[go: up one dir, main page]

CN115834655B - Method and device for accessing a server in a private network - Google Patents

Method and device for accessing a server in a private network Download PDF

Info

Publication number
CN115834655B
CN115834655B CN202211317069.8A CN202211317069A CN115834655B CN 115834655 B CN115834655 B CN 115834655B CN 202211317069 A CN202211317069 A CN 202211317069A CN 115834655 B CN115834655 B CN 115834655B
Authority
CN
China
Prior art keywords
proxy
node
network connection
connection
cross
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211317069.8A
Other languages
Chinese (zh)
Other versions
CN115834655A (en
Inventor
刘天驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202211317069.8A priority Critical patent/CN115834655B/en
Publication of CN115834655A publication Critical patent/CN115834655A/en
Application granted granted Critical
Publication of CN115834655B publication Critical patent/CN115834655B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本说明书实施例涉及网络通信技术领域,提供了访问私网中的服务端的方法和装置。该方法包括:代理服务端节点通过第一连接来接收客户端发来的针对本次访问的跨网连接请求;该跨网连接请求用于外网中的该客户端访问私网中的服务端;代理服务端节点从与代理客户端节点之间的至少两条公网连接中选择本次访问的业务类型对应的公网连接;不同的业务类型对应不同的公网连接;代理服务端节点通过选择出的公网连接将跨网连接请求发送至代理客户端节点;代理服务端节点利用第一连接以及选择出的公网连接,传输所述客户端与所述服务端之间的本次访问的信息。本说明书实施例能够避免不同业务类型的访问的流量相互干扰。

The embodiments of this specification relate to the field of network communication technology, and provide a method and device for accessing a server in a private network. The method includes: a proxy server node receives a cross-network connection request for this access from a client through a first connection; the cross-network connection request is used for the client in the external network to access the server in the private network; the proxy server node selects a public network connection corresponding to the service type of this access from at least two public network connections between the proxy client node; different service types correspond to different public network connections; the proxy server node sends the cross-network connection request to the proxy client node through the selected public network connection; the proxy server node uses the first connection and the selected public network connection to transmit the information of this access between the client and the server. The embodiments of this specification can avoid traffic interference between different service types.

Description

Method and device for accessing server in private network
Technical Field
One or more embodiments of the present disclosure relate to network communication technology, and in particular, to a method and apparatus for accessing a server in a private network.
Background
With the popularity of cloud computing, multi-cloud architecture that deploys applications on multiple public clouds or multiple private clouds is becoming increasingly common. In such a multi-cloud environment, there are a large number of scenarios that require cross-cloud, cross-network access to applications in the private network, which then become the server to be accessed, thereby sharing data and services in different clouds and different networks.
In order to protect the private data of the user, the private network generally uses technologies such as a firewall to prevent the external network from accessing the service end inside the private network, which results in network isolation between the public network and the private network, and this makes it difficult to access the service end in the private network across clouds and networks. In order to solve the above-mentioned problems, a cross-network proxy based on a private network penetration technology has been generated, and has become one of the main schemes for opening a private network in a cloudy scenario.
However, the cross-network proxy realized based on the private network penetration technology at present has the problem that the accessed traffic of different service types mutually interfere.
Disclosure of Invention
One or more embodiments of the present disclosure describe a method and an apparatus for accessing a server in a private network, which can avoid interference between access flows of different service types.
According to a first aspect, there is provided a method for accessing a server in a private network, including:
the proxy server node receives a cross-network connection request for the access sent by a client through a first connection, wherein the cross-network connection request is used for the client in an external network to access a server in a private network, and the cross-network connection request carries a private network address of the server;
the proxy server node determines the service type accessed at this time;
The proxy server node selects a public network connection corresponding to the service type accessed at this time from at least two public network connections between the proxy server node and the proxy client node, wherein different service types correspond to different public network connections;
The proxy server node sends a cross-network connection request to the proxy client node through the selected public network connection;
After receiving the successful connection message returned by the proxy client node, the proxy server node returns the successful connection message to the client;
And the proxy server node transmits the accessed information between the client and the server by using the first connection and the selected public network connection.
The first connection is a connection which is initiated and established by the client to the proxy server node and is based on a socks5 protocol; and/or, the cross-network connection request carries the service type information accessed at this time; correspondingly, the proxy server node determining the service type of the current access comprises the step that the proxy server node determines the service type of the current access by analyzing the cross-network connection request.
Before the access is generated, the method further comprises the step that the proxy server node and the proxy client node establish the at least two public network connections.
The proxy server node establishes the at least two public network connections with the proxy client node, and comprises the steps that after the proxy client node is started, the proxy server node establishes initial channel connection with the proxy client node, the proxy server node dynamically updates information of each service type required at present to the proxy client node through the initial channel connection, and the proxy server node and the proxy client node dynamically set a corresponding public network connection for each service type required at present according to the dynamically updated information of the service type.
At least two accesses of the same service type multiplex the same public network connection of the at least two public network connections, wherein the at least two accesses are accesses initiated by at least one client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network.
After receiving the request for cross-network connection, the proxy server node further comprises assigning a cross-network connection ID for the access by the proxy server node before the proxy server node sends the request for cross-network connection to the proxy client node through the selected public network connection;
the method further comprises the steps of:
The proxy server node binds the cross-network connection ID with the first connection;
The proxy server node adds the cross-network connection ID in all first information of the current access sent to the proxy client node;
The proxy server node analyzes the cross-network connection ID from the second information sent by the proxy client node, deletes the cross-network connection ID in the second information, and then sends the second information to the client through the first connection bound with the analyzed cross-network connection ID, wherein the information comprises signaling and data.
Setting a special sending queue and a special working thread for the public network connection in the proxy server node aiming at each public network connection in the at least two public network connections;
The proxy server node transmits information between the client and the server by using a first connection and a selected public network connection, and comprises the proxy server node receiving the information sent by the client through the first connection, the proxy server node placing the received information into a transmission queue special for the selected public network connection by using a working thread special for the selected public network connection, and the proxy server node sequentially taking out the information from the transmission queue special for the public network connection by using the working thread special for the selected public network connection and transmitting the taken out information to the proxy client node through the selected public network connection.
According to a second aspect, there is provided a method for accessing a server in a private network, wherein at least two public network connections are established between a proxy client node in the private network and a proxy server node outside the private network, wherein different service types correspond to different public network connections, the method comprising:
The proxy client node receives a cross-network connection request aiming at the access from one public network connection in at least two public network connections, wherein the cross-network connection request carries a private network address of a server in a private network;
The proxy client node establishes a second connection with the server according to a private network address carried in the cross-network connection request;
After the second connection is established successfully, the proxy client node returns a connection success message to the proxy server node through the public network connection which receives the cross-network connection request;
and the proxy client node transmits the information of the current access between the client and the server by using the second connection and the public network connection which receives the cross-network connection request.
The cross-network connection request received by the proxy client node carries a cross-network connection ID;
after establishing the second connection, further comprising:
The proxy client node binding the cross-network connection ID with the second connection;
The proxy client node adds the cross-network connection ID to all second information of the current access sent to the proxy server node, and sends all first information to the server through a second connection bound with the cross-network connection ID according to the cross-network connection ID carried in all first information sent by the proxy server node, wherein the information comprises signaling and data.
Setting a special sending queue and a special working thread for the public network connection in the proxy client node for each of the at least two public network connections;
the proxy client node transmits the information of the current access between the client and the server by using the second connection and the public network connection receiving the cross-network connection request, and comprises the steps that the proxy client node receives the information sent by the server through the second connection, the proxy client node puts the received information into a special transmission queue of the public network connection by using a special working thread of the public network connection receiving the cross-network connection request, and the proxy server node sequentially takes out the information from the special transmission queue by using the special working thread and transmits the taken information to the proxy server node through the public network connection.
According to a third aspect, there is provided a method of accessing a server in a private network, comprising:
The method comprises the steps that a client establishes first connection with a proxy server node, the client sends a cross-network connection request aiming at the current access to the proxy server node through the first connection, wherein the cross-network connection request is used for the client in an external network to access a server in a private network, and the cross-network connection request carries a private network address of the server.
According to a fourth aspect, there is provided an apparatus for accessing a server in a private network, for use in a proxy server node, the apparatus comprising:
the proxy server module is configured to establish a first connection with the client;
The cross-network server side module is configured to establish at least two public network connections with the proxy client side node, wherein different service types correspond to different public network connections;
The processing module is configured to receive a cross-network connection request for the current access sent by a client through a first connection established by the proxy server module, the cross-network connection request is used for the client in an external network to access a server in a private network, the cross-network connection request carries a private network address of the server, the service type of the current access is determined, a public network connection corresponding to the service type of the current access is selected from at least two public network connections established by the cross-network server module, the cross-network connection request is sent to a proxy client node through the selected public network connection, after a connection success message returned by the proxy client node is received, the first connection established by the proxy server module sends a connection success message to the client, and the first connection established by the proxy server module and the public network connection established by the cross-network server module transmit the information of the current access between the client and the server.
According to a fifth aspect, there is provided an apparatus for accessing a server in a private network, for use in a proxy client node, the apparatus comprising:
the cross-network server unit is configured to establish at least two public network connections with proxy server nodes outside the private network, wherein different service types correspond to different public network connections;
the control unit is configured to receive a cross-network connection request aiming at the access from one public network connection in the at least two public network connections, and analyze a private network address of a server side in a private network carried in the cross-network connection request; after the second connection is established successfully, a connection success message is returned to the proxy server node through the public network connection which receives the cross-network connection request;
and the proxy client unit is configured to establish a second connection with the server according to the private network address carried in the cross-network connection request.
According to a sixth aspect, there is provided an apparatus for accessing a server in a private network, for application to a client, the apparatus comprising:
the connection establishment module is configured to establish a first connection with the proxy server node;
the information processing module is configured to send a cross-network connection request for the current access to the proxy server node through the first connection, wherein the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server.
According to a seventh aspect, there is provided a computing device comprising a memory having executable code stored therein and a processor which, when executing the executable code, implements a method as described in any of the embodiments of the present specification.
The method and the device for accessing the server in the private network provided by the embodiments of the present disclosure have at least the following beneficial effects:
1. At least two public network connections are established between the same proxy server node and the same proxy client node, and different service types correspond to different public network connections, that is, the accessed traffic of different service types is transmitted through different public network connections. In this way, the problem of mutual interference of accessed data of different service types is avoided.
2. Because the access of the same service type is the same as the requirement of network bandwidth, response time and the like, in one embodiment of the present disclosure, each access of the same service type may multiplex a public network connection between the proxy server node and the proxy client node, so that resources of the public network connection may be saved.
3. In the prior art, after the access is initiated, the proxy server node sends an instruction of newly-built public network connection to the proxy client node, and the proxy client node initiates the establishment of a new public network connection to the proxy server node after receiving the instruction, so that additional time consumption in two aspects of sending the instruction and newly-built public network connection can be achieved, and the additional time consumption can reach hundred milliseconds or even seconds in a cross-regional and national cloud data transmission scene, thereby seriously affecting the efficiency of establishing the cross-network connection. In the embodiment of the specification, the public network connection between the proxy server node and the proxy client node can be pre-established before the access is initiated, so that the additional time consumption in the aspects of the sending instruction and the newly-built public network connection in the prior art does not exist after the access is initiated, the establishment time of the cross-network connection from the client to the server can be shortened, and the access efficiency to the server in the private network can be improved.
4. In one embodiment of the present disclosure, at least two public network connections between the proxy server node and the proxy client node are dynamically established, that is, instead of fixing a fixed number of public network connections in advance, at least two public network connections may be dynamically set according to various service types that need to be used in a period of time, so that the method and the device can adapt to dynamic change requirements of services and avoid waste of public network connection resources.
5. In one embodiment of the present disclosure, a dedicated working thread and a dedicated sending queue may be set in the proxy client node and the proxy server node for each public network connection, so that resources occupied by the working thread and the sending queue may be dynamically adjusted according to a required amount of resources by a service type corresponding to each public network connection, and service requirements are more met.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present description, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a system architecture for implementing access to a server in a private network based on a private network penetration technique.
Fig. 2 is a schematic diagram of a system architecture to which an embodiment of the present specification applies.
Fig. 3 is a flow chart of a method of accessing a server in a private network applied to a proxy server node in one embodiment of the present description.
Fig. 4 is a flow chart of a method applied to proxy client nodes to access a server in a private network in one embodiment of the present description.
Fig. 5 is a flowchart of a method applied to a client for accessing a server in a private network in one embodiment of the present disclosure.
Fig. 6 is a schematic diagram of a client, a proxy server node, a proxy client node, and a server in a private network for accessing the server in accordance with one embodiment of the present disclosure.
Fig. 7 is a schematic diagram of a proxy server-side node in an embodiment of the present disclosure.
Fig. 8 is a schematic diagram of a proxy client node in one embodiment of the present description.
Fig. 9 is a schematic structural diagram of a client in an embodiment of the present disclosure.
Detailed Description
Some proprietary names referred to in the embodiments of the present specification will be first described.
And the server side is software for providing a certain service or hardware equipment for bearing the software.
Private network-private network environments isolated from other network environments, such as virtual private cloud (VPC, virtual Private Cloud), local area network, and the like.
The private network penetration is a network technology capable of accessing a service end in the private network from an external network, firstly, a network channel from the private network to a public network is established, then, a network request is initiated from the external network to the service end in the private network by utilizing the channel in a reverse direction, the technology does not need to directly expose a port from the service end in the private network to the public network, and the privacy of the private network environment can be ensured.
Referring to fig. 1, the method for accessing the service end in the private network by using the private network penetration technology comprises the steps of setting a proxy service end node (which can be called a proxy server) for a client in the public network, setting a proxy client node (which can be called a proxy agent) for the service end in the private network environment, and establishing a connection from the client to the proxy service end node, a public network connection from the proxy service end node to the proxy client node and a private network connection from the proxy client node to the service end when one client needs to access one service end in the private network environment, so that a cross-network connection from the client of the external network to the service end in the private network is realized, thereby realizing the access of the client of the external network to the service end in the private network.
Referring to fig. 1, the number of clients is m, and the number of servers in the private network environment V is s, where m and s are positive integers greater than 1. For example, s is greater than m, and when multiple clients, such as m clients, access m servers in private network environment V simultaneously, in the prior art, the public network connection from the proxy server node to the proxy client node is multiplexed. That is, only one public network connection is established between the same proxy server node and the same proxy client node, and m accessed data of m clients to m servers in the private network environment V are transmitted through the same public network connection. Thus, the problem of interference between the accessed traffic of different traffic types is caused. For example, when m accessed data are transmitted by sharing the public network connection, it may be necessary to simultaneously transmit a file download request based on HTTP protocol corresponding to access 1 and transmit a heartbeat message corresponding to access 2, where the file download request is characterized by a large data transmission amount and insensitive to delay, and the heartbeat message is smaller in data amount and sensitive to delay, because of the public network connection between the shared proxy server node and the proxy client node, the file download request of access 1 occupies a large amount of network resources to perform data transmission, resulting in that the heartbeat message of access 2 cannot be timely transmitted, and finally, a user has an abnormal occurrence such as timeout.
The following describes the scheme provided in the present specification with reference to the drawings.
It is first noted that the terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
To facilitate understanding of the present specification, a system architecture to which the present specification applies will be described first. As shown in fig. 2, the system architecture mainly includes at least one client connected to the same proxy server node, a proxy server node (may be referred to as a proxy server) located in a public network, a proxy client node (may be referred to as a proxy agent) located in a private network environment V, and at least one server connected to the proxy client node located in the private network environment V. As shown in fig. 2, n public network connections are established between the proxy server node and the proxy client node, where n is a positive integer greater than 1, and different public network connections correspond to different service types.
It should be understood that the number of clients m, the number of servers s, and the number of public network connections n in fig. 2 are merely illustrative. Any number may be selected and deployed as desired for implementation.
In the embodiments of the present specification, processes of a proxy server node (may be referred to as a proxy server), a proxy client node (may be referred to as a proxy agent), a client, and a server are referred to. The following describes the embodiments in each case.
Fig. 3 is a flow chart of a method of accessing a server in a private network applied to a proxy server node in one embodiment of the present description. It will be appreciated that the method may be performed by any apparatus, device, platform, cluster of devices, having computing, processing capabilities. Referring to fig. 2 and 3, the method includes:
Step 301, a proxy server node receives a cross-network connection request for the current access sent by a client through a first connection, where the cross-network connection request is used for the client in an external network to access a server in a private network and carries a private network address of the server.
Step 303, the proxy server node determines the service type accessed at this time.
Step 305, the proxy server node selects a public network connection corresponding to the service type accessed at this time from at least two public network connections between the proxy server node and the proxy client node, wherein different service types correspond to different public network connections.
Step 307, the proxy server node sends the cross-network connection request to the proxy client node through the selected public network connection.
Step 309, after receiving the connection success message returned by the proxy client node, the proxy server node returns the connection success message to the client.
Step 311, the proxy server node transmits the information of the current access between the client and the server by using the first connection and the selected public network connection.
As can be seen from the above procedure shown in fig. 3, in the embodiment of the present disclosure, at least two public network connections are established between the same proxy server node and the same proxy client node, and different service types correspond to different public network connections. In this way, various disadvantages caused by the fact that m clients transmit m accessed data of m servers in the private network environment V through the same public network connection in the prior art are avoided. In the embodiment of the present disclosure, the traffic of the accesses of different service types may be transmitted through different public network connections, so they do not interfere with each other.
Fig. 4 is a flow chart of a method applied to proxy client nodes to access a server in a private network in one embodiment of the present description. It will be appreciated that the method may be performed by any apparatus, device, platform, cluster of devices, having computing, processing capabilities. Referring to fig. 2,3 and 4, at least two public network connections are established between a proxy client node in a private network and a proxy server node outside the private network, wherein different service types correspond to different public network connections, and the method comprises:
step 401, the proxy client node receives a cross-network connection request for the current access from one public network connection of at least two public network connections, wherein the cross-network connection request carries a private network address of a server in a private network.
Step 403, the proxy client node establishes a second connection with the corresponding server according to the private network address carried in the cross-network connection request.
Step 405, after the second connection is established successfully, the proxy client node returns a connection success message to the proxy server node through the public network connection which receives the cross-network connection request.
Step 407, the proxy client node transmits the information of the current access between the client and the server by using the second connection and the public network connection receiving the cross-network connection request.
Fig. 5 is a flowchart of a method applied to a client for accessing a server in a private network in one embodiment of the present disclosure. It will be appreciated that the method may be performed by any apparatus, device, platform, cluster of devices, having computing, processing capabilities. Referring to fig. 2,3, 4 and 5, the method comprises:
step 501, a client establishes a first connection with a proxy server node.
Step 503, the client sends a cross-network connection request for the current access to the proxy server node through the first connection, wherein the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server.
Each step in the process shown in fig. 3 to 5 will be described below with reference to specific embodiments and fig. 2 and 6. The process of accessing the server in the private network by the client, the proxy server node, the proxy client node and the server cooperation comprises the following steps:
Step 501 is first performed where a client establishes a first connection with a proxy server-side node.
Referring to fig. 2 and 6, in the embodiment of the present disclosure, the server is located in a private network environment V, and the client may be located in another private network environment or in a public network.
When a client (for convenience of description, denoted as client 1) needs to use a service provided by a server (for convenience of description, denoted as server 1), access to the server 1 is initiated, and a first connection is requested to be established with a proxy server node. For example, when the server 1 is a database located in a private network environment, and the client 1 needs to access the database to obtain corresponding data stored in the database, a first connection, such as a connection corresponding to the access 1 of the service type a shown in fig. 6, may be initiated.
Here, the first connection may be a connection based on the socks5 protocol, which is initiated by the client 1 towards the proxy server node.
As shown in fig. 6, a proxy server node may specifically include two interfaces, one referred to as a proxy server and the other as a cross-network server. The proxy client node may in particular also comprise two interfaces, one referred to as proxy client and the other as cross-network server. The proxy server is used for connecting and exchanging information with the client, the cross-network server in the proxy server node is used for connecting and exchanging information with the cross-network server in the proxy client node, and the proxy client is used for connecting and exchanging information with the server. Thus, in this step 501, the client may be to establish a first connection with the proxy server.
Step 503 is executed next, where the client sends a cross-network connection request for the current access to the proxy server node through the first connection, where the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server.
The cross-network connection request sent by the client can further carry the service type information accessed at this time and/or further carry the identification of the private network where the server is located. Therefore, in one embodiment of the present disclosure, the client 1 may carry, via the socks5 protocol, the service type information accessed at this time, the identifier of the private network where the server 1 is located, and the private network address of the server 1 at the same time in the destination address of the cross-network connection request.
Step 301 is next executed, in which the proxy server node receives, through the first connection, a cross-network connection request for the current access sent by the client, where the cross-network connection request is used for the client in the external network to access a server in the private network and carries a private network address of the server.
As shown in fig. 6, in step 503, the client may send a request for a cross-network connection to the proxy server. Then, in step 301, a proxy server in the proxy server node receives a cross-network connection request.
Next, step 303 is executed, in which the proxy server node determines the service type of the current access.
As mentioned above, the request for cross-network connection sent by the client may further carry the service type information of the current access, so an implementation process of this step 303 includes that the proxy server node determines the service type of the current access by analyzing the request for cross-network connection.
In another embodiment of the present disclosure, another implementation procedure of step 303 includes that the proxy server node determines the service type of the current access according to the received instruction of the manager.
In this embodiment of the present disclosure, a service type of access refers to a type of service required for the access, for example, the service type is a web page for browsing a website, for example, the service type is a file downloaded from a database, for example, the service type is a capability test performed by a server in a private network on a client.
Step 305 is next executed, in which the proxy server node selects a public network connection corresponding to the service type accessed at this time from at least two public network connections between the proxy server node and the proxy client node, where different service types correspond to different public network connections.
The requirements for network bandwidth and response speed are different for different traffic types. In the embodiment of the present disclosure, not all the accesses of the service types share one public network connection between the proxy server node and the proxy client node, but different service types correspond to different public network connections, that is, the information (including signaling and data) of the accesses of the different service types is transmitted through the different public network connections, so mutual interference is avoided. For example, referring to fig. 6, when multiple clients, such as m clients, where m is a positive integer greater than 1, access m servers in private network environment V simultaneously, the m accessed traffic is not transmitted from one public network connection between the proxy server node and the proxy client node, but is split according to the traffic type. That is, referring to fig. 6, according to the process of step 305, for access 1 corresponding to service type a (such as a file download request based on HTTP protocol) and access 2 corresponding to service type B (such as sending a heartbeat message), a public network connection corresponding to service type a is selected for the cross-network connection request of access 1, a public network connection corresponding to service type B is selected for the cross-network connection request of access 2, subsequently, information (including signaling and data) corresponding to access 1 is transmitted from the public network connection corresponding to service type a, and information (including signaling and data) corresponding to access 2 is transmitted from the public network connection corresponding to service type B.
As described above, at least two public network connections are established between the proxy server node and the proxy client node. The method of establishing the at least two public network connections is described below.
First, the time for establishing the connection between the at least two public networks.
Opportunity 1 is established after the initiation of access to a new service type. For example, in step 303, after determining the service type of the current access, the proxy server node notifies the proxy client node to establish if there is no public network connection corresponding to the service type.
The opportunity 2 is pre-established before the access is generated.
With the opportunity 2, after the client initiates a new access, there is no additional time consumption in two aspects of the sending instruction for establishing the public network connection and the newly-established public network connection, and the additional time consumption can reach the second level in a cross-regional and national multi-cloud data transmission scene, thereby seriously affecting the efficiency of establishing the cross-network connection. When the client initiates an access, the public network connection capable of transmitting the traffic of the access exists between the proxy server node and the proxy client node, so that the time for establishing the cross-network connection from the client to the server can be shortened, and the access efficiency to the server in the private network can be improved. When occasion 2 is employed, it may be that the establishment of at least two public network connections with the proxy server node is initiated immediately after the proxy client node is started.
And secondly, dynamically establishing the mode of establishing the at least two public network connections.
In an actual service implementation, the requirements of the service are dynamically changing. For example, in a certain period, each client needs to access the service of the service type a and the service type B provided by each service end in the private network, and in another period, each client needs to access the service of the service type C and the service type D provided by each service end in the private network. Therefore, in one embodiment of the present disclosure, when the above-mentioned opportunity 2 is adopted, that is, at least two public network connections between a proxy server node and the proxy client node are established before access occurs, a public network connection corresponding to each service type is dynamically established, and the specific implementation process includes:
Step S1, after the proxy client node is started, the proxy server node establishes initial channel connection with the proxy client node.
The initial path connection is also a public network connection, such as a TCP connection.
And step S3, the proxy server node dynamically updates the information of each service type currently required to the proxy client node through the initial channel connection.
And S5, the proxy server node and the proxy client node dynamically set a corresponding public network connection for each service type which is currently required according to the dynamically updated service type information.
In one embodiment of the present disclosure, in step S3, the proxy server node periodically sends information of all service types to be used in the present period to the proxy client node through the initial channel connection, and in step S5, the proxy client node establishes a corresponding cross-network channel, i.e. a public network connection, for each service type to the proxy server node in the present period according to the received information. It will be appreciated that the types of services that need to be accessed may be different in different periods, and therefore, the number of public network connections and the types of services corresponding to the public network connections that are set up may also be dynamically changed in different periods.
And thirdly, the using method of at least two public network connections between the proxy server node and the proxy client node is reusable.
In one embodiment of the present description, at least two accesses of the same traffic type multiplex the same one of the at least two public network connections, wherein the at least two accesses are accesses initiated by at least one client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network. For example, referring to fig. 6, among several clients, client 1 initiates access 1 corresponding to service type a, client 2 initiates access 2 corresponding to service type B, client 3 initiates access 3 corresponding to service type a, and clients 1,2 and 3 are all connected to the same proxy server node, so that, because the service types corresponding to access 1 and access 3 are the same as service type a, information (including signaling and data) of access 1 and access 3 are all transmitted through the same public network connection (i.e., public network connection corresponding to service type a). The service type corresponding to access 2 is different from the service types corresponding to access 1 and access 3, so that the information of access 2 is transmitted through another public network connection (i.e. the public network connection corresponding to service type B).
Thus, in the embodiments of the present description, at least two public network connections between the proxy client node and the proxy server node may be dynamically established in advance before access occurs, and information of different service types may be transmitted using different public network connections, and information of the same service type may be transmitted using the same public network connection.
It should be noted that, when each access of the same service type is multiplexed with the same public network connection for transmission, in order to further distinguish information of different accesses transmitted in the same public network connection, after receiving the request of cross-network connection in step 301, the proxy server node further includes allocating a cross-network connection ID for the access by the proxy server node before sending the request of cross-network connection to the proxy client node through the selected public network connection in step 307;
Accordingly, the method of the embodiment of the present specification further includes:
The proxy server node binds the cross-network connection ID with the first connection;
In one transmission direction, the proxy server node adds a cross-network connection ID in all information (recorded as first information) of the current access sent to the proxy client node, for example, including a cross-network connection request, so that the proxy client node can distinguish each access according to the cross-network connection ID;
in the other transmission direction, the proxy server node analyzes the cross-network connection ID from the information (recorded as second information) sent by the proxy client node, deletes the cross-network connection ID carried in the second information, and then sends the second information to the correct client through the first connection bound with the analyzed cross-network connection ID.
Next, step 307 is performed in which the proxy server node sends a request for a cross-network connection to the proxy client node over the selected public network connection.
For example, for a cross-network connection request sent from the client 1, the proxy server node sends the cross-network connection request to the proxy client node through a public network connection corresponding to the service type a.
If the accesses of the same service type multiplex the same public network connection, in order to distinguish the accesses of the same service type transmitted through the same public network, in step 307, the proxy server node will first add the cross-network connection ID allocated for the present access in the cross-network connection request, and then send the cross-network connection ID to the proxy client node.
Referring to fig. 6, in step 307, the cross-network server in the proxy server node may send the cross-network connection request to the cross-network server in the proxy client node.
Step 401 is next executed, in which the proxy client node receives a request for a cross-network connection for the current access from one of the at least two public network connections, where the cross-network connection request carries a private network address of a server in the private network.
As described above, the cross-network connection request may further carry a cross-network connection ID corresponding to the current access.
Step 403 is executed, where the proxy client node establishes a second connection with the server according to the private network address of the server carried in the cross-network connection request.
Here, the private network address of the server is typically an intranet IP address of the private network environment where the server is located.
As described above, the cross-network connection request may further carry a cross-network connection ID corresponding to the current access, so in step 403, the proxy client node may further bind the cross-network connection ID carried in the cross-network connection request with the second connection, so as to characterize which access corresponds to the second connection.
Referring to fig. 6, in step 403, a proxy client in the proxy client node may establish a second connection with a server in the private network.
Step 405 is next performed in which, after the second connection is established successfully, the proxy client node returns a connection success message to the proxy server node through the public network connection that received the cross-network connection request.
For example, for a cross-network connection request sent from the client 1, the proxy client node sends a connection success message to the proxy server node through the public network connection corresponding to the service type a.
Step 309 is next executed, in which the proxy server node returns a connection success message to the client accessed at this time after receiving the connection success message returned by the proxy client node.
So far, the cross-network connection from the client to the server is successfully established. The related data of the current access can be transmitted between the client and the server.
Next, step 311 is executed, in which the proxy server node transmits the information of the current access between the client and the server by using the first connection and the selected public network connection.
In the present embodiment, the information includes both various signaling, messages, and data.
Because different service types correspond to different public network connections, in order to further improve the processing efficiency, in one embodiment of the present disclosure, for each of at least two public network connections between a proxy client node and a proxy server node, a dedicated sending queue and a dedicated working thread for the public network connection are set in the proxy server node;
thus, referring to fig. 6, the implementation of step 311 includes:
the proxy server node receives the information of the current visit 1 sent by the client 1 through the first connection;
The proxy server node uses the selected special working thread for public network connection, such as the special working thread 1 for public network connection of the service type A, and puts the received information into the special sending queue for public network connection corresponding to the service type A to be recorded as the sending queue 1;
The proxy server node sequentially takes out information from the sending queue 1 by using the working thread 1, and sends the taken out information to the proxy client node through the public network connection corresponding to the service type A.
Therefore, each public network connection has independent sending queues and working threads, and data of a large-flow service type can only be cached in the sending queues special for the public network connection corresponding to the large-flow service type, so that more processing resources can be allocated for the large-flow service type, and then the special working threads for the public network connection of the large-flow service type are waited for sending, so that the flow of the cross-network connection of different service types is effectively isolated, and the interference among the cross-network connections of different flow characteristics is reduced. As shown in fig. 7, if both access 1 and access 3 are file download connections and the service types are file downloads, the transmitted file data is only buffered in the transmission queue 1 corresponding to the service type a and waits for the sending of the work thread 1, while the data of the access 2 of the service type B is buffered in the transmission queue 2 corresponding to the service type B and waits for the sending of the work thread 2, so that the data transmission of the access 2 is not affected by the data transmission of the access 1 and the access 3.
Next, step 407 is executed, in which the proxy client node transmits the information of the current access between the client and the server by using the second connection and the public network connection that received the cross-network connection request.
As mentioned above, the proxy client node binds the cross-network connection ID with the second connection, so the process of step 407 may include adding the cross-network connection ID to all the second information of the current access sent to the proxy server node by the proxy client node in one transmission direction, resolving the cross-network connection ID from the first information sent from the proxy server node by the proxy client node in another transmission direction, deleting the cross-network connection ID in the first information, and then sending the first information to the server through the second connection bound with the resolved cross-network connection ID, where the information includes signaling and data.
Because different service types correspond to different public network connections, in order to further improve the processing efficiency, in one embodiment of the present disclosure, for each of at least two public network connections between a proxy client node and a proxy server node, a dedicated sending queue and a dedicated working thread for the public network connection are set in the proxy client node;
Thus, referring to fig. 6, the implementation of step 407 includes:
The proxy client node receives information sent by a server, such as the server 1, through a second connection;
the proxy client node puts the received information into a special transmission queue of the public network connection by utilizing a special working thread of the public network connection such as the public network connection corresponding to the service type A which receives the cross-network connection request;
and the proxy server node sequentially takes out information from the special transmission queue by utilizing the special working thread and transmits the taken out information to the proxy server node through the public network connection.
In one embodiment of the present disclosure, there is provided an apparatus for accessing a server in a private network, where the apparatus is applied to a proxy server node, referring to fig. 7, and the apparatus includes:
A proxy server module 701 configured to establish a first connection with a client;
The cross-network server module 702 is configured to establish at least two public network connections with the proxy client node, where different service types correspond to different public network connections;
The processing module 703 is configured to receive a cross-network connection request for the current access sent by the client through the first connection established by the proxy server module 701, the cross-network connection request is used for the client in the external network to access to the server in the private network, the cross-network connection request carries the private network address of the server, determine the service type of the current access, select a public network connection corresponding to the service type of the current access from at least two public network connections established by the cross-network server module 702, send the cross-network connection request to the proxy client node through the selected public network connection, send a connection success message to the client through the first connection established by the proxy server module 701 after receiving a connection success message returned by the proxy client node, and transmit the information of the current access between the client and the server through the first connection established by the proxy server module 701 and the public network connection established by the cross-network server module 702.
In one embodiment of the apparatus of the present specification shown in fig. 7, the first connection is a connection based on the socks5 protocol initiated by the client to the proxy server node.
In one embodiment of the apparatus of the present specification shown in fig. 7, the cross-network connection request carries the service type information of the present access, and accordingly, the processing module 703 is configured to determine the service type of the present access by analyzing the cross-network connection request.
In one embodiment of the apparatus of this specification shown in fig. 7, the cross-network server module 702 establishes the at least two public network connections with proxy client nodes prior to the generation of the current access.
In one embodiment of the present description apparatus shown in fig. 7, the cross-web server module 702 is configured to perform:
After the proxy client node is started, establishing initial channel connection with the proxy client node;
dynamically updating information of each currently required service type to proxy client node via an initial channel connection, and
And the proxy client node dynamically sets a corresponding public network connection for each service type which is currently required according to the dynamically updated service type information.
In one embodiment of the present description apparatus shown in fig. 7, the processing module 703 is configured to:
the same one of the at least two public network connections established for the at least two access multiplexing cross-network server modules 702 of the same service type; wherein the at least two accesses are accesses initiated by at least a client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network.
In one embodiment of the present description apparatus shown in fig. 7, the processing module 703 is configured to:
after receiving the cross-network connection request and before sending the cross-network connection request to the proxy client node through the selected public network connection, distributing a cross-network connection ID for the access;
binding the cross-network connection ID with the first connection;
Adding the cross-network connection ID to all first information of the current access sent to the proxy client node;
And according to the cross-network connection IDs carried in all the second information sent by the proxy client node, all the second information is sent to the client through the first connection bound with the cross-network connection ID, wherein the information comprises signaling and data.
In one embodiment of the apparatus of the present specification shown in fig. 7, for each of the at least two public network connections, a dedicated send queue and a dedicated work thread for the public network connection are set in the processing module 703;
The processing module 703 is configured to perform:
receiving information sent by a client through a first connection;
The received information is put into a transmission queue special for the selected public network connection by utilizing the special working thread for the selected public network connection;
and sequentially taking out information from the special transmission queue of the public network connection by using the special working thread of the selected public network connection, and transmitting the taken out information to the proxy client node through the selected public network connection.
In an embodiment of the present disclosure, an apparatus for accessing a server in a private network is further provided, which is applied to a proxy client node, and see fig. 8, where the apparatus includes:
A cross-network server unit 801 configured to establish at least two public network connections with a proxy server node outside the private network, where different service types correspond to different public network connections;
A control unit 802, configured to receive a cross-network connection request for the current access from one of the at least two public network connections, and parse a private network address of a server in a private network carried in the cross-network connection request; after the second connection is established successfully, a connection success message is returned to the proxy server node through the public network connection which receives the cross-network connection request; the public network connection established by the cross-network server unit 801 and the second connection established by the proxy client unit 803 are utilized to transmit the information of the current access between the client and the server;
The proxy client unit 803 is configured to establish a second connection with the server according to the private network address carried in the cross-network connection request.
In one embodiment of the present description apparatus shown in fig. 8, the cross-network server unit 801 is configured to initiate establishment of at least two public network connections with the proxy server node before the current access is generated.
In one embodiment of the present description apparatus shown in fig. 8, the cross-network server unit 801 is configured to perform:
after the proxy client node is started, initial channel connection between the proxy client node and the proxy server node is initiated to be established;
receiving information of each service type currently required for dynamic update of proxy server-side node through initial channel connection, and
And according to the dynamically updated service type information, dynamically setting a corresponding public network connection with the proxy server node for each service type currently required.
In one embodiment of the present description apparatus shown in fig. 8, the control unit 802 is configured to perform:
Multiplexing at least two accesses of the same service type to the same public network connection of at least two public network connections, wherein the at least two accesses are accesses initiated by at least a client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network.
In one embodiment of the apparatus of the present specification shown in fig. 8, the cross-network connection ID is carried in the cross-network connection request received by the control unit 802;
The control unit 802 is further configured to perform:
binding the cross-network connection ID with the second connection after the second connection is established;
adding the cross-network connection ID in all second information of the current access sent to the proxy server node through the public network connection established by the cross-network server unit 801;
and transmitting all the first information to the server through a second connection bound with the cross-network connection ID according to the cross-network connection ID carried in all the first information transmitted by the proxy server node, wherein the information comprises signaling and data.
In one embodiment of the apparatus of the present specification shown in fig. 8, the control unit 802 is configured to set, for each of the at least two public network connections, a dedicated transmission queue and a dedicated work thread for the public network connection;
The control unit 802 is configured to perform:
Receiving information sent by a server through a second connection;
the method comprises the steps of putting received information into a special transmission queue of a public network connection by using a special working thread of the public network connection which receives a cross-network connection request;
And sequentially taking out information from the special transmission queue by utilizing the special working thread, and transmitting the taken out information to the proxy server node through the public network connection.
In one embodiment of the present disclosure, an apparatus for accessing a server in a private network is provided, which is applied to a client, and see fig. 9, and the apparatus includes:
a connection establishment module 901 configured to establish a first connection with a proxy server node;
The information processing module 902 is configured to send a cross-network connection request for the current access to the proxy server node through the first connection, where the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server.
In an embodiment of the apparatus of this specification shown in fig. 9, the cross-network connection request further carries service type information of the current access and/or an identifier of the private network.
And/or the number of the groups of groups,
In one embodiment of the apparatus of the present specification shown in fig. 9, the first connection is a connection based on the socks5 protocol initiated by the connection establishment module 901 to the proxy server node.
An embodiment of the present specification provides a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of the embodiments of the specification.
An embodiment of the present specification provides a computing device including a memory having executable code stored therein and a processor that, when executing the executable code, performs a method of any of the embodiments of the present specification.
It should be understood that the structures illustrated in the embodiments of the present specification do not constitute a particular limitation on the apparatus of the embodiments of the present specification. In other embodiments of the specification, the apparatus may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in hardware, software, a pendant, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.

Claims (19)

1.访问私网中的服务端的方法,其中,包括:1. A method for accessing a server in a private network, including: 代理服务端节点通过第一连接来接收客户端发来的针对本次访问的跨网连接请求;该跨网连接请求用于外网中的该客户端访问私网中的服务端,该跨网连接请求携带有该服务端的私网地址;The proxy server node receives a cross-network connection request for this access sent by the client through the first connection; the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server; 代理服务端节点确定本次访问的业务类型;The proxy server node determines the service type of this access; 代理服务端节点从代理服务端节点与代理客户端节点之间的至少两条公网连接中选择本次访问的业务类型对应的公网连接;其中,不同的业务类型对应不同的公网连接;The proxy server node selects a public network connection corresponding to the service type of the current visit from at least two public network connections between the proxy server node and the proxy client node; wherein different service types correspond to different public network connections; 代理服务端节点通过选择出的公网连接将跨网连接请求发送至代理客户端节点;The proxy server node sends the cross-network connection request to the proxy client node through the selected public network connection; 代理服务端节点接收到代理客户端节点返回的连接成功消息后,向所述客户端返回连接成功消息;After receiving the connection success message returned by the proxy client node, the proxy server node returns a connection success message to the client; 代理服务端节点利用第一连接以及选择出的公网连接,传输所述客户端与所述服务端之间的本次访问的信息。The proxy server node uses the first connection and the selected public network connection to transmit the information of the current visit between the client and the server. 2.根据权利要求1所述的方法,其中,2. The method according to claim 1, wherein: 所述第一连接是由所述客户端向所述代理服务端节点发起建立的、基于socks5协议的连接;The first connection is a connection initiated and established by the client to the proxy server node based on the socks5 protocol; 和/或,and/or, 所述跨网连接请求中携带本次访问的业务类型信息;相应地,所述代理服务端节点确定本次访问的业务类型包括:所述代理服务端节点通过解析跨网连接请求确定本次访问的业务类型。The cross-network connection request carries the service type information of the current visit; accordingly, the proxy server node determines the service type of the current visit, including: the proxy server node determines the service type of the current visit by parsing the cross-network connection request. 3.根据权利要求1所述的方法,其中,在产生所述本次访问之前,进一步包括:3. The method according to claim 1, wherein before generating the current access, further comprising: 所述代理服务端节点与所述代理客户端节点建立所述至少两条公网连接。The proxy server node establishes the at least two public network connections with the proxy client node. 4.根据权利要求3所述的方法,其中,所述代理服务端节点与所述代理客户端节点建立所述至少两条公网连接,包括:4. The method according to claim 3, wherein the proxy server node and the proxy client node establish the at least two public network connections, comprising: 在代理客户端节点启动后,代理服务端节点与该代理客户端节点建立初始通道连接;After the proxy client node is started, the proxy server node establishes an initial channel connection with the proxy client node; 代理服务端节点通过初始通道连接向代理客户端节点动态更新当前需要的各个业务类型的信息;以及The proxy server node dynamically updates the information of each service type currently required to the proxy client node through the initial channel connection; and 代理服务端节点与代理客户端节点根据动态更新的业务类型的信息,动态地为当前需要的每一种业务类型均设置一条对应的公网连接。The proxy server node and the proxy client node dynamically set a corresponding public network connection for each currently required service type according to the dynamically updated service type information. 5.根据权利要求1所述的方法,5. The method according to claim 1, 同一种业务类型的至少两个访问复用所述至少两条公网连接中的同一条公网连接;其中,该至少两个访问为:由连接到同一个所述代理服务端节点的至少一个客户端发起的、向所述私网中连接到同一个所述代理客户端节点的至少一个服务端的访问。At least two accesses of the same service type reuse the same public network connection of the at least two public network connections; wherein the at least two accesses are: access initiated by at least one client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network. 6.根据权利要求5所述的方法,其中,在代理服务端节点接收到跨网连接请求之后,并在所述代理服务端节点通过所选择的公网连接将跨网连接请求发送至代理客户端节点之前,进一步包括:代理服务端节点为所述本次访问分配跨网连接ID;6. The method according to claim 5, wherein after the proxy server node receives the cross-network connection request and before the proxy server node sends the cross-network connection request to the proxy client node through the selected public network connection, further comprising: the proxy server node assigning a cross-network connection ID for the access; 该方法进一步包括:The method further comprises: 所述代理服务端节点绑定该跨网连接ID与所述第一连接;The proxy server node binds the cross-network connection ID to the first connection; 所述代理服务端节点在向所述代理客户端节点发送的本次访问的所有第一信息中均添加所述跨网连接ID;The proxy server node adds the cross-network connection ID to all first information of this visit sent to the proxy client node; 所述代理服务端节点从所述代理客户端节点发来的第二信息中解析出跨网连接ID,删除该第二信息中的跨网连接ID,然后将第二信息通过与解析出的跨网连接ID绑定的第一连接发送给所述客户端;The proxy server node parses the cross-network connection ID from the second information sent by the proxy client node, deletes the cross-network connection ID in the second information, and then sends the second information to the client through the first connection bound to the parsed cross-network connection ID; 其中,所述第一信息包括信令及数据;所述第二信息包括信令及数据。The first information includes signaling and data; the second information includes signaling and data. 7.根据权利要求1所述的方法,其中,该方法进一步包括:针对所述至少两条公网连接中的每一条公网连接,在所述代理服务端节点中均设置该公网连接专用的发送队列及专用的工作线程;7. The method according to claim 1, wherein the method further comprises: for each of the at least two public network connections, setting a dedicated sending queue and a dedicated working thread for the public network connection in the proxy server node; 所述代理服务端节点利用第一连接以及选择出的公网连接传输所述客户端与所述服务端之间的信息,包括:The proxy server node transmits information between the client and the server using the first connection and the selected public network connection, including: 所述代理服务端节点通过所述第一连接接收客户端发来的信息;The proxy server node receives information sent by the client through the first connection; 所述代理服务端节点利用所述选择出的公网连接专用的工作线程,将接收到的信息放入所述选择出的公网连接专用的发送队列中;The proxy server node uses the selected working thread dedicated to the public network connection to put the received information into the sending queue dedicated to the selected public network connection; 所述代理服务端节点利用所述选择出的公网连接专用的工作线程,从该公网连接专用的发送队列中依次取出信息,并通过所述选择出的公网连接将取出的信息发送至所述代理客户端节点。The proxy server node uses the selected dedicated work thread for the public network connection to sequentially retrieve information from the dedicated sending queue for the public network connection, and sends the retrieved information to the proxy client node through the selected public network connection. 8.访问私网中的服务端的方法,其中,私网中的代理客户端节点与该私网外的代理服务端节点之间建立有至少两条公网连接,其中,不同的业务类型对应不同的公网连接;该方法包括:8. A method for accessing a server in a private network, wherein at least two public network connections are established between a proxy client node in the private network and a proxy server node outside the private network, wherein different service types correspond to different public network connections; the method comprises: 所述代理客户端节点从所述至少两条公网连接中的一条公网连接上接收到针对本次访问的跨网连接请求;该跨网连接请求中携带有私网中的服务端的私网地址;The proxy client node receives a cross-network connection request for this access from one of the at least two public network connections; the cross-network connection request carries a private network address of a server in the private network; 所述代理客户端节点根据跨网连接请求中携带的私网地址,与所述服务端建立第二连接;The proxy client node establishes a second connection with the server according to the private network address carried in the cross-network connection request; 在第二连接建立成功后,所述代理客户端节点通过接收到跨网连接请求的公网连接,向所述代理服务端节点返回连接成功消息;After the second connection is successfully established, the proxy client node returns a connection success message to the proxy server node through the public network connection received from the cross-network connection request; 所述代理客户端节点利用第二连接以及接收到跨网连接请求的公网连接,传输所述客户端与所述服务端之间的本次访问的信息。The proxy client node transmits the information of the current visit between the client and the server by using the second connection and the public network connection that receives the cross-network connection request. 9.根据权利要求8所述的方法,其中,在产生所述本次访问之前,进一步包括:9. The method according to claim 8, wherein before generating the current access, further comprising: 所述代理客户端节点发起建立与所述代理服务端节点之间的所述至少两条公网连接。The proxy client node initiates establishment of the at least two public network connections with the proxy server node. 10.根据权利要求9所述的方法,其中,所述代理客户端节点发起建立与所述代理服务端节点之间的所述至少两条公网连接包括:10. The method according to claim 9, wherein the proxy client node initiating establishment of the at least two public network connections with the proxy server node comprises: 在所述代理客户端节点启动后,发起建立与所述代理服务端节点之间的初始通道连接;After the proxy client node is started, initiating establishment of an initial channel connection with the proxy server node; 所述代理客户端节点通过初始通道连接接收所述代理服务端节点动态更新的当前需要的各个业务类型的信息;以及The proxy client node receives information of each currently required service type dynamically updated by the proxy server node through the initial channel connection; and 所述代理客户端节点与所述代理服务端节点根据动态更新的业务类型的信息,动态地为当前需要的每一种业务类型均设置一条对应的公网连接。The proxy client node and the proxy server node dynamically set a corresponding public network connection for each currently required service type according to the dynamically updated service type information. 11.根据权利要求8所述的方法,11. The method according to claim 8, 同一种业务类型的至少两个访问复用所述至少两条公网连接中的同一条公网连接;其中,该至少两个访问为:由连接到同一个所述代理服务端节点的至少一个客户端发起的、向所述私网中连接到同一个所述代理客户端节点的至少一个服务端的访问。At least two accesses of the same service type reuse the same public network connection of the at least two public network connections; wherein the at least two accesses are: access initiated by at least one client connected to the same proxy server node to at least one server connected to the same proxy client node in the private network. 12.根据权利要求11所述的方法,其中,所述代理客户端节点接收到的跨网连接请求中携带有跨网连接ID;12. The method according to claim 11, wherein the cross-network connection request received by the proxy client node carries a cross-network connection ID; 在建立所述第二连接之后,进一步包括:After establishing the second connection, the method further comprises: 所述代理客户端节点绑定该跨网连接请求中携带的跨网连接ID与所述第二连接;The proxy client node binds the inter-network connection ID carried in the inter-network connection request to the second connection; 所述代理客户端节点在向所述代理服务端节点发送的本次访问的所有第二信息中均添加所述跨网连接ID;The proxy client node adds the cross-network connection ID to all second information of this visit sent to the proxy server node; 所述代理客户端节点从所述代理服务端节点发来的第一信息中解析出跨网连接ID,删除第一信息中的跨网连接ID,然后将第一信息通过与解析出的跨网连接ID绑定的第二连接发送给所述服务端;The proxy client node parses the cross-network connection ID from the first information sent by the proxy server node, deletes the cross-network connection ID in the first information, and then sends the first information to the server through a second connection bound to the parsed cross-network connection ID; 其中,所述第一信息包括信令及数据;所述第二信息包括信令及数据。The first information includes signaling and data; the second information includes signaling and data. 13.根据权利要求8所述的方法,其中,该方法进一步包括:针对所述至少两条公网连接中的每一条公网连接,在所述代理客户端节点中均设置该公网连接专用的发送队列及专用的工作线程;13. The method according to claim 8, wherein the method further comprises: for each of the at least two public network connections, setting a dedicated sending queue and a dedicated working thread for the public network connection in the proxy client node; 所述代理客户端节点利用第二连接以及接收到跨网连接请求的公网连接,传输所述客户端与所述服务端之间的本次访问的信息,包括:The proxy client node transmits information about the current visit between the client and the server by using the second connection and the public network connection that receives the cross-network connection request, including: 所述代理客户端节点通过所述第二连接接收服务端发来的信息;The proxy client node receives information sent by the server through the second connection; 所述代理客户端节点利用接收到跨网连接请求的公网连接专用的工作线程,将接收到的信息放入该公网连接专用的发送队列中;The proxy client node uses the dedicated work thread for the public network connection that receives the cross-network connection request to put the received information into the dedicated sending queue for the public network connection; 所述代理服务端节点利用该专用的工作线程,从该专用的发送队列中依次取出信息,并通过该公网连接将取出的信息发送至所述代理服务端节点。The proxy server node uses the dedicated work thread to sequentially retrieve information from the dedicated sending queue, and sends the retrieved information to the proxy server node via the public network connection. 14.访问私网中的服务端的方法,其中,包括:14. A method for accessing a server in a private network, comprising: 客户端与代理服务端节点建立第一连接;The client establishes a first connection with the proxy server node; 所述客户端通过第一连接将针对本次访问的跨网连接请求发送给所述代理服务端节点;其中,该跨网连接请求用于外网中的该客户端访问私网中的服务端,并且该跨网连接请求中携带有该服务端的私网地址;The client sends a cross-network connection request for this access to the proxy server node through the first connection; wherein the cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server; 代理服务端节点确定本次访问的业务类型;The proxy server node determines the service type of this access; 代理服务端节点从代理服务端节点与代理客户端节点之间的至少两条公网连接中选择本次访问的业务类型对应的公网连接;其中,不同的业务类型对应不同的公网连接;The proxy server node selects a public network connection corresponding to the service type of the current visit from at least two public network connections between the proxy server node and the proxy client node; wherein different service types correspond to different public network connections; 代理服务端节点通过选择出的公网连接将跨网连接请求发送至代理客户端节点;The proxy server node sends the cross-network connection request to the proxy client node through the selected public network connection; 代理服务端节点接收到代理客户端节点返回的连接成功消息后,向所述客户端返回连接成功消息;After receiving the connection success message returned by the proxy client node, the proxy server node returns a connection success message to the client; 代理服务端节点利用第一连接以及选择出的公网连接,传输所述客户端与所述服务端之间的本次访问的信息。The proxy server node uses the first connection and the selected public network connection to transmit the information of the current visit between the client and the server. 15.根据权利要求14所述的方法,其中,15. The method according to claim 14, wherein: 所述跨网连接请求中进一步携带有本次访问的业务类型信息和/或所述私网的标识;The cross-network connection request further carries the service type information of this access and/or the identifier of the private network; 和/或,and/or, 所述第一连接是由所述客户端向代理服务端节点发起建立的、基于socks5协议的连接。The first connection is a connection initiated by the client to the proxy server node and is based on the socks5 protocol. 16.访问私网中的服务端的装置,应用于代理服务端节点中,该装置包括:16. A device for accessing a server in a private network, applied to a proxy server node, comprising: 代理服务端模块,配置为与客户端建立第一连接;A proxy server module, configured to establish a first connection with a client; 跨网服务端模块,配置为与代理客户端节点建立至少两条公网连接,其中,不同的业务类型对应不同的公网连接;The cross-network server module is configured to establish at least two public network connections with the proxy client node, wherein different service types correspond to different public network connections; 处理模块,配置为通过所述代理服务端模块建立的第一连接接收客户端发来的针对本次访问的跨网连接请求;该跨网连接请求用于外网中的该客户端访问私网中的服务端,该跨网连接请求携带有该服务端的私网地址;确定本次访问的业务类型;从所述跨网服务端模块建立的至少两条公网连接中选择本次访问的业务类型对应的公网连接,通过选择出的公网连接将跨网连接请求发送至代理客户端节点;在接收到代理客户端节点返回的连接成功消息后,通过代理服务端模块建立的第一连接向客户端发送连接成功消息;通过代理服务端模块建立的第一连接以及跨网服务端模块建立的公网连接传输客户端与服务端之间的本次访问的信息。The processing module is configured to receive a cross-network connection request for this visit sent by the client through the first connection established by the proxy server module; the cross-network connection request is used by the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server; determine the service type of this visit; select a public network connection corresponding to the service type of this visit from at least two public network connections established by the cross-network server module, and send the cross-network connection request to the proxy client node through the selected public network connection; after receiving a connection success message returned by the proxy client node, send a connection success message to the client through the first connection established by the proxy server module; transmit the information of this visit between the client and the server through the first connection established by the proxy server module and the public network connection established by the cross-network server module. 17.访问私网中的服务端的装置,应用于代理客户端节点中,该装置包括:17. A device for accessing a server in a private network, applied to a proxy client node, comprising: 跨网服务端单元,配置为与私网外的代理服务端节点建立至少两条公网连接,其中,不同的业务类型对应不同的公网连接;The cross-network server unit is configured to establish at least two public network connections with the proxy server node outside the private network, wherein different service types correspond to different public network connections; 控制单元,配置为从所述至少两条公网连接中的一条公网连接上接收到针对本次访问的跨网连接请求,解析出该跨网连接请求中携带的私网中的服务端的私网地址;在第二连接建立成功后,通过接收到跨网连接请求的公网连接,向代理服务端节点返回连接成功消息;利用跨网服务端单元建立的公网连接以及代理客户端单元建立的第二连接,传输客户端与服务端之间的本次访问的信息;The control unit is configured to receive a cross-network connection request for this visit from one of the at least two public network connections, parse out the private network address of the server in the private network carried in the cross-network connection request; after the second connection is successfully established, return a connection success message to the proxy server node through the public network connection that receives the cross-network connection request; and transmit the information of this visit between the client and the server by using the public network connection established by the cross-network server unit and the second connection established by the proxy client unit; 代理客户端单元,配置为根据跨网连接请求中携带的私网地址,与服务端建立第二连接。The proxy client unit is configured to establish a second connection with the server according to the private network address carried in the cross-network connection request. 18.访问私网中的服务端的装置,应用于客户端,该装置包括:18. A device for accessing a server in a private network, applied to a client, comprising: 连接建立模块,配置为与代理服务端节点建立第一连接;A connection establishing module, configured to establish a first connection with the proxy server node; 信息处理模块,配置为通过第一连接将针对本次访问的跨网连接请求发送给代理服务端节点,以使得代理服务端节点执行如下操作:The information processing module is configured to send the cross-network connection request for the current access to the proxy server node through the first connection, so that the proxy server node performs the following operations: 代理服务端节点确定本次访问的业务类型;The proxy server node determines the service type of this access; 代理服务端节点从代理服务端节点与代理客户端节点之间的至少两条公网连接中选择本次访问的业务类型对应的公网连接;其中,不同的业务类型对应不同的公网连接;The proxy server node selects a public network connection corresponding to the service type of the current visit from at least two public network connections between the proxy server node and the proxy client node; wherein different service types correspond to different public network connections; 代理服务端节点通过选择出的公网连接将跨网连接请求发送至代理客户端节点;The proxy server node sends the cross-network connection request to the proxy client node through the selected public network connection; 代理服务端节点接收到代理客户端节点返回的连接成功消息后,向所述客户端返回连接成功消息;After receiving the connection success message returned by the proxy client node, the proxy server node returns a connection success message to the client; 代理服务端节点利用第一连接以及选择出的公网连接,传输所述客户端与所述服务端之间的本次访问的信息;The proxy server node transmits the information of the current visit between the client and the server by using the first connection and the selected public network connection; 其中,所述跨网连接请求用于外网中的该客户端访问私网中的服务端,并且该跨网连接请求中携带有该服务端的私网地址。The cross-network connection request is used for the client in the external network to access the server in the private network, and the cross-network connection request carries the private network address of the server. 19.一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现权利要求1-15中任一项所述的方法。19. A computing device, comprising a memory and a processor, wherein the memory stores executable code, and when the processor executes the executable code, the method according to any one of claims 1 to 15 is implemented.
CN202211317069.8A 2022-10-26 2022-10-26 Method and device for accessing a server in a private network Active CN115834655B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211317069.8A CN115834655B (en) 2022-10-26 2022-10-26 Method and device for accessing a server in a private network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211317069.8A CN115834655B (en) 2022-10-26 2022-10-26 Method and device for accessing a server in a private network

Publications (2)

Publication Number Publication Date
CN115834655A CN115834655A (en) 2023-03-21
CN115834655B true CN115834655B (en) 2025-01-03

Family

ID=85525503

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211317069.8A Active CN115834655B (en) 2022-10-26 2022-10-26 Method and device for accessing a server in a private network

Country Status (1)

Country Link
CN (1) CN115834655B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710548A (en) * 2022-03-22 2022-07-05 阿里巴巴(中国)有限公司 Message forwarding method and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078371A1 (en) * 2000-08-17 2002-06-20 Sun Microsystems, Inc. User Access system using proxies for accessing a network
WO2012006595A2 (en) * 2010-07-09 2012-01-12 Nicolas Girard Transparent proxy architecture for multi-path data connections
CN110809054B (en) * 2019-11-11 2021-10-29 腾讯科技(深圳)有限公司 Data transmission method, apparatus, device and storage medium
CN113452592B (en) * 2021-06-09 2022-02-25 北京奥星贝斯科技有限公司 Cross-cloud data access method and device under hybrid cloud architecture
CN113472875B (en) * 2021-06-28 2024-10-22 深信服科技股份有限公司 Connection multiplexing method and device, electronic equipment and storage medium
CN113992642B (en) * 2021-10-25 2023-10-24 深信服科技股份有限公司 Flow auditing method, device and related equipment of gateway proxy server

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710548A (en) * 2022-03-22 2022-07-05 阿里巴巴(中国)有限公司 Message forwarding method and device

Also Published As

Publication number Publication date
CN115834655A (en) 2023-03-21

Similar Documents

Publication Publication Date Title
JP7252356B2 (en) MOBILE EDGE COMPUTING NODE SELECTION METHOD, APPARATUS AND SYSTEM AND COMPUTER PROGRAM
EP3968610B1 (en) Method, device, and system for selecting mobile edge computing node
US8966121B2 (en) Client-side management of domain name information
US7401159B1 (en) Distributed network traffic load balancing technique implemented without gateway router
EP2112788A1 (en) A method, system and nodes for p2p content sharing
JP4575980B2 (en) Method, system, and computer program for communication in a computer system
US20070233844A1 (en) Relay device and communication system
EP2343867B1 (en) System and method of reducing intranet traffic on bottleneck links in a telecommunications network
CN112631788B (en) Data transmission method and data transmission server
JP2001356973A (en) Network system
CA2430416A1 (en) A method and apparatus for discovering client proximity using multiple http redirects
CN111385203B (en) Data transmission method, device and equipment based on hybrid cloud and storage medium
CN107528891B (en) Websocket-based automatic clustering method and system
CN111327668B (en) Network management method, device, equipment and storage medium
CN110099076A (en) A kind of method and its system that mirror image pulls
CN108200158A (en) request transmission system, method, device and storage medium
WO2023151264A1 (en) Load balancing method and apparatus, node, and storage medium
CN114501593A (en) Network slice access method, device, system and storage medium
CN108989420B (en) Method and system for registering service and method and system for calling service
CN106970843B (en) Remote calling method and device
EP2963880B1 (en) Data sending and processing method and router
WO2022083385A1 (en) Network nodes and methods therein for providing backup network function
CN113709054B (en) A method, device and system for LVS system deployment adjustment based on keepalived
CN114371944A (en) Distributed service remote calling method, system, device and storage medium
CN115834655B (en) Method and device for accessing a server in a private network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant