CN103685310B - A kind of devices and methods therefor that dynamic data injects in Virtual Private Dialup Network - Google Patents
A kind of devices and methods therefor that dynamic data injects in Virtual Private Dialup Network Download PDFInfo
- Publication number
- CN103685310B CN103685310B CN201310731323.3A CN201310731323A CN103685310B CN 103685310 B CN103685310 B CN 103685310B CN 201310731323 A CN201310731323 A CN 201310731323A CN 103685310 B CN103685310 B CN 103685310B
- Authority
- CN
- China
- Prior art keywords
- packet
- unit
- mouth
- classification
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to the device and method that dynamic data injects, a kind of devices and methods therefor that dynamic data injects in Virtual Private Dialup Network.This device includes: string interface unit, the overall situation control unit, classification and matching unit, business unit, back propagation unit.The present invention solves after the internet behavior to Internet user is intervened and returns again to the demand of user.Functional area on this device can realize known data filtering according to forwarding service, and the business that dynamic data injects can also be realized, and the definition of functional area and passback mouth can configure flexibly in overall situation control unit, this motility and extensibility can meet day by day complicated business demand greatly.
Description
Technical field
The present invention relates to the device and method that dynamic data injects, especially a kind of dynamic in Virtual Private Dialup Network
The devices and methods therefor that data are injected.
Background technology
VPDN (Virtual Private Dial-up Network, VPDN), is based on dial user
Virtual Private Dialup Network business, that is surf the Net in the way of dial-up access, by during PSTN transmission data pairs
The package of network data and encryption;VPDN can transmit private data, reach the level of security of private network.It is to utilize IP
The Virtual Private Network of the safety that the bearing function of network combines corresponding certification and licensing scheme is set up, be recently as
The development of Internet technology and a kind of technology of developing rapidly.
The most the more commonly used VPDN business is, the enterprise of enterprise employee on business trip and trans-regional office can be remotely through public affairs
Common network network, being connected with the network of enterprises by virtual encrypted tunnel, the user on public network then cannot be through void
Intend the internal network of this enterprise of channel access;Additionally VPDN business also has some other typical services such as: insurance industry is wireless
Setting loss application, the wireless mobile of power industry are checked meter application etc..Applying at present can at VPDN operational forwarding shunting device
By various efficient querying methods, data stream filtering and forwarding, this apparatus and method can well be solved VPDN
The demand that business is monitored and adds up, but if need to monitor the behavior of Internet user again on same device
Self-defining data can be pushed, i.e. to returning again to user after the online intervention required of Internet user, if any non-to Internet user
The request that the request of method or enterprises are specified needs to monitor but does not abandon the request of user, traditional based on VPDN point
Flow device can not meet this demand.
The structure chart of traditional shunting device is as shown in Figure 1.Wherein, the Internet data of network I is reached point by concatenation mouth
Can only be unidirectional after class matching module export monitoring device by functional area.
The Chinese invention patent application of application number 0213628508 discloses turning of virtual special dialing network business data bag
Forwarding method, utilizes session number to carry out the quick search of corresponding session, quickly navigates to corresponding VPDN data field;By user's
Data, by forwarding after inquiry, can not change the request target of user, can not accomplish the online row of Internet user
For returning again to user after intervening, i.e. can not dynamically self-defining data be injected to user.
Summary of the invention
The problem to be solved in the present invention is can not to realize the internet behavior to Internet user in current VPDN service to carry out
Return again to after intervention to the present situation of user.
In order to solve above-mentioned technical problem, the concrete technical scheme that the present invention proposes is: a kind of for virtual private dialup
The device that in net, dynamic data injects, including: string interface unit 1, the overall situation control unit 2, classification and matching unit 3, business unit
4, back propagation unit 5;
Described string interface unit 1, is that at least one pair of is serially connected between the webserver and switch as series connection flow
Forward mouth;
Described overall situation control unit 2, is by configuration interface configuration service mouth and passback mouth, and configuration needs are redirected to back
Pass rule and the behavior of mouth packet;Initialization flow table;
Described classification and matching unit 3, is the packet receiving string interface unit 1, is forwarded to according to result after rule searching
Business unit 4, string interface unit 1 or back propagation unit 5;Receive the packet of back propagation unit 5, inquiry stream table, analytical data bag
Up-downlink direction, inquire about former port;The port that forwards putting packet is to be sent to go here and there interface unit 1 after the port inquired;
Described business unit 4, is the packet receiving classification and matching unit 3, is turned by packet according to the above results label
It is dealt in specific equipment or other network;
Described back propagation unit 5, is the data receiving classification and matching unit 3, sends data to external server, receives
The packet of external server also delivers a packet to classification and matching unit 3.
Above-mentioned string interface unit 1 is paired;Multipair concatenation mouth can be had with satisfied concatenation multilink on device.
Above-mentioned string interface unit 1, comprises concatenation mouth A and concatenation mouth B, receives the packet of classification and matching unit output, root
It is forwarded to original link from concatenation mouth B and concatenation mouth A respectively according to up-downlink direction.
Above-mentioned overall situation control unit 2 runs on the CPU of apparatus of the present invention, is controlled other unit by data/address bus.
The attribute that above-mentioned overall situation control unit 2 arranges interface by administration interface is functional area or passback mouth, initializes
The space of stream table.In apparatus of the present invention, visible physical interface has suffered in addition to concatenation mouth, management serial ports and management network port, other
All of interface can be functional area or return mouth, and functional area and passback mouth need the definition that user is clear and definite, but one connects
Mouthful can not be passback mouth be also functional area.
Above-mentioned classification and matching unit 3 receives the packet of string interface unit 1 input, and User behavior in stream table, if
Hit is not the most newly-built flows in stream table, rule searching the most again;If the behavior of packet is then set to the behavior of stream by hit;
Classification and matching unit 3 receives the packet of back propagation unit 5 input simultaneously, and whether inquiry stream exists in stream table, if existing
Then needing the up-downlink direction of analytical data bag, inquire about port according to up-downlink direction, the forwarding port of concatenated data bag is for looking into
Ask the port arrived.
Above-mentioned back propagation unit 5 receives from classification and matching unit 3 and the packet that hits ad hoc rule, by described data
Bag sends to external server;Receive the packet of external server transmission to classification and matching unit 3.
The present invention is to be serially connected in original link, it is possible to external server, and this external server is according to different rules
Producing different packets, and beam back in apparatus of the present invention by described packet by passback mouth, apparatus of the present invention are again by dividing
Stream table in class matching unit mates the former port of above-mentioned packet, and stamps the result label of former port to above-mentioned packet,
Finally according to result label, above-mentioned dynamic data bag is sent to original link, be achieved that Virtual private dialup since then
The dynamic data of net injects.
The present invention also provides for a kind of method that dynamic data injects in Virtual Private Dialup Network, and step includes:
Step S1, string interface unit 1 receives the online request of Internet user, and the stream extracting online request data package is special
Levy;
Step S2, classification and matching unit 3 coupling needs the packet being forwarded to return mouth;
Judge whether to exist in stream table according to stream feature, if there is the hit threshold value judging this packet;If not depositing
Then according to described stream feature dynamic creation one stream in stream table, and described newly-built stream is updated in stream table, then inquire about
Rule;
Judging the hits of packet, if more than the hit threshold value of stream, the behavior putting described packet is inquiry stream
Behavior, if less than flowing hit threshold value, needing rule searching;
Hits less than hit thresholding or stream table in non-existent packet, rule searching concentrate three rule-likes,
Three rule-likes are divided into: target rule, L4 rule, L7 rule;
Behavior label result is stamped to packet according to rule query result;
Step S3, passback mouth receives the packet that external server dynamically produces, and inquires about stream table;
Described stream table refers to stream table the most updated in step S2;
Whether inquiry stream table represents, inquire about according to the stream feature of described packet and meet the stream of this feature and deposit in stream table
?;If existing, analyze the up-downlink direction of described packet;If not existing, put the behavior of this packet for abandoning;
Step S4, analyzes up-downlink direction, inquires about port numbers;
Described analysis up-downlink direction represents, if described packet direction is up, then needs to look in above-mentioned stream table
Ask destination interface;If the direction of described packet is descending, then need query source port in above-mentioned stream table;Number described in juxtaposition
The port that forwards according to bag is the destination interface or source port inquired;
Step S5, behavior and forwarding port according to stream deliver a packet to original link.
Technique effect:
As in figure 2 it is shown, when enterprise employee on business trip through public network access enterprises network, enterprises
The Internet data of VPDN can be monitored and intervene by network, the request needs specified if any illegal request or enterprises
Dynamic data injection device and the method for the present invention just can be used when monitoring but do not abandon the request of user.
Compared with prior art, invention increases back propagation unit, after solving the online intervention required to Internet user
Return again to the demand of user.Functional area on this device can realize known data filtering according to forwarding service, and can also
Realize the business that dynamic data injects, and the definition of functional area and passback mouth can configure flexibly in overall situation control unit, this
Plant motility and extensibility can meet day by day complicated business demand greatly.
Accompanying drawing explanation
Fig. 1 is traditional filtration retransmission unit structure chart.
Fig. 2 is the network insertion location drawing of apparatus of the present invention.
Fig. 3 is the present invention structure drawing of device towards the dynamic data injection of VPDN.
Fig. 4 is the present invention construction module figure towards the devices and methods therefor of the dynamic data injection of VPDN.
Fig. 5 is the present invention basic flow sheet towards the devices and methods therefor of the dynamic data injection of VPDN.
Fig. 6 is the present invention detailed data flow chart towards the devices and methods therefor of the dynamic data injection of VPDN.
Detailed description of the invention
The invention will be further described with enforcement below in conjunction with the accompanying drawings.In the following description, reason as space is limited, no longer
Content to some existing common knowledges, repeats including 26S Proteasome Structure and Function.
As in figure 2 it is shown, the present invention provide one be serially connected in the webserver (be called for short: device LNS) and between switch,
Fig. 2 is the present invention network insertion location drawing towards the devices and methods therefor of the dynamic data injection of VPDN.
The structure chart of apparatus of the present invention is as shown in Figure 3.The Internet data of network I reaches classification and matching mould by concatenation mouth
Block, classification and matching module can realize traditional forward filtering, forwards data to monitoring device, moreover it is possible to realizes above-mentioned data to lead to
Cross passback mouth and export external server, and receive data back that external server produces in primitive network.
Fig. 4 is the present invention construction module figure towards the devices and methods therefor of the dynamic data injection of VPDN.
Including the concatenation mouth A in string interface unit 1 and concatenation mouth B, the overall situation control unit 2, classification and matching unit 3, business
Unit 4, back propagation unit 5.
Concatenation mouth A: provide wherein 1 of pair of outer port, in order to connect 2 be concatenated network element device wherein 1,
As concatenation flow forward mouth one of them.
Port A is visible physical interface, can be optical interface or electrical interface, possesses one or multiple velocity ability.
Port A and port B is a pair concatenation mouth, and this belongs to known content, does not repeats them here.
Concatenation mouth B: provide wherein 1 of pair of outer port, in order to connect 2 be concatenated network element device wherein 1,
As concatenation flow forward mouth one of them.
Port B is visible physical interface, can be optical interface or electrical interface, possesses one or multiple velocity ability.
Port B and port A is a pair concatenation mouth, and this belongs to known content, does not repeats them here.
Overall situation control unit 2: provide configuration interface, it is intended which is functional area to the interface on device, which is passback mouth,
Can be with channel of a nand string interface any number of on specified device for passback mouth.
Classification and matching unit 3: receive the data of string interface unit 1, inquires about the feature stream belonging to packet in stream table, as
Really successful inquiring then obtains matching result, if inquiring about rule searching the most again, obtains matching result.
Specifically, receive the packet of string interface unit 1 input, extract stream feature, in stream table, then inquire about this stream
Whether exist.According to the newly-built stream of described Query Result or continuation rule searching.The inquiry successful packet of stream directly obtains and turns
Sending out result, otherwise rule searching obtains forwarding result.
Receive the packet of passback mouth, in stream table, inquire about whether the stream belonging to above-mentioned packet exists, if it does, point
Analyse the up-downlink direction of described packet, and search port numbers, forward raw data packets finally according to forwarding port numbers.This belongs to
Known content, is not described in detail in this.
Business unit 4: receiving the packet of classification and matching unit 3 and forward packet according to the behavior of forwarding, this belongs to public
Content, be not described in detail in this.
Back propagation unit 5: receive the particular data packet of classification and matching unit 3 coupling and forward described packet to external clothes
Business device;Receive packet that external server produces and described packet is forwarded to classification and matching unit 3 carries out behavior knot
Fruit inquiry and up-downgoing analysis.Passback mouth is the most visible port, can be electricity mouth or the light mouth of transmitting-receiving.
If Fig. 5 is the present invention method basic flow sheet towards the dynamic data injection of VPDN.
Step S1, string interface unit 1 receives the online request of Internet user, and the stream extracting online request data package is special
Levy;
Step S2, classification and matching unit 3 coupling needs the packet being forwarded to return mouth;
Judge whether to exist in stream table according to stream feature, if there is the hit threshold value judging this packet;If not depositing
Then according to described stream feature dynamic creation one stream in stream table, and described newly-built stream is updated in stream table, then inquire about
Rule;
Judging the hits of packet, if more than the hit threshold value of stream, the behavior putting described packet is inquiry stream
Behavior, if less than flowing hit threshold value, needing rule searching;
Hits less than hit thresholding or stream table in non-existent packet, rule searching concentrate three rule-likes,
Three rule-likes are divided into: target rule, L4 rule, L7 rule;
Behavior label result is stamped to packet according to rule query result;
Step S3, passback mouth receives the packet that external server dynamically produces, and inquires about stream table;
Described stream table refers to stream table the most updated in step S2;
Whether inquiry stream table represents, inquire about according to the stream feature of described packet and meet the stream of this feature and deposit in stream table
?;If existing, analyze the up-downlink direction of described packet;If not existing, put the behavior of this packet for abandoning;
Step S4, analyzes up-downlink direction, inquires about port numbers;
Described analysis up-downlink direction represents, if described packet direction is up, then needs to look in above-mentioned stream table
Ask destination interface;If the direction of described packet is descending, then need query source port in above-mentioned stream table;Number described in juxtaposition
The port that forwards according to bag is the port inquired;
Step S5, behavior and concatenation mouth according to stream deliver a packet to original link.
Below in conjunction with Fig. 6 as a example by real needs of certain company, the present invention is injected towards the dynamic data of VPDN
Device make exemplary illustration.
As shown in Figure 6, the entitled terminal of user 1, sending domain name (domain) is " www.wiki.com ", and the key of search
The request of data that word is " VPDN " enters apparatus of the present invention from concatenation mouth A.Apparatus of the present invention can will access
The HTTP request message redirecting of " www.wiki.com " scans for in-company wiki server priority, if in public affairs
The result not searching out keyword on wiki within Si just sends the requests to www.wiki.com.Apparatus of the present invention complete with
The method of upper function comprises the steps:
In original state, the router of concatenation mouth A Connected Corp. internal lan, the road of concatenation mouth B Connected Corp. outer net
By device, concatenation mouth C is connected to a station server 1, it is assumed that the ip address of this station server is " 192.168.8.100 ", and this
In-company wiki website is run on server.
User signs in the administration interface of equipment by SSH, and configuration interface C is passback mouth, configures a domain="
Www.wiki.com " rule, the forwarding behavior of this rule is set for " forwarding from interface C.”
Step 6a01, terminal 1 is to " www.wiki.com " initiation HTTP request, and keyword is " VPDN ".Assume terminal 1
IP address is 192.168.8.111, and the gateway of this LAN is 192.168.8.1.
Step 6a02, after concatenation mouth A receives request message, first extracts stream feature, i.e. sip=from packet "
192.168.8.111", dip="192.168.8.1", sport="A", dport="B", protocol="http";Then
Enter step 6a03.
The information of stream list item is as shown in following table table 1, and usual stream is uniquely defined, including protocol type by five-tuple institute
(Protocol), source IP (sip), purpose IP (dip), source port (sport), destination interface (dport).There is identical five-tuple
The packet of feature belongs to same stream.Owing to five-tuple has distinguished source and destination IP, the most such stream has unidirectional spy
Levy.For a complete interaction, its packet will belong to two different streams.The most more company of being concerned with
Connect, the most complete interaction.Connection includes two source IP address, source port exchanges with purpose IP address, destination interface
Stream.For the ease of statement, represent connection, or perhaps bidirectional flow by the concept of stream here.Such stream is by protocol type
Unique definition is carried out with a pair IP, port set.Original state downstream table is empty, original port number, destination slogan and protocol type
Temporarily filling out is 0, and initial IP and purpose IP are temporarily filled out as 0.0.0.0, and the behavior of stream is temporarily filled out as abandoning (drop).Table 1:
Step 6a03, utilizing the stream feature extracted to search stream table, meeting this stream feature if having found in stream table
Stream, then proceed to step 6a04, otherwise enter step 6a05.
Step 6a04, if the stream belonging to packet exists in stream table: the front threshold value of this stream
(matchCounter) individual bag all can rule searching table (going to step 6a07), until can not find out matched rule, or exceed this
Threshold value (matchCounter), the then pass-through mode of the behavior decision follow-up data bag of this user-defined passive flow.Thresholding
Value (matchCounter) is defaulted as 10, user can in order line this value self-defined.
Step 6a05, if being not matched to original port number in stream table is A, destination slogan is B, and initial IP is
192.168.8.111, destination slogan is 192.168.8.1, and protocol type is the stream of http, then stream table in newly-built this
Stream, and update in stream table, subsequently into second layer rule query.Stream table content after renewal see table shown in table 2:
Step 6a06, if stream exists and hits are more than the hit threshold value flowed, the behavior putting inquiry stream is packet
Final behavior.
Step 6a07, does not has the packet of hit in stream table and is less than the packet of threshold value, being required for carrying out second
The rule match of layer.
The rule list that fits through of rule realizes, and the present invention comprises 4 rule sets and 3 rule-likes composition.3 rule-like bags
Include: special object (target) rule, L4 rule, L7 rule.Target rule can combine with L4 or L7 rule, hits the most simultaneously
During the classification list item of target rule and the classification list item of the classification list item of L4 rule or L7 rule are just told the fortune.
Each rule subclass is divided into 4 priority by different matching treatment and pass-through mode, and each priority can set
Put respective data to process and forwarding behavior.20K can be added inside each priority there is the rule of same treatment behavior divide
Class list item (class-entry).
The packet of miss any rule can hit automatically becomes the list item of default, and presses default definition
Behavior processes.
First packet inquires about target rule list, then according to the table of behavior inquiry L4 or L7.By arranging
The default of target rule list determines first to look into L4 or L7.
Target rule comprises two kinds of classification list item: ip and name.Ip be user connect certification success after used upper
Net IP;Name is radius and ppp user name.
Target rule has 1-4 and default priority, and 1 is limit priority, and 4 is lowest priority, default
It it is default priority.It is 20K that each priority can add the capacity of classification list item, and different priorities does not allows to store identical rule
Then, default priority default does not allow configuration rule.
The default behavior of default priority default is loop, and the default behavior of remaining priority is not provided with (UNSET).
The behavior of each priority can configure, and the behavior of target rule can be configured to loop, drop, fw hash, redirect
Hash, to l4, to l7, the most normally forward, abandon, hash forward (normal forwarding is copied contemporaneously to return mouth or delivery outlet),
Redirect (be redirected to delivery outlet or passback mouth), go to L4 rule query, go to L7 rule query.
Shown in L4 rule list item following table table 3, comprise ip, protocol, protocol+port, domain several types
Classification list item.Ip is the ip of packet L2TP internal layer;Protocol in protocol internal layer;Protocol+port is
UDP | TCP}+ port numbers;Domain is the domain name of dns request, is finally that the ip, ip mating domain name corresponding is obtained automatically by equipment
Take the study of dns respond packet to obtain.Under default situations, rule list item is empty, does not the most insert any data.Table 3:
L4 rule has 1-4 and default priority, and 1 is limit priority, and 4 is lowest priority, and default is
Default priority.It is 20K that each priority can add the capacity of classification list item, and default priority does not allow configuration rule, no
Same priority does not allow to store same rule.
The default behavior of default priority default is loop, and the default behavior of remaining priority is not provided with (UNSET).
The behavior of each priority can configure, and the behavior of L4 rule can be configured to loop, drop, fw hash, redirect hash, to
L7, the most normally forwards, abandons, hash forwards, hash redirects, goes to L7 rule query.
The behavior of default priority may be arranged as to l7, goes to L7 rule query.If hit simultaneously is different preferential
Level, takes the forwarding behavior that the highest rule of priority is corresponding.Ip corresponding to dns domain name can move according to the dns packet that equipment receives
State is safeguarded, each domain name at most preserves 256 ip, and the number of the ip of acquisition exceedes this number can cover initially preservation automatically
ip。
L7 rule comprises ud, host, uri, host+uri classification list item.Actively control and PASSIVE SURVEILLANCE is supported the most respectively
Article 128, ud classification list item, every 4 ud, each ud support four bytes.
L7 rule has 1-4 and default priority, and 1 is limit priority, and 4 is lowest priority, and default is
Default priority.It is 20K that each priority can add the capacity of classification list item, and default priority does not allow configuration rule, no
Same priority does not allow to store same rule.
The default behavior of default priority default is loop, and the default behavior of remaining priority is not provided with (UNSET).
The behavior of each priority can configure, and the behavior of L7 rule can be configured to loop, drop, fw hash, redirect hash, to
L4, the most normally forwards, abandons, hash forwards, hash redirects, goes to L4 rule query.
The behavior of default priority may also be configured to l4, forwards L4 rule query to.If hit different priorities simultaneously,
Take the forwarding behavior that the highest rule of priority is corresponding.
Terminal 1 according to the static rule priority match target of user setup rule, due in target rule list item not
Domain name (domain) is mated, and domain name (domian) can be mated by L4 rule, so user can be by target's
Default rule is set to turn to L4, and concrete rule configuration is as follows:
add ruleset 1 control l4: 1 domain= "www.wiki.com"
Owing to company needs to be redirected to the request of " www.wiki.com " wiki of inside, it is necessary at static rule
The behavior that ruleset 1 in above-mentioned rule is forwarded by middle configuration one from passback mouth C, concrete behavior configuration is as follows (false
If the physical interface number in apparatus of the present invention of passback mouth C is 9):
set ruleset 1 control target: default to l4
set ruleset 1 control l4: 1 redirect hash s 9
Behavior forwarding and the corresponding table of rule set, owing to being known content, this place is the most no longer described in detail.
Step 6a08, if the data request packet of terminal 1 matches rule list item in rule set, just by this packet
Behavior is set to the behavior of rule.
Step 6a09, if the request of data of terminal 1 wraps in rule set, it fails to match, puts the behavior of this packet for losing
Abandon.
Step 6b01, the request of data of terminal 1 is sent by passback mouth C and gives the clothes that IP address is 192.168.6.100
Business device 1.Server 1 search key in data base is the data of " VPDN ", and the result inquired is returned to interface C.
Step 6b02, first passback mouth extracts the stream feature of packet, and looks in the stream table described in table 1 after receiving data
Ask stream.If finding the stream meeting feature, forwarding step 6b03 to, otherwise forwarding 6b04 to.
Step 6b03, the packet that server 1 sends back, if there is the stream meeting this packet feature in stream table,
Up-downlink direction firstly the need of analytical data bag.In this example, the request data of terminal 1 is returned after treatment at server 1
The data returned are likely to be up it could also be possible that descending;If have found keyword in the data base of server 1 it is
The information of " VPDN ", then packet is response bag, just for descending;If not finding the keyword to be in the data base of server 1
The information of " VPDN ", then need to back within link by the request of terminal 1, and the packet that now passback mouth C receives is for asking
Seek bag, for up.Shown in the information following table table 4 of packet:
Step 6b04, the packet that server 1 is beamed back is without in stream table, the match is successful, then the behavior putting this bag is
Abandon.
Step 6b05, according to analyzing the result of up-downgoing in step 5,6b03, updates table 4 content.If server 1 is beamed back
The packet come is upstream data, the information the most not finding keyword to be " VPDN ";Then need to look in the stream table shown in table 2
Looking for the original destination slogan of this data bag, have found destination interface in table 2 is B.If the packet that server 1 sends back
For downlink data, i.e. have found the information that keyword is " VPDN ";Then need to search this data bag in the stream table shown in table 2
Be originally inputted port numbers, have found original port in table 2 is A.Table 4 after renewal has two kinds of possibilities, such as following table table 5 and table 6
Shown in.Table 5:
Table 6:
Step 610, forwards packet from particular port according to the forwarding behavior of packet, or abandons.Here
Forwarding behavior can be forwarded to return mouth, it is also possible to be forwarded to concatenate mouth.
In sum, result is: if can find the content of " VPDN " on the server of company, then by in-company
Wiki Web page push returns user side, if do not find the data of " VPDN " in intra-company, will search in www.wiki.com
The request of " VPDN " sends and goes to the website that domain name is www.wiki.com.
In sum, in the present embodiment, user asks to be carried out by the in-company network equipment by the online of VPDN
Intervene, but do not abandon the request of user;And also it is preferential that Client-initiated the Internet request has been carried out internal data
Coupling, the data in internal database will inject the user giving online, it is achieved that the dynamic data towards VPDN is noted
The demand entered.
Claims (8)
1. the device that dynamic data injects in Virtual Private Dialup Network, it is characterised in that including: string interface unit
(1), overall situation control unit (2), classification and matching unit (3), business unit (4), back propagation unit (5);Wherein: described concatenation mouth
Unit (1), is that at least one pair of is serially connected between the webserver and switch the forwarding mouth as series connection flow;
Described overall situation control unit (2), is by configuration interface configuration service mouth and passback mouth, and configuration needs are redirected to passback
The rule of mouth packet and behavior;Initialization flow table;
Described classification and matching unit (3), is the packet receiving string interface unit 1, is forwarded to according to result after rule searching
Business unit (4), string interface unit (1) or back propagation unit (5);Receive the packet of back propagation unit (5), inquiry stream table, divide
The up-downlink direction of analysis packet, according to the result queries port of up-downlink direction, if described packet is up, then at stream
Table is inquired about the destination interface of correspondence, if described packet is descending, then in stream table, inquires about the source port of correspondence, by data
The port that forwards of bag is set to the port inquired;The port that forwards putting packet is that the port inquired forms result label;Will
Described result label is sent to string interface unit (1);
Described business unit (4), is the packet receiving classification and matching unit (3), is turned by packet according to the above results label
Send out;
Described back propagation unit (5), is the data receiving classification and matching unit (3), sends data to external server, connect
Receive the packet of external server and deliver a packet to classification and matching unit (3).
2. according to a kind of device that dynamic data injects in Virtual Private Dialup Network described in claim 1, its feature
Being, described string interface unit (1) is paired;Multipair concatenation mouth is had with satisfied concatenation multilink on this device.
3. according to a kind of device that dynamic data injects in Virtual Private Dialup Network described in claim 1, its feature
It is, described string interface unit (1), comprises concatenation mouth A and concatenation mouth B, receive the packet of classification and matching unit output,
It is forwarded to original link from concatenation mouth B and concatenation mouth A respectively according to up-downlink direction.
4. according to a kind of device that dynamic data injects in Virtual Private Dialup Network described in claim 1, its feature
Being, described overall situation control unit (2) runs on the CPU of described device, is controlled other unit by data/address bus.
5. according to a kind of device that dynamic data injects in Virtual Private Dialup Network described in claim 1, its feature
Being, the attribute that described overall situation control unit (2) arranges physical interface by administration interface is functional area or passback mouth, just
The space of beginningization stream table.
6. according to a kind of device that dynamic data injects in Virtual Private Dialup Network described in claim 5, its feature
Being, described physical interface has suffered in addition to concatenation mouth, management serial ports and management network port, and other all of interfaces can be
Functional area or passback mouth, functional area and passback mouth need the definition that user is clear and definite, but an interface can not be to return mouth also
It it is functional area.
7. according to a kind of device that dynamic data injects in Virtual Private Dialup Network described in claim 1, its feature
Being, described classification and matching unit (3) receives the packet that string interface unit (1) inputs, and User behavior in stream table, as
If not hit, newly-built flow in stream table, rule searching the most again;If the behavior of packet is then set to stream by hit
Behavior;Classification and matching unit (3) receives the packet that back propagation unit (5) inputs simultaneously, and whether inquiry stream is deposited in stream table
, if there is the up-downlink direction then needing analytical data bag, inquire about port according to up-downlink direction, concatenated data bag
Forwarding port is the port inquired.
8. according to a kind of device that dynamic data injects in Virtual Private Dialup Network described in claim 1, its feature
Being, described back propagation unit (5) receives from classification and matching unit 3 and the packet that hits ad hoc rule, by described number
Send to external server according to bag;Receive the packet of external server transmission to classification and matching unit (3).
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310731323.3A CN103685310B (en) | 2013-12-27 | 2013-12-27 | A kind of devices and methods therefor that dynamic data injects in Virtual Private Dialup Network |
| CN201610699552.5A CN106713260B (en) | 2013-12-27 | 2013-12-27 | Method for dynamic data injection in virtual private dial-up network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310731323.3A CN103685310B (en) | 2013-12-27 | 2013-12-27 | A kind of devices and methods therefor that dynamic data injects in Virtual Private Dialup Network |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610699552.5A Division CN106713260B (en) | 2013-12-27 | 2013-12-27 | Method for dynamic data injection in virtual private dial-up network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103685310A CN103685310A (en) | 2014-03-26 |
| CN103685310B true CN103685310B (en) | 2017-01-04 |
Family
ID=50321624
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310731323.3A Active CN103685310B (en) | 2013-12-27 | 2013-12-27 | A kind of devices and methods therefor that dynamic data injects in Virtual Private Dialup Network |
| CN201610699552.5A Expired - Fee Related CN106713260B (en) | 2013-12-27 | 2013-12-27 | Method for dynamic data injection in virtual private dial-up network |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610699552.5A Expired - Fee Related CN106713260B (en) | 2013-12-27 | 2013-12-27 | Method for dynamic data injection in virtual private dial-up network |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN103685310B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099942B (en) * | 2014-04-30 | 2019-05-03 | 华为技术有限公司 | A kind of data package processing method and equipment |
| CN108124021B (en) * | 2016-11-28 | 2021-04-16 | 阿里巴巴集团控股有限公司 | Method, device and system for obtaining Internet Protocol (IP) address and accessing website |
| CN112866289B (en) * | 2021-03-02 | 2022-09-30 | 恒为科技(上海)股份有限公司 | Method and system for extracting feature rule |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764741A (en) * | 2009-11-27 | 2010-06-30 | 上海恒为信息科技有限公司 | Filtering and shunting device and method supporting multi-service function |
| CN103227773A (en) * | 2012-03-31 | 2013-07-31 | 杭州华三通信技术有限公司 | Method and system for establishing virtual private dial-up network connection |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100373896C (en) * | 2002-07-26 | 2008-03-05 | 中兴通讯股份有限公司 | Virtual special dialing network business data packet retransmission method |
| CN100518138C (en) * | 2005-04-12 | 2009-07-22 | 华为技术有限公司 | Method for realizing virtual special network |
| CN101997826A (en) * | 2009-08-28 | 2011-03-30 | 中兴通讯股份有限公司 | Routing methods of control net element, forwarding net element and internet protocol network |
-
2013
- 2013-12-27 CN CN201310731323.3A patent/CN103685310B/en active Active
- 2013-12-27 CN CN201610699552.5A patent/CN106713260B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764741A (en) * | 2009-11-27 | 2010-06-30 | 上海恒为信息科技有限公司 | Filtering and shunting device and method supporting multi-service function |
| CN103227773A (en) * | 2012-03-31 | 2013-07-31 | 杭州华三通信技术有限公司 | Method and system for establishing virtual private dial-up network connection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103685310A (en) | 2014-03-26 |
| CN106713260B (en) | 2020-07-10 |
| CN106713260A (en) | 2017-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1829195B (en) | Packet forwarding apparatus | |
| CN103250392B (en) | Computer system, controller and network monitoring method | |
| CN104519121B (en) | Session aware services chain in computer network | |
| US20190116133A1 (en) | Ruled-based network traffic interception and distribution scheme | |
| CN104348716B (en) | A kind of message processing method and equipment | |
| CN100484077C (en) | Method and apparatus for routing information based on the traffic direction | |
| CN106105115A (en) | The service chaining originated by service node in network environment | |
| CN107409089A (en) | Business function login mechanism and ability authorized index | |
| CN105471907B (en) | A kind of virtual firewall transfer control method and system based on Openflow | |
| CN107018056A (en) | With MAC(L2)The enhanced EVPN MAC routes of level certification, safety and policy control are notified | |
| CN101288272A (en) | Tunneled security groups | |
| CN107623661A (en) | Block system, the method and device of access request, server | |
| CN104320358A (en) | QoS (Quality of Service) business control method in power telecommunication net | |
| CN104320304A (en) | Multimode integration core network user traffic application identification method easy to expand | |
| EP3720075B1 (en) | Data transmission method and virtual switch | |
| US9240943B2 (en) | Metropolitan area network communications method and communication system | |
| US8072978B2 (en) | Method for facilitating application server functionality and access node comprising same | |
| US6490290B1 (en) | Default internet traffic and transparent passthrough | |
| CN108322417A (en) | Processing method, device and system and the safety equipment of network attack | |
| CN102377634A (en) | Networking method and system for access network equipment | |
| CN102780779A (en) | Gateway equipment and method and device for optimization of campus network export P2P (peer-to-peer) traffic | |
| CN101202700B (en) | Method, apparatus and system for flow control of point-to-point file sharing | |
| CN110391988A (en) | Method for controlling network flow, system and safety device | |
| CN100438427C (en) | Network control method and equipment | |
| CN103685310B (en) | A kind of devices and methods therefor that dynamic data injects in Virtual Private Dialup Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 200030 Leshan Road, Shanghai, room 33, No. 103, room Applicant after: Constant technology (Shanghai) Limited by Share Ltd Address before: 200127 Shanghai city Pudong New Area Eshan road 91 No. 2 Lujiazui Software Park Building 2 floor Applicant before: Shanghai Embedway Information Technologies Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: SHANGHAI EMBEDWAY INFORMATION TECHNOLOGY CO., LTD. TO: HENGWEI TECHNOLOGY TECHNOLOGY (SHANGHAI) CO., LTD. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |