US20210075640A1 - Acceleration proxy device, acceleration proxy method, and content management system - Google Patents

Acceleration proxy device, acceleration proxy method, and content management system Download PDF

Info

Publication number
US20210075640A1
US20210075640A1 US16/062,961 US201716062961A US2021075640A1 US 20210075640 A1 US20210075640 A1 US 20210075640A1 US 201716062961 A US201716062961 A US 201716062961A US 2021075640 A1 US2021075640 A1 US 2021075640A1
Authority
US
United States
Prior art keywords
module
address
access request
acceleration
bridge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US16/062,961
Other versions
US10951438B1 (en
Inventor
Wenwei Xie
Jianying LIN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Assigned to WANGSU SCIENCE & TECHNOLOGY CO., LTD. reassignment WANGSU SCIENCE & TECHNOLOGY CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LIN, Jianying, XIE, Wenwei
Publication of US20210075640A1 publication Critical patent/US20210075640A1/en
Application granted granted Critical
Publication of US10951438B1 publication Critical patent/US10951438B1/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L61/2007
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L67/28
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers

Definitions

  • the present disclosure relates to the technical field of Internet and, more particularly, relates to an acceleration proxy device, an acceleration proxy method, and a content management system.
  • VLAN Virtual Local Area Network
  • a forwarding port of the VLAN is known as a trunk port.
  • the trunk technology allows interconnection between switches, such that different VLANs communicate with the same VLAN in other switches through shared links.
  • an acceleration proxy device often needs to be introduced into the network.
  • the acceleration proxy devices are often deployed at the uplink of a core switch of a client network environment and at the downlink of a network address translation (NAT) device.
  • NAT network address translation
  • the existing acceleration proxy device shows following drawbacks:
  • the existing acceleration proxy device cannot be deployed at the trunk circuit. Accordingly, the existing acceleration proxy device does not support the traverse of multiple VLANs. Further, if the acceleration proxy device is deployed at the uplink of the NAT device, because the safeguard of the client is often deployed at the NAT device, the acceleration proxy device needs to bear the safety risk. As such, the existing acceleration proxy device cannot be well integrated with the VLAN technology.
  • an acceleration proxy device an acceleration proxy method, and a content management system.
  • the technical solutions are as follows:
  • an acceleration proxy device in one aspect, includes a network module, an application acceleration module, and a strategy routing module.
  • the network module includes at least one bridge, and each bridge is associated with an IP address segment.
  • the strategy routing module stores routing tables of the at least one bridge, and the routing table of each bridge includes a gateway corresponding to the bridge.
  • the network module is configured to receive an access request from a target IP address segment through a target bridge, and to forward the access request to the application acceleration module.
  • the application acceleration module is configured to bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request that is bound with the source IP address.
  • the strategy routing module is configured to query a target gateway corresponding to the access request bound with the source IP address, and send the access request bound with the source IP address to the target gateway through the network module, such that the access request bound with the source IP address can be sent to a server through the target gateway.
  • the acceleration proxy device is configured in a trunk link between a switch and a network address translation (NAT) device.
  • NAT network address translation
  • the network module is a local area network module used in a VLAN environment.
  • the network module is also configured to remove a local area network identity carried in the access request, and to forward the access request with removed local area network identity to the application acceleration module.
  • the network module is also configured to receive the access request bound with the source IP address sent by the strategy routing module, add the local area network identity to the access request bound with the source IP address for sending to the target gateway.
  • the network module is also configured to receive response data fed back by the server, and forward the response data to the application acceleration module, where the response data carries a destination IP address;
  • the application acceleration module is configured to forward the response data to a user to which the destination IP address points.
  • the strategy routing module is configured to query a bridge to which the destination IP address corresponds, and send the response data to the user through the queried bridge.
  • the network module is also configured to remove the local area network identity carried in the response data, and forward the response data with removed local area network identity to the application acceleration module.
  • the network module is also configured to receive the response data sent by the strategy routing module, and add the local area network identity to the response data for sending to the user.
  • a content management system including the aforementioned acceleration proxy device.
  • an acceleration proxy method in another aspect, and the method includes:
  • the method also includes:
  • a local area network module in a VLAN environment as the network module, removing a local area network identity carried in the access request, and forwarding the access request with removed local area network identity to the application acceleration module.
  • the method also includes:
  • the method also includes:
  • a content management system in another aspect, includes a memory, and instructions stored in the memory are configured to execute the aforementioned acceleration proxy methods.
  • a content management system in another aspect, includes a processor, and the processor is configured to execute the aforementioned acceleration proxy methods.
  • the disclosed network module may respectively provide corresponding bridges to local area networks from different IP address segments. Accordingly, when the application acceleration module sends out an access request of a user, the IP address of the corresponding bridge may be bound and set as the source IP address of the access request based on the IP address segment that the access request is from. Through the strategy routing module, default gateways corresponding to each bridge may be determined. Thus, based on the source IP address in the access request, the gateway that sends the access request is queried, such that the access request can be sent to the server through the queried gateway.
  • the bridge corresponding to the destination IP address may be queried through the strategy routing module. Accordingly, the response data may be sent to the user through a connected route of the bridge.
  • the acceleration proxy device, the acceleration proxy method, and the content management system provided by the present disclosure can be deployed in the trunk link, to integrate with the current VLAN technology. Accordingly, the network adaptive capability of the transparent proxying function of the device is enhanced.
  • FIG. 1 illustrates a schematic view of network topology according to Embodiment 1 of the present disclosure
  • FIG. 2 illustrates a structural schematic view of a content management system having an acceleration proxy device according to Embodiment 1 of the present disclosure
  • FIG. 3 illustrates an interaction schematic view of each module in an acceleration proxy device according to Embodiment 1 of the present disclosure.
  • FIG. 4 illustrates a flow chart of an acceleration proxy method according to Embodiment 2 of the present disclosure.
  • Embodiments of the present disclosure provide an acceleration proxy device and a content management system having the acceleration proxy device.
  • the acceleration proxy device may be located at a trunk link between a switch and a network address translation (NAT) device.
  • the switch and the NAT device may each include a trunk interface, and a trunk link may be formed between the two trunk interfaces.
  • the acceleration proxy device may include a pair of physical network cards eth 0 and ethl, and the two physical network cards may respectively perform data interaction with the switch or the NAT device.
  • the acceleration proxy device may include a network module, an application acceleration module, and a strategy routing module.
  • the network module may be a local area network module, e.g., a virtual local area network (VLAN) module, including at least one bridge, where each bridge is associated with an IP address segment.
  • the strategy routing module stores routing tables of the at least one bridge, and the routing table of each bridge includes a gateway corresponding to the bridge. That is, the VLAN module may create a plurality of bridges, and each bridge may correspond to one VLAN. As such, each bridge is associated with the IP address segment of the VLAN, thereby achieving the same effect as the trunk link. That is, a plurality of VLANs may share one physical link.
  • the VLAN module may create two virtual network cards, and may bridge the created virtual network cards to a bridge.
  • the IP address segment of the VLAN may be 192.168.1.0/24
  • two virtual network cards eth 0 . 101 and eth 1 . 101 may be respectively created at the physical network cards eth 0 and eth 1 .
  • the two virtual network cards may be bridged to a bridge br_vlan 101 .
  • the bridge br_vlan 101 may be configured with a bridge IP 192.168.1.2
  • the bridge may be configured with a default gateway 192.168.1.1.
  • the aforementioned correspondence relationship between the bridge and the gateway may be stored as a routing table in the strategy routing module.
  • the network module may receive an access request from a target IP address segment through a target bridge, and forward the access request to the application acceleration module.
  • the IP address segment of the VLAN 101 i.e., 192.168.1.0/24
  • the bridge br_vlan 101 to which the VLAN 101 corresponds may be used as the target bridge.
  • all user access requests from the VLAN 101 may be received by the bridge br_vlan 101 .
  • the access request may be sent to the application acceleration module.
  • the access request may include a local area network identity and a source IP address of a user that sends the access request.
  • the local area network identity needs to be removed from all data sent to the application layer. Accordingly, the network module may be further configured to remove the local area network identity carried in the access request, and forward the access request with removed local area network identity to the application acceleration module.
  • the application acceleration module may bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request bound with the source IP address. For example, after the application acceleration module receives the access request, it may be determined that the source IP address in the access request belongs to the segment 192.168.1.0/24. Further, the IP address of the target bridge to which this segment corresponds may be used as the source IP address to be bounded to the access request. Accordingly, the source IP address of the access request is the IP address of the bridge br_vlan 101 , i.e., 192.168.1.2. After the source IP address is bound to the access request, the application acceleration module may forward the access request outwards.
  • the strategy routing module may query a target gateway corresponding to the access request bound with the source IP address. For example, in the routing table, the correspondence relationship between the IP address of the bridge and the IP address of the gateway may be recorded. As such, for the bridge IP address 192.168.1.2, the IP address of the corresponding gateway may be 192.168.1.1. Thus, after the target gateway is queried, the access request bound with the source IP address may be sent to the target gateway through the network module, such that the access request bound with the source IP address may be further sent to a server through the gateway.
  • a corresponding local area network identity may be added into the access request. That is, the network module may receive the access request bound with the source IP address sent by the strategy routing module, and add the local area network identity to the access request bound with the source IP address for sending to the target gateway.
  • the local area network identity described here may be the same as the previously removed local area network identity, for example, they may be both VLAN 101 .
  • the server may respond to the received access request and feed back response data to the acceleration proxy device.
  • the server may use the source IP address in the access request as a destination IP address of the response data, thereby sending response data to the destination IP address.
  • the source IP address in the access request is bound and set as the IP address of the bridge by the application acceleration module.
  • the destination IP address of the response data is used as the IP address of the bridge.
  • the destination IP address may be the IP address of the bridge br_vlan 101 , i.e., 192.168.1.2.
  • the aforementioned access request may include, other than the bound source IP address, an IP address of the user that sends the access request.
  • the response data may similarly include the IP address of the user.
  • the network module may receive the response data fed back by the server, and forward the response data to the application acceleration module, where the response data carries the destination IP address.
  • the network module may remove the local area network identity carried in the response data. For example, the VLAN 101 may be removed. Further, the response data with removed local area network identity may be forwarded to the application acceleration module.
  • the application acceleration module may, based on the destination IP address carried in the response data, forward the response data to the destination IP address through the strategy routing module.
  • the strategy routing module may query the bridge to which the destination IP address corresponds, and send the response data to the user through the queried bridge. More specifically, the routing table may record the IP address of each bridge. Thus, the strategy routing module may query to obtain that the corresponding bridge is br_vlan 101 based on the destination IP address 192.168.1.2. Accordingly, the strategy routing module may send the response data to the terminal to which the user IP address points through the connected route.
  • the response data sent by the application acceleration module is data with removed local area network identity.
  • the bridge in the network module may add the local area network identity to the response data for sending to the user.
  • the present disclosure further provides an acceleration proxy method, and the method includes:
  • S 1 receiving, by a network module, an access request from a target IP address segment through a target bridge, and forwarding, by the network module, the access request to an application acceleration module;
  • S 2 binding and setting, by the application acceleration module, an IP address of the target bridge as a source IP address of the access request, and forwarding, by the application acceleration module, the access request bound with the source IP address;
  • S 3 querying, by a strategy routing module, a target gateway corresponding to the access request bound with the source IP address, and sending, by the strategy routing module, the access request bound with the source IP address to the target gateway through the network module, thereby sending the access request bound with the source IP address to a server through the target gateway.
  • the method further includes:
  • a local area network module in a VLAN environment as the network module, removing a local area network identity carried in the access request, and forwarding the access request with removed local area network identity to the application acceleration module.
  • the method further includes:
  • the method further includes:
  • the present disclosure further provides a content management system.
  • the content management system includes a memory, and instructions stored in the memory are configured to execute the aforementioned acceleration proxy method.
  • the present disclosure further provides a content management system.
  • the content management system includes a processor, and the processor is configured to execute the aforementioned acceleration proxy method.
  • the memory may be a storage device for storing information.
  • the device that stores binary data may be a memory.
  • a circuit without practical form but having a storage function may also be a memory, such as random access memory (RAM), and first-input-first-output (FIFO).
  • RAM random access memory
  • FIFO first-input-first-output
  • the memory device having a practical form may be called a memory, such as a memory bank and a trans-flash (TF) card.
  • the processor may be implemented by any appropriate form.
  • the processor may be in a form of micro-processor or processor, or a computer-readable medium that stores computer-readable program codes (e.g., software or firmware) executable by the (micro-) processor, a logical gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded micro-controller, etc.
  • computer-readable program codes e.g., software or firmware
  • the disclosed network module may respectively provide corresponding bridges to local area networks from different IP address segments. Accordingly, when the application acceleration module sends out an access request of a user, the IP address of the corresponding bridge may be bound and set as the source IP address of the access request based on the IP address segment that the access request is from. Through the strategy routing module, default gateways corresponding to each bridge may be determined. Thus, based on the source IP address in the access request, the gateway that sends the access request is queried, such that the access request may be sent to the server through the queried gateway.
  • the bridge corresponding to the destination IP address may be queried through the strategy routing module. Accordingly, the response data may be sent to the user through a directly connected route of the bridge.
  • the acceleration proxy device, the acceleration proxy method, and the content management system provided by the present disclosure may be deployed in the trunk link, to integrate with the current VLAN technology. Accordingly, the network adaptive capability of the transparent proxying function of the device is enhanced.
  • the system embodiments described above are merely for illustrative purpose.
  • the units described as separated parts may or may not be physically detached.
  • the parts displayed as units may or may not be physical units, i.e., may be located at one place, or distributed at a plurality of network units. Based on the actual needs, a part or all of the modules may be selected to achieve the objective of the embodiments. Those ordinarily skilled in the art may understand and implement the disclosed embodiments without contributing creative labor.
  • the embodiments may be implemented by means of software in conjunction with an essential common hardware platform, or may be simply implemented by hardware. Based on such understanding, the essential part of the aforementioned technical solutions or the part that contribute to the prior art may be embodied in the form of software products.
  • the software products may be stored in computer readable storage media, such as ROM/RAM, magnetic disk, and optical disk, etc., and may include a plurality of instructions to enable a computer device (may be a personal computer, a server, or a network device) to execute the methods described in various embodiments or parts of the embodiments.

Abstract

An acceleration proxy device includes a network module, an application acceleration module, and a strategy routing module. The network module includes at least one bridge, and each bridge is associated with an IP address segment. The strategy routing module stores routing tables of the at least one bridge, and a routing table of each bridge includes a gateway corresponding to the bridge.

Description

    FIELD OF THE DISCLOSURE
  • The present disclosure relates to the technical field of Internet and, more particularly, relates to an acceleration proxy device, an acceleration proxy method, and a content management system.
    • BACKGROUND
  • In existing network deployment, VLAN (Virtual Local Area Network) is a commonly used technology. In the routing/switching field, a forwarding port of the VLAN is known as a trunk port. The trunk technology allows interconnection between switches, such that different VLANs communicate with the same VLAN in other switches through shared links. Currently, to provide services such as caching response and optimizing back-to-source links upon user's request, an acceleration proxy device often needs to be introduced into the network. The acceleration proxy devices are often deployed at the uplink of a core switch of a client network environment and at the downlink of a network address translation (NAT) device.
  • When the core switch is connected to the NAT device through the trunk port, the existing acceleration proxy device shows following drawbacks:
  • because of various aspects of reasons such as not supporting the bridge of multiple VLANs, the back-to-source address of the application layer being determined by the system, and not supporting the multi-segment routing, the existing acceleration proxy device cannot be deployed at the trunk circuit. Accordingly, the existing acceleration proxy device does not support the traverse of multiple VLANs. Further, if the acceleration proxy device is deployed at the uplink of the NAT device, because the safeguard of the client is often deployed at the NAT device, the acceleration proxy device needs to bear the safety risk. As such, the existing acceleration proxy device cannot be well integrated with the VLAN technology.
    • BRIEF SUMMARY OF THE DISCLOSURE
  • To solve issues in existing technologies, embodiments of the present disclosure provide an acceleration proxy device, an acceleration proxy method, and a content management system. The technical solutions are as follows:
  • In one aspect, an acceleration proxy device is provided, and the acceleration proxy device includes a network module, an application acceleration module, and a strategy routing module. The network module includes at least one bridge, and each bridge is associated with an IP address segment. The strategy routing module stores routing tables of the at least one bridge, and the routing table of each bridge includes a gateway corresponding to the bridge. The network module is configured to receive an access request from a target IP address segment through a target bridge, and to forward the access request to the application acceleration module. The application acceleration module is configured to bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request that is bound with the source IP address. The strategy routing module is configured to query a target gateway corresponding to the access request bound with the source IP address, and send the access request bound with the source IP address to the target gateway through the network module, such that the access request bound with the source IP address can be sent to a server through the target gateway.
  • Further, the acceleration proxy device is configured in a trunk link between a switch and a network address translation (NAT) device.
  • Further, the network module is a local area network module used in a VLAN environment.
  • Further, the network module is also configured to remove a local area network identity carried in the access request, and to forward the access request with removed local area network identity to the application acceleration module.
  • Further, the network module is also configured to receive the access request bound with the source IP address sent by the strategy routing module, add the local area network identity to the access request bound with the source IP address for sending to the target gateway.
  • Further, the network module is also configured to receive response data fed back by the server, and forward the response data to the application acceleration module, where the response data carries a destination IP address;
  • the application acceleration module is configured to forward the response data to a user to which the destination IP address points.
  • the strategy routing module is configured to query a bridge to which the destination IP address corresponds, and send the response data to the user through the queried bridge.
  • Further, the network module is also configured to remove the local area network identity carried in the response data, and forward the response data with removed local area network identity to the application acceleration module.
  • Further, the network module is also configured to receive the response data sent by the strategy routing module, and add the local area network identity to the response data for sending to the user.
  • In another aspect, a content management system is provided, including the aforementioned acceleration proxy device.
  • In another aspect, an acceleration proxy method is provided, and the method includes:
  • receiving, by a network module, an access request from a target IP address segment through a target bridge, and forwarding, by the network module, the access request to an application acceleration module;
  • binding and setting, by the application acceleration module, an IP address of the target bridge as a source IP address of the access request, and forwarding, by the application acceleration module, the access request bound with the source IP address;
  • querying, by a strategy routing module, a target gateway corresponding to the access request bound with the source IP address, and sending, by the strategy routing module, the access request bound with the source IP address to the target gateway through the network module, thereby sending the access request bound with the source IP address to a server through the target gateway.
  • Further, the method also includes:
  • using a local area network module in a VLAN environment as the network module, removing a local area network identity carried in the access request, and forwarding the access request with removed local area network identity to the application acceleration module.
  • Further, the method also includes:
  • receiving, by the network module, the access request bound with the source IP address sent by the strategy routing module, and adding the local area network identity to the access request bound with the source IP address for sending to the target gateway.
  • Further, the method also includes:
  • receiving, by the network module, response data fed back by the server, and forwarding, by the network module, the response data to the application acceleration module, where the response data carries a destination IP address;
  • forwarding, by the application acceleration module, the response data to a user to which the destination IP address points;
  • querying, by the strategy routing module, a bridge corresponding to the destination IP address, and sending, by the strategy routing module, the response data to the user through the queried bridge.
  • In another aspect, a content management system is provided. The content management system includes a memory, and instructions stored in the memory are configured to execute the aforementioned acceleration proxy methods.
  • In another aspect, a content management system is provided. The content management system includes a processor, and the processor is configured to execute the aforementioned acceleration proxy methods.
  • Beneficial effects brought about by technical solutions of the present disclosure include: the disclosed network module may respectively provide corresponding bridges to local area networks from different IP address segments. Accordingly, when the application acceleration module sends out an access request of a user, the IP address of the corresponding bridge may be bound and set as the source IP address of the access request based on the IP address segment that the access request is from. Through the strategy routing module, default gateways corresponding to each bridge may be determined. Thus, based on the source IP address in the access request, the gateway that sends the access request is queried, such that the access request can be sent to the server through the queried gateway. Further, after receiving the response data fed back by the server, based on the destination IP address in the response data, the bridge corresponding to the destination IP address may be queried through the strategy routing module. Accordingly, the response data may be sent to the user through a connected route of the bridge. As such, the acceleration proxy device, the acceleration proxy method, and the content management system provided by the present disclosure can be deployed in the trunk link, to integrate with the current VLAN technology. Accordingly, the network adaptive capability of the transparent proxying function of the device is enhanced.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • To more clearly illustrate technical solutions of the present disclosure, accompanying drawings used in descriptions of embodiments hereinbelow are introduced briefly. Obviously, the accompanying drawings described hereinafter are only some embodiments of the present disclosure, and for those ordinarily skilled in the relevant art, other drawings may be obtained from these accompanying drawings without creative labor.
  • FIG. 1 illustrates a schematic view of network topology according to Embodiment 1 of the present disclosure;
  • FIG. 2 illustrates a structural schematic view of a content management system having an acceleration proxy device according to Embodiment 1 of the present disclosure;
  • FIG. 3 illustrates an interaction schematic view of each module in an acceleration proxy device according to Embodiment 1 of the present disclosure; and
  • FIG. 4 illustrates a flow chart of an acceleration proxy method according to Embodiment 2 of the present disclosure.
    •  DETAILED DESCRIPTION
  • To make the objective, technical solutions and advantages of the present disclosure clearer, embodiments of the present disclosure are described in more details with reference to the accompanying drawings.
    • Embodiment 1
  • Embodiments of the present disclosure provide an acceleration proxy device and a content management system having the acceleration proxy device. Referring to FIG. 1, the acceleration proxy device may be located at a trunk link between a switch and a network address translation (NAT) device. The switch and the NAT device may each include a trunk interface, and a trunk link may be formed between the two trunk interfaces. The acceleration proxy device may include a pair of physical network cards eth0 and ethl, and the two physical network cards may respectively perform data interaction with the switch or the NAT device.
  • Referring to FIG. 1-FIG. 3, in one embodiment, the acceleration proxy device may include a network module, an application acceleration module, and a strategy routing module. The network module may be a local area network module, e.g., a virtual local area network (VLAN) module, including at least one bridge, where each bridge is associated with an IP address segment. The strategy routing module stores routing tables of the at least one bridge, and the routing table of each bridge includes a gateway corresponding to the bridge. That is, the VLAN module may create a plurality of bridges, and each bridge may correspond to one VLAN. As such, each bridge is associated with the IP address segment of the VLAN, thereby achieving the same effect as the trunk link. That is, a plurality of VLANs may share one physical link.
  • More specifically, in one embodiment, for each VLAN, the VLAN module may create two virtual network cards, and may bridge the created virtual network cards to a bridge. For example, for the VLAN with a VLAN identity of 101, the IP address segment of the VLAN may be 192.168.1.0/24, and two virtual network cards eth0.101 and eth1.101 may be respectively created at the physical network cards eth0 and eth1. The two virtual network cards may be bridged to a bridge br_vlan101. Further, the bridge br_vlan101 may be configured with a bridge IP 192.168.1.2, and the bridge may be configured with a default gateway 192.168.1.1. The aforementioned correspondence relationship between the bridge and the gateway may be stored as a routing table in the strategy routing module.
  • In one embodiment, the network module may receive an access request from a target IP address segment through a target bridge, and forward the access request to the application acceleration module. Given the VLAN with a VLAN identity of 101 as an example, the IP address segment of the VLAN 101, i.e., 192.168.1.0/24, may be treated as the target IP address segment, and the bridge br_vlan101 to which the VLAN 101 corresponds may be used as the target bridge. Thus, all user access requests from the VLAN 101 may be received by the bridge br_vlan101. After the bridge br_vlan101 receives an access request, the access request may be sent to the application acceleration module. The access request may include a local area network identity and a source IP address of a user that sends the access request. In practical application process, the local area network identity needs to be removed from all data sent to the application layer. Accordingly, the network module may be further configured to remove the local area network identity carried in the access request, and forward the access request with removed local area network identity to the application acceleration module.
  • In one embodiment, the application acceleration module may bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request bound with the source IP address. For example, after the application acceleration module receives the access request, it may be determined that the source IP address in the access request belongs to the segment 192.168.1.0/24. Further, the IP address of the target bridge to which this segment corresponds may be used as the source IP address to be bounded to the access request. Accordingly, the source IP address of the access request is the IP address of the bridge br_vlan101, i.e., 192.168.1.2. After the source IP address is bound to the access request, the application acceleration module may forward the access request outwards.
  • After the access request is forwarded, the strategy routing module may query a target gateway corresponding to the access request bound with the source IP address. For example, in the routing table, the correspondence relationship between the IP address of the bridge and the IP address of the gateway may be recorded. As such, for the bridge IP address 192.168.1.2, the IP address of the corresponding gateway may be 192.168.1.1. Thus, after the target gateway is queried, the access request bound with the source IP address may be sent to the target gateway through the network module, such that the access request bound with the source IP address may be further sent to a server through the gateway.
  • In practical application process, when the network module sends the access request, a corresponding local area network identity may be added into the access request. That is, the network module may receive the access request bound with the source IP address sent by the strategy routing module, and add the local area network identity to the access request bound with the source IP address for sending to the target gateway. The local area network identity described here may be the same as the previously removed local area network identity, for example, they may be both VLAN 101.
  • In one embodiment, the server may respond to the received access request and feed back response data to the acceleration proxy device. When feeding back the response data, the server may use the source IP address in the access request as a destination IP address of the response data, thereby sending response data to the destination IP address. As described above, the source IP address in the access request is bound and set as the IP address of the bridge by the application acceleration module. Thus, the destination IP address of the response data is used as the IP address of the bridge. For example, the destination IP address may be the IP address of the bridge br_vlan101, i.e., 192.168.1.2. Further, the aforementioned access request may include, other than the bound source IP address, an IP address of the user that sends the access request. Thus, the response data may similarly include the IP address of the user.
  • In one embodiment, the network module may receive the response data fed back by the server, and forward the response data to the application acceleration module, where the response data carries the destination IP address. When the response data is forwarded to the application acceleration module, the network module may remove the local area network identity carried in the response data. For example, the VLAN 101 may be removed. Further, the response data with removed local area network identity may be forwarded to the application acceleration module.
  • In one embodiment, the application acceleration module may, based on the destination IP address carried in the response data, forward the response data to the destination IP address through the strategy routing module. After the response data is forwarded, the strategy routing module may query the bridge to which the destination IP address corresponds, and send the response data to the user through the queried bridge. More specifically, the routing table may record the IP address of each bridge. Thus, the strategy routing module may query to obtain that the corresponding bridge is br_vlan101 based on the destination IP address 192.168.1.2. Accordingly, the strategy routing module may send the response data to the terminal to which the user IP address points through the connected route. It should be noted that, in practical application scenarios, the response data sent by the application acceleration module is data with removed local area network identity. Thus, after receiving the response data sent by the strategy routing module, the bridge in the network module may add the local area network identity to the response data for sending to the user.
    • Embodiment 2
  • Referring to FIG. 4, the present disclosure further provides an acceleration proxy method, and the method includes:
  • S1: receiving, by a network module, an access request from a target IP address segment through a target bridge, and forwarding, by the network module, the access request to an application acceleration module;
  • S2: binding and setting, by the application acceleration module, an IP address of the target bridge as a source IP address of the access request, and forwarding, by the application acceleration module, the access request bound with the source IP address;
  • S3: querying, by a strategy routing module, a target gateway corresponding to the access request bound with the source IP address, and sending, by the strategy routing module, the access request bound with the source IP address to the target gateway through the network module, thereby sending the access request bound with the source IP address to a server through the target gateway.
  • In one embodiment, the method further includes:
  • using a local area network module in a VLAN environment as the network module, removing a local area network identity carried in the access request, and forwarding the access request with removed local area network identity to the application acceleration module.
  • In one embodiment, the method further includes:
  • receiving, by the network module, the access request bound with the source IP address sent by the strategy routing module, and adding the local area network identity to the access request bound with the source IP address for sending to the target gateway.
  • In one embodiment, the method further includes:
  • receiving, by the network module, response data fed back by the server, and forwarding, by the network module, the response data to the application acceleration module, where the response data carries a destination IP address;
  • forwarding, by the application acceleration module, the response data to a user to which the destination IP address points;
  • querying, by the strategy routing module, a bridge corresponding to the destination IP address, and sending, by the strategy routing module, the response data to the user through the queried bridge.
    • Embodiment 3
  • The present disclosure further provides a content management system. The content management system includes a memory, and instructions stored in the memory are configured to execute the aforementioned acceleration proxy method.
  • The present disclosure further provides a content management system. The content management system includes a processor, and the processor is configured to execute the aforementioned acceleration proxy method.
  • In one embodiment, the memory may be a storage device for storing information. In a digital system, the device that stores binary data may be a memory. In an integrated circuit, a circuit without practical form but having a storage function may also be a memory, such as random access memory (RAM), and first-input-first-output (FIFO). In a system, the memory device having a practical form may be called a memory, such as a memory bank and a trans-flash (TF) card.
  • The processor may be implemented by any appropriate form. For example, the processor may be in a form of micro-processor or processor, or a computer-readable medium that stores computer-readable program codes (e.g., software or firmware) executable by the (micro-) processor, a logical gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded micro-controller, etc. The present disclosure is not limited thereto.
  • As such, beneficial effects brought about by technical solutions of the present disclosure include: the disclosed network module may respectively provide corresponding bridges to local area networks from different IP address segments. Accordingly, when the application acceleration module sends out an access request of a user, the IP address of the corresponding bridge may be bound and set as the source IP address of the access request based on the IP address segment that the access request is from. Through the strategy routing module, default gateways corresponding to each bridge may be determined. Thus, based on the source IP address in the access request, the gateway that sends the access request is queried, such that the access request may be sent to the server through the queried gateway. Further, after receiving the response data fed back by the server, based on the destination IP address in the response data, the bridge corresponding to the destination IP address may be queried through the strategy routing module. Accordingly, the response data may be sent to the user through a directly connected route of the bridge. As such, the acceleration proxy device, the acceleration proxy method, and the content management system provided by the present disclosure may be deployed in the trunk link, to integrate with the current VLAN technology. Accordingly, the network adaptive capability of the transparent proxying function of the device is enhanced.
  • Sequence numbers of aforementioned embodiments of the present disclosure are merely for descriptive purposes, and do not represent any preference of the disclosed embodiments.
  • The system embodiments described above are merely for illustrative purpose. The units described as separated parts may or may not be physically detached. The parts displayed as units may or may not be physical units, i.e., may be located at one place, or distributed at a plurality of network units. Based on the actual needs, a part or all of the modules may be selected to achieve the objective of the embodiments. Those ordinarily skilled in the art may understand and implement the disclosed embodiments without contributing creative labor.
  • Through the descriptions of various aforementioned embodiments, those skilled in the art may clearly understand that the embodiments may be implemented by means of software in conjunction with an essential common hardware platform, or may be simply implemented by hardware. Based on such understanding, the essential part of the aforementioned technical solutions or the part that contribute to the prior art may be embodied in the form of software products. The software products may be stored in computer readable storage media, such as ROM/RAM, magnetic disk, and optical disk, etc., and may include a plurality of instructions to enable a computer device (may be a personal computer, a server, or a network device) to execute the methods described in various embodiments or parts of the embodiments.
  • The foregoing are merely certain preferred embodiments of the present disclosure, and are not intended to limit the present disclosure. Without departing from the spirit and principles of the present disclosure, any modifications, equivalent substitutions, and improvements, etc. shall fall within the scope of the present disclosure.

Claims (15)

1. An acceleration proxy device comprising:
a network module,
an application acceleration module, and
a strategy routing module,
wherein the network module includes at least one bridge, each bridge is associated with an IP address segment, the strategy routing module stores routing tables of the at least one bridge, and a routing table of each bridge includes a gateway corresponding to the bridge,
the network module is configured to receive an access request from a target IP address segment through a target bridge and forward the access request to the application acceleration module,
the application acceleration module is configured to bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request bound with the source IP address, and
the strategy routing module is configured to query a target gateway corresponding to the access request bound with the source IP address, and to send the access request bound with the source IP address to the target gateway through the network module, such that the access request bound with the source IP address is sent to a server through the target gateway.
2. The acceleration proxy device according to claim 1, wherein:
the acceleration proxy device is configured in a trunk link between a switch and a network address translation (NAT) device.
3. The acceleration proxy device according to claim 1, wherein:
the network module is a local area network module used in a VLAN environment.
4. The acceleration proxy device according to claim 3, wherein:
the network module is further configured to remove a local area network identity carried in the access request, and to forward the access request with removed local area network identity to the application acceleration module.
5. The acceleration proxy device according to claim 4, wherein:
the network module is further configured to receive the access request bound with the source IP address sent by the strategy routing module, and to add the local area network identity to the access request bound with the source IP address for sending to the target gateway.
6. The acceleration proxy device according to claim 1, wherein:
the network module is further configured to receive response data fed back by the server, and to forward the response data to the application acceleration module, wherein the response data carries a destination IP address;
the application acceleration module is configured to forward the response data to a user to which the destination IP address points;
the strategy routing module is configured to query a bridge to which the destination IP address corresponds, and to send the response data to the user through the queried bridge.
7. The acceleration proxy device according to claim 6, wherein:
the network module is further configured to remove a local area network identity carried in the response data, and to forward the response data with removed local area network identity to the application acceleration module.
8. The acceleration proxy device according to claim 7, wherein:
the network module is further configured to receive the response data sent by the strategy routing module, and to add the local area network identity to the response data for sending to the user.
9. A content management system according to claim 1, wherein:,
the content management system includes the acceleration proxy device.
10. An acceleration proxy method, comprising:
receiving, by a network module, an access request from a target IP address segment through a target bridge, and forwarding, by the network module, the access request to an application acceleration module;
binding and setting, by the application acceleration module, an IP address of the target bridge as a source IP address of the access request, and forwarding, by the application acceleration module, the access request bound with the source IP address;
querying, by the strategy routing module, a target gateway corresponding to the access request bound with the source IP address, and sending, by the strategy routing module, the access request bound with the source IP address to the target gateway through the network module, thereby sending the access request bound with the source IP address to a server through the target gateway.
11. The acceleration proxy method according to claim 10, further comprising:
using a local area network module in a VLAN environment as the network module,
removing a local area network identity carried in the access request, and
forwarding the access request with removed local area network identity to the application acceleration module.
12. The acceleration proxy method according to claim 11, further comprising:
receiving, by the network module, the access request bound with the source IP address sent by the strategy routing module, and
adding, by the network module, the local area network identity to the access request bound with the source IP address for sending to the target gateway.
13. The acceleration proxy method according to claim 10, further comprising:
receiving, by the network module, response data fed back by the server, and forwarding, by the network module, the response data to the application acceleration module, wherein the response data carries a destination IP address;
forwarding, by the application acceleration module, the response data to a user to which the destination IP address points;
querying, by the strategy routing module, a bridge corresponding to the destination IP address, and sending, by the strategy routing module, the response data to the user through the queried bridge.
14. A content management system according to claim 10, comprising
a memory,
wherein instructions stored in the memory are configured to execute the acceleration proxy method.
15. A content management system according to claim 10, comprising:
a processor,
wherein the processor is configured to execute the acceleration proxy method.
US16/062,961 2017-06-08 2017-07-13 Acceleration proxy device, acceleration proxy method, and content management system Active 2038-12-21 US10951438B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201710428820.4 2017-06-08
CN201710428820.4A CN107181812B (en) 2017-06-08 2017-06-08 Acceleration agent device, acceleration agent method and content management system
PCT/CN2017/092756 WO2018223488A1 (en) 2017-06-08 2017-07-13 Acceleration proxy device, acceleration proxy method and content management system

Publications (2)

Publication Number Publication Date
US20210075640A1 true US20210075640A1 (en) 2021-03-11
US10951438B1 US10951438B1 (en) 2021-03-16

Family

ID=59836466

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/062,961 Active 2038-12-21 US10951438B1 (en) 2017-06-08 2017-07-13 Acceleration proxy device, acceleration proxy method, and content management system

Country Status (4)

Country Link
US (1) US10951438B1 (en)
EP (1) EP3432550B1 (en)
CN (1) CN107181812B (en)
WO (1) WO2018223488A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116257521A (en) * 2023-01-18 2023-06-13 深存科技(无锡)有限公司 KV storage method based on FPGA

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494748B (en) * 2018-03-08 2021-06-04 网宿科技股份有限公司 Communication method, device and storage medium
CN110719343B (en) * 2019-09-12 2022-04-22 厦门网宿有限公司 Service acceleration processing method and system, and entrance and exit network equipment
CN112422396B (en) * 2020-11-04 2022-04-19 郑州信大捷安信息技术股份有限公司 TCP network transmission acceleration method and system based on SSLVPN channel
CN112953833B (en) * 2021-03-25 2022-04-15 全讯汇聚网络科技(北京)有限公司 Method, system and gateway equipment for realizing three-layer route forwarding based on network bridge
CN114339133B (en) * 2022-03-10 2022-05-31 南京旭顶通讯科技有限公司 Network acceleration method, equipment and storage medium for connecting different video conference terminals
CN116527586B (en) * 2023-07-05 2023-09-19 北京亿赛通科技发展有限责任公司 Series proxy system based on multilink load balancing network

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040044754A1 (en) * 2002-08-27 2004-03-04 Virdy Macmohana Singh Virtual local area network provisioning in bridged networks
US8713696B2 (en) * 2006-01-13 2014-04-29 Demand Media, Inc. Method and system for dynamic digital rights bundling
US8194674B1 (en) * 2007-12-20 2012-06-05 Quest Software, Inc. System and method for aggregating communications and for translating between overlapping internal network addresses and unique external network addresses
CN101729388B (en) * 2008-10-22 2012-01-25 华为技术有限公司 Method, media gateway and network system for realizing network address conversion
CN101383778B (en) * 2008-10-27 2011-04-13 杭州华三通信技术有限公司 Packet transmission method based on network dual exit and exit router
US8200752B2 (en) * 2009-12-23 2012-06-12 Citrix Systems, Inc. Systems and methods for policy based transparent client IP insertion
US9282097B2 (en) * 2010-05-07 2016-03-08 Citrix Systems, Inc. Systems and methods for providing single sign on access to enterprise SAAS and cloud hosted applications
CN102710485B (en) * 2012-05-07 2015-01-07 深信服网络科技(深圳)有限公司 Transparent proxy method and proxy server
CN103780468B (en) * 2012-10-22 2019-06-14 中兴通讯股份有限公司 Method, intelligent terminal and the route-bridge of intelligent terminal access TRILL network
CN103997479B (en) * 2013-02-17 2018-06-15 新华三技术有限公司 A kind of asymmetric services IP Proxy Methods and equipment
CN103428095B (en) * 2013-08-26 2016-12-28 深信服网络科技(深圳)有限公司 A kind of proxy server and Proxy Method thereof
CN103763407A (en) 2014-01-28 2014-04-30 上海斐讯数据通信技术有限公司 Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system
CN105490910B (en) * 2014-09-19 2020-02-07 北京奇虎科技有限公司 Network communication method and client
CN105530185B (en) * 2014-09-29 2018-12-25 优视科技有限公司 Covering route network, method for routing and router based on covering route network
CN104994137B (en) * 2015-05-27 2019-01-22 四川卫士通信息安全平台技术有限公司 A kind of method of network readezvous point agency
CN106230898B (en) * 2016-07-21 2019-07-23 网宿科技股份有限公司 Network system, proxy server and its data processing method of application and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116257521A (en) * 2023-01-18 2023-06-13 深存科技(无锡)有限公司 KV storage method based on FPGA

Also Published As

Publication number Publication date
EP3432550A1 (en) 2019-01-23
EP3432550B1 (en) 2021-11-24
WO2018223488A1 (en) 2018-12-13
US10951438B1 (en) 2021-03-16
CN107181812A (en) 2017-09-19
CN107181812B (en) 2020-05-22
EP3432550A4 (en) 2019-04-24

Similar Documents

Publication Publication Date Title
US10951438B1 (en) Acceleration proxy device, acceleration proxy method, and content management system
CN107465590B (en) Network infrastructure system, method of routing network traffic and computer readable medium
CN112470436B (en) Systems, methods, and computer-readable media for providing multi-cloud connectivity
CN109802985B (en) Data transmission method, device, equipment and readable storage medium
JP2020162146A (en) System and method for distributed flow state p2p setup in virtual networks
US11005752B2 (en) Packet transmission
US9374297B2 (en) Method for implicit session routing
US9729578B2 (en) Method and system for implementing a network policy using a VXLAN network identifier
US10205698B1 (en) Source-dependent address resolution
KR101371993B1 (en) Method and apparatus for transparent cloud computing with a virtualized network infrastructure
US9215172B2 (en) Hashing-based routing table management
US9736263B2 (en) Temporal caching for ICN
EP2823628B1 (en) Spoofing technique for transparent proxy caching
US8953624B2 (en) Intelligent host route distribution for low latency forwarding and ubiquitous virtual machine mobility in interconnected data centers
US9203753B2 (en) Traffic optimization using network address and port translation in a computer cluster
US10805216B2 (en) Shared service access for multi-tenancy in a data center fabric
CN104734955A (en) Network function virtualization implementation method, wide-band network gateway and control device
US11757782B2 (en) Architectures for disaggregating SDN from the host
US10439936B2 (en) Packet data routing
CN111010340B (en) Data message forwarding control method and device and computing device
US10412047B2 (en) Method and system for network traffic steering towards a service device
CN102857547A (en) Distributed caching method and device
CN104579939B (en) Gateway protection method and device
CN108259205B (en) Route publishing method and network equipment
CN111031056A (en) Method for realizing security domain function in security group

Legal Events

Date Code Title Description
AS Assignment

Owner name: WANGSU SCIENCE & TECHNOLOGY CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:XIE, WENWEI;LIN, JIANYING;REEL/FRAME:046101/0697

Effective date: 20180612

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE