Nothing Special   »   [go: up one dir, main page]

CN111711557B - Remote access system and method for network target range users - Google Patents

Remote access system and method for network target range users Download PDF

Info

Publication number
CN111711557B
CN111711557B CN202010828373.3A CN202010828373A CN111711557B CN 111711557 B CN111711557 B CN 111711557B CN 202010828373 A CN202010828373 A CN 202010828373A CN 111711557 B CN111711557 B CN 111711557B
Authority
CN
China
Prior art keywords
network
vpn service
vpn
user
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010828373.3A
Other languages
Chinese (zh)
Other versions
CN111711557A (en
Inventor
王文杰
谢峥
高庆官
魏红伟
程航
叶伟
冯宇翔
蔡沅杉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Saining Wang'an Technology Co ltd
Original Assignee
Beijing Saining Wang'an Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Saining Wang'an Technology Co ltd filed Critical Beijing Saining Wang'an Technology Co ltd
Priority to CN202010828373.3A priority Critical patent/CN111711557B/en
Publication of CN111711557A publication Critical patent/CN111711557A/en
Application granted granted Critical
Publication of CN111711557B publication Critical patent/CN111711557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a remote access system and a method for network shooting range users, wherein the system comprises a VPN service container and a shooting range management module which are arranged at a network shooting range control node; each started network target site corresponds to a started VPN service container; each VPN service container is provided with a VPN service end and a network bridge for bridging a network card of the VPN service container and a network card of the VPN service end; the network cards of the VPN service containers of different network shooting ranges are connected to the corresponding network shooting range ports on the virtual network bridge. The shooting range management module is used for managing VPN service, VPN users, network shooting range scenes and topology. The VPN server is directly installed on the control node, VPN service can be simultaneously provided for a plurality of network target sites, resource recovery can be conveniently realized, and online information inquiry and access authority management and control can be carried out on access users.

Description

Remote access system and method for network target range users
Technical Field
The invention relates to a remote access system and a remote access method for network target range users, and belongs to the technical field of networks.
Background
The network shooting range rapidly completes the construction of a simulation scene through technologies such as virtualization, cloud computing, SDN and network arrangement, and meets the requirements of network security research, talent culture, efficiency evaluation, equipment testing, security evaluation, emergency drilling and the like. In the application scenario of the network shooting range, sometimes it is required that the user can remotely access the shooting range environment and can communicate with a certain virtual instance or a certain virtual network therein. Currently common approaches include VPN, resilient IP, port mapping, etc.
The elastic IP realizes the conversion between the external IP and the internal IP through NAT conversion. By providing extranet IP mapping to virtual instances that need to be exposed, users can be given remote access to instances or networks in the shooting range. However, under the condition of short supply of IP resources of the public network, the scheme has certain limitation. The port mapping can only expose the designated port of the virtual instance, and cannot provide an attack surface well. So, VPN access is more commonly used, and a simple deployment structure commonly used at present is shown in fig. 1, and this method needs to manually configure the router, and when a target site is created again or network parameters change, the VPN service of the router needs to be reconfigured.
Disclosure of Invention
The purpose of the invention is as follows: in view of the problems in the prior art, an object of the present invention is to provide a remote access system and method for network shooting range users, which can flexibly and conveniently support each network shooting range to access remote users.
The technical scheme is as follows: in order to achieve the above purpose, the invention provides a network shooting range user remote access system, which comprises a VPN service container and a shooting range management module, wherein the VPN service container is arranged at a network shooting range control node; each started network target site corresponds to a started VPN service container; each VPN service container is provided with a VPN service end and a network bridge for bridging a network card of the VPN service container and a network card of the VPN service end; the network cards of the VPN service containers of different network shooting ranges are connected to corresponding network shooting range ports on the virtual network bridge; a user in a network target range remotely accesses a corresponding VPN server through a VPN client;
the shooting range management module is used for managing VPN service, VPN users, network shooting range scenes and topology, and comprises the following steps: the topology management unit is used for configuring VPN service related parameters including a starting IP and a terminating IP of the VPN service, a mask and an external network IP when the target range topology is drawn; the VPN user management unit is used for generating a VPN client configuration file and a key file of a user; the VPN service management unit is used for managing ports of the VPN service container, generating a configuration file of a VPN service end and controlling starting and stopping of the VPN service container and the VPN service end in the container; and the scene management unit is used for carrying out start-stop management on the network target range scene, calling the VPN service management unit to generate a configuration file and start the VPN service end in the starting process of the network target range, and calling the VPN user management unit to generate a VPN client configuration file and a key file of a user in the scene.
Further, different VLAN is set on different network target ground ports of the virtual bridge, so as to carry out network isolation.
Further, the VPN customer management unit includes:
the online user information inquiry subunit is used for inquiring the log file of the VPN service and analyzing to obtain an online user, an MAC address, an IP address and online time of the online user;
the access user management subunit is used for acquiring a network target range and a user name in the target range from the VPN user name, acquiring an MAC address accessed by a user from a log file of VPN service, and realizing the requirement of forbidding the network target range or allowing the appointed user to access by configuring an iptables rule; the VPN user name is generated according to the information including the network target range and the target range users according to the preset rule;
and the user configuration file generation subunit is used for generating a corresponding VPN client side configuration file and a corresponding key file according to the VPN user name.
Further, the VPN service management unit includes:
the port management subunit is used for managing available ports of the control node so as to distribute the available ports to different VPN service containers and carry out port mapping on the VPN service containers;
the configuration file management subunit is used for generating a configuration file of the VPN server, wherein the configuration file comprises an external network IP, a monitored port, a dhcp pool and a push route network address;
the VPN service management subunit is used for providing the starting, stopping and restarting functions of a VPN service container, the starting, stopping and restarting functions of a VPN service end and the network management function of the VPN service end in the container; the VPN service end network management comprises the steps of setting a VPN service end using a bridging mode, and carrying out network connection configuration on a network card of the VPN service end, a network card of a VPN service container and a virtual network bridge.
The invention discloses a remote access method for network target range users, which comprises the following steps:
(1) installing a VPN service end program in a VPN service container, wherein the VPN service container is deployed on a network target site control node; different network target sites correspond to different VPN service containers;
(2) when a network shooting range scene is started, acquiring relevant parameters of VPN service configured when a user draws a shooting range topology, wherein the relevant parameters comprise an initial IP (Internet protocol) and a termination IP (Internet protocol) of the VPN service, a mask and an external network IP;
(3) distributing a mapping port for the VPN service container, generating a configuration file of a VPN service end and starting the VPN service end;
(4) connecting the network card of the VPN service container to a virtual network bridge which is communicated with the network target field computing node on the control node, and connecting the network cards of the VPN service containers of different network target fields to corresponding network target field ports on the virtual network bridge; bridging the network card of the VPN service container with the network card of the VPN service end;
(5) and generating a VPN client configuration file and a key file of the target site user, and remotely accessing the corresponding VPN server by the user through the VPN client.
Furthermore, the remote access method for the network target range users also comprises the step of obtaining online users and MAC addresses, IP addresses and online time thereof by inquiring log files of VPN services and analyzing the log files.
Furthermore, the remote access method for the network target range users also comprises the steps of managing the access users, acquiring user names in the network target range and the target range from VPN user names, acquiring MAC addresses accessed by the users from log files of VPN services, and realizing the requirement that the network target range is forbidden or the appointed users are allowed to access by configuring iptables rules; and the VPN user name is generated according to the information comprising the network target range and the target range user according to the preset rule.
Further, the method for allocating mapping ports to the VPN service container by the network target site user remote access method comprises the following steps: selecting a port range to be put into a queue as an available port pool; when a mapping port needs to be allocated to the VPN service container, popping out one port from the queue, then judging whether the port is occupied, if so, popping out one port, if not, using the port and the VPN service container to carry out port mapping, and simultaneously, designating the port as the VPN service port when generating a configuration file of the VPN service terminal; and when the VPN service terminal is deleted, the used port is put into the queue again to recycle the port resource.
Has the advantages that: the VPN server is directly installed on the control node, so that the process of manually configuring the VPN server in the entity routing is omitted, and when the shooting range environment is changed, the configuration file of the VPN server can be flexibly modified. The invention can provide VPN service for a plurality of network target sites simultaneously, can carry out network isolation, can conveniently realize resource recovery, and can inquire the online information and control the access authority of an access user.
Drawings
Fig. 1 is a schematic diagram of a conventional remote user access network range.
Fig. 2 is a schematic diagram of a remote user accessing a network target range according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of functional units of the shooting range management module in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be obtained by a person skilled in the art based on the embodiments of the present invention without any inventive step are within the scope of the present invention.
As shown in fig. 2, a network shooting range user remote access system disclosed in the embodiment of the present invention includes a VPN service container and a shooting range management module, which are disposed at a network shooting range control node; each started network target site corresponds to a started VPN service container; each VPN service container is provided with a VPN service end and a network bridge for bridging a network card of the VPN service container and a network card of the VPN service end; the network cards of the VPN service containers of different network shooting ranges are connected to corresponding network shooting range ports on the virtual network bridge; and the user of the network target range remotely accesses the corresponding VPN server through the VPN client.
In the embodiment of the invention, the VPN software uses openvpn and is installed in a Docker container, and the container is deployed on the control node. The control node is configured with a public network IP, and a remote user can access a VPN service end (VPN server) through a VPN client (VPN client). Push route in server. conf configuration file fills all networks of corresponding target range, thereby pushing to client, and making client access to these networks through VPN. In fig. 2, an eth1 network card of the VPN service container and a tap0 network card of the VPN server are bridged to the same linux bridge, and an eth1 network card is simultaneously connected to a ovs bridge br-int of the control node. ovs the bridge communicates with the compute node through a data network switch.
The eth0 network card of the VPN service container is connected to the docker0 bridge of the control node, and the container maps 1194 ports of the internal VPN server to a certain port of the control node through port mapping. ovs the way slot 1 and slot 2 can be mapped to a particular slot network with a corresponding VLAN for network isolation.
The shooting range management module is mainly responsible for managing VPN service, VPN users, network shooting range scenes and topology, and as shown in fig. 3, the shooting range management module includes a topology management unit, a VPN user management unit, a VPN service management unit, and a scene management unit.
And the topology management unit is mainly used for configuring related parameters of the VPN service when the target range topology is drawn, wherein the related parameters comprise an initial IP (Internet protocol) and a termination IP (Internet protocol) of the VPN service, a mask and an external network IP.
And the VPN user management unit comprises functions of online user information inquiry, user access management and user configuration file generation. The method comprises the following steps:
and the online user information inquiry subunit inquires a log file (openvpn-status.log) of the VPN service, and analyzes to obtain the online user and the MAC address, the IP address and the online time information of the online user.
And the access user management subunit is used for acquiring the network target range and the user name in the target range from the VPN user name, acquiring the MAC address accessed by the user from the log file of the VPN service, and realizing the requirement of forbidding the network target range or allowing the appointed user to access by configuring an iptables rule. When the user VPN configuration and the key file are generated, the VPN user name is generated according to the rule of scene ID + client + user ID, so that the user in which shooting range the user belongs and the user in the shooting range corresponding to the user can be known according to the VPN user name. If a user in a target range needs to be prohibited from accessing, the MAC address accessed by the user can be obtained by inquiring openvpn-status log and combining the relation between the VPN user name and the target range user name, and then the MAC address connection is prohibited by using an iptables rule; and when the user is allowed to access, inquiring an iptables rule to see whether a rule for prohibiting the user from accessing exists, if so, deleting the rule, and if not, performing any operation.
And the user configuration file generation subunit is mainly used for generating the VPN client configuration file and the key file corresponding to the user according to the VPN user name.
And the VPN service management unit is mainly used for managing ports of the VPN service container, generating a configuration file of the VPN service end and controlling starting and stopping of the VPN service container and the VPN service end in the container. The method comprises the following steps:
and the port management subunit is used for managing the available ports of the control node so as to distribute the available ports to different VPN service containers and perform port mapping on the VPN service containers. Since there may be multiple vpn servers in a cluster environment, there is a need to manage the available ports of the control nodes. The method comprises the following specific steps: 1) and selecting an unusual port range, and putting the unusual port range into a redis queue as an available port pool. 2) And after a port application request comes, popping out a port from the queue, then judging whether the port is occupied by other services, if so, popping out the port, if not, using the port and the vpn server container to carry out port mapping, and simultaneously, designating the port as the vpn server port when generating a configuration file. 3) When the vpn server deletes, the port used by the vpn server is put into the queue again, and the port resource is recycled.
The configuration file management subunit is used for generating a configuration file of the vpn server, and mainly comprises an external network IP, a monitored port, a dhcp pool, a push route network address and the like;
and the VPN service management subunit is used for providing the starting, stopping and restarting of a VPN service container, the starting, stopping and restarting functions of a VPN service end and the network management function of the VPN service end in the container. When the VPN service is started, it is necessary to receive the configuration file of the VPN server, which is transmitted from the scene management unit, and then start the server program.
And (3) managing the VPN server network in the container: the vpn server uses a bridge mode, a tap0 virtual network card of the vpn server is bridged to a linux bridge, an eth1 of the container is also bridged to the linux bridge, and an eth1 of the container is connected to a ovs bridge of the control node, so that data of the tap0 is forwarded to a ovs bridge of the control node. The relevant network configuration commands are as follows:
out-of-container commands:
ovs-docker add-port br-int eth1 docker _ name is used to add an eth1 network card to the container and is connected to ovs bridge br-int of the control node.
The in-container commands are as follows:
brctl addbr 0(linux bridge name)
brctl addif br0 tap0
bectl addif br0 eth1
And the scene management unit is mainly used for starting and stopping the network target range scene, and mainly calls other modules to generate a vpn server configuration file, start the vpn server, generate a user configuration file, a key file and the like in the starting process of the network target range.
It will be appreciated by those skilled in the art that the modules in the above embodiments may be adapted adaptively, and that different modules/units may be combined into one module/unit or divided into sub-modules/sub-units.
Based on the same inventive concept, the embodiment of the invention discloses a remote access method for network shooting range users, which comprises the following steps:
(1) installing a VPN service end program in a VPN service container, wherein the VPN service container is deployed on a network target site control node; different network target sites correspond to different VPN service containers;
(2) when a network shooting range scene is started, acquiring relevant parameters of VPN service configured when a user draws a shooting range topology, wherein the relevant parameters comprise an initial IP (Internet protocol) and a termination IP (Internet protocol) of the VPN service, a mask and an external network IP;
(3) distributing a mapping port for the VPN service container, generating a configuration file of a VPN service end and starting the VPN service end;
(4) connecting the network card of the VPN service container to a virtual network bridge which is communicated with the network target field computing node on the control node, and connecting the network cards of the VPN service containers of different network target fields to corresponding network target field ports on the virtual network bridge; bridging the network card of the VPN service container with the network card of the VPN service end;
(5) and generating a VPN client configuration file and a key file of the target site user, and remotely accessing the corresponding VPN server by the user through the VPN client.
After the user accesses, the online user, the MAC address, the IP address and the online time of the online user can be obtained through analyzing by inquiring the log file of the VPN service. The access users can also be managed, and certain users at certain shooting ranges are forbidden or allowed to access. The specific implementation details refer to the implementation of the functions of the modules, and are not described in detail.

Claims (8)

1. A network shooting range user remote access system is characterized by comprising a VPN service container and a shooting range management module, wherein the VPN service container is arranged at a network shooting range control node; each started network target site corresponds to a started VPN service container; each VPN service container is provided with a VPN service end and a network bridge for bridging a network card of the VPN service container and a network card of the VPN service end; the network cards of the VPN service containers of different network shooting ranges are connected to corresponding network shooting range ports on the virtual network bridge; a user in a network target range remotely accesses a corresponding VPN server through a VPN client;
the shooting range management module is used for managing VPN service, VPN users, network shooting range scenes and topology, and comprises the following steps: the topology management unit is used for configuring VPN service related parameters including a starting IP and a terminating IP of the VPN service, a mask and an external network IP when the target range topology is drawn; the VPN user management unit is used for generating a VPN client configuration file and a key file of a user; the VPN service management unit is used for managing ports of the VPN service container, generating a configuration file of a VPN service end and controlling starting and stopping of the VPN service container and the VPN service end in the container; and the scene management unit is used for carrying out start-stop management on the network target range scene, calling the VPN service management unit to generate a configuration file and start the VPN service end in the starting process of the network target range, and calling the VPN user management unit to generate a VPN client configuration file and a key file of a user in the scene.
2. The network range user remote access system of claim 1, wherein different VLAN are set on different network range ports on the virtual bridge for network isolation.
3. The network range user remote access system of claim 1, wherein said VPN user management unit comprises:
the online user information inquiry subunit is used for inquiring the log file of the VPN service and analyzing to obtain an online user, an MAC address, an IP address and online time of the online user;
the access user management subunit is used for acquiring a network target range and a user name in the target range from the VPN user name, acquiring an MAC address accessed by a user from a log file of VPN service, and realizing the requirement of forbidding the network target range or allowing the appointed user to access by configuring an iptables rule; the VPN user name is generated according to the information including the network target range and the target range users according to the preset rule;
and the user configuration file generation subunit is used for generating a corresponding VPN client side configuration file and a corresponding key file according to the VPN user name.
4. The network range user remote access system of claim 1, wherein said VPN service management unit comprises:
the port management subunit is used for managing available ports of the control node so as to distribute the available ports to different VPN service containers and carry out port mapping on the VPN service containers;
the configuration file management subunit is used for generating a configuration file of the VPN service end, wherein the configuration file comprises an external network IP, a monitored port, a dhcp pool and a network address of a push route;
the VPN service management subunit is used for providing the starting, stopping and restarting functions of a VPN service container, the starting, stopping and restarting functions of a VPN service end and the network management function of the VPN service end in the container; the VPN service end network management comprises the steps of setting a VPN service end using a bridging mode, and carrying out network connection configuration on a network card of the VPN service end, a network card of a VPN service container and a virtual network bridge.
5. A remote access method for network target range users is characterized by comprising the following steps:
(1) installing a VPN service end program in a VPN service container, wherein the VPN service container is deployed on a network target site control node; different network target sites correspond to different VPN service containers;
(2) when a network shooting range scene is started, acquiring relevant parameters of VPN service configured when a user draws a shooting range topology, wherein the relevant parameters comprise an initial IP (Internet protocol) and a termination IP (Internet protocol) of the VPN service, a mask and an external network IP;
(3) distributing a mapping port for the VPN service container, generating a configuration file of a VPN service end and starting the VPN service end;
(4) connecting the network card of the VPN service container to a virtual network bridge which is communicated with the network target field computing node on the control node, and connecting the network cards of the VPN service containers of different network target fields to corresponding network target field ports on the virtual network bridge; bridging the network card of the VPN service container with the network card of the VPN service end;
(5) and generating a VPN client configuration file and a key file of the target site user, and remotely accessing the corresponding VPN server by the user through the VPN client.
6. The remote access method for network shooting range users according to claim 5, further comprising obtaining online users and their MAC addresses, IP addresses and online time by querying log files of VPN services and analyzing.
7. The network shooting range user remote access method according to claim 5, further comprising managing access users, acquiring user names in the network shooting range and the shooting range from VPN user names, acquiring MAC addresses accessed by the users from log files of VPN services, and realizing the requirement that the network shooting range forbids or allows the access of specified users by configuring iptables rules; and the VPN user name is generated according to the information comprising the network target range and the target range user according to the preset rule.
8. The network range user remote access method of claim 5, wherein the method for assigning a mapping port to a VPN service container comprises the steps of: selecting a port range to be put into a queue as an available port pool; when a mapping port needs to be allocated to the VPN service container, popping out one port from the queue, then judging whether the port is occupied, if so, popping out one port, if not, using the port and the VPN service container to carry out port mapping, and simultaneously, designating the port as the VPN service port when generating a configuration file of the VPN service terminal; and when the VPN service terminal is deleted, the used port is put into the queue again to recycle the port resource.
CN202010828373.3A 2020-08-18 2020-08-18 Remote access system and method for network target range users Active CN111711557B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010828373.3A CN111711557B (en) 2020-08-18 2020-08-18 Remote access system and method for network target range users

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010828373.3A CN111711557B (en) 2020-08-18 2020-08-18 Remote access system and method for network target range users

Publications (2)

Publication Number Publication Date
CN111711557A CN111711557A (en) 2020-09-25
CN111711557B true CN111711557B (en) 2020-12-04

Family

ID=72547196

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010828373.3A Active CN111711557B (en) 2020-08-18 2020-08-18 Remote access system and method for network target range users

Country Status (1)

Country Link
CN (1) CN111711557B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202624B (en) * 2020-12-07 2021-03-12 南京赛宁信息技术有限公司 Real equipment fast access system and method for network target range scene arrangement
CN114650290B (en) * 2020-12-17 2024-07-26 中移(苏州)软件技术有限公司 Network communication method, processing device, terminal and storage medium
CN112367239B (en) * 2021-01-11 2021-04-06 南京赛宁信息技术有限公司 Network target range rapid interconnection system and method
CN113328922A (en) * 2021-06-16 2021-08-31 杭州数跑科技有限公司 Communication method and device across multiple local area networks
CN113973053B (en) * 2021-10-21 2023-10-27 南京赛宁信息技术有限公司 Probe management system and method for network target range
CN114040408B (en) * 2021-11-02 2024-05-28 恒安嘉新(北京)科技股份公司 Target range system based on 4G mobile network simulation environment
CN114039798B (en) * 2021-11-30 2023-11-03 绿盟科技集团股份有限公司 Data transmission method and device and electronic equipment
CN114422201B (en) * 2021-12-28 2022-11-08 北京永信至诚科技股份有限公司 Network target range large-scale user remote access method and system
CN115190042B (en) * 2022-06-16 2023-09-08 南京赛宁信息技术有限公司 Network target range target access state detection system and method
CN115277217B (en) * 2022-07-29 2024-01-26 软极网络技术(北京)有限公司 Construction system of foreign domain network target range virtual network
CN115426324A (en) * 2022-08-26 2022-12-02 绿盟科技集团股份有限公司 Method and device for accessing entity equipment to network target range
CN115834529B (en) * 2022-11-23 2023-08-08 浪潮智慧科技有限公司 Remote monitoring method and system for edge equipment
CN117319094B (en) * 2023-11-30 2024-03-15 西安辰航卓越科技有限公司 SDN network attack and defense target range platform system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701777A (en) * 2013-12-11 2014-04-02 长春理工大学 Remote network attack and defense virtual simulation system based on virtualization and cloud technology
CN104811335A (en) * 2015-03-26 2015-07-29 华迪计算机集团有限公司 Method for realizing network target range system and network target range management system
CN108040070A (en) * 2017-12-29 2018-05-15 北京奇虎科技有限公司 A kind of network security test platform and method
CN108809797A (en) * 2018-07-26 2018-11-13 哈尔滨工业大学(威海) A kind of VPN control devices define VPN and realize system and method
CN110730161A (en) * 2019-09-09 2020-01-24 光通天下网络科技股份有限公司 Network target range implementation method, device, equipment, medium and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040035572A (en) * 2002-10-22 2004-04-29 최운호 Integrated Emergency Response System in Information Infrastructure and Operating Method therefor
US9032506B2 (en) * 2012-08-09 2015-05-12 Cisco Technology, Inc. Multiple application containerization in a single container
US9544275B2 (en) * 2015-01-28 2017-01-10 defend7, Inc. Communication tunneling in application container environments

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701777A (en) * 2013-12-11 2014-04-02 长春理工大学 Remote network attack and defense virtual simulation system based on virtualization and cloud technology
CN104811335A (en) * 2015-03-26 2015-07-29 华迪计算机集团有限公司 Method for realizing network target range system and network target range management system
CN108040070A (en) * 2017-12-29 2018-05-15 北京奇虎科技有限公司 A kind of network security test platform and method
CN108809797A (en) * 2018-07-26 2018-11-13 哈尔滨工业大学(威海) A kind of VPN control devices define VPN and realize system and method
CN110730161A (en) * 2019-09-09 2020-01-24 光通天下网络科技股份有限公司 Network target range implementation method, device, equipment, medium and system

Also Published As

Publication number Publication date
CN111711557A (en) 2020-09-25

Similar Documents

Publication Publication Date Title
CN111711557B (en) Remote access system and method for network target range users
CN109104318B (en) Method for realizing cluster self-adaptive deployment
US10469314B2 (en) API gateway for network policy and configuration management with public cloud
US9628328B2 (en) Network controller with integrated resource management capability
US6286038B1 (en) Method and apparatus for remotely configuring a network device
CN110301104B (en) Optical line terminal OLT equipment virtualization method and related equipment
CN104348873A (en) Virtual network element automatic loading method and system and virtual machine IP (Internet Protocol) address acquisition method and system
EP3905598A1 (en) Message processing method and apparatus, control plane device, and computer storage medium
CN103607430A (en) Network processing method and system, and network control center
CN112099913B (en) Method for realizing virtual machine security isolation based on OpenStack
US20090185509A1 (en) Network Configuration
CN106878480B (en) DHCP service process sharing method and device
CN110336730B (en) Network system and data transmission method
KR100714681B1 (en) Network managing device and method thereof
CN112769965B (en) IP address management and distribution method, device and system
CN108933702A (en) A method of remote service is provided
CN113259219B (en) VPN construction method based on OVN environment, readable storage medium and cloud platform
CN107343058B (en) IP address distribution system and working method thereof
EP3836487A1 (en) Internet access behavior management system, device and method
Xie et al. ARPIM: IP address resource pooling and intelligent management system for broadband IP networks
CN110247778A (en) Installation method of operating system, device, electronic equipment and storage medium
CN116566830A (en) Network configuration method, device, system, edge equipment and storage medium
CN107070725B (en) A kind of method that server two-level management intermodule communication is shaken hands
CN113923149B (en) Network access method, device, network system, electronic equipment and storage medium
CN115766431A (en) Virtual platform bare metal management network and service network port multiplexing implementation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant