CN112422397A - Service forwarding method and communication device - Google Patents

Abstract

The application discloses a service forwarding method and a communication device, relates to the technical field of communication, and is used for realizing cloud network convergence. The method is applied to a VSGW, a first end of the VSGW is connected with a gateway device through a plurality of VXLAN tunnels, a second end of the VSGW is respectively in communication connection with a cloud server and a communication server, and the method comprises the following steps: the VSGW receives a service request sent by gateway equipment from a target VXLAN tunnel, wherein the target VXLAN tunnel is one of a plurality of VXLAN tunnels; the VSGW determines a target server corresponding to the service request according to the service request, wherein the target server is a cloud server or a communication server; the VSGW sends the service request to the target server. The embodiment of the application is applied to a service transmission process.

Description

Service forwarding method and communication device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a service forwarding method and a communications apparatus.

Background

With the development of cloud technology, cloud network convergence technology is gradually applied to communication networks. The cloud network convergence technology may also be referred to as network clouding. Here, "cloud" refers to cloud computing, and "network" refers to a communication network. Cloud computing may include computing power, storage power, and related software and hardware. The communication network may include an access network, a bearer network, a core network, and the like.

The cloud network convergence technology can converge a cloud computing technology and a communication technology. The cloud computing service and the communication service can be simultaneously provided for the user through the cloud network convergence technology. Therefore, cloud network convergence becomes a research direction for the industry.

Disclosure of Invention

The application provides a service forwarding method and a communication device, which are used for realizing cloud network convergence.

In order to achieve the purpose, the following technical scheme is adopted in the application:

in a first aspect, a service forwarding method is provided, which is applied to a gateway device, where the gateway device is a customer Premise equipment (cpe) (client Premise equipment), such as a home gateway and a government and enterprise gateway, and is located at a subscriber (subscriber) side. The gateway device establishes a plurality of VXLAN tunnels with a virtual service gateway VSGW located at the network side. The VSGW establishes a VXLAN tunnel with the gateway equipment and is in communication connection with a communication server and a cloud server respectively, and preferably establishes a second VXLAN tunnel with the VXLAN gateway on the cloud server side; the VSGW virtualizes nfv (network Functions virtualization) and software Defined network sdn (software Defined network) technologies based on network Functions. The method comprises the following steps: the gateway equipment receives a service request from the terminal equipment; the gateway equipment selects a target VXLAN tunnel corresponding to the service request from the VXLAN tunnels according to the service request; the gateway device sends the service request to the VSGW through the target VXLAN tunnel, so that the VSGW forwards the service to the cloud server or the communication server. Thus, through the plurality of VXLAN tunnels between the gateway device and the VSGW and the second VXLAN tunnel established by the VSGW and the VXLAN gateway on the cloud server side, the service request of the terminal device can be respectively forwarded to the communication server (such as the internet) or different cloud servers (which may be the cloud infrastructure/cloud service of the basic telecommunication operator or the cloud infrastructure/cloud service of the third party), so that cloud network convergence is achieved, and a user can flexibly select the cloud infrastructure/cloud service of the basic telecommunication operator or the cloud infrastructure/cloud service of the third party (such as an internet company) according to needs.

In one possible implementation, the gateway device has a plurality of WAN interfaces, which are physical interfaces or virtual interfaces, and one WAN interface configures an Internet Protocol (IP) address capable of accessing a wide area network. Each VXLAN of the gateway equipment is respectively configured with an IP address of a VXLAN interface, the opposite end (pointed) IP address of the VXLAN is configured as the IP address of a VSGW equipment port (including a physical interface and a subinterface of the physical interface) at the gateway equipment, and the default routing address is the VXLAN interface IP of the VXLAN at the VSGW. Each VXLAN has a different VXLAN identification (VXLAN Network Identifier, VNI).

Based on the possible implementation, the outer source IP address of the VXLAN is the IP address of the WAN interface of the gateway device, the outer destination IP address of the VXLAN is the IP address of the port/physical interface/sub-interface (connected to the WAN interface of the gateway device) of the VSGW, and the inner source IP address of the VXLAN (i.e., the source IP address of the "original message") is the IP address of the VXLAN interface of the gateway device. In one possible implementation, each VXLAN between the gateway device and the VSGW corresponds to a WAN interface, typically a virtual interface, also referred to as a WAN connection, of the gateway device. In another possible implementation, VXLANs between the gateway device and the VSGW use one WAN interface of the gateway device, also referred to as a WAN connection. The different VXLAN tunnels of the gateway device are distinguished by VNI or the like.

In a possible implementation manner, the gateway device may select a target VXLAN tunnel corresponding to the service request from the plurality of VXLAN tunnels according to a destination IP address carried in the service request or a port number of a user-side port (also referred to as a local area network-side port, corresponding to a WAN port) through which the gateway device receives the service request. The gateway device can identify different priorities for the target VXLAN corresponding to the service request according to the destination IP address carried by the service request or the service type of the service request.

Based on this possible implementation, service isolation can be achieved through VXLAN tunnels/tunnels.

In a possible implementation manner, the gateway device has a corresponding ID, where the ID includes a first byte and a second byte, the first byte is used to indicate a subscriber of the gateway device, and the second byte is used to indicate a serial number of the gateway device(s) under one subscription user name, so that management of multiple gateway devices of one government-enterprise user (subscriber) is facilitated, and interconnection is realized between organizations of one government-enterprise user located at different addresses through VXLAN tunnels established through the gateway device.

Based on the possible implementation manner, for the gateway devices of different subscribers, through a plurality of bytes of the ID of the gateway device, the gateway device can be conveniently and accurately identified by other devices. One gateway device corresponds to a unique ID, and one ID corresponds to a configuration file. And establishing configuration information of the gateway according to a configuration file, in particular configuration and service information of a plurality of VXLAN tunnels, wherein the configuration file comprises one or more of VXLAN configuration information, internet service information, cloud service information, network security information and VPN information.

In one possible implementation, the configuration file is from a terminal management system of the gateway device. The gateway device pre-configures information such as an IP address, a Virtual Local Area Network (VLAN), a WAN interface and the like of the terminal management system, and after the terminal management system establishes a physical layer to IP layer connection, the gateway device requests a configuration file uniquely corresponding to the ID of the terminal management system from the terminal management system.

In one possible implementation manner, the service request is used to request a first type of service, and if the first type of service is an internet access service, the target server is a communication server; and if the first type of service is the cloud service, the target server is the cloud server.

Based on the possible implementation mode, aiming at different types of services, such as internet access service and cloud service, the services can be processed through the corresponding server, and the method is flexible and simple.

In a second aspect, a communication apparatus is provided, which is applied to a gateway device or a chip or a system on chip in the gateway device, and may also be a functional module in the gateway device for implementing the method according to any possible design of the first aspect or the first aspect. The communication means may implement the functions performed by the gateway device in the aspects or possible designs described above, which may be implemented by hardware executing the corresponding software. The hardware or software comprises one or more modules corresponding to the functions. Such as: the communication device includes a processing unit and a communication unit.

The communication unit is used for receiving a service request from the terminal equipment;

the processing unit is used for selecting a target VXLAN tunnel corresponding to the service request from the plurality of VXLAN tunnels according to the service request;

the communication unit is further configured to send the service request to the VSGW through the target VXLAN tunnel, so that the VSGW forwards the service to the cloud server or the communication server.

The specific implementation manner of the communication apparatus may refer to the first aspect or a behavior function of the gateway device in the service forwarding method provided by any possible design of the first aspect, and will not be described repeatedly herein. Thus, the communication device provided may achieve the same advantageous effects as the first aspect or any of the possible designs of the first aspect.

In a third aspect, a communication apparatus is provided, which may be a gateway device or a chip or a system on chip in the gateway device. The communication apparatus may implement the functions performed by the gateway device in the above aspects or possible designs, and the functions may be implemented by hardware, such as: in one possible design, the communication device may include: a processor and a communications interface, the processor being operable to support a communications device to implement the functionality referred to in the first aspect above or in any one of the possible designs of the first aspect, for example: the processor is configured to receive a service request from a terminal device via the communication interface.

In yet another possible design, the communication device may further include a memory for storing computer-executable instructions and data necessary for the communication device. When the communication device is running, the processor executes the computer executable instructions stored in the memory to cause the communication device to perform the service forwarding method according to the first aspect or any one of the possible designs of the first aspect.

In a fourth aspect, a computer-readable storage medium is provided, which may be a readable non-volatile storage medium, and the computer-readable storage medium stores computer instructions or a program, which when executed on a computer, make the computer perform the service forwarding method according to the first aspect or any one of the above aspects.

In a fifth aspect, there is provided a computer program product comprising instructions which, when run on a computer, enable the computer to perform the traffic forwarding method of the first aspect or any one of the possible designs of the above aspect.

In a sixth aspect, a communication apparatus is provided, which may be a gateway device or a chip or system on a chip in a gateway device, and includes one or more processors and one or more memories. The one or more memories are coupled to the one or more processors and the one or more memories are configured to store computer program code comprising computer instructions that, when executed by the one or more processors, cause the gateway device to perform the traffic forwarding method as set forth in the first aspect above or any possible design of the first aspect.

In a seventh aspect, a chip system is provided, where the chip system includes a processor and a communication interface, and the chip system may be configured to implement the function performed by the gateway device in the first aspect or any possible design of the first aspect, for example, where the processor is configured to receive a service request from a terminal device through the communication interface. In one possible design, the system-on-chip further includes a memory to hold program instructions and/or data. The chip system may be formed by a chip, and may also include a chip and other discrete devices, without limitation.

For technical effects brought by any design manner of the second aspect to the seventh aspect, reference may be made to the technical effects brought by the first aspect or any possible design of the first aspect, and details are not repeated.

In an eighth aspect, a service forwarding method is provided, where the service forwarding method is applied to a virtual service gateway VSGW, and the VSGW is based on NFV and SDN technologies, a first end of the VSGW is connected to a gateway device through multiple VXLAN tunnels, and a second end of the VSGW is in communication connection with a cloud server and a communication server, respectively, and the connection between the second end of the VSGW and the cloud server is preferred: the VSGW establishes a VXLAN tunnel with a VXLAN gateway on the cloud server side, and the VXLAN gateway is connected with a cloud server (e.g., cloud infrastructure/cloud services, etc.). The method comprises the following steps: the VSGW receives a service request sent by gateway equipment from a target VXLAN tunnel, wherein the target VXLAN tunnel is one of a plurality of VXLAN tunnels; the VSGW determines a target server corresponding to the service request according to the service request, wherein the target server is a cloud server or a communication server; the VSGW sends the service request to the target server. In this way, the VGSW may receive the service request of the gateway device through the VXLAN tunnel corresponding to the service request, and the VGSW may determine whether the server corresponding to the service request is a cloud server or a communication server according to the service request and the VXLAN tunnel transmitting the service request, and further, the VSGW may send the service request to the server corresponding to the service request, thereby implementing cloud network convergence.

In one possible implementation manner, the VSGW receives authentication information from the gateway device, where the authentication information includes one or more of internet access authentication information, access cloud authentication information, network security authentication information, and VPN authentication information of the gateway device; and the VSGW authenticates the gateway equipment according to the authentication information.

Based on the possible implementation manner, the VSGW may authenticate the gateway device through the authentication information of the gateway device, so as to avoid data transmission between the illegal gateway device and the VGSW.

In one possible implementation, if the gateway device is successfully authenticated, the VSGW manages an IP session established between the VSGW and the gateway device.

Based on the possible implementation mode, the VSGW receives the bandwidth information of the subscriber of the gateway equipment, determines the data transmission bandwidth between the gateway equipment and the target server according to the bandwidth information, and dynamically adjusts the bandwidth according to the bandwidth information of the subscriber sent by the network management personnel of the operator or the staff of the subscriber. The signed user sends and modifies 'bandwidth information of the signed user' to the VGSW through the VXLAN tunnel of the gateway equipment and the VGSW, and the data transmission rate between the gateway equipment and the target server is dynamically adjusted, so that the method is convenient and flexible.

Based on the implementation mode, under the condition that the gateway device is successfully authenticated, the VGSW can perform data transmission with the gateway device through an IP session, so that the security of data transmission is ensured.

In a possible implementation manner, if the service information satisfies a preset alarm condition, the VGSW outputs the alarm information, where the preset alarm condition includes one or more of failure of authentication of the gateway device, illegal service information, blacklist of the gateway device to which the gateway device belongs, and non-compliance of the service information with an Access Control List (ACL).

Based on the realization mode, the safety of service transmission and equipment is ensured through the safety alarm information with multiple dimensions.

A ninth aspect provides a communication device, which is applied to a VSGW or a chip or a system on chip in the VSGW, and may also be a functional module in the VSGW for implementing the method according to any possible design of the eighth aspect or the eighth aspect. The communication device may implement the functions performed by the VSGW in each of the above aspects or possible designs, which may be implemented by hardware executing the corresponding software. The hardware or software comprises one or more modules corresponding to the functions. Such as: the communication device includes a communication unit and a processing unit.

The communication unit is used for receiving a service request from the gateway equipment.

The processing unit is used for determining a cloud server or a communication server corresponding to the service request according to the service request.

The communication unit is further configured to send the service request to a cloud server or a communication server.

The specific implementation manner of the communication apparatus may refer to the behavior function of the gateway device in the service forwarding method provided by any possible design of the eighth aspect or the eighth aspect, and details are not repeated here. Therefore, the communication device provided can achieve the same advantageous effects as the eighth aspect or any of the possible designs of the eighth aspect.

In a tenth aspect, a communication device is provided, which may be a VSGW or a chip in a VSGW or a system on a chip. The communication device may implement the functions performed by the VSGW in each of the above aspects or possible designs, and the functions may be implemented by hardware, such as: in one possible design, the communication device may include: a processor and a communication interface. The communication interface is coupled to a processor for executing a computer program or instructions to implement the traffic forwarding method as described in the eighth aspect and any possible implementation manner of the eighth aspect.

In an eleventh aspect, a computer-readable storage medium is provided, which may be a readable non-volatile storage medium, and stores a computer instruction or a program, which when executed on a computer, enables the computer to execute the service forwarding method according to the eighth aspect or any one of the possible designs of the eighth aspect.

In a twelfth aspect, there is provided a computer program product containing instructions that, when run on a computer, enable the computer to perform the service forwarding method according to the above eighth aspect or any one of the possible designs of the above eighth aspect.

In a thirteenth aspect, a communication apparatus is provided, which may be a network device or a chip or a system on a chip in a network device, and includes one or more processors and one or more memories. The one or more memories are coupled to the one or more processors and the one or more memories are configured to store computer program code comprising computer instructions that, when executed by the one or more processors, cause the network device to perform the traffic forwarding method as set forth in any of the possible designs of the above eighth aspect or eighth aspect.

In a fourteenth aspect, there is provided a chip comprising: a processor and a communication interface, the processor being coupled with a memory through the communication interface, the processor, when executing the computer program or instructions in the memory, causing the traffic forwarding method as described in any one of the possible implementations of the eighth aspect and the eighth aspect to be performed.

For technical effects brought by any design manner in the ninth aspect to the fourteenth aspect, reference may be made to the technical effects brought by any possible design manner in the eighth aspect or the eighth aspect, and details are not repeated.

Drawings

Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;

fig. 2 is a schematic structural diagram of another communication system according to an embodiment of the present application;

fig. 3 is a schematic structural diagram of a communication device 300 according to an embodiment of the present disclosure;

fig. 4 is a schematic flowchart of a service forwarding method according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a communication device 50 according to an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of a communication device 60 according to an embodiment of the present disclosure.

Detailed Description

Before describing the embodiments of the present application, the terms referred to in the embodiments of the present application are explained:

a virtual extensible local area network (VXLAN) is a tunneling technique, which can establish a two-layer Ethernet (Ethernet) network tunnel based on a three-layer network, thereby implementing two-layer interconnection across regions. Two routers with VXLAN also logically construct a channel VXLAN Tunnel in a virtual link, such routers are referred to as "VXLAN Tunnel End Point" (VTEP). In a network containing VXLAN, the VXLAN implementation mechanism is visible only to VTEP nodes. VXLAN takes the form of an encapsulation that encapsulates the original ethernet packet in a UDP (User Datagram Protocol) packet. The message encapsulating the VXLAN protocol includes: VXLAN encapsulation and original message. Wherein the VXLAN encapsulation comprises: outer Ethernet header encapsulation (Outer Ethernet header), Outer IP header encapsulation (Outer IP header), Outer UDP header encapsulation (Outer UDP header), and VXLAN header encapsulation (VXLAN header). The outer IP head encapsulation includes: an outer layer source IP address (i.e., the IP address of the VTEP from which the VXLAN tunnel originated), an outer layer destination IP address (i.e., the IP address of the VTEP from which the VXLAN tunnel originated), etc. The VXLAN header encapsulation includes: VNI: (VXLAN network identification), VXLAN Flags (flag bit), etc. The original message is an encapsulated ethernet frame (a message containing a MAC header, an IP header, and a transport layer header). Specifically, reference may be made to the description in RFC7348, which is not repeated.

In general, after receiving a request service of a terminal device, a gateway device at a user side may allocate different virtual local area network identities (VLAN IDs) to the request service according to a destination IP or a service type of the request service, so as to implement logical isolation and forwarding of service traffic to different servers and network devices. However, it is difficult for the gateway to distinguish and logically isolate traffic accessing the internet (e.g., accessing the web, etc.), traffic accessing cloud-based resources/cloud services, both based on one VLAN (i.e., VLAN ID is the same). For information security, the government-enterprise user usually establishes a network tunnel between the gateway of the government-enterprise user and the cloud server of the cloud service provider (or a router connected with the server), and if the government-enterprise user changes the cloud service provider, the business change is complicated because the government-enterprise user needs to change the configuration of the network tunnel between the gateway of the government-enterprise user and the cloud server of the cloud service provider (or the router connected with the server) end to end.

In view of this, an embodiment of the present application provides a service forwarding method, where the method includes: after the gateway device receives the service request from the terminal device, the gateway device selects a target VXLAN tunnel corresponding to the service request from a plurality of VXLAN tunnels between the gateway device and the VSGW according to the service request, and sends the service request to the VGSW through the target VXLAN tunnel. The VSGW establishes a second VXLAN tunnel with a VXLAN gateway (the VXLAN gateway may be a router supporting VXLAN) on the cloud server side, and the VSGW may forward the received service request to the communication server or the cloud server, respectively; wherein: the communication server may be a network device of the internet, such as a web server, a mail server, and the like, and the cloud server may be a cloud infrastructure/cloud service of an infrastructure telecommunication operator, and may also be a cloud infrastructure/cloud service of a third party, which is convenient for a user to flexibly select the cloud infrastructure/cloud service of the infrastructure telecommunication operator or the cloud infrastructure/cloud service of the third party (such as an internet company) according to a requirement. The VSGW and the communication server are not directly connected by an optical fiber, but are connected through a router or even through an optical transport network. The VSGW and the VXLAN gateway on the cloud server side are not usually connected directly by an optical fiber, but are connected via a router or even via an optical transport network.

Based on the technical scheme provided by the embodiment of the application, a plurality of VXLAN tunnels between the gateway device and the VGSW are passed, and each VXLAN tunnel in the plurality of VXLAN tunnels corresponds to a service request. In this way, the gateway device may send the service request of the terminal device to the VGSW, so that the VGSW performs distribution and processing, and logical isolation of the service and flexible selection of the cloud infrastructure/cloud service are achieved.

In the embodiment of the application, the VGSW is located at a network side, such as a metropolitan area network and a core network; the gateway device is located on the user side, such as in a government-enterprise network. The gateway device connects the operator's telecommunications network with the network of the government enterprise customer. The telecommunications network to which the gateway device is connected to the operator may be a fibre optic communications network or a mobile communications network.

Embodiments of the present application will be described in detail below with reference to the accompanying drawings.

The service forwarding method provided by The embodiment of The present application may be used in any communication system supporting communication, and The communication system may be an optical Fiber communication system, such as a Fiber To The x (FTTx); the mobile communication system defined by the 3rd generation partnership project (3 GPP), such as a Long Term Evolution (LTE) communication system, a 5G mobile communication system, and other next generation communication systems, is not limited. The service forwarding method provided in the embodiment of the present application is described below with reference to fig. 1 as an example.

It should be noted that the communication system described in the embodiment of the present application is for more clearly illustrating the technical solution of the embodiment of the present application, and does not constitute a limitation to the technical solution provided in the embodiment of the present application, and as a person having ordinary skill in the art knows along with the evolution of the communication system and the appearance of other communication systems, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

Fig. 1 is a schematic diagram illustrating a communication system according to an embodiment of the present application. As shown in fig. 1, the communication system may include a gateway device and a terminal device communicatively connected to the gateway device, a VSGW and a server connected to the VSGW. A plurality of VXLAN tunnels (e.g., VXLAN tunnel 1 and VXLAN tunnel 2 in fig. 1) are provided between the gateway device and the VSGW. Each of the plurality of VXLAN tunnels is used to transmit a different type of service request. For example, VXLAN tunnel 1 is used to transport the first service request and VXLAN tunnel 2 is used to transport the second service request. The first service request is different from the second service request. For example, the first service request is a communication service request, and the second service request is a cloud service request. Of course, in this embodiment of the application, the service request may also include other types of services, for example, an IPTV service and a terminal device management service interacting with the terminal management system in fig. 2.

In one possible implementation, the gateway device may have a plurality of Wide Area Network (WAN) interfaces, where the WAN interfaces are physical interfaces or virtual interfaces, one WAN interface configures an IP address capable of accessing the Wide Area Network, and each VXLAN of the gateway device configures an IP address of a VXLAN interface.

Illustratively, the VXLAN-related configuration of the gateway device is as follows: the IP address (typically the "public network IP address") of the WAN interface of the gateway device (the WAN connection containing the WAN interface of the gateway device) serves as the IP address of the source VTEP of VXLAN tunnel 1, e.g., 100.10.10.10. The IP address of the VXLAN interface of the gateway device in VXLAN tunnel 1 is 192.168.10.1. The IP address of the destination VTEP of VXLAN tunnel 1 is the IP address of the VSGW device port (including the physical interface, the subinterface of the physical interface), e.g., 100.10.10.1. The default routing address for VXLAN tunnel 1 is the VXLAN interface IP address of VXLAN tunnel 1 at the VSGW, e.g., 192.168.10.2. VXLAN identification (VXLAN Network Identifier, VNI) is the ID of VXLAN tunnel 1, e.g., 100. Each VXLAN tunnel has a different VNI.

Based on this possible implementation, the outer source IP address of the VXLAN is the IP address of the WAN interface of the gateway device, the outer destination IP address of the VXLAN is the IP address (typically "public network IP address") of the port/physical interface/sub-interface (connected to the WAN interface of the gateway device) of the VSGW, and the inner source IP address of the VXLAN (i.e., the source IP address of the "original message") is the IP address of the VXLAN interface of the gateway device.

In one possible implementation, each VXLAN between the gateway device and the VSGW corresponds to a WAN interface, typically a virtual interface, also referred to as a WAN connection, of the gateway device. For example, the gateway device has a WAN interface 1 and a WAN interface 2, the WAN interface 1 is connected to the VXLAN tunnel 1, and the WAN interface 2 is connected to the VXLAN tunnel 2.

In another possible implementation, VXLANs between the gateway device and the VSGW use one WAN interface of the gateway device, also referred to as a WAN connection. Different VXLANs of the gateway device are distinguished by VNI or the like.

In a possible implementation manner, the gateway device may select a target VXLAN tunnel corresponding to the service request from the plurality of VXLAN tunnels according to a destination IP address carried by the service request. The gateway device can identify different priorities for the target VXLAN corresponding to the service request according to the destination IP address carried by the service request or the service type of the service request.

The gateway device in fig. 1, that is, the CPE, may be a government enterprise gateway device or a home gateway device. The gateway device may be a government enterprise gateway/home gateway, located on the user side. The main functions of the gateway device may be to connect the communication network between the government-enterprise network/home network and the operator, and to complete the conversion of network protocols, the routing forwarding of messages, the allocation of IP addresses inside the government-enterprise network/home network, the security of the basic network, etc.

In this embodiment, the gateway device may have a corresponding Identity Document (ID). The ID of the gateway device is used to uniquely identify a gateway device.

In one possible implementation, the ID of the gateway device may include a plurality of bytes, and each byte of the plurality of bytes may identify different device information. For example, the ID of the gateway device includes a first byte and a second byte. The first byte is used for indicating a signed user of the gateway device, the second byte is used for indicating the serial number of the gateway device(s) under one signed user name, so that the management of a plurality of gateway devices of one government-enterprise user (signed user) is facilitated, and VPN interconnection is realized between mechanisms of one government-enterprise user located at different addresses through VXLAN tunnels or VXLAN over IPSec tunnels established by the gateway device.

Based on the possible implementation manner, for the gateway devices of different subscribers, through a plurality of bytes of the ID of the gateway device, the gateway device can be conveniently and accurately identified by other devices. One gateway device corresponds to a unique ID, and one ID corresponds to a configuration file.

It should be noted that, in this embodiment of the present application, the ID of the gateway device corresponds to a subscriber. The ID of the gateway device is independent of the MAC address, IP address, serial number of the gateway device. The subscriber of the gateway device may refer to a government enterprise/family user who has a contract with a communication carrier, or may refer to a government enterprise/family user who has a contract with a cloud service carrier. If the gateway device is replaced, the ID of the replaced gateway device is consistent with the ID of the gateway device before updating.

Where the VSGW of figure 1 is located at a core node of the metro network. May be a VNF architecture server virtualized for a network. The method can realize the functions of user-side VXLAN protocol encapsulation, decapsulation and routing, provide the capabilities of internet service, cloud service, Virtual Private Network (VPN) service and the like for the terminal equipment, and support broadband rate adjustment and cloud access rate adjustment. The VSGW may be used to forward traffic requests from the gateway device to a cloud server or communications server. Under the condition that the VSGW is a gateway of the headquarter of the government and enterprise, the VSGW can also verify VPN account numbers and authentication information of gateway equipment of branch departments of the headquarter of the government and enterprise. After the gateway device of the branch department passes the verification, the VSGW may establish a VXLAN tunnel between the gateway device of the head office of the government and the gateway device of the branch department, and establish mapping of network VXLAN information between the gateway device of the head office of the government and the gateway device of the branch department, and forwarding of service information. As a possible implementation manner, the VSGW may be fused with a multi-service edge router (MSE) based on the NFV, so as to implement functions of allocating, to the gateway device, an address of a WAN interface by a Point-to-Point Protocol Over Ethernet (PPPOE) on the Ethernet, and the like.

The terminal device in fig. 1 may be a UE, a Mobile Station (MS), a Mobile Terminal (MT), or the like. Specifically, the Terminal device may be a mobile phone (mobile phone), a Personal Computer (PC), a Terminal Controller (TC), a tablet PC or a computer with a wireless transceiving function, or may be a Virtual Reality (VR) device, an Augmented Reality (AR) device, a wireless Terminal in industrial control, a wireless Terminal in unmanned driving, a wireless Terminal in telemedicine, a wireless Terminal in a smart grid, a wireless Terminal in a smart city (smart city), a smart home, a vehicle-mounted Terminal, or the like.

The communication server in fig. 1 may be a server of a communication carrier or other device (such as a web server) providing services. The cloud server may be a public cloud server or a private cloud server.

It should be noted that fig. 1 is only an exemplary framework diagram, the number of terminal devices and the number of gateway devices included in fig. 1 are not limited, names of the respective devices are not limited, and in addition to the functional nodes shown in fig. 1, other nodes may also be included, as shown in fig. 2, and the following steps may also be included: a customer management system (CRM), a service provisioning system, a terminal management system, a service orchestrator, an access gateway, a controller, a cloud server management system, an Optical Line Terminal (OLT), a multi-service edge router (MSE), a Core Router (CR), a VXLAN gateway, and the like, without limitation. The connection mode of the above devices can be as shown in fig. 2, and is not described in detail. The functions of the above devices can refer to the prior art, and are not described in detail.

The terminal management system in fig. 2 may be used to manage a gateway device. Such as registration, configuration, etc. of the gateway device. The gateway device may be communicatively coupled to the terminal management system via a WAN interface/WAN connection. The IP address of the WAN interface/WAN connection, the IP address of the terminal management system may be pre-configured at the gateway device. The gateway device and the terminal management system can interact through a TR069 protocol family. The TR069 protocol family is based on the Transmission Control Protocol (TCP) layer. Specifically, the interaction may be performed by a hypertext transfer protocol (HTTP) 1.1 protocol (the terminal management system may be referred to as an HTTP server, and the gateway device may be referred to as an HTTP client). For example, the gateway device may transmit the registration request to the terminal management system using a Simple Object Access Protocol (SOAP) message. The registration request may include an ID of the gateway device, and after the registration is successful, the gateway device acquires a configuration file from the terminal management system, where the ID of the gateway device uniquely corresponds to the ID configuration file of the gateway device.

It should be noted that the SOAP message is an extensible markup language (XML) document including a SOAP Head (SOAP header) and a SOAP Body (SOAP Body).

Specifically, the terminal management system may manage the gateway device by remote invocation. The terminal management system may send the name of the function to be called and the parameters to the gateway device, for example, in the form of a SOAP message.

It should be noted that the terminal management system does not directly call the interface of the gateway device itself. The function used by the terminal management system is the standard function of TR069 (called TR-069RPC Methods). The gateway device needs to analyze a method of a remote procedure call protocol (RPC) through a middle layer (TR069 Agent) of the gateway device, and then the middle layer calls an interface of the gateway device.

The business orchestrator in fig. 2 may receive information from the service provisioning system, and complete conversion from the acceptance information of the business hall to the business logic. For example, an account and authentication information of broadband internet access may be generated, a service provisioning system that may connect (public) cloud services, such as account information and VPN information, may be acquired, and an existing system of a communication carrier may be utilized, and a cloud network convergence service provisioning function may be added on the basis.

The controller may be used for management and maintenance of the VSGW. For example, the controller may issue a configuration file to the VSGW, such as a VXLAN tunnel for configuring the VSGW side. The controller can issue the service types subscribed by the government-enterprise gateway/home gateway and corresponding account numbers and authentication information to the VSGW.

The service orchestrator, controller, may be based on Virtual Network Function (VNF) and Software Defined Network (SDN) technologies.

The embodiment of the present application does not limit the application scenarios of the gateway device and the VSGW. The system architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person of ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

In particular, the apparatus of fig. 1 and 2 may adopt the structure shown in fig. 3, or include the components shown in fig. 3. Fig. 3 is a schematic composition diagram of a communication apparatus 300 according to an embodiment of the present disclosure, where the communication apparatus 300 may be a gateway device or a chip or a system on a chip in the gateway device. Alternatively, the communication device 300 may be a VSGW or a chip in a VSGW or a system on a chip. As shown in fig. 3, the communication device 300 includes a processor 301, a communication interface 302, and a communication line 303.

Further, the communication device 300 may further include a memory 304. The processor 301, the memory 304 and the communication interface 302 may be connected by a communication line 303.

The processor 301 is a Central Processing Unit (CPU), a general purpose processor Network (NP), a Digital Signal Processor (DSP), a microprocessor, a microcontroller, a Programmable Logic Device (PLD), or any combination thereof. The processor 301 may also be other devices with processing functions, such as, without limitation, a circuit, a device, or a software module.

A communication interface 302 for communicating with other devices or other communication networks. The other communication network may be an ethernet, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), or the like. Communication interface 303 may be a module, circuitry, communication interface, or any device capable of enabling communication.

A communication line 303 for transmitting information between the respective components included in the communication apparatus 300.

A memory 304 for storing instructions. Wherein the instructions may be a computer program.

The memory 304 may be a read-only memory (ROM) or other types of static storage devices that can store static information and/or instructions, a Random Access Memory (RAM) or other types of dynamic storage devices that can store information and/or instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), a magnetic disc storage medium or other magnetic storage devices, and the like, without limitation.

It is noted that the memory 304 may exist separately from the processor 301 or may be integrated with the processor 301. The memory 304 may be used for storing instructions or program code or some data or the like. The memory 304 may be located inside the communication device 300 or outside the communication device 300, which is not limited. The processor 301 is configured to execute the instructions stored in the memory 304 to implement the measurement method provided by the following embodiments of the present application.

In one example, the processor 301 may include one or more CPUs, such as CPU0 and CPU1 in fig. 3.

As an alternative implementation, the communication device 300 may comprise a plurality of processors, for example, the processor 307 may be included in addition to the processor 301 in fig. 3.

As an alternative implementation, the communication apparatus 300 further includes an output device 305 and an input device 306. Illustratively, the input device 306 is a keyboard, mouse, microphone, or joystick-like device, and the output device 305 is a display screen, speaker (spaker), or like device.

It is noted that the communication apparatus 300 may be a desktop computer, a portable computer, a network server, a mobile phone, a tablet computer, a wireless terminal, an embedded device, a chip system or a device with a similar structure as that in fig. 3. Further, the constituent structure shown in fig. 3 does not constitute a limitation of the terminal device, and the terminal device may include more or less components than those shown in fig. 3, or combine some components, or a different arrangement of components, in addition to the components shown in fig. 3.

In the embodiment of the present application, the chip system may be composed of a chip, and may also include a chip and other discrete devices.

In addition, acts, terms, and the like referred to between the embodiments of the present application may be mutually referenced and are not limited. In the embodiment of the present application, the name of the message exchanged between the devices or the name of the parameter in the message, etc. are only an example, and other names may also be used in the specific implementation, which is not limited.

In the embodiments of the present application, terms such as "first" and "second" are used to distinguish the same or similar items having substantially the same function and action. For example, the first terminal and the second terminal are only used for distinguishing different terminals, and the sequence order thereof is not limited. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.

It is noted that, in the present application, words such as "exemplary" or "for example" are used to mean exemplary, illustrative, or descriptive. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.

The following describes a positioning method provided in an embodiment of the present application with reference to the communication system shown in fig. 1. In the following description, the terms and the like used in the embodiments of the present application are not limited to the specific embodiments described above. In the embodiment of the present application, the name of the message exchanged between the devices or the name of the parameter in the message, etc. are only an example, and other names may also be used in the specific implementation, which is not limited. The actions related to the embodiments of the present application are only an example, and other names may also be used in the specific implementation, for example: the term "comprising" in the embodiments of the present application may also be replaced by "carrying" or the like.

Fig. 4 provides a service forwarding method for the embodiment of the present application, where the method may include:

step 401, the gateway device receives a service request from the terminal device.

The gateway device may be the gateway device in fig. 1 or fig. 2. The terminal device may be the terminal device in fig. 1 or fig. 2.

The service request of the terminal equipment is used for requesting the first type of service. The first type of service may be an internet service or a cloud service. The service request may include address information (e.g., a Uniform Resource Locator (URL)) of a server providing data of the service, and may also include a destination IP address of the service request. If the first type of service is an internet access service, the first type of service also can comprise an account number and authentication information of broadband internet access; if the first type of service is a cloud service, the first type of service may further include an account number and authentication information of the cloud server.

Step 402, the gateway device selects a target VXLAN tunnel corresponding to the service request from the plurality of VXLAN tunnels according to the service request.

Wherein each of the plurality of VXLAN tunnels is used to transmit a type of service request. For example, VXLAN tunnel 1 in fig. 1 may be used to transmit a service request corresponding to an internet service, and VXLAN tunnel 2 may be used to transmit a service request corresponding to a cloud service. Or, the VXLAN tunnel 2 may be used to transmit a service request corresponding to an internet service, and the VXLAN tunnel 1 may be used to transmit a service request corresponding to a cloud service. Without limitation.

In an example, the VXLAN tunnels may be established according to a configuration file, and the configuration file may be issued to the gateway device by the terminal management system, or may be preconfigured by the gateway device, which is not limited.

For example, the configuration file includes: one or more of VXLAN configuration information, internet service information, cloud service information, network security information, and VPN information. The internet access service information may include a broadband internet access account and authentication information (e.g., a password corresponding to the internet access account). The cloud service information may include a name of an access cloud (including a private cloud and a public cloud), an account of a subscriber, and authentication information (such as a password corresponding to the account of the access cloud). The cloud service information may include public cloud services or private cloud services. For example, the public cloud traffic may include public resource cloud service traffic and the private cloud traffic may include payment cloud service traffic. The VPN information may include an IP address, VXLAN configuration information, a VPN account number, and authentication information (e.g., a password corresponding to the VPN account number). The network security information includes an account number and authentication information (such as a network security password) for the network security service.

It should be noted that, in the embodiment of the present application, IP addresses carried by different types of service requests are different.

In a possible implementation manner, the gateway device may select a target VXLAN tunnel from the plurality of VXLAN tunnels according to an IP address carried in the service request of the terminal device.

Step 403, the gateway device sends a service request to the VSGW through the target VXLAN tunnel. Accordingly, the VSGW receives a service request from the gateway device.

After the gateway device receives the multiple service requests of the terminal device, the multiple service requests can be classified according to the IP addresses carried by the service requests. And after determining VXLAN tunnels corresponding to a plurality of service requests, sending the service requests to the VSGW through the VXLAN tunnels corresponding to each type. The VGSW, upon receiving the service request, may determine the type of the service request according to the VXLAN tunnel transmitting the service request.

Step 404, the VSGW determines a target server corresponding to the service request according to the service request.

The target server may be the communication server or the cloud server in fig. 1 or fig. 2.

In a possible implementation manner, the VSGW may determine the type of the service request according to the VXLAN tunnel transmitting the service request, and further determine the target server according to the type of the service request.

For example, if the VXLAN tunnel is used to transmit a service request of an internet service, the target server may be a communication server; if the VXLAN tunnel is used for transmitting a service request of a cloud service, the target server may be a cloud server.

Step 405, the VSGW sends a service request to the target server. Accordingly, the target server receives a service request from the VSGW.

Wherein the VSGW may forward the service request to the target server after determining the target server. For example, there may also be multiple VXLAN tunnels between the VSGW and the VXLAN gateway, each VXLAN tunnel corresponding to a type of cloud server. For example, each VXLAN tunnel corresponds to a cloud server of a communications carrier.

Further, in the case that a VXLAN gateway is provided between the VSGW and the cloud server, the VXLAN gateway may be configured to forward the cloud service request to the corresponding server. For example, the VXLAN gateway may forward the service request to a public cloud server or a private cloud server. For example, the VXLAN gateway may determine, according to an account of a cloud server carried by the service request, that the cloud server corresponding to the service request is a public cloud server or a private cloud server. The VSGW may send the service request to a corresponding cloud server.

It should be noted that after the user of the terminal device signs a broadband service (e.g., internet service) of one communication operator, the user may access cloud servers of different cloud service providers, and does not necessarily use the cloud server of the communication operator.

Based on the technical scheme of fig. 4, a plurality of VXLAN tunnels between the gateway device and the VGSW are passed, and each VXLAN tunnel in the plurality of VXLAN tunnels corresponds to a service request. In this way, the gateway device may send the service request of the terminal device to the VGSW, so that the VGSW performs distribution and processing; the VSGW establishes a second VXLAN tunnel with a VXLAN gateway on the cloud server side; and the VSGW selects a corresponding second VXLAN tunnel according to the service request to establish connection, and realizes the mapping relation between the VXLAN tunnel of the gateway equipment VGSW and the second VXLAN tunnel. Different VXLAN tunnels are established for different cloud providers. The rate of the second VXLAN tunnel may be dynamically adjusted based on service requests received by VGSW.

Based on the technical solution of fig. 4, in a possible implementation manner, in order to ensure the security of the communication system, the method provided in the embodiment of the present application may further include:

the VSGW receives authentication information from gateway equipment; and the VSGW authenticates the gateway equipment according to the authentication information.

The authentication information may include one or more of internet access authentication information, access cloud authentication information, network security authentication information, and VPN authentication information of the gateway device. The internet access authentication information may include an identifier (such as a name) of a communication carrier, an internet access account number, and a password, the network security authentication information may include one or more of an ID of the gateway device, subscriber information, and subscriber information of the gateway device, and the access cloud authentication information may include an identifier (such as a name) of an access cloud, an account number, and a password. The VPN authentication information may include a VPN account number and a password.

For example, the VSGW may verify the name, account number, and authentication information of the access cloud. After the authentication is passed, the VSGW may establish a VXLAN tunnel with a VXLAN gateway on the cloud side. For example, the VSGW may establish an entry to maintain a mapping relationship between a VXLAN tunnel between the VSGW and the gateway device and a VXLAN tunnel between the VSGW and the VXLAN gateway, and complete forwarding of access cloud services (e.g., cloud infrastructure services) by looking up the entry.

In another possible implementation manner, in order to ensure normal transmission of data, the method provided in the embodiment of the present application may further include:

and if the gateway equipment is successfully authenticated, the VSGW establishes an IP session for data transmission with the gateway equipment.

The successful authentication may mean that authentication information preset by the VSGW is consistent with authentication information of the gateway device.

After the gateway device successfully authenticates, the VSGW may establish a session (referred to as an IP session) at an IP layer with the gateway device. Optionally, after the VSGW contains the virtualized MSE, the IP session may be a PPPOE session or an IPoE session.

In another possible implementation manner, in order to flexibly control the transmission rate of the data, the method provided in this embodiment of the present application may further include:

and the VGSW determines the data transmission rate between the gateway equipment and the target server according to the bandwidth information of the subscriber of the gateway equipment. The target server may be a virtualized MSE, or may be a cloud server, a communication server, or the like.

The VSGW may open an Application Programming Interface (API) interface to a government-enterprise user, an NFV controller, and the like, so as to adjust bandwidth adjustment, modify a cloud service type, change a cloud service provider, and the like. For example, a government user may submit bandwidth to the VSGW through the gateway device that increases access to cloud services. In response to an input operation by a user, the VSGW may adjust a bandwidth (rate) of the VXLAN tunnel between the VSGW to the cloud server side. For another example, the user may submit a request for adjusting the cloud service type (e.g., cloud infrastructure as a service (iaas), cloud platform service (PAAS), cloud service, etc.) through the API interface of the VSGW.

The subscriber information of the gateway device may include an attribute of a subscriber subscribed to internet service, and an attribute of a subscriber subscribed to access cloud service (e.g., cloud infrastructure service). The attribute of the user signed on the internet service includes the internet speed. The attribute of the user signing for accessing the cloud service includes a cloud service type (such as cloud infrastructure service), a cloud service bandwidth (rate), a cloud service provider selection and the like.

In another possible implementation manner, to ensure the security of service transmission and devices, the method provided in this embodiment of the present application may further include:

and if the service information meets the preset alarm condition, the VGSW outputs the alarm information.

The preset alarm conditions comprise that the authentication of the gateway equipment fails, the service information is illegal information, the gateway equipment belongs to a blacklist of the gateway equipment, and the service information does not conform to an access control list

(ACL).

In one example, the VSGW may verify account and authentication information for network security traffic of the gateway device. After the gateway device passes the verification, the VSGW receives the service request of the gateway device and the service data corresponding to the service request, and then performs cleaning, for example, if a network attack is found (for example, the service request carries an illegal link), the VSGW may output alarm information. For example, an alarm message may be sent to the government-enterprise gateway/home gateway, and the service request and service data may be discarded. Here, the illegal link may refer to a link that the VSGW cannot recognize. Specifically, reference may be made to the prior art, which is not described in detail.

In another example, the VSGW may verify a service request from the home enterprise gateway/home gateway according to a black and white list and an ACL list of the home enterprise gateway/home gateway. For example, black and white lists, ACL tables are queried. For the traffic which does not conform to the black and white list and ACL table access rules, the VSGW can output the alarm information, for example, the alarm information can be sent to the government enterprise gateway/home gateway, and the traffic is discarded.

All the schemes in the above embodiments of the present application can be combined without contradiction.

In the embodiment of the present application, according to the above method example, the network device and the terminal device may be divided into the functional modules or the functional units, for example, each functional module or functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module may be implemented in a form of hardware, or may be implemented in a form of a software functional module or a functional unit. The division of the modules or units in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.

In the case of dividing each functional module according to each function, fig. 5 shows a schematic structural diagram of a communication apparatus 50, where the communication apparatus 50 may be a gateway device, or may be a chip applied to the gateway device, and the communication apparatus 50 may be configured to perform the functions of the gateway device in the above embodiments. The communication device 50 shown in fig. 5 may include: a communication unit 502 and a processing unit 501.

A communication unit 502, configured to receive a service request from a terminal device.

And the processing unit 501 is configured to select a target VXLAN tunnel corresponding to the service request from the multiple VXLAN tunnels according to the service request.

The communication unit 502 is further configured to send the service request to the VSGW through the target VXLAN tunnel, so that the VSGW forwards the service to the cloud server or the communication server.

The specific implementation manner of the communication device 50 may refer to a behavior function of a gateway device in the service forwarding method shown in fig. 4.

In one possible design, the communication device 50 shown in fig. 5 may further include a storage unit 503. The memory unit 503 is used for storing program codes and instructions.

In one possible design, the processing unit 501 is specifically configured to select a target VXLAN tunnel corresponding to the service request from the multiple VXLAN tunnels according to the IP address carried in the service request.

In one possible design, the processing unit 501 is specifically configured to select a target VXLAN channel corresponding to the service request from the multiple VXLAN tunnels according to a destination IP address carried in the service request, where the destination IP address corresponds to the target VXLAN tunnel.

In one possible design, the gateway device has a plurality of WAN interfaces, the WAN interfaces are physical interfaces or virtual interfaces, and each WAN interface of the WAN interfaces corresponds to a VXLAN tunnel.

In one possible design, the gateway device has a corresponding ID, where the ID includes a first byte and a second byte, the first byte is used to indicate a subscriber of the gateway device, and the second byte is used to indicate a serial number of the gateway device within the subscriber.

In one possible design, the service request is used to request a first type of service, and if the first type of service is an internet access service, the target server is a communication server; and if the first type of service is the cloud service, the target server is the cloud server.

In one possible design, the plurality of VXLAN tunnels are established according to a configuration file comprising: one or more of VXLAN configuration information, internet service information, cloud service information, network security information, and VPN information.

In one possible design, processing unit 501 is further configured to identify different priorities for the plurality of VXLAN tunnels according to the service request.

As yet another implementable manner, the processing unit 501 in fig. 5 may be replaced by a processor, which may integrate the functions of the processing unit 501. The communication unit 502 in fig. 5 may be replaced by a transceiver or transceiver unit, which may integrate the functionality of the communication unit 502.

Further, when the processing unit 501 is replaced by a processor and the communication unit 502 is replaced by a transceiver or a transceiver unit, the communication device 50 according to the embodiment of the present application may be the communication device shown in fig. 3.

In the case of dividing each functional module according to each function, fig. 6 shows a schematic structural diagram of a communication device 60, where the communication device 60 may be a gateway device, or may be a chip applied to the gateway device, and the communication device 60 may be configured to execute the functions of the gateway device in the above-described embodiments. The communication device 60 shown in fig. 6 may include: communication section 602 and processing section 601.

Communication unit 602, configured to use the service request sent by the gateway device in the target VXLAN tunnel, where the target VXLAN tunnel is one of the VXLAN tunnels.

The processing unit 601 is configured to determine, according to the service request, a target server corresponding to the service request, where the target server is a cloud server or a communication server.

The communication unit 602 is further configured to send the service request to the target server.

The specific implementation manner of the communication device 60 may refer to the behavior function of VGSW in the service forwarding method shown in fig. 4.

In one possible design, the communication device 60 shown in fig. 6 may further include a storage unit 603. The memory unit 603 is used for storing program codes and instructions.

In one possible design, the processing unit 601 is further configured to decapsulate the VXLAN protocol.

In one possible design, the VSGW establishes a second VXLAN tunnel with the VXLAN gateway connected to the cloud server, and the VSGW maintains a mapping relationship between the target VXLAN tunnel and the second VXLAN tunnel.

In one possible design, the communication unit 602 is further configured to receive authentication information from the gateway device, where the authentication information includes one or more of internet access authentication information, access cloud authentication information, network security authentication information, and VPN authentication information of the gateway device. The processing unit 601 is further configured to authenticate the gateway device according to the authentication information.

In one possible design, the communication unit 602 is further configured to receive bandwidth information of a subscriber of the gateway device, and the processing unit 601 is further configured to determine a data transmission bandwidth between target servers of the gateway device according to the bandwidth information.

In a possible implementation manner, the communication unit 602 is further configured to output the warning information if the service information meets a preset warning condition, where the preset warning condition includes one or more of failure of authentication of the gateway device, that the service information is illegal information, that the gateway device belongs to a black list of the gateway device, and that the service information does not meet an ACL.

The embodiment of the application also provides a computer readable storage medium. All or part of the processes in the above method embodiments may be performed by relevant hardware instructed by a computer program, which may be stored in the above computer-readable storage medium, and when executed, may include the processes in the above method embodiments. The computer readable storage medium may be an internal storage unit of the communication device (including the data sending end and/or the data receiving end) of any previous embodiment, such as a hard disk or a memory of the communication device. The computer readable storage medium may also be an external storage device of the terminal device, such as a plug-in hard disk, a Smart Memory Card (SMC), a Secure Digital (SD) card, a flash memory card (flash card), and the like, which are provided on the terminal device. Further, the computer-readable storage medium may include both an internal storage unit and an external storage device of the communication apparatus. The computer-readable storage medium stores the computer program and other programs and data required by the communication apparatus. The above-described computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.

It should be noted that the terms "first" and "second" and the like in the description, claims and drawings of the present application are used for distinguishing different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.

It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more, "at least two" means two or three and three or more, "and/or" for describing an association relationship of associated objects, meaning that three relationships may exist, for example, "a and/or B" may mean: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.

Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical functional division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another device, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, that is, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.

The above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (26)

1. A service forwarding method is applied to a gateway device, wherein the gateway device is connected to a Virtual Service Gateway (VSGW) through a plurality of virtual extensible local area network (VXLAN) tunnels, and the VSGW is respectively connected to a cloud server and a communication server, and the method comprises the following steps:

the gateway equipment receives a service request from terminal equipment;

the gateway equipment selects a target VXLAN tunnel corresponding to the service request from the VXLAN tunnels according to the service request;

the gateway device sends the service request to the VSGW through the target VXLAN tunnel, so that the VSGW forwards the service request to a target server corresponding to the service request, where the target server is the cloud server or the communication server.

2. The method of claim 1, wherein the selecting, by the gateway device, a target VXLAN tunnel from the plurality of VXLAN tunnels corresponding to the service request according to the service request comprises:

and the gateway equipment selects a target VXLAN channel corresponding to the service request from the VXLAN tunnels according to a target IP address carried by the service request, wherein the target IP address corresponds to the target VXLAN tunnel.

3. The method according to claim 1, wherein the service request is for requesting a first type of service, and if the first type of service is an internet service, the target server is the communication server; and if the first type of service is a cloud service, the target server is the cloud server.

4. The method of claim 1, further comprising:

and the gateway equipment marks different priorities for the VXLAN tunnels according to the service request.

5. The method of claim 1, wherein the gateway device has a unique identification number (ID), and wherein the ID comprises a first byte and a second byte, and wherein the first byte is used for identifying a subscriber of the gateway device, and wherein the second byte is used for identifying a serial number of the gateway device within the subscriber.

6. The method of claim 5, wherein the gateway device receives a configuration file, wherein the configuration file corresponds to the ID one to one, and wherein the configuration file comprises one or more of VXLAN configuration information, Internet service information, cloud service information, network security information, and Virtual Private Network (VPN) information.

7. A service forwarding method is applied to a VSGW, a first end of the VSGW is connected with a gateway device through a VXLAN tunnel, and a second end of the VSGW is respectively connected with a cloud server and a communication server, and the method comprises the following steps:

the VSGW receives a service request from the gateway equipment, wherein the service request is sent by the gateway equipment through a target VXLAN tunnel, the target VXLAN tunnel corresponds to the service request, and the target VXLAN tunnel is a VXLAN tunnel corresponding to the service request in a plurality of VXLAN tunnels;

the VSGW determines a target server corresponding to the service request according to the service request, wherein the target server is the cloud server or the communication server;

and the VSGW sends the service request to the target server.

8. The method of claim 7, further comprising: the VSGW decapsulates the VXLAN protocol.

9. The method of claim 7, wherein the VSGW establishes a second VXLAN tunnel with a VXLAN gateway to which the cloud server is connected, and wherein the VSGW maintains a mapping between the target VXLAN tunnel and the second VXLAN tunnel.

10. The method of claim 7, further comprising:

the VSGW receives authentication information from the gateway equipment, wherein the authentication information comprises one or more of internet access authentication information, access cloud authentication information, network security authentication information and VPN authentication information of the gateway equipment;

and the VSGW authenticates the gateway equipment according to the authentication information.

11. The method according to any one of claims 7-10, further comprising:

and the VSGW receives bandwidth information of a subscriber of the gateway equipment and determines data transmission bandwidth between the gateway equipment and the target server according to the bandwidth information.

12. The method according to any one of claims 7-10, further comprising:

and if the service information meets a preset alarm condition, the VSGW outputs alarm information, wherein the preset alarm condition comprises one or more of failure of authentication of the gateway equipment, illegal service information of the service information, blacklist of the gateway equipment belonging to the gateway equipment and non-conformity of the service information to an Access Control List (ACL).

13. A communication device is applied to a gateway device, the gateway device is in communication connection with a Virtual Service Gateway (VSGW) through a plurality of virtual extensible local area network (VXLAN) tunnels, the VSGW is in communication connection with a cloud server and a communication server respectively, and the communication device comprises a communication unit and a processing unit:

the communication unit is used for receiving a service request from the terminal equipment;

the processing unit is used for selecting a target VXLAN tunnel corresponding to the service request from the VXLAN tunnels according to the service request;

the communication unit is further configured to send the service request to the VSGW through the target VXLAN channel, so that the VSGW forwards the service request to a target server corresponding to the service request, where the target server is the cloud server or the communication server.

14. The communication device according to claim 13, wherein the processing unit is specifically configured to:

and selecting a target VXLAN channel corresponding to the service request from the VXLAN tunnels according to a target IP address carried by the service request, wherein the target IP address corresponds to the target VXLAN tunnel.

15. The communication device according to claim 13, wherein the service request is for requesting a first type of service, and if the first type of service is an internet service, the target server is the communication server; and if the first type of service is a cloud service, the target server is the cloud server.

16. The communications apparatus of claim 13, wherein the processing unit is further configured to:

and identifying different priorities for the VXLAN tunnels according to the service request.

17. The apparatus according to claim 13, wherein the gateway device has a unique ID, and wherein the ID comprises a first byte and a second byte, the first byte is used for identifying a subscriber of the gateway device, and the second byte is used for identifying a serial number of the gateway device within the subscriber.

18. The communications apparatus of claim 17, wherein the communications unit is further configured to:

and receiving configuration files, wherein the configuration files correspond to the IDs one by one, and the configuration files comprise one or more of VXLAN configuration information, Internet service information, cloud service information, network security information and Virtual Private Network (VPN) information.

19. A communication apparatus, applied to a VSGW, wherein a first end of the VSGW is connected to a gateway device through a plurality of VXLAN tunnels, and a second end of the VSGW is communicatively connected to a cloud server and a communication server, respectively, the communication apparatus includes a communication unit and a processing unit:

the communication unit is configured to receive a service request from the gateway device, where the service request is sent by the gateway device through a target VXLAN tunnel, the target VXLAN tunnel corresponds to the service request, and the target VXLAN tunnel is a VXLAN tunnel corresponding to the service request in the VXLAN tunnels;

the processing unit is configured to determine, according to the service request, a target server corresponding to the service request, where the target server is the cloud server or the communication server;

the communication unit is further configured to send the service request to the target server.

20. The communications apparatus of claim 19, wherein the processing unit is further configured to: the VXLAN protocol is decapsulated.

21. The communications device of claim 19, wherein the VSGW establishes a second VXLAN tunnel with a VXLAN gateway to which the cloud server is connected, and wherein the VSGW maintains a mapping relationship between the target VXLAN tunnel and the second VXLAN tunnel.

22. The communication device of claim 19,

the communication unit is further configured to receive authentication information from the gateway device, where the authentication information includes one or more of internet access authentication information, access cloud authentication information, network security authentication information, and VPN authentication information of the gateway device;

the processing unit is further configured to authenticate the gateway device according to the authentication information.

23. The communication apparatus according to any one of claims 19 to 22, wherein the communication unit is further configured to receive bandwidth information of a subscriber of the gateway device;

the processing unit is further configured to determine a data transmission bandwidth between the gateway device and the target server according to the bandwidth information.

24. The communications device according to any one of claims 19 to 22, wherein the communications unit is further configured to output an alarm message if the service message satisfies a preset alarm condition, where the preset alarm condition includes one or more of that the authentication of the gateway device fails, that the service message is an illegal service message, that the gateway device belongs to a black list of gateway devices, and that the service message does not conform to an access control list ACL.

25. Computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein instructions that, when executed, implement the method of any of claims 1-6 or any of claims 7-12.

26. A communications apparatus, comprising: a processor, a memory, and a communication interface; wherein, the communication interface is used for the communication device to communicate with other equipment or networks; the memory is used to store one or more programs, the one or more programs including computer-executable instructions, which when executed by the communication device, cause the communication device to perform the method of any of claims 1-6 or any of claims 7-12, when the processor executes the computer-executable instructions stored by the memory.

Images