[go: up one dir, main page]

WO2021248318A1 - Cloud service system, network switching control method and related device - Google Patents

Cloud service system, network switching control method and related device Download PDF

Info

Publication number
WO2021248318A1
WO2021248318A1 PCT/CN2020/095159 CN2020095159W WO2021248318A1 WO 2021248318 A1 WO2021248318 A1 WO 2021248318A1 CN 2020095159 W CN2020095159 W CN 2020095159W WO 2021248318 A1 WO2021248318 A1 WO 2021248318A1
Authority
WO
WIPO (PCT)
Prior art keywords
vpn gateway
service system
cloud service
network
gateway node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2020/095159
Other languages
French (fr)
Chinese (zh)
Inventor
郭子亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Heytap Technology Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Heytap Technology Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd, Shenzhen Heytap Technology Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202080094670.8A priority Critical patent/CN115004644B/en
Priority to PCT/CN2020/095159 priority patent/WO2021248318A1/en
Publication of WO2021248318A1 publication Critical patent/WO2021248318A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/22Arrangements for detecting or preventing errors in the information received using redundant apparatus to increase reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • This application relates to the computer field, in particular to a cloud service system, a network switching control method and related devices.
  • a virtual private network (virtual private network, VPN) server is deployed in a virtual gateway of a network node, and a virtual router redundancy protocol (virtual router redundancy protocol, VRRP) is used to implement active/standby switching, thereby avoiding a single point of failure. Since only one server provides services at the gateway access end, the VPN access capability is limited by the performance of a single server, and when the active/standby switch is performed, all users connected to this virtual network will be disconnected and reconnected.
  • VPN virtual private network
  • the embodiments of the present application provide a cloud service system, a network switching control method, and related devices, which can reduce the negative effects of disconnection and reconnection when VPN access is not restricted by the performance of a single server and when the active/standby switch is performed Influence.
  • an embodiment of the present application is a cloud service system.
  • the cloud service system includes P computer nodes, where P is an integer greater than 1, where:
  • Q of the P computer nodes are used as virtual private network VPN gateway nodes, and the Q is an integer less than the P and greater than 1;
  • the K computer nodes among the Q computer nodes are used as source address translation SNAT gateways, and the K is a positive integer less than or equal to the Q.
  • an embodiment of the present application provides a network handover control method, which is applied to the cloud service system as described in the first aspect, and the method includes:
  • main VPN gateway node Acquiring a target operating parameter set of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes;
  • the main VPN gateway node and the standby VPN gateway node are switched between the main VPN gateway node and the standby VPN gateway node through SNAT rules.
  • an embodiment of the present application provides a network switching control device, which is applied to the cloud service system as described in the first aspect, and the device includes: an acquiring unit, a determining unit, and a switching unit, wherein:
  • the obtaining unit is configured to obtain target operating parameters of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes;
  • the determining unit is configured to determine a backup VPN gateway node from the K computer nodes when the target operating parameter meets a preset condition
  • the switching unit is configured to switch between the primary VPN gateway node and the backup VPN gateway node through SNAT rules.
  • an embodiment of the present application provides a server, including a processor, a memory, a communication interface, and one or more programs, wherein the one or more programs are stored in the memory and configured to be processed by the above
  • the above program includes instructions for executing the steps in the second aspect of the embodiments of the present application.
  • an embodiment of the present application provides a computer-readable storage medium, wherein the above-mentioned computer-readable storage medium stores a computer program for electronic data exchange, wherein the above-mentioned computer program enables a computer to execute Part or all of the steps described in the two aspects.
  • an embodiment of the present application provides a computer program product, wherein the above-mentioned computer program product includes a non-transitory computer-readable storage medium storing a computer program, and the above-mentioned computer program is operable to cause a computer to execute as implemented in this application. Examples of part or all of the steps described in the second aspect.
  • the computer program product may be a software installation package.
  • FIG. 1A is a schematic structural diagram of a server provided by an embodiment of the present application.
  • FIG. 1B is a schematic structural diagram of a cloud service system provided by an embodiment of the present application.
  • FIG. 1C is a schematic structural diagram of another cloud service system disclosed in an embodiment of the present application.
  • FIG. 1D is a schematic diagram showing the implementation of IP address switching based on SNAT disclosed in an embodiment of the present application
  • 1E is a schematic flowchart of a network handover control method disclosed in an embodiment of the present application.
  • FIG. 2 is a schematic structural diagram of another server disclosed in an embodiment of the present application.
  • Fig. 3 is a schematic structural diagram of a network switching control device disclosed in an embodiment of the present application.
  • the computer nodes involved in the embodiments of the present application may all be servers, and the servers may be cloud servers, or servers with other functions, which are not limited here.
  • FIG. 1A is a schematic structural diagram of a server disclosed in an embodiment of the present application.
  • the server 100 may include a control circuit, and the control circuit may include a storage and processing circuit 110.
  • the storage and processing circuit 110 can be memory, such as hard disk drive memory, non-volatile memory (such as flash memory or other electronic programmable read-only memory used to form a solid-state drive, etc.), volatile memory (such as static or dynamic random access memory). Access to memory, etc.), etc., are not limited in the embodiment of the present application.
  • the processing circuit in the storage and processing circuit 110 can be used to control the operation of the server 100.
  • the processing circuit can be implemented based on one or more microprocessors, microcontrollers, baseband processors, power management units, audio codec chips, application specific integrated circuits, display driver integrated circuits, etc.
  • the storage and processing circuit 110 can be used to run software in the server 100, such as Internet browsing applications, voice over internet protocol (VOIP) telephone call applications, email applications, media playback applications, operating system functions, etc. .
  • These software can be used to perform some control operations, for example, camera-based image capture, ambient light measurement based on ambient light sensors, proximity sensor measurement based on proximity sensors, and information based on status indicators such as the status indicator of light-emitting diodes.
  • the control operations associated with the collection and processing of button press event data, and other functions in the server 100, are not limited in the embodiment of the present application.
  • the server 100 may further include an input-output circuit 150.
  • the input-output circuit 150 may be used to enable the server 100 to input and output data, that is, to allow the server 100 to receive data from an external device and also allow the server 100 to output data from the server 100 to an external device.
  • the input-output circuit 150 may further include a sensor 170.
  • the sensor 170 may include an ambient light sensor, a proximity sensor based on light and capacitance, and a touch sensor (for example, a light-based touch sensor and/or a capacitive touch sensor, where the touch sensor may be a part of a touch display screen, or it may be used as a touch sensor).
  • the touch sensor structure is used independently), acceleration sensor, gravity sensor, and other sensors.
  • the input-output circuit 150 may also include one or more displays, such as the display 130.
  • the display 130 may include one or a combination of a liquid crystal display, an organic light emitting diode display, an electronic ink display, a plasma display, and a display using other display technologies.
  • the display 130 may include a touch sensor array (ie, the display 130 may be a touch display screen).
  • the touch sensor can be a capacitive touch sensor formed by an array of transparent touch sensor electrodes (such as indium tin oxide (ITO) electrodes), or it can be a touch sensor formed using other touch technologies, such as sonic touch, pressure-sensitive touch, and resistance. Touch, optical touch, etc., are not limited in the embodiment of the present application.
  • the audio component 140 may be used to provide audio input and output functions for the server 100.
  • the audio component 140 in the server 100 may include a speaker, a microphone, a buzzer, a tone generator, and other components for generating and detecting sounds.
  • the communication circuit 120 may be used to provide the server 100 with the ability to communicate with external devices.
  • the communication circuit 120 may include analog and digital input-output interface circuits, and wireless communication circuits based on radio frequency signals and/or optical signals.
  • the wireless communication circuit in the communication circuit 120 may include a radio frequency transceiver circuit, a power amplifier circuit, a low noise amplifier, a switch, a filter, and an antenna.
  • the wireless communication circuit in the communication circuit 120 may include a circuit for supporting near field communication (NFC) by transmitting and receiving near-field coupled electromagnetic signals.
  • the communication circuit 120 may include a near field communication antenna and a near field communication transceiver.
  • the communication circuit 120 may also include a cellular phone transceiver and antenna, a wireless local area network transceiver circuit and antenna, and so on.
  • the server 100 may further include a battery, a power management circuit, and other input-output units 160.
  • the input-output unit 160 may include buttons, joysticks, click wheels, scroll wheels, touch pads, keypads, keyboards, cameras, light emitting diodes, and other status indicators.
  • the user can control the operation of the server 100 by inputting commands through the input-output circuit 150, and can use the output data of the input-output circuit 150 to realize receiving status information and other outputs from the server 100.
  • Figure 1B provides the cloud service system architecture involved in implementing the embodiments of this application.
  • the cloud service system can be regarded as a virtual private cloud (VPC).
  • VPC virtual private cloud
  • two computer nodes are used as network nodes.
  • Both of the two computer nodes are used as VPN servers.
  • One of the two computer nodes is used as a VPN server.
  • the two computer nodes are connected through the Virtual Router Redundancy Protocol (VRRP), and the network node is connected through the Internet (Internet) access to a VPN client (VPN client), in addition to the two computer nodes of the multiple computing connection nodes, each of the other computer nodes includes an application search engine (docker).
  • the specific structure of the computer node may be the server described in FIG. 1A above. Among them, based on the cloud service system shown in FIG. 1B, the VPN server is deployed in the virtual gateway of the network node, and the active/standby connection is realized by using the VRRP protocol, thereby avoiding a single point of failure.
  • the problem it faces is that only one gateway access terminal provides services, and the VPN access capability is limited by the performance of a single server, and when the active/standby switch is performed, all users connected to this virtual network will be disconnected. Connected, that is, the related technology cannot meet the needs of a large number of users to access the scene.
  • Figure 1C provides the cloud service system architecture involved in implementing the embodiments of this application.
  • the cloud service system can be regarded as a virtual private cloud VPC, and the cloud service system includes P A computer node, the P is an integer greater than 1, and the VPC accesses the VPN Client through the Internet, where,
  • Q of the P computer nodes are used as virtual private network VPN gateway nodes, and the Q is an integer less than the P and greater than 1;
  • the K computer nodes among the Q computer nodes are used as source address translation SNAT gateways, and the K is a positive integer less than or equal to the Q.
  • the specific structure of the computer node may be the server described in FIG. 1A.
  • the cloud service system may include a large number of computer nodes, some of which are used as VPN gateway nodes, and the VPN gateway nodes can be used to use SNAT source address translation technology to open up data packets and realize normal round-trip transmission of data packets.
  • Q computer nodes can correspond to Q VPN gateway nodes, and one VPN gateway node of the Q VPN gateway nodes can be used to implement the main router function, and the remaining VPN gateway nodes can be used to implement the slave router function. All Q computer nodes can be used to provide VPN services.
  • the cloud service system provides VPN client access and forwarding to different VPN gateway nodes through VIP technology.
  • the cloud service system can provide VPN client access through virtual IP address technology (VIP technology) and forward data to different VPN gateway nodes, and can also forward to other computer nodes that are not VPN gateway nodes.
  • VIP technology virtual IP address technology
  • the introduction of the VIP technology enables the VPN Client to forward the request for establishing a chain to different VPN gateway nodes, thereby providing basic support for the distributed solution.
  • the embodiments of this application can realize the horizontal expansion of VPN gateway nodes according to demand, and solve the problem of the performance limitation of a single network node in related technologies, for example, according to the preset number of gateway nodes and the total number of computer nodes included in the cloud service system
  • the mapping relationship between the two determines the required number of target gateway nodes, and further, the horizontal expansion of VPN gateway nodes can be realized on demand.
  • the VPN gateway node fails, only users who access the node will be affected, and will be connected to the normal VPN gateway node after reconnection.
  • At least one VPN gateway node among the K computer nodes is used to create a network namespace.
  • At least one VPN gateway node among the K computer nodes is used to create a network name space, that is, one or more VPN gateway nodes among the K computer nodes can be used to create a network name space.
  • one VPN gateway node among K computer nodes can be used to create a network namespace.
  • two VPN gateway nodes among K computer nodes can be used to create a network namespace.
  • K The three VPN gateway nodes in each computer node are used to create a network name space, etc., which are not limited here.
  • the virtual network namespace technology is used, which can be used as a bridge to connect a private network and a public network.
  • At least one VPN gateway node among the K computer nodes is used to create a network namespace
  • the cloud service system is specifically used to:
  • A1 Deploy a VPN service in a VPN gateway node i, and create a network name space, where the VPN gateway node i is any computer node among the K computer nodes;
  • the preset external virtual IP address can be preset or system default.
  • the cloud service system can access the target virtual private network through a pre-reserved private IP address, and based on the target virtual private network, introduce the preset external virtual IP address VIP into the network namespace corresponding to the VPN gateway node i.
  • the VPN gateway node i is any computer node among the K computer nodes.
  • VPN service is deployed in the VPN gateway node i, and a network namespace is created, through the pre-reserved private IP
  • the address is connected to the target virtual private network, and based on the target virtual private network, the preset external virtual IP address VIP is introduced into the network namespace corresponding to the VPN gateway node i.
  • SNAT rules are set in the VPN gateway node i.
  • SNAT is source address translation, and its function is to convert the source address of an IP packet into another address.
  • gateway node i can set SNAT rules, and SNAT can implement corresponding functions after setting SNAT rules.
  • SNAT is used to implement source address translation
  • DNAT is used to implement target address translation. Both are functions of address translation, which convert private addresses to public addresses.
  • SNAT is mainly used for internal shared IP access to the outside.
  • SNAT is mainly used for internal shared IP access to the outside.
  • the external address initiates an active connection
  • the gateway on the router or firewall Receive this connection, and then convert the connection to the internal.
  • the process is to replace the internal service with the gateway with the public network IP to receive the external connection, and then do the internal address conversion.
  • This conversion is called DNAT, and it is mainly used internally. The service is released to the outside world.
  • the cloud service system can implement setting SNAT rules through iptables technology, of course, it can also implement setting SNAT rules through other technologies.
  • the network namespace includes a first virtual network card and a second virtual network card, the first virtual network card is used as an access port of a target virtual private network, and the second virtual network card is used as a target The output port of the virtual private network.
  • the network namespace can include a first virtual network card (IN) and a second virtual network card (EX), where the first virtual network card can be used as the access port of the target virtual private network, and the second virtual network card can be used As the output port of the target virtual private network, it is equivalent to being able to realize the access function.
  • first virtual network card can be used as the access port of the target virtual private network
  • second virtual network card can be used as the output port of the target virtual private network
  • the first virtual network card is configured with a first private network address and a first public network VIP address
  • the second virtual network card is configured with a second private network address and a second public network VIP address
  • the first virtual network card may be configured with a first private network address and a first public network VIP (public VIP) address.
  • the second virtual network card can be configured with a second private network address and a second public network VIP (public VIP) address, so that it can be used to implement the next hop function of the data packet to access the VIP.
  • the target virtual private network is accessed through the first virtual network card.
  • the cloud service system can access the target virtual private network through the first virtual network card IN.
  • the first virtual network card accesses the target virtual private network by means of a container or a virtual machine.
  • the cloud service system can connect the first virtual network card to the target virtual private network through a container means or a virtual machine means.
  • a container means or a virtual machine means.
  • other means can also be used, which will not be repeated here.
  • the source IP address of the data packet sent by the first virtual network card is converted into a private IP address through the SNAT rule.
  • SNAT can be used to implement the source address switching function.
  • the cloud service system can convert the source IP address of the data packet sent by the first virtual network card into a private IP address through the SNAT rule.
  • the K computer nodes include a host VPN gateway.
  • the VPN gateways corresponding to the K computer nodes may include a host VPN gateway, which may be used to control other VPN gateways, or may be a VPN gateway with high priority use.
  • the host VPN gateway includes a host network namespace.
  • the host VPN gateway can correspond to the host network namespace, and in specific implementation, the host network namespace corresponding to the host can be established first.
  • a direct connection route is configured in the host network namespace, and the direct connection route can be used to point the next hop of the data packet accessing the VIP to the second virtual network card.
  • a direct connection route can be configured in the host network namespace, and the direct connection route can directly implement data forwarding, that is, the direct connection route can be used to point the next hop of the data packet accessing the VIP to the second virtual network card EX.
  • VPN gateway create two virtual network cards IN (first virtual network card) and virtual network card EX (second virtual network card) (using a virtual veth pair) in the network namespace, and configure them separately Private network address and public network VIP address, the specific steps are as follows:
  • the VPN Client link establishment request is forwarded to different VPN gateway nodes, providing basic support for the distributed solution;
  • the virtual network namespace technology serves as a bridge to connect private networks and public networks;
  • SNAT source address translation technology data packets can be normally round-tripped, which can improve data transmission efficiency for VPN networks in a cloud environment.
  • the cloud server system can reserve part of the computing nodes as VPN gateway nodes, and the user’s private network can reserve part of the addresses as SNAT gateways; in addition, VIP technology is introduced to provide VPN Client access and forwarding to different VPN gateway node; then, create a network namespace in the VPN gateway node, in the network namespace: first, deploy the VPN service; secondly, access the user’s private network through the reserved private IP address; then, import the external VIP
  • VIP can be published through BGP/OSPF and other protocols
  • set up SNAT rules (which can be implemented through iptables).
  • the cloud service system described in the embodiment of the application includes P computer nodes, where P is an integer greater than 1, and among the P computer nodes, Q computer nodes are used as virtual private network VPNs.
  • Gateway node Q is an integer less than P and greater than 1
  • K computer nodes in Q computer nodes are used as source address translation SNAT gateways
  • K is a positive integer less than or equal to Q, because some computer nodes are used as The VPN gateway node and at least one of the VPN gateway nodes are used as SNAT gateways.
  • FIG. 1E is a schematic flowchart of a network switching control method provided by an embodiment of the present application.
  • the network switching control method described in this embodiment is applied to the system architecture shown in FIG. 1C.
  • the network switching Control methods include:
  • the target operating parameter set may include at least one of the following parameters: network speed, network delay, packet loss rate, CPU usage, memory size, etc., which are not limited here.
  • the target operating parameter set reflects the VPN to a certain extent.
  • the performance of the gateway node for example, whether there is a failure, or whether it is running well, and so on.
  • the cloud server system may obtain the target operating parameter set of the main VPN gateway node through a monitoring platform or a background program, and the main VPN gateway node may be one computer node among Q computer nodes.
  • the backup VPN gateway node and the main VPN gateway node are different nodes, and the preset conditions can be set by the user or the system defaults, for example, at least one operating parameter is abnormal.
  • the cloud service system can obtain the target operating parameter set of the main VPN gateway node, and the main VPN gateway node is one computer node among the Q computer nodes.
  • the target operating parameter includes multiple operating parameters; between the above step 101 and step 102, the following steps may also be included:
  • the preset range can be set by the user or the system defaults.
  • the cloud service system can evaluate each operating parameter among multiple operating parameters, and obtain multiple evaluation values.
  • Each operating parameter corresponds to an evaluation value, and the weight corresponding to each operating parameter of the multiple operating parameters can be obtained.
  • Value obtain multiple weights, perform weighting operations based on multiple evaluation values and multiple weights to obtain a target evaluation value, and when the target evaluation value is within a preset range, it is determined that the target operating parameter set satisfies the preset condition, Conversely, when the target evaluation value is not within the preset range, it can be determined that the target operating parameter does not meet the preset condition.
  • step 102 determining a backup VPN gateway node from the K computer nodes, may include the following steps:
  • the physiological state parameter may be various parameters used to reflect the physiological function of the user, and the physiological state parameter may be at least one of the following: heart rate, blood pressure, blood temperature, blood lipid content, blood glucose content, thyroxine content , Adrenaline content, platelet content, blood oxygen content, etc., are not limited here.
  • the preset emotion type can be set by the user or the system defaults. The preset emotion type can be at least one of the following: dull, crying, calm, irritable, excited, depressed, etc., which are not limited here.
  • the cloud service system can pre-store the mapping relationship between the preset computer node and the emotion type, and the cloud service system can obtain the user's target physiological state parameters.
  • the physiological state parameters reflect the emotion type to a certain extent, and then ,
  • the target emotion type corresponding to the target physiological state parameter can be determined, and further, the target computer node corresponding to the target emotion type can be determined according to the preset mapping relationship between the computer node and the emotion type, and the target computer node can be used as a backup VPN
  • the target computer node is one of the K computer nodes.
  • the above step 22, determining the target emotion type corresponding to the target physiological state parameter can be implemented in the following manner:
  • the specified time period can be set by the user or the system defaults.
  • the memory of the cloud service system can pre-store the mapping relationship between the preset heart rate level and the first emotion value, as well as the preset mean square error and the second emotion value.
  • the mapping relationship between the preset heart rate level and the weighted value pair, and the preset emotional value and the emotional type mapping relationship, the above weighted value pair may include the first weight and the second
  • the first weight value is the weight value corresponding to the first sentiment value
  • the second weight value is the weight value corresponding to the second sentiment value.
  • the sum of the first weight value and the second weight value can be 1, and the first weight value
  • the value ranges of the first weight and the second weight are both 0 to 1.
  • the emotion can be evaluated through the heart rate change curve.
  • the cloud service system can sample the heart rate curve.
  • the specific sampling method can be: uniform sampling or random sampling to obtain multiple heart rate values, and can perform average calculations based on multiple heart rate values to obtain the average heart rate value.
  • the mapping relationship between the heart rate value and the heart rate level can be pre-stored in the service system, and further, the target heart rate level corresponding to the average heart rate value can be determined according to the mapping relationship, and further, can be based on the preset heart rate level and the first emotional value. To determine the target first emotion value corresponding to the target heart rate level.
  • the mean square error operation can be performed based on multiple heart rate values to obtain the target mean square error, and it can be based on the preset mean square deviation and the second emotion value. The mapping relationship between the two determines the target second sentiment value corresponding to the target mean square error.
  • the cloud service system can also determine the target weight pair corresponding to the target heart rate level according to the above preset mapping relationship between the heart rate level and the weight value pair, and the target weight value pair may include the target first weight value and the target weight value.
  • the first weight, the target first weight is the weight corresponding to the target first sentiment value
  • the target second weight is the weight corresponding to the target second sentiment value.
  • the cloud service system can be based on the target first sentiment value, The target second sentiment value, the target first weight and the target second weight are weighted to obtain the final sentiment value.
  • the specific calculation formula is as follows:
  • the target emotion type corresponding to the target emotion value can be determined according to the above preset mapping relationship between the emotion value and the emotion type.
  • the above average heart rate reflects the user's heart rate value
  • the mean square error of the heart rate reflects the stability of the heart rate
  • the user's emotion is reflected through the two dimensions of the average heart rate and the mean square error, and the user's emotion type can be accurately determined.
  • At least one VPN gateway node of the main VPN gateway node and the backup VPN gateway node is set with SNAT rules, and further, the main VPN gateway node and the backup VPN gateway node can be implemented through the SNAT rules to realize the active and backup VPN gateway nodes Switch.
  • the network switching control method described in the embodiment of the present application may be executed by at least one server in the cloud service system, or executed by the controller of the cloud service system, which is not limited herein.
  • the cloud service system includes P computer nodes, where P is an integer greater than 1, and among the P computer nodes, Q computer nodes Used as a virtual private network VPN gateway node, Q is an integer less than P and greater than 1, K computer nodes in Q computer nodes are used as source address translation SNAT gateways, K is a positive integer less than or equal to Q, based on
  • the cloud service system obtains the target operating parameter set of the main VPN gateway node.
  • the main VPN gateway node is a computer node among the Q computer nodes.
  • the backup VPN gateway node When the target operating parameter set meets the preset conditions, it is determined from the K computer nodes
  • the backup VPN gateway node through the SNAT rules, the main VPN gateway node and the backup VPN gateway node are switched between the active and standby VPN gateway nodes. Because some computer nodes are used as VPN gateway nodes, and at least one of the VPN gateway nodes is used as The SNAT gateway, on the one hand, can ensure that the VPN gateway node will not allow users to perceive the disconnection and reconnection during the switching process. On the other hand, the SNAT source address translation technology is used to open up data packets to and from the normal, ensuring data Security also improves data transmission efficiency.
  • the following is a device for implementing the above-mentioned network switching control method, which is specifically as follows:
  • FIG. 2 is a server provided by an embodiment of the present application, including: a processor and a memory; and one or more programs, and the one or more programs are stored in the memory. And is configured to be executed by the processor, the server may be any server in the cloud service system shown in FIG. 1C, and the program includes instructions for executing the following steps:
  • main VPN gateway node Acquiring a target operating parameter set of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes;
  • the main VPN gateway node and the standby VPN gateway node are switched between the main VPN gateway node and the standby VPN gateway node through SNAT rules.
  • the server described in the embodiment of the present application is any computer node in the cloud service system.
  • the cloud service system includes P computer nodes, where P is an integer greater than 1, and among the P computer nodes, Q computer nodes are used as virtual private network VPN gateway nodes, Q is an integer less than P and greater than 1, K computer nodes in Q computer nodes are used as source address translation SNAT gateways, K is less than or equal to Q A positive integer, based on the cloud service system, obtain the target operating parameter set of the main VPN gateway node.
  • the main VPN gateway node is a computer node among Q computer nodes.
  • the backup VPN gateway node is determined in the nodes, and the main VPN gateway node and the backup VPN gateway node are switched through SNAT rules. Because some computer nodes are used as VPN gateway nodes and at least one of the VPN gateway nodes It is used as a SNAT gateway. In this way, on the one hand, it can ensure that the VPN gateway node will not allow users to perceive the disconnection and reconnection during the switching process. On the other hand, using the SNAT source address translation technology, the data packets can be normally round-tripped. , To improve data transmission efficiency while ensuring data security.
  • the target operating parameters include multiple operating parameters; the program further includes instructions for executing the following steps:
  • the target evaluation value is within a preset range, it is determined that the target operating parameter set satisfies the preset condition.
  • the server includes hardware structures and/or software modules corresponding to each function.
  • this application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
  • the embodiment of the present application may divide the server into functional units according to the foregoing method examples.
  • each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit. It should be noted that the division of units in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
  • FIG. 3 is a schematic structural diagram of a network handover control device provided in this embodiment.
  • the network switching control device is applied to the cloud service system as shown in FIG. 1C, and the device includes: an acquiring unit 301, a determining unit 302, and a switching unit 303, wherein,
  • the obtaining unit 301 is configured to obtain target operating parameters of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes;
  • the determining unit 302 is configured to determine a backup VPN gateway node from the K computer nodes when the target operating parameter meets a preset condition;
  • the switching unit 303 is configured to switch between the main VPN gateway node and the backup VPN gateway node through SNAT rules.
  • the network switching control device described in the embodiment of the present application is applied to a cloud service system.
  • the cloud service system includes P computer nodes, where P is an integer greater than 1, and among the P computer nodes, Q computers A node is used as a virtual private network VPN gateway node, Q is an integer less than P and greater than 1, K computer nodes among Q computer nodes are used as source address translation SNAT gateways, K is a positive integer less than or equal to Q, Based on the cloud service system, the target operating parameter set of the main VPN gateway node is obtained.
  • the main VPN gateway node is a computer node among Q computer nodes.
  • a backup VPN gateway node is generated, and the main VPN gateway node and the backup VPN gateway node are switched through SNAT rules. Because some computer nodes are used as VPN gateway nodes, and at least one of the VPN gateway nodes is used for As a SNAT gateway, this way, on the one hand, it can ensure that the VPN gateway node will not allow users to perceive the disconnection and reconnection during the switching process. Data security also improves data transmission efficiency.
  • the target operating parameter includes multiple operating parameters; the determining unit 302 is further specifically configured to:
  • the target evaluation value is within a preset range, it is determined that the target operating parameter set satisfies the preset condition.
  • An embodiment of the present application also provides a computer storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, and the computer program enables a computer to execute any of the network switching control methods described in the above method embodiments. Part or all of the steps.
  • the embodiments of the present application also provide a computer program product, the computer program product includes a non-transitory computer-readable storage medium storing a computer program, and the computer program is operable to cause a computer to execute the method described in the foregoing method embodiment Part or all of the steps of any kind of network switching control method.
  • the disclosed device may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be realized in the form of hardware or software program module.
  • the integrated unit is implemented in the form of a software program module and sold or used as an independent product, it can be stored in a computer readable memory.
  • the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory, A number of instructions are included to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned memory includes: U disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), mobile hard disk, magnetic disk, or optical disk and other media that can store program codes.
  • the program can be stored in a computer-readable memory, and the memory can include: a flash disk , ROM, RAM, magnetic disk or CD, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed in embodiments of the present application are a cloud service system, a network switching control method and a related device. The cloud service system comprises P computer nodes, P being an integer greater than 1. Q computer nodes in the P computer nodes serve as virtual private network (VPN) gateway nodes, Q being an integer less than P and greater than 1. K computer nodes in the Q computer nodes serve as source address translation (SNAT) gateways, K being a positive integer less than or equal to Q. Use of the embodiments of the present application can reduce the negative impact of disconnection and reconnection when VPN access is not restricted by the performance of a single server and the active/standby switch is performed.

Description

云服务系统、网络切换控制方法及相关装置Cloud service system, network switching control method and related devices 技术领域Technical field

本申请涉及计算机领域,具体涉及一种云服务系统、网络切换控制方法及相关装置。This application relates to the computer field, in particular to a cloud service system, a network switching control method and related devices.

背景技术Background technique

虚拟专用网络(virtual private network,VPN)服务端部署在网络节点的虚拟网关中,并通过使用虚拟路由器冗余协议(virtual router redundancy protocol,VRRP)实现主备切换,从而避免单点故障。由于网关接入端只有一台服务器提供服务,VPN接入能力受到单台服务器的性能的限制,并且在主备切换时,所有连接这个虚拟网络的用户都会出现断开重连。A virtual private network (virtual private network, VPN) server is deployed in a virtual gateway of a network node, and a virtual router redundancy protocol (virtual router redundancy protocol, VRRP) is used to implement active/standby switching, thereby avoiding a single point of failure. Since only one server provides services at the gateway access end, the VPN access capability is limited by the performance of a single server, and when the active/standby switch is performed, all users connected to this virtual network will be disconnected and reconnected.

发明内容Summary of the invention

本申请实施例提供了一种云服务系统、网络切换控制方法及相关装置,能够在VPN接入不会受到单台服务器的性能的限制且在主备切换时,降低断开重连带来的负面影响。The embodiments of the present application provide a cloud service system, a network switching control method, and related devices, which can reduce the negative effects of disconnection and reconnection when VPN access is not restricted by the performance of a single server and when the active/standby switch is performed Influence.

第一方面,本申请实施例一种云服务系统,所述云服务系统包括P个计算机节点,所述P为大于1的整数,其中,In the first aspect, an embodiment of the present application is a cloud service system. The cloud service system includes P computer nodes, where P is an integer greater than 1, where:

所述P个计算机节点中的Q个计算机节点用于作为虚拟专用网络VPN网关节点,所述Q为小于所述P且大于1的整数;Q of the P computer nodes are used as virtual private network VPN gateway nodes, and the Q is an integer less than the P and greater than 1;

所述Q个计算机节点中的K个计算机节点用于作为源地址转换SNAT网关,所述K为小于或等于所述Q的正整数。The K computer nodes among the Q computer nodes are used as source address translation SNAT gateways, and the K is a positive integer less than or equal to the Q.

第二方面,本申请实施例提供了一种网络切换控制方法,应用于如第一方面所述的云服务系统,所述方法包括:In the second aspect, an embodiment of the present application provides a network handover control method, which is applied to the cloud service system as described in the first aspect, and the method includes:

获取主VPN网关节点的目标运行参数集,所述主VPN网关节点为所述Q个计算机节点中的一个计算机节点;Acquiring a target operating parameter set of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes;

在所述目标运行参数集满足预设条件时,从所述K个计算机节点中确定出备用VPN网关节点;When the target operating parameter set meets a preset condition, determine a backup VPN gateway node from the K computer nodes;

通过SNAT规则对所述主VPN网关节点以及所述备用VPN网关节点实现主备VPN网关节点切换。The main VPN gateway node and the standby VPN gateway node are switched between the main VPN gateway node and the standby VPN gateway node through SNAT rules.

第三方面,本申请实施例提供了一种网络切换控制装置,应用于如第一方面所述的云服务系统,所述装置包括:获取单元、确定单元和切换单元,其中,In a third aspect, an embodiment of the present application provides a network switching control device, which is applied to the cloud service system as described in the first aspect, and the device includes: an acquiring unit, a determining unit, and a switching unit, wherein:

所述获取单元,用于获取主VPN网关节点的目标运行参数,所述主VPN网关节点为所述Q个计算机节点中的一个计算机节点;The obtaining unit is configured to obtain target operating parameters of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes;

所述确定单元,用于在所述目标运行参数满足预设条件时,从所述K个计算机节点中确定出备用VPN网关节点;The determining unit is configured to determine a backup VPN gateway node from the K computer nodes when the target operating parameter meets a preset condition;

所述切换单元,用于通过SNAT规则对所述主VPN网关节点以及所述备用VPN网关节点实现主备VPN网关节点切换。The switching unit is configured to switch between the primary VPN gateway node and the backup VPN gateway node through SNAT rules.

第四方面,本申请实施例提供一种服务器,包括处理器、存储器、通信接口,以及一个或多个程序,其中,上述一个或多个程序被存储在上述存储器中,并且被配置由上述处理器执行,上述程序包括用于执行本申请实施例第二方面中的步骤的指令。In a fourth aspect, an embodiment of the present application provides a server, including a processor, a memory, a communication interface, and one or more programs, wherein the one or more programs are stored in the memory and configured to be processed by the above The above program includes instructions for executing the steps in the second aspect of the embodiments of the present application.

第五方面,本申请实施例提供了一种计算机可读存储介质,其中,上述计算机可读存储介质存储用于电子数据交换的计算机程序,其中,上述计算机程序使得计算机执行如本申请实施例第二方面中所描述的部分或全部步骤。In a fifth aspect, an embodiment of the present application provides a computer-readable storage medium, wherein the above-mentioned computer-readable storage medium stores a computer program for electronic data exchange, wherein the above-mentioned computer program enables a computer to execute Part or all of the steps described in the two aspects.

第六方面,本申请实施例提供了一种计算机程序产品,其中,上述计算机程序产品包括存储了计算机程序的非瞬时性计算机可读存储介质,上述计算机程序可操作来使计 算机执行如本申请实施例第二方面中所描述的部分或全部步骤。该计算机程序产品可以为一个软件安装包。In a sixth aspect, an embodiment of the present application provides a computer program product, wherein the above-mentioned computer program product includes a non-transitory computer-readable storage medium storing a computer program, and the above-mentioned computer program is operable to cause a computer to execute as implemented in this application. Examples of part or all of the steps described in the second aspect. The computer program product may be a software installation package.

附图说明Description of the drawings

下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍。The following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art.

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments of the present application. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative work.

图1A是本申请实施例提供的一种服务器的结构示意图;FIG. 1A is a schematic structural diagram of a server provided by an embodiment of the present application;

图1B本申请实施例提供的云服务系统的架构示意图;FIG. 1B is a schematic structural diagram of a cloud service system provided by an embodiment of the present application;

图1C是本申请实施例公开的另一种云服务系统的架构示意图;FIG. 1C is a schematic structural diagram of another cloud service system disclosed in an embodiment of the present application;

图1D是本申请实施例公开的基于SNAT实现IP地址切换的演示示意图;FIG. 1D is a schematic diagram showing the implementation of IP address switching based on SNAT disclosed in an embodiment of the present application;

图1E是本申请实施例公开的一种网络切换控制方法的流程示意图;1E is a schematic flowchart of a network handover control method disclosed in an embodiment of the present application;

图2是本申请实施例公开的另一种服务器的结构示意图;Figure 2 is a schematic structural diagram of another server disclosed in an embodiment of the present application;

图3是本申请实施例公开的一种网络切换控制装置的结构示意图。Fig. 3 is a schematic structural diagram of a network switching control device disclosed in an embodiment of the present application.

具体实施方式detailed description

为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to enable those skilled in the art to better understand the solutions of this application, the technical solutions in the embodiments of this application will be described clearly and completely in conjunction with the accompanying drawings in the embodiments of this application. Obviously, the described embodiments are only These are a part of the embodiments of this application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.

本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别不同对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其他步骤或单元。The terms "first", "second", etc. in the specification and claims of this application and the above-mentioned drawings are used to distinguish different objects, rather than to describe a specific sequence. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the listed steps or units, but optionally includes unlisted steps or units, or optionally also includes Other steps or units inherent in these processes, methods, products or equipment.

在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。Reference to "embodiments" herein means that a specific feature, structure, or characteristic described in conjunction with the embodiments may be included in at least one embodiment of the present application. The appearance of the phrase in various places in the specification does not necessarily refer to the same embodiment, nor is it an independent or alternative embodiment mutually exclusive with other embodiments. Those skilled in the art clearly and implicitly understand that the embodiments described herein can be combined with other embodiments.

本申请实施例所涉及到的计算机节点均可以为服务器,服务器可以为云服务器,或者,其他功能服务器,在此不做限定。The computer nodes involved in the embodiments of the present application may all be servers, and the servers may be cloud servers, or servers with other functions, which are not limited here.

下面对本申请实施例进行详细介绍。The following describes the embodiments of the application in detail.

请参阅图1A,图1A是本申请实施例公开的一种服务器的结构示意图,服务器100可以包括控制电路,该控制电路可以包括存储和处理电路110。该存储和处理电路110可以存储器,例如硬盘驱动存储器,非易失性存储器(例如闪存或用于形成固态驱动器的其它电子可编程只读存储器等),易失性存储器(例如静态或动态随机存取存储器等)等,本申请实施例不作限制。存储和处理电路110中的处理电路可以用于控制服务器100的运转。该处理电路可以基于一个或多个微处理器,微控制器,基带处理器,功率管理单元,音频编解码器芯片,专用集成电路,显示驱动器集成电路等来实现。Please refer to FIG. 1A. FIG. 1A is a schematic structural diagram of a server disclosed in an embodiment of the present application. The server 100 may include a control circuit, and the control circuit may include a storage and processing circuit 110. The storage and processing circuit 110 can be memory, such as hard disk drive memory, non-volatile memory (such as flash memory or other electronic programmable read-only memory used to form a solid-state drive, etc.), volatile memory (such as static or dynamic random access memory). Access to memory, etc.), etc., are not limited in the embodiment of the present application. The processing circuit in the storage and processing circuit 110 can be used to control the operation of the server 100. The processing circuit can be implemented based on one or more microprocessors, microcontrollers, baseband processors, power management units, audio codec chips, application specific integrated circuits, display driver integrated circuits, etc.

存储和处理电路110可用于运行服务器100中的软件,例如互联网浏览应用程序, 互联网协议语音(voice over internet protocol,VOIP)电话呼叫应用程序,电子邮件应用程序,媒体播放应用程序,操作系统功能等。这些软件可以用于执行一些控制操作,例如,基于照相机的图像采集,基于环境光传感器的环境光测量,基于接近传感器的接近传感器测量,基于诸如发光二极管的状态指示灯等状态指示器实现的信息显示功能,基于触摸传感器的触摸事件检测,与在多个(例如分层的)显示器上显示信息相关联的功能,与执行无线通信功能相关联的操作,与收集和产生音频信号相关联的操作,与收集和处理按钮按压事件数据相关联的控制操作,以及服务器100中的其它功能等,本申请实施例不作限制。The storage and processing circuit 110 can be used to run software in the server 100, such as Internet browsing applications, voice over internet protocol (VOIP) telephone call applications, email applications, media playback applications, operating system functions, etc. . These software can be used to perform some control operations, for example, camera-based image capture, ambient light measurement based on ambient light sensors, proximity sensor measurement based on proximity sensors, and information based on status indicators such as the status indicator of light-emitting diodes. Display functions, touch event detection based on touch sensors, functions associated with displaying information on multiple (for example, layered) displays, operations associated with performing wireless communication functions, operations associated with collecting and generating audio signals , The control operations associated with the collection and processing of button press event data, and other functions in the server 100, are not limited in the embodiment of the present application.

服务器100还可以包括输入-输出电路150。输入-输出电路150可用于使服务器100实现数据的输入和输出,即允许服务器100从外部设备接收数据和也允许服务器100将数据从服务器100输出至外部设备。输入-输出电路150可以进一步包括传感器170。传感器170可以包括环境光传感器,基于光和电容的接近传感器,触摸传感器(例如,基于光触摸传感器和/或电容式触摸传感器,其中,触摸传感器可以是触控显示屏的一部分,也可以作为一个触摸传感器结构独立使用),加速度传感器,重力传感器,和其它传感器等。The server 100 may further include an input-output circuit 150. The input-output circuit 150 may be used to enable the server 100 to input and output data, that is, to allow the server 100 to receive data from an external device and also allow the server 100 to output data from the server 100 to an external device. The input-output circuit 150 may further include a sensor 170. The sensor 170 may include an ambient light sensor, a proximity sensor based on light and capacitance, and a touch sensor (for example, a light-based touch sensor and/or a capacitive touch sensor, where the touch sensor may be a part of a touch display screen, or it may be used as a touch sensor). The touch sensor structure is used independently), acceleration sensor, gravity sensor, and other sensors.

输入-输出电路150还可以包括一个或多个显示器,例如显示器130。显示器130可以包括液晶显示器,有机发光二极管显示器,电子墨水显示器,等离子显示器,使用其它显示技术的显示器中一种或者几种的组合。显示器130可以包括触摸传感器阵列(即,显示器130可以是触控显示屏)。触摸传感器可以是由透明的触摸传感器电极(例如氧化铟锡(ITO)电极)阵列形成的电容式触摸传感器,或者可以是使用其它触摸技术形成的触摸传感器,例如音波触控,压敏触摸,电阻触摸,光学触摸等,本申请实施例不作限制。The input-output circuit 150 may also include one or more displays, such as the display 130. The display 130 may include one or a combination of a liquid crystal display, an organic light emitting diode display, an electronic ink display, a plasma display, and a display using other display technologies. The display 130 may include a touch sensor array (ie, the display 130 may be a touch display screen). The touch sensor can be a capacitive touch sensor formed by an array of transparent touch sensor electrodes (such as indium tin oxide (ITO) electrodes), or it can be a touch sensor formed using other touch technologies, such as sonic touch, pressure-sensitive touch, and resistance. Touch, optical touch, etc., are not limited in the embodiment of the present application.

音频组件140可以用于为服务器100提供音频输入和输出功能。服务器100中的音频组件140可以包括扬声器,麦克风,蜂鸣器,音调发生器以及其它用于产生和检测声音的组件。The audio component 140 may be used to provide audio input and output functions for the server 100. The audio component 140 in the server 100 may include a speaker, a microphone, a buzzer, a tone generator, and other components for generating and detecting sounds.

通信电路120可以用于为服务器100提供与外部设备通信的能力。通信电路120可以包括模拟和数字输入-输出接口电路,和基于射频信号和/或光信号的无线通信电路。通信电路120中的无线通信电路可以包括射频收发器电路、功率放大器电路、低噪声放大器、开关、滤波器和天线。举例来说,通信电路120中的无线通信电路可以包括用于通过发射和接收近场耦合电磁信号来支持近场通信(near field communication,NFC)的电路。例如,通信电路120可以包括近场通信天线和近场通信收发器。通信电路120还可以包括蜂窝电话收发器和天线,无线局域网收发器电路和天线等。The communication circuit 120 may be used to provide the server 100 with the ability to communicate with external devices. The communication circuit 120 may include analog and digital input-output interface circuits, and wireless communication circuits based on radio frequency signals and/or optical signals. The wireless communication circuit in the communication circuit 120 may include a radio frequency transceiver circuit, a power amplifier circuit, a low noise amplifier, a switch, a filter, and an antenna. For example, the wireless communication circuit in the communication circuit 120 may include a circuit for supporting near field communication (NFC) by transmitting and receiving near-field coupled electromagnetic signals. For example, the communication circuit 120 may include a near field communication antenna and a near field communication transceiver. The communication circuit 120 may also include a cellular phone transceiver and antenna, a wireless local area network transceiver circuit and antenna, and so on.

服务器100还可以进一步包括电池,电力管理电路和其它输入-输出单元160。输入-输出单元160可以包括按钮,操纵杆,点击轮,滚动轮,触摸板,小键盘,键盘,照相机,发光二极管和其它状态指示器等。The server 100 may further include a battery, a power management circuit, and other input-output units 160. The input-output unit 160 may include buttons, joysticks, click wheels, scroll wheels, touch pads, keypads, keyboards, cameras, light emitting diodes, and other status indicators.

用户可以通过输入-输出电路150输入命令来控制服务器100的操作,并且可以使用输入-输出电路150的输出数据以实现接收来自服务器100的状态信息和其它输出。The user can control the operation of the server 100 by inputting commands through the input-output circuit 150, and can use the output data of the input-output circuit 150 to realize receiving status information and other outputs from the server 100.

请参阅图1B,图1B提供了实施本申请实施例所涉及的云服务系统架构,本申请实施例中,云服务系统可以视为一个虚拟私有云(virtual private cloud,VPC),该云服务系统包括多个计算机节点(computer node),该多个计算机节点中有2个计算机节点作为网络节点,该2个计算机节点均用于作为VPN服务器(VPN Server),该2个计算机节点中的一个用于作为主路由器(router master),另一个用于作为备用路由器(router slave),该2个计算机节点之间通过虚拟路由冗余协议(Virtual Router Redundancy Protocol, VRRP)进行连通,该网络节点通过因特网(internet)接入VPN客户端(VPN client),该多个计算接节点除了该2个计算机节点之外,其余的计算机节点中每一计算机节点均包括应用搜索引擎(docker)。计算机节点的具体结构可以为上述图1A所描述的服务器。其中,基于图1B所示的云服务系统,VPN服务端部署在网络节点的虚拟网关中,通过使用VRRP协议实现主备连通,从而避免单点故障。Please refer to Figure 1B. Figure 1B provides the cloud service system architecture involved in implementing the embodiments of this application. In the embodiments of this application, the cloud service system can be regarded as a virtual private cloud (VPC). Including multiple computer nodes. Among the multiple computer nodes, two computer nodes are used as network nodes. Both of the two computer nodes are used as VPN servers. One of the two computer nodes is used as a VPN server. As the main router (router master) and the other as the backup router (router slave), the two computer nodes are connected through the Virtual Router Redundancy Protocol (VRRP), and the network node is connected through the Internet (Internet) access to a VPN client (VPN client), in addition to the two computer nodes of the multiple computing connection nodes, each of the other computer nodes includes an application search engine (docker). The specific structure of the computer node may be the server described in FIG. 1A above. Among them, based on the cloud service system shown in FIG. 1B, the VPN server is deployed in the virtual gateway of the network node, and the active/standby connection is realized by using the VRRP protocol, thereby avoiding a single point of failure.

但是,其所面临的问题是网关接入端只有一台提供服务,VPN接入能力受到单台服务器的性能的限制,并且在主备切换时,所有连接这个虚拟网络的用户都会出现断开重连,即面临该相关技术不能满足需要有大量用户接入的场景。However, the problem it faces is that only one gateway access terminal provides services, and the VPN access capability is limited by the performance of a single server, and when the active/standby switch is performed, all users connected to this virtual network will be disconnected. Connected, that is, the related technology cannot meet the needs of a large number of users to access the scene.

基于此,请参阅图1C,图1C提供了实施本申请实施例所涉及的云服务系统架构,本申请实施例中,云服务系统可以视为一个虚拟私有云VPC,所述云服务系统包括P个计算机节点,所述P为大于1的整数,VPC通过因特网(Internet)接入VPN客户端(VPN Client),其中,Based on this, please refer to Figure 1C. Figure 1C provides the cloud service system architecture involved in implementing the embodiments of this application. In the embodiments of this application, the cloud service system can be regarded as a virtual private cloud VPC, and the cloud service system includes P A computer node, the P is an integer greater than 1, and the VPC accesses the VPN Client through the Internet, where,

所述P个计算机节点中的Q个计算机节点用于作为虚拟专用网络VPN网关节点,所述Q为小于所述P且大于1的整数;Q of the P computer nodes are used as virtual private network VPN gateway nodes, and the Q is an integer less than the P and greater than 1;

所述Q个计算机节点中的K个计算机节点用于作为源地址转换SNAT网关,所述K为小于或等于所述Q的正整数。The K computer nodes among the Q computer nodes are used as source address translation SNAT gateways, and the K is a positive integer less than or equal to the Q.

其中,计算机节点的具体结构可以为上述图1A所描述的服务器。具体实现中,云服务系统可以包括大量计算机节点,其中,部分节点用于作为VPN网关节点,VPN网关节点能够用于使用SNAT源地址转换技术,能够打通数据包,并且实现数据包传输正常往返。当然,Q个计算机节点可以对应Q个VPN网关节点,该Q个VPN网关节点中的1个VPN网关节点可以用于实现主路由器功能,其余的VPN网关节点则可以用于实现从路由器功能。Q个计算机节点均可以用于提供VPN服务。The specific structure of the computer node may be the server described in FIG. 1A. In a specific implementation, the cloud service system may include a large number of computer nodes, some of which are used as VPN gateway nodes, and the VPN gateway nodes can be used to use SNAT source address translation technology to open up data packets and realize normal round-trip transmission of data packets. Of course, Q computer nodes can correspond to Q VPN gateway nodes, and one VPN gateway node of the Q VPN gateway nodes can be used to implement the main router function, and the remaining VPN gateway nodes can be used to implement the slave router function. All Q computer nodes can be used to provide VPN services.

在一个可能的示例中,所述云服务系统通过VIP技术提供VPN客户端接入转发到不同的VPN网关节点。In a possible example, the cloud service system provides VPN client access and forwarding to different VPN gateway nodes through VIP technology.

具体实现中,云服务系统可以通过虚拟IP地址技术(VIP技术)提供VPN客户端接入并转发数据到不同的VPN网关节点,还可以转发到其他非VPN网关节点的计算机节点。本申请实施例中,引入VIP技术,能够使VPN Client建链的请求转发到不同的VPN网关节点,进而,为分布式方案提供基础支持。In specific implementation, the cloud service system can provide VPN client access through virtual IP address technology (VIP technology) and forward data to different VPN gateway nodes, and can also forward to other computer nodes that are not VPN gateway nodes. In the embodiments of this application, the introduction of the VIP technology enables the VPN Client to forward the request for establishing a chain to different VPN gateway nodes, thereby providing basic support for the distributed solution.

具体实现中,本申请实施例,能够实现VPN网关节点根据需求横向扩容,解决相关技术中单台网络节点性能限制的问题,例如,按照预设的网关节点数量与云服务系统包含的计算机节点总数之间的映射关系,确定需要的目标网关节点数量,进而,可以实现VPN网关节点按需横向扩容。另外,若VPN网关节点出现故障,仅影响接入本节点的用户,重连后会连向正常的VPN网关节点。In specific implementation, the embodiments of this application can realize the horizontal expansion of VPN gateway nodes according to demand, and solve the problem of the performance limitation of a single network node in related technologies, for example, according to the preset number of gateway nodes and the total number of computer nodes included in the cloud service system The mapping relationship between the two determines the required number of target gateway nodes, and further, the horizontal expansion of VPN gateway nodes can be realized on demand. In addition, if the VPN gateway node fails, only users who access the node will be affected, and will be connected to the normal VPN gateway node after reconnection.

在一个可能的示例中,所述K个计算机节点中的至少一个VPN网关节点用于创建网络命名空间。In a possible example, at least one VPN gateway node among the K computer nodes is used to create a network namespace.

具体实现中,K个计算机节点中的至少一个VPN网关节点用于创建网络命名空间,即可以将K个计算机节点中的一个或多个VPN网关节点用于创建网络命名空间。例如,可以将K个计算机节点中的一个VPN网关节点用于创建网络命名空间,又例如,可以将K个计算机节点中的2个VPN网关节点用于创建网络命名空间,又例如,可以将K个计算机节点中的3个VPN网关节点用于创建网络命名空间,等等,在此不做限定。本申请实施例中,使用虚拟网络命名空间技术,能够作为桥梁连接私有网络和公有网络。In a specific implementation, at least one VPN gateway node among the K computer nodes is used to create a network name space, that is, one or more VPN gateway nodes among the K computer nodes can be used to create a network name space. For example, one VPN gateway node among K computer nodes can be used to create a network namespace. For example, two VPN gateway nodes among K computer nodes can be used to create a network namespace. For example, K The three VPN gateway nodes in each computer node are used to create a network name space, etc., which are not limited here. In the embodiments of the present application, the virtual network namespace technology is used, which can be used as a bridge to connect a private network and a public network.

在一个可能的示例中,所述K个计算机节点中的至少一个VPN网关节点用于创建网络命名空间,所述云服务系统具体用于:In a possible example, at least one VPN gateway node among the K computer nodes is used to create a network namespace, and the cloud service system is specifically used to:

A1、在VPN网关节点i中部署VPN服务,并创建网络命名空间,所述VPN网关节点i为所述K个计算机节点中的任一计算机节点;A1. Deploy a VPN service in a VPN gateway node i, and create a network name space, where the VPN gateway node i is any computer node among the K computer nodes;

A2、通过预先预留的私有IP地址接入目标虚拟私有网络;A2. Access the target virtual private network through the pre-reserved private IP address;

A3、基于所述目标虚拟私有网络将预设外部虚拟IP地址VIP引入所述VPN网关节点i对应的所述网络命名空间。A3. Based on the target virtual private network, introduce a preset external virtual IP address VIP into the network namespace corresponding to the VPN gateway node i.

具体实现中,预设外部虚拟IP地址可以预先设置或者系统默认。云服务系统可以通过预先预留的私有IP地址接入目标虚拟私有网络,基于该目标虚拟私有网络将预设外部虚拟IP地址VIP引入VPN网关节点i对应的网络命名空间。以任一VPN网关节点i为例,该VPN网关节点i为K个计算机节点中的任一计算机节点,在VPN网关节点i中部署VPN服务,并创建网络命名空间,通过预先预留的私有IP地址接入目标虚拟私有网络,并基于该目标虚拟私有网络实现将预设外部虚拟IP地址VIP引入VPN网关节点i对应的网络命名空间。In specific implementation, the preset external virtual IP address can be preset or system default. The cloud service system can access the target virtual private network through a pre-reserved private IP address, and based on the target virtual private network, introduce the preset external virtual IP address VIP into the network namespace corresponding to the VPN gateway node i. Take any VPN gateway node i as an example. The VPN gateway node i is any computer node among the K computer nodes. VPN service is deployed in the VPN gateway node i, and a network namespace is created, through the pre-reserved private IP The address is connected to the target virtual private network, and based on the target virtual private network, the preset external virtual IP address VIP is introduced into the network namespace corresponding to the VPN gateway node i.

在一个可能的示例中,所述VPN网关节点i中被设置SNAT规则。In a possible example, SNAT rules are set in the VPN gateway node i.

具体实现中,SNAT是源地址转换,其作用是将IP数据包的源地址转换成另外一个地址,其中,网关节点i可以设置SNAT规则,设置SNAT规则后的能够实现SNAT相应的功能。In specific implementation, SNAT is source address translation, and its function is to convert the source address of an IP packet into another address. Among them, gateway node i can set SNAT rules, and SNAT can implement corresponding functions after setting SNAT rules.

具体实现中,SNAT用于实现源地址转换,DNAT用于实现目标地址转换。两者都是地址转换的功能,将私有地址转换为公网地址。内部地址要访问公网上的服务时(如web访问),内部地址会主动发起连接,由路由器或者防火墙上的网关对内部地址做个地址转换,将内部地址的私有IP转换为公网的公有IP,网关的这个地址转换称为SNAT,其主要用于内部共享IP访问外部,当然,当内部需要提供对外服务时(如对外发布web网站),外部地址发起主动连接,由路由器或者防火墙上的网关接收这个连接,然后将连接转换到内部,该过程是由带有公网IP的网关替代内部服务来接收外部的连接,然后,在内部做地址转换,该转换称为DNAT,其主要用于内部服务对外发布。In specific implementation, SNAT is used to implement source address translation, and DNAT is used to implement target address translation. Both are functions of address translation, which convert private addresses to public addresses. When the internal address wants to access the service on the public network (such as web access), the internal address will initiate the connection, and the router or the gateway on the firewall will do an address translation of the internal address, and convert the private IP of the internal address to the public IP of the public network. The address translation of the gateway is called SNAT, which is mainly used for internal shared IP access to the outside. Of course, when the internal needs to provide external services (such as publishing a web site), the external address initiates an active connection, and the gateway on the router or firewall Receive this connection, and then convert the connection to the internal. The process is to replace the internal service with the gateway with the public network IP to receive the external connection, and then do the internal address conversion. This conversion is called DNAT, and it is mainly used internally. The service is released to the outside world.

在一个可能的示例中,具体为:通过iptables技术实现设置所述SNAT规则。In a possible example, it is specifically: implementing the setting of the SNAT rule through iptables technology.

具体实现中,云服务系统可以通过iptables技术实现设置SNAT规则,当然,也可以通过其他技术实现设置SNAT规则。In specific implementation, the cloud service system can implement setting SNAT rules through iptables technology, of course, it can also implement setting SNAT rules through other technologies.

在一个可能的示例中,所述网络命名空间包括第一虚拟网卡和第二虚拟网卡,所述第一虚拟网卡用于作为目标虚拟私有网络的接入口,所述第二虚拟网卡用于作为目标虚拟私有网络的输出口。In a possible example, the network namespace includes a first virtual network card and a second virtual network card, the first virtual network card is used as an access port of a target virtual private network, and the second virtual network card is used as a target The output port of the virtual private network.

具体实现中,网络命名空间可以包括第一虚拟网卡(IN)和第二虚拟网卡(EX),其中,第一虚拟网卡可以用于作为目标虚拟私有网络的接入口,而第二虚拟网卡可以用于作为目标虚拟私有网络的输出口,相当于能够实现进出功能。In a specific implementation, the network namespace can include a first virtual network card (IN) and a second virtual network card (EX), where the first virtual network card can be used as the access port of the target virtual private network, and the second virtual network card can be used As the output port of the target virtual private network, it is equivalent to being able to realize the access function.

在一个可能的示例中,所述第一虚拟网卡配置有第一私有网络地址和第一公网VIP地址,第二虚拟网卡配置有第二私有网络地址和第二公网VIP地址In a possible example, the first virtual network card is configured with a first private network address and a first public network VIP address, and the second virtual network card is configured with a second private network address and a second public network VIP address

其中,第一虚拟网卡可以配置可以有第一私有网络地址和第一公网VIP(public VIP)地址。相应地,第二虚拟网卡可以配置有第二私有网络地址和第二公网VIP(public VIP)地址,如此,可以用于实现访问VIP的数据包下一跳功能。The first virtual network card may be configured with a first private network address and a first public network VIP (public VIP) address. Correspondingly, the second virtual network card can be configured with a second private network address and a second public network VIP (public VIP) address, so that it can be used to implement the next hop function of the data packet to access the VIP.

在一个可能的示例中,通过所述第一虚拟网卡接入所述目标虚拟私有网络。In a possible example, the target virtual private network is accessed through the first virtual network card.

具体实现中,云服务系统能够通过第一虚拟网卡IN接入目标虚拟私有网络。In specific implementation, the cloud service system can access the target virtual private network through the first virtual network card IN.

在一个可能的示例中,通过容器手段或者虚拟机手段所述第一虚拟网卡接入所述目标虚拟私有网络。In a possible example, the first virtual network card accesses the target virtual private network by means of a container or a virtual machine.

具体实现中,云服务系统能够通过容器手段或者虚拟机手段将第一虚拟网卡接入所述目标虚拟私有网络,当然,也可以采用其他手段,在此不再赘述。In specific implementation, the cloud service system can connect the first virtual network card to the target virtual private network through a container means or a virtual machine means. Of course, other means can also be used, which will not be repeated here.

在一个可能的示例中,通过所述SNAT规则实现将所述第一虚拟网卡发送出去的数据包源IP地址转换为私有IP地址。In a possible example, the source IP address of the data packet sent by the first virtual network card is converted into a private IP address through the SNAT rule.

具体实现中,SNAT可以用于实现源地址切换功能,基于此,云服务系统能够通过SNAT规则实现将第一虚拟网卡发送出去的数据包源IP地址转换为私有IP地址。In specific implementation, SNAT can be used to implement the source address switching function. Based on this, the cloud service system can convert the source IP address of the data packet sent by the first virtual network card into a private IP address through the SNAT rule.

在一个可能的示例中,所述K个计算机节点中包括主机VPN网关。In a possible example, the K computer nodes include a host VPN gateway.

具体实现中,K个计算机节点对应的VPN网关中可以包括主机VPN网关,其可以用于控制其他VPN网关,或者,可以为具备高优先级使用的VPN网关。In a specific implementation, the VPN gateways corresponding to the K computer nodes may include a host VPN gateway, which may be used to control other VPN gateways, or may be a VPN gateway with high priority use.

在一个可能的示例中,所述主机VPN网关包括主机网络命名空间。In a possible example, the host VPN gateway includes a host network namespace.

当然,主机VPN网关可以对应主机网络命名空间,具体实现中,可以优先建立主机对应的主机网络命名空间。Of course, the host VPN gateway can correspond to the host network namespace, and in specific implementation, the host network namespace corresponding to the host can be established first.

在一个可能的示例中,所述主机网络命名空间内配置直连路由,所述直连路由能够用于将访问VIP的数据包的下一跳指向所述第二虚拟网卡。In a possible example, a direct connection route is configured in the host network namespace, and the direct connection route can be used to point the next hop of the data packet accessing the VIP to the second virtual network card.

具体实现中,主机网络命名空间内可以配置直连路由,直连路由能够直接实现数据转发,即该直连路由能够用于将访问VIP的数据包的下一跳指向第二虚拟网卡EX。In specific implementation, a direct connection route can be configured in the host network namespace, and the direct connection route can directly implement data forwarding, that is, the direct connection route can be used to point the next hop of the data packet accessing the VIP to the second virtual network card EX.

举例说明下,如图1D所示,VPN网关中,网络命名空间内创建两张虚拟网卡IN(第一虚拟网卡)和虚拟网卡EX(第二虚拟网卡)(使用虚拟veth对),并分别配置私有网络地址和公网VIP地址,具体步骤如下:For example, as shown in Figure 1D, in the VPN gateway, create two virtual network cards IN (first virtual network card) and virtual network card EX (second virtual network card) (using a virtual veth pair) in the network namespace, and configure them separately Private network address and public network VIP address, the specific steps are as follows:

首先、以将网卡IN接入目标虚拟私有网络(可参考容器或者虚拟机连入方式);First, connect the network card IN to the target virtual private network (refer to the container or virtual machine connection method);

其次、在网络命名空间内设置SNAT规则,将从网卡IN发送出去的数据包源IP转换为私有IP;Second, set SNAT rules in the network namespace to convert the source IP of the data packet sent from the network card IN to a private IP;

然后、在VPN网关主机网络命名空间内配置直连路由,将访问VIP的数据包的下一跳指向网卡EX。Then, configure a direct route in the network namespace of the VPN gateway host, and point the next hop of the data packet that accesses the VIP to the network card EX.

以源IP地址(Src IP)172.16.0.10,目标地址(Dst IP)192.168.1.11为例,其先入隧道,再通过VPN隧道,再通过SNAT规则,得到目标IP地址192.168.1.11。Taking the source IP address (Src IP) 172.16.0.10 and the destination address (Dst IP) 192.168.1.11 as an example, it first enters the tunnel, then passes through the VPN tunnel, and then passes through the SNAT rules to obtain the destination IP address 192.168.1.11.

反之,以源IP地址(Src IP)192.168.1.11,目标地址(Dst IP)172.16.0.10为例,其先DNAT,再通过VPN隧道,再通过出隧道,得到目标IP地址172.16.0.10。Conversely, taking the source IP address (Src IP) 192.168.1.11 and the destination address (Dst IP) 172.16.0.10 as an example, it first DNAT, then passes through the VPN tunnel, and then passes through the out-tunnel to obtain the destination IP address 172.16.0.10.

基于上述所描述的云服务系统,本申请实施例中,其一,通过引入VIP技术,使VPN Client建链的请求转发到不同的VPN网关节点,为分布式方案提供基础支持;其二,使用虚拟网络命名空间技术,作为桥梁连接私有网络和公有网络;其三,使用SNAT源地址转换技术,打通数据包能正常往返,能够在云环境下,针对VPN网络提升数据传输效率。Based on the cloud service system described above, in the embodiments of this application, first, by introducing VIP technology, the VPN Client link establishment request is forwarded to different VPN gateway nodes, providing basic support for the distributed solution; second, using The virtual network namespace technology serves as a bridge to connect private networks and public networks; thirdly, using SNAT source address translation technology, data packets can be normally round-tripped, which can improve data transmission efficiency for VPN networks in a cloud environment.

具体实现中,本申请实施例中,云服务器系统可以预留一部分计算节点作为VPN网关节点,用户的私有网络可以预留一部分地址作为SNAT网关;另外,引入VIP技术提供VPN Client接入转发到不同的VPN网关节点;然后,在VPN网关节点创建网络命名空间,在网络命名空间内:首先、部署VPN服务;其次、通过预留的私有IP地址接入用户的私有网络;然后、将外部VIP引入VPN网关节点的网络命名空间(VIP可通过BGP/OSPF等协议发布);最后、设置SNAT规则(可通过iptables实现)。In specific implementation, in this embodiment of the application, the cloud server system can reserve part of the computing nodes as VPN gateway nodes, and the user’s private network can reserve part of the addresses as SNAT gateways; in addition, VIP technology is introduced to provide VPN Client access and forwarding to different VPN gateway node; then, create a network namespace in the VPN gateway node, in the network namespace: first, deploy the VPN service; secondly, access the user’s private network through the reserved private IP address; then, import the external VIP The network namespace of the VPN gateway node (VIP can be published through BGP/OSPF and other protocols); finally, set up SNAT rules (which can be implemented through iptables).

可以看出,本申请实施例所描述的云服务系统,云服务系统包括P个计算机节点,P为大于1的整数,其中,P个计算机节点中的Q个计算机节点用于作为虚拟专用网络VPN网关节点,Q为小于P且大于1的整数,Q个计算机节点中的K个计算机节点用于作为源地址转换SNAT网关,K为小于或等于Q的正整数,由于将部分计算机节点用于作为VPN网关节点,以及VPN网关节点中至少一个网关被用于作为SNAT网关,如此,一方面,能够保证VPN网关节点在切换过程中,不会让用户感知到断开重连,另一方面,使用SNAT源地址转换技术,打通数据包能正常往返,在保证数据安全性同时 提升数据传输效率。It can be seen that the cloud service system described in the embodiment of the application includes P computer nodes, where P is an integer greater than 1, and among the P computer nodes, Q computer nodes are used as virtual private network VPNs. Gateway node, Q is an integer less than P and greater than 1, K computer nodes in Q computer nodes are used as source address translation SNAT gateways, K is a positive integer less than or equal to Q, because some computer nodes are used as The VPN gateway node and at least one of the VPN gateway nodes are used as SNAT gateways. This way, on the one hand, it can ensure that the VPN gateway node will not allow users to perceive the disconnection and reconnection during the switching process. On the other hand, use The SNAT source address translation technology can open up data packets to go back and forth normally, ensuring data security and improving data transmission efficiency.

请参阅图1E,图1E是本申请实施例提供的一种网络切换控制方法的流程示意图,本实施例中所描述的网络切换控制方法,应用于如图1C所示的系统架构,该网络切换控制方法包括:Please refer to FIG. 1E. FIG. 1E is a schematic flowchart of a network switching control method provided by an embodiment of the present application. The network switching control method described in this embodiment is applied to the system architecture shown in FIG. 1C. The network switching Control methods include:

101、获取主VPN网关节点的目标运行参数集,所述主VPN网关节点为所述Q个计算机节点中的一个计算机节点。101. Obtain a target operating parameter set of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes.

其中,目标运行参数集可以包括以下至少一个参数:网络速率、网络时延、丢包率、CPU使用率、内存大小等等,在此不做限定,目标运行参数集在一定程度上反映了VPN网关节点的性能,例如,是否出现故障,又例如,运行是否良好等等。云服务器系统可以通过监控平台或者后台程序获取主VPN网关节点的目标运行参数集,该主VPN网关节点可以为Q个计算机节点中的一个计算机节点。Among them, the target operating parameter set may include at least one of the following parameters: network speed, network delay, packet loss rate, CPU usage, memory size, etc., which are not limited here. The target operating parameter set reflects the VPN to a certain extent. The performance of the gateway node, for example, whether there is a failure, or whether it is running well, and so on. The cloud server system may obtain the target operating parameter set of the main VPN gateway node through a monitoring platform or a background program, and the main VPN gateway node may be one computer node among Q computer nodes.

102、在所述目标运行参数集满足预设条件时,从所述K个计算机节点中确定出备用VPN网关节点。102. When the target operating parameter set meets a preset condition, determine a backup VPN gateway node from the K computer nodes.

其中,备用VPN网关节点与主VPN网关节点为不同的节点,预设条件可以由用户自行设置或者系统默认,例如,至少一个运行参数出现异常。具体实现中,云服务系统可以获取主VPN网关节点的目标运行参数集,该主VPN网关节点为Q个计算机节点中的一个计算机节点。Among them, the backup VPN gateway node and the main VPN gateway node are different nodes, and the preset conditions can be set by the user or the system defaults, for example, at least one operating parameter is abnormal. In specific implementation, the cloud service system can obtain the target operating parameter set of the main VPN gateway node, and the main VPN gateway node is one computer node among the Q computer nodes.

在一个可能的示例中,所述目标运行参数包括多个运行参数;上述步骤101与步骤102之间,还可以包括如下步骤:In a possible example, the target operating parameter includes multiple operating parameters; between the above step 101 and step 102, the following steps may also be included:

B1、对所述多个运行参数中每一运行参数进行评价,得到多个评价值,每一运行参数对应一个评价值;B1. Evaluate each of the multiple operating parameters to obtain multiple evaluation values, each of which corresponds to an evaluation value;

B2、获取所述多个运行参数中每一运行参数对应的权值,得到多个权值;B2. Obtain a weight corresponding to each of the multiple operating parameters to obtain multiple weights;

B3、依据所述多个评价值和所述多个权值进行加权运算,得到目标评价值;B3. Perform a weighting operation based on the multiple evaluation values and the multiple weights to obtain a target evaluation value;

B4、在所述目标评价值处于预设范围时,确定所述目标运行参数集满足所述预设条件。B4. When the target evaluation value is within a preset range, it is determined that the target operating parameter set satisfies the preset condition.

其中,预设范围可以由用户自行设置或者系统默认。具体实现中,云服务系统可以对多个运行参数中每一运行参数进行评价,得到多个评价值,每一运行参数对应一个评价值,可以获取多个运行参数中每一运行参数对应的权值,得到多个权值,依据多个评价值和多个权值进行加权运算,得到目标评价值,并且在目标评价值处于预设范围时,确定所述目标运行参数集满足预设条件,反之,在目标评价值不处于该预设范围时,则可以确定目标运行参数不满足预设条件。Among them, the preset range can be set by the user or the system defaults. In specific implementation, the cloud service system can evaluate each operating parameter among multiple operating parameters, and obtain multiple evaluation values. Each operating parameter corresponds to an evaluation value, and the weight corresponding to each operating parameter of the multiple operating parameters can be obtained. Value, obtain multiple weights, perform weighting operations based on multiple evaluation values and multiple weights to obtain a target evaluation value, and when the target evaluation value is within a preset range, it is determined that the target operating parameter set satisfies the preset condition, Conversely, when the target evaluation value is not within the preset range, it can be determined that the target operating parameter does not meet the preset condition.

在一个可能的示例中,上述步骤102,从所述K个计算机节点中确定出备用VPN网关节点,可以包括如下步骤:In a possible example, the foregoing step 102, determining a backup VPN gateway node from the K computer nodes, may include the following steps:

21、获取用户的目标生理状态参数;21. Obtain the user's target physiological state parameters;

22、确定所述目标生理状态参数对应的目标情绪类型;22. Determine the target emotion type corresponding to the target physiological state parameter;

23、按照预设的计算机节点与情绪类型之间的映射关系,确定所述目标情绪类型对应的目标计算机节点,将该目标计算机节点作为所述备用VPN网关节点,所述目标计算机节点为所述K个计算机节点中的一个计算机节点。23. Determine the target computer node corresponding to the target emotion type according to the preset mapping relationship between the computer node and the emotion type, and use the target computer node as the backup VPN gateway node, and the target computer node is the One of the K computer nodes.

其中,本申请实施例中,生理状态参数可以为用于反映用户生理机能的各种参数,生理状态参数可以为以下至少一种:心率、血压、血温、血脂含量、血糖含量、甲状腺素含量、肾上腺素含量、血小板含量、血氧含量等等,在此不做限定。预设情绪类型可以由用户自行设置或者系统默认。预设情绪类型可以为以下至少一种:沉闷、哭泣、平静、暴躁、兴奋、郁闷等等,在此不做限定。Among them, in the embodiment of the present application, the physiological state parameter may be various parameters used to reflect the physiological function of the user, and the physiological state parameter may be at least one of the following: heart rate, blood pressure, blood temperature, blood lipid content, blood glucose content, thyroxine content , Adrenaline content, platelet content, blood oxygen content, etc., are not limited here. The preset emotion type can be set by the user or the system defaults. The preset emotion type can be at least one of the following: dull, crying, calm, irritable, excited, depressed, etc., which are not limited here.

具体实现中,云服务系统中可以预先存储预设的计算机节点与情绪类型之间的映射关系,云服务系统可以获取用户的目标生理状态参数,生理状态参数在一定程度上反映了情绪类型,进而,可以确定目标生理状态参数对应的目标情绪类型,进一步地,可以按照预设的计算机节点与情绪类型之间的映射关系,确定目标情绪类型对应的目标计算机节点,将该目标计算机节点作为备用VPN网关节点,目标计算机节点为K个计算机节点中的一个计算机节点。In specific implementation, the cloud service system can pre-store the mapping relationship between the preset computer node and the emotion type, and the cloud service system can obtain the user's target physiological state parameters. The physiological state parameters reflect the emotion type to a certain extent, and then , The target emotion type corresponding to the target physiological state parameter can be determined, and further, the target computer node corresponding to the target emotion type can be determined according to the preset mapping relationship between the computer node and the emotion type, and the target computer node can be used as a backup VPN For the gateway node, the target computer node is one of the K computer nodes.

在一个可能的示例中,在所述目标生理状态参数为指定时间段内的心率变化曲线时,上述步骤22,确定所述目标生理状态参数对应的目标情绪类型,可以按照如下方式实施:In a possible example, when the target physiological state parameter is the heart rate change curve within a specified time period, the above step 22, determining the target emotion type corresponding to the target physiological state parameter, can be implemented in the following manner:

221、对所述心率变化曲线进行采样,得到多个心率值;221. Sampling the heart rate change curve to obtain multiple heart rate values;

222、依据所述多个心率值进行均值运算,得到平均心率值;222. Perform an average calculation according to the multiple heart rate values to obtain an average heart rate value;

223、确定所述平均心率值对应的目标心率等级;223. Determine the target heart rate level corresponding to the average heart rate value;

224、按照预设的心率等级与第一情绪值之间的映射关系,确定所述目标心率等级对应的目标第一情绪值;224. Determine the target first emotion value corresponding to the target heart rate level according to the preset mapping relationship between the heart rate level and the first emotion value.

225、依据所述多个心率值进行均方差运算,得到目标均方差;225. Perform a mean square error operation according to the multiple heart rate values to obtain a target mean square error;

226、按照预设的均方差与第二情绪值之间的映射关系,确定所述目标均方差对应的目标第二情绪值;226. Determine the target second emotion value corresponding to the target mean square error according to the preset mapping relationship between the mean square error and the second emotion value.

227、按照预设的心率等级与权值对之间的映射关系,确定所述目标心率等级对应的目标权值对,所述权值对包括第一权值和第二权值,所述第一权值为所述第一情绪值对应的权值,所述第二权值为所述第二情绪值对应的权值;227. Determine a target weight pair corresponding to the target heart rate level according to a preset mapping relationship between the heart rate level and the weight value pair, the weight value pair including a first weight value and a second weight value, and the first weight value A weight value is a weight value corresponding to the first emotion value, and the second weight value is a weight value corresponding to the second emotion value;

228、依据所述目标第一情绪值、所述目标第二情绪值和所述目标权值对进行加权运算,得到最终情绪值;228. Perform a weighted operation according to the target first emotion value, the target second emotion value, and the target weight pair to obtain a final emotion value;

229、按照预设的情绪值与情绪类型之间的映射关系,确定所述目标情绪值对应的所述目标情绪类型。229. Determine the target emotion type corresponding to the target emotion value according to the preset mapping relationship between the emotion value and the emotion type.

其中,指定时间段可以由用户自行设置或者系统默认,云服务系统的存储器中可以预先存储预设的心率等级与第一情绪值之间的映射关系,以及预设的均方差与第二情绪值之间的映射关系,以及预设的心率等级与权值对之间的映射关系,以及预设的情绪值与情绪类型之间的映射关系,上述权值对可以包括第一权值和第二权值,第一权值为第一情绪值对应的权值,第二权值为第二情绪值对应的权值,其中,第一权值与第二权值之和可以为1,且第一权值、第二权值的取值范围均为0~1。本申请实施例中,可以通过心率变化曲线来评估情绪。Among them, the specified time period can be set by the user or the system defaults. The memory of the cloud service system can pre-store the mapping relationship between the preset heart rate level and the first emotion value, as well as the preset mean square error and the second emotion value. The mapping relationship between the preset heart rate level and the weighted value pair, and the preset emotional value and the emotional type mapping relationship, the above weighted value pair may include the first weight and the second The first weight value is the weight value corresponding to the first sentiment value, and the second weight value is the weight value corresponding to the second sentiment value. The sum of the first weight value and the second weight value can be 1, and the first weight value The value ranges of the first weight and the second weight are both 0 to 1. In the embodiment of the present application, the emotion can be evaluated through the heart rate change curve.

具体实现中,云服务系统可以对心率变化曲线进行采样,具体采样方式可以为:均匀采样或者随机采样,得到多个心率值,并且可以依据多个心率值进行均值运算,得到平均心率值,云服务系统中可以预先存储心率值与心率等级之间的映射关系,进而,可以依据该映射关系确定平均心率值对应的目标心率等级,进而,可以按照上述预设的心率等级与第一情绪值之间的映射关系,确定目标心率等级对应的目标第一情绪值,进而,还可以依据多个心率值进行均方差运算,得到目标均方差,并且可以按照预设的均方差与第二情绪值之间的映射关系,确定该目标均方差对应的目标第二情绪值。In specific implementation, the cloud service system can sample the heart rate curve. The specific sampling method can be: uniform sampling or random sampling to obtain multiple heart rate values, and can perform average calculations based on multiple heart rate values to obtain the average heart rate value. The mapping relationship between the heart rate value and the heart rate level can be pre-stored in the service system, and further, the target heart rate level corresponding to the average heart rate value can be determined according to the mapping relationship, and further, can be based on the preset heart rate level and the first emotional value. To determine the target first emotion value corresponding to the target heart rate level. Furthermore, the mean square error operation can be performed based on multiple heart rate values to obtain the target mean square error, and it can be based on the preset mean square deviation and the second emotion value. The mapping relationship between the two determines the target second sentiment value corresponding to the target mean square error.

进一步地,云服务系统还可以按照上述预设的心率等级与权值对之间的映射关系,确定目标心率等级对应的目标权值对,该目标权值对可以包括目标第一权值和目标第一权值,目标第一权值为目标第一情绪值对应的权值,目标第二权值为目标第二情绪值对应的权值,进而,云服务系统可以依据目标第一情绪值、目标第二情绪值、目标第一权值和目标第二权值进行加权运算,得到最终情绪值,具体计算公式如下:Further, the cloud service system can also determine the target weight pair corresponding to the target heart rate level according to the above preset mapping relationship between the heart rate level and the weight value pair, and the target weight value pair may include the target first weight value and the target weight value. The first weight, the target first weight is the weight corresponding to the target first sentiment value, and the target second weight is the weight corresponding to the target second sentiment value. Furthermore, the cloud service system can be based on the target first sentiment value, The target second sentiment value, the target first weight and the target second weight are weighted to obtain the final sentiment value. The specific calculation formula is as follows:

最终情绪值=目标第一情绪值*目标第一权值+目标第二情绪值*目标第二权值Final sentiment value = target first sentiment value * target first weight + target second sentiment value * target second weight

进而,可以按照上述预设的情绪值与情绪类型之间的映射关系,确定目标情绪值对 应的目标情绪类型。其中,上述平均心率反映了用户的心率值,心率的均方差反映了心率稳定性,通过平均心率和均方差两个维度反映了用户的情绪,能够精准确定用户的情绪类型。Furthermore, the target emotion type corresponding to the target emotion value can be determined according to the above preset mapping relationship between the emotion value and the emotion type. Among them, the above average heart rate reflects the user's heart rate value, the mean square error of the heart rate reflects the stability of the heart rate, and the user's emotion is reflected through the two dimensions of the average heart rate and the mean square error, and the user's emotion type can be accurately determined.

103、通过SNAT规则对所述主VPN网关节点以及所述备用VPN网关节点实现主备VPN网关节点切换。103. Implement the switch between the active and standby VPN gateway nodes for the main VPN gateway node and the standby VPN gateway node through SNAT rules.

其中,具体实现中,主VPN网关节点以及备用VPN网关节点中至少有一个VPN网关节点被设置了SNAT规则,进而,可以通过SNAT规则对主VPN网关节点以及备用VPN网关节点实现主备VPN网关节点切换。Among them, in the specific implementation, at least one VPN gateway node of the main VPN gateway node and the backup VPN gateway node is set with SNAT rules, and further, the main VPN gateway node and the backup VPN gateway node can be implemented through the SNAT rules to realize the active and backup VPN gateway nodes Switch.

具体实现中,本申请实施例中所描述的网络切换控制方法可以由云服务系统中的至少一个服务器来执行,或者,由该云服务系统的控制器来执行,在此不做限定。In specific implementation, the network switching control method described in the embodiment of the present application may be executed by at least one server in the cloud service system, or executed by the controller of the cloud service system, which is not limited herein.

可以看出,本申请实施例所描述的网络切换控制方法,应用于云服务系统,云服务系统包括P个计算机节点,P为大于1的整数,其中,P个计算机节点中的Q个计算机节点用于作为虚拟专用网络VPN网关节点,Q为小于P且大于1的整数,Q个计算机节点中的K个计算机节点用于作为源地址转换SNAT网关,K为小于或等于Q的正整数,基于该云服务系统,获取主VPN网关节点的目标运行参数集,主VPN网关节点为Q个计算机节点中的一个计算机节点,在目标运行参数集满足预设条件时,从K个计算机节点中确定出备用VPN网关节点,通过SNAT规则对主VPN网关节点以及备用VPN网关节点实现主备VPN网关节点切换,由于将部分计算机节点用于作为VPN网关节点,以及VPN网关节点中至少一个网关被用于作为SNAT网关,如此,一方面,能够保证VPN网关节点在切换过程中,不会让用户感知到断开重连,另一方面,使用SNAT源地址转换技术,打通数据包能正常往返,在保证数据安全性同时提升数据传输效率。It can be seen that the network switching control method described in the embodiments of the present application is applied to a cloud service system. The cloud service system includes P computer nodes, where P is an integer greater than 1, and among the P computer nodes, Q computer nodes Used as a virtual private network VPN gateway node, Q is an integer less than P and greater than 1, K computer nodes in Q computer nodes are used as source address translation SNAT gateways, K is a positive integer less than or equal to Q, based on The cloud service system obtains the target operating parameter set of the main VPN gateway node. The main VPN gateway node is a computer node among the Q computer nodes. When the target operating parameter set meets the preset conditions, it is determined from the K computer nodes The backup VPN gateway node, through the SNAT rules, the main VPN gateway node and the backup VPN gateway node are switched between the active and standby VPN gateway nodes. Because some computer nodes are used as VPN gateway nodes, and at least one of the VPN gateway nodes is used as The SNAT gateway, on the one hand, can ensure that the VPN gateway node will not allow users to perceive the disconnection and reconnection during the switching process. On the other hand, the SNAT source address translation technology is used to open up data packets to and from the normal, ensuring data Security also improves data transmission efficiency.

以下是实施上述网络切换控制方法的装置,具体如下:The following is a device for implementing the above-mentioned network switching control method, which is specifically as follows:

与上述一致地,请参阅图2,图2是本申请实施例提供的一种服务器,包括:处理器和存储器;以及一个或多个程序,所述一个或多个程序被存储在所述存储器中,并且被配置成由所述处理器执行,服务器可以为图1C所示的云服务系统中的任一服务器,所述程序包括用于执行以下步骤的指令:Consistent with the above, please refer to FIG. 2. FIG. 2 is a server provided by an embodiment of the present application, including: a processor and a memory; and one or more programs, and the one or more programs are stored in the memory. And is configured to be executed by the processor, the server may be any server in the cloud service system shown in FIG. 1C, and the program includes instructions for executing the following steps:

获取主VPN网关节点的目标运行参数集,所述主VPN网关节点为所述Q个计算机节点中的一个计算机节点;Acquiring a target operating parameter set of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes;

在所述目标运行参数集满足预设条件时,从所述K个计算机节点中确定出备用VPN网关节点;When the target operating parameter set meets a preset condition, determine a backup VPN gateway node from the K computer nodes;

通过SNAT规则对所述主VPN网关节点以及所述备用VPN网关节点实现主备VPN网关节点切换。The main VPN gateway node and the standby VPN gateway node are switched between the main VPN gateway node and the standby VPN gateway node through SNAT rules.

可以看出,本申请实施例所描述的服务器,该服务器为云服务系统中的任一计算机节点,云服务系统包括P个计算机节点,P为大于1的整数,其中,P个计算机节点中的Q个计算机节点用于作为虚拟专用网络VPN网关节点,Q为小于P且大于1的整数,Q个计算机节点中的K个计算机节点用于作为源地址转换SNAT网关,K为小于或等于Q的正整数,基于该云服务系统,获取主VPN网关节点的目标运行参数集,主VPN网关节点为Q个计算机节点中的一个计算机节点,在目标运行参数集满足预设条件时,从K个计算机节点中确定出备用VPN网关节点,通过SNAT规则对主VPN网关节点以及备用VPN网关节点实现主备VPN网关节点切换,由于将部分计算机节点用于作为VPN网关节点,以及VPN网关节点中至少一个网关被用于作为SNAT网关,如此,一方面,能够保证VPN网关节点在切换过程中,不会让用户感知到断开重连,另一方面,使用SNAT源地址转换技术,打通数据包能正常往返,在保证数据安全性同时提升数据传输 效率。It can be seen that the server described in the embodiment of the present application is any computer node in the cloud service system. The cloud service system includes P computer nodes, where P is an integer greater than 1, and among the P computer nodes, Q computer nodes are used as virtual private network VPN gateway nodes, Q is an integer less than P and greater than 1, K computer nodes in Q computer nodes are used as source address translation SNAT gateways, K is less than or equal to Q A positive integer, based on the cloud service system, obtain the target operating parameter set of the main VPN gateway node. The main VPN gateway node is a computer node among Q computer nodes. When the target operating parameter set meets the preset conditions, the target operating parameter set from K computers The backup VPN gateway node is determined in the nodes, and the main VPN gateway node and the backup VPN gateway node are switched through SNAT rules. Because some computer nodes are used as VPN gateway nodes and at least one of the VPN gateway nodes It is used as a SNAT gateway. In this way, on the one hand, it can ensure that the VPN gateway node will not allow users to perceive the disconnection and reconnection during the switching process. On the other hand, using the SNAT source address translation technology, the data packets can be normally round-tripped. , To improve data transmission efficiency while ensuring data security.

在一个可能的示例中,所述目标运行参数包括多个运行参数;所述程序还包括用于执行以下步骤的指令:In a possible example, the target operating parameters include multiple operating parameters; the program further includes instructions for executing the following steps:

对所述多个运行参数中每一运行参数进行评价,得到多个评价值,每一运行参数对应一个评价值;Evaluate each operating parameter of the multiple operating parameters to obtain multiple evaluation values, and each operating parameter corresponds to an evaluation value;

获取所述多个运行参数中每一运行参数对应的权值,得到多个权值;Acquiring a weight corresponding to each of the multiple operating parameters to obtain multiple weights;

依据所述多个评价值和所述多个权值进行加权运算,得到目标评价值;Performing a weighting operation according to the plurality of evaluation values and the plurality of weights to obtain a target evaluation value;

在所述目标评价值处于预设范围时,确定所述目标运行参数集满足所述预设条件。When the target evaluation value is within a preset range, it is determined that the target operating parameter set satisfies the preset condition.

上述主要从方法侧执行过程的角度对本申请实施例的方案进行了介绍。可以理解的是,服务器为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所提供的实施例描述的各示例的单元及算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。The foregoing mainly introduces the solution of the embodiment of the present application from the perspective of the execution process on the method side. It can be understood that, in order to implement the above-mentioned functions, the server includes hardware structures and/or software modules corresponding to each function. Those skilled in the art should easily realize that in combination with the units and algorithm steps of the examples described in the embodiments provided herein, this application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.

本申请实施例可以根据上述方法示例对服务器进行功能单元的划分,例如,可以对应各个功能划分各个功能单元,也可以将两个或两个以上的功能集成在一个处理单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。需要说明的是,本申请实施例中对单元的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiment of the present application may divide the server into functional units according to the foregoing method examples. For example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit. It should be noted that the division of units in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.

请参阅图3,图3是本实施例提供的一种网络切换控制装置的结构示意图。该网络切换控制装置应用于如图1C所示的云服务系统,所述装置包括:获取单元301、确定单元302和切换单元303,其中,Please refer to FIG. 3, which is a schematic structural diagram of a network handover control device provided in this embodiment. The network switching control device is applied to the cloud service system as shown in FIG. 1C, and the device includes: an acquiring unit 301, a determining unit 302, and a switching unit 303, wherein,

所述获取单元301,用于获取主VPN网关节点的目标运行参数,所述主VPN网关节点为所述Q个计算机节点中的一个计算机节点;The obtaining unit 301 is configured to obtain target operating parameters of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes;

所述确定单元302,用于在所述目标运行参数满足预设条件时,从所述K个计算机节点中确定出备用VPN网关节点;The determining unit 302 is configured to determine a backup VPN gateway node from the K computer nodes when the target operating parameter meets a preset condition;

所述切换单元303,用于通过SNAT规则对所述主VPN网关节点以及所述备用VPN网关节点实现主备VPN网关节点切换。The switching unit 303 is configured to switch between the main VPN gateway node and the backup VPN gateway node through SNAT rules.

可以看出,本申请实施例所描述的网络切换控制装置,其应用于云服务系统,云服务系统包括P个计算机节点,P为大于1的整数,其中,P个计算机节点中的Q个计算机节点用于作为虚拟专用网络VPN网关节点,Q为小于P且大于1的整数,Q个计算机节点中的K个计算机节点用于作为源地址转换SNAT网关,K为小于或等于Q的正整数,基于该云服务系统,获取主VPN网关节点的目标运行参数集,主VPN网关节点为Q个计算机节点中的一个计算机节点,在目标运行参数集满足预设条件时,从K个计算机节点中确定出备用VPN网关节点,通过SNAT规则对主VPN网关节点以及备用VPN网关节点实现主备VPN网关节点切换,由于将部分计算机节点用于作为VPN网关节点,以及VPN网关节点中至少一个网关被用于作为SNAT网关,如此,一方面,能够保证VPN网关节点在切换过程中,不会让用户感知到断开重连,另一方面,使用SNAT源地址转换技术,打通数据包能正常往返,在保证数据安全性同时提升数据传输效率。It can be seen that the network switching control device described in the embodiment of the present application is applied to a cloud service system. The cloud service system includes P computer nodes, where P is an integer greater than 1, and among the P computer nodes, Q computers A node is used as a virtual private network VPN gateway node, Q is an integer less than P and greater than 1, K computer nodes among Q computer nodes are used as source address translation SNAT gateways, K is a positive integer less than or equal to Q, Based on the cloud service system, the target operating parameter set of the main VPN gateway node is obtained. The main VPN gateway node is a computer node among Q computer nodes. When the target operating parameter set meets the preset conditions, it is determined from K computer nodes A backup VPN gateway node is generated, and the main VPN gateway node and the backup VPN gateway node are switched through SNAT rules. Because some computer nodes are used as VPN gateway nodes, and at least one of the VPN gateway nodes is used for As a SNAT gateway, this way, on the one hand, it can ensure that the VPN gateway node will not allow users to perceive the disconnection and reconnection during the switching process. Data security also improves data transmission efficiency.

在一个可能的示例中,所述目标运行参数包括多个运行参数;所述确定单元302还具体用于:In a possible example, the target operating parameter includes multiple operating parameters; the determining unit 302 is further specifically configured to:

对所述多个运行参数中每一运行参数进行评价,得到多个评价值,每一运行参数对 应一个评价值;Evaluate each operating parameter among the multiple operating parameters to obtain multiple evaluation values, and each operating parameter corresponds to an evaluation value;

获取所述多个运行参数中每一运行参数对应的权值,得到多个权值;Acquiring a weight corresponding to each of the multiple operating parameters to obtain multiple weights;

依据所述多个评价值和所述多个权值进行加权运算,得到目标评价值;Performing a weighting operation according to the plurality of evaluation values and the plurality of weights to obtain a target evaluation value;

在所述目标评价值处于预设范围时,确定所述目标运行参数集满足所述预设条件。When the target evaluation value is within a preset range, it is determined that the target operating parameter set satisfies the preset condition.

可以理解的是,本实施例的网络切换控制装置的各程序模块的功能可根据上述方法实施例中的方法具体实现,其具体实现过程可以参照上述方法实施例的相关描述,此处不再赘述。It is understandable that the functions of the program modules of the network handover control apparatus of this embodiment can be specifically implemented according to the method in the above method embodiment, and the specific implementation process can refer to the relevant description of the above method embodiment, and will not be repeated here. .

本申请实施例还提供一种计算机存储介质,其中,该计算机存储介质存储用于电子数据交换的计算机程序,该计算机程序使得计算机执行如上述方法实施例中记载的任何一种网络切换控制方法的部分或全部步骤。An embodiment of the present application also provides a computer storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, and the computer program enables a computer to execute any of the network switching control methods described in the above method embodiments. Part or all of the steps.

本申请实施例还提供一种计算机程序产品,所述计算机程序产品包括存储了计算机程序的非瞬时性计算机可读存储介质,所述计算机程序可操作来使计算机执行如上述方法实施例中记载的任何一种网络切换控制方法的部分或全部步骤。The embodiments of the present application also provide a computer program product, the computer program product includes a non-transitory computer-readable storage medium storing a computer program, and the computer program is operable to cause a computer to execute the method described in the foregoing method embodiment Part or all of the steps of any kind of network switching control method.

需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的动作顺序的限制,因为依据本申请,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本申请所必须的。It should be noted that for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should know that this application is not limited by the described sequence of actions. Because according to this application, some steps can be performed in other order or at the same time. Secondly, those skilled in the art should also be aware that the embodiments described in the specification are all preferred embodiments, and the involved actions and modules are not necessarily required by this application.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own focus. For parts that are not described in detail in an embodiment, reference may be made to related descriptions of other embodiments.

在本申请所提供的几个实施例中,应该理解到,所揭露的装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed device may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件程序模块的形式实现。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be realized in the form of hardware or software program module.

所述集成的单元如果以软件程序模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储器中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储器中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储器包括:U盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software program module and sold or used as an independent product, it can be stored in a computer readable memory. Based on this understanding, the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory, A number of instructions are included to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned memory includes: U disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), mobile hard disk, magnetic disk, or optical disk and other media that can store program codes.

本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储器中,存储器 可以包括:闪存盘、ROM、RAM、磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above-mentioned embodiments can be completed by a program instructing relevant hardware. The program can be stored in a computer-readable memory, and the memory can include: a flash disk , ROM, RAM, magnetic disk or CD, etc.

以上对本申请实施例进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。The embodiments of the application are described in detail above, and specific examples are used in this article to illustrate the principles and implementation of the application. The descriptions of the above examples are only used to help understand the methods and core ideas of the application; at the same time, for Persons of ordinary skill in the art, based on the idea of the application, will have changes in the specific implementation and the scope of application. In summary, the content of this specification should not be construed as limiting the application.

Claims (20)

一种云服务系统,其特征在于,所述云服务系统包括P个计算机节点,所述P为大于1的整数,其中,A cloud service system, characterized in that, the cloud service system includes P computer nodes, where P is an integer greater than 1, wherein, 所述P个计算机节点中的Q个计算机节点用于作为虚拟专用网络VPN网关节点,所述Q为小于所述P且大于1的整数;Q of the P computer nodes are used as virtual private network VPN gateway nodes, and the Q is an integer less than the P and greater than 1; 所述Q个计算机节点中的K个计算机节点用于作为源地址转换SNAT网关,所述K为小于或等于所述Q的正整数。The K computer nodes among the Q computer nodes are used as source address translation SNAT gateways, and the K is a positive integer less than or equal to the Q. 根据权利要求1所述的云服务系统,其特征在于,所述云服务系统通过VIP技术提供VPN客户端接入转发到不同的VPN网关节点。The cloud service system according to claim 1, wherein the cloud service system provides VPN client access and forwarding to different VPN gateway nodes through VIP technology. 根据权利要求1或2所述的云服务系统,其特征在于,所述K个计算机节点中的至少一个VPN网关节点用于创建网络命名空间。The cloud service system according to claim 1 or 2, wherein at least one VPN gateway node among the K computer nodes is used to create a network name space. 根据权利要求3所述的云服务系统,其特征在于,所述K个计算机节点中的至少一个VPN网关节点用于创建网络命名空间,所述云服务系统具体用于:The cloud service system according to claim 3, wherein at least one VPN gateway node among the K computer nodes is used to create a network name space, and the cloud service system is specifically used to: 在VPN网关节点i中部署VPN服务,并创建网络命名空间,所述VPN网关节点i为所述K个计算机节点中的任一计算机节点;Deploy a VPN service in a VPN gateway node i, and create a network name space, where the VPN gateway node i is any computer node among the K computer nodes; 通过预先预留的私有IP地址接入目标虚拟私有网络;Access the target virtual private network through the pre-reserved private IP address; 基于所述目标虚拟私有网络将预设外部虚拟IP地址VIP引入所述VPN网关节点i对应的所述网络命名空间。Based on the target virtual private network, a preset external virtual IP address VIP is introduced into the network namespace corresponding to the VPN gateway node i. 根据权利要求4所述的云服务系统,其特征在于,所述VPN网关节点i中被设置SNAT规则。The cloud service system according to claim 4, wherein SNAT rules are set in the VPN gateway node i. 根据权利要求5所述的云服务系统,其特征在于,具体为:通过iptables技术实现设置所述SNAT规则。The cloud service system according to claim 5, characterized in that it specifically includes: setting the SNAT rule through iptables technology. 根据权利要求4-6任一项所述的云服务系统,其特征在于,所述网络命名空间包括第一虚拟网卡和第二虚拟网卡,所述第一虚拟网卡用于作为所述目标虚拟私有网络的接入口,所述第二虚拟网卡用于作为所述目标虚拟私有网络的输出口。The cloud service system according to any one of claims 4-6, wherein the network namespace includes a first virtual network card and a second virtual network card, and the first virtual network card is used as the target virtual private The access port of the network, and the second virtual network card is used as the output port of the target virtual private network. 根据权利要求7所述的云服务系统,其特征在于,所述第一虚拟网卡配置有第一私有网络地址和第一公网VIP地址;第二虚拟网卡配置有第二私有网络地址和第二公网VIP地址。The cloud service system according to claim 7, wherein the first virtual network card is configured with a first private network address and a first public network VIP address; the second virtual network card is configured with a second private network address and a second private network address. Public network VIP address. 根据权利要求7或8所述的云服务系统,其特征在于,通过所述第一虚拟网卡实现接入所述目标虚拟私有网络。The cloud service system according to claim 7 or 8, wherein access to the target virtual private network is achieved through the first virtual network card. 根据权利要求7-9任一项所述的云服务系统,其特征在于,通过容器手段或者虚拟机手段将所述第一虚拟网卡接入所述目标虚拟私有网络。The cloud service system according to any one of claims 7-9, wherein the first virtual network card is connected to the target virtual private network by means of a container or a virtual machine. 根据权利要求7-10任一项所述的云服务系统,其特征在于,通过所述SNAT规则实现将所述第一虚拟网卡发送出去的数据包源IP地址转换为私有IP地址。The cloud service system according to any one of claims 7-10, wherein the source IP address of the data packet sent by the first virtual network card is converted into a private IP address through the SNAT rule. 根据权利要求7-11任一项所述的云服务系统,其特征在于,所述K个计算机节点中包括主机VPN网关。The cloud service system according to any one of claims 7-11, wherein the K computer nodes include a host VPN gateway. 根据权利要求12所述的云服务系统,其特征在于,所述主机VPN网关包括主机网络命名空间。The cloud service system according to claim 12, wherein the host VPN gateway includes a host network namespace. 根据权利要求13所述的云服务系统,其特征在于,所述主机网络命名空间内配置直连路由,所述直连路由能够用于将访问VIP的数据包的下一跳指向所述第二虚拟网卡。The cloud service system according to claim 13, wherein a direct connection route is configured in the host network namespace, and the direct connection route can be used to direct the next hop of the data packet accessing the VIP to the second Virtual network card. 一种网络切换控制方法,其特征在于,应用于如权利要求1-14任一项权所述的云服务系统,所述方法包括:A network handover control method, characterized in that it is applied to the cloud service system according to any one of claims 1-14, and the method comprises: 获取主VPN网关节点的目标运行参数集,所述主VPN网关节点为所述Q个计算机 节点中的一个计算机节点;Acquiring a target operating parameter set of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes; 在所述目标运行参数集满足预设条件时,从所述K个计算机节点中确定出备用VPN网关节点;When the target operating parameter set meets a preset condition, determine a backup VPN gateway node from the K computer nodes; 通过SNAT规则对所述主VPN网关节点以及所述备用VPN网关节点实现主备VPN网关节点切换。The main VPN gateway node and the standby VPN gateway node are switched between the main VPN gateway node and the standby VPN gateway node through SNAT rules. 根据权利要求15所述的方法,其特征在于,所述目标运行参数包括多个运行参数;所述方法还包括:The method according to claim 15, wherein the target operating parameter includes a plurality of operating parameters; the method further comprises: 对所述多个运行参数中每一运行参数进行评价,得到多个评价值,每一运行参数对应一个评价值;Evaluate each operating parameter of the multiple operating parameters to obtain multiple evaluation values, and each operating parameter corresponds to an evaluation value; 获取所述多个运行参数中每一运行参数对应的权值,得到多个权值;Acquiring a weight corresponding to each of the multiple operating parameters to obtain multiple weights; 依据所述多个评价值和所述多个权值进行加权运算,得到目标评价值;Performing a weighting operation according to the plurality of evaluation values and the plurality of weights to obtain a target evaluation value; 在所述目标评价值处于预设范围时,确定所述目标运行参数集满足所述预设条件。When the target evaluation value is within a preset range, it is determined that the target operating parameter set satisfies the preset condition. 一种网络切换控制装置,其特征在于,应用于如权利要求1-14任一项权所述的云服务系统,所述装置包括:获取单元、确定单元和切换单元,其中,A network switching control device, characterized in that it is applied to the cloud service system according to any one of claims 1-14, and the device includes: an acquisition unit, a determination unit, and a switching unit, wherein: 所述获取单元,用于获取主VPN网关节点的目标运行参数,所述主VPN网关节点为所述Q个计算机节点中的一个计算机节点;The obtaining unit is configured to obtain target operating parameters of a main VPN gateway node, where the main VPN gateway node is one of the Q computer nodes; 所述确定单元,用于在所述目标运行参数满足预设条件时,从所述K个计算机节点中确定出备用VPN网关节点;The determining unit is configured to determine a backup VPN gateway node from the K computer nodes when the target operating parameter meets a preset condition; 所述切换单元,用于通过SNAT规则对所述主VPN网关节点以及所述备用VPN网关节点实现主备VPN网关节点切换。The switching unit is configured to switch between the primary VPN gateway node and the backup VPN gateway node through SNAT rules. 一种服务器,其特征在于,包括处理器、存储器、通信接口,以及一个或多个程序,所述一个或多个程序被存储在所述存储器中,并且被配置由所述处理器执行,所述程序包括用于执行如权利要求15或16任一项所述的方法中的步骤的指令。A server, characterized by comprising a processor, a memory, a communication interface, and one or more programs, the one or more programs are stored in the memory and configured to be executed by the processor, so The program includes instructions for executing the steps in the method according to any one of claims 15 or 16. 一种计算机可读存储介质,其特征在于,存储用于电子数据交换的计算机程序,其中,所述计算机程序使得计算机执行如权利要求15或16任一项所述的方法。A computer-readable storage medium, characterized by storing a computer program for electronic data exchange, wherein the computer program causes a computer to execute the method according to any one of claims 15 or 16. 一种计算机程序产品,其特征在于,所述计算机程序产品包括存储了计算机程序的非瞬时性计算机可读存储介质,所述计算机程序可操作来使计算机执行如权利要求15或16任一项所述的方法。A computer program product, wherein the computer program product comprises a non-transitory computer-readable storage medium storing a computer program, and the computer program is operable to cause a computer to execute any one of claims 15 or 16 The method described.
PCT/CN2020/095159 2020-06-09 2020-06-09 Cloud service system, network switching control method and related device Ceased WO2021248318A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202080094670.8A CN115004644B (en) 2020-06-09 2020-06-09 Cloud service system, network switching control method and related devices
PCT/CN2020/095159 WO2021248318A1 (en) 2020-06-09 2020-06-09 Cloud service system, network switching control method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/095159 WO2021248318A1 (en) 2020-06-09 2020-06-09 Cloud service system, network switching control method and related device

Publications (1)

Publication Number Publication Date
WO2021248318A1 true WO2021248318A1 (en) 2021-12-16

Family

ID=78846673

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/095159 Ceased WO2021248318A1 (en) 2020-06-09 2020-06-09 Cloud service system, network switching control method and related device

Country Status (2)

Country Link
CN (1) CN115004644B (en)
WO (1) WO2021248318A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114816540A (en) * 2022-03-09 2022-07-29 杭州雾联科技有限公司 Network modification method, system, equipment and computer readable storage medium
CN114826969A (en) * 2022-03-17 2022-07-29 阿里巴巴(中国)有限公司 Network connectivity checking method, device, equipment and storage medium
CN115695180A (en) * 2022-10-28 2023-02-03 北京大学 A private cloud platform and its construction and management method
CN116055541A (en) * 2022-12-29 2023-05-02 北京华耀科技有限公司 Network connection method, device, equipment and medium
CN117081995A (en) * 2023-09-08 2023-11-17 浙江大学 Cloud network service level agreement guarantee method and system based on distributed speed limit strategy

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5371852A (en) * 1992-10-14 1994-12-06 International Business Machines Corporation Method and apparatus for making a cluster of computers appear as a single host on a network
CN101072157A (en) * 2007-06-08 2007-11-14 迈普(四川)通信技术有限公司 Virtual special net load backup system and its establishing method and data forwarding method
CN102843438A (en) * 2012-09-29 2012-12-26 深圳市博瑞得科技有限公司 Method and system for cloud computation node management
CN109922074A (en) * 2019-03-19 2019-06-21 北京百度网讯科技有限公司 Access method and apparatus, management method, the equipment, medium of outband management network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447909A (en) * 2008-12-29 2009-06-03 深圳市深信服电子科技有限公司 VPN network construction method
CN103581324B (en) * 2013-11-11 2016-09-07 中国联合网络通信集团有限公司 A kind of cloud computing resources cell system and implementation method thereof
US10419394B2 (en) * 2016-10-24 2019-09-17 Nubeva, Inc. Providing scalable cloud-based security services
CN107959614B (en) * 2017-10-30 2020-11-10 广东睿江云计算股份有限公司 A method and system for multi-tenant custom networking based on network namespace

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5371852A (en) * 1992-10-14 1994-12-06 International Business Machines Corporation Method and apparatus for making a cluster of computers appear as a single host on a network
CN101072157A (en) * 2007-06-08 2007-11-14 迈普(四川)通信技术有限公司 Virtual special net load backup system and its establishing method and data forwarding method
CN102843438A (en) * 2012-09-29 2012-12-26 深圳市博瑞得科技有限公司 Method and system for cloud computation node management
CN109922074A (en) * 2019-03-19 2019-06-21 北京百度网讯科技有限公司 Access method and apparatus, management method, the equipment, medium of outband management network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YE LI , LI FENG: "VPN Deployment and Security in Campus Network", COMPUTER & NETWORK, vol. 41, no. 14, 26 July 2015 (2015-07-26), pages 49 - 51, XP055878685, ISSN: 1008-1739 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114816540A (en) * 2022-03-09 2022-07-29 杭州雾联科技有限公司 Network modification method, system, equipment and computer readable storage medium
CN114826969A (en) * 2022-03-17 2022-07-29 阿里巴巴(中国)有限公司 Network connectivity checking method, device, equipment and storage medium
CN114826969B (en) * 2022-03-17 2024-02-06 阿里巴巴(中国)有限公司 Network connectivity checking method, device, equipment and storage medium
CN115695180A (en) * 2022-10-28 2023-02-03 北京大学 A private cloud platform and its construction and management method
CN115695180B (en) * 2022-10-28 2024-04-30 北京大学 A private cloud platform and its construction and management method
CN116055541A (en) * 2022-12-29 2023-05-02 北京华耀科技有限公司 Network connection method, device, equipment and medium
CN117081995A (en) * 2023-09-08 2023-11-17 浙江大学 Cloud network service level agreement guarantee method and system based on distributed speed limit strategy

Also Published As

Publication number Publication date
CN115004644A (en) 2022-09-02
CN115004644B (en) 2023-10-03

Similar Documents

Publication Publication Date Title
CN115004644B (en) Cloud service system, network switching control method and related devices
US11003639B2 (en) Database data migration method, apparatus, terminal, system, and storage medium
JP7301125B2 (en) COMMUNICATION CONNECTION METHOD, APPARATUS, COMPUTER DEVICE, AND COMPUTER PROGRAM
CN109862127B (en) A kind of message transmission method and related device
WO2018196468A1 (en) Method, device and terminal for realizing data service
WO2022099946A1 (en) Game data acceleration method and system, and storage medium and electronic device
CN115225634B (en) Data forwarding method, device and computer program product under virtual network
CN112383472A (en) Network transmission method, device, storage medium and electronic equipment
CN108900231A (en) dynamic antenna adjustment method and related product
WO2024113834A1 (en) Path device selection method and apparatus, and electronic device and readable storage medium
CN115941543B (en) Gateway project testing method, device, electronic equipment and storage medium
CN116094963B (en) Traffic duty ratio statistical method and device, electronic equipment and storage medium
CN103140852B (en) Systems and methods for managing memory resources of a wireless handheld computing device
CN115664920A (en) Network communication management method, device, equipment and storage medium of cloud platform
CN115987890B (en) Method, device, electronic equipment and storage medium for cross-cluster access to virtual IP address
WO2020019775A1 (en) Network connection method and related product
CN112153154B (en) A data transmission method and related device
CN115834487A (en) Cross-private cloud service access method, load balancing system and computing equipment
CN119052134B (en) Detection methods, devices, electronic equipment and storage media for cloud service clusters
CN110870289B (en) A method and device for restoring the Internet access of a local area network device
WO2020078183A1 (en) Dns query method and related product
CN115580643A (en) Connection establishing method and device, storage medium and electronic equipment
CN112398704B (en) Virtual network delay calculation method and terminal equipment
CN114095585A (en) Data transmission method, device, storage medium and electronic equipment
WO2025186648A1 (en) Detection method and assembly, cloud environment, electronic device, storage medium and product

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20939634

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20939634

Country of ref document: EP

Kind code of ref document: A1