CN114900448A

Movatterモバイル変換

Info

Publication number: CN114900448A
Application number: CN202210598677.4A
Authority: CN
Inventors: 刘红; 章敏龙; 缪钧轴; 任家鑫; 吴轩毅; 房家豪
Original assignee: Shanghai E&p International Inc
Current assignee: Shanghai E&p International Inc
Priority date: 2022-05-30
Filing date: 2022-05-30
Publication date: 2022-08-12
Anticipated expiration: 2042-05-30
Also published as: CN114900448B

Abstract

The invention relates to the technical field of computers, in particular to a micro-service gateway flow management method, a device and electronic equipment, wherein the method comprises the following steps: acquiring user service request information; matching a request rule corresponding to the user service request information, and initiating an agent request to a service processing server corresponding to the request rule to obtain service response information; processing the service request information and the service response information to obtain gateway flow information; analyzing the specific field of the gateway traffic information to generate a gateway service traffic report; and analyzing the gateway service flow report, and managing and controlling the micro service gateway flow according to the analysis. The gateway traffic information is analyzed to generate a gateway service traffic report, and the gateway service traffic report is analyzed, so that the gateway traffic control capability and the service processing efficiency are improved.

Description

Micro-service gateway flow management method and device and electronic equipment

Technical Field

The invention relates to the technical field of computers, in particular to a micro-service gateway flow management method and device and electronic equipment.

Background

With the development of information technology and the popularization of micro-service architecture, the API gateway of the back-end service slowly becomes an essential component in the software architecture, the API gateway makes the interface exposure of the service and the load balancing of the service more convenient, and different from the traditional load balancing middleware such as nginx and apache, there are many functions derived based on the micro-service, for example: the micro-service address can be dynamically taken through the registration center of the micro-service, so that the operation and maintenance are more intelligent, and complex request rules and the like can be written by simple grammars.

The API gateway, which is the mainstream in the market today, can perform these functions and can basically meet the basic requirements when used directly, but this has two problems:

firstly, the functions are used too originally, and no enterprise-level auxiliary facility is provided, so that only a few core technicians understand how to use the functions, the API gateway cannot be changed into an enterprise-level architecture, and each department or even each group has the respective API gateway, and the labor cost is greatly wasted.

Secondly, the native API gateway has too single function, and in some scenarios, the native function may not be enough to meet the actual business requirement, and how to integrate the specific requirement into the native gateway becomes a troublesome problem.

Disclosure of Invention

The invention provides a micro-service gateway traffic management method, a device and electronic equipment, which are used for improving the gateway traffic management and control capability and the service processing efficiency.

An embodiment of the present specification provides a method for managing microservice gateway traffic, including:

acquiring user service request information;

matching a request rule corresponding to the user service request information, and initiating an agent request to a service processing server corresponding to the request rule to obtain service response information;

processing the service request information and the service response information to obtain gateway flow information;

analyzing the specific field of the gateway traffic information to generate a gateway service traffic report;

and analyzing the gateway service flow report, and managing and controlling the micro service gateway flow according to the analysis.

Preferably, before acquiring the user service request, the method includes:

reading a pre-input request rule through an auxiliary configuration webpage end;

and auditing the pre-entered request rule, and issuing the request rule passing the auditing.

Preferably, the analyzing the specific field of the gateway traffic information includes:

processing the flow data into flow information with a preset structure;

storing the flow information of the preset structure to a full text search engine through message middleware;

and carrying out specific field analysis on the flow information of the preset structure through the full-text search engine.

Preferably, the performing specific field parsing on the traffic information with the predetermined structure by the full-text search engine includes:

judging service request information in the gateway flow information, and recording the service request information conforming to an analysis rule;

determining the identity authentication identification of the service request in the gateway flow information, searching and recording user information corresponding to the identity authentication identification of the service request through an authentication service;

searching and recording enterprise project attribution corresponding to the application service to which the gateway flow information belongs;

decrypting specific encrypted information in the gateway traffic information and recording the decrypted information;

and judging response information in the gateway flow information, and recording the response information conforming to the analysis rule.

Preferably, the auxiliary configuration web page terminal adopts Spring Boot as a development frame and MongoDB for data storage.

An embodiment of the present specification further provides a micro service gateway traffic management apparatus, including:

the information acquisition module is used for acquiring user service request information;

the response module is used for matching a request rule corresponding to the user service request information and initiating an agent request to a service processing server corresponding to the request rule to obtain service response information;

the information combination module is used for processing the service request information and the service response information to obtain gateway flow information;

the information analysis module is used for carrying out specific field analysis on the gateway traffic information to generate a gateway service traffic report;

and the flow control module is used for analyzing the gateway service flow report and controlling the micro service gateway flow according to the analysis.

Preferably, before acquiring the user service request, the method includes:

Preferably, the information parsing module includes:

the processing unit is used for processing the flow data into flow information with a preset structure;

the storage unit is used for storing the flow information of the preset structure to a full-text search engine through message middleware;

and the analysis unit is used for carrying out specific field analysis on the flow information with the preset structure through the full-text search engine.

An electronic device, wherein the electronic device comprises:

a processor and a memory storing computer executable instructions that, when executed, cause the processor to perform the method of any of the above.

A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of the above.

The gateway traffic information is analyzed to generate a gateway service traffic report, and the gateway service traffic report is analyzed, so that the gateway traffic control capability and the service processing efficiency are improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

fig. 1 is a schematic diagram illustrating a micro service gateway traffic management method according to an embodiment of the present disclosure;

fig. 2 is a flowchart of a micro service gateway traffic management rule configuration provided in an embodiment of the present specification;

fig. 3 is a flow chart of traffic analysis of micro service gateway traffic management according to an embodiment of the present disclosure;

fig. 4 is a schematic structural diagram of a micro service gateway traffic management apparatus according to an embodiment of the present disclosure;

fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure;

fig. 6 is a schematic diagram of a computer-readable medium provided in an embodiment of the present specification.

Detailed Description

Exemplary embodiments of the present invention will now be described more fully with reference to the accompanying drawings. The exemplary embodiments, however, may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals denote the same or similar elements, components, or parts in the drawings, and thus their repetitive description will be omitted.

Features, structures, characteristics or other details described in a particular embodiment do not preclude the fact that the features, structures, characteristics or other details may be combined in a suitable manner in one or more other embodiments in accordance with the technical idea of the invention.

In describing particular embodiments, the present invention has been described with reference to features, structures, characteristics or other details that are within the purview of one skilled in the art to provide a thorough understanding of the embodiments. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific features, structures, characteristics, or other details.

The diagrams depicted in the figures are exemplary only, and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order depicted. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.

The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.

The term "and/or" and/or "includes all combinations of any one or more of the associated listed items.

Referring to fig. 1, a schematic diagram of a method for micro service gateway traffic management provided in an embodiment of the present disclosure includes:

s101: acquiring user service request information;

in a preferred embodiment of the present invention, when a user needs to invoke a micro service, a service request is sent to the gateway, the gateway receives service request information sent by the user and generates a proxy request, and the gateway sends the proxy request to a server of a corresponding micro service for processing according to the micro service requested in the service request.

S102: matching a request rule corresponding to the user service request information, and initiating an agent request to a service processing server corresponding to the request rule to obtain service response information;

in a preferred embodiment of the present invention, as shown in fig. 2, a rule configurator pre-records a request rule through an auxiliary configuration web page, stores the request rule in a rule storage module, when receiving a user service request message, a gateway reads the request rule issued in the rule storage module, matches the request rule with the user service request message, and finally forwards the user service request message to a corresponding microservice server for processing according to the matched request rule, thereby implementing fast processing of a service request.

S103: processing the service request information and the service response information to obtain gateway flow information;

in a preferred embodiment of the present invention, information extraction is performed on the service request information and the service response information, and the extracted information is integrated to form gateway traffic information, where the gateway traffic information includes: the request information includes requested website information, requested user authentication information, request rule information corresponding to the request, application service information to which the request rule belongs, a unique identification number of the request, rule information of flow limitation, and the like. The requested website information includes a request address, a request body, a request header, a response body, a response header, and the like.

Further, the requested user authentication information is used for the gateway to verify the certificate carried by the user so as to acquire corresponding user information; request rule information corresponding to the request is used for confirming a request rule finally matched with the current service request; the application service information to which the request rule belongs is used for confirming the concrete item of the company to which each business request belongs; the unique identification number of the request is used for ensuring that each service request can be traced, and can be combined with a service log to perform full link tracing of the service request; the rule information of the flow limitation is used for confirming the specific current limitation rule triggered by the service request. The gateway traffic information contains the whole process information of the service request and the service response, and the gateway traffic information is analyzed subsequently, so that the monitoring of the service and the regulation and control of the gateway traffic are realized, the service processing efficiency is improved, and the management capability of the gateway traffic is enhanced.

S104: analyzing the specific field of the gateway traffic information to generate a gateway service traffic report;

in a preferred embodiment of the present invention, the original gateway traffic information may include many unreadable information, and specific information supplementation or decryption is performed according to the traffic configuration, and the specific analysis of the gateway traffic information includes: judging the content type of the service request, and recording the request information meeting the analysis requirement; judging whether the service request contains an identity authentication identifier or not, and taking corresponding user detailed information for recording through the authentication service; judging the application service to which the flow belongs, finding out the enterprise project attribution corresponding to the service request, and facilitating enterprise-level flow statistics; decrypting specific encrypted information in the service request and recording the decrypted information; judging the content type of the server response service request, and recording the response information meeting the analysis requirement; and the customized analysis rule is supported, and the requirement that each project group records the specific gateway flow information is met. The gateway traffic information is analyzed in the specific field mode, so that a gateway service traffic report is generated, and a data basis is provided for the control of subsequent gateway traffic.

S105: and analyzing the gateway service flow report, and managing and controlling the micro service gateway flow according to the analysis.

In a preferred embodiment of the present invention, the management end obtains an analysis result by analyzing the gateway service traffic report, and then adjusts and controls a processing mode of the gateway for the service request according to the analysis result, wherein the processing mode includes current limiting, directional flow guiding and the like.

Further, before obtaining the user service request, the method includes:

In a preferred embodiment of the invention, the rule entry personnel enter the request rule through the auxiliary configuration webpage end, then the rule auditing personnel audit the entered request rule through the rule auditing webpage end, and issue and update the approved request rule so as to ensure the accuracy and the safety of the request rule.

Further, the analyzing the specific field of the gateway traffic information includes:

processing the flow data into flow information with a preset structure;

In the preferred embodiment of the present invention, by integrating the gateway and the ELK (open source software) architecture, the gateway traffic information is asynchronously stored in the Elastic Search by Kafka in a predefined structure, and then the specific field is analyzed by the Elastic Search, thereby generating the gateway traffic report. The integration of all contents of the service request information and the service response information is realized through the mode, the full-link tracking of the service request is favorably realized, and the service processing efficiency is improved.

Further, the performing specific field parsing on the traffic information of the predetermined structure by the full-text search engine includes:

Furthermore, the auxiliary configuration webpage side adopts Spring Boot as a development frame and MongoDB for data storage.

In the preferred embodiment of the invention, the auxiliary configuration webpage end adopts Spring Boot as a development frame, MongoDB is adopted for data storage, and the non-relational database can better support complex rule data. The auxiliary configuration webpage end can configure the complex gateways such as request rules and flow control rules, and the auxiliary functions related to configuration such as configuration input, configuration management, configuration authority control, configuration version control and configuration release and rollback are performed through the auxiliary configuration webpage end, so that the technical threshold of gateway configuration personnel is reduced, the configuration logic of a native gateway does not need to be learned, the configuration can be completed only by following interface flow guidance, and the whole configuration process can be managed and traceable.

Furthermore, the native Spring Cloud Gateway and WebFlux architecture are used as the basis of the bottom layer, mainstream middleware such as Nacos, Sentinel and Kafka are integrated in the Gateway in a reasonable mode, the native use mode is not affected, and meanwhile, various upper-layer functions are realized. The infrastructure of the gateway has functions of dynamic update of a request matching rule, dynamic update of a flow limiting rule, unified identity authentication of an enterprise level, interception of illegal requests, directional diversion according to a service version or an IP (Internet protocol), generalized Call of RPC (Remote Procedure Call) service, flow control of a specific index, recording of flow information and the like.

Referring to fig. 3, which is a flow analysis flow chart of micro-service gateway flow management provided in an embodiment of the present disclosure, when a gateway receives a service request initiated by a client, the gateway forwards the service request initiated by the client according to service request information in the service request, a proxy server corresponding to the service request information processes the service request, then the gateway obtains response information corresponding to the service request information by proxy, and integrates the service request information and the response information to generate a message queue in which gateway flow information is pushed to a message middleware, then consumes the message queue, stores the gateway flow information in a service database, finally queries the gateway flow information in the service database through a flow analysis module, analyzes the queried gateway flow information to generate a gateway service flow report, and analyzes the gateway service flow report, the service request is more effectively regulated and controlled, the auxiliary configuration webpage end is configured and modified, and the like, so that the service processing efficiency and the service processing capacity are improved.

Fig. 4 is a schematic structural diagram of a micro service gateway traffic management device provided in an embodiment of the present specification, including:

aninformation obtaining module 201, configured to obtain user service request information;

aresponse module 202, configured to match a request rule corresponding to the user service request information, and initiate an agent request to a service processing server corresponding to the request rule, so as to obtain service response information;

theinformation combining module 203 is configured to process the service request information and the service response information to obtain gateway traffic information;

theinformation analysis module 204 is configured to perform specific field analysis on the gateway traffic information to generate a gateway service traffic report;

and the flow management andcontrol module 205 is configured to analyze the gateway service flow report, and manage and control the micro service gateway flow according to the analysis.

Further, before obtaining the user service request, the method includes:

Further, theinformation parsing module 204 includes:

Further, the parsing unit includes:

the first judging subunit is used for judging the service request information in the gateway flow information and recording the service request information conforming to the analysis rule;

the identity confirmation subunit is used for determining the identity authentication identifier of the service request in the gateway flow information, searching and recording the user information corresponding to the identity authentication identifier of the service request through the authentication service;

the searching subunit is used for searching and recording enterprise item attribution corresponding to the application service to which the gateway traffic information belongs;

the decryption subunit is used for decrypting specific encrypted information in the gateway traffic information and recording the decrypted information;

and the second judgment subunit is used for judging the response information in the gateway flow information and recording the response information conforming to the analysis rule.

The functions of the apparatus in the embodiment of the present invention have been described in the above method embodiments, so that reference may be made to the related descriptions in the foregoing embodiments for details that are not described in the present embodiment, and further details are not described herein.

Based on the same inventive concept, the embodiment of the specification further provides the electronic equipment.

In the following, embodiments of the electronic device of the present invention are described, which may be regarded as specific physical implementations for the above-described embodiments of the method and apparatus of the present invention. Details described in the embodiments of the electronic device of the invention should be considered supplementary to the embodiments of the method or apparatus described above; for details which are not disclosed in embodiments of the electronic device of the invention, reference may be made to the above-described embodiments of the method or the apparatus.

Fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification. Anelectronic device 300 according to this embodiment of the invention is described below with reference to fig. 5. Theelectronic device 300 shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.

As shown in fig. 5,electronic device 300 is embodied in the form of a general purpose computing device. The components ofelectronic device 300 may include, but are not limited to: at least oneprocessing unit 310, at least onememory unit 320, abus 330 connecting different device components (including thememory unit 320 and the processing unit 310), adisplay unit 340, and the like.

Wherein the storage unit stores program code executable by theprocessing unit 310 to cause theprocessing unit 310 to perform the steps according to various exemplary embodiments of the present invention described in the above-mentioned processing method section of the present specification. For example, theprocessing unit 310 may perform the steps as shown in fig. 1.

Thestorage unit 320 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)3201 and/or acache storage unit 3202, and may further include a read only memory unit (ROM) 3203.

Thestorage unit 320 may also include a program/utility 3204 having a set (at least one) ofprogram modules 3205,such program modules 3205 including, but not limited to: an operating device, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Bus 330 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

Theelectronic device 300 may also communicate with one or more external devices 400 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with theelectronic device 300, and/or with any devices (e.g., router, modem, etc.) that enable theelectronic device 300 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O)interface 350. Also, theelectronic device 300 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via thenetwork adapter 360.Network adapter 360 may communicate with other modules ofelectronic device 300 viabus 330. It should be appreciated that although not shown in FIG. 5, other hardware and/or software modules may be used in conjunction withelectronic device 300, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID devices, tape drives, and data backup storage devices, to name a few.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments of the present invention described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a computer-readable storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, or a network device, etc.) execute the above-mentioned method according to the present invention. The computer program, when executed by a data processing apparatus, enables the computer readable medium to implement the above-described method of the invention, namely: such as the method shown in fig. 1.

Fig. 6 is a schematic diagram of a computer-readable medium provided in an embodiment of the present disclosure.

A computer program implementing the method shown in fig. 1 may be stored on one or more computer readable media. The computer readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor device, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution apparatus, device, or apparatus. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

In summary, the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in embodiments in accordance with the invention may be implemented in practice using a general purpose data processing device such as a microprocessor or a Digital Signal Processor (DSP). The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.

While the foregoing embodiments have described the objects, aspects and advantages of the present invention in further detail, it should be understood that the present invention is not inherently related to any particular computer, virtual machine or electronic device, and various general-purpose machines may be used to implement the present invention. The invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.

The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims

1. A micro service gateway traffic management method is characterized by comprising the following steps:

acquiring user service request information;

2. The method for traffic management of a microservice gateway of claim 1, wherein prior to obtaining a user service request, comprising:

3. The method for micro-service gateway traffic management according to claim 1, wherein the performing field-specific resolution on the gateway traffic information comprises:

processing the flow data into flow information with a preset structure;

4. The method for traffic management of microservice gateway according to claim 3, wherein said performing field-specific parsing on said traffic information of said predetermined structure by said full-text search engine comprises:

5. The method for managing microservice gateway traffic according to claim 2, wherein the auxiliary configuration web page side uses Spring Boot as a development framework and uses MongoDB for data storage.

6. A microservice gateway traffic management apparatus, comprising:

7. The microservice gateway traffic management device of claim 6, prior to obtaining the user service request, comprising:

8. The microservice gateway traffic management device of claim 6, wherein the information parsing module comprises:

9. An electronic device, wherein the electronic device comprises:

a processor and a memory storing computer-executable instructions that, when executed, cause the processor to perform the method of any of claims 1-5.

10. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-5.