[go: up one dir, main page]

CN112910790A - Diversion system and method thereof - Google Patents

Diversion system and method thereof Download PDF

Info

Publication number
CN112910790A
CN112910790A CN202110184241.6A CN202110184241A CN112910790A CN 112910790 A CN112910790 A CN 112910790A CN 202110184241 A CN202110184241 A CN 202110184241A CN 112910790 A CN112910790 A CN 112910790A
Authority
CN
China
Prior art keywords
network
flow
traffic
diversion
acceleration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110184241.6A
Other languages
Chinese (zh)
Other versions
CN112910790B (en
Inventor
王力鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN202110184241.6A priority Critical patent/CN112910790B/en
Publication of CN112910790A publication Critical patent/CN112910790A/en
Application granted granted Critical
Publication of CN112910790B publication Critical patent/CN112910790B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • H04L41/083Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for increasing network speed
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明实施例涉及计算机网络技术领域,公开了一种导流系统及其方法。导流系统包括:第一交换机,第一导流设备,第一网络出口设备;第一交换机与第一导流设备连接;第一导流设备与网络出口设备连接;第一交换机用于接收用户节点的流量,将流量传输到第一导流设备;第一导流设备用于接收第一交换机传输的流量,并根据对流量的识别结果将需要加速的流量通过第一网络出口设备传输到加速网络,将无需加速的流量通过网络出口设备传输到普通网络;第一导流设备还用于将通过第一网络出口设备接收的流量经交换机传输到用户节点,使得无需改变原有网络拓扑和配置,就能实现对流量的识别引导,部署方式简单。

Figure 202110184241

Embodiments of the present invention relate to the technical field of computer networks, and disclose a flow guiding system and a method thereof. The diversion system includes: a first switch, a first diversion device, and a first network outlet device; the first switch is connected to the first diversion device; the first diversion device is connected to the network outlet device; the first switch is used for receiving users The traffic of the node is transmitted to the first diversion device; the first diversion device is used to receive the traffic transmitted by the first switch, and transmit the traffic that needs to be accelerated through the first network egress device to the acceleration device according to the identification result of the traffic. network, and transmit the traffic that does not need to be accelerated to the ordinary network through the network egress device; the first diversion device is also used to transmit the traffic received through the first network egress device to the user node through the switch, so that the original network topology and configuration do not need to be changed. , the identification and guidance of traffic can be realized, and the deployment method is simple.

Figure 202110184241

Description

Diversion system and method thereof
Technical Field
The embodiment of the invention relates to the technical field of computer networks, in particular to a flow guide system and a flow guide method.
Background
As the size and business of an enterprise increase, the types of traffic of the enterprise become more abundant, and in the network of the enterprise, a plurality of different types of lines are usually required to carry different types of traffic. In order to implement the purpose of directing different types of traffic to different networks, in the related art, the traffic is often directed to a corresponding device in an original network by a static routing or a dynamic routing manner, so as to be directed to different networks.
However, in the related art, the diversion by the static routing or the dynamic routing needs to change the original network configuration or network topology of the lan, and especially in the lan with many network nodes, it is more complicated and difficult to implement diversion by changing the configuration and deployment of the network.
Disclosure of Invention
Embodiments of the present invention provide a flow guiding system and method, which can guide flow without changing an original network configuration or a network topology, and simplify a deployment manner.
To solve the above technical problem, an embodiment of the present invention provides a diversion system, including: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network; the first switch, the first flow directing device, and the first network egress device are deployed in a first local area network; the first switch is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device; the first switch is used for receiving the flow of a user node and transmitting the flow to the first diversion device; the first diversion device is used for receiving the flow transmitted by the first switch, sending the flow needing to be accelerated to the acceleration network through the first network outlet device according to the identification result of the flow, and sending the flow needing not to be accelerated to the Internet through the first network outlet device; wherein the identification result of the flow is determined according to the characteristics of the flow; the first network outlet device is used for receiving the flow transmitted by the first diversion device and sending the flow to the acceleration network or the Internet; the acceleration network is in communication connection with the second diversion device and is used for transmitting the flow received from the first network outlet device to the second diversion device or an application server; or, the acceleration network is in communication connection with the second network outlet device, and is configured to transmit the traffic received from the first network outlet device to the second network outlet device or the application server; wherein the second flow directing device and the second network egress device are both deployed in a second local area network; the first flow guiding device is further configured to transmit traffic received through the first network egress device to the user node via the first switch.
The embodiment of the invention also provides a flow guiding method which is applied to a flow guiding system, wherein the flow guiding system comprises a first exchanger, first flow guiding equipment, first network outlet equipment and an accelerating network; the first switch, the first flow directing device, and the first network egress device are deployed in a first local area network; the first switch is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device, and the diversion method comprises the following steps: the first switch receives the flow of a user node and transmits the flow to the first diversion device; after receiving the traffic transmitted by the first switch, the first diversion device sends the traffic needing to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic, and sends the traffic needing not to be accelerated to the Internet through the first network outlet device; wherein the identification result of the flow is determined according to the characteristics of the flow; after receiving the traffic transmitted by the first diversion device, the first network outlet device sends the traffic to the acceleration network or the internet; the acceleration network is in communication connection with the second diversion device, and transmits the traffic received from the first network outlet device to the second diversion device or the application server after receiving the traffic from the first network outlet device; or, the acceleration network is in communication connection with the second network outlet device, and after receiving traffic from the first network outlet device, the acceleration network transmits the traffic received from the first network outlet device to the second network outlet device or the application server; the second diversion device and the second network exit device are both deployed in a second local area network; and if the first diversion device receives the flow from the first network outlet device, transmitting the flow received from the first network outlet device to the user node.
Compared with the related art, the diversion system of the embodiment of the invention comprises: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network, wherein the first switch is connected with the first diversion device, and the first diversion device is connected with the first network outlet device; in addition, the first switch of this embodiment is configured to receive traffic of the user node, and transmit the traffic to the first flow guiding device; the first diversion device transmits the flow which does not need to be accelerated to the Internet through the network outlet device according to the identification result of the flow, the flow which needs to be accelerated is transmitted to the acceleration network through the first network outlet device, the flow is transmitted to the application server or the network device in another local area network through the acceleration network, the flow which accesses to the other local area network or the flow which accesses to the cloud can be accelerated, the network quality service of the flow which needs to be accelerated is ensured, in addition, the different flows can be accelerated or not accelerated, the requirement of a user on the flow transmission speed is met, and the user experience is improved.
In addition, a bypass network card is installed on the first diversion device, and the bypass network card is used for transmitting the flow received by the first switch to the first network outlet device when the first diversion device is down or has a service fault. By installing the bypass network card on the diversion device, when the diversion device is arranged in series in a local area network, even if the diversion device fails, the flow can still be transmitted through the bypass network card, namely, the local area network still can access the network, and the stability and the robustness of the transmission flow of the diversion system are improved.
In addition, the acceleration network includes: the first acceleration network is used for accelerating the traffic to be transmitted to the application server, and the second acceleration network is used for accelerating the traffic to be transmitted to the second local area network; the first and second acceleration networks each comprise: accessing the device; the first flow guiding device and the second flow guiding device further comprise: a tunnel module and an agent module; the proxy module of the first flow guiding device is used for establishing a TCP long connection with the access device of the first acceleration network, and transmitting the flow to be transmitted to the application server to the access device of the first acceleration network through the established TCP long connection through the first network outlet device; the tunnel module of the first diversion device is configured to establish a VPN tunnel with the access device of the second acceleration network, and transmit the traffic to be transmitted to the second local area network to the access device of the second acceleration network through the established VPN tunnel via the first network outlet device. By establishing the long TCP connection, a plurality of data packets can be continuously sent on one TCP connection, so that the consumption of establishing and closing the TCP connection is saved, and the efficiency of accessing the application server is improved; the embodiment of the invention simplifies the complexity of network deployment and reduces the cost of network deployment compared with the prior art in which the traffic transmission between different local area networks is realized by establishing a physical private line.
In addition, the tunnel module of the first flow guiding device is further configured to encapsulate the traffic to be transmitted to the second local area network based on a VPN protocol, so as to obtain an encapsulated traffic; and after receiving the encapsulated flow, the tunnel module of the second flow guide device decapsulates the encapsulated flow based on a VPN protocol, and transmits the decapsulated flow to a user node through the second switch. And the flow is encapsulated based on a VPN protocol, so that the flow can be transmitted through a VPN tunnel, and the safety of flow transmission is ensured.
In addition, the access device of the first acceleration network is configured to receive the traffic to be transmitted to the application server, select an optimal network line for the traffic to be transmitted to the application server, and transmit the traffic to be transmitted to the application server to the optimal network line; the access device of the second acceleration network is used for receiving the traffic to be transmitted to the second local area network, selecting an optimal network line for the traffic to be transmitted to the second diversion device, and transmitting the traffic to be transmitted to the second diversion device to the optimal network line. The access device of the acceleration network obtains the optimal website line by detecting the network line, so that the optimal network line transmits the flow, and the flow transmission efficiency is further improved.
In addition, the second local area network further includes: a second switch; when the acceleration network is in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device. The second diversion device in the embodiment of the invention is deployed in a second local area network in a side-hung manner.
In addition, the second local area network further includes: a second switch; when the acceleration network is in communication connection with the second network outlet device, the second network outlet device is connected with the second diversion device, and the second diversion device is connected with the second switch. The second flow guiding device in the embodiment of the invention is arranged in the second local area network in a serial connection mode.
Drawings
One or more embodiments are illustrated by the corresponding figures in the drawings, which are not meant to be limiting.
Fig. 1 is a network diagram of a first local area network in a diversion system according to a first embodiment of the present invention;
FIG. 2 is a schematic view of a flow directing system according to a first embodiment of the present invention;
fig. 3 is a network diagram of a second local area network in the diversion system according to a second embodiment of the present invention;
fig. 4 is a network diagram of a local area network according to the related art;
FIG. 5 is a schematic diagram of an enterprise deployment diversion system in accordance with a second embodiment of the present invention;
fig. 6 is a flowchart of a diversion method according to a third embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that in various embodiments of the invention, numerous technical details are set forth in order to provide a better understanding of the present application. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present invention, and the embodiments may be mutually incorporated and referred to without contradiction.
A first embodiment of the invention is directed to a flow directing system. The air guide system of the embodiment comprises: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network; the first switch, the first flow directing device, and the first network egress device are deployed in a first local area network; the first switch is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device; the first switch is used for receiving the flow of a user node and transmitting the flow to the first diversion device; the first diversion device is used for receiving the flow transmitted by the first switch, sending the flow needing to be accelerated to the acceleration network through the first network outlet device according to the identification result of the flow, and sending the flow needing not to be accelerated to the Internet through the first network outlet device; wherein the identification result of the flow is determined according to the characteristics of the flow; the first network outlet device is used for receiving the flow transmitted by the first diversion device and sending the flow to the acceleration network or the Internet; the acceleration network is in communication connection with the second diversion device and is used for transmitting the flow received from the first network outlet device to the second diversion device or an application server; or, the acceleration network is in communication connection with the second network outlet device, and is configured to transmit the traffic received from the first network outlet device to the second network outlet device or the application server; wherein the second flow directing device and the second network egress device are both deployed in a second local area network; the first flow guiding device is further configured to transmit traffic received through the first network egress device to the user node via the first switch.
Compared with the related art, the diversion system of the embodiment of the invention comprises: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network, wherein the first switch is connected with the first diversion device, and the first diversion device is connected with the first network outlet device; in addition, the first switch of this embodiment is configured to receive traffic of the user node, and transmit the traffic to the first flow guiding device; the first diversion device transmits the flow which does not need to be accelerated to the Internet through the network outlet device according to the identification result of the flow, the flow which needs to be accelerated is transmitted to the acceleration network through the first network outlet device, the flow is transmitted to the application server or the network device in another local area network through the acceleration network, the flow which accesses to another local area network or the flow which accesses to the cloud can be accelerated, the network quality service of the flow which needs to be accelerated is ensured, in addition, the different flows can be accelerated or not accelerated, the requirement of a user on the flow transmission speed is met, and the user experience is improved.
The following describes the implementation details of the diversion system of the present embodiment, and the following description is provided only for the sake of understanding and is not necessary to implement the present embodiment.
In the first embodiment of the present invention, the diversion system may provide services to users of two local area networks, and the two local area networks may be two local area networks deployed in two office locations by the same enterprise. The deployment structure of the diversion system in the first local area network is shown in fig. 1, and the first local area network may include: network egress device 101, diversion device 102, switch 103.
Each user node 104 in the local area network is in communication connection with the switch 103, the traffic sent to the external network by each user node 104 can be forwarded through the switch 103, and the switch 103 is connected with the flow guiding device 102; the diversion device 102 is connected 101 to a network egress device; the network egress device 101 is connected to the internet network and the acceleration network.
The network egress device may be a router, a firewall, a switch, and the like, and the embodiment does not limit the type of the network egress device. The acceleration Network may be a service Network constructed by a Network service provider, such as a Content Delivery Network (CDN), a software defined wide area Network (SD-WAN), and the like, and may have a plurality of service nodes, including a point-of-presence (POP) node, that is, an access device, among which a communication line may be laid according to actual needs, and the communication line may include a physical dedicated line and a Multi-Protocol Label Switching (MPLS) dedicated line. The acceleration networks can provide proxy services for the traffic, so that the traffic can quickly and safely reach the destination address or quickly obtain a response. The present embodiment does not limit the type of acceleration network. Long connection is established between POP points of the CDN network through TCP, and connection is established between POP points in the SD-WAN network through IPsec. In the process of accelerating network transmission, the flow can go from an inlet POP point to an outlet POP point through a line and a path with the best network quality according to the network detection result among the POP points, and then access a source station through the outlet POP point.
The switch 103 is configured to receive traffic of each user node 104 in the local area network, and forward the traffic sent by the user node to the flow guiding device 102.
The flow guiding device 102 is configured to receive traffic transmitted by the switch, identify the traffic based on characteristics of the traffic, transmit the traffic that needs to be accelerated to an acceleration network through the network egress device according to an identification result of the traffic, transmit the traffic that needs not to be accelerated to a requested destination address through the acceleration network, transmit the traffic that needs not to be accelerated to the internet through the network egress device, and transmit the traffic to the destination address of the traffic through the internet network. The characteristics of the traffic may include a quintuple of the traffic, that is, an IP address, a source port, a destination IP address, a destination port, a transport layer protocol, or application packet characteristics, such as a data format in a packet, specific content included in a packet, and the like, after receiving the traffic, the first flow guiding device may identify the traffic based on the quintuple of the traffic and/or the application packet characteristics, so as to determine whether the traffic needs to be accelerated, and determine a corresponding acceleration network, specifically, may set an identification rule on the flow guiding device according to an actual requirement, for example, may determine the traffic accessing other intranets and the traffic of some target application services in the enterprise as the traffic needing to be accelerated, and determine other traffic in addition to the traffic needing no acceleration.
Fig. 1 is an equipment architecture in which a diversion system is deployed in one local area network, and when the diversion system needs to provide services for a plurality of local area network users, corresponding diversion equipment needs to be deployed in each local area network, specifically, the equipment architecture deployed in each local area network may be the same as that shown in fig. 1, or may be deployed based on other structures, for example, the diversion equipment may be deployed between an original switch and a network egress device of the local area network in a side-hanging manner, which is not limited in this invention. The present embodiment will briefly explain the application architecture of the diversion system serving two lans based on the same deployment in different lans as shown in fig. 2.
In the second local area network in fig. 2, the acceleration network is communicatively connected to a second network egress device, the second network egress device is connected to a second flow directing device, and the second flow directing device is connected to a second switch. That is, in fig. 2, the device architecture deployed in the first local area network and the device architecture deployed in the second local area network are the same as those shown in fig. 1, and are not described again here.
In the network deployment of the first local area network and the second local area network in this embodiment, the diversion devices are all connected in series between the switch and the network outlet device, at least one local area network card and at least one wide area network card exist on the diversion devices, the diversion devices are connected with the switch through the local area network card and connected with the network outlet device through the wide area network card, the diversion devices identify the flow after receiving the flow, and guide the flow to be accelerated to the service link of the acceleration network.
In an example, the first airflow guiding device may further include a bypass network card, where the bypass network card is configured to transmit traffic received from the first switch to the first network outlet device when the first airflow guiding device is down or has a service failure. In this embodiment, the bypass network card is installed on the flow guiding device, so that when the flow guiding device is deployed in the local area network in series, even if the flow guiding device fails, the flow can still be transmitted through the bypass network card, that is, the local area network can still access the network, and the stability of the transmission flow of the flow guiding system is improved. The bypass network card may also be installed in the second stream guidance device in the second local area network in this embodiment.
In one example, an acceleration network includes: a first acceleration network for accelerating traffic to be transmitted to an application server, for example: a CDN network, and a second acceleration network configured to accelerate traffic to be transmitted to the second local area network, for example: an SD-WAN network; the first acceleration network and the second acceleration network each include: an access device, i.e., a POP point in fig. 2; the first and second flow directing devices further each comprise: a tunnel module and an agent module; the proxy module of the first flow guiding device is used for establishing TCP long connection with the access device of the first acceleration network, transmitting the flow to be transmitted to the application server to the access device of the first acceleration network through the established TCP long connection through the first network outlet device, the tunnel module of the first flow guiding device is used for establishing a VPN tunnel, such as an IPSec (Internet Protocol Security) tunnel, with the access device of the second acceleration network, establishing BGP neighbors between the BGP points and releasing respective local networks to realize network intercommunication, and then transmitting the flow to be transmitted to the second local area network to the access device of the second acceleration network through the established VPN tunnel. In this embodiment, the connection established between the second lan and the acceleration network is the same as the first lan. The application server of this embodiment may be a server that provides a Software-as-a-Service (SAAS) application.
After the connection is established, the traffic can be transmitted, and the traffic transmission process is described below.
After receiving the traffic forwarded by the first switch, the traffic identification module of the first flow guiding device identifies the traffic based on characteristics of the traffic, for example, identifies that the traffic is a traffic a to be transmitted to the second local area network and a traffic B1 to be transmitted to the application server, where the traffic a and the traffic B1 are both set as the traffic that needs to be accelerated without using the accelerated traffic C1.
And the flow A identified as to be transmitted to the second local area network is transmitted to a tunnel module, the tunnel module is encapsulated based on a VPN protocol to obtain the encapsulated flow A, the encapsulated flow A is transmitted to a POP point close to the first local area network through an established VPN tunnel, so that the flow enters a second acceleration network and is transmitted to a second network outlet device through the second acceleration network, the second network outlet device transmits the flow to the tunnel module, the tunnel module decapsulates the flow A, transmits the decapsulated flow A to a second switch, and the second switch transmits the decapsulated flow A to a target node. The present embodiment encapsulates, routes, and decapsulates traffic using tunneling based on the VPN protocol. The tunnel module encapsulates (or hides) the original data packet inside a new data packet based on the VPN protocol, and the new data packet (i.e., the encapsulated traffic) includes new addressing and routing information, thereby enabling the encapsulated traffic to be transmitted through the accelerated network. Because the flow encapsulation is carried out, a person eavesdropping on the communication network cannot acquire the original data packet data and the original source address and the original target address, and the data confidentiality is improved. After the encapsulated data packet, that is, the encapsulated traffic reaches the flow guiding device, the encapsulation is deleted, that is, the decapsulation is performed, so that the original data packet header in the decapsulated traffic is exposed, and the data packet is conveniently routed to the final destination, that is, the user node.
For the flow B1 to be transmitted to the application server, the flow identification module of the first flow guiding device transmits the flow B1 to the proxy module, the proxy module uses proxy technology, for example, the flow is encapsulated based on TCP protocol, the flow B1 is transmitted to the POP point through the first network outlet device by the established TCP long connection, the POP point proxies the access request of the first local area network and returns the source through the first acceleration network, the POP point transmits the flow obtained by the access to the proxy module of the second flow guiding device through the first network outlet device, the proxy module of the second flow guiding device decapsulates the flow based on TCP protocol, transmits the decapsulated flow to the switch, and the switch routes the flow to the user node according to the decapsulated original data packet header in the flow.
In one example, a first network outlet device transmits traffic to be accelerated to an access device of a first acceleration network or a second acceleration network, and after receiving the traffic to be transmitted to an application server, the access device of the first acceleration network may select an optimal network line for the traffic to be transmitted to the application server and transmit the traffic to be transmitted to the application server to the optimal network line; and after receiving the flow transmitted to the second local area network, the access equipment of the second acceleration network selects an optimal network line for the flow to be transmitted to the second flow guide equipment, and transmits the flow to be transmitted to the second flow guide equipment to the optimal network line. The evaluation criteria of the network line may be set according to actual application requirements, for example, the network line may be evaluated by comprehensively considering factors such as line delay, packet loss rate, cost, and the like according to actual requirements of customers.
For the traffic C1 identified by the traffic identification module of the first mediation device as not requiring acceleration, i.e., not providing any acceleration service, the first mediation device does not process the traffic C1, transmits the traffic C1 to the first network egress device, and the network egress device transmits the traffic C1 to the user node through the internet network provided by the network operator.
It should be noted that the above-mentioned diversion system can provide acceleration service for traffic accessing another lan as well as for traffic accessing an application server, and in practical applications, a user can set traffic requiring acceleration service according to his own requirements, for example, only provide acceleration service for traffic accessing an application server, or only provide acceleration access for traffic accessing another lan. Taking the two acceleration networks as an example, the diversion system of this embodiment may also support multiple acceleration networks, identify different flows, and direct the flows to different networks, thereby implementing acceleration or non-acceleration processing on the networks, so as to meet the transmission speed requirements of users on different flows.
In the embodiment, the first diversion device is connected in series to the original network, that is, the first diversion device is respectively connected with the original first switch and the original first network outlet device in the local area network, so that diversion can be realized without changing the original network topology and network configuration, and the deployment mode is simple; in addition, the first switch of this embodiment is configured to receive traffic of the user node, and transmit the traffic to the first flow guiding device; the first diversion device transmits the flow which does not need to be accelerated to the Internet through the network outlet device according to the identification result of the flow, the flow which needs to be accelerated is transmitted to the acceleration network through the first network outlet device, the flow is transmitted to the application server or the network device in another local area network through the acceleration network, the flow which accesses to another local area network or the flow which accesses to the cloud can be accelerated, the network quality service of the flow which needs to be accelerated is ensured, in addition, the different flows can be accelerated or not accelerated, the requirement of a user on the flow transmission speed is met, and the user experience is improved.
A second embodiment of the invention is directed to a diversion system. The second embodiment is substantially the same as the first embodiment, with the main differences being: in the second local area network, the acceleration network is directly in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device.
The network deployment structure of the second lan is shown in fig. 3.
The switch 302 is connected to the network outlet device 301 and the diversion device 303, and the diversion device 303 communicates with the network outlet device 101 through the switch 102, in other words, the diversion device 103 is hung on the switch 102 of the local area network; in a local area network, traffic sent to an external network by each in-network user node 304 is forwarded through a switch 302, a network egress device 301 is in communication connection with the switch 302 and can access an internet network, and a diversion device 303 is connected with an acceleration network.
The switch 302 is configured to receive traffic sent by the user node 304 in the local area network, and forward the traffic to the flow guiding device 303; the flow guiding device 303 is configured to receive traffic forwarded by the switch 102, transmit traffic that needs to be accelerated to an application server or a network egress device of the first local area network through an acceleration network according to a result of identifying the traffic, forward traffic that does not need to be accelerated to the switch 302, and transmit the traffic to the network egress device 301 through the switch 302; the network egress device 301 may transmit traffic received from the switch 302 to the Internet network, through which the traffic is transmitted to its requested destination address; wherein the flow guiding device 303 is further configured to transmit traffic received through the acceleration network to the user node via the switch 302. In addition, in practical application, the switch 302 may forward all the received traffic from the intranet user node to the diversion device 303, or may set a distribution rule on the switch 302 according to actual needs, so as to forward only part of the traffic to the diversion device, and directly forward the other part of the traffic to the network egress device 301.
The above is a network deployment structure of the second local area network in the diversion system, and the network deployment structure of the first local area network in the diversion system is substantially the same as the deployment structure described in fig. 1 in the first embodiment of the present invention, and details are not repeated here.
For enterprise a, a network deployment structure of a local area network 1 of enterprise a is shown in fig. 4, a user node 403 is in communication connection with an exchanger 402, and the exchanger 402 is in communication connection with a network outlet device 401, as the scale of enterprise a increases, an enterprise branch is newly established, a local area network 2 is established in the enterprise branch, and in the case of not accessing a network service provider, the local area network 1 and the local area network 2 can only communicate through an Internet network provided by a network operator, but the quality of the Internet network is poor and the security is not high. Therefore, the diversion system of this embodiment can be used to provide high-quality network services for enterprise users, and in the local area network 1, the diversion device can be connected between the original switch and the original network egress device in a serial connection manner, that is, the deployment structure shown in fig. 1; in the local area network 2, the diversion device may be connected to the original switch in a side-hung manner, i.e., the deployment structure shown in fig. 2. The diversion devices in the local area networks 1 and 2 identify the traffic sent by the user nodes in the networks, so as to realize the acceleration service of the traffic, so as to improve the network communication quality between networks and specific external network applications, and the diversion systems of the enterprise local area networks 1 and 2 are shown in fig. 5.
Two acceleration networks are deployed in the diversion system shown in fig. 5: the system comprises an SD-WAN network and a CDN network, wherein an IPsec tunnel can be established between POPs of the SD-WAN network, and network communication can be carried out between the POPs of the CDN network based on a TCP or UDP protocol. The method can accelerate the line quality between the POP nodes of the network, such as parameters of time delay, packet loss rate and the like, and share the detection results, and each POP node butted with the user local area network can determine the optimal network line according to the detection results and the customer requirements.
The flow guide device 1 of the enterprise local area network 1 is provided with a LAN card and a WAN card, the LAN port is directly connected with an original switch, the WAN port is connected with an original network outlet device, a tunnel module of the flow guide device 1 establishes a VPN tunnel with a POP point (same region and same operator) of the SD-WAN network, and a proxy module of the flow guide device 1 establishes TCP long connection with the POP point (same region and same operator) of the CDN network. The VPN tunnel and the TCP long connection are both logical connections.
The diversion device 2 of the enterprise local area network 2 is provided with three network interfaces, namely a WAN1 port, a WAN2 port and a WAN3 port, which respectively correspond to three network cards, namely a WAN1, a WAN2 and a WAN 3. The flow guide device 2 is deployed in a local area network of a corresponding site in a side-hanging manner, a tunnel module of the flow guide device 2 establishes a VPN tunnel with a POP point (same as an area and an operator) of the SD-WAN network, and a proxy module of the flow guide device 2 establishes TCP long connection with the POP point (same as an area and an operator) of the CDN network.
Taking the example that the enterprise local area network 1 transmits the flow to the enterprise local area network 2, the flow of the user node of the enterprise local area network 1 is forwarded to the diversion device 1 from the original switch, and the flow identification module of the diversion device 1 identifies the flow according to the flow characteristics carried by the flow, so as to identify the following three flows:
(1) flow rate A: intranet traffic intercommunicated with the enterprise lan 2, that is, traffic to be transmitted to the second lan;
(2) flow rate B1: accessing a cloud service target application, such as flow of SAAS service, namely flow to be transmitted to an application server;
(3) flow rate C1: there is no need to provide traffic for accelerated services.
The flow A and the flow B1 are flows needing acceleration, and the flow A and the flow B1 send corresponding POP points of an acceleration network on the original network outlet equipment through the diversion equipment 1; the traffic C1 need not be accelerated and needs to be sent through a network egress device to the Internet network.
The transmission of the flow B1 and the flow C1 are substantially the same as the transmission of the flow B1 and the flow C1 in the first embodiment, and the description thereof is omitted here.
For the flow a, the flow identification module of the flow guiding device 1 identifies that the flow a is to be transmitted to the second local area network, that is, the flow a intercommunicated with the enterprise local area network 2 is transmitted to the tunnel module of the flow guiding device 1, the tunnel module of the flow guiding device 1 encapsulates the flow a based on the VPN protocol to obtain the encapsulated flow a, the encapsulated flow a is transmitted to the POP point near the first local area network through the original network outlet device through the established VPN tunnel, so that the flow enters the SD-WAN network and is transmitted to the tunnel module of the flow guiding device 2 through the second acceleration network, the tunnel module of the flow guiding device 2 decapsulates the flow a, the decapsulated flow a is transmitted to the original switch of the enterprise local area network 2, and the original switch of the enterprise local area network 2 transmits the decapsulated flow a to the target node. The present embodiment encapsulates, routes, and decapsulates traffic using tunneling based on the VPN protocol. The tunnel module encapsulates (or hides) the original data packet inside a new data packet based on the VPN protocol, and the new data packet (i.e., the encapsulated traffic) includes new addressing and routing information, thereby enabling the encapsulated traffic to be transmitted through the accelerated network. Because the flow encapsulation is carried out, a person eavesdropping on the communication network cannot acquire the original data packet data and the original source address and the original target address, and the data confidentiality is improved. After the encapsulated data packet, that is, the encapsulated traffic reaches the flow guiding device, the encapsulation is deleted, that is, the decapsulation is performed, so that the original data packet header in the decapsulated traffic is exposed, and the data packet is conveniently routed to the final destination, that is, the user node.
The flow a is a flow of the enterprise lan 1 accessing the enterprise lan 2, and the flow a is taken as an example of transmitting the enterprise lan 2 to the enterprise lan 1, so as to explain a process of transmitting the flow of the enterprise lan 2 to the enterprise lan 1.
The flow guiding device 2 receives the flow A from the original switch of the enterprise local area network 2, the flow identification module of the flow guiding device 2 transmits the flow A to be transmitted to the second local area network to the tunnel module of the flow guiding device 2, the tunnel module of the flow guiding device 2 is encapsulated based on the VPN protocol to obtain the encapsulated flow A, the encapsulated flow A is transmitted to the POP point near the enterprise local area network 2 through the established VPN tunnel, so that the flow enters the SD-WAN network, the POP point carries out network detection, the optimal network line is selected from the SD-WAN network to transmit the flow A to the POP point near the enterprise local area network 1, the POP point near the enterprise local area network 1 transmits the flow A to the tunnel module of the flow guiding device 1 through the established VPN tunnel, the tunnel module of the flow guiding device 1 decapsulates the flow A based on the VPN protocol, and transmitting the decapsulated flow A to an original switch of the enterprise local area network 2, and transmitting the decapsulated flow A to a target node by the original switch of the enterprise local area network 2.
In one example, the flow guiding device 1 of the enterprise lan 1 is further installed with a pair of bypass network cards, and the bypass network cards transmit traffic received from the original switch to the original network egress device.
The flow guide device of the first local area network of this embodiment supports deployment in the original network in a serial connection manner, and does not need to change the original network topology and network configuration, and does not need to additionally deploy other lines by the user, and only needs to utilize the deployment line in the original local area network. After the user flow passes through the diversion device, the diversion device identifies the flow, the flow which does not need to be accelerated is not processed, the flow which needs to be accelerated is guided to the corresponding acceleration network, in addition, the diversion device of the second local area network can also use a side-hanging mode, and the deployment mode is flexible. The diversion system of this embodiment can acquire the requested data from the cloud more quickly by accelerating the transmission of the traffic accessing the cloud, thereby improving the response efficiency of the data request, enhancing the user experience, realizing the accelerated transmission of the intranet flow among different nodes of the enterprise by establishing a communication link with the second accelerated network, improving the flow transmission speed of each local area network among the enterprises, and compared with the method for establishing a special line among the enterprise local area networks, such as MPLS (multi-protocol label switching) to realize the accelerated transmission of the flow, or a tunnel is built on the Internet, such as IPsec for realizing accelerated traffic transmission, the embodiment has short deployment time and lower cost, in addition, the diversion device has a bypass function, and by installing a bypass network card on the diversion device, when the diversion equipment fails, the flow can still be transmitted through the bypass network card, the local area network can still access the network, and the stability of the transmission flow of the diversion system is improved.
A third embodiment of the present invention relates to a flow guiding method applied to a flow guiding system, the flow guiding system including: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network; the first switch, the first flow guiding device and the first network outlet device are deployed in the first local area network; the first switch is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device, and the diversion method comprises the following steps: the first switch receives the flow of a user node and transmits the flow to the first diversion device; after receiving the traffic transmitted by the first switch, the first diversion device sends the traffic needing to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic, and sends the traffic needing not to be accelerated to the Internet through the first network outlet device; wherein the identification result of the flow is determined according to the characteristics of the flow; after receiving the traffic transmitted by the first diversion device, the first network outlet device sends the traffic to the acceleration network or the internet; the acceleration network is in communication connection with the second diversion device, and transmits the traffic received from the first network outlet device to the second diversion device or the application server after receiving the traffic from the first network outlet device; or, the acceleration network is in communication connection with the second network outlet device, and after receiving traffic from the first network outlet device, the acceleration network transmits the traffic received from the first network outlet device to the second network outlet device or the application server; the second diversion device and the second network exit device are both deployed in a second local area network; and if the first diversion device receives the flow from the first network outlet device, transmitting the flow received from the first network outlet device to the user node.
In the embodiment, the first diversion device is connected in series to the original network, that is, the first diversion device is respectively connected with the original first switch and the original first network outlet device in the local area network, so that diversion can be realized without changing the original network topology and network configuration, and the deployment mode is simple; in addition, after receiving the traffic of the user node, the first switch of this embodiment forwards the traffic to the first diversion device; the first diversion device transmits the flow which does not need to be accelerated to the Internet through the network outlet device according to the identification result of the flow, the flow which needs to be accelerated is transmitted to the acceleration network through the first network outlet device, the flow is transmitted to the application server or the network device in another local area network through the acceleration network, the flow which accesses to the other local area network or the flow which accesses to the cloud can be accelerated, the network quality service of the flow which needs to be accelerated is ensured, in addition, the different flows can be accelerated or not accelerated, the requirement of a user on the flow transmission speed is met, and the user experience is improved.
The following describes implementation details of the diversion method of the present embodiment in detail, and the following is only provided for facilitating understanding of the implementation details and is not necessary for implementing the present embodiment. The traffic transmission method of the present embodiment is shown in fig. 6.
Step 601, the first switch receives the traffic of the user node and transmits the traffic to the first flow guiding device.
Illustratively, the first switch receives traffic of a user node in the first local area network, and the traffic of the first switch is forwarded to the traffic identification module of the flow guiding device through the LAN port.
Step 602, after receiving the traffic transmitted by the first switch, the first flow guiding device identifies the traffic.
Exemplarily, the flow guiding device identifies the flow according to the flow characteristics of the flow to obtain the identification result of the flow; the characteristics of the traffic may include a quintuple of the traffic, that is, an IP address, a source port, a destination IP address, a destination port, a transport layer protocol, or application packet characteristics, such as a data format in a packet, specific content included in a packet, and the like, after receiving the traffic, the first flow guiding device may identify the traffic based on the quintuple of the traffic and/or the application packet characteristics, so as to determine whether the traffic needs to be accelerated, and determine a corresponding acceleration network, specifically, may set an identification rule on the flow guiding device according to an actual requirement, for example, may determine the traffic accessing other intranets and the traffic of some target application services in the enterprise as the traffic needing to be accelerated, and determine other traffic in addition to the traffic needing no acceleration.
After the identification is completed, when it is determined that the flow rate is the flow rate that needs to be accelerated, step 603 is performed.
Step 603, the first diversion device sends the traffic needing to be accelerated to the acceleration network through the first network outlet device.
In one example, an acceleration network includes: the first acceleration network is used for accelerating the traffic to be transmitted to the application server, and the second acceleration network is used for accelerating the traffic to be transmitted to the second local area network; the first acceleration network and the second acceleration network each include: accessing the device; the access device of the first acceleration network is used for establishing TCP long connection with the first diversion device; the access device of the second acceleration network is used for establishing a VPN tunnel with the first diversion device; the diversion device transmits the flow to be transmitted to the application server to the access device of the first acceleration network through the established TCP long connection through the first network outlet device; and transmitting the flow to be transmitted to the second local area network to the access equipment of the second acceleration network through the established VPN tunnel by the first network outlet equipment.
In one example, if the traffic is to be transmitted to the second local area network, before the traffic is sent to the acceleration network, the first diversion device encapsulates the traffic to be transmitted to the second local area network based on a VPN protocol to obtain an encapsulated traffic; and after receiving the encapsulated flow, the second diversion device of the second local area network decapsulates the encapsulated flow based on a VPN protocol, and transmits the decapsulated flow to a user node through the second switch.
In one example, after receiving the traffic to be transmitted to the application server, the access device of the first acceleration network selects an optimal network line for the traffic to be transmitted to the application server, and transmits the traffic to be transmitted to the application server to the optimal network line; and after receiving the flow to be transmitted to the second local area network, the access equipment of the second acceleration network selects an optimal network line for the flow to be transmitted to the second flow guide equipment, and transmits the flow to be transmitted to the second flow guide equipment to the optimal network line.
In one example, the second local area network further comprises: a second switch; when the acceleration network is in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device. That is, in the diversion system, the diversion device of the second local area network may be deployed using a side-hang approach.
In another example, the second local area network further comprises: a second switch; when the acceleration network is in communication connection with the second network outlet device, the second network outlet device is connected with the second diversion device, and the second diversion device is connected with the second switch. That is, in the diversion system, the second local area network may be deployed in a cascaded manner.
If it is determined that the flow rate is a flow rate that does not require acceleration, step 604 is executed.
And step 604, transmitting the traffic which does not need to be accelerated to a common network through the network outlet device.
In the above example, the traffic that does not need to be accelerated is directly transmitted to the network outlet device without any processing, and the network outlet device is transmitted to the common network, that is, the original network.
The above steps 601 to 604 are flows of sending traffic by the first flow guiding device, and if the first flow guiding device receives traffic from the network egress device, the first flow guiding device transmits the received traffic to the user node through the switch.
In one example, if the traffic received from the network egress device is encapsulated traffic, the encapsulated traffic is decapsulated.
In order to avoid that the diversion device fails to access other networks, the diversion device of this embodiment may integrate a bypass function, that is, when the diversion device is detected to be failed, that is, when the diversion device is detected to be down or a diversion function failure, the flow is directly transmitted to the network outlet device, which does not affect the original flow transmission, and improves the stability of the flow transmission of the local area network.
In this embodiment, the traffic of the user node is received from the switch, and after the traffic is identified, the traffic is transmitted to the corresponding network through the network outlet device, so that the guidance of the traffic of different types can be realized without changing the original network topology and configuration, in addition, the traffic needing to be accelerated is transmitted to the acceleration network through the network outlet device, the network needing not to be accelerated is transmitted to the common network through the network outlet device, different traffic can be accelerated or not accelerated, the requirement of a user on the traffic transmission speed is met, the user experience is improved, in addition, when the breakdown of the diversion device or the diversion function fault is detected, the traffic can be directly transmitted to the network outlet device through the diversion device, the original traffic transmission is not affected, and the stability of the local area network traffic transmission is improved.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific embodiments for practicing the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.

Claims (14)

1. A flow directing system, comprising: the system comprises a first switch, a first diversion device, a first network outlet device and an acceleration network; the first switch, the first flow directing device, and the first network egress device are deployed in a first local area network; the first switch is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device;
the first switch is used for receiving the flow of a user node and transmitting the flow to the first diversion device;
the first diversion device is used for receiving the flow transmitted by the first switch, sending the flow needing to be accelerated to the acceleration network through the first network outlet device according to the identification result of the flow, and sending the flow needing not to be accelerated to the Internet through the first network outlet device; wherein the identification result of the flow is determined according to the characteristics of the flow;
the first network outlet device is used for receiving the flow transmitted by the first diversion device and sending the flow to the acceleration network or the Internet;
the acceleration network is in communication connection with the second diversion device and is used for transmitting the flow received from the first network outlet device to the second diversion device or an application server; or, the acceleration network is in communication connection with the second network outlet device, and is configured to transmit the traffic received from the first network outlet device to the second network outlet device or the application server;
wherein the second flow directing device and the second network egress device are both deployed in a second local area network;
the first flow guiding device is further configured to transmit traffic received through the first network egress device to the user node via the first switch.
2. The airflow directing system of claim 1, wherein the first airflow directing device has a bypass network card installed thereon, the bypass network card being configured to transmit traffic received from the first switch to the first network outlet device when the first airflow directing device is down or out of service.
3. The diversion system of claim 1, wherein the acceleration network comprises: the first acceleration network is used for accelerating the traffic to be transmitted to the application server, and the second acceleration network is used for accelerating the traffic to be transmitted to the second local area network;
the first and second acceleration networks each comprise: accessing the device;
the first flow guiding device and the second flow guiding device further comprise: a tunnel module and an agent module;
the proxy module of the first flow guiding device is used for establishing a TCP long connection with the access device of the first acceleration network, and transmitting the flow to be transmitted to the application server to the access device of the first acceleration network through the established TCP long connection through the first network outlet device;
the tunnel module of the first diversion device is configured to establish a VPN tunnel with the access device of the second acceleration network, and transmit the traffic to be transmitted to the second local area network to the access device of the second acceleration network through the established VPN tunnel via the first network outlet device.
4. The diversion system of claim 3, wherein the tunnel module of the first diversion device is further configured to encapsulate the traffic to be transmitted to the second local area network based on a VPN protocol to obtain an encapsulated traffic;
and after receiving the encapsulated flow, the tunnel module of the second flow guide device decapsulates the encapsulated flow based on a VPN protocol, and transmits the decapsulated flow to a user node through the second switch.
5. The diversion system of claim 3, wherein the access device of the first acceleration network is configured to receive the traffic to be transmitted to the application server, select an optimal network line for the traffic to be transmitted to the application server, and transmit the traffic to be transmitted to the application server to the optimal network line;
the access device of the second acceleration network is used for receiving the traffic to be transmitted to the second local area network, selecting an optimal network line for the traffic to be transmitted to the second diversion device, and transmitting the traffic to be transmitted to the second diversion device to the optimal network line.
6. Diversion system according to any of claims 1 to 5, characterized in that said second local area network further comprises: a second switch;
when the acceleration network is in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device.
7. Diversion system according to any of claims 1 to 5, characterized in that said second local area network further comprises: a second switch;
when the acceleration network is in communication connection with the second network outlet device, the second network outlet device is connected with the second diversion device, and the second diversion device is connected with the second switch.
8. The flow guiding method is applied to a flow guiding system, wherein the flow guiding system comprises a first exchanger, a first flow guiding device, a first network outlet device and an accelerating network; the first switch, the first flow directing device, and the first network egress device are deployed in a first local area network; the first switch is connected with the first diversion equipment; the first diversion device is connected with the first network outlet device, and the diversion method comprises the following steps:
the first switch receives the flow of a user node and transmits the flow to the first diversion device;
after receiving the traffic transmitted by the first switch, the first diversion device sends the traffic needing to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic, and sends the traffic needing not to be accelerated to the Internet through the first network outlet device; wherein the identification result of the flow is determined according to the characteristics of the flow;
after receiving the traffic transmitted by the first diversion device, the first network outlet device sends the traffic to the acceleration network or the internet;
the acceleration network is in communication connection with the second diversion device, and transmits the traffic received from the first network outlet device to the second diversion device or the application server after receiving the traffic from the first network outlet device; or, the acceleration network is in communication connection with the second network outlet device, and after receiving traffic from the first network outlet device, the acceleration network transmits the traffic received from the first network outlet device to the second network outlet device or the application server;
the second diversion device and the second network exit device are both deployed in a second local area network;
and if the first diversion device receives the flow from the first network outlet device, transmitting the flow received from the first network outlet device to the user node.
9. The flow guide method according to claim 8, wherein a bypass network card is installed on the first flow guide device; the flow guiding method further comprises the following steps:
and when the first diversion device is down or has a service fault, the bypass network card transmits the traffic received from the first switch to the first network outlet device.
10. The diversion method of claim 8, wherein said acceleration network comprises: the first acceleration network is used for accelerating the traffic to be transmitted to the application server, and the second acceleration network is used for accelerating the traffic to be transmitted to the second local area network;
the first and second acceleration networks each comprise: accessing the device; the access device of the first acceleration network is used for establishing a TCP long connection with the first diversion device; the access device of the second acceleration network is used for establishing a VPN tunnel with the first diversion device;
the sending the traffic needing to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic comprises:
transmitting the traffic to be transmitted to the application server to access equipment of the first acceleration network through the established TCP long connection through the first network outlet equipment;
and transmitting the flow to be transmitted to the second local area network to the access equipment of the second acceleration network through the established VPN tunnel by the first network outlet equipment.
11. The diversion method according to claim 10, wherein before sending the traffic that needs to be accelerated to the acceleration network through the first network outlet device according to the identification result of the traffic, the method comprises:
the first diversion device encapsulates the flow to be transmitted to the second local area network based on a VPN protocol to obtain the encapsulated flow;
and after receiving the encapsulated flow, the second diversion device of the second local area network decapsulates the encapsulated flow based on a VPN protocol, and transmits the decapsulated flow to a user node through the second switch.
12. The diversion method according to claim 10, wherein after receiving the traffic to be transmitted to the application server, the access device of the first acceleration network selects an optimal network line for the traffic to be transmitted to the application server, and transmits the traffic to be transmitted to the application server to the optimal network line;
and after receiving the flow to be transmitted to the second local area network, the access equipment of the second acceleration network selects an optimal network line for the flow to be transmitted to the second flow guide equipment, and transmits the flow to be transmitted to the second flow guide equipment to the optimal network line.
13. Diversion method according to any of claims 8 to 12, wherein said second local area network further comprises: a second switch;
when the acceleration network is in communication connection with the second diversion device, the second diversion device is connected with the second switch, and the second switch is connected with the second network outlet device.
14. Diversion method according to any of claims 8 to 12, wherein said second local area network further comprises: a second switch;
when the acceleration network is in communication connection with the second network outlet device, the second network outlet device is connected with the second diversion device, and the second diversion device is connected with the second switch.
CN202110184241.6A 2021-02-08 2021-02-08 Diversion system and method thereof Active CN112910790B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110184241.6A CN112910790B (en) 2021-02-08 2021-02-08 Diversion system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110184241.6A CN112910790B (en) 2021-02-08 2021-02-08 Diversion system and method thereof

Publications (2)

Publication Number Publication Date
CN112910790A true CN112910790A (en) 2021-06-04
CN112910790B CN112910790B (en) 2023-06-30

Family

ID=76123527

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110184241.6A Active CN112910790B (en) 2021-02-08 2021-02-08 Diversion system and method thereof

Country Status (1)

Country Link
CN (1) CN112910790B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100098092A1 (en) * 2008-10-18 2010-04-22 Fortinet, Inc. A Delaware Corporation Accelerating data communication using tunnels
CN101841387A (en) * 2009-03-19 2010-09-22 中国移动通信集团江西有限公司 Wide area network data speed acceleration method, device and system
CN105284080A (en) * 2014-03-31 2016-01-27 华为技术有限公司 Data center system and virtual network management method of data center
CN106911539A (en) * 2017-04-26 2017-06-30 上海优刻得信息科技有限公司 The methods, devices and systems of the network parameter between analysis user terminal and service end
CN107154876A (en) * 2017-05-18 2017-09-12 贵州斯曼特信息技术开发有限责任公司 A kind of large-scale data based on cloud service platform calculates acceleration system
US20170310594A1 (en) * 2016-04-25 2017-10-26 Linkedin Corporation Expedited fabric paths in switch fabrics
CN108429701A (en) * 2018-02-08 2018-08-21 四川速宝网络科技有限公司 network acceleration system
CN108475244A (en) * 2015-12-22 2018-08-31 英特尔公司 Accelerate network packet processing
CN109150725A (en) * 2018-07-09 2019-01-04 网宿科技股份有限公司 Traffic grooming method and server
CN109617778A (en) * 2018-11-22 2019-04-12 西安佰才邦网络技术有限公司 Implementation method, the device and system of cross-domain double layer network business
CN110311861A (en) * 2019-05-31 2019-10-08 厦门网宿有限公司 A kind of method and apparatus guiding data traffic
CN112202930A (en) * 2020-12-03 2021-01-08 观脉科技(北京)有限公司 Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network
CN112221121A (en) * 2020-10-20 2021-01-15 腾讯科技(深圳)有限公司 Application software networking acceleration method, device and storage medium

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100098092A1 (en) * 2008-10-18 2010-04-22 Fortinet, Inc. A Delaware Corporation Accelerating data communication using tunnels
CN101841387A (en) * 2009-03-19 2010-09-22 中国移动通信集团江西有限公司 Wide area network data speed acceleration method, device and system
CN105284080A (en) * 2014-03-31 2016-01-27 华为技术有限公司 Data center system and virtual network management method of data center
CN108475244A (en) * 2015-12-22 2018-08-31 英特尔公司 Accelerate network packet processing
US20170310594A1 (en) * 2016-04-25 2017-10-26 Linkedin Corporation Expedited fabric paths in switch fabrics
CN106911539A (en) * 2017-04-26 2017-06-30 上海优刻得信息科技有限公司 The methods, devices and systems of the network parameter between analysis user terminal and service end
CN107154876A (en) * 2017-05-18 2017-09-12 贵州斯曼特信息技术开发有限责任公司 A kind of large-scale data based on cloud service platform calculates acceleration system
CN108429701A (en) * 2018-02-08 2018-08-21 四川速宝网络科技有限公司 network acceleration system
CN109150725A (en) * 2018-07-09 2019-01-04 网宿科技股份有限公司 Traffic grooming method and server
CN109617778A (en) * 2018-11-22 2019-04-12 西安佰才邦网络技术有限公司 Implementation method, the device and system of cross-domain double layer network business
CN110311861A (en) * 2019-05-31 2019-10-08 厦门网宿有限公司 A kind of method and apparatus guiding data traffic
CN112221121A (en) * 2020-10-20 2021-01-15 腾讯科技(深圳)有限公司 Application software networking acceleration method, device and storage medium
CN112202930A (en) * 2020-12-03 2021-01-08 观脉科技(北京)有限公司 Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李金文: "论提高局域网传输速率方法", 《硅谷》 *

Also Published As

Publication number Publication date
CN112910790B (en) 2023-06-30

Similar Documents

Publication Publication Date Title
EP3958521B1 (en) Method and apparatus for providing service for service flow
EP2579544B1 (en) Methods and apparatus for a scalable network with efficient link utilization
US7570648B2 (en) Enhanced H-VPLS service architecture using control word
US9380111B2 (en) Feature peer network with scalable state information
US8127349B2 (en) Point-to-multi-point/non-broadcasting multi-access VPN tunnels
US8396954B2 (en) Routing and service performance management in an application acceleration environment
US10412008B2 (en) Packet processing method, apparatus, and system
CN110290093A (en) The SD-WAN network architecture and network-building method, message forwarding method
US8861547B2 (en) Method, apparatus, and system for packet transmission
US7961738B2 (en) Method for accessing virtual private network, virtual private system, virtual private network and provider edge device thereof
CN107948086A (en) A kind of data packet sending method, device and mixed cloud network system
CN109274570B (en) VPN construction method and device and computer readable storage medium
CN103905284B (en) A kind of flow load sharing method and apparatus based on EVI networks
US9979698B2 (en) Local internet with quality of service (QoS) egress queuing
EP4250649A1 (en) Packet forwarding method and apparatus, and network system
CN107483338A (en) A method, device and system for determining cross-domain label switching path tunnels
KR102071031B1 (en) Method and apparatus for providing service chaining in cloud environment
CN117811875A (en) Household intercommunication network access method and device
US20070165603A1 (en) Access network system, subscriber station device, and network terminal device
US8675669B2 (en) Policy homomorphic network extension
CN112910791B (en) Diversion system and method thereof
JP2019041227A (en) COMMUNICATION PROGRAM, COMMUNICATION METHOD, AND COMMUNICATION DEVICE
CN103634210A (en) Method and apparatus for discovering opposite-end provider edge (PE) device of virtual private LAN service (VPLS) instance
CN214799523U (en) Flow guiding system
CN112910790A (en) Diversion system and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant