[go: up one dir, main page]

CN113438197B - Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition - Google Patents

Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition Download PDF

Info

Publication number
CN113438197B
CN113438197B CN202010210074.3A CN202010210074A CN113438197B CN 113438197 B CN113438197 B CN 113438197B CN 202010210074 A CN202010210074 A CN 202010210074A CN 113438197 B CN113438197 B CN 113438197B
Authority
CN
China
Prior art keywords
hub
collection
acquisition
gateway
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010210074.3A
Other languages
Chinese (zh)
Other versions
CN113438197A (en
Inventor
谭霖良
李春梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Yunnan Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Yunnan Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Yunnan Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010210074.3A priority Critical patent/CN113438197B/en
Publication of CN113438197A publication Critical patent/CN113438197A/en
Application granted granted Critical
Publication of CN113438197B publication Critical patent/CN113438197B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种跨网采集的多级级联通信系统、方法、计算机设备和介质。该跨网采集的多级级联通信系统包括:内网,其中,内网中部署有采集组件,以及根据防火墙类型部署的采集网关HUB,采集组件以及采集网关HUB开设有内内连接端口;外网,其中,外网中部署有二层HUB区,内网和外网开设有内外连接端口,内外连接端口为基于采集网关HUB和二层HUB区开设的,二层HUB区中的HUB和采集网关HUB包括服务端或客户端的双端模式,双端模式用于基于防火墙类型建立二层HUB区与采集网关HUB之间的连接,以实现来自内网或外网的数据信息的传输。与现有技术相比,采用该跨网采集的多级级联通信方法实现的数据通信效果更佳。

Figure 202010210074

The invention discloses a multi-level cascade communication system, method, computer equipment and medium for cross-network acquisition. The multi-level cascaded communication system for cross-network collection includes: an intranet, wherein a collection component is deployed in the intranet, and a collection gateway HUB is deployed according to the type of firewall, and the collection component and the collection gateway HUB are provided with internal and internal connection ports; The external network is deployed with a second-layer HUB area, and the internal and external networks are provided with internal and external connection ports. The internal and external connection ports are based on the collection gateway HUB and the second-layer HUB area. The HUB in the second-layer HUB area and the collection The gateway HUB includes the dual-end mode of the server or client. The dual-end mode is used to establish a connection between the Layer 2 HUB area and the collection gateway HUB based on the firewall type, so as to realize the transmission of data information from the intranet or extranet. Compared with the prior art, the data communication effect realized by the multi-level cascaded communication method of cross-network collection is better.

Figure 202010210074

Description

跨网采集的多级级联通信系统、方法、计算机设备和介质Multi-level cascade communication system, method, computer equipment and medium for cross-network collection

【技术领域】【Technical field】

本发明涉及通信领域,尤其涉及一种跨网采集的多级级联通信系统、方法、计算机设备和介质。The present invention relates to the communication field, in particular to a multi-level cascade communication system, method, computer equipment and medium for cross-network collection.

【背景技术】【Background technique】

随着运营商业务范围增多,运营商使用的物理机、虚拟机、网络设备等设备剧增。为了有效监控管理这些设备,保障各业务系统平稳运行,企业的业务支撑管理系统的监控需求也随之增加。但是,考虑到防止内部核心数据的泄露,一般企业都会对企业网络实施内外隔离,甚至在内部网络中进一步划分出研发网、办公网、生产网等。目前,企业的业务支撑管理系统实现对各设备的监控需要频繁地进行数据交换。目前,面对网络隔离,在采用如U盘、双网卡主机或网闸摆渡实现网络隔离下的数据通信时,其存在数据出错,安全性低等问题,数据通信效果不佳。As the business scope of operators increases, the number of physical machines, virtual machines, and network devices used by operators has increased dramatically. In order to effectively monitor and manage these devices and ensure the smooth operation of various business systems, the monitoring requirements of the enterprise's business support management system have also increased. However, in order to prevent the leakage of internal core data, the general enterprise will implement internal and external isolation of the enterprise network, and even further divide the internal network into research and development network, office network, production network and so on. At present, the business support management system of an enterprise requires frequent data exchange to realize the monitoring of each device. At present, in the face of network isolation, when data communication under network isolation is realized by using such as U disk, dual network card host or gatekeeper ferry, there are problems such as data error and low security, and the data communication effect is not good.

【发明内容】【Content of invention】

有鉴于此,本发明实施例提供了一种跨网采集的多级级联通信系统、方法、计算机设备和介质,用以解决目前企业的业务支撑管理系统在网络隔离下进行数据通信,对各设备进行频繁的数据监控时,数据通信效果不佳的问题。In view of this, the embodiment of the present invention provides a multi-level cascade communication system, method, computer equipment and medium for cross-network collection, which is used to solve the problem of data communication in the current enterprise business support management system under network isolation. When the device performs frequent data monitoring, the data communication effect is not good.

第一方面,本发明实施例提供了一种跨网采集的多级级联通信系统,所述系统包括:In the first aspect, an embodiment of the present invention provides a multi-level cascade communication system for cross-network collection, the system includes:

内网,其中,内网中部署有采集组件,以及根据防火墙类型部署的采集网关HUB,所述采集组件以及所述采集网关HUB开设有内内连接端口;Intranet, wherein, the collection component is deployed in the intranet, and the collection gateway HUB deployed according to the firewall type, the collection component and the collection gateway HUB are provided with internal connection ports;

外网,其中,外网中部署有二层HUB区,所述内网和外网开设有内外连接端口,所述内外连接端口为基于所述采集网关HUB和所述二层HUB区开设的,所述二层HUB区中的HUB和所述采集网关HUB包括服务端或客户端的双端模式,所述双端模式用于基于所述防火墙类型建立所述二层HUB区与所述采集网关HUB之间的连接,以实现来自内网或外网的数据信息的传输。The external network, wherein, a second-layer HUB area is deployed in the external network, and the internal network and the external network are provided with internal and external connection ports, and the internal and external connection ports are opened based on the collection gateway HUB and the two-layer HUB area, The HUB in the two-layer HUB area and the collection gateway HUB include a server or client dual-end mode, and the dual-end mode is used to establish the two-layer HUB area and the collection gateway HUB based on the firewall type The connection between them to realize the transmission of data information from the intranet or extranet.

如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述采集网关HUB包括DMZ HUB、NAT HUB和NALL HUB,所述二层HUB区中的HUB包括DMZ HUB、NAT HUB和NALL HUB,内网中所述采集网关HUB与所述二层HUB区中的HUB的连接关系包括主动连接和被动连接。According to the above aspect and any possible implementation, an implementation is further provided, the collection gateway HUB includes DMZ HUB, NAT HUB and NALL HUB, and the HUB in the second-layer HUB area includes DMZ HUB, NAT HUB and NALL HUB, the connection relationship between the acquisition gateway HUB in the intranet and the HUB in the second-floor HUB area includes active connection and passive connection.

如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,当所述防火墙类型为DMZ时,所述采集网关采用DMZ HUB,并以所述DMZ HUB作为客户端发起连接;According to the above aspect and any possible implementation, an implementation is further provided, when the firewall type is DMZ, the collection gateway uses a DMZ HUB, and uses the DMZ HUB as a client to initiate a connection;

当所述防火墙类型为NAT时,所述采集网关采用NAT HUB,并以与所述NAT HUB相连的HUB作为客户端发起连接;When the firewall type is NAT, the collection gateway adopts a NAT HUB, and initiates a connection with the HUB connected to the NAT HUB as a client;

当所述防火墙类型为NALL时,所述采集网关采用NALL HUB,并以所述内网的NALLHUB作为客户端发起连接。When the firewall type is NALL, the collection gateway uses a NALL HUB, and uses the NALL HUB of the intranet as a client to initiate a connection.

如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述采集网关HUB和所述二层HUB区中的HUB采用ANF网络框架为基础搭建框架,包括传输接口层、管理层和服务层,其中,所述传输接口层用于消息队列、负载均衡、服务端和客户端的实现。According to the above-mentioned aspect and any possible implementation mode, an implementation mode is further provided, the HUB in the acquisition gateway HUB and the HUB in the second-layer HUB area use the ANF network framework as the basis to build a framework, including the transmission interface layer, management layer and service layer, wherein, the transmission interface layer is used for the implementation of message queue, load balancing, server and client.

如上所述的方面和任一可能的实现方式,进一步提供一种实现方式,所述外网还包括:采集服务和应用服务,其中,所述应用服务中的数据包括由采集服务中传输过来的数据,所述采集服务和应用服务应用在外网的计算机设备中。According to the above aspect and any possible implementation, an implementation is further provided, the external network further includes: a collection service and an application service, wherein the data in the application service includes the data transmitted from the collection service data, the collection service and application service are applied to computer equipment on the external network.

第二方面,本发明实施例提供了一种跨网采集的多级级联通信方法,包括:In the second aspect, the embodiment of the present invention provides a multi-level cascade communication method for cross-network collection, including:

启动采集组件、采集网关HUB和二层HUB区中的HUB;Start the collection component, the collection gateway HUB and the HUB in the second-floor HUB area;

在所述采集组件、所述采集网关HUB和所述二层HUB区中的HUB启动后,建立所述采集组件和所述采集网关HUB的连接,以及所述采集网关HUB和所述二层HUB区的连接,实现数据基于跨网采集的通信,其中,所述采集组件、所述采集网关和所述二层HUB区中的HUB如权利要求1所述跨网采集的多级级联通信系统中的采集组件、采集网关和二层HUB区中的HUB。After the collection component, the collection gateway HUB and the HUB in the second-layer HUB area are started, establish the connection between the collection component and the collection gateway HUB, and the collection gateway HUB and the second-layer HUB Area connection, realizing data communication based on cross-network acquisition, wherein the acquisition component, the acquisition gateway and the HUB in the second-layer HUB area are as claimed in claim 1. The multi-level cascade communication system for cross-network acquisition The collection components, collection gateways and HUBs in the HUB area on the second floor.

第三方面,本发明实施例提供了一种跨网采集的多级级联通信方法,包括由内网计算机设备执行的如下步骤:In the third aspect, the embodiment of the present invention provides a multi-level cascading communication method for cross-network collection, including the following steps performed by an intranet computer device:

启动采集网关HUB,其中,采集组件、二层HUB区中的HUB为启动状态;Start the acquisition gateway HUB, where the acquisition component and the HUB in the second-floor HUB area are in the activated state;

在所述采集网关HUB启动后,建立所述采集组件和所述采集网关HUB的连接,以及所述采集网关HUB和所述二层HUB区的连接,实现数据基于跨网采集的通信,其中,所述采集组件、所述采集网关和所述二层HUB区中的HUB如权利要求1所述跨网采集的多级级联通信系统中的采集组件、采集网关和二层HUB区中的HUB。After the collection gateway HUB is started, the connection between the collection component and the collection gateway HUB, and the connection between the collection gateway HUB and the second-layer HUB area are established to realize data communication based on cross-network collection, wherein, The acquisition component, the acquisition gateway, and the HUB in the second-layer HUB area are as claimed in claim 1. The acquisition assembly, the acquisition gateway, and the HUB in the second-layer HUB area in the multi-level cascaded communication system for cross-network acquisition .

第四方面,本发明实施例提供了一种跨网采集的多级级联通信方法,包括由外网计算机设备执行的如下步骤:In the fourth aspect, the embodiment of the present invention provides a multi-level cascade communication method for cross-network collection, including the following steps performed by an external network computer device:

启动二层HUB区中的HUB,其中,采集组件、采集网关HUB为启动状态,所述采集组件和所述采集网关HUB为连接建立状态;Start the HUB in the HUB area on the second floor, wherein the collection component and the collection gateway HUB are in the startup state, and the collection component and the collection gateway HUB are in the connection establishment state;

在所述二层HUB区中的HUB启动后,建立所述采集网关HUB和所述二层HUB区的连接,实现数据基于跨网采集的通信,其中,所述采集组件、所述采集网关和所述二层HUB区中的HUB如权利要求1所述跨网采集的多级级联通信系统中的采集组件、采集网关和二层HUB区中的HUB。After the HUB in the second-layer HUB area is started, the connection between the collection gateway HUB and the second-layer HUB area is established to realize data communication based on cross-network collection, wherein the collection component, the collection gateway and The HUB in the second-layer HUB area is as the acquisition component, the acquisition gateway, and the HUB in the second-layer HUB area in the multi-level cascade communication system for cross-network acquisition according to claim 1.

第五方面,一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述由内网计算机设备执行的跨网采集的多级级联通信方法的步骤,或者,所述处理器执行所述计算机程序时实现上述由外网计算机设备执行的跨网采集的多级级联通信方法的步骤。According to a fifth aspect, a computer device includes a memory, a processor, and a computer program stored in the memory and operable on the processor, and when the processor executes the computer program, the above-mentioned computer program by the intranet computer is implemented. The steps of the multi-level cascade communication method for cross-network collection performed by the device, or, when the processor executes the computer program, the steps of the above-mentioned multi-level cascade communication method for cross-network collection performed by an external network computer device are implemented.

第六方面,本发明实施例提供了一种计算机可读存储介质,包括:计算机程序,所述计算机程序被处理器执行时实现上述由内网计算机设备执行的跨网采集的多级级联通信方法的步骤,或者,所述计算机程序被处理器执行时实现上述由外网计算机设备执行的跨网采集的多级级联通信方法的步骤。In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, including: a computer program, and when the computer program is executed by a processor, the above-mentioned multi-level cascade communication of cross-network collection performed by an intranet computer device is realized The steps of the method, or, when the computer program is executed by the processor, realize the steps of the above-mentioned multi-level cascade communication method for cross-network collection performed by the external network computer equipment.

在本发明实施例中,通过在内网中部署的采集组件,以及根据防火墙类型在内网中部署的采集网关HUB、在外网中部署的二层HUB区,实现数据基于跨网采集的数据通信。具体地,内网计算机设备中采集组件与采集网关HUB建立有连接关系,内网计算机设备中的数据可通过采集组件采集,并传输到采集网关HUB中,以完成内网的数据采集;所述采集网关HUB和所述二层HUB区中的HUB包括服务端或客户端的双端模式,根据该双端模式,能够让采集网关HUB、二层HUB区中的HUB作为客户端或服务端,以根据不同的防火墙类型将外网和内网通过采集网关HUB和二层HUB区建立连接,从而实现数据基于跨网采集的数据通信,本发明实施例与现有技术相比,实现的数据通信效果更佳。In the embodiment of the present invention, data communication based on cross-network collection is realized through the collection components deployed in the internal network, the collection gateway HUB deployed in the internal network according to the firewall type, and the layer-2 HUB area deployed in the external network . Specifically, the collection component in the intranet computer equipment has a connection relationship with the collection gateway HUB, and the data in the intranet computer equipment can be collected by the collection component and transmitted to the collection gateway HUB to complete the data collection of the intranet; The acquisition gateway HUB and the HUB in the second-layer HUB area include a server or client dual-end mode. According to the dual-end mode, the acquisition gateway HUB and the HUB in the second-layer HUB area can be used as the client or server, to According to different firewall types, the external network and the internal network are connected through the collection gateway HUB and the second-layer HUB area, so as to realize data communication based on cross-network collection. Compared with the prior art, the embodiment of the present invention achieves the data communication effect better.

【附图说明】【Description of drawings】

为了更清楚地说明本发明实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其它的附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the accompanying drawings used in the embodiments will be briefly introduced below. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. Those of ordinary skill in the art can also obtain other drawings based on these drawings without paying creative labor.

图1是本发明一实施例中跨网采集的多级级联通信系统的一结构示意图;Fig. 1 is a schematic structural diagram of a multi-level cascade communication system collected across networks in an embodiment of the present invention;

图2是本发明一实施例中防火墙类型与采用的连接策略之间关系的一示意图;Fig. 2 is a schematic diagram of the relationship between firewall types and adopted connection strategies in an embodiment of the present invention;

图3是本发明一实施例中通讯系统的一组件关系图;Fig. 3 is a component relationship diagram of the communication system in an embodiment of the present invention;

图4是本发明一实施例中通讯系统的另一组件关系图;Fig. 4 is another component relationship diagram of the communication system in an embodiment of the present invention;

图5是本发明一实施例中通讯系统的又一组件关系图;Fig. 5 is another component relationship diagram of the communication system in an embodiment of the present invention;

图6是本发明一实施例中HUB的一设计图;Fig. 6 is a design drawing of HUB in an embodiment of the present invention;

图7是本发明一实施例中跨网采集的多级级联通信方法的一流程图;Fig. 7 is a flowchart of a multi-level cascade communication method collected across networks in an embodiment of the present invention;

图8是本发明一实施例中计算机设备的一示意图。Fig. 8 is a schematic diagram of computer equipment in an embodiment of the present invention.

【具体实施方式】【Detailed ways】

为了更好的理解本发明的技术方案,下面结合附图对本发明实施例进行详细描述。In order to better understand the technical solutions of the present invention, the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

应当明确,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。It should be clear that the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

在本发明实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本发明。在本发明实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。Terms used in the embodiments of the present invention are only for the purpose of describing specific embodiments, and are not intended to limit the present invention. As used in the embodiments of the present invention and the appended claims, the singular forms "a", "said" and "the" are also intended to include the plural forms unless the context clearly indicates otherwise.

应当理解,本文中使用的术语“和/或”仅仅是一种描述关联对象的相同的字段,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,且存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。It should be understood that the term "and/or" used herein is just a description of the same field of associated objects, indicating that there may be three relationships, for example, A and/or B may indicate: A exists alone, and A exists and B, there are three cases of B alone. In addition, the character "/" in this article generally indicates that the contextual objects are an "or" relationship.

应当理解,尽管在本发明实施例中可能采用术语第一、第二、第三等来描述预设范围等,但这些预设范围不应限于这些术语。这些术语仅用来将预设范围彼此区分开。例如,在不脱离本发明实施例范围的情况下,第一预设范围也可以被称为第二预设范围,类似地,第二预设范围也可以被称为第一预设范围。It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present invention to describe preset ranges, etc., these preset ranges should not be limited to these terms. These terms are only used to distinguish preset ranges from one another. For example, without departing from the scope of the embodiments of the present invention, the first preset range may also be called the second preset range, and similarly, the second preset range may also be called the first preset range.

取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”或“响应于检测”。类似地,取决于语境,短语“如果确定”或“如果检测(陈述的条件或事件)”可以被解释成为“当确定时”或“响应于确定”或“当检测(陈述的条件或事件)时”或“响应于检测(陈述的条件或事件)”。Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to determining" or "in response to detecting". Similarly, depending on the context, the phrases "if determined" or "if detected (the stated condition or event)" could be interpreted as "when determined" or "in response to the determination" or "when detected (the stated condition or event) )" or "in response to detection of (a stated condition or event)".

现有技术中,企业的业务支撑管理系统在网络隔离下进行数据通信,对各设备进行数据监控时,会采用以下常见的几种方式:In the prior art, the enterprise's business support management system performs data communication under network isolation, and the following common methods are adopted when performing data monitoring on each device:

(1)移动硬盘拷贝,用于波动不大的数据初次获取。采用移动硬盘拷贝这种方式,容易出现数据出错、数据被篡改等问题,而且容易感染病毒,没有审批功能,不能确保数据是否合规;此外,还没有日志记录,不能进行追溯,难以进行数据集中管控。(1) Mobile hard disk copy, used for the initial acquisition of data with little fluctuation. Using the method of mobile hard disk copying is prone to data errors, data tampering, etc., and it is easy to be infected with viruses. There is no approval function, and it is impossible to ensure whether the data is compliant; in addition, there is no log record, which cannot be traced, and it is difficult to centralize data. Control.

(2)双网卡主机,即一台电脑安装两个网卡连接到两个不同的网络。采用双网卡主机的这种方式,其安全性难以保证,硬件实施成本也比较高。(2) Dual network card host, that is, a computer is installed with two network cards to connect to two different networks. In the way of using dual-network card hosts, its security is difficult to guarantee, and the cost of hardware implementation is relatively high.

(3)跨网FTP(File Transfer Protocol,文件传输协议),主要用于上传和下载文件。采用跨网FTP这种方式,其安全性较低,且传输大文件时较慢,容易出现传输错误、传输中断等问题。(3) Cross-network FTP (File Transfer Protocol, file transfer protocol), mainly used for uploading and downloading files. Using the method of cross-network FTP, its security is low, and the transmission of large files is slow, and problems such as transmission errors and transmission interruptions are prone to occur.

(4)网闸摆渡,是一种通过网闸隔离符合物理隔离的信息安全要求。采用网闸摆渡这种方式,其传输速度较慢,且不能进行防病毒检查,没有审批功能,不能进行数据集中管控。(4) Gatekeeper Ferry is a kind of information security requirement for physical isolation through gatekeeper isolation. Using the gatekeeper ferry method, the transmission speed is relatively slow, and anti-virus inspection cannot be performed, there is no approval function, and centralized data management and control cannot be performed.

(5)部署路由器、交换机。在不同网络区域部署交换机,然后通过路由器的配置实现彼此之间的数据通信,需要额外购买路由器、交换机等硬件设备,同时还需要分配IP等资源,费时费力的同时还增加了硬件成本和运维成本。(5) Deploy routers and switches. Deploy switches in different network areas, and then realize data communication between each other through the configuration of routers. It is necessary to purchase additional hardware devices such as routers and switches, and at the same time need to allocate resources such as IP, which is time-consuming and laborious. It also increases hardware costs and O&M cost.

可以看出,以上采用的一些现有方式,其起到的数据通信效果不佳,会出现数据出错等问题,此外,即使能够一定程度上保证数据通信效果,其需要消耗的资源也是比较大的。It can be seen that some of the existing methods adopted above have poor data communication effects, and problems such as data errors may occur. In addition, even if the data communication effect can be guaranteed to a certain extent, the resources that need to be consumed are relatively large .

本发明实施例提供一种跨网采集的多级级联通信系统,该系统包括:An embodiment of the present invention provides a multi-level cascade communication system for cross-network collection, the system includes:

内网,其中,内网中部署有采集组件,以及根据防火墙类型部署的采集网关HUB,采集组件以及采集网关HUB开设有内内连接端口。Intranet, wherein, the collection component is deployed in the intranet, and the collection gateway HUB is deployed according to the firewall type, and the collection component and the collection gateway HUB have internal connection ports.

可以理解地,内网中可以包括多个子网络,如子网A、子网B和子网C。为了使得企业的业务支撑管理系统(如BOMC(Business Operation Management Center)),能够在网络隔离下进行数据通信,实现对各设备的数据监控,本实施例具体可在内网中的每个子网络中增设采集组件,通过该采集组件,可以将内网子网络中的数据采集。Understandably, the intranet may include multiple subnets, such as subnet A, subnet B, and subnet C. In order to enable the enterprise's business support management system (such as BOMC (Business Operation Management Center)) to perform data communication under network isolation and realize data monitoring of each device, this embodiment can specifically be implemented in each sub-network in the intranet. A collection component is added, through which the data in the intranet subnet can be collected.

在一实施例中,内网中的计算机设备上还部署有采集网关HUB(HUB是一个多端口的转发器,在以HUB为中心设备时,即使网络中某条线路产生了故障,并不影响其它线路的工作)。其中,该采集网关HUB不是随意设置的,而是根据防火墙类型部署确定的。其中,防火墙类型包括DMZ(demilitarized zone,军事管理区,又称为隔离区)、NAT(Network AddressTranslation,网络地址转换)和NALL(无防火墙)。In one embodiment, a collection gateway HUB is also deployed on the computer equipment in the intranet (HUB is a multi-port transponder. When the HUB is the central device, even if a certain line in the network fails, it will not affect work on other lines). Wherein, the collection gateway HUB is not set arbitrarily, but is determined according to the deployment of the firewall type. Wherein, the firewall type includes DMZ (demilitarized zone, military management zone, also known as isolation zone), NAT (Network Address Translation, network address translation) and NALL (no firewall).

外网,其中,外网中部署有二层HUB区,内网和外网开设有内外连接端口,内外连接端口为基于采集网关HUB和二层HUB区开设的,二层HUB区中的HUB和采集网关HUB包括服务端或客户端的双端模式,双端模式用于基于防火墙类型建立二层HUB区与采集网关HUB之间的连接,以实现来自内网或外网的数据信息的传输。In the external network, the second-level HUB area is deployed in the external network, and internal and external connection ports are opened on the internal network and the external network. The internal and external connection ports are based on the collection gateway HUB and the second-level HUB area. The collection gateway HUB includes the dual-end mode of the server or client. The dual-end mode is used to establish a connection between the second-layer HUB area and the collection gateway HUB based on the type of firewall, so as to realize the transmission of data information from the internal network or external network.

在一实施例中,外网中部署有二层HUB区,该二层HUB区是为了与部署在内网的采集网关HUB连接而在外网上部署的。其中,无论是内网的采集网关HUB还是二层HUB区上的HUB,均具有服务端或客户端的双端模式。本实施例中,在结合实际外网和内网之间的防火墙类型的情况下,可以灵活地设置采集网关HUB还是二层HUB区上的HUB作为服务端或者客户端。从而,采集网关HUB、二层HUB区上的HUB以服务端、客户端的形式完成连接,实现内外网的数据通信。该跨网采集的多级级联通信系统实现的数据通信与上述常见的处理方式相比,数据通信的效果更佳,且也不用过大地消耗资源,通过部署搭建出该跨网采集的多级级联通信系统可实现。In one embodiment, a layer-2 HUB area is deployed in the external network, and the layer-2 HUB area is deployed on the external network for connecting with the acquisition gateway HUB deployed in the internal network. Among them, whether it is the collection gateway HUB of the intranet or the HUB on the second-floor HUB area, both have a dual-end mode of the server or client. In this embodiment, in combination with the actual firewall type between the external network and the internal network, it is possible to flexibly set the collection gateway HUB or the HUB on the second-floor HUB area as the server or client. Thus, the collection gateway HUB and the HUB on the second-floor HUB area complete the connection in the form of server and client to realize data communication between the internal and external networks. Compared with the above-mentioned common processing methods, the data communication realized by the multi-level cascaded communication system for cross-network collection has a better effect of data communication, and it does not need to consume too much resources. Cascade communication system can be realized.

图1示出本实施例中跨网采集的多级级联通信系统的一示意图。如图1所示,该跨网采集的多级级联通信系统包括内网的子网A、子网B和子网C,以及各子网中的采集组件和采集网关HUB。采集网关HUB根据防火墙类型部署确定,具体地,采集网关HUB包括DMZ HUB、NAT HUB和NALL HUB;该跨网采集的多级级联通信系统包括内网的二层HUB区,二层HUB区中的HUB包括DMZ HUB、NAT HUB和NALL HUB,在外部网络中还包括与二层HUB区进行数据交互的采集服务,以及与采集服务进行数据交互的数据库、kafka和WEB服务等。FIG. 1 shows a schematic diagram of a multi-level cascaded communication system collected across networks in this embodiment. As shown in Figure 1, the multi-level cascade communication system for cross-network collection includes subnet A, subnet B, and subnet C of the intranet, as well as collection components and collection gateway HUBs in each subnet. The collection gateway HUB is determined according to the firewall type deployment. Specifically, the collection gateway HUB includes DMZ HUB, NAT HUB and NALL HUB; The HUBs include DMZ HUB, NAT HUB and NALL HUB, and the external network also includes the collection service for data interaction with the second-level HUB area, as well as the database, kafka and WEB services for data interaction with the collection service.

在搭建以上如图1的跨网采集的多级级联通信系统时,具体可包括如下步骤:When building the above multi-level cascade communication system for cross-network collection as shown in Figure 1, the following steps can be specifically included:

步骤1:在子网A的对外接口主机(C机器)上部署采集网关HUB,在子网A的其他主机设备上部署一个采集组件,部署子网B、子网C的方式同子网A类似。Step 1: Deploy the collection gateway HUB on the external interface host (machine C) of subnet A, deploy a collection component on other host devices in subnet A, and deploy subnet B and subnet C in a similar way to subnet A .

步骤2:开通端口,开通采集组件所在主机至子网A的采集网关HUB所在的主机的14237端口,采集组件作为客户端,子网A的采集网关HUB作为服务端,采集组件启动时会连接采集网关HUB的监听端口14237。Step 2: Open the port, open port 14237 from the host where the collection component is located to the host where the collection gateway HUB of subnet A is located, the collection component is used as the client, and the collection gateway HUB of subnet A is used as the server. When the collection component starts, it will connect to the collection The listening port of the gateway HUB is 14237.

步骤3:子网A/B/C外的网络中某台主机(D机器)上部署“二层HUB区”,该二层HUB区与子网外的采集服务、kafka等应用通讯,负责接受采集服务的命令和转发下层子网的采集网关HUB上来的采集数据。Step 3: Deploy a "layer 2 HUB area" on a certain host (machine D) in the network outside the subnet A/B/C. This layer 2 HUB area communicates with applications such as collection services and kafka outside the subnet, and is responsible for receiving Collect the command of the service and forward the collected data from the collection gateway HUB of the lower subnet.

步骤4:开通端口,子网A的C机器上HUB作为客户端,子网A外的D机器上的上层HUB作为服务端,需要开通C机器至D机器的14237端口。Step 4: Open the port. The HUB on machine C in subnet A is used as the client, and the upper-level HUB on machine D outside subnet A is used as the server. You need to open port 14237 from machine C to machine D.

步骤5:各个主机上的采集组件和采集网关HUB启动后,采集组件和子网的采集网关HUB建立连接,子网采集网关HUB和二层HUB区建立连接,二次HUB区和外网的采集服务建立连接。采集数据通过二层HUB区转发到应用程序,采集服务下发的命令也通过二层HUB区传输到具体某个组件,通过多级级联技术,跨网采集的多级级联通信系统建立完成。Step 5: After the acquisition components and the acquisition gateway HUB on each host are started, the acquisition component establishes a connection with the acquisition gateway HUB of the subnet, the subnet acquisition gateway HUB establishes a connection with the second-level HUB area, and the acquisition service between the secondary HUB area and the external network establish connection. The collected data is forwarded to the application program through the second-level HUB area, and the command issued by the collection service is also transmitted to a specific component through the second-level HUB area. Through the multi-level cascade technology, the multi-level cascade communication system for cross-network collection is established. .

进一步地,采集网关HUB,除了多级级联功能外,还具备集群支持,路由能力等。Furthermore, in addition to the multi-level cascading function, the collection gateway HUB also has cluster support and routing capabilities.

进一步地,内网中采集网关HUB与二层HUB区中的HUB的连接关系包括主动连接和被动连接。Further, the connection relationship between the acquisition gateway HUB in the intranet and the HUB in the second-floor HUB area includes active connection and passive connection.

可以理解地,当采集网关HUB作为客户端与二层HUB区中的HUB进行连接时,该连接关系为主动连接;当采集网关HUB作为服务端与二层HUB区中的HUB进行连接时,该连接关系为被动连接。Understandably, when the collection gateway HUB is used as a client to connect to the HUB in the second-layer HUB area, the connection relationship is an active connection; when the collection gateway HUB is used as a server to connect to the HUB in the second-layer HUB area, the The connection relationship is a passive connection.

该主动连接和被动连接的连接关系是根据内网和外网的防火墙类型确定的,用户可利用防火墙类型部署能够实现连接的采集网关HUB与二层HUB区。The connection relationship between the active connection and the passive connection is determined according to the firewall type of the internal network and the external network. Users can use the firewall type to deploy the collection gateway HUB and the second-layer HUB area that can realize the connection.

进一步地,当防火墙类型为DMZ时,采集网关采用DMZ HUB,并以DMZ HUB作为客户端发起连接。Further, when the firewall type is DMZ, the acquisition gateway adopts DMZ HUB, and uses DMZ HUB as the client to initiate a connection.

当防火墙类型为NAT时,采集网关采用NAT HUB,并以与NAT HUB相连的HUB作为客户端发起连接。When the firewall type is NAT, the collection gateway uses a NAT HUB, and uses the HUB connected to the NAT HUB as the client to initiate a connection.

当防火墙类型为NALL时,采集网关采用NALL HUB,并以内网的NALL HUB作为客户端发起连接。When the firewall type is NALL, the collection gateway uses NALL HUB, and uses the NALL HUB of the intranet as the client to initiate a connection.

可以理解地,防火墙类型与采用的连接策略之间的关系可如图2所示。Understandably, the relationship between the firewall type and the adopted connection policy can be shown in FIG. 2 .

对于防火墙类型为DMZ时,由DMZ里的HUB建立连接;对于防火墙类型为NAT时,由与NAT相连的HUB建立连接;为了连接管理的方便,对于防火墙类型为NALL时,由NALL的HUB建立连接,不采用双向连接。When the firewall type is DMZ, the connection is established by the HUB in the DMZ; when the firewall type is NAT, the connection is established by the HUB connected to NAT; for the convenience of connection management, when the firewall type is NALL, the connection is established by the NALL HUB , do not use bidirectional connections.

进一步地,由于防火墙限制,存在三种情况:Further, due to firewall restrictions, there are three situations:

1)子网A机器只能主动发起连接,不能接受连接;则可在该子网机器上部署DMZHUB,由DMZ HUB主动发起连接。使得内网和外网连接。1) The machine in subnet A can only actively initiate connections, but cannot accept connections; then DMZ HUB can be deployed on the subnet machines, and DMZ HUB can actively initiate connections. Make the internal network and external network connection.

该1)的通讯系统组件关系图如图3所示。The component relationship diagram of the communication system of 1) is shown in FIG. 3 .

2)子网A机器只能被动接受连接,不能主动发起连接;则可在该子网机器上部署NAT HUB,由与NAT相连的上层HUB建立连接;2) The machine in subnet A can only accept connections passively, but cannot actively initiate connections; then a NAT HUB can be deployed on the machines in this subnet, and the upper-layer HUB connected to NAT can establish a connection;

该2)的通讯系统组件关系图如图4所示。The component relationship diagram of the communication system of 2) is shown in FIG. 4 .

3)子网机器没有设置防火墙,双方均可以发起连接的情况;则可在子网机器上部署NALL HUB,由NALL的HUB建立连接,不采用双向连接;3) The subnet machine does not have a firewall, and both parties can initiate a connection; then a NALL HUB can be deployed on the subnet machine, and the NALL HUB establishes a connection instead of a two-way connection;

该3)的通讯系统组件关系图如图5所示。The component relationship diagram of the communication system of 3) is shown in FIG. 5 .

进一步地,采集网关HUB和二层HUB区中的HUB采用ANF(ANF全称为AFNetworking,是一款轻量级网络请求开源框架)网络框架为基础搭建框架,包括传输接口层、管理层和服务层,其中,传输接口层用于消息队列、负载均衡、服务端和客户端的实现。Furthermore, the collection gateway HUB and the HUB in the second-floor HUB area use the ANF (ANF full name is AFNetworking, which is a lightweight network request open source framework) network framework as the basis to build the framework, including the transmission interface layer, management layer and service layer , where the transport interface layer is used for message queue, load balancing, server and client implementation.

具体地,采集网关HUB和二层HUB区中的HUB,以ANF网络框架为基础搭建框架的HUB设计图如图6所示。Specifically, the gateway HUB and the HUBs in the second-floor HUB area are collected, and the HUB design diagram of the framework based on the ANF network framework is shown in Figure 6.

从图6可以看出,HUB从逻辑上划分为传输接口、管理、服务三层。其中,服务层负责对注册、路由更新、参数配置、心跳等消息进行处理,同时还提供自监控、版本信息上报、配置管理、日志记录等功能;管理层负责路由信息、连接信息管理和查询;传输层包含消息队列、负载均衡、服务端和客户端等的实现。As can be seen from Figure 6, the HUB is logically divided into three layers: transmission interface, management, and service. Among them, the service layer is responsible for processing registration, routing update, parameter configuration, heartbeat and other messages, and also provides functions such as self-monitoring, version information reporting, configuration management, and log recording; the management layer is responsible for routing information, connection information management and query; The transport layer includes the implementation of message queues, load balancing, servers and clients, etc.

由图6所示的HUB设计图,可利用HUB的双端模式(即可作为客户端,又可作为服务端),搭建多级级联系统。其中,多级级联系统还提供下发接口和承载消息的接收处理,同时为连接管理和路由管理等提供管理所需的信息。From the HUB design diagram shown in Figure 6, the dual-end mode of the HUB (which can be used as a client and a server) can be used to build a multi-level cascade system. Among them, the multi-level cascading system also provides the delivery interface and the receiving and processing of the bearer message, and at the same time provides information required for management such as connection management and routing management.

进一步地,外网还包括:采集服务和应用服务,其中,应用服务中的数据包括由采集服务中传输过来的数据,采集服务和应用服务应用在外网的计算机设备中。Further, the extranet also includes: collection service and application service, wherein the data in the application service includes the data transmitted from the collection service, and the collection service and application service are applied in the computer equipment of the extranet.

具体地,应用服务包括如应用调用的数据库、kafka和web等服务。Specifically, application services include services such as databases invoked by applications, kafka, and web.

图7示出本实施例中跨网采集的多级级联通信方法的一流程图。如图7所示,该跨网采集的多级级联通信方法,包括:FIG. 7 shows a flow chart of the multi-level cascade communication method for cross-network collection in this embodiment. As shown in Figure 7, the multi-level cascade communication method for cross-network collection includes:

S10:启动采集组件、采集网关HUB和二层HUB区中的HUB。S10: Start the collection component, the collection gateway HUB and the HUBs in the second-floor HUB area.

S20:在采集组件、采集网关HUB和二层HUB区中的HUB启动后,建立采集组件和采集网关HUB的连接,以及采集网关HUB和二层HUB区的连接,实现数据基于跨网采集的通信,其中,采集组件、采集网关和二层HUB区中的HUB如实施例跨网采集的多级级联通信系统中的采集组件、采集网关和二层HUB区中的HUB。S20: After the collection component, the collection gateway HUB, and the HUB in the second-floor HUB area are started, establish the connection between the collection component and the collection gateway HUB, and the connection between the collection gateway HUB and the second-floor HUB area, so as to realize data communication based on cross-network collection , wherein, the acquisition component, the acquisition gateway and the HUB in the second-layer HUB area are the acquisition components, the acquisition gateway, and the HUB in the second-layer HUB area in the multi-level cascaded communication system for cross-network acquisition in the embodiment.

可以理解地,在跨网采集的多级级联通信系统启动采集组件、采集网关HUB和二层HUB区中的HUB后,可实现跨网采集的多级级联通信方法。Understandably, after the multi-level cascade communication system for cross-network collection starts the collection component, the collection gateway HUB, and the HUB in the second-layer HUB area, the multi-level cascade communication method for cross-network collection can be realized.

在本发明实施例中,通过在内网中部署的采集组件,以及根据防火墙类型在内网中部署的采集网关HUB、在外网中部署的二层HUB区,实现数据基于跨网采集的数据通信。具体地,内网计算机设备中采集组件与采集网关HUB建立有连接关系,内网计算机设备中的数据可通过采集组件采集,并传输到采集网关HUB中,以完成内网的数据采集;采集网关HUB和二层HUB区中的HUB包括服务端或客户端的双端模式,根据该双端模式,能够让采集网关HUB、二层HUB区中的HUB作为客户端或服务端,以根据不同的防火墙类型将外网和内网通过采集网关HUB和二层HUB区建立连接,从而实现数据基于跨网采集的数据通信,本发明实施例与现有技术相比,实现的数据通信效果更佳。In the embodiment of the present invention, data communication based on cross-network collection is realized through the collection components deployed in the internal network, the collection gateway HUB deployed in the internal network according to the firewall type, and the layer-2 HUB area deployed in the external network . Specifically, the collection component in the intranet computer equipment has a connection relationship with the collection gateway HUB, and the data in the intranet computer equipment can be collected by the collection component and transmitted to the collection gateway HUB to complete the data collection of the intranet; the collection gateway HUBs and HUBs in the HUB area on the second floor include a dual-end mode of the server or client. According to the dual-end mode, the collection gateway HUB and the HUB in the HUB area on the second floor can be used as the client or server, so that according to different firewalls The type establishes a connection between the external network and the internal network through the collection gateway HUB and the second-floor HUB area, thereby realizing data communication based on cross-network collection. Compared with the prior art, the embodiment of the present invention achieves better data communication effect.

本发明实施例还提供一种由内网计算机设备执行的跨网采集的多级级联通信方法,该方法包括如下步骤:The embodiment of the present invention also provides a multi-level cascade communication method for cross-network collection performed by an intranet computer device, the method includes the following steps:

内网计算机设备启动采集网关HUB,其中,采集组件、二层HUB区中的HUB为启动状态。The intranet computer equipment starts the acquisition gateway HUB, wherein the acquisition component and the HUB in the second-floor HUB area are in the activated state.

内网计算机设备在采集网关HUB启动后,建立采集组件和采集网关HUB的连接,以及采集网关HUB和二层HUB区的连接,实现数据基于跨网采集的通信,其中,采集组件、采集网关和二层HUB区中的HUB如实施例跨网采集的多级级联通信系统中的采集组件、采集网关和二层HUB区中的HUB。After the collection gateway HUB is started, the intranet computer equipment establishes the connection between the collection component and the collection gateway HUB, as well as the connection between the collection gateway HUB and the second-floor HUB area, so as to realize the communication of data based on cross-network collection. Among them, the collection component, collection gateway and The HUBs in the second-layer HUB area are, for example, the collection components, collection gateways and HUBs in the second-layer HUB area in the multi-level cascade communication system for cross-network collection in the embodiment.

可以理解地,以内网计算机设备作为执行主体时,在内网计算机设备在采集组件、采集网关HUB启动后,可实现跨网采集的多级级联通信方法。It can be understood that when the intranet computer equipment is used as the execution subject, the intranet computer equipment can realize the multi-level cascade communication method of cross-network collection after the collection component and the collection gateway HUB are activated.

在本发明实施例中,通过在内网中部署的采集组件,以及根据防火墙类型在内网中部署的采集网关HUB、在外网中部署的二层HUB区,实现数据基于跨网采集的数据通信。具体地,内网计算机设备中采集组件与采集网关HUB建立有连接关系,内网计算机设备中的数据可通过采集组件采集,并传输到采集网关HUB中,以完成内网的数据采集;采集网关HUB和二层HUB区中的HUB包括服务端或客户端的双端模式,根据该双端模式,能够让采集网关HUB、二层HUB区中的HUB作为客户端或服务端,以根据不同的防火墙类型将外网和内网通过采集网关HUB和二层HUB区建立连接,从而实现数据基于跨网采集的数据通信,本发明实施例与现有技术相比,实现的数据通信效果更佳。In the embodiment of the present invention, data communication based on cross-network collection is realized through the collection components deployed in the internal network, the collection gateway HUB deployed in the internal network according to the firewall type, and the layer-2 HUB area deployed in the external network . Specifically, the collection component in the intranet computer equipment has a connection relationship with the collection gateway HUB, and the data in the intranet computer equipment can be collected by the collection component and transmitted to the collection gateway HUB to complete the data collection of the intranet; the collection gateway HUBs and HUBs in the HUB area on the second floor include a dual-end mode of the server or client. According to the dual-end mode, the collection gateway HUB and the HUB in the HUB area on the second floor can be used as the client or server, so that according to different firewalls The type establishes a connection between the external network and the internal network through the collection gateway HUB and the second-floor HUB area, thereby realizing data communication based on cross-network collection. Compared with the prior art, the embodiment of the present invention achieves better data communication effect.

本发明实施例还提供一种由外网计算机设备执行的跨网采集的多级级联通信方法,该方法包括如下步骤:The embodiment of the present invention also provides a multi-level cascade communication method for cross-network collection performed by an external network computer device, the method includes the following steps:

启动二层HUB区中的HUB,其中,采集组件、采集网关HUB为启动状态,采集组件和采集网关HUB为连接建立状态。Start the HUB in the HUB area on the second floor, where the collection component and the collection gateway HUB are in the startup state, and the collection component and the collection gateway HUB are in the connection establishment state.

在二层HUB区中的HUB启动后,建立采集网关HUB和二层HUB区的连接,实现数据基于跨网采集的通信,其中,采集组件、采集网关和二层HUB区中的HUB如实施例跨网采集的多级级联通信系统中的采集组件、采集网关和二层HUB区中的HUB。After the HUB in the second-layer HUB area is started, the connection between the collection gateway HUB and the second-layer HUB area is established to realize data communication based on cross-network collection. Collection components, collection gateways and HUBs in the second-floor HUB area in the multi-level cascade communication system for cross-network collection.

可以理解地,以外网计算机设备作为执行主体时,在启动二层HUB区中的HUB后,可实现跨网采集的多级级联通信方法。It can be understood that when the external network computer equipment is used as the execution subject, the multi-level cascade communication method of cross-network collection can be realized after the HUB in the second-floor HUB area is activated.

在本发明实施例中,通过在内网中部署的采集组件,以及根据防火墙类型在内网中部署的采集网关HUB、在外网中部署的二层HUB区,实现数据基于跨网采集的数据通信。具体地,内网计算机设备中采集组件与采集网关HUB建立有连接关系,内网计算机设备中的数据可通过采集组件采集,并传输到采集网关HUB中,以完成内网的数据采集;采集网关HUB和二层HUB区中的HUB包括服务端或客户端的双端模式,根据该双端模式,能够让采集网关HUB、二层HUB区中的HUB作为客户端或服务端,以根据不同的防火墙类型将外网和内网通过采集网关HUB和二层HUB区建立连接,从而实现数据基于跨网采集的数据通信,本发明实施例与现有技术相比,实现的数据通信效果更佳。In the embodiment of the present invention, data communication based on cross-network collection is realized through the collection components deployed in the internal network, the collection gateway HUB deployed in the internal network according to the firewall type, and the layer-2 HUB area deployed in the external network . Specifically, the collection component in the intranet computer equipment has a connection relationship with the collection gateway HUB, and the data in the intranet computer equipment can be collected by the collection component and transmitted to the collection gateway HUB to complete the data collection of the intranet; the collection gateway HUBs and HUBs in the HUB area on the second floor include a dual-end mode of the server or client. According to the dual-end mode, the collection gateway HUB and the HUB in the HUB area on the second floor can be used as the client or server, so that according to different firewalls The type establishes a connection between the external network and the internal network through the collection gateway HUB and the second-floor HUB area, thereby realizing data communication based on cross-network collection. Compared with the prior art, the embodiment of the present invention achieves better data communication effect.

应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。It should be understood that the sequence numbers of the steps in the above embodiments do not mean the order of execution, and the execution order of each process should be determined by its functions and internal logic, and should not constitute any limitation to the implementation process of the embodiment of the present invention.

本实施例提供一计算机可读存储介质,该计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现实施例中由内网计算机设备执行的跨网采集的多级级联通信方法,为避免重复,此处不一一赘述。或者,该计算机程序被处理器执行时实现实施例中由外网计算机设备执行的跨网采集的多级级联通信方法,为避免重复,此处不一一赘述。This embodiment provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the multi-level cascading of cross-network acquisition performed by an intranet computer device in the embodiment is realized In order to avoid repetition, the communication methods are not described here one by one. Alternatively, when the computer program is executed by the processor, it implements the multi-level cascading communication method of cross-network collection performed by the external network computer equipment in the embodiment. To avoid repetition, details are not repeated here.

图8是本发明一实施例提供的计算机设备的示意图。如图8所示,该实施例的计算机设备80包括:处理器81、存储器82以及存储在存储器82中并可在处理器81上运行的计算机程序83,该计算机程序83被处理器81执行时实现实施例中由内网计算机设备执行的跨网采集的多级级联通信方法,为避免重复,此处不一一赘述。或者,该计算机程序83被处理器81执行时实现实施例中由外网计算机设备执行的跨网采集的多级级联通信方法,为避免重复,此处不一一赘述。Fig. 8 is a schematic diagram of a computer device provided by an embodiment of the present invention. As shown in Figure 8, the computer device 80 of this embodiment includes: a processor 81, a memory 82, and a computer program 83 stored in the memory 82 and operable on the processor 81, when the computer program 83 is executed by the processor 81 In order to avoid repetition, the implementation of the multi-level cascading communication method for cross-network collection performed by the intranet computer equipment in the embodiment will not be repeated here. Alternatively, when the computer program 83 is executed by the processor 81, it implements the multi-level cascading communication method of cross-network collection performed by the external network computer equipment in the embodiment. To avoid repetition, details are not repeated here.

计算机设备80可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。计算机设备80可包括,但不仅限于,处理器81、存储器82。本领域技术人员可以理解,图8仅仅是计算机设备80的示例,并不构成对计算机设备80的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如计算机设备还可以包括输入输出设备、网络接入设备、总线等。The computer device 80 may be a computing device such as a desktop computer, a notebook, a palmtop computer, or a cloud server. The computer device 80 may include, but not limited to, a processor 81 and a memory 82 . Those skilled in the art can understand that FIG. 8 is only an example of a computer device 80, and does not constitute a limitation to the computer device 80. It may include more or less components than those shown in the illustration, or combine certain components, or different components. , for example, computer equipment may also include input and output devices, network access devices, buses, and so on.

所称处理器81可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor 81 may be a central processing unit (Central Processing Unit, CPU), and may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

存储器82可以是计算机设备80的内部存储单元,例如计算机设备80的硬盘或内存。存储器82也可以是计算机设备80的外部存储设备,例如计算机设备80上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器82还可以既包括计算机设备80的内部存储单元也包括外部存储设备。存储器82用于存储计算机程序以及计算机设备所需的其他程序和数据。存储器82还可以用于暂时地存储已经输出或者将要输出的数据。The storage 82 may be an internal storage unit of the computer device 80 , such as a hard disk or a memory of the computer device 80 . The memory 82 can also be an external storage device of the computer device 80, such as a plug-in hard disk equipped on the computer device 80, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, a flash memory card (Flash Card) and so on. Further, the memory 82 may also include both an internal storage unit of the computer device 80 and an external storage device. The memory 82 is used to store computer programs and other programs and data required by the computer equipment. The memory 82 can also be used to temporarily store data that has been output or will be output.

所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。Those skilled in the art can clearly understand that for the convenience and brevity of description, only the division of the above-mentioned functional units and modules is used for illustration. In practical applications, the above-mentioned functions can be assigned to different functional units, Completion of modules means that the internal structure of the device is divided into different functional units or modules to complete all or part of the functions described above.

以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围,均应包含在本发明的保护范围之内。The above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be described in the foregoing embodiments Modifications to the technical solutions recorded, or equivalent replacements for some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of each embodiment of the present invention, and should be included in the scope of the present invention. within the scope of protection.

Claims (9)

1. A multi-level cascaded communication system for cross-network acquisition, the system comprising:
the system comprises an intranet, a collection assembly and a collection gateway HUB, wherein the intranet is provided with the collection assembly and the collection gateway HUB which are arranged according to the type of a firewall, and the collection assembly and the collection gateway HUB are provided with internal connection ports;
the system comprises an outer net, wherein a two-layer HUB area is deployed in the outer net, an inner connection port and an outer connection port are formed in the inner net and the outer net, the inner connection port and the outer connection port are formed on the basis of an acquisition gateway HUB and the two-layer HUB area, the HUB in the two-layer HUB area and the acquisition gateway HUB comprise a double-end mode of a server or a client, and the double-end mode is used for establishing connection between the two-layer HUB area and the acquisition gateway HUB on the basis of the firewall type so as to realize transmission of data information from the inner net or the outer net;
when the firewall type is DMZ, the acquisition gateway adopts a DMZ HUB, and initiates connection by taking the DMZ HUB as a client;
when the firewall type is NAT, the acquisition gateway adopts an NAT HUB, and initiates connection by taking the HUB connected with the NAT HUB as a client;
and when the firewall type is NALL, the acquisition gateway adopts NALL HUB, and initiates connection by taking the NALL HUB of the intranet as a client.
2. A system according to claim 1, wherein the acquisition gateway HUB comprises a DMZ HUB, a NAT HUB and a NALL HUB, the HUBs in the two-layer HUB zone comprise a DMZ HUB, a NAT HUB and a NALL HUB, and the connection relationship of the acquisition gateway HUB in the intranet to the HUBs in the two-layer HUB zone comprises an active connection and a passive connection.
3. The system according to claim 1, wherein the acquisition gateway HUB and the HUB in the two-layer HUB zone build a framework based on an ANF network framework, comprising a transport interface layer, a management layer, and a service layer, wherein the transport interface layer is used for implementation of message queues, load balancing, and servers and clients.
4. The system of any of claims 1-3, wherein the outer net further comprises: the system comprises a collection service and an application service, wherein data in the application service comprises data transmitted by the collection service, and the collection service and the application service are applied to computer equipment of an external network.
5. A multi-stage cascade communication method for cross-network collection is characterized by comprising the following steps:
starting an acquisition component, an acquisition gateway HUB and a HUB in a second-layer HUB area;
after the collection component, gather gateway HUB with HUB in two layers of HUB districts starts, establish gather the component with gather gateway HUB's connection, and gather gateway HUB with the connection in two layers of HUB districts, realize that data is based on the communication of cross-network collection, wherein, gather the component, gather the gateway with HUB in two layers of HUB districts is as claim 1 gather the component in the multistage cascade communication system of cross-network collection, gather the gateway and the HUB in two layers of HUB districts.
6. A multi-level cascade communication method for cross-network acquisition is characterized by comprising the following steps executed by an intranet computer device:
starting an acquisition gateway HUB, wherein the acquisition component and the HUB in the second-layer HUB area are in a starting state;
after the acquisition gateway HUB is started, establishing the connection between the acquisition component and the acquisition gateway HUB, and the connection between the acquisition gateway HUB and the two-layer HUB area, so as to realize the communication of data based on cross-network acquisition, wherein the acquisition component, the acquisition gateway and the HUB in the two-layer HUB area are as the acquisition component, the acquisition gateway and the HUB in the two-layer HUB area in the cross-network acquisition multistage cascade communication system according to claim 1.
7. A multi-stage cascade communication method for cross-network collection is characterized by comprising the following steps executed by an external network computer device:
starting a HUB in a two-layer HUB area, wherein an acquisition assembly and an acquisition gateway HUB are in a starting state, and the acquisition assembly and the acquisition gateway HUB are in a connection establishment state;
after the HUB in the two-layer HUB region is started, establishing the connection between the acquisition gateway HUB and the two-layer HUB region, and realizing the communication of data based on cross-network acquisition, wherein the acquisition component, the acquisition gateway and the HUB in the two-layer HUB region are the acquisition component, the acquisition gateway and the HUB in the two-layer HUB region in the multi-level cascade communication system for cross-network acquisition according to claim 1.
8. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of the multi-stage cascaded communication method for cross-network acquisition as recited in claim 6, or wherein the processor when executing the computer program implements the steps of the multi-stage cascaded communication method for cross-network acquisition as recited in claim 7.
9. A computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the multi-stage cascade communication method for cross-network acquisition according to claim 6, or which computer program, when being executed by a processor, carries out the steps of the multi-stage cascade communication method for cross-network acquisition according to claim 7.
CN202010210074.3A 2020-03-23 2020-03-23 Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition Active CN113438197B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010210074.3A CN113438197B (en) 2020-03-23 2020-03-23 Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010210074.3A CN113438197B (en) 2020-03-23 2020-03-23 Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition

Publications (2)

Publication Number Publication Date
CN113438197A CN113438197A (en) 2021-09-24
CN113438197B true CN113438197B (en) 2022-11-01

Family

ID=77752733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010210074.3A Active CN113438197B (en) 2020-03-23 2020-03-23 Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition

Country Status (1)

Country Link
CN (1) CN113438197B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002325144A (en) * 2001-04-25 2002-11-08 Furukawa Electric Co Ltd:The Information collection system
CN202424768U (en) * 2011-11-04 2012-09-05 杭州德道网络技术有限公司 Network safety isolator
US9460286B1 (en) * 2013-12-19 2016-10-04 Amdocs Software Systems Limited System, method, and computer program for managing security in a network function virtualization (NFV) based communication network
CN106603659A (en) * 2016-12-13 2017-04-26 南京邮电大学 Intelligent manufacturing special network data acquisition scheduling system
CN110708338A (en) * 2019-11-05 2020-01-17 江苏税软软件科技有限公司 Internal and external network data interaction system and method based on three-layer network architecture

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050091394A1 (en) * 2003-10-27 2005-04-28 Schneider Automation Inc. Software configurable dual cable redundant Ethernet or bus configuration
US9998320B2 (en) * 2014-04-03 2018-06-12 Centurylink Intellectual Property Llc Customer environment network functions virtualization (NFV)

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002325144A (en) * 2001-04-25 2002-11-08 Furukawa Electric Co Ltd:The Information collection system
CN202424768U (en) * 2011-11-04 2012-09-05 杭州德道网络技术有限公司 Network safety isolator
US9460286B1 (en) * 2013-12-19 2016-10-04 Amdocs Software Systems Limited System, method, and computer program for managing security in a network function virtualization (NFV) based communication network
CN106603659A (en) * 2016-12-13 2017-04-26 南京邮电大学 Intelligent manufacturing special network data acquisition scheduling system
CN110708338A (en) * 2019-11-05 2020-01-17 江苏税软软件科技有限公司 Internal and external network data interaction system and method based on three-layer network architecture

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
企业网络信息平台运行安全监控系统的设计与实现;侯鑫美;《工程硕士学位论文》;20181026;全文 *

Also Published As

Publication number Publication date
CN113438197A (en) 2021-09-24

Similar Documents

Publication Publication Date Title
US11573840B2 (en) Monitoring and optimizing interhost network traffic
US11706102B2 (en) Dynamically deployable self configuring distributed network management system
Sosinsky Networking bible
CN110710168A (en) Intelligent thread management across isolated network stacks
US7136907B1 (en) Method and system for informing an operating system in a system area network when a new device is connected
US11601360B2 (en) Automated link aggregation group configuration system
JP2006510976A5 (en)
US10334039B2 (en) Network device clusters
US10855538B2 (en) Single management connection automatic device stack configuration system
US11095479B2 (en) VXLAN multi-tenant inter-networking device packet forwarding system
US20080205376A1 (en) Redundant router having load sharing functionality
WO2022028092A1 (en) Vnf instantiation method and apparatus
US20150304167A1 (en) Accelerating device, connection and service discovery
CN113612813B (en) Distributed cross-network access method, device, system and storage medium
CN115604160B (en) Network detection processing method and device, electronic equipment and storage medium
US10148516B2 (en) Inter-networking device link provisioning system
CN113438197B (en) Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition
US10587673B2 (en) Decoupling network connections from an application while the application is temporarily down
WO2024207752A1 (en) Load balancing method and apparatus, device and nonvolatile readable storage medium
WO2022222553A1 (en) Inter-container communication method and related product
EP4145795A1 (en) Runtime extensible application programming interface server
WO2022089291A1 (en) Data stream mirroring method and device
US20210184987A1 (en) Automatic aggregated networking device backup link configuration system
US20240267332A1 (en) Dpu control/management offload system
TW201526588A (en) Methods and systems to split equipment control between local and remote processing units

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant