WO2021093510A1 - 网络业务的处理方法、系统和网关设备 - Google Patents
网络业务的处理方法、系统和网关设备 Download PDFInfo
- Publication number
- WO2021093510A1 WO2021093510A1 PCT/CN2020/121251 CN2020121251W WO2021093510A1 WO 2021093510 A1 WO2021093510 A1 WO 2021093510A1 CN 2020121251 W CN2020121251 W CN 2020121251W WO 2021093510 A1 WO2021093510 A1 WO 2021093510A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- intranet
- software package
- gateway device
- intranet device
- gateway
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/20—Network management software packages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5003—Managing SLA; Interaction between SLA and QoS
- H04L41/5006—Creating or negotiating SLA contracts, guarantees or penalties
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5003—Managing SLA; Interaction between SLA and QoS
- H04L41/5009—Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5041—Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
Definitions
- This application relates to the field of computer and communication technology, and in particular to a network service processing method, a network service processing system, and a gateway device.
- Gateway (Gateway) equipment is used to connect two networks. It is an important type of basic equipment for many organizations such as enterprises, campuses, and homes to build a local area network. Various types of local area networks are connected to the Internet through gateway devices. The basic function of a gateway device is to forward packets between two networks. For user needs and cost considerations, in many scenarios, gateway devices often need to integrate multiple additional functions, such as firewall functions, security sandbox functions, or network caching (also known as "net disk”) functions, and so on.
- the gateway device is restricted by its own hardware resources, and it is difficult to support more additional functions. Integrating a variety of additional functions will often significantly reduce the performance of the gateway device, thereby affecting the normal operation of the entire LAN system. How to solve this contradiction has become an urgent problem to be solved.
- the embodiment of the present application provides a method for processing network services to alleviate the problem that the gateway device cannot meet more and more requirements for additional functions.
- a method for processing network services is provided.
- the gateway device identifies the type of the first intranet device, and the first intranet device belongs to the internal network to which the gateway device is connected.
- the gateway device obtains a first software package according to the type of the first intranet device, where the first software package is used to implement the first additional function.
- the gateway device sends a first instruction message and the first software package to the first intranet device, where the first instruction message is used to instruct the first intranet device to install the first software package and execute the The first additional function.
- the gateway device acts as the main body of management and control that implements additional functions, and according to the type of the intranet device, controls the appropriate intranet device to install a software package to implement the additional function.
- the processing burden of the gateway device is reduced, the processing resources and storage resources of the gateway device are saved, and a low-cost implementation of gateway device addition is provided Functional scheme.
- the solution uses the idle resources of the intranet equipment to implement additional functions, which improves the utilization of intranet resources.
- the gateway device determines the software package to be installed on the intranet device according to the performance of the intranet device.
- the gateway device obtains the first software package in the following manner.
- the gateway device determines the performance of the first intranet device according to the type of the first intranet device, the performance includes software capabilities and hardware capabilities, the software capabilities include whether to support the installation of software packages, and the hardware capabilities include Processor performance value and/or storage space size.
- the gateway device obtains the first software package according to the performance of the first intranet device, and the performance of the first intranet device meets the installation performance requirements of the first software package. Using the performance of the intranet device to determine the software package to be installed on the intranet device will greatly improve the implementation effect and performance of additional functions.
- the gateway device saves the corresponding relationship between the software package and the installation performance requirements, so that the gateway device can find the first in the corresponding relationship between the software package and the installation performance requirements according to the performance of the first intranet device.
- Software package
- the gateway device obtains the first software package in the following manner. According to the performance of the first intranet device, the gateway device finds the identifier of the first software package in the corresponding relationship between the identifier of the software package and the installation performance requirement. The gateway device sends the identifier of the first software package to the server, and receives the first software package returned by the server according to the identifier of the first software package.
- the function of matching a suitable software package according to the performance of the intranet device may also be shared by the server.
- the gateway device obtains the first software package in the following manner.
- the gateway device sends the performance of the first intranet device to the server.
- the gateway device receives the first software package returned by the server according to the performance of the first internal and external devices.
- the steps of querying the installation performance requirements according to the type of the first intranet device and the steps of obtaining the first software package according to the performance are all performed by the server.
- the gateway device obtains the first software package in the following manner.
- the gateway device sends the type of the first intranet device to the server.
- the gateway device receives the first software package returned by the server according to the type of the first internal and external device.
- the gateway device in the case where the first software package determined for two or more different intranet devices is the same software package, there may be multiple Intranet devices perform the same additional function after installing the same software package, which may cause waste of intranet device resources or conflicts in the implementation of additional functions.
- the gateway device before the gateway device sends the first indication message and the first software package to the first intranet device, the gateway device identifies the type of the second intranet device, and the second intranet device The device belongs to the internal network. The gateway device determines the performance of the second intranet device according to the type of the second intranet device.
- the gateway device finds the second software package in the corresponding relationship between the software package and the installation performance requirements according to the performance of the second intranet device, and the performance of the second intranet device meets the requirements of the second software package. Installation performance requirements; if the first software package and the second software package are the same software package, the gateway device selects the first intranet device from the first intranet device and the second intranet device An intranet device is used to install the first software package.
- the gateway device can select the first intranet device from the first intranet device and the second intranet device in a variety of ways, for example, randomly selected or selected according to a strategy. For example, the gateway device selects from the first intranet device and the second intranet device according to the performance of the first intranet device and the performance of the second intranet device according to a predetermined selection strategy The first intranet device is used to install the first software package.
- the gateway device in order to facilitate the subsequent correct forwarding of the data stream to be executed with the first additional function (that is, the target data stream), so as to correctly execute the first additional function, After the gateway device sends the first indication message and the first software package to the first intranet device, it saves the correspondence between the identifier of the first intranet device and the first additional function.
- the gateway device obtains a target data stream, where the target data stream is a data stream for which the first additional function is to be executed.
- the gateway device sends the target data stream to the first intranet device according to the correspondence between the identifier of the first intranet device and the first additional function, and receives a pair of the first intranet device The processing result of the target data stream.
- the gateway device After receiving the processing result of the target data stream by the first intranet device, the gateway device performs an action corresponding to the processing result on the target data stream according to the processing result, and the action includes Forward, alert or block.
- the gateway device in order to facilitate the subsequent correct forwarding of the data stream to be executed with the first additional function (that is, the target data stream), so as to correctly execute the first additional function, After the gateway device sends the first indication message and the first software package to the first intranet device, it saves the correspondence between the identifier of the first intranet device and the first additional function.
- the gateway device obtains a target data stream, where the target data stream is a data stream for which the first additional function is to be executed.
- the gateway device determines description information, and the description information is used to describe the target data flow.
- the gateway device sends the description information to the first intranet device according to the correspondence between the identifier of the first intranet device and the first additional function, and receives the first intranet device’s response to the Describe the processing result of the description information.
- the gateway device sends description information to the first intranet device instead of the target data stream, which can reduce the amount of data sent by the gateway device to the intranet device that performs additional functions.
- the gateway device After receiving the processing result of the description information by the first intranet device, the gateway device performs an action corresponding to the processing result on the target data stream according to the processing result, and the action includes forwarding , Alarm or block.
- the gateway device before the gateway device sends the first indication message and the first software package to the first intranet device, Output prompt information.
- the prompt information includes the corresponding relationship between the identifier of the first intranet device and the first additional function, and the prompt information is used to prompt the first intranet device to be capable of executing the first additional function. Capability of additional functions; receiving input confirmation information, where the confirmation information is used to indicate that the first intranet device is allowed to perform the first additional function.
- the gateway device recognizes the type of the first intranet device through multiple possible implementation manners. In the actual application process, one or more of these identification methods can be selected according to different needs.
- One way is to identify the type of the first intranet device from the forwarded traffic.
- the gateway device intercepts the characteristic message sent by the first intranet device, the characteristic message carries a first characteristic field, and the content of the first characteristic field is used to indicate the operating system type of the sender or a predetermined website domain name .
- the gateway device queries the first device type corresponding to the content of the first feature field in the feature database, and the feature database saves the correspondence between the content of the first feature field and the first device type; the gateway device determines The device type of the first intranet device is the first device type.
- the second way is to identify based on the MAC address.
- the gateway device obtains the MAC address of the first intranet device; the gateway device queries the device information database for the first device type corresponding to the MAC address of the first intranet device, and the device information database stores the Correspondence between the MAC address of the first intranet device and the first device type; the gateway device determines that the device type of the first intranet device is the first device type.
- the third method is active scanning detection.
- the gateway device sends a detection message to the first intranet device; the gateway device receives a response message corresponding to the detection message sent by the first intranet device; the gateway device according to the response message Obtain the first identification fingerprint; the gateway device queries the fingerprint database for the first device type corresponding to the first identification fingerprint, and the fingerprint database saves the correspondence between the first identification fingerprint and the first device type The gateway device determines that the device type of the first intranet device is the first device type.
- the first additional function is a data stream security detection function, a network cache function, or a security sandbox function.
- the target data stream is a data stream to be detected.
- the target data stream is a data stream carrying content to be cached.
- the target data stream is a data stream carrying the content of the file to be detected.
- a gateway device in a second aspect, includes a network interface, a memory, and a processor connected to the memory.
- the memory is used to store instructions; the processor is used to execute the instructions, so that the gateway device executes the method in the first aspect or any one of the possible implementations of the first aspect. For details, refer to the detailed description above , I won’t repeat it here.
- a network service processing device has the function of implementing the method described in the first aspect or any one of the possible implementation manners of the foregoing aspects.
- the function can be realized by hardware, or by hardware executing corresponding software.
- the hardware or software includes one or more modules corresponding to the above-mentioned functions.
- an embodiment of the present application provides a computer storage medium for storing computer software instructions used by the above-mentioned gateway device, which includes instructions for executing the above-mentioned first aspect or any one of the possible implementations of the above-mentioned aspects. Designed procedures.
- another aspect of the present application provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the methods described in the foregoing aspects.
- an embodiment of the present application provides a chip including a memory and a processor, the memory is used to store computer instructions, and the processor is used to call and run the computer instructions from the memory to execute the first aspect and its first The method in any possible implementation of the aspect.
- FIG. 1 is a schematic diagram of an application scenario of a network service processing solution provided by an embodiment of the present application
- FIG. 2 is a flowchart of a network service processing method provided by an embodiment of the present application.
- FIG. 3 is a flowchart of the first method of identifying the type of intranet device provided by an embodiment of the present application
- FIG. 4 is a flowchart of a second method of identifying the type of an intranet device provided by an embodiment of the present application
- FIG. 5 is a flowchart of a third method of identifying the type of an intranet device provided by an embodiment of the present application.
- FIG. 6 is a flowchart of a method for selecting a software package installed by an intranet device based on the performance of an intranet device according to an embodiment of the present application;
- FIG. 7 is a flowchart of another network service processing method provided by an embodiment of the present application.
- FIG. 8 is a flowchart of obtaining the first software package according to the performance of the first intranet device in the distributed storage solution 1 provided by the embodiment of the present application;
- FIG. 9 is a flowchart of the gateway device acquiring the first software package according to the performance of the first intranet device in the distributed storage solution 2 provided by the embodiment of the present application;
- FIG. 10 is a flowchart of the gateway device acquiring the first software package according to the performance of the first intranet device in the distributed storage solution 3 provided by the embodiment of the present application;
- FIG. 11 is a flowchart of another network service processing method provided by an embodiment of the present application.
- FIG. 12 is a flowchart of another network service processing method provided by an embodiment of the present application.
- FIG. 13 is a schematic structural diagram of a gateway device provided by an embodiment of the present application.
- FIG. 14 is a schematic structural diagram of a network service processing apparatus provided by an embodiment of the present application.
- Integrating more additional functions on the gateway device not only provides convenience to users, but also makes the gateway device easy to become a performance bottleneck. Especially in scenarios where there are a large number of hosts in the corporate LAN to which the gateway device is connected, or in scenarios where the home router itself used as a home LAN gateway has low performance, it is often difficult for the gateway device to support the integration of more and more add-ons.
- the embodiments of the present application provide a method for processing network services. Based on this method, under the management and control of the gateway equipment, the internal network equipment in the internal network connected by the gateway equipment performs certain additional functions, and part of the burden of the gateway equipment performing additional functions is transferred to the internal network equipment, thereby reducing
- the processing burden of the gateway device provides a low-cost solution for implementing additional functions of the gateway device.
- the gateway device first identifies the type of the internal network device in the connected internal network, and further sends a suitable software package for implementing certain additional functions to the internal network device according to the type of the internal network device. After installing the software package, the intranet device realizes the corresponding additional functions.
- Fig. 1 is a schematic diagram of an application scenario of a network service processing solution provided by an embodiment of the present application.
- This application scenario includes two networks, an external network 100 and an internal network 200, respectively.
- the gateway device 300 is used to connect the external network and the internal network 200.
- the external network is the Internet
- the internal network is a local area network established by organizations such as enterprises, campuses, and families, or a campus network (Campus network, CAN) composed of multiple local area networks.
- organizations such as enterprises, campuses, and families, or a campus network (Campus network, CAN) composed of multiple local area networks.
- CAN campus network
- the internal network 200 includes several internal network devices, which are denoted as the internal network device 201 to the internal network device 20n, where n is a natural number greater than 1.
- the number of intranet devices is limited by the address space of the internal network, and the embodiment of the present application does not specifically limit the number of intranet devices.
- Intranet devices include but are not limited to personal computers, servers, laptops, virtual machines, wearable devices, mobile phones, smart screen TVs, sweeping robots, projectors, tablets, switches, and wireless access point (AP) devices And so on with computing power and network connection capabilities.
- the gateway device 300 in the embodiment of the present application includes devices such as routers, firewalls, and Layer 3 switches. Routers further include access routers (such as home routers), enterprise-level routers, backbone-level routers, and so on.
- access routers such as home routers
- enterprise-level routers such as enterprise-level routers
- backbone-level routers such as backbone-level routers
- the network service processing system provided by the embodiment of the present application includes the gateway device 300 in FIG. 1 and at least one intranet device among the intranet device 201 to the intranet device 20n.
- the gateway device 300 is used to identify the type of the first intranet device.
- the first intranet device is one of the intranet devices 201 to 20n in FIG. 1; according to the type of the first intranet device, Obtain a first software package, the first software package is used to implement a first additional function; send a first indication message and the first software package to the first intranet device, the first indication message is used to indicate The first intranet device installs the first software package and executes the first additional function.
- the type of internal network equipment refers to the category obtained by classifying internal network equipment according to factors such as functions and usage characteristics.
- the types of intranet devices include: personal computers, servers, mobile terminals, printers, smart home devices, and so on. The aforementioned laptops, mobile phones, and tablet computers belong to mobile terminals, and smart screen TVs, sweeping robots, and projectors belong to smart home devices.
- the additional functions in the embodiments of the present application include, but are not limited to: a data stream security detection function, a network cache function, a security sandbox function, etc., taking the firewall function as an example.
- the firewall function includes filtering forwarded packets between the LAN and the Internet according to a predetermined rule set
- the security sandbox function includes running unknown specific types of content in a virtual operating environment, such as files, web pages, etc.
- network caching functions Including cache files that meet the conditions, such as video files and audio files that exceed a predetermined size.
- the intranet device is configured to receive the first instruction message and the first software package sent by the gateway device, and execute the first additional function after installing the first software package according to the first instruction message.
- the gateway device 300 selects a suitable software package for the intranet devices to implement additional functions based on the respective performances of different types of intranet devices.
- the gateway device 300 stores various software packages used to implement different additional functions, and the installation performance requirements corresponding to each software package (for example, the need to support the installation of software packages, the requirements for the CPU processing rate value, or the requirements for the size of storage space. and many more).
- the gateway device 300 first determines the performance of the first intranet device according to the type of the first intranet device. Including software capabilities and hardware capabilities, the software capabilities include whether to support the installation of software packages, and the hardware capabilities include processor performance values and/or storage space sizes.
- the software capabilities also include whether necessary supporting software has been installed, the version of the current operating system, and so on.
- the gateway device 300 obtains the first software package according to the performance of the first intranet device, and the performance of the first intranet device meets the installation performance requirements of the first software package. For example, the gateway device 300 finds the first software package in the corresponding relationship between the software package and the installation performance requirements according to the performance of the first intranet device.
- the gateway device 300 may be able to identify the types of at least two internal network devices. In this case, the gateway device 300 selects one of the internal network devices for use. To install the first package. Specifically, the gateway device 300 recognizes the types of at least two intranet devices, and obtains the performance of each of the at least two intranet devices. If there are at least two intranet devices, for example, the performance of the first intranet device and the performance of the second intranet device both meet the installation performance requirements of the first software package, the gateway device 300 selects from the at least two intranet devices Select an intranet device, such as the first intranet device, to install the first software package.
- the gateway device 300 may select an intranet device to install the first software package according to multiple selection strategies.
- the gateway device 300 randomly selects an intranet device from the first intranet device and the second intranet device to install the first software package, or the gateway device 300 selects from the first intranet device and the second intranet device
- the intranet device with higher performance is selected among the two intranet devices to install the first software package, or the gateway device 300 according to the internal network topology, selects the second intranet device from the first intranet device and the second intranet device.
- an intranet device with a shorter distance from the gateway device 300 is selected to install the first software package. Due to space limitations, the selection strategies will not be listed here.
- the target data flow refers to the first additional function to be executed
- the description information of the data stream and/or the target data stream is sent to the first intranet device that implements the first additional function, and the gateway device 300 also needs to record the correspondence between the identifier of the first intranet device and the first additional function.
- the gateway device 300 sends the target data stream and/or the above description information to the first intranet device according to the correspondence between the identifier of the first intranet device and the first additional function, it further includes receiving the first intranet device.
- the processing result returned by the device is further configured to perform an action corresponding to the processing result on the target data stream according to the processing result, and the action includes forwarding, warning, or blocking.
- the gateway device 300 recognizes the type of the first intranet device through one of multiple methods or a combination of two or more methods. For example, the gateway device 300 determines the type of the intranet device according to a configuration table, where the corresponding relationship between the identifier of each intranet device and the type of the device is stored in the configuration table, and the configuration table is generated based on the data input by the administrator. In addition, the gateway device 300 can also recognize the type of the first intranet device in real time through other active or passive means.
- Method 1 to obtain the type of the first intranet device from the characteristic message
- Method 2 to identify the first intranet device based on the Media Access Control (MAC) address of the first intranet device
- the type of the internal network device to identify the type of the first internal network device.
- Method 3 the type of the first internal network device is determined through active detection and scanning.
- the above-mentioned software package may be stored in a server (as shown in the server 101 in FIG. 1) instead of being stored in the gateway device 300. That is, the gateway device 300 does not need to save the correspondence between the software package and the installation performance requirements, but saves the correspondence between the identification of the software package and the installation performance requirements.
- the gateway device 300 finds the identification of the first software package in the correspondence between the identification of the software package and the installation performance requirements, sends the identification of the first software package to the server 101, and receives the identification of the first software package.
- the server corresponds to the returned first software package.
- the server 101 is configured to send the stored first software package to the gateway device 300 according to the received identifier of the first software package.
- the above-mentioned step of obtaining the first software package according to the performance of the first intranet device may be performed by the server 101 in FIG. 1.
- the gateway device 300 sends the performance of the first intranet device to the server, and the gateway device 300 receives the first software package correspondingly returned by the server 101.
- the server 101 saves the correspondence between the software package and the installation performance requirements, receives the performance of the first intranet device sent by the gateway device 300, finds the first software package in the correspondence between the software package and the installation performance requirements, and sends it to The gateway device 300 sends the queried first software package.
- the above-mentioned step of querying the installation performance requirements according to the type of the first intranet device may also be executed by the server 101 in FIG. 1.
- the gateway device 300 recognizes the type of the first intranet device, it sends the type of the first intranet device to the server; and receives the first software package correspondingly returned by the server.
- the server 101 determines the performance of the first intranet device according to the type of the first intranet device, and then obtains the first software package according to the performance of the first intranet device. For example, the first software package is found in the corresponding relationship between the software package and the installation performance requirements.
- the server 101 sends the acquired first software package to the gateway device 300.
- the server 101 may be deployed in the internal network 200 (not shown in FIG. 1); alternatively, the server 101 may also be deployed in the external network 100 (as shown in FIG. 1).
- the server 101 can support multiple different internal networks to implement the network service processing solution provided in the embodiment of the present application, and the server 101 is also referred to as a "cloud server".
- the owner of the cloud server is an operator or a third-party organization other than the operator and the owner of the internal network, and the customers of the cloud server are several internal networks 200.
- the cloud server is managed by the operator or a third-party organization other than the operator and the internal network owner, and provides support services for multiple different internal networks through open dedicated ports. After passing the registration authentication, the internal network 200 communicates and interacts with the cloud server through a general protocol or a private protocol.
- Fig. 2 is a flowchart of a network service processing method provided by an embodiment of the application.
- the network service processing method is executed by a gateway device, such as the gateway device 300 in FIG. 1.
- the network service processing method provided in the embodiment of the present application includes the following steps.
- Step 210 The gateway device identifies the type of the first intranet device. It should be noted that the "first” and “second” in the “first intranet device” and the subsequent “second intranet device” do not indicate a sequence relationship, but are used to distinguish different intranet devices. The first, second, etc. appearing in the following description are also used to distinguish different information or messages.
- the first internal network device belongs to the internal network to which the gateway device is connected.
- the first internal network device is the internal network device 201 in FIG. 1.
- the gateway device can roughly determine whether the intranet device is suitable for performing additional functions and has the ability to perform additional functions. For example, if an intranet device is a mobile terminal, since the location of the mobile terminal often changes, the intranet device is not suitable for performing additional functions. If a mobile terminal is designated to perform an additional function, when the mobile terminal is taken away from the internal network by the user, the additional function performed by the mobile terminal will be unavailable, which will cause the instability of the additional function. For another example, if an intranet device is a printer, due to the limited storage and processing performance of the printer, it is not suitable to perform additional functions that consume more storage resources and processing resources, and it is relatively more suitable to perform additional functions that consume more storage resources and processing resources. Additional features.
- the gateway device uses one or more methods to identify the type of the intranet device, including but not limited to the following.
- the gateway device prefers one of the methods to identify the type of an intranet device, and when the type of the intranet device cannot be successfully identified, it tries to identify the type of the intranet device through other methods.
- Method 0 Determine the type of intranet device based on the saved configuration table.
- the gateway device generates a configuration table according to the data input by the administrator, and the configuration table stores the corresponding relationship between the identification of each intranet device (such as the Internet Protocol (IP) address of the intranet device) and the type of the device.
- IP Internet Protocol
- the administrator uses the input device connected to the input and output interface of the gateway device to input related data of an intranet device through the command line interface of the gateway device, or other application software such as the network management software interface, and these data include the intranet
- the IP address of the device, and the type of the intranet device, and further information such as the manufacturer and specific model of the intranet device can be input.
- the gateway device generates an entry corresponding to the intranet device in the configuration table according to the above data, and the entry includes the IP address of the intranet device and the type of the intranet device.
- the gateway device When the gateway device subsequently needs to determine the type of an intranet device, according to the IP address of the intranet device, it queries the entry containing the IP address in the configuration table, and obtains the type of the intranet device from the searched entry.
- Manner 1 Obtain the type of the first intranet device from the forwarded characteristic message.
- Fig. 3 is a flowchart of the first method of identifying the type of intranet device provided by an embodiment of the present application.
- Step 300 The gateway device intercepts the characteristic message sent by the first intranet device from the forwarded network traffic, the characteristic message carries a first characteristic field, and the content of the first characteristic field is used to indicate the operating system of the sender Type or reserved website domain name.
- the predetermined website domain name includes the domain name of the device upgrade website.
- Step 320 The gateway device queries the feature database for the first device type corresponding to the content of the first feature field in the feature message, and the feature database saves the content of the first feature field and the first device type. Correspondence of types.
- Step 340 The gateway device determines that the type of the first intranet device is the first device type.
- the characteristic message is a Hypertext Transfer Protocol (HTTP) message carrying a User-Agent (User-Agent) field sent by an intranet device.
- HTTP Hypertext Transfer Protocol
- User-Agent User-Agent
- Intranet devices will send HTTP messages carrying the User-Agent field during Portal authentication.
- Example 1 the content of the User-Agent field is "Android 8.0.0; VTR-L09Build/HUAWEIVTR-L09".
- the content of the User-Agent field in the HTTP message sent by the mobile phone model HUAWEI P10 during Portal authentication includes "Android 8.0.0; VTR-L09 Build/HUAWEIVTR-L09".
- Example 2 the content of the User-Agent field is "Windows NT 6.1; Win64; x64".
- the content of the User-Agent field in the HTTP message sent by the personal computer during the Portal authentication process includes "Windows NT 6.1; Win64; x64".
- the corresponding relationship between "Android 8.0.0; VTR-L09 Build/HUAWEIVTR-L09” and the device type "mobile terminal” is pre-stored in the feature library of the gateway device, and "Windows NT 6.1; Win64; x64" and the device type "personal computer "The corresponding relationship.
- the gateway device parses the content of the User-Agent field from the feature message sent by the first intranet device, it compares the content of the User-Agent field obtained by the analysis with the feature fields in the feature library.
- the content of the User-Agent field includes "Android 8.0.0; VTR-L09 Build/HUAWEIVTR-L09", it is determined that the type of the first intranet device is a mobile terminal, if the content of the User-Agent field obtained by analysis includes "Windows NT 6.1; Win64; x64", then confirm that the type of the first intranet device is a personal computer.
- the characteristic message may also be a DHCP message carrying an option (Option) field sent by an intranet device.
- Contents of the requested parameter list field (i.e. Option 55), vendor id field (i.e. Option 60 field), and host name (host name) field (i.e. Option 12 field) in the Option field It can also be used to identify the type of the intranet device that sends the DHCP message carrying the option (Option) field.
- the characteristic message may also be a Probe Request (Probe Request) message and/or an Association Request (Association Request) message sent by the intranet device to the AP.
- Probe Request Probe Request
- Association Request Association Request
- the above signature database is pre-configured by the administrator, and can also be obtained from a public website, such as https://fingerbank.inverse.ca.
- Method 2 Identify based on MAC address.
- Fig. 4 is a flowchart of a second method of identifying the type of an intranet device provided by an embodiment of the present application.
- Step 400 The gateway device obtains the MAC address of the first intranet device. For example, the gateway device obtains the MAC address of the first intranet device from the header of the forwarded IP packet, or the gateway device sends an ARP request to the first intranet device and obtains it from the corresponding address resolution protocol (Address Resolution Protocol). , ARP) response to obtain the MAC address of the first intranet device.
- ARP Address Resolution Protocol
- Step 420 The gateway device queries a device information database for the first device type corresponding to the MAC address of the first intranet device.
- the device information database stores the MAC address of the first intranet device and the first device type. Correspondence of device types.
- the device information database is pre-saved. For example, when the gateway device administrator adds a new device to the internal network, when configuring network parameters for the new internal network device, the MAC address of the new internal network device and the device type of the new internal network device Enter the gateway device through the input device connected to the gateway device and save it. Or, the device information database is downloaded by the gateway device from the manufacturer's support website of the intranet device.
- Step 440 The gateway device determines that the type of the first intranet device is the first device type.
- the first 3 bytes of the MAC address are the MAC organization unique identifier (OUI).
- MAC OUI is the Institute of Electrical and Electronics Engineers (IEEE) uniformly assigned to various equipment manufacturers, and can be used to identify companies disclosed by IEEE. There is a corresponding relationship between equipment manufacturers and equipment types. For example, some manufacturers only produce printer devices, some manufacturers only produce mobile terminal devices, and so on.
- the above-mentioned equipment information rule database can be established manually, or it can be established by referring to the public information on the website of some manufacturer organizations. For example, you can refer to the IEEE MAC OUI rule base http://standards-oui.ieee.ory/oui/oui.txt.
- Method 3 identification is carried out through active detection and scanning.
- the gateway device sends a detection message to the first intranet device to identify the type of the first intranet device according to the corresponding response message.
- Fig. 5 is a flowchart of a third method of identifying the type of an intranet device provided by an embodiment of the present application.
- Step 500 The gateway device sends a detection message to the first intranet device.
- Step 520 The gateway device receives a response message corresponding to the detection message sent by the first intranet device.
- Step 540 The gateway device obtains a first identification fingerprint according to the response message.
- Step 560 The gateway device queries the fingerprint database for the first device type corresponding to the first identification fingerprint, and the fingerprint database saves the correspondence between the first identification fingerprint and the first device type.
- Step 580 The gateway device determines that the type of the first intranet device is the first device type.
- one or more scanner software is pre-installed in the gateway device.
- the scanner software includes, but is not limited to, the vulnerability scanner NESSUS launched by Tenable, the open source scanning tool Nmap, the network tool netcat of the Unix operating system platform, and so on.
- the gateway device actively sends a detection message to the intranet device by running the above-mentioned scanner software, and obtains an identification fingerprint from the corresponding response message, and identifies the type of the intranet device as the scanning target according to the identification fingerprint.
- a gateway device uses Nmap to scan an intranet device, it sends multiple specially constructed detection messages.
- the gateway device receives the response message corresponding to the internal network device, and generates an identification fingerprint according to the following field values in the response message.
- the field used to generate the identification fingerprint in the response message includes one or more of the following combinations: SEQ, OPS, WIN, T1-T7, IE, ECN, U1.
- the gateway device uses the generated identification fingerprint as an index to query the corresponding device type in the fingerprint database.
- the fingerprint library provided by Nmap with the version number of 7.70 contains 5652 fingerprints stored in plain text. These fingerprints correspond to 28 device types.
- step 220 is executed.
- Step 220 The gateway device obtains a first software package according to the type of the first intranet device, where the first software package is used to implement the first additional function.
- the gateway device stores the correspondence between the type of the intranet device and the software package, as shown in Table 1. After the gateway device recognizes the type of the first intranet device, it queries the software package corresponding to the type of the first intranet device from the correspondence shown in Table 1.
- a software package refers to a program or a group of programs that have specific functions and are used to complete specific tasks.
- a character string with a suffix is used to represent a software package
- a character string without a suffix is used to represent the identification (name of the software package) of the software package.
- "Firewall.exe” represents a software package used to implement additional security detection functions using a firewall as an example
- Firewall represents the identification of the software package.
- the corresponding relationship between the type of the intranet device and the software package may be stored in a variety of possible storage formats. For example, what is actually stored is the correspondence between the type of the intranet device and the storage location of the software package in the file system of the gateway device, or the correspondence between the type of the intranet device and the identifier of the software package.
- the storage location includes but is not limited to the path in the file system. If what is saved is the correspondence between the type of the intranet device and the storage location of the software package in the file system of the gateway device, the gateway device finds the storage location of the corresponding first software package according to the type of the first intranet device, The first software package is obtained at the storage location.
- the gateway device finds the identification of the corresponding first software package according to the type of the first internal network device, and then finds the first software package in the file system of the gateway device. A software package.
- the correspondence shown in Table 1 can also be replaced with the correspondence between the type of the intranet device and the additional function.
- the gateway device After the gateway device recognizes the type of the first intranet device, it queries the corresponding relationship between the type of the intranet device and the additional function to find the additional function corresponding to the type of the first intranet device, and then further obtains the implementation.
- the corresponding relationship shown in Table 1 may also include the software package and the additional functions corresponding to the software package.
- Step 230 The gateway device sends a first indication message and a first software package to the first intranet device.
- the first instruction message is used to instruct the first intranet device to install the first software package and execute the first additional function.
- the first instruction message includes an identifier and an operator of the first software package, and the operator corresponds to an installation operation and a running operation.
- the identifier of the first software package includes the name of the first software package, the hash value of the first software package, and so on.
- the gateway device informs the administrator that the first intranet device can execute The first additional function.
- the gateway device executes step 230.
- notification methods include but are not limited to: prompting the administrator through the connected output device of the gateway device, sending a short message to the mobile phone used by the administrator, sending an email to the administrator, and using WeChat, MSN (The Microsoft Network) as Examples of instant messaging software to send messages to the administrator and so on.
- the gateway device serves as the main body of management and control that implements additional functions.
- the gateway device first identifies the type of the intranet device, and according to the type of the intranet device, sends a software package for implementing appropriate additional functions to the intranet device, and instructs the intranet device to successfully install the software package to implement the additional functions.
- the processing burden of the gateway device is reduced, the processing resources and storage resources of the gateway device are saved, and a low-cost implementation of gateway device addition is provided Functional scheme.
- the solution uses the idle resources of the intranet equipment to implement additional functions, which improves the utilization of intranet resources.
- each additional function corresponds to an independent software package, and each time an additional function is added, only the corresponding software package needs to be developed. Performing new additional functions does not significantly increase the burden on the gateway device, so it also has better scalability.
- step 220 the gateway device obtains the first software package based on the correspondence between the type of the intranet device and the software package shown in Table 1, which is quick and effective.
- the method in step 220 can only achieve the difference between the intranet device and the software package (or additional functions). Coarse-grained matching. In the specific implementation process, there may be problems such as the failure of the software package installation or the poor implementation of additional functions.
- the performance of the intranet device is actually difficult to meet the requirements for implementing additional functions and the software package installation fails, or the performance of the intranet device is too low, which causes the software package to run too slowly after the installation is completed, and the effect of implementing additional functions is poor. .
- the type of the first intranet device is a server
- the type of the second intranet device is a personal computer
- both the first intranet device and the second intranet device can support an additional device that consumes more storage resources and processing resources.
- the performance of the first intranet device is significantly higher than that of the second intranet device, for example, the first intranet device has a larger memory capacity and processor speed, and the execution of the first intranet device consumes more storage resources and processing resources. More additional functions can get better results.
- the embodiment of the present application provides a method for selecting the software package installed by the intranet device based on the performance of the intranet device, as shown in FIG. 6.
- the process shown in FIG. 6 is an alternative method of performing step 220 in FIG. 2 "the gateway device obtains the first software package according to the type of the first intranet device".
- Step 610 The gateway device determines the performance of the first intranet device according to the type of the first intranet device. Among them, performance includes software capabilities and hardware capabilities, the software capabilities include whether to support the installation of software packages, and the hardware capabilities include processor performance values, storage space sizes, and so on.
- the corresponding relationship between the type and performance of the intranet device is stored in the gateway device, as shown in Table 2.
- the gateway device After the gateway device recognizes the type of the first intranet device, it can query the performance of the first intranet device in the corresponding relationship between the type and performance of the intranet device shown in Table 2.
- the type of the intranet device further includes the manufacturer and/or model information of the intranet device, which is equivalent to further subdividing the type of the intranet device.
- the gateway device After the gateway device identifies the type of the first intranet device containing manufacturer and/or model information in step 220 in FIG. 2, it can query the corresponding relationship between the type and performance of the intranet device shown in Table 2. To more precise performance.
- Step 620 The gateway device obtains the first software package according to the performance of the first intranet device. Wherein, the performance of the first intranet device meets the installation performance requirement of the first software package.
- the installation performance requirements corresponding to each software package are stored in the gateway device, as shown in Table 3.
- the gateway device obtains the performance of the first intranet device, it compares the performance of the first intranet device with the installation performance requirements of each software package. If the main performance of the first intranet device is higher than the installation performance of the first software package Performance requirements, it is determined that the performance of the first intranet device meets the installation performance requirements of the first software package.
- the performance of the first intranet device meets the installation performance requirements of the software packages networkstorage.exe and Firewall.exe, but does not meet the software package Websandbox.exe The installation performance requirements.
- the first software package is a software package named networkstorage.exe or a software package named Firewall.exe.
- the performance of the first intranet device meets the installation performance requirements of the software packages networkstorage.exe, Firewall.exe, and Websandbox.exe.
- the first software package is a software package named networkstorage.exe, a software package named Firewall.exe, or a software package named Websandbox.exe.
- the gateway device in the embodiment of the present application recognizes the type of the first intranet device, it obtains the performance of the first intranet device according to the type of the first intranet device, and then compares the performance of the first intranet device with the installation performance of the software package. A comparison is required to ensure that the performance of the first intranet device meets the installation performance requirements of the selected first software package. In this way, the failure rate of installing the software package or running the software package on the first intranet device can be reduced, and the success rate of installing the software package on the first intranet device can be improved, thereby improving the effect of implementing additional functions.
- the gateway device 300 recognizes the types of multiple intranet devices in parallel. After recognizing the types of multiple intranet devices, the method shown in Figure 2 or Figure 6 may be used for two or more different internal devices. Network equipment, the first software package determined to be the same software package. At this time, if the gateway device 300 sends the same software package to two or more intranet devices, these intranet devices will perform the same additional function after installing the same software package, which may result in waste of intranet device resources, or Conflict problems in the implementation of additional functions. In order to avoid this possible problem, when the first software package determined by the gateway device 300 is the same software package for multiple different intranet devices, the gateway device 300 needs to select from the multiple intranet devices An intranet device.
- the gateway device 300 sends the first software package to the selected intranet device to avoid sending the same software package to multiple intranet devices at the same time. That is, in the method shown in FIG. 2, before step 230, the method further includes: the gateway device 300 determines to obtain the first software package according to the type of the second intranet device; the gateway device 300 obtains the first software package from the first intranet device and The first intranet device is selected from the second intranet device, and the first instruction message and the first software package are sent to the first intranet device, but the first instruction message and the first software package are not sent to the second intranet device.
- the first software package is determined to be the same software package for two or more different intranet devices, it can also be based on the two For the performance of the internal network equipment, select one of the internal network equipment for subsequent installation of the first software package.
- the processing method of the network service in this case is shown in Figure 7.
- a network service processing method shown in FIG. 7 includes the following steps.
- steps 210, 610, 620, and 230 please refer to FIG. 6 and related descriptions, and will not be repeated here.
- the method further includes:
- Step 710 The gateway device identifies the type of the second intranet device, and the second intranet device belongs to the internal network to which the network management device is connected.
- Step 720 The gateway device determines the performance of the second intranet device according to the type of the second intranet device.
- the gateway device finds the second software package in the corresponding relationship between the software package and the installation performance requirements according to the performance of the second intranet device, and the performance of the second intranet device meets the second The installation performance requirements of the software package.
- step 710 to step 730 are respectively similar to step 210 in FIG. 2 and steps 610 and 620 in FIG. 6, and will not be repeated here.
- step 240 the gateway device determines whether the first software package and the second software package are the same software package, and if the first software package and the second software package are different software packages, step 230 and step 231 are executed.
- Step 231 The gateway device sends a second instruction message and a second software package to a second intranet device, where the second instruction message is used to instruct the second intranet device to install the second software package and execute the second software package. Two additional functions.
- step 250 is executed.
- Step 250 According to the performance of the first intranet device and the performance of the second intranet device, the gateway device selects the first intranet device from the first intranet device and the second intranet device according to a predetermined selection strategy. Install the first software package. Step 230 is executed.
- the predetermined selection strategy includes selecting an intranet device with better performance.
- the gateway device 300 recognizes the types of the intranet device 201 and the intranet device 202, it executes the method shown in FIG. 6 for the intranet device 201 and the intranet device 202 respectively, and determines that the intranet device 201 is used to install Firewall.exe, The intranet device 201 is also used to install Firewall.exe.
- the gateway device 300 selects the intranet device 201 from the intranet device 201 and the intranet device 202, and the gateway device 300 sends an instruction message to the intranet device 201.
- the message includes the Firewall.exe software package, which is used to instruct the intranet device 201 to install the Firewall.exe software package and execute the corresponding firewall function.
- the gateway device taking the gateway device 300 in FIG. 1 as an example is the main body that controls each intranet device to perform additional functions, and executes the network service processing method shown in FIG. 2, FIG. 2 or FIG. 7.
- the above-mentioned multiple software packages used to perform various additional functions can be stored centrally or distributed.
- Centralized storage means that the above-mentioned multiple software packages used to perform various additional functions are stored in the memory of the gateway device.
- Distributed storage means that all or part of the above-mentioned multiple software packages used to perform various additional functions are stored in other network devices that are accessible by the gateway device.
- these network devices used to store all or part of the software packages may be deployed in the internal network 200 or the external network 100.
- only the "cloud server" solution shown in FIG. 1 is taken as an example to describe the situation of distributed storage.
- the embodiments of the present application provide three specific implementations of distributed storage.
- Each software package is stored in a cloud server as shown in the server 101 in FIG. 1, instead of being stored in the gateway device 300.
- the gateway device 300 does not need to save the correspondence between the software package and the installation performance requirements, but saves the correspondence between the identification of the software package and the installation performance requirements.
- the implementation process of step 220 in FIG. 6 is shown in FIG. 8.
- FIG. 8 describes the process of the gateway device acquiring the first software package according to the performance of the first intranet device.
- the gateway device executes step 610 in FIG. 6, and after determining the performance of the first intranet device according to the type of the first intranet device, it cooperates with the server to execute step 810 to step 840 in FIG. 8 instead of the drawings. Step 620 in 6.
- the gateway device obtains the identifier of the first software package from the corresponding relationship between the identifier of the software package and the installation performance requirement according to the performance of the first intranet device. Wherein, the performance of the first intranet device meets the installation performance requirements corresponding to the identifier of the first software package.
- Step 820 The gateway device sends the identifier of the first software package to the server.
- Step 830 The server obtains the stored first software package according to the received identifier of the first software package.
- Step 840 The server sends the obtained first software package to the gateway device.
- the gateway device receives the first software package correspondingly returned by the server.
- the first intranet device is an intranet device 201
- the type of the intranet device 201 is a personal computer and the model is H-TG01.
- the gateway device 300 locally stores the corresponding relationship between the identifier of the stored software package and the installation performance requirement, as shown in Table 4.
- the gateway device 300 determines that the performance of the first intranet device meets the installation performance requirements of the software package named Firewall.
- the gateway device 300 sends the identifier “Firewall” of the first software package to the server 101, and after receiving the software package Firewall.exe returned by the server 101, sends the first instruction message and the software package Firewall.exe to the intranet device 201.
- the separate storage solution provided by the embodiment of the present application can save the storage resources of the gateway device 300.
- Each software package is stored in a cloud server as shown in the server 101 in FIG. 1, instead of being stored in the gateway device 300.
- the gateway device 300 does not need to save the correspondence between the software package and the installation performance requirements, nor does it need to save the correspondence between the identification of the software package and the installation performance requirements. It only needs to save the correspondence between the type and performance of the intranet device shown in Table 2. .
- the server 101 not only saves each software package, but also needs to save the corresponding relationship between the software package and the installation performance requirements as shown in Table 3. In this case, the implementation process of step 220 in FIG. 6 is shown in FIG. 9.
- Fig. 9 depicts the flow of the gateway device acquiring the first software package according to the performance of the first intranet device.
- the gateway device performs step 610 in FIG. 6, and after determining the performance of the first intranet device according to the type of the first intranet device, it cooperates with the server to perform step 910 to step 930 instead of the steps in FIG. 6 620.
- Step 910 The gateway device sends the performance of the first intranet device to the server.
- Step 920 The server obtains the first software package from the correspondence relationship between the software package and the installation performance requirement according to the received performance of the first intranet device. Wherein, the performance of the first intranet device meets the installation performance requirements corresponding to the identifier of the first software package.
- the server saves the corresponding relationship between the software packages shown in Table 3 and the installation performance requirements.
- the server After receiving the performance of the first intranet device sent by the gateway device, the server compares the performance of the first intranet device with the corresponding software packages. The installation performance requirements are compared, and if the main performance of the first intranet device is higher than the installation performance requirements of the first software package, it is determined that the performance of the first intranet device meets the installation performance requirements of the first software package.
- the server saves the software package and the installation performance requirements shown in Table 3, but the correspondence between the identifier of the server saves the software package and the installation performance requirements shown in Table 4.
- the server After the server receives the performance of the first intranet device, it compares the performance of the first intranet device with the installation performance requirements corresponding to the identification of each software package. If the main performance of the first intranet device is higher than that of the first software According to the installation performance requirement corresponding to the package identifier, it is determined that the performance of the first intranet device meets the installation performance requirement of the first software package. The server then finds the corresponding first software package according to the identifier of the first software package.
- Step 930 The server sends the first software package to the gateway device.
- the gateway device receives the first software package correspondingly returned by the server, and then sends the first software package and the first instruction message to the first intranet device.
- the first intranet device is an intranet device 201
- the type of the intranet device 201 is a personal computer and the model is H-TG01.
- the gateway device 300 determines according to Table 2 that the performance of the intranet device 201 includes "CPU: 2GHz; memory: 512MB; hard disk capacity: 256GB".
- the gateway device 300 sends the performance of the intranet device 201 "CPU: 2GHz; memory: 512MB; hard disk capacity: 256GB" to the server 101.
- the server 101 will receive the received performance "CPU: 2GHz; memory: 512MB; hard disk capacity: 256GB" with the saved software package shown in Table 3 and the corresponding relationship between the installation performance requirements, or the server saved software package shown in Table 4 The entries in the corresponding relationship between the identification and the installation performance requirements are compared.
- the performance of the internal network device 201 of the server 101 meets the installation performance requirements of the software package Firewall.exe.
- the server 101 sends the software package Firewall.exe to the gateway device 300.
- the separate storage solution provided by the embodiments of the present application can further save the storage resources of the gateway device on the one hand, and on the other hand, since the step of obtaining the first software package is executed by the server according to performance, it also saves the processing resources of the gateway device.
- Each software package is stored in a cloud server as shown in the server 101 in FIG. 1, instead of being stored in the gateway device 300.
- the gateway device 300 not only does not need to save the correspondence between the software package and the installation performance requirements, nor does it need to save the correspondence between the identification of the software package and the installation performance requirements, and does not need to save the information about the type and performance of the intranet devices shown in Table 2.
- the server 101 not only saves each software package, but also needs to save the corresponding relationship between the software package and the installation performance requirements shown in Table 3, and further needs to save the corresponding relationship between the type and performance of the intranet device shown in Table 2.
- the implementation process of step 220 in FIG. 2 is shown in FIG. 10.
- Fig. 10 depicts the flow of the gateway device acquiring the first software package according to the performance of the first intranet device.
- the gateway device executes step 210 in Figure 2 or Figure 6, after identifying the type of the first intranet device, and cooperates with the server to perform steps 110 to 130 to replace step 220 in Figure 2 or to replace step 220 in Figure 6 ⁇ steps 610-620.
- Step 110 The gateway device sends the type of the first intranet device to the server.
- Step 120 After receiving the type of the first intranet device sent by the gateway device, the server queries the performance of the first intranet device from the correspondence between the type and performance of the intranet device shown in Table 2.
- step 130 the server finds the first software package in the corresponding relationship between the software package and the installation performance requirement according to the queried performance of the first intranet device. Wherein, the performance of the first intranet device meets the installation performance requirements corresponding to the identifier of the first software package.
- the server saves the corresponding relationship between the software packages shown in Table 3 and the installation performance requirements. After the server finds the performance of the first intranet device, it compares the performance of the first intranet device with the installation performance requirements corresponding to each software package. By comparison, if the main performance of the first intranet device is higher than the installation performance requirement of the first software package, it is determined that the performance of the first intranet device meets the installation performance requirement of the first software package.
- the server finds the performance of the first intranet device, it compares the performance of the first intranet device with the installation performance requirements corresponding to the identification of each software package. If the main performance of the first intranet device is higher than that of the first software According to the installation performance requirement corresponding to the package identifier, it is determined that the performance of the first intranet device meets the installation performance requirement of the first software package. The server then finds the corresponding first software package according to the identifier of the first software package.
- step 120 and step 130 can be directly simplified as: the server queries the software package corresponding to the type of the first device according to the received type of the intranet device and the correspondence between the type of the intranet device and the software package.
- step 220 is basically similar, except that the execution subject is different, and will not be detailed here.
- Step 140 The server sends the first software package to the gateway device.
- the gateway device receives the first software package correspondingly returned by the server, and then sends the first software package and the first instruction message to the first intranet device.
- step 130 is similar to step 920 in FIG. 9, and the execution process of step 140 is similar to step 930 in FIG. 9, and the description is not repeated here.
- the first intranet device is an intranet device 201
- the type of the intranet device 201 is a personal computer and the model is H-TG01.
- the gateway device 300 sends the type of the intranet device 201 "personal computer, H-TG01" to the server 101.
- the server 101 receives the type "personal computer, H-TG01" of the intranet device 201, it queries the type "personal computer, H-TG01" corresponding to the type and performance of the intranet device shown in Table 2
- the performance is "CPU: 2GHz; memory: 512MB; hard disk capacity: 256GB”.
- the server 101 further compares the performance "CPU: 2GHz; memory: 512MB; hard disk capacity: 256GB” with the corresponding relationship between the software package shown in Table 3 and the installation performance requirements, or the identification of the software package saved by the server shown in Table 4
- the table items in the corresponding relationship of the installation performance requirements are compared to determine that the performance "CPU: 2GHz; memory: 512MB; hard disk capacity: 256GB" meets the installation performance requirements of the software package Firewall.exe.
- the server 101 sends the software package Firewall.exe to the gateway device 300.
- the separate storage solution provided by the embodiments of the present application can further save the storage resources of the gateway device on the one hand, and on the other hand, because of the step of querying the installation performance requirements according to the type of the first intranet device, and obtaining the first software package according to the performance
- the steps are all executed by the server, which further saves the processing resources of the gateway device.
- the gateway device sends the first indication message and the first software package to the first intranet device, in order to facilitate subsequent changes to the target
- the data stream, and/or the description information used to describe the target data stream is sent to the first intranet device that implements the first additional function, and the gateway device also needs to record the correspondence between the identifier of the first intranet device and the first additional function relationship.
- the target data stream refers to the data stream of the first additional function to be executed.
- the purpose of the gateway device to record the correspondence between the identifier of the first intranet device and the first additional function is to correctly forward the target data stream subsequently, so as to correctly execute the first additional function.
- the gateway device subsequently sends the target data stream and/or description information used to describe the target data stream to the device that implements the first additional function according to the correspondence between the identifier of the first intranet device and the first additional function.
- the first intranet device and receives the processing result corresponding to the first intranet device.
- the gateway device performs an action corresponding to the processing result on the target data flow in the traffic to be forwarded according to the received processing result, and the action includes forwarding, warning, or blocking.
- the specific implementation process is shown in FIG. 11 and FIG. 12.
- FIG. 11 is a flowchart of a method for processing a network service provided by an embodiment of the present application.
- the gateway device 300 in FIG. 1 the gateway device sends the first indication message and the first instruction message to the first intranet device in the network service processing method described in FIG. 2 and FIG. 6 to FIG.
- the steps shown in FIG. 11 are also executed.
- Step 111 The gateway device saves the corresponding relationship between the identifier of the first intranet device and the first additional function.
- the gateway device after the gateway device sends the first indication message and the first software package to the first intranet device, it waits to receive that the first intranet device returns after the installation of the first software package is completed. Confirmation message. After the gateway device receives the confirmation message from the first intranet device, the gateway device saves the corresponding relationship between the identifier of the first intranet device and the first additional function.
- Step 112 The gateway device obtains the traffic to be forwarded, and obtains a target data stream from the traffic to be forwarded, where the target data stream refers to a data stream for which the first additional function is to be executed.
- Which data flow is the target data flow is related to specific additional functions. For example, if the first additional function is a data stream security detection function, then the target data stream is the traffic to be detected that conforms to the predetermined policy.
- the predetermined strategy is set according to the network scenario in advance, and can be all two-way traffic, or one-way traffic sent from the external network to the internal network, and so on.
- the target data stream is a data stream carrying the content to be cached.
- the type of content to be cached is preset, for example, the content to be cached is multimedia content and so on.
- the target data stream is a data stream carrying the content of the file to be detected.
- the format type of the file to be detected is preset, such as a portable document format (Portable Document Format, pdf) file, or an executable (executable file, exe) file, a portable executable (Portable Executable, PE) file, and so on.
- the gateway device can analyze some of the packets in the data stream to be forwarded, such as a small number of packets in the initial stage of session establishment, to determine whether the data stream to which these packets belong is the target data stream. For example, protocol analysis is performed on a small number of messages in the initial stage of session establishment to obtain the file header data carried in the message, and the content type carried by the session is obtained from the file header data.
- Step 113 The gateway device sends the target data stream to the first intranet device according to the correspondence between the identifier of the first intranet device and the first additional function.
- Step 114 The gateway device receives the processing result of the target data stream by the first intranet device.
- the first intranet device is the intranet device 201 in FIG. 1, and the gateway device is the gateway device 300 in FIG. 1.
- the gateway device 300 sends the first indication message and the software package networkstorage.exe to the intranet device 201.
- the intranet device 201 executes the network caching function.
- the gateway device 300 records the correspondence between the intranet device 201 and the network cache function.
- the predetermined policy configured in the gateway device 300 is to cache video files exceeding 50M. That is, the target data stream is a data stream that carries video files exceeding 50M.
- the gateway device 300 After the gateway device 300 subsequently receives a data stream carrying a video file of more than 50M through a network interface, in addition to executing the original forwarding process, it also sends the data stream to the intranet device 201.
- the gateway device 300 receives the caching result of this part of the data stream by the intranet device 201, for example, the caching result indicates that the video file is cached successfully or the caching result indicates that the video file has failed to cache.
- the gateway device further executes step 115.
- Step 115 The gateway device performs an action corresponding to the processing result on the target data stream according to the processing result, and the action includes forwarding, warning, or blocking.
- the first intranet device is the intranet device 201 in FIG. 1, and the gateway device is the gateway device 300 in FIG. 1.
- the first instruction message and software package Firewall.exe sent by the gateway device 300 to the intranet device 201.
- the intranet device 201 executes the data stream security detection function using the firewall as an example.
- the gateway device 300 records the correspondence between the intranet device 201 and the data stream security detection function.
- the predetermined policy configured in the gateway device 300 is to perform security detection on the one-way traffic sent from the external network to the internal network.
- the target data flow to be detected is the one-way flow sent from the external network to the internal network.
- the gateway device 300 After the gateway device 300 subsequently receives the data stream sent by the external network 100 to the internal network 200 through the network interface, it sends the data stream to the internal network device 201.
- the gateway device 300 receives the security detection result of the internal network device 201 on the target data stream, if the security detection result indicates that the target data stream does not contain data that violates firewall rules, the gateway device 300 forwards the target data to the internal network 200 through the network interface Stream; if the security detection result indicates that the target data stream contains data that violates firewall rules, the gateway device 300 blocks the target data stream and prohibits forwarding the target data stream to the internal network 200 through the network interface.
- the gateway device in order to reduce the amount of data sent by the gateway device to the intranet device that performs additional functions, the gateway device first parses, analyzes, extracts or counts the target data stream to obtain Descriptive information used to describe the target data stream.
- Descriptive information is also called metadata.
- Metadata is data describing data (data about data), mainly information describing data properties, used to support functions such as indicating storage locations, historical data, resource search, and file recording.
- there are multiple ways and formats for generating description information including formats supported by standard organizations and existing mainstream vendors, or formats customized by administrators. For example, the IP data flow information output (IP Flow Information Export, IPFIX) protocol format, NetFlow format, sflow format, etc. defined by the Internet Engineering Task Force (IETF).
- IPFIX IP Flow Information Export
- IETF Internet Engineering Task Force
- Fig. 12 is a processing method of a network service provided by an embodiment of the present application. Taking the gateway device 300 in FIG. 1 as an example, the gateway device sends the first indication message and the first instruction message to the first intranet device in the network service processing method described in FIG. 2 and FIG. 6 to FIG. After the steps of the software package, the steps shown in FIG. 12 are also executed.
- Step 121 The gateway device saves the correspondence between the identifier of the first intranet device and the first additional function.
- Step 122 The gateway device obtains the traffic to be forwarded, and obtains a target data stream from the traffic to be forwarded, where the target data stream refers to a data stream on which the first additional function is to be executed.
- Step 121 and step 122 in FIG. 12 are similar to step 111 and step 112 in FIG. 11, respectively, and the description will not be repeated here.
- Step 123 The gateway device determines description information, where the description information is used to describe the target data stream.
- Step 124 The gateway device sends description information to the first intranet device according to the correspondence between the identifier of the first intranet device and the first additional function.
- Step 125 The gateway device receives the processing result of the description information by the first intranet device.
- Step 126 The gateway device performs an action corresponding to the processing result on the target data stream according to the processing result of the description information by the first intranet device, and the action includes forwarding, warning, or blocking.
- the first intranet device is the intranet device 201 in FIG. 1, and the gateway device is the gateway device 300 in FIG. 1.
- the gateway device 300 sends the first instruction message and the software package Firewall.exe to the intranet device 201. After completing the installation of the software package Firewall.exe according to the first instruction message, the intranet device 201 executes the data stream security detection function using the firewall as an example.
- the gateway device 300 records the correspondence between the intranet device 201 and the data stream security detection function.
- the predetermined policy configured in the gateway device 300 is to perform security detection on the one-way traffic sent from the external network to the internal network. That is, the target data flow is the one-way flow sent from the external network to the internal network.
- the gateway device 300 After the gateway device 300 subsequently receives the data stream (that is, the target data stream) sent by the external network 100 to the internal network 200 through the network interface, it extracts the description information of the target data stream.
- the description information includes 5-tuple information consisting of a source address, a source port number, a destination address, a destination port number, and a protocol type. Optionally, the description information also includes the contents of some designated fields in the message header, and so on.
- the gateway device 300 sends description information to the intranet device 201.
- the gateway device 300 After the gateway device 300 receives the security detection result of the internal network device 201 on the description information, if the security detection result indicates that the description information does not contain data that violates firewall rules, the gateway device 300 forwards the target data stream to the internal network 200 through the network interface; If the security detection result indicates that the description information contains data that violates the firewall rules, the gateway device 300 blocks the target data flow and prohibits forwarding the target data flow to the internal network 200 through the network interface.
- FIG. 13 is a schematic structural diagram of a gateway device provided by an embodiment of the present application.
- the gateway device shown in FIG. 13 is the gateway device 300 in the application scenario shown in FIG. 1 and the gateway device in the processes shown in FIG. 2 and FIG. 6 to FIG. 12.
- the gateway device includes a processor 131, a memory 132, and a network interface 133.
- the processor 131 may be one or more CPUs, and the CPU may be a single-core CPU or a multi-core CPU.
- the memory 132 includes but is not limited to random access memory (RAM), read only memory (ROM), erasable programmable read-only memory, EPROM or flash Memory), flash memory, or optical memory, etc.
- RAM random access memory
- ROM read only memory
- EPROM erasable programmable read-only memory
- flash memory or optical memory, etc.
- the code of the operating system is stored in the memory 132.
- the network interface 133 may be a wired interface, such as a Fiber Distributed Data Interface (FDDI) or a Gigabit Ethernet (GE) interface; the network interface 63 may also be a wireless interface.
- the network interface 133 is used to receive data streams from the internal network and/or external network, communicate with the internal network device in the internal network according to the instruction of the processor 131, and communicate with the server in the external network.
- FDDI Fiber Distributed Data Interface
- GE Gigabit Ethernet
- the processor 131 implements the method in the foregoing embodiment by reading instructions stored in the memory 132, or the processor 131 may also implement the method in the foregoing embodiment by using internally stored instructions.
- the processor 131 implements the method in the foregoing embodiment by reading the instructions stored in the memory 132
- the memory 132 stores the instruction to implement the method provided in the foregoing embodiment of the present application.
- the gateway device executes the following operations: identifying the type of the first intranet device, the first intranet device belonging to the internal network connected to the gateway device; the gateway device according to For the type of the first intranet device, a first software package is obtained, and the first software package is used to implement a first additional function; and a first instruction message and a first instruction message are sent to the first intranet device through the network interface 133 For the first software package, the first instruction message is used to instruct the first intranet device to install the first software package and execute the first additional function.
- the at least one processor 131 further executes the network service processing method described in the above method embodiment according to several correspondence tables (such as Table 1, Table 2, Table 3, and Table 4 in the previous embodiment) stored in the memory 132 .
- Table 1, Table 2, Table 3, and Table 4 in the previous embodiment stored in the memory 132 .
- the gateway device further includes a bus 134, and the aforementioned processor 131 and memory 132 are usually connected to each other through the bus 134, and may also be connected to each other in other ways.
- the gateway device further includes an input and output interface 135, which is used to connect to an output device and output a prompt message to the administrator to notify the administrator that the first intranet device can perform the first additional function, and where appropriate Under the condition of, output alarms and so on according to the processing results of the internal network equipment.
- Output devices include but are not limited to displays, printers, etc.
- the input and output interface 135 is also used to connect with an input device, and receive a confirmation message returned by the administrator in response to the prompt message.
- Input devices include but are not limited to keyboards, touch screens, microphones, Bluetooth modules, and so on.
- gateway device shown in FIG. 13 For other additional functions that can be implemented by the gateway device shown in FIG. 13 and the interaction process with other network element devices (such as an intranet device or a server), please refer to the description of the gateway device in the method embodiment, which will not be repeated here.
- the gateway device provided in the embodiment of the present application is used to execute the network service processing method provided in the foregoing method embodiments.
- the gateway device itself does not need to perform additional functions, but as a management and control body that implements additional functions, and controls appropriate intranet devices to share the task of implementing additional functions.
- the main function of the gateway device is to identify the type of the internal network device, and according to the type of the internal network device, send a software package for implementing appropriate additional functions to the internal network device, and instruct the internal network device to implement additional functions after the software package is successfully installed.
- FIG. 14 is a schematic structural diagram of a network service processing apparatus provided by an embodiment of the present application.
- the processing device 14 includes a processing module 141 and a sending module 142.
- the processing device 14 is coupled to the gateway device in the foregoing method embodiments, for example, is integrated in the gateway device, and is a software or hardware component in the gateway device.
- the processing device shown in FIG. 14 is applied to the scenario shown in FIG. 1 of the method embodiment to realize the function of the gateway device therein.
- the processing module 141 is configured to identify the type of the first intranet device, which belongs to the internal network connected to the gateway device; obtain the first software according to the identified type of the first intranet device The first software package is used to implement the first additional function.
- the sending module 142 is configured to send a first instruction message and the first software package to the first intranet device, where the first instruction message is used to instruct the first intranet device to install the first software package And execute the first additional function.
- the processing module 141 obtains the first software package according to the type of the first intranet device, including: determining the performance of the first intranet device according to the type of the first intranet device, the Performance includes software capabilities and hardware capabilities.
- the software capabilities include whether to support the installation of software packages, and the hardware capabilities include processor performance values and/or storage space sizes; according to the performance of the first intranet device, the first intranet device is obtained.
- a software package, and the performance of the first intranet device meets the installation performance requirements of the first software package.
- the processing module 141 is further configured to identify the type of the second intranet device.
- the internal network device belongs to the internal network.
- the processing module 141 determines the performance of the second intranet device according to the type of the second intranet device; obtains a second software package, and the performance of the second intranet device meets the installation performance of the second software package Claim. If the first software package and the second software package are the same software package, the gateway device selects the first intranet device from the first intranet device and the second intranet device Used to install the first software package.
- the device further includes a receiving module 143.
- the processing module 142 After the sending module 142 sends the first indication message and the first software package to the first intranet device, the processing module 142 saves the correspondence between the identifier of the first intranet device and the first additional function .
- the processing module 141 obtains a target data stream from the traffic to be forwarded received by the receiving module 143, where the target data stream is a data stream for which the first additional function is to be executed.
- the processing module 142 sends the target data stream to the first intranet device through the sending module 142 according to the correspondence between the identifier of the first intranet device and the first additional function, and receives the target data stream via the receiving module 143.
- processing module 141 For additional functions that can be implemented by the processing module 141, the sending module 142, and the receiving module 143, and for more details of implementing the above-mentioned functions, please refer to the descriptions in the previous method embodiments, and will not be repeated here.
- the device embodiment described in FIG. 14 is only illustrative.
- the division of the modules is only a logical function division, and there may be other divisions in actual implementation, for example, multiple modules or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented.
- the functional modules in the various embodiments of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module.
- the above-mentioned modules in FIG. 14 can be implemented in the form of hardware or software functional units.
- the processing module 141, the sending module 142, and the receiving module 143 may be implemented by software functional modules generated after the processor 131 in FIG. 13 reads the program code stored in the memory.
- the above-mentioned modules in FIG. 14 can also be implemented by different hardware in the gateway device.
- the sending module 142 and the receiving module 143 are implemented by the network interface 133 in FIG. 13, and the processing module 141 is implemented by the processor 133 in FIG.
- Part of the processing resources may be implemented using programmable devices such as Field-Programmable Gate Array (FPGA) or coprocessor.
- FPGA Field-Programmable Gate Array
- the above functional modules can also be implemented by a combination of software and hardware.
- the sending module 142 and the receiving module 143 are implemented by the network interface 133
- the processing module 141 is a software functional module generated after the CPU reads instructions stored in the memory. .
- the embodiment of the present application also provides a network service processing system, which includes a gateway device and at least one intranet device.
- the gateway device is used to connect the external network and the internal network.
- the at least one internal network device belongs to the internal network.
- the processing system further includes a server, and the server is deployed in an internal network or an external network.
- a computer program product refers to computer-readable instructions stored in a computer-readable medium.
- the computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium.
- Computer-readable storage media include, but are not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, equipment or devices, or any appropriate combination of the foregoing.
- the computer-readable storage medium is Random Access Memory (RAM), Read Only Memory (ROM), Erasable Programmable Read Only Memory (EPROM) or portable only memory.
- RAM Random Access Memory
- ROM Read Only Memory
- EPROM Erasable Programmable Read Only Memory
- CD-ROM Compact Disc Read-Only Memory
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims (31)
- 一种网络业务的处理方法,其特征在于,包括:网关设备识别第一内网设备的类型,所述第一内网设备属于所述网关设备连接的内部网络;所述网关设备根据所述第一内网设备的类型,获得第一软件包,所述第一软件包用于实现第一附加功能;所述网关设备向所述第一内网设备发送第一指示消息和所述第一软件包,所述第一指示消息用于指示所述第一内网设备安装所述第一软件包并执行所述第一附加功能。
- 根据权利要求1所述的处理方法,其特征在于,所述网关设备根据所述第一内网设备的类型,获得第一软件包,包括:所述网关设备根据所述第一内网设备的类型,确定所述第一内网设备的性能,所述性能包括软件能力和硬件能力,所述软件能力包括是否支持安装软件包,所述硬件能力包括处理器性能值和/或存储空间大小;所述网关设备根据所述第一内网设备的性能,获取所述第一软件包,所述第一内网设备的性能符合所述第一软件包的安装性能要求。
- 根据权利要求2所述的处理方法,其特征在于,所述网关设备根据所述第一内网设备的性能,获取所述第一软件包,包括:所述网关设备根据所述第一内网设备的性能,在软件包与安装性能要求的对应关系中查找到所述第一软件包。
- 根据权利要求2所述的处理方法,其特征在于,所述网关设备根据所述第一内网设备的性能,获取所述第一软件包,包括:所述网关设备根据第一内网设备的性能,在软件包的标识与安装性能要求的对应关系中查找到所述第一软件包的标识;所述网关设备向服务器发送所述第一软件包的标识,并接收所述服务器根据所述第一软件包的标识返回的所述第一软件包。
- 根据权利要求2所述的处理方法,其特征在于,所述网关设备根据所述第一内网设备的性能,获取所述第一软件包,包括:所述网关设备向服务器发送所述第一内网设备的性能;所述网关设备接收所述服务器根据所述第一内外设备的性能返回的所述第一软件包。
- 根据权利要求1所述的处理方法,其特征在于,所述网关设备根据所述第一内网设备的类型,获得第一软件包,包括:所述网关设备向服务器发送所述第一内网设备的类型;所述网关设备接收所述服务器根据所述第一内外设备的类型返回的所述第一软件包。
- 根据权利要求2所述的处理方法,其特征在于,所述网关设备向所述第一内网设备发送第一指示消息和所述第一软件包之前,所述方法还包括:所述网关设备识别第二内网设备的类型,所述第二内网设备属于所述内部网络;所述网关设备根据所述第二内网设备的类型,确定所述第二内网设备的性能;所述网关设备根据第二内网设备的性能,在软件包与安装性能要求的对应关系中查找到所述第二软件包,所述第二内网设备的性能符合所述第二软件包的安装性能要求;如果所述第一软件包和所述第二软件包为同一软件包,则所述网关设备从所述第一内网设备和所述第二内网设备中选择出所述第一内网设备用以安装所述第一软件包。
- 根据权利要求7所述的处理方法,其特征在于,所述网关设备从所述第一内网设备和所述第二内网设备中选择出所述第一内网设备用以安装所述第一软件包,包括:所述网关设备根据所述第一内网设备的性能和所述第二内网设备的性能,按照预定的选择策略,从所述第一内网设备和所述第二内网设备中选择出所述第一内网设备用以安装所述第一软件包。
- 根据权利要求1-8任一所述的方法,其特征在于,所述网关设备向所述第一内网设备发送第一指示消息和所述第一软件包之后,所述方法还包括:所述网关设备保存所述第一内网设备的标识与所述第一附加功能的对应关系;所述网关设备获取目标数据流,所述目标数据流为待执行所述第一附加功能的数据流;所述网关设备根据所述第一内网设备的标识与所述第一附加功能的对应关系,向所述第一内网设备发送所述目标数据流,并接收所述第一内网设备对所述目标数据流的处理结果。
- 根据权利要求9所述的方法,其特征在于,所述接收所述第一内网设备对所述目标数据流的处理结果之后,还包括:所述网关设备根据所述处理结果,对所述目标数据流执行与所述处理结果对应的动作,所述动作包括转发、告警或者阻断。
- 根据权利要求1或2所述的方法,其特征在于,所述网关设备向所述第一内网设备发送第一指示消息和所述第一软件包之后,所述方法还包括:所述网关设备保存所述第一内网设备的标识与所述第一附加功能的对应关系;所述网关设备获取目标数据流,所述目标数据流为待执行所述第一附加功能的数据流;所述网关设备确定描述信息,所述描述信息用于描述所述目标数据流;所述网关设备根据所述第一内网设备的标识与所述第一附加功能的对应关系,向所述第一内网设备发送所述描述信息,并接收所述第一内网设备对所述描述信息的处理结果。
- 根据权利要求11所述的方法,其特征在于,所述接收所述第一内网设备对所述描述信息的处理结果之后,还包括:所述网关设备根据所述处理结果,对所述目标数据流执行与所述处理结果对应的动作,所述动作包括转发、告警或者阻断。
- 根据权利要求9-12所述的方法,其特征在于,所述第一附加功能为数据流安全检测功能,所述目标数据流为待检测的数据流。
- 根据权利要求9-12任一所述的方法,其特征在于,所述第一附加功能为网络缓存功能,所述目标数据流为承载待缓存内容的数据流。
- 根据权利要求9-12任一所述的方法,其特征在于,所述第一附加功能为安全沙箱功能,所述目标数据流为承载待检测文件内容的数据流。
- 根据权利要求1-15任一所述的方法,其特征在于,所述网关设备向所述第一内网设备发送第一指示消息和所述第一软件包之前,所述方法还包括:输出提示信息,所述提示信息中包括所述第一内网设备的标识与所述第一附加功能的 对应关系,所述提示信息用于提示所述第一内网设备具备执行所述第一附加功能的能力;接收输入的确认信息,所述确认信息用于表示允许所述第一内网设备执行所述第一附加功能。
- 根据权利要求1-16任一所述的方法,其特征在于,所述网关设备识别第一内网设备的类型,包括:所述网关设备截获所述第一内网设备发送的特征报文,所述特征报文中携带第一特征字段,所述第一特征字段的内容用于指示发送方的操作系统类型或者预定网站域名;所述网关设备在特征库中查询所述第一特征字段的内容对应的第一设备类型,所述特征库中保存所述第一特征字段的内容与所述第一设备类型的对应关系;所述网关设备确定所述第一内网设备的设备类型为所述第一设备类型。
- 根据权利要求1-16任一所述的方法,其特征在于,所述网关设备识别第一内网设备的类型,包括:所述网关设备获取所述第一内网设备的MAC地址;所述网关设备在设备信息库中查询所述第一内网设备的MAC地址对应的第一设备类型,所述设备信息库中保存所述第一内网设备的MAC地址与所述第一设备类型的对应关系;所述网关设备确定所述第一内网设备的设备类型为所述第一设备类型。
- 根据权利要求1-16任一所述的方法,其特征在于,所述网关设备识别第一内网设备的类型,包括:所述网关设备向所述第一内网设备发送探测报文;所述网关设备接收所述第一内网设备发送的对应所述探测报文的响应报文;所述网关设备根据所述响应报文获取第一识别指纹;所述网关设备在指纹库中查询所述第一识别指纹对应的第一设备类型,所述指纹库中保存所述第一识别指纹与所述第一设备类型的对应关系;所述网关设备确定所述第一内网设备的设备类型为所述第一设备类型。
- 一种网关设备,其特征在于,包括网络接口、存储器和与所述存储器连接的处理器,所述存储器用于存储指令;所述处理器用于执行所述指令,以使所述网关设备执行以下操作:识别第一内网设备的类型,所述第一内网设备属于所述网关设备连接的内部网络;根据所述第一内网设备的类型,获得第一软件包,所述第一软件包用于实现第一附加功能;通过所述网络接口向所述第一内网设备发送第一指示消息和所述第一软件包,所述第一指示消息用于指示所述第一内网设备安装所述第一软件包并执行所述第一附加功能。
- 根据权利要求20所述的网关设备,其特征在于,所述处理器,用于根据所述第一内网设备的类型,确定所述第一内网设备的性能,所述性能包括软件能力和硬件能力,所述软件能力包括是否支持安装软件包,所述硬件能力包括处理器性能值和/或存储空间大小;根据所述第一内网设备的性能,获取所述第一软件包,所述第一内网设备的性能符合所述第一软件包的安装性能要求。
- 根据权利要求21所述的网关设备,其特征在于,所述处理器根据第一内网设备的性能,在软件包的标识与安装性能要求的对应关系中 查找到所述第一软件包的标识;通过所述网络接口向服务器发送所述第一软件包的标识,并通过所述网络接口接收所述服务器根据所述第一软件包的标识返回的所述第一软件包。
- 根据权利要求21所述的网关设备,其特征在于,所述处理器通过所述网络接口向服务器发送所述第一内网设备的性能,并通过所述网络接口接收所述服务器根据所述第一内外设备的性能返回的所述第一软件包。
- 根据权利要求20所述的网关设备,其特征在于,所述处理器通过所述网络接口向服务器发送所述第一内网设备的类型,并通过所述网络接口接收所述服务器根据所述第一内外设备的类型返回的所述第一软件包。
- 根据权利要求21所述的网关设备,其特征在于,通过所述网络接口向所述第一内网设备发送第一指示消息和所述第一软件包之前,所述处理器还用于识别第二内网设备的类型,所述第二内网设备属于所述内部网络;根据所述第二内网设备的类型,确定所述第二内网设备的性能;根据第二内网设备的性能,在软件包与安装性能要求的对应关系中查找到所述第二软件包,所述第二内网设备的性能符合所述第二软件包的安装性能要求;如果所述第一软件包和所述第二软件包为同一软件包,则从所述第一内网设备和所述第二内网设备中选择出所述第一内网设备用以安装所述第一软件包。
- 根据权利要求20-25任一所述的网关设备,其特征在于,通过网络接口向所述第一内网设备发送第一指示消息和所述第一软件包之后,所述处理器还用于保存所述第一内网设备的标识与所述第一附加功能的对应关系;获取目标数据流,所述目标数据流为待执行所述第一附加功能的数据流;根据所述第一内网设备的标识与所述第一附加功能的对应关系,通过所述网络接口向所述第一内网设备发送所述目标数据流,并通过所述网络接口接收所述第一内网设备对所述目标数据流的处理结果。
- 根据权利要求26所述的网关设备,其特征在于,所述处理器还用于根据所述处理结果,对所述目标数据流执行与所述处理结果对应的动作,所述动作包括转发、告警或者阻断。
- 根据权利要求20-25任一所述的网关设备,其特征在于,通过网络接口向所述第一内网设备发送第一指示消息和所述第一软件包之后,所述处理器还用于保存所述第一内网设备的标识与所述第一附加功能的对应关系;获取目标数据流,所述目标数据流为待执行所述第一附加功能的数据流;确定描述信息,所述描述信息用于描述所述目标数据流;根据所述第一内网设备的标识与所述第一附加功能的对应关系,通过所述网络接口向所述第一内网设备发送所述描述信息,并通过所述网络接口接收所述第一内网设备对所述描述信息的处理结果。
- 根据权利要求28所述的网关设备,其特征在于,所述处理器,还用于根据所述处理结果,对所述目标数据流执行与所述处理结果对应的动作,所述动作包括转发、告警或者阻断。
- 一种网络业务的处理装置,其特征在于,所述处理装置与网关设备连接,包括:处理模块,用于识别第一内网设备的类型,所述第一内网设备属于所述网关设备连接 的内部网络;根据所述第一内网设备的类型,获得第一软件包,所述第一软件包用于实现第一附加功能;发送模块,用于向所述第一内网设备发送第一指示消息和所述第一软件包,所述第一指示消息用于指示所述第一内网设备安装所述第一软件包并执行所述第一附加功能。
- 一种网络业务的处理系统,其特征在于,包括:网关设备和第一内网设备,所述第一内网设备属于所述网关设备连接的内部网络;所述网关设备,用于执行如权利要求1-19任一所述的方法;所述第一内网设备,用于接收所述网关设备发送的所述第一指示消息和所述第一软件包,根据所述第一指示消息安装所述第一软件包后执行所述第一附加功能。
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA3157038A CA3157038A1 (en) | 2019-11-11 | 2020-10-15 | Network service processing method, system, and gateway device |
EP20888021.1A EP4047885A4 (en) | 2019-11-11 | 2020-10-15 | METHOD AND SYSTEM FOR PROCESSING A NETWORK SERVICE AND GATEWAY |
MX2022005625A MX2022005625A (es) | 2019-11-11 | 2020-10-15 | Metodo de procesamiento de servicio de red, sistema y dispositivo de puerta de enlace. |
JP2022526740A JP7383145B2 (ja) | 2019-11-11 | 2020-10-15 | ネットワークサービス処理方法、システム及びゲートウェイデバイス |
US17/742,341 US11843518B2 (en) | 2019-11-11 | 2022-05-11 | Network service processing method, system, and gateway device |
US18/511,806 US20240089178A1 (en) | 2019-11-11 | 2023-11-16 | Network service processing method, system, and gateway device |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911097192.1 | 2019-11-11 | ||
CN201911097192 | 2019-11-11 | ||
CN201911134443.9A CN112787947B (zh) | 2019-11-11 | 2019-11-19 | 网络业务的处理方法、系统和网关设备 |
CN201911134443.9 | 2019-11-19 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/742,341 Continuation US11843518B2 (en) | 2019-11-11 | 2022-05-11 | Network service processing method, system, and gateway device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021093510A1 true WO2021093510A1 (zh) | 2021-05-20 |
Family
ID=75749939
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/121251 WO2021093510A1 (zh) | 2019-11-11 | 2020-10-15 | 网络业务的处理方法、系统和网关设备 |
Country Status (7)
Country | Link |
---|---|
US (2) | US11843518B2 (zh) |
EP (1) | EP4047885A4 (zh) |
JP (1) | JP7383145B2 (zh) |
CN (3) | CN116032762A (zh) |
CA (1) | CA3157038A1 (zh) |
MX (1) | MX2022005625A (zh) |
WO (1) | WO2021093510A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114760279A (zh) * | 2022-03-10 | 2022-07-15 | 深圳市联洲国际技术有限公司 | 识别设备类型的方法、服务端与计算机可读存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141360A (zh) * | 2007-09-14 | 2008-03-12 | 四川长虹电器股份有限公司 | 家庭网络中设备管理和控制的方法 |
CN101340497A (zh) * | 2008-08-11 | 2009-01-07 | 中兴通讯股份有限公司 | 一种降低VoIP媒体网关设备功耗的方法及装置 |
CN101931592A (zh) * | 2010-08-26 | 2010-12-29 | 北京科技大学 | 一种基于wsn的矿下安全监控系统网关设备 |
WO2016169218A1 (zh) * | 2015-04-22 | 2016-10-27 | 中兴通讯股份有限公司 | 一种网关虚拟化方法、系统及计算机存储介质 |
CN108377222A (zh) * | 2018-01-15 | 2018-08-07 | 顺丰科技有限公司 | 基于软件的负载均衡实现方法、装置、设备及存储介质 |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001222500A (ja) * | 1999-12-01 | 2001-08-17 | Sharp Corp | ネットワークゲートウェイにおけるプログラムの配布方法 |
KR100541942B1 (ko) * | 2003-08-11 | 2006-01-10 | 삼성전자주식회사 | 홈네트워크의 홈디바이스원격관리장치 및 그 방법 |
CN103135999A (zh) * | 2011-11-24 | 2013-06-05 | 成绵广 | 软件加载方法 |
CN102638460B (zh) * | 2012-03-26 | 2016-08-10 | 华为终端有限公司 | 家庭网关、云服务器及两者之间进行通信的方法 |
CN102938718B (zh) * | 2012-10-19 | 2016-03-30 | 中兴通讯股份有限公司 | 一种家庭网关与智能终端综合系统及其通信方法 |
CN103650424B (zh) * | 2013-08-20 | 2018-02-02 | 华为技术有限公司 | 一种家庭网关服务功能的实现方法和服务器 |
JP2015090570A (ja) * | 2013-11-06 | 2015-05-11 | ソニー株式会社 | 情報処理装置および制御方法 |
CN103677899B (zh) * | 2013-11-15 | 2017-08-01 | 小米科技有限责任公司 | 安装应用程序的方法及设备 |
CN103944815A (zh) * | 2014-04-29 | 2014-07-23 | 中国联合网络通信集团有限公司 | 基于容量卡实现家庭网关的方法、装置及路由器 |
US10122660B2 (en) * | 2015-03-27 | 2018-11-06 | MINDBODY, Inc. | Contextual mobile communication platform |
CN104821911B (zh) * | 2015-05-04 | 2018-10-02 | 南京邮电大学 | 基于网络功能虚拟化的家庭网关系统 |
WO2017075781A1 (zh) * | 2015-11-05 | 2017-05-11 | 华为技术有限公司 | 一种数据报文的处理方法、装置及系统 |
CN105577496B (zh) | 2016-03-03 | 2018-06-15 | 烽火通信科技股份有限公司 | 一种家庭网关利用云平台识别接入设备类型的系统 |
CN106897058A (zh) * | 2017-01-24 | 2017-06-27 | 北京奇虎科技有限公司 | 业务对象安装包的融合方法与装置 |
CN107347025A (zh) * | 2017-06-14 | 2017-11-14 | 云丁网络技术(北京)有限公司 | 数据处理方法、装置、服务器及系统 |
US20190090158A1 (en) * | 2017-09-20 | 2019-03-21 | Qualcomm Incorporated | Enhanced network-assisted services |
US10938663B2 (en) * | 2018-05-07 | 2021-03-02 | Servicenow, Inc. | Discovery and management of devices |
CN109302461B (zh) * | 2018-09-13 | 2021-08-31 | 网易有道信息技术(杭州)有限公司 | 信息展示、处理方法、介质、系统和计算设备 |
US20210044579A1 (en) * | 2018-12-04 | 2021-02-11 | Viakoo, Inc. | Systems and Methods of Remotely Updating a Multitude of IP Connected Devices |
CN110099074B (zh) | 2019-05-28 | 2021-06-29 | 创新先进技术有限公司 | 一种物联网设备的异常检测方法、系统及电子设备 |
US11432167B2 (en) * | 2020-01-22 | 2022-08-30 | Abl Ip Holding Llc | Selective updating of nodes of a nodal wireless network |
-
2019
- 2019-11-19 CN CN202211601153.2A patent/CN116032762A/zh active Pending
- 2019-11-19 CN CN202211603844.6A patent/CN116032763A/zh active Pending
- 2019-11-19 CN CN201911134443.9A patent/CN112787947B/zh active Active
-
2020
- 2020-10-15 CA CA3157038A patent/CA3157038A1/en active Pending
- 2020-10-15 WO PCT/CN2020/121251 patent/WO2021093510A1/zh unknown
- 2020-10-15 JP JP2022526740A patent/JP7383145B2/ja active Active
- 2020-10-15 EP EP20888021.1A patent/EP4047885A4/en active Pending
- 2020-10-15 MX MX2022005625A patent/MX2022005625A/es unknown
-
2022
- 2022-05-11 US US17/742,341 patent/US11843518B2/en active Active
-
2023
- 2023-11-16 US US18/511,806 patent/US20240089178A1/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141360A (zh) * | 2007-09-14 | 2008-03-12 | 四川长虹电器股份有限公司 | 家庭网络中设备管理和控制的方法 |
CN101340497A (zh) * | 2008-08-11 | 2009-01-07 | 中兴通讯股份有限公司 | 一种降低VoIP媒体网关设备功耗的方法及装置 |
CN101931592A (zh) * | 2010-08-26 | 2010-12-29 | 北京科技大学 | 一种基于wsn的矿下安全监控系统网关设备 |
WO2016169218A1 (zh) * | 2015-04-22 | 2016-10-27 | 中兴通讯股份有限公司 | 一种网关虚拟化方法、系统及计算机存储介质 |
CN108377222A (zh) * | 2018-01-15 | 2018-08-07 | 顺丰科技有限公司 | 基于软件的负载均衡实现方法、装置、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN112787947A (zh) | 2021-05-11 |
EP4047885A4 (en) | 2022-11-16 |
US20220272003A1 (en) | 2022-08-25 |
MX2022005625A (es) | 2022-06-14 |
CN112787947B (zh) | 2022-12-13 |
JP2023500958A (ja) | 2023-01-11 |
CN116032763A (zh) | 2023-04-28 |
CN116032762A (zh) | 2023-04-28 |
US11843518B2 (en) | 2023-12-12 |
CA3157038A1 (en) | 2021-05-20 |
JP7383145B2 (ja) | 2023-11-17 |
EP4047885A1 (en) | 2022-08-24 |
US20240089178A1 (en) | 2024-03-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10616077B2 (en) | System architecture and methods for controlling and managing networking devices and expediting new service delivery in a subscriber's home network using micro-domains | |
CN108616490B (zh) | 一种网络访问控制方法、装置及系统 | |
CN110311929B (zh) | 一种访问控制方法、装置及电子设备和存储介质 | |
US11336696B2 (en) | Control access to domains, servers, and content | |
RU2562438C2 (ru) | Сетевая система и способ управления сетью | |
WO2018028606A1 (zh) | 转发策略配置 | |
US10701582B2 (en) | Dynamic application QoS profile provisioning | |
US20150156079A1 (en) | Methods and Apparatus to Dynamically Provide Network Policies | |
WO2018137384A1 (zh) | 一种调整转发路径的方法、装置及系统 | |
WO2011032321A1 (zh) | 一种数据转发方法、数据处理方法、系统以及相关设备 | |
EP2814217B1 (en) | Access control method for wifi device and wifi device thereof | |
KR20190029486A (ko) | 탄력적 허니넷 시스템 및 그 동작 방법 | |
US20240089178A1 (en) | Network service processing method, system, and gateway device | |
WO2022214019A1 (zh) | 一种部署网络设备的方法、装置、设备、系统及存储介质 | |
US11533335B2 (en) | Fast internetwork reconnaissance engine | |
US10657093B2 (en) | Managing actions of a network device based on policy settings corresponding to a removable wireless communication device | |
JP6044020B2 (ja) | データパケット処理の方法、システム、およびデバイス | |
US9467932B2 (en) | Access control method for WiFi device and WiFi device | |
KR20210016802A (ko) | 소프트웨어 정의 네트워킹 환경에서 서버-클라이언트 기반의 네트워크 서비스를 위한 플로우 테이블을 최적화하는 방법 및 이를 위한 sdn 스위치 | |
WO2013159591A1 (zh) | 一种区分无线终端的方法及装置 | |
JP2013126219A (ja) | 転送サーバおよび転送プログラム | |
JP5622088B2 (ja) | 認証システム、認証方法 | |
Frank et al. | Securing smart homes with openflow | |
WO2012155584A1 (zh) | 一种网元设备鉴权管理的方法及系统 | |
JP4638513B2 (ja) | 通信制御装置及び通信制御方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20888021 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 3157038 Country of ref document: CA |
|
ENP | Entry into the national phase |
Ref document number: 2022526740 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2020888021 Country of ref document: EP Effective date: 20220520 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |