WO2022047890A1 - Blockchain-based sd-wan service system, and implementation method for same - Google Patents

Blockchain-based sd-wan service system, and implementation method for same Download PDF

Info

Publication number
WO2022047890A1
WO2022047890A1 PCT/CN2020/120651 CN2020120651W WO2022047890A1 WO 2022047890 A1 WO2022047890 A1 WO 2022047890A1 CN 2020120651 W CN2020120651 W CN 2020120651W WO 2022047890 A1 WO2022047890 A1 WO 2022047890A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
blockchain
contract
operator
scheduling
Prior art date
Application number
PCT/CN2020/120651
Other languages
French (fr)
Chinese (zh)
Inventor
黄韬
张晨
汪硕
庄丽婉
金韬
霍如
Original Assignee
网络通信与安全紫金山实验室
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 网络通信与安全紫金山实验室 filed Critical 网络通信与安全紫金山实验室
Publication of WO2022047890A1 publication Critical patent/WO2022047890A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Definitions

  • the invention relates to a blockchain-based SD-WAN business system and an implementation method thereof, belonging to the technical field of blockchain.
  • SD-WAN Software-defined wide area network
  • SDN software-defined network
  • enterprise users can use the Internet to build tunnels to flexibly access.
  • the operator's WAN private network can greatly improve the efficiency of WAN private network service provisioning, and at the same time reduce the WAN private network service provisioning cost.
  • the current SD-WAN network controller is usually provided by the operator, and the operator will uniquely schedule the traffic of enterprise users to its own WAN private network for its own commercial interests. Therefore, enterprise users are using SD-WAN faces the problem of single operator lock-in, which restricts the development of SD-WAN to a certain extent.
  • the purpose of the present invention is to overcome the defects of the prior art, and to provide an improved mode of traditional operator user settlement, so that users can customize network services and automatic settlement can be performed between operators and users.
  • the present invention is a blockchain-based SD-WAN business system, and the business system includes
  • blockchain node module includes device nodes, and the device nodes are divided into third-party platform-side nodes, user-side nodes, and operator-side nodes;
  • a smart contract module the smart contract module is used to realize the functions of signing, accounting, settlement and punishment among third-party platforms, users and operators;
  • the blockchain user module is used to provide users with a client that interacts with the blockchain;
  • the SD-WAN service module is responsible for intelligent network scheduling according to contract data and network quality;
  • the platform server module is used to perform registration and signing functions for users and operators;
  • the authentication platform service module is responsible for providing operation and maintenance functions for the blockchain, responsible for member identity authentication, license access management, and issuing signature certificates, communication certificates, and service certificates to accounts or nodes that are successfully authenticated, and is responsible for Management of certificates.
  • SD-WAN service module is divided into four units: scheduling, collection, network probe and scheduling agent, wherein,
  • the scheduling unit is responsible for network traffic scheduling, and the collection unit is responsible for real-time traffic collection at both ends;
  • the network probe and the scheduling agent unit are both deployed on user and operator equipment.
  • smart contract modules are divided into:
  • Identity verification, authorization and authentication module responsible for identifying the user's read and write permissions
  • Signing module responsible for all signing processes
  • Accounting module responsible for obtaining traffic usage records from the acquisition system during the scheduling process
  • Settlement module responsible for clearing the billing process between users and operators
  • Punishment module responsible for recording the violations of operators, third parties and users, and use it as a certificate for later punishment.
  • the present application also provides a blockchain-based SD-WAN service implementation method, which includes the following steps:
  • Step 1 the operator and the user respectively register and sign in the service module of the blockchain authentication platform
  • Step 2 the SD-WAN controller performs intelligent network scheduling according to the contract data and network quality
  • Step 3 the smart contract module implements accounting and settlement for the traffic generated by the user according to the method specified in the contract.
  • the signing by the user in the service module of the blockchain authentication platform includes the following two modes:
  • Direct signing mode The contracting parties of the direct signing mode are the operator and the user.
  • the third-party platform provides different operators for the user to choose, and does not participate in the contract signing process;
  • Proxy signing mode The contracting parties of the proxy signing mode are the third-party platform and the user.
  • the third-party platform signs the contract with the operator
  • the operator signs a contract that agrees to be freely scheduled, and can be freely scheduled during the network traffic scheduling process.
  • step 2 is specifically:
  • Step 2.1 the SD-WAN controller first identifies the form that the user signs in the blockchain authentication platform service module. If it is a direct sign mode, the blockchain scheduling unit sends a scheduling instruction to the user and the operator scheduling agency unit, and the user Establish a connection with the operator to start communication;
  • the blockchain scheduling unit searches for an operator that matches the traffic parameters in the contract, and then sends a scheduling instruction to the user and the operator's scheduling agent, and the user and the operator establish a connection to start communication;
  • Step 2.2 the user and the operator equipment network probe pushes the traffic record to the collection unit of the SD-WAN controller;
  • Step 2.3 when the user equipment probe detects that the network quality is degraded, it feeds back the network quality to the collection unit, and in the proxy sign mode, the user requests the scheduling unit for traffic scheduling;
  • Step 2.4 the scheduling unit sends a scheduling instruction to the user scheduling agent unit according to the user's subscription status.
  • step 3 is specifically:
  • the settlement is in accordance with the method stipulated in the contract.
  • the user directly settles with the operator, and the operator clears the payment record on the chain after settlement.
  • the step 3 is specifically: in the proxy sign mode,
  • Step 3.1 at the time agreed in the contract, the platform server submits a settlement application to the blockchain;
  • Step 3.2 the blockchain platform generates the user's bill according to the contract, the bill enters the pending settlement state, and then sends the bill back to the platform server;
  • Step 3.3 the platform server sends the bill to the corresponding user
  • Step 3.4 the user conducts offline settlement with the third-party platform
  • Step 35 After the offline settlement is completed, the platform server submits the bill-settled transaction to the blockchain platform;
  • Step 3.6 the blockchain platform updates the bill status and informs the user that the bill has been settled.
  • the method further includes:
  • the operator's contract change process is as follows:
  • the operator's contract is changed according to the operator's regulations. If the user is not satisfied with the change result, he chooses to terminate the contract with the operator and re-select a new operator;
  • the operator In the proxy signing mode, the operator first submits a change application to the blockchain platform, and then the blockchain records the change application and sends a message of the operator's contract change to the SD-WAN scheduling module, and then the SD-WAN scheduling module will The operator's equipment is disconnected. After the blockchain changes the contract status and sends the contract template to the operator administrator, the operator administrator affixes the electronic signature and submits the contract to the blockchain; The stamped electronic contract is stamped with an electronic signature and uploaded to the blockchain. After the blockchain changes the contract status, the SD-WAN scheduling module will be notified of the operator's new service parameters and tariffs.
  • the method further includes:
  • the user change contract process is as follows:
  • the user requests to change the contract to negotiate directly with the operator, and upload the new contract to the blockchain after completion;
  • the enterprise user submits a contract change application to the blockchain platform, and the blockchain records the change application and sends a message to the SD-WAN scheduling module to notify the user that the contract will be changed, and the SD-WAN scheduling module will change the contract.
  • the user's device is disconnected; then, the blockchain changes the contract status and sends the contract template to the corresponding user, and the user affixes the electronic signature and submits the contract to the blockchain; after the platform server finds the electronic contract to be sealed
  • the electronic signature is affixed and uploaded to the blockchain; finally, the blockchain notifies the SD-WAN scheduling module, the user, and the platform that the contract change is completed after receiving the contract signed by both parties, and the SD-WAN controller starts scheduling.
  • Fig. 1 is the overall architecture diagram of the SD-WAN business system based on the blockchain of the present invention
  • Fig. 2 is the flow chart of operator signing in the present invention
  • Fig. 3 is the flow chart of the direct sign mode of user contract in the present invention.
  • Fig. 4 is the flow chart of the user's signing agent signing mode among the present invention.
  • Fig. 5 is the flow chart under the conventional dispatch direct sign mode of the present invention.
  • Fig. 6 is the flow chart under the conventional dispatching agent sign mode of the present invention.
  • Fig. 7 is the data acquisition flow chart
  • Fig. 8 is the flow chart in the data feedback direct sign mode
  • Fig. 9 is the flow chart under the data feedback proxy sign mode
  • Figure 10 is a flow chart of the settlement process under the agent signing mode
  • Fig. 11 is the flow chart of the operator's change contract under the agent signing mode
  • Fig. 12 is the flow chart of the user change contract process flow under the proxy signing mode
  • FIG. 13 is a schematic diagram of a network scene structure in an embodiment
  • Figure 14 is a schematic diagram of the structure of the Web terminal and the authentication platform in the third-party platform deployment
  • 15 is a schematic diagram of the structure of the dispatching proxy client and the acquisition proxy client in the third-party platform deployment;
  • Figure 16 is a schematic diagram of the fabric node structure in third-party platform deployment
  • 17 is a schematic diagram of the structure of an operator organization authentication server in an operator deployment
  • Figure 18 is a schematic diagram of the data structure of the device client and the operator's SD-WAN probe binding in the operator's deployment;
  • FIG. 19 is a schematic diagram of the structure of the operator fabric node in the operator deployment.
  • the present invention actually proposes a blockchain-based SD-WAN business system and an implementation method thereof, which can realize the customized network service requirements of users under the WAN, and can automatically optimize users among multiple operators, and at the same time utilize blockchain technology. Realize automatic settlement between operators and users.
  • the system includes three roles: users, operators, and third-party platforms. Users and operators include administrators and devices.
  • the third-party platform includes SD-WAN controllers, platform servers, and authentication platforms.
  • the blockchain platform is jointly operated by the three Maintenance, the system function modules are mainly divided into blockchain part and non-blockchain part:
  • Blockchain node module This module includes all nodes in the blockchain network, which are provided by third-party platforms, users and operators.
  • Smart Contract Module This module is divided by function, as follows:
  • Identity verification, authorization and authentication module responsible for identifying the user's read and write permissions.
  • Signing module responsible for all signing processes.
  • Accounting module responsible for obtaining traffic usage records from the acquisition system during the scheduling process.
  • Settlement module responsible for settlement of billing process between users and operators.
  • Punishment module responsible for recording the violations of operators, third parties and users, and use it as a certificate for later punishment.
  • Blockchain user module It is used to provide users with a client that interacts with the blockchain.
  • User modules are divided into ordinary users and device users. Common users are user administrator clients, operator administrator clients, and platform clients.
  • a device user refers to a device that registers as a blockchain user and interacts with the blockchain through the provided SDK. For example, user equipment clients, carrier equipment clients, SD-WAN equipment clients, etc.
  • SD-WAN service module responsible for intelligent network scheduling according to contract data and network quality.
  • the components can be divided into four parts: scheduling, collection, network probe and scheduling agent.
  • the scheduling module is responsible for network scheduling; the collection module is responsible for real-time traffic collection at both ends.
  • network probes and scheduling agents are deployed on user and operator equipment.
  • Authentication platform service module a centralized platform, responsible for providing operation and maintenance functions for the blockchain, responsible for membership authentication, license access management, and issuing signature certificates, communication certificates, service certificates to accounts or nodes that are successfully authenticated, and responsible for the certification of certificates. manage.
  • Platform server module It mainly has the functions of business display, registration, signing, etc., and the general C/S structure.
  • the system business process can be divided into five parts: registration, contract signing, scheduling, collection, and settlement:
  • the platform reviews the qualification information of the operator or user.
  • the certification platform issues certificates.
  • the operator contract flow chart is as follows:
  • the operator administrator initiates a subscription request to the platform service server (the service quality, tariff and other information that the operator can provide is included in the subscription request).
  • the platform business server After verifying the signing request, the platform business server requests a contract template from the blockchain platform and generates a contract (in this case, the contract includes Party A and Party B, service parameters, etc.) and then sends it to the operator administrator.
  • a contract template in this case, the contract includes Party A and Party B, service parameters, etc.
  • the operator administrator affixes an electronic signature after confirming that it is correct, and then sends it to the blockchain platform.
  • the third party affixes the electronic signature and submits it to the blockchain.
  • User signing can be divided into two modes: direct signing mode and proxy signing mode.
  • Direct signing mode The contracting parties of the direct signing mode are operators and enterprise users. In this mode, the third-party platform only provides a series of operators for enterprise users to choose, and does not participate in the contract signing process.
  • the enterprise user administrator initiates a direct subscription request (the service quality required by the enterprise user, the expected tariff and other information are included in the subscription request), or the operator is screened by the specified operator name.
  • the platform server verifies the contract request and returns a list of qualified operators.
  • the platform server requests a contract template from the blockchain platform and generates a contract (in this case, the contract contains Party A and Party B, demand parameters, etc.) and then sends it to the enterprise user administrator.
  • a contract in this case, the contract contains Party A and Party B, demand parameters, etc.
  • the enterprise user administrator affixes an electronic signature after confirming that it is correct, and then sends it to the blockchain platform.
  • the operator administrator affixes the electronic signature and submits it to the blockchain.
  • Proxy signing mode The contracting parties of the proxy signing mode are third-party platforms and enterprise users. When the platform side signs a contract with an operator, the operator needs to sign a contract that agrees to be freely dispatched. All operators who have signed the contract are in the proxy mode contract. within the scheduling options.
  • the enterprise user administrator initiates a proxy subscription request (information such as the quality of service required by the enterprise user and the expected tariff are included in the subscription request).
  • the platform business server After verifying the signing request, the platform business server requests a contract template from the blockchain platform and generates a contract (in this case, the contract includes Party A and Party B, demand parameters, etc.), and then sends it to the enterprise user administrator.
  • a contract template in this case, the contract includes Party A and Party B, demand parameters, etc.
  • the enterprise user administrator affixes an electronic signature after confirming that it is correct, and then sends it to the blockchain platform.
  • the third party affixes the electronic signature and submits it to the blockchain.
  • the scheduling module sends scheduling instructions to the user and the operator's scheduling agent.
  • the blockchain platform informs the SD-WAN scheduling module that the contract takes effect, with user demand parameters attached.
  • the scheduling module searches for a matching operator, and then sends a scheduling instruction to the user and the operator's scheduling agent.
  • the acquisition module verifies and organizes the flow records, and uploads the flow records to the chain.
  • the operator's equipment client After the acquisition module uploads the data to the chain, the operator's equipment client reads the data on the chain, and checks whether there is any error with the local.
  • the enterprise user equipment client After the acquisition system uploads the data to the chain, the enterprise user equipment client reads the data on the chain, and checks whether there is any error with the local.
  • step 4) The adjustment arbitration process involved in step 4) and step 6) is as follows:
  • the third-party platform obtains the error record, check the traffic record in the SD-WAN acquisition module. If there is no error, the adjustment request will be rejected. If there is any error, the new traffic record will be submitted to the blockchain platform and notified to the operator or user equipment.
  • the operator or user equipment After receiving the notification, the operator or user equipment will check the data on the chain with the local data again. If there is still an error, repeat the above process until the data is correct.
  • the blockchain platform generates feedback records and feeds them back to the collection module.
  • the acquisition module searches for network quality data records, analyzes and finds the corresponding records, and then uploads the corresponding records to the chain.
  • the blockchain writes the record to the ledger and returns the feedback result to the enterprise user.
  • the scheduling module obtains the quality detection parameters from the acquisition module, and then the acquisition module uploads the network quality information to the chain.
  • the scheduling module sends scheduling instructions to the user scheduling agent.
  • the user settles directly with the operator according to the method stipulated in the contract. After settlement, the operator will clear the pending payment records on the chain.
  • the platform server submits a settlement application to the blockchain.
  • the blockchain platform generates a bill for a specific enterprise user, and the bill enters the pending settlement state. Then send the bill back to the platform server.
  • the platform server sends the bill to the enterprise user.
  • the platform server After the offline settlement is completed, the platform server submits the bill-settled transaction to the blockchain.
  • the blockchain platform updates the bill status and informs the enterprise user that the bill has been settled.
  • the platform server submits a settlement application to the blockchain.
  • the blockchain platform generates a bill for a specific operator, the bill enters the pending settlement state, and then sends the bill back to the platform server.
  • the platform server sends the bill to the operator.
  • the platform server After the offline settlement is completed, the platform server submits the bill-settled transaction to the blockchain.
  • the blockchain platform updates the bill status and informs the operator that the bill has been settled.
  • Direct signing process operator contract change According to the operator's regulations, if the user is not satisfied with the change result, he can choose to terminate the contract with the operator and re-select a new operator.
  • the SD-WAN scheduling module disconnects the operator's equipment.
  • the SD-WAN controller After the disconnection is successful, the SD-WAN controller will upload the disconnection information to the blockchain.
  • the blockchain changes the contract status and sends the contract template to the platform server.
  • the platform server sends the contract to the operator administrator.
  • the operator administrator affixes the electronic signature and submits the contract to the blockchain.
  • the user requests to change the contract and directly negotiate with the operator, and the new contract can be uploaded to the chain after completion.
  • the SD-WAN scheduling module disconnects the user's device.
  • the SD-WAN scheduling module will upload the disconnection information to the blockchain.
  • the blockchain changes the contract state and sends the contract template to the platform server.
  • the platform server sends the contract to the enterprise user.
  • the blockchain After receiving the contract signed and completed by both parties, the blockchain notifies the SD-WAN scheduling module, enterprise user, and platform party that the contract change has been completed.
  • the SD-WAN controller starts scheduling.
  • the blockchain platform uses hyperledger fabric, which includes three types of organizations: third-party platforms, operators, and users. Each organization needs to deploy peer nodes, and all organizations belong to the same channel.
  • the Orderer nodes are provided by third-party platforms and operators, and are optional for users.
  • Each module of the smart contract is implemented by chaincode.
  • Non-blockchain part
  • Device client user devices, carrier devices, and SD-WAN controllers need to deploy fabric clients.
  • User client User administrators, operator administrators, and platform administrators interact with the fabric through the fabric client on the platform web side (the platform server uses the web to implement).
  • the SD-WAN components, authentication platform, and platform web end are maintained and managed by a third party.
  • the fabric supports secondary authentication, the root authentication platform is maintained by a third party, and the organization authentication platform is maintained by each organization.
  • the web terminal has the following functions:
  • Web function backend registration/login page (need to distinguish users and operators), operator registration, all user registrations.
  • Root authentication platform Operators gain access, and enterprise users gain access.
  • fabric client operator contracts, all users contract, all users authorize third-party agency contracts, operators and users settle settlements, all user traffic queries, all users submit work orders for traffic quality problems (adjustment/punishment), all users/operators Change the contract.
  • Third-party organization authentication platform internal members of third-party organizations obtain access, and independent users obtain access (independent users refer to individual users or enterprises who do not set up an organization authentication server and cannot be authenticated by the blockchain).
  • the SD-WAN device deployed by the third party includes a scheduling and collection module responsible for the intelligent scheduling of the network.
  • the SD-WAN device client is divided into a scheduling proxy client and a collection proxy client.
  • Figure 15 shows the deployment locations of the scheduling proxy client and the acquisition proxy client.
  • Scheduling agent client It is mainly responsible for recording the scheduling records of the scheduling system, sorting them into the format specified by the fabric network, submitting them to the blockchain platform, and recording them on the blockchain as a certificate for later punishment. At the same time, the demand parameters signed by the user are obtained from the blockchain for initial scheduling by the scheduling module.
  • Acquisition agent client It is mainly responsible for recording the data of the acquisition system, sorting it into the format specified by the fabric network, and submitting it to the blockchain platform to form billing data on the chain.
  • the operator's organizational authentication server shall have the following functions:
  • Web backend Provides operators with the management function of their own internal member groups.
  • Operator organization certification platform the internal members of the operator obtain access, the operator's own equipment obtains access, and the operator node obtains access.
  • the operator's device client requires the operator to give it a certificate through its own organizational certification platform for submitting transactions on the blockchain.
  • the device client is bound with the carrier's SD-WAN probe.
  • the schematic diagram is as follows:
  • Operator equipment client functions obtain scheduling records and traffic usage and write them into the blockchain, and obtain network quality and write them into the blockchain.
  • Peer node Orderer node The number of Peer nodes is determined by the operator itself. The operator installs the chaincode through the fabric cli, and the steps are the same as the platform synchronization chaincode.
  • the user's organization authentication server should have the following functions:
  • Web backend Provide users with the management function of their own internal member groups.
  • User organization authentication platform internal members of users obtain access, users' own devices obtain access, and user nodes obtain access.
  • the user equipment client requires the user to give it a certificate through its own organization authentication platform, which is used to submit transactions on the blockchain.
  • the device client is bound to the user's SD-WAN probe.
  • the schematic diagram is as follows:
  • User equipment client functions obtain scheduling records and traffic usage and write them into the blockchain, and obtain network quality and write them into the blockchain.
  • An enterprise user is regarded as an organization in the fabric network. Users can deploy Peer nodes according to the actual situation, or they can choose to provide Orderer nodes (not deployed by default). The user installs the chaincode through the fabric cli, and the steps are the same as the platform synchronization chaincode.
  • the network quality involved in this application is reflected by the network quality data.
  • the agreement is embodied in traffic parameters, demand parameters, service parameters, etc.
  • the quality detection parameter which is used to describe the network performance indicators within a period of time, and usually includes the following parameters: recording start time begintime, recording end time endtime, maximum jitter maxShake, average rate rate, delay delay, bandwidth bandwidth, packet loss rate packetLoss, etc.

Abstract

Disclosed is a blockchain-based SD-WAN service system, and an implementation method therefor. The system includes three roles, i.e. a user, an operator and a third-party platform, wherein each of the user and the operator comprises an administrator and a device; the third-party platform comprises an SD-WAN controller, a platform serving end and an authentication platform; and a blockchain platform is maintained by the user, the operator and the third-party platform together. A system service process can be divided into five main parts, i.e. registration, subscription, scheduling, collection and settlement, the customized network service requirements of a user in a wide area network are met, a preferable choice among a plurality of operators can be automatically made for the user, and automatic settlement between the operator and the user can be realized by using the blockchain technology.

Description

基于区块链的SD-WAN业务系统及其实现方法Blockchain-based SD-WAN business system and its implementation method 技术领域technical field
本发明是一种基于区块链的SD-WAN业务系统及其实现方法,属于区块链技术领域。The invention relates to a blockchain-based SD-WAN business system and an implementation method thereof, belonging to the technical field of blockchain.
背景技术Background technique
软件定义广域网(SD-WAN)是软件定义网络(SDN)在广域专网业务场景的一种典型应用,结合网络控制器的自动化配置与调度能力,企业用户可利用互联网构建隧道灵活地接入运营商的广域专网,相比于传统的物理专线接入方式,可大幅提高广域专网业务的开通效率、同时降低广域专网业务的开通成本。不过在该场景下,目前SD-WAN的网络控制器通常由运营商提供,运营商出于自身商业利益考虑会将企业用户的流量唯一地调度到自身的广域专网上,因此企业用户在使用SD-WAN时面临着单一运营商锁定的问题,这在一定程度上制约了SD-WAN的发展。Software-defined wide area network (SD-WAN) is a typical application of software-defined network (SDN) in WAN private network business scenarios. Combined with the automatic configuration and scheduling capabilities of network controllers, enterprise users can use the Internet to build tunnels to flexibly access. Compared with the traditional physical private line access method, the operator's WAN private network can greatly improve the efficiency of WAN private network service provisioning, and at the same time reduce the WAN private network service provisioning cost. However, in this scenario, the current SD-WAN network controller is usually provided by the operator, and the operator will uniquely schedule the traffic of enterprise users to its own WAN private network for its own commercial interests. Therefore, enterprise users are using SD-WAN faces the problem of single operator lock-in, which restricts the development of SD-WAN to a certain extent.
发明内容SUMMARY OF THE INVENTION
本发明的目的在于克服现有技术的缺陷,提供一种改进传统的运营商用户结算的模式,使用户可以定制化网络服务,并且运营商与用户之间可以进行自动结算。The purpose of the present invention is to overcome the defects of the prior art, and to provide an improved mode of traditional operator user settlement, so that users can customize network services and automatic settlement can be performed between operators and users.
本发明为基于区块链的SD-WAN业务系统,所述业务系统包含The present invention is a blockchain-based SD-WAN business system, and the business system includes
区块链节点模块,所述区块链节点模块包含设备节点,所述设备节点分为第三方平台侧节点、用户侧节点及运营商侧节点;a blockchain node module, where the blockchain node module includes device nodes, and the device nodes are divided into third-party platform-side nodes, user-side nodes, and operator-side nodes;
智能合约模块,所述智能合约模块用于实现第三方平台、用户及运营商之间的签约、记账、结算、处罚功能;A smart contract module, the smart contract module is used to realize the functions of signing, accounting, settlement and punishment among third-party platforms, users and operators;
区块链用户模块,所述区块链用户模块用于给用户提供与区块链交互的客户端;a blockchain user module, the blockchain user module is used to provide users with a client that interacts with the blockchain;
SD-WAN服务模块,所述SD-WAN服务模块负责根据签约数据以及网络质量情况进行智能化地网络调度;SD-WAN service module, the SD-WAN service module is responsible for intelligent network scheduling according to contract data and network quality;
平台服务端模块,所述平台服务端模块用于对用户及运营商实施注册、签约功能;a platform server module, the platform server module is used to perform registration and signing functions for users and operators;
认证平台服务模块,所述认证平台服务模块负责为区块链提供运营维护功能,负责成员身份认证、许可准入管理,对认证成功的账户或节点签发签名证书,通信证书,服务证书,并负责证书的管理。Authentication platform service module, the authentication platform service module is responsible for providing operation and maintenance functions for the blockchain, responsible for member identity authentication, license access management, and issuing signature certificates, communication certificates, and service certificates to accounts or nodes that are successfully authenticated, and is responsible for Management of certificates.
进一步的,所述SD-WAN服务模块分为调度、采集、网络探针和调度代理四个单元,其中,Further, the SD-WAN service module is divided into four units: scheduling, collection, network probe and scheduling agent, wherein,
所述调度单元负责网络流量调度,所述采集单元负责两端的实时流量采集;The scheduling unit is responsible for network traffic scheduling, and the collection unit is responsible for real-time traffic collection at both ends;
所述网络探针与调度代理单元均部署在用户以及运营商设备上。The network probe and the scheduling agent unit are both deployed on user and operator equipment.
进一步的,所述智能合约模块按照其功能分为:Further, the smart contract modules are divided into:
身份校验、授权鉴权模块:负责鉴定用户读写权限;Identity verification, authorization and authentication module: responsible for identifying the user's read and write permissions;
签约模块:负责所有签约流程;Signing module: responsible for all signing processes;
记账模块:负责调度过程中,从采集系统中获取流量使用记录;Accounting module: responsible for obtaining traffic usage records from the acquisition system during the scheduling process;
结算模块:负责结算用户与运营商之间的账单流程;Settlement module: responsible for clearing the billing process between users and operators;
罚处模块:负责记录运营商、第三方和用户的违规情况,用作后期惩罚的凭证。Punishment module: responsible for recording the violations of operators, third parties and users, and use it as a certificate for later punishment.
本申请还提供基于区块链的SD-WAN业务实现方法,所述方法包括以下步骤:The present application also provides a blockchain-based SD-WAN service implementation method, which includes the following steps:
步骤一,运营商和用户分别在区块链认证平台服务模块中进行注册、签约;Step 1, the operator and the user respectively register and sign in the service module of the blockchain authentication platform;
步骤二,SD-WAN控制器根据签约数据以及网络质量情况进行智能化网络调度; Step 2, the SD-WAN controller performs intelligent network scheduling according to the contract data and network quality;
步骤三,智能合约模块按照合同中规定的方式,为用户产生的流量实施记账、结算。 Step 3, the smart contract module implements accounting and settlement for the traffic generated by the user according to the method specified in the contract.
进一步的,所述用户在区块链认证平台服务模块中进行签约包含以下两种模式:Further, the signing by the user in the service module of the blockchain authentication platform includes the following two modes:
直签模式:直接签约模式的签约双方为运营商和用户,在这种模式下,所述第三方平台提供不同运营商由用户选择,不参与合同签约过程;Direct signing mode: The contracting parties of the direct signing mode are the operator and the user. In this mode, the third-party platform provides different operators for the user to choose, and does not participate in the contract signing process;
代理签模式:代理签约模式的签约双方为第三方平台和用户,在第三方平台方与运营商签约时,运营商签署同意自由被调度的合同,在网络流量调度过程中能够被自由调度。Proxy signing mode: The contracting parties of the proxy signing mode are the third-party platform and the user. When the third-party platform signs the contract with the operator, the operator signs a contract that agrees to be freely scheduled, and can be freely scheduled during the network traffic scheduling process.
更进一步的,所述步骤二具体为:Further, the step 2 is specifically:
步骤2.1,SD-WAN控制器首先识别用户在所述区块链认证平台服务模块签约的形式,如果是直签模式,则区块链调度单元向用户、运营商调度代理单元发送调度指令,用户与运营商建立连接开始通信;Step 2.1, the SD-WAN controller first identifies the form that the user signs in the blockchain authentication platform service module. If it is a direct sign mode, the blockchain scheduling unit sends a scheduling instruction to the user and the operator scheduling agency unit, and the user Establish a connection with the operator to start communication;
如果是代理签模式,则区块链调度单元查找与签约合同中流量参数相匹配的运营商,然后向用户、运营商调度代理发送调度指令,用户与运营商建立连接开始通信;If it is an agent signing mode, the blockchain scheduling unit searches for an operator that matches the traffic parameters in the contract, and then sends a scheduling instruction to the user and the operator's scheduling agent, and the user and the operator establish a connection to start communication;
步骤2.2,所述用户与运营商设备网络探针推送流量记录给SD-WAN控制器的采集单元;Step 2.2, the user and the operator equipment network probe pushes the traffic record to the collection unit of the SD-WAN controller;
步骤2.3,当用户设备探针检测到网络质量下降时,向所述采集单元反馈网络质量,在代理签模式中,所述用户向调度单元请求流量调度;Step 2.3, when the user equipment probe detects that the network quality is degraded, it feeds back the network quality to the collection unit, and in the proxy sign mode, the user requests the scheduling unit for traffic scheduling;
步骤2.4,所述调度单元根据用户签约的情况向用户调度代理单元发送调度指令。Step 2.4, the scheduling unit sends a scheduling instruction to the user scheduling agent unit according to the user's subscription status.
更进一步的,所述步骤三具体为:Further, the step 3 is specifically:
直签模式中,结算按照合同规定的方式,用户直接与运营商结算,结算后运营商将链上待缴费记录清零。In the direct-signature mode, the settlement is in accordance with the method stipulated in the contract. The user directly settles with the operator, and the operator clears the payment record on the chain after settlement.
所述步骤三具体为:代理签模式中,The step 3 is specifically: in the proxy sign mode,
步骤3.1,在合同约定的时间由所述平台服务端向区块链提出结算申请;Step 3.1, at the time agreed in the contract, the platform server submits a settlement application to the blockchain;
步骤3.2,区块链平台根据合约生成用户的账单,账单进入待结算状态,然后将账单发回平台服务端;Step 3.2, the blockchain platform generates the user's bill according to the contract, the bill enters the pending settlement state, and then sends the bill back to the platform server;
步骤3.3,所述平台服务端将账单发给对应用户;Step 3.3, the platform server sends the bill to the corresponding user;
步骤3.4,用户与第三方平台进行线下结算;Step 3.4, the user conducts offline settlement with the third-party platform;
步骤35,线下结算完成后,平台服务端向区块链平台提交账单已结算的交易;Step 35: After the offline settlement is completed, the platform server submits the bill-settled transaction to the blockchain platform;
步骤3.6,所述区块链平台更新账单状态并通知用户账单已结算。Step 3.6, the blockchain platform updates the bill status and informs the user that the bill has been settled.
作为本申请的一种优选实施方式,所述方法还包括:As a preferred embodiment of the present application, the method further includes:
所述运营商变更合同流程为:The operator's contract change process is as follows:
直签模式中,运营商合同变更根据运营商规定,如果用户不满意该变更结果,选择与该运营商终止合同,重新选择新的运营商;In the direct-signature mode, the operator's contract is changed according to the operator's regulations. If the user is not satisfied with the change result, he chooses to terminate the contract with the operator and re-select a new operator;
代理签模式中,运营商先向区块链平台提交变更申请,区块链记录变更申请后向所述SD-WAN调度模块发送该运营商变更合同的消息,然后所述SD-WAN调度模块将该运营商的设备断开连接,待区块链变更合同状态并将合同模板发送给运营商管理员,运营商管理员加盖电子签章后将合同提交给区块链;第三方平台发现待盖章的电子合同后加盖电子签章并上传至区块链,区块链变更合同状态后通知SD-WAN调度模块该运营商的新的服务参数以及资费。In the proxy signing mode, the operator first submits a change application to the blockchain platform, and then the blockchain records the change application and sends a message of the operator's contract change to the SD-WAN scheduling module, and then the SD-WAN scheduling module will The operator's equipment is disconnected. After the blockchain changes the contract status and sends the contract template to the operator administrator, the operator administrator affixes the electronic signature and submits the contract to the blockchain; The stamped electronic contract is stamped with an electronic signature and uploaded to the blockchain. After the blockchain changes the contract status, the SD-WAN scheduling module will be notified of the operator's new service parameters and tariffs.
作为本申请的一种优选实施方式,所述方法还包括:As a preferred embodiment of the present application, the method further includes:
所述用户变更合同流程为:The user change contract process is as follows:
直签模式中,用户要求变更合同直接与运营商商谈,完成后将新合同上传至区块链;In the direct signing mode, the user requests to change the contract to negotiate directly with the operator, and upload the new contract to the blockchain after completion;
代理签模式中,企业用户向区块链平台提交合同变更申请,区块链记录变更申请后向SD-WAN调度模块发送消息,通知该用户合同将发生变更,所述SD-WAN调度模块将该用户的设备断开连接;然后,区块链变更合同状态并将合同模板发送给对应用户,用户加盖电子签章后将合同提交给区块链;平台服务端发现待盖章的电子合同后加盖电子签章并上传至区块链;最后区块链收到双方签章完成的合同后通知SD-WAN调度模块、用户、平台方合同变更完成,SD-WAN控制器开始调度。In the proxy signing mode, the enterprise user submits a contract change application to the blockchain platform, and the blockchain records the change application and sends a message to the SD-WAN scheduling module to notify the user that the contract will be changed, and the SD-WAN scheduling module will change the contract. The user's device is disconnected; then, the blockchain changes the contract status and sends the contract template to the corresponding user, and the user affixes the electronic signature and submits the contract to the blockchain; after the platform server finds the electronic contract to be sealed The electronic signature is affixed and uploaded to the blockchain; finally, the blockchain notifies the SD-WAN scheduling module, the user, and the platform that the contract change is completed after receiving the contract signed by both parties, and the SD-WAN controller starts scheduling.
与现有技术相比,本发明基于区块链的SD-WAN业务系统及其实现方法有以下有益效果:Compared with the prior art, the blockchain-based SD-WAN service system and its implementation method of the present invention have the following beneficial effects:
(1)引入第三方作为中立的SD-WAN平台,通过第三方的网络控制器实现企业用户流量在多个运营商广域专网间的动态调度,充分发挥了SD-WAN最后一公里通过互联网隧道进行接入的灵活性,解除了单一运营商锁定的问题,同时可为企业用户在多个运营商间进行自动化的优选。(1) Introduce a third party as a neutral SD-WAN platform, and realize the dynamic scheduling of enterprise user traffic between multiple operators' wide area private networks through the third-party network controller, giving full play to the last mile of SD-WAN through the Internet The flexibility of tunnel access removes the problem of single operator lock-in, and at the same time enables enterprise users to automatically optimize among multiple operators.
(2)利用区块链与智能合约技术,设计了SD-WAN平台的签约、调度、采集、结算等业务流程,可实现SD-WAN流量优化调度过程中数据的不可篡改,可有效解决了企业用户面对多个运营商时的互不信任问题,为SD-WAN平台业务系统的运行提供了重要的保障性机制。(2) Using blockchain and smart contract technology, the business processes of SD-WAN platform such as signing, scheduling, collection, settlement, etc. are designed, which can realize the non-tampering of data in the process of SD-WAN traffic optimization and scheduling, which can effectively solve the problem of enterprises. The mutual distrust between users when faced with multiple operators provides an important guarantee mechanism for the operation of the SD-WAN platform business system.
附图说明Description of drawings
为了更清楚地说明本发明中的技术方案,下面将对本发明中所需要使用的附图进行简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,可以根据这些附图获得其它附图。In order to illustrate the technical solutions in the present invention more clearly, the following briefly introduces the drawings required in the present invention. Obviously, the drawings in the following description are only some embodiments of the present invention, which are common in the art. As far as technical personnel are concerned, other drawings can be obtained according to these drawings without any creative effort.
图1为本发明基于区块链的SD-WAN业务系统整体架构图;Fig. 1 is the overall architecture diagram of the SD-WAN business system based on the blockchain of the present invention;
图2为本发明中运营商签约流程图;Fig. 2 is the flow chart of operator signing in the present invention;
图3为本发明中用户签约直签模式的流程图;Fig. 3 is the flow chart of the direct sign mode of user contract in the present invention;
图4为本发明中用户签约代理签模式的流程图;Fig. 4 is the flow chart of the user's signing agent signing mode among the present invention;
图5为本发明常规调度直签模式下的流程图;Fig. 5 is the flow chart under the conventional dispatch direct sign mode of the present invention;
图6为本发明常规调度代理签模式下的流程图;Fig. 6 is the flow chart under the conventional dispatching agent sign mode of the present invention;
图7为数据采集流程图;Fig. 7 is the data acquisition flow chart;
图8为数据反馈直签模式下的流程图;Fig. 8 is the flow chart in the data feedback direct sign mode;
图9为数据反馈代理签模式下的流程图;Fig. 9 is the flow chart under the data feedback proxy sign mode;
图10为代理签模式下的结算流程流程图;Figure 10 is a flow chart of the settlement process under the agent signing mode;
图11为代理签模式下的运营商变更合同流程图;Fig. 11 is the flow chart of the operator's change contract under the agent signing mode;
图12为代理签模式下的用户变更合同流程流程图;Fig. 12 is the flow chart of the user change contract process flow under the proxy signing mode;
图13为实施例中的网络场景结构示意图;13 is a schematic diagram of a network scene structure in an embodiment;
图14为第三方平台部署中Web端及认证平台结构示意图;Figure 14 is a schematic diagram of the structure of the Web terminal and the authentication platform in the third-party platform deployment;
图15为第三方平台部署中调度代理客户端与采集代理客户端结构示意图;15 is a schematic diagram of the structure of the dispatching proxy client and the acquisition proxy client in the third-party platform deployment;
图16为第三方平台部署中fabric节点结构示意图;Figure 16 is a schematic diagram of the fabric node structure in third-party platform deployment;
图17为运营商部署中运营商组织认证服务器结构示意图;17 is a schematic diagram of the structure of an operator organization authentication server in an operator deployment;
图18为运营商部署中设备客户端与运营商的SD-WAN探针绑定的数据结构示意图;Figure 18 is a schematic diagram of the data structure of the device client and the operator's SD-WAN probe binding in the operator's deployment;
图19为运营商部署中运营商fabric节点结构示意图。FIG. 19 is a schematic diagram of the structure of the operator fabric node in the operator deployment.
具体实施方式detailed description
为了使本发明的目的、技术方案和优点更加清楚,下面将结合说明书附图对本发明的实施方式做进一步地详细叙述。In order to make the objectives, technical solutions and advantages of the present invention clearer, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.
本发明实提出基于区块链的SD-WAN业务系统及其实现方法,实现广域网下用户的定制化网络服务需求,可为用户在多个运营商间进行自动化的优选,同时利用区块链技术实现运营商与用户之间可以进行自动结算。The present invention actually proposes a blockchain-based SD-WAN business system and an implementation method thereof, which can realize the customized network service requirements of users under the WAN, and can automatically optimize users among multiple operators, and at the same time utilize blockchain technology. Realize automatic settlement between operators and users.
实施例1系统整体架构Example 1 Overall architecture of the system
该系统包含用户、运营商、第三方平台三类角色,用户与运营商包含管理员与设备,第 三方平台包含SD-WAN控制器、平台服务端以及认证平台,区块链平台由三者共同维护,该系统功能模块主要分为区块链部分与非区块链部分:The system includes three roles: users, operators, and third-party platforms. Users and operators include administrators and devices. The third-party platform includes SD-WAN controllers, platform servers, and authentication platforms. The blockchain platform is jointly operated by the three Maintenance, the system function modules are mainly divided into blockchain part and non-blockchain part:
1.区块链部分1. Blockchain part
区块链节点模块:该模块包含区块链网络中所有节点,节点由第三方平台、用户及运营商提供。Blockchain node module: This module includes all nodes in the blockchain network, which are provided by third-party platforms, users and operators.
智能合约模块:该模块按功能划分,具体如下:Smart Contract Module: This module is divided by function, as follows:
身份校验、授权鉴权模块:负责鉴定用户读写权限。Identity verification, authorization and authentication module: responsible for identifying the user's read and write permissions.
签约模块:负责所有签约流程。Signing module: responsible for all signing processes.
记账模块:负责调度过程中,从采集系统中获取流量使用记录等。Accounting module: responsible for obtaining traffic usage records from the acquisition system during the scheduling process.
结算模块:负责结算用户与运营商之间的账单流程。Settlement module: responsible for settlement of billing process between users and operators.
罚处模块:负责记录运营商、第三方和用户的违规情况,用作后期惩罚的凭证。Punishment module: responsible for recording the violations of operators, third parties and users, and use it as a certificate for later punishment.
2.非区块链部分2. Non-blockchain part
区块链用户模块:用于给用户提供与区块链交互的客户端。用户模块分为普通用户与设备用户。普通用户即用户管理员客户端、运营商管理员客户端、平台方客户端等。设备用户是指设备注册成为区块链用户,通过提供的SDK与区块链交互的设备。例如,用户设备客户端,运营商设备客户端,SD-WAN设备客户端等。Blockchain user module: It is used to provide users with a client that interacts with the blockchain. User modules are divided into ordinary users and device users. Common users are user administrator clients, operator administrator clients, and platform clients. A device user refers to a device that registers as a blockchain user and interacts with the blockchain through the provided SDK. For example, user equipment clients, carrier equipment clients, SD-WAN equipment clients, etc.
SD-WAN服务模块:负责根据签约数据以及网络质量情况进行智能化地网络调度。组件可分为调度、采集、网络探针和调度代理四个部分,其中调度模块负责网络调度;采集模块负责两端的实时流量采集。另外,网络探针与调度代理部署在用户以及运营商设备上。SD-WAN service module: Responsible for intelligent network scheduling according to contract data and network quality. The components can be divided into four parts: scheduling, collection, network probe and scheduling agent. The scheduling module is responsible for network scheduling; the collection module is responsible for real-time traffic collection at both ends. In addition, network probes and scheduling agents are deployed on user and operator equipment.
认证平台服务模块:中心化平台,负责为区块链提供运营维护功能,负责成员身份认证、许可准入管理,对认证成功的账户或节点签发签名证书,通信证书,服务证书,并负责证书的管理。Authentication platform service module: a centralized platform, responsible for providing operation and maintenance functions for the blockchain, responsible for membership authentication, license access management, and issuing signature certificates, communication certificates, service certificates to accounts or nodes that are successfully authenticated, and responsible for the certification of certificates. manage.
平台服务端模块:主要有业务展示、注册、签约等功能,一般C/S架构。Platform server module: It mainly has the functions of business display, registration, signing, etc., and the general C/S structure.
实施例2系统业务流程Example 2 System business process
系统业务流程可分为注册、签约、调度、采集、结算五大部分:The system business process can be divided into five parts: registration, contract signing, scheduling, collection, and settlement:
1.运营商、用户注册1. Operator and user registration
1)运营商或用户管理员通过平台业务服务端提交资料申请、注册。1) The operator or user administrator submits data application and registration through the platform business server.
2)平台审核该运营商或用户资质资料。2) The platform reviews the qualification information of the operator or user.
3)平台审核通过后将证书申请提交给认证平台。3) Submit the certificate application to the certification platform after the platform has passed the review.
4)认证平台发放证书。4) The certification platform issues certificates.
自此,用户或运营商可与平台、区块链进行交互。Since then, users or operators can interact with the platform and blockchain.
2.运营商签约流程2. Operator signing process
运营商签约流程图如下:The operator contract flow chart is as follows:
1)运营商管理员向平台业务服务端发起签约请求(运营商可提供的服务质量、资费等信息包含在签约请求中)。1) The operator administrator initiates a subscription request to the platform service server (the service quality, tariff and other information that the operator can provide is included in the subscription request).
2)平台业务服务端校验签约请求后从区块链平台请求合同模板并生成合同(此时合同包含甲乙方、服务参数等)然后送给运营商管理员。2) After verifying the signing request, the platform business server requests a contract template from the blockchain platform and generates a contract (in this case, the contract includes Party A and Party B, service parameters, etc.) and then sends it to the operator administrator.
3)运营商管理员确认无误后加盖电子签章,然后发送给区块链平台。3) The operator administrator affixes an electronic signature after confirming that it is correct, and then sends it to the blockchain platform.
4)链上存储并初始化合同状态。4) Store and initialize the contract state on-chain.
5)初始化完成后发送给平台业务服务端,等待加盖第三方电子签章。5) After the initialization is completed, send it to the platform business server and wait for a third-party electronic signature.
6)第三方加盖电子签章后提交到区块链上。6) The third party affixes the electronic signature and submits it to the blockchain.
7)链上更新合同状态,合同生效。7) The contract status is updated on the chain and the contract takes effect.
8)合同生效后广播给第三方、运营商。8) Broadcast to third parties and operators after the contract takes effect.
3.用户签约流程3. User signing process
用户签约可分为两种模式:直签模式、代理签模式。User signing can be divided into two modes: direct signing mode and proxy signing mode.
直签模式:直接签约模式的签约双方为运营商和企业用户,在这种模式下,第三方平台仅提供一系列的运营商由企业用户选择,不参与合同签约过程。Direct signing mode: The contracting parties of the direct signing mode are operators and enterprise users. In this mode, the third-party platform only provides a series of operators for enterprise users to choose, and does not participate in the contract signing process.
1)企业用户管理员发起直接签约请求(企业用户需要的服务质量、预计的资费等信息包含在签约请求中),或指定的运营商名筛选运营商。1) The enterprise user administrator initiates a direct subscription request (the service quality required by the enterprise user, the expected tariff and other information are included in the subscription request), or the operator is screened by the specified operator name.
2)平台服务端校验签约请求后返回符合条件的运营商列表。2) The platform server verifies the contract request and returns a list of qualified operators.
3)企业用户管理员选择一个运营商提交给平台服务端。3) The enterprise user administrator selects an operator and submits it to the platform server.
4)平台服务端从区块链平台请求合同模板并生成合同(此时合同包含甲乙方、需求参数等)然后送给企业用户管理员。4) The platform server requests a contract template from the blockchain platform and generates a contract (in this case, the contract contains Party A and Party B, demand parameters, etc.) and then sends it to the enterprise user administrator.
5)企业用户管理员确认无误后加盖电子签章,然后发送给区块链平台。5) The enterprise user administrator affixes an electronic signature after confirming that it is correct, and then sends it to the blockchain platform.
6)链上存储并初始化合同状态。6) Store and initialize the contract state on-chain.
7)初始化完成后发送给运营商管理员,等待加盖运营商电子签章。7) After the initialization is completed, send it to the operator's administrator, and wait for the operator's electronic signature to be affixed.
8)运营商管理员加盖电子签章后提交到区块链上。8) The operator administrator affixes the electronic signature and submits it to the blockchain.
9)链上更新合同状态,合同生效。9) The contract status is updated on the chain, and the contract takes effect.
10)合同生效后广播给第三方、企业用户、运营商。10) Broadcast to third parties, enterprise users and operators after the contract takes effect.
11)SD-WAN调度系统启动。11) SD-WAN scheduling system starts.
代理签模式:代理签约模式的签约双方为第三方平台和企业用户,在平台方与运营商签约时,运营商需签署同意自由被调度的合同,凡是签署了该合同的运营商都在代理模式合同 调度选项内。Proxy signing mode: The contracting parties of the proxy signing mode are third-party platforms and enterprise users. When the platform side signs a contract with an operator, the operator needs to sign a contract that agrees to be freely dispatched. All operators who have signed the contract are in the proxy mode contract. within the scheduling options.
1)企业用户管理员发起代理签约请求(企业用户需要的服务质量、预计的资费等信息包含在签约请求中)。1) The enterprise user administrator initiates a proxy subscription request (information such as the quality of service required by the enterprise user and the expected tariff are included in the subscription request).
2)平台业务服务端校验签约请求后从区块链平台请求合同模板并生成合同(此时合同包含甲乙方、需求参数等)然后送给企业用户管理员。2) After verifying the signing request, the platform business server requests a contract template from the blockchain platform and generates a contract (in this case, the contract includes Party A and Party B, demand parameters, etc.), and then sends it to the enterprise user administrator.
3)企业用户管理员确认无误后加盖电子签章,然后发送给区块链平台。3) The enterprise user administrator affixes an electronic signature after confirming that it is correct, and then sends it to the blockchain platform.
4)链上存储并初始化合同状态。4) Store and initialize the contract state on-chain.
5)初始化完成后发送给第三方平台服务端,等待加盖第三方电子签章。5) After the initialization is completed, send it to the third-party platform server, and wait for the third-party electronic signature to be affixed.
6)第三方加盖电子签章后提交到区块链上。6) The third party affixes the electronic signature and submits it to the blockchain.
7)链上更新合同状态,合同生效。7) The contract status is updated on the chain and the contract takes effect.
8)合同生效后广播给第三方、企业用户。8) Broadcast to third parties and enterprise users after the contract takes effect.
9)SD-WAN调度系统启动。9) SD-WAN scheduling system starts.
4.初始调度流程4. Initial scheduling process
直签模式:Direct sign mode:
1)直签合约签约完毕之后,区块链平台通知SD-WAN调度模块合同生效。1) After the direct signing contract is signed, the blockchain platform informs the SD-WAN scheduling module that the contract takes effect.
2)调度模块向用户、运营商调度代理发送调度指令。2) The scheduling module sends scheduling instructions to the user and the operator's scheduling agent.
3)自此用户与运营商建立连接开始通信。3) Communication starts after the user establishes a connection with the operator.
代理签模式:Proxy sign mode:
1)代理合约签约完毕之后,区块链平台通知SD-WAN调度模块合同生效,附带用户需求参数。1) After the agency contract is signed, the blockchain platform informs the SD-WAN scheduling module that the contract takes effect, with user demand parameters attached.
2)调度模块查找匹配的运营商,然后向用户、运营商调度代理发送调度指令。2) The scheduling module searches for a matching operator, and then sends a scheduling instruction to the user and the operator's scheduling agent.
3)自此用户与运营商建立连接开始通信。3) Communication starts after the user establishes a connection with the operator.
5.采集流程5. Collection process
直签模式/代理签模式:Direct sign mode/agent sign mode:
1)用户与运营商设备网络探针推送流量记录给采集模块。1) User and operator equipment network probes push traffic records to the collection module.
2)采集模块校验整理流量记录,并将流量记录上链。2) The acquisition module verifies and organizes the flow records, and uploads the flow records to the chain.
3)采集模块将数据上链后运营商设备客户端读取链上的数据,与本地校验是否有误差。3) After the acquisition module uploads the data to the chain, the operator's equipment client reads the data on the chain, and checks whether there is any error with the local.
4)运营商设备发现明显误差后,提交误差记录,进入调差仲裁流程。4) After the operator's equipment finds obvious errors, it submits the error record and enters the adjustment and arbitration process.
5)采集系统将数据上链后企业用户设备客户端读取链上的数据,与本地校验是否有误差。5) After the acquisition system uploads the data to the chain, the enterprise user equipment client reads the data on the chain, and checks whether there is any error with the local.
6)企业用户设备发现明显误差后,提交误差记录,进入调差仲裁流程。6) After the enterprise user equipment finds obvious errors, it submits the error records and enters the adjustment and arbitration process.
步骤4)和步骤6)中涉及的调差仲裁流程如下:The adjustment arbitration process involved in step 4) and step 6) is as follows:
1.运营商或用户设备发现误差后,通过设备客户端向区块链平台提交误差记录。1. After the operator or user equipment finds the error, submit the error record to the blockchain platform through the device client.
2.第三方平台得到误差记录后检查SD-WAN采集模块中的流量记录,若无误差则驳回该调差请求,若有误则将新的流量记录提交至区块链平台并通知运营商或用户设备。2. After the third-party platform obtains the error record, check the traffic record in the SD-WAN acquisition module. If there is no error, the adjustment request will be rejected. If there is any error, the new traffic record will be submitted to the blockchain platform and notified to the operator or user equipment.
3.运营商或用户设备收到通知后,再一次将链上数据与本地数据进行校验,若仍有误差则重复上述流程直至数据无误。3. After receiving the notification, the operator or user equipment will check the data on the chain with the local data again. If there is still an error, repeat the above process until the data is correct.
6.采集反馈流程6. Collection feedback process
直签模式:Direct sign mode:
1)企业用户发现网络质量下降时,向区块链平台反馈网络质量问题。1) When enterprise users find that the network quality has deteriorated, they will report network quality problems to the blockchain platform.
2)区块链平台生成反馈记录,并反馈给采集模块。2) The blockchain platform generates feedback records and feeds them back to the collection module.
3)采集模块查找网络质量数据记录,分析并找出相应的记录,然后将对应记录上链。3) The acquisition module searches for network quality data records, analyzes and finds the corresponding records, and then uploads the corresponding records to the chain.
4)区块链将该记录写入账本后向企业用户返回反馈结果。4) The blockchain writes the record to the ledger and returns the feedback result to the enterprise user.
代理签模式:Proxy sign mode:
1)当用户设备探针检测到网络质量下降时,向采集模块反馈网络质量并请求调度。1) When the user equipment probe detects that the network quality is degraded, it feeds back the network quality to the acquisition module and requests scheduling.
2)调度模块从采集模块获得质量探测参数,随后采集模块将网络质量信息上链。2) The scheduling module obtains the quality detection parameters from the acquisition module, and then the acquisition module uploads the network quality information to the chain.
3)调度模块向用户调度代理发送调度指令。3) The scheduling module sends scheduling instructions to the user scheduling agent.
4)用户设备调度完成后推送调度结果给采集模块。4) After the scheduling of the user equipment is completed, the scheduling result is pushed to the collection module.
7.结算流程7. Settlement process
直签模式:Direct sign mode:
直签模式结算按照合同中规定的方式,用户直接跟运营商结算。结算后运营商将链上待缴费记录清零。In the direct-signing mode settlement, the user settles directly with the operator according to the method stipulated in the contract. After settlement, the operator will clear the pending payment records on the chain.
代理签模式:Proxy sign mode:
1)在特定的时间由平台服务端向区块链提出结算申请。1) At a specific time, the platform server submits a settlement application to the blockchain.
2)区块链平台生成特定企业用户的账单,账单进入待结算状态。然后将账单发回平台服务端。2) The blockchain platform generates a bill for a specific enterprise user, and the bill enters the pending settlement state. Then send the bill back to the platform server.
3)平台服务端将账单发给企业用户。3) The platform server sends the bill to the enterprise user.
4)企业用户与第三方平台进行线下结算。4) Offline settlement between corporate users and third-party platforms.
5)线下结算完成后,平台服务端向区块链提交账单已结算的交易。5) After the offline settlement is completed, the platform server submits the bill-settled transaction to the blockchain.
6)区块链平台更新账单状态并通知企业用户账单已结算。6) The blockchain platform updates the bill status and informs the enterprise user that the bill has been settled.
运营商与第三方的结算流程与上述一致,流程如下:The settlement process between the operator and the third party is the same as above, and the process is as follows:
1)在特定的时间由平台服务端向区块链提出结算申请。1) At a specific time, the platform server submits a settlement application to the blockchain.
2)区块链平台生成特定运营商的账单,账单进入待结算状态,然后将账单发回平台服务 端。2) The blockchain platform generates a bill for a specific operator, the bill enters the pending settlement state, and then sends the bill back to the platform server.
3)平台服务端将账单发给运营商。3) The platform server sends the bill to the operator.
4)运营商与第三方平台进行线下结算。4) The operator conducts offline settlement with the third-party platform.
5)线下结算完成后,平台服务端向区块链提交账单已结算的交易。5) After the offline settlement is completed, the platform server submits the bill-settled transaction to the blockchain.
6)区块链平台更新账单状态并通知运营商账单已结算。6) The blockchain platform updates the bill status and informs the operator that the bill has been settled.
8.运营商变更合同流程8. Operator change contract process
直签模式:Direct sign mode:
直签流程运营商合同变更根据运营商规定,如果用户不满意这个变更结果,可以选择与该运营商终止合同,重新选择新的运营商。Direct signing process operator contract change According to the operator's regulations, if the user is not satisfied with the change result, he can choose to terminate the contract with the operator and re-select a new operator.
代理签模式:Proxy sign mode:
1)运营商提交变更申请(含签约数据)。1) The operator submits a change application (including contract data).
2)第三方将变更申请提交到区块链。2) The third party submits the change request to the blockchain.
3)区块链记录变更申请后向SD-WAN调度模块发送消息,通知该运营商合同将发生变更。3) After the blockchain records the change application, a message is sent to the SD-WAN scheduling module to notify the operator that the contract will be changed.
4)SD-WAN调度模块将该运营商的设备断开连接。4) The SD-WAN scheduling module disconnects the operator's equipment.
5)断开成功后,SD-WAN控制器将完成断开信息上传至区块链。5) After the disconnection is successful, the SD-WAN controller will upload the disconnection information to the blockchain.
6)区块链变更合同状态并将合同模板发送给平台服务端。6) The blockchain changes the contract status and sends the contract template to the platform server.
7)平台服务端将合同发送给运营商管理员。7) The platform server sends the contract to the operator administrator.
8)运营商管理员加盖电子签章后将合同提交给区块链。8) The operator administrator affixes the electronic signature and submits the contract to the blockchain.
9)第三方平台发现待盖章的电子合同后加盖电子签章并上传至区块链。9) After the third-party platform finds the electronic contract to be sealed, it will be electronically signed and uploaded to the blockchain.
10)区块链变更合同状态后通知SD-WAN调度模块该运营商的新的服务参数以及资费。10) After the blockchain changes the contract status, it notifies the SD-WAN scheduling module of the operator's new service parameters and tariffs.
9.用户变更合同流程9. User change contract process
直签模式:Direct sign mode:
直签流程用户要求变更合同直接与运营商商谈,完成后将新合同上链即可。In the direct signing process, the user requests to change the contract and directly negotiate with the operator, and the new contract can be uploaded to the chain after completion.
代理签模式:Proxy sign mode:
1)企业用户向平台提交合同变更申请(含需求参数)。1) Enterprise users submit a contract change application (including demand parameters) to the platform.
2)平台校验需求合理后,向区块链提交变更申请。2) After the platform verification requirements are reasonable, submit a change application to the blockchain.
3)区块链记录变更申请后向SD-WAN调度模块发送消息,通知该用户合同将发生变更。3) After the blockchain records the change application, a message is sent to the SD-WAN scheduling module to notify the user that the contract will be changed.
4)SD-WAN调度模块将该用户的设备断开连接。4) The SD-WAN scheduling module disconnects the user's device.
5)断开成功后,SD-WAN调度模块将完成断开信息上传至区块链。5) After the disconnection is successful, the SD-WAN scheduling module will upload the disconnection information to the blockchain.
6)区块链变更合同状态并将合同模板发送给平台服务器。6) The blockchain changes the contract state and sends the contract template to the platform server.
7)平台服务器将合同发送给企业用户。7) The platform server sends the contract to the enterprise user.
8)企业用户加盖电子签章后将合同提交给区块链。8) The enterprise user submits the contract to the blockchain after stamping the electronic signature.
9)平台服务端发现待盖章的电子合同后加盖电子签章并上传至区块链。9) After the platform server finds the electronic contract to be sealed, it will be electronically signed and uploaded to the blockchain.
10)区块链收到双方签章完成的合同后通知SD-WAN调度模块、企业用户、平台方合同变更完成。10) After receiving the contract signed and completed by both parties, the blockchain notifies the SD-WAN scheduling module, enterprise user, and platform party that the contract change has been completed.
11)SD-WAN控制器开始调度。11) The SD-WAN controller starts scheduling.
以如下实施场景为例:Take the following implementation scenario as an example:
区块链部分:Blockchain part:
区块链平台选用hyperledger fabric,包含三类组织:第三方平台、运营商以及用户,每个组织都需部署Peer节点,所有组织属于同一通道内。其中Orderer节点由第三方平台、运营商提供,对用户为可选项。智能合约各个模块由链码实现。The blockchain platform uses hyperledger fabric, which includes three types of organizations: third-party platforms, operators, and users. Each organization needs to deploy peer nodes, and all organizations belong to the same channel. The Orderer nodes are provided by third-party platforms and operators, and are optional for users. Each module of the smart contract is implemented by chaincode.
非区块链部分:Non-blockchain part:
设备客户端:用户设备、运营商设备、SD-WAN控制器需部署fabric client。Device client: user devices, carrier devices, and SD-WAN controllers need to deploy fabric clients.
用户客户端:用户管理员、运营商管理员、平台管理员通过平台web端(平台服务端利用web实现)的fabric client与fabric交互。User client: User administrators, operator administrators, and platform administrators interact with the fabric through the fabric client on the platform web side (the platform server uses the web to implement).
SD-WAN组件、认证平台、平台web端由第三方维护与管理,其中fabric支持二级认证,根认证平台由第三方维护,组织认证平台由各个组织维护。The SD-WAN components, authentication platform, and platform web end are maintained and managed by a third party. The fabric supports secondary authentication, the root authentication platform is maintained by a third party, and the organization authentication platform is maintained by each organization.
具体部署示意如下:The specific deployment is as follows:
1.第三方平台部署示意1. Schematic of third-party platform deployment
1)Web端及认证平台部署(非区块链部分)1) Web and authentication platform deployment (non-blockchain part)
该web端有如下几个功能:The web terminal has the following functions:
Web功能后端:注册/登录页面(需要区分用户与运营商)、运营商注册、所有用户注册。Web function backend: registration/login page (need to distinguish users and operators), operator registration, all user registrations.
根认证平台:运营商获取准入、企业用户获取准入。Root authentication platform: Operators gain access, and enterprise users gain access.
fabric client:运营商签约、所有用户签约、所有用户授权第三方代理签约、运营商与用户结算、所有用户流量查询、所有用户提交流量质量问题工单(调差/惩处)、所有用户/运营商变更合同。fabric client: operator contracts, all users contract, all users authorize third-party agency contracts, operators and users settle settlements, all user traffic queries, all users submit work orders for traffic quality problems (adjustment/punishment), all users/operators Change the contract.
第三方组织认证平台:第三方组织内部成员获取准入、独立用户获取准入(独立用户指个人用户或企业不设置组织认证服务器,无法被区块链认证的用户)。Third-party organization authentication platform: internal members of third-party organizations obtain access, and independent users obtain access (independent users refer to individual users or enterprises who do not set up an organization authentication server and cannot be authenticated by the blockchain).
2)SD-WAN设备(非区块链部分)2) SD-WAN equipment (non-blockchain part)
第三方部署的SD-WAN设备包含调度与采集模块负责网络的智能调度,另外SD-WAN设备客户端分为调度代理客户端和采集代理客户端。调度代理客户端与采集代理客户端部署 位置如图15所示。The SD-WAN device deployed by the third party includes a scheduling and collection module responsible for the intelligent scheduling of the network. In addition, the SD-WAN device client is divided into a scheduling proxy client and a collection proxy client. Figure 15 shows the deployment locations of the scheduling proxy client and the acquisition proxy client.
调度代理客户端:主要负责记录调度系统的调度记录,并将其整理成fabric网络规定的格式,并将其提交给区块链平台,记录到区块链上作为后期惩处的凭证。同时从区块链中获取用户签约的需求参数以供调度模块进行初始调度。Scheduling agent client: It is mainly responsible for recording the scheduling records of the scheduling system, sorting them into the format specified by the fabric network, submitting them to the blockchain platform, and recording them on the blockchain as a certificate for later punishment. At the same time, the demand parameters signed by the user are obtained from the blockchain for initial scheduling by the scheduling module.
采集代理客户端:主要负责记录采集系统的数据,并将其整理成fabric网络规定的格式,并将其提交到区块链平台,在链上形成账单数据。Acquisition agent client: It is mainly responsible for recording the data of the acquisition system, sorting it into the format specified by the fabric network, and submitting it to the blockchain platform to form billing data on the chain.
3)fabric节点部署(区块链部分)3) Fabric node deployment (blockchain part)
初始状态由于没有运营商平台需要提供完整的区块链结构,具体结构如图16所示。In the initial state, there is no operator platform to provide a complete blockchain structure. The specific structure is shown in Figure 16.
作为平台方,一开始需要提3个Orderer的节点(raft共识每个channel需要的Orderer节点数为单数),以及2个Peer节点(避免单点),以取保区块链系统可以正常运行。后期平台方可以适当减少Orderer节点和Peer节点的持有量,同时将初始的链码安装并实例化。As a platform, you need to provide 3 Orderer nodes at the beginning (the number of Orderer nodes required for each channel of raft consensus is odd), and 2 Peer nodes (avoiding single points) to ensure that the blockchain system can operate normally. In the later stage, the platform side can appropriately reduce the holdings of Orderer nodes and Peer nodes, and at the same time install and instantiate the initial chaincode.
2.运营商部署示意2. Operator deployment instructions
1)运营商组织认证服务器部署(非区块链部分)1) Operator organization authentication server deployment (non-blockchain part)
运营商的组织认证服务器应具备如下功能:The operator's organizational authentication server shall have the following functions:
Web后端:为运营商提供本身内部成员组册的管理功能。Web backend: Provides operators with the management function of their own internal member groups.
运营商组织认证平台:运营商内部成员获取准入、运营商自己的设备获取准入、运营商节点获取准入。Operator organization certification platform: the internal members of the operator obtain access, the operator's own equipment obtains access, and the operator node obtains access.
2)运营商设备部署(非区块链部分)2) Operator equipment deployment (non-blockchain part)
运营商设备客户端需要运营商通过自己的组织认证平台给其证书,用于在区块链上提交交易。设备客户端与运营商的SD-WAN探针绑定。示意图如下:The operator's device client requires the operator to give it a certificate through its own organizational certification platform for submitting transactions on the blockchain. The device client is bound with the carrier's SD-WAN probe. The schematic diagram is as follows:
运营商设备客户端功能:获取调度记录和流量使用情况将其写入区块链、获取网络质量情况将其写入区块链。Operator equipment client functions: obtain scheduling records and traffic usage and write them into the blockchain, and obtain network quality and write them into the blockchain.
3)运营商fabric节点部署(区块链部分)3) Operator fabric node deployment (blockchain part)
一个运营商在fabric网络中被视作一个组织。因此运营商需要部署如下服务器:Peer节点Orderer节点Peer节点数量由运营商自己决定。运营商通过fabric cli安装链码,步骤与平台同步链码相同。An operator is regarded as an organization in the fabric network. Therefore, the operator needs to deploy the following servers: Peer node Orderer node The number of Peer nodes is determined by the operator itself. The operator installs the chaincode through the fabric cli, and the steps are the same as the platform synchronization chaincode.
3.用户部署示意3. User deployment instructions
1)用户组织认证服务器部署(非区块链部分)1) User organization authentication server deployment (non-blockchain part)
用户的组织认证服务器应具备如下功能:The user's organization authentication server should have the following functions:
Web后端:为用户提供本身内部成员组册的管理功能。Web backend: Provide users with the management function of their own internal member groups.
用户组织认证平台:用户内部成员获取准入、用户自己的设备获取准入、用户节点获取 准入。User organization authentication platform: internal members of users obtain access, users' own devices obtain access, and user nodes obtain access.
2)用户设备部署(非区块链部分)2) User equipment deployment (non-blockchain part)
用户设备客户端需要用户通过自己的组织认证平台给其证书,用于在区块链上提交交易。设备客户端与用户的SD-WAN探针绑定。示意图如下:The user equipment client requires the user to give it a certificate through its own organization authentication platform, which is used to submit transactions on the blockchain. The device client is bound to the user's SD-WAN probe. The schematic diagram is as follows:
用户设备客户端功能:获取调度记录和流量使用情况将其写入区块链、获取网络质量情况将其写入区块链。User equipment client functions: obtain scheduling records and traffic usage and write them into the blockchain, and obtain network quality and write them into the blockchain.
3)用户fabric节点部署(区块链部分)3) User fabric node deployment (blockchain part)
一个企业用户在fabric网络中被视作一个组织。用户根据实际情况部署Peer节点,也可以选择提供Orderer节点(默认不部署)。用户通过fabric cli安装链码,步骤与平台同步链码相同。An enterprise user is regarded as an organization in the fabric network. Users can deploy Peer nodes according to the actual situation, or they can choose to provide Orderer nodes (not deployed by default). The user installs the chaincode through the fabric cli, and the steps are the same as the platform synchronization chaincode.
系统启动流程System startup process
1.平台方初步启动1. Initial start of the platform
1)部署SD-WAN控制器设备1) Deploy SD-WAN controller appliance
2)Web端及认证平台部署2) Web and authentication platform deployment
3)生成组织关系和身份证书3) Generate organizational relationship and identity certificate
4)Ordering服务启动初始区块4) The Ordering service starts the initial block
5)Peer节点启动5) Peer node startup
6)创建应用channel6) Create application channel
7)安装并实例化项目链码7) Install and instantiate the project chaincode
8)上传初步的合同模板8) Upload the preliminary contract template
2.运营商加入2. Operator joins
1)部署SD-WAN运营商设备1) Deploy SD-WAN carrier equipment
2)Web端及组织认证平台部署2) Web-side and organization authentication platform deployment
3)生成组织关系和身份证书3) Generate organizational relationship and identity certificate
4)Ordering服务启动并加入4) Ordering service starts and joins
5)Peer节点启动5) Peer node startup
6)Peer节点加入应用channel6) Peer node joins application channel
7)安装项目链码7) Install the project chaincode
3.用户加入3. User join
1)部署SD-WAN用户设备1) Deploy SD-WAN user equipment
2)Web端及组织认证平台部署2) Web-side and organization authentication platform deployment
3)生成组织关系和身份证书3) Generate organizational relationship and identity certificate
4)Peer节点启动4) Peer node startup
5)Peer节点加入应用channel5) Peer node joins application channel
6)安装项目链码6) Install the project chaincode
自此,用户、运营商与第三方平台均已部署完成,系统启动完成,即可进行注册、签约、调度、采集、结算等业务流程。Since then, the deployment of users, operators and third-party platforms has been completed, and the system startup has been completed, and business processes such as registration, contract signing, scheduling, collection, and settlement can be performed.
本申请中所涉及的网络质量通过网络质量数据来体现,在用户与第三方签订的合约、运营商与第三方签订的合约,以及运营商与用户之间签订的合约中均有对网络质量的约定,具体体现为流量参数、需求参数、服务参数等,在采集单元中是质量探测参数,其用来描述一段时间内的网络性能指标,通常共包含以下参数:记录开始时间begintime、记录结束时间endtime、最大抖动maxShake、平均速率rate、时延delay、带宽bandwidth、丢包率packetLoss等。The network quality involved in this application is reflected by the network quality data. There are contracts signed between users and third parties, contracts signed between operators and third parties, and contracts signed between operators and users. The agreement is embodied in traffic parameters, demand parameters, service parameters, etc. In the acquisition unit, it is the quality detection parameter, which is used to describe the network performance indicators within a period of time, and usually includes the following parameters: recording start time begintime, recording end time endtime, maximum jitter maxShake, average rate rate, delay delay, bandwidth bandwidth, packet loss rate packetLoss, etc.
上述仅为本申请的较佳实施例,并不用以限制本申请,凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above are only preferred embodiments of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application. Inside.

Claims (10)

  1. 基于区块链的SD-WAN业务系统,其特征在于,所述业务系统包含A blockchain-based SD-WAN business system, characterized in that the business system includes
    区块链节点模块,所述区块链节点模块包含设备节点,所述设备节点分为第三方平台侧节点、用户侧节点及运营商侧节点;a blockchain node module, where the blockchain node module includes device nodes, and the device nodes are divided into third-party platform-side nodes, user-side nodes, and operator-side nodes;
    智能合约模块,所述智能合约模块用于实现第三方平台、用户及运营商之间的签约、记账、结算、处罚功能;A smart contract module, which is used to realize the functions of contract signing, bookkeeping, settlement and punishment among third-party platforms, users and operators;
    区块链用户模块,所述区块链用户模块用于给用户提供与区块链交互的客户端;a blockchain user module, the blockchain user module is used to provide users with a client that interacts with the blockchain;
    SD-WAN服务模块,所述SD-WAN服务模块负责根据签约数据以及网络质量情况进行智能化地网络调度;SD-WAN service module, the SD-WAN service module is responsible for intelligent network scheduling according to contract data and network quality;
    平台服务端模块,所述平台服务端模块用于对用户及运营商实施注册、签约功能;a platform server module, the platform server module is used to perform registration and signing functions for users and operators;
    认证平台服务模块,所述认证平台服务模块负责为区块链提供运营维护功能,负责成员身份认证、许可准入管理,对认证成功的账户或节点签发签名证书,通信证书,服务证书,并负责证书的管理。Authentication platform service module, the authentication platform service module is responsible for providing operation and maintenance functions for the blockchain, responsible for member identity authentication, license access management, and issuing signature certificates, communication certificates, and service certificates to accounts or nodes that are successfully authenticated, and is responsible for Management of certificates.
  2. 根据权利要求1所述的基于区块链的SD-WAN业务系统,其特征在于,所述SD-WAN服务模块分为调度、采集、网络探针和调度代理四个单元,其中,The blockchain-based SD-WAN business system according to claim 1, wherein the SD-WAN service module is divided into four units: scheduling, collection, network probe and scheduling agent, wherein,
    所述调度单元负责网络流量调度,所述采集单元负责两端的实时流量采集;The scheduling unit is responsible for network traffic scheduling, and the collection unit is responsible for real-time traffic collection at both ends;
    所述网络探针与调度代理单元均部署在用户以及运营商设备上。The network probe and the scheduling agent unit are both deployed on user and operator equipment.
  3. 根据权利要求1所述的基于区块链的SD-WAN业务系统,其特征在于,所述智能合约模块按照其功能分为:The blockchain-based SD-WAN business system according to claim 1, wherein the smart contract module is divided into:
    身份校验、授权鉴权模块:负责鉴定用户读写权限;Identity verification, authorization and authentication module: responsible for identifying the user's read and write permissions;
    签约模块:负责所有签约流程;Signing module: responsible for all signing processes;
    记账模块:负责调度过程中,从采集系统中获取流量使用记录;Accounting module: responsible for obtaining traffic usage records from the acquisition system during the scheduling process;
    结算模块:负责结算用户与运营商之间的账单流程;Settlement module: responsible for clearing the billing process between users and operators;
    罚处模块:负责记录运营商、第三方和用户的违规情况,用作后期惩罚的凭证。Punishment module: responsible for recording the violations of operators, third parties and users, and use it as a certificate for later punishment.
  4. 基于区块链的SD-WAN业务实现方法,其特征在于,所述方法包括以下步骤:A blockchain-based SD-WAN service implementation method, characterized in that the method includes the following steps:
    步骤一,运营商和用户分别在区块链认证平台服务模块中进行注册、签约;Step 1, the operator and the user respectively register and sign in the service module of the blockchain authentication platform;
    步骤二,SD-WAN控制器根据签约数据以及网络质量情况进行智能化网络调度;Step 2, the SD-WAN controller performs intelligent network scheduling according to the contract data and network quality;
    步骤三,智能合约模块按照合同中规定的方式,为用户产生的流量实施记账、结算。Step 3, the smart contract module implements accounting and settlement for the traffic generated by the user according to the method specified in the contract.
  5. 根据权利要求4所述的业务实现方法,其特征在于,所述用户在区块链认证平台服务模块中进行签约包含以下两种模式:The service implementation method according to claim 4, wherein the signing by the user in the service module of the blockchain authentication platform includes the following two modes:
    直签模式:直接签约模式的签约双方为运营商和用户,在这种模式下,所述第三方平台提供不同运营商由用户选择,不参与合同签约过程;Direct signing mode: The contracting parties of the direct signing mode are the operator and the user. In this mode, the third-party platform provides different operators for the user to choose, and does not participate in the contract signing process;
    代理签模式:代理签约模式的签约双方为第三方平台和用户,在第三方平台方与运营商签约时,运营商签署同意自由被调度的合同,在网络流量调度过程中能够被自由调度。Proxy signing mode: The contracting parties of the proxy signing mode are the third-party platform and the user. When the third-party platform signs the contract with the operator, the operator signs a contract that agrees to be freely scheduled, and can be freely scheduled during the network traffic scheduling process.
  6. 根据权利要求4所述的业务实现方法,其特征在于,所述步骤二具体为:The service implementation method according to claim 4, wherein the step 2 is specifically:
    步骤2.1,SD-WAN控制器首先识别用户在所述区块链认证平台服务模块签约的形式,如果是直签模式,则区块链调度单元向用户、运营商调度代理单元发送调度指令,用户与运营商建立连接开始通信;Step 2.1, the SD-WAN controller first identifies the form that the user signs in the blockchain authentication platform service module. If it is a direct sign mode, the blockchain scheduling unit sends a scheduling instruction to the user and the operator scheduling agency unit, and the user Establish a connection with the operator to start communication;
    如果是代理签模式,则区块链调度单元查找与签约合同中流量参数相匹配的运营商,然后向用户、运营商调度代理发送调度指令,用户与运营商建立连接开始通信;If it is an agent signing mode, the blockchain scheduling unit searches for an operator that matches the traffic parameters in the contract, and then sends a scheduling instruction to the user and the operator's scheduling agent, and the user and the operator establish a connection to start communication;
    步骤2.2,所述用户与运营商设备网络探针推送流量记录给SD-WAN控制器的采集单元;Step 2.2, the user and the operator equipment network probe pushes the traffic record to the collection unit of the SD-WAN controller;
    步骤2.3,当用户设备探针检测到网络质量下降时,向所述采集单元反馈网络质量,在代理签模式中,所述用户向调度单元请求流量调度;Step 2.3, when the user equipment probe detects that the network quality is degraded, it feeds back the network quality to the collection unit, and in the proxy sign mode, the user requests the scheduling unit for traffic scheduling;
    步骤2.4,所述调度单元根据用户签约的情况向用户调度代理单元发送调度指令。Step 2.4, the scheduling unit sends a scheduling instruction to the user scheduling agent unit according to the user's subscription status.
  7. 根据权利要求4所述的业务实现方法,其特征在于,所述步骤三具体为:The service implementation method according to claim 4, wherein the step 3 is specifically:
    直签模式中,结算按照合同规定的方式,用户直接与运营商结算,结算后运营商将链上待缴费记录清零。In the direct signing mode, the settlement is based on the method stipulated in the contract, the user directly settles with the operator, and the operator clears the payment record on the chain after settlement.
  8. 根据权利要求4所述的业务实现方法,其特征在于,所述步骤三具体为:代理签模式中,The service implementation method according to claim 4, wherein the step 3 is specifically: in the proxy signing mode,
    步骤3.1,在合同约定的时间由所述平台服务端向区块链提出结算申请;Step 3.1, at the time agreed in the contract, the platform server submits a settlement application to the blockchain;
    步骤3.2,区块链平台根据合约生成用户的账单,账单进入待结算状态,然后将账单发回平台服务端;Step 3.2, the blockchain platform generates the user's bill according to the contract, the bill enters the pending settlement state, and then sends the bill back to the platform server;
    步骤3.3,所述平台服务端将账单发给对应用户;Step 3.3, the platform server sends the bill to the corresponding user;
    步骤3.4,用户与第三方平台进行线下结算;Step 3.4, the user conducts offline settlement with the third-party platform;
    步骤35,线下结算完成后,平台服务端向区块链平台提交账单已结算的交易;Step 35: After the offline settlement is completed, the platform server submits the bill-settled transaction to the blockchain platform;
    步骤3.6,所述区块链平台更新账单状态并通知用户账单已结算。Step 3.6, the blockchain platform updates the bill status and informs the user that the bill has been settled.
  9. 根据权利要求4所述的业务实现方法,其特征在于,所述方法还包括:The service implementation method according to claim 4, wherein the method further comprises:
    所述运营商变更合同流程为:The operator's contract change process is as follows:
    直签模式中,运营商合同变更根据运营商规定,如果用户不满意该变更结果,选择与该运营商终止合同,重新选择新的运营商;In the direct-signature mode, the operator's contract is changed according to the operator's regulations. If the user is not satisfied with the change result, choose to terminate the contract with the operator and re-select a new operator;
    代理签模式中,运营商先向区块链平台提交变更申请,区块链记录变更申请后向所述SD-WAN调度模块发送该运营商变更合同的消息,然后所述SD-WAN调度模块将该运营商的设备断开连接,待区块链变更合同状态并将合同模板发送给运营商管理员,运营商管理员加 盖电子签章后将合同提交给区块链;第三方平台发现待盖章的电子合同后加盖电子签章并上传至区块链,区块链变更合同状态后通知SD-WAN调度模块该运营商的新的服务参数以及资费。In the proxy signing mode, the operator first submits a change application to the blockchain platform, and then the blockchain records the change application and sends a message of the operator's contract change to the SD-WAN scheduling module, and then the SD-WAN scheduling module will The operator's equipment is disconnected. After the blockchain changes the contract status and sends the contract template to the operator administrator, the operator administrator affixes the electronic signature and submits the contract to the blockchain; The stamped electronic contract is stamped with an electronic signature and uploaded to the blockchain. After the blockchain changes the contract status, the SD-WAN scheduling module will be notified of the operator's new service parameters and tariffs.
  10. 根据权利要求4所述的业务实现方法,其特征在于,所述方法还包括:The service implementation method according to claim 4, wherein the method further comprises:
    所述用户变更合同流程为:The user change contract process is as follows:
    直签模式中,用户要求变更合同直接与运营商商谈,完成后将新合同上传至区块链;In the direct signing mode, the user requests to change the contract to negotiate directly with the operator, and upload the new contract to the blockchain after completion;
    6.代理签模式中,企业用户向区块链平台提交合同变更申请,区块链记录变更申请后向SD-WAN调度模块发送消息,通知该用户合同将发生变更,所述SD-WAN调度模块将该用户的设备断开连接;然后,区块链变更合同状态并将合同模板发送给对应用户,用户加盖电子签章后将合同提交给区块链;平台服务端发现待盖章的电子合同后加盖电子签章并上传至区块链;最后区块链收到双方签章完成的合同后通知SD-WAN调度模块、用户、平台方合同变更完成,SD-WAN控制器开始调度。6. In the proxy signing mode, the enterprise user submits a contract change application to the blockchain platform, and the blockchain records the change application and sends a message to the SD-WAN scheduling module to notify the user that the contract will be changed. The SD-WAN scheduling module The user's device is disconnected; then, the blockchain changes the contract status and sends the contract template to the corresponding user, and the user affixes the electronic signature and submits the contract to the blockchain; the platform server finds the electronic signature to be sealed After the contract is affixed with an electronic signature and uploaded to the blockchain; finally, the blockchain notifies the SD-WAN scheduling module, the user, and the platform that the contract change is completed after receiving the contract signed by both parties, and the SD-WAN controller starts scheduling.
PCT/CN2020/120651 2020-09-04 2020-11-06 Blockchain-based sd-wan service system, and implementation method for same WO2022047890A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010923513.5 2020-09-04
CN202010923513.5A CN112235239B (en) 2020-09-04 2020-09-04 SD-WAN service system based on block chain and implementation method thereof

Publications (1)

Publication Number Publication Date
WO2022047890A1 true WO2022047890A1 (en) 2022-03-10

Family

ID=74116365

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/120651 WO2022047890A1 (en) 2020-09-04 2020-11-06 Blockchain-based sd-wan service system, and implementation method for same

Country Status (2)

Country Link
CN (1) CN112235239B (en)
WO (1) WO2022047890A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113961571B (en) * 2021-12-22 2022-03-22 太极计算机股份有限公司 Multi-mode data sensing method and device based on data probe
CN114390460A (en) * 2022-01-17 2022-04-22 湖南塔澳通信有限公司 Cloud SIM service subscription and management platform
CN115348211B (en) * 2022-07-04 2024-03-19 深圳市高德信通信股份有限公司 Method for processing computing tasks using available network nodes

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2278539A1 (en) * 2009-07-17 2011-01-26 Tomasz Hundt Method for performing financial operations and mobility account system
CN109447643A (en) * 2018-10-31 2019-03-08 中国银联股份有限公司 A kind of data-sharing systems and data sharing method based on block chain
CN110248351A (en) * 2019-07-02 2019-09-17 中国联合网络通信集团有限公司 A kind of communication means based on block chain, local number portability home location register
CN110490684A (en) * 2018-07-09 2019-11-22 江苏恒宝智能系统技术有限公司 A kind of railway booking management system based on block chain
CN111353783A (en) * 2018-12-21 2020-06-30 西安佰才邦网络技术有限公司 Block chain based signing method and equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136864B (en) * 2007-09-30 2011-05-11 中兴通讯股份有限公司 Service information based resource demand admittance controlled method
CN107645715B (en) * 2016-07-22 2021-02-09 华为终端有限公司 Method and equipment for formulating user package
CN109961281B (en) * 2017-12-22 2022-03-22 中国电信股份有限公司 Traffic settlement method, system, base station and computer readable storage medium
CN109840845B (en) * 2018-11-23 2021-01-26 赣州太一智源科技有限公司 Communication settlement method
US11251963B2 (en) * 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2278539A1 (en) * 2009-07-17 2011-01-26 Tomasz Hundt Method for performing financial operations and mobility account system
CN110490684A (en) * 2018-07-09 2019-11-22 江苏恒宝智能系统技术有限公司 A kind of railway booking management system based on block chain
CN109447643A (en) * 2018-10-31 2019-03-08 中国银联股份有限公司 A kind of data-sharing systems and data sharing method based on block chain
CN111353783A (en) * 2018-12-21 2020-06-30 西安佰才邦网络技术有限公司 Block chain based signing method and equipment
CN110248351A (en) * 2019-07-02 2019-09-17 中国联合网络通信集团有限公司 A kind of communication means based on block chain, local number portability home location register

Also Published As

Publication number Publication date
CN112235239B (en) 2021-08-24
CN112235239A (en) 2021-01-15

Similar Documents

Publication Publication Date Title
WO2022047890A1 (en) Blockchain-based sd-wan service system, and implementation method for same
JP5631402B2 (en) Real-time configuration and provisioning for Carrier Ethernet Exchange
CN109522735A (en) A kind of data permission verification method and device based on intelligent contract
WO2020173499A1 (en) Public chain-based sub-blockchain construction method and system
CN108876669B (en) Course notarization system and method applied to multi-platform education resource sharing
US10045211B2 (en) Authentication and authorization of mobile devices for usage of access points in an alternative network
CN110677383B (en) Firewall wall opening method and device, storage medium and computer equipment
CN112468441A (en) Cross-heterogeneous-domain authentication system based on block chain
US8677169B2 (en) Session redundancy using a replay model
US20020007346A1 (en) Method and apparatus for establishing global trust bridge for multiple trust authorities
CN113824563A (en) Cross-domain identity authentication method based on block chain certificate
CN111507747B (en) Block chain point exchange mileage system
CN112861090A (en) Information processing method, device, equipment, storage medium and computer program product
CN116150260A (en) Data processing method, device, medium and electronic equipment of block chain system
CN110636127B (en) Communication processing method and system between information data
CN110138779A (en) A kind of Hadoop platform security control method based on multi-protocols reverse proxy
JP2019004263A (en) Gateway device, usage management system, usage control method, and usage control program
CN111522882A (en) Internal model management system and method based on block chain
CN116186749A (en) Block chain-based service processing method and device, electronic equipment and readable medium
CN116186786A (en) Block chain-based service processing method and device, electronic equipment and readable medium
CN114079632A (en) Credible inter-domain routing method and system based on block chain
CN116233139A (en) Data processing method, device, medium and electronic equipment of block chain system
CN112581097A (en) Responsibility tracing method based on block chain
KR20210022378A (en) Electronic attendance system based on blockchain and method thereof
JP2022518621A (en) How to provide neutral network services using blockchain and systems and equipment for that purpose

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20952132

Country of ref document: EP

Kind code of ref document: A1