US20210075640A1 - Acceleration proxy device, acceleration proxy method, and content management system - Google Patents
Acceleration proxy device, acceleration proxy method, and content management system Download PDFInfo
- Publication number
- US20210075640A1 US20210075640A1 US16/062,961 US201716062961A US2021075640A1 US 20210075640 A1 US20210075640 A1 US 20210075640A1 US 201716062961 A US201716062961 A US 201716062961A US 2021075640 A1 US2021075640 A1 US 2021075640A1
- Authority
- US
- United States
- Prior art keywords
- module
- address
- access request
- acceleration
- bridge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
- H04L12/4625—Single bridge functionality, e.g. connection of two networks over a single bridge
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H04L61/2007—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H04L67/28—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
Definitions
- the present disclosure relates to the technical field of Internet and, more particularly, relates to an acceleration proxy device, an acceleration proxy method, and a content management system.
- VLAN Virtual Local Area Network
- a forwarding port of the VLAN is known as a trunk port.
- the trunk technology allows interconnection between switches, such that different VLANs communicate with the same VLAN in other switches through shared links.
- an acceleration proxy device often needs to be introduced into the network.
- the acceleration proxy devices are often deployed at the uplink of a core switch of a client network environment and at the downlink of a network address translation (NAT) device.
- NAT network address translation
- the existing acceleration proxy device shows following drawbacks:
- the existing acceleration proxy device cannot be deployed at the trunk circuit. Accordingly, the existing acceleration proxy device does not support the traverse of multiple VLANs. Further, if the acceleration proxy device is deployed at the uplink of the NAT device, because the safeguard of the client is often deployed at the NAT device, the acceleration proxy device needs to bear the safety risk. As such, the existing acceleration proxy device cannot be well integrated with the VLAN technology.
- an acceleration proxy device an acceleration proxy method, and a content management system.
- the technical solutions are as follows:
- an acceleration proxy device in one aspect, includes a network module, an application acceleration module, and a strategy routing module.
- the network module includes at least one bridge, and each bridge is associated with an IP address segment.
- the strategy routing module stores routing tables of the at least one bridge, and the routing table of each bridge includes a gateway corresponding to the bridge.
- the network module is configured to receive an access request from a target IP address segment through a target bridge, and to forward the access request to the application acceleration module.
- the application acceleration module is configured to bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request that is bound with the source IP address.
- the strategy routing module is configured to query a target gateway corresponding to the access request bound with the source IP address, and send the access request bound with the source IP address to the target gateway through the network module, such that the access request bound with the source IP address can be sent to a server through the target gateway.
- the acceleration proxy device is configured in a trunk link between a switch and a network address translation (NAT) device.
- NAT network address translation
- the network module is a local area network module used in a VLAN environment.
- the network module is also configured to remove a local area network identity carried in the access request, and to forward the access request with removed local area network identity to the application acceleration module.
- the network module is also configured to receive the access request bound with the source IP address sent by the strategy routing module, add the local area network identity to the access request bound with the source IP address for sending to the target gateway.
- the network module is also configured to receive response data fed back by the server, and forward the response data to the application acceleration module, where the response data carries a destination IP address;
- the application acceleration module is configured to forward the response data to a user to which the destination IP address points.
- the strategy routing module is configured to query a bridge to which the destination IP address corresponds, and send the response data to the user through the queried bridge.
- the network module is also configured to remove the local area network identity carried in the response data, and forward the response data with removed local area network identity to the application acceleration module.
- the network module is also configured to receive the response data sent by the strategy routing module, and add the local area network identity to the response data for sending to the user.
- a content management system including the aforementioned acceleration proxy device.
- an acceleration proxy method in another aspect, and the method includes:
- the method also includes:
- a local area network module in a VLAN environment as the network module, removing a local area network identity carried in the access request, and forwarding the access request with removed local area network identity to the application acceleration module.
- the method also includes:
- the method also includes:
- a content management system in another aspect, includes a memory, and instructions stored in the memory are configured to execute the aforementioned acceleration proxy methods.
- a content management system in another aspect, includes a processor, and the processor is configured to execute the aforementioned acceleration proxy methods.
- the disclosed network module may respectively provide corresponding bridges to local area networks from different IP address segments. Accordingly, when the application acceleration module sends out an access request of a user, the IP address of the corresponding bridge may be bound and set as the source IP address of the access request based on the IP address segment that the access request is from. Through the strategy routing module, default gateways corresponding to each bridge may be determined. Thus, based on the source IP address in the access request, the gateway that sends the access request is queried, such that the access request can be sent to the server through the queried gateway.
- the bridge corresponding to the destination IP address may be queried through the strategy routing module. Accordingly, the response data may be sent to the user through a connected route of the bridge.
- the acceleration proxy device, the acceleration proxy method, and the content management system provided by the present disclosure can be deployed in the trunk link, to integrate with the current VLAN technology. Accordingly, the network adaptive capability of the transparent proxying function of the device is enhanced.
- FIG. 1 illustrates a schematic view of network topology according to Embodiment 1 of the present disclosure
- FIG. 2 illustrates a structural schematic view of a content management system having an acceleration proxy device according to Embodiment 1 of the present disclosure
- FIG. 3 illustrates an interaction schematic view of each module in an acceleration proxy device according to Embodiment 1 of the present disclosure.
- FIG. 4 illustrates a flow chart of an acceleration proxy method according to Embodiment 2 of the present disclosure.
- Embodiments of the present disclosure provide an acceleration proxy device and a content management system having the acceleration proxy device.
- the acceleration proxy device may be located at a trunk link between a switch and a network address translation (NAT) device.
- the switch and the NAT device may each include a trunk interface, and a trunk link may be formed between the two trunk interfaces.
- the acceleration proxy device may include a pair of physical network cards eth 0 and ethl, and the two physical network cards may respectively perform data interaction with the switch or the NAT device.
- the acceleration proxy device may include a network module, an application acceleration module, and a strategy routing module.
- the network module may be a local area network module, e.g., a virtual local area network (VLAN) module, including at least one bridge, where each bridge is associated with an IP address segment.
- the strategy routing module stores routing tables of the at least one bridge, and the routing table of each bridge includes a gateway corresponding to the bridge. That is, the VLAN module may create a plurality of bridges, and each bridge may correspond to one VLAN. As such, each bridge is associated with the IP address segment of the VLAN, thereby achieving the same effect as the trunk link. That is, a plurality of VLANs may share one physical link.
- the VLAN module may create two virtual network cards, and may bridge the created virtual network cards to a bridge.
- the IP address segment of the VLAN may be 192.168.1.0/24
- two virtual network cards eth 0 . 101 and eth 1 . 101 may be respectively created at the physical network cards eth 0 and eth 1 .
- the two virtual network cards may be bridged to a bridge br_vlan 101 .
- the bridge br_vlan 101 may be configured with a bridge IP 192.168.1.2
- the bridge may be configured with a default gateway 192.168.1.1.
- the aforementioned correspondence relationship between the bridge and the gateway may be stored as a routing table in the strategy routing module.
- the network module may receive an access request from a target IP address segment through a target bridge, and forward the access request to the application acceleration module.
- the IP address segment of the VLAN 101 i.e., 192.168.1.0/24
- the bridge br_vlan 101 to which the VLAN 101 corresponds may be used as the target bridge.
- all user access requests from the VLAN 101 may be received by the bridge br_vlan 101 .
- the access request may be sent to the application acceleration module.
- the access request may include a local area network identity and a source IP address of a user that sends the access request.
- the local area network identity needs to be removed from all data sent to the application layer. Accordingly, the network module may be further configured to remove the local area network identity carried in the access request, and forward the access request with removed local area network identity to the application acceleration module.
- the application acceleration module may bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request bound with the source IP address. For example, after the application acceleration module receives the access request, it may be determined that the source IP address in the access request belongs to the segment 192.168.1.0/24. Further, the IP address of the target bridge to which this segment corresponds may be used as the source IP address to be bounded to the access request. Accordingly, the source IP address of the access request is the IP address of the bridge br_vlan 101 , i.e., 192.168.1.2. After the source IP address is bound to the access request, the application acceleration module may forward the access request outwards.
- the strategy routing module may query a target gateway corresponding to the access request bound with the source IP address. For example, in the routing table, the correspondence relationship between the IP address of the bridge and the IP address of the gateway may be recorded. As such, for the bridge IP address 192.168.1.2, the IP address of the corresponding gateway may be 192.168.1.1. Thus, after the target gateway is queried, the access request bound with the source IP address may be sent to the target gateway through the network module, such that the access request bound with the source IP address may be further sent to a server through the gateway.
- a corresponding local area network identity may be added into the access request. That is, the network module may receive the access request bound with the source IP address sent by the strategy routing module, and add the local area network identity to the access request bound with the source IP address for sending to the target gateway.
- the local area network identity described here may be the same as the previously removed local area network identity, for example, they may be both VLAN 101 .
- the server may respond to the received access request and feed back response data to the acceleration proxy device.
- the server may use the source IP address in the access request as a destination IP address of the response data, thereby sending response data to the destination IP address.
- the source IP address in the access request is bound and set as the IP address of the bridge by the application acceleration module.
- the destination IP address of the response data is used as the IP address of the bridge.
- the destination IP address may be the IP address of the bridge br_vlan 101 , i.e., 192.168.1.2.
- the aforementioned access request may include, other than the bound source IP address, an IP address of the user that sends the access request.
- the response data may similarly include the IP address of the user.
- the network module may receive the response data fed back by the server, and forward the response data to the application acceleration module, where the response data carries the destination IP address.
- the network module may remove the local area network identity carried in the response data. For example, the VLAN 101 may be removed. Further, the response data with removed local area network identity may be forwarded to the application acceleration module.
- the application acceleration module may, based on the destination IP address carried in the response data, forward the response data to the destination IP address through the strategy routing module.
- the strategy routing module may query the bridge to which the destination IP address corresponds, and send the response data to the user through the queried bridge. More specifically, the routing table may record the IP address of each bridge. Thus, the strategy routing module may query to obtain that the corresponding bridge is br_vlan 101 based on the destination IP address 192.168.1.2. Accordingly, the strategy routing module may send the response data to the terminal to which the user IP address points through the connected route.
- the response data sent by the application acceleration module is data with removed local area network identity.
- the bridge in the network module may add the local area network identity to the response data for sending to the user.
- the present disclosure further provides an acceleration proxy method, and the method includes:
- S 1 receiving, by a network module, an access request from a target IP address segment through a target bridge, and forwarding, by the network module, the access request to an application acceleration module;
- S 2 binding and setting, by the application acceleration module, an IP address of the target bridge as a source IP address of the access request, and forwarding, by the application acceleration module, the access request bound with the source IP address;
- S 3 querying, by a strategy routing module, a target gateway corresponding to the access request bound with the source IP address, and sending, by the strategy routing module, the access request bound with the source IP address to the target gateway through the network module, thereby sending the access request bound with the source IP address to a server through the target gateway.
- the method further includes:
- a local area network module in a VLAN environment as the network module, removing a local area network identity carried in the access request, and forwarding the access request with removed local area network identity to the application acceleration module.
- the method further includes:
- the method further includes:
- the present disclosure further provides a content management system.
- the content management system includes a memory, and instructions stored in the memory are configured to execute the aforementioned acceleration proxy method.
- the present disclosure further provides a content management system.
- the content management system includes a processor, and the processor is configured to execute the aforementioned acceleration proxy method.
- the memory may be a storage device for storing information.
- the device that stores binary data may be a memory.
- a circuit without practical form but having a storage function may also be a memory, such as random access memory (RAM), and first-input-first-output (FIFO).
- RAM random access memory
- FIFO first-input-first-output
- the memory device having a practical form may be called a memory, such as a memory bank and a trans-flash (TF) card.
- the processor may be implemented by any appropriate form.
- the processor may be in a form of micro-processor or processor, or a computer-readable medium that stores computer-readable program codes (e.g., software or firmware) executable by the (micro-) processor, a logical gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded micro-controller, etc.
- computer-readable program codes e.g., software or firmware
- the disclosed network module may respectively provide corresponding bridges to local area networks from different IP address segments. Accordingly, when the application acceleration module sends out an access request of a user, the IP address of the corresponding bridge may be bound and set as the source IP address of the access request based on the IP address segment that the access request is from. Through the strategy routing module, default gateways corresponding to each bridge may be determined. Thus, based on the source IP address in the access request, the gateway that sends the access request is queried, such that the access request may be sent to the server through the queried gateway.
- the bridge corresponding to the destination IP address may be queried through the strategy routing module. Accordingly, the response data may be sent to the user through a directly connected route of the bridge.
- the acceleration proxy device, the acceleration proxy method, and the content management system provided by the present disclosure may be deployed in the trunk link, to integrate with the current VLAN technology. Accordingly, the network adaptive capability of the transparent proxying function of the device is enhanced.
- the system embodiments described above are merely for illustrative purpose.
- the units described as separated parts may or may not be physically detached.
- the parts displayed as units may or may not be physical units, i.e., may be located at one place, or distributed at a plurality of network units. Based on the actual needs, a part or all of the modules may be selected to achieve the objective of the embodiments. Those ordinarily skilled in the art may understand and implement the disclosed embodiments without contributing creative labor.
- the embodiments may be implemented by means of software in conjunction with an essential common hardware platform, or may be simply implemented by hardware. Based on such understanding, the essential part of the aforementioned technical solutions or the part that contribute to the prior art may be embodied in the form of software products.
- the software products may be stored in computer readable storage media, such as ROM/RAM, magnetic disk, and optical disk, etc., and may include a plurality of instructions to enable a computer device (may be a personal computer, a server, or a network device) to execute the methods described in various embodiments or parts of the embodiments.
Abstract
An acceleration proxy device includes a network module, an application acceleration module, and a strategy routing module. The network module includes at least one bridge, and each bridge is associated with an IP address segment. The strategy routing module stores routing tables of the at least one bridge, and a routing table of each bridge includes a gateway corresponding to the bridge.
Description
- The present disclosure relates to the technical field of Internet and, more particularly, relates to an acceleration proxy device, an acceleration proxy method, and a content management system.
- In existing network deployment, VLAN (Virtual Local Area Network) is a commonly used technology. In the routing/switching field, a forwarding port of the VLAN is known as a trunk port. The trunk technology allows interconnection between switches, such that different VLANs communicate with the same VLAN in other switches through shared links. Currently, to provide services such as caching response and optimizing back-to-source links upon user's request, an acceleration proxy device often needs to be introduced into the network. The acceleration proxy devices are often deployed at the uplink of a core switch of a client network environment and at the downlink of a network address translation (NAT) device.
- When the core switch is connected to the NAT device through the trunk port, the existing acceleration proxy device shows following drawbacks:
- because of various aspects of reasons such as not supporting the bridge of multiple VLANs, the back-to-source address of the application layer being determined by the system, and not supporting the multi-segment routing, the existing acceleration proxy device cannot be deployed at the trunk circuit. Accordingly, the existing acceleration proxy device does not support the traverse of multiple VLANs. Further, if the acceleration proxy device is deployed at the uplink of the NAT device, because the safeguard of the client is often deployed at the NAT device, the acceleration proxy device needs to bear the safety risk. As such, the existing acceleration proxy device cannot be well integrated with the VLAN technology.
- To solve issues in existing technologies, embodiments of the present disclosure provide an acceleration proxy device, an acceleration proxy method, and a content management system. The technical solutions are as follows:
- In one aspect, an acceleration proxy device is provided, and the acceleration proxy device includes a network module, an application acceleration module, and a strategy routing module. The network module includes at least one bridge, and each bridge is associated with an IP address segment. The strategy routing module stores routing tables of the at least one bridge, and the routing table of each bridge includes a gateway corresponding to the bridge. The network module is configured to receive an access request from a target IP address segment through a target bridge, and to forward the access request to the application acceleration module. The application acceleration module is configured to bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request that is bound with the source IP address. The strategy routing module is configured to query a target gateway corresponding to the access request bound with the source IP address, and send the access request bound with the source IP address to the target gateway through the network module, such that the access request bound with the source IP address can be sent to a server through the target gateway.
- Further, the acceleration proxy device is configured in a trunk link between a switch and a network address translation (NAT) device.
- Further, the network module is a local area network module used in a VLAN environment.
- Further, the network module is also configured to remove a local area network identity carried in the access request, and to forward the access request with removed local area network identity to the application acceleration module.
- Further, the network module is also configured to receive the access request bound with the source IP address sent by the strategy routing module, add the local area network identity to the access request bound with the source IP address for sending to the target gateway.
- Further, the network module is also configured to receive response data fed back by the server, and forward the response data to the application acceleration module, where the response data carries a destination IP address;
- the application acceleration module is configured to forward the response data to a user to which the destination IP address points.
- the strategy routing module is configured to query a bridge to which the destination IP address corresponds, and send the response data to the user through the queried bridge.
- Further, the network module is also configured to remove the local area network identity carried in the response data, and forward the response data with removed local area network identity to the application acceleration module.
- Further, the network module is also configured to receive the response data sent by the strategy routing module, and add the local area network identity to the response data for sending to the user.
- In another aspect, a content management system is provided, including the aforementioned acceleration proxy device.
- In another aspect, an acceleration proxy method is provided, and the method includes:
- receiving, by a network module, an access request from a target IP address segment through a target bridge, and forwarding, by the network module, the access request to an application acceleration module;
- binding and setting, by the application acceleration module, an IP address of the target bridge as a source IP address of the access request, and forwarding, by the application acceleration module, the access request bound with the source IP address;
- querying, by a strategy routing module, a target gateway corresponding to the access request bound with the source IP address, and sending, by the strategy routing module, the access request bound with the source IP address to the target gateway through the network module, thereby sending the access request bound with the source IP address to a server through the target gateway.
- Further, the method also includes:
- using a local area network module in a VLAN environment as the network module, removing a local area network identity carried in the access request, and forwarding the access request with removed local area network identity to the application acceleration module.
- Further, the method also includes:
- receiving, by the network module, the access request bound with the source IP address sent by the strategy routing module, and adding the local area network identity to the access request bound with the source IP address for sending to the target gateway.
- Further, the method also includes:
- receiving, by the network module, response data fed back by the server, and forwarding, by the network module, the response data to the application acceleration module, where the response data carries a destination IP address;
- forwarding, by the application acceleration module, the response data to a user to which the destination IP address points;
- querying, by the strategy routing module, a bridge corresponding to the destination IP address, and sending, by the strategy routing module, the response data to the user through the queried bridge.
- In another aspect, a content management system is provided. The content management system includes a memory, and instructions stored in the memory are configured to execute the aforementioned acceleration proxy methods.
- In another aspect, a content management system is provided. The content management system includes a processor, and the processor is configured to execute the aforementioned acceleration proxy methods.
- Beneficial effects brought about by technical solutions of the present disclosure include: the disclosed network module may respectively provide corresponding bridges to local area networks from different IP address segments. Accordingly, when the application acceleration module sends out an access request of a user, the IP address of the corresponding bridge may be bound and set as the source IP address of the access request based on the IP address segment that the access request is from. Through the strategy routing module, default gateways corresponding to each bridge may be determined. Thus, based on the source IP address in the access request, the gateway that sends the access request is queried, such that the access request can be sent to the server through the queried gateway. Further, after receiving the response data fed back by the server, based on the destination IP address in the response data, the bridge corresponding to the destination IP address may be queried through the strategy routing module. Accordingly, the response data may be sent to the user through a connected route of the bridge. As such, the acceleration proxy device, the acceleration proxy method, and the content management system provided by the present disclosure can be deployed in the trunk link, to integrate with the current VLAN technology. Accordingly, the network adaptive capability of the transparent proxying function of the device is enhanced.
- To more clearly illustrate technical solutions of the present disclosure, accompanying drawings used in descriptions of embodiments hereinbelow are introduced briefly. Obviously, the accompanying drawings described hereinafter are only some embodiments of the present disclosure, and for those ordinarily skilled in the relevant art, other drawings may be obtained from these accompanying drawings without creative labor.
-
FIG. 1 illustrates a schematic view of network topology according to Embodiment 1 of the present disclosure; -
FIG. 2 illustrates a structural schematic view of a content management system having an acceleration proxy device according to Embodiment 1 of the present disclosure; -
FIG. 3 illustrates an interaction schematic view of each module in an acceleration proxy device according to Embodiment 1 of the present disclosure; and -
FIG. 4 illustrates a flow chart of an acceleration proxy method according to Embodiment 2 of the present disclosure. - To make the objective, technical solutions and advantages of the present disclosure clearer, embodiments of the present disclosure are described in more details with reference to the accompanying drawings.
- Embodiments of the present disclosure provide an acceleration proxy device and a content management system having the acceleration proxy device. Referring to
FIG. 1 , the acceleration proxy device may be located at a trunk link between a switch and a network address translation (NAT) device. The switch and the NAT device may each include a trunk interface, and a trunk link may be formed between the two trunk interfaces. The acceleration proxy device may include a pair of physical network cards eth0 and ethl, and the two physical network cards may respectively perform data interaction with the switch or the NAT device. - Referring to
FIG. 1 -FIG. 3 , in one embodiment, the acceleration proxy device may include a network module, an application acceleration module, and a strategy routing module. The network module may be a local area network module, e.g., a virtual local area network (VLAN) module, including at least one bridge, where each bridge is associated with an IP address segment. The strategy routing module stores routing tables of the at least one bridge, and the routing table of each bridge includes a gateway corresponding to the bridge. That is, the VLAN module may create a plurality of bridges, and each bridge may correspond to one VLAN. As such, each bridge is associated with the IP address segment of the VLAN, thereby achieving the same effect as the trunk link. That is, a plurality of VLANs may share one physical link. - More specifically, in one embodiment, for each VLAN, the VLAN module may create two virtual network cards, and may bridge the created virtual network cards to a bridge. For example, for the VLAN with a VLAN identity of 101, the IP address segment of the VLAN may be 192.168.1.0/24, and two virtual network cards eth0.101 and eth1.101 may be respectively created at the physical network cards eth0 and eth1. The two virtual network cards may be bridged to a bridge br_vlan101. Further, the bridge br_vlan101 may be configured with a bridge IP 192.168.1.2, and the bridge may be configured with a default gateway 192.168.1.1. The aforementioned correspondence relationship between the bridge and the gateway may be stored as a routing table in the strategy routing module.
- In one embodiment, the network module may receive an access request from a target IP address segment through a target bridge, and forward the access request to the application acceleration module. Given the VLAN with a VLAN identity of 101 as an example, the IP address segment of the VLAN 101, i.e., 192.168.1.0/24, may be treated as the target IP address segment, and the bridge br_vlan101 to which the VLAN 101 corresponds may be used as the target bridge. Thus, all user access requests from the VLAN 101 may be received by the bridge br_vlan101. After the bridge br_vlan101 receives an access request, the access request may be sent to the application acceleration module. The access request may include a local area network identity and a source IP address of a user that sends the access request. In practical application process, the local area network identity needs to be removed from all data sent to the application layer. Accordingly, the network module may be further configured to remove the local area network identity carried in the access request, and forward the access request with removed local area network identity to the application acceleration module.
- In one embodiment, the application acceleration module may bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request bound with the source IP address. For example, after the application acceleration module receives the access request, it may be determined that the source IP address in the access request belongs to the segment 192.168.1.0/24. Further, the IP address of the target bridge to which this segment corresponds may be used as the source IP address to be bounded to the access request. Accordingly, the source IP address of the access request is the IP address of the bridge br_vlan101, i.e., 192.168.1.2. After the source IP address is bound to the access request, the application acceleration module may forward the access request outwards.
- After the access request is forwarded, the strategy routing module may query a target gateway corresponding to the access request bound with the source IP address. For example, in the routing table, the correspondence relationship between the IP address of the bridge and the IP address of the gateway may be recorded. As such, for the bridge IP address 192.168.1.2, the IP address of the corresponding gateway may be 192.168.1.1. Thus, after the target gateway is queried, the access request bound with the source IP address may be sent to the target gateway through the network module, such that the access request bound with the source IP address may be further sent to a server through the gateway.
- In practical application process, when the network module sends the access request, a corresponding local area network identity may be added into the access request. That is, the network module may receive the access request bound with the source IP address sent by the strategy routing module, and add the local area network identity to the access request bound with the source IP address for sending to the target gateway. The local area network identity described here may be the same as the previously removed local area network identity, for example, they may be both VLAN 101.
- In one embodiment, the server may respond to the received access request and feed back response data to the acceleration proxy device. When feeding back the response data, the server may use the source IP address in the access request as a destination IP address of the response data, thereby sending response data to the destination IP address. As described above, the source IP address in the access request is bound and set as the IP address of the bridge by the application acceleration module. Thus, the destination IP address of the response data is used as the IP address of the bridge. For example, the destination IP address may be the IP address of the bridge br_vlan101, i.e., 192.168.1.2. Further, the aforementioned access request may include, other than the bound source IP address, an IP address of the user that sends the access request. Thus, the response data may similarly include the IP address of the user.
- In one embodiment, the network module may receive the response data fed back by the server, and forward the response data to the application acceleration module, where the response data carries the destination IP address. When the response data is forwarded to the application acceleration module, the network module may remove the local area network identity carried in the response data. For example, the VLAN 101 may be removed. Further, the response data with removed local area network identity may be forwarded to the application acceleration module.
- In one embodiment, the application acceleration module may, based on the destination IP address carried in the response data, forward the response data to the destination IP address through the strategy routing module. After the response data is forwarded, the strategy routing module may query the bridge to which the destination IP address corresponds, and send the response data to the user through the queried bridge. More specifically, the routing table may record the IP address of each bridge. Thus, the strategy routing module may query to obtain that the corresponding bridge is br_vlan101 based on the destination IP address 192.168.1.2. Accordingly, the strategy routing module may send the response data to the terminal to which the user IP address points through the connected route. It should be noted that, in practical application scenarios, the response data sent by the application acceleration module is data with removed local area network identity. Thus, after receiving the response data sent by the strategy routing module, the bridge in the network module may add the local area network identity to the response data for sending to the user.
- Referring to
FIG. 4 , the present disclosure further provides an acceleration proxy method, and the method includes: - S1: receiving, by a network module, an access request from a target IP address segment through a target bridge, and forwarding, by the network module, the access request to an application acceleration module;
- S2: binding and setting, by the application acceleration module, an IP address of the target bridge as a source IP address of the access request, and forwarding, by the application acceleration module, the access request bound with the source IP address;
- S3: querying, by a strategy routing module, a target gateway corresponding to the access request bound with the source IP address, and sending, by the strategy routing module, the access request bound with the source IP address to the target gateway through the network module, thereby sending the access request bound with the source IP address to a server through the target gateway.
- In one embodiment, the method further includes:
- using a local area network module in a VLAN environment as the network module, removing a local area network identity carried in the access request, and forwarding the access request with removed local area network identity to the application acceleration module.
- In one embodiment, the method further includes:
- receiving, by the network module, the access request bound with the source IP address sent by the strategy routing module, and adding the local area network identity to the access request bound with the source IP address for sending to the target gateway.
- In one embodiment, the method further includes:
- receiving, by the network module, response data fed back by the server, and forwarding, by the network module, the response data to the application acceleration module, where the response data carries a destination IP address;
- forwarding, by the application acceleration module, the response data to a user to which the destination IP address points;
- querying, by the strategy routing module, a bridge corresponding to the destination IP address, and sending, by the strategy routing module, the response data to the user through the queried bridge.
- The present disclosure further provides a content management system. The content management system includes a memory, and instructions stored in the memory are configured to execute the aforementioned acceleration proxy method.
- The present disclosure further provides a content management system. The content management system includes a processor, and the processor is configured to execute the aforementioned acceleration proxy method.
- In one embodiment, the memory may be a storage device for storing information. In a digital system, the device that stores binary data may be a memory. In an integrated circuit, a circuit without practical form but having a storage function may also be a memory, such as random access memory (RAM), and first-input-first-output (FIFO). In a system, the memory device having a practical form may be called a memory, such as a memory bank and a trans-flash (TF) card.
- The processor may be implemented by any appropriate form. For example, the processor may be in a form of micro-processor or processor, or a computer-readable medium that stores computer-readable program codes (e.g., software or firmware) executable by the (micro-) processor, a logical gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded micro-controller, etc. The present disclosure is not limited thereto.
- As such, beneficial effects brought about by technical solutions of the present disclosure include: the disclosed network module may respectively provide corresponding bridges to local area networks from different IP address segments. Accordingly, when the application acceleration module sends out an access request of a user, the IP address of the corresponding bridge may be bound and set as the source IP address of the access request based on the IP address segment that the access request is from. Through the strategy routing module, default gateways corresponding to each bridge may be determined. Thus, based on the source IP address in the access request, the gateway that sends the access request is queried, such that the access request may be sent to the server through the queried gateway. Further, after receiving the response data fed back by the server, based on the destination IP address in the response data, the bridge corresponding to the destination IP address may be queried through the strategy routing module. Accordingly, the response data may be sent to the user through a directly connected route of the bridge. As such, the acceleration proxy device, the acceleration proxy method, and the content management system provided by the present disclosure may be deployed in the trunk link, to integrate with the current VLAN technology. Accordingly, the network adaptive capability of the transparent proxying function of the device is enhanced.
- Sequence numbers of aforementioned embodiments of the present disclosure are merely for descriptive purposes, and do not represent any preference of the disclosed embodiments.
- The system embodiments described above are merely for illustrative purpose. The units described as separated parts may or may not be physically detached. The parts displayed as units may or may not be physical units, i.e., may be located at one place, or distributed at a plurality of network units. Based on the actual needs, a part or all of the modules may be selected to achieve the objective of the embodiments. Those ordinarily skilled in the art may understand and implement the disclosed embodiments without contributing creative labor.
- Through the descriptions of various aforementioned embodiments, those skilled in the art may clearly understand that the embodiments may be implemented by means of software in conjunction with an essential common hardware platform, or may be simply implemented by hardware. Based on such understanding, the essential part of the aforementioned technical solutions or the part that contribute to the prior art may be embodied in the form of software products. The software products may be stored in computer readable storage media, such as ROM/RAM, magnetic disk, and optical disk, etc., and may include a plurality of instructions to enable a computer device (may be a personal computer, a server, or a network device) to execute the methods described in various embodiments or parts of the embodiments.
- The foregoing are merely certain preferred embodiments of the present disclosure, and are not intended to limit the present disclosure. Without departing from the spirit and principles of the present disclosure, any modifications, equivalent substitutions, and improvements, etc. shall fall within the scope of the present disclosure.
Claims (15)
1. An acceleration proxy device comprising:
a network module,
an application acceleration module, and
a strategy routing module,
wherein the network module includes at least one bridge, each bridge is associated with an IP address segment, the strategy routing module stores routing tables of the at least one bridge, and a routing table of each bridge includes a gateway corresponding to the bridge,
the network module is configured to receive an access request from a target IP address segment through a target bridge and forward the access request to the application acceleration module,
the application acceleration module is configured to bind and set an IP address of the target bridge as a source IP address of the access request and forward the access request bound with the source IP address, and
the strategy routing module is configured to query a target gateway corresponding to the access request bound with the source IP address, and to send the access request bound with the source IP address to the target gateway through the network module, such that the access request bound with the source IP address is sent to a server through the target gateway.
2. The acceleration proxy device according to claim 1 , wherein:
the acceleration proxy device is configured in a trunk link between a switch and a network address translation (NAT) device.
3. The acceleration proxy device according to claim 1 , wherein:
the network module is a local area network module used in a VLAN environment.
4. The acceleration proxy device according to claim 3 , wherein:
the network module is further configured to remove a local area network identity carried in the access request, and to forward the access request with removed local area network identity to the application acceleration module.
5. The acceleration proxy device according to claim 4 , wherein:
the network module is further configured to receive the access request bound with the source IP address sent by the strategy routing module, and to add the local area network identity to the access request bound with the source IP address for sending to the target gateway.
6. The acceleration proxy device according to claim 1 , wherein:
the network module is further configured to receive response data fed back by the server, and to forward the response data to the application acceleration module, wherein the response data carries a destination IP address;
the application acceleration module is configured to forward the response data to a user to which the destination IP address points;
the strategy routing module is configured to query a bridge to which the destination IP address corresponds, and to send the response data to the user through the queried bridge.
7. The acceleration proxy device according to claim 6 , wherein:
the network module is further configured to remove a local area network identity carried in the response data, and to forward the response data with removed local area network identity to the application acceleration module.
8. The acceleration proxy device according to claim 7 , wherein:
the network module is further configured to receive the response data sent by the strategy routing module, and to add the local area network identity to the response data for sending to the user.
9. A content management system according to claim 1 , wherein:,
the content management system includes the acceleration proxy device.
10. An acceleration proxy method, comprising:
receiving, by a network module, an access request from a target IP address segment through a target bridge, and forwarding, by the network module, the access request to an application acceleration module;
binding and setting, by the application acceleration module, an IP address of the target bridge as a source IP address of the access request, and forwarding, by the application acceleration module, the access request bound with the source IP address;
querying, by the strategy routing module, a target gateway corresponding to the access request bound with the source IP address, and sending, by the strategy routing module, the access request bound with the source IP address to the target gateway through the network module, thereby sending the access request bound with the source IP address to a server through the target gateway.
11. The acceleration proxy method according to claim 10 , further comprising:
using a local area network module in a VLAN environment as the network module,
removing a local area network identity carried in the access request, and
forwarding the access request with removed local area network identity to the application acceleration module.
12. The acceleration proxy method according to claim 11 , further comprising:
receiving, by the network module, the access request bound with the source IP address sent by the strategy routing module, and
adding, by the network module, the local area network identity to the access request bound with the source IP address for sending to the target gateway.
13. The acceleration proxy method according to claim 10 , further comprising:
receiving, by the network module, response data fed back by the server, and forwarding, by the network module, the response data to the application acceleration module, wherein the response data carries a destination IP address;
forwarding, by the application acceleration module, the response data to a user to which the destination IP address points;
querying, by the strategy routing module, a bridge corresponding to the destination IP address, and sending, by the strategy routing module, the response data to the user through the queried bridge.
14. A content management system according to claim 10 , comprising
a memory,
wherein instructions stored in the memory are configured to execute the acceleration proxy method.
15. A content management system according to claim 10 , comprising:
a processor,
wherein the processor is configured to execute the acceleration proxy method.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710428820.4 | 2017-06-08 | ||
CN201710428820.4A CN107181812B (en) | 2017-06-08 | 2017-06-08 | Acceleration agent device, acceleration agent method and content management system |
PCT/CN2017/092756 WO2018223488A1 (en) | 2017-06-08 | 2017-07-13 | Acceleration proxy device, acceleration proxy method and content management system |
Publications (2)
Publication Number | Publication Date |
---|---|
US20210075640A1 true US20210075640A1 (en) | 2021-03-11 |
US10951438B1 US10951438B1 (en) | 2021-03-16 |
Family
ID=59836466
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/062,961 Active 2038-12-21 US10951438B1 (en) | 2017-06-08 | 2017-07-13 | Acceleration proxy device, acceleration proxy method, and content management system |
Country Status (4)
Country | Link |
---|---|
US (1) | US10951438B1 (en) |
EP (1) | EP3432550B1 (en) |
CN (1) | CN107181812B (en) |
WO (1) | WO2018223488A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116257521A (en) * | 2023-01-18 | 2023-06-13 | 深存科技(无锡)有限公司 | KV storage method based on FPGA |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108494748B (en) * | 2018-03-08 | 2021-06-04 | 网宿科技股份有限公司 | Communication method, device and storage medium |
CN110719343B (en) * | 2019-09-12 | 2022-04-22 | 厦门网宿有限公司 | Service acceleration processing method and system, and entrance and exit network equipment |
CN112422396B (en) * | 2020-11-04 | 2022-04-19 | 郑州信大捷安信息技术股份有限公司 | TCP network transmission acceleration method and system based on SSLVPN channel |
CN112953833B (en) * | 2021-03-25 | 2022-04-15 | 全讯汇聚网络科技(北京)有限公司 | Method, system and gateway equipment for realizing three-layer route forwarding based on network bridge |
CN114339133B (en) * | 2022-03-10 | 2022-05-31 | 南京旭顶通讯科技有限公司 | Network acceleration method, equipment and storage medium for connecting different video conference terminals |
CN116527586B (en) * | 2023-07-05 | 2023-09-19 | 北京亿赛通科技发展有限责任公司 | Series proxy system based on multilink load balancing network |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040044754A1 (en) * | 2002-08-27 | 2004-03-04 | Virdy Macmohana Singh | Virtual local area network provisioning in bridged networks |
US8713696B2 (en) * | 2006-01-13 | 2014-04-29 | Demand Media, Inc. | Method and system for dynamic digital rights bundling |
US8194674B1 (en) * | 2007-12-20 | 2012-06-05 | Quest Software, Inc. | System and method for aggregating communications and for translating between overlapping internal network addresses and unique external network addresses |
CN101729388B (en) * | 2008-10-22 | 2012-01-25 | 华为技术有限公司 | Method, media gateway and network system for realizing network address conversion |
CN101383778B (en) * | 2008-10-27 | 2011-04-13 | 杭州华三通信技术有限公司 | Packet transmission method based on network dual exit and exit router |
US8200752B2 (en) * | 2009-12-23 | 2012-06-12 | Citrix Systems, Inc. | Systems and methods for policy based transparent client IP insertion |
US9282097B2 (en) * | 2010-05-07 | 2016-03-08 | Citrix Systems, Inc. | Systems and methods for providing single sign on access to enterprise SAAS and cloud hosted applications |
CN102710485B (en) * | 2012-05-07 | 2015-01-07 | 深信服网络科技(深圳)有限公司 | Transparent proxy method and proxy server |
CN103780468B (en) * | 2012-10-22 | 2019-06-14 | 中兴通讯股份有限公司 | Method, intelligent terminal and the route-bridge of intelligent terminal access TRILL network |
CN103997479B (en) * | 2013-02-17 | 2018-06-15 | 新华三技术有限公司 | A kind of asymmetric services IP Proxy Methods and equipment |
CN103428095B (en) * | 2013-08-26 | 2016-12-28 | 深信服网络科技(深圳)有限公司 | A kind of proxy server and Proxy Method thereof |
CN103763407A (en) | 2014-01-28 | 2014-04-30 | 上海斐讯数据通信技术有限公司 | Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system |
CN105490910B (en) * | 2014-09-19 | 2020-02-07 | 北京奇虎科技有限公司 | Network communication method and client |
CN105530185B (en) * | 2014-09-29 | 2018-12-25 | 优视科技有限公司 | Covering route network, method for routing and router based on covering route network |
CN104994137B (en) * | 2015-05-27 | 2019-01-22 | 四川卫士通信息安全平台技术有限公司 | A kind of method of network readezvous point agency |
CN106230898B (en) * | 2016-07-21 | 2019-07-23 | 网宿科技股份有限公司 | Network system, proxy server and its data processing method of application and system |
-
2017
- 2017-06-08 CN CN201710428820.4A patent/CN107181812B/en not_active Expired - Fee Related
- 2017-07-13 EP EP17900277.9A patent/EP3432550B1/en active Active
- 2017-07-13 US US16/062,961 patent/US10951438B1/en active Active
- 2017-07-13 WO PCT/CN2017/092756 patent/WO2018223488A1/en active Application Filing
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116257521A (en) * | 2023-01-18 | 2023-06-13 | 深存科技(无锡)有限公司 | KV storage method based on FPGA |
Also Published As
Publication number | Publication date |
---|---|
EP3432550A1 (en) | 2019-01-23 |
EP3432550B1 (en) | 2021-11-24 |
WO2018223488A1 (en) | 2018-12-13 |
US10951438B1 (en) | 2021-03-16 |
CN107181812A (en) | 2017-09-19 |
CN107181812B (en) | 2020-05-22 |
EP3432550A4 (en) | 2019-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10951438B1 (en) | Acceleration proxy device, acceleration proxy method, and content management system | |
CN107465590B (en) | Network infrastructure system, method of routing network traffic and computer readable medium | |
CN112470436B (en) | Systems, methods, and computer-readable media for providing multi-cloud connectivity | |
CN109802985B (en) | Data transmission method, device, equipment and readable storage medium | |
JP2020162146A (en) | System and method for distributed flow state p2p setup in virtual networks | |
US11005752B2 (en) | Packet transmission | |
US9374297B2 (en) | Method for implicit session routing | |
US9729578B2 (en) | Method and system for implementing a network policy using a VXLAN network identifier | |
US10205698B1 (en) | Source-dependent address resolution | |
KR101371993B1 (en) | Method and apparatus for transparent cloud computing with a virtualized network infrastructure | |
US9215172B2 (en) | Hashing-based routing table management | |
US9736263B2 (en) | Temporal caching for ICN | |
EP2823628B1 (en) | Spoofing technique for transparent proxy caching | |
US8953624B2 (en) | Intelligent host route distribution for low latency forwarding and ubiquitous virtual machine mobility in interconnected data centers | |
US9203753B2 (en) | Traffic optimization using network address and port translation in a computer cluster | |
US10805216B2 (en) | Shared service access for multi-tenancy in a data center fabric | |
CN104734955A (en) | Network function virtualization implementation method, wide-band network gateway and control device | |
US11757782B2 (en) | Architectures for disaggregating SDN from the host | |
US10439936B2 (en) | Packet data routing | |
CN111010340B (en) | Data message forwarding control method and device and computing device | |
US10412047B2 (en) | Method and system for network traffic steering towards a service device | |
CN102857547A (en) | Distributed caching method and device | |
CN104579939B (en) | Gateway protection method and device | |
CN108259205B (en) | Route publishing method and network equipment | |
CN111031056A (en) | Method for realizing security domain function in security group |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: WANGSU SCIENCE & TECHNOLOGY CO., LTD., CHINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:XIE, WENWEI;LIN, JIANYING;REEL/FRAME:046101/0697 Effective date: 20180612 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |