CN111666110B - Method and device for batch processing of network isolation space based on user mode protocol stack - Google Patents
Method and device for batch processing of network isolation space based on user mode protocol stack Download PDFInfo
- Publication number
- CN111666110B CN111666110B CN201910176731.4A CN201910176731A CN111666110B CN 111666110 B CN111666110 B CN 111666110B CN 201910176731 A CN201910176731 A CN 201910176731A CN 111666110 B CN111666110 B CN 111666110B
- Authority
- CN
- China
- Prior art keywords
- target
- space
- network isolation
- target network
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for processing network isolation spaces in batch based on a user mode protocol stack, which sets a unique space name for each network isolation space and also comprises the following steps: acquiring a control instruction which is sent by a protocol stack control end and carries a space indication identifier, and determining all target network isolation spaces and target configuration files corresponding to the space indication identifier, wherein the control instruction at least comprises one of an adding instruction, a deleting instruction and a reloading instruction of all the target network isolation spaces; and performing batch processing on all the target network isolation spaces and the target configuration files based on the control instruction. The invention can realize batch processing of the network isolation space, thereby effectively saving system resources and improving the processing efficiency of the network isolation space.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a method and a device for processing network isolation spaces in batch based on a user mode protocol stack.
Background
With the rapid development of the cloud computing technology, internet service providers can create independent network isolation spaces for different users in a background server through the network isolation technology, and then can run business programs in the different network isolation spaces to provide network services for the different users.
The Linux system provides a network isolation method running in a kernel space, different network isolation spaces can be managed through different processes, and all the network isolation spaces share the same configuration file. Thus, all network isolation spaces sharing the configuration file can modify the corresponding content along with the modification of the shared configuration file. In order to solve the above problem, the prior art also applies the above method to a user mode protocol stack, so that different network isolation spaces may correspond to independent configuration files. When the configuration file of a certain network isolation space needs to be modified, firstly, a process a can be created to point to the network isolation space, the network isolation space is switched to through the process a, and then, a sub-process B for executing a modification instruction is created based on the process a to modify the configuration file of the network isolation space.
In the process of implementing the invention, the inventor finds that the prior art has at least the following problems:
after the method is applied to the user mode protocol stack, only a single network isolation space can be processed independently, when a plurality of network isolation spaces need to be processed, two processes (namely the process a and the sub-process B) need to be created for each network isolation space, and a large amount of system resources are consumed. Therefore, the method has low treatment efficiency.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a method and an apparatus for batch processing a network isolation space based on a user mode protocol stack. The technical scheme is as follows:
in a first aspect, a method for batch processing network isolation spaces based on a user mode protocol stack is provided, where a unique space name is set for each network isolation space, and the method further includes:
acquiring a control instruction which is sent by a protocol stack control end and carries a space indication identifier, and determining all target network isolation spaces and target configuration files corresponding to the space indication identifier, wherein the control instruction at least comprises one of an adding instruction, a deleting instruction and a reloading instruction of all the target network isolation spaces;
and performing batch processing on all the target network isolation spaces and the target configuration files based on the control instruction.
Further, the obtaining a control instruction carrying a space indication identifier sent by a protocol stack control end, and determining all target network isolation spaces and target configuration files corresponding to the space indication identifier includes:
and acquiring a control instruction which is sent by the protocol stack control end and carries a plurality of target space names, and determining all target network isolation spaces and target configuration files corresponding to the plurality of target space names.
Further, the method further comprises:
receiving a directory file creating instruction carrying a plurality of target space names, creating a target directory file, and adding configuration files corresponding to the plurality of target space names into the target directory file;
the acquiring a control instruction carrying a space indication identifier sent by a protocol stack control end, and determining all target network isolation spaces and target configuration files corresponding to the space indication identifier includes:
and acquiring a control instruction which is sent by a protocol stack control end and carries the file identifier of the target directory file, and determining all target configuration files under the target directory file and all target network isolation spaces corresponding to all the target configuration files.
Further, the batch processing of all the target network isolation spaces and the target configuration files based on the control instruction includes:
when the control command is an adding command of all the target network isolation spaces, creating a target network isolation space and a target configuration file;
and distributing the target configuration file for each target network isolation space according to the space name corresponding to the space indication identifier.
Further, after the target configuration file is allocated to each target network isolation space according to the space name corresponding to the space indication identifier, the method includes:
determining a target resource type required by each target network isolation space;
according to the network segment of the user IP address corresponding to the target network isolation space, determining a space resource corresponding to the target resource type in a preset resource management file;
and setting the space resource corresponding to the target resource type into a target configuration file of each target network isolation space.
Further, after the target configuration file is allocated to each target network isolation space according to the space name corresponding to the space indication identifier, the method includes:
determining target space resources required by each target network isolation space according to user service requirements corresponding to each target network isolation space;
and setting the target space resources to the target configuration files of the target network isolation spaces from the preset resource management files.
Further, the batch processing of all the target network isolation spaces and the target configuration files based on the control instruction includes:
and when the control instruction is a deletion instruction of all the target network isolation spaces, deleting all the target network isolation spaces and the target configuration file.
Further, the batch processing of all the target network isolation spaces and the target configuration files based on the control instruction includes:
when the control instruction is a reloading instruction of all the target network isolation spaces, acquiring loaded configuration files and configuration files to be loaded of all the target network isolation spaces;
and judging whether the content of the loaded configuration file and the content of the configuration file to be loaded are changed, if so, reloading the target network isolation space according to the configuration file to be loaded.
Further, after the configuration file is allocated to each network isolation space according to the space name, the method includes:
when the user mode protocol stack is initialized, loading the configuration file corresponding to each network isolation space; or after the loading instruction output by the protocol stack control end is obtained, loading the configuration file of the network isolation space corresponding to the loading instruction.
In a second aspect, an apparatus for batch processing network isolation spaces based on a user mode protocol stack is provided, where a unique space name is set for each network isolation space, and the apparatus includes:
the system comprises an instruction acquisition module, a data processing module and a data processing module, wherein the instruction acquisition module is used for acquiring a control instruction which is sent by a protocol stack control end and carries a space indication identifier, and determining all target network isolation spaces and target configuration files corresponding to the space indication identifier;
and the processing module is used for carrying out batch processing on all the target network isolation spaces and the target configuration files based on the control instruction.
Further, the instruction obtaining module is further configured to:
and acquiring a control instruction which is sent by the protocol stack control end and carries a plurality of target space names, and determining all target network isolation spaces and target configuration files corresponding to the plurality of target space names.
Further, the instruction obtaining module is further configured to:
receiving a directory file creating instruction carrying a plurality of target space names, creating a target directory file, and adding configuration files corresponding to the plurality of target space names into the target directory file;
acquiring a control instruction which is sent by a protocol stack control end and carries a file identifier of a target directory file, and determining all target configuration files under the target directory file and all target network isolation spaces corresponding to all the target configuration files.
Further, the processing module is configured to:
when the control instruction is an adding instruction of all the target network isolation spaces, creating a target network isolation space and a target configuration file;
and distributing the target configuration file for each target network isolation space according to the space name corresponding to the space indication identifier.
Further, the processing module is further configured to:
determining a target resource type required by each target network isolation space;
according to the network segment to which the user IP address corresponding to the target network isolation space belongs, determining a space resource corresponding to the target resource type in a preset resource management file;
and setting the space resource corresponding to the target resource type into a target configuration file of each target network isolation space.
Further, the processing module is further configured to:
determining target space resources required by each target network isolation space according to user service requirements corresponding to each target network isolation space;
and setting the target space resources to the target configuration files of the target network isolation spaces from the preset resource management files.
Further, the processing module is further configured to:
and when the control instruction is a deletion instruction of all the target network isolation spaces, deleting all the target network isolation spaces and the target configuration file.
Further, the processing module is further configured to:
when the control instruction is a reloading instruction of all the target network isolation spaces, acquiring loaded configuration files and configuration files to be loaded of all the target network isolation spaces;
and judging whether the content of the loaded configuration file and the content of the configuration file to be loaded are changed, if so, reloading the target network isolation space according to the configuration file to be loaded.
Further, the apparatus further includes a loading module, configured to:
when the user mode protocol stack is initialized, loading the configuration file corresponding to each network isolation space; or after the loading instruction output by the protocol stack control end is obtained, loading the configuration file of the target network isolation space corresponding to the loading instruction.
In a third aspect, a network device is provided, which includes a processor and a memory, where at least one instruction, at least one program, a set of codes, or a set of instructions is stored in the memory, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the method for batch processing a network isolation space based on a user mode protocol stack according to the first aspect.
In a fourth aspect, a computer-readable storage medium is provided, in which at least one instruction, at least one program, a set of codes, or a set of instructions is stored, and loaded and executed by a processor to implement the method for batch processing of network isolation spaces based on a user mode protocol stack according to the first aspect.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, a control instruction which is sent by a protocol stack control end and carries a space indication identifier is obtained, and all target network isolation spaces and target configuration files corresponding to the space indication identifier are determined, wherein the control instruction at least comprises one of an adding instruction, a deleting instruction and a reloading instruction of all the target network isolation spaces; and carrying out batch processing on all the target network isolation spaces and the target configuration files based on the control instructions. Therefore, the space indication identification carried by the control instruction can point to a plurality of target network isolation spaces and target configuration files, and the network equipment can execute the control instruction through a single user mode protocol stack process so as to realize batch processing of all the target network isolation spaces and the target configuration files pointed by the control instruction, thereby not only effectively saving system resources, but also effectively improving the processing efficiency of the network isolation spaces.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for batch processing a network isolation space based on a user mode protocol stack according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an apparatus for batch processing a network isolation space based on a user mode protocol stack according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an apparatus for batch processing a network isolation space based on a user mode protocol stack according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a network device according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The embodiment of the invention provides a method for processing network isolation spaces in batches based on a user mode protocol stack. The user mode protocol stack can be used for replacing a kernel mode protocol stack to process service data, the protocol stack control end can send a control instruction to the user mode protocol stack, and the user mode protocol stack can perform batch processing on all network isolation spaces and configuration files pointed by the control instruction based on the control instruction. The network device may include a processor, a memory, and a transceiver, where the processor may be configured to perform batch processing on the network isolation space based on the user mode protocol stack in the following process, the memory may be configured to store data required and generated in the following process, and the transceiver may be configured to receive and transmit related data in the following process. It should be noted that the processing executed by the user mode protocol stack and the protocol stack control end described below may be understood as being specifically implemented by the user mode protocol stack and the protocol stack control end set by the network device.
The following describes in detail a processing flow of the method for batch processing a network isolation space based on a user mode protocol stack shown in fig. 1 with reference to a specific embodiment, where the content may be as follows:
step 101: acquiring a control instruction which is sent by a protocol stack control end and carries a space indication identifier, and determining all target network isolation spaces and target configuration files corresponding to the space indication identifier.
The control instruction at least comprises one of an adding instruction, a deleting instruction and a reloading instruction of all the target network isolation spaces.
In implementation, when an internet service provider provides network services for users through network devices, the internet service provider can provide relatively isolated and non-interfering network services for different users on the same network device through a network isolation technology. Specifically, the network device may create a plurality of network isolation spaces based on the user mode protocol stack, and set a unique network isolation space name (which may be referred to as a space name) for each network isolation space, where the space name may be a number, a letter, a symbol, or a combination of several of the numbers. The network device may also create multiple configuration files, assign a space name to each configuration file, and assign a corresponding configuration file to each network isolation space according to the space name. The network device may then create a single user mode protocol stack process and manage the configuration files for the plurality of network isolation spaces via the single user mode protocol stack process.
When a new network isolation space needs to be created, an created network isolation space is deleted, or an created network isolation space is reloaded, the network device may generate a corresponding control instruction through a protocol stack control end, where the control instruction may at least carry a space indication identifier, where the space indication identifier may be identification information used to indicate the network isolation space that needs to be controlled. Then, the network device may send the control instruction to a user mode protocol stack through a protocol stack control end, and the user mode protocol stack may obtain a space indication identifier carried by the control instruction, determine all target space names corresponding to the control instruction according to the space indication identifier, and determine all target network isolation spaces and target configuration files to which the control instruction points according to all the target space names.
Optionally, the space indication identifier may be a space name of a specific network isolation space, and accordingly, the processing in step 101 may be as follows: the method comprises the steps of obtaining a control instruction which is sent by a protocol stack control end and carries a plurality of target space names, and determining all target network isolation spaces and target configuration files corresponding to the plurality of target space names.
In implementation, the network device may point to one target network isolation space or multiple target network isolation spaces through a space indication identifier carried by a control instruction generated by a protocol stack control end. Specifically, when the control command only points to one target network isolation space, the space indication identifier only includes one target space name. When the control command points to multiple target network isolation spaces, the space indicator may include multiple target space names. Taking the control command as an example to add three network isolation spaces ns1, ns2, and ns3, the control command may be: wss _ cmd add _ netns < ns1> < ns2> < ns13>, wherein "add _ netns" is the increment instruction identification, and "ns1, ns2, ns3" is the target space name. Then, the network device can send the control instruction to the user mode protocol stack through the protocol stack control end, and further, the network device can obtain the space indication identifier carried in the control instruction through the user mode protocol stack, and determine which target network isolation spaces and target configuration files thereof are to be subjected to batch processing.
Optionally, before the network device generates the control instruction through the protocol stack control end, the following processing may be performed: receiving a directory file creating instruction carrying a plurality of target space names, creating a target directory file, and adding configuration files corresponding to the plurality of target space names into the target directory file. At this time, the processing of step 101 may be as follows: and acquiring a control instruction which is output by a protocol stack control end and carries a file identifier of the target directory file, and determining all target configuration files under the target directory file and all target network isolation spaces corresponding to all the target configuration files.
In implementation, when batch processing needs to be performed on a plurality of target network isolation spaces, the network device may receive a directory file creation instruction input by an administrator of an internet service provider, where the directory file creation instruction may carry all target space names of the plurality of target network isolation spaces. Then, the network device may create a directory file (which may be referred to as a target directory file) based on the directory creation instruction, and add the configuration files of all target network isolation spaces corresponding to all target space names to the target directory file. Furthermore, the network device may generate a control instruction carrying the file identifier of the target directory file through a protocol stack control end, and send the control instruction to the user mode protocol stack. Then, the network device may obtain a file identifier of a target directory file carried by the control instruction through a user mode protocol stack, determine the target directory file pointed by the control instruction according to the file identifier of the target directory file, and determine all configuration files in the target directory file and all network isolation spaces corresponding to the configuration files as all target configuration files and all target network isolation spaces pointed by the control instruction.
And 102, performing batch processing on all the target network isolation spaces and the target configuration files based on the control instruction.
The control instruction also carries a specific operation identifier, and the specific operation identifier may be an addition instruction identifier of the network isolation space, a deletion instruction identifier of the network isolation space, or a reload instruction identifier of the network isolation space.
In implementation, the network device may obtain the control instruction through a protocol stack server, and may perform batch processing on all the target network isolation spaces and the target configuration files based on the control instruction through the single user mode protocol stack process. Specifically, when the control instruction is an increase instruction of the network isolation space, the specific operation identifier of the instruction may be add _ netns; when the control instruction is a delete instruction of the network isolation space, the specific operation identifier of the instruction may be delete _ netns; when the control command is a reload command of the network isolation space, the specific operation identifier of the command may be reload _ netns.
Optionally, the network device may create a new target network isolation space and a target configuration file, and accordingly, the process of step 102 may be as follows: when the control instruction is an adding instruction of all target network isolation spaces, creating a target network isolation space and a target configuration file; and distributing a target configuration file for each target network isolation space according to the space name corresponding to the space indication identifier.
In implementation, when the control instruction is an add instruction of a network isolation space, the network device may create a new target network isolation space based on the control instruction through the single user mode protocol stack process, and may set a unique space name for each newly added target network isolation space, where the space name is a target space name in the space indication identifier carried by the control instruction. Then, the network device may create target configuration files with the same number as the target network isolation space, and assign a space name to each target configuration file, where the space name is also a target space name in the space indication identifier carried by the control instruction. Specifically, the control command is: for wss _ cmd add _ netns < ns1> < ns2> < ns3>, for example, the network device may create 3 target network isolation spaces through the single user mode protocol stack process, and sequentially allocate target space names ns1, ns2, and ns3 to each target network isolation space. Then, the network device may create 3 target configuration files, and sequentially allocate target space names ns1, ns2, ns3 to each target configuration file, so that each target space name corresponds to one target network isolation space and one target configuration file, that is, each target network isolation space corresponds to one target configuration file. Thus, the network device can add the space resources required by each newly added target network isolation space in the target configuration file of each newly added target network isolation space.
It should be noted that the configuration files of the network isolation spaces may be loaded at different times, for example, the configuration files may be loaded when a user mode protocol stack is initialized, or the configuration files of the network isolation spaces to which the loading instruction points may be loaded after the loading instruction sent by the protocol stack control end is obtained.
Optionally, the network device may allocate a space resource to each configuration file according to the network segment to which the user IP address corresponding to the target network isolation space belongs, and correspondingly, after step 102, the following processing may be performed: determining the target resource types required by each target network isolation space; according to the network segment of the user IP address corresponding to the target network isolation space, determining the space resource corresponding to the target resource type in a preset resource management file; and adding the space resources corresponding to the target resource type into the configuration files of the network isolation spaces.
In an implementation, after allocating the configuration file corresponding to each network isolation space, the network device may add the corresponding space resource to the configuration file of each network isolation space according to a resource type (which may be referred to as a target resource type) required by each network isolation space. Specifically, taking the example of adding the required space resource to the configuration file corresponding to the network isolation space ns1, the network device may determine the target resource type required by the network isolation space ns1, determine the space resource corresponding to the target resource type in the preset resource management file according to the network segment to which the user IP address corresponding to the target network isolation space belongs, and add the space resource to the configuration file of the network isolation space ns 1. In this way, when the network device provides network services for users through different network isolation spaces, specific service processing can be implemented based on the space resources added in the configuration file of each network isolation space. It should be noted that, after the network device adds the space resource corresponding to the target resource type to the configuration file of the corresponding network isolation space, the space resource is not removed from the preset resource management file, and when other network isolation spaces need the space resource corresponding to the same target resource type, the corresponding space resource in the preset resource management file may also be added to the configuration file of the corresponding network isolation space. Therefore, each network isolation space can correspond to an independent configuration file, and space resources in different configuration files can be repeated.
Optionally, the network device may allocate a space resource to each configuration file according to a user service requirement corresponding to the target network isolation space, and correspondingly, after step 102, the following processing may also be performed: determining target space resources required by each target network isolation space according to user service requirements corresponding to each target network isolation space; and setting the target space resources to the target configuration files of the target network isolation spaces from the preset resource management files.
In implementation, after the network device allocates the configuration file corresponding to each network isolation space, the network device may further determine, according to a specific service requirement of a user corresponding to each target network isolation space, a space resource (which may be referred to as a target space resource) required by each target network isolation space. Then, the network device may add the target space resource required by each target network isolation space from the preset resource management file to a target configuration file corresponding to each target network isolation space.
Optionally, the network device may delete an existing target network isolation space and a target configuration file, and accordingly, the processing in step 102 may be as follows: and when the control instruction is a deletion instruction of all the target network isolation spaces, deleting all the target network isolation spaces and the target configuration file.
Optionally, when the network isolation space needs to be reloaded, the network device may determine whether to specifically execute the reloading instruction based on specific content of the configuration file, and accordingly, the processing in step 102 may further include: when the control instruction is a heavy load instruction of all target network isolation spaces, acquiring loaded configuration files and configuration files to be loaded of all the target network isolation spaces; and judging whether the content of the loaded configuration file and the content of the configuration file to be loaded are changed, and if so, reloading the target network isolation space according to the configuration file to be loaded.
In implementation, when the control instruction is a reload instruction of the network isolation space, the network device may determine, through the single user mode protocol stack process, whether to reload each target network isolation space and its corresponding target configuration file according to the configuration file to be loaded according to the specific contents of the loaded configuration file and the configuration file to be loaded. Specifically, after modifying a configuration file of a certain target network isolation space, the network device may store the loaded configuration file before modification and the modified configuration file to be loaded. Thus, when the control instruction output by the network device through the protocol stack control end is a reload instruction of the network isolation space, the network device can determine all target network isolation spaces and target configuration files (including loaded configuration files and configuration files to be loaded) pointed by the control instruction according to the space indication identifier carried by the control instruction. Then, comparing the loaded configuration file of each target network isolation space with the content of the configuration file to be loaded, judging whether the content of the configuration file to be loaded changes relative to the content of the loaded configuration file, and if so, reloading the configuration file to be loaded and the target network isolation space corresponding to the configuration file to be loaded; if there is no change, no reloading is necessary.
In the embodiment of the invention, a control instruction which is sent by a protocol stack control end and carries a space indication identifier is obtained, and all target network isolation spaces and target configuration files corresponding to the space indication identifier are determined, wherein the control instruction at least comprises one of an adding instruction, a deleting instruction and a reloading instruction of all the target network isolation spaces; and carrying out batch processing on all the target network isolation spaces and the target configuration files based on the control instructions. Therefore, the space indication identification carried by the control instruction can point to a plurality of target network isolation spaces and target configuration files, and the network equipment can execute the control instruction through a single user mode protocol stack process so as to realize batch processing of all the target network isolation spaces and the target configuration files pointed by the control instruction, thereby not only effectively saving system resources, but also effectively improving the processing efficiency of the network isolation spaces.
Based on the same technical concept, an embodiment of the present invention further provides a device for batch processing of network isolation spaces based on a user mode protocol stack, where a unique space name is set for each network isolation space, and as shown in fig. 2, the device includes:
an instruction obtaining module 201, configured to obtain a control instruction carrying a space indication identifier and sent by a protocol stack control end, and determine all target network isolation spaces and target configuration files corresponding to the space indication identifier;
and the processing module 202 is configured to perform batch processing on all the target network isolation spaces and the target configuration files based on the control instruction.
Further, the instruction obtaining module 201 is further configured to:
and acquiring a control instruction which is sent by the protocol stack control end and carries a plurality of target space names, and determining all target network isolation spaces and target configuration files corresponding to the plurality of target space names.
Further, the instruction obtaining module 201 is further configured to:
receiving a directory file creating instruction carrying a plurality of target space names, creating a target directory file, and adding configuration files corresponding to the plurality of target space names into the target directory file;
acquiring a control instruction which is sent by a protocol stack control end and carries a file identifier of a target directory file, and determining all target configuration files under the target directory file and all target network isolation spaces corresponding to all the target configuration files.
Further, the processing module 202 is configured to:
when the control command is an adding command of all the target network isolation spaces, creating a target network isolation space and a target configuration file;
and distributing the target configuration file for each target network isolation space according to the space name corresponding to the space indication identifier.
Further, the processing module 202 is further configured to:
determining a target resource type required by each target network isolation space;
according to the network segment of the user IP address corresponding to the target network isolation space, determining a space resource corresponding to the target resource type in a preset resource management file;
and setting the space resource corresponding to the target resource type into a target configuration file of each target network isolation space.
Further, the processing module 202 is further configured to:
determining target space resources required by each target network isolation space according to user service requirements corresponding to each target network isolation space;
and setting the target space resources to the target configuration files of the target network isolation spaces from the preset resource management files.
Further, the processing module 203 is further configured to:
and when the control instruction is a deletion instruction of all the target network isolation spaces, deleting all the target network isolation spaces and the target configuration file.
Further, the processing module 202 is further configured to:
when the control instruction is a heavy load instruction of all the target network isolation spaces, acquiring loaded configuration files and configuration files to be loaded of all the target network isolation spaces;
and judging whether the content of the loaded configuration file and the content of the configuration file to be loaded are changed, if so, reloading the target network isolation space according to the configuration file to be loaded.
Further, as shown in fig. 3, the apparatus further includes a loading module 203 for:
when the user mode protocol stack is initialized, loading the configuration file corresponding to each network isolation space; or after the loading instruction output by the protocol stack control end is obtained, loading the configuration file of the target network isolation space corresponding to the loading instruction.
It should be noted that: the device for batch processing of network isolation space based on user mode protocol stack provided in the above embodiment is only illustrated by the above division of each functional module, and in practical application, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to complete all or part of the above described functions. In addition, the apparatus for batch processing of network isolation spaces based on a user mode protocol stack provided in the foregoing embodiment and the method embodiment for batch processing of network isolation spaces based on a user mode protocol stack belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment, and are not described herein again.
Fig. 4 is a schematic structural diagram of a network device according to an embodiment of the present invention. Such network devices 400, which may vary considerably due to configuration or performance, may include one or more central processors 422 (e.g., one or more processors) and memory 432, one or more storage media 430 (e.g., one or more mass storage devices) storing application programs 442 or data 444. Wherein the memory 432 and storage medium 430 may be transient or persistent storage. The program stored on the storage medium 430 may include one or more modules (not shown), each of which may include a sequence of instructions operating on the network device 400. Still further, the central processor 422 may be arranged to communicate with the storage medium 430 to execute a series of instruction operations in the storage medium 430 on the network device 400.
The network device 400 may also include one or more power supplies 426, one or more wired or wireless network interfaces 450, one or more input-output interfaces 458, one or more keyboards 456, and/or one or more operating systems 441, such as Windows Server, mac OS X, unix, linux, freeBSD, and the like.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (20)
1. A method for processing network isolation spaces in batch based on a user mode protocol stack sets a unique space name for each network isolation space, and is characterized in that the method also comprises the following steps:
acquiring a control instruction carrying a space indication identifier sent by a protocol stack control end, and determining all target network isolation spaces corresponding to the space indication identifier and a target configuration file corresponding to each target network isolation space, wherein the control instruction at least comprises one of an adding instruction, a deleting instruction and a reloading instruction of all the target network isolation spaces;
and carrying out batch processing on all the target network isolation spaces and the target configuration files corresponding to each target network isolation space based on the control instruction.
2. The method according to claim 1, wherein the obtaining of the control instruction carrying the space indication identifier sent by the protocol stack control end, and determining all target network isolation spaces corresponding to the space indication identifier and a target configuration file corresponding to each target network isolation space comprises:
and acquiring a control instruction which is sent by the protocol stack control end and carries a plurality of target space names, and determining all target network isolation spaces corresponding to the plurality of target space names and a target configuration file corresponding to each target network isolation space.
3. The method of claim 1, further comprising:
receiving a directory file creating instruction carrying a plurality of target space names, creating a target directory file, and adding configuration files corresponding to the plurality of target space names into the target directory file;
the acquiring a control instruction carrying a space indication identifier sent by a protocol stack control end, and determining all target network isolation spaces corresponding to the space indication identifier and a target configuration file corresponding to each target network isolation space includes:
and acquiring a control instruction which is sent by a protocol stack control end and carries the file identifier of the target directory file, and determining all target configuration files under the target directory file and all target network isolation spaces corresponding to all the target configuration files.
4. The method according to claim 1, wherein the batch processing of all the target network isolation spaces and the target configuration file corresponding to each target network isolation space based on the control instruction comprises:
when the control instruction is an adding instruction of all the target network isolation spaces, creating a target network isolation space and a target configuration file;
and distributing the target configuration file for each target network isolation space according to the space name corresponding to the space indication identifier.
5. The method according to claim 4, wherein after allocating the target configuration file for each target network isolation space according to the space name corresponding to the space indicator identifier, the method comprises:
determining a target resource type required by each target network isolation space;
according to the network segment to which the user IP address corresponding to the target network isolation space belongs, determining a space resource corresponding to the target resource type in a preset resource management file;
and setting the space resource corresponding to the target resource type into a target configuration file of each target network isolation space.
6. The method according to claim 4, wherein after allocating the target configuration file for each target network isolation space according to the space name corresponding to the space indicator identifier, the method comprises:
determining target space resources required by each target network isolation space according to user service requirements corresponding to each target network isolation space;
and setting the target space resources to the target configuration files of the target network isolation spaces from preset resource management files.
7. The method according to claim 1, wherein the batch processing of all the target network isolation spaces and the target configuration file corresponding to each target network isolation space based on the control instruction comprises:
and when the control instruction is a deletion instruction of all the target network isolation spaces, deleting the target configuration files corresponding to all the target network isolation spaces and each target network isolation space.
8. The method according to claim 1, wherein the batch processing of all the target network isolation spaces and the target configuration file corresponding to each target network isolation space based on the control instruction comprises:
when the control instruction is a reloading instruction of all the target network isolation spaces, acquiring loaded configuration files and configuration files to be loaded of all the target network isolation spaces;
and judging whether the content of the loaded configuration file and the content of the configuration file to be loaded are changed, if so, reloading the target network isolation space according to the configuration file to be loaded.
9. The method according to claim 4, wherein after allocating the target configuration file for each target network isolation space according to the space name corresponding to the space indicator, the method comprises:
when the user mode protocol stack is initialized, loading the configuration file corresponding to each network isolation space; or after the loading instruction output by the protocol stack control end is obtained, loading the configuration file of the network isolation space corresponding to the loading instruction.
10. An apparatus for batch processing network isolation spaces based on a user mode protocol stack, wherein a unique space name is set for each network isolation space, the apparatus comprising:
the instruction acquisition module is used for acquiring a control instruction which is sent by a protocol stack control end and carries a space indication identifier, and determining all target network isolation spaces corresponding to the space indication identifier and a target configuration file corresponding to each target network isolation space;
and the processing module is used for carrying out batch processing on all the target network isolation spaces and the target configuration files corresponding to each target network isolation space based on the control instruction.
11. The apparatus of claim 10, wherein the instruction fetch module is further configured to:
and acquiring a control instruction which is sent by the protocol stack control end and carries a plurality of target space names, and determining all target network isolation spaces corresponding to the plurality of target space names and a target configuration file corresponding to each target network isolation space.
12. The apparatus of claim 10, wherein the instruction fetch module is further configured to:
receiving a directory file creating instruction carrying a plurality of target space names, creating a target directory file, and adding configuration files corresponding to the plurality of target space names into the target directory file;
acquiring a control instruction which is sent by a protocol stack control end and carries a file identifier of a target directory file, and determining all target configuration files under the target directory file and all target network isolation spaces corresponding to all the target configuration files.
13. The apparatus of claim 10, wherein the processing module is configured to:
when the control instruction is an adding instruction of all the target network isolation spaces, creating a target network isolation space and a target configuration file;
and distributing the target configuration file for each target network isolation space according to the space name corresponding to the space indication identifier.
14. The apparatus of claim 13, wherein the processing module is further configured to:
determining a target resource type required by each target network isolation space;
according to the network segment to which the user IP address corresponding to the target network isolation space belongs, determining a space resource corresponding to the target resource type in a preset resource management file;
and setting the space resource corresponding to the target resource type into a target configuration file of each target network isolation space.
15. The apparatus of claim 13, wherein the processing module is further configured to:
determining target space resources required by each target network isolation space according to user service requirements corresponding to each target network isolation space;
and setting the target space resources to the target configuration files of the target network isolation spaces from preset resource management files.
16. The apparatus of claim 10, wherein the processing module is further configured to:
and when the control instruction is a deletion instruction of all the target network isolation spaces, deleting all the target network isolation spaces and the target configuration file corresponding to each target network isolation space.
17. The apparatus of claim 10, wherein the processing module is further configured to:
when the control instruction is a heavy load instruction of all the target network isolation spaces, acquiring loaded configuration files and configuration files to be loaded of all the target network isolation spaces;
and judging whether the content of the loaded configuration file and the content of the configuration file to be loaded are changed, if so, reloading the target network isolation space according to the configuration file to be loaded.
18. The apparatus of claim 13, further comprising a loading module to:
when the user mode protocol stack is initialized, loading the configuration file corresponding to each network isolation space; or after the loading instruction output by the protocol stack control end is obtained, loading the configuration file of the target network isolation space corresponding to the loading instruction.
19. A network device comprising a processor and a memory, wherein the memory stores at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by the processor to implement the method for batch processing of network isolation spaces based on a user mode protocol stack according to any one of claims 1 to 9.
20. A computer-readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by a processor to implement the method for batching network isolation spaces based on a user mode protocol stack according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910176731.4A CN111666110B (en) | 2019-03-08 | 2019-03-08 | Method and device for batch processing of network isolation space based on user mode protocol stack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910176731.4A CN111666110B (en) | 2019-03-08 | 2019-03-08 | Method and device for batch processing of network isolation space based on user mode protocol stack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111666110A CN111666110A (en) | 2020-09-15 |
| CN111666110B true CN111666110B (en) | 2022-11-18 |
Family
ID=72382188
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910176731.4A Active CN111666110B (en) | 2019-03-08 | 2019-03-08 | Method and device for batch processing of network isolation space based on user mode protocol stack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111666110B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618724A (en) * | 2013-12-03 | 2014-03-05 | 中标软件有限公司 | Method and system for communications between terminal and virtual machine |
| CN103797465A (en) * | 2011-09-14 | 2014-05-14 | 阿尔卡特朗讯 | Method and apparatus for providing isolated virtual space |
| CN106453247A (en) * | 2016-08-31 | 2017-02-22 | 东软集团股份有限公司 | User data isolation method, operation method and respective corresponding devices |
| CN107967159A (en) * | 2017-11-22 | 2018-04-27 | 腾讯科技(深圳)有限公司 | The method and server of a kind of profileapplied |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10530665B2 (en) * | 2016-10-14 | 2020-01-07 | Cisco Technology, Inc. | Device management for isolation networks |
-
2019
- 2019-03-08 CN CN201910176731.4A patent/CN111666110B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103797465A (en) * | 2011-09-14 | 2014-05-14 | 阿尔卡特朗讯 | Method and apparatus for providing isolated virtual space |
| CN103618724A (en) * | 2013-12-03 | 2014-03-05 | 中标软件有限公司 | Method and system for communications between terminal and virtual machine |
| CN106453247A (en) * | 2016-08-31 | 2017-02-22 | 东软集团股份有限公司 | User data isolation method, operation method and respective corresponding devices |
| CN107967159A (en) * | 2017-11-22 | 2018-04-27 | 腾讯科技(深圳)有限公司 | The method and server of a kind of profileapplied |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111666110A (en) | 2020-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11340803B2 (en) | Method for configuring resources, electronic device and computer program product | |
| CN113296792B (en) | Storage method, device, equipment, storage medium and system | |
| US20200356402A1 (en) | Method and apparatus for deploying virtualized network element device | |
| CN110445886B (en) | Method and system for realizing domain name access acceleration | |
| CN108279979B (en) | Method and device for binding CPU for application program container | |
| KR20140103950A (en) | Fast application streaming using on-demand staging | |
| US20190056942A1 (en) | Method and apparatus for hardware acceleration in heterogeneous distributed computing | |
| CN108073423A (en) | A kind of accelerator loading method, system and accelerator loading device | |
| US20220035626A1 (en) | Cloud-independent node upgrade | |
| CN110888658A (en) | Dynamic method and device for functional module in application program and storage medium | |
| CN111294293A (en) | Network isolation method and device based on user mode protocol stack | |
| CN108062239A (en) | A kind of accelerator loading method, system and accelerator loading device | |
| CN111294220B (en) | Nginx-based network isolation configuration method and device | |
| US11126457B2 (en) | Method for batch processing nginx network isolation spaces and nginx server | |
| CN111666110B (en) | Method and device for batch processing of network isolation space based on user mode protocol stack | |
| CN107045452B (en) | Virtual machine scheduling method and device | |
| CN111669423B (en) | Batch processing method and system of network isolation space based on user mode protocol stack | |
| CN111669355B (en) | Method for batch processing of nginx network isolation space and nginx server | |
| CN111669358B (en) | Method and device for processing vrouter network isolation spaces in batch | |
| CN112306372B (en) | Method, apparatus and program product for processing data | |
| CN111669310B (en) | Batch processing method for network isolation space in pptp vpn and pptp vpn server | |
| CN111669356B (en) | Method for processing network isolation space in batch in IPsec VPN server and IPsec VPN server | |
| CN111669357B (en) | Method for batch processing of haproxy network isolation space and haproxy proxy server | |
| CN112217852A (en) | Platform-as-a-service system and method based on workflow engine | |
| US11558301B2 (en) | Method, device, and computer program product for accessing application system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |