115175244A (en) | 5G router load sharing method and system | |
| Cisco | Product Overview | |
| Cisco | Product Overview | |
| Frauendorf et al. | IP Networks | |
| CN204013575U (en) | A kind of network management system for satellite system | |
| CN117440271A (en) | Point-to-point cloud private line system based on optical transport network OTN | |
| Sarraf | The spaceway system: a service providers' perspective |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |