CN118488101A - Cloud network system, communication method, device, storage medium, and program product - Google Patents

Cloud network system, communication method, device, storage medium, and program product Download PDF

Info

Publication number
CN118488101A
CN118488101A CN202410948677.1A CN202410948677A CN118488101A CN 118488101 A CN118488101 A CN 118488101A CN 202410948677 A CN202410948677 A CN 202410948677A CN 118488101 A CN118488101 A CN 118488101A
Authority
CN
China
Prior art keywords
node
service
cloud
target
proxy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410948677.1A
Other languages
Chinese (zh)
Inventor
朱同涛
周来
林贤圩
汪永勤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba Cloud Computing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Cloud Computing Ltd filed Critical Alibaba Cloud Computing Ltd
Priority to CN202410948677.1A priority Critical patent/CN118488101A/en
Publication of CN118488101A publication Critical patent/CN118488101A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a cloud network system, a communication method, equipment, a storage medium and a program product. The method comprises the steps of setting proxy nodes in a second cloud network, and configuring domain names of the proxy nodes on client nodes corresponding to cloud services. When the client node accesses the cloud service in the second cloud network, based on the domain name of the proxy node, acquiring the IP address of the proxy node, and forwarding a target access request for accessing the cloud service in the second cloud network to the proxy node according to the IP address of the proxy node; and forwarding the target access request to a target service node providing the target cloud service by the proxy node according to preset forwarding rule information for describing forwarding relations between each access request received by the proxy node and the service nodes in the second cloud network, and forwarding the target access request to the node belonging to the same network segment as the target service node in the first cloud network, thereby avoiding network segment conflict.

Description

Cloud network system, communication method, device, storage medium, and program product
Technical Field
The present application relates to the field of network technologies, and in particular, to a cloud network system, a communication method, a device, a storage medium, and a program product.
Background
With the application and popularity of cloud computing, more and more users are beginning to deploy application systems on the cloud. In order to improve stability of an application system, a Multi-cloud environment (Multi-Cloud Environment) becomes a preferred scheme for deploying the application system by a user, namely, the application system is deployed by depending on cloud services provided by a plurality of different cloud computing manufacturers according to characteristics of the application system, requirements on network bandwidth quality, sensitivity of data and other factors, and the user is protected from risks such as system interruption by virtue of advantages of the Multi-cloud environment.
However, there may be an overlap in network segment division between different cloud vendors, that is, cloud services of different cloud vendors may use the same network segment, which may cause a problem of network segment collision in a multi-cloud environment, that is, when a user requests to access a cloud service of a certain cloud vendor according to an internet protocol (Internet Protocol, IP) address, the access request may be erroneously forwarded to a cloud service of another cloud vendor using the same network segment, which affects the user's use.
Disclosure of Invention
Aspects of the present application provide a cloud network system, a communication method, a device, a storage medium, and a program product for avoiding a network segment collision problem between multiple clouds.
The embodiment of the application provides a cloud network system, which comprises: a first cloud network and a second cloud network that are independent of each other; the second cloud network is provided with a proxy node and at least one service node for providing at least one cloud service; the network segment to which the service node belongs is the same as part of the network segments maintained by the first cloud network; the network segment to which the proxy node belongs is different from each network segment maintained by the first cloud network; the cloud network system further includes: the client node corresponding to the at least one cloud service is pre-configured with the domain name of the proxy node;
The client node is configured to respond to access requirement information of a target service node in the at least one service node, and obtain an internet protocol IP address of the proxy node based on a domain name of the proxy node; sending a target access request to the proxy node according to the IP address of the proxy node;
The proxy node is preconfigured with forwarding rule information, and is used for forwarding the target access request to the target service node according to the forwarding rule information, and the forwarding rule information is used for describing a forwarding relationship between each access request received by the proxy node and the at least one service node.
The embodiment of the application also provides a communication method which is suitable for the client nodes corresponding to at least one cloud service; the first cloud network and the second cloud network are mutually independent, and the second cloud network is provided with a proxy node and at least one service node for providing the at least one cloud service; the network segment to which the service node belongs is the same as part of the network segments maintained by the first cloud network; the network segment to which the proxy node belongs is different from each network segment maintained by the first cloud network; the method comprises the following steps:
acquiring a domain name of the pre-configured proxy node;
Responding to the access demand information of a target service node in the at least one service node, and acquiring an Internet Protocol (IP) address of the proxy node based on the domain name of the proxy node;
Sending a target access request to the proxy node according to the IP address of the proxy node, so that the proxy node forwards the target access request to the target service node according to preset forwarding rule information; the forwarding rule information is used for describing a forwarding relationship between each access request received by the proxy node and the at least one service node.
The embodiment of the application also provides a communication method which is suitable for being deployed at the proxy node of the second cloud network, wherein the second cloud network is mutually independent from the first cloud network, and the second cloud network is further deployed with at least one service node for providing at least one cloud service; the network segment to which the service node belongs is the same as part of the network segments maintained by the first cloud network; the network segment to which the proxy node belongs is different from each network segment maintained by the first cloud network; the method comprises the following steps:
Receiving a target access request sent by a client node; the client node is a client node corresponding to the at least one cloud service and is configured with a domain name of the proxy node; the target access request is sent by the IP address of the proxy node of the client node; the IP address of the proxy node is acquired by the client node based on the pre-configured domain name of the proxy node;
Forwarding the target access request to a target service node in the at least one service node according to preset forwarding rule information; the forwarding rule information is used for describing a forwarding relationship between each access request received by the proxy node and the at least one service node.
The embodiment of the application also provides electronic equipment, which comprises: a memory, a processor, and a communication component; wherein the memory is used for storing a computer program; the processor is coupled to the memory and the communication component for executing the computer program for performing the steps in the communication methods described above.
Embodiments of the present application also provide a computer-readable storage medium storing computer instructions that, when executed by one or more processors, cause the one or more processors to perform the steps in the above-described communication methods.
Embodiments of the present application also provide a computer program product comprising a computer program which, when executed by one or more processors, causes the one or more processors to perform the steps in the respective communication methods described above.
In the embodiment of the application, the proxy node is arranged in the second cloud network, and the domain name of the proxy node is pre-configured on the client node corresponding to the cloud service, so that when the client node needs to access the cloud service in the second cloud network, the client node can acquire the IP address of the proxy node based on the domain name of the proxy node, and forward the target access request for accessing the cloud service in the second cloud network to the proxy node according to the IP address of the proxy node; and forwarding the target access request to a target service node providing the target cloud service by the proxy node according to preset forwarding rule information for describing forwarding relations between each access request received by the proxy node and the service nodes in the second cloud network, and forwarding the target access request to the node belonging to the same network segment as the target service node in the first cloud network, thereby avoiding network segment conflict.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
fig. 1 is a schematic structural diagram of a cloud network system provided by a conventional scheme;
fig. 2a and fig. 2b are schematic structural diagrams of a cloud network system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of another cloud network system according to an embodiment of the present application;
Fig. 4 is a schematic diagram of a forwarding rule information configuration process according to an embodiment of the present application;
Fig. 5 is a schematic diagram of a configuration effect of forwarding rule information according to an embodiment of the present application;
Fig. 6 and fig. 7 are schematic flow diagrams of a communication method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region, and provide corresponding operation entries for the user to select authorization or rejection.
Multi-cloud deployment refers to a user deploying an application or service system in cloud services provided by different cloud vendors. For example, the user rents servers provided by the cloud vendor a, and uses cloud security services provided by the cloud vendor B in these servers to secure data of the servers, and so on. In actual use, different cloud vendors may overlap in network segment partitioning, i.e., cloud services of different cloud vendors may use the same network segment. For example, cloud vendors are accustomed to reserving 100 network segments, and are allocated to management and control or service nodes of the cloud vendors for use, and are not allocated to users for use, so that network segment conflicts may occur.
As shown in fig. 1, the networks of the first cloud network and the second cloud network are independent from each other. The networks of the first cloud network and the second cloud network are mutually independent, namely the first cloud network and the second cloud network have independent network environments and are mutually isolated, and have independent IP address segments and independent management authorities. Generally, the first cloud network and the second cloud network belong to different cloud vendors, but are not limited thereto. Alternatively, the first cloud network and the second cloud network may be different cloud networks belonging to the same cloud vendor. The cloud boundary in fig. 1 refers to an isolation boundary between the first cloud network and the second cloud network. At least one service node is included in the first cloud network and the second cloud network, which may provide cloud services, which may be, but are not limited to: cloud security services, cloud communication services, distributed lock services, data storage services, or cloud computing services, among others. In addition, it should be noted that cloud services provided by service nodes in different cloud networks may be the same or different. Besides cloud services, service nodes in the cloud network can provide various computing, storage, network and other resources, and can be used for users to deploy applications. The application of the user can be cloud service provided by the cloud network, and can also be other applications depending on the cloud service.
In this scenario, the network segment to which the service node 201 in the second cloud network belongs is the same as the network segment to which the service node 202 in the first cloud network belongs, and only the network segments to which both belong are illustrated as 100 network segments in fig. 1, but the present invention is not limited thereto. In the application scenario illustrated in fig. 1, a user may deploy an application in a first cloud network, and the application uses cloud services provided by a second cloud network. For example, an application of a user is deployed in a certain service node of the first cloud network, and a cloud service provided by the service node 201 of the second cloud network is used to provide relevant services for the application deployed in the first cloud network, and for convenience of description and distinction, a node of the cloud service that the user is deployed in the first cloud network and needs to use the service provided by the service node 201 in the second cloud network is referred to as a client node 10. Of course, the user may also deploy an application in the second cloud network and use the cloud service provided in the first cloud network; and the user can also deploy the application in the same cloud network and use the cloud service provided in the same cloud network. In this embodiment, a focus is placed on a scenario in which a user deploys an application in a certain cloud network and uses a cloud service provided in another cloud network, and an explanation is given by taking an example in which a user deploys an application in a first cloud network and the application uses, as a client node, a cloud service provided by a service node 201 in a second cloud network.
The cloud services in the second cloud network may disclose link addresses of the cloud services for access by the user. The user may access a link address of the cloud service when using the cloud service in the second cloud network. Accordingly, the client node 10 may request the domain name resolution node 30 to resolve the domain name of the cloud service in response to the access requirement information for the cloud service (corresponding to step 1 of fig. 1). The domain name resolution node 30 may perform domain name resolution on the domain name of the cloud service to obtain an IP address of the cloud service, that is, an IP address of the service node 201 providing the cloud service; and returns the IP address of the service node 201 providing the cloud service to the client node 10 (corresponding to step 2 of fig. 1).
Since the service node 201 that provides the cloud service and the service node 202 in the first cloud network belong to the same network segment, that is, the service node 201 that provides the cloud service and the service node 202 in the first cloud network have network segment conflicts, the client node 10 does not send an access request for the cloud service to the service node 201 in the second cloud network, but forwards the access request to the service node 202 in the first cloud network (corresponding to step 3 in fig. 1), resulting in an access request forwarding error, and cannot use the cloud service in the second cloud network, thereby affecting the user use.
In order to solve network segment conflict, in some embodiments of the present application, an agent node is set in a second cloud network, and a domain name of the agent node is preconfigured on a client node corresponding to a cloud service, so when the client node needs to access the cloud service in the second cloud network, the client node may obtain an IP address of the agent node based on the domain name of the agent node, and forward a target access request for accessing the cloud service in the second cloud network to the agent node according to the IP address of the agent node; and forwarding the target access request to a target service node providing the target cloud service by the proxy node according to preset forwarding rule information for describing forwarding relations between each access request received by the proxy node and the service nodes in the second cloud network, and forwarding the target access request to the node belonging to the same network segment as the target service node in the first cloud network, thereby avoiding network segment conflict.
The following describes in detail the technical solutions provided by the embodiments of the present application with reference to the accompanying drawings.
It should be noted that: like reference numerals denote like objects in the following figures and embodiments, and thus once an object is defined in one figure or embodiment, further discussion thereof is not necessary in the subsequent figures and embodiments.
Fig. 2a, fig. 2b, and fig. 3 are schematic structural diagrams of a cloud network system according to an embodiment of the present application. In connection with fig. 2a, 2b and 3, the cloud network system comprises: a first cloud network and a second cloud network that are independent of the network. The foregoing may be referred to for network independent explanation and will not be described in detail herein.
In this embodiment, at least one service node 201 is deployed in the second cloud network. Wherein the service node 201 may provide cloud services. In the present application, the cloud service provided by the service node 201 may be any functional cloud service, such as one or more of a cloud security service, a cloud communication service, a distributed lock service, a data storage service, a cloud computing service, a Runtime Application Self Protection (RASP) service, a cloud assistant service, and the like. The plural kinds are 2 kinds or more than 2 kinds. In the embodiment of the present application, the service node 201 that provides the same cloud service may be implemented as one or more physical machines, where multiple refers to 2 or more than 2. Of course, different cloud services may also be deployed on the same physical machine.
In the embodiment of the application, the nodes providing the same cloud service are collectively called a service node. One service node 201 may be implemented to have a device, apparatus, virtual Machine (VM), container, or software function module, etc. that provides cloud services. The device for providing cloud service can be a single server device or a cloud server array. In addition, the device that provides the cloud service may also refer to other computing devices that have corresponding service capabilities, for example, a terminal device (running a service program) such as a computer, and the like. In this embodiment, the service node 201 may be deployed in a cloud, such as a central cloud. Wherein the service nodes 201 are in one-to-one correspondence with cloud services. Accordingly, the service node providing at least one cloud service is at least one. The number of general service nodes is the same as the number of cloud services.
In the embodiment of the application, the user deploys related applications by using cloud services provided by the first cloud network and the second cloud network, so as to realize multi-cloud environment deployment. In the embodiment of the present application, only the application of the user in the first cloud network needs to use the cloud service in the second cloud network is taken as an example for illustration, but not limitation.
In addition to the system embodiments provided in the above embodiments, the present application also provides a communication method, and the communication method provided in the embodiments of the present application is described below as an example from the perspective of the client node and the proxy node, respectively. If the user wants to use the cloud service in the second cloud network, the client node 10 corresponding to the cloud service is needed. The client node 10 is a node for deploying a client corresponding to a cloud service, and may be deployed with a device, a VM, a container, or a software function module of the client corresponding to the cloud service. As shown in fig. 2a, the client node 10 may be deployed in a first cloud network. Accordingly, if the application of the user in the first cloud network is to use the cloud service in the second cloud network, the client node 10 corresponding to the cloud service needs to be deployed in the first cloud network. Of course, as shown in fig. 2b, the client node 10 may also be deployed in other cloud networks than the first cloud network and the second cloud network, such as a third cloud network. The network segments maintained by the third cloud network are different from the network segments maintained by the second cloud network. The third cloud network is independent of the first cloud network and the second cloud network, for example, the third cloud network is independent of the first cloud network and the second cloud network, and belongs to different cloud manufacturers.
In this embodiment, the network segment to which the service node 201 belongs may be partially the same as or may be different from the network segment maintained by the first cloud network. Since the network segment to which the service node 201 belongs is different from the network segment maintained by the first cloud network, there is no network segment collision. Therefore, the embodiment of the present application is mainly described with respect to the scenario that the network segment to which the service node 201 belongs is the same as the partial network segment maintained by the first cloud network. Fig. 2a, 2b and 3 illustrate only 100 network segments of the same network to which the service node 201 belongs as the first cloud network, but are not limited thereto.
In the embodiment of the present application, in order to solve the problem of network segment collision between the first cloud network and the second cloud network, the proxy node 40 is deployed in the second cloud network.
In the embodiment of the present application, the specific implementation form of the proxy node 40 is not limited. The proxy node 40 may be implemented as a computing device, apparatus, VM, container, or software function module, etc. The proxy node 40 and the service node 201 may be in the same physical machine or in different physical machines.
In the embodiment of the present application, in order to ensure that the proxy node 40 does not cause network segment collision, the network segment to which the proxy node 40 belongs may be configured to be different from each network segment maintained by the first cloud network. Further, the domain name of the proxy node 40 may be preconfigured at the client node 10, and when the client node 10 needs to access the cloud service provided by the service node 201, the client node 10 may obtain the IP address of the proxy node 40 based on the domain name of the proxy node 40 in response to the access requirement information to the service node 201. In the embodiments of the present application, for convenience of description and distinction, a cloud service that the client node 10 needs to access is defined as a target cloud service; and defines a service node 201 providing the target cloud service as the target service node 201.
The client node 10 obtains access requirement information for the service node 201, where the access requirement information is a trigger condition for the client node 10 to obtain the IP address of the proxy node 40 based on the domain name of the proxy node 40. That is, when the client node 10 has an access request to the service node 201, it starts to execute a step of acquiring the IP address of the proxy node 40 based on the domain name of the proxy node 40. The access requirement information is used to reflect the requirement of the client node 10 to access the target cloud service, and may include: access purpose or intention, and identification information of the service node 201 or identification information of cloud service provided by the service node 201, and the like. The client node 10 may determine that the service node 201 belongs to the second cloud network according to the identification information of the service node 201 or the identification information of the cloud service provided by the service node 201 and the belonging relationship between the service node 201 and the cloud network, which are included in the access description information, so as to obtain the domain name of the proxy node 40 deployed in the second cloud network from the domain name of the pre-configured proxy node, and further perform domain name resolution on the domain name of the proxy node 40 through the domain name server, to obtain the IP address of the proxy node 40.
Accordingly, as shown in fig. 2a and 2b, the client node 10 may obtain the IP address of the proxy node 40 based on the domain name of the proxy node 40 in response to the access requirement information to the target service node 201 (corresponding to step 1 of fig. 2a and 2 b). Specifically, as shown in step 1 of fig. 3, the client node 10 may request the Domain name system (Domain NAME SYSTEM, DNS) resolution node 30 in the first cloud network to perform Domain name resolution on the Domain name of the proxy node 40. Specifically, proxy node 40 may send a DNS request to DNS resolution node 30. The DNS request may include the domain name of the proxy node 40 to request the DNS server to perform domain name resolution on the domain name of the proxy node. The DNS resolution node 30 may perform domain name resolution on the domain name of the proxy node in response to the DNS request to obtain an IP address corresponding to the domain name of the proxy node; and returns the IP address corresponding to the domain name of the proxy node to the proxy node 40 (corresponding to step 2 of fig. 3). The IP address corresponding to the domain name of the proxy node is the IP address of the proxy node 40. Fig. 3 illustrates that the client node 10 is disposed in the first cloud network only, however, the client node 10 may be disposed in other cloud networks other than the first cloud network and the second cloud network, such as the third cloud network.
Accordingly, the client node 10 may receive the IP address of the proxy node and send a target access request to the proxy node 40 according to the IP address of the proxy node 40 (corresponding to step 2 of fig. 2a and 2b and step 3 of fig. 3). Specifically, the client node 10 may generate a target access request whose request body is the access requirement information and whose destination IP address is the IP address of the proxy node 40. Based on the destination IP address, the proxy node 40 may send the target access request to the proxy node 40, so that the target access request for accessing the target service node is forwarded from the first cloud network, rather than being forwarded to a node in the first cloud network, which belongs to the same network segment as the target service node, thereby avoiding network segment collision.
Since the client node 10 needs to access a target service node that provides a target cloud service, the proxy node 40 also needs to forward the target access request to the target service node 201. In order for the proxy node 40 to be able to forward the target access request to the target service node 201, a forwarding relationship describing each access request received by the proxy node and the service node in the second cloud network may be preconfigured in the proxy node 40. Accordingly, the proxy node 40 is preconfigured with forwarding rule information. The forwarding rule information is used to describe a forwarding relationship between each access request received by the proxy node 40 and a service node in the second cloud network. Accordingly, the proxy node 40 may forward the target access request to the target service node 201 according to the forwarding rule information (corresponding to step 3 of fig. 3 and step 4 of fig. 3).
Specifically, the proxy node 40 may determine, according to the forwarding relationship between each access request received by the proxy node 40 and the service node in the second cloud network in the forwarding rule information, a target service node to which the target access request is to be forwarded; and forwards the target access request to the target service node 201.
In the embodiment of the present application, a specific implementation form of the forwarding relationship between each access request received by the proxy node and the service node in the second cloud network is not limited, and in some embodiments, the port of the proxy node may be bound with the cloud service in advance. The port of the proxy node is a virtual port, which refers to the port inside the proxy node. Optionally, each port of the proxy node may bind one cloud service, such that for a scenario where at least one cloud service exists for the aforementioned second cloud network, at least one port of the proxy node may bind the at least one cloud service. For a scenario that a plurality of cloud services exist in the second cloud network, a plurality of ports of the proxy node can be respectively bound with the plurality of cloud services, wherein one port is bound with one cloud service. Because the cloud service and the service node are corresponding, after the port of the proxy node binds the cloud service, the service node corresponding to each port is determined, that is, the service node corresponding to each port is the service node providing the cloud service bound by the port. Accordingly, the forwarding relationship between each access request received by the proxy node and the service node in the second cloud network may include: correspondence between at least one port of a proxy node and at least one service node.
In an embodiment of the present application, forwarding rule information in proxy node 40 is preconfigured. Forwarding rule configuration information may be obtained for proxy node 40. The forwarding rule configuration information may include: the port to be configured and the identification of the service node corresponding to the port to be configured. And forwarding the identification of the service node corresponding to the port to be configured contained in the rule configuration information to identify the service node providing cloud service in the second cloud network. The identification of the service node may be information that uniquely identifies a service node, and may be an IP address, a number, or an Identity (ID) of the service node, etc.
In the embodiment of the present application, the specific implementation form of the proxy node 40 for acquiring the forwarding rule configuration information is not limited. In some embodiments, as shown in fig. 4, the proxy node 40 corresponds to a proxy management node 50, the proxy management node 50 being deployed in the second cloud network. Proxy management node 50 may provide a forwarding rule configuration page (not shown in fig. 4) through which a user or technician may configure a corresponding service node for a port of proxy node 40. Further, the proxy management and control node 50 may obtain forwarding rule configuration information configured based on the forwarding rule configuration page, that is, obtain the port to be configured and the identifier of the service node corresponding to the port to be configured. Based on this, the proxy node 40 may obtain forwarding rule configuration information from the proxy management node 50.
The maintainer can directly configure the forwarding rule through the forwarding rule configuration page, does not need to learn configuration files such as extensible markup language (Extensible Markup Language, XML) and the like, can improve convenience of forwarding rule configuration, and is convenient for users to use.
In some embodiments, the proxy management node 50 may issue forwarding rule configuration information to the proxy node 40, and the proxy node 40 receives the forwarding rule configuration information issued by the proxy management node 50. Or the proxy node 40 may pull forwarding rule configuration information from the proxy management node 50. Alternatively, the proxy node 40 may periodically pull forwarding rule configuration information, etc., from the proxy management node 50 at a set configuration period.
The proxy node 40 configures information based on the acquired forwarding rules. The forwarding rule configuration information includes: the port to be configured and the identification of the service node corresponding to the port to be configured. The ports to be configured include the ports of the proxy node 40, such as the port a and the port B shown in fig. 4. The identification of the service node includes: identification of a service node in the second cloud network. Further, the proxy node 40 may start the port to be configured according to the port to be configured and the identifier of the service node corresponding to the port to be configured included in the forwarding rule configuration information, and generate the corresponding relationship between the port of the proxy node and the service node in the second cloud network.
The ports to be configured included in the forwarding rule configuration information may be 1 or more, where a plurality refers to 2 or more than 2 ports. For the embodiment that the ports to be configured are multiple, multiple ports of the proxy node bind multiple cloud services, and the multiple ports correspond to service nodes corresponding to the multiple cloud services respectively. For example, as shown in fig. 5, if the port a binds to the cloud security service, the port a corresponds to a service node that provides the cloud security service; port B binds RASP service, and then port B corresponds to a service node providing RASP service; the port C is bound with the cloud assistant service, and the port C corresponds to a service node for providing the cloud assistant service; and if the expansion port binds other cloud services, the expansion port corresponds to a service node providing other services.
By generating the corresponding relation between the plurality of ports of the proxy node and the plurality of service nodes in the second cloud network in the above manner, the proxy multi-lease problem is solved, that is, the client node 10 corresponding to each of the plurality of cloud services can access the corresponding cloud service in the second cloud network through the proxy node 40, and the problem of network segment conflict does not exist. The manner in which the client node 10 can access any one of the cloud services in the second cloud network through the proxy node is the same or similar, and reference is made to the foregoing and following embodiments.
In the embodiment of the present application, the proxy node 40 may obtain new forwarding rule configuration information when the configured port is opened; and according to the new forwarding rule configuration information, the new port is started, and a corresponding relation between the new port and the new service node is established, so that the hot start of the new port and the new forwarding rule information can be realized without interrupting the forwarding process of the proxy node 40, and the service performance of the proxy node can be improved.
In some embodiments, the proxy node 40 may obtain forwarding rule configuration information during forwarding of the aforementioned target access request. The port to be configured included in the forwarding rule configuration information is other ports except the at least one port on the proxy node. The proxy node 40 may start the port to be configured according to the identification of the port to be configured and the service node corresponding to the port to be configured contained in the forwarding rule configuration information obtained currently without interrupting the forwarding process of the target access request, and start the correspondence between the port to be configured and the respective corresponding service node, where the correspondence is new forwarding rule information. In this way, the hot start of the new forwarding information rule can be realized without interrupting the forwarding process of the proxy node 40, which is helpful for improving the service performance of the proxy node.
In this embodiment, the binding relationship between the port of the proxy node and the cloud service is disclosed to the outside, that is, the binding relationship between the proxy node 40 and the cloud service is disclosed to the outside. For the client node 10, according to the access requirement information, determining the cloud service to be accessed, namely determining the target cloud service; based on the binding relation between the port of the proxy node and the cloud service, acquiring a target port of the cloud service binding to be accessed; further, a target access request with the destination IP address being the IP address of the proxy node and the destination port being the target port may be generated. Because the destination IP address of the target access request is the IP address of the proxy node and the destination port is the destination port on the proxy node, the client node may send the target access request to the proxy node 40, thereby forwarding the target access request for accessing the target service node from the first cloud network, rather than forwarding the target access request to a node in the first cloud network that belongs to the same network segment as the target service node, so as to avoid network segment collision.
For proxy node 40, a target access request may be received on a target port. Because the corresponding relationship between the port of the proxy node and the service node in the second cloud network is preconfigured, the proxy node 40 may forward the target access request to the service node corresponding to the target port based on the relationship between the port and the service node in the second cloud network, where the service node corresponding to the target port is the target service node.
Specifically, the proxy node 40 may determine a service node corresponding to the target port based on a correspondence between the port and the service node in the second cloud network, that is, determine the target service node, and establish a network channel between the target port and the target service node; the target access request may then be forwarded to the target service node through the network channel.
In this embodiment, by setting a proxy node in the second cloud network and pre-configuring a domain name of the proxy node on a client node corresponding to the target cloud service, when the client node needs to access the cloud service in the second cloud network, the client node may obtain an IP address of the proxy node based on the domain name of the proxy node, and forward a target access request for accessing the cloud service in the second cloud network to the proxy node according to the IP address of the proxy node; and forwarding the target access request to a target service node providing the target cloud service by the proxy node according to preset forwarding rule information for describing forwarding relations between each access request received by the proxy node and the service nodes in the second cloud network, and forwarding the target access request to the node belonging to the same network segment as the target service node in the first cloud network, thereby avoiding network segment conflict.
To improve the availability of the proxy nodes, the proxy nodes 40 may be provided in a plurality, that is, the cloud network system includes a plurality of proxy nodes 40, and the working principle of each proxy node 40 is the same as that of the pre-configured forwarding rule information. Multiple proxy nodes 40 have the same IP address. Multiple proxy nodes 40 may form a load balancing (Server Load Balancing, SLB) cluster. Accordingly, a load balancing (SLB) node (not shown in the figures) may also be deployed in the second cloud network. The SLB node may balance the access requests among the plurality of proxy nodes 40.
Alternatively, the SLB node may balance the access request among the plurality of proxy nodes 40 according to a preset load balancing policy. For example, the SLB node may balance the access requests among the plurality of proxy nodes 40 according to a preset polling load balancing policy. I.e., the SLB node may assign access requests to a plurality of proxy nodes 40 chronologically one by one. Or the SLB node may balance the access request among the plurality of proxy nodes 40 according to the weights of the proxy nodes. The weight is used for specifying polling probability, the weight of the proxy node is in direct proportion to the access ratio, and the method is used for the condition of uneven performance of the proxy node. The higher the weight of the proxy node, the greater the probability of being accessed. Or the SLB node may equalize the access requests among the plurality of proxy nodes 40 according to an IP hash (ip_hash) policy. The IP hash policy refers to performing hash (hash) calculation on a source IP address of each access request, where each access request is distributed to proxy nodes according to a hash result of the source IP address, so that each access user's request fixedly accesses one proxy node. Or the SLB node may equalize the access requests among the plurality of proxy nodes 40 according to an equal (Fair) policy. The fairpolicy is to allocate an access request to a plurality of proxy nodes (response time is used to allocate an access request to a proxy node having a short response time preferentially).
Fig. 6 is a flow chart of a communication method according to an embodiment of the present application. The communication method is mainly applicable to the client nodes in the first cloud network. As shown in fig. 6, the communication method mainly includes:
601. And acquiring the domain name of the pre-configured proxy node.
602. And responding to the access demand information of the target service node in the at least one service node, and acquiring the IP address of the proxy node based on the domain name of the proxy node.
603. According to the IP address of the proxy node, a target access request is sent to the proxy node so that the proxy node can forward the target access request to a target service node according to forwarding rule information; the forwarding rule information is used for describing a forwarding relationship between each access request received by the proxy node and at least one service node.
Fig. 7 is a flow chart of another communication method according to an embodiment of the present application. The communication method is mainly applicable to proxy nodes in the second cloud network. As shown in fig. 7, the communication method mainly includes:
701. Receiving a target access request sent by a deployment client node; the client nodes are client nodes corresponding to at least one cloud service and are configured with domain names of proxy nodes; the target access request is sent by the IP address of the proxy node of the client node; the IP address of the proxy node is obtained by the client node based on the domain name of the pre-configured proxy node.
702. Forwarding the target access request to a target service node in the at least one service node according to the pre-configured forwarding rule information; the forwarding rule information is used for describing a forwarding relationship between each access request received by the proxy node and at least one service node.
In this embodiment, the first cloud network and the second cloud network are independent from each other, and the second cloud network is deployed with a proxy node and at least one service node for providing at least one cloud service; the client nodes are client nodes corresponding to at least one cloud service; the network segment to which the service node belongs is the same as part of network segments maintained by the first cloud network; the network segment to which the proxy node belongs is different from each network segment maintained by the first cloud network. The client node may be deployed in the first cloud network, or may be deployed in other cloud networks than the first cloud network and the second cloud network. The communication method shown in fig. 6 is mainly applicable to client nodes. The communication method shown in fig. 7 is mainly applicable to proxy nodes in the second cloud network. Regarding the implementation forms of the service node, the proxy node, the client node and the cloud service, reference may be made to the relevant content of the foregoing system embodiments, which are not described herein again.
In the embodiment of the application, in order to solve the problem of network segment conflict between the first cloud network and the second cloud network, proxy nodes are deployed in the second cloud network. In the embodiment of the application, in order to ensure that the proxy node does not cause network segment conflict, the network segment to which the configurable proxy node belongs is different from each network segment maintained by the first cloud network. Further, the domain name of the proxy node may be preconfigured at the client node, and when the client node needs to access the cloud service provided by the service node, in step 601, the domain name of the proxy node may be obtained; and in step 602, the IP address of the proxy node is obtained based on the domain name of the proxy node in response to the access requirement information for the service node. In the embodiments of the present application, for convenience of description and distinction, a cloud service to be accessed by a client node is defined as a target cloud service; and defining the service node providing the target cloud service as a target service node.
Accordingly, the IP address of the proxy node may be obtained based on the domain name of the proxy node in response to the access demand information for the target service node. Specifically, a domain name resolution node in the first cloud network may be requested to perform domain name resolution on a domain name of the proxy node, and an IP address returned by the domain name resolution node may be received as the IP address of the proxy node. Further, in step 603, a target access request may be sent to the proxy node based on the IP address of the proxy node. Specifically, a target access request whose request body is access requirement information and whose destination IP address is the IP address of the proxy node may be generated. Based on the destination IP address, the proxy node 40 may send the target access request to the proxy node, so as to forward the target access request for accessing the target service node from the first cloud network, instead of forwarding the target access request to a node in the first cloud network, which belongs to the same network segment as the target service node, thereby avoiding network segment collision.
Since the client node needs to access a target service node that provides the target cloud service, the proxy node also needs to forward the target access request to the target service node. In order for the proxy node to be able to forward the target access request to the target service node, a forwarding relationship describing each access request received by the proxy node and the service node in the second cloud network may be preconfigured in the proxy node. Accordingly, the proxy node is preconfigured with forwarding rule information. The forwarding rule information is used for describing forwarding relations between each access request received by the proxy node and the service nodes in the second cloud network. Accordingly, for the proxy node, in step 701, a target access request sent by a client node deployed in the first cloud network may be received; and in step 702, the target access request may be forwarded to the target service node according to the forwarding rule information.
Specifically, according to the forwarding relation between each access request received by the proxy node and the service node in the second cloud network, which is used for describing the forwarding rule information, a target service node to which the target access request is to be forwarded can be determined; and forwarding the target access request to the target service node.
In the embodiment of the present application, a specific implementation form of the forwarding relationship between each access request received by the proxy node and the service node in the second cloud network is not limited, and in some embodiments, the port of the proxy node may be bound with the cloud service in advance. The port of the proxy node is a virtual port, which refers to the port inside the proxy node. Optionally, each port of the proxy node may bind one cloud service, such that for a scenario where at least one cloud service exists for the aforementioned second cloud network, at least one port of the proxy node may bind the at least one cloud service. For a scenario that a plurality of cloud services exist in the second cloud network, a plurality of ports of the proxy node can be respectively bound with the plurality of cloud services, wherein one port is bound with one cloud service. Because the cloud service and the service node are corresponding, after the port of the proxy node binds the cloud service, the service node corresponding to each port is determined, that is, the service node corresponding to each port is the service node providing the cloud service bound by the port. Accordingly, the forwarding relationship between each access request received by the proxy node and the service node in the second cloud network may include: correspondence between at least one port of a proxy node and at least one service node.
In the embodiment of the application, the forwarding rule information in the proxy node is preconfigured. For proxy nodes, forwarding rule configuration information may be obtained. The forwarding rule configuration information may include: the port to be configured and the identification of the service node corresponding to the port to be configured. And forwarding the identification of the service node corresponding to the port to be configured contained in the rule configuration information to identify the service node providing cloud service in the second cloud network. The identification of the service node may be information that uniquely identifies a service node, and may be an IP address, a number, or an Identity (ID) of the service node, etc.
In the embodiment of the application, the specific implementation form of the agent node for acquiring the forwarding rule configuration information is not limited. In some embodiments, the proxy node corresponds to a proxy management node deployed in the second cloud network. The proxy management and control node may provide a forwarding rule configuration page through which a user or technician may configure a corresponding service node for a port of the proxy node. Further, the proxy management and control node 50 may obtain forwarding rule configuration information configured based on the forwarding rule configuration page, that is, obtain the port to be configured and the identifier of the service node corresponding to the port to be configured. Based on this, the proxy node may obtain forwarding rule configuration information from the proxy management node.
The maintainer can directly configure the forwarding rule through the forwarding rule configuration page, does not need to learn configuration files such as XML (extensive markup language), and the like, can improve the convenience of forwarding rule configuration, and is convenient for users to use.
In some embodiments, the proxy management node may issue forwarding rule configuration information to the proxy node, and the proxy node receives the forwarding rule configuration information issued by the proxy management node. Or the proxy node may pull forwarding rule configuration information from the proxy management node. Alternatively, the proxy node may periodically pull forwarding rule configuration information from the proxy management node, etc., according to a set configuration period.
The proxy node configures information based on the acquired forwarding rules. The forwarding rule configuration information includes: the port to be configured and the identification of the service node corresponding to the port to be configured. The identification of the service node includes: identification of a service node in the second cloud network. Further, the proxy node may start the port to be configured according to the port to be configured and the identifier of the service node corresponding to the port to be configured included in the forwarding rule configuration information, and generate a corresponding relationship between the port of the proxy node and the service node in the second cloud network.
The ports to be configured included in the forwarding rule configuration information may be 1 or more, where a plurality refers to 2 or more than 2 ports. For the embodiment that the ports to be configured are multiple, multiple ports of the proxy node bind multiple cloud services, and the multiple ports correspond to service nodes corresponding to the multiple cloud services respectively.
By the method, the corresponding relation between the plurality of ports of the proxy node and the plurality of service nodes in the second cloud network is generated, and the problem of proxy multi-lease is solved, namely, the client nodes corresponding to the cloud services can access the corresponding cloud services in the second cloud network through the proxy node, and the problem of network segment conflict does not exist. The manner in which the client node may access any one of the cloud services in the second cloud network through the proxy node may be the same or similar, see the foregoing and related content of the embodiments described below.
In the embodiment of the application, the proxy node can acquire new forwarding rule configuration information under the condition that the configured port is opened; and starting a new port according to the new forwarding rule configuration information, and establishing a corresponding relation between the new port and the new service node, so that the hot start of the new port and the new forwarding rule information can be realized under the condition of not interrupting the forwarding process of the proxy node, and the service performance of the proxy node is improved.
In some embodiments, the proxy node may obtain forwarding rule configuration information during forwarding of the aforementioned target access request. The port to be configured included in the forwarding rule configuration information is other ports except the at least one port on the proxy node. The proxy node can start the port to be configured according to the port to be configured and the identification of the service node corresponding to the port to be configured contained in the forwarding rule configuration information obtained at present under the condition of not interrupting the forwarding process of the target access request, and start the corresponding relationship between the port to be configured and the corresponding service node, wherein the corresponding relationship is the new forwarding rule information. Therefore, the hot start of the new forwarding information rule can be realized under the condition of not interrupting the forwarding process of the proxy node, and the service performance of the proxy node can be improved.
In this embodiment, the binding relationship between the port of the proxy node and the cloud service is disclosed to the outside, that is, the binding relationship between the proxy node and the cloud service is disclosed to the outside. For the client node, according to the access requirement information, determining the cloud service to be accessed, namely determining a target cloud service; based on the binding relation between the port of the proxy node and the cloud service, acquiring a target port of the cloud service binding to be accessed; further, a target access request with the destination IP address being the IP address of the proxy node and the destination port being the target port may be generated. Because the destination IP address of the target access request is the IP address of the proxy node and the destination port is the target port on the proxy node, the client node can send the target access request to the proxy node, so that the target access request for accessing the target service node is forwarded from the first cloud network instead of being forwarded to the node belonging to the same network segment as the target service node in the first cloud network, and network segment collision is avoided.
For a proxy node, a target access request may be received on a target port. Because the corresponding relation between the port of the proxy node and the service node in the second cloud network is pre-configured, the proxy node can forward the target access request to the service node corresponding to the target port based on the relation between the port and the service node in the second cloud network, and the service node corresponding to the target port is the target service node.
Specifically, the proxy node may determine a service node corresponding to the target port based on a correspondence between the port and the service node in the second cloud network, that is, determine the target service node, and establish a network channel between the target port and the target service node; the target access request may then be forwarded to the target service node through the network channel.
In this embodiment, by setting a proxy node in the second cloud network and pre-configuring a domain name of the proxy node on a client node corresponding to the target cloud service, when the client node needs to access the cloud service in the second cloud network, the client node may obtain an IP address of the proxy node based on the domain name of the proxy node, and forward a target access request for accessing the cloud service in the second cloud network to the proxy node according to the IP address of the proxy node; and forwarding the target access request to a target service node providing the target cloud service by the proxy node according to preset forwarding rule information for describing forwarding relations between each access request received by the proxy node and the service nodes in the second cloud network, and forwarding the target access request to the node belonging to the same network segment as the target service node in the first cloud network, thereby avoiding network segment conflict.
In order to improve the availability of the proxy nodes, the proxy nodes can be arranged in a plurality, namely the cloud network system comprises a plurality of proxy nodes, and the working principle of each proxy node is the same as that of the pre-configured forwarding rule information. Multiple proxy nodes have the same IP address. Multiple proxy nodes may form a load balancing (SLB) cluster. Accordingly, a load balancing (SLB) node may also be deployed in the second cloud network. The SLB node may balance the access request among the plurality of proxy nodes. For a specific implementation manner in which the SLB balances the access requests among the plurality of proxy nodes, reference may be made to the relevant content of the foregoing system embodiment, which is not described herein.
It should be noted that, the execution subjects of each step of the method provided in the above embodiment may be the same device, or the method may also be executed by different devices. For example, the execution subject of steps 601 and 602 may be device a; for another example, the execution body of step 601 may be device a, and the execution body of step 602 may be device B; etc.
In addition, in some of the flows described in the above embodiments and the drawings, a plurality of operations appearing in a specific order are included, but it should be clearly understood that the operations may be performed out of the order in which they appear herein or performed in parallel, the sequence numbers of the operations such as 601, 602, etc. are merely used to distinguish between the various operations, and the sequence numbers themselves do not represent any order of execution. In addition, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel.
Accordingly, embodiments of the present application also provide a computer-readable storage medium storing computer instructions that, when executed by one or more processors, cause the one or more processors to perform the steps in the above-described communication methods.
Embodiments of the present application also provide a computer program product comprising a computer program which, when executed by one or more processors, causes the one or more processors to perform the steps in the respective communication methods described above.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 8, the electronic device includes: memory 80a, processor 80b, and communication component 80c. Wherein the memory 80a is used for storing a computer program.
The processor 80b is coupled to the memory 80a and the communication component 80c for executing computer programs for performing the steps in the communication method provided by the foregoing embodiments. For the specific implementation of each step, reference may be made to the related description of the foregoing embodiments, which is not repeated herein.
In some alternative embodiments, as shown in fig. 8, the electronic device may further include: optional components such as a power supply component 80d, a display component 80e, and an audio component 80 f. Only a part of the components are schematically shown in fig. 8, which does not mean that the electronic device must contain all the components shown in fig. 8, nor that the electronic device can only contain the components shown in fig. 8.
In addition, the components within the dashed box in fig. 8 are optional components, not necessarily optional components, depending on the product form of the electronic device. The electronic device of the embodiment can be implemented as terminal devices such as a desktop computer, a notebook computer, a mobile phone or an internet of things device; and can also be a traditional server, a cloud server or a server cluster and other various server devices.
In an embodiment of the present application, the memory is used to store a computer program and may be configured to store various other data to support operations on the device on which it resides. Wherein the processor may execute a computer program stored in the memory to implement the corresponding control logic. The Memory may be implemented by any type or combination of volatile or non-volatile Memory devices, such as Static Random-Access Memory (SRAM), electrically erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY, EEPROM), erasable programmable Read-Only Memory (ELECTRICAL PROGRAMMABLE READ ONLY MEMORY, EPROM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic or optical disk.
In an embodiment of the present application, the processor may be any hardware processing device that may execute the above-described method logic. Alternatively, the processor may be a central processing unit (Central Processing Unit, CPU), a graphics processor (Graphics Processing Unit, GPU) or a micro-control unit (Microcontroller Unit, MCU); programmable devices such as Field-Programmable gate arrays (Field-Programmable GATE ARRAY, FPGA), programmable array Logic devices (Programmable Array Logic, PAL), general-purpose array Logic devices (GENERAL ARRAY Logic, GAL), complex Programmable Logic devices (Complex Programmable Logic Device, CPLD), and the like; or an advanced reduced instruction set (Reduced Instruction Set Compute, RISC) processor (ADVANCED RISC MACHINES, ARM) or a System on Chip (SoC), etc., but is not limited thereto.
In an embodiment of the application, the communication component is configured to facilitate wired or wireless communication between the device in which it is located and other devices. The device in which the communication component is located may access a wireless network based on a communication standard, such as wireless fidelity (WIRELESS FIDELITY, WIFI), 2G or 3G,4G,5G, or a combination thereof. In one exemplary embodiment, the communication component receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the Communication component may also be implemented based on Near Field Communication (NFC) technology, radio frequency identification (Radio Frequency Identification, RFID) technology, infrared data Association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, or other technologies.
In an embodiment of the present application, the display assembly may include a Liquid crystal display (Liquid CRYSTAL DISPLAY, LCD) and a Touch Panel (TP). If the display assembly includes a touch panel, the display assembly may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or sliding action, but also the duration and pressure associated with the touch or sliding operation.
In an embodiment of the application, the power supply assembly is configured to provide power to the various components of the device in which it is located. The power components may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the devices in which the power components are located.
In embodiments of the application, the audio component may be configured to output and/or input audio signals. For example, the audio component includes a Microphone (MIC) configured to receive external audio signals when the device in which the audio component is located is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signal may be further stored in a memory or transmitted via a communication component. In some embodiments, the audio assembly further comprises a speaker for outputting audio signals. For example, for a device with language interaction functionality, voice interaction with a user, etc., may be accomplished through an audio component.
It should be noted that, the descriptions of "first" and "second" herein are used to distinguish different messages, devices, modules, etc., and do not represent a sequence, and are not limited to the "first" and the "second" being different types.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk storage, CD-ROM (Compact Disc Read-Only Memory), optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs, etc.), input/output interfaces, network interfaces, and memory.
The Memory may include volatile Memory, random-Access Memory (RAM), and/or nonvolatile Memory in a computer-readable medium, such as read-only Memory (ROM) or flash RAM. Memory is an example of computer-readable media.
The storage medium of the computer is a readable storage medium, which may also be referred to as a readable medium. Readable storage media, including both permanent and non-permanent, removable and non-removable media, may be implemented in any method or technology for information storage. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase-Change Memory (PRAM), static Random Access Memory (SRAM), dynamic random access Memory (Dynamic Random Access Memory, DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash Memory or other Memory technology, compact disc read only Memory (CD-ROM), digital versatile disks (Digital Video Disc, DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by the computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims (14)

1. A cloud network system, comprising: a first cloud network and a second cloud network that are independent of each other; the second cloud network is provided with a proxy node and at least one service node for providing at least one cloud service; the network segment to which the service node belongs is the same as part of the network segments maintained by the first cloud network; the network segment to which the proxy node belongs is different from each network segment maintained by the first cloud network;
the cloud network system further includes: a client node corresponding to the at least one cloud service; the domain name of the proxy node is preconfigured on the client node;
The client node is configured to respond to access requirement information of a target service node in the at least one service node, and obtain an internet protocol IP address of the proxy node based on a domain name of the proxy node; sending a target access request to the proxy node according to the IP address of the proxy node;
The proxy node is preconfigured with forwarding rule information, and is used for forwarding the target access request to the target service node according to the forwarding rule information, and the forwarding rule information is used for describing a forwarding relationship between each access request received by the proxy node and the at least one service node.
2. The system of claim 1, wherein at least one port of the proxy node binds the at least one cloud service, and wherein the proxy node externally exposes a binding relationship between the at least one port and the at least one cloud service; the forwarding relationship includes: a correspondence between the at least one port and the at least one service node;
The client node is specifically configured to: according to the access demand information, determining cloud services to be accessed; acquiring a target port of the cloud service binding to be accessed based on the binding relation; generating a target access request with a target IP address being the IP address of the proxy node and a target port being the target port, and sending the target access request to the proxy node;
The proxy node is specifically configured to: and under the condition that the target access request is received on the target port, forwarding the target access request to the target service node based on the corresponding relation between the at least one port and the at least one service node, wherein the target service node refers to the service node corresponding to the target port.
3. The system of claim 2, wherein the proxy node is further configured to:
If forwarding rule configuration information is obtained in the process of forwarding the target access request, under the condition that the forwarding process of the target access request is not interrupted, starting a port to be configured according to the port to be configured and the identification of a service node corresponding to the port to be configured, which are contained in the forwarding rule configuration information, and generating a corresponding relation between the port to be configured and the corresponding service node; the port to be configured is another port except the at least one port on the proxy node.
4. A system according to any of claims 1-3, wherein the client node is deployed on the first cloud network.
5. A system according to any one of claims 1-3, wherein the proxy node is a plurality of proxy nodes, the plurality of proxy nodes having the same IP address; the second cloud network is further provided with a load balancing node;
the load balancing node is configured to balance the access request among the plurality of proxy nodes.
6. A communication method, which is characterized by being applicable to client nodes corresponding to at least one cloud service; the first cloud network and the second cloud network are mutually independent, and the second cloud network is provided with a proxy node and at least one service node for providing the at least one cloud service; the network segment to which the service node belongs is the same as part of the network segments maintained by the first cloud network; the network segment to which the proxy node belongs is different from each network segment maintained by the first cloud network;
The method comprises the following steps:
acquiring a domain name of the pre-configured proxy node;
Responding to the access demand information of a target service node in the at least one service node, and acquiring an Internet Protocol (IP) address of the proxy node based on the domain name of the proxy node;
Sending a target access request to the proxy node according to the IP address of the proxy node, so that the proxy node forwards the target access request to the target service node according to preset forwarding rule information; the forwarding rule information is used for describing a forwarding relationship between each access request received by the proxy node and the at least one service node.
7. The method of claim 6, wherein at least one port of the proxy node binds the at least one cloud service, and wherein the proxy node externally exposes a binding relationship between the at least one port and the at least one cloud service; the forwarding relationship includes: a correspondence between the at least one port and the at least one service node;
the sending, according to the IP address of the proxy node, a target access request to the proxy node includes:
according to the access demand information, determining cloud services to be accessed;
acquiring a target port of the cloud service binding to be accessed based on the binding relation;
generating a target access request with a target IP address being the IP address of the proxy node and a target port being the target port;
and sending the target access request to the proxy node.
8. The communication method is characterized by being suitable for being deployed on proxy nodes of a second cloud network, wherein the second cloud network is independent of the first cloud network, and at least one service node for providing at least one cloud service is also deployed on the second cloud network; the network segment to which the service node belongs is the same as part of the network segments maintained by the first cloud network; the network segment to which the proxy node belongs is different from each network segment maintained by the first cloud network; the method comprises the following steps:
Receiving a target access request sent by a client node; the client node is a client node corresponding to the at least one cloud service and is configured with a domain name of the proxy node; the target access request is sent by the IP address of the proxy node of the client node; the IP address of the proxy node is acquired by the client node based on the pre-configured domain name of the proxy node;
Forwarding the target access request to a target service node in the at least one service node according to preset forwarding rule information; the forwarding rule information is used for describing a forwarding relationship between each access request received by the proxy node and the at least one service node.
9. The method of claim 8, wherein at least one port of the proxy node binds the at least one cloud service, and wherein the proxy node externally exposes a binding relationship between the at least one port and the at least one cloud service; the forwarding relationship includes: a correspondence between the at least one port and the at least one service node;
The target IP address of the target access request is the IP address of the proxy node, and the target port is the target port of the cloud service binding to be accessed by the client node;
The method further comprises the steps of:
and under the condition that the target access request is received on the target port, forwarding the target access request to the target service node based on the corresponding relation between the at least one port and the at least one service node, wherein the target service node refers to the service node corresponding to the target port.
10. The method of claim 9, wherein the forwarding the target access request to the target service node based on the correspondence between the at least one port and the at least one service node comprises:
establishing a network channel between the target port and the target service node according to the corresponding relation between the at least one port and the at least one service node;
And forwarding the target access request to the target service node through the network channel.
11. The method as recited in claim 9, further comprising:
If forwarding rule configuration information is obtained in the process of forwarding the target access request, under the condition that the forwarding process of the target access request is not interrupted, starting the port to be configured according to the port to be configured and the identification of the service node corresponding to the port to be configured, which are contained in the forwarding rule configuration information, and generating the corresponding relation between the port to be configured and the corresponding service node; the port to be configured is another port except the at least one port on the proxy node.
12. An electronic device, comprising: a memory, a processor, and a communication component; wherein the memory is used for storing a computer program;
The processor is coupled to the memory and the communication component for executing the computer program for the steps in the method of any of claims 6-11.
13. A computer-readable storage medium storing computer instructions that, when executed by one or more processors, cause the one or more processors to perform the steps in the method of any of claims 6-11.
14. A computer program product comprising a computer program which, when executed by one or more processors, causes the one or more processors to perform the steps in the method of any of claims 6-11.
CN202410948677.1A 2024-07-15 2024-07-15 Cloud network system, communication method, device, storage medium, and program product Pending CN118488101A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410948677.1A CN118488101A (en) 2024-07-15 2024-07-15 Cloud network system, communication method, device, storage medium, and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410948677.1A CN118488101A (en) 2024-07-15 2024-07-15 Cloud network system, communication method, device, storage medium, and program product

Publications (1)

Publication Number Publication Date
CN118488101A true CN118488101A (en) 2024-08-13

Family

ID=92191506

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410948677.1A Pending CN118488101A (en) 2024-07-15 2024-07-15 Cloud network system, communication method, device, storage medium, and program product

Country Status (1)

Country Link
CN (1) CN118488101A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0306971D0 (en) * 2003-03-26 2003-04-30 British Telecomm Client server model
CN1714558A (en) * 2002-11-20 2005-12-28 思科技术公司 Mobile IP registration supporting port identification
FR2973626A1 (en) * 2011-03-31 2012-10-05 France Telecom INVERSE PROXY RECOVERY MECHANISM
US20150281059A1 (en) * 2014-03-27 2015-10-01 Nicira, Inc. Host architecture for efficient cloud service access
CN114979262A (en) * 2022-04-25 2022-08-30 阿里云计算有限公司 Access method and system
CN117579352A (en) * 2023-11-20 2024-02-20 深信服科技股份有限公司 Service access method, system, electronic equipment and storage medium of business node

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1714558A (en) * 2002-11-20 2005-12-28 思科技术公司 Mobile IP registration supporting port identification
GB0306971D0 (en) * 2003-03-26 2003-04-30 British Telecomm Client server model
FR2973626A1 (en) * 2011-03-31 2012-10-05 France Telecom INVERSE PROXY RECOVERY MECHANISM
US20150281059A1 (en) * 2014-03-27 2015-10-01 Nicira, Inc. Host architecture for efficient cloud service access
CN114979262A (en) * 2022-04-25 2022-08-30 阿里云计算有限公司 Access method and system
CN117579352A (en) * 2023-11-20 2024-02-20 深信服科技股份有限公司 Service access method, system, electronic equipment and storage medium of business node

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
田芸;黄本雄;戴彬;: "边界接入控制在下一代网中的应用研究", 计算机技术与发展, no. 08, 10 August 2006 (2006-08-10) *

Similar Documents

Publication Publication Date Title
CN112019475B (en) Resource access method, device, system and storage medium under server-free architecture
US10719369B1 (en) Network interfaces for containers running on a virtual machine instance in a distributed computing environment
US20210084046A1 (en) Methods and devices for controlling a smart device
CN113301116B (en) Cross-network communication method, device, system and equipment for micro-service application
CN109417492B (en) Network function NF management method and NF management equipment
CN113676512B (en) Network system, resource processing method and equipment
CN110909373B (en) Access control method, equipment, system and storage medium
US12106253B2 (en) Container management method, apparatus, and device
CN111431956A (en) Cross-network service access method, device, system and storage medium
CN113676564B (en) Data transmission method, device and storage medium
US20230283470A1 (en) Service Request Handling
US20230025658A1 (en) Application Login Method, Method for Accessing Application Server by Application, and Electronic Device
CN110958278B (en) API gateway-based data processing method and system and API gateway
CN110677475A (en) Micro-service processing method, device, equipment and storage medium
CN115086166B (en) Computing system, container network configuration method, and storage medium
CN113992657B (en) Cloud platform-based shared storage construction method, equipment and medium
WO2017167186A1 (en) Architecture, method and apparatus for realizing network function communication
CN112688807B (en) One-stop linkage response blue-green deployment method and device and electronic equipment
CN113918215A (en) Micro-service configuration system, equipment and medium
CN116405567A (en) User resource management method, system, equipment and storage medium
CN118488101A (en) Cloud network system, communication method, device, storage medium, and program product
CN113691575B (en) Communication method, device and system
CN112600765B (en) Method and device for scheduling configuration resources
CN110881064B (en) Domain name configuration method and device
CN116405462B (en) Domain name resolution method, container service system, computing device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination