技术领域technical field
本发明涉及信息通讯技术领域,尤其涉及一种移动网络环境下的VPN通信保障方法和装置。The invention relates to the technical field of information communication, in particular to a VPN communication guarantee method and device in a mobile network environment.
背景技术Background technique
随着智能移动终端和移动网络的快速发展,移动网络的安全问题日益凸显。虚拟专用网技术(VPN,Virtual Private Network)是一种保障网络安全通信的重要技术手段。传统的VPN是以软件服务的形式工作在个人电脑、路由网关、服务器上,其面临的网络环境相对稳定。因此,传统的VPN只需在客户端与服务器之间采取定期发送、接收心跳包的方式即可排除网络异常,保证双方的稳定通信。With the rapid development of smart mobile terminals and mobile networks, the security issues of mobile networks have become increasingly prominent. Virtual Private Network technology (VPN, Virtual Private Network) is an important technical means to ensure network security communication. Traditional VPNs work on personal computers, routing gateways, and servers in the form of software services, and the network environment they face is relatively stable. Therefore, the traditional VPN only needs to regularly send and receive heartbeat packets between the client and the server to eliminate network abnormalities and ensure stable communication between the two parties.
与传统VPN相比,移动VPN面临的网络环境要复杂的多。一方面,移动终端的网络连接方式繁多。比如,移动终端常用的网络连接方式有2G、3G、4G和Wi-Fi网络等。另一方面,移动终端的网络连接方式经常因为人为因素或非人为因素发生改变。其中,人为因素包括用户主动开启网络、关闭网络、切换网络。非人为因素通常是由外部环境导致的,包括蜂窝移动网络信号的中断、无线网络信号的衰减或中断。Compared with traditional VPN, the network environment faced by mobile VPN is much more complicated. On the one hand, there are various ways of network connection for mobile terminals. For example, commonly used network connection methods for mobile terminals include 2G, 3G, 4G, and Wi-Fi networks. On the other hand, the network connection mode of the mobile terminal is often changed due to human factors or non-human factors. Among them, human factors include the user actively opening the network, closing the network, and switching the network. Non-human factors are usually caused by the external environment, including interruption of cellular mobile network signal, attenuation or interruption of wireless network signal.
正是由于移动网络环境的复杂性,移动VPN无法仅仅依赖心跳包的方式维持通信稳定。第一,无法针对人为或非人为因素导致的网络切换问题恢复VPN的正常通信。例如,当移动终端采用无线网络的接入方式启动移动VPN服务时,由于用户位置改变导致移动终端接入了新的Wi-Fi热点,使得移动终端的网络配置发生变化,VPN无法正常通信。第二,无法针对非人为因素导致的网络关闭问题恢复VPN的正常通信。例如:当移动终端采用2G、3G或4G的蜂窝移动网络的接入方式启动移动VPN服务时,由于用户通话导致蜂窝移动网络断开,通话结束之后移动设备网络恢复、然而VPN通信却无法正常恢复。第三,无法针对人为因素导致的网络开启问题恢复VPN的正常通信。例如:当移动终端采用2G、3G或4G的蜂窝移动网络的接入方式启动移动VPN服务时,由于用户接入了Wi-Fi热点,移动终端通信优先选取无线网络进行网络通信,导致VPN无法正常通信。It is precisely because of the complexity of the mobile network environment that mobile VPNs cannot maintain communication stability only by relying on heartbeat packets. First, the normal communication of the VPN cannot be restored for network switching problems caused by human or non-human factors. For example, when the mobile terminal uses the wireless network access method to start the mobile VPN service, the mobile terminal accesses a new Wi-Fi hotspot due to the change of the user's location, which causes the network configuration of the mobile terminal to change, and the VPN cannot communicate normally. Second, it is impossible to restore the normal communication of the VPN in view of the network shutdown problem caused by non-human factors. For example: when the mobile terminal uses 2G, 3G or 4G cellular mobile network access mode to start the mobile VPN service, the cellular mobile network is disconnected due to the user's call, and the mobile device network is restored after the call ends, but the VPN communication cannot be restored normally . Third, it is impossible to restore the normal communication of the VPN for the problem of opening the network caused by human factors. For example: when the mobile terminal uses the access mode of 2G, 3G or 4G cellular mobile network to start the mobile VPN service, because the user accesses the Wi-Fi hotspot, the mobile terminal communication preferentially selects the wireless network for network communication, resulting in VPN failure communication.
针对移动网络的复杂环境,本发明提出了一种适用于移动网络环境下的VPN通信保障方法与装置,以在移动终端网络接入方式发生变化时,使VPN服务能够进行“礼貌暂停,智能恢复”,进而提高移动VPN服务的健壮性和稳定性,保证良好的用户体验。Aiming at the complex environment of the mobile network, the present invention proposes a VPN communication guarantee method and device suitable for the mobile network environment, so that when the network access mode of the mobile terminal changes, the VPN service can be "politely suspended and intelligently resumed". ", thereby improving the robustness and stability of the mobile VPN service and ensuring a good user experience.
发明内容Contents of the invention
本发明的目的在于提出一种移动网络环境下的VPN通信保障方法与装置,以在移动终端网络接入方式发生变化时,使VPN服务能够进行“礼貌暂停,智能恢复”,进而提高移动VPN服务的健壮性和稳定性,保证良好的用户体验。The purpose of the present invention is to propose a VPN communication guarantee method and device in a mobile network environment, so that when the network access mode of a mobile terminal changes, the VPN service can be "politely suspended and intelligently resumed", thereby improving the mobile VPN service. The robustness and stability ensure a good user experience.
本发明公开了一种移动网络环境下的VPN通信保障方法,包括:The invention discloses a VPN communication guarantee method in a mobile network environment, comprising:
步骤S1、实时监测移动终端的当前网络状态;Step S1, real-time monitoring of the current network status of the mobile terminal;
步骤S2、根据当前网络状态与预先记录的前一网络状态确定当前网络变化事件;Step S2. Determine the current network change event according to the current network state and the pre-recorded previous network state;
步骤S3、根据当前网络变化事件与预先记录的VPN的前一工作状态决策VPN的下一工作事件。Step S3, making a decision on the next working event of the VPN according to the current network change event and the pre-recorded previous working state of the VPN.
优选的,网络状态包括:无网络接入状态、蜂窝移动网络状态、无线网络状态;网络变化事件包括:网络中断事件、网络切换事件、网络恢复事件;Preferably, the network status includes: no network access status, cellular mobile network status, and wireless network status; network change events include: network interruption events, network switching events, and network recovery events;
以及,在步骤S2中,根据如下公式确定当前网络变化事件:And, in step S2, determine the current network change event according to the following formula:
interruptEvent={(x,y)|x∈cmNet∪wNet,y∈noNet} (1)interruptEvent={(x,y)|x∈cmNet∪wNet,y∈noNet} (1)
switchEvent={(x,y)|x,y∈cmNet∪wNet,x≠y} (2)switchEvent={(x,y)|x,y∈cmNet∪wNet,x≠y} (2)
recoverEvent={(x,y)|x∈noEvent,y∈cmNet∪wNet} (3)recoverEvent={(x,y)|x∈noEvent,y∈cmNet∪wNet} (3)
式中,x为预先记录的前一网络状态,y为当前网络状态,interruptEvent为网络中断事件,switchEvent为网络切换事件,recoverEvent为网络恢复事件,cmNet为蜂窝移动网络状态,wNet为无线网络状态,noWet为无网络状态。In the formula, x is the pre-recorded previous network state, y is the current network state, interruptEvent is the network interruption event, switchEvent is the network switching event, recoverEvent is the network recovery event, cmNet is the cellular mobile network state, wNet is the wireless network state, noWet means no network status.
优选的,步骤S3包括:Preferably, step S3 includes:
若当前网络变化事件为网络中断事件、且预先记录的VPN的前一工作状态为启动状态,则VPN的下一工作事件为暂停事件;If the current network change event is a network interruption event and the previous working state of the pre-recorded VPN is the start state, then the next working event of the VPN is a suspension event;
若当前网络变化事件为网络恢复事件、且预先记录的VPN的前一工作状态为暂停状态,则VPN的下一工作事件为重启事件;If the current network change event is a network recovery event and the previous working state of the pre-recorded VPN is a suspended state, then the next working event of the VPN is a restart event;
若当前网络变化事件为网络切换事件、且预先记录的VPN的前一工作状态为启动状态,则VPN的下一工作事件为重启事件。If the current network change event is a network switching event, and the pre-recorded previous working state of the VPN is the start state, then the next working event of the VPN is a restart event.
优选的,所述方法还包括:在确定VPN的下一工作事件为暂停事件之后,监测VPN的暂停状态持续时间t;并且,在VPN的暂停状态持续时间t超过预设阈值T0时,终止VPN服务。Preferably, the method further includes: after determining that the next working event of the VPN is a suspension event, monitoring the duration t of the suspended state of the VPN; and, when the duration t of the suspended state of the VPN exceeds a preset thresholdT0 , terminating VPN service.
优选的,所述方法还包括:记录VPN的网络配置信息;并且,在对VPN进行重启时,根据记录的VPN的网络配置信息恢复VPN服务;其中,所述VPN的网络配置信息包括:移动终端用户信息、虚拟网络地址、路由配置信息。Preferably, the method further includes: recording the network configuration information of the VPN; and, when restarting the VPN, restoring the VPN service according to the recorded network configuration information of the VPN; wherein, the network configuration information of the VPN includes: a mobile terminal User information, virtual network address, routing configuration information.
本发明还提供了一种移动网络环境下的VPN通信保障装置,包括:The present invention also provides a VPN communication guarantee device in a mobile network environment, comprising:
网络状态监测器,用于实时监测移动终端的当前网络状态;The network status monitor is used to monitor the current network status of the mobile terminal in real time;
VPN网络连接控制器,用于根据所述当前网络状态以及VPN网络配置控制器预先记录的前一网络状态确定当前网络变化事件;A VPN network connection controller, configured to determine a current network change event according to the current network state and the previous network state pre-recorded by the VPN network configuration controller;
VPN工作状态控制器,用于根据所述当前网络变化事件与VPN网络配置控制器预先记录的VPN的前一工作状态决策VPN的下一工作事件;The VPN working state controller is used to decide the next working event of the VPN according to the current network change event and the previous working state of the VPN pre-recorded by the VPN network configuration controller;
VPN网络配置控制器,用于记录移动终端的网络状态和VPN的工作状态。The VPN network configuration controller is used to record the network status of the mobile terminal and the working status of the VPN.
优选的,网络状态包括:无网络接入状态、蜂窝移动网络状态、无线网络状态;网络变化事件包括:网络中断事件、网络切换事件、网络恢复事件;Preferably, the network status includes: no network access status, cellular mobile network status, and wireless network status; network change events include: network interruption events, network switching events, and network recovery events;
以及,VPN网络连接控制器根据如下规则确定当前网络变化事件:And, the VPN network connection controller determines the current network change event according to the following rules:
interruptEvent={(x,y)|x∈cmNet∪wNet,y∈noNet} (1)interruptEvent={(x,y)|x∈cmNet∪wNet,y∈noNet} (1)
switchEvent={(x,y)|x,y∈cmNet∪wNet,x≠y} (2)switchEvent={(x,y)|x,y∈cmNet∪wNet,x≠y} (2)
recoverEvent={(x,y)|x∈noEvent,y∈cmNet∪wNet} (3)recoverEvent={(x,y)|x∈noEvent,y∈cmNet∪wNet} (3)
式中,x为预先记录的前一网络状态,y为当前网络状态,interruptEvent为网络中断事件,switchEvent为网络切换事件,recoverEvent为网络恢复事件,cmNet为蜂窝移动网络状态,wNet为无线网络状态,noWet为无网络状态。In the formula, x is the pre-recorded previous network state, y is the current network state, interruptEvent is the network interruption event, switchEvent is the network switching event, recoverEvent is the network recovery event, cmNet is the cellular mobile network state, wNet is the wireless network state, noWet means no network status.
优选的,VPN工作状态控制器决策VPN的下一工作事件,包括:Preferably, the VPN working status controller decides the next working event of the VPN, including:
若当前网络变化事件为网络中断事件、且预先记录的VPN的前一工作状态为启动状态,则VPN工作状态控制器决策的VPN的下一工作事件为暂停事件;If the current network change event is a network interruption event and the previous working state of the pre-recorded VPN is the start state, the next working event of the VPN determined by the VPN working state controller is a suspension event;
若当前网络变化事件为网络恢复事件、且预先记录的VPN的前一工作状态为暂停状态,则VPN工作状态控制器决策的VPN的下一工作事件为重启事件;If the current network change event is a network recovery event and the previous working state of the pre-recorded VPN is a suspended state, the next working event of the VPN determined by the VPN working state controller is a restart event;
若当前网络变化事件为网络切换事件、且预先记录的VPN的前一工作状态为启动状态,则VPN工作状态控制器决策的VPN的下一工作事件为重启事件。If the current network change event is a network switching event and the pre-recorded previous working state of the VPN is the start state, the next working event of the VPN determined by the VPN working state controller is a restart event.
优选的,所述装置还包括:定时器,用于在决策VPN的下一工作事件为暂停事件之后,监测VPN的暂停状态持续时间t;并且,在VPN的暂停状态持续时间t超过预设阈值T0时,终止VPN服务。Preferably, the device further includes: a timer, used for monitoring the duration t of the suspended state of the VPN after the decision that the next working event of the VPN is a suspended event; and, when the duration t of the suspended state of the VPN exceeds a preset threshold When T0 , terminate the VPN service.
优选的,网络配置控制器还用于:记录VPN的网络配置信息;以及,在对VPN进行重启时,根据记录的VPN的网络配置信息恢复VPN服务;其中,所述VPN的网络配置信息包括:移动终端用户信息、虚拟网络地址、路由配置信息。Preferably, the network configuration controller is also used to: record the network configuration information of the VPN; and, when restarting the VPN, restore the VPN service according to the recorded network configuration information of the VPN; wherein, the network configuration information of the VPN includes: Mobile terminal user information, virtual network address, routing configuration information.
从以上技术方案可以看出,本发明中的移动网络环境下的VPN通信保障方法主要包括以下步骤:监测移动终端的当前网络状态;基于当前网络状态与记录的前一网络状态能够确定当前网络变化事件;基于当前网络变化事件与记录的VPN的前一工作状态决策VPN的下一工作事件。本发明通过以上步骤,能够在网络接入方式改变时智能决策VPN的下一工作事件,进而能够对VPN服务进行“礼貌暂停,智能恢复”,提高了移动VPN服务的健壮性和稳定性,保证了良好的用户体验。进一步的,通过在VPN暂停时记录当前VPN的网络配置信息,并在VPN重启时根据保留的网络配置信息恢复VPN服务,从而在VPN重启时无需重复进行通信协商和用户身份验证等交互,提高了VPN服务的恢复速度。As can be seen from the above technical solutions, the VPN communication guarantee method under the mobile network environment in the present invention mainly includes the following steps: monitoring the current network state of the mobile terminal; determining the current network change based on the current network state and the recorded previous network state Event: Based on the current network change event and the recorded previous working state of the VPN, the next working event of the VPN is decided. Through the above steps, the present invention can intelligently decide the next work event of the VPN when the network access mode changes, and then can perform "polite suspension and intelligent recovery" of the VPN service, which improves the robustness and stability of the mobile VPN service and ensures a good user experience. Further, by recording the network configuration information of the current VPN when the VPN is suspended, and restoring the VPN service according to the retained network configuration information when the VPN is restarted, there is no need to repeatedly perform interactions such as communication negotiation and user authentication when the VPN is restarted, thereby improving The recovery speed of the VPN service.
附图说明Description of drawings
通过以下参照附图而提供的具体实施方式部分,本发明的特征和优点将变得更加容易理解,在附图中:The features and advantages of the present invention will become more comprehensible through the following detailed description provided with reference to the accompanying drawings, in which:
图1是本发明的VPN工作状态转换示意图;Fig. 1 is a schematic diagram of VPN working state transition of the present invention;
图2是本发明的移动终端的网络状态转换示意图;Fig. 2 is a schematic diagram of network state transition of the mobile terminal of the present invention;
图3是本发明实施例的移动网络环境下的VPN通信保障方法流程图;Fig. 3 is a flowchart of a VPN communication guarantee method in a mobile network environment according to an embodiment of the present invention;
图4是本发明实施例的移动网络环境下的VPN通信保障装置组成框图;Fig. 4 is a composition block diagram of the VPN communication protection device under the mobile network environment of the embodiment of the present invention;
101、网络状态监测器;102、VPN网络连接控制器;103、VPN工作状态控制器;104、VPN网络配置控制器。101. Network status monitor; 102. VPN network connection controller; 103. VPN working status controller; 104. VPN network configuration controller.
具体实施方式detailed description
下面参照附图对本发明的示例性实施方式进行详细描述。对示例性实施方式的描述仅仅是出于示范目的,而绝不是对本发明及其应用或用法的限制。Exemplary embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The description of the exemplary embodiments is for the purpose of illustration only, and in no way limits the invention and its application or usage.
在现有技术中,当移动终端的网络接入方式发生变化时,很可能导致移动VPN服务无法正常通信。鉴于此,本发明的发明人提出了一种适用于移动网络环境下的VPN通信保障方法和装置,以在网络接入方式改变时智能决策VPN的下一工作事件,进而提高了移动VPN服务的健壮性和稳定性,保证了良好的用户体验。In the prior art, when the network access mode of the mobile terminal changes, it is likely that the mobile VPN service cannot communicate normally. In view of this, the inventor of the present invention proposes a VPN communication guarantee method and device applicable to a mobile network environment, to intelligently decide the next working event of the VPN when the network access mode changes, thereby improving the reliability of the mobile VPN service. Robustness and stability ensure a good user experience.
在具体介绍本发明实施例中的VPN通信保障方法和装置之前,首先对发明人提出的VPN工作状态模型和移动VPN的网络状态模型进行介绍。Before specifically introducing the VPN communication guarantee method and device in the embodiments of the present invention, the VPN working state model and the mobile VPN network state model proposed by the inventor are introduced first.
传统的VPN服务只有“启动、终止”两种工作状态,以及“启动、终止”两种工作事件。为了在网络接入方式变化时保障VPN的正常通信,本发明的发明人提出了一种新的VPN工作状态模型。在该模型中,增加了“暂停、异常”这两种工作状态,以及“暂停、重启”这两种工作事件。其中,“暂停”状态是针对网络连接的易变性提出的,“异常”状态是针对移动VPN在网络配置、物理链路异常或其他程序异常提出的。具体来说,本发明提出的VPN工作状态模型可用一个五元组的接收器数学模型,即(Σ,S,S0,δ,F)来描述。其中,Σ是输入字母表,即VPN的工作事件;S是状态的非空有限集合,即VPN的工作状态,S0是初始状态集合,即VPN的启动状态;δ是VPN的工作状态转移函数;F是最终状态集合,即VPN的终止状态。图1示出了该VPN工作状态模型对应的状态转换图。从图1可见,工作状态的转换需要相应的工作事件的触发。例如,由启动状态转换到暂停状态需要暂停事件的触发,由暂停状态到启动状态需要重启事件的触发,由启动状态到异常状态需要异常事件的触发。Traditional VPN services only have two working states of "start and stop" and two work events of "start and stop". In order to ensure the normal communication of the VPN when the network access mode changes, the inventor of the present invention proposes a new VPN working state model. In this model, two working states of "suspended and abnormal" and two working events of "suspended and restarted" are added. Among them, the "suspended" state is proposed for the variability of the network connection, and the "abnormal" state is proposed for the mobile VPN when the network configuration, physical link abnormality or other program abnormalities. Specifically, the VPN working state model proposed by the present invention can be described by a five-tuple receiver mathematical model, namely (Σ, S, S0 , δ, F). Among them, Σ is the input alphabet, that is, the working event of the VPN; S is the non-empty finite set of states, that is, the working state of the VPN, S0 is the initial state set, that is, the starting state of the VPN; δ is the transition function of the working state of the VPN ; F is the final state set, that is, the termination state of the VPN. FIG. 1 shows a state transition diagram corresponding to the VPN working state model. It can be seen from Figure 1 that the transition of the working state requires the triggering of corresponding working events. For example, the transition from the start state to the pause state requires the triggering of a pause event, the transition from the pause state to the start state requires the triggering of a restart event, and the transition from the start state to the abnormal state requires the triggering of an abnormal event.
另外,鉴于移动VPN的网络类型较为复杂,本发明的发明人对移动VPN的网络状态模型进行了研究。在该模型中,网路状态包括:蜂窝移动网络状态、无线网络状态、无网络状态。其中,蜂窝移动网络状态包括:2G、3G、4G网络。网络变化事件包括:网络中断事件、网络恢复事件、网络切换事件。具体来说,本发明提出的移动VPN的网络状态模型可用一个六元组的变换器,即(Σ,Γ,S,S0,δ,ω)来描述。其中,Σ是输入字母表,即网络变化事件;Γ是输入字母表,即移动VPN的工作事件;S是状态的非空有限集合,即网络状态;S0是初始状态集合,即初始的网络状态;δ是网络状态转移函数,即S×Σ→S;ω是输出函数,即S×Σ→Γ。图2示出了该VPN的网络状态模型对应的状态转换图。从图2可见,当从无线网络状态变换到无网络状态时,发生了网络中断事件,此时输出的VPN工作事件是暂停事件;当从无网络状态变换到无线网络状态时,发生了网络恢复事件,此时输出的VPN工作事件是重启事件;当从蜂窝移动网络状态变换到无线网络状态时,发生了网络切换事件,此时输出的VPN工作事件是重启事件。又比如,当由2G网络状态变换到3G网络状态时,发生了网络切换事件,此时输出的VPN工作事件是重启事件。In addition, considering that the network type of the mobile VPN is relatively complex, the inventors of the present invention have conducted research on the network state model of the mobile VPN. In this model, the network status includes: cellular mobile network status, wireless network status, and no network status. Wherein, the cellular mobile network status includes: 2G, 3G, 4G network. Network change events include: network interruption events, network restoration events, and network switching events. Specifically, the network state model of the mobile VPN proposed by the present invention can be described by a six-tuple transformer, namely (Σ,Γ,S,S0 ,δ,ω). Among them, Σ is the input alphabet, that is, the network change event; Γ is the input alphabet, that is, the work event of the mobile VPN; S is the non-empty finite set of states, that is, the network state; S0 is the initial state set, that is, the initial network state; δ is the network state transition function, that is, S×Σ→S; ω is the output function, that is, S×Σ→Γ. FIG. 2 shows a state transition diagram corresponding to the network state model of the VPN. It can be seen from Figure 2 that when a network interruption event occurs when changing from a wireless network state to a no-network state, the output VPN work event at this time is a suspension event; when changing from a no-network state to a wireless network state, a network recovery occurs Event, the VPN work event output at this time is a restart event; when the state of the cellular mobile network changes to the wireless network state, a network switching event occurs, and the output VPN work event at this time is a restart event. For another example, when the state of the 2G network is changed to the state of the 3G network, a network switching event occurs, and the output VPN work event at this time is a restart event.
基于以上VPN工作状态模型和移动VPN的网络状态模型,本发明的发明人提出了一种移动网络环境下的VPN通信保障方法。如图3所示,该VPN通信保障方法主要以下步骤:Based on the above VPN working state model and mobile VPN network state model, the inventors of the present invention propose a VPN communication guarantee method in a mobile network environment. As shown in Figure 3, the VPN communication guarantee method mainly follows the steps:
在步骤S1中,实时监测移动终端的当前网络状态。In step S1, the current network status of the mobile terminal is monitored in real time.
在具体实施时,在移动VPN服务启动时,同步触发对移动终端当前网络状态的实时监测。其中,移动终端的当前网络状态可能是蜂窝移动网络状态(比如2G网、3G网、4G网)、无线网络状态或者无网络状态。During specific implementation, when the mobile VPN service is started, real-time monitoring of the current network status of the mobile terminal is synchronously triggered. Wherein, the current network state of the mobile terminal may be a state of a cellular mobile network (such as a 2G network, a 3G network, or a 4G network), a state of a wireless network, or a state of no network.
在步骤S2中,根据当前网络状态与预先记录的前一网络状态确定当前网络变化事件。其中,网络变化事件包括:网络中断事件、网络切换事件、网络恢复事件。In step S2, the current network change event is determined according to the current network state and the pre-recorded previous network state. Wherein, the network change event includes: a network interruption event, a network switching event, and a network recovery event.
在具体实施时,可根据如下公式确定当前网络变化事件:During specific implementation, the current network change event can be determined according to the following formula:
interruptEvent={(x,y)|x∈cmNet∪wNet,y∈noNet} (1)interruptEvent={(x,y)|x∈cmNet∪wNet,y∈noNet} (1)
switchEvent={(x,y)|x,y∈cmNet∪wNet,x≠y} (2)switchEvent={(x,y)|x,y∈cmNet∪wNet,x≠y} (2)
recoverEvent={(x,y)|x∈noEvent,y∈cmNet∪wNet} (3)recoverEvent={(x,y)|x∈noEvent,y∈cmNet∪wNet} (3)
式中,x为预先记录的前一网络状态,y为当前网络状态,interruptEvent为网络中断事件,switchEvent为网络切换事件,recoverEvent为网络恢复事件,cmNet为蜂窝移动网络状态,wNet为无线网络状态,noWet为无网络状态。由公式(1)至(3)可看出,在前一网络状态为蜂窝移动网络状态或者无线网络状态、且当前网络状态为无网络状态时,可判断当前网络变化事件为网络中断事件;在前一网络状态为2G网、且当前网络状态为3G网时,可判断当前网络变化事件为网络切换事件;在前一网络状态为4G网、且当前网络状态为无线网时,可判断当前网络变化事件为网络切换事件;在前一网络状态为无网络状态、且当前网络状态为蜂窝移动网络或无线网络状态时,可判断当前网络变化事件为网络恢复事件。In the formula, x is the pre-recorded previous network state, y is the current network state, interruptEvent is the network interruption event, switchEvent is the network switching event, recoverEvent is the network recovery event, cmNet is the cellular mobile network state, wNet is the wireless network state, noWet means no network status. From formulas (1) to (3), it can be seen that when the previous network state is cellular mobile network state or wireless network state, and the current network state is no network state, it can be judged that the current network change event is a network interruption event; When the previous network state is 2G network and the current network state is 3G network, it can be judged that the current network change event is a network switching event; when the previous network state is 4G network and the current network state is wireless network, it can be judged that the current network The change event is a network switching event; when the previous network state is no network state and the current network state is a cellular mobile network or wireless network state, it can be determined that the current network change event is a network restoration event.
在步骤S3中,根据当前网络变化事件与预先记录的VPN的前一工作状态决策VPN的下一工作事件。In step S3, the next working event of the VPN is decided according to the current network change event and the pre-recorded previous working state of the VPN.
具体来说,若步骤S2中确定的当前网络变化事件为网络中断事件、且预先记录的VPN的前一工作状态为启动状态,则VPN的下一工作事件为暂停事件。然后,根据暂停事件触发VPN服务由启动状态变换到暂停状态。在一个较佳的实施例中,在确定VPN的下一工作事件为暂停事件之后,还可对VPN的暂停状态持续时间t进行监测。若VPN的暂停状态持续时间t超过预设阈值T0时,则自动终止VPN服务。其中,T0的取值可根据需要进行设置,比如可将T0设为1h。通过对长时间处于暂停状态的VPN服务进行自动终止,便于通信双方节约通信资源,降低移动终端的电量消耗,并使VPN服务能够及时释放会话所需的CPU、内存和带宽资源。Specifically, if the current network change event determined in step S2 is a network interruption event, and the pre-recorded previous working state of the VPN is an active state, then the next working event of the VPN is a suspension event. Then, the VPN service is triggered to change from the start state to the pause state according to the pause event. In a preferred embodiment, after it is determined that the next working event of the VPN is a suspension event, the duration t of the suspended state of the VPN can also be monitored. If the duration t of the suspended state of the VPN exceeds the preset thresholdT0 , the VPN service is automatically terminated. Wherein, the value of T0 can be set as required, for example, T0 can be set to 1h. By automatically terminating the VPN service that has been suspended for a long time, it is convenient for both communication parties to save communication resources, reduce the power consumption of the mobile terminal, and enable the VPN service to release the CPU, memory and bandwidth resources required by the session in time.
若步骤S2中确定的当前网络变化事件为网络恢复事件、且预先记录的VPN的前一工作状态为暂停状态,则VPN的下一工作事件为重启事件。然后,根据重启事件触发VPN服务由暂停状态变换到启动状态。If the current network change event determined in step S2 is a network recovery event, and the previous working state of the pre-recorded VPN is a suspended state, then the next working event of the VPN is a restart event. Then, the VPN service is triggered to change from the suspended state to the activated state according to the restart event.
此外,若步骤S2中确定的当前网络变化事件为网络切换事件、且预先记录的VPN的前一工作状态为启动状态,则VPN的下一工作事件为重启事件。然后,根据重启事件触发VPN服务进行重启,从而使VPN由启动状态、变换到暂停状态再变换到启动状态。In addition, if the current network change event determined in step S2 is a network switching event, and the previous working state of the pre-recorded VPN is an active state, then the next working event of the VPN is a restart event. Then, according to the restart event, the VPN service is triggered to restart, so that the VPN changes from the start state, to the pause state, and then to the start state.
在本发明实施例中,通过步骤S1至步骤S3,能够在VPN运行过程中实时监测VPN的工作状态和网络状态,并且能在网络中断时自动、智能化地暂停VPN服务,在网络恢复或网络切换时自动、智能化地重启VPN服务。这样一来,有效解决了现有技术中VPN服务由于网络接入方式改变而不能正常通信的问题,提高了VPN服务的健壮性和稳定性。In the embodiment of the present invention, through steps S1 to S3, the working status and network status of the VPN can be monitored in real time during the operation of the VPN, and the VPN service can be automatically and intelligently suspended when the network is interrupted. Automatically and intelligently restart the VPN service when switching. In this way, the problem in the prior art that the VPN service cannot communicate normally due to the change of the network access mode is effectively solved, and the robustness and stability of the VPN service are improved.
在一个较佳的实施例中,VPN通信保障方法还包括:记录VPN的网络配置信息;以及,在对VPN进行重启时,根据记录的VPN的网络配置信息恢复VPN服务;其中,所述VPN的网络配置信息包括:移动终端用户信息、虚拟网络地址、路由配置信息。通过保留移动VPN的网络配置信息,能够在VPN重启时直接采用保留的配置信息,而无需在每次VPN通信前重复进行通信协商、身份认证等交互,提高了VPN服务的恢复速度。In a preferred embodiment, the VPN communication guarantee method further includes: recording VPN network configuration information; and, when the VPN is restarted, restoring the VPN service according to the recorded VPN network configuration information; wherein, the VPN The network configuration information includes: mobile terminal user information, virtual network address, and routing configuration information. By retaining the network configuration information of the mobile VPN, the reserved configuration information can be directly used when the VPN is restarted, without repeated communication negotiation, identity authentication and other interactions before each VPN communication, which improves the restoration speed of the VPN service.
本发明还提出了一种移动网络环境下的VPN通信保障装置。如图4所示,该VPN通信保障装置具体包括:网络状态监测器101、VPN网络连接控制器102、VPN工作状态控制器103、VPN网络配置控制器104。其中,网络状态监测器101与VPN网络连接控制器102相连,VPN网络连接控制器102还与VPN工作状态控制器103、VPN网络配置控制器104分别相连,VPN工作状态控制器103还与VPN网络配置控制器104相连。The invention also proposes a VPN communication guarantee device under the mobile network environment. As shown in FIG. 4 , the VPN communication assurance device specifically includes: a network status monitor 101 , a VPN network connection controller 102 , a VPN working status controller 103 , and a VPN network configuration controller 104 . Wherein, the network status monitor 101 is connected with the VPN network connection controller 102, and the VPN network connection controller 102 is also connected with the VPN working state controller 103 and the VPN network configuration controller 104 respectively, and the VPN working state controller 103 is also connected with the VPN network A configuration controller 104 is connected.
网络状态监测器101,用于实时监测移动终端的当前网络状态,并将监测到的当前网络状态传送至VPN网络连接控制器102。在具体实施时,可在VPN服务启动时同步启动网络状态监测器101。在进行实时监测时,移动终端的当前网络状态可能是无网络接入状态、蜂窝移动网络状态(比如2G网、3G网、4G网)或者无线网络状态。The network status monitor 101 is configured to monitor the current network status of the mobile terminal in real time, and transmit the monitored current network status to the VPN network connection controller 102 . During specific implementation, the network status monitor 101 may be started synchronously when the VPN service is started. When performing real-time monitoring, the current network state of the mobile terminal may be a state of no network access, a state of a cellular mobile network (such as a 2G network, a 3G network, or a 4G network) or a state of a wireless network.
VPN网络连接控制器102,用于根据监测到的当前网络状态以及VPN网络配置控制器104预先记录的前一网络状态确定当前网络变化事件。具体来说,VPN网络连接控制器102可根据公式(1)至(3)确定当前网络变化事件:The VPN network connection controller 102 is configured to determine the current network change event according to the monitored current network state and the previous network state pre-recorded by the VPN network configuration controller 104 . Specifically, the VPN network connection controller 102 can determine the current network change event according to formulas (1) to (3):
interruptEvent={(x,y)|x∈cmNet∪wNet,y∈noNet} (1)interruptEvent={(x,y)|x∈cmNet∪wNet,y∈noNet} (1)
switchEvent={(x,y)|x,y∈cmNet∪wNet,x≠y} (2)switchEvent={(x,y)|x,y∈cmNet∪wNet,x≠y} (2)
recoverEvent={(x,y)|x∈noEvent,y∈cmNet∪wNet} (3)recoverEvent={(x,y)|x∈noEvent,y∈cmNet∪wNet} (3)
式中,x为预先记录的前一网络状态,y为当前网络状态,interruptEvent为网络中断事件,switchEvent为网络切换事件,recoverEvent为网络恢复事件,cmNet为蜂窝移动网络状态,wNet为无线网络状态,noWet为无网络状态。由公式(1)至(3)可看出,在x为为蜂窝移动网络状态或者无线网络状态、且y为无网络状态时,VPN网络连接控制器102判断当前网络变化事件为网络中断事件;在x为2G网、且y为3G网时,VPN网络连接控制器102判断当前网络变化事件为网络切换事件;在x为4G网、且y为无线网时,VPN网络连接控制器102判断当前网络变化事件为网络切换事件;在x为无网络状态、且y为蜂窝移动网络或无线网络状态时,VPN网络连接控制器102判断当前网络变化事件为网络恢复事件。In the formula, x is the pre-recorded previous network state, y is the current network state, interruptEvent is the network interruption event, switchEvent is the network switching event, recoverEvent is the network recovery event, cmNet is the cellular mobile network state, wNet is the wireless network state, noWet means no network status. From formulas (1) to (3), it can be seen that when x is in the cellular mobile network state or wireless network state, and y is in the no-network state, the VPN network connection controller 102 judges that the current network change event is a network interruption event; When x is a 2G network and y is a 3G network, the VPN network connection controller 102 judges that the current network change event is a network switching event; when x is a 4G network and y is a wireless network, the VPN network connection controller 102 judges that the current The network change event is a network switching event; when x is in the no-network state and y is in the cellular mobile network or wireless network state, the VPN network connection controller 102 determines that the current network change event is a network restoration event.
VPN工作状态控制器103,用于根据VPN网络连接控制器102输出的当前网络变化事件与VPN网络配置控制器104预先记录的VPN的前一工作状态决策VPN的下一工作事件。The VPN working state controller 103 is configured to decide the next working event of the VPN according to the current network change event output by the VPN network connection controller 102 and the previous working state of the VPN recorded in advance by the VPN network configuration controller 104 .
具体来说,若VPN网络连接控制器102确定的当前网络变化事件为网络中断事件、且VPN网络配置控制器104记录的VPN的前一工作状态为启动状态时,VPN工作状态控制器103决策出VPN的下一工作事件为暂停事件。然后,VPN工作状态控制器103根据暂停事件触发VPN服务暂停。若VPN网络连接控制器102确定的当前网络变化事件为网络恢复事件、且VPN网络配置控制器104记录的前一工作状态为暂停状态,则VPN工作状态控制器103决策出VPN的下一工作事件为重启事件。然后,VPN工作状态控制器103根据重启事件触发VPN服务重新启动。若VPN网络连接控制器102确定的当前网络变化事件为网络切换事件、且VPN网络配置控制器104记录的VPN的前一工作状态为启动状态,则VPN工作状态控制器103决策出的VPN的下一工作事件为重启事件。然后,VPN工作状态控制器103根据重启事件触发VPN服务重新启动。Specifically, if the current network change event determined by the VPN network connection controller 102 is a network interruption event, and the previous working state of the VPN recorded by the VPN network configuration controller 104 is the start state, the VPN working state controller 103 decides to The next working event of the VPN is a suspension event. Then, the VPN working state controller 103 triggers the suspension of the VPN service according to the suspension event. If the current network change event determined by the VPN network connection controller 102 is a network recovery event, and the previous working state recorded by the VPN network configuration controller 104 is a suspended state, then the VPN working state controller 103 decides the next working event of the VPN for restart events. Then, the VPN working state controller 103 triggers the restart of the VPN service according to the restart event. If the current network change event determined by the VPN network connection controller 102 is a network switching event, and the previous working state of the VPN recorded by the VPN network configuration controller 104 is the start state, then the next VPN state determined by the VPN working state controller 103 A job event is a restart event. Then, the VPN working state controller 103 triggers the restart of the VPN service according to the restart event.
VPN网络配置控制器104,用于记录移动终端的网络状态和VPN的工作状态。较佳的,VPN网络配置控制器104还用于记录VPN的网络配置信息,以及,在对VPN进行重启时,根据记录的VPN的网络配置信息恢复VPN服务。其中,所述VPN的网络配置信息包括:移动终端用户信息、虚拟网络地址、路由配置信息。通过VPN网络配置控制器104保留移动VPN的网络配置信息,能够在VPN重启时直接采用保留的网络配置信息,而无需在每次VPN通信前重复进行通信协商、身份认证等交互,提高了VPN服务的恢复速度。The VPN network configuration controller 104 is used to record the network status of the mobile terminal and the working status of the VPN. Preferably, the VPN network configuration controller 104 is also used to record the VPN network configuration information, and, when the VPN is restarted, restore the VPN service according to the recorded VPN network configuration information. Wherein, the network configuration information of the VPN includes: mobile terminal user information, virtual network address, and routing configuration information. The network configuration information of the mobile VPN is reserved by the VPN network configuration controller 104, and the reserved network configuration information can be directly used when the VPN is restarted, without the need to repeatedly perform communication negotiation, identity authentication, and other interactions before each VPN communication, thereby improving VPN services. recovery speed.
在本发明实施例中,通过设置包含网络状态监测器、VPN网络连接控制器、VPN工作状态控制器、VPN网络配置控制器的装置,能够在VPN运行过程中实时监测VPN的工作状态和网络状态,并且能在网络中断时自动、智能化地暂停VPN服务,在网络恢复或网络切换时自动、智能化地重启VPN服务。这样一来,有效解决了现有技术中VPN服务由于网络接入方式改变而不能正常通信的问题,提高了VPN服务的健壮性和稳定性。In the embodiment of the present invention, by setting a device that includes a network status monitor, a VPN network connection controller, a VPN working status controller, and a VPN network configuration controller, the working status and network status of the VPN can be monitored in real time during the running of the VPN. , and can automatically and intelligently suspend the VPN service when the network is interrupted, and automatically and intelligently restart the VPN service when the network is restored or switched. In this way, the problem in the prior art that the VPN service cannot communicate normally due to the change of the network access mode is effectively solved, and the robustness and stability of the VPN service are improved.
另外,在一个较佳的实施例中,VPN通信保障装置还包括:定时器。所述定时器,用于在确定VPN的下一工作事件为暂停事件之后,监测VPN的暂停状态持续时间t;并且,在VPN的暂停状态持续时间t超过预设阈值T0时,终止VPN服务。通过设置所述定时器,能够对长时间处于暂停状态的VPN服务进行自动终止,便于通信双方节约通信资源,降低移动终端的电量消耗,并使VPN服务能够及时释放会话所需的CPU、内存和带宽资源。In addition, in a preferred embodiment, the VPN communication guarantee device further includes: a timer. The timer is used to monitor the suspended state duration t of the VPN after determining that the next working event of the VPN is a suspended event; and, when the suspended state duration t of the VPN exceeds a preset threshold valueT0 , the VPN service is terminated . By setting the timer, the VPN service that has been in a suspended state for a long time can be automatically terminated, which is convenient for both communication parties to save communication resources, reduce the power consumption of the mobile terminal, and enable the VPN service to release the CPU, memory and resources required for the session in time. bandwidth resources.
虽然参照示例性实施方式对本发明进行了描述,但是应当理解,本发明并不局限于文中详细描述和示出的具体实施方式,在不偏离权利要求书所限定的范围的情况下,本领域技术人员可以对所述示例性实施方式做出各种改变。Although the present invention has been described with reference to exemplary embodiments, it should be understood that the present invention is not limited to the specific embodiments described and shown in detail herein, and that it is possible for those skilled in the art to do so without departing from the scope defined by the claims. Personnel may make various changes to the exemplary embodiments described.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610202955 | 2016-04-01 | ||
| CN2016102029554 | 2016-04-01 |
| Publication Number | Publication Date |
|---|---|
| CN106793167Atrue CN106793167A (en) | 2017-05-31 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710048163.0APendingCN106793167A (en) | 2016-04-01 | 2017-01-20 | VPN traffic support method and device under a kind of mobile network environment |
| Country | Link |
|---|---|
| CN (1) | CN106793167A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108924889A (en)* | 2018-08-10 | 2018-11-30 | 哈尔滨工业大学(威海) | A kind of network aware and seamless handover method suitable for IOS VPN |
| CN109495889A (en)* | 2018-12-20 | 2019-03-19 | 中山大学新华学院 | Heterogeneous mobile network access control method based on mutual confidence-building mechanism |
| CN112398718A (en)* | 2020-11-20 | 2021-02-23 | 北京达佳互联信息技术有限公司 | Network transmission method and device, electronic equipment and storage medium |
| CN113079528A (en)* | 2021-03-29 | 2021-07-06 | 努比亚技术有限公司 | Network exception handling method and device and computer readable storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060089121A1 (en)* | 2004-10-27 | 2006-04-27 | Hani Elgebaly | Method and apparatus for automatic connecting of virtual private network clients to a network |
| CN101248615A (en)* | 2005-08-05 | 2008-08-20 | 施克莱无线公司 | Pause and resume of secure data connection sessions |
| CN102316092A (en)* | 2010-06-30 | 2012-01-11 | 丛林网络公司 | The VPN networking client that connects again fast that has that is used for mobile device |
| US20160036780A1 (en)* | 2014-05-21 | 2016-02-04 | Fortinet, Inc. | Automated configuration of endpoint security management |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060089121A1 (en)* | 2004-10-27 | 2006-04-27 | Hani Elgebaly | Method and apparatus for automatic connecting of virtual private network clients to a network |
| CN101248615A (en)* | 2005-08-05 | 2008-08-20 | 施克莱无线公司 | Pause and resume of secure data connection sessions |
| CN102316092A (en)* | 2010-06-30 | 2012-01-11 | 丛林网络公司 | The VPN networking client that connects again fast that has that is used for mobile device |
| US20160036780A1 (en)* | 2014-05-21 | 2016-02-04 | Fortinet, Inc. | Automated configuration of endpoint security management |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108924889A (en)* | 2018-08-10 | 2018-11-30 | 哈尔滨工业大学(威海) | A kind of network aware and seamless handover method suitable for IOS VPN |
| CN108924889B (en)* | 2018-08-10 | 2020-11-13 | 哈尔滨工业大学(威海) | Network sensing and seamless switching method suitable for IOS VPN |
| CN109495889A (en)* | 2018-12-20 | 2019-03-19 | 中山大学新华学院 | Heterogeneous mobile network access control method based on mutual confidence-building mechanism |
| CN109495889B (en)* | 2018-12-20 | 2022-01-04 | 中山大学新华学院 | Heterogeneous mobile network access control method based on mutual trust mechanism |
| CN112398718A (en)* | 2020-11-20 | 2021-02-23 | 北京达佳互联信息技术有限公司 | Network transmission method and device, electronic equipment and storage medium |
| CN113079528A (en)* | 2021-03-29 | 2021-07-06 | 努比亚技术有限公司 | Network exception handling method and device and computer readable storage medium |
| CN113079528B (en)* | 2021-03-29 | 2024-10-25 | 努比亚技术有限公司 | Network exception handling method, device and computer readable storage medium |
| Publication | Publication Date | Title |
|---|---|---|
| CN106793167A (en) | VPN traffic support method and device under a kind of mobile network environment | |
| CN101489294B (en) | Method, router and network appliance for regulating power | |
| CN101621852B (en) | MESH network wireless access point re-access method and wireless access point device | |
| CN103079285A (en) | Mobile terminal and method for maintaining point-to-point connection | |
| CN104658231B (en) | The state switching method and device of a kind of remote controler | |
| CN101495988A (en) | Reserving sessions in a wireless network | |
| WO2014101228A1 (en) | Capability exposure system, gateway, proxy, and method of wireless network | |
| US10355963B2 (en) | Heartbeat period setting method, and terminal | |
| CN102821413A (en) | Data transmission method and network side equipment | |
| CN103686854A (en) | Method and device for controlling AP | |
| WO2011113378A2 (en) | Method and apparatus for recovering memory of user-plane buffer | |
| CN106465448A (en) | Data transmission method, access network device and communication system | |
| WO2013078671A1 (en) | Fault detection method, gateway, user equipment, and communication system | |
| CN103973639A (en) | Network access control method, device and system | |
| CN103501252B (en) | The method and device of cloud terminal authentication | |
| CN104469970A (en) | Method and device for reconnecting data network | |
| CN115396308B (en) | System, method and device for maintaining network stability of data center | |
| WO2015180265A1 (en) | Multi-link protection switching method and device | |
| CN102281194A (en) | Message transmission method and network equipment | |
| WO2024183390A1 (en) | Switch control method and apparatus, non-volatile readable storage medium, and electronic device | |
| JP6255615B2 (en) | Terminal information reporting method and related devices | |
| WO2012162968A1 (en) | Method, apparatus and system for controlling data transmission | |
| CN104363579A (en) | Online application implementing method and device | |
| WO2012126320A2 (en) | Method, device and system for processing abnormal data transmission | |
| EP3618479B1 (en) | Controlling user access to wireless network |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20170531 |