WO2021139788A1 - Procédé, système, appareil de configuration de passerelle en nuage et support de stockage lisible par ordinateur - Google Patents

Procédé, système, appareil de configuration de passerelle en nuage et support de stockage lisible par ordinateur Download PDF

Info

Publication number
WO2021139788A1
WO2021139788A1 PCT/CN2021/070925 CN2021070925W WO2021139788A1 WO 2021139788 A1 WO2021139788 A1 WO 2021139788A1 CN 2021070925 W CN2021070925 W CN 2021070925W WO 2021139788 A1 WO2021139788 A1 WO 2021139788A1
Authority
WO
WIPO (PCT)
Prior art keywords
api
gateway
target node
component
service
Prior art date
Application number
PCT/CN2021/070925
Other languages
English (en)
Chinese (zh)
Inventor
梁党卫
臧磊
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021139788A1 publication Critical patent/WO2021139788A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration

Definitions

  • the embodiments of the present application relate to the field of cloud technology, and in particular, to a cloud gateway configuration method, system, device, and computer-readable storage medium.
  • cloud gateway refers to the cloud storage gateway in cloud storage technology, which allows users to access cloud services provided by cloud service providers without changing the interface design and using the original access method.
  • the cloud gateway can provide various services such as voice, video, information security, information management, and information monitoring.
  • the cloud gateway can be used to receive user-side requests, request the cloud service provider for the content required by the user-side according to the user-side request, and can also be used to provide cloud service providers with signature authentication, log records, and other various types. service.
  • the inventor realizes that there is currently no connection solution based on an open cloud gateway, and the degree of integration of the systems of the connected parties is low.
  • the cloud gateway configuration method includes: monitoring gateway configuration data stored in a tree structure in a collaborative service cluster, wherein the tree structure includes multiple One API corresponds to multiple nodes; determine whether the multiple nodes include at least one target node, wherein the at least one target node includes a data change node and/or a new node; if the multiple nodes include The at least one target node updates the gateway configuration of the API corresponding to each target node in the at least one target node to obtain the latest network configuration of each API; and configures the gateway processing according to the latest network configuration of each API Logical model.
  • the cloud gateway configuration system includes a monitoring module for monitoring gateway configuration data stored in a tree structure in a collaborative service cluster, wherein the tree
  • the state structure includes multiple nodes corresponding to multiple APIs one-to-one; a judging module is used to judge whether the multiple nodes include at least one target node, wherein the at least one target node includes a data change node and/or a new Adding a node; an update module, configured to update the gateway configuration of the API corresponding to each target node in the at least one target node if the at least one target node is included in the plurality of nodes, so as to obtain the latest network of each API Configuration;
  • the configuration module is used to configure the gateway processing logic model according to the latest network configuration of each API.
  • An aspect of the embodiments of the present application further provides a computer device.
  • the computer device includes a memory, a processor, and a computer program stored in the memory and running on the processor, wherein the processor executes the computer
  • the program is used to implement the following steps:
  • Monitoring gateway configuration data stored in a tree structure in the collaborative service cluster where the tree structure includes multiple nodes corresponding to multiple APIs one-to-one;
  • the multiple nodes include at least one target node, where the at least one target node includes a data change node and/or a newly added node;
  • the gateway configuration of the API corresponding to each target node in the at least one target node to obtain the latest network configuration of each API
  • the gateway processing logic model is configured.
  • An aspect of the embodiments of the present application further provides a computer-readable storage medium having a computer program stored in the computer-readable storage medium, and the computer program may be executed by at least one processor, so that the at least one The processor performs the following steps:
  • Monitoring gateway configuration data stored in a tree structure in the collaborative service cluster where the tree structure includes multiple nodes corresponding to multiple APIs one-to-one;
  • the multiple nodes include at least one target node, where the at least one target node includes a data change node and/or a newly added node;
  • the gateway configuration of the API corresponding to each target node in the at least one target node to obtain the latest network configuration of each API
  • the gateway processing logic model is configured.
  • FIG. 1 schematically shows an application environment diagram of a cloud gateway configuration method according to Embodiment 1 of the present application
  • FIG. 2 schematically shows a flowchart of a cloud gateway configuration method according to Embodiment 1 of the present application
  • FIG. 3 schematically shows a newly added flowchart of a cloud gateway configuration method according to Embodiment 1 of the present application
  • Fig. 4 schematically shows a block diagram of a cloud gateway configuration system according to the second embodiment of the present application.
  • Fig. 5 schematically shows a schematic diagram of a hardware architecture of a computer device suitable for implementing a cloud gateway configuration method according to the third embodiment of the present application.
  • Fig. 1 schematically shows an environmental application diagram of the cloud gateway configuration method according to the first embodiment of the present application.
  • the environmental application diagram includes a computer device 2, a collaborative service cluster 4, a gateway management platform 6, a service consumer 8 and a service provider 10. among them:
  • Computer equipment 2 is a cloud gateway or an electronic device with cloud gateway function, used as an export of enterprise data and services, and can provide various services such as voice, video, information security, information management, and information monitoring.
  • Cooperative service cluster 4 can be a zookeeper cluster.
  • zookeeper is developed by Yahoo, mainly used to support distributed systems, used to solve the coordination of distributed systems (coordinating tasks), by providing general functions, so that application developers can focus on their own business functions, Instead of paying attention to the coordination of distributed systems.
  • the zookeeper cluster is used to provide coordination services for users' distributed applications.
  • the gateway management platform 6 may be used to receive user operations, and the user operations include API (Application Programming Interface, application programming interface) management, configuration, testing, release, offline, etc.
  • API Application Programming Interface
  • application programming interface application programming interface
  • Service consumer 8 which can be a smart phone, a tablet personal computer (tablet personal computer), laptop computer (laptop computer), desktop computers, workstations, virtual reality devices, game devices, set-top boxes, digital streaming media devices, vehicle terminals, smart TVs, set-top boxes, e-book readers and other electronic devices, can also be virtualized computing instances.
  • the service provider 10 is used to provide services for service consumers.
  • the service provider 10 may be a rack server, a blade server, a tower server or a cabinet server (including an independent server or a server cluster composed of multiple servers).
  • the service provider 10 provides an API interface for real-time calling.
  • the service provider 10 may be various enterprise servers, such as banks and other financial institutions, technology companies, and so on.
  • Fig. 2 schematically shows a flowchart of a cloud gateway configuration method according to Embodiment 1 of the present application. It can be understood that the flowchart in this method embodiment is not used to limit the order of execution of the steps. The following exemplarily describes the computer device 2 as the execution subject.
  • the cloud gateway configuration method may include steps S200 to S206, where:
  • Step S200 Monitor the gateway configuration data stored in a tree structure in the collaborative service cluster 4, where the tree structure includes multiple nodes corresponding to multiple APIs one-to-one.
  • the collaborative service cluster 4 stores gateway configuration data through a tree structure, for example: /gateway/org/group/api; if a certain API changes, update the version information of the corresponding node in the tree structure to complete The event registration operation of the API change event.
  • the computer equipment 2 is connected to the collaborative service cluster 4 and the gateway management platform 6 respectively.
  • the gateway management platform 6 will modify the API parameters of the corresponding API, or add an API, etc.
  • the gateway management platform 6 will initiate an API change event and send the API change event to the collaborative service cluster 4.
  • the collaborative service cluster 4 After the collaborative service cluster 4 receives the API change event sent by the gateway management platform 6, it will modify the version information of the corresponding node in the tree structure to update the gateway configuration data, that is, update the corresponding node in the data structure. Version information to complete event registration.
  • the changed API is the API whose interface description, interface address, request method, request parameter, etc. have changed.
  • Step S202 Determine whether the plurality of nodes include at least one target node, where the at least one target node includes a data change node and/or a newly added node.
  • the computer device 2 can monitor whether the gateway configuration data in the collaborative service cluster 4 has changed through an event listener, for example, monitor whether the collaborative service cluster 4 has a new registration event, and determine the target according to the new registration event node.
  • the API change event indicates that the API in the gateway management platform 6 has changed or added API.
  • the step S202 may include the following steps: detecting whether the version information of each of the multiple nodes has changed; and if the node includes a node whose version information has changed, then The node whose version information has changed is determined as the target node.
  • Step S204 If the at least one target node is included in the multiple nodes, update the gateway configuration of the API corresponding to each target node in the at least one target node to obtain the latest network configuration of each API.
  • the computer device 2 can obtain the network configuration of the API corresponding to each target node in various ways, such as sending a download request directly.
  • a management platform interface is configured in the gateway management platform 6 through which relevant information can be obtained. Therefore, the computer device 2 can request the gateway management platform 6 to feed back the corresponding network configuration according to the node information of the target node (for example, the identification number of the API corresponding to the target node, etc.).
  • the step S204 may include the following steps: sending a gateway configuration update request to the gateway management platform 6, so that the gateway management platform 6 returns the latest gateway configuration of the API corresponding to each target node; and receiving the gateway management platform 6 The latest gateway configuration of the API corresponding to each target node is returned; and according to the latest gateway configuration of the API corresponding to each target node, the current gateway configuration of the API corresponding to the target node is updated.
  • Step S206 Configure the gateway processing logic model according to the latest network configuration of each API.
  • the computer device 2 may load the latest network configuration of each API into the memory, and configure the gateway processing logic model: configure a filter chain for each API and filter the Multiple filters in the filter chain are instantiated to obtain multiple corresponding instances. That is, each API can only have at least one filter chain. Each filter chain can include multiple instances, and each instance corresponds to a business logic.
  • the so-called filter chain includes multiple filters in a sequential order to achieve layer-by-layer filtering. Specifically: It is used to perform filtering operations on user requests according to the order defined in the filter chain, that is, to do some pre-processing/post-processing on application requests or responses.
  • the filter chain can be used for authentication/authorization/logging, etc.
  • the so-called instance can include priority attribute, assertion attribute and run method.
  • the priority attribute is used to determine the order in which each instance is executed in the filter chain; the assertion attribute is used to determine whether the instance is executed; the run method is used to start or create threads for processing business logic, such as signatures Verification, authorization verification, concurrent current limiting, URI rewriting, etc.
  • the instance needs to rely on the component or call the component to complete the corresponding operation.
  • the computer device 2 may be configured for multiple components to be invoked by the multiple instances.
  • the multiple components include one or more of the following: a routing component, a parameter conversion component, an API orchestration component, a current limiting protection component, a fuse protection component, a service degradation component, an encryption signature component, an authorization verification component, a logging component, etc.
  • the computer device 2 may be configured with a plug-in component, and the plug-in may be abstractly defined according to various business rules.
  • Each plug-in corresponds to a business rule, for example: plug-in 1, which authorizes each service consumer 8 according to the time zone; plug-in 2, which authorizes each service consumer 8 according to the number of calls; this plug-in 1 and plug-in 2 are based on different The authorization rules are defined.
  • the instance is used to execute business logic according to pre-defined rules, and its specific business level can be completed by calling one or more plug-ins.
  • business logic and business rules can be unbound, thereby facilitating configuration and combination.
  • the computer device 2 may be configured with an API orchestration component.
  • the API orchestration component is configured to: according to the orchestration JSON template provided by the gateway service platform, call various API services in order for user requests.
  • the gateway service platform 6 performs an orchestration operation on the API according to user operations, and generates an orchestration JSON template.
  • the layout JSON template includes: a, calling methods: serial calling and parallel calling; b, setting parameter conversion and processing logic for each API.
  • the computer device 2 processes serial arrangement one by one in order, and each call includes pre-processing, routing and post-processing; for parallel arrangement, it uses thread pool to process each in parallel.
  • a proxy service is called, and then the aggregation result is returned to the service consumer8. That is, when the computer device 2 receives a user request, it will call multiple API services according to the orchestration operation to obtain feedback data from the service provider 10, and process the feedback data (for example, integrate the feedback data), and Return the integrated data to the service consumer8.
  • the computer device 2 may be configured with a current limiting protection component.
  • the current limit protection component is configured to monitor the request count of the request count window based on the sliding window algorithm to obtain the request count of the current window, and determine whether to execute the limit according to the request count of the current window and the request count of the previous window. Stream operations.
  • the current limiting protection component is configured to perform the following steps: taking N seconds as a request counting window, monitoring the request count of each request counting window based on a sliding window algorithm; when a request arrives, calculating according to the request time In the proportion of the current window, the request count of the previous window and the current window is accumulated and counted according to the weight. If it does not exceed the limit, it will be processed normally, otherwise it will directly refuse to process and return the current limit response code.
  • the current limiting protection component can be used to avoid service downtime of the service provider 10 caused by a sudden increase in the amount of requests.
  • the above request count based on the sliding window algorithm is only one of the measures for current limiting protection.
  • Some values of IP, interface, user dimension, and request parameters can also be used as decision parameters for current limiting protection.
  • the computer device 2 may be equipped with a fuse protection component.
  • the fuse protection component includes a closed state, a half-open state, and an open state, and is configured to enter the half-open state if the number of failed API calls within a preset time window reaches a preset threshold if it is in the closed state; if In the half-open state, if each call to the API is successful, it will be restored from the half-open state to the closed state; if it is in the open state, the timer operation will be started, and when the timer reaches the predetermined time, it will be restored from the open state to the half-open state status.
  • the computer device 2 may adopt a fuse model, and configure the fuse to be configured with three state machines: closed, half-open, and open.
  • the fuse is further configured as:
  • the service efficiency of the service provider 10 can be effectively improved, and a system avalanche that may be caused by service overload can be avoided.
  • the fuse protection is used to: when the service provider 10 is overloaded or the interface is unavailable, the service consumer 8 may continue to send requests due to request failures, resulting in an avalanche of the service provider 10. When the fuse is in the disconnected state, the fuse blocks the service consumer's access to the service provider 10, and directly returns a failure message to the service consumer 8 or returns a degraded response.
  • the computer device 2 may be configured with a service degradation component.
  • the service degradation component is configured to stop data processing and return a degraded return code or message when the service state of the service provider is in a degraded state.
  • the service degradation component may be configured to: through the service status and a custom degraded return code and message, when the service status is in the degraded state, no service is processed and the degraded return code and message are directly returned.
  • the computer device 2 may be configured with a cryptographic signature component.
  • the cryptographic signature component is configured as:
  • Step S300 Receive an encryption request carrying the first signature private key SK1 sent by the service consumer 8.
  • the encryption request carrying the signature private key SK1 is obtained based on the service consumer identification number and the first signature private key SK1.
  • the service consumer 8 obtains the corresponding service consumer identification number (ID) and the first signature private key SK1 by registering the application of the service provider; when the service consumer 8 wants to access the service provider 10, the service parameter And ID are arranged in a natural order and then hashed to generate signature content, the signature content is cryptographically signed with the first signature private key SK1 to generate the encryption request carrying the first signature private key SK1; and The encryption request carrying the first signature private key SK1 is sent to the computer device 2 through the HTTPS protocol.
  • ID service consumer identification number
  • SK1 service consumer identification number
  • the service consumer 8 obtains the corresponding service consumer identification number (ID) and the first signature private key SK1 by registering the application of the service provider; when the service consumer 8 wants to access the service provider 10, the service parameter And ID are arranged in a natural order and then hashed to generate signature content, the signature content is cryptographically signed with the first signature private key SK1 to generate the encryption request carrying the first signature private key SK1; and The encryption request carrying the
  • the service parameters depend on the scenario. Taking face authentication as an example, the service parameters include ID number, face image, and system parameters, such as calling agency code, service agency code, and so on.
  • the gateway can be applied to various scenarios, which will not be repeated here.
  • Step S302 Perform signature verification with the first signature public key PK1 corresponding to the first signature private key SK1 to obtain the decrypted service parameters and the service consumer identification number.
  • Step S304 encrypt the decrypted service parameters and the service consumer identification number according to the second signature private key SK2, and generate an encryption request carrying the second signature private key SK2.
  • the second signature private key SK2 is predefined by the API, and it corresponds to the second signature public key PK2 of the service provider 10; the service provider 10 creates an API group, registers the API, and obtains the second signature public key of the API PK2;
  • Step S306 Forward the encryption request carrying the second signature private key SK2 to the service provider 10, so that the service provider 10 performs a decryption operation through the second signature public key PK2 to carry the second signature private key
  • the encryption request of SK2 performs the corresponding operation.
  • the service provider 10 determines that the encryption request carrying the second signature private key SK2 comes from the computer device 2, the corresponding processing operation is executed according to the service parameters; if it is determined that the second signature private key SK2 is carried If the encryption request does not come from the computer device 2, the encryption request carrying the second signature private key SK2 is rejected.
  • the computer device 2 may be configured with an authorization verification component.
  • the authorization verification component is configured to verify authorization according to a preset authorization rule through the authorization filter, and return a code value that rejects the request when the authorization is invalid; the preset authorization rule includes call time, call times, and/or Concurrent number.
  • the authorization filter will verify the authorization according to the preset authorization rules, and when the authorization is invalid, the code value that rejects the request will be returned;
  • the preset authorization rules are configured by the service provider 10 on the gateway management platform 6, the The preset authorization rules include call time, call times, concurrent numbers, etc.; when the computer device 2 receives an API docking request from the service consumer 8, it performs authorization verification on the request according to the preset authorization rule.
  • the computer device 2 may be configured with a logging component.
  • the log recording component is configured to generate a serial number for each call event, and asynchronously send the associated information associated with the call event to the message platform.
  • the log recording component may be configured to generate a transNo serial number according to each call event, and asynchronously send information such as appId, signature, response code, and error message to the message platform, so that the log audit system can record ; According to the request status, parameter processing, flow restriction, business processing, billing status, etc., different response codes are returned, so that, for example, the audit billing system can calculate according to business rules.
  • the embodiment of the present application can implement an open gateway configuration for the computer device 2 through the integrated architecture between the collaborative service cluster 4, the gateway management platform 6 and the computer device 2.
  • financial institutions and technology companies can develop apps according to their own needs and modify or add APIs on the gateway management platform 6.
  • the gateway management platform 6 will synchronize all API modifications or new messages to the tree structure of the collaborative service cluster 4.
  • the computer device 2 can obtain the latest network configuration of each API from the gateway management platform 4 in real time according to the node information of each node.
  • each service provider can write the network configuration of the API developed or modified by itself into the computer device 2, and each party can use the computer device 2 as the center to call a third-party API to meet its own business needs, that is, each party The computer equipment 2 can be used as the center for integration to improve the degree of integration of all connected systems.
  • the embodiment of the application can obtain the modified or newly added information of the API in real time by monitoring the collaborative service cluster, and then obtain the latest network configuration of each node, so that the API developed or modified by each service provider can be automatically configured to the cloud in an open manner.
  • the gateway the open configuration of the cloud gateway is realized.
  • each service provider can write the network configuration of the API developed or modified by itself into the cloud gateway, so that all parties can integrate with the cloud gateway as the center, and improve the degree of integration of the systems of all parties connected.
  • Fig. 4 schematically shows a block diagram of a cloud gateway configuration system according to Embodiment 2 of the present application.
  • the cloud gateway configuration system can be divided into one or more program modules, and the one or more program modules are stored in a storage medium, It is executed by one or more processors to complete the embodiments of the present application.
  • the program module referred to in the embodiment of the present application refers to a series of computer program instruction segments that can complete specific functions. The following description will specifically introduce the function of each program module in this embodiment.
  • the cloud gateway configuration system 400 may include a monitoring module 410, a judgment module 420, an update module 430, and a configuration module 440, where:
  • the monitoring module 410 is configured to monitor gateway configuration data stored in a tree structure in the collaborative service cluster, where the tree structure includes multiple nodes corresponding to multiple APIs one-to-one.
  • the determining module 420 is configured to determine whether the plurality of nodes includes at least one target node, where the at least one target node includes a data change node and/or a newly added node.
  • the update module 430 is configured to, if the at least one target node is included in the plurality of nodes, update the gateway configuration of the API corresponding to each target node in the at least one target node to obtain the latest network configuration of each API.
  • the configuration module 440 is configured to configure the gateway processing logic model according to the latest network configuration of each API.
  • the judging module 420 is further configured to: detect whether the version information of each node among the multiple nodes has changed; if the node includes a node whose version information has changed, use the version The node whose information has changed is determined as the target node.
  • the version information of each node is updated according to an API change event sent by a gateway management platform connected to the collaborative service cluster, and the API change event indicates that an API in the gateway management platform is changed or an API is added.
  • the update module 430 is further configured to: send a gateway configuration update request to the gateway management platform, so that the gateway management platform returns the latest gateway configuration of the API corresponding to each target node; The latest gateway configuration of the API corresponding to each target node returned by the management platform; and, according to the latest gateway configuration of the API corresponding to each target node, update the current gateway configuration of the API corresponding to the target node.
  • the configuration module 440 is further used to: load the latest network configuration of each API into the memory, configure the gateway processing logic model: configure a filter chain for each API, and Multiple filters in the filter chain are instantiated to obtain corresponding multiple instances.
  • the configuration module 440 is further configured to: configure multiple components for the multiple instances to call; the multiple components include one or more of the following: routing components, parameter conversion components, API orchestration component, current limiting protection component, fuse protection component, service degradation component, cryptographic signature component, authorization verification component, and logging component; wherein: the API orchestration component is configured to: according to the orchestration provided by the gateway service platform The JSON template calls each API service in order for user requests; the current limiting protection component is configured to monitor the request count of the request count window based on the sliding window algorithm to obtain the request count of the current window, and the request count of the current window And the request count of the previous window to determine whether to perform the current limiting operation; the fuse protection component, including the closed state, the half-open state, and the open state, is configured to: if it is in the closed state, the API will be processed within a preset time window.
  • the service degradation component is configured to: when the service state of the service provider is in the degraded state, stop data processing and return a degraded return code or message;
  • the authorization verification component is configured to verify authorization according to preset authorization rules through the authorization filter, and return a code value that rejects the request when the authorization is invalid;
  • the preset authorization rules include call time, call times, and/or Concurrent number;
  • the logging component is configured to generate a serial number for each call event, and asynchronously send the associated information associated with the call event to the message platform.
  • the encryption signature component is configured to: receive an encryption request carrying a first signature private key sent by a service consumer, and the encryption request carrying a signature private key is based on the service consumer identification number and the first signature private key.
  • a signature private key is obtained; signature verification is performed through the first signature public key corresponding to the first signature private key, and the decrypted service parameters and service consumer identification number are obtained; the decrypted service parameters are obtained according to the second signature private key
  • the service parameters and the service consumer identification number are encrypted to generate an encryption request carrying the second signature private key; and the encryption request carrying the second signature private key is forwarded to the service provider so that the service provider can pass the second signature private key
  • the signature public key performs a decryption operation to perform a corresponding operation according to the encryption request carrying the second signature private key.
  • the configuration module 440 is further configured to: configure multiple plug-ins for invocation of the multiple instances, wherein each plug-in corresponds to one business rule.
  • FIG. 5 schematically shows a schematic diagram of the hardware architecture of a computer device 2 suitable for implementing the cloud gateway configuration method according to the third embodiment of the present application.
  • the computer device 2 is a device that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions.
  • it can be a rack server, a blade server, a tower server, or a cabinet server (including an independent server or a server cluster composed of multiple servers) with a gateway function.
  • the computer device 6 at least includes but is not limited to: a memory 510, a processor 520, and a network interface 530 that can communicate with each other through a system bus. among them:
  • the memory 510 may be volatile or non-volatile.
  • the memory 510 includes at least one type of computer-readable storage medium.
  • the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), and static random access memory.
  • SRAM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • PROM programmable read-only memory
  • magnetic memory magnetic disks, optical disks, etc.
  • the memory 510 may be an internal storage module of the computer device 2, for example, the hard disk or memory of the computer device 2.
  • the memory 510 may also be an external storage device of the computer device 2, for example, a plug-in hard disk equipped on the computer device 2, a smart memory card (Smart Media Card, referred to as SMC), and a secure digital (Secure Digital). Digital, abbreviated as SD) card, flash card (Flash Card), etc.
  • the memory 510 may also include both the internal storage module of the computer device 2 and its external storage device.
  • the memory 510 is generally used to store the operating system and various application software installed in the computer device 2, such as the program code of the cloud gateway configuration method.
  • the memory 510 may also be used to temporarily store various types of data that have been output or will be output.
  • the processor 520 may be a central processing unit (Central Processing Unit) in some embodiments. Processing Unit, referred to as CPU), controller, microcontroller, microprocessor, or other data processing chip.
  • the processor 520 is generally used to control the overall operation of the computer device 2, for example, to perform data interaction or communication-related control and processing with the computer device 2.
  • the processor 520 is configured to run program codes stored in the memory 510 or process data.
  • the network interface 530 may include a wireless network interface or a wired network interface, and the network interface 530 is generally used to establish a communication link between the computer device 2 and other computer devices.
  • the network interface 530 is used to connect the computer device 2 to an external terminal through a network, and to establish a data transmission channel and a communication link between the computer device 2 and the external terminal.
  • the network can be an intranet (Intranet), the Internet (Internet), a global system of mobile communications (Global System of Mobile communication, GSM for short), Wideband Code Division Multiple Access (WCDMA for short), 4G network, 5G network, Bluetooth, Wi-Fi and other wireless or wired networks.
  • FIG. 5 only shows a computer device with components 510-530, but it should be understood that it is not required to implement all the components shown, and more or fewer components may be implemented instead.
  • the cloud gateway configuration method stored in the memory 510 can also be divided into one or more program modules and executed by one or more processors (the processor 520 in this embodiment) to complete Examples of this application.
  • This embodiment also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented:
  • Monitoring gateway configuration data stored in a tree structure in the collaborative service cluster where the tree structure includes multiple nodes corresponding to multiple APIs one-to-one;
  • the multiple nodes include at least one target node, where the at least one target node includes a data change node and/or a newly added node;
  • the gateway configuration of the API corresponding to each target node in the at least one target node to obtain the latest network configuration of each API
  • the gateway processing logic model is configured.
  • the computer-readable storage medium may be volatile or non-volatile.
  • Computer-readable storage media include flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electronic memory Erase programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, etc.
  • the computer-readable storage medium may be an internal storage unit of a computer device, such as a hard disk or memory of the computer device.
  • the computer-readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk or a smart memory card (Smart Memory Card) equipped on the computer device.
  • Media Card referred to as SMC
  • Secure Digital Secure Digital
  • SD Secure Digital
  • flash memory card Flash Card
  • the computer-readable storage medium may also include both the internal storage unit and the external storage device of the computer device.
  • the computer-readable storage medium is generally used to store the operating system and various application software installed in the computer device, such as the program code of the cloud gateway configuration method in the embodiment.
  • the computer-readable storage medium can also be used to temporarily store various types of data that have been output or will be output.
  • modules or steps of the embodiments of the present application described above can be implemented by a general computing device, and they can be concentrated on a single computing device or distributed among multiple computing devices.
  • they can be implemented by the program code executable by the computing device, so that they can be stored in the storage device for execution by the computing device, and in some cases, they can be different from here
  • the steps shown or described are executed in the order of, or they are respectively fabricated into individual integrated circuit modules, or multiple modules or steps of them are fabricated into a single integrated circuit module to achieve. In this way, the embodiments of the present application are not limited to any specific combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente demande concerne, selon un mode de réalisation, un procédé de configuration de passerelle en nuage. Le procédé de configuration de passerelle en nuage consiste à : surveiller des données de configuration de passerelle stockées sous la forme d'une structure arborescente dans un groupe de services collaboratifs, la structure arborescente comprenant de multiples nœuds en correspondance biunivoque avec de multiples API ; déterminer si les multiples nœuds comprennent un ou plusieurs nœuds cibles, le ou les nœuds cibles comprenant un nœud de changement de données et/ou un nœud d'addition ; si les multiples nœuds comprennent le ou les nœuds cibles, mettre à jour une configuration de passerelle d'API correspondant à chacun du ou des nœuds cibles pour obtenir une configuration de réseau à jour pour chaque API ; et configurer un modèle logique de traitement de passerelle conformément à la configuration de réseau à jour pour chaque API. Le mode de réalisation de la présente demande permet une configuration ouverte de passerelles en nuage et améliore le niveau d'intégration pour divers systèmes accédant aux passerelles en nuage.
PCT/CN2021/070925 2020-01-09 2021-01-08 Procédé, système, appareil de configuration de passerelle en nuage et support de stockage lisible par ordinateur WO2021139788A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010023851.3A CN111049695A (zh) 2020-01-09 2020-01-09 云网关配置方法和系统
CN202010023851.3 2020-01-09

Publications (1)

Publication Number Publication Date
WO2021139788A1 true WO2021139788A1 (fr) 2021-07-15

Family

ID=70244260

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/070925 WO2021139788A1 (fr) 2020-01-09 2021-01-08 Procédé, système, appareil de configuration de passerelle en nuage et support de stockage lisible par ordinateur

Country Status (2)

Country Link
CN (1) CN111049695A (fr)
WO (1) WO2021139788A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113839961A (zh) * 2021-11-25 2021-12-24 北京华电众信技术股份有限公司 控制网关设备的方法、装置以及计算机可读存储介质

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111049695A (zh) * 2020-01-09 2020-04-21 深圳壹账通智能科技有限公司 云网关配置方法和系统
CN112260876B (zh) * 2020-10-26 2022-08-16 欧冶云商股份有限公司 动态网关路由配置方法、平台、计算机设备及存储介质
CN112543118A (zh) * 2020-11-25 2021-03-23 浪潮云信息技术股份公司 一种基于配置实现api网关接口编排的方法
CN112615786B (zh) * 2020-12-04 2023-04-04 北京神州泰岳软件股份有限公司 路由确定方法、装置、电子设备及计算机可读存储介质
CN112527701A (zh) * 2020-12-11 2021-03-19 深圳航天智慧城市系统技术研究院有限公司 多系统联动控制方法、装置、设备和计算机可读存储介质
CN112799734B (zh) * 2021-01-07 2024-04-19 广州虎牙科技有限公司 一种流程管理方法、图像处理方法及其对应的平台和装置
CN112948856B (zh) * 2021-03-03 2022-11-15 电信科学技术第五研究所有限公司 一种防篡改可信的网络协同管控系统及实现方法
CN113110887B (zh) * 2021-03-31 2023-07-21 联想(北京)有限公司 一种信息处理方法、装置、电子设备和存储介质
CN113132114B (zh) * 2021-04-22 2023-03-10 广州市品高软件股份有限公司 多云管统一接口网关的实现方法、装置、介质及设备
CN113452617B (zh) * 2021-06-24 2023-12-19 上海豹云网络信息服务有限公司 动态网关路由管理方法、装置及存储介质
CN113765701B (zh) * 2021-08-02 2024-02-20 中企云链(北京)金融信息服务有限公司 一种基于永久内存缓存的网关控制方法
CN114448786B (zh) * 2021-12-27 2024-06-07 天翼云科技有限公司 一种网关配置处理方法、装置、系统及计算机设备
CN114726773A (zh) * 2022-03-23 2022-07-08 阿里云计算有限公司 云网络系统、报文转发方法、芯片及云网关设备
CN115225493B (zh) * 2022-07-11 2023-11-28 上海焜耀网络科技有限公司 一种基于wireguard的组网节点的配置生成方法及设备
CN115865670B (zh) * 2023-02-27 2023-06-16 灵长智能科技(杭州)有限公司 基于内核调优的web安全网关并发性能调节方法及装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9936005B1 (en) * 2017-07-28 2018-04-03 Kong Inc. Systems and methods for distributed API gateways
CN108234653A (zh) * 2018-01-03 2018-06-29 马上消费金融股份有限公司 一种处理业务请求的方法及装置
US20190018670A1 (en) * 2017-07-13 2019-01-17 Vmware, Inc. Method to deploy new version of executable in node based environments
CN110149364A (zh) * 2019-04-15 2019-08-20 厦门市美亚柏科信息股份有限公司 基于数据服务平台提供微服务的方法、装置、存储介质
CN111049695A (zh) * 2020-01-09 2020-04-21 深圳壹账通智能科技有限公司 云网关配置方法和系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9477936B2 (en) * 2012-02-09 2016-10-25 Rockwell Automation Technologies, Inc. Cloud-based operator interface for industrial automation
CN105827446B (zh) * 2016-03-31 2019-04-30 深圳市金溢科技股份有限公司 一种智能交通api网关及智能交通业务系统
CN106533944B (zh) * 2016-12-29 2020-04-28 金蝶软件(中国)有限公司 一种分布式api网关、管理方法及管理系统
CN108965007B (zh) * 2018-07-19 2021-08-27 北京车和家信息技术有限公司 Api网关接口配置更新方法及装置
CN109582441A (zh) * 2018-11-30 2019-04-05 北京百度网讯科技有限公司 用于提供容器服务的系统、方法和装置
CN110493067B (zh) * 2019-09-05 2022-02-18 中国银联股份有限公司 一种api网关服务更新的方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190018670A1 (en) * 2017-07-13 2019-01-17 Vmware, Inc. Method to deploy new version of executable in node based environments
US9936005B1 (en) * 2017-07-28 2018-04-03 Kong Inc. Systems and methods for distributed API gateways
CN108234653A (zh) * 2018-01-03 2018-06-29 马上消费金融股份有限公司 一种处理业务请求的方法及装置
CN110149364A (zh) * 2019-04-15 2019-08-20 厦门市美亚柏科信息股份有限公司 基于数据服务平台提供微服务的方法、装置、存储介质
CN111049695A (zh) * 2020-01-09 2020-04-21 深圳壹账通智能科技有限公司 云网关配置方法和系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113839961A (zh) * 2021-11-25 2021-12-24 北京华电众信技术股份有限公司 控制网关设备的方法、装置以及计算机可读存储介质

Also Published As

Publication number Publication date
CN111049695A (zh) 2020-04-21

Similar Documents

Publication Publication Date Title
WO2021139788A1 (fr) Procédé, système, appareil de configuration de passerelle en nuage et support de stockage lisible par ordinateur
US11271948B2 (en) System, method, and computer program for verifying virtual network function (VNF) package and/or network service definition integrity
CN109417576B (zh) 用于为云应用提供合规要求的传输的系统和方法
US20190317757A1 (en) Deployment of infrastructure in pipelines
JP7228322B2 (ja) ブロックチェーン・ネットワークにおける自動コミット・トランザクション管理
US11418532B1 (en) Automated threat modeling using machine-readable threat models
CN111108733B (zh) 在基于网络功能虚拟化(nfv)的通信网络和软件定义的网络(sdns)中提供安全性的系统、方法和计算机程序
US20180217871A1 (en) Discovering and publishing api information
US9774541B1 (en) System, method, and computer program for generating an orchestration data tree utilizing a network function virtualization orchestrator (NFV-O) data model
US9794160B1 (en) System, method, and computer program for testing composite services in a communication network utilizing test data
US11017387B2 (en) Cryptographically assured zero-knowledge cloud services for elemental transactions
CN110710161A (zh) 生成网络的设备级逻辑模型
US9912573B1 (en) System, method, and computer program for testing a network service associated with a communications network
US20170019455A1 (en) Service onboarding
US10282461B2 (en) Structure-based entity analysis
US20220321602A1 (en) Frictionless supplementary multi-factor authentication for sensitive transactions within an application session
WO2023051232A1 (fr) Système de grappe informatique, procédé d'authentification de sécurité, dispositif de nœud et support de stockage
US10192262B2 (en) System for periodically updating backings for resource requests
AU2015404396B2 (en) Federated marketplace portal
CN115934202A (zh) 一种数据管理方法、系统、数据服务网关及存储介质
US10027569B1 (en) System, method, and computer program for testing virtual services
US10013237B2 (en) Automated approval
US11356505B2 (en) Hybrid cloud compliance and remediation services
Rahman et al. Blockchain-enabled SLA compliance for crowdsourced edge-based network function virtualization
US11595471B1 (en) Method and system for electing a master in a cloud based distributed system using a serverless framework

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21738334

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 09/11/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 21738334

Country of ref document: EP

Kind code of ref document: A1