CN117914648A

CN117914648A - Method, device, processor and VPN device for optimizing VPN device

Info

Publication number: CN117914648A
Application number: CN202311862856.5A
Authority: CN
Inventors: 王鑫
Original assignee: Beijing Topsec Technology Co Ltd; Beijing Topsec Network Security Technology Co Ltd; Beijing Topsec Software Co Ltd
Current assignee: Beijing Topsec Technology Co Ltd; Beijing Topsec Network Security Technology Co Ltd; Beijing Topsec Software Co Ltd
Priority date: 2023-12-29
Filing date: 2023-12-29
Publication date: 2024-04-19

Abstract

The application discloses a method, a device, a processor and VPN equipment for optimizing VPN equipment, belonging to the technical field of data transmission, wherein the method comprises the following steps: in the process of data forwarding of VPN equipment, acquiring terminal information of a client side communicating with the VPN equipment at the current moment and equipment state information of the VPN equipment; determining risk values of all parameters in the terminal information and the equipment state information according to preset rules to obtain a target parameter set; determining a target optimization parameter set of the VPN equipment according to the target parameter set and a pre-stored optimization database; and adjusting the operation parameters of the VPN equipment according to the target optimization parameter set. The application can realize intelligent optimization of the operation parameters of VPN equipment.

Description

Method, device, processor and VPN device for optimizing VPN device

Technical Field

The present application relates to the field of data transmission technologies, and in particular, to a method, an apparatus, a processor, and a VPN device for optimizing a VPN device.

Background

The functions of the virtual private network (Virtual Private Network, VPN) are: and establishing a private network on the public network for encrypted communication. There are wide applications in enterprise networks. The VPN gateway realizes remote access through encryption of the data packet and conversion of the destination address of the data packet. There are various classification modes of VPN, mainly by protocol. The VPN may be implemented in a variety of ways, e.g., by a server, hardware, software, etc.

In current network environments, VPN devices have become an important tool to protect user privacy and bypass geographical restrictions. However, the user may encounter problems such as slow speed, unstable connection, etc. when using VPN. In this regard, the prior art mostly adopts the manual investigation mode, and the automation and the intelligent degree are lower through technician intervention in order to adjust equipment parameters. Therefore, the optimization method of the VPN device adopted in the prior art has the problem of low intelligent degree.

Disclosure of Invention

An object of an embodiment of the present application is to provide a method, an apparatus, a processor, a VPN device and a machine-readable storage medium for optimizing a VPN device, so as to solve a problem that an optimization method of a VPN device adopted in the prior art has a low degree of intelligence.

To achieve the above object, a first aspect of an embodiment of the present application provides a method for optimizing a VPN device, the method including:

in the process of data forwarding of VPN equipment, acquiring terminal information of a client side communicating with the VPN equipment at the current moment and equipment state information of the VPN equipment;

Determining risk values of all parameters in the terminal information and the equipment state information according to preset rules to obtain a target parameter set;

Determining a target optimization parameter set of the VPN equipment according to the target parameter set and a pre-stored optimization database;

And adjusting the operation parameters of the VPN equipment according to the target optimization parameter set.

In the embodiment of the present application, determining the target optimization parameter set of the VPN device by the target parameter set and the pre-stored optimization database includes: judging whether the VPN equipment is in a risk state according to the target parameter set;

determining a target optimization parameter set of the VPN equipment according to the target parameter set and the optimization database under the condition that the VPN equipment is in a risk state; in the event that the VPN device is not in a risk state, storing the target parameter set in an optimization database to update the optimization database.

In the embodiment of the application, the optimization database comprises a plurality of standard parameter sets, and parameters contained in the standard parameter sets are the same as parameters contained in the target parameter sets;

Determining a target optimization parameter set of the VPN device according to the target parameter set and the optimization database, including:

Matching the target parameter set with a plurality of standard parameter sets in an optimization database to determine a risk type;

Determining a target standard parameter set with highest similarity with the target parameter set in the optimized database;

and determining a target optimization parameter set of the VPN equipment according to the target risk type, the target parameter set and the target standard parameter set.

In the embodiment of the present application, determining whether the VPN device is in a risk state according to the target parameter set includes: judging whether risk values of a plurality of target parameters in the target parameters exceed a preset threshold value or not respectively, wherein the target parameters comprise client transmission delay, data forwarding delay and packet loss rate; judging that the VPN equipment is in a risk state under the condition that the risk value of any target parameter in the plurality of target parameters exceeds a preset threshold value; and under the condition that the risk values of the target parameters do not exceed the preset threshold value, judging that the VPN equipment is not in a risk state.

In the embodiment of the application, the terminal information comprises: client version information, operating system information, transmitted data size, client transmission delay and data transmission mode.

In the embodiment of the application, the equipment state information comprises: CUP usage rate, device memory usage status, device bandwidth occupancy rate, client online number, data forwarding delay and packet loss rate.

A second aspect of an embodiment of the present application provides a processor configured to perform the above-described method for optimizing a VPN device.

A third aspect of an embodiment of the present application provides an apparatus for optimizing a VPN device, the apparatus including:

The data acquisition module is used for acquiring terminal information of a client side communicating with the VPN equipment at the current moment and equipment state information of the VPN equipment in the process of forwarding data of the VPN equipment;

The risk value determining module is used for determining risk values of all parameters in the terminal information and the equipment state information according to preset rules so as to obtain a target parameter set;

the target optimization parameter set determining module is used for determining a target optimization parameter set of the VPN equipment according to the target parameter set and a pre-stored optimization database;

and the control module is used for adjusting the operation parameters of the VPN equipment according to the target optimization parameter set.

A fourth aspect of an embodiment of the present application provides a VPN device, including: the processor described above or the apparatus for optimizing a VPN device described above.

A fifth aspect of embodiments of the present application provides a machine-readable storage medium having stored thereon a program or instructions which, when executed by a processor, implement the above-described method for optimizing a VPN device.

According to the technical scheme, in the process of data forwarding of the VPN equipment, terminal information of a client side in communication with the VPN equipment at the current moment and equipment state information of the VPN equipment are firstly obtained, then risk values of all parameters in the terminal information and the equipment state information are determined according to preset rules to obtain a target parameter set, further a target optimization parameter set of the VPN equipment is determined according to the target parameter set and a pre-stored optimization database, and finally operation parameters of the VPN equipment are adjusted according to the target optimization parameter set. The application can realize intelligent optimization of the operation parameters of VPN equipment.

Additional features and advantages of embodiments of the application will be set forth in the detailed description which follows.

Drawings

The accompanying drawings are included to provide a further understanding of embodiments of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain, without limitation, the embodiments of the application. In the drawings:

Fig. 1 is a schematic flow chart of a method for optimizing VPN equipment according to an embodiment of the present application;

Fig. 2 is a schematic structural diagram of an apparatus for optimizing VPN equipment according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the detailed description described herein is merely for illustrating and explaining the embodiments of the present application, and is not intended to limit the embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

It should be noted that, if directional indications (such as up, down, left, right, front, and rear … …) are included in the embodiments of the present application, the directional indications are merely used to explain the relative positional relationship, movement conditions, etc. between the components in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indications are correspondingly changed.

In addition, if there is a description of "first", "second", etc. in the embodiments of the present application, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present application.

Fig. 1 is a flow chart of a method for optimizing VPN equipment according to an embodiment of the present application. As shown in fig. 1, an embodiment of the present application provides a method for optimizing a VPN device, and the method is applied to a processor for example to describe the method, and the method may include the following steps.

Step S101: and in the process of data forwarding of the VPN equipment, acquiring terminal information of a client side communicating with the VPN equipment at the current moment and equipment state information of the VPN equipment.

Step S102: and determining risk values of all parameters in the terminal information and the equipment state information according to preset rules to obtain a target parameter set.

Step S103: and determining a target optimization parameter set of the VPN equipment according to the target parameter set and a pre-stored optimization database.

Step S104: and adjusting the operation parameters of the VPN equipment according to the target optimization parameter set.

In an embodiment of the present application, the VPN device may communicate with a terminal in which the VPN client is installed. In the process of carrying out data transmission between the VPN equipment and the client, the VPN equipment or the client causes the problems of low data transmission speed or unstable connection and the like. In contrast, in the embodiment of the application, based on the device state information of the VPN device and the terminal information of the client, the performance of the VPN device when data forwarding is monitored, and the parameters of the VPN device are intelligently optimized.

Specifically, in the process of data transmission between the client and the VPN device, the VPN client may monitor terminal information in real time, and send the collected terminal information to the VPN device. In one example, the terminal information may include parameters related to data transmission performance, such as client version information, operating system information, a size of data transmitted, a client transmission delay, and a data transmission manner. In order to improve the security of the data, the VPN client may record the collected terminal information into a file, for example, an excel file and a note file, and then send the file to the VPN device through SSL or TLS protocol encapsulation encryption. Meanwhile, the processor can also collect the equipment state information of the VPN equipment in real time. In one example, the device state information may include parameters of the VPN device related to data transfer performance, such as cpu usage, device memory usage, device bandwidth occupancy, number of clients online, data forwarding delay, and packet loss rate.

It will be appreciated that in order to determine the current data transmission situation based on the acquired device status information and terminal information, further optimisation is required. The processor may determine risk values of the parameters in the terminal information and the device state information according to a preset rule, and store parameter names, parameter values and risk values of the parameters in an associated manner, so as to obtain a target parameter set. The target parameter set comprises a plurality of pieces of data, and each piece of data comprises a parameter name, a parameter value and a risk value of the corresponding parameter. It should be noted that, the preset rule is a rule designed by a technician based on the historical transmission data to determine the risk value of the parameter according to the parameter value of the parameter, and the rules for determining the risk value of different parameters are not the same. For example, the risk value of the client transmission delay may be 0 to 3, the risk value corresponding to the parameter value of the client transmission delay in the first preset time (for example, 0 to 60 ms) is 0, the risk value corresponding to the parameter value of the client transmission delay in the first preset time (for example, 61 to 90 ms) is 1, the risk value corresponding to the parameter value in the first preset time (for example, 91 to 120 ms) is 2, and the risk value corresponding to the parameter value in the first preset time (for example, more than 120 ms) is 3. For another example, the risk value of the CPU usage rate in the device status information may be 0 to 1, where the risk value corresponding to the parameter value of the CPU usage rate is 0 when the parameter value is less than or equal to a preset threshold (e.g., 98%), and the risk value corresponding to the parameter value is 1 when the parameter value is greater than the preset threshold. And similarly, risk value assignment rules of other parameter values can be set. It will be appreciated that the larger the risk value, the greater the frontal risk, and the more necessary the optimization of the device parameters of the VPN device. It should be noted that, the above values related to the risk value assignment of the parameter are all illustrated, and the specific value setting may be determined according to the actual situation.

It can be appreciated that the processor can determine the target optimized parameter set of the VPN device according to the target parameter set obtained by the assigned device state information and the terminal information in combination with the pre-stored optimized database. The pre-stored optimization database is a database formed by a plurality of standard parameter sets without abnormal data transmission acquired in a preset time period, and in order to improve the accuracy of the optimization result, the preset time period is a period of time adjacent to the current time, such as a period of time before a month or a period of time before a week, and the specific time length can be set according to requirements. It will be appreciated that the data composition of each standard parameter set in the optimization database is the same as the target parameter set. The standard parameter sets stored in the pre-stored optimized database are all parameter sets under the condition of no abnormality of data transmission. Based on the optimization database and the target parameter set, the target optimization parameter set of the VPN device can be determined in a mode of comparing the risk value with the parameter value. The target optimization parameter set comprises parameters needing to be optimized and optimized parameter values. Further, the processor may translate the set of target optimization parameters into specific device configuration commands, adjusting the device parameters by controlling VPN device execution commands. In one example, the set of target optimization parameters may be translated into commands corresponding to the adjustment device parameters using natural language processing techniques, compiled into script execution. Thus, intelligent optimization of equipment parameters of the VPN equipment can be realized, and therefore, the performance of the VPN equipment in data transmission is improved.

Therefore, the VPN equipment is subjected to parameter optimization based on the client information and the equipment state information when the client and the VPN equipment carry out data transmission, the problems of the existing VPN equipment in terms of performance and user experience are solved, and the method is beneficial to improving the bandwidth utilization rate, reducing network congestion, avoiding network delay, improving the VPN transmission rate, improving the user experience and reducing the risk of equipment failure.

In the embodiment of the present application, the terminal information may include: client version information, operating system information, transmitted data size, client transmission delay and data transmission mode.

Specifically, the terminal information refers to parameters related to a terminal that communicates with the VPN device at the current time and performs data transmission, and may include parameters related to data transmission performance, such as client version information, operating system information, a size of data to be transmitted, a transmission delay of a client, and a data transmission mode. The client version information refers to version information of the client at the current moment. The operating system information refers to the operating system currently used by the client. The transmitted data size refers to the data size that the client downloads from or uploads to the VPN device. The transmission delay of the client refers to the delay time when the client transmits data. The data transmission mode refers to a transmission mode adopted by a client for uploading data to or downloading data from VPN equipment, and comprises modes of parallel transmission, front-end transmission, intelligent cache, traditional transmission and the like.

In an embodiment of the present application, the device status information may include: CUP usage rate, device memory usage status, device bandwidth occupancy rate, client online number, data forwarding delay and packet loss rate.

Specifically, the device state information refers to a plurality of parameters affecting the data transmission state of the VPN device at the current time, and may include a CUP usage rate, a device memory usage state, a device bandwidth occupancy rate, an online number of clients, a data forwarding delay, a packet loss rate, and the like. The CPU utilization rate refers to the CPU utilization rate of the VPN equipment, and the parameter value of the CPU utilization rate is a percentage. The device memory usage status refers to the memory occupancy rate of the VPN device, and the parameter value thereof is a percentage. The device bandwidth occupancy rate refers to the bandwidth occupancy size of the VPN device, and the parameter value thereof is a percentage. The client presence number refers to the number of VPN authorized client presence, and the parameter value is a specific value. The data forwarding delay refers to delay time of the VPN device when forwarding data, and the parameter value is a duration. The packet loss rate refers to the proportion of the packet loss condition of the VPN equipment when the VPN equipment forwards data, and the parameter value of the packet loss rate is a percentage.

In the embodiment of the present application, the determining, by the target parameter set and the pre-stored optimization database, the target optimization parameter set of the VPN device may include: judging whether the VPN equipment is in a risk state according to the target parameter set; determining a target optimization parameter set of the VPN equipment according to the target parameter set and the optimization database under the condition that the VPN equipment is in a risk state; in the event that the VPN device is not in a risk state, storing the target parameter set in an optimization database to update the optimization database.

Specifically, before determining the target optimized parameter set of the VPN device, it is first determined whether the VPN device is in a risk state, where the risk state is whether the data transmission process is abnormal. Because the target parameter set contains the risk values of the parameters in the equipment state information and the terminal information related to the data transmission performance, whether the VPN equipment is in a risk state or not can be judged through the target parameter set, namely whether the current data transmission is abnormal or not is judged according to the risk values of the parameters in the target parameter set. In one example, in the case that the VPN device is in a risk state, it is indicated that there is an abnormality in the current data transmission, and further optimization may be performed, so that parameters that need to be optimized may be determined according to the target parameter set and the optimization database, so as to obtain the target optimized parameter set. In another example, when the VPN device is not in a risk state, it is indicated that data transmission between the current VPN device and the client is in a normal state, and in case of no anomaly, the target parameter set corresponding to the current time may be stored as a new standard parameter set in the optimization database, so as to provide data support for optimization of device parameters of the subsequent VPN device. Therefore, by judging whether the VPN equipment needs to be optimized and further processed in advance, the operation efficiency of the system can be provided.

In the embodiment of the application, the optimization database comprises a plurality of standard parameter sets, and parameters contained in the standard parameter sets are the same as parameters contained in the target parameter sets; determining a target optimization parameter set for the VPN device from the target parameter set and the optimization database may include: matching the target parameter set with a plurality of standard parameter sets in an optimization database to determine a risk type; determining a target standard parameter set with highest similarity with the target parameter set in the optimized database; and determining a target optimization parameter set of the VPN equipment according to the target risk type, the target parameter set and the target standard parameter set.

It can be understood that the optimization database refers to a database formed by a plurality of standard parameter sets without abnormal data transmission acquired in a preset time period, and in order to improve the accuracy of the optimization result, the preset time period refers to a period of time adjacent to the current time, such as a previous month or a previous week, and the specific time length can be set according to requirements. The parameters contained in the plurality of standard parameter sets are the same as the parameters contained in the target parameter set, namely, the data composition form of each standard parameter set in the optimization database is the same as the target parameter set. The standard parameter sets stored in the pre-stored optimized database are all parameter sets under the condition of no abnormality of data transmission. Based on the optimization database and the target parameter set, the target optimization parameter set of the VPN device can be determined in a mode of comparing the risk value with the parameter value.

Specifically, the processor may first match the target parameter set with a plurality of standard parameter sets to determine a risk type, where the risk type refers to a source causing the current data transmission abnormality, including the VPN client and the VPN device, i.e. determine which party of the terminal and the VPN device causes or commonly causes the current abnormality. The risk type determines a subsequent optimization object, which may be one or both of a VPN device and a VPN client. In one example, the target parameter set may be respectively matched with each standard parameter set, and the difference between parameter values is compared to determine whether the parameter with the larger difference belongs to the device state information or the terminal information, thereby determining the risk type. Further, a deep learning neural network model (such as a cyclic neural network RNN and a long-short term memory network LSTM) is utilized to determine a target standard parameter set with highest similarity with the target parameter set in the optimization database. Further, a target optimization parameter set of the VPN device is determined according to the target risk type, the target parameter set and the target standard parameter set. After the target object to be optimized is determined, difference information is determined according to the target parameter data and the target standard parameter set, and then parameters to be optimized are determined according to the difference information and parameter values of the parameters to be optimized are determined according to the target standard parameter set, so that the target optimized parameter set is obtained. It will be appreciated that after the optimization parameter set is determined, an optimization instruction is determined by the VPN device, so that data transmission parameters between the VPN device and the VPN client are adjusted to optimize transmission performance.

In an embodiment of the present application, determining whether the VPN device is in a risk state according to the target parameter set may include: judging whether risk values of a plurality of target parameters in the target parameters exceed a preset threshold value or not respectively, wherein the target parameters comprise client transmission delay, data forwarding delay and packet loss rate; judging that the VPN equipment is in a risk state under the condition that the risk value of any target parameter in the plurality of target parameters exceeds a preset threshold value; and under the condition that the risk values of the target parameters do not exceed the preset threshold value, judging that the VPN equipment is not in a risk state.

It can be understood that in the process of data transmission between the VPN device and the VPN client, the main anomalies include two aspects of delay and packet loss, so that the embodiment of the present application mainly determines whether the VPN device is in a risk state from the client transmission delay, the data forwarding delay and the packet loss rate. Specifically, before the system operates, a technician can set risk thresholds of the client transmission delay, the data forwarding delay and the packet loss rate, namely preset thresholds, according to actual conditions. Further, for data transmission between the current VPN device and the VPN client, under the condition that the target parameter set is determined, risk values of the client transmission delay, the data forwarding delay and the packet loss rate are determined, the risk values of the client transmission delay, the data forwarding delay and the packet loss rate are compared with corresponding preset thresholds respectively, and whether the VPN device is in a risk state is determined according to the comparison result. In one example, when a risk value of any one of the client transmission delay, the data forwarding delay and the packet loss rate exceeds a corresponding preset threshold, it is determined that the VPN device is in a risk state. In another example, under the condition that risk values of the client transmission delay, the data forwarding delay and the packet loss rate do not exceed corresponding preset thresholds, it is determined that the VPN device is not in a risk state, that is, data transmission is not abnormal.

In a specific embodiment of the present application, a specific embodiment of a method for intelligent VPN optimization provided by the present application is provided, and an example of application of the method to a VPN intelligent optimization system is described, where the VPN intelligent optimization system is deployed in a VPN device, and the VPN device communicates with a client, and the specific embodiment may include the following four parts.

1. And (5) monitoring the customer calculation in real time.

The real monitoring terminal information of the client side comprises: client version information, operating system information, transmitted data size, client transmission delay and data transmission mode. The monitoring function can use an API interface of an operating system, collect the information and record the information into an excel or note file, and encapsulate and encrypt the excel or note file by using SSL and TLS protocols to send the excel or note file to VPN equipment.

2. And (5) data acquisition.

Integrating a data acquisition function in VPN equipment to acquire equipment state information such as CUP utilization rate, equipment memory utilization state, equipment bandwidth occupancy rate, client online number, data forwarding delay, packet loss rate and the like.

3. And (5) data analysis.

And carrying out risk value assignment on the acquired equipment state information and the received terminal information according to a preset rule to obtain a target parameter set, and determining the target optimization parameter set through an artificial intelligence algorithm according to the target parameter set and an optimization database. For any parameter, a larger risk value proves that the risk is higher. The preset rules are as follows.

Client version information: risk values include 0 and 1. Initially 0, and updating the risk value to 1 if no standard data set is matched in the optimized database.

Operating system information: risk values include 0 and 1. Initially 0, and updating the risk value to 1 if no standard data set is matched in the optimized database.

Size of data transmitted: risk values include 0, 1, 2, 3, and 4. The data size is 0 to 1M risk value, more than 1M risk value is less than or equal to 5M risk value is 1, more than 5M risk value is less than or equal to 10M risk value is 2, more than 10M risk value is less than or equal to 50M risk value is 3, and more than 50M risk value is 4.

Client transmission delay: risk values include 0, 1,2, and 3. The time delay is 1-60 ms, the risk value is 0, the risk value is 1 in 61-90 ms, the risk value is 2 in 91-120 ms, and the risk value is 3 above 120 ms.

The data transmission mode is as follows: risk values include 0 and 1. The risk value of any mode in parallel transmission, front-end compression and intelligent cache is 0, and the risk value of the traditional transmission mode is 1.

CPU utilization: risk values include 0 and 1. The usage rate is not more than 98% risk value of 0, and is more than 98% risk value of 1.

Device memory usage status: risk values include 0 and 1. The memory occupation is less than 95% of the risk value is 0, and more than 95% of the risk value is 1 minute.

Device broadband occupancy: risk values include 0 and 1. The bandwidth occupation is less than 95% risk value 0 and greater than 95% risk value 1.

Client online number: risk values include 0 and 1. The online number of the client is smaller than the maximum authorized online number risk value which is 0 and equal to 1 minute.

Data transfer delay: risk values include 0, 1,2, and 3. The time delay is 1-60 ms, the risk value is 0, the risk value is 1 in 61-90 ms, the risk value is 2 in 91-120 ms, and the risk value is 3 above 120 ms.

Packet loss rate: risk values include 0 and 1. The packet loss rate is not more than 0.1% of risk value 0, and is more than 0.1% of risk value 1.

The optimization of each parameter is as follows.

Client version information optimization: the VPN device may send updated information to the client prompting of the popup.

Operating system information optimization: different client versions of the operating system are also different, and the device issues prompt information applicable to the update of the client version of the operating system to the client.

Size of data transmitted: the VPN device may issue an instruction when the client uploads the file, so that the client transmits the file in segments, and the VPN device may use parallel transmission when the client downloads the file.

Client transmission delay: firstly, judging the risk value of the data transmission mode, and if the risk of the data transmission mode is 0, the VPN equipment can give a prompt for the client to switch networks. The transmission scheme is optimized if the risk of the transmission scheme is not 0.

The data transmission mode is as follows: firstly, judging that the risk value of the client transmission delay in the client connection transmission and the risk value of the transmitted data size are added, if the sum is not 0, adopting a parallel transmission, front-end compression or intelligent caching mode, and specifically adopting a mode which needs to be obtained through artificial intelligent operation.

Optimizing the CPU utilization rate of the equipment: and releasing the process and releasing the utilization rate of the CPU.

Optimizing the use state of the equipment memory: and when the risk value is 1, cleaning up files which are not commonly used in the cache.

Optimizing the broadband occupancy rate of the equipment: network-stabilized network egress links are preferentially selected.

Client online number optimization: and when the risk value is 1, the client logged in at the earliest time of offline.

Data forwarding delay optimization: and when the risk value is less than or equal to 1, the optimization is not needed, and when the risk value is more than or equal to 1 and less than or equal to 3, the use rate of the CPU of the equipment, the use state of the memory of the equipment and the occupancy rate of the bandwidth of the equipment are optimized.

Packet loss rate optimization: and optimizing the use rate of the CPU of the equipment, the use state of the memory of the equipment and the occupancy rate of the bandwidth of the equipment when the risk value is 1.

4. And (5) intelligent optimization.

The target optimization parameter set is translated into specific equipment configuration commands and execution commands to adjust equipment parameters, natural language processing technology is used for translating the target optimization parameter set into commands for correspondingly adjusting the equipment parameters, and the commands are edited into script execution.

Through the technical scheme, the VPN equipment is subjected to parameter optimization based on the client information and the equipment state information when the client and the VPN equipment carry out data transmission, so that the problems of performance and user experience of the conventional VPN equipment are solved, the improvement of the bandwidth utilization rate, the reduction of network congestion, the avoidance of network delay, the improvement of the VPN transmission rate, the improvement of the user use experience and the reduction of the risk of equipment faults are facilitated.

The embodiment of the application also provides a processor configured to execute the method for optimizing the VPN device in the above-mentioned implementation mode.

Fig. 2 is a schematic structural diagram of an apparatus for optimizing VPN equipment according to an embodiment of the present application. As shown in fig. 2, an embodiment of the present application further provides an apparatus 200 for optimizing a VPN device, where the apparatus 200 includes:

The data obtaining module 210 is configured to obtain terminal information of a client that communicates with the VPN device at the current moment and device state information of the VPN device in a process of forwarding data by the VPN device.

The risk value determining module 220 is configured to determine risk values of the parameters in the terminal information and the device state information according to a preset rule, so as to obtain a target parameter set.

The target optimization parameter set determining module 230 is configured to determine a target optimization parameter set of the VPN device according to the target parameter set and a pre-stored optimization database.

A control module 240, configured to adjust the operation parameters of the VPN device according to the target optimization parameter set.

According to the device 200 for optimizing the VPN device, in the process of forwarding data of the VPN device, terminal information of a client communicating with the VPN device at the current moment and device state information of the VPN device are obtained, then risk values of all parameters in the terminal information and the device state information are determined according to preset rules to obtain a target parameter set, further a target optimizing parameter set of the VPN device is determined according to the target parameter set and a pre-stored optimizing database, and finally operation parameters of the VPN device are adjusted according to the target optimizing parameter set. The application can realize intelligent optimization of the operation parameters of VPN equipment.

In one embodiment, the target optimization parameter set determination module 230 is further configured to: judging whether the VPN equipment is in a risk state according to the target parameter set; determining a target optimization parameter set of the VPN equipment according to the target parameter set and the optimization database under the condition that the VPN equipment is in a risk state; in the event that the VPN device is not in a risk state, storing the target parameter set in an optimization database to update the optimization database.

In one embodiment, the optimization database includes a plurality of standard parameter sets, the parameters included in the plurality of standard parameter sets being the same as the parameters included in the target parameter set; the target optimization parameter set determination module 230 is further configured to: matching the target parameter set with a plurality of standard parameter sets in an optimization database to determine a risk type; determining a target standard parameter set with highest similarity with the target parameter set in the optimized database;

In one embodiment, the target optimization parameter set determination module 230 is further configured to: judging whether risk values of a plurality of target parameters in the target parameters exceed a preset threshold value or not respectively, wherein the target parameters comprise client transmission delay, data forwarding delay and packet loss rate; judging that the VPN equipment is in a risk state under the condition that the risk value of any target parameter in the plurality of target parameters exceeds a preset threshold value; and under the condition that the risk values of the target parameters do not exceed the preset threshold value, judging that the VPN equipment is not in a risk state.

In one embodiment, the terminal information includes: client version information, operating system information, transmitted data size, client transmission delay and data transmission mode.

The embodiment of the application also provides VPN equipment, which comprises: the processor in the above embodiment or the apparatus for optimizing a VPN device in the above embodiment.

The embodiment of the application also provides a machine-readable storage medium, on which a program or an instruction is stored, which when executed by a processor, implements the method for optimizing a VPN device in the foregoing embodiment.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.

The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims

1. A method for optimizing a VPN device, the method comprising:

2. The method according to claim 1, wherein determining the set of target optimization parameters for the VPN device from the set of target parameters and a pre-stored optimization database comprises:

Judging whether the VPN equipment is in a risk state according to the target parameter set;

Determining a target optimization parameter set of the VPN equipment according to the target parameter set and the optimization database under the condition that the VPN equipment is in a risk state;

And storing the target parameter set into the optimization database to update the optimization database when the VPN device is not in a risk state.

3. The method of claim 2, wherein the optimization database comprises a plurality of standard parameter sets, the parameters contained in the plurality of standard parameter sets being the same as the parameters contained in the target parameter set;

the determining a target optimization parameter set of the VPN device according to the target parameter set and the optimization database includes:

Matching the target parameter set with a plurality of standard parameter sets in the optimization database to determine a risk type;

4. The method of claim 2, wherein said determining whether the VPN device is in a risk state based on the target set of parameters comprises:

Respectively judging whether risk values of a plurality of target parameters in the target parameters exceed a preset threshold value, wherein the target parameters comprise client transmission delay, data forwarding delay and packet loss rate;

judging that the VPN equipment is in a risk state under the condition that the risk value of any target parameter in the target parameters exceeds the preset threshold value;

and under the condition that the risk values of the target parameters do not exceed the preset threshold value, judging that the VPN equipment is not in a risk state.

5. The method of claim 1, wherein the terminal information comprises:

Client version information, operating system information, transmitted data size, client transmission delay and data transmission mode.

6. The method of claim 1, wherein the device status information comprises:

CUP usage rate, device memory usage status, device bandwidth occupancy rate, client online number, data forwarding delay and packet loss rate.

7. A processor, characterized by being configured to perform the method for optimizing a VPN device according to any of claims 1 to 6.

8. An apparatus for optimizing a VPN device, the apparatus comprising:

9. A VPN device, comprising:

a processor according to claim 7 or an apparatus for optimizing a VPN device according to claim 8.

10. A machine-readable storage medium having stored thereon a program or instructions, which when executed by a processor, implements a method for optimizing a VPN device according to any of claims 1 to 6.