WO2020134329A1 - Gateway service implementation method, control device, and gateway - Google Patents

Gateway service implementation method, control device, and gateway Download PDF

Info

Publication number
WO2020134329A1
WO2020134329A1 PCT/CN2019/110348 CN2019110348W WO2020134329A1 WO 2020134329 A1 WO2020134329 A1 WO 2020134329A1 CN 2019110348 W CN2019110348 W CN 2019110348W WO 2020134329 A1 WO2020134329 A1 WO 2020134329A1
Authority
WO
WIPO (PCT)
Prior art keywords
gateway
instruction
model
service
pipeline
Prior art date
Application number
PCT/CN2019/110348
Other languages
French (fr)
Chinese (zh)
Inventor
胡锐
徐代刚
刘学生
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2020134329A1 publication Critical patent/WO2020134329A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services

Definitions

  • FIG. 4 is a schematic diagram of an operation interface provided by a model designer according to an embodiment of the present invention.
  • the user interface unit is set to display an operation interface and receive user input commands
  • the gateway 2 includes a gateway control plane 21, an instruction executor 22, a request parser 23, a request dispatcher 24, a response parser 25, and a response feedbacker 26, among them:
  • the instruction executor 22 is configured to process received messages (such as HTTP request messages and HTTP response messages) according to the first instruction issued.
  • the instruction executor 22 may save the issued first instruction as an entry in the instruction flow table library, and the first instruction may also be called a flow table instruction.
  • the logical structure of the first instruction for message processing is a pipeline. This pipeline includes one or more branches, each branch has one or more execution links, and each execution link can include one or more first instructions, such as Figure 2 shows. After the gateway 2 receives a message, the message is processed step by step in the instruction executor 22 according to the pipeline, and each instruction in the pipeline runs in a "matching condition, execute action" manner to realize the pipeline of the message deal with.
  • the above embodiment of the present invention implements a system for implementing a gateway service.
  • the gateway service uses a model-driven design, which can respond to different business needs and quickly achieve business goals. The operation and maintenance personnel can develop new services without the need for different services. Different plug-ins for business development.
  • the generating the gateway business model according to the input instruction includes:
  • the gateway business model is generated according to the attributes of the pipeline and the constituent elements.
  • the model design area is located in the middle of the operation interface.
  • the right side of the operation interface also includes a model attribute area for filling in the attributes of the constituent elements.
  • "Model design area” is the visual display area of the model.
  • Designers can construct the model by dragging the elements of "element selection area” to "model design area”.
  • the gateway service control device records the dragged optional element as a component element of the gateway service model.
  • the designer selects a specific element in the "Model Design Area”, he can set the attributes of the element in the "Model Attribute Area", such as matching conditions and execution actions.
  • the generated gateway business model is a pipeline including multiple links in the logical structure.
  • a link may include a second instruction (such as a DSL instruction) or multiple second instructions that are sequentially executed on the pipeline.
  • a second instruction such as a DSL instruction
  • multiple second instructions that perform similar functions can be combined into one link to simplify the pipeline structure and facilitate model design.
  • the link includes at least one of the following information: service identification, link identification, entry link identification, priority, instruction identification, matching rules, and execution actions; wherein, the entry link matching rules are used to determine whether the received message is The pipeline where the entry link is matched; the priority of the entry link is used to determine the order in which the pipeline is matched; the execution action is used to determine the processing performed on the message, including the action of jumping to the next link or instruction.
  • the matching rules and execution actions of the second instruction can be determined according to the links to which the constituent elements of the pipeline belong, the connection relationships of the various links, and the attributes of the constituent elements.
  • the gateway business model when delivering the gateway service information to the gateway according to the generated gateway business model, the gateway business model is directly delivered to the gateway. For example, by clicking the "Send" button in the model designer, the gateway business model is delivered to the HTTP gateway.
  • the gateway business model is first parsed and converted into a first instruction executable by the gateway, and then the first instruction is issued to the gateway.
  • the method executed on the gateway side as shown in FIG. 5 includes: step 210, the gateway obtains a plurality of first instructions for implementing the gateway service, wherein the first instruction is obtained based on the gateway service model; and, step 220, The gateway processes the received message according to the first instruction.
  • the gateway business model may be generated using the method for generating a gateway business model according to any embodiment of the present invention.
  • the gateway acquiring a plurality of first instructions for implementing the gateway service includes: the gateway receives the gateway service model, parses the gateway service model and converts it into multiple The first instruction. Before parsing the gateway business model, the gateway business model can also be verified, such as a CRC check. If the check fails, it is rejected.
  • Step 2 The gateway determines whether there is a matching pipeline according to the relevant characteristics in the request message (such as IP address, login_token in cookie, etc.). If not, the request message is rejected and the process ends; if so, continue to the next step .
  • relevant characteristics in the request message such as IP address, login_token in cookie, etc.
  • Step 3 Starting from the matched first instruction of the pipeline, sequentially execute all the first instructions on the pipeline to process the request message, and deliver the processed request message to the back-end service.
  • the processing of the response message (such as the HTTP response message) by the gateway includes:
  • Step 1 The gateway parses the received response message returned by the back-end service to obtain the content of the response message, such as header and body information;
  • Step 2 The gateway determines whether there is a matching pipeline according to the relevant characteristics of the response message. If not, it rejects the request message and the process ends; if it does, it continues to the next step.
  • the pipeline is the pipeline that matches the response message.
  • Step 3 Starting from the matched first instruction of the pipeline, execute all the first instructions of the pipeline in sequence to process the response message, and return the processed response message to the client that sends the corresponding request message .
  • the HTTP gateway needs to carry multiple different gateway services at the same time, so the processing flow of multiple services can be run simultaneously in the instruction executor.
  • HTTP The messages are numbered, and at the same time, the HTTP request/response is sent to different pipelines for processing according to the matching characteristics of the HTTP message and the pipeline, and the corresponding number is used to track the corresponding processing process.
  • the first instruction when executed, it is a mode for explaining execution.
  • instant conversion technology can be used to convert the first instruction into machine code such as native code again. Implementation to improve the processing efficiency of the entire process.
  • the logical structure of the service gateway model is one or more pipelines.
  • different pipelines can be used to process different types of packets.
  • Each pipeline may include one or more branches.
  • Business identification used to identify the business targeted by this session.
  • Link ID The link number can be used as the link ID.
  • Entry link identification A value of "Y" indicates that the link is an entry link, and the matching rules of the entry link are used to determine whether the pipeline matches the received message.
  • Priority Set the priority when this link is an entry link. The smaller the number in this field, the higher the priority. When the priority is the same, it can be defined as the link ID is larger and the priority is higher, or vice versa.
  • the gateway receives the message and determines whether the message matches the set pipeline according to the characteristics of the message, it starts from the high-priority entry link (also known as the entry), according to the order from high to low Match in order.
  • Matching rule It can also be called a matching condition, which is used to determine whether the request message meets certain conditions, so as to control the processing flow of the pipeline.
  • the characteristics of the matching operation can be any part of the message, such as httpURL, http header and http body etc.
  • Execution action the processing performed on the message, such as: modifying the HTTP header, rewriting the URL, increasing the counter, forwarding the HTTP request to the back-end service, rejecting the HTTP request, and skipping to the next link or instruction.
  • the above matching rules and execution actions can be described (or written) in a specific DSL language at the time of design, and converted by the gateway control plane into the content of the first instruction executable by the gateway.
  • a link is an instruction, and a link ID is also an instruction ID.
  • a link includes the above service ID, link ID, entry link ID, priority, matching rules, and execution actions. , There is no need to set the instruction ID separately.
  • a link may include multiple instructions.
  • each instruction has its own matching rules and execution actions. It is also necessary to set an instruction identifier for each instruction to distinguish different instructions .
  • the business name, link ID, entrance link ID, etc. can be shared by multiple instructions in the same link.
  • a plurality of the first instructions form a pipeline for processing gateway services, and the first instructions may include at least one of the following information:
  • the instruction identifier which may include both the link number and the instruction number in the first instruction
  • the matching rule of the first instruction in the pipeline is used to determine whether the received message matches the pipeline; the priority of the first instruction is used to determine the order of matching the pipeline; the execution The action is used to determine the processing performed on the message, one of which is the action to jump to the next instruction.
  • the matching rule can be set to a default value such as TRUE, and the default matching is successful.
  • the order of the instructions in the pipeline can be determined according to the instruction ID of the sequential number.
  • the HTTP gateway needs to develop various business logics. Traditionally, it is realized by developing and deploying different business plug-ins and deploying in the HTTP gateway. After adopting the solution of the embodiment of the present invention, it is not written The way of plug-in can be realized by the operation and maintenance personnel using a unified process and model.
  • An enterprise microservice architecture system needs to use basic (access) authentication for all HTTP requests from outside.
  • the operation and maintenance personnel use the model designer to design the certified gateway business model and the completed model.
  • the gateway control analyzes the gateway business model, converts it into an executable instruction and sends it to the instruction executor.
  • the corresponding instruction is shown in Figure 6B.
  • Step 501 The HTTP gateway listens to the HTTP request message on port 80.
  • Step 502 In the cookie of the HTTP request message, there is no login_token attribute, and this embodiment indicates that the message is a request message.
  • Step 504 Analyze the Authorization field through the BASE64 algorithm to obtain the user name and password.
  • Step 505 Use the user name to obtain the user's password from the cache.
  • Step 506 Compare the password obtained in the cache with the password obtained in step 504, assuming that the two are the same.
  • Step 507 Forward the HTTP request message to the back-end processor.
  • Step 508 Receive the HTTP response message returned by the back-end processor after completing the processing.
  • Step 509 Set the login_token attribute in the HTTP response cookie.
  • Step 510 Return the HTTP response to the HTTP client.
  • an operator's API development platform needs to limit the access frequency of non-logged-in users, and its access quota is 10 times per minute.
  • the operator’s API platform uses the RESTFUL interface to provide external API services.
  • QoS Quality of Service
  • the operation and maintenance personnel use the model designer to design the current-limiting business model and the completed model.
  • the gateway control analyzes the model, generates executable instructions and delivers them to the instruction executor.
  • the corresponding instructions are shown in Figure 7B.
  • Step 701 The HTTP server listens to the HTTP request message on port 80.
  • Step 702 In the cookie of the HTTP request message, if there is no login_token attribute, go to step 703, and if there is the login_token attribute, go to step 708.
  • Step 703 Obtain the original IP address of the request from the HTTP request message.
  • Step 704 Obtain the number of visited times in the current statistical period (within one minute) from the cache according to the obtained IP address.
  • Step 705 If the number of accessed times has reached 10 times, go to step 706, and if not, go to step 707.
  • Step 706 the forwarding of the access request is denied, and the end
  • Step 707 The current count in the cache is increased by 1;
  • Step 708 forward the HTTP request message to the backend processor, and end.
  • a government department needs to upgrade its application in the public cloud, which needs to be completed by using a canary upgrade.
  • the operation and maintenance personnel use the model designer to design the business model upgraded by Canary, and design the completed model.
  • the gateway control Facing the model analysis, the gateway control generates executable instructions and delivers them to the instruction executor.
  • the corresponding instructions are shown in Figure 8B.
  • Request processing After receiving the request message, it will execute all the instructions of the pipeline.
  • the processing logic can be seen in FIG. 8A.
  • Step 901 The HTTP server listens to the HTTP request message on port 80.
  • Step 902 Obtain the original IP address of the request message from the HTTP request.
  • Step 903 Calculate the hash (HASH) by the original IP address, then find the modulus with 100.
  • Step 904 determine whether the modulus is 1, go to step 906, otherwise go to step 905.
  • Step 905 Forward the HTTP request message to the old version of the service and end.
  • Step 906 Forward the HTTP request message to the new version of the service and end.
  • An e-commerce company needs to launch a spike service.
  • the first 100 requests can be purchased, and the subsequent request returns a spike response.
  • Implementation environment description An e-commerce needs to launch a spike service.
  • the HTTP gateway uses an access counter to count. When the count is less than 100, the order is normally placed and the counter is increased by one. Otherwise, the request returns a response to the spike failure. Take this device as an example to describe this invention in detail:
  • the operation and maintenance personnel use the model designer to design the spike business model, and the designed model is shown in FIG. 9A.
  • the gateway control generates executable instructions and delivers them to the instruction executor.
  • the relevant instructions are shown in Figure 9B.
  • Request and response processing After receiving the request message and the response message, all the instructions of the pipeline will be executed.
  • the processing logic can be seen in FIG. 9A.
  • Step 1101 The HTTP server listens to the HTTP request message on port 80.
  • Step 1102 Obtain the current request count from the cache.
  • Step 1103 determine whether the request count reaches 100, reach forward to step 1104, and fail to forward to step 1106.
  • Step 1104 The request count in the cache is increased by one.
  • Step 1105 Go to the HTTP request to the service server and end.
  • Step 1106 Return a response to the spike failure to the HTTP client, and the process ends.
  • the gateway service to be implemented in this embodiment is: the access frequency of users who are authenticated is controlled at 1000 times per second, and the overall access frequency of non-identified users is controlled at 100 times per second. Identity can be used in this HTTP gateway service The combination of the authentication model and the access limitation model is completed.
  • This embodiment mainly explains the nesting in model design. Assuming that a first gateway business model for implementing the current limiting control process and a second gateway business model for implementing the authorization control process have been designed, when designing the third gateway business model of this embodiment, you can The first gateway business model and the second gateway business model are embedded as a link in the third gateway business model, that is, the permission control sub-process and the current limit control sub-process are embedded into the overall business process, as shown in Figure 10 Processing logic.
  • An exemplary embodiment of the present invention further provides a gateway service control device, as shown in FIG. 11, including a processor 50, a memory 60, and a computer stored on the memory 60 and capable of running on the processor 50 Program, when the processor 50 executes the calculation program, the processing of the method executed by the gateway service control device side according to any of the above embodiments of the present invention is implemented.
  • a gateway service control device as shown in FIG. 11, including a processor 50, a memory 60, and a computer stored on the memory 60 and capable of running on the processor 50 Program, when the processor 50 executes the calculation program, the processing of the method executed by the gateway service control device side according to any of the above embodiments of the present invention is implemented.
  • An exemplary embodiment of the present invention also provides a gateway.
  • a gateway includes a processor 50, a memory 60, and a computer program stored on the memory 60 and executable on the processor 50.
  • the processor 50 executes the calculation program, it implements the processing of the method performed by the gateway side according to any one of the above embodiments of the present invention.
  • An exemplary embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the processing of the method described in any of the above embodiments of the present invention.
  • the DSL language is used to build the gateway business model, and the model is converted into executable instructions and then issued to the instruction executor, so that the gateway business development can be completed based on high-level abstractions.
  • Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media).
  • computer storage medium includes both volatile and nonvolatile implemented in any method or technology for storing information such as computer readable instructions, data structures, program modules, or other data Sex, removable and non-removable media.
  • Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and accessible by a computer.
  • the communication medium generally contains computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transmission mechanism, and may include any information delivery medium .
  • the embodiments of the present invention can respond to different business needs and quickly realize business goals, and the operation and maintenance personnel can develop new services, and no longer need to develop different plug-ins according to different services.

Abstract

Provided in the embodiments of the present invention are a gateway service implementation method, a control device and a gateway. A gateway service control device generates a gateway service model according to an input instruction; and sends gateway service information to a gateway according to the generated gateway service model. The gateway acquires a plurality of first instructions for implementing gateway services, and processes received messages according to the first instructions. Gateway services in the present application adopt a model-driven design, and may meet different service requirements, rapidly achieving service objectives, without the need to develop different plug-ins according to different services.

Description

一种网关业务实现方法、控制装置和网关Gateway service implementation method, control device and gateway 技术领域Technical field
本申请涉及云基础设施领域,更具体地,涉及一种网关业务实现方法、控制装置和网关。This application relates to the field of cloud infrastructure, and more specifically, to a gateway service implementation method, control device, and gateway.
背景技术Background technique
在服务化架构中,超文本传输协议(HTTP,HyperText Transfer Protocol))网关(包含http 1.0,http 1.1和http 2.0等)承担着整个系统对外的入口,是服务化体系中的核心组件。从面向对象设计的角度看,它与外观模式类似。网关封装了系统内部架构,为每个客户端提供一个定制的应用程序编程接口(API,Application Programming Interface)。它可能还具有其它职责,如身份验证、监控、负载均衡、缓存、请求分片与管理、静态响应处理。所有的客户端和消费端都通过统一的网关接入微服务,需要在网关层处理所有的非业务功能。In the service-oriented architecture, the Hypertext Transfer Protocol (HTTP, HyperText Transfer Protocol) gateway (including http 1.0, http 1.1 and http 2.0, etc.) is responsible for the entire system's external entrance and is the core component of the service system. From the perspective of object-oriented design, it is similar to the appearance mode. The gateway encapsulates the system's internal architecture and provides each client with a customized application programming interface (API, Application Programming Interface). It may also have other responsibilities, such as authentication, monitoring, load balancing, caching, request fragmentation and management, and static response processing. All clients and consumers access microservices through a unified gateway, and all non-business functions need to be handled at the gateway layer.
现在各种各样的API网关其各有特色,但是其网关业务的开发都需要通过编写代码,开发多个插件来完成,介绍如下:All kinds of API gateways have their own characteristics, but the development of their gateway business needs to be completed by writing code and developing multiple plug-ins. The introduction is as follows:
Nginx:作为最为流行的HTTP网关,其处理性能高,稳定性好,但是动态能力不足,新配置的下发需要重启才能生效,并且网关业务需要满足其规范,使用插件方式进行开发,对开发人员的技术水平要求高。Nginx: As the most popular HTTP gateway, it has high processing performance and good stability, but lacks dynamic capabilities. The new configuration needs to be restarted to take effect, and the gateway service needs to meet its specifications. It is developed using a plug-in method. The technical level is high.
OpenResty:基于Nginx,但是为了降低Nginx自身插件的开发难度,引入Lua来开发网关业务插件。OpenResty: Based on Nginx, but in order to reduce the difficulty of developing Nginx's own plug-ins, Lua is introduced to develop gateway service plug-ins.
Kong:基于Nginx,采用lua为openapi开发了很多特定的插件,实现开箱即用的目的,但是非预置的功能都需要自身开发插件。Kong: Based on Nginx, Lua has developed many specific plug-ins for openapi to achieve out-of-the-box purposes, but non-preset functions require self-developed plug-ins.
Zuul:基于java开发,可以使用java或者groovy开发其业务所需插件Zuul: Based on java development, you can use java or groovy to develop plug-ins needed for its business
使用上面的HTTP网关开发HTTP业务最大的缺点是:完成不同的 HTTP网关业务需要开发不同的网关插件,导致业务上线慢,稳定性不高,不能灵活调整。The biggest disadvantage of using the above HTTP gateway to develop HTTP services is that different gateway plug-ins need to be developed to complete different HTTP gateway services, which results in slow online services, low stability, and inflexible adjustment.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this article. This summary is not intended to limit the scope of protection of the claims.
本发明实施例提供了以下方案。The embodiments of the present invention provide the following solutions.
一种网关业务实现方法,应用于网关业务控制装置,包括:A method for implementing gateway service, applied to a gateway service control device, including:
根据输入指令生成网关业务模型;Generate a gateway business model based on input instructions;
根据生成的所述网关业务模型向网关下发网关业务信息,以在所述网关上执行网关业务处理。Deliver gateway service information to the gateway according to the generated gateway service model to perform gateway service processing on the gateway.
一种网关业务控制装置,包括模型设计器和业务下发接口,其中:A gateway service control device, including a model designer and a service delivery interface, in which:
所述模型设计器,设置为根据输入指令生成网关业务模型;The model designer is configured to generate a gateway business model according to the input instruction;
所述业务下发接口,设置为根据生成的网关业务模型向网关下发网关业务信息。The service delivery interface is configured to deliver gateway service information to the gateway according to the generated gateway service model.
一种实现网关业务的方法,包括:A method for implementing gateway service includes:
网关获取用于实现网关业务的多个第一指令,其中,所述第一指令基于网关业务模型得到;The gateway obtains multiple first instructions for implementing the gateway service, wherein the first instructions are obtained based on the gateway service model;
所述网关根据所述第一指令对接收的报文进行处理。The gateway processes the received message according to the first instruction.
一种网关,包括网关控制面和指令执行器,其中:A gateway, including a gateway control plane and an instruction executor, wherein:
所述网关控制面,设置为获取用于实现网关业务的多个第一指令并下发给所述指令执行器,其中,所述第一指令基于网关业务模型得到,所述网关业务模型采用如本发明任一实施例所述网关业务模型生成方法生成;The gateway control plane is configured to obtain a plurality of first instructions for implementing gateway services and issue them to the instruction executor, wherein the first instructions are obtained based on the gateway business model, and the gateway business model is adopted as Generated by the method for generating a gateway business model according to any embodiment of the present invention;
所述指令执行器,设置为根据下发的所述第一指令对接收的报文进行处理。The instruction executor is configured to process the received message according to the first instruction issued.
一种网关业务控制装置,包括存储器、处理器及存储在存储器上并可 在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如本发明任一实施例所述网关业务控制装置侧执行的方法的处理。A gateway service control device, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, when the processor executes the computer program, it is implemented as described in any embodiment of the present invention Processing of the method executed by the gateway service control device side.
一种网关,包括存储器、处理器及存储在存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现本发明任一实施例所述网关执行的方法的处理。A gateway includes a memory, a processor, and a computer program stored on the memory and executable on the processor. When the processor executes the computer program, the method performed by the gateway according to any embodiment of the present invention is implemented Treatment.
一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现如本发明任一实施例所述的方法的处理。A computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the processing of the method according to any embodiment of the present invention.
本发明实施例提供了一种网关业务实现的系统,其网关业务采用模型驱动设计,可以应对不同的业务需求,快速实现业务目标,运维人员即可开发新的业务,不再需要根据不同业务开发不同插件。Embodiments of the present invention provide a system for implementing a gateway service. The gateway service uses a model-driven design, which can respond to different business needs and quickly achieve business goals. The operation and maintenance personnel can develop new services without the need for different services. Develop different plugins.
在阅读并理解了附图和详细描述后,可以明白其他方面。After reading and understanding the drawings and detailed description, other aspects can be understood.
附图说明BRIEF DESCRIPTION
图1是本发明实施例实现网关业务的系统的示意图;FIG. 1 is a schematic diagram of a system for implementing gateway services according to an embodiment of the present invention;
图2是本发明实施例流水线的结构示意图;2 is a schematic structural diagram of an assembly line according to an embodiment of the present invention;
图3是本发明实施例网关业务模型设计和下发的流程图;3 is a flowchart of gateway service model design and delivery according to an embodiment of the present invention;
图4是本发明实施例模型设计器提供的操作界面的示意图;4 is a schematic diagram of an operation interface provided by a model designer according to an embodiment of the present invention;
图5是本发明实施例根据下发指令对报文进行处理的流程图;5 is a flowchart of processing packets according to an embodiment of the present invention;
图6A和图6B分别是本发明实施例认证控制流程和指令执行器所执行指令的示意图;6A and 6B are schematic diagrams of an authentication control process and instructions executed by an instruction executor according to an embodiment of the present invention;
图7A和图7B分别是本发明实施例限流控制流程和指令执行器所执行指令的示意图;7A and 7B are schematic diagrams of a current limiting control process and instructions executed by an instruction executor according to an embodiment of the present invention;
图8A和图8B分别是本发明实施例金丝雀升级控制流程和指令执行器所执行指令的示意图;8A and 8B are schematic diagrams of a canary upgrade control process and instructions executed by an instruction executor according to an embodiment of the present invention;
图9A和图9B分别是本发明实施例秒杀控制流程和指令执行器所执行指令的示意图;9A and 9B are schematic diagrams of a spike control process and instructions executed by an instruction executor according to an embodiment of the present invention;
图10是本发明实施例一业务流程中嵌入限流控制子流程和权限控制子流程的示意图;10 is a schematic diagram of embedding a current limiting control sub-process and a permission control sub-process in a business process according to Embodiment 1 of the present invention;
图11是本发明实施例网关业务控制装置和网关的硬件结构示意图。11 is a schematic diagram of a hardware structure of a gateway service control device and a gateway according to an embodiment of the present invention.
具体实施方式detailed description
本申请描述了多个实施例,但是该描述是示例性的,而不是限制性的,并且对于本领域的普通技术人员来说显而易见的是,在本申请所描述的实施例包含的范围内可以有更多的实施例和实现方案。尽管在附图中示出了许多可能的特征组合,并在具体实施方式中进行了讨论,但是所公开的特征的许多其它组合方式也是可能的。除非特意加以限制的情况以外,任何实施例的任何特征或元件可以与任何其它实施例中的任何其他特征或元件结合使用,或可以替代任何其它实施例中的任何其他特征或元件。This application describes a plurality of embodiments, but the description is exemplary rather than restrictive, and it is obvious to a person of ordinary skill in the art that within the scope of the embodiments described in this application There are more embodiments and implementation schemes. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are also possible. Unless specifically limited, any feature or element of any embodiment may be used in combination with, or may replace any other feature or element of any other embodiment.
本申请包括并设想了与本领域普通技术人员已知的特征和元件的组合。本申请已经公开的实施例、特征和元件也可以与任何常规特征或元件组合,以形成由权利要求限定的独特的发明方案。任何实施例的任何特征或元件也可以与来自其它发明方案的特征或元件组合,以形成另一个由权利要求限定的独特的发明方案。因此,应当理解,在本申请中示出和/或讨论的任何特征可以单独地或以任何适当的组合来实现。因此,除了根据所附权利要求及其等同替换所做的限制以外,实施例不受其它限制。此外,可以在所附权利要求的保护范围内进行各种修改和改变。This application includes and contemplates combinations with features and elements known to those of ordinary skill in the art. The embodiments, features and elements already disclosed in the present application can also be combined with any conventional features or elements to form a unique invention solution defined by the claims. Any feature or element of any embodiment may also be combined with features or elements from other inventions to form another unique invention defined by the claims. Therefore, it should be understood that any features shown and/or discussed in this application may be implemented individually or in any suitable combination. Therefore, the embodiments are not limited except in accordance with the limitations of the appended claims and their equivalents. In addition, various modifications and changes can be made within the scope of protection of the appended claims.
此外,在描述具有代表性的实施例时,说明书可能已经将方法和/或过程呈现为特定的步骤序列。然而,在该方法或过程不依赖于本文所述步骤的特定顺序的程度上,该方法或过程不应限于所述的特定顺序的步骤。如本领域普通技术人员将理解的,其它的步骤顺序也是可能的。因此,说明书中阐述的步骤的特定顺序不应被解释为对权利要求的限制。此外,针对该方法和/或过程的权利要求不应限于按照所写顺序执行它们的步骤,本领域技术人员可以容易地理解,这些顺序可以变化,并且仍然保持在本申请实施例的精神和范围内。In addition, in describing representative embodiments, the specification may have presented the methods and/or processes as a specific sequence of steps. However, to the extent that the method or process does not depend on the specific order of steps described herein, the method or process should not be limited to the specific order of steps described. As one of ordinary skill in the art will understand, other sequence of steps are also possible. Therefore, the specific order of steps set forth in the specification should not be construed as limiting the claims. In addition, the claims for the method and/or process should not be limited to the steps for performing them in the order written, as those skilled in the art can easily understand that these orders can be changed and still maintain the spirit and scope of the embodiments of the present application Inside.
在通信领域系统的开发中,IT化越来越明显,各大主流设备商的电信管理运营系统采用微服务架构已经成为了主流,如:Linux基金会下,由业界主流运营商和设备商共同参与管理和编排(MANO,management and orchestration)系统:开放网络自动化平台(ONAP,The Open Network Automation Platform)从一开始就采用微服务架构,MSB是其HTTP网关,位于系统的核心部分。In the development of systems in the communications field, IT is becoming more and more obvious. The telecommunications management and operation systems of major mainstream equipment vendors have become mainstream through the use of microservices architecture. For example, under the Linux Foundation, the industry’s mainstream operators and equipment vendors work together. Participation in management and orchestration (MANO, management and orchestration) system: Open Network Automation Platform (ONAP, The Open Network Automation Platform) has adopted a micro-service architecture from the beginning, MSB is its HTTP gateway, located in the core part of the system.
3GPP确认的5G核心网采用基于服务的网络架构(SBA,Service-based architecture)作为统一基础架构,接口推荐采用基于HTTP/2 REST。其由六大部分组成:控制面服务、用户面服务、服务框架、数据服务、服务管理与编排、其他部分。其中控制面服务和用户面服务都是由多个服务构成,在调用控制面服务和用户面服务时,需要通过HTTP网关来转发具体请求。The 5G core network confirmed by 3GPP uses a service-based architecture (SBA) as the unified infrastructure, and the interface is recommended to be based on HTTP/2 REST. It consists of six major parts: control plane services, user plane services, service framework, data services, service management and orchestration, and other parts. The control plane service and the user plane service are both composed of multiple services. When calling the control plane service and the user plane service, the specific request needs to be forwarded through the HTTP gateway.
HTTP网关在开放API(OpenAPI)体系中占有绝对重要的位置,是API治理的核心组件,在将API(Application Programming Interface,应用程序编程接口)作为能力暴露到外部时,就需要由HTTP网关完成认证,鉴权和限流等多种要求,并且要求极高的灵活性。The HTTP gateway occupies an absolutely important position in the Open API (OpenAPI) system. It is the core component of API governance. When the API (Application Programming Interface) is exposed to the outside as a capability, it needs to be authenticated by the HTTP gateway , Authentication and current limiting and other requirements, and requires extremely high flexibility.
各种系统云化的趋势越来越明显,安全问题也越发的突出,HTTP网关作为安全体系的第一道屏障,需要应对突发的安全问题。The clouding trend of various systems is becoming more and more obvious, and security problems are becoming more and more prominent. As the first barrier of the security system, the HTTP gateway needs to deal with sudden security problems.
在下一代微服务架构中,服务网格作为一个云设施将大大简化微服务的开发,同时服务网格技术也要求网关能配合服务网格,根据微服务的运行需要,按照下发的相关规则,调整网关的行为。In the next-generation microservices architecture, the service grid as a cloud facility will greatly simplify the development of microservices. At the same time, the service grid technology also requires the gateway to cooperate with the service grid, according to the operational needs of microservices, according to the relevant rules issued To adjust the behavior of the gateway.
为此,本发明一示例性实施例提供了一种实现网关业务的系统,如图1所示,包括网关业务控制装置1和网关2,该网关为HTTP网关。To this end, an exemplary embodiment of the present invention provides a system for implementing a gateway service. As shown in FIG. 1, it includes a gateway service control device 1 and a gateway 2, which is an HTTP gateway.
网关业务控制装置1包括模型设计器11和业务下发接口12,网关业务控制装置1在实体上可以是任意的计算机设备,如服务器、PC等。网关业务控制装置1和网关2可以通过网络连接。The gateway service control device 1 includes a model designer 11 and a service delivery interface 12, and the gateway service control device 1 may be any computer equipment, such as a server, a PC, or the like. The gateway service control device 1 and the gateway 2 may be connected through a network.
模型设计器11设置为根据输入指令生成网关业务模型。模型设计器 提供了网关业务模型的设计功能。在模型设计器中,可以将网关业务所需要的步骤和元素以可视化的方式展现出来,通过在模型设计器中拖拽,构成一个完整的处理网关业务的流水线。在相关元素中,可以配置特定匹配规则和执行动作,可以实现复杂网关业务。The model designer 11 is configured to generate a gateway business model according to the input instruction. The model designer provides the design function of the gateway business model. In the model designer, you can visualize the steps and elements required by the gateway business, and drag and drop in the model designer to form a complete pipeline for processing the gateway business. Among related elements, specific matching rules and execution actions can be configured, and complex gateway services can be realized.
本发明一示例性实施例中,模型设计器11包括:In an exemplary embodiment of the present invention, the model designer 11 includes:
用户接口单元,设置为显示操作界面,接收用户的输入指令;The user interface unit is set to display an operation interface and receive user input commands;
模型构建单元,设置为根据输入指令,从可选元素中选择网关业务模型的组成元素,将所述组成元素连接为处理网关业务的流水线,及设置所述组成元素的属性,以实现网关业务处理逻辑。The model building unit is set to select the constituent elements of the gateway business model from the optional elements according to the input instructions, connect the constituent elements to a pipeline for processing gateway services, and set the attributes of the constituent elements to implement gateway business processing logic.
模型生成单元,设置为根据所述流水线和所述组成元素的属性生成所述网关业务模型。The model generating unit is configured to generate the gateway business model according to the attributes of the pipeline and the constituent elements.
在一个示例中,用户接口单元可以显示包括元素选择区和模型设计区的可视化操作界面,根据用户操作确定用户的输入指令。模型构建单元检测到元素选择区中的可选元素被拖拽到模型设计区中时,将被拖拽的可选元素记录为网关业务模型的组成元素。所述可选元素可以包括以下至少之一:开始环节、结束环节、执行环节、判断跳转环节、已有业务模型。该示例中,将已有业务模型作为元素,也就意味着可以将已设计完成的网关业务流程作为新设计的业务流程的子流程,通过组合子流程构成更复杂的流程,从而可以通过流程的复用减少人员、时间的投入。In one example, the user interface unit may display a visual operation interface including an element selection area and a model design area, and determine a user's input instruction according to the user operation. When the model building unit detects that the optional element in the element selection area is dragged into the model design area, the dragged optional element is recorded as a constituent element of the gateway business model. The optional element may include at least one of the following: a start link, an end link, an execution link, a judgment jump link, and an existing business model. In this example, the existing business model is used as an element, which means that the designed gateway business process can be used as a sub-process of the newly designed business process. By combining sub-processes, a more complex process can be formed, so that the process can be passed Reuse reduces the investment of personnel and time.
在本发明一示例性实施例中,上述流水线包括一个或多个分支,每一分支有一个或多个执行环节,每个环节可以包括一个或多个第二指令,第二指令使用高级语言如DSL描述。可以将多个功能类似的第二指令(如执行报文处理的指令)设计在一个环节中。在一个示例中,所述环节包括以下信息中的至少之一:业务标识、环节标识、入口环节标识、优先级、指令标识、匹配规则、执行动作。其中,入口环节的匹配规则用于判断接收的报文是否与该入口环节所在的流水线匹配;入口环节的优先级用于确定对流水线进行匹配的顺序;执行动作用于确定对报文执行的处理,其中 包括跳转到下一环节或指令的动作(跳转动作是执行动作的一种)。上述环节中的信息可以根据组成元素所属的环节、为组成元素设置的属性、流水线中环节的连接关系等来生成。In an exemplary embodiment of the present invention, the above pipeline includes one or more branches, each branch has one or more execution links, and each link may include one or more second instructions. The second instructions use a high-level language such as DSL description. Multiple second instructions with similar functions (such as instructions for performing message processing) can be designed in one link. In one example, the link includes at least one of the following information: service identifier, link identifier, entry link identifier, priority, instruction identifier, matching rule, and execution action. Among them, the matching rule of the entry link is used to determine whether the received message matches the pipeline where the entry link is located; the priority of the entry link is used to determine the order of matching the pipeline; the execution action is used to determine the processing performed on the message , Which includes the action of jumping to the next link or instruction (jump action is a type of execution action). The information in the above links can be generated according to the link to which the constituent element belongs, the attribute set for the constituent element, and the connection relationship of the links in the pipeline.
在本发明一示例性实施例中,所述网关业务模型基于针对HTTP操作的领域特定语言(DSL,domain-specific language)描述。DSL指专注于某个应用程序领域的计算机语言,又称领域专用语言。使用DSL,一般的运维人员即可进行模型设计。此时网关业务模型中的第二指令也可以称为DSL指令。DSL指令包括动作原语、参数、上下文变量、运算符、逻辑处理符等组成要素。动作原语和对应的表达式的示例如下:In an exemplary embodiment of the present invention, the gateway business model is based on a domain-specific language (DSL) description for HTTP operations. DSL refers to a computer language focused on an application domain, also known as a domain-specific language. Using DSL, the general operation and maintenance personnel can design the model. At this time, the second instruction in the gateway service model may also be called a DSL instruction. The DSL instruction includes components such as action primitives, parameters, context variables, operators, and logic processors. Examples of action primitives and corresponding expressions are as follows:
URL重写:rewrite<URL>URL rewriting: rewrite<URL>
header信息修改:header add/modify/remove<property><value>header information modification: header add/modify/remove<property><value>
body信息修改:body add/modify/remove<xpath><content>Body information modification: body add/modify/remove<xpath><content>
请求重定向:redirect<url>Request redirection: redirect<url>
条目跳转:jump<table-entry-id>Entry jump: jump<table-entry-id>
拒绝请求:refuseReject the request: refuse
请求转发:forwardRequest forwarding: forward
保存状态:save<key><value>Save state: save<key><value>
加载状态:load<key>Loading status: load<key>
增加计数:calc<key><count>Increase count: calc<key><count>
读取计数:read<key>Read count: read<key>
网关业务模型使用DSL或其他高级语言描述,并不能够直接被网关执行,需要先转化为网关可执行的第一指令,才能被下发到流表库中生效,从而实现网关业务的目标。在图1所示的示例中,网关业务控制装置1将网关业务模型直接下发给网关2,由网关2中的业务控制面22来完成指令转化。此时,业务下发接口12设置为将网关业务模型下发给网关2。在另一示例中,是在网关业务控制装置1中完成指令转化后再下发给网关2。 此时业务下发接口12设置为对网关业务模型进行解析并转化为网关可执行的第一指令后,将所述第一指令下发给网关。The gateway business model is described in DSL or other high-level languages, and cannot be directly executed by the gateway. It needs to be converted into the first instruction executable by the gateway before it can be issued to the flow table library to take effect, thereby achieving the goal of gateway business. In the example shown in FIG. 1, the gateway service control device 1 directly issues the gateway service model to the gateway 2, and the service control plane 22 in the gateway 2 completes the instruction conversion. At this time, the service delivery interface 12 is configured to deliver the gateway service model to the gateway 2. In another example, after the instruction conversion is completed in the gateway service control device 1, it is issued to the gateway 2. At this time, the service delivery interface 12 is configured to parse the gateway service model and convert it into a first instruction executable by the gateway, and then deliver the first instruction to the gateway.
在一个示例中,模型设计器11自身可以带有持久化存储,以对已经完成的网关业务模型进行保存。模型设计器11还可以带有校验功能,在保存时会对整个网关业务模型进行校验。In one example, the model designer 11 itself may have persistent storage to save the completed gateway business model. The model designer 11 may also be provided with a verification function, and the entire gateway business model will be verified during storage.
在本发明一示例性实施例中,如图1所示,网关2包括网关控制面21、指令执行器22、请求解析器23、请求下发器24、响应解析器25和响应反馈器26,其中:In an exemplary embodiment of the present invention, as shown in FIG. 1, the gateway 2 includes a gateway control plane 21, an instruction executor 22, a request parser 23, a request dispatcher 24, a response parser 25, and a response feedbacker 26, among them:
网关控制面21提供了网关与网关业务控制装置的交互接口,设置为获取用于实现网关业务的多个第一指令并下发给指令执行器22,其中,所述第一指令基于网关业务模型得到。The gateway control plane 21 provides an interactive interface between the gateway and the gateway service control device, and is configured to obtain multiple first instructions for implementing the gateway service and issue them to the instruction executor 22, wherein the first instructions are based on the gateway business model get.
在本发明一示例性实施例中,所述网关业务模型采用如本发明任一实施例所述的网关业务模型生成方法生成。In an exemplary embodiment of the present invention, the gateway business model is generated using the gateway business model generation method described in any of the embodiments of the present invention.
图1所示的实施例中,指令转化在网关实现。网关控制面21接收网关业务控制装置1下发的网关业务模型,对所述网关业务模型进行解析并转化为多个所述第一指令,然后下发给指令执行器22。在对网关业务模型进行解析之前,网关控制面21还可以对下发的网关业务模型进行校验如CRC校验,如果校验不通过则拒绝下发,可以要求网关业务控制装置重新下发。而在本发明另一示例性实施例中,网关业务控制装置2完成指令转化功能后再下发。此时网关控制面21可设置为接收网关业务控制装置1下发的第一指令并直接下发给指令执行器22。网关控制面21下发成功后,可以向网关业务控制装置返回下发成功的响应消息。In the embodiment shown in FIG. 1, the conversion of instructions is implemented in the gateway. The gateway control plane 21 receives the gateway business model issued by the gateway business control device 1, parses the gateway business model and converts it into a plurality of the first instructions, and then issues them to the instruction executor 22. Before parsing the gateway service model, the gateway control plane 21 can also check the delivered gateway service model, such as a CRC check. If the check fails, the delivery is rejected, and the gateway service control device can be requested to reissue. In another exemplary embodiment of the present invention, the gateway service control device 2 completes the instruction conversion function and then issues it. At this time, the gateway control plane 21 may be configured to receive the first instruction issued by the gateway service control device 1 and directly issue it to the instruction executor 22. After the gateway control plane 21 delivers successfully, it can return a successfully delivered response message to the gateway service control device.
指令执行器22设置为根据下发的第一指令对接收的报文(如HTTP请求报文、HTTP响应报文)进行处理。指令执行器22可以将下发的第一指令保存为指令流表库中的条目,第一指令也可以称为流表指令。第一指令对报文处理的逻辑结构为一条流水线,此流水线包括一个或多个分支, 每一分支有一个或多个执行环节,每个执行环节中可以包括一个或多个第一指令,如图2所示。当网关2接收到一条报文后,该条报文在指令执行器22中按照流水线逐步进行处理,在流水线的每个指令按照“匹配条件,执行动作”的方式运行,实现对报文的流水线处理。The instruction executor 22 is configured to process received messages (such as HTTP request messages and HTTP response messages) according to the first instruction issued. The instruction executor 22 may save the issued first instruction as an entry in the instruction flow table library, and the first instruction may also be called a flow table instruction. The logical structure of the first instruction for message processing is a pipeline. This pipeline includes one or more branches, each branch has one or more execution links, and each execution link can include one or more first instructions, such as Figure 2 shows. After the gateway 2 receives a message, the message is processed step by step in the instruction executor 22 according to the pipeline, and each instruction in the pipeline runs in a "matching condition, execute action" manner to realize the pipeline of the message deal with.
在本发明一示例性实施例中,多个所述第一指令组成实现网关业务处理的流水线,所述第一指令包括以下信息中的至少之一:指令标识、优先级、匹配规则、执行动作;其中,所述流水线中的第一个指令的匹配规则用于判断接收的报文是否与所述流水线匹配;所述第一个指令的优先级用于确定对流水线进行匹配的顺序;所述执行动作用于确定对报文执行的处理,其中包括跳转到下一指令的动作,当然最后一个指令并不需要执行到下一个指令的跳转。指令标识可以是一个编号序列,指令的顺序可以根据编号来确定。In an exemplary embodiment of the present invention, a plurality of the first instructions form a pipeline for implementing gateway service processing, and the first instructions include at least one of the following information: instruction identifier, priority, matching rule, and execution action ; Wherein, the matching rule of the first instruction in the pipeline is used to determine whether the received message matches the pipeline; the priority of the first instruction is used to determine the order in which the pipeline is matched; The execution action is used to determine the processing performed on the message, including the action of jumping to the next instruction. Of course, the last instruction does not need to execute the jump to the next instruction. The instruction identifier can be a number sequence, and the order of the instructions can be determined according to the number.
请求解析器23设置为对接收到的请求报文进行解析并发送给指令执行器22;The request parser 23 is configured to parse the received request message and send it to the command executor 22;
请求下发器24,设置为将经过指令执行器22处理后的请求报文下发给后端服务;The request dispatcher 24 is configured to deliver the request message processed by the instruction executor 22 to the back-end service;
响应解析器25,设置为对接收到的响应报文进行解析并发送给指令执行器22;The response parser 25 is configured to parse the received response message and send it to the command executor 22;
响应反馈器26,设置为将经过指令执行器22处理后的响应报文返回给客户端。The response feedback unit 26 is configured to return the response message processed by the instruction executor 22 to the client.
本申请中,网关业务控制装置1可以是任何可执行网关业务模型生成和下发处理的计算机设备,网关业务控制装置1可以直接向网关2下发网关业务信息,也可以间接下发。在间接下发时,指令转化的功能也可以由中间设备来实现。In the present application, the gateway service control device 1 may be any computer device that can perform the generation and delivery processing of the gateway service model. The gateway service control device 1 may directly deliver the gateway service information to the gateway 2 or indirectly. In the case of indirect delivery, the function of instruction conversion can also be realized by the intermediate device.
本发明上述实施例实现了一种网关业务实现的系统,其网关业务采用模型驱动设计,可以应对不同的业务需求,快速实现业务目标,运维人员即可开发新的业务,不再需要根据不同业务开发不同插件。The above embodiment of the present invention implements a system for implementing a gateway service. The gateway service uses a model-driven design, which can respond to different business needs and quickly achieve business goals. The operation and maintenance personnel can develop new services without the need for different services. Different plug-ins for business development.
本发明一示例性实施例还提供了一种网关业务实现方法,所述网关业务为HTTP网关业务。该实现方法包括设计阶段在网关业务控制装置执行的网关业务模型设计和下发处理,以及运行阶段在网关执行的对报文的处理。其中,对报文的处理又分为:对请求报文的处理和对响应报文的处理。An exemplary embodiment of the present invention also provides a gateway service implementation method, where the gateway service is an HTTP gateway service. The implementation method includes the design and delivery processing of the gateway service model performed by the gateway service control device at the design stage, and the processing of the message performed by the gateway at the operation stage. Among them, the processing of messages is divided into: processing of request messages and processing of response messages.
在网关业务控制装置侧执行的方法如图3所示,包括:步骤110,根据输入指令生成网关业务模型;及,步骤120,根据生成的所述网关业务模型向网关下发网关业务信息,以在所述网关上执行网关业务处理。The method executed on the gateway service control device side is shown in FIG. 3, and includes: step 110, generating a gateway service model according to the input instruction; and, step 120, delivering gateway service information to the gateway according to the generated gateway service model, to Perform gateway service processing on the gateway.
在本发明一示例性实施例中,所述根据输入指令生成网关业务模型,包括:In an exemplary embodiment of the present invention, the generating the gateway business model according to the input instruction includes:
显示操作界面,接收输入指令;Display the operation interface and receive input commands;
根据输入指令,从可选元素中选择网关业务模型的组成元素,将所述组成元素连接为处理网关业务的流水线并设置所述组成元素的属性,以实现网关业务处理逻辑;According to the input instruction, select the constituent elements of the gateway business model from the optional elements, connect the constituent elements into a pipeline for processing gateway services and set the attributes of the constituent elements to implement the gateway business processing logic;
根据所述流水线和所述组成元素的属性生成所述网关业务模型。The gateway business model is generated according to the attributes of the pipeline and the constituent elements.
在本发明一示例性实施例中,网关业务模型使用网关业务特定语言实现,如采用针对HTTP操作的DSL描述,能完成不同网关业务的设计。In an exemplary embodiment of the present invention, the gateway service model is implemented in a gateway service specific language. For example, a DSL description for HTTP operations can be used to complete the design of different gateway services.
在一示例中,网关业务控制装置提供的一个操作界面是包括“元素选择区”和“模型设计区”的可视化操作界面,如图4所示,元素选择区位于操作界面的左侧,设计人员可以在“元素选择区”选择构建模型,“元素选择区”中元素除基本元素(如开始环节、结束环节、执行环节、判断跳转)外,还可以包含已有业务模型即原来已经设计好的业务模型。这意味着在进行网关业务模型设计时,可以将所设计的业务模型保存下来,作为一个环节(也即子流程)嵌套在更复杂的网关业务的流水线(也业务流程)中,作为其中的处理环节。这样可以实现业务模型的共享和重用,完成更复杂的业务模型的开发,可以大大节约了设计所需的时间。In an example, an operation interface provided by the gateway service control device is a visual operation interface including an "element selection area" and a "model design area". As shown in FIG. 4, the element selection area is located on the left side of the operation interface, and the designer You can choose to build the model in the "element selection area". In addition to the basic elements (such as the start link, the end link, the execution link, and the judgment jump), the elements in the "element selection area" can also contain the existing business model that has been designed. Business model. This means that when designing a gateway business model, the designed business model can be saved as a link (that is, a sub-process) nested in a more complex gateway business pipeline (also a business process) as one of them Processing link. In this way, business models can be shared and reused, and the development of more complex business models can be completed, which can greatly save the time required for design.
如图4所示的示例中,模型设计区位于该操作界面的中间,该操作界 面的右侧还包括一个模型属性区,用于填写组成元素的属性。“模型设计区”是模型的可视化展示区,设计人员可以通过拖拽“元素选择区”的元素到“模型设计区”来构成模型。网关业务控制装置检测到所述元素选择区中的可选元素被拖拽到所述模型设计区中时,将被拖拽的所述可选元素记录为所述网关业务模型的组成元素。当设计人员在“模型设计区”选中特定元素后,可以在“模型属性区”设置该元素的属性,如匹配条件和执行动作等。模型设计器可以根据操作原语和上下文给出智能提示,帮助运维人员进行设计,并不需要专门的开发人员参与其中;同时,还可以提供了“保存“和“下发”按钮,可以将设计好的模型进行保存,也可以将设计好的模型下发到HTTP网关。In the example shown in Figure 4, the model design area is located in the middle of the operation interface. The right side of the operation interface also includes a model attribute area for filling in the attributes of the constituent elements. "Model design area" is the visual display area of the model. Designers can construct the model by dragging the elements of "element selection area" to "model design area". When detecting that the optional element in the element selection area is dragged into the model design area, the gateway service control device records the dragged optional element as a component element of the gateway service model. When the designer selects a specific element in the "Model Design Area", he can set the attributes of the element in the "Model Attribute Area", such as matching conditions and execution actions. The model designer can give intelligent prompts according to the operation primitives and context to help the operation and maintenance personnel to design, and does not require special developers to participate in it; at the same time, it can also provide "save" and "send" buttons, you can The designed model is saved, and the designed model can also be delivered to the HTTP gateway.
在本发明一示例性实施例中,生成的网关业务模型在逻辑结构上是包括多个环节的一个流水线。一个环节可以包括一条第二指令(如DSL指令)或者流水线上依次执行的多条第二指令。例如,可以将执行类似功能的多条第二指令(如执行报文处理的多条第二指令)组成为一个环节,以简化流水线的结构,方便模型的设计。所述环节包括以下信息中的至少之一:业务标识、环节标识、入口环节标识、优先级、指令标识、匹配规则、执行动作;其中,入口环节的匹配规则用于判断接收的报文是否与该入口环节所在的流水线匹配;入口环节的优先级用于确定对流水线进行匹配的顺序;执行动作用于确定对报文执行的处理,其中包括跳转到下一环节或指令的动作。根据流水线组成元素所属的环节、各环节的连接关系、组成元素的属性等可以确定第二指令的匹配规则和执行动作等内容。In an exemplary embodiment of the present invention, the generated gateway business model is a pipeline including multiple links in the logical structure. A link may include a second instruction (such as a DSL instruction) or multiple second instructions that are sequentially executed on the pipeline. For example, multiple second instructions that perform similar functions (such as multiple second instructions that perform message processing) can be combined into one link to simplify the pipeline structure and facilitate model design. The link includes at least one of the following information: service identification, link identification, entry link identification, priority, instruction identification, matching rules, and execution actions; wherein, the entry link matching rules are used to determine whether the received message is The pipeline where the entry link is matched; the priority of the entry link is used to determine the order in which the pipeline is matched; the execution action is used to determine the processing performed on the message, including the action of jumping to the next link or instruction. The matching rules and execution actions of the second instruction can be determined according to the links to which the constituent elements of the pipeline belong, the connection relationships of the various links, and the attributes of the constituent elements.
在本发明一示例性实施例中,根据生成的所述网关业务模型向网关下发网关业务信息时,是将所述网关业务模型直接下发给网关。例如,通过点击模型设计器中的“下发“按钮,将网关业务模型下发给HTTP网关。而在本发明另一示例性实施例中,是先对所述网关业务模型进行解析并转化为所述网关可执行的第一指令,再将所述第一指令下发给网关。In an exemplary embodiment of the present invention, when delivering the gateway service information to the gateway according to the generated gateway business model, the gateway business model is directly delivered to the gateway. For example, by clicking the "Send" button in the model designer, the gateway business model is delivered to the HTTP gateway. In another exemplary embodiment of the present invention, the gateway business model is first parsed and converted into a first instruction executable by the gateway, and then the first instruction is issued to the gateway.
在网关侧执行的方法如图5所示,包括:步骤210,网关获取用于实现网关业务的多个第一指令,其中,所述第一指令基于网关业务模型得到;及,步骤220,所述网关根据所述第一指令对接收的报文进行处理。其中,所述网关业务模型可以采用如本发明任一实施例所述的网关业务模型生成方法生成。The method executed on the gateway side as shown in FIG. 5 includes: step 210, the gateway obtains a plurality of first instructions for implementing the gateway service, wherein the first instruction is obtained based on the gateway service model; and, step 220, The gateway processes the received message according to the first instruction. Wherein, the gateway business model may be generated using the method for generating a gateway business model according to any embodiment of the present invention.
在本发明一示例性实施例中,所述网关获取用于实现网关业务的多个第一指令,包括:所述网关接收所述网关业务模型,对所述网关业务模型进行解析并转化为多个所述第一指令。在对网关业务模型进行解析之前,还可以对网关业务模型进行校验如CRC校验,如果校验不通过则拒绝下发。In an exemplary embodiment of the present invention, the gateway acquiring a plurality of first instructions for implementing the gateway service includes: the gateway receives the gateway service model, parses the gateway service model and converts it into multiple The first instruction. Before parsing the gateway business model, the gateway business model can also be verified, such as a CRC check. If the check fails, it is rejected.
在本发明一示例性实施例中,网关对请求报文(如HTTP请求报文)的处理包括:In an exemplary embodiment of the present invention, the processing of the request message (such as the HTTP request message) by the gateway includes:
步骤一,网关对接收到客户端发送的请求报文进行解析,得到请求报文的内容,其中包括统一资源定位符(URL),头部(Header)和包体(Body)等信息。Step 1: The gateway parses the received request message sent by the client to obtain the content of the request message, which includes information such as uniform resource locator (URL), header (header), and body (body).
步骤二,网关根据请求报文中的相关特征(如IP地址、Cookie中的login_token等),判断是否有与其匹配的流水线,如果没有,则拒绝请求报文,流程结束;如果有,继续下一步。Step 2: The gateway determines whether there is a matching pipeline according to the relevant characteristics in the request message (such as IP address, login_token in cookie, etc.). If not, the request message is rejected and the process ends; if so, continue to the next step .
本步骤中,如果请求报文中的相关特征符合一个流水线的入口环节的匹配条件,则该流水线是与该请求报文匹配的流水线。In this step, if the relevant feature in the request message meets the matching condition of the entry link of a pipeline, the pipeline is the pipeline that matches the request message.
步骤三,从匹配到的流水线的第一指令开始,依次执行所述流水线上的所有第一指令以对请求报文进行处理,将处理后的请求报文下发到后端服务。Step 3: Starting from the matched first instruction of the pipeline, sequentially execute all the first instructions on the pipeline to process the request message, and deliver the processed request message to the back-end service.
在本发明一示例性实施例中,网关对响应报文(如HTTP响应报文)的处理包括:In an exemplary embodiment of the present invention, the processing of the response message (such as the HTTP response message) by the gateway includes:
步骤一,网关对接收到的后端服务返回的响应报文进行解析,得到响应报文的内容,如Header和Body等信息;Step 1: The gateway parses the received response message returned by the back-end service to obtain the content of the response message, such as header and body information;
步骤二:网关根据响应报文的相关特征,判断是否有与其匹配的流水线,如果没有,则拒绝请求报文,流程结束;如果有,继续下一步。Step 2: The gateway determines whether there is a matching pipeline according to the relevant characteristics of the response message. If not, it rejects the request message and the process ends; if it does, it continues to the next step.
本步骤中,如果响应报文中的相关特征符合一个流水线的第一个指令(对应入口环节)的匹配条件,则所述流水线是与该响应报文匹配的流水线。In this step, if the relevant features in the response message meet the matching conditions of the first instruction (corresponding to the entry link) of a pipeline, the pipeline is the pipeline that matches the response message.
步骤三,从匹配到的流水线的第一指令开始,依次执行所述流水线上的所有第一指令以对响应报文进行处理,将处理后的响应报文返回给发送相应请求报文的客户端。Step 3: Starting from the matched first instruction of the pipeline, execute all the first instructions of the pipeline in sequence to process the response message, and return the processed response message to the client that sends the corresponding request message .
在本发明一示例性实施例中,HTTP网关需要同时承载多个不同的网关业务,所以指令执行器中能同时运行多个业务的处理流程,在流水线的第一个处理环节上,会对HTTP报文进行编号,同时会根据HTTP报文的特征与流水线的匹配结果,将其HTTP请求/响应送到不同的流水线上进行处理,并利用所述编号来跟踪相应的处理过程。In an exemplary embodiment of the present invention, the HTTP gateway needs to carry multiple different gateway services at the same time, so the processing flow of multiple services can be run simultaneously in the instruction executor. On the first processing link of the pipeline, HTTP The messages are numbered, and at the same time, the HTTP request/response is sent to different pipelines for processing according to the matching characteristics of the HTTP message and the pipeline, and the corresponding number is used to track the corresponding processing process.
在本发明一示例性实施例中,第一指令在执行时是一个解释执行的模式,当执行次数达到一定门限后,可以使用即时转化技术,将第一指令再度转化成机器码如native代码进行执行,以提升整个流程的处理效率。In an exemplary embodiment of the present invention, when the first instruction is executed, it is a mode for explaining execution. When the number of executions reaches a certain threshold, instant conversion technology can be used to convert the first instruction into machine code such as native code again. Implementation to improve the processing efficiency of the entire process.
在本发明一示例性的实施例中,业务网关模型的逻辑结构是一条或多条流水线,不同流水线如可以分别用于处理不同类型的报文。每一条流水线可以包括一个或多个分支。一条流水线上可以有多个环节,每个环节可以包含如下的信息:In an exemplary embodiment of the present invention, the logical structure of the service gateway model is one or more pipelines. For example, different pipelines can be used to process different types of packets. Each pipeline may include one or more branches. There can be multiple links on a pipeline, and each link can contain the following information:
业务标识:用于标识此环节所针对的业务。Business identification: used to identify the business targeted by this session.
环节标识(ID):可以采用环节的编号作为环节ID。Link ID (ID): The link number can be used as the link ID.
入口环节标识:值为“Y”标识该环节是入口环节,入口环节的匹配规则用于判断流水线是否与接收的报文匹配。Entry link identification: A value of "Y" indicates that the link is an entry link, and the matching rules of the entry link are used to determine whether the pipeline matches the received message.
优先级:当此环节是入口环节时设置优先级,该字段的数字越小表示 优先级越高,优先级相同时可以定义为环节的ID越大优先级越高,或者相反。在网关接收到报文,根据报文中的特征判断所述报文是否与已设置的流水线匹配时,是从高优先级的入口环节(也可称为条目)开始,按照从高到低的顺序依次进行匹配。Priority: Set the priority when this link is an entry link. The smaller the number in this field, the higher the priority. When the priority is the same, it can be defined as the link ID is larger and the priority is higher, or vice versa. When the gateway receives the message and determines whether the message matches the set pipeline according to the characteristics of the message, it starts from the high-priority entry link (also known as the entry), according to the order from high to low Match in order.
匹配规则:也可以称为匹配条件,用于判断请求报文是否满足一定的条件,从而控制流水线的处理流向,其用于匹配操作的特征可以是报文中的任何一部分,如:http URL,http header和http body等。Matching rule: It can also be called a matching condition, which is used to determine whether the request message meets certain conditions, so as to control the processing flow of the pipeline. The characteristics of the matching operation can be any part of the message, such as httpURL, http header and http body etc.
执行动作:即对报文执行的处理,如:修改HTTP头部,重写URL,增加计数器,转发HTTP请求到后端服务,HTTP请求拒绝,跳转到下一环节或指令等。Execution action: the processing performed on the message, such as: modifying the HTTP header, rewriting the URL, increasing the counter, forwarding the HTTP request to the back-end service, rejecting the HTTP request, and skipping to the next link or instruction.
上述匹配规则和执行动作在设计时可以使用特定的DSL语言描述(或者说编写),由网关控制面转化为网关可执行的第一指令的内容。The above matching rules and execution actions can be described (or written) in a specific DSL language at the time of design, and converted by the gateway control plane into the content of the first instruction executable by the gateway.
在本发明一个示例性实施例中,一个环节即一个指令,环节标识也即指令标识,此时一个环节包括以上的业务标识、环节标识、入口环节标识、优先级、匹配规则和执行动作等信息,无需再另外设置指令标识。In an exemplary embodiment of the present invention, a link is an instruction, and a link ID is also an instruction ID. In this case, a link includes the above service ID, link ID, entry link ID, priority, matching rules, and execution actions. , There is no need to set the instruction ID separately.
而在本发明另一个示例性实施例中,一个环节中可以包括多个指令,此时每一指令有各自的匹配规则和执行动作,还需为每一指令设置一个指令标识以区别不同的指令。业务名称、环节标识、入口环节标识等内容可以为同一环节的多个指令共用。In another exemplary embodiment of the present invention, a link may include multiple instructions. In this case, each instruction has its own matching rules and execution actions. It is also necessary to set an instruction identifier for each instruction to distinguish different instructions . The business name, link ID, entrance link ID, etc. can be shared by multiple instructions in the same link.
下表示出了一个流水线中的3个环节:The following table shows the three links in a pipeline:
Figure PCTCN2019110348-appb-000001
Figure PCTCN2019110348-appb-000001
Figure PCTCN2019110348-appb-000002
Figure PCTCN2019110348-appb-000002
本实施例中流水线上环节的结构可以应用于本发明上述的任一实施例中。The structure of the link in the pipeline in this embodiment can be applied to any of the above embodiments of the invention.
在本发明一示例性的实施例中,多个所述第一指令组成实现网关业务处理的流水线,所述第一指令可以包括以下信息中的至少之一:In an exemplary embodiment of the present invention, a plurality of the first instructions form a pipeline for processing gateway services, and the first instructions may include at least one of the following information:
指令标识,该指令标识可以同时包含第一指令中环节编号和指令编号;The instruction identifier, which may include both the link number and the instruction number in the first instruction;
优先级;priority;
匹配规则;Matching rules
执行动作;Perform an action
其中,所述流水线中的第一个指令的匹配规则用于判断接收的报文是否与所述流水线匹配;所述第一个指令的优先级用于确定对流水线进行匹配的顺序;所述执行动作用于确定对报文执行的处理,其中一种是跳转到下一指令的动作。另外,对于非判断跳转的只是对报文进行处理的指令,可以将匹配规则设置为一默认值如TRUE,默认匹配成功。流水线中指令的顺序可以根据顺序编号的指令标识确定。Among them, the matching rule of the first instruction in the pipeline is used to determine whether the received message matches the pipeline; the priority of the first instruction is used to determine the order of matching the pipeline; the execution The action is used to determine the processing performed on the message, one of which is the action to jump to the next instruction. In addition, for the instructions that do not determine the jump but only process the message, the matching rule can be set to a default value such as TRUE, and the default matching is successful. The order of the instructions in the pipeline can be determined according to the instruction ID of the sequential number.
HTTP网关作为服务化系统的入口,需要开发各种各样的业务逻辑,传统方式通过开发和部署不同业务插件,部署在HTTP网关中来实现,采用本发明实施例的方案后,不再采用编写插件的方式,可以由运维人员,采用一个统一的流程和模型来实现。As the entrance of the service system, the HTTP gateway needs to develop various business logics. Traditionally, it is realized by developing and deploying different business plug-ins and deploying in the HTTP gateway. After adopting the solution of the embodiment of the present invention, it is not written The way of plug-in can be realized by the operation and maintenance personnel using a unified process and model.
下面通过几个具体网关业务的实施例对本申请进行说明。The present application will be described below through several embodiments of specific gateway services.
实施例一Example one
某企业微服务架构系统,需要对所有来自于外部的HTTP请求采用基本(Basic access authentication)安全认证。An enterprise microservice architecture system needs to use basic (access) authentication for all HTTP requests from outside.
实施环境说明:外部的HTTP请求都会经过HTTP网关,然后转发到后端服务,但是目前HTTP网关不具备安全控制的能力,需要运维人员需要快速增加对外部请求的安全认证功能,认证采用了基本认证,通过HTTP请求中的Cookie中的Authorization属性来获取用户名和密码,然后对密码进行验证。以该企业使用本发明实施例的网关业务实现系统为例,对本发明实施例进行详细描述:Implementation environment description: External HTTP requests will pass through the HTTP gateway and then forwarded to the back-end service. However, the current HTTP gateway does not have the capability of security control, and operation and maintenance personnel need to quickly increase the security authentication function for external requests. The authentication uses basic For authentication, obtain the user name and password through the Authorization attribute in the Cookie in the HTTP request, and then verify the password. Taking the enterprise using the gateway service implementation system of the embodiment of the present invention as an example, the embodiment of the present invention will be described in detail:
模型设计:Model design:
运维人员使用模型设计器设计认证的网关业务模型,设计完成的模型。The operation and maintenance personnel use the model designer to design the certified gateway business model and the completed model.
运维人员点击模型设计器的下发按钮,将模型下发到网关中的网关控制面。The operation and maintenance personnel click the release button of the model designer to deliver the model to the gateway control plane in the gateway.
网关控制面对网关业务模型进行解析,转化为可执行的指令并下发到指令执行器,相应指令如图6B所示。The gateway control analyzes the gateway business model, converts it into an executable instruction and sends it to the instruction executor. The corresponding instruction is shown in Figure 6B.
对请求和响应的处理:当HTTP网关接收到HTTP客户端发送的请求报文和响应报文后,会执行流水线的相应指令,其处理逻辑参见图6A。Processing of requests and responses: When the HTTP gateway receives the request message and the response message sent by the HTTP client, it will execute the corresponding instructions of the pipeline, and its processing logic is shown in FIG. 6A.
步骤501:HTTP网关在80端口上监听到HTTP请求报文。Step 501: The HTTP gateway listens to the HTTP request message on port 80.
步骤502:在HTTP请求报文的Cookie中,没有login_token属性,本实施例表示该报文是请求报文。Step 502: In the cookie of the HTTP request message, there is no login_token attribute, and this embodiment indicates that the message is a request message.
步骤504:通过BASE64算法,解析Authorization字段,获取用户名和密码。Step 504: Analyze the Authorization field through the BASE64 algorithm to obtain the user name and password.
步骤505:使用用户名从缓存中获取用户的密码。Step 505: Use the user name to obtain the user's password from the cache.
步骤506:将缓存中获取的密码与步骤504中获得的密码比较,假定两者是相同的。Step 506: Compare the password obtained in the cache with the password obtained in step 504, assuming that the two are the same.
步骤507:将HTTP请求报文转发给后端处理者。Step 507: Forward the HTTP request message to the back-end processor.
步骤508:接收到后端处理者完成处理后返回的HTTP响应报文。Step 508: Receive the HTTP response message returned by the back-end processor after completing the processing.
步骤509:在HTTP响应的cookie中设置login_token属性。Step 509: Set the login_token attribute in the HTTP response cookie.
步骤510:将HTTP响应返回给HTTP的客户端。Step 510: Return the HTTP response to the HTTP client.
实施例二Example 2
本实施例中,某运营商的API开发平台需要对非登录的用户的访问频率进行限制,其每分钟的访问配额是10次。In this embodiment, an operator's API development platform needs to limit the access frequency of non-logged-in users, and its access quota is 10 times per minute.
实施环境说明:运营商的API平台使用RESTFUL接口对外提供的API服务,为了保证核心用户的QoS,对非登录的用户的访问频率进行限制,需要通过判断Cookie中是否有login_token属性,有login_token属性则认为是登录用户,没有则认为是非登录用户,然后记录其访问次数,超过配额就拒绝提供服务。以该运营商使用本装置为例对本发明进行详细描述:Implementation environment description: The operator’s API platform uses the RESTFUL interface to provide external API services. In order to ensure the core user’s QoS and limit the access frequency of non-logged-in users, it is necessary to determine whether there is a login_token attribute in the cookie and a login_token attribute. If it is considered as a logged-in user, if it is not, it is considered as a non-logged-in user, and then record the number of visits. Taking the operator using the device as an example, the present invention will be described in detail:
模型设计:Model design:
运维人员使用模型设计器设计限流业务模型,设计完成的模型。The operation and maintenance personnel use the model designer to design the current-limiting business model and the completed model.
运维人员点击模型设计器的下发按钮,将模型发现到网关中的网关控制面。The operation and maintenance personnel click the release button of the model designer to discover the model to the gateway control plane in the gateway.
网关控制面对模型进行解析,生成可执行的指令并下发到指令执行器,相应指令如图7B所示。The gateway control analyzes the model, generates executable instructions and delivers them to the instruction executor. The corresponding instructions are shown in Figure 7B.
请求处理:当接收到请求报文后,会执行流水线的全部指令,其处理逻辑参见图7A:Request processing: After receiving the request message, all the instructions of the pipeline will be executed, and the processing logic is shown in Figure 7A:
步骤701:HTTP服务器在80端口上监听到HTTP请求报文。Step 701: The HTTP server listens to the HTTP request message on port 80.
步骤702:在HTTP请求报文的Cookie中,如果没有login_token属性,转步骤703,如果有login_token属性,转步骤708。Step 702: In the cookie of the HTTP request message, if there is no login_token attribute, go to step 703, and if there is the login_token attribute, go to step 708.
步骤703:从HTTP请求报文中获取请求的原IP地址。Step 703: Obtain the original IP address of the request from the HTTP request message.
步骤704:根据获取的IP地址从缓存中获取当前统计周期(一分钟内)的已访问次数。Step 704: Obtain the number of visited times in the current statistical period (within one minute) from the cache according to the obtained IP address.
步骤705:如果已访问次数已经达到10次,转步骤706,如果没有达到10次,执行步骤707。Step 705: If the number of accessed times has reached 10 times, go to step 706, and if not, go to step 707.
步骤706,拒绝访问请求的转发,结束Step 706, the forwarding of the access request is denied, and the end
步骤707:缓存中当前计数增加1;Step 707: The current count in the cache is increased by 1;
步骤708,转发HTTP请求报文到后端处理者,结束。Step 708, forward the HTTP request message to the backend processor, and end.
实施例三Example Three
某政府部门需要升级其在公有云中的应用,需要采用金丝雀升级的方式来完成。A government department needs to upgrade its application in the public cloud, which needs to be completed by using a canary upgrade.
实施环境说明:某政府部门需要升级其在公有云中的应用,需要在一段时间内保持新旧应用共存,将小部分的流量导入到新的应用中,观察新应用使用是否正常,在发现新应用不正常时就立即将流量导回到旧应用。以该政府部门使用本装置为例对本发明进行详细描述:Implementation environment description: A government department needs to upgrade its applications in the public cloud. It needs to maintain the coexistence of new and old applications for a period of time, import a small amount of traffic into the new applications, observe whether the new applications are used normally, and discover new applications. Direct traffic back to the old application as soon as it is abnormal. Take the device used by the government department as an example to describe the invention in detail:
模型设计:Model design:
运维人员使用模型设计器设计金丝雀升级的业务模型,设计完成的模型。The operation and maintenance personnel use the model designer to design the business model upgraded by Canary, and design the completed model.
运维人员点击模型设计器的下发按钮,将模型发现到网关的网关控制面。The operation and maintenance personnel click the release button of the model designer to discover the model to the gateway control plane of the gateway.
网关控制面对模型解析,生成可执行的指令并下发到指令执行器,相应指令如图8B所示。Facing the model analysis, the gateway control generates executable instructions and delivers them to the instruction executor. The corresponding instructions are shown in Figure 8B.
请求处理:当接收到请求报文后,会执行流水线的全部指令。其处理逻辑可参见图8A。Request processing: After receiving the request message, it will execute all the instructions of the pipeline. The processing logic can be seen in FIG. 8A.
步骤901:HTTP服务器在80端口上监听到HTTP请求报文。Step 901: The HTTP server listens to the HTTP request message on port 80.
步骤902:从HTTP请求中获取请求报文的原IP地址。Step 902: Obtain the original IP address of the request message from the HTTP request.
步骤903:通过原IP地址进行哈希(HASH)计数,然后与100求模 数。Step 903: Calculate the hash (HASH) by the original IP address, then find the modulus with 100.
步骤904:判断模数是否为1,为1转到步骤906,否则转到步骤905。Step 904: determine whether the modulus is 1, go to step 906, otherwise go to step 905.
步骤905:转发HTTP请求报文到旧版本的服务,结束。Step 905: Forward the HTTP request message to the old version of the service and end.
步骤906:转发HTTP请求报文到新版本的服务,结束。Step 906: Forward the HTTP request message to the new version of the service and end.
通过上述处理,可以将1%的报文转发到新版本的服务,其他报文仍使用旧版本的服务。Through the above processing, 1% of the messages can be forwarded to the new version of the service, and other messages still use the old version of the service.
实施例四Example 4
某电商需要开展秒杀业务,前100个请求能购买到商品,后面的请求返回秒杀失败的响应。An e-commerce company needs to launch a spike service. The first 100 requests can be purchased, and the subsequent request returns a spike response.
实施环境说明:某电商需要开展秒杀业务,HTTP网关使用访问计数器计数,当计数小于100,则正常下单,并且计数器加一,否则请求返回秒杀失败的响应。以该电商使用本装置为例对本发明进行详细描述:Implementation environment description: An e-commerce needs to launch a spike service. The HTTP gateway uses an access counter to count. When the count is less than 100, the order is normally placed and the counter is increased by one. Otherwise, the request returns a response to the spike failure. Take this device as an example to describe this invention in detail:
模型设计:Model design:
运维人员使用模型设计器设计秒杀业务模型,设计完成的模型,如图9A所示。The operation and maintenance personnel use the model designer to design the spike business model, and the designed model is shown in FIG. 9A.
运维人员点击模型设计器的下发按钮,将模型发现到网关中的网关控制面。The operation and maintenance personnel click the release button of the model designer to discover the model to the gateway control plane in the gateway.
网关控制面对模型解析,生成可执行的指令并下发到指令执行器,相关指令如图9B所示。Facing the model analysis, the gateway control generates executable instructions and delivers them to the instruction executor. The relevant instructions are shown in Figure 9B.
请求和响应的处理:当接收到请求报文和响应报文后,会执行流水线的全部指令。其处理逻辑可参见图9A。Request and response processing: After receiving the request message and the response message, all the instructions of the pipeline will be executed. The processing logic can be seen in FIG. 9A.
步骤1101:HTTP服务器在80端口上监听到HTTP请求报文。Step 1101: The HTTP server listens to the HTTP request message on port 80.
步骤1102:从缓存中获取当前的请求计数。Step 1102: Obtain the current request count from the cache.
步骤1103:判断请求计数是否达到100,达到转发到步骤1104,没有 达到转发到步骤1106。Step 1103: determine whether the request count reaches 100, reach forward to step 1104, and fail to forward to step 1106.
步骤1104:缓存中的请求计数增加1。Step 1104: The request count in the cache is increased by one.
步骤1105:转到HTTP请求到业务服务器,结束。Step 1105: Go to the HTTP request to the service server and end.
步骤1106:向HTTP客户端返回秒杀失败的响应,结束。Step 1106: Return a response to the spike failure to the HTTP client, and the process ends.
实施例五Example 5
本实施例要实现的网关业务是:对经过身份认证的用户其访问频率控制在每秒1000次,非身份认证的用户总体访问频率控制在每秒100次,在这个HTTP网关业务中可以使用身份认证模型和访问限流两个模型的组合来完成。The gateway service to be implemented in this embodiment is: the access frequency of users who are authenticated is controlled at 1000 times per second, and the overall access frequency of non-identified users is controlled at 100 times per second. Identity can be used in this HTTP gateway service The combination of the authentication model and the access limitation model is completed.
本实施例主要说明一下模型设计时的嵌套。假定已经设计完成一个用于实现限流控制流程的第一网关业务模型和一个用于实现权限控制流程的第二网关业务模型,在设计本实施例的第三网关业务模型时,就可以将第一网关业务模型和第二网关业务模型作为一个环节嵌入在该第三网关业务模型中,也即是将权限控制子流程和限流控制子流程嵌入到总的业务流程中,实现如图10的处理逻辑。This embodiment mainly explains the nesting in model design. Assuming that a first gateway business model for implementing the current limiting control process and a second gateway business model for implementing the authorization control process have been designed, when designing the third gateway business model of this embodiment, you can The first gateway business model and the second gateway business model are embedded as a link in the third gateway business model, that is, the permission control sub-process and the current limit control sub-process are embedded into the overall business process, as shown in Figure 10 Processing logic.
本发明一示例性实施例还提供了一种网关业务控制装置,如图11所示,包括处理器50、存储器60及存储在所述存储器60上并可在所述处理器50上运行的计算机程序,所述处理器50执行所述计算程序时实现本发明上述任一实施例所述的网关业务控制装置侧所执行的方法的处理。An exemplary embodiment of the present invention further provides a gateway service control device, as shown in FIG. 11, including a processor 50, a memory 60, and a computer stored on the memory 60 and capable of running on the processor 50 Program, when the processor 50 executes the calculation program, the processing of the method executed by the gateway service control device side according to any of the above embodiments of the present invention is implemented.
本发明一示例性实施例还提供了一种网关,也可参见图11,包括处理器50、存储器60及存储在所述存储器60上并可在所述处理器50上运行的计算机程序,所述处理器50执行所述计算程序时实现本发明上述任一实施例所述的网关侧所执行的方法的处理。An exemplary embodiment of the present invention also provides a gateway. Referring also to FIG. 11, it includes a processor 50, a memory 60, and a computer program stored on the memory 60 and executable on the processor 50. When the processor 50 executes the calculation program, it implements the processing of the method performed by the gateway side according to any one of the above embodiments of the present invention.
本发明一示例性实施例还提供了一种计算机可读存储介质,其上存储 有计算机程序,所述计算机程序被处理器执行时实现本发明上述任一实施例所述的方法的处理。An exemplary embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the processing of the method described in any of the above embodiments of the present invention.
本发明上述实施例例的技术方案具有如下至少一个有益效果:The technical solutions of the above embodiments of the present invention have at least one beneficial effect as follows:
使用模型驱动网关,无须针对业务开发特定的插件,完成了原来需要多个业务插件才能完成的不同业务。Using model-driven gateways, there is no need to develop specific plug-ins for the business, completing different services that originally required multiple business plug-ins to complete.
采用DSL语言构建网关业务模型,将模型转化成可执行的指令后再下发到指令执行器,使网关业务开发能基于高层次的抽象来完成。The DSL language is used to build the gateway business model, and the model is converted into executable instructions and then issued to the instruction executor, so that the gateway business development can be completed based on high-level abstractions.
通过网关模型设计器完成网关业务的设计,提高网关业务的开发速度。Complete the design of the gateway service through the gateway model designer and improve the development speed of the gateway service.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调 制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art may understand that all or some of the steps, systems, and functional modules/units in the method disclosed above may be implemented as software, firmware, hardware, and appropriate combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components are executed in cooperation. Some physical components or all physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit . Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is well known to those of ordinary skill in the art, the term computer storage medium includes both volatile and nonvolatile implemented in any method or technology for storing information such as computer readable instructions, data structures, program modules, or other data Sex, removable and non-removable media. Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and accessible by a computer. In addition, it is well known to those of ordinary skill in the art that the communication medium generally contains computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transmission mechanism, and may include any information delivery medium .
工业实用性Industrial applicability
本发明实施例可以应对不同的业务需求,快速实现业务目标,运维人员即可开发新的业务,不再需要根据不同业务开发不同插件。The embodiments of the present invention can respond to different business needs and quickly realize business goals, and the operation and maintenance personnel can develop new services, and no longer need to develop different plug-ins according to different services.

Claims (22)

  1. 一种网关业务实现方法,包括:A method for implementing gateway service, including:
    根据输入指令生成网关业务模型;Generate a gateway business model based on input instructions;
    根据生成的所述网关业务模型向网关下发网关业务信息,以在所述网关上执行网关业务处理。Deliver gateway service information to the gateway according to the generated gateway service model to perform gateway service processing on the gateway.
  2. 如权利要求1所述的方法,其中:The method of claim 1, wherein:
    所述网关业务模型采用针对超文本传输协议HTTP操作的领域特定语言DSL描述。The gateway business model uses a domain-specific language DSL description for the hypertext transfer protocol HTTP operation.
  3. 如权利要求1或2所述的方法,其中:The method according to claim 1 or 2, wherein:
    所述根据输入指令生成网关业务模型,包括:The generating the gateway business model according to the input instruction includes:
    显示操作界面,接收输入指令;Display the operation interface and receive input commands;
    根据输入指令,从可选元素中选择网关业务模型的组成元素,将所述组成元素连接为处理网关业务的流水线并设置所述组成元素的属性,以实现网关业务处理逻辑;According to the input instruction, select the constituent elements of the gateway business model from the optional elements, connect the constituent elements into a pipeline for processing gateway services and set the attributes of the constituent elements to implement the gateway business processing logic;
    根据所述流水线和所述组成元素的属性生成所述网关业务模型。The gateway business model is generated according to the attributes of the pipeline and the constituent elements.
  4. 如权利要求3所述的方法,其中:The method of claim 3, wherein:
    所述操作界面是包括元素选择区和模型设计区的可视化操作界面;The operation interface is a visual operation interface including an element selection area and a model design area;
    所述从可选元素中选择网关业务模型的组成元素,包括:检测到所述元素选择区中的可选元素被拖拽到所述模型设计区中时,将被拖拽的所述可选元素记录为所述网关业务模型的组成元素。The selection of the constituent elements of the gateway business model from the selectable elements includes: when it is detected that the selectable element in the element selection area is dragged into the model design area, the selectable element to be dragged The element record is a component element of the gateway business model.
  5. 如权利要求3所述的方法,其中:The method of claim 3, wherein:
    所述可选元素包括以下至少之一:开始环节、结束环节、执行环节、判断跳转环节、已有业务模型。The optional elements include at least one of the following: a start link, an end link, an execution link, a judgment jump link, and an existing business model.
  6. 如权利要求5所述的方法,其中:The method of claim 5, wherein:
    所述网关业务模型包括组成所述流水线的多个环节,每一环节包括一个或多个第二指令,所述环节包括以下信息中的至少之一:The gateway business model includes multiple links that constitute the pipeline, each link includes one or more second instructions, and the link includes at least one of the following information:
    业务标识;Business identification
    环节标识;Link identification;
    入口环节标识;Entrance link identification;
    优先级;priority;
    指令标识;Instruction mark;
    匹配规则;Matching rules
    执行动作;Perform an action
    其中,入口环节的匹配规则用于判断接收的报文是否与该入口环节所在的流水线匹配;入口环节的优先级用于确定对流水线进行匹配的顺序;执行动作用于确定对报文执行的处理,其中包括跳转到下一环节或指令的动作。Among them, the matching rule of the entry link is used to determine whether the received message matches the pipeline where the entry link is located; the priority of the entry link is used to determine the order of matching the pipeline; the execution action is used to determine the processing performed on the message , Which includes actions to jump to the next link or instruction.
  7. 如权利要求3所述的方法,其中:The method of claim 3, wherein:
    所述向网关下发网关业务信息,包括:The delivery of gateway service information to the gateway includes:
    将所述网关业务模型下发给网关;或者Deliver the gateway business model to the gateway; or
    对所述网关业务模型进行解析并转化为所述网关可执行的第一指令,将所述第一指令下发给网关。Analyze and convert the gateway service model into a first instruction executable by the gateway, and issue the first instruction to the gateway.
  8. 一种实现网关业务的方法,包括:A method for implementing gateway service includes:
    网关获取用于实现网关业务的多个第一指令,其中,所述第一指令基于网关业务模型得到;The gateway obtains multiple first instructions for implementing the gateway service, wherein the first instructions are obtained based on the gateway service model;
    所述网关根据所述第一指令对接收的报文进行处理。The gateway processes the received message according to the first instruction.
  9. 如权利要求8所述的方法,其中:The method of claim 8, wherein:
    所述网关业务模型采用如权利要求1至6中任一所述的方法生成。The gateway service model is generated by the method according to any one of claims 1 to 6.
  10. 如权利要求8所述的方法,其中:The method of claim 8, wherein:
    所述网关获取用于实现网关业务的多个第一指令,包括:The gateway acquiring multiple first instructions for implementing the gateway service includes:
    所述网关接收用于实现网关业务的多个第一指令;或者The gateway receives multiple first instructions for implementing gateway services; or
    所述网关接收所述网关业务模型,对所述网关业务模型进行解析并转化为多个所述第一指令。The gateway receives the gateway business model, parses the gateway business model and converts it into multiple first instructions.
  11. 如权利要求8所述的方法,其中:The method of claim 8, wherein:
    多个所述第一指令组成实现网关业务处理的流水线,所述第一指令包括以下信息中的至少之一:A plurality of the first instructions form a pipeline for processing gateway services, and the first instructions include at least one of the following information:
    指令标识;Instruction mark;
    优先级;priority;
    匹配规则;Matching rules
    执行动作;Perform an action
    其中,所述流水线中的第一个指令的匹配规则用于判断接收的报文是否与所述流水线匹配;所述第一个指令的优先级用于确定对流水 线进行匹配的顺序;所述执行动作用于确定对报文执行的处理,其中包括跳转到下一指令的动作。Among them, the matching rule of the first instruction in the pipeline is used to determine whether the received message matches the pipeline; the priority of the first instruction is used to determine the sequence of matching the pipeline; the execution The action is used to determine the processing performed on the message, including the action of jumping to the next instruction.
  12. 如权利要求8至11中任一所述的方法,其中:The method according to any one of claims 8 to 11, wherein:
    所述网关根据所述第一指令对接收的报文进行处理,包括:The gateway processing the received message according to the first instruction includes:
    所述网关对接收到客户端发送的报文进行解析,得到报文的内容;The gateway parses the received message sent by the client to obtain the content of the message;
    所述网关根据报文中的相关特征判断是否有与其匹配的流水线,如果没有,则拒绝所述报文,结束;如果有,继续下一步;The gateway judges whether there is a matching pipeline according to the relevant features in the message, if not, it rejects the message and ends; if so, continues to the next step;
    从匹配到的流水线的第一个指令开始,依次执行所述流水线上的所有第一指令以对所述报文进行处理,将处理后的报文下发给后端服务或者返回给客户端。Starting from the first instruction of the matched pipeline, all first instructions on the pipeline are executed in sequence to process the message, and the processed message is delivered to the back-end service or returned to the client.
  13. 一种网关业务控制装置,包括模型设计器和业务下发接口,其中:A gateway service control device, including a model designer and a service delivery interface, in which:
    所述模型设计器,设置为根据输入指令生成网关业务模型;The model designer is configured to generate a gateway business model according to the input instruction;
    所述业务下发接口,设置为根据生成的网关业务模型向网关下发网关业务信息。The service delivery interface is configured to deliver gateway service information to the gateway according to the generated gateway service model.
  14. 如权利要求13所述的装置,其中:The apparatus of claim 13, wherein:
    所述模型设计器包括:The model designer includes:
    用户接口单元,设置为显示操作界面,接收用户的输入指令;The user interface unit is set to display an operation interface and receive user input commands;
    模型构建单元,设置为根据输入指令,从可选元素中选择网关业务模型的组成元素,将所述组成元素连接为处理网关业务的流水线,及设置所述组成元素的属性,以实现网关业务处理逻辑;The model building unit is set to select the constituent elements of the gateway business model from the optional elements according to the input instructions, connect the constituent elements as a pipeline for processing gateway services, and set the attributes of the constituent elements to implement gateway business processing logic;
    模型生成单元,设置为根据所述流水线和所述组成元素的属性,生成所述网关业务模型。The model generating unit is configured to generate the gateway business model according to the attributes of the pipeline and the constituent elements.
  15. 如权利要求14所述的装置,其中:The apparatus of claim 14, wherein:
    所述可选元素包括以下至少之一:开始环节、结束环节、执行环节、判断跳转环节、已有业务模型;The optional elements include at least one of the following: start link, end link, execution link, judgment jump link, and existing business model;
    所述网关业务模型包括组成所述流水线的多个环节,每一环节包括一个或多个第二指令,所述环节包括以下信息中的至少之一:The gateway business model includes multiple links that constitute the pipeline, each link includes one or more second instructions, and the link includes at least one of the following information:
    业务标识;Business identification
    环节标识;Link identification;
    入口环节标识;Entrance link identification;
    优先级;priority;
    指令标识;Instruction mark;
    匹配规则;Matching rules
    执行动作;Perform an action
    其中,入口环节的匹配规则用于判断接收的报文是否与该入口环节所在的流水线匹配;入口环节的优先级用于确定对流水线进行匹配的顺序;执行动作用于确定对报文执行的处理,其中包括跳转到下一环节或指令的动作。Among them, the matching rule of the entry link is used to determine whether the received message matches the pipeline where the entry link is located; the priority of the entry link is used to determine the order of matching the pipeline; the execution action is used to determine the processing performed on the message , Which includes actions to jump to the next link or instruction.
  16. 如权利要求13或14或15所述的装置,其中:The device according to claim 13 or 14 or 15, wherein:
    所述业务下发接口根据生成的网关业务模型向网关下发网关业务信息,包括:所述业务下发接口将所述网关业务模型下发给网关, 或者,所述业务下发接口对所述网关业务模型进行解析并转化为所述网关可执行的第一指令,将所述第一指令下发给网关。The service delivery interface delivers gateway service information to the gateway according to the generated gateway service model, including: the service delivery interface delivers the gateway service model to the gateway, or the service delivery interface The gateway business model is parsed and converted into a first instruction executable by the gateway, and the first instruction is issued to the gateway.
  17. 一种网关,包括网关控制面和指令执行器,其中:A gateway, including a gateway control plane and an instruction executor, wherein:
    所述网关控制面,设置为获取用于实现网关业务的多个第一指令并下发给所述指令执行器,其中,所述第一指令基于网关业务模型得到;The gateway control plane is configured to obtain a plurality of first instructions for implementing gateway services and issue them to the instruction executor, wherein the first instructions are obtained based on the gateway business model;
    所述指令执行器,设置为根据下发的所述第一指令对接收的报文进行处理。The instruction executor is configured to process the received message according to the first instruction issued.
  18. 如权利要求17所述的网关,其中:The gateway of claim 17, wherein:
    所述网关控制面获取用于实现网关业务的多个第一指令,包括:所述网关接收用于实现网关业务的多个第一指令;或者,所述网关接收所述网关业务模型,对所述网关业务模型进行解析并转化为多个所述第一指令。The gateway control plane acquiring multiple first instructions for implementing gateway services includes: the gateway receiving multiple first instructions for implementing gateway services; or, the gateway receiving the gateway service model, The gateway business model is parsed and converted into multiple first instructions.
  19. 如权利要求17或18所述的网关,其中:The gateway according to claim 17 or 18, wherein:
    多个所述第一指令组成实现网关业务处理的流水线,所述第一指令包括以下信息中的至少之一:A plurality of the first instructions form a pipeline for processing gateway services, and the first instructions include at least one of the following information:
    指令标识;Instruction mark;
    优先级;priority;
    匹配规则;Matching rules
    执行动作;Perform an action
    其中,所述流水线中的第一个指令的匹配规则用于判断接收的报文是否与所述流水线匹配;所述第一个指令的优先级用于确定对流水 线进行匹配的顺序;所述执行动作用于确定对报文执行的处理,其中包括跳转到下一指令的动作。Among them, the matching rule of the first instruction in the pipeline is used to determine whether the received message matches the pipeline; the priority of the first instruction is used to determine the sequence of matching the pipeline; the execution The action is used to determine the processing performed on the message, including the action of jumping to the next instruction.
  20. 一种网关业务控制装置,包括存储器、处理器及存储在存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如权利要求1至7中任一所述的方法的处理。A gateway service control device, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, and when the processor executes the computer program, any one of claims 1 to 7 is implemented The method described.
  21. 一种网关,包括存储器、处理器及存储在存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如权利要求8至12中任一所述的方法的处理。A gateway, including a memory, a processor, and a computer program stored on the memory and executable on the processor, when the processor executes the computer program, any one of claims 8 to 12 is implemented Method handling.
  22. 一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至12中任一所述的方法的处理。A computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the processing of the method according to any one of claims 1 to 12.
PCT/CN2019/110348 2018-12-29 2019-10-10 Gateway service implementation method, control device, and gateway WO2020134329A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811638933.8A CN111385124A (en) 2018-12-29 2018-12-29 Gateway service implementation method, control device and gateway
CN201811638933.8 2018-12-29

Publications (1)

Publication Number Publication Date
WO2020134329A1 true WO2020134329A1 (en) 2020-07-02

Family

ID=71126400

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/110348 WO2020134329A1 (en) 2018-12-29 2019-10-10 Gateway service implementation method, control device, and gateway

Country Status (2)

Country Link
CN (1) CN111385124A (en)
WO (1) WO2020134329A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221836A (en) * 2021-12-15 2022-03-22 杭州橙鹰数据技术有限公司 Data processing method and device
CN114221949A (en) * 2021-11-30 2022-03-22 北京航天云路有限公司 API gateway implementation method suitable for public cloud platform
CN115150316A (en) * 2021-03-15 2022-10-04 上海博泰悦臻网络技术服务有限公司 Gateway control method, device, medium and gateway equipment based on dynamic routing

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615734B (en) * 2020-12-09 2023-04-07 杭州海康威视系统技术有限公司 Modeling and control method, device, equipment and storage medium of network equipment
CN115396503B (en) * 2021-05-24 2023-11-24 阿里巴巴新加坡控股有限公司 Information processing system, method for realizing information processing by information processing system and gateway
CN113595788A (en) * 2021-07-28 2021-11-02 上海华兴数字科技有限公司 API gateway management method and device based on plug-in

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106130787A (en) * 2016-07-28 2016-11-16 中国电信集团工会上海市网络操作维护中心委员会 A kind of transaction processing system based on software defined network
CN106251131A (en) * 2015-06-04 2016-12-21 易支付网关有限公司 For the method and apparatus providing electronic trade gateway
CN106470111A (en) * 2015-08-14 2017-03-01 中国电信股份有限公司 Extension device cut-in method based on SDN framework, controller and SDN system
US20170289307A1 (en) * 2016-03-29 2017-10-05 Amazon Technologies, Inc. System Interaction Monitoring And Component Scaling
CN108134698A (en) * 2017-12-21 2018-06-08 冶金自动化研究设计院 A kind of graphical configuration platform of industry multi-protocols gateway of internet of things
CN108768724A (en) * 2018-05-30 2018-11-06 上海顺舟智能科技股份有限公司 Gateway control method and intelligent gateway

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591771A (en) * 2014-10-22 2016-05-18 中兴通讯股份有限公司 Ethernet service configuration method and apparatus
CN107210934B (en) * 2015-02-09 2020-12-22 皇家Kpn公司 Distributed gateway
CN206673991U (en) * 2017-03-02 2017-11-24 天津芯思科技有限公司 Internet of things gateway equipment capable of configuring extension
EP3376737B1 (en) * 2017-03-15 2020-11-25 ABB Schweiz AG Gateway configurations in industrial internet of things

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106251131A (en) * 2015-06-04 2016-12-21 易支付网关有限公司 For the method and apparatus providing electronic trade gateway
CN106470111A (en) * 2015-08-14 2017-03-01 中国电信股份有限公司 Extension device cut-in method based on SDN framework, controller and SDN system
US20170289307A1 (en) * 2016-03-29 2017-10-05 Amazon Technologies, Inc. System Interaction Monitoring And Component Scaling
CN106130787A (en) * 2016-07-28 2016-11-16 中国电信集团工会上海市网络操作维护中心委员会 A kind of transaction processing system based on software defined network
CN108134698A (en) * 2017-12-21 2018-06-08 冶金自动化研究设计院 A kind of graphical configuration platform of industry multi-protocols gateway of internet of things
CN108768724A (en) * 2018-05-30 2018-11-06 上海顺舟智能科技股份有限公司 Gateway control method and intelligent gateway

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150316A (en) * 2021-03-15 2022-10-04 上海博泰悦臻网络技术服务有限公司 Gateway control method, device, medium and gateway equipment based on dynamic routing
CN114221949A (en) * 2021-11-30 2022-03-22 北京航天云路有限公司 API gateway implementation method suitable for public cloud platform
CN114221949B (en) * 2021-11-30 2024-04-05 北京航天云路有限公司 API gateway implementation method suitable for public cloud platform
CN114221836A (en) * 2021-12-15 2022-03-22 杭州橙鹰数据技术有限公司 Data processing method and device

Also Published As

Publication number Publication date
CN111385124A (en) 2020-07-07

Similar Documents

Publication Publication Date Title
WO2020134329A1 (en) Gateway service implementation method, control device, and gateway
US10581873B2 (en) Securing micro-services
US11356440B2 (en) Automated IoT device registration
US11281457B2 (en) Deployment of infrastructure in pipelines
US9300577B2 (en) Application intelligent request management based on server health and client information
CN102281311B (en) Method, system and device for implementing network service based on open application programming interface
US9237130B2 (en) Hierarchical rule development and binding for web application server firewall
US9143511B2 (en) Validation of conditional policy attachments
US20150128103A1 (en) System and method for automating application programming interface integration
CN109995713A (en) Service processing method and relevant device in a kind of micro services frame
WO2021139788A1 (en) Cloud gateway configuration method, system, apparatus, and computer readable storage medium
JP6181740B2 (en) How to extend a web service&#39;s application programming interface using a query language
US10454786B2 (en) Multi-party updates to distributed systems
CN108415710B (en) The method and system of API is issued, called in Intelligent dialogue development platform
CN110222500A (en) Method for edition management, device, equipment and computer readable storage medium
CN105378703A (en) Methods and systems for validating multiple methods of input using unified rule set
US11790058B2 (en) Automated role management for resource accessing code
CN110069909A (en) It is a kind of to exempt from the close method and device for logging in third party system
KR20210072265A (en) Method and apparatus for distributed processing of services using blockchain
CN113556359A (en) Communication protocol conversion method, device, system and gateway device
CN112181599A (en) Model training method, device and storage medium
US10289978B2 (en) Method and apparatus for integrating health care payers and provider systems with health care transaction systems using a single HIPAA EDI response generation component
US20220292216A1 (en) System and method for securing and facilitating access to a digital legacy
KR20210027011A (en) Peer node, method for processing information executed on peer node and blockchain platform system
CN109784709A (en) IT application in enterprises collaboration applications method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19903322

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 09/1/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19903322

Country of ref document: EP

Kind code of ref document: A1