Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosed aspects may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, systems, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Accordingly, a first component discussed below could be termed a second component without departing from the teachings of the concepts of the present disclosure. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments and that the modules or flows in the drawings are not necessarily required to practice the present disclosure, and therefore, should not be taken to limit the scope of the present disclosure.
The technical abbreviations to which the present disclosure relates are explained as follows:
LinkedHashMap: hash table and linked list implementations of Map interfaces have predictable iteration orders. This implementation differs from HashMap in that the latter maintains a doubly linked list running on all entries. This linked list defines an iteration sequence, which is typically the order in which the K keys are inserted into the map (insertion order). It is worth mentioning that if the K key is reinserted in the map, the insertion order is not affected. If m.containers key (k) returned true before m.put (k, v) was called, key k will be reinserted into map m at call time.
List-List is a class in a standard class library in programming language, which can be simply referred to as a doubly linked List, and the object sets are managed in a linear column manner.
Centralized control: and the integrated service platform is used for managing the VPN branching equipment.
Configuration rollback: and comparing the command view of the equipment with the command view of the equipment based on the configuration file issued by centralized control, and executing the writing configuration of the command line.
View: module and command.
Subcommand: configuration commands belonging to the current view.
Fig. 1 is a system block diagram illustrating a configuration system of a VPN branch device according to an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include terminal devices 101, 102, 103, a network 104, and a centralized control device 105 as VPN branch devices. The network 104 is the medium used to provide communication links between the terminal devices 101, 102, 103 and the centralized control device 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the centralized control device 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The centralized control device 105 may be a server that provides various services, such as a background server that manages configuration information of the terminal devices 101, 102, 103. The background server may process the received configuration information and send the configuration file to the terminal device.
The centralized control device 105 may generate a first configuration file, for example, from the configuration information; the centralized control device 105 may, for example, obtain a second profile from the device side; the centralized control device 105 may, for example, parse the first profile and the second profile; the centralized control device 105 may, for example, perform configuration merging on the parsed first configuration file and the parsed second configuration file to generate a third configuration file; the centralized control device 105 may, for example, send the third configuration file to the device side for configuration.
The terminal devices 101, 102, 103 may for example send configuration requests to the centralized control terminal; the terminal device 101, 102, 103 may send a second configuration file to the centralized control end, for example, based on the configuration request; the terminal device 101, 102, 103 may, for example, obtain a third configuration file from the centralized control terminal; the terminal device 101, 102, 103 may for example perform device configuration based on said third configuration file.
The centralized control device 105 may be a server of one entity, and may also be a plurality of servers, for example, it should be noted that the configuration method of the VPN branch device provided in the embodiments of the present disclosure may be executed by the centralized control device 105 and the terminal devices 101, 102, 103 together, and accordingly, the configuration apparatus of the VPN branch device may be set in the centralized control device 105 and the terminal devices 101, 102, 103.
Fig. 2 is a flow chart illustrating a method of configuring a VPN branch device according to an exemplary embodiment. The configuration method 20 of the VPN branch device may be used at the central control end, and at least includes steps S202 to S210.
As shown in fig. 2, in S202, a first configuration file is generated according to configuration information. The configuration request from the device side can be obtained, for example; the first configuration file is generated based on the configuration request and the configuration information. The configuration information may be unified functional configuration data from administrator settings, may include configuration parameters, and the like.
In S204, a second configuration file from the device side is acquired. Determining whether the device side opens a configuration merge function, e.g., based on a profile interface; and when the equipment end starts the configuration merging function, acquiring the second configuration file.
In S206, the first configuration file and the second configuration file are parsed. The view set of the first profile and the view set of the second profile may be parsed.
In S208, the parsed first configuration file and the parsed second configuration file are configured and combined to generate a third configuration file. Comprising the following steps: sequentially storing the parsed first configuration file and the parsed second configuration file in an abstract interface document mapped by a preset Key-Value pair; traversing Key-Value to merge data one by one for each line of mapped abstract interface document to generate the third configuration file.
In one embodiment, storing the parsed first configuration file and the parsed second configuration file in a preset Key-Value pair mapped abstract interface document in sequence includes: when the view command in the first configuration file and/or the second configuration file is read, storing key values in a set, and creating an empty set value; and when the subcommand in the first configuration file and/or the second configuration file is read, storing a value corresponding to the current key value.
In one embodiment, traversing each row of the Key-Value pair mapped abstract interface document, and merging data one by one to generate the third configuration file, including: traversing each row of the abstract interface document mapped by the Key-Value pair, and deleting conflict configuration one by one; generating a merging configuration set; and generating the third configuration file based on the combined configuration set.
In a specific embodiment, a set inmnodemap (LinkedHashMap) for storing the set of centralized control side commands, a set devnodemap (LinkedHashMap) for storing the set of device sides, and a set mergemap (LinkedHashMap) of merged configurations are generated in advance.
First, traversing the device configuration deletes configurations that conflict with the centralized control:
and circularly traversing the device end set devnodemap, taking out the current key value devkey, comparing whether the devkey exists in the im_config_list set, and deleting the record if the devkey exists. After the circulation is finished, only the unique configuration of the equipment end is left in the devnodemap.
Then, a merge set mergemap is generated:
traversing the processed devnodemap, and recording key value devkey and value devvalue. The dev_config_list is looped through until devkey is found and a new set keyist is generated. Traversing the centralized control terminal inmnodemap, recording a key value inmkey, and if the inmkey value is equal to the recorded key median value, generating a new key value inmkey#devkey, and storing the new key value inmkey#devkey in the mergenmap (inmkey#devkey, devvalue).
Finally, generating a final file after configuration merging:
traversing the centralized control end configuration file inmnodemap, recording key values inmkey and value values inmvalue, writing the key values inmkey as view commands in the file, and circularly traversing the inmvalue values by subcommand commands and sequentially writing the subcommand values. And comparing the partitioned key values inmkey and devkey in the mergemap, and if the inmkey in the mergemap is equal to the current inmkey, continuing to write the record in the mergemap into the file at the same time. The writing method is the same as before.
In S210, the third configuration file is sent to the device side for configuration.
According to the configuration method of the VPN branch equipment, a first configuration file is generated according to configuration information; acquiring a second configuration file from the equipment end; analyzing the first configuration file and the second configuration file; the first configuration file and the second configuration file after analysis are configured and combined to generate a third configuration file; and sending the third configuration file to the equipment end for configuration, so that the VPN branch equipment can configure configuration which is not supported by own special centralized control, and the original configuration of the equipment end is not cleared after the centralized control completes the unified configuration issuing, thereby realizing the fine and controllable management of the configuration.
It should be clearly understood that this disclosure describes how to make and use particular examples, but the principles of this disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flowchart illustrating a configuration method of a VPN branch device according to another exemplary embodiment. The configuration method 30 of the VPN branch device may be used at the device side, and at least includes steps S302 to S308.
As shown in fig. 3, in S302, a configuration request is sent to the centralized control terminal.
In S304, a second configuration file is sent to the centralized control end based on the configuration request. The second configuration file may be generated, for example, based on current configuration information. The current configuration information may include special configuration information that is not supported by the centralized control terminal.
In S306, a third configuration file from the centralized control end is obtained.
In S308, device configuration is performed based on the third configuration file. More specifically, a configuration rollback may be performed based on the third configuration file to update the device configuration.
Fig. 4 is a flowchart illustrating a configuration method of a VPN branch device according to another exemplary embodiment. The flow 40 shown in fig. 4 may be used in a configuration system for VPN branch equipment. When the centralized control performs configuration issuing, a centralized control end configuration file is generated, meanwhile, a device end configuration file is acquired, and a new configuration issuing file is generated by using a merging function.
At project start-up, two view sets, a centralized end view set (in_config_list) and a device end view set (dev_config_list), may be instantiated, with the centralized end view command being contained in the device end view command.
In one embodiment, the centralized control end can start a timing task, generate a centralized control end configuration file inmfile, the device end obtains a timing task identifier of the centralized control, generates a configuration file devfile of the device if the centralized control end starts a configuration merging function, transmits the configuration file devfile to the centralized control through http, and stores the configuration file devfile in a specific file position of the centralized control respectively.
As shown in fig. 4, in S401, the device side generates a second configuration file.
In S402, a device configuration request is transmitted.
In S403, the centralized control terminal generates a first configuration file based on the configuration request.
In S404, it is queried whether the device side turns on the configuration merge function.
In S405, confirmation is returned to turn on. The equipment end calls a centralized control acquisition configuration file interface, and the centralized control server judges whether the configuration file of the equipment end exists or not and whether a configuration merging function is started or not. If the function is started, two configuration files are obtained, namely a centralized control end configuration file inmfile and a device end configuration file devfile.
In S406, the centralized control end generates a third configuration file based on the first configuration file and the second configuration file. To implement configuration merging, the hub may pre-generate a map file for storing inmnodemap (LinkedHashMap) the hub command set, devnodemap (LinkedHashMap) the storage device end set, and the set of merged configurations mergemap (LinkedHashMap).
The centralized control terminal analyzes the two configuration files and stores the configuration files in the corresponding maps in sequence, more specifically, the files can be read according to rows, if a view command is that no space exists before the row record in the files, key values in the set are stored, corresponding empty set value values are newly established, meanwhile, the current key values are recorded, traversing is conducted again, if a subcommand is that a space exists before the subcommand, the value corresponding to the current key value is found, the value corresponding to the current key value is stored, and the files are sequentially and circularly read.
In S407, the third configuration file is sent to the device side.
In S408, the device side performs configuration update. And issuing the latest generated configuration file to the equipment, wherein the latest generated configuration file contains the centralized control configuration and the unique configuration of the equipment end, and the equipment executes configuration rollback again to generate the centralized control configuration and restore the original configuration.
In one specific application embodiment, the stored configuration file may be as follows:
inm_config_list:{1,5,7};
Dev_config_list:{1,2,3,4,5,6,7,8,9};
Inmnodemap:{1,value},{5,value};
Devnodemap:{1,value}{2,value}{6,value};
post-treatment Devnodemap: {2, value } {6, value };
Mergemap:{1#2,value}{5#6,value};
final configuration file: {1, value }, {2, value } {5, value }, {6, value }.
According to the configuration method of the VPN branch equipment, the equipment can configure configuration which is not supported by own special centralized control, and after the centralized control completes unified configuration issuing, the original configuration of the equipment end cannot be cleared, so that the refinement and the controllability of the configuration are realized.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. The above-described functions defined by the above-described methods provided by the present disclosure are performed when the computer program is executed by a CPU. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following are device embodiments of the present disclosure that may be used to perform method embodiments of the present disclosure. For details not disclosed in the embodiments of the apparatus of the present disclosure, please refer to the embodiments of the method of the present disclosure.
Fig. 5 is a block diagram illustrating a configuration apparatus of a VPN branch device according to an exemplary embodiment. As shown in fig. 5, the configuration apparatus 50 of the VPN branch device may be used at a central control end, and includes: the system comprises a first configuration module 502, a second configuration module 504, a parsing module 506, a configuration merging module 508 and a sending module 510.
The first configuration module 502 is configured to generate a first configuration file according to the configuration information;
the second configuration module 504 is configured to obtain a second configuration file from the device side;
the parsing module 506 is configured to parse the first configuration file and the second configuration file;
the configuration merging module 508 is configured to perform configuration merging on the parsed first configuration file and the parsed second configuration file to generate a third configuration file;
the sending module 510 is configured to send the third configuration file to the device side for configuration.
Fig. 6 is a block diagram illustrating a configuration apparatus of a VPN branch device according to another exemplary embodiment. As shown in fig. 6, the configuration apparatus 60 of the VPN branch device may be used at a device side, and includes: a request module 602, a file module 604, an acquisition module 606, and a configuration module 608.
The request module 602 is configured to send a configuration request to the centralized control end;
the file module 604 is configured to send a second configuration file to the centralized control end based on the configuration request;
the obtaining module 606 is configured to obtain a third configuration file from the centralized control end;
the configuration module 608 is configured to perform device configuration based on the third configuration file.
According to the configuration device of the VPN branch equipment, a first configuration file is generated according to configuration information; acquiring a second configuration file from the equipment end; analyzing the first configuration file and the second configuration file; the first configuration file and the second configuration file after analysis are configured and combined to generate a third configuration file; and sending the third configuration file to the equipment end for configuration, so that the VPN branch equipment can configure configuration which is not supported by own special centralized control, and the original configuration of the equipment end is not cleared after the centralized control completes the unified configuration issuing, thereby realizing the fine and controllable management of the configuration.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 700 according to such an embodiment of the present disclosure is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.
As shown in fig. 7, the electronic device 700 is embodied in the form of a general purpose computing device. Components of electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 connecting the different system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 710 such that the processing unit 710 performs steps described in the present specification according to various exemplary embodiments of the present disclosure. For example, the processing unit 710 may perform the steps as shown in fig. 2, 3, and 4.
The memory unit 720 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 7201 and/or cache memory 7202, and may further include Read Only Memory (ROM) 7203.
The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 730 may be a bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 700, and/or any devices (e.g., routers, modems, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 750. Also, electronic device 700 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 760. Network adapter 760 may communicate with other modules of electronic device 700 via bus 730. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 700, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 8, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiments of the present disclosure.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: generating a first configuration file according to the configuration information; acquiring a second configuration file from the equipment end; analyzing the first configuration file and the second configuration file; the first configuration file and the second configuration file after analysis are configured and combined to generate a third configuration file; and sending the third configuration file to the equipment end for configuration. The computer readable medium may also implement the following functions: sending a configuration request to a centralized control terminal; sending a second configuration file to the centralized control terminal based on the configuration request; acquiring a third configuration file from the centralized control end; and carrying out equipment configuration based on the third configuration file.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solutions according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and include several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Exemplary embodiments of the present disclosure are specifically illustrated and described above. It is to be understood that this disclosure is not limited to the particular arrangements, instrumentalities and methods of implementation described herein; on the contrary, the disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.