Movatterモバイル変換

[0]ホーム
URL:

CN112422397B - Service forwarding method and communication device - Google Patents

Service forwarding method and communication deviceDownload PDF

Info

Publication number
CN112422397B
CN112422397BCN202011225846.7ACN202011225846ACN112422397BCN 112422397 BCN112422397 BCN 112422397BCN 202011225846 ACN202011225846 ACN 202011225846ACN 112422397 BCN112422397 BCN 112422397B
Authority
CN
China
Prior art keywords
service
vsgw
service request
vxlan
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011225846.7A
Other languages
Chinese (zh)
Other versions
CN112422397A (en
Inventor
程海瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co LtdfiledCriticalChina United Network Communications Group Co Ltd
Priority to CN202011225846.7ApriorityCriticalpatent/CN112422397B/en
Publication of CN112422397ApublicationCriticalpatent/CN112422397A/en
Application grantedgrantedCritical
Publication of CN112422397BpublicationCriticalpatent/CN112422397B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

Translated fromChinese

本申请公开了一种业务转发方法及通信装置,涉及通信技术领域,用于实现云网融合。应用于VSGW,该VSGW的第一端与网关设备通过多条VXLAN隧道连接,该VSGW的第二端分别与云服务器以及通信服务器通信连接,该方法包括:VSGW接收来自目标VXLAN隧道的、网关设备发送的业务请求,该目标VXLAN隧道为多条VXLAN隧道中的一条;VSGW根据该业务请求,确定与该业务请求对应的目标服务器,该目标服务器为云服务器或通信服务器;VSGW向目标服务器发送该业务请求。本申请实施例应用于业务传输过程。

Figure 202011225846

The present application discloses a service forwarding method and a communication device, which relate to the field of communication technologies and are used for realizing cloud-network integration. Applied to the VSGW, the first end of the VSGW is connected with the gateway device through a plurality of VXLAN tunnels, and the second end of the VSGW is respectively connected in communication with the cloud server and the communication server, and the method includes: the VSGW receives from the target VXLAN tunnel, the gateway device The service request sent, the target VXLAN tunnel is one of multiple VXLAN tunnels; the VSGW determines the target server corresponding to the service request according to the service request, and the target server is a cloud server or a communication server; VSGW sends the target server to the target server. business request. The embodiments of the present application are applied to the service transmission process.

Figure 202011225846

Description

Translated fromChinese
业务转发方法及通信装置Service forwarding method and communication device

技术领域technical field

本申请涉及通信技术领域,尤其涉及一种业务转发方法及通信装置。The present application relates to the field of communication technologies, and in particular, to a service forwarding method and a communication device.

背景技术Background technique

随着云技术的发展,云网融合技术在通信网络中逐渐得到应用。云网融合技术也可以称为网络云化。其中,“云”是指云计算,“网”是指通信网。云计算可以包括计算能力、存储能力以及相关的软硬件。通信网可以包括接入网、承载网、核心网等通信网络。With the development of cloud technology, cloud-network fusion technology is gradually applied in communication networks. Cloud-network fusion technology can also be called network cloudification. Among them, "cloud" refers to cloud computing, and "network" refers to the communication network. Cloud computing can include computing power, storage capacity, and related hardware and software. The communication network may include communication networks such as an access network, a bearer network, and a core network.

云网融合技术可以将云计算技术与通信技术进行融合。通过云网融合技术可以同时为用户通过云计算服务以及通信服务。因此,云网融合成为业内人士的一个研究方向。Cloud-network fusion technology can integrate cloud computing technology and communication technology. Cloud-network integration technology can provide users with cloud computing services and communication services at the same time. Therefore, cloud-network integration has become a research direction for industry insiders.

发明内容SUMMARY OF THE INVENTION

本申请提供一种业务转发方法及通信装置,用于实现云网融合。The present application provides a service forwarding method and a communication device for realizing cloud-network integration.

为达到上述目的,本申请用如下技术方案:To achieve the above purpose, the application uses the following technical solutions:

第一方面,提供了一种业务转发方法,应用于网关设备,网关设备即客户前置设备CPE(Customer Premise Equipment),如家庭网关、政企网关,位于签约用户(subscriber)侧。该网关设备与位于网络侧虚拟业务网关VSGW建立多条VXLAN隧道。该VSGW在与该网关设备建立VXLAN隧道的同时,分别与通信服务器以及云服务器通信连接,优选该VSGW与云服务器侧的VXLAN网关建立第二VXLAN隧道;VSGW基于网络功能虚拟化NFV(Network FunctionsVirtualization)和软件定义网络SDN(Software Defined Network)技术。该方法包括:网关设备接收来自终端设备的业务请求;网关设备根据该业务请求从多条VXLAN隧道中选择与该业务请求对应的目标VXLAN隧道;网关设备通过该目标VXLAN隧道向VSGW发送该业务请求,以使得VSGW将该业务转发至云服务器或通信服务器。如此,通过网关设备与VSGW之间的多条VXLAN隧道,以及VSGW与云服务器侧的VXLAN网关建立的第二VXLAN隧道,可以将终端设备的业务请求分别转发至通信服务器(如因特网)或不同的云服务器(可以是基础电信运营商的云基础设施/云服务,也可以是第三方的云基础设施/云服务),从而实现了云网融合,便于用户按照需求灵活的选择基础电信运营商的云基础设施/云服务,或者第三方(如互联网公司)的云基础设施/云服务。In a first aspect, a service forwarding method is provided, which is applied to a gateway device. The gateway device is a customer premise equipment (CPE), such as a home gateway and a government-enterprise gateway, located on the subscriber side. The gateway device establishes multiple VXLAN tunnels with the virtual service gateway VSGW on the network side. When the VSGW establishes a VXLAN tunnel with the gateway device, it is respectively connected to the communication server and the cloud server. Preferably, the VSGW establishes a second VXLAN tunnel with the VXLAN gateway on the cloud server side; the VSGW is based on Network Functions Virtualization (NFV) (Network FunctionsVirtualization). and Software Defined Network SDN (Software Defined Network) technology. The method includes: a gateway device receives a service request from a terminal device; the gateway device selects a target VXLAN tunnel corresponding to the service request from a plurality of VXLAN tunnels according to the service request; the gateway device sends the service request to the VSGW through the target VXLAN tunnel , so that the VSGW forwards the service to the cloud server or communication server. In this way, through the multiple VXLAN tunnels between the gateway device and the VSGW, and the second VXLAN tunnel established between the VSGW and the VXLAN gateway on the cloud server side, the service request of the terminal device can be forwarded to the communication server (such as the Internet) or different Cloud server (can be the cloud infrastructure/cloud service of a basic telecom operator, or a third-party cloud infrastructure/cloud service), which realizes cloud-network integration and facilitates users to flexibly choose the basic telecom operator's service according to their needs. Cloud infrastructure/cloud services, or cloud infrastructure/cloud services of third parties (such as Internet companies).

一种可能的实现方式中网关设备具有多个广域网WAN接口,该多个WAN接口为物理接口或虚拟接口,一个WAN接口配置一个能够访问广域网的网际互连协议(InternetProtocol,IP)地址。网关设备的每一条VXLAN分别配置一个VXLAN接口的IP地址,并在网关设备配置该条VXLAN的对端(指向的)IP地址为VSGW设备端口(含物理接口、物理接口的子接口)的IP地址,缺省路由地址为该条VXLAN在VSGW的VXLAN接口IP。每条VXLAN具有不同的VXLAN标识(VXLAN Network Identifier,VNI)。In a possible implementation manner, the gateway device has multiple WAN interfaces of the WAN, the multiple WAN interfaces are physical interfaces or virtual interfaces, and one WAN interface is configured with an Internet Protocol (Internet Protocol, IP) address capable of accessing the WAN. Each VXLAN of the gateway device is configured with an IP address of a VXLAN interface, and the peer (pointed to) IP address of the VXLAN on the gateway device is configured as the IP address of the VSGW device port (including the physical interface and the sub-interface of the physical interface). , the default route address is the IP of the VXLAN interface of the VXLAN in the VSGW. Each VXLAN has a different VXLAN identifier (VXLAN Network Identifier, VNI).

基于该可能的实现方式,该条VXLAN的外层源IP地址为该网关设备的WAN接口的IP地址,该条VXLAN的外层目的IP地址为VSGW的(与该网关设备的WAN接口连接的)端口/物理接口/子接口的IP地址,VXLAN内层源IP地址(即“原始报文”的源IP地址)为网关设备的VXLAN接口的IP地址。一种可能的实现方式中,网关设备与VSGW之间的每一条VXLAN分别对应网关设备的一个WAN接口,通常是虚拟接口,也称为WAN连接。另一种可能的实现方式中,网关设备与VSGW之间VXLAN都使用网关设备的一个WAN接口,也称为WAN连接。网关设备的不同的VXLAN隧道通过VNI等区分。Based on this possible implementation, the outer source IP address of the VXLAN is the IP address of the WAN interface of the gateway device, and the outer destination IP address of the VXLAN is the VSGW (connected to the WAN interface of the gateway device) The IP address of the port/physical interface/sub-interface, and the source IP address of the VXLAN inner layer (that is, the source IP address of the "original packet") is the IP address of the VXLAN interface of the gateway device. In a possible implementation manner, each VXLAN between the gateway device and the VSGW corresponds to a WAN interface of the gateway device, which is usually a virtual interface, also called a WAN connection. In another possible implementation manner, the VXLAN between the gateway device and the VSGW uses a WAN interface of the gateway device, which is also called a WAN connection. Different VXLAN tunnels of the gateway device are distinguished by VNI etc.

一种可能的实现方式中,网关设备可以根据业务请求携带的目的IP地址、或网关设备收到业务请求的用户侧端口(也成为局域网侧端口,与WAN端口相对应)的端口号,从多条VXLAN隧道中选择与业务请求对应的目标VXLAN隧道。网关设备可以根据业务请求携带的目的IP地址或业务请求的业务类型,为业务请求对应的目标VXLAN标识不同的优先级。In a possible implementation manner, the gateway device may, according to the destination IP address carried in the service request, or the port number of the user-side port (also called the LAN-side port, corresponding to the WAN port) where the gateway device receives the service request, from multiple Select the target VXLAN tunnel corresponding to the service request from the VXLAN tunnels. The gateway device may identify different priorities for the target VXLAN corresponding to the service request according to the destination IP address carried in the service request or the service type of the service request.

基于该可能的实现方式,可以通过VXLAN隧道/隧道实现业务的隔离。Based on this possible implementation, service isolation can be achieved through VXLAN tunnels/tunnels.

一种可能的实现方式中,网关设备具有对应的身份标识号码ID,该ID包括第一字节和第二字节,第一字节用于指示网关设备的签约用户,第二字节用于指示一个签约用户名下的(多个)网关设备的序号,便于一个政企用户(签约用户)多个网关设备的管理,以及一个政企用户的位于不同地址的机构之间通过网关设备建立VXLAN隧道实现互联。In a possible implementation manner, the gateway device has a corresponding identification number ID, the ID includes a first byte and a second byte, the first byte is used to indicate the subscriber of the gateway device, and the second byte is used for Indicates the serial number of (multiple) gateway devices under the name of a subscribed user, which is convenient for the management of multiple gateway devices of a government and enterprise user (subscribed user), and the establishment of VXLAN between organizations located at different addresses of a government and enterprise user through the gateway device. Tunnels are interconnected.

基于该可能的实现方式,对于不同签约用户的网关设备,通过网关设备的ID的多个字节,可以便于其他设备准确的识别网关设备。一个网关设备对应唯一的一个ID,一个ID对应一个配置文件。根据配置文件建立网关的配置信息,特别是多条VXLAN隧道的配置和业务信息,该配置文件包括VXLAN配置信息、上网业务信息、云业务信息、网络安全信息以及VPN信息中的一个或多个。Based on this possible implementation manner, for the gateway devices of different subscribers, it is convenient for other devices to accurately identify the gateway device through the multiple bytes of the ID of the gateway device. A gateway device corresponds to a unique ID, and an ID corresponds to a configuration file. The configuration information of the gateway is established according to the configuration file, especially the configuration and service information of multiple VXLAN tunnels. The configuration file includes one or more of VXLAN configuration information, Internet service information, cloud service information, network security information and VPN information.

一种可能的实现方式中,该配置文件来自网关设备的终端管理系统。网关设备预配置终端管理系统的IP地址、虚拟局域网(Virtual Local Area Network,VLAN)、WAN接口等信息,终端管理系统建立物理层至IP层连接后,网关设备向终端管理系统请求与其ID唯一对应的配置文件。In a possible implementation manner, the configuration file comes from the terminal management system of the gateway device. The gateway device is pre-configured with information such as the IP address, virtual local area network (VLAN), and WAN interface of the terminal management system. After the terminal management system establishes the connection between the physical layer and the IP layer, the gateway device requests the terminal management system to uniquely correspond to its ID. configuration file.

一种可能的实现方式中,业务请求用于请求第一类业务,若第一类业务为上网业务,则目标服务器为通信服务器;若第一类业务为云业务,则目标服务器为云服务器。In a possible implementation manner, the service request is used to request the first type of service. If the first type of service is an Internet service, the target server is a communication server; if the first type of service is a cloud service, the target server is a cloud server.

基于该可能的实现方式,针对不同类型的业务,如上网业务和云业务,可以通过对应的服务器处理业务,灵活简单。Based on this possible implementation manner, for different types of services, such as Internet access services and cloud services, services can be processed through corresponding servers, which is flexible and simple.

第二方面,提供了一种通信装置,该通信装置应用于网关设备或者网关设备中的芯片或者片上系统,还可以为网关设备中用于实现第一方面或第一方面的任一可能的设计所述的方法的功能模块。该通信装置可以实现上述各方面或者各可能的设计中网关设备所执行的功能,所述功能可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个上述功能相应的模块。如:该通信装置包括处理单元和通信单元。In a second aspect, a communication device is provided. The communication device is applied to a gateway device or a chip or a system-on-chip in the gateway device, and can also be a gateway device for implementing the first aspect or any possible design of the first aspect. functional modules of the method. The communication apparatus can implement the functions performed by the gateway device in the above aspects or possible designs, and the functions can be implemented by executing corresponding software through hardware. The hardware or software includes one or more modules corresponding to the above functions. For example, the communication device includes a processing unit and a communication unit.

该通信单元,用于接收来自终端设备的业务请求;The communication unit is used to receive a service request from a terminal device;

该处理单元,用于根据该业务请求从多条VXLAN隧道中选择与该业务请求对应的目标VXLAN隧道;the processing unit, configured to select a target VXLAN tunnel corresponding to the service request from a plurality of VXLAN tunnels according to the service request;

该通信单元,还用于通过该目标VXLAN隧道向VSGW发送该业务请求,以使得VSGW将该业务转发至云服务器或通信服务器。The communication unit is further configured to send the service request to the VSGW through the target VXLAN tunnel, so that the VSGW forwards the service to the cloud server or the communication server.

其中,该通信装置的具体实现方式可以参考第一方面或第一方面的任一可能的设计提供的业务转发方法中网关设备的行为功能,在此不再重复赘述。因此,该提供的通信装置可以达到与第一方面或者第一方面的任一可能的设计相同的有益效果。For the specific implementation of the communication apparatus, reference may be made to the behavior function of the gateway device in the service forwarding method provided in the first aspect or any possible design of the first aspect, and details are not repeated here. Therefore, the provided communication device can achieve the same beneficial effects as the first aspect or any possible design of the first aspect.

第三方面,提供了一种通信装置,该通信装置可以为网关设备或者网关设备中的芯片或者片上系统。该通信装置可以实现上述各方面或者各可能的设计中网关设备所执行的功能,所述功能可以通过硬件实现,如:一种可能的设计中,该通信装置可以包括:处理器和通信接口,处理器可以用于支持通信装置实现上述第一方面或者第一方面的任一种可能的设计中所涉及的功能,例如:处理器用于通过通信接口接收来自终端设备的业务请求。In a third aspect, a communication apparatus is provided, and the communication apparatus may be a gateway device or a chip or a system-on-chip in the gateway device. The communication apparatus may implement the functions performed by the gateway device in the above aspects or possible designs, and the functions may be implemented by hardware. For example, in a possible design, the communication apparatus may include: a processor and a communication interface, The processor may be configured to support the communication apparatus to implement the functions involved in the first aspect or any possible design of the first aspect. For example, the processor is configured to receive a service request from a terminal device through a communication interface.

在又一种可能的设计中,通信装置还可以包括存储器,存储器用于保存通信装置必要的计算机执行指令和数据。当该通信装置运行时,该处理器执行该存储器存储的该计算机执行指令,以使该通信装置执行上述第一方面或者第一方面的任一种可能的设计所述的业务转发方法。In yet another possible design, the communication device may further include a memory for storing computer-executed instructions and data necessary for the communication device. When the communication apparatus is running, the processor executes the computer-executable instructions stored in the memory, so that the communication apparatus executes the service forwarding method described in the first aspect or any possible design of the first aspect.

第四方面,提供了一种计算机可读存储介质,该计算机可读存储介质可以为可读的非易失性存储介质,该计算机可读存储介质存储有计算机指令或者程序,当其在计算机上运行时,使得计算机可以执行上述第一方面或者上述方面的任一种可能的设计所述的业务转发方法。In a fourth aspect, a computer-readable storage medium is provided. The computer-readable storage medium may be a readable non-volatile storage medium, and the computer-readable storage medium stores computer instructions or programs. When running, the computer can execute the service forwarding method described in the first aspect above or any possible design of the above aspect.

第五方面,提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机可以执行上述第一方面或者上述方面的任一种可能的设计所述的业务转发方法。In a fifth aspect, a computer program product containing instructions is provided, which, when run on a computer, enables the computer to execute the service forwarding method described in the first aspect or any possible design of the above aspect.

第六方面,提供了一种通信装置,该通信装置可以为网关设备或者网关设备中的芯片或者片上系统,该通信装置包括一个或者多个处理器以及和一个或多个存储器。所述一个或多个存储器与所述一个或多个处理器耦合,所述一个或多个存储器用于存储计算机程序代码,所述计算机程序代码包括计算机指令,当所述一个或多个处理器执行所述计算机指令时,使得所述网关设备执行如上述第一方面或者第一方面的任一可能的设计所述的业务转发方法。In a sixth aspect, a communication apparatus is provided. The communication apparatus may be a gateway device or a chip or a system-on-chip in the gateway device. The communication apparatus includes one or more processors and one or more memories. The one or more memories are coupled to the one or more processors, the one or more memories for storing computer program code, the computer program code comprising computer instructions, when the one or more processors When the computer instructions are executed, the gateway device is caused to execute the service forwarding method described in the first aspect or any possible design of the first aspect.

第七方面,提供了一种芯片系统,该芯片系统包括处理器以及通信接口,该芯片系统可以用于实现上述第一方面或第一方面的任一可能的设计中网关设备所执行的功能,例如处理器用于通过通信接口接收来自终端设备的业务请求。在一种可能的设计中,所述芯片系统还包括存储器,所述存储器,用于保存程序指令和/或数据。该芯片系统可以由芯片构成,也可以包含芯片和其他分立器件,不予限制。A seventh aspect provides a system-on-chip, the system-on-chip includes a processor and a communication interface, and the system-on-chip can be used to implement the functions performed by the gateway device in the first aspect or any possible design of the first aspect, For example, the processor is used to receive service requests from the terminal equipment through the communication interface. In a possible design, the chip system further includes a memory for storing program instructions and/or data. The chip system may be composed of chips, and may also include chips and other discrete devices, which is not limited.

其中,第二方面至第七方面中任一种设计方式所带来的技术效果可参见上述第一方面或者第一方面的任一种可能的设计所带来的技术效果,不再赘述。Wherein, for the technical effect brought by any one of the design manners in the second aspect to the seventh aspect, reference may be made to the technical effect brought by the first aspect or any possible design of the first aspect, and details are not repeated here.

第八方面,提供了一种业务转发方法,应用于虚拟业务网关VSGW,VSGW基于NFV、SDN技术,该VSGW的第一端与网关设备通过多条VXLAN隧道连接,该VSGW的第二端分别与云服务器以及通信服务器通信连接,其中VSGW的第二端分别与云服务器的连接优选:VSGW与云服务器侧的VXLAN网关建立VXLAN隧道,VXLAN网关与云服务器(如云基础设施/云服务等)连接。该方法包括:VSGW接收来自目标VXLAN隧道的、网关设备发送的业务请求,该目标VXLAN隧道为多条VXLAN隧道中的一条;VSGW根据该业务请求,确定与该业务请求对应的目标服务器,该目标服务器为云服务器或通信服务器;VSGW向目标服务器发送该业务请求。如此,VSGW可以通过与业务请求对应的VXLAN隧道接收网关设备的业务请求,VSGW可以根据该业务请求以及传输该业务请求的VXLAN隧道,确定该业务请求对应的服务器为云服务器还是通信服务器,进而,VSGW可以向与该业务请求对应的服务器发送该业务请求,从而实现了云网融合。In an eighth aspect, a service forwarding method is provided, which is applied to a virtual service gateway VSGW. The VSGW is based on NFV and SDN technologies. The first end of the VSGW is connected to the gateway device through multiple VXLAN tunnels, and the second end of the VSGW is connected to the gateway device. The cloud server and the communication server are connected in communication, and the connection between the second end of the VSGW and the cloud server is preferably: VSGW establishes a VXLAN tunnel with the VXLAN gateway on the cloud server side, and the VXLAN gateway is connected with the cloud server (such as cloud infrastructure/cloud service, etc.) . The method includes: the VSGW receives a service request from a target VXLAN tunnel and sent by a gateway device, where the target VXLAN tunnel is one of multiple VXLAN tunnels; the VSGW determines a target server corresponding to the service request according to the service request, and the target The server is a cloud server or a communication server; the VSGW sends the service request to the target server. In this way, the VSGW can receive the service request of the gateway device through the VXLAN tunnel corresponding to the service request, and the VSGW can determine whether the server corresponding to the service request is a cloud server or a communication server according to the service request and the VXLAN tunnel that transmits the service request, and then, The VSGW can send the service request to the server corresponding to the service request, thereby realizing cloud-network integration.

一种可能的实现方式中,VSGW接收来自网关设备的认证信息,该认证信息包括网关设备的上网认证信息、接入云认证信、网络安全认证信息以及VPN认证信息中的一个或多个;VSGW根据该认证信息对网关设备进行认证。In a possible implementation, the VSGW receives authentication information from the gateway device, and the authentication information includes one or more of the gateway device's Internet access authentication information, access cloud authentication information, network security authentication information, and VPN authentication information; the VSGW The gateway device is authenticated according to the authentication information.

基于该可能的实现方式,VSGW可以通过网关设备的认证信息,对网关设备进行认证,用以避免非法的网关设备与VSGW进行数据传输。Based on this possible implementation manner, the VSGW can authenticate the gateway device through the authentication information of the gateway device, so as to avoid illegal data transmission between the gateway device and the VSGW.

一种可能的实现方式中,若网关设备认证成功,VSGW管理VSGW与网关设备建立的IP会话。In a possible implementation manner, if the gateway device is authenticated successfully, the VSGW manages the IP session established between the VSGW and the gateway device.

基于该可能的实现方式,VSGW接收网关设备的签约用户的带宽信息,根据所述带宽信息确定所述网关设备与目标服务器之间的数据传输带宽,VSGW根据运营商网管人员或签约用户的工作人员发送的签约用户的带宽信息实现带宽的动态调整。签约用户通过网关设备与VSGW的VXLAN隧道向VSGW发送修改“签约用户的带宽信息”,对网关设备与目标服务器之间的数据传输速率进行动态调整,方便灵活。Based on this possible implementation, the VSGW receives the bandwidth information of the subscriber of the gateway device, and determines the data transmission bandwidth between the gateway device and the target server according to the bandwidth information, and the VSGW determines the data transmission bandwidth between the gateway device and the target server according to the bandwidth information. The transmitted bandwidth information of the subscriber realizes dynamic adjustment of the bandwidth. The subscriber sends the modified "subscriber's bandwidth information" to the VSGW through the VXLAN tunnel between the gateway device and the VSGW, and dynamically adjusts the data transmission rate between the gateway device and the target server, which is convenient and flexible.

基于该实现方式,在网关设备认证成功的情况下,VSGW可以通过IP会话与网关设备进行数据传输,保证了数据传输的安全性。Based on this implementation manner, in the case of successful authentication of the gateway device, the VSGW can perform data transmission with the gateway device through an IP session, which ensures the security of data transmission.

一种可能的实现方式中,若业务信息满足预设告警条件,则VSGW输出告警信息,该预设告警条件包括网关设备认证失败、业务信息为非法信息、网关设备属于网关设备黑名单、业务信息不符合访问控制列表(access control list,ACL)中的一个或多个。In a possible implementation manner, if the service information meets preset alarm conditions, the VSGW outputs alarm information, and the preset alarm conditions include gateway device authentication failure, service information is illegal information, gateway device belongs to gateway device blacklist, service information One or more of the access control lists (ACLs) are not complied with.

基于该实现方式,通过多个维度的安全告警信息,保证了业务传输以及设备的安全。Based on this implementation manner, the security of service transmission and equipment is ensured through security alarm information of multiple dimensions.

第九方面,提供一种通信装置,该通信装置应用于VSGW或者VSGW中的芯片或者片上系统,还可以为VSGW中用于实现第八方面或第八方面的任一可能的设计所述的方法的功能模块。该通信装置可以实现上述各方面或者各可能的设计中VSGW所执行的功能,所述功能可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个上述功能相应的模块。如:该通信装置包括通信单元以及处理单元。A ninth aspect provides a communication device, which is applied to a VSGW or a chip or a system-on-a-chip in the VSGW, and can also be the method described in the VSGW for implementing the eighth aspect or any possible design of the eighth aspect function module. The communication apparatus may implement the functions performed by the VSGW in the above aspects or possible designs, and the functions may be implemented by executing corresponding software through hardware. The hardware or software includes one or more modules corresponding to the above functions. For example, the communication device includes a communication unit and a processing unit.

该通信单元,用于接收来自网关设备的业务请求。The communication unit is used for receiving a service request from a gateway device.

该处理单元,用于根据该业务请求确定与该业务请求对应的云服务器或通信服务器。The processing unit is configured to determine the cloud server or communication server corresponding to the service request according to the service request.

该通信单元,还用于向云服务器或通信服务器发送该业务请求。The communication unit is further configured to send the service request to the cloud server or the communication server.

其中,该通信装置的具体实现方式可以参考第八方面或第八方面的任一可能的设计提供的业务转发方法中网关设备的行为功能,在此不再重复赘述。因此,该提供的通信装置可以达到与第八方面或者第八方面的任一可能的设计相同的有益效果。For the specific implementation of the communication apparatus, reference may be made to the behavior function of the gateway device in the service forwarding method provided by the eighth aspect or any possible design of the eighth aspect, and details are not repeated here. Therefore, the provided communication device can achieve the same beneficial effects as the eighth aspect or any possible design of the eighth aspect.

第十方面,提供了一种通信装置,该通信装置可以为VSGW或者VSGW中的芯片或者片上系统。该通信装置可以实现上述各方面或者各可能的设计中VSGW所执行的功能,所述功能可以通过硬件实现,如:一种可能的设计中,该通信装置可以包括:处理器和通信接口。通信接口和处理器耦合,处理器用于运行计算机程序或指令,以实现如第八方面和第八方面的任一种可能的实现方式中所描述的业务转发方法。In a tenth aspect, a communication apparatus is provided, and the communication apparatus may be a VSGW or a chip or a system on a chip in the VSGW. The communication apparatus may implement the functions performed by the VSGW in the above aspects or possible designs, and the functions may be implemented by hardware. For example, in a possible design, the communication apparatus may include a processor and a communication interface. The communication interface is coupled to the processor, and the processor is configured to run a computer program or instructions to implement the service forwarding method described in the eighth aspect and any possible implementation manner of the eighth aspect.

第十一方面,提供了一种计算机可读存储介质,该计算机可读存储介质可以为可读的非易失性存储介质,该计算机可读存储介质存储有计算机指令或者程序,当其在计算机上运行时,使得计算机可以执行上述第八方面或者上述第八方面的任一种可能的设计所述的业务转发方法。In an eleventh aspect, a computer-readable storage medium is provided. The computer-readable storage medium may be a readable non-volatile storage medium, and the computer-readable storage medium stores computer instructions or programs. When running on the above, the computer can execute the service forwarding method described in the above eighth aspect or any possible design of the above eighth aspect.

第十二方面,提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机可以执行上述第八方面或者上述第八方面的任一种可能的设计所述的业务转发方法。A twelfth aspect provides a computer program product containing instructions, which, when run on a computer, enables the computer to execute the service forwarding method described in the eighth aspect or any possible design of the eighth aspect above .

第十三方面,提供了一种通信装置,该通信装置可以为网络设备或者网络设备中的芯片或者片上系统,该通信装置包括一个或者多个处理器以及和一个或多个存储器。所述一个或多个存储器与所述一个或多个处理器耦合,所述一个或多个存储器用于存储计算机程序代码,所述计算机程序代码包括计算机指令,当所述一个或多个处理器执行所述计算机指令时,使得所述网络设备执行如上述第八方面或者第八方面的任一可能的设计所述的业务转发方法。In a thirteenth aspect, a communication apparatus is provided. The communication apparatus may be a network device or a chip or a system-on-chip in the network device. The communication apparatus includes one or more processors and one or more memories. The one or more memories are coupled to the one or more processors, the one or more memories for storing computer program code, the computer program code comprising computer instructions, when the one or more processors When the computer instructions are executed, the network device is caused to execute the service forwarding method described in the eighth aspect or any possible design of the eighth aspect.

第十四方面,提供了一种芯片,包括:处理器和通信接口,所述处理器通过所述通信接口与存储器耦合,当所述处理器执行所述存储器中的计算机程序或指令时,使得如第八方面和第八方面的任一种可能的实现方式中所描述的业务转发方法被执行。A fourteenth aspect provides a chip, comprising: a processor and a communication interface, the processor is coupled to a memory through the communication interface, and when the processor executes the computer program or instructions in the memory, the processor causes The service forwarding method described in the eighth aspect and any possible implementation manner of the eighth aspect is performed.

其中,第九方面至第十四方面中任一种设计方式所带来的技术效果可参见上述第八方面或者第八方面的任一种可能的设计所带来的技术效果,不再赘述。Wherein, for the technical effect brought by any one of the design manners in the ninth aspect to the fourteenth aspect, reference may be made to the technical effect brought by the eighth aspect or any possible design of the eighth aspect, which will not be repeated.

附图说明Description of drawings

图1为本申请实施例提供的一种通信系统的结构示意图;FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;

图2为本申请实施例提供的另一种通信系统的结构示意图;FIG. 2 is a schematic structural diagram of another communication system provided by an embodiment of the present application;

图3为本申请实施例提供的一种通信装置300的结构示意图;FIG. 3 is a schematic structural diagram of acommunication apparatus 300 according to an embodiment of the present application;

图4为本申请实施例提供的一种业务转发方法的流程示意图;4 is a schematic flowchart of a service forwarding method provided by an embodiment of the present application;

图5为本申请实施例提供的一种通信装置50的结构示意图;FIG. 5 is a schematic structural diagram of a communication device 50 according to an embodiment of the present application;

图6为本申请实施例提供的一种通信装置60的结构示意图。FIG. 6 is a schematic structural diagram of a communication apparatus 60 according to an embodiment of the present application.

具体实施方式Detailed ways

在描述本申请实施例之前,对本申请实施例涉及的名词术语进行解释说明:Before describing the embodiments of the present application, the terms involved in the embodiments of the present application are explained:

虚拟扩展局域网(virtual extensible local area network,VXLAN)是一种隧道技术,能在三层网络的基础上建立二层以太网(Ethernet)网络隧道,从而实现跨地域的二层互连。两个配置了VXLAN的路由器也逻辑上构建了一条在虚拟链路中的通道VXLAN隧道,这样的路由器称之为“VXLAN隧道终端”(VXLAN Tunnel End Point,VTEP)。在包含VXLAN的网络中,VXLAN的实现机制仅仅对VTEP节点可见。VXLAN采取了将原始以太网报文封装在用户数据报协议(User Datagram Protocol,UDP)的数据包里的封装格式。封装了VXLAN协议的报文包括:VXLAN封装和原始报文。其中,VXLAN封装包括:外层Ethernet头封装(OuterEthernet header)、外层IP头封装(Outer IP header)、外层UDP头封装(Outer UDPheader)、VXLAN头封装(VXLAN header)。外层IP头封装包括:外层源IP地址(即VXLAN隧道源端VTEP的IP地址)、外层目的IP地址(VXLAN隧道目的端VTEP的IP地址)等。VXLAN头封装包括:VNI:(VXLAN网络标识)、VXLAN Flags(标记位)等。原始报文为被封装的以太帧(包含了MAC头部、IP头部和传输层头部的报文)。具体的,可以参照RFC7348中的描述,不予赘述。A virtual extensible local area network (VXLAN) is a tunneling technology that can establish a layer-2 Ethernet (Ethernet) network tunnel on the basis of a layer-3 network, thereby realizing cross-regional layer-2 interconnection. Two VXLAN-configured routers also logically build a channel VXLAN tunnel in the virtual link. Such routers are called "VXLAN Tunnel End Point" (VTEP). In a network containing VXLAN, the VXLAN implementation mechanism is only visible to VTEP nodes. VXLAN adopts an encapsulation format in which original Ethernet packets are encapsulated in User Datagram Protocol (UDP) packets. Packets encapsulated with the VXLAN protocol include: VXLAN encapsulation and original packets. The VXLAN encapsulation includes: an outer Ethernet header (OuterEthernet header), an outer IP header (Outer IP header), an outer UDP header (Outer UDP header), and a VXLAN header (VXLAN header). The outer layer IP header encapsulation includes: outer layer source IP address (that is, the IP address of the VXLAN tunnel source end VTEP), outer layer destination IP address (the VXLAN tunnel destination end VTEP's IP address), and the like. The VXLAN header encapsulation includes: VNI: (VXLAN network identifier), VXLAN Flags (marker bits), and the like. The original packet is an encapsulated Ethernet frame (a packet containing a MAC header, an IP header, and a transport layer header). For details, reference may be made to the description in RFC7348, which will not be repeated.

通常情况下,用户侧的网关设备在接收到终端设备的请求业务之后,可以根据该请求业务的目的IP或业务类型,为请求业务分配不同的虚拟局域网标识(virtual localarea network identity,VLAN ID),实现业务流量的逻辑隔离和转发到不同的服务器和网络设备。但是,在网关难以区分并逻辑上隔离访问互联网(如访问web等)业务、访问云基础资源/云服务的业务,二者都是基于一个vlan(即VLAN ID相同)。为了信息安全,政企用户通常建立基于政企用户的网关与云服务商的云服务器(或者与服务器相连接的路由器)之间的网络隧道,如果政企用户变更云服务商需要端到端的变更政企用户的网关与云服务商的云服务器(或者与服务器相连接的路由器)的关于网络隧道的配置,业务变更较为复杂。Usually, after receiving the request service from the terminal device, the gateway device on the user side can assign different virtual local area network identities (VLAN IDs) to the requested service according to the destination IP or service type of the requested service. Implement logical isolation and forwarding of business traffic to different servers and network devices. However, it is difficult for the gateway to distinguish and logically isolate the business of accessing the Internet (such as accessing the web, etc.) and the business of accessing cloud basic resources/cloud services, both of which are based on one vlan (that is, the VLAN ID is the same). For information security, government and enterprise users usually establish a network tunnel between the gateway based on the government and enterprise users and the cloud server of the cloud service provider (or the router connected to the server). The configuration of the network tunnel between the gateway of the government and enterprise users and the cloud server of the cloud service provider (or the router connected to the server) is more complicated for business changes.

鉴于此,本申请实施例提供了一种业务转发方法,该方法包括:网关设备接收来自终端设备的业务请求之后,网关设备根据该业务请求,从网关设备与VSGW之间的多条VXLAN隧道中选择与该业务请求对应的目标VXLAN隧道,并通过该目标VXLAN隧道向VSGW发送该业务请求。VSGW与云服务器侧的VXLAN网关(VXLAN网关可以是一个支持VXLAN的路由器)建立第二VXLAN隧道,VSGW可以将收到的业务请求分别转发至通信服务器或云服务器;其中:通信服务器可以是因特网的网络设备,如万维网服务器、邮件服务器等,云服务器可以是基础电信运营商的云基础设施/云服务,也可以是第三方的云基础设施/云服务,便于用户按照需求灵活的选择基础电信运营商的云基础设施/云服务,或者第三方(如互联网公司)的云基础设施/云服务。VSGW与通信服务器之间通常不是直接用光纤进行连接,而是中间经过了路由器,甚至是通过光传送网进行连接。VSGW与云服务器侧的VXLAN网关之间通常也不是直接用光纤进行连接,而是中间经过了路由器,甚至是通过光传送网进行连接。In view of this, an embodiment of the present application provides a service forwarding method. The method includes: after the gateway device receives a service request from a terminal device, the gateway device, according to the service request, forwards data from multiple VXLAN tunnels between the gateway device and the VSGW. The target VXLAN tunnel corresponding to the service request is selected, and the service request is sent to the VSGW through the target VXLAN tunnel. The VSGW establishes a second VXLAN tunnel with the VXLAN gateway on the cloud server side (the VXLAN gateway can be a router that supports VXLAN), and the VSGW can forward the received service requests to the communication server or cloud server respectively; Network equipment, such as web servers, mail servers, etc. Cloud servers can be cloud infrastructure/cloud services of basic telecom operators, or third-party cloud infrastructure/cloud services, so that users can flexibly choose basic telecom operations according to their needs The cloud infrastructure/cloud service of a commercial company, or the cloud infrastructure/cloud service of a third party (such as an Internet company). Usually, the VSGW and the communication server are not directly connected by optical fibers, but are connected through a router or even through an optical transport network. Usually, the VSGW and the VXLAN gateway on the cloud server side are not directly connected by optical fibers, but are connected through a router or even through an optical transport network.

基于本申请实施例提供的技术方案,通过网关设备与VSGW之间的多条VXLAN隧道,且该多条VXLAN隧道中每条VXLAN隧道对应一种业务请求。如此,网关设备可以将终端设备的业务请求发送给VSGW,以使得VSGW进行分发和处理,实现了业务的逻辑隔离以及云基础设施/云服务的灵活选择。Based on the technical solutions provided by the embodiments of the present application, multiple VXLAN tunnels between the gateway device and the VSGW are passed, and each VXLAN tunnel in the multiple VXLAN tunnels corresponds to a service request. In this way, the gateway device can send the service request of the terminal device to the VSGW, so that the VSGW can distribute and process it, thereby realizing logical isolation of services and flexible selection of cloud infrastructure/cloud services.

本申请实施例中,VSGW位于网络侧,如城域网、核心网;网关设备位于用户侧,如政企网络中。网关设备连接了运营商的电信网络和政企客户的网络。网关设备连接了运营商的电信网络可以是光纤通信网络,也可以是移动通信网络。In the embodiment of the present application, the VSGW is located on the network side, such as a metropolitan area network and a core network; the gateway device is located on the user side, such as a government-enterprise network. The gateway device connects the telecom network of the operator and the network of the government and enterprise customers. The telecommunication network to which the gateway device is connected to the operator may be an optical fiber communication network or a mobile communication network.

下面将结合附图对本申请实施例的实施方式进行详细描述。The implementation of the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

本申请实施例提供的业务转发方法可用于支持通信的任一通信系统,该通信系统可以为光纤通信系统,如光纤到x(Fiber To The x,FTTx);也可以为第三代合作伙伴计划(3rd generation partnership project,3GPP)定义的移动通信系统,例如,长期演进(long term evolution,LTE)通信系统、5G移动通信系统、以及其他下一代通信系统,不予限制。下面以图1为例,对本申请实施例提供的业务转发方法进行描述。The service forwarding method provided in the embodiments of the present application can be used in any communication system that supports communication, and the communication system can be an optical fiber communication system, such as Fiber To The x (Fiber To The x, FTTx); it can also be a third generation partnership project Mobile communication systems defined by (3rd generation partnership project, 3GPP), such as long term evolution (long term evolution, LTE) communication systems, 5G mobile communication systems, and other next-generation communication systems, are not limited. The service forwarding method provided by the embodiment of the present application is described below by taking FIG. 1 as an example.

需要说明的是,本申请实施例描述的通信系统是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着通信系统的演变和其他通信系统的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。It should be noted that the communication system described in the embodiments of the present application is to more clearly describe the technical solutions of the embodiments of the present application, and does not constitute a limitation on the technical solutions provided by the embodiments of the present application. With the evolution of communication systems and the emergence of other communication systems, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

图1示出的是本申请实施例提供的一种通信系统的示意图。如图1所示,该通信系统可以包括网关设备以及与网关设备通信连接的终端设备、VSGW以及与VSGW连接的服务器。其中,网关设备与VSGW之间设置有多条VXLAN隧道(比如,图1中的VXLAN隧道1和VXLAN隧道2)。该多条VXLAN隧道中每条VXLAN隧道用于传输不同类型的业务请求。例如,VXLAN隧道1用于传输第一业务请求,VXLAN隧道2用于传输第二业务请求。第一业务请求与第二业务请求不同。比如,第一业务请求为通信服务业务请求,第二业务请求为云服务业务请求。当然,本申请实施例中,业务请求还可以包括其他类型的业务,例如,还可以包括IPTV业务、与图2中的终端管理系统交互的终端设备管理类业务。FIG. 1 shows a schematic diagram of a communication system provided by an embodiment of the present application. As shown in FIG. 1 , the communication system may include a gateway device, a terminal device communicatively connected to the gateway device, a VSGW, and a server connected to the VSGW. Wherein, multiple VXLAN tunnels (for example, VXLAN tunnel 1 and VXLAN tunnel 2 in FIG. 1 ) are set between the gateway device and the VSGW. Each VXLAN tunnel in the multiple VXLAN tunnels is used to transmit different types of service requests. For example, VXLAN tunnel 1 is used to transmit the first service request, and VXLAN tunnel 2 is used to transmit the second service request. The first service request is different from the second service request. For example, the first service request is a communication service service request, and the second service request is a cloud service service request. Of course, in the embodiment of the present application, the service request may also include other types of services, for example, may also include IPTV services and terminal equipment management services interacting with the terminal management system in FIG. 2 .

一种可能的实现方式中,网关设备可以具有多个广域网(Wide Area Network,WAN)接口,该多个WAN接口为物理接口或虚拟接口,一个WAN接口配置一个能够访问广域网的IP地址,网关设备的每一条VXLAN分别配置一个VXLAN接口的IP地址。In a possible implementation manner, the gateway device may have multiple wide area network (Wide Area Network, WAN) interfaces, the multiple WAN interfaces are physical interfaces or virtual interfaces, one WAN interface is configured with an IP address capable of accessing the WAN, and the gateway device Configure the IP address of a VXLAN interface for each VXLAN.

示例性的,网关设备的VXLAN相关配置如下:网关设备的WAN接口(含网关设备的WAN接口的WAN连接)的IP地址(通常为“公网IP地址”)作为VXLAN隧道1的源端VTEP的IP地址,如100.10.10.10。VXLAN隧道1中网关设备的VXLAN接口的IP地址为192.168.10.1。VXLAN隧道1的目的端VTEP的IP地址为VSGW设备端口(含物理接口、物理接口的子接口)的IP地址,如100.10.10.1。VXLAN隧道1的缺省路由地址为VXLAN隧道1在VSGW的VXLAN接口IP地址,如192.168.10.2。VXLAN标识(VXLAN Network Identifier,VNI)为VXLAN隧道1的ID,如100。每条VXLAN隧道具有不同的VNI。Exemplarily, the VXLAN-related configuration of the gateway device is as follows: the IP address (usually the "public IP address") of the WAN interface of the gateway device (including the WAN connection of the WAN interface of the gateway device) is used as the source VTEP of the VXLAN tunnel 1. IP address, such as 100.10.10.10. The IP address of the VXLAN interface of the gateway device in VXLAN tunnel 1 is 192.168.10.1. The IP address of the destination VTEP of VXLAN tunnel 1 is the IP address of the VSGW device port (including the physical interface and the sub-interface of the physical interface), such as 100.10.10.1. The default route address of VXLAN tunnel 1 is the IP address of the VXLAN interface of VXLAN tunnel 1 on the VSGW, such as 192.168.10.2. The VXLAN network identifier (VXLAN Network Identifier, VNI) is the ID of the VXLAN tunnel 1, such as 100. Each VXLAN tunnel has a different VNI.

基于该可能的实现方式,该条VXLAN的外层源IP地址为该网关设备的WAN接口的IP地址,该条VXLAN的外层目的IP地址为VSGW的(与该网关设备的WAN接口连接的)端口/物理接口/子接口的IP地址(通常为“公网IP地址”),VXLAN内层源IP地址(即“原始报文”的源IP地址)为网关设备的VXLAN接口的IP地址。Based on this possible implementation, the outer source IP address of the VXLAN is the IP address of the WAN interface of the gateway device, and the outer destination IP address of the VXLAN is the VSGW (connected to the WAN interface of the gateway device) The IP address of the port/physical interface/sub-interface (usually "public network IP address"), and the VXLAN inner source IP address (that is, the source IP address of the "original packet") is the IP address of the VXLAN interface of the gateway device.

一种可能的实现方式中,网关设备与VSGW之间的每一条VXLAN分别对应网关设备的一个WAN接口,通常是虚拟接口,也称为WAN连接。例如,网关设备具有WAN接口1和WAN接口2,WAN接口1与VXLAN隧道1连接,WAN接口2与VXLAN隧道2连接。In a possible implementation manner, each VXLAN between the gateway device and the VSGW corresponds to a WAN interface of the gateway device, which is usually a virtual interface, also called a WAN connection. For example, the gateway device has WAN interface 1 and WAN interface 2, WAN interface 1 is connected to VXLAN tunnel 1, and WAN interface 2 is connected to VXLAN tunnel 2.

另一种可能的实现方式中,网关设备与VSGW之间VXLAN都使用网关设备的一个WAN接口,也称为WAN连接。网关设备的不同的VXLAN通过VNI等区分。In another possible implementation manner, the VXLAN between the gateway device and the VSGW uses a WAN interface of the gateway device, which is also called a WAN connection. Different VXLANs of the gateway device are distinguished by VNI and so on.

一种可能的实现方式中,网关设备可以根据业务请求携带的目的IP地址,从多条VXLAN隧道中选择与业务请求对应的目标VXLAN隧道。网关设备可以根据业务请求携带的目的IP地址或业务请求的业务类型,为业务请求对应的目标VXLAN标识不同的优先级。In a possible implementation manner, the gateway device may select a target VXLAN tunnel corresponding to the service request from multiple VXLAN tunnels according to the destination IP address carried in the service request. The gateway device may identify different priorities for the target VXLAN corresponding to the service request according to the destination IP address carried in the service request or the service type of the service request.

其中,图1中的网关设备,即CPE,可以为政企网关设备或家庭网关设备。该网关设备可以为政企网关/家庭网关,位于用户侧。网关设备的主要功能可以是连接政企网络/家庭网络与运营商的通信网络,并完成网络协议的转化、报文的路由转发、政企网络/家庭网络内部IP地址的分配、基础网络安全等。The gateway device in FIG. 1 , that is, the CPE, may be a government-enterprise gateway device or a home gateway device. The gateway device may be a government-enterprise gateway/home gateway, located on the user side. The main function of the gateway device can be to connect the government-enterprise network/home network and the communication network of the operator, and complete the transformation of network protocols, the routing and forwarding of packets, the allocation of internal IP addresses of the government-enterprise network/home network, and basic network security, etc. .

本申请实施例中网关设备可以具有对应的身份标识号码(Identity document,ID)。网关设备的ID用于唯一标识一个网关设备。In this embodiment of the present application, the gateway device may have a corresponding identity document (ID). The ID of the gateway device is used to uniquely identify a gateway device.

一种可能的实现方式中,网关设备的ID可以包括多个字节,该多个字节中每个字节可以标识不同的设备信息。例如,网关设备的ID包括第一字节和第二字节。其中,第一字节用于指示网关设备的签约用户,第二字节用于指示一个签约用户名下的(多个)网关设备的序号,便于一个政企用户(签约用户)多个网关设备的管理,以及一个政企用户的位于不同地址的机构之间通过网关设备建立VXLAN隧道、或VXLAN over IPSec隧道实现VPN互联。In a possible implementation manner, the ID of the gateway device may include multiple bytes, and each byte of the multiple bytes may identify different device information. For example, the ID of the gateway device includes the first byte and the second byte. Among them, the first byte is used to indicate the subscriber of the gateway device, and the second byte is used to indicate the serial number of (multiple) gateway devices under the name of a subscription user, which is convenient for a government and enterprise user (subscription user) multiple gateway devices VXLAN tunnels, or VXLAN over IPSec tunnels are established between organizations at different addresses of a government and enterprise user to realize VPN interconnection.

基于该可能的实现方式,对于不同签约用户的网关设备,通过网关设备的ID的多个字节,可以便于其他设备准确的识别网关设备。一个网关设备对应唯一的一个ID,一个ID对应一个配置文件。Based on this possible implementation manner, for the gateway devices of different subscribers, it is convenient for other devices to accurately identify the gateway device through the multiple bytes of the ID of the gateway device. A gateway device corresponds to a unique ID, and an ID corresponds to a configuration file.

需要说明的是,本申请实施例中,网关设备的ID与签约用户对应。网关设备的ID独立于网关设备的MAC地址、IP地址、序列号。网关设备的签约用户可以是指与通信运营商签约的政企/家庭用户,也可以是指与云服务运营商签约的政企/家庭用户。若网关设备更换时,该更换后的网关设备的ID和更新前的网关设备的ID一致。It should be noted that, in this embodiment of the present application, the ID of the gateway device corresponds to the subscriber. The ID of the gateway device is independent of the MAC address, IP address, and serial number of the gateway device. The subscribers of the gateway device may refer to government-enterprise/home users contracted with a communication operator, or may refer to government-enterprise/home users contracted with a cloud service operator. If the gateway device is replaced, the ID of the gateway device after the replacement is the same as the ID of the gateway device before the update.

其中,图1的VSGW位于城域网的核心节点。可以为网络虚拟化的VNF架构服务器。可以实现用户侧VXLAN协议封装、解封装和选路功能,为终端设备提供上网服务、入云服务、虚拟专用网络(virtual private network,VPN)服务等能力,支持宽带速率调整、接入云的速率调整。该VSGW可以用于将来自网关设备的业务请求转发至云服务器或通信服务器。在VSGW为政企总部的网关的情况下,VSGW还可以对政企总部的分支部门的网关设备进行VPN账号和认证信息的验证。在分支部门的网关设备验证通过后,VSGW可以建立政企总部的网关设备与分支部门的网关设备之间的VXLAN隧道,并建立政企总部的网关设备与分支部门的网关设备之间的网络VXLAN信息的映射,以及业务信息的转发。作为一种可能实现方式VSGW可以与基于NFV的多业务边缘路由器(multi-service edge router,MSE)融合,实现以太网上的点对点协议(Point-to-Point Protocol Over Ethernet,PPPOE)为网关设备分配WAN接口的地址等功能。Wherein, the VSGW in FIG. 1 is located at the core node of the metropolitan area network. A VNF architecture server that can virtualize the network. It can realize user-side VXLAN protocol encapsulation, decapsulation and routing functions, provide terminal devices with Internet access services, cloud access services, virtual private network (VPN) services and other capabilities, and support broadband rate adjustment and cloud access rate. Adjustment. The VSGW can be used to forward the service request from the gateway device to the cloud server or the communication server. When the VSGW is the gateway of the government and enterprise headquarters, the VSGW can also verify the VPN account and authentication information on the gateway devices of the branch departments of the government and enterprise headquarters. After the gateway device in the branch department is verified, the VSGW can establish a VXLAN tunnel between the gateway device in the government and enterprise headquarters and the gateway device in the branch department, and establish a network VXLAN between the gateway device in the government and enterprise headquarters and the gateway device in the branch department. Mapping of information, and forwarding of business information. As a possible implementation, VSGW can be integrated with an NFV-based multi-service edge router (MSE) to implement Point-to-Point Protocol Over Ethernet (PPPOE) over Ethernet to distribute WAN to gateway devices interface address and other functions.

其中,图1中的终端设备可以为UE或者移动台(mobile station,MS)或者移动终端(mobile terminal,MT)等。具体的,终端设备可以是手机(mobile phone)、个人电脑(personal computer,PC)、终端控制器(Terminal Controller,TC)、平板电脑或带无线收发功能的电脑,还可以是虚拟现实(virtual reality,VR)设备、增强现实(augmentedreality,AR)设备、工业控制中的无线终端、无人驾驶中的无线终端、远程医疗中的无线终端、智能电网中的无线终端、智慧城市(smart city)中的无线终端、智能家居、车载终端等。The terminal device in FIG. 1 may be a UE, a mobile station (mobile station, MS), or a mobile terminal (mobile terminal, MT). Specifically, the terminal device may be a mobile phone (mobile phone), a personal computer (personal computer, PC), a terminal controller (Terminal Controller, TC), a tablet computer or a computer with a wireless transceiver function, and may also be a virtual reality (virtual reality) , VR) equipment, augmented reality (AR) equipment, wireless terminals in industrial control, wireless terminals in unmanned driving, wireless terminals in telemedicine, wireless terminals in smart grid, smart city (smart city) wireless terminal, smart home, vehicle terminal, etc.

其中,图1中的通信服务器可以为通信运营商的服务器、或者提供业务的其他设备(如web服务器)。云服务器可以为公有云服务器或私有云服务器。Wherein, the communication server in FIG. 1 may be a server of a communication operator, or other devices (such as a web server) that provide services. The cloud server can be a public cloud server or a private cloud server.

需要说明的是,图1仅为示例性框架图,图1中包括的终端设备的数量、网关设备的数量不受限制,各个设备的名称不受限制,且除图1所示功能节点外,还可以包括其他节点,如图2所示,还可以包括:客户管理系统(customer relationship management,CRM)、服务开通系统、终端管理系统、业务编排器、接入网关、控制器、云服务器管理系统、光线路终端(optical line terminal,OLT)、多业务边缘路由器(multi-service edge router,MSE)、核心路由器(core router,CR)、VXLAN网关等,不予限制。其中,上述设备的连接方式可以参照图2所示,不予赘述。上述设备的功能可以参照现有技术,不予赘述。It should be noted that FIG. 1 is only an exemplary frame diagram, the number of terminal devices and gateway devices included in FIG. 1 is not limited, the names of each device are not limited, and except for the functional nodes shown in FIG. 1, It may also include other nodes, as shown in FIG. 2, and may also include: a customer relationship management system (CRM), a service provisioning system, a terminal management system, a business orchestrator, an access gateway, a controller, and a cloud server management system , optical line terminal (optical line terminal, OLT), multi-service edge router (multi-service edge router, MSE), core router (core router, CR), VXLAN gateway, etc., without limitation. The connection mode of the above-mentioned devices can be referred to as shown in FIG. 2 , which will not be repeated. The functions of the above-mentioned devices may refer to the prior art, which will not be repeated.

其中,图2中的终端管理系统可以用于管理网关设备。例如,网关设备的注册、配置等。网关设备可以通过一个WAN接口/WAN连接与终端管理系统通信连接。该WAN接口/WAN连接的IP地址、终端管理系统的IP地址可以预配置在网关设备。网关设备与终端管理系统可以通过TR069协议族进行交互。TR069协议族协议基于传输控制协议(transmissioncontrol protocol,TCP)层。具体的,可以通过超文本传输协议(hyper text transferprotocol,HTTP)1.1协议交互(终端管理系统可以称为HTTP服务器,网关设备可以称为HTTP客户端)。例如,网关设备可以使用简单对象访问协议(simple object access protocol,SOAP)消息的形式向终端管理系统发送注册请求。该注册请求可以包括网关设备的ID,注册成功后,网关设备向终端管理系统获取配置文件,网关设备的ID唯一对应该网关设备的ID配置文件。Wherein, the terminal management system in FIG. 2 can be used to manage the gateway device. For example, the registration, configuration, etc. of the gateway device. The gateway device can communicate with the terminal management system through a WAN interface/WAN connection. The IP address of the WAN interface/WAN connection and the IP address of the terminal management system can be pre-configured on the gateway device. The gateway device and the terminal management system can interact through the TR069 protocol suite. The TR069 protocol family protocol is based on the transmission control protocol (transmission control protocol, TCP) layer. Specifically, the interaction may be performed through a hypertext transfer protocol (hyper text transfer protocol, HTTP) 1.1 protocol (the terminal management system may be referred to as an HTTP server, and the gateway device may be referred to as an HTTP client). For example, the gateway device may send a registration request to the terminal management system using a simple object access protocol (simple object access protocol, SOAP) message. The registration request may include the ID of the gateway device. After the registration is successful, the gateway device obtains a configuration file from the terminal management system, and the ID of the gateway device uniquely corresponds to the ID configuration file of the gateway device.

需要说明的是,SOAP消息是一个包含SOAP Head(SOAP头)和SOAP Body(SOAP体)组成的可扩展标记语言(extensible markup language,XML)文档。It should be noted that the SOAP message is an extensible markup language (XML) document consisting of a SOAP Head (SOAP header) and a SOAP Body (SOAP body).

具体来说,终端管理系统可以通过远程调用的方式对网关设备进行管理。终端管理系统可以向网关设备发送要调用的函数名以及参数,例如,可以以SOAP消息的形式发送。Specifically, the terminal management system can manage the gateway device by means of remote invocation. The terminal management system may send the function name and parameters to be called to the gateway device, for example, in the form of a SOAP message.

需要说明的是,终端管理系统并不直接对网关设备本身的接口进行调用。终端管理系统所使用的函数为TR069的标准函数(称作TR-069RPC Methods)。网关设备需要通过自身的中间层(TR069 Agent)解析出远程过程调用协议(remote procedure call protocol,RPC)的方法,再由中间层调用设备自身的接口。It should be noted that the terminal management system does not directly call the interface of the gateway device itself. The functions used by the terminal management system are standard functions of TR069 (called TR-069RPC Methods). The gateway device needs to parse out the method of the remote procedure call protocol (RPC) through its own middle layer (TR069 Agent), and then the middle layer calls the interface of the device itself.

其中,图2中的业务编排器可以接收来自服务开通系统的信息,完成从营业厅的受理信息到业务逻辑的转化。例如,可以生成宽带上网的账号和认证信息,获取可以连接(公有)云服务的账号信息、VPN信息等服务开通系统可以利用通信运营商已有的系统,并在此基础上增加开通云网融合业务功能。Among them, the service orchestrator in FIG. 2 can receive the information from the service provisioning system, and complete the conversion from the acceptance information of the business hall to the business logic. For example, the account and authentication information for broadband Internet access can be generated, and the account information and VPN information that can be connected to (public) cloud services can be obtained. Business functions.

控制器可以用于VSGW的管理和维护。例如,控制器可以向VSGW下发配置文件,如用于配置VSGW侧的VXLAN隧道。控制器可以向VSGW下发政企网关/家庭网关订阅的业务类型和相应的账号和认证信息。The controller can be used for management and maintenance of the VSGW. For example, the controller may deliver a configuration file to the VSGW, such as for configuring a VXLAN tunnel on the VSGW side. The controller can deliver the service type subscribed by the government-enterprise gateway/home gateway and the corresponding account and authentication information to the VSGW.

业务编排器、控制器可以基于虚拟网络功能(virtual network function,VNF)和软件定义网络SDN技术。The service orchestrator and controller may be based on virtual network function (VNF) and software-defined network SDN technologies.

本申请的实施例对网关设备和VSGW的应用场景不做限定。本申请实施例描述的系统架构以及业务场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着网络架构的演变和新业务场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。The embodiments of the present application do not limit the application scenarios of the gateway device and the VSGW. The system architecture and service scenarios described in the embodiments of the present application are for the purpose of illustrating the technical solutions of the embodiments of the present application more clearly, and do not constitute limitations on the technical solutions provided by the embodiments of the present application. The evolution of the architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

具体实现时,图1和图2中的设备均可以采用图3所示的组成结构,或者包括图3所示的部件。图3为本申请实施例提供的一种通信装置300的组成示意图,该通信装置300可以为网关设备或网关设备中的芯片或者片上系统。或者,该通信装置300可以为VSGW或VSGW中的芯片或者片上系统。如图3所示,该通信装置300包括处理器301,通信接口302以及通信线路303。During specific implementation, the devices shown in FIG. 1 and FIG. 2 may adopt the composition structure shown in FIG. 3 , or include the components shown in FIG. 3 . FIG. 3 is a schematic diagram of the composition of acommunication apparatus 300 according to an embodiment of the present application. Thecommunication apparatus 300 may be a gateway device or a chip or a system-on-chip in the gateway device. Alternatively, thecommunication apparatus 300 may be a VSGW or a chip or a system on a chip in the VSGW. As shown in FIG. 3 , thecommunication device 300 includes aprocessor 301 , acommunication interface 302 and a communication line 303 .

进一步的,该通信装置300还可以包括存储器304。其中,处理器301,存储器304以及通信接口302之间可以通过通信线路303连接。Further, thecommunication apparatus 300 may further include amemory 304 . Theprocessor 301 , thememory 304 and thecommunication interface 302 may be connected through a communication line 303 .

其中,处理器301是中央处理器(central processing unit,CPU)、通用处理器网络处理器(network processor,NP)、数字信号处理器(digital signal processing,DSP)、微处理器、微控制器、可编程逻辑器件(programmable logic device,PLD)或它们的任意组合。处理器301还可以是其它具有处理功能的装置,例如电路、器件或软件模块,不予限制。Theprocessor 301 is a central processing unit (CPU), a general-purpose processor, a network processor (NP), a digital signal processing (DSP), a microprocessor, a microcontroller, Programmable logic device (PLD) or any combination thereof. Theprocessor 301 may also be other apparatuses with processing functions, such as circuits, devices or software modules, which are not limited.

通信接口302,用于与其他设备或其它通信网络进行通信。该其它通信网络可以为以太网,无线接入网(radio access network,RAN),无线局域网(wireless local areanetworks,WLAN)等。通信接口303可以是模块、电路、通信接口或者任何能够实现通信的装置。Communication interface 302 for communicating with other devices or other communication networks. The other communication network may be Ethernet, radio access network (RAN), wireless local area networks (WLAN), or the like. The communication interface 303 may be a module, a circuit, a communication interface, or any device capable of communication.

通信线路303,用于在通信装置300所包括的各部件之间传送信息。The communication line 303 is used to transmit information between components included in thecommunication device 300 .

存储器304,用于存储指令。其中,指令可以是计算机程序。Memory 304 for storing instructions. Wherein, the instructions may be computer programs.

其中,存储器304可以是只读存储器(read-only memory,ROM)或可存储静态信息和/或指令的其他类型的静态存储设备,也可以是随机存取存储器(random accessmemory,RAM)或可存储信息和/或指令的其他类型的动态存储设备,还可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或其他磁存储设备等,不予限制。Thememory 304 may be a read-only memory (ROM) or other types of static storage devices capable of storing static information and/or instructions, or may be a random access memory (RAM) or a storage device capable of storing static information and/or instructions. Other types of dynamic storage devices for information and/or instructions, which can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) ) or other optical disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, etc., without limitation.

需要指出的是,存储器304可以独立于处理器301存在,也可以和处理器301集成在一起。存储器304可以用于存储指令或者程序代码或者一些数据等。存储器304可以位于通信装置300内,也可以位于通信装置300外,不予限制。处理器301,用于执行存储器304中存储的指令,以实现本申请下述实施例提供的测量方法。It should be pointed out that thememory 304 may exist independently of theprocessor 301 , or may be integrated with theprocessor 301 . Thememory 304 may be used to store instructions or program code or some data or the like. Thememory 304 may be located in thecommunication device 300, or may be located outside thecommunication device 300, which is not limited. Theprocessor 301 is configured to execute the instructions stored in thememory 304 to implement the measurement methods provided in the following embodiments of the present application.

在一种示例中,处理器301可以包括一个或多个CPU,例如图3中的CPU0和CPU1。In one example, theprocessor 301 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 3 .

作为一种可选的实现方式,通信装置300包括多个处理器,例如,除图3中的处理器301之外,还可以包括处理器307。As an optional implementation manner, thecommunication apparatus 300 includes a plurality of processors, for example, in addition to theprocessor 301 in FIG. 3 , aprocessor 307 may also be included.

作为一种可选的实现方式,通信装置300还包括输出设备305和输入设备306。示例性地,输入设备306是键盘、鼠标、麦克风或操作杆等设备,输出设备305是显示屏、扬声器(speaker)等设备。As an optional implementation manner, thecommunication apparatus 300 further includes anoutput device 305 and aninput device 306 . Illustratively, theinput device 306 is a device such as a keyboard, a mouse, a microphone or a joystick, and theoutput device 305 is a device such as a display screen, a speaker, and the like.

需要指出的是,通信装置300可以是台式机、便携式电脑、网络服务器、移动手机、平板电脑、无线终端、嵌入式设备、芯片系统或有图3中类似结构的设备。此外,图3中示出的组成结构并不构成对该终端设备的限定,除图3所示部件之外,该终端设备可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。It should be noted that thecommunication apparatus 300 may be a desktop computer, a portable computer, a network server, a mobile phone, a tablet computer, a wireless terminal, an embedded device, a chip system or a device with a similar structure in FIG. 3 . In addition, the composition shown in FIG. 3 does not constitute a limitation on the terminal device. In addition to the components shown in FIG. 3 , the terminal device may include more or less components than those shown in the figure, or combine some components , or a different component arrangement.

本申请实施例中,芯片系统可以由芯片构成,也可以包括芯片和其他分立器件。In this embodiment of the present application, the chip system may be composed of chips, or may include chips and other discrete devices.

此外,本申请的各实施例之间涉及的动作、术语等均可以相互参考,不予限制。本申请的实施例中各个设备之间交互的消息名称或消息中的参数名称等只是一个示例,具体实现中也可以采用其他的名称,不予限制。In addition, actions, terms, etc. involved in the various embodiments of the present application can be referred to each other, and are not limited. In the embodiments of the present application, the names of the messages or the names of parameters in the messages exchanged between the devices are just an example, and other names may also be used in the specific implementation, which is not limited.

为了便于清楚描述本申请实施例的技术方案,在本申请的实施例中,采用了“第一”、“第二”等字样对功能和作用基本相同的相同项或相似项进行区分。例如,第一终端和第二终端仅仅是为了区分不同的终端,并不对其先后顺序进行限定。本领域技术人员可以理解“第一”、“第二”等字样并不对数量和执行次序进行限定,并且“第一”、“第二”等字样也并不限定一定不同。In order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as "first" and "second" are used to distinguish the same or similar items with basically the same function and effect. For example, the first terminal and the second terminal are only for distinguishing different terminals, and the sequence of the first terminal is not limited. Those skilled in the art can understand that the words "first", "second" and the like do not limit the quantity and execution order, and the words "first", "second" and the like are not necessarily different.

需要说明的是,本申请中,“示例性的”或者“例如”等词用于表示作例子、例证或说明。本申请中被描述为“示例性的”或者“例如”的任何实施例或设计方案不应被解释为比其他实施例或设计方案更优选或更具优势。确切而言,使用“示例性的”或者“例如”等词旨在以具体方式呈现相关概念。It should be noted that, in this application, words such as "exemplary" or "for example" are used to represent examples, illustrations or illustrations. Any embodiment or design described in this application as "exemplary" or "such as" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present the related concepts in a specific manner.

本申请中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B的情况,其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一项(个)”或其类似表达,是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b,或c中的至少一项(个),可以表示:a,b,c,a-b,a-c,b-c,或a-b-c,其中a,b,c可以是单个,也可以是多个。In this application, "at least one" means one or more, and "plurality" means two or more. "And/or", which describes the association relationship of the associated objects, indicates that there can be three kinds of relationships, for example, A and/or B, which can indicate: the existence of A alone, the existence of A and B at the same time, and the existence of B alone, where A, B can be singular or plural. The character "/" generally indicates that the associated objects are an "or" relationship. "At least one item(s) below" or similar expressions thereof refer to any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (a) of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c may be single or multiple .

下面结合图1所示通信系统,对本申请实施例提供的定位方法进行描述。其中,其中,本申请各实施例之间涉及的动作,术语等均可以相互参考,不予限制。本申请的实施例中各个设备之间交互的消息名称或消息中的参数名称等只是一个示例,具体实现中也可以采用其他的名称,不予限制。本申请各实施例涉及的动作只是一个示例,具体实现中也可以采用其他的名称,如:本申请实施例所述的“包括在”还可以替换为“承载于”或者“携带在”等。The positioning method provided by the embodiment of the present application will be described below with reference to the communication system shown in FIG. 1 . Among them, the actions, terms, etc. involved in the various embodiments of the present application can be referred to each other, and are not limited. In the embodiments of the present application, the names of the messages or the names of parameters in the messages exchanged between the devices are just an example, and other names may also be used in the specific implementation, which is not limited. The actions involved in each embodiment of the present application are just an example, and other names may also be used in the specific implementation.

图4为本申请实施例提供了一种业务转发方法,该方法可以包括:FIG. 4 provides a service forwarding method according to an embodiment of the present application, and the method may include:

步骤401、网关设备接收来自终端设备的业务请求。Step 401: The gateway device receives a service request from a terminal device.

其中,网关设备可以为图1或图2中的网关设备。终端设备可以为图1或图2中的终端设备。The gateway device may be the gateway device in FIG. 1 or FIG. 2 . The terminal device may be the terminal device in FIG. 1 or FIG. 2 .

其中,终端设备的业务请求用于请求第一类业务。第一类业务可以为上网业务或云服务业务。业务请求可以包括提供业务的数据的服务器的地址信息(比如,统一资源定位符(uniform resource locator,URL)),也可以包括业务请求的目的IP地址。若第一类业务为上网业务,还可以包括宽带上网的账号和认证信息;若第一类业务为云服务业务,还可以包括云服务器的账号和认证信息。The service request of the terminal device is used to request the first type of service. The first type of business may be Internet access business or cloud service business. The service request may include address information (for example, a uniform resource locator (URL)) of a server that provides service data, and may also include a destination IP address of the service request. If the first type of service is an Internet access service, it may also include an account number and authentication information for broadband Internet access; if the first type of service is a cloud service service, it may also include an account number and authentication information of the cloud server.

步骤402、网关设备根据业务请求,从多条VXLAN隧道中选择与该业务请求对应的目标VXLAN隧道。Step 402: The gateway device selects a target VXLAN tunnel corresponding to the service request from a plurality of VXLAN tunnels according to the service request.

其中,多条VXLAN隧道中每条VXLAN隧道用于传输一种类型的业务请求。例如,图1中的VXLAN隧道1可以用于传输上网业务对应的业务请求,VXLAN隧道2可以用于传输云服务业务对应的业务请求。或者,VXLAN隧道2可以用于传输上网业务对应的业务请求,VXLAN隧道1可以用于传输云服务业务对应的业务请求。不予限制。Wherein, each VXLAN tunnel among the multiple VXLAN tunnels is used to transmit a service request of one type. For example, VXLAN tunnel 1 in FIG. 1 may be used to transmit service requests corresponding to Internet access services, and VXLAN tunnel 2 may be used to transmit service requests corresponding to cloud service services. Alternatively, the VXLAN tunnel 2 may be used to transmit service requests corresponding to Internet access services, and the VXLAN tunnel 1 may be used to transmit service requests corresponding to cloud service services. No restrictions.

一种示例中,该多条VXLAN隧道可以根据配置文件建立,该配置文件可以由终端管理系统下发给网关设备,或者,也可以为网关设备预先配置的,不予限制。In an example, the multiple VXLAN tunnels may be established according to a configuration file, and the configuration file may be delivered to the gateway device by the terminal management system, or may be pre-configured for the gateway device, which is not limited.

例如,配置文件包括:VXLAN配置信息、上网业务信息、云业务信息、网络安全信息以及VPN信息中的一个或多个。其中,上网业务信息可以包括宽带上网账号和验证信息(比如上网账号对应的密码)。云业务信息可以包括接入云(包括私有云和公有云)的名称、签约用户的账号和验证信息(比如接入云的账号对应的密码)。云业务信息可以包括公有云业务或私有云业务。比如,公有云业务可以包括公共资源云服务业务,私有云业务可以包括付费云服务业务。VPN信息可以包括IP地址、VXLAN配置信息、VPN账号和验证信息(比如,VPN账号对应的密码)。网络安全信息包括网络安全业务的账号和验证信息(比如网络安全密码)。For example, the configuration file includes one or more of: VXLAN configuration information, Internet service information, cloud service information, network security information, and VPN information. The Internet service information may include a broadband Internet access account and verification information (such as a password corresponding to the Internet access account). The cloud service information may include the name of the access cloud (including the private cloud and the public cloud), the account of the subscriber and verification information (such as the password corresponding to the account for accessing the cloud). The cloud service information may include public cloud services or private cloud services. For example, public cloud services may include public resource cloud service services, and private cloud services may include paid cloud service services. The VPN information may include an IP address, VXLAN configuration information, a VPN account, and authentication information (eg, a password corresponding to the VPN account). The network security information includes the account number and verification information (such as network security password) of the network security service.

需要说明的是,本申请实施例中,不同类型的业务请求携带的IP地址不同。It should be noted that, in this embodiment of the present application, different types of service requests carry different IP addresses.

一种可能的实现方式中,网关设备可以根据终端设备的业务请求携带的IP地址,从多条VXLAN隧道中选择目标VXLAN隧道。In a possible implementation manner, the gateway device may select the target VXLAN tunnel from multiple VXLAN tunnels according to the IP address carried by the service request of the terminal device.

步骤403、网关设备通过目标VXLAN隧道向VSGW发送业务请求。相应的,VSGW接收来自网关设备的业务请求。Step 403: The gateway device sends a service request to the VSGW through the target VXLAN tunnel. Correspondingly, the VSGW receives the service request from the gateway device.

其中,在网关设备接收到终端设备的多个业务请求之后,可以根据业务请求携带的IP地址对该多个业务请求进行分类。在确定多个业务请求对应的VXLAN隧道之后,通过每个类型对应的VXLAN隧道向VSGW发送业务请求。VSGW在接收到业务请求,可以根据传输业务请求的VXLAN隧道,确定业务请求的类型。Wherein, after the gateway device receives multiple service requests from the terminal device, the multiple service requests can be classified according to the IP addresses carried in the service requests. After the VXLAN tunnels corresponding to the multiple service requests are determined, the service requests are sent to the VSGW through the VXLAN tunnels corresponding to each type. When the VSGW receives the service request, it can determine the type of the service request according to the VXLAN tunnel that transmits the service request.

步骤404、VSGW根据业务请求,确定与业务请求对应的目标服务器。Step 404: The VSGW determines a target server corresponding to the service request according to the service request.

其中,目标服务器可以为图1或图2中的通信服务器或云服务器。The target server may be the communication server or the cloud server in FIG. 1 or FIG. 2 .

一种可能的实现方式中,VSGW可以根据传输业务请求的VXLAN隧道确定业务请求的类型,进而根据业务请求的类型确定目标服务器。In a possible implementation manner, the VSGW may determine the type of the service request according to the VXLAN tunnel that transmits the service request, and then determine the target server according to the type of the service request.

例如,若VXLAN隧道用于传输上网业务的业务请求,则目标服务器可以为通信服务器;若VXLAN隧道用于传输云服务业务的业务请求,则目标服务器可以为云服务器。For example, if the VXLAN tunnel is used to transmit service requests of Internet services, the target server may be a communication server; if the VXLAN tunnel is used to transmit service requests of cloud service services, the target server may be a cloud server.

步骤405、VSGW向目标服务器发送业务请求。相应的,目标服务器接收来自VSGW的业务请求。Step 405, the VSGW sends a service request to the target server. Correspondingly, the target server receives the service request from the VSGW.

其中,VSGW在确定目标服务器之后,可以将业务请求转发至目标服务器。例如,VSGW与VXLAN网关之间也可以具有多条VXLAN隧道,每条VXLAN隧道对应一种类型的云服务器。比如,每条VXLAN隧道对应一个通信运营商的云服务器。The VSGW may forward the service request to the target server after determining the target server. For example, there may also be multiple VXLAN tunnels between the VSGW and the VXLAN gateway, and each VXLAN tunnel corresponds to a type of cloud server. For example, each VXLAN tunnel corresponds to a cloud server of a communication operator.

进一步的,在VSGW与云服务器之间设置有VXLAN网关的情况下,VXLAN网关可以用于将云服务业务请求转发至对应的服务器。例如,VXLAN网关可以将业务请求转发至公有云服务器或私有云服务器。比如,VXLAN网关可以根据业务请求携带的云服务器的账号,判断该业务请求对应的云服务器是公有云服务器或私有云服务器。VSGW可以将业务请求发送至对应的云服务器。Further, when a VXLAN gateway is set between the VSGW and the cloud server, the VXLAN gateway can be used to forward the cloud service service request to the corresponding server. For example, the VXLAN gateway can forward service requests to public cloud servers or private cloud servers. For example, the VXLAN gateway can determine whether the cloud server corresponding to the service request is a public cloud server or a private cloud server according to the account of the cloud server carried in the service request. The VSGW can send the service request to the corresponding cloud server.

需要说明的是,终端设备的用户签约了一个通信运营商的宽带业务(如上网业务)后,可以接入不同的云服务提供商的云服务器,不一定使用该通信运营商的云服务器。It should be noted that, after a user of a terminal device subscribes to a broadband service (such as an Internet service) of a communication operator, it can access cloud servers of different cloud service providers, and does not necessarily use the cloud server of the communication operator.

基于图4的技术方案,通过网关设备与VSGW之间的多条VXLAN隧道,且该多条VXLAN隧道中每条VXLAN隧道对应一种业务请求。如此,网关设备可以将终端设备的业务请求发送给VSGW,以使得VSGW进行分发和处理;VSGW与云服务器侧的VXLAN网关建立第二VXLAN隧道;VSGW根据业务请求选择对应的第二VXLAN隧道建立连接,并实现网关设备VSGW的VXLAN隧道与上述第二VXLAN隧道的映射关系。对于不同的云服务商建立不同的VXLAN隧道。第二VXLAN隧道的速率可以根据VSGW收到的业务请求动态调整。Based on the technical solution in FIG. 4 , multiple VXLAN tunnels between the gateway device and the VSGW are passed, and each VXLAN tunnel in the multiple VXLAN tunnels corresponds to a service request. In this way, the gateway device can send the service request of the terminal device to the VSGW, so that the VSGW distributes and processes it; the VSGW establishes a second VXLAN tunnel with the VXLAN gateway on the cloud server side; the VSGW selects the corresponding second VXLAN tunnel according to the service request to establish a connection , and realize the mapping relationship between the VXLAN tunnel of the gateway device VSGW and the above-mentioned second VXLAN tunnel. Establish different VXLAN tunnels for different cloud service providers. The rate of the second VXLAN tunnel can be dynamically adjusted according to the service request received by the VSGW.

基于图4的技术方案,一种可能的实现方式中,为了保证通信系统的安全性,本申请实施例提供的方法还可以包括:Based on the technical solution in FIG. 4 , in a possible implementation manner, in order to ensure the security of the communication system, the method provided by the embodiment of the present application may further include:

VSGW接收来自网关设备的认证信息;VSGW根据该认证信息对网关设备进行认证。The VSGW receives authentication information from the gateway device; the VSGW authenticates the gateway device according to the authentication information.

其中,认证信息可以包括网关设备的上网认证信息、接入云认证信息、网络安全认证信息以及VPN认证信息中的一个或多个。上网认证信息可以包括通信运营商的标识(如名称)、上网账号和密码,网络安全认证信息可以包括网关设备的ID、签约用户信息以及网关设备的签约用户信息中一个或多个,接入云认证信息可以包括接入云的标识(如名称)、账号和密码。VPN认证信息可以包括VPN账号和密码。Wherein, the authentication information may include one or more of the Internet access authentication information of the gateway device, the access cloud authentication information, the network security authentication information, and the VPN authentication information. The Internet access authentication information may include the identification (such as name) of the communication operator, the Internet access account number and password, and the network security authentication information may include one or more of the ID of the gateway device, the subscriber information, and the subscriber information of the gateway device. The authentication information may include an identification (eg name), account number and password for accessing the cloud. The VPN authentication information may include a VPN account number and password.

例如,VSGW可以对接入云的名称、账号和认证信息的验证。在验证通过后,VSGW可以与云侧的VXLAN网关建立VXLAN隧道。比如,VSGW可以建立表项维持VSGW与网关设备之间的VXLAN隧道隧道,以及VSGW与VXLAN网关之间的VXLAN隧道的映射关系,并通过查该表项完成接入云业务(如云基础设施业务)的转发。For example, the VSGW can verify the name, account and authentication information of the access cloud. After the verification is passed, the VSGW can establish a VXLAN tunnel with the VXLAN gateway on the cloud side. For example, the VSGW can establish an entry to maintain the VXLAN tunnel between the VSGW and the gateway device, as well as the mapping relationship between the VXLAN tunnel between the VSGW and the VXLAN gateway, and complete the access to cloud services (such as cloud infrastructure services by checking the entry). ) of the forwarding.

另一种可能的实现方式中,为了保证数据的正常传输,本申请实施例提供的方法,还可以包括:In another possible implementation manner, in order to ensure normal transmission of data, the method provided by this embodiment of the present application may further include:

若网关设备认证成功,VSGW建立用于与网关设备进行数据传输的IP会话。If the gateway device is authenticated successfully, the VSGW establishes an IP session for data transmission with the gateway device.

其中,认证成功可以是指VSGW预先设置的认证信息与网关设备的认证信息一致。The successful authentication may refer to that the authentication information preset by the VSGW is consistent with the authentication information of the gateway device.

在网关设备认证成功后,VSGW可以与网关设备建立IP层的会话(session)(简称为IP会话)。可选的在VSGW包含了虚拟化的MSE后,IP会话可以为PPPOE的会话,或IPoE的会话。After the gateway device is authenticated successfully, the VSGW can establish an IP layer session (session) with the gateway device (referred to as an IP session for short). Optionally, after the VSGW includes a virtualized MSE, the IP session can be a PPPOE session or an IPoE session.

又一种可能的实现方式中,为了灵活的控制数据的传输速率,本申请实施例提供的方法还可以包括:In another possible implementation manner, in order to flexibly control the data transmission rate, the method provided by the embodiment of the present application may further include:

VSGW根据网关设备的签约用户的带宽信息,确定网关设备与目标服务器之间的数据传输速率。目标服务器可以是虚拟化的MSE,也可以是云服务器、通信服务器等。The VSGW determines the data transmission rate between the gateway device and the target server according to the bandwidth information of the subscribers of the gateway device. The target server can be a virtualized MSE, a cloud server, a communication server, or the like.

其中,VSGW可以将应用程序编程接口(application programming interface,API)接口开放给政企用户、NFV控制器等,用于调整带宽调整、修改云业务类型、变更云服务提供商等。例如,政企用户可以通过网关设备向VSGW提交增加访问云服务的带宽。响应于用户的输入操作,VSGW可以调整VSGW到云服务器侧之间的VXLAN隧道的带宽(速率)。又例如,用户可以通过VSGW的API接口提交调整云业务类型的请求(如云基础设施业务(infrastructure as a service,iaas)、云平台业务(platform as a service,PAAS)、云服务业务等)。Among them, the VSGW can open an application programming interface (application programming interface, API) interface to government and enterprise users, NFV controllers, etc., for adjusting bandwidth adjustment, modifying cloud service types, changing cloud service providers, and the like. For example, government and enterprise users can submit to the VSGW through the gateway device to increase the bandwidth for accessing cloud services. In response to the user's input operation, the VSGW may adjust the bandwidth (rate) of the VXLAN tunnel between the VSGW and the cloud server side. For another example, the user may submit a request for adjusting the cloud service type (eg, cloud infrastructure as a service, iaas, cloud platform service (PAAS), cloud service, etc.) through the API interface of the VSGW.

其中,网关设备的签约用户信息可以包括用户签约上网业务的属性、用户签约接入云业务(如云基础设施业务)的属性。用户签约上网业务的属性包括上网速率。用户签约接入云业务的属性包括云业务类型(如云基础设施业务)、云业务带宽(速率)、云服务商的选择等。The subscribed user information of the gateway device may include attributes of the user's subscription to the Internet service, and attributes of the user's subscription to access cloud services (eg, cloud infrastructure services). The attributes of the user's subscription to the Internet service include Internet access rate. The attributes of a user's subscription to access cloud services include cloud service types (eg, cloud infrastructure services), cloud service bandwidth (rate), and cloud service provider selection.

又一种可能的实现方式中,为了保证业务传输以及设备的安全,本申请实施例提供的方法,还可以包括:In another possible implementation manner, in order to ensure the security of service transmission and equipment, the method provided by the embodiment of the present application may further include:

若业务信息满足预设告警条件,VSGW输出告警信息。If the service information meets the preset alarm conditions, the VSGW outputs the alarm information.

其中,预设告警条件包括网关设备认证失败、业务信息为非法信息、网关设备属于网关设备黑名单、业务信息不符合访问控制列表(access control list,ACL)中的一个或多个。The preset alarm conditions include gateway device authentication failure, service information is illegal information, gateway device belongs to gateway device blacklist, and service information does not conform to one or more of an access control list (access control list, ACL).

一种示例中,VSGW可以对网关设备的网络安全业务的账号和认证信息进行验证。在网关设备验证通过后,VSGW接收网关设备的业务请求以及业务请求对应的业务数据后,进行清洗,如发现网络攻击(例如,该业务请求携带非法链接),VSGW可以输出告警信息。比如,可以向政企网关/家庭网关发送告警信息,并丢弃该业务请求及业务数据。其中,非法链接可以是指VSGW无法识别的链接。具体的,可以参照现有技术,不予赘述。In an example, the VSGW may verify the account and authentication information of the network security service of the gateway device. After the gateway device is verified, the VSGW receives the service request of the gateway device and the service data corresponding to the service request, and cleans it. If a network attack is found (for example, the service request carries an illegal link), the VSGW can output alarm information. For example, alarm information can be sent to the government-enterprise gateway/home gateway, and the service request and service data can be discarded. The illegal link may refer to a link that is not recognized by the VSGW. Specifically, reference may be made to the prior art, which will not be repeated.

又一种示例中,VSGW可以根据家政企网关/家庭网关的黑白名单、ACL表对来自该政企网关/家庭网关的业务请求后进行验证。例如,查询黑白名单、ACL表。对不符合黑白名单、ACL表访问规则的流量,VSGW可以输出告警信息,比如,可以向政企网关/家庭网关发送告警信息,并丢弃该流量。In another example, the VSGW may verify the service request from the government-enterprise gateway/home gateway according to the black and white list and the ACL table of the home-government-enterprise gateway/home gateway. For example, query black and white lists and ACL tables. For traffic that does not conform to the blacklist and ACL table access rules, the VSGW can output alarm information. For example, it can send alarm information to the government-enterprise gateway/home gateway and discard the traffic.

本申请上述实施例中的各个方案在不矛盾的前提下,均可以进行结合。All solutions in the above-mentioned embodiments of the present application can be combined on the premise that there is no contradiction.

本申请实施例可以根据上述方法示例对网络设备和终端设备进行功能模块或者功能单元的划分,例如,可以对应各个功能划分各个功能模块或者功能单元,也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块或者功能单元的形式实现。其中,本申请实施例中对模块或者单元的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。In this embodiment of the present application, the network device and the terminal device may be divided into functional modules or functional units according to the foregoing method examples. For example, each functional module or functional unit may be divided corresponding to each function, or two or more functions may be integrated. in a processing module. The above-mentioned integrated modules can be implemented in the form of hardware, and can also be implemented in the form of software function modules or functional units. Wherein, the division of modules or units in the embodiments of the present application is schematic, and is only a logical function division, and there may be other division manners in actual implementation.

在采用对应各个功能划分各个功能模块的情况下,图5示出了一种通信装置50的结构示意图,该通信装置50可以为网关设备,也可以为应用于网关设备的芯片,该通信装置50可以用于执行上述实施例中涉及的网关设备的功能。图5所示的通信装置50可以包括:通信单元502以及处理单元501。In the case where each functional module is divided according to each function, FIG. 5 shows a schematic structural diagram of a communication device 50. The communication device 50 may be a gateway device or a chip applied to a gateway device. The communication device 50 It can be used to perform the functions of the gateway device involved in the above embodiments. The communication apparatus 50 shown in FIG. 5 may include: a communication unit 502 and a processing unit 501 .

通信单元502,用于接收来自终端设备的业务请求。The communication unit 502 is configured to receive a service request from a terminal device.

处理单元501,用于根据该业务请求从多条VXLAN隧道中选择与该业务请求对应的目标VXLAN隧道。The processing unit 501 is configured to select a target VXLAN tunnel corresponding to the service request from a plurality of VXLAN tunnels according to the service request.

通信单元502,还用于通过该目标VXLAN隧道向VSGW发送该业务请求,以使得VSGW将该业务转发至云服务器或通信服务器。The communication unit 502 is further configured to send the service request to the VSGW through the target VXLAN tunnel, so that the VSGW forwards the service to the cloud server or the communication server.

其中,通信装置50的具体实现方式可参考图4所示业务转发方法中网关设备的行为功能。The specific implementation of the communication apparatus 50 may refer to the behavior function of the gateway device in the service forwarding method shown in FIG. 4 .

一种可能的设计中,图5所示的通信装置50还可以包括存储单元503。存储单元503用于储存程序代码和指令。In a possible design, the communication device 50 shown in FIG. 5 may further include a storage unit 503 . The storage unit 503 is used to store program codes and instructions.

一种可能的设计中,处理单元501,具体用于根据业务请求携带的IP地址,从多条VXLAN隧道中选择与业务请求对应的目标VXLAN隧道。In a possible design, the processing unit 501 is specifically configured to select a target VXLAN tunnel corresponding to the service request from a plurality of VXLAN tunnels according to the IP address carried in the service request.

一种可能的设计中,处理单元501,具体用于根据业务请求携带的目的IP地址,从多条VXLAN隧道中选择与业务请求对应的目标VXLAN隧道,目的IP地址与目标VXLAN隧道对应。In a possible design, the processing unit 501 is specifically configured to select a target VXLAN tunnel corresponding to the service request from a plurality of VXLAN tunnels according to the destination IP address carried in the service request, and the destination IP address corresponds to the target VXLAN tunnel.

一种可能的设计中,网关设备具有多个广域网WAN接口,该多个WAN接口为物理接口或虚拟接口,且该多个WAN接口中每个WAN接口分别对应一条VXLAN隧道。In a possible design, the gateway device has multiple WAN interfaces, the multiple WAN interfaces are physical interfaces or virtual interfaces, and each of the multiple WAN interfaces corresponds to a VXLAN tunnel.

一种可能的设计中,网关设备具有对应的身份标识号码ID,该ID包括第一字节和第二字节,第一字节用于指示网关设备的签约用户,第二字节用于指示所述网关设备在签约用户内部的序列号。In a possible design, the gateway device has a corresponding identification number ID, the ID includes a first byte and a second byte, the first byte is used to indicate the subscriber of the gateway device, and the second byte is used to indicate The serial number of the gateway device in the subscriber.

一种可能的设计中,业务请求用于请求第一类业务,若第一类业务为上网业务,则目标服务器为通信服务器;若第一类业务为云业务,则目标服务器为云服务器。In a possible design, the service request is used to request the first type of service. If the first type of service is an Internet service, the target server is a communication server; if the first type of service is a cloud service, the target server is a cloud server.

一种可能的设计中,该多条VXLAN隧道为根据配置文件建立,该配置文件包括:VXLAN配置信息、上网业务信息、云业务信息、网络安全信息以及VPN信息中的一个或多个。In a possible design, the multiple VXLAN tunnels are established according to a configuration file, and the configuration file includes one or more of VXLAN configuration information, Internet service information, cloud service information, network security information, and VPN information.

一种可能的设计中,处理单元501,还用于根据业务请求为多条VXLAN隧道标识不同的优先级。In a possible design, the processing unit 501 is further configured to identify different priorities for multiple VXLAN tunnels according to the service request.

作为又一种可实现方式,图5中的处理单元501可以由处理器代替,该处理器可以集成处理单元501的功能。图5中的通信单元502可以由收发器或收发单元代替,该收发器或收发单元可以集成通信单元502的功能。As yet another implementation manner, the processing unit 501 in FIG. 5 may be replaced by a processor, and the processor may integrate the functions of the processing unit 501 . The communication unit 502 in FIG. 5 may be replaced by a transceiver or a transceiving unit, which may integrate the functions of the communication unit 502 .

进一步的,当处理单元501由处理器代替,通信单元502由收发器或收发单元代替时,本申请实施例所涉及的通信装置50可以为图3所示通信装置。Further, when the processing unit 501 is replaced by a processor and the communication unit 502 is replaced by a transceiver or a transceiver unit, the communication device 50 involved in this embodiment of the present application may be the communication device shown in FIG. 3 .

在采用对应各个功能划分各个功能模块的情况下,图6示出了一种通信装置60的结构示意图,该通信装置60可以为网关设备,也可以为应用于网关设备的芯片,该通信装置60可以用于执行上述实施例中涉及的网关设备的功能。图6所示的通信装置60可以包括:通信单元602以及处理单元601。In the case where each functional module is divided according to each function, FIG. 6 shows a schematic structural diagram of a communication device 60. The communication device 60 may be a gateway device or a chip applied to a gateway device. The communication device 60 It can be used to perform the functions of the gateway device involved in the above embodiments. The communication apparatus 60 shown in FIG. 6 may include: a communication unit 602 and a processing unit 601 .

通信单元602,用于目标VXLAN隧道的、网关设备发送的业务请求,该目标VXLAN隧道为多条VXLAN隧道中的一条。The communication unit 602 is used for a service request sent by a gateway device of a target VXLAN tunnel, where the target VXLAN tunnel is one of multiple VXLAN tunnels.

处理单元601,用于根据该业务请求,确定与该业务请求对应的目标服务器,该目标服务器为云服务器或通信服务器。The processing unit 601 is configured to determine, according to the service request, a target server corresponding to the service request, where the target server is a cloud server or a communication server.

通信单元602,还用于向目标服务器发送该业务请求。The communication unit 602 is further configured to send the service request to the target server.

其中,通信装置60的具体实现方式可参考图4所示业务转发方法中VSGW的行为功能。The specific implementation of the communication device 60 may refer to the behavior function of the VSGW in the service forwarding method shown in FIG. 4 .

一种可能的设计中,图6所示的通信装置60还可以包括存储单元603。存储单元603用于储存程序代码和指令。In a possible design, the communication device 60 shown in FIG. 6 may further include a storage unit 603 . The storage unit 603 is used to store program codes and instructions.

一种可能的设计中,处理单元601,还用于解封装VXLAN协议。In a possible design, the processing unit 601 is further configured to decapsulate the VXLAN protocol.

一种可能的设计中,VSGW与云服务器连接的VXLAN网关建立第二VXLAN隧道,VSGW维持目标VXLAN隧道和第二VXLAN隧道之间的映射关系。In a possible design, the VSGW establishes a second VXLAN tunnel with the VXLAN gateway connected to the cloud server, and the VSGW maintains the mapping relationship between the target VXLAN tunnel and the second VXLAN tunnel.

一种可能的设计中,通信单元602,还用于接收来自网关设备的认证信息,该认证信息包括网关设备的上网认证信息、接入云认证信、网络安全认证信息以及VPN认证信息中的一个或多个。处理单元601,还用于根据该认证信息对网关设备进行认证。In a possible design, the communication unit 602 is further configured to receive authentication information from the gateway device, and the authentication information includes one of the Internet access authentication information, access cloud authentication information, network security authentication information and VPN authentication information of the gateway device. or more. The processing unit 601 is further configured to authenticate the gateway device according to the authentication information.

一种可能的设计中,通信单元602,还用于接收网关设备的签约用户的带宽信息,处理单元601,还用于根据带宽信息确定网关设备目标服务器之间的数据传输带宽。In a possible design, the communication unit 602 is further configured to receive bandwidth information of subscribers of the gateway device, and the processing unit 601 is further configured to determine the data transmission bandwidth between the target servers of the gateway device according to the bandwidth information.

一种可能的实现方式中,通信单元602,还用于若业务信息满足预设告警条件,输出告警信息,该预设告警条件包括网关设备认证失败、业务信息为非法信息、网关设备属于网关设备黑名单、业务信息不符合ACL中的一个或多个。In a possible implementation manner, the communication unit 602 is further configured to output alarm information if the service information satisfies a preset alarm condition, where the preset alarm condition includes the gateway device authentication failure, the service information being illegal information, and the gateway device belonging to the gateway device. One or more of the blacklist and service information do not conform to the ACL.

本申请实施例还提供了一种计算机可读存储介质。上述方法实施例中的全部或者部分流程可以由计算机程序来指令相关的硬件完成,该程序可存储于上述计算机可读存储介质中,该程序在执行时,可包括如上述各方法实施例的流程。计算机可读存储介质可以是前述任一实施例的通信装置(包括数据发送端和/或数据接收端)的内部存储单元,例如通信装置的硬盘或内存。上述计算机可读存储介质也可以是上述终端装置的外部存储设备,例如上述终端装置上配备的插接式硬盘,智能存储卡(smart media card,SMC),安全数字(secure digital,SD)卡,闪存卡(flash card)等。进一步地,上述计算机可读存储介质还可以既包括上述通信装置的内部存储单元也包括外部存储设备。上述计算机可读存储介质用于存储上述计算机程序以及上述通信装置所需的其他程序和数据。上述计算机可读存储介质还可以用于暂时地存储已经输出或者将要输出的数据。Embodiments of the present application also provide a computer-readable storage medium. All or part of the processes in the above method embodiments can be completed by a computer program to instruct relevant hardware, the program can be stored in the above computer-readable storage medium, and when the program is executed, it can include the processes in the above method embodiments. . The computer-readable storage medium may be an internal storage unit of the communication device (including the data sending end and/or the data receiving end) of any of the foregoing embodiments, such as a hard disk or a memory of the communication device. The above-mentioned computer-readable storage medium may also be an external storage device of the above-mentioned terminal device, such as a plug-in hard disk equipped on the above-mentioned terminal device, a smart memory card (smart media card, SMC), a secure digital (secure digital, SD) card, Flash card (flash card), etc. Further, the above-mentioned computer-readable storage medium may also include both an internal storage unit of the above-mentioned communication apparatus and an external storage device. The above-mentioned computer-readable storage medium is used to store the above-mentioned computer program and other programs and data required by the above-mentioned communication device. The above-mentioned computer-readable storage medium can also be used to temporarily store data that has been output or is to be output.

需要说明的是,本申请的说明书、权利要求书及附图中的术语“第一”和“第二”等是用于区别不同对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first" and "second" in the description, claims and drawings of the present application are used to distinguish different objects, rather than to describe a specific order. Furthermore, the terms "comprising" and "having", and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally also includes For other steps or units inherent to these processes, methods, products or devices.

应当理解,在本申请中,“至少一个(项)”是指一个或者多个,“多个”是指两个或两个以上,“至少两个(项)”是指两个或三个及三个以上,“和/或”,用于描述关联对象的关联关系,表示可以存在三种关系,例如,“A和/或B”可以表示:只存在A,只存在B以及同时存在A和B三种情况,其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一项(个)”或其类似表达,是指这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b或c中的至少一项(个),可以表示:a,b,c,“a和b”,“a和c”,“b和c”,或“a和b和c”,其中a,b,c可以是单个,也可以是多个。It should be understood that in this application, "at least one (item)" refers to one or more, "multiple" refers to two or more, and "at least two (item)" refers to two or three And three or more, "and/or" is used to describe the association relationship of related objects, indicating that three kinds of relationships can exist, for example, "A and/or B" can mean: only A exists, only B exists, and A exists at the same time and B three cases, where A, B can be singular or plural. The character "/" generally indicates that the associated objects are an "or" relationship. "At least one item(s) below" or similar expressions thereof refer to any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (a) of a, b or c, can mean: a, b, c, "a and b", "a and c", "b and c", or "a and b and c" ", where a, b, c can be single or multiple.

通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。From the description of the above embodiments, those skilled in the art can clearly understand that for the convenience and brevity of the description, only the division of the above functional modules is used as an example for illustration. In practical applications, the above functions can be allocated as required. It is completed by different functional modules, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above.

在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个装置,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be Incorporation may either be integrated into another device, or some features may be omitted, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是一个物理单元或多个物理单元,即可以位于一个地方,或者也可以分布到多个不同地方。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and components shown as units may be one physical unit or multiple physical units, that is, they may be located in one place, or may be distributed to multiple different places . Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个可读取存储介质中。基于这样的理解,本申请实施例的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该软件产品存储在一个存储介质中,包括若干指令用以使得一个设备(可以是单片机,芯片等)或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application can be embodied in the form of software products in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, which are stored in a storage medium , including several instructions to make a device (may be a single chip microcomputer, a chip, etc.) or a processor (processor) to execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk and other mediums that can store program codes.

以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何在本申请揭露的技术范围内的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。The above are only specific embodiments of the present application, but the protection scope of the present application is not limited to this, and any changes or substitutions within the technical scope disclosed in the present application should be covered within the protection scope of the present application. . Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (26)

CN202011225846.7A2020-11-052020-11-05Service forwarding method and communication deviceActiveCN112422397B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN202011225846.7ACN112422397B (en)2020-11-052020-11-05Service forwarding method and communication device

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN202011225846.7ACN112422397B (en)2020-11-052020-11-05Service forwarding method and communication device

Publications (2)

Publication NumberPublication Date
CN112422397A CN112422397A (en)2021-02-26
CN112422397Btrue CN112422397B (en)2022-04-08

Family

ID=74827081

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN202011225846.7AActiveCN112422397B (en)2020-11-052020-11-05Service forwarding method and communication device

Country Status (1)

CountryLink
CN (1)CN112422397B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN115361603B (en)*2021-05-172025-09-12中国移动通信有限公司研究院 Business processing method, device, carrier device and readable storage medium
CN114025010B (en)*2021-10-202024-04-16北京奥星贝斯科技有限公司Method for establishing connection and network equipment
CN115037682B (en)*2022-05-232024-09-06新华三技术有限公司Communication method and device
CN116781693A (en)*2022-11-072023-09-19中移(苏州)软件技术有限公司Cloud service access method, platform, equipment and storage medium
CN116248727A (en)*2022-12-012023-06-09中国联合网络通信集团有限公司 Information processing method, device and storage medium
CN116016188B (en)*2022-12-302025-09-19阿里巴巴(中国)有限公司NFV access method, device, system and storage medium
CN119094522B (en)*2024-08-292025-09-30浪潮云信息技术股份公司 A hybrid cloud network communication method and system based on virtual routing gateway

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN104468394B (en)*2014-12-042018-02-09新华三技术有限公司Message forwarding method and device in a kind of VXLAN networks
CN105592047B (en)*2015-08-262019-01-25新华三技术有限公司A kind of transmission method and device of service message
CN106612224B (en)*2015-10-262019-11-01新华三技术有限公司Message forwarding method and device applied to VXLAN
CN109995637B (en)*2018-01-022021-06-04中国移动通信有限公司研究院 S-VXLAN construction method, data forwarding method and system

Also Published As

Publication numberPublication date
CN112422397A (en)2021-02-26

Similar Documents

PublicationPublication DateTitle
CN112422397B (en)Service forwarding method and communication device
CN114402574B (en) Methods, systems, and computer-readable media for providing multi-tenant software-defined wide area network (SD-WAN) nodes
CN112449315B (en)Network slice management method and related device
CN103747499B (en) Method and apparatus for common control protocol for wired and wireless nodes
EP2866389B1 (en)Method and device thereof for automatically finding and configuring virtual network
WO2019161936A1 (en)Network slicing with smart contracts
US20140226664A1 (en)Method, apparatus, and system for implementing private network traversal
US20150049631A1 (en)Topology aware provisioning in a software-defined networking environment
WO2019033920A1 (en)Method and device enabling network side to identify and control remote user equipment
CN110417840A (en) An information processing method and device
CN106533883A (en)Network private line establishment method, apparatus and system
WO2020238327A1 (en)Method, apparatus and system for establishing user plane connection
CA3046995C (en)System and method for dynamic network function virtualization processing
US20180083968A1 (en)Method and system for authorizing service of user, and apparatus
CN105610632A (en) A virtual network device and related method
JP5679343B2 (en) Cloud system, gateway device, communication control method, and communication control program
CN104993993B (en)A kind of message processing method, equipment and system
WO2021254001A1 (en)Session establishment method, apparatus and system and computer storage medium
CN103166909B (en)The cut-in method of a kind of Virtual Networking System, device and system
WO2022012352A1 (en)Service processing method and apparatus, and device, and system
JP7486597B2 (en) Dial-up packet processing method, network element, system, and network device
CN105164973B (en) Optical fiber to distribution point equipment and communication method thereof
JP7541116B2 (en) COMMUNICATION METHOD AND RELATED APPARATUS
CN113660104B (en) Communication method, UP device and CP device
WO2008141516A1 (en)Message transmitting method, transmitting device and transmitting system

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
GR01Patent grant
GR01Patent grant
[8]ページ先頭
©2009-2025 Movatter.jp