WO2016086755A1 - Procédé de traitement de paquets et serveur mandataire transparent - Google Patents

Procédé de traitement de paquets et serveur mandataire transparent Download PDF

Info

Publication number
WO2016086755A1
WO2016086755A1 PCT/CN2015/094131 CN2015094131W WO2016086755A1 WO 2016086755 A1 WO2016086755 A1 WO 2016086755A1 CN 2015094131 W CN2015094131 W CN 2015094131W WO 2016086755 A1 WO2016086755 A1 WO 2016086755A1
Authority
WO
WIPO (PCT)
Prior art keywords
web server
server
address
transparent proxy
domain name
Prior art date
Application number
PCT/CN2015/094131
Other languages
English (en)
Chinese (zh)
Inventor
张振华
施雄俊
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2016086755A1 publication Critical patent/WO2016086755A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a packet processing method and a transparent proxy server.
  • VAS Value Added Servers
  • the transparent proxy server is located between the client and the World Wide Web (WEB) server, and the client initiates the domain name to the Domain Name System (DNS). Parsing the request to obtain the IP address of the WEB server, the transparent proxy server constructs a connection between the client and the WEB server, and the client sends the service packet to the WEB server by using the IP address of the WEB service as the destination IP address.
  • the transparent proxy server identifies the service type of the service packet by using deep packet inspection (DPI), and determines a VAS server for processing the service packet according to the service type, and then the transparent proxy server is disconnected.
  • DPI deep packet inspection
  • the transparent proxy server needs to identify the service packet sent by the user through the DPI to determine the VAS server, so that the data packet cannot be obtained in time. Processing affects the user experience.
  • the embodiment of the invention provides a method for processing a message, which can shorten the length of time for the transparent proxy server to determine the VAS server, and enable the service packet exchanged between the user and the WEB server to obtain the processing of the VAS server in time, and improve the user. Experience.
  • a first aspect of the embodiments of the present invention provides a packet processing method, including:
  • the transparent proxy server obtains the handshake message sent by the client to the WEB server.
  • the transparent proxy server determines the target VAS server according to the destination IP address and the corresponding relationship, and the corresponding relationship is VAS. Correspondence between the server and the IP address of the target WEB server;
  • the transparent proxy server constructs a connection between the user end, the target VAS server, and the WEB server, where the target VAS server is configured to process a service packet exchanged between the user end and the WEB server.
  • the transparent proxy server determines that the destination IP address of the handshake packet is a preset target WEB server.
  • the IP address further includes: the transparent proxy server acquiring an IP address of the target WEB server.
  • the transparent proxy server acquiring the IP address of the target WEB server includes:
  • the transparent proxy server saves the IP address of the target WEB server.
  • the transparent proxy server determines that the domain name of the target WEB server includes:
  • the domain name of the first WEB server is the domain name of the target WEB server.
  • the obtaining, by the transparent proxy server, the IP address of the target WEB server includes:
  • the transparent proxy server determines a first number of times that the user sends the first service packet to the first web server, and a second number of times that the second service packet is sent to the second web server, where the first number of times is greater than
  • the second service packet includes a first destination IP address, and the second service packet includes a second destination IP address.
  • the first destination IP address is an IP address of the target WEB server
  • the transparent proxy server saves the IP address of the target WEB server.
  • the determining, by the transparent proxy server, the target VAS server further includes: the transparent proxy server acquiring the corresponding relationship according to the destination IP address and the corresponding relationship.
  • a second aspect of the embodiments of the present invention provides a packet processing method, including:
  • the transparent proxy server obtains the handshake message sent by the user to the WEB server, where the destination IP address in the handshake message is the IP address of the WEB server;
  • the transparent proxy server Determining, by the transparent proxy server, the domain name of the WEB server according to the destination IP address and the first correspondence, where the first correspondence is a correspondence between a domain name of the WEB server and an IP address of the WEB server;
  • the transparent proxy server determines the target VAS server according to the domain name and the second correspondence of the WEB server, and the second correspondence is VAS. Correspondence between the server and the domain name of the preset target WEB server;
  • the transparent proxy server constructs a connection between the user end, the target VAS server, and the WEB server, where the target VAS server is configured to process a service packet exchanged between the user end and the WEB server.
  • the transparent proxy server determines that the domain name of the WEB server is the domain name of the preset target WEB server.
  • the method includes: the transparent proxy server acquiring a domain name of the target server.
  • the obtaining, by the transparent proxy server, the domain name of the target WEB server includes:
  • the transparent proxy server determines an IP address of the target WEB server
  • the transparent proxy server saves the domain name of the target WEB server.
  • the transparent proxy server determines that the IP address of the target WEB server includes:
  • the transparent proxy server determines a first number of times that the user sends the first service packet to the first web server, and a second number of times that the second service packet is sent to the second web server, where the first number of times is greater than
  • the second service packet includes a first destination IP address, and the second service packet includes a second destination IP address.
  • the obtaining, by the transparent proxy server, the domain name of the target WEB server includes:
  • the domain name of the first WEB server is the domain name of the target WEB server
  • the transparent proxy server saves the domain name of the target WEB server.
  • the transparent proxy server before the transparent proxy server determines the domain name of the WEB server according to the destination IP address and the first correspondence, the transparent proxy server further includes: the transparent proxy server acquiring the location The first correspondence is described.
  • the transparent proxy server further includes: before the target VAS server is determined according to the domain name and the second correspondence of the WEB server. The transparent proxy server acquires the second correspondence.
  • a third aspect of the embodiments of the present invention provides a transparent proxy server, including:
  • An obtaining unit configured to obtain a handshake message sent by the client to the WEB server
  • a determining unit configured to determine a target VAS server according to the destination IP address and the corresponding relationship when determining that the destination IP address in the handshake packet is an IP address of a preset target WEB server, where the correspondence is VAS Correspondence between the server and the IP address of the target WEB server;
  • a building unit configured to construct a connection between the user end, the target VAS server, and the WEB server, where the target VAS server is configured to process a service packet exchanged between the user end and the WEB server .
  • the acquiring unit is further configured to acquire an IP address of the target WEB server.
  • the acquiring unit is specifically configured to determine a domain name of the target WEB server
  • the acquiring unit is specifically configured to determine that the user end uses the first WEB server.
  • the first number of times the domain name is parsed and the second number of times the domain name of the second WEB server is used for parsing, the first number of times being greater than the second number of times;
  • the domain name of the first WEB server is the domain name of the target WEB server.
  • the acquiring unit is specifically configured to determine that the user end sends the information to the first WEB server.
  • the first number of times of the first service packet and the second number of times the second service packet is sent to the second WEB server, where the first number of times is greater than the second number of times, and the first service packet includes the first destination IP address An address, where the second service packet includes a second destination IP address;
  • the first number of times is greater than or equal to a preset ratio of the sum of the first number of times and the second number of times, determining that the first destination IP address is an IP address of the target WEB server, and saving the The IP address of the target WEB server.
  • the acquiring unit is further configured to obtain The corresponding relationship.
  • a fourth aspect of the embodiments of the present invention provides a transparent proxy server, including:
  • An obtaining unit configured to obtain a handshake message sent by the user to the WEB server, where the destination IP address in the handshake message is an IP address of the WEB server;
  • a determining unit configured to determine a domain name of the WEB server according to the destination IP address and the first correspondence, where the first correspondence is a correspondence between a domain name of the WEB server and an IP address of the WEB server;
  • the determining unit is further configured to: when determining that the domain name of the WEB server is the domain name of the preset target WEB server, determine the target VAS server according to the domain name and the second correspondence of the WEB server, and the second corresponding The relationship is a correspondence between the VAS server and the domain name of the preset target WEB server;
  • a building unit configured to construct a connection between the user end, the target VAS server, and the WEB server, where the target VAS server is configured to process a service packet exchanged between the user end and the WEB server .
  • the acquiring unit is further configured to acquire a domain name of the target server.
  • the acquiring unit is specifically configured to determine an IP address of the target WEB server
  • the acquiring unit is specifically configured to determine that the user end sends the information to the first WEB server.
  • the first number of times of the first service packet and the second number of times the second service packet is sent to the second WEB server, where the first number of times is greater than the second number of times, and the first service packet includes the first destination IP address An address, where the second service packet includes a second destination IP address;
  • the obtaining unit is specifically configured to determine a first number of times that the user end uses the domain name of the first WEB server for parsing, and a second number that is parsed by using the domain name of the second WEB server, The first number of times is greater than the second number of times;
  • the domain name of the first WEB server is the domain name of the target WEB server
  • the acquiring unit is further configured to use the first correspondence.
  • the acquiring unit is further configured to acquire the second correspondence.
  • a fifth aspect of the embodiments of the present invention provides a transparent proxy server, including a processor, a memory, a bus, and a communication interface.
  • the memory is configured to store computer execution instructions
  • the processor is coupled to the memory via the bus, and when the mobility management entity is running, the processor executes the computer execution instructions stored by the memory, A method of causing the mobility management entity to perform the message processing according to any one of claims 1 to 13.
  • the transparent proxy server When the user establishes a connection with the WEB server, the transparent proxy server obtains the handshake message sent by the user to the WEB server, and determines the destination IP address of the handshake message according to the VAS server when determining the destination IP address of the handshake message. Corresponding relationship with the IP address of the target WEB server determines the VAS server. Compared with the prior art, the VAS server can be determined and the user end interacts with the WEB server without establishing a connection between the UE and the WEB server. The service packets are processed in time by the VAS server to improve the user experience.
  • FIG. 1 is a schematic diagram of an embodiment of a packet processing method according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic diagram of an embodiment of a packet processing method according to Embodiment 2 of the present invention.
  • FIG. 3 is a schematic diagram of an embodiment of a packet processing method according to Embodiment 3 of the present invention.
  • FIG. 4 is a schematic diagram of an embodiment of a packet processing method according to Embodiment 4 of the present invention.
  • FIG. 5 is a schematic diagram of an embodiment of a packet processing method according to Embodiment 5 of the present invention.
  • FIG. 6 is a schematic diagram of an embodiment of a transparent proxy server according to Embodiment 6 and Embodiment 7 of the present invention.
  • FIG. 7 is a schematic diagram of an embodiment of a transparent proxy server according to Embodiment 8 of the present invention.
  • a packet processing method in Embodiment 1 of the present invention includes:
  • the transparent proxy server obtains a handshake message sent by the client to the WEB server.
  • the transparent proxy server works in the transparent proxy mode and is located between the client and the WEB server.
  • the client interacts with the WEB server
  • the data packet generated by the client passes through the transparent proxy server.
  • the TCP/IP protocol uses a three-way handshake to establish a connection.
  • the client sends a handshake packet to the WEB server.
  • the proxy server can obtain the handshake message, and the transparent proxy server can identify the destination IP address in the handshake message.
  • the transparent proxy server determines the target VAS server according to the destination IP address and the corresponding relationship, and the corresponding relationship The correspondence between the VAS server and the IP address of the target WEB server.
  • the IP address of the target WEB server is preset in the transparent proxy server, and the transparent proxy server can identify the destination IP address from the handshake message and the IP address of the preset target WEB service.
  • the transparent proxy server may be configured according to the destination IP address, the VAS server, and the target WEB. The correspondence between the IP addresses of the servers determines the target VAS server.
  • the transparent proxy server constructs a connection between the user end, the target VAS server, and the WEB server, where the target VAS server is configured to process data exchanged between the user end and the WEB server. Message.
  • a specific VAS server is configured to process data packets of one or more service types, and when the data message sent by the user to the WEB server is obtained, the transparent proxy server may The data message is forwarded to the target VAS server, and the target VAS server performs corresponding value-added service processing on the received data packet, and sends the data packet to the WEB server, and the WEB server feeds back to the user end.
  • the data message can also be processed by the VAS server.
  • the transparent proxy server When the user establishes a connection with the WEB server, the transparent proxy server obtains the handshake message sent by the user to the WEB server, and determines the destination IP address of the handshake message according to the VAS server when determining the destination IP address of the handshake message. Corresponding relationship with the IP address of the target WEB server determines the VAS server. Compared with the prior art, the VAS server can be determined and the user end interacts with the WEB server without establishing a connection between the UE and the WEB server. The service packets are processed in time by the VAS server to improve the user experience.
  • the IP of the target WEB server may be configured in a transparent proxy server or may be obtained by the transparent proxy server.
  • the transparent proxy server obtains the IP address of the target WEB server, which may be in multiple manners, as follows:
  • the transparent proxy server obtains the IP address of the target WEB server, specifically: the transparent proxy server determines the domain name of the target WEB server; and the transparent proxy server determines the domain according to the domain name of the target WEB server.
  • the IP address of the target WEB server; the transparent proxy server saves the IP address of the target WEB server.
  • a method for processing a message according to Embodiment 2 of the present invention includes:
  • the transparent proxy server obtains a handshake message sent by the client to the WEB server.
  • the transparent proxy server works in a transparent proxy mode, and the transparent proxy server is deployed between the client and the WEB server, and is a proxy server that is not perceived by the client and the WEB server, and the client and the WEB server.
  • the data packets generated during the interaction will pass through the transparent proxy server, for example, in the PCC architecture, and the transparent proxy server is PCEF/TDF.
  • the handshake message generated between the user end and the WEB server passes through the transparent proxy server, and the transparent proxy server can obtain the handshake message and identify the handshake message.
  • the destination IP address in the handshake packet for example, in the TCP/IP protocol.
  • the three-way handshake is used to establish a connection.
  • the user sends a synchronous (syn) handshake message to the WEB server.
  • the transparent proxy server can obtain the syn handshake packet.
  • the transparent proxy server can identify the destination IP address in the syn handshake message.
  • the user terminal may be a mobile terminal such as a mobile phone or a tablet computer, or a device that can access the network, such as a notebook computer, and is not limited herein.
  • 202 and 203 are further included after 201 in this embodiment.
  • the transparent proxy server determines a domain name of the target WEB server, and determines an IP address of the target WEB server according to the domain name of the target WEB server, and saves an IP address of the target WEB server.
  • the client before the user sends a service packet to the WEB server, the client usually sends the domain name of the WEB server to the DNS server for domain name resolution. After the DNS server is parsed, the user is sent to the user through the transparent proxy server. The end feedback contains the query result of the WEB server IP address.
  • the manner in which the transparent proxy server determines the IP address of the target WEB server may be specifically: the domain name sent by the client is used as the domain name of the target WEB server, and the DNS server is parsed and then sent to the client.
  • the IP address included in the feedback result is used as the IP address of the target WEB server; or the transparent proxy server may determine the IP address of the target WEB server by recording the number of times the user uses the WEB server domain name for resolution, such as transparent
  • the proxy server records a first number of times that the user end uses the domain name of the first WEB server for parsing and a second number that is parsed by using the second domain name of the second WEB server, when the first number of times is greater than or equal to the first number
  • the transparent proxy server may use the domain name of the first WEB server as the domain name of the target WEB server, and determine according to the query result fed back by the DNS server, when the preset ratio of the number of times and the second number of times is the same.
  • the IP address corresponding to the domain name of the target WEB server that is, the IP address of the target WEB server.
  • the preset ratio in the embodiment is 90%. In actual applications, the preset ratio may be set according to actual needs, which is not limited herein.
  • the transparent proxy server determines the IP address of the target WEB server by using the query result fed back by the DNS server.
  • the transparent proxy server may also pass the WEB server.
  • the mapping between the domain name and the IP address of the WEB server determines the IP address of the target WEB server, which is not limited herein.
  • the mapping between the domain name of the WEB server and the IP address of the WEB server may be pre-configured in the transparent proxy server, or may be the IP address corresponding to the domain name fed back by the transparent proxy server through the domain name and the DNS.
  • the construction is not limited herein.
  • the transparent proxy server acquires a correspondence between the VAS server and an IP address of the target WEB server.
  • the transparent proxy server can generate the corresponding relationship by sampling the data packet of the user to the target WEB server, specifically: the transparent proxy server passes the deep packet inspection (Deep Packet Inspection). , DPI) analyzes the destination IP address in the sampled data message, that is, the IP address of the target WEB server, and tracks the VAS server through which the data message passes, the transparent proxy server according to the IP address of the target WEB server Corresponding to the VAS server through which the data packet passes, and the corresponding relationship is saved.
  • DPI deep packet inspection
  • the corresponding relationship may be obtained by the transparent proxy server, or may be configured in the transparent proxy server after the other device obtains the corresponding relationship, which is not limited herein.
  • the VAS server is configured to process a specific type of data packet, such as a virus filtering, a page adaptation, a video optimization, and the like.
  • the user sends a data packet to the WEB server through a Transmission Control Protocol (TCP) or other protocol, which is not limited herein.
  • TCP Transmission Control Protocol
  • the transparent proxy server determines whether the destination IP address in the handshake message is an IP address of a preset target WEB server. If not, step 205 is performed, and if yes, step 206 is performed.
  • the transparent proxy server can parse the destination IP address in the handshake packet, and compare the parsed destination IP address with the IP address of the target WEB server to determine the destination IP address in the target data packet. Whether the address is the IP address of the target WEB server.
  • the transparent proxy server establishes a connection between the client and the WEB server.
  • the transparent proxy server determines that the destination IP address in the target data packet is not the IP address of the target WEB server, the transparent proxy server establishes a connection between the client and the WEB server.
  • the transparent proxy server determines the target VAS server according to the destination IP address and the corresponding relationship, where the correspondence relationship is a correspondence between the VAS server and the IP address of the target WEB server.
  • the target VAS server is determined according to the correspondence between the VAS server and the IP address of the target WEB server.
  • the transparent proxy server constructs a connection between the user end, the VAS server, and the target WEB server, where the target VAS server is configured to process data exchanged between the user end and the WEB server. Message.
  • the VAS server can provide value-added service processing for data packets of a specific service type, for example, a video optimization server is used to process data packets of a service type of video services, and a hypertext transfer protocol (HTTP).
  • the content type of the video service request report includes: video/mp4, video/x-flv, video/x-f4v, etc.; the page adaptation server is configured to process data packets whose service type is page adaptation service.
  • the content types of the page adaptation data message include: text/html, application/vnd.wap.xhtml, application/xhtml+xml, ext/vnd.wap.wml, application/vnd.wap.
  • the content insertion server is configured to process a data packet whose service type is a content insertion service.
  • the content type of the content insertion data packet includes: /html, application/vnd.wap.xhtml, application/xhtml+xml, etc.
  • the VAS server can process one or more data packets at the same time.
  • the VAS server can process the video data packet and the page adaptation data packet at the same time, which is not limited herein.
  • the transparent proxy server includes a port for connecting with the client, a port for connecting with the VAS server, and a port for connecting to the WEB server, and determining a VAS server according to the handshake message, where the transparent proxy server can be
  • the port connected by the client establishes a communication channel with the port connected to the VAS server, thereby implementing a connection between the client, the target VAS server, and the target WEB server.
  • the target VAS server may process the data used by the target VAS server to process interaction between the client and the WEB server. Message.
  • the transparent proxy server uses the domain name with the proportion of the number of domain name resolutions greater than or equal to 90% as the domain name of the target WEB server, and then determines the target WEB server according to the domain name of the target WEB server.
  • the IP address that is, the frequency of the IP address of the target WEB server used by the client is high. Therefore, according to the correspondence between the IP address of the target server and the VAS server, the success rate of determining the target VAS server can be improved.
  • the transparent proxy server obtains the IP address of the target WEB server, where the transparent proxy server determines that the user sends the first data packet to the WEB server for the first time and sends the first data packet.
  • the second number of times of the second data packet the first number of times is greater than the second number of times, the first data packet includes a first destination IP address, and the second data packet includes a second destination IP address;
  • the transparent proxy The server saves the IP address of the target WEB server.
  • a method for processing a message according to Embodiment 3 of the present invention includes:
  • the transparent proxy server obtains a handshake message sent by the user end to the WEB server.
  • the transparent proxy server works in a transparent proxy mode, and the transparent proxy server is deployed between the client and the WEB server, and is a proxy server that is not perceived by the client and the WEB server, and the client and the WEB server.
  • the data packets generated during the interaction will pass through the transparent proxy server, for example, in the PCC architecture, and the transparent proxy server is PCEF/TDF.
  • the handshake message generated between the user end and the WEB server passes through the transparent proxy server, and the transparent proxy server can obtain the handshake message and identify the handshake message.
  • the destination IP address in the handshake packet for example, in the TCP/IP protocol, the three-way handshake is used to establish a connection.
  • the client sends a synchronous (syn) handshake to the WEB server.
  • the message, the transparent proxy server can obtain the syn handshake packet, and the transparent proxy server can identify the destination IP address in the syn handshake packet.
  • the user terminal may be a mobile terminal such as a mobile phone or a tablet computer, or a device that can access the network, such as a notebook computer, and is not limited herein.
  • step 301 after step 301, 302, 303, and 304 are further included.
  • the transparent proxy server determines a first time that the user sends the first data packet to the WEB server, and a second number of times that the second data packet is sent, where the first number is greater than the first
  • the second data packet includes a first destination IP address, and the second data packet includes a second destination IP address.
  • the transparent proxy server may obtain the data packet sent by the client to the WEB server, and record that the client sends the data packet to the WEB server. The number of times of the data packet, the transparent proxy server may further analyze the obtained data packet to obtain a destination IP address in the data packet, such as the The transparent proxy server records the first number of times that the user sends the first data packet to the first WEB server, and sends the second data packet to the second WEB server for the second time, and analyzes the first data. The first destination IP address in the packet and the second destination IP address in the second data packet.
  • the transparent proxy server determines that the first destination IP address is the target WEB server. IP address and save the IP address of the target WEB server.
  • the transparent proxy server can compare whether the first number of times is greater than the second number, and determine whether the first number of times is greater than or equal to a sum of the first number and the second number of times Proportion, when the transparent proxy server determines that the first number of times is greater than the second number, and the first number of times is greater than or equal to a preset ratio of the sum of the first number of times and the second number of times,
  • the first destination IP address is used as the IP address of the target WEB server, and the IP address of the target WEB server is saved in the transparent proxy server.
  • the preset ratio in the embodiment is 90%. In actual applications, the preset ratio may be set according to actual needs, which is not limited herein.
  • the transparent proxy server acquires a correspondence between the VAS server and an IP address of the target WEB server.
  • the transparent proxy server determines whether the destination IP address in the handshake message is an IP address of a preset target WEB server. If not, step 306 is performed, and if yes, step 307 is performed.
  • the transparent proxy server establishes a connection between the client and the WEB server.
  • the transparent proxy server determines, according to the destination IP address and the corresponding relationship, a target VAS server, where the correspondence relationship is a correspondence between the VAS server and an IP address of the target WEB server.
  • the transparent proxy server constructs a connection between the user end, the VAS server, and the target WEB server, where the target VAS server is configured to process data exchanged between the user end and the WEB server. Message.
  • the transparent proxy server determines that the service number of the client is greater than or equal to 90%, and uses the destination IP address in the service packet as the target WEB server.
  • the IP address that is, the IP address of the target WEB server is high, so that the success rate of the target VAS server can be improved according to the correspondence between the IP address of the target server and the VAS server.
  • the transparent proxy server pre- The IP address of the target WEB server is set.
  • the domain name of the target WEB server can also be preset in the transparent proxy server.
  • a method for processing a packet according to Embodiment 4 of the present invention includes:
  • the transparent proxy server obtains a handshake message sent by the user to the WEB server, where the IP address of the handshake message is an IP address of the WEB server.
  • the transparent proxy server works in a transparent proxy mode, and the transparent proxy server is deployed between the client and the WEB server, and is a proxy server that is not perceived by the client and the WEB server, and the client and the WEB server.
  • the data packets generated during the interaction will pass through the transparent proxy server, for example, in the PCC architecture, and the transparent proxy server is PCEF/TDF.
  • the handshake message generated between the user end and the WEB server passes through the transparent proxy server, and the transparent proxy server can obtain the handshake message and identify the handshake message.
  • the destination IP address in the handshake packet for example, in the TCP/IP protocol, the three-way handshake is used to establish a connection.
  • the client sends a synchronous (syn) handshake to the WEB server.
  • the message, the transparent proxy server can obtain the syn handshake packet, and the transparent proxy server can identify the destination IP address in the syn handshake packet.
  • the user terminal may be a mobile terminal such as a mobile phone or a tablet computer, or a device that can access the network, such as a notebook computer, and is not limited herein.
  • the transparent proxy server determines the domain name of the WEB server according to the destination IP address and the first correspondence, where the first correspondence is a correspondence between a domain name of the WEB server and an IP address of the WEB server.
  • the transparent proxy server obtains the destination IP address from the obtained handshake packet, and the destination IP address is the IP address of the WEB server, and the WEB may be determined according to the correspondence between the domain name of the WEB server and the IP address of the WEB server.
  • the IP address of the server is the IP address of the WEB server.
  • the transparent proxy server determines the service type of the target data packet according to the domain name and the first correspondence of the WEB server.
  • the first correspondence is a correspondence between a VAS server and a domain name of the target WEB server.
  • the transparent proxy server can determine whether the domain name of the WEB server is the domain name of the target WEB server preset in the transparent proxy server, and determine that the domain name of the WEB server is When the domain name of the target WEB service preset in the transparent proxy server is described, the target VAS server is determined according to the correspondence between the VAS server and the domain name of the target server.
  • the transparent proxy server constructs a connection between the user end, the target VAS server, and the WEB server, where the target VAS server is configured to process data exchanged between the user end and the WEB server. Message.
  • a specific VAS server is configured to process data packets of one or more service types, and when the data message sent by the user to the WEB server is obtained, the transparent proxy server may The data message is forwarded to the target VAS server, and the target VAS server performs corresponding value-added service processing on the received data packet, and sends the data packet to the WEB server, and the WEB server feeds back to the user end.
  • the data message can also be processed by the VAS server.
  • the transparent proxy server determines the domain name of the WEB server corresponding to the destination IP address of the data packet according to the IP address of the WEB server and the first correspondence, and determines that the domain name of the WEB server is a preset target.
  • the domain name of the WEB server is determined according to the domain name and the second correspondence of the WEB server, so that the length of the target VAS server is determined by the transparent proxy server, and the service packet is processed by the VAS server in time to improve the user experience.
  • the transparent proxy server determines the target VAS server according to the domain name and the second correspondence of the WEB server.
  • the second correspondence may be pre-configured in the transparent
  • the proxy server may also be obtained by the transparent proxy server. The following describes the second proxy relationship obtained by the transparent proxy server:
  • a method for processing a packet according to Embodiment 5 of the present invention includes:
  • the transparent proxy server obtains a handshake message sent by the user to the WEB server, where the IP address in the handshake message is an IP address of the WEB server.
  • the transparent proxy server works in a transparent proxy mode, and the transparent proxy server is deployed between the client and the WEB server, and is a proxy server that is not perceived by the client and the WEB server, and the client and the WEB server.
  • the data packets generated during the interaction will pass through the transparent proxy server, for example, in the PCC architecture, and the transparent proxy server is PCEF/TDF.
  • the handshake message generated between the user end and the WEB server passes through the transparent proxy server, and the transparent proxy server can obtain the handshake message and identify the handshake message.
  • the destination IP address in the handshake packet for example, in the TCP/IP protocol.
  • the three-way handshake is used to establish a connection.
  • the user sends a synchronous (syn) handshake message to the WEB server.
  • the transparent proxy server can obtain the syn handshake packet.
  • the transparent proxy server can identify the destination IP address in the syn handshake message.
  • the user terminal may be a mobile terminal such as a mobile phone or a tablet computer, or a device that can access the network, such as a notebook computer, and is not limited herein.
  • steps 502, 503, and 504 are further included.
  • the transparent proxy server acquires a correspondence between a domain name of the WEB server and an IP address of the WEB server.
  • the client before the user sends a service packet to the WEB server, the client usually sends the domain name of the WEB server to the DNS server for domain name resolution. After the DNS server is parsed, the user is sent to the user through the transparent proxy server. The end-feedback includes the query result of the IP address of the WEB server. At this time, the transparent proxy server may determine the domain name of the WEB server and the WEB server according to the query result fed back by the DNS server and the domain name sent by the client. Correspondence of IP addresses.
  • the transparent proxy server acquires a domain name of the target WEB server.
  • the manner in which the transparent proxy server obtains the domain name of the target WEB server includes at least the following two types:
  • the transparent proxy server determines the IP address of the target WEB server, and determines the domain name of the target WEB server according to the IP address of the target WEB server, and saves the domain name of the target WEB server.
  • the manner in which the transparent proxy server determines the IP address of the target WEB server is specifically: the transparent proxy server records the number of times the user sends a service packet to the WEB server, and The destination IP address in the service packet with the highest number of times of transmission is used as the IP address of the target WEB server. For example, the transparent proxy server records the first number and the first time that the user sends the first service packet to the first WEB server.
  • the second number of times that the second WEB server sends the second service packet if the first number of times is greater than the second number of times, and the first number of times is greater than or equal to the sum of the first number of times and the second number of times 90%, the first destination IP address in the first service packet is used as the IP address of the target WEB server.
  • the transparent proxy server may directly send the obtained client.
  • the IP address in the service message, as the IP address of the target WEB server, or the transparent proxy server can be determined by other means.
  • the IP address of the target WEB server is not limited herein.
  • the transparent proxy server determines that the service number of the client is greater than or equal to 90%, and the destination IP address in the service packet is the IP address of the target WEB server, that is, The frequency of the IP address of the target WEB server is high, and the domain name of the target WEB server is determined according to the correspondence between the IP address of the server and the domain name of the server, that is, the domain name of the target WEB server is used by the client.
  • the high frequency and the corresponding relationship of the VAS server can improve the success rate of determining the target VAS server.
  • the ratio of the first number of times to the sum of the first number of times and the second number of times may be set according to actual needs, and the preset ratio in this embodiment is 90%, specifically Not limited.
  • the manner in which the transparent proxy server determines the domain name of the target WEB server according to the IP address of the target WEB server is specifically: the transparent proxy server according to the IP address of the target WEB server and the domain name of the WEB server The mapping of the IP address of the WEB server determines the domain name of the target WEB server.
  • the transparent proxy server may be determined according to other manners, which is not limited herein.
  • the transparent proxy server performs the number of times of parsing according to the domain name of the WEB server by the client, and uses the domain name with a high proportion of domain name resolution as the domain name of the target server.
  • the transparent proxy server determines a first number of times the client uses the domain name of the first WEB server for parsing and a second number of times that the domain name of the second WEB server is used for parsing, if the first number of times When the first number of times is greater than or equal to a preset ratio of the sum of the first number and the second number, the domain name of the first WEB server is used as the embodiment of the present invention.
  • the transparent proxy server uses the domain name with the proportion of the number of domain name resolutions greater than or equal to 90% as the domain name of the target WEB server, that is, the domain name of the target WEB server used by the client is high, so according to the target server
  • the correspondence between the domain name and the VAS server can improve the success rate of determining the target VAS server.
  • the proportion of the number of times of domain name resolution can be set according to actual needs, and the proportion of the number of domain name resolutions in this embodiment is 90%, which is not limited herein.
  • the transparent proxy server acquires a correspondence between a VAS server and a domain name of the preset target WEB server.
  • the transparent proxy server when the transparent proxy server obtains the service packet sent by the client to the WEB server, the transparent proxy server can analyze the destination IP address of the service packet by using the DPI, and the proxy server can Determining the destination IP address and the first correspondence Determining the domain name of the WEB server, and tracking the VAS server through which the data packet passes, the transparent proxy server generating the corresponding according to the IP address of the target WEB server and the VAS server through which the data packet passes Relationship and save the correspondence.
  • the corresponding relationship may be obtained by the transparent proxy server, or may be configured in the transparent proxy server after the other device obtains the corresponding relationship, which is not limited herein.
  • the transparent proxy server determines a domain name of the WEB server according to the destination IP address of the handshake packet and the first correspondence.
  • the transparent proxy server is capable of parsing the destination IP address in the handshake packet, and determining the domain name of the WEB server according to the correspondence between the obtained domain name of the WEB server and the IP address of the WEB server.
  • step 506. Determine whether the domain name of the WEB server is the domain name of the preset target WEB server. If yes, go to step 507. If yes, go to step 508.
  • the transparent proxy server can compare the domain name of the WEB server with the domain name of the target WEB service, so as to determine whether the domain name of the WEB server is the domain name of the preset target WEB server.
  • the transparent proxy server establishes a connection between the client and the WEB server.
  • the transparent proxy server determines, according to the destination IP address and the corresponding relationship, a target VAS server, where the correspondence relationship is a correspondence between the VAS server and an IP address of the target WEB server.
  • the target VAS server is determined according to the correspondence between the VAS server and the IP address of the target WEB server.
  • the transparent proxy server constructs a connection between the user end, the VAS server, and the target WEB server, where the target VAS server is configured to process data exchanged between the user end and the WEB server. Message.
  • 509 in this embodiment may adopt the same method as that in Embodiment 2, and details are not described herein again.
  • the transparent proxy server determines the domain name of the WEB server corresponding to the destination IP address of the data packet according to the IP address of the WEB server and the first correspondence, and determines that the domain name of the WEB server is a preset target.
  • the VAS server is determined according to the domain name and the second correspondence relationship of the WEB server, thereby shortening the transparent proxy server determination.
  • the duration of the target VAS server enables the service packets to be processed by the VAS server in time to improve the user experience.
  • the transparent proxy server provided in Embodiment 6 of the present invention includes:
  • the obtaining unit 601 is configured to obtain a handshake message sent by the UE to the WEB server.
  • the obtaining unit 601 is further configured to acquire an IP address of the target WEB server.
  • the manner in which the obtaining unit 601 obtains the IP address of the target WEB server includes at least the following two types:
  • the obtaining unit 601 determines the domain name of the target WEB server, determines the IP address of the target WEB server according to the domain name of the target WEB server, and then saves the IP address of the target WEB server.
  • the obtaining unit 601 determines the domain name of the target WEB server, which may be determined by determining the first time that the user end uses the domain name of the first WEB server for parsing and the domain name of using the second WEB server. The second number of times, the first number of times is greater than the second number, and if the first number of times is greater than or equal to a preset ratio of the sum of the first number and the second number, determining the first
  • the domain name of a WEB server is the domain name of the target WEB server.
  • the preset ratio is the sum of the number and the second number
  • the first destination IP address is determined to be the IP address of the target WEB server, and then the IP address of the target WEB server is saved.
  • the obtaining unit 601 is further configured to acquire the correspondence.
  • the determining unit 602 is configured to determine, according to the destination IP address and the corresponding relationship, a target VAS server, when the destination IP address in the handshake message is an IP address of a preset target WEB server, where the corresponding relationship is Correspondence between the VAS server and the IP address of the target WEB server.
  • a building unit 603 configured to construct a connection between the user end, the target VAS server, and the WEB server, where the target VAS server is configured to process a service report between the user end and the WEB server. Text.
  • the transparent proxy server passes the IP address and the IP address of the preset target WEB server. Match the destination IP address obtained in the handshake packet, and determine the target VAS server by using the mapping between the IP address of the preset target WEB server and the VAS server.
  • the transparent proxy server can also be preset. The correspondence between the domain name of the target WEB server and the VAS server, thereby determining the target VAS server.
  • Embodiment 7 of the present invention which specifically includes:
  • the obtaining unit 601 is configured to obtain a handshake message sent by the UE to the WEB server, where the destination IP address in the handshake message is an IP address of the WEB server.
  • the obtaining unit 601 is further configured to acquire a domain name of the target server.
  • the manner in which the obtaining unit 601 is further configured to acquire the domain name of the target server includes at least the following two types:
  • the obtaining unit 601 determines the domain name of the target WEB server according to the IP address of the target WEB server, and saves the domain name of the target WEB server according to the IP address of the target WEB server.
  • the obtaining unit 601 determines that the IP address of the target WEB server may be sent to the second WEB server by determining the first time that the user sends the first service packet to the first WEB server.
  • the second number of times of the second service packet the first number of times is greater than the second number, the first service packet includes a first destination IP address, and the second service packet includes a second destination IP address;
  • the first number of times is greater than or equal to a preset ratio of the sum of the first number and the second number, determining that the first destination IP address is an IP address of the target WEB server.
  • the obtaining unit 601 may determine the first number of times that the user end uses the domain name of the first WEB server for parsing and the second time that is parsed by using the domain name of the second WEB server, where the first number of times is greater than a second number of times; if the first number of times is greater than or equal to a preset ratio of the sum of the first number of times and the second number of times, determining that the domain name of the first WEB server is the domain name of the target WEB server And then save the domain name of the target WEB server.
  • the obtaining unit 601 is further configured to acquire the first correspondence.
  • the obtaining unit 601 is further configured to acquire the second correspondence.
  • the determining unit 602 is configured to determine a domain name of the WEB server according to the destination IP address and the first correspondence, where the first correspondence is a correspondence between a domain name of the WEB server and an IP address of the WEB server;
  • the determining unit 602 is further configured to: when determining that the domain name of the WEB server is a preset target Determining, by the domain name of the WEB server, the target VAS server according to the domain name and the second correspondence of the WEB server, where the second correspondence is a correspondence between the VAS server and the domain name of the preset target WEB server;
  • a building unit 603 configured to construct a connection between the user end, the target VAS server, and the WEB server, where the target VAS server is configured to process a service report between the user end and the WEB server. Text.
  • the transparent proxy server obtains the destination IP address in the handshake packet through the obtaining unit 601, and when the determining unit 602 determines that the destination IP address is the IP address of the WEB server, according to the IP address of the WEB server.
  • the first corresponding relationship determines the domain name of the WEB server corresponding to the destination IP address of the data packet, and when determining that the domain name of the WEB server is the domain name of the preset target WEB server, according to the domain name and the second domain of the WEB server
  • the VAS server is determined, and the connection between the client, the target VAS server and the WEB server is constructed by using the constructing unit 603, so that the VAS server processes between the client and the WEB server.
  • the service packets are exchanged, so that the length of the target VAS server is determined by the transparent proxy server, so that the service packets are processed by the VAS server in time to improve the user experience.
  • FIG. 7 is a transparent proxy server according to Embodiment 8 of the present invention.
  • the transparent proxy server 700 may include:
  • the processor 701, the memory 702, and the communication interface 705 are connected by a bus 704 and complete communication with each other.
  • Processor 701 may be a single core or multi-core central processing unit, or a particular integrated circuit, or one or more integrated circuits configured to implement embodiments of the present invention.
  • the memory 702 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • Memory 702 is used by computer to execute instructions 703.
  • the computer execution instructions 703 may include program code.
  • the processor 701 runs the computer execution instruction 703, and can execute the message processing method described in the method embodiment corresponding to any one of FIG. 1 to FIG.
  • the disclosed system, device and method The law can be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium.
  • a number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

Un mode de réalisation de la présente invention concerne un procédé de traitement de paquets permettant de raccourcir la durée du temps nécessaire à un serveur mandataire transparent pour déterminer un serveur VAS, de telle manière qu'un paquet de service issu de l'interaction entre un terminal d'utilisateur et un serveur WEB soit traité à temps par le serveur VAS, ce qui améliore l'expérience d'utilisation. Le procédé comprend les étapes suivantes : le serveur mandataire transparent acquiert un paquet d'établissement de liaison envoyé par le terminal d'utilisateur au serveur WEB ; lorsqu'il est déterminé qu'une adresse IP cible du paquet d'établissement de liaison est une adresse IP d'un serveur WEB cible prédéfini, le serveur mandataire transparent détermine un type de service d'un paquet de demande de service cible selon une première relation correspondante de l'adresse IP cible, la première relation correspondante étant une relation correspondante entre le serveur VAS et l'adresse IP du serveur WEB cible. Le mode de réalisation de la présente invention concerne également un serveur mandataire transparent permettant de raccourcir la durée du temps nécessaire au serveur mandataire transparent pour déterminer le VAS serveur, de telle manière que le paquet de service issu de l'interaction entre un terminal d'utilisateur et un serveur WEB soit traité à temps par le serveur VAS, ce qui améliore l'expérience d'utilisation.
PCT/CN2015/094131 2014-12-04 2015-11-09 Procédé de traitement de paquets et serveur mandataire transparent WO2016086755A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410733682.7A CN104518968B (zh) 2014-12-04 2014-12-04 一种报文处理的方法和透明代理服务器
CN201410733682.7 2014-12-04

Publications (1)

Publication Number Publication Date
WO2016086755A1 true WO2016086755A1 (fr) 2016-06-09

Family

ID=52793716

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/094131 WO2016086755A1 (fr) 2014-12-04 2015-11-09 Procédé de traitement de paquets et serveur mandataire transparent

Country Status (2)

Country Link
CN (1) CN104518968B (fr)
WO (1) WO2016086755A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104518968B (zh) * 2014-12-04 2018-07-03 华为技术有限公司 一种报文处理的方法和透明代理服务器
CN104994137B (zh) * 2015-05-27 2019-01-22 四川卫士通信息安全平台技术有限公司 一种网络透明代理的方法
CN105119982B (zh) * 2015-07-23 2019-02-22 中国联合网络通信集团有限公司 增值处理的方法及装置
JP6579884B2 (ja) * 2015-09-24 2019-09-25 キヤノン株式会社 通信装置、制御方法、及びプログラム
CN113726915A (zh) * 2020-05-25 2021-11-30 华为技术有限公司 网络系统及其中的报文传输方法和相关装置
CN112954683B (zh) * 2021-05-13 2021-08-17 中兴通讯股份有限公司 域名解析方法、装置、电子设备和存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010049940A1 (fr) * 2008-10-31 2010-05-06 Onmobile Global Limited Procédé et système pour la fourniture d'un service à valeur ajoutée dans un réseau de communication
CN102256348A (zh) * 2010-05-21 2011-11-23 华为技术有限公司 一种上行消息的路由方法、装置及系统
CN103931162A (zh) * 2014-01-20 2014-07-16 华为技术有限公司 处理业务的方法和网络设备
CN104518968A (zh) * 2014-12-04 2015-04-15 华为技术有限公司 一种报文处理的方法和透明代理服务器

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010049940A1 (fr) * 2008-10-31 2010-05-06 Onmobile Global Limited Procédé et système pour la fourniture d'un service à valeur ajoutée dans un réseau de communication
CN102256348A (zh) * 2010-05-21 2011-11-23 华为技术有限公司 一种上行消息的路由方法、装置及系统
CN103931162A (zh) * 2014-01-20 2014-07-16 华为技术有限公司 处理业务的方法和网络设备
CN104518968A (zh) * 2014-12-04 2015-04-15 华为技术有限公司 一种报文处理的方法和透明代理服务器

Also Published As

Publication number Publication date
CN104518968A (zh) 2015-04-15
CN104518968B (zh) 2018-07-03

Similar Documents

Publication Publication Date Title
WO2016086755A1 (fr) Procédé de traitement de paquets et serveur mandataire transparent
US10659354B2 (en) Processing data packets using a policy based network path
US10587544B2 (en) Message processing method, processing server, terminal, and storage medium
EP3275162B1 (fr) Systèmes et techniques pour une communication internet
US10392823B2 (en) Synthetic client
US9722806B2 (en) Service discovery across different networks
US20150229669A1 (en) Method and device for detecting distributed denial of service attack
US9554276B2 (en) System and method for on the fly protocol conversion in obtaining policy enforcement information
WO2015158064A1 (fr) Procédé de conversion de protocole de communication, dispositif et supports de stockage
WO2016082371A1 (fr) Procédé et système d'analyse de session sur la base d'un protocole ssh
US10034057B2 (en) Message processing method, device, gateway, STB and IPTV
US10623450B2 (en) Access to data on a remote device
EP3198802A1 (fr) Transmission de contenu multimédia dans une messagerie instantanée
WO2014101661A1 (fr) Procédé d'écriture en miroir d'un flux de service, et dispositif d'écriture en miroir
EP3668043A1 (fr) Procédé d'identification de flux de données chiffrées, dispositif, support d'informations et système
CN103401946A (zh) Http上传加速方法和系统
WO2023103318A1 (fr) Procédé et système de diffusion multimédia en continu
CN106789413A (zh) 一种检测代理上网的方法和装置
WO2019001562A1 (fr) Procédé et appareil de chargement de modèle, support de stockage et dispositif informatique
US10129320B2 (en) QoS improvement method, apparatus, and system
JP2007035053A (ja) 異なる端末器間のセッション保持方法
WO2013044483A1 (fr) Procédé, appareil et système de traitement d'accès
WO2016106557A1 (fr) Procédé et appareil pour envoyer une vidéo
EP3176986A1 (fr) Procédé, dispositif et système permettant à une passerelle de protocole de bureau à distance d'effectuer un routage et une commutation
WO2018098761A1 (fr) Procédé et dispositif de transmission de données

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15865726

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15865726

Country of ref document: EP

Kind code of ref document: A1