CN114615232B - Method and system for generating visitor identification of active defense gateway - Google Patents

Method and system for generating visitor identification of active defense gateway Download PDF

Info

Publication number
CN114615232B
CN114615232B CN202210511825.4A CN202210511825A CN114615232B CN 114615232 B CN114615232 B CN 114615232B CN 202210511825 A CN202210511825 A CN 202210511825A CN 114615232 B CN114615232 B CN 114615232B
Authority
CN
China
Prior art keywords
visitor
gateway
gateway node
visitor identification
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210511825.4A
Other languages
Chinese (zh)
Other versions
CN114615232A (en
Inventor
谢峥
高庆官
卢成远
高瑞阳
李亚鹏
汪中杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Cyber Peace Technology Co Ltd
Original Assignee
Nanjing Cyber Peace Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Cyber Peace Technology Co Ltd filed Critical Nanjing Cyber Peace Technology Co Ltd
Priority to CN202210511825.4A priority Critical patent/CN114615232B/en
Publication of CN114615232A publication Critical patent/CN114615232A/en
Application granted granted Critical
Publication of CN114615232B publication Critical patent/CN114615232B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1036Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a method and a system for generating visitor identification of an active defense gateway. The starting point of the visitor identification in each gateway node in the cluster is set as the number of the gateway node; the number of binary digits occupied by the gateway node, B = ceil (log) 2 (N +1)), wherein N is the number of gateway nodes in the predicted cluster, and the number of each gateway node is different; creating shared memory on each gateway node to store latest visitor identification on the node, and performing atomic self-adding operation by multiple working processes to obtain 2 B And generating a visitor identifier for the increasing step size, and updating the visitor identifier in the shared memory. Compared with the prior art, the visitor identification generated by the invention is short, which is convenient for human eye recognition, oral reading and one-by-one input from a keyboard; and the method is not influenced by the clock adjustment of the gateway node, centralized management is not needed, the length of the node number in the generated visitor identifier is variable, and capacity expansion can be further supported.

Description

Method and system for generating visitor identification of active defense gateway
Technical Field
The invention relates to a method and a system for generating visitor identification of an active defense gateway, and belongs to the technical field of network security.
Background
An active defense gateway is a type of security gateway used to protect Web sites. It is deployed between the user and the Web site, near the site, and supports both HTTP and HTTPs protocols. After receiving the HTTP request sent by the user side, the active defense gateway accurately positions each visitor in the modes of sending Cookie, collecting equipment information and the like. In the gateway, a visitor identification is generated for the visitor; the visitor identification is the code number of the visitor, has uniqueness in the whole gateway, and is used in occasions of storing visitor basic information, storing access logs, access control aiming at the visitor and the like.
And the generation scheme of the visitor identification is related to the deployment mode of the active defense gateway. The deployment modes of the active defense gateway can be divided into single machine deployment and cluster deployment according to the size of site service scale. Fig. 1 is a schematic diagram of cluster deployment, in which a load balancing device distributes HTTP requests to nodes according to a certain rule (for example, mapping to each node of an active defense gateway by using a source IP or a guest identifier). Each node is independent and has the function of a complete gateway. After receiving the HTTP request, operations such as visitor identification, access control, and the like are performed, and then the operation is forwarded to the Web site at the back end. In a cluster deployment environment, the generation of guest identifications is a distributed problem. The conventional ID generation methods of the distributed system each have advantages and disadvantages.
For an active defense gateway deployed by a cluster, the visitor identification needs to satisfy the following characteristics: 1. global uniqueness; 2. efficient generation, and high concurrency scenes are responded; 3. allowing the load balancing device to resolve for scheduling according to the guest identification; 4. as short as possible for presentation on the management platform of the gateway.
The snowflake algorithm is the first choice for the active defense gateway visitor identification generation algorithm. It divides 64-bit LONG type variable into several segments according to binary bit, and the node number, time and serial number form an ID, such as 36163632623390851. However, the snowflake algorithm still has some problems in the active defense gateway: 1. the generated ID is too long and random to read and display. 2. Is easily affected by the clock adjustment of the gateway node and needs additional means to ensure the stable operation of the gateway node. 3. The node numbering digits are fixed and cannot be expanded.
Disclosure of Invention
The purpose of the invention is as follows: in view of the problems in the prior art, an object of the present invention is to provide a method and a system for generating an active defense gateway visitor identifier, where the generated visitor identifier is short and easy to identify, and is applicable to highly concurrent scenes, and the operation is stable.
The technical scheme is as follows: in order to achieve the purpose, the invention adopts the following technical scheme:
a method for generating an active defense gateway visitor identifier comprises the following steps:
each gateway node in the cluster sets the starting point of the visitor identification as the number of the gateway node; the number of binary digits occupied by the gateway node, B = ceil (log) 2 (N +1)), wherein N is the number of the gateway nodes in the predicted cluster, ceil is an upward rounding function, and the number of each gateway node is different;
creating shared memory on each gateway node to store latest visitor identification on the node, and performing atomic self-adding operation by multiple working processes to obtain 2 B Generating a visitor identifier for the increasing step length, and updating the visitor identifier in the shared memory; and the numerical value corresponding to the lowest B binary digits of the generated visitor identification is the serial number of the gateway node.
Preferably, the latest visitor identification in the shared memory is periodically stored on a disk by running a timing task; and after the gateway node is restarted, reading the stored latest visitor identification from the disk, checking whether the latest visitor identification exists, modifying the latest visitor identification according to the increasing step length if the latest visitor identification exists, repeating the check until the first unused visitor identification is found, and storing the last numerical value as the modified latest visitor identification in the shared memory.
Preferably, the number of gateway nodes in the cluster is greater than or equal to the number of gateway nodes actually operating.
Preferably, reserving the B binary digits occupied by the gateway node number as the total 1 value for the expanded gateway node, setting the number of the expanded new gateway node as M, and setting the visitor identification starting point as 2 M-1 -1, the increase step size of the visitor identification is 2 M
Preferably, the method for acquiring the number of the corresponding gateway node according to the visitor identifier comprises the following steps:
taking the lowest B binary bits of the visitor identification, and recording the corresponding numerical value as M1; if M1 is less than 2 B 1, then the gateway node number is M1; otherwise, enabling X =1, and entering the next step;
taking the lowest B + X binary digits of the visitor identification, and recording the corresponding value as M2, if M2 is less than 2 B+X -1, then the gateway node number is log 2 (M2+1) + 1; otherwise, let X = X +1, repeat this step until M2 is less than 2 B+X -1。
Preferably, when the load balancing device of the active defense gateway schedules an HTTP request, the load balancing device schedules a request not carrying a visitor identifier to a gateway node according to a preset rule, and acquires a gateway node number from the visitor identifier and schedules the gateway node number to a corresponding gateway node for the request carrying the visitor identifier.
An active defense gateway visitor identification generation system, comprising: the initialization module is used for setting the starting point of the visitor identifier as the number of the gateway node per se by each gateway node in the cluster; the number of binary digits occupied by the gateway node, B = ceil (log) 2 (N +1)), the numbers of the gateway nodes are different; and the visitor identification generation module is used for opening up a shared memory on each gateway node to store the latest visitor identification on the node, and a plurality of working processes are operated by 2 times through atomic self-increment operation B Generating a visitor identifier for the increasing step length, and updating the visitor identifier in the shared memory; and the numerical value corresponding to the lowest B binary digits of the generated visitor identification is the serial number of the gateway node.
Preferably, the system further comprises: the visitor identification persistence module is used for periodically storing the latest visitor identification in the shared memory to a disk by running a timing task; and after the gateway node is restarted, reading the stored latest visitor identification from the disk, checking whether the latest visitor identification exists, modifying the latest visitor identification according to the increasing step length if the latest visitor identification exists, repeating the check until the first unused visitor identification is found, and storing the last numerical value as the modified latest visitor identification in the shared memory.
Preferably, the system reserves the B binary bits occupied by the gateway node number as the full 1 value for the expanded gateway node, and further includes: a capacity expansion node visitor identifier generation module for setting the visitor identifier starting point of the new gateway node with the capacity expansion number of M as 2 M-1 -1, by 2 M And generating visitor identification on the expanded gateway node for the increasing step length.
An active defense gateway system comprises load balancing equipment and at least two gateway nodes; when the load balancing equipment schedules an HTTP request, acquiring a gateway node number from a visitor identifier for a request carrying the visitor identifier, and scheduling the request to a corresponding gateway node; for a request which does not carry a visitor identifier, scheduling the request to a gateway node in a cluster according to a preset rule, and generating the visitor identifier containing gateway node number information for the request by the gateway node according to the following mode:
the starting point of the visitor identification is the number of the gateway node; the number of binary digits occupied by the gateway node, B = ceil (log) 2 (N +1)), the numbers of the gateway nodes are different; creating a shared memory on each gateway node to store the latest visitor identification on the node, acquiring the latest visitor identification by the working process for processing the HTTP request, and performing atomic self-increment operation by 2 B Generating a visitor identifier for the increasing step length, and updating the visitor identifier in the shared memory; and the numerical value corresponding to the lowest B binary digits of the generated visitor identification is the serial number of the gateway node.
Has the advantages that: the active defense gateway provided by the invention can plan the step length of visitor identification increase in advance according to the site service scale, and can ensure that visitor identifications generated by each node do not conflict by setting different visitor identification starting points for each gateway node. The multiple working processes of the gateway node ensure the sequential generation of the visitor identification inside the node by performing an atomic operation on the shared data area. The generated visitor identification contains node number information and can be used for the load balancing equipment to carry out HTTP request scheduling based on the visitor identification. Compared with the prior art, the invention has the following advantages: 1. the visitor identification generated by the invention is very short, the display is concise and beautiful, and the visitor identification is convenient for human eye recognition, oral reading and one-by-one input from a keyboard. 2. Compared with the ID generated by a snowflake algorithm, the method reduces the random degree, shows more continuity and is not influenced by the adjustment of the gateway node clock. 3. Each gateway node can independently generate the visitor identification based on the number of the gateway node, and a central server is not required to be responsible for number segment distribution, so that the cost problem and the usability problem caused by centralization are avoided. 4. The length of the node number in the visitor identifier generated by the invention is variable, and the capacity expansion can be further supported. 5. The invention further saves the visitor identification in the shared memory to the disk at regular time, thereby avoiding the influence on the speed of the visitor identification caused by real-time saving; after the recovery is restarted, the latest visitor identification on the disk can be read and checked so as to deal with the hidden danger of visitor identification loss.
Drawings
Fig. 1 is a schematic diagram of an active defense gateway structure deployed in a cluster manner.
Fig. 2 is a schematic diagram illustrating a principle of guest identifier generation in the embodiment of the present invention.
Fig. 3 is a schematic diagram of a recovery flow of a latest visitor identifier of a gateway node in an embodiment of the present invention.
Detailed Description
The technical solution of the present invention is further explained with reference to the accompanying drawings and specific embodiments.
Before the embodiment of the method of the present invention, the expected maximum cluster size (i.e. the number of gateway nodes N) may be estimated according to the site service size (i.e. the total number of visitors V) and the capacity of a single gateway node (i.e. the number of supported visitors C): n = ceil (V/C); where ceil is an ceiling function.
For example, a Web site expects a maximum of 100 ten thousand visitors in an operating period, and a single gateway node supports a maximum of 40 ten thousand visitors, the cluster size is 100 ÷ 40=2.5, and the whole is rounded up to 3 gateway nodes.
A part of the binary bits needed to be used in the guest identification for storing the node number. Binary number of bits B = ceil (log) required to be used at the beginning 2 (N+1))。
As shown in fig. 2, in the method for generating visitor identifiers of active defense gateways disclosed in the embodiment of the present invention, the starting point of the visitor identifier of each gateway node is set as the number of the node (it is assumed that the number is sequentially increased from 0), and the growth step size of the visitor identifier of all gateway nodes is 2 B . For the above example, the guest identities of these gateway nodes start with 0, 1, 2, respectively, and the step size for the increase is 4. The guest identification generated by each node is as follows:
node0:0、4、8……
node1:1、5、9……
node2:2、6、10……
the embodiment of the invention does not require the existence of gateway nodes in the planning. If only a few nodes are on-line in the early stage of operation, the increment step size is still 2 B And nodes that are not on-line need to be reserved for their visitor identification starting point.
In consideration of the requirement of capacity expansion, the B binary bits occupied by the node number may be reserved for the expanded gateway node as the value of all 1. When capacity expansion is needed, the number of a new node is set to be M, and the starting point of the visitor identification is 2 M-1 -1, the increase step size of the visitor identification is 2 M . For example, the visitor identifiers generated by the two newly expanded gateway nodes are as follows:
node3:3、11、19……
node4:7、23、39……
a plurality of working processes are operated on the gateway node and used for processing the concurrent HTTP requests, and each working process can independently generate the visitor identification. And on the gateway node, a shared memory is developed for storing the latest visitor identification on the node. A plurality of working processes quickly acquire a new next visitor identification through atomic self-increment operation, and meanwhile, the visitor identification in the shared memory is modified into the latest visitor identification; when the self-increment operation is called for the first time, as the latest visitor identification value in the shared memory does not exist, the starting point of the visitor identification allocated to the node is used as the latest visitor identification. The process has high efficiency and can deal with the scene that a large number of visitors are newly added in a short period when the gateway is on line.
Since the latest guest id in the shared memory is not persisted, this information is lost if the gateway node is powered down or restarted. To ensure performance, embodiments of the present invention do not save the latest guest identification to disk each time it is modified. Instead, a timed task is run, saving the latest guest id in shared memory to disk every fixed time (e.g., 3 seconds). Correspondingly, when the gateway work process is started, the latest visitor identification is read from the disk and recovered to the shared memory.
Considering that the action of saving to the disk is performed periodically, if the latest visitor identifier in the shared memory is not saved after being modified yet and is powered down or restarted, the latest visitor identifier read from the disk by the gateway working process is an old value which is smaller than a correct value. The latest visitor identification needs to be revised at this time. Because the gateway node stores the whole amount of visitor data of the node, only a visitor query interface is required to be called to check whether the latest visitor identification exists; if there is a new last guest id modified by a step size, the check is repeated until the first unused guest id is found, and the last value is the correct last guest id. And restoring the latest corrected visitor identification to the shared memory.
The duration of this search process is related to the running interval of the timed task and the new increase rate of the guests. Generally, the running interval of the timing task is far smaller, and the starting of the working process of the gateway is basically not influenced.
And after the gateway node generates the visitor identification, the visitor identification is sent to the browser in a Cookie mode. Subsequent HTTP requests will automatically carry the guest identity. And the load balancing equipment checks whether the visitor identification is carried in the process of dispatching the HTTP request. If the visitor identification is not available, the visitor is considered as a new visitor, and scheduling is carried out according to a pre-configured rule (such as scheduling according to an IP address, random scheduling and the like); if the visitor identification exists, the gateway node where the visitor originally locates is found according to the visitor identification scheduling. The method of identifying the compute node number from the guest is as follows:
step 1, taking the lowest B binary digits of the visitor identification, and recording the value of the B binary digits as M1; if M1 is less than 2 B -1, then M is the gateway node number; otherwise let X =1 and proceed to step 2.
Step 2, taking the lowest B + X binary digits of the visitor identification, and recording the value of the binary digits as M2; if M2 is less than 2 B+X -1, then the gateway node number is log 2 (M2+1) + 1; otherwise, let X = X +1, repeat this step until M2 is less than 2 B+X -1, determining a gateway node number.
The embodiment of the invention discloses an active defense gateway visitor identification generation system, which comprises an initialization module and a visitor identification generation module, wherein the initialization module is used for setting the starting point of a visitor identification as the number of a gateway node by each gateway node in a cluster; the number of binary digits occupied by the gateway node, B = ceil (log) 2 (N +1)), the numbers of the gateway nodes are different. The visitor identification generation module is used for opening up a shared memory on each gateway node to store the latest visitor identification on the node, and a plurality of working processes are operated by an atomic self-increment operation 2 B And generating a visitor identifier for the increasing step size, and updating the visitor identifier in the shared memory.
In addition, in order to deal with abnormal conditions such as power failure, restart and the like, the system is also provided with a visitor identifier persistence module which is used for periodically storing the latest visitor identifier in the shared memory to a disk by running a timing task; and after the gateway node is restarted, reading the stored latest visitor identification from the disk, checking whether the latest visitor identification exists, modifying the latest visitor identification according to the increasing step length if the latest visitor identification exists, repeating the check until the first unused visitor identification is found, and storing the last numerical value as the modified latest visitor identification in the shared memory.
In order to further support capacity expansion, the system reserves the B binary bits occupied by the serial number of the gateway node as the full-1 numerical value for the expanded gateway node, and is provided with a capacity expansion node visitor identification generation module for setting the visitor identification starting point of a new network joint point with the serial number of M as 2 M-1 -1, by 2 M Gateway capable of expanding capacity for increasing step lengthAnd generating the visitor identification on the node.
The embodiment of the invention discloses an active defense gateway system, which comprises load balancing equipment and at least two gateway nodes; when the load balancing equipment schedules an HTTP request, acquiring a gateway node number from a visitor identifier for a request carrying the visitor identifier, and scheduling the gateway node number to a corresponding gateway node; for a request which does not carry a visitor identifier, scheduling the request to a gateway node in a cluster according to a preset rule, and generating the visitor identifier containing gateway node number information for the request by the gateway node according to the following mode:
the starting point of the visitor identification is the number of the gateway node; the number of gateway nodes takes the binary number of bits B = ceil (log) 2 (N +1)), the numbers of the gateway nodes are different; creating a shared memory on each gateway node to store the latest visitor identification on the node, acquiring the latest visitor identification by the working process for processing the HTTP request, and performing atomic self-increment operation by 2 B And generating a visitor identifier for the increasing step size, and updating the visitor identifier in the shared memory. If the gateway node is the gateway node of the later expansion, the visitor identification starting point is set to be 2 M-1 1, 2 M And generating visitor identification for the increasing step length, wherein M is the serial number of the expanded gateway node.

Claims (10)

1. A method for generating an active defense gateway visitor identifier is characterized by comprising the following steps:
each gateway node in the cluster sets the starting point of the visitor identification as the number of the gateway node; the number of binary digits occupied by the gateway node, B = ceil (log) 2 (N +1)), wherein N is the number of the gateway nodes in the predicted cluster, ceil is an upward rounding function, and the number of each gateway node is different;
creating shared memory on each gateway node to store latest visitor identification on the node, and performing atomic self-adding operation by multiple working processes to obtain 2 B Generating a visitor identifier for the increasing step length, and updating the visitor identifier in the shared memory; and the numerical value corresponding to the lowest B binary digits of the generated visitor identification is the serial number of the gateway node.
2. The active defense gateway visitor identifier generation method of claim 1, wherein the latest visitor identifier in the shared memory is periodically saved to a disk by running a timing task; and after the gateway node is restarted, reading the stored latest visitor identification from the disk, checking whether the latest visitor identification exists, modifying the latest visitor identification according to the increasing step length if the latest visitor identification exists, repeating the check until the first unused visitor identification is found, and storing the last numerical value as the modified latest visitor identification in the shared memory.
3. The active defense gateway guest identification generation method of claim 1, wherein the projected number of gateway nodes in the cluster is greater than or equal to an actual number of gateway nodes in operation.
4. The method for generating visitor identification of active defense gateway as claimed in claim 1, wherein the value of all 1 of B binary bits occupied by the gateway node number is reserved for the expanded gateway node, the number of the new expanded gateway node is set as M, and the visitor identification starting point is set as 2 M-1 -1, the visitor identification growth step size is 2 M
5. The active defense gateway visitor identification generation method of claim 4, wherein the method of obtaining the corresponding gateway node number according to the visitor identification is:
taking the lowest B binary digits of the visitor identification, and recording the corresponding numerical value as M1; if M1 is less than 2 B 1, then the gateway node number is M1; otherwise, enabling X =1, and entering the next step;
taking the lowest B + X binary digits of the visitor identification, and recording the corresponding value as M2, if M2 is less than 2 B+X -1, then the gateway node number is log 2 (M2+1) + 1; otherwise, let X = X +1, repeat this step until M2 is less than 2 B+X -1。
6. The method for generating the visitor identifier of the active defense gateway as claimed in claim 1, wherein the load balancing device of the active defense gateway schedules a request not carrying the visitor identifier to a gateway node according to a preset rule when scheduling the HTTP request, and obtains a gateway node number from the visitor identifier and schedules the gateway node number to a corresponding gateway node for the request carrying the visitor identifier.
7. An active defense gateway visitor identification generation system, comprising:
the initialization module is used for setting the starting point of the visitor identifier as the number of the gateway node per se by each gateway node in the cluster; the number of binary digits occupied by the gateway node, B = ceil (log) 2 (N +1)), wherein N is the number of the gateway nodes in the predicted cluster, ceil is an upward rounding function, and the numbers of the gateway nodes are different;
and the visitor identification generation module is used for opening up a shared memory on each gateway node to store the latest visitor identification on the node, and a plurality of working processes are operated by 2 times through atomic self-increment operation B Generating a visitor identifier for the increasing step length, and updating the visitor identifier in the shared memory; and the numerical value corresponding to the lowest B binary digits of the generated visitor identification is the serial number of the gateway node.
8. The active defense gateway guest identification generation system of claim 7, further comprising: the visitor identification persistence module is used for periodically storing the latest visitor identification in the shared memory to a disk by running a timing task; and after the gateway node is restarted, reading the stored latest visitor identification from the disk, checking whether the latest visitor identification exists, modifying the latest visitor identification according to the increasing step length if the latest visitor identification exists, repeating the check until the first unused visitor identification is found, and storing the last numerical value as the modified latest visitor identification in the shared memory.
9. The active defense gateway guest mark of claim 7The identification generation system is characterized in that the system reserves the B binary bits occupied by the gateway node number as the full 1 value for the expanded gateway node, and further comprises: a capacity expansion node visitor identifier generation module for setting the visitor identifier starting point of the new gateway node with the capacity expansion number of M as 2 M-1 -1, by 2 M And generating visitor identification on the expanded gateway node for the increasing step length.
10. An active defense gateway system comprises load balancing equipment and at least two gateway nodes; the method is characterized in that when the load balancing equipment schedules an HTTP request, for the request carrying visitor identification, the gateway node number is obtained from the visitor identification, and the gateway node number is scheduled to the corresponding gateway node; for a request which does not carry a visitor identifier, scheduling the request to a gateway node in a cluster according to a preset rule, and generating the visitor identifier containing gateway node number information for the request by the gateway node according to the following mode:
the starting point of the visitor identification is the number of the gateway node; the number of binary digits occupied by the gateway node, B = ceil (log) 2 (N +1)), wherein N is the number of the gateway nodes in the predicted cluster, ceil is an upward rounding function, and the numbers of the gateway nodes are different; creating a shared memory on each gateway node to store the latest visitor identification on the node, acquiring the latest visitor identification by the working process for processing the HTTP request, and performing atomic self-increment operation by 2 B Generating a visitor identifier for the increasing step length, and updating the visitor identifier in the shared memory; and the numerical value corresponding to the lowest B binary digits of the generated visitor identification is the serial number of the gateway node.
CN202210511825.4A 2022-05-12 2022-05-12 Method and system for generating visitor identification of active defense gateway Active CN114615232B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210511825.4A CN114615232B (en) 2022-05-12 2022-05-12 Method and system for generating visitor identification of active defense gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210511825.4A CN114615232B (en) 2022-05-12 2022-05-12 Method and system for generating visitor identification of active defense gateway

Publications (2)

Publication Number Publication Date
CN114615232A CN114615232A (en) 2022-06-10
CN114615232B true CN114615232B (en) 2022-08-12

Family

ID=81870545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210511825.4A Active CN114615232B (en) 2022-05-12 2022-05-12 Method and system for generating visitor identification of active defense gateway

Country Status (1)

Country Link
CN (1) CN114615232B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115623009B (en) * 2022-12-19 2023-03-28 南京赛宁信息技术有限公司 Active defense gateway visitor data backup and node online capacity expansion method and system

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7861060B1 (en) * 2005-12-15 2010-12-28 Nvidia Corporation Parallel data processing systems and methods using cooperative thread arrays and thread identifier values to determine processing behavior
CN103347055A (en) * 2013-06-19 2013-10-09 北京奇虎科技有限公司 System, device and method for processing tasks in cloud computing platform
CN106649736A (en) * 2016-12-23 2017-05-10 成都信息工程大学 Generation method for automatic codes in general database
CN106993022A (en) * 2016-12-30 2017-07-28 ***股份有限公司 For the mark management method of cluster, identification server and corresponding system
CN110634052A (en) * 2019-09-20 2019-12-31 中国银行股份有限公司 Method and device for generating order number by distributed architecture
CN111245910A (en) * 2019-12-31 2020-06-05 杭州趣链科技有限公司 Block chain light node multi-copy deployment method
CN111857979A (en) * 2020-06-28 2020-10-30 厦门极致互动网络技术股份有限公司 Information management method, system, storage medium and equipment of distributed system
CN112788060A (en) * 2021-01-29 2021-05-11 北京字跳网络技术有限公司 Data packet transmission method and device, storage medium and electronic equipment
CN112966035A (en) * 2021-03-08 2021-06-15 深圳证券通信有限公司 Distributed digital ID generation algorithm
CN113505112A (en) * 2021-05-26 2021-10-15 广州宸祺出行科技有限公司 snowFlake algorithm-based ID generation method and device without machine identification
CN113821521A (en) * 2021-01-29 2021-12-21 北京京东拓先科技有限公司 Distributed identification generation method and device, electronic equipment and storage medium
CN113946583A (en) * 2021-10-25 2022-01-18 浙江惠瀜网络科技有限公司 Primary key generation method and device
CN114237830A (en) * 2022-02-24 2022-03-25 南京赛宁信息技术有限公司 Dispatching and physical machine capacity expansion method and system for quick start of virtual machine in target range

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111259107B (en) * 2020-01-10 2023-08-18 北京百度网讯科技有限公司 Determinant text storage method and device and electronic equipment

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7861060B1 (en) * 2005-12-15 2010-12-28 Nvidia Corporation Parallel data processing systems and methods using cooperative thread arrays and thread identifier values to determine processing behavior
CN103347055A (en) * 2013-06-19 2013-10-09 北京奇虎科技有限公司 System, device and method for processing tasks in cloud computing platform
CN106649736A (en) * 2016-12-23 2017-05-10 成都信息工程大学 Generation method for automatic codes in general database
CN106993022A (en) * 2016-12-30 2017-07-28 ***股份有限公司 For the mark management method of cluster, identification server and corresponding system
CN110634052A (en) * 2019-09-20 2019-12-31 中国银行股份有限公司 Method and device for generating order number by distributed architecture
CN111245910A (en) * 2019-12-31 2020-06-05 杭州趣链科技有限公司 Block chain light node multi-copy deployment method
CN111857979A (en) * 2020-06-28 2020-10-30 厦门极致互动网络技术股份有限公司 Information management method, system, storage medium and equipment of distributed system
CN112788060A (en) * 2021-01-29 2021-05-11 北京字跳网络技术有限公司 Data packet transmission method and device, storage medium and electronic equipment
CN113821521A (en) * 2021-01-29 2021-12-21 北京京东拓先科技有限公司 Distributed identification generation method and device, electronic equipment and storage medium
CN112966035A (en) * 2021-03-08 2021-06-15 深圳证券通信有限公司 Distributed digital ID generation algorithm
CN113505112A (en) * 2021-05-26 2021-10-15 广州宸祺出行科技有限公司 snowFlake algorithm-based ID generation method and device without machine identification
CN113946583A (en) * 2021-10-25 2022-01-18 浙江惠瀜网络科技有限公司 Primary key generation method and device
CN114237830A (en) * 2022-02-24 2022-03-25 南京赛宁信息技术有限公司 Dispatching and physical machine capacity expansion method and system for quick start of virtual machine in target range

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"id生成算法";ToLoveToFeel;《CSDN博客》;20220306;全文 *
"分布式***ID的生成方法之UUID、数据库、算法、Redis、Leaf方案";Java后端架构猛猛;《CSDN博客》;20220408;全文 *

Also Published As

Publication number Publication date
CN114615232A (en) 2022-06-10

Similar Documents

Publication Publication Date Title
CN114615232B (en) Method and system for generating visitor identification of active defense gateway
JP5276632B2 (en) Cluster system and software deployment method
CN101826073A (en) Synchronous method, apparatus and system for distributed database
CN103634375A (en) Method, device and equipment for cluster node expansion
CN112615945B (en) Domain name resolution record management method and device, computer equipment and storage medium
CN101741830A (en) Method, system, client and server for realizing multi-client data synchronization
CN108769118B (en) Method and device for selecting master nodes in distributed system
CN114827082A (en) Method, system, device and medium for generating globally unique ID of distributed system
CN111291062A (en) Data synchronous writing method and device, computer equipment and storage medium
CN110798507A (en) Method and system for DHCP address allocation memory
CN108429641B (en) Network equipment management method and device
CN104579753B (en) User data statistical method, access stratum server and statistical server
CN111431951B (en) Data processing method, node equipment, system and storage medium
CN114493602B (en) Block chain transaction execution method and device, electronic equipment and storage medium
CN116204327A (en) Distributed system communication scheduling method and distributed machine learning system
CN110765125A (en) Data storage method and device
EP3709173A1 (en) Distributed information memory system, method, and program
CN112804313B (en) Data synchronization method, device, equipment and medium based on cross-domain edge node
CN105007233A (en) Method for distributing address based on DHCP (dynamic host configuration protocol) server cluster load
US12007991B2 (en) Automation device and method for optimized access to a variable
CN114756385A (en) Elastic distributed training method in deep learning scene
CN113468508A (en) Information verification method, device, server and storage medium
CN115623009B (en) Active defense gateway visitor data backup and node online capacity expansion method and system
CN115543353B (en) System management solution method and system based on distributed deployment architecture
CN109828720A (en) Date storage method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant