CN120547065A - Cloud gateway message processing method, device and medium - Google Patents
Cloud gateway message processing method, device and mediumInfo
- Publication number
- CN120547065A CN120547065A CN202510669246.6A CN202510669246A CN120547065A CN 120547065 A CN120547065 A CN 120547065A CN 202510669246 A CN202510669246 A CN 202510669246A CN 120547065 A CN120547065 A CN 120547065A
- Authority
- CN
- China
- Prior art keywords
- service
- instance
- matching
- interface
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请提供一种云网关报文处理方法、装置及介质,涉及网络技术领域。所述方法包括:根据用户的增值服务建立具有不同服务质量的多个出子接口,每个出子接口根据自身的服务质量获取云网关设备的带宽分配;根据用户的增值服务设置多种报文处理动作和建立多个服务路由实例,每个服务路由实例关联若干种报文处理动作和一个出子接口;根据用户的增值服务使用规则建立服务匹配实例,服务匹配实例包括每个用户的不同终端使用服务路由实例的匹配规则;使用服务匹配实例匹配服务路由实例,使用匹配的服务路由实例处理用户终端报文。本申请通过一个云网关设备可以为多用户多终端提供更加定制化的增值服务。
The present application provides a cloud gateway message processing method, device and medium, which relates to the field of network technology. The method includes: establishing multiple outgoing sub-interfaces with different service qualities according to the user's value-added services, and each outgoing sub-interface obtains the bandwidth allocation of the cloud gateway device according to its own service quality; setting multiple message processing actions and establishing multiple service routing instances according to the user's value-added services, and each service routing instance is associated with several message processing actions and an outgoing sub-interface; establishing a service matching instance according to the user's value-added service usage rules, and the service matching instance includes the matching rules of the service routing instance used by different terminals of each user; using the service matching instance to match the service routing instance, and using the matched service routing instance to process the user terminal message. The present application can provide more customized value-added services for multiple users and multiple terminals through a cloud gateway device.
Description
Technical Field
The present application relates to the field of network technologies, and in particular, to a method, an apparatus, and a medium for processing a cloud gateway packet.
Background
The novel network deployment solution of the cloud gateway is popular with more and more operators due to low cost and convenient deployment and maintenance. When the current cloud gateway product forwards the traffic, the corresponding actions of forwarding are usually executed only by the traffic of the cloud gateway user and the traffic is matched with the corresponding characteristics (such as ip and the like), so that the processing logic is not beneficial to expanding more customized services for the user, and conflicts can exist for different service scenes of multiple users.
Disclosure of Invention
The application aims at the defects and provides a cloud gateway message processing method, a cloud gateway message processing device and a cloud gateway message processing medium, so as to solve the technical problem of how to provide more customized services for multiple users and multiple terminals through one cloud gateway device.
In a first aspect, the present application provides a method for processing a cloud gateway packet, where the method is applied to a cloud gateway device, and includes:
Establishing a plurality of sub-interfaces with different service qualities according to the value added service of the user, wherein each sub-interface acquires the bandwidth allocation of the cloud gateway equipment according to the service quality of the sub-interface;
Setting a plurality of message processing actions and establishing a plurality of service route examples according to the value added service of the user, wherein each service route example is associated with a plurality of message processing actions and an output sub-interface;
Establishing service matching examples according to the value added service use rules of the users, wherein the service matching examples comprise the matching rules of different terminal use service route examples of each user;
And matching the service routing instance by using the service matching instance, and processing the user terminal message by using the matched service routing instance.
Further, before establishing a plurality of sub-interfaces with different service qualities according to the value added service of the user, the method further includes:
A cloud gateway device provides cloud gateway services for a plurality of users, a cloud gateway account is established for each user, and each cloud gateway account manages a plurality of terminals of the corresponding user;
And acquiring a value-added service subscribed by each user and a matching rule of using the value-added service defined by each user for each terminal of the user, wherein the value-added service comprises a green internet service, an acceleration speed limiting service, a mirror image backup service and a message forwarding service.
Further, establishing a plurality of output sub-interfaces with different service qualities according to the value added service of the user, wherein each output sub-interface obtains the bandwidth allocation of the cloud gateway device according to the service quality of the user, and specifically comprises the following steps:
Acquiring value added servers to be connected with the cloud gateway equipment according to the value added services subscribed by all users, and establishing multiple types of output interfaces according to the value added servers to be connected, wherein the output interfaces comprise at least one output interface not connected with the value added servers;
and acquiring a plurality of required network speeds of each outlet interface according to the acceleration speed limiting service subscribed by all users, establishing an outlet sub-interface for each required network speed under each outlet interface, and distributing the bandwidth of the cloud gateway equipment according to the required network speed of each outlet sub-interface.
Further, setting a plurality of message processing actions and establishing a plurality of service routing instances according to the value added service of the user, wherein each service routing instance associates a plurality of message processing actions and one output sub-interface, and specifically comprises the following steps:
Setting various message processing actions according to value-added services subscribed by all users, wherein the actions comprise mirror image messages, setting out interface types and conversion message types, setting message service quality and matching out sub-interfaces in sequence;
Binding several sequential combinations of message processing actions for each outgoing sub-interface to establish a service routing instance for each outgoing sub-interface.
Further, binding several sequential combinations of message processing actions for each outgoing sub-interface to establish a service routing instance of each outgoing sub-interface, including:
The output sub-interfaces comprise a virtual first output sub-interface with zero network speed and a plurality of second output sub-interfaces with non-zero network speed;
Establishing a service routing instance of a message processing action of binding and matching the outgoing sub-interface and discarding the message for the first outgoing sub-interface;
and establishing binding for each second sub-interface, and sequentially decrementing four service routing instances of a previous message processing action.
Further, a service matching instance is established according to the value added service usage rule of the user, the service matching instance comprises the matching rule of using the service routing instance by different terminals of each user, and the method specifically comprises the following steps:
extracting a first matching relation between first quintuple information and value added service from a matching rule defined by all users for each terminal of the users, wherein the matching rule comprises first quintuple information respectively matched with a black list, a white list and a gray list of green internet service, first quintuple information matched with speed-limiting acceleration service, first quintuple information matched with mirror image backup service and first quintuple information matched with message forwarding service;
And establishing a second matching relation between the first quintuple information and the service routing instance according to the first matching relation, wherein the second matching relation comprises that the first quintuple information matched with the blacklist of the green internet service matches the service routing instance of the first sub-interface, the first quintuple information matched with the mirror backup service comprises four service routing instances of message processing actions, the first quintuple information matched with the gray list of the green internet service or the message forwarding service comprises three service routing instances of message processing actions, the first quintuple information matched with the white list of the green internet service and the first quintuple information matched with the acceleration speed limiting service comprises two service routing instances of message processing actions, and the first quintuple information matched with the white list of the green internet service but the first quintuple information matched with the acceleration speed limiting service comprises one service routing instance of message processing action.
Further, the service matching instance is used for matching the service routing instance, and the matched service routing instance is used for processing the user terminal message, which specifically comprises the following steps:
responding to the received user terminal message, obtaining second quintuple information in the user terminal message, and inquiring a pre-established stream instance hash table according to the second quintuple information;
if the second quintuple information exists in the flow instance hash table, acquiring a service route instance corresponding to the second quintuple information recorded in the flow instance hash table, and processing a user terminal message by using the service route instance recorded correspondingly;
if the second quintuple information does not exist in the flow instance hash table, a new flow instance is established, the first quintuple information and the second quintuple information in the service matching instance are used for matching, so that a matched service routing instance is obtained and recorded in the flow instance hash table, and the newly recorded service routing instance is used for processing the user terminal message.
Further, wherein:
The value-added server comprises a security analysis value-added server corresponding to a gray list of the green internet service, a mirror image backup value-added server corresponding to a mirror image backup service and a message forwarding receiving value-added server corresponding to a message forwarding service;
the outgoing interface types comprise an internet protocol version 6 IPv6 segmented routing srv6 outgoing interface, a virtual expansion local area network vxlan outgoing interface and an Ethernet-based point-to-point communication protocol pppoe outgoing interface;
the five-tuple information comprises a source internet protocol address sip, a target internet protocol address dip, a source port sport, a target port dport and a protocol type proto_type;
The service matching instance comprises one service matching instance established for each user.
In a second aspect, the present application provides a cloud gateway packet processing apparatus, where the apparatus is specifically a cloud gateway device, and includes:
the cloud gateway comprises an output sub-interface module, a cloud gateway device and a cloud gateway device, wherein the output sub-interface module is used for establishing a plurality of output sub-interfaces with different service qualities according to value added services of all users, and each output sub-interface acquires bandwidth allocation of the cloud gateway device according to the service quality of the output sub-interface module;
the routing instance module is connected with the sub-interface module and is used for setting various message processing actions and establishing a plurality of service routing instances according to the value added services of all users, and each service routing instance is associated with a plurality of message processing actions and one sub-interface;
The matching instance module is connected with the routing instance module and is used for establishing a service matching instance of each user according to the value-added service use rule of each user, wherein the service matching instance of each user comprises the matching rule of the service routing instance used by different terminals of each user;
And the message processing module is connected with the matching instance module and is used for matching the service routing instance by using the service matching instance and processing the user terminal message by using the matched service routing instance.
In a third aspect, the present application provides a computer readable storage medium having a computer program stored therein, which when executed by a processor, implements a cloud gateway message processing method as described above.
The application provides a cloud gateway message processing method, a device and a medium, wherein a plurality of sub-interfaces are arranged on cloud gateway equipment according to user value-added services, each sub-interface binds different message processing actions to form a service routing instance, the service routing instance is matched with a message of a user terminal, the processing of different value-added service requirements of the message is realized, and more customized services can be provided for multiple users and multiple terminals through one cloud gateway equipment.
Drawings
FIG. 1 is a flow chart of a cloud gateway message processing method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a cloud gateway packet processing device according to an embodiment of the present application;
fig. 3 is a flowchart of another method for processing a cloud gateway message according to an embodiment of the present application.
Detailed Description
In order to make the technical scheme of the present application better understood by those skilled in the art, the following detailed description of the embodiments of the present application will be given with reference to the accompanying drawings.
It is to be understood that the specific embodiments and figures described herein are merely illustrative of the application, and are not limiting of the application.
It is to be understood that the various embodiments of the application and the features of the embodiments may be combined with each other without conflict.
It is to be understood that only the portions relevant to the present application are shown in the drawings for convenience of description, and the portions irrelevant to the present application are not shown in the drawings.
It should be understood that each module and unit referred to in the embodiments of the present application may correspond to only one physical structure, may be formed by a plurality of physical structures, or may be integrated into one physical structure.
It will be appreciated that the functions and steps noted in the flowcharts and block diagrams of the subject application can occur out of the order noted in the figures without conflict.
It is to be understood that the flowcharts and block diagrams of the present application illustrate the architecture, functionality, and operation of possible implementations of systems, apparatuses, devices, methods according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, unit, segment, or code, which comprises executable instructions for implementing the specified functions. Moreover, each block or combination of blocks in the block diagrams and flowchart illustrations can be implemented by hardware-based devices that perform the specified functions, or by combinations of hardware and computer instructions.
It should be understood that the modules and units involved in the embodiments of the present application may be implemented in software, or may be implemented in hardware, for example, the modules and units may be located in a processor.
Example 1:
as shown in fig. 1, the present application provides a cloud gateway message processing method, where the method is applied to a cloud gateway device and includes:
S1, establishing a plurality of sub-interfaces with different service qualities according to value-added services of users, wherein each sub-interface acquires bandwidth allocation of cloud gateway equipment according to the service quality of the sub-interface;
s2, setting a plurality of message processing actions and establishing a plurality of service route examples according to the value added service of the user, wherein each service route example is associated with a plurality of message processing actions and one sub-interface;
S3, establishing a service matching instance according to the value added service use rule of the user, wherein the service matching instance comprises the matching rule of the service routing instance used by different terminals of each user;
s4, using the service matching instance to match the service routing instance, and using the matched service routing instance to process the user terminal message.
In this embodiment, the method sets a plurality of output sub-interfaces according to the user value-added service on the cloud gateway device, each output sub-interface binds different message processing actions to form a service routing instance, and matches the service routing instance for the user terminal message, so as to realize the processing of different value-added service requirements of the message, and more customized service can be provided for multiple users and multiple terminals through one cloud gateway device. The method shown in fig. 1 is correspondingly applied to the apparatus shown in fig. 2.
More specifically, the embodiment provides a device method for selecting a high-efficiency message forwarding path of a cloud gateway, wherein the cloud gateway is located between a user (such as an enterprise or a family) and a cloud service, and is used as a bridge between the user (such as the enterprise or the family), the cloud gateway can provide a basic network connection forwarding function which is the same as that of a gateway, a cat and other devices, and more importantly, a specific flow is forwarded to different paths for further processing by identifying a flow characteristic, so that various value-added services such as security protection, flow analysis and the like are provided. A cloud gateway device can serve multiple users, each user can manage multiple user terminals, such as a child terminal and a terminal of the user, if the user wants to use a green surfing function and a cloud game function, if the user wants to use the green surfing function but does not use the cloud game function, if the user wants to use the affinity daemon function, the child cannot surf the internet in daytime, if the user can surf the internet, and the like, and if the user is the cloud gateway user, different service scenes are provided.
In view of this, the solution provided in this embodiment mainly includes that the cloud gateway pre-implements the egress sub-interfaces of various types of message processing actions, including redirection, blocking, etc., loads various types of service matching instances, each service matching instance includes various different basic types of matching rules including ip (internet protocol ), url (Uniform Resource Locator, uniform resource locator), etc., configures the issuing routing instance, associates the routing instance with the corresponding account number, service matching instance, egress sub-interface as required, and after the cloud gateway obtains the traffic, finds the corresponding user first, and then performs a series of operations such as matching forwarding according to the service routing instance of the user. The embodiment solves the problems that the existing cloud gateway cannot perform fine routing forwarding in the user dimension and expands more customized services. Specifically, in this embodiment, a cloud gateway device serves multiple users, according to all value added services of the multiple users, a sub-output interface, a message processing action and a service routing instance which are commonly applicable to the multiple users are pre-established, after different messages from different terminals of different users are received, corresponding service routing instances are matched according to rules set by different users for different terminals and different messages, different message processing actions are executed through the service routing instances, and messages are received and sent through different sub-output interfaces, so as to obtain different message processing effects and different message service qualities.
In an embodiment, before establishing a plurality of sub-interfaces with different service qualities according to the value added service of the user, the method further includes:
A cloud gateway device provides cloud gateway services for a plurality of users, a cloud gateway account is established for each user, and each cloud gateway account manages a plurality of terminals of the corresponding user;
And acquiring a value-added service subscribed by each user and a matching rule of using the value-added service defined by each user for each terminal of the user, wherein the value-added service comprises a green internet service, an acceleration speed limiting service, a mirror image backup service and a message forwarding service.
In this embodiment, the user may autonomously purchase services such as green surfing, cloud game, cloud NAS (Network Attached Storage ), cloud computer, etc., and in addition, in the green surfing function, may autonomously customize what website is accessible in what time period, or what website is forbidden to be accessed in what blacklist, and the activities such as ordering and customizing the surfing blacklist may be directly ordered and customized in an official portal or APP, and the user may use the system immediately without waiting for a long time. In addition, the cloud gateway device of the embodiment configures a gateway address for each user, configures different local area network addresses under the same gateway address for different terminals of each user, provides a shared public network address pool for all users, establishes a mapping relationship between the local area network address and the public network address and a port through NAT (Network Address Translation ) service, and sends and receives messages based on the NAT translation address by the sub-interface, thereby realizing the function of sharing the gateway device by multiple users and multiple terminals.
In an embodiment, a plurality of output sub-interfaces with different service qualities are established according to a value added service of a user, and each output sub-interface obtains bandwidth allocation of a cloud gateway device according to the service quality of the user, which specifically includes:
Acquiring value added servers to be connected with the cloud gateway equipment according to the value added services subscribed by all users, and establishing multiple types of output interfaces according to the value added servers to be connected, wherein the output interfaces comprise at least one output interface not connected with the value added servers;
and acquiring a plurality of required network speeds of each outlet interface according to the acceleration speed limiting service subscribed by all users, establishing an outlet sub-interface for each required network speed under each outlet interface, and distributing the bandwidth of the cloud gateway equipment according to the required network speed of each outlet sub-interface.
In this embodiment, the cloud gateway is located in the edge cloud, and connects the internet channel and the edge cloud channel naturally, so that different traffic flows can be conveniently scheduled, the different traffic flows are finely distinguished, the corresponding traffic flows are forwarded to the corresponding paths, and the bandwidth pressure for a single path is reduced.
In one embodiment, setting multiple message processing actions and establishing multiple service routing instances according to value added service of a user, wherein each service routing instance associates multiple message processing actions and one output sub-interface, and the method specifically comprises the following steps:
Setting various message processing actions according to value-added services subscribed by all users, wherein the actions comprise mirror image messages, setting out interface types and conversion message types, setting message service quality and matching out sub-interfaces in sequence;
Binding several sequential combinations of message processing actions for each outgoing sub-interface to establish a service routing instance for each outgoing sub-interface.
In the embodiment, the cloud gateway provides sub-interfaces of various processing actions of the message in advance, including redirection, blocking, mirroring, speed limiting, nat forwarding, discarding and the like, and can be expanded according to requirements, and sub-interface names are exposed for the service routing instance to correlate. Different egress sub-interfaces bind different processing actions. For example, after the surfing package is finished, surfing needs to be redirected to a portal, a blacklist website of green surfing needs to be blocked, public large-screen traffic needs to be mirror copied to designated monitoring equipment, a user carries out speed limiting downloading on an access channel of a cloud, and cloud disk traffic needs to be transferred to a cloud NAS resource pool behind a cloud gateway through conversion, and the like. The value added services that need to be provided to the user are commonly determined according to user subscription behavior, policy requirements, operator requirements, and the like.
In one embodiment, binding several sequential combinations of message processing actions for each outgoing sub-interface to establish a service routing instance for each outgoing sub-interface, including:
The output sub-interfaces comprise a virtual first output sub-interface with zero network speed and a plurality of second output sub-interfaces with non-zero network speed;
Establishing a service routing instance of a message processing action of binding and matching the outgoing sub-interface and discarding the message for the first outgoing sub-interface;
and establishing binding for each second sub-interface, and sequentially decrementing four service routing instances of a previous message processing action.
In this embodiment, the cloud gateway creates five service packets for each user from high to low according to priority, including CONTROL class, QOS (Quality of Service) quality of service class, which mainly sets the speed limit for the user's network traffic, TRANSFER class, intermediate state transition of the message, such as setting the forwarding path of the forwarding message or modifying the message header according to the type of the outgoing interface, FORWARD forwarding class, which sets the channel of the message that can be forwarded from different outlets, supporting similar srv6 (internet protocol version 6 IPv6 segmented route, segment Routing Internet Protocol Version), vxlan (Virtual eXtensible LAN, scalable virtual local area network) tunnels, pppoe (Point-to-Point Protocol Over Ethernet, point-MIRROR protocol on ethernet) and the like, and MIRROR MIRROR class, where the original message and the MIRROR message have different forwarding paths, and the MIRROR message is forwarded in the class. Each service packet carries a plurality of service routing instances, the service types required by the individual users may be different, and it is determined which service routing instances a certain service packet is to be carried to according to the user requirements, and the service routing instances sequentially comprise processing actions of five service packets according to the above priorities, and at least comprise CONTROL classes.
In one embodiment, a service matching instance is established according to a value added service usage rule of a user, the service matching instance includes a matching rule of a service routing instance used by different terminals of each user, and the method specifically includes:
extracting a first matching relation between first quintuple information and value added service from a matching rule defined by all users for each terminal of the users, wherein the matching rule comprises first quintuple information respectively matched with a black list, a white list and a gray list of green internet service, first quintuple information matched with speed-limiting acceleration service, first quintuple information matched with mirror image backup service and first quintuple information matched with message forwarding service;
And establishing a second matching relation between the first quintuple information and the service routing instance according to the first matching relation, wherein the second matching relation comprises that the first quintuple information matched with the blacklist of the green internet service matches the service routing instance of the first sub-interface, the first quintuple information matched with the mirror backup service comprises four service routing instances of message processing actions, the first quintuple information matched with the gray list of the green internet service or the message forwarding service comprises three service routing instances of message processing actions, the first quintuple information matched with the white list of the green internet service and the first quintuple information matched with the acceleration speed limiting service comprises two service routing instances of message processing actions, and the first quintuple information matched with the white list of the green internet service but the first quintuple information matched with the acceleration speed limiting service comprises one service routing instance of message processing action.
In this embodiment, the cloud gateway configuration loads multiple types of service matching instances, where each service matching instance includes various different basic types of matching rules, including sip (source network interconnection protocol address), dip (destination network interconnection protocol address), sport (source port), dport (destination port), url (Uniform Resource Locator ), domain (domain name), proto_type (protocol type), and the like, and can be expanded according to requirements, and the service matching instance names are exposed similarly for service routing instances to associate. The user requirements include requirements that the end user autonomously subscribes, rule requirements, operator requirements and the like, such as copying and forwarding large screen traffic to a certain designated device of a certain destination address, forwarding the large screen traffic to a service routing instance of an outbound sub-interface binding the processing action according to traffic combined by matched customized source IP, destination IP and the like, wherein the type of the routing instance depends on the matched instance and the outbound interface binding the routing instance, for example, the user requirements are blocking traffic with an access website www.
In one embodiment, the service matching instance is used to match the service routing instance, and the matched service routing instance is used to process the user terminal message, which specifically includes:
responding to the received user terminal message, obtaining second quintuple information in the user terminal message, and inquiring a pre-established stream instance hash table according to the second quintuple information;
if the second quintuple information exists in the flow instance hash table, acquiring a service route instance corresponding to the second quintuple information recorded in the flow instance hash table, and processing a user terminal message by using the service route instance recorded correspondingly;
if the second quintuple information does not exist in the flow instance hash table, a new flow instance is established, the first quintuple information and the second quintuple information in the service matching instance are used for matching, so that a matched service routing instance is obtained and recorded in the flow instance hash table, and the newly recorded service routing instance is used for processing the user terminal message.
In this embodiment, as shown in fig. 3, after a packet enters a cloud gateway, parsing and extracting corresponding data to find an associated user, where the packet includes a first packet from a user terminal and a second packet to be sent to the user terminal, matching the associated user with a service route instance in five service packets of the user according to a packet lan address or NAT mapping address and cvlan (Customer VirtualLocalArea Network, user-side virtual local area network) of the cloud gateway user, distributing and recording an IP of the cloud gateway user by the cloud gateway, determining that the packet is a service flow of the cloud gateway, extracting a five-tuple (IP, port, proto, etc.) information in the packet to create a flow instance, maintaining a hash table by a program, searching whether the five-tuple is in the hash table by a keyword sip, dip, sport, dport and a transport layer protocol type proto, if not, then adding the entry, then matching the five-tuple with the service route instance in the user in sequence according to priority, after one service route in the same packet performs a corresponding processing action, then starting to match the next packet, traversing the service route in each service packet, finding each service route, binding the corresponding flow, and matching the corresponding flow, and performing a mapping action, if the mapping with the service instance is successful, and matching the service instance. After the corresponding service route is hit, a corresponding flag bit is set in the flow instance, the subsequent messages do not need to be matched, the messages of the same flow instance have the same quintuple (sip, dip, sport, dport, proto), the quintuple can be obtained in the hash table according to the flag bit, the service route instance is usually the request message of the first message, the action of establishing the flow instance and the newly added list item is executed, then each message is analyzed, the quintuple information in the extracted message is matched with the quintuple information stored in the program list item, and if the quintuple information is the same, the list item is already stored.
In one embodiment, wherein:
The value-added server comprises a security analysis value-added server corresponding to a gray list of the green internet service, a mirror image backup value-added server corresponding to a mirror image backup service and a message forwarding receiving value-added server corresponding to a message forwarding service;
the outgoing interface types comprise an internet protocol version 6 IPv6 segmented routing srv6 outgoing interface, a virtual expansion local area network vxlan outgoing interface and an Ethernet-based point-to-point communication protocol pppoe outgoing interface;
the five-tuple information comprises a source internet protocol address sip, a target internet protocol address dip, a source port sport, a target port dport and a protocol type proto_type;
The service matching instance comprises one service matching instance established for each user.
In this embodiment, according to the service type opened by the user, the corresponding service routing instance is configured and issued, and the corresponding service packet, the user, the service matching instance and the sub-interface are associated by names, and meanwhile, in order to adapt to the situation that the user opens multiple services of the same type, each service routing instance also sets the priority in the service packet where it is located. For example, a cloud disk service needs to point to a forwarding path by using a routing instance of the cloud disk, a specific forwarding path is determined by an outbound sub-interface bound by the routing instance, a character string defined in a system is VniQinqRouter, a service routing instance is customized and configured below, for example, a user has a green internet requirement, a game network is forbidden and a short video network is opened, security risk analysis is required to be carried out on the access integrity of the game network, whether the user access request is forbidden or not is determined, the configured security alarm website is directly discarded or redirected, a game network blacklist and a video network whitelist are set, the data of the service matching instance is matched to a designated outbound interface, the type of the outbound interface is set according to a specific forwarding purpose, a srv6 outbound interface, a vxlan outbound interface, a pppoe outbound interface and the like are arranged, different hierarchical structures are specifically distinguished to a message, and the corresponding service routing instance is customized according to a required message processing action. The identifier of the service matching instance match is quintuple information (sip, dip, sport, dport, proto) in each packet, and may only contain part of the information in the quintuple.
According to the method and the device, the flow processing of the cloud gateway user is generalized into five service types (message processing actions), rule matching and processing actions in each service operation are decoupled into a service matching instance and a service output sub-interface, and through free combination of different service matching instances and the service output sub-interfaces, more flexible service routing configuration is achieved on the basis of each service type, meanwhile, priority can be set for each service routing instance, more customized services can be expanded for the user, and the problem that the user opens multiple services of the same service type to generate conflicts is solved.
Example 2:
As shown in fig. 2, the present application provides a cloud gateway message processing apparatus, which is specifically a cloud gateway device, and includes:
The output sub-interface module 1 is used for establishing a plurality of output sub-interfaces with different service qualities according to the value-added services of all users, and each output sub-interface acquires the bandwidth allocation of the cloud gateway equipment according to the service quality of the output sub-interface;
the routing instance module 2 is connected with the sub-interface module 1 and is used for setting various message processing actions and establishing a plurality of service routing instances according to the value added services of all users, and each service routing instance is associated with a plurality of message processing actions and one sub-interface;
The matching instance module 3 is connected with the routing instance module 2 and is used for establishing a service matching instance of each user according to the value added service usage rule of each user, wherein the service matching instance of each user comprises the matching rule of the service routing instance used by different terminals of each user;
And the message processing module 4 is connected with the matching instance module 3 and is used for matching the service routing instance by using the service matching instance and processing the user terminal message by using the matched service routing instance.
In one embodiment, the apparatus further comprises:
the user management module is used for providing cloud gateway services for a plurality of users by one cloud gateway device, establishing a cloud gateway account for each user, and managing a plurality of terminals of the corresponding user by each cloud gateway account;
The service customization module is connected with the user management module and the sub-interface module 1 and is used for acquiring the value-added service subscribed by each user and the matching rule of using the value-added service defined by each user for each terminal of the user, wherein the value-added service comprises a green internet service, an acceleration speed limiting service, a mirror image backup service and a message forwarding service.
In one embodiment, the output sub-interface module 1 specifically includes:
The system comprises an output interface unit, a cloud gateway device and a cloud gateway device, wherein the output interface unit is used for acquiring value-added servers to be connected of the cloud gateway device according to value-added services subscribed by all users, and establishing various types of output interfaces according to the value-added servers to be connected, including at least one output interface not connected with the value-added servers;
The output sub-interface unit is connected with the output interface unit and is used for acquiring a plurality of required network speeds of each output interface according to acceleration speed limiting services ordered by all users, establishing an output sub-interface for each required network speed under each output interface and distributing the bandwidth of the cloud gateway equipment according to the required network speed of each output sub-interface.
In an embodiment, the routing instance module 2 specifically includes:
the processing action unit is used for setting various message processing actions according to the value-added services subscribed by all users, and sequentially comprises mirror image messages, setting out interface types and conversion message types, setting message service quality and matching out sub-interfaces;
and the route instance unit is connected with the processing action unit and is used for binding the sequential combination of a plurality of message processing actions for each output sub-interface so as to establish a service route instance of each output sub-interface.
In one embodiment, wherein:
The output sub-interfaces comprise a virtual first output sub-interface with zero network speed and a plurality of second output sub-interfaces with non-zero network speed;
the route example unit specifically includes:
A first routing instance unit, configured to establish a service routing instance of a packet processing action of binding and matching the outgoing sub-interface and discarding the packet for the first outgoing sub-interface;
And the second routing instance unit is used for establishing binding for each second output sub-interface and sequentially decrementing four service routing instances of a previous message processing action.
In one embodiment, the matching instance module 3 specifically includes:
The first matching relation unit is used for extracting a first matching relation between the first quintuple information and the value-added service from the matching rules of using the value-added service defined by all the users for each terminal of the user, and comprises first quintuple information respectively matched with a black list, a white list and a gray list of the green internet service, first quintuple information matched with the speed-limiting acceleration service, first quintuple information matched with the mirror image backup service and first quintuple information matched with the message forwarding service;
The second matching relation unit is connected with the first matching relation unit and is used for establishing a second matching relation between the first quintuple information and the service routing instance according to the first matching relation, and the second matching relation comprises the service routing instance of the first sub-interface matched with the first quintuple information matched with the blacklist of the green internet service, the service routing instance of the four message processing actions matched with the first quintuple information matched with the mirror image backup service, the service routing instance of the three message processing actions matched with the first quintuple information matched with the gray list of the green internet service or the message forwarding service, the service routing instance of the three message processing actions matched with the first quintuple information matched with the white list of the green internet service and the speed-limiting acceleration service, the service routing instance of the two message processing actions matched with the first quintuple information matched with the white list of the green internet service but the speed-limiting acceleration service is not matched with the first quintuple information matched with the speed-limiting acceleration service.
In one embodiment, the message processing module 4 specifically includes:
The table look-up unit is used for responding to the received user terminal message, acquiring second quintuple information in the user terminal message, and inquiring a pre-established stream instance hash table according to the second quintuple information;
the first processing unit is connected with the table lookup unit and is used for acquiring a service route instance corresponding to the second quintuple information recorded in the flow instance hash table if the second quintuple information exists in the flow instance hash table, and processing a user terminal message by using the service route instance recorded correspondingly;
And the second processing unit is connected with the table lookup unit and is used for establishing a new flow instance if the second quintuple information does not exist in the flow instance hash table, matching the first quintuple information in the service matching instance with the second quintuple information to obtain a matched service routing instance and recording the matched service routing instance in the flow instance hash table, and processing a user terminal message by using the newly recorded service routing instance.
In one embodiment, wherein:
The value-added server comprises a security analysis value-added server corresponding to a gray list of the green internet service, a mirror image backup value-added server corresponding to a mirror image backup service and a message forwarding receiving value-added server corresponding to a message forwarding service;
the outgoing interface types comprise an internet protocol version 6 IPv6 segmented routing srv6 outgoing interface, a virtual expansion local area network vxlan outgoing interface and an Ethernet-based point-to-point communication protocol pppoe outgoing interface;
the five-tuple information comprises a source internet protocol address sip, a target internet protocol address dip, a source port sport, a target port dport and a protocol type proto_type;
The service matching instance comprises one service matching instance established for each user.
Example 3:
Embodiment 3 of the present application provides a computer readable storage medium, in which a computer program is stored, where when the computer program is executed by a processor, the method for processing a cloud gateway packet according to embodiment 1 is implemented, or the device for processing a cloud gateway packet according to embodiment 2 is implemented.
The computer-readable storage media includes volatile or nonvolatile, removable or non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, computer program elements, or other data. Computer-readable storage media includes, but is not limited to, RAM (Random Access Memory ), ROM (Read-Only Memory), EEPROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY, charged erasable programmable Read-Only Memory), flash Memory or other Memory technology, CD-ROM (Compact Disc Read-Only Memory), digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.
In addition, the present application may also provide a computer device, including a memory and a processor, where the memory stores a computer program, and when the processor runs the computer program stored in the memory, the processor executes the cloud gateway packet processing method described in embodiment 1. The computer device may be a cloud gateway message processing device as described in example 2.
The memory is connected with the processor, the memory can be flash memory or read-only memory or other memories, and the processor can be a central processing unit or a singlechip.
Embodiments 1-3 of the present application provide a method, an apparatus, and a medium for processing a cloud gateway packet, where multiple outgoing sub-interfaces are set on a cloud gateway device according to a user value-added service, each of the outgoing sub-interfaces binds different packet processing actions to form a service routing instance, and the service routing instance is matched with a packet of a user terminal, so as to implement processing of different value-added service requirements of the packet, and provide more customized services for multiple users and multiple terminals through one cloud gateway device.
It is to be understood that the above embodiments are merely illustrative of the application of the principles of the present application, but not in limitation thereof. Various modifications and improvements may be made by those skilled in the art without departing from the spirit and substance of the application, and are also considered to be within the scope of the application.
Claims (10)
1. The cloud gateway message processing method is characterized by being applied to cloud gateway equipment and comprising the following steps:
Establishing a plurality of sub-interfaces with different service qualities according to the value added service of the user, wherein each sub-interface acquires the bandwidth allocation of the cloud gateway equipment according to the service quality of the sub-interface;
Setting a plurality of message processing actions and establishing a plurality of service route examples according to the value added service of the user, wherein each service route example is associated with a plurality of message processing actions and an output sub-interface;
Establishing service matching examples according to the value added service use rules of the users, wherein the service matching examples comprise the matching rules of different terminal use service route examples of each user;
And matching the service routing instance by using the service matching instance, and processing the user terminal message by using the matched service routing instance.
2. The method of claim 1, wherein before establishing a plurality of outgoing subinterfaces with different quality of service according to the value added service of the user, the method further comprises:
A cloud gateway device provides cloud gateway services for a plurality of users, a cloud gateway account is established for each user, and each cloud gateway account manages a plurality of terminals of the corresponding user;
And acquiring a value-added service subscribed by each user and a matching rule of using the value-added service defined by each user for each terminal of the user, wherein the value-added service comprises a green internet service, an acceleration speed limiting service, a mirror image backup service and a message forwarding service.
3. The method according to claim 2, wherein establishing a plurality of outgoing subinterfaces with different service qualities according to the value added service of the user, each outgoing subinterface obtaining bandwidth allocation of the cloud gateway device according to its own service quality, specifically comprises:
Acquiring value added servers to be connected with the cloud gateway equipment according to the value added services subscribed by all users, and establishing multiple types of output interfaces according to the value added servers to be connected, wherein the output interfaces comprise at least one output interface not connected with the value added servers;
and acquiring a plurality of required network speeds of each outlet interface according to the acceleration speed limiting service subscribed by all users, establishing an outlet sub-interface for each required network speed under each outlet interface, and distributing the bandwidth of the cloud gateway equipment according to the required network speed of each outlet sub-interface.
4. A method according to claim 3, wherein the setting of a plurality of message processing actions and the establishment of a plurality of service routing instances according to the value added service of the user, each service routing instance associating a plurality of message processing actions with one of the egress subinterfaces, specifically comprises:
Setting various message processing actions according to value-added services subscribed by all users, wherein the actions comprise mirror image messages, setting out interface types and conversion message types, setting message service quality and matching out sub-interfaces in sequence;
Binding several sequential combinations of message processing actions for each outgoing sub-interface to establish a service routing instance for each outgoing sub-interface.
5. The method of claim 4, wherein binding a sequential combination of several message processing actions for each outgoing sub-interface to establish a service routing instance for each outgoing sub-interface, specifically comprises:
The output sub-interfaces comprise a virtual first output sub-interface with zero network speed and a plurality of second output sub-interfaces with non-zero network speed;
Establishing a service routing instance of a message processing action of binding and matching the outgoing sub-interface and discarding the message for the first outgoing sub-interface;
and establishing binding for each second sub-interface, and sequentially decrementing four service routing instances of a previous message processing action.
6. The method of claim 5, wherein the service matching instance is established according to the value added service usage rules of the users, the service matching instance comprises the matching rules of the service routing instance used by different terminals of each user, and the method specifically comprises the following steps:
extracting a first matching relation between first quintuple information and value added service from a matching rule defined by all users for each terminal of the users, wherein the matching rule comprises first quintuple information respectively matched with a black list, a white list and a gray list of green internet service, first quintuple information matched with speed-limiting acceleration service, first quintuple information matched with mirror image backup service and first quintuple information matched with message forwarding service;
And establishing a second matching relation between the first quintuple information and the service routing instance according to the first matching relation, wherein the second matching relation comprises that the first quintuple information matched with the blacklist of the green internet service matches the service routing instance of the first sub-interface, the first quintuple information matched with the mirror backup service comprises four service routing instances of message processing actions, the first quintuple information matched with the gray list of the green internet service or the message forwarding service comprises three service routing instances of message processing actions, the first quintuple information matched with the white list of the green internet service and the first quintuple information matched with the acceleration speed limiting service comprises two service routing instances of message processing actions, and the first quintuple information matched with the white list of the green internet service but the first quintuple information matched with the acceleration speed limiting service comprises one service routing instance of message processing action.
7. The method of claim 6, wherein the service routing instance is matched using the service matching instance, and the user terminal message is processed using the matched service routing instance, and the method specifically comprises:
responding to the received user terminal message, obtaining second quintuple information in the user terminal message, and inquiring a pre-established stream instance hash table according to the second quintuple information;
if the second quintuple information exists in the flow instance hash table, acquiring a service route instance corresponding to the second quintuple information recorded in the flow instance hash table, and processing a user terminal message by using the service route instance recorded correspondingly;
if the second quintuple information does not exist in the flow instance hash table, a new flow instance is established, the first quintuple information and the second quintuple information in the service matching instance are used for matching, so that a matched service routing instance is obtained and recorded in the flow instance hash table, and the newly recorded service routing instance is used for processing the user terminal message.
8. The method according to claim 7, wherein:
The value-added server comprises a security analysis value-added server corresponding to a gray list of the green internet service, a mirror image backup value-added server corresponding to a mirror image backup service and a message forwarding receiving value-added server corresponding to a message forwarding service;
the outgoing interface types comprise an internet protocol version 6 IPv6 segmented routing srv6 outgoing interface, a virtual expansion local area network vxlan outgoing interface and an Ethernet-based point-to-point communication protocol pppoe outgoing interface;
the five-tuple information comprises a source internet protocol address sip, a target internet protocol address dip, a source port sport, a target port dport and a protocol type proto_type;
The service matching instance comprises one service matching instance established for each user.
9. The cloud gateway message processing device is characterized by specifically being cloud gateway equipment and comprising:
the cloud gateway comprises an output sub-interface module, a cloud gateway device and a cloud gateway device, wherein the output sub-interface module is used for establishing a plurality of output sub-interfaces with different service qualities according to value added services of all users, and each output sub-interface acquires bandwidth allocation of the cloud gateway device according to the service quality of the output sub-interface module;
the routing instance module is connected with the sub-interface module and is used for setting various message processing actions and establishing a plurality of service routing instances according to the value added services of all users, and each service routing instance is associated with a plurality of message processing actions and one sub-interface;
The matching instance module is connected with the routing instance module and is used for establishing a service matching instance of each user according to the value-added service use rule of each user, wherein the service matching instance of each user comprises the matching rule of the service routing instance used by different terminals of each user;
And the message processing module is connected with the matching instance module and is used for matching the service routing instance by using the service matching instance and processing the user terminal message by using the matched service routing instance.
10. A computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when the computer program is executed by a processor, the cloud gateway message processing method according to any one of claims 1-8 is implemented.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510669246.6A CN120547065A (en) | 2025-05-22 | 2025-05-22 | Cloud gateway message processing method, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510669246.6A CN120547065A (en) | 2025-05-22 | 2025-05-22 | Cloud gateway message processing method, device and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN120547065A true CN120547065A (en) | 2025-08-26 |
Family
ID=96785026
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510669246.6A Pending CN120547065A (en) | 2025-05-22 | 2025-05-22 | Cloud gateway message processing method, device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN120547065A (en) |
-
2025
- 2025-05-22 CN CN202510669246.6A patent/CN120547065A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7290732B2 (en) | Data transfer method and related equipment | |
| CN103765839B (en) | Variable-based forwarding path construction for packet processing within a network device | |
| EP3278513B1 (en) | Transforming a service packet from a first domain to a second domain | |
| US6570875B1 (en) | Automatic filtering and creation of virtual LANs among a plurality of switch ports | |
| CN114285794B (en) | Message forwarding control method, message transmission network, electronic equipment and storage medium | |
| JP7058270B2 (en) | Routing within a hybrid network | |
| KR101458779B1 (en) | Content based vlan classification and framework for ethernet network to support content based bridging | |
| CN112511988B (en) | Message forwarding method, device, system, network device and storage medium | |
| US11171809B2 (en) | Identity-based virtual private network tunneling | |
| US10848457B2 (en) | Method and system for cross-zone network traffic between different zones using virtual network identifiers and virtual layer-2 broadcast domains | |
| US10855733B2 (en) | Method and system for inspecting unicast network traffic between end points residing within a same zone | |
| EP3799366B1 (en) | Mapping services to tunnels in order to forward packets using a network device | |
| CN109857419B (en) | Method and device for automatically upgrading scheduling system | |
| EP3836487A1 (en) | Internet access behavior management system, device and method | |
| US8305918B2 (en) | Method of configuring the quality-of-service profile of a given stream at an access node of a packet communications network | |
| CN115766560B (en) | Data forwarding method, device, router and storage medium | |
| CN115834472B (en) | Message processing method, forwarding strategy acquisition method and device | |
| CN120547065A (en) | Cloud gateway message processing method, device and medium | |
| EP3738276B1 (en) | Isolating services across a single physical network interface | |
| US11258720B2 (en) | Flow-based isolation in a service network implemented over a software-defined network | |
| US10749789B2 (en) | Method and system for inspecting broadcast network traffic between end points residing within a same zone | |
| TW202527522A (en) | Automated scaling of network topologies using unique identifiers | |
| WO2024260219A1 (en) | Message management and control method, apparatus and system | |
| CN118233379A (en) | Data transmission method, device, equipment, storage medium and program product | |
| CN111277873A (en) | Service menu update method, device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |