Disclosure of Invention
One or more embodiments of the present disclosure describe a method and an apparatus for accessing a server in a private network, which can avoid interference between access flows of different service types.
According to a first aspect, there is provided a method for accessing a server in a private network, including:
the proxy server node receives a cross-network connection request for the access sent by a client through a first connection, wherein the cross-network connection request is used for the client in an external network to access a server in a private network, and the cross-network connection request carries a private network address of the server;
the proxy server node determines the service type accessed at this time;
The proxy server node selects a public network connection corresponding to the service type accessed at this time from at least two public network connections between the proxy server node and the proxy client node, wherein different service types correspond to different public network connections;
The proxy server node sends a cross-network connection request to the proxy client node through the selected public network connection;
After receiving the successful connection message returned by the proxy client node, the proxy server node returns the successful connection message to the client;
And the proxy server node transmits the accessed information between the client and the server by using the first connection and the selected public network connection.
The first connection is a connection which is initiated and established by the client to the proxy server node and is based on a socks5 protocol; and/or, the cross-network connection request carries the service type information accessed at this time; correspondingly, the proxy server node determining the service type of the current access comprises the step that the proxy server node determines the service type of the current access by analyzing the cross-network connection request.
Before the access is generated, the method further comprises the step that the proxy server node and the proxy client node establish the at least two public network connections.
The proxy server node establishes the at least two public network connections with the proxy client node, and comprises the steps that after the proxy client node is started, the proxy server node establishes initial channel connection with the proxy client node, the proxy server node dynamically updates information of each service type required at present to the proxy client node through the initial channel connection, and the proxy server node and the proxy client node dynamically set a corresponding public network connection for each service type required at present according to the dynamically updated information of the service type.
At least two accesses of the same service type multiplex the same public network connection of the at least two public network connections, wherein the at least two accesses are accesses initiated by at least one client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network.
After receiving the request for cross-network connection, the proxy server node further comprises assigning a cross-network connection ID for the access by the proxy server node before the proxy server node sends the request for cross-network connection to the proxy client node through the selected public network connection;
the method further comprises the steps of:
The proxy server node binds the cross-network connection ID with the first connection;
The proxy server node adds the cross-network connection ID in all first information of the current access sent to the proxy client node;
The proxy server node analyzes the cross-network connection ID from the second information sent by the proxy client node, deletes the cross-network connection ID in the second information, and then sends the second information to the client through the first connection bound with the analyzed cross-network connection ID, wherein the information comprises signaling and data.
Setting a special sending queue and a special working thread for the public network connection in the proxy server node aiming at each public network connection in the at least two public network connections;
The proxy server node transmits information between the client and the server by using a first connection and a selected public network connection, and comprises the proxy server node receiving the information sent by the client through the first connection, the proxy server node placing the received information into a transmission queue special for the selected public network connection by using a working thread special for the selected public network connection, and the proxy server node sequentially taking out the information from the transmission queue special for the public network connection by using the working thread special for the selected public network connection and transmitting the taken out information to the proxy client node through the selected public network connection.
According to a second aspect, there is provided a method for accessing a server in a private network, wherein at least two public network connections are established between a proxy client node in the private network and a proxy server node outside the private network, wherein different service types correspond to different public network connections, the method comprising:
The proxy client node receives a cross-network connection request aiming at the access from one public network connection in at least two public network connections, wherein the cross-network connection request carries a private network address of a server in a private network;
The proxy client node establishes a second connection with the server according to a private network address carried in the cross-network connection request;
After the second connection is established successfully, the proxy client node returns a connection success message to the proxy server node through the public network connection which receives the cross-network connection request;
and the proxy client node transmits the information of the current access between the client and the server by using the second connection and the public network connection which receives the cross-network connection request.
The cross-network connection request received by the proxy client node carries a cross-network connection ID;
after establishing the second connection, further comprising:
The proxy client node binding the cross-network connection ID with the second connection;
The proxy client node adds the cross-network connection ID to all second information of the current access sent to the proxy server node, and sends all first information to the server through a second connection bound with the cross-network connection ID according to the cross-network connection ID carried in all first information sent by the proxy server node, wherein the information comprises signaling and data.
Setting a special sending queue and a special working thread for the public network connection in the proxy client node for each of the at least two public network connections;
the proxy client node transmits the information of the current access between the client and the server by using the second connection and the public network connection receiving the cross-network connection request, and comprises the steps that the proxy client node receives the information sent by the server through the second connection, the proxy client node puts the received information into a special transmission queue of the public network connection by using a special working thread of the public network connection receiving the cross-network connection request, and the proxy server node sequentially takes out the information from the special transmission queue by using the special working thread and transmits the taken information to the proxy server node through the public network connection.
According to a third aspect, there is provided a method of accessing a server in a private network, comprising:
The method comprises the steps that a client establishes first connection with a proxy server node, the client sends a cross-network connection request aiming at the current access to the proxy server node through the first connection, wherein the cross-network connection request is used for the client in an external network to access a server in a private network, and the cross-network connection request carries a private network address of the server.
According to a fourth aspect, there is provided an apparatus for accessing a server in a private network, for use in a proxy server node, the apparatus comprising:
the proxy server module is configured to establish a first connection with the client;
The cross-network server side module is configured to establish at least two public network connections with the proxy client side node, wherein different service types correspond to different public network connections;
The processing module is configured to receive a cross-network connection request for the current access sent by a client through a first connection established by the proxy server module, the cross-network connection request is used for the client in an external network to access a server in a private network, the cross-network connection request carries a private network address of the server, the service type of the current access is determined, a public network connection corresponding to the service type of the current access is selected from at least two public network connections established by the cross-network server module, the cross-network connection request is sent to a proxy client node through the selected public network connection, after a connection success message returned by the proxy client node is received, the first connection established by the proxy server module sends a connection success message to the client, and the first connection established by the proxy server module and the public network connection established by the cross-network server module transmit the information of the current access between the client and the server.
According to a fifth aspect, there is provided an apparatus for accessing a server in a private network, for use in a proxy client node, the apparatus comprising:
the cross-network server unit is configured to establish at least two public network connections with proxy server nodes outside the private network, wherein different service types correspond to different public network connections;
the control unit is configured to receive a cross-network connection request aiming at the access from one public network connection in the at least two public network connections, and analyze a private network address of a server side in a private network carried in the cross-network connection request; after the second connection is established successfully, a connection success message is returned to the proxy server node through the public network connection which receives the cross-network connection request;
and the proxy client unit is configured to establish a second connection with the server according to the private network address carried in the cross-network connection request.
According to a sixth aspect, there is provided an apparatus for accessing a server in a private network, for application to a client, the apparatus comprising:
the connection establishment module is configured to establish a first connection with the proxy server node;
the information processing module is configured to send a cross-network connection request for the current access to the proxy server node through the first connection, wherein the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server.
According to a seventh aspect, there is provided a computing device comprising a memory having executable code stored therein and a processor which, when executing the executable code, implements a method as described in any of the embodiments of the present specification.
The method and the device for accessing the server in the private network provided by the embodiments of the present disclosure have at least the following beneficial effects:
1. At least two public network connections are established between the same proxy server node and the same proxy client node, and different service types correspond to different public network connections, that is, the accessed traffic of different service types is transmitted through different public network connections. In this way, the problem of mutual interference of accessed data of different service types is avoided.
2. Because the access of the same service type is the same as the requirement of network bandwidth, response time and the like, in one embodiment of the present disclosure, each access of the same service type may multiplex a public network connection between the proxy server node and the proxy client node, so that resources of the public network connection may be saved.
3. In the prior art, after the access is initiated, the proxy server node sends an instruction of newly-built public network connection to the proxy client node, and the proxy client node initiates the establishment of a new public network connection to the proxy server node after receiving the instruction, so that additional time consumption in two aspects of sending the instruction and newly-built public network connection can be achieved, and the additional time consumption can reach hundred milliseconds or even seconds in a cross-regional and national cloud data transmission scene, thereby seriously affecting the efficiency of establishing the cross-network connection. In the embodiment of the specification, the public network connection between the proxy server node and the proxy client node can be pre-established before the access is initiated, so that the additional time consumption in the aspects of the sending instruction and the newly-built public network connection in the prior art does not exist after the access is initiated, the establishment time of the cross-network connection from the client to the server can be shortened, and the access efficiency to the server in the private network can be improved.
4. In one embodiment of the present disclosure, at least two public network connections between the proxy server node and the proxy client node are dynamically established, that is, instead of fixing a fixed number of public network connections in advance, at least two public network connections may be dynamically set according to various service types that need to be used in a period of time, so that the method and the device can adapt to dynamic change requirements of services and avoid waste of public network connection resources.
5. In one embodiment of the present disclosure, a dedicated working thread and a dedicated sending queue may be set in the proxy client node and the proxy server node for each public network connection, so that resources occupied by the working thread and the sending queue may be dynamically adjusted according to a required amount of resources by a service type corresponding to each public network connection, and service requirements are more met.
Detailed Description
Some proprietary names referred to in the embodiments of the present specification will be first described.
And the server side is software for providing a certain service or hardware equipment for bearing the software.
Private network-private network environments isolated from other network environments, such as virtual private cloud (VPC, virtual Private Cloud), local area network, and the like.
The private network penetration is a network technology capable of accessing a service end in the private network from an external network, firstly, a network channel from the private network to a public network is established, then, a network request is initiated from the external network to the service end in the private network by utilizing the channel in a reverse direction, the technology does not need to directly expose a port from the service end in the private network to the public network, and the privacy of the private network environment can be ensured.
Referring to fig. 1, the method for accessing the service end in the private network by using the private network penetration technology comprises the steps of setting a proxy service end node (which can be called a proxy server) for a client in the public network, setting a proxy client node (which can be called a proxy agent) for the service end in the private network environment, and establishing a connection from the client to the proxy service end node, a public network connection from the proxy service end node to the proxy client node and a private network connection from the proxy client node to the service end when one client needs to access one service end in the private network environment, so that a cross-network connection from the client of the external network to the service end in the private network is realized, thereby realizing the access of the client of the external network to the service end in the private network.
Referring to fig. 1, the number of clients is m, and the number of servers in the private network environment V is s, where m and s are positive integers greater than 1. For example, s is greater than m, and when multiple clients, such as m clients, access m servers in private network environment V simultaneously, in the prior art, the public network connection from the proxy server node to the proxy client node is multiplexed. That is, only one public network connection is established between the same proxy server node and the same proxy client node, and m accessed data of m clients to m servers in the private network environment V are transmitted through the same public network connection. Thus, the problem of interference between the accessed traffic of different traffic types is caused. For example, when m accessed data are transmitted by sharing the public network connection, it may be necessary to simultaneously transmit a file download request based on HTTP protocol corresponding to access 1 and transmit a heartbeat message corresponding to access 2, where the file download request is characterized by a large data transmission amount and insensitive to delay, and the heartbeat message is smaller in data amount and sensitive to delay, because of the public network connection between the shared proxy server node and the proxy client node, the file download request of access 1 occupies a large amount of network resources to perform data transmission, resulting in that the heartbeat message of access 2 cannot be timely transmitted, and finally, a user has an abnormal occurrence such as timeout.
The following describes the scheme provided in the present specification with reference to the drawings.
It is first noted that the terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
To facilitate understanding of the present specification, a system architecture to which the present specification applies will be described first. As shown in fig. 2, the system architecture mainly includes at least one client connected to the same proxy server node, a proxy server node (may be referred to as a proxy server) located in a public network, a proxy client node (may be referred to as a proxy agent) located in a private network environment V, and at least one server connected to the proxy client node located in the private network environment V. As shown in fig. 2, n public network connections are established between the proxy server node and the proxy client node, where n is a positive integer greater than 1, and different public network connections correspond to different service types.
It should be understood that the number of clients m, the number of servers s, and the number of public network connections n in fig. 2 are merely illustrative. Any number may be selected and deployed as desired for implementation.
In the embodiments of the present specification, processes of a proxy server node (may be referred to as a proxy server), a proxy client node (may be referred to as a proxy agent), a client, and a server are referred to. The following describes the embodiments in each case.
Fig. 3 is a flow chart of a method of accessing a server in a private network applied to a proxy server node in one embodiment of the present description. It will be appreciated that the method may be performed by any apparatus, device, platform, cluster of devices, having computing, processing capabilities. Referring to fig. 2 and 3, the method includes:
Step 301, a proxy server node receives a cross-network connection request for the current access sent by a client through a first connection, where the cross-network connection request is used for the client in an external network to access a server in a private network and carries a private network address of the server.
Step 303, the proxy server node determines the service type accessed at this time.
Step 305, the proxy server node selects a public network connection corresponding to the service type accessed at this time from at least two public network connections between the proxy server node and the proxy client node, wherein different service types correspond to different public network connections.
Step 307, the proxy server node sends the cross-network connection request to the proxy client node through the selected public network connection.
Step 309, after receiving the connection success message returned by the proxy client node, the proxy server node returns the connection success message to the client.
Step 311, the proxy server node transmits the information of the current access between the client and the server by using the first connection and the selected public network connection.
As can be seen from the above procedure shown in fig. 3, in the embodiment of the present disclosure, at least two public network connections are established between the same proxy server node and the same proxy client node, and different service types correspond to different public network connections. In this way, various disadvantages caused by the fact that m clients transmit m accessed data of m servers in the private network environment V through the same public network connection in the prior art are avoided. In the embodiment of the present disclosure, the traffic of the accesses of different service types may be transmitted through different public network connections, so they do not interfere with each other.
Fig. 4 is a flow chart of a method applied to proxy client nodes to access a server in a private network in one embodiment of the present description. It will be appreciated that the method may be performed by any apparatus, device, platform, cluster of devices, having computing, processing capabilities. Referring to fig. 2,3 and 4, at least two public network connections are established between a proxy client node in a private network and a proxy server node outside the private network, wherein different service types correspond to different public network connections, and the method comprises:
step 401, the proxy client node receives a cross-network connection request for the current access from one public network connection of at least two public network connections, wherein the cross-network connection request carries a private network address of a server in a private network.
Step 403, the proxy client node establishes a second connection with the corresponding server according to the private network address carried in the cross-network connection request.
Step 405, after the second connection is established successfully, the proxy client node returns a connection success message to the proxy server node through the public network connection which receives the cross-network connection request.
Step 407, the proxy client node transmits the information of the current access between the client and the server by using the second connection and the public network connection receiving the cross-network connection request.
Fig. 5 is a flowchart of a method applied to a client for accessing a server in a private network in one embodiment of the present disclosure. It will be appreciated that the method may be performed by any apparatus, device, platform, cluster of devices, having computing, processing capabilities. Referring to fig. 2,3, 4 and 5, the method comprises:
step 501, a client establishes a first connection with a proxy server node.
Step 503, the client sends a cross-network connection request for the current access to the proxy server node through the first connection, wherein the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server.
Each step in the process shown in fig. 3 to 5 will be described below with reference to specific embodiments and fig. 2 and 6. The process of accessing the server in the private network by the client, the proxy server node, the proxy client node and the server cooperation comprises the following steps:
Step 501 is first performed where a client establishes a first connection with a proxy server-side node.
Referring to fig. 2 and 6, in the embodiment of the present disclosure, the server is located in a private network environment V, and the client may be located in another private network environment or in a public network.
When a client (for convenience of description, denoted as client 1) needs to use a service provided by a server (for convenience of description, denoted as server 1), access to the server 1 is initiated, and a first connection is requested to be established with a proxy server node. For example, when the server 1 is a database located in a private network environment, and the client 1 needs to access the database to obtain corresponding data stored in the database, a first connection, such as a connection corresponding to the access 1 of the service type a shown in fig. 6, may be initiated.
Here, the first connection may be a connection based on the socks5 protocol, which is initiated by the client 1 towards the proxy server node.
As shown in fig. 6, a proxy server node may specifically include two interfaces, one referred to as a proxy server and the other as a cross-network server. The proxy client node may in particular also comprise two interfaces, one referred to as proxy client and the other as cross-network server. The proxy server is used for connecting and exchanging information with the client, the cross-network server in the proxy server node is used for connecting and exchanging information with the cross-network server in the proxy client node, and the proxy client is used for connecting and exchanging information with the server. Thus, in this step 501, the client may be to establish a first connection with the proxy server.
Step 503 is executed next, where the client sends a cross-network connection request for the current access to the proxy server node through the first connection, where the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server.
The cross-network connection request sent by the client can further carry the service type information accessed at this time and/or further carry the identification of the private network where the server is located. Therefore, in one embodiment of the present disclosure, the client 1 may carry, via the socks5 protocol, the service type information accessed at this time, the identifier of the private network where the server 1 is located, and the private network address of the server 1 at the same time in the destination address of the cross-network connection request.
Step 301 is next executed, in which the proxy server node receives, through the first connection, a cross-network connection request for the current access sent by the client, where the cross-network connection request is used for the client in the external network to access a server in the private network and carries a private network address of the server.
As shown in fig. 6, in step 503, the client may send a request for a cross-network connection to the proxy server. Then, in step 301, a proxy server in the proxy server node receives a cross-network connection request.
Next, step 303 is executed, in which the proxy server node determines the service type of the current access.
As mentioned above, the request for cross-network connection sent by the client may further carry the service type information of the current access, so an implementation process of this step 303 includes that the proxy server node determines the service type of the current access by analyzing the request for cross-network connection.
In another embodiment of the present disclosure, another implementation procedure of step 303 includes that the proxy server node determines the service type of the current access according to the received instruction of the manager.
In this embodiment of the present disclosure, a service type of access refers to a type of service required for the access, for example, the service type is a web page for browsing a website, for example, the service type is a file downloaded from a database, for example, the service type is a capability test performed by a server in a private network on a client.
Step 305 is next executed, in which the proxy server node selects a public network connection corresponding to the service type accessed at this time from at least two public network connections between the proxy server node and the proxy client node, where different service types correspond to different public network connections.
The requirements for network bandwidth and response speed are different for different traffic types. In the embodiment of the present disclosure, not all the accesses of the service types share one public network connection between the proxy server node and the proxy client node, but different service types correspond to different public network connections, that is, the information (including signaling and data) of the accesses of the different service types is transmitted through the different public network connections, so mutual interference is avoided. For example, referring to fig. 6, when multiple clients, such as m clients, where m is a positive integer greater than 1, access m servers in private network environment V simultaneously, the m accessed traffic is not transmitted from one public network connection between the proxy server node and the proxy client node, but is split according to the traffic type. That is, referring to fig. 6, according to the process of step 305, for access 1 corresponding to service type a (such as a file download request based on HTTP protocol) and access 2 corresponding to service type B (such as sending a heartbeat message), a public network connection corresponding to service type a is selected for the cross-network connection request of access 1, a public network connection corresponding to service type B is selected for the cross-network connection request of access 2, subsequently, information (including signaling and data) corresponding to access 1 is transmitted from the public network connection corresponding to service type a, and information (including signaling and data) corresponding to access 2 is transmitted from the public network connection corresponding to service type B.
As described above, at least two public network connections are established between the proxy server node and the proxy client node. The method of establishing the at least two public network connections is described below.
First, the time for establishing the connection between the at least two public networks.
Opportunity 1 is established after the initiation of access to a new service type. For example, in step 303, after determining the service type of the current access, the proxy server node notifies the proxy client node to establish if there is no public network connection corresponding to the service type.
The opportunity 2 is pre-established before the access is generated.
With the opportunity 2, after the client initiates a new access, there is no additional time consumption in two aspects of the sending instruction for establishing the public network connection and the newly-established public network connection, and the additional time consumption can reach the second level in a cross-regional and national multi-cloud data transmission scene, thereby seriously affecting the efficiency of establishing the cross-network connection. When the client initiates an access, the public network connection capable of transmitting the traffic of the access exists between the proxy server node and the proxy client node, so that the time for establishing the cross-network connection from the client to the server can be shortened, and the access efficiency to the server in the private network can be improved. When occasion 2 is employed, it may be that the establishment of at least two public network connections with the proxy server node is initiated immediately after the proxy client node is started.
And secondly, dynamically establishing the mode of establishing the at least two public network connections.
In an actual service implementation, the requirements of the service are dynamically changing. For example, in a certain period, each client needs to access the service of the service type a and the service type B provided by each service end in the private network, and in another period, each client needs to access the service of the service type C and the service type D provided by each service end in the private network. Therefore, in one embodiment of the present disclosure, when the above-mentioned opportunity 2 is adopted, that is, at least two public network connections between a proxy server node and the proxy client node are established before access occurs, a public network connection corresponding to each service type is dynamically established, and the specific implementation process includes:
Step S1, after the proxy client node is started, the proxy server node establishes initial channel connection with the proxy client node.
The initial path connection is also a public network connection, such as a TCP connection.
And step S3, the proxy server node dynamically updates the information of each service type currently required to the proxy client node through the initial channel connection.
And S5, the proxy server node and the proxy client node dynamically set a corresponding public network connection for each service type which is currently required according to the dynamically updated service type information.
In one embodiment of the present disclosure, in step S3, the proxy server node periodically sends information of all service types to be used in the present period to the proxy client node through the initial channel connection, and in step S5, the proxy client node establishes a corresponding cross-network channel, i.e. a public network connection, for each service type to the proxy server node in the present period according to the received information. It will be appreciated that the types of services that need to be accessed may be different in different periods, and therefore, the number of public network connections and the types of services corresponding to the public network connections that are set up may also be dynamically changed in different periods.
And thirdly, the using method of at least two public network connections between the proxy server node and the proxy client node is reusable.
In one embodiment of the present description, at least two accesses of the same traffic type multiplex the same one of the at least two public network connections, wherein the at least two accesses are accesses initiated by at least one client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network. For example, referring to fig. 6, among several clients, client 1 initiates access 1 corresponding to service type a, client 2 initiates access 2 corresponding to service type B, client 3 initiates access 3 corresponding to service type a, and clients 1,2 and 3 are all connected to the same proxy server node, so that, because the service types corresponding to access 1 and access 3 are the same as service type a, information (including signaling and data) of access 1 and access 3 are all transmitted through the same public network connection (i.e., public network connection corresponding to service type a). The service type corresponding to access 2 is different from the service types corresponding to access 1 and access 3, so that the information of access 2 is transmitted through another public network connection (i.e. the public network connection corresponding to service type B).
Thus, in the embodiments of the present description, at least two public network connections between the proxy client node and the proxy server node may be dynamically established in advance before access occurs, and information of different service types may be transmitted using different public network connections, and information of the same service type may be transmitted using the same public network connection.
It should be noted that, when each access of the same service type is multiplexed with the same public network connection for transmission, in order to further distinguish information of different accesses transmitted in the same public network connection, after receiving the request of cross-network connection in step 301, the proxy server node further includes allocating a cross-network connection ID for the access by the proxy server node before sending the request of cross-network connection to the proxy client node through the selected public network connection in step 307;
Accordingly, the method of the embodiment of the present specification further includes:
The proxy server node binds the cross-network connection ID with the first connection;
In one transmission direction, the proxy server node adds a cross-network connection ID in all information (recorded as first information) of the current access sent to the proxy client node, for example, including a cross-network connection request, so that the proxy client node can distinguish each access according to the cross-network connection ID;
in the other transmission direction, the proxy server node analyzes the cross-network connection ID from the information (recorded as second information) sent by the proxy client node, deletes the cross-network connection ID carried in the second information, and then sends the second information to the correct client through the first connection bound with the analyzed cross-network connection ID.
Next, step 307 is performed in which the proxy server node sends a request for a cross-network connection to the proxy client node over the selected public network connection.
For example, for a cross-network connection request sent from the client 1, the proxy server node sends the cross-network connection request to the proxy client node through a public network connection corresponding to the service type a.
If the accesses of the same service type multiplex the same public network connection, in order to distinguish the accesses of the same service type transmitted through the same public network, in step 307, the proxy server node will first add the cross-network connection ID allocated for the present access in the cross-network connection request, and then send the cross-network connection ID to the proxy client node.
Referring to fig. 6, in step 307, the cross-network server in the proxy server node may send the cross-network connection request to the cross-network server in the proxy client node.
Step 401 is next executed, in which the proxy client node receives a request for a cross-network connection for the current access from one of the at least two public network connections, where the cross-network connection request carries a private network address of a server in the private network.
As described above, the cross-network connection request may further carry a cross-network connection ID corresponding to the current access.
Step 403 is executed, where the proxy client node establishes a second connection with the server according to the private network address of the server carried in the cross-network connection request.
Here, the private network address of the server is typically an intranet IP address of the private network environment where the server is located.
As described above, the cross-network connection request may further carry a cross-network connection ID corresponding to the current access, so in step 403, the proxy client node may further bind the cross-network connection ID carried in the cross-network connection request with the second connection, so as to characterize which access corresponds to the second connection.
Referring to fig. 6, in step 403, a proxy client in the proxy client node may establish a second connection with a server in the private network.
Step 405 is next performed in which, after the second connection is established successfully, the proxy client node returns a connection success message to the proxy server node through the public network connection that received the cross-network connection request.
For example, for a cross-network connection request sent from the client 1, the proxy client node sends a connection success message to the proxy server node through the public network connection corresponding to the service type a.
Step 309 is next executed, in which the proxy server node returns a connection success message to the client accessed at this time after receiving the connection success message returned by the proxy client node.
So far, the cross-network connection from the client to the server is successfully established. The related data of the current access can be transmitted between the client and the server.
Next, step 311 is executed, in which the proxy server node transmits the information of the current access between the client and the server by using the first connection and the selected public network connection.
In the present embodiment, the information includes both various signaling, messages, and data.
Because different service types correspond to different public network connections, in order to further improve the processing efficiency, in one embodiment of the present disclosure, for each of at least two public network connections between a proxy client node and a proxy server node, a dedicated sending queue and a dedicated working thread for the public network connection are set in the proxy server node;
thus, referring to fig. 6, the implementation of step 311 includes:
the proxy server node receives the information of the current visit 1 sent by the client 1 through the first connection;
The proxy server node uses the selected special working thread for public network connection, such as the special working thread 1 for public network connection of the service type A, and puts the received information into the special sending queue for public network connection corresponding to the service type A to be recorded as the sending queue 1;
The proxy server node sequentially takes out information from the sending queue 1 by using the working thread 1, and sends the taken out information to the proxy client node through the public network connection corresponding to the service type A.
Therefore, each public network connection has independent sending queues and working threads, and data of a large-flow service type can only be cached in the sending queues special for the public network connection corresponding to the large-flow service type, so that more processing resources can be allocated for the large-flow service type, and then the special working threads for the public network connection of the large-flow service type are waited for sending, so that the flow of the cross-network connection of different service types is effectively isolated, and the interference among the cross-network connections of different flow characteristics is reduced. As shown in fig. 7, if both access 1 and access 3 are file download connections and the service types are file downloads, the transmitted file data is only buffered in the transmission queue 1 corresponding to the service type a and waits for the sending of the work thread 1, while the data of the access 2 of the service type B is buffered in the transmission queue 2 corresponding to the service type B and waits for the sending of the work thread 2, so that the data transmission of the access 2 is not affected by the data transmission of the access 1 and the access 3.
Next, step 407 is executed, in which the proxy client node transmits the information of the current access between the client and the server by using the second connection and the public network connection that received the cross-network connection request.
As mentioned above, the proxy client node binds the cross-network connection ID with the second connection, so the process of step 407 may include adding the cross-network connection ID to all the second information of the current access sent to the proxy server node by the proxy client node in one transmission direction, resolving the cross-network connection ID from the first information sent from the proxy server node by the proxy client node in another transmission direction, deleting the cross-network connection ID in the first information, and then sending the first information to the server through the second connection bound with the resolved cross-network connection ID, where the information includes signaling and data.
Because different service types correspond to different public network connections, in order to further improve the processing efficiency, in one embodiment of the present disclosure, for each of at least two public network connections between a proxy client node and a proxy server node, a dedicated sending queue and a dedicated working thread for the public network connection are set in the proxy client node;
Thus, referring to fig. 6, the implementation of step 407 includes:
The proxy client node receives information sent by a server, such as the server 1, through a second connection;
the proxy client node puts the received information into a special transmission queue of the public network connection by utilizing a special working thread of the public network connection such as the public network connection corresponding to the service type A which receives the cross-network connection request;
and the proxy server node sequentially takes out information from the special transmission queue by utilizing the special working thread and transmits the taken out information to the proxy server node through the public network connection.
In one embodiment of the present disclosure, there is provided an apparatus for accessing a server in a private network, where the apparatus is applied to a proxy server node, referring to fig. 7, and the apparatus includes:
A proxy server module 701 configured to establish a first connection with a client;
The cross-network server module 702 is configured to establish at least two public network connections with the proxy client node, where different service types correspond to different public network connections;
The processing module 703 is configured to receive a cross-network connection request for the current access sent by the client through the first connection established by the proxy server module 701, the cross-network connection request is used for the client in the external network to access to the server in the private network, the cross-network connection request carries the private network address of the server, determine the service type of the current access, select a public network connection corresponding to the service type of the current access from at least two public network connections established by the cross-network server module 702, send the cross-network connection request to the proxy client node through the selected public network connection, send a connection success message to the client through the first connection established by the proxy server module 701 after receiving a connection success message returned by the proxy client node, and transmit the information of the current access between the client and the server through the first connection established by the proxy server module 701 and the public network connection established by the cross-network server module 702.
In one embodiment of the apparatus of the present specification shown in fig. 7, the first connection is a connection based on the socks5 protocol initiated by the client to the proxy server node.
In one embodiment of the apparatus of the present specification shown in fig. 7, the cross-network connection request carries the service type information of the present access, and accordingly, the processing module 703 is configured to determine the service type of the present access by analyzing the cross-network connection request.
In one embodiment of the apparatus of this specification shown in fig. 7, the cross-network server module 702 establishes the at least two public network connections with proxy client nodes prior to the generation of the current access.
In one embodiment of the present description apparatus shown in fig. 7, the cross-web server module 702 is configured to perform:
After the proxy client node is started, establishing initial channel connection with the proxy client node;
dynamically updating information of each currently required service type to proxy client node via an initial channel connection, and
And the proxy client node dynamically sets a corresponding public network connection for each service type which is currently required according to the dynamically updated service type information.
In one embodiment of the present description apparatus shown in fig. 7, the processing module 703 is configured to:
the same one of the at least two public network connections established for the at least two access multiplexing cross-network server modules 702 of the same service type; wherein the at least two accesses are accesses initiated by at least a client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network.
In one embodiment of the present description apparatus shown in fig. 7, the processing module 703 is configured to:
after receiving the cross-network connection request and before sending the cross-network connection request to the proxy client node through the selected public network connection, distributing a cross-network connection ID for the access;
binding the cross-network connection ID with the first connection;
Adding the cross-network connection ID to all first information of the current access sent to the proxy client node;
And according to the cross-network connection IDs carried in all the second information sent by the proxy client node, all the second information is sent to the client through the first connection bound with the cross-network connection ID, wherein the information comprises signaling and data.
In one embodiment of the apparatus of the present specification shown in fig. 7, for each of the at least two public network connections, a dedicated send queue and a dedicated work thread for the public network connection are set in the processing module 703;
The processing module 703 is configured to perform:
receiving information sent by a client through a first connection;
The received information is put into a transmission queue special for the selected public network connection by utilizing the special working thread for the selected public network connection;
and sequentially taking out information from the special transmission queue of the public network connection by using the special working thread of the selected public network connection, and transmitting the taken out information to the proxy client node through the selected public network connection.
In an embodiment of the present disclosure, an apparatus for accessing a server in a private network is further provided, which is applied to a proxy client node, and see fig. 8, where the apparatus includes:
A cross-network server unit 801 configured to establish at least two public network connections with a proxy server node outside the private network, where different service types correspond to different public network connections;
A control unit 802, configured to receive a cross-network connection request for the current access from one of the at least two public network connections, and parse a private network address of a server in a private network carried in the cross-network connection request; after the second connection is established successfully, a connection success message is returned to the proxy server node through the public network connection which receives the cross-network connection request; the public network connection established by the cross-network server unit 801 and the second connection established by the proxy client unit 803 are utilized to transmit the information of the current access between the client and the server;
The proxy client unit 803 is configured to establish a second connection with the server according to the private network address carried in the cross-network connection request.
In one embodiment of the present description apparatus shown in fig. 8, the cross-network server unit 801 is configured to initiate establishment of at least two public network connections with the proxy server node before the current access is generated.
In one embodiment of the present description apparatus shown in fig. 8, the cross-network server unit 801 is configured to perform:
after the proxy client node is started, initial channel connection between the proxy client node and the proxy server node is initiated to be established;
receiving information of each service type currently required for dynamic update of proxy server-side node through initial channel connection, and
And according to the dynamically updated service type information, dynamically setting a corresponding public network connection with the proxy server node for each service type currently required.
In one embodiment of the present description apparatus shown in fig. 8, the control unit 802 is configured to perform:
Multiplexing at least two accesses of the same service type to the same public network connection of at least two public network connections, wherein the at least two accesses are accesses initiated by at least a client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network.
In one embodiment of the apparatus of the present specification shown in fig. 8, the cross-network connection ID is carried in the cross-network connection request received by the control unit 802;
The control unit 802 is further configured to perform:
binding the cross-network connection ID with the second connection after the second connection is established;
adding the cross-network connection ID in all second information of the current access sent to the proxy server node through the public network connection established by the cross-network server unit 801;
and transmitting all the first information to the server through a second connection bound with the cross-network connection ID according to the cross-network connection ID carried in all the first information transmitted by the proxy server node, wherein the information comprises signaling and data.
In one embodiment of the apparatus of the present specification shown in fig. 8, the control unit 802 is configured to set, for each of the at least two public network connections, a dedicated transmission queue and a dedicated work thread for the public network connection;
The control unit 802 is configured to perform:
Receiving information sent by a server through a second connection;
the method comprises the steps of putting received information into a special transmission queue of a public network connection by using a special working thread of the public network connection which receives a cross-network connection request;
And sequentially taking out information from the special transmission queue by utilizing the special working thread, and transmitting the taken out information to the proxy server node through the public network connection.
In one embodiment of the present disclosure, an apparatus for accessing a server in a private network is provided, which is applied to a client, and see fig. 9, and the apparatus includes:
a connection establishment module 901 configured to establish a first connection with a proxy server node;
The information processing module 902 is configured to send a cross-network connection request for the current access to the proxy server node through the first connection, where the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server.
In an embodiment of the apparatus of this specification shown in fig. 9, the cross-network connection request further carries service type information of the current access and/or an identifier of the private network.
And/or the number of the groups of groups,
In one embodiment of the apparatus of the present specification shown in fig. 9, the first connection is a connection based on the socks5 protocol initiated by the connection establishment module 901 to the proxy server node.
An embodiment of the present specification provides a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of the embodiments of the specification.
An embodiment of the present specification provides a computing device including a memory having executable code stored therein and a processor that, when executing the executable code, performs a method of any of the embodiments of the present specification.
It should be understood that the structures illustrated in the embodiments of the present specification do not constitute a particular limitation on the apparatus of the embodiments of the present specification. In other embodiments of the specification, the apparatus may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in hardware, software, a pendant, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.