CN114025009B - Method, system, proxy server and device for forwarding request - Google Patents
Method, system, proxy server and device for forwarding request Download PDFInfo
- Publication number
- CN114025009B CN114025009B CN202111221514.6A CN202111221514A CN114025009B CN 114025009 B CN114025009 B CN 114025009B CN 202111221514 A CN202111221514 A CN 202111221514A CN 114025009 B CN114025009 B CN 114025009B
- Authority
- CN
- China
- Prior art keywords
- target
- machine
- proxy server
- virtual
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000004891 communication Methods 0.000 abstract description 18
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 29
- 238000005129 volume perturbation calorimetry Methods 0.000 description 29
- 238000013507 mapping Methods 0.000 description 23
- 238000010586 diagram Methods 0.000 description 9
- 230000003068 static effect Effects 0.000 description 9
- 230000003993 interaction Effects 0.000 description 8
- 238000012423 maintenance Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013499 data model Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure discloses a method, system, proxy server and apparatus for forwarding requests. The method is applied to a proxy server, wherein the proxy server is a proxy server based on a SOCKS protocol, the proxy server is in communication connection with a source machine in a source network and a target machine in a first target network, and the first target network is a target network to which the target machine in a plurality of target networks belongs, and the method comprises the following steps: establishing SOCKS connection with the source machine; receiving a virtual target address of the target machine from the source machine, the virtual target address being indicative of an identity of the first target network and an actual target address of the target machine; determining an actual target address of the target machine according to the virtual target address; forwarding the request of the source machine to the target machine.
Description
Technical Field
The present disclosure relates to the field of network communications technologies, and in particular, to a method, a system, a proxy server, and an apparatus for forwarding a request.
Background
In the prior art, when a proxy server forwards a request of a source machine to a target machine, a configuration scheme based on port static mapping is adopted to configure a port monitored by the proxy server and corresponding actual target address information in a system file of the proxy server. Because of the limited number of ports, the configuration scheme based on static mapping of ports is not suitable for a scenario with large machine scale in the network.
Secondly, the configuration scheme based on the port static mapping is applied to the scene of the single target network. However, in some scenarios, the proxy server communicates with multiple target networks simultaneously, and needs to find the corresponding target machine from the multiple target networks for communication or data interaction. In this case, how the proxy server addresses, according to the request of the source machine, the target machine in the corresponding target network among the plurality of target networks is a problem to be solved.
Disclosure of Invention
In view of this, the embodiments of the present disclosure provide a method, a system, a proxy server and a device for forwarding a request, which can be suitable for a scenario with a large machine scale in a network and a scenario of a multi-target network.
In a first aspect, a method for forwarding a request is provided, where the method is applied to a proxy server, where the proxy server is a proxy server based on a SOCKS protocol, and the proxy server is communicatively connected to a source machine in a source network and a target machine in a first target network, where the first target network is a target network to which the target machine in a plurality of target networks belongs, and the method includes: establishing SOCKS connection with the source machine; receiving a virtual target address of the target machine from the source machine, the virtual target address being indicative of an identity of the first target network and an actual target address of the target machine; determining an actual target address of the target machine according to the virtual target address; forwarding the request of the source machine to the target machine.
In a second aspect, a system for forwarding a request is provided, where the system for forwarding a request includes a proxy server, a source machine, and a target machine, where the proxy server is a proxy server based on a SOCKS protocol, the proxy server is in communication connection with the source machine in a source network and the target machine in a first target network, the first target network is a target network to which the target machine in a plurality of target networks belongs, the source machine is configured to establish a SOCKS connection with the proxy server, and send a virtual target address of the target machine to the proxy server, where the virtual target address is used to indicate an identification of the first target network and an actual target address of the target machine; the proxy server is configured to determine an actual target address of the target machine according to the virtual target address, and forward a request of the source machine to the target machine.
In a third aspect, a proxy server is provided, where the proxy server is a proxy server based on a SOCKS protocol, the proxy server is communicatively connected with a source machine in a source network and a target machine in a first target network, and the first target network is a target network to which the target machine in a plurality of target networks belongs, and the proxy server includes: a connection unit configured to establish a SOCKS connection with the source machine; a receiving unit configured to receive a virtual target address of the target machine from the source machine, the virtual target address being used to indicate an identity of the first target network and an actual target address of the target machine; a determining unit configured to determine an actual target address of the target machine from the virtual target address; and a forwarding unit configured to forward the request of the source machine to the target machine.
In a fourth aspect, there is provided an apparatus for forwarding a request, comprising a memory having executable code stored therein and a processor configured to execute the executable code to implement the method of the first aspect.
In a fifth aspect, there is provided a computer readable storage medium having stored thereon executable code which when executed is capable of carrying out the method according to the first aspect.
In a sixth aspect, a computer program product is provided comprising executable code which, when executed, is capable of implementing the method according to the first aspect.
The embodiment of the disclosure provides a method for forwarding a request, which can determine an actual target address of a target machine according to a virtual target address sent by a source machine and forward the request. The technical scheme disclosed by the invention is used for forwarding the request based on the virtual target address, and can be suitable for a scene with a large machine scale in a network. When the proxy server is simultaneously communicated with a plurality of target networks, the virtual target address can indicate the target network where the target machine is located and the actual target address of the target machine, so that the proxy server can address the target machine in the corresponding target network in the plurality of target networks.
Drawings
Fig. 1 is an exemplary diagram of a system architecture provided by an embodiment of the present disclosure.
Fig. 2 is an exemplary diagram of a system architecture provided by another embodiment of the present disclosure.
Fig. 3 is a flowchart of a method for forwarding a request according to an embodiment of the present disclosure.
Fig. 4 is a flowchart of a method for forwarding a request according to another embodiment of the present disclosure.
Fig. 5 is a schematic flow chart of generating a virtual target address according to an embodiment of the disclosure.
Fig. 6 is a schematic structural diagram of a proxy server according to an embodiment of the present disclosure.
Fig. 7 is a schematic structural diagram of a network device according to an embodiment of the present disclosure.
Fig. 8 is a schematic structural diagram of an apparatus for forwarding a request according to an embodiment of the present disclosure.
Detailed Description
The following description of the technical solutions in the embodiments of the present disclosure will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, not all embodiments.
As network technology evolves, people can acquire more resources and information from the network. However, because there are some security risks in the shared network resources (e.g., a user accessing a website, the website may return virus information at the same time when the information is returned); alternatively, in an enterprise lan, control over websites accessible to source machines in the lan is required, and a proxy server (proxy server) is required for communication. In other words, the proxy server is a transfer station of network resources that can be proxied to obtain network resources.
Fig. 1 is an exemplary diagram of a system architecture for forwarding requests provided by an embodiment of the present disclosure. As shown in fig. 1, the system 100 may include a source machine 110, a target machine 120, and a proxy server 130. Source machine 110 may communicate and data interact with target machine 120 through proxy server 130.
Source machine 110 may also be referred to as a client. Source machine 110 may request access to target machine 120, such as to request access to data of target machine 120, through proxy server 130. Source machine 110 may be, for example, a server or other type of computer. For example, the source machine 110 may be a cell phone, a personal computer, a notebook computer, a tablet computer, or the like.
Target machine 120 may refer to the actual machine that source machine 110 needs to access. When source machine 110 requests access to data of target machine 120 through proxy server 130, target machine 120 may forward the data requested by source machine 110 to source machine 110 through proxy server 130. The target machine 120 may be a server or other electronic device with computing capabilities.
Source machine 110 is located in a different network than target machine 120. For example, source machine 110 may be located in a source network and target machine 120 may be located in a target network. The present disclosure is not particularly limited as to the type of source network and target network, for example, both source network and target network may be local area networks, with source machine 110 and target machine 120 located in different local area networks. In some embodiments, the source network and the target network may refer to different virtual private clouds (virtual private cloud, VPC). For example, in the context of cloud computing, source machine 110 and target machine 120 may be located in different VPCs.
VPC may refer to a network or virtual network independent of public networks, e.g., VPC may refer to private clouds, or may refer to custom logically isolated network spaces in public clouds. In a VPC, a user may customize the layout and management of machines in the VPC, e.g., the user may customize the network segment partitioning, IP addresses, routing policies, etc. of machines in the VPC.
Typically, machines within the same VPC may communicate or interact with each other, while machines located between different VPCs may not be able to communicate and interact with each other directly. As an implementation, the machines between different VPCs may communicate and exchange data by way of dedicated line connections, such as setting up dedicated physical lines between the different VPCs. As another implementation, machines between different VPCs may communicate and interact data through proxy servers.
Proxy server 130 may be used to forward requests from source machine 110 or to forward data from target machine 120 to source machine 110. Proxy server 130 may be communicatively coupled to source machine 110 and destination machine 120 via a network. Proxy server 130 may be located in the same network as source machine 110 or target machine 120. For example, proxy server 130 may be located in a source network with source machine 110.
The proxy server 130 may perform network communication or data forwarding based on different proxy protocols. For example, the proxy server 130 may be based on the HTTP/HTTPs proxy protocol, and the corresponding proxy server 130 may be referred to as an HTTP/HTTPs proxy server; alternatively, the proxy server 130 may be based on a SOCKS proxy protocol, and the corresponding proxy server 130 may be referred to as a SOCKS proxy server.
In some embodiments, proxy server 130 may establish a SOCKS connection with source machine 110 using a SOCKS proxy protocol. The proxy server based on SOCKS proxy protocol operates in the session layer of the open system interconnection communication (open system interconnection, OSI) reference model, and can ensure that client/server applications in the transmission control protocol (transmission control protocol, TCP) and user datagram protocol (user datagram protocol, UDP) domains can use the network firewall more conveniently and securely.
The proxy server based on the SOCKS proxy protocol comprises a SOCKS4 proxy server and a SOCKS5 proxy server. The SOCKS4 proxy server only supports the TCP protocol, while the SOCKS5 proxy server can support both the TCP protocol and the UDP protocol. In addition, the SOCKS5 proxy server can also support an identity verification mechanism, server-side domain name resolution and the like.
The proxy server based on the SOCKS proxy protocol has the capability of supporting the source machine to transmit the target address and the fixed port in the proxy process. In addition, the proxy server based on the SOCKS proxy protocol simply transfers the data packet without concern of what application layer protocol is, and the main application protocol HTTP, mySQL, SSH protocol and the like can support the proxy server based on the SOCKS proxy protocol at present. Therefore, the proxy server based on the SOCKS proxy protocol is more flexible and universal to use and has wider application scenes.
In the related art, when the source machine 110 and the target machine 120 use the proxy server 130 to perform communication or data interaction, a configuration scheme based on a static mapping of ports is adopted to configure the ports monitored by the proxy server 130 and the actual target address information of the corresponding target machine 120 in the system file of the proxy server 130. For example, source machine 110 and target machine 120 may communicate or interact with data based on a reverse proxy server such as Nginx, ngrok, etc.
Specifically, when the reverse proxy server is adopted for communication or data interaction, the configuration proxy server needs to be manually designated to monitor a certain port, and a request received from the port is forwarded to a corresponding target address. For example, when source machine 110 requests access to target machine 120 based on an Ngrok proxy server, the user manually configures the following information in the Ngrok proxy server in advance: "8000>192.168.1.4:80", the ngook proxy server forwards the request heard from 8000 ports to 80 ports of the target machine 192.168.1.4.
When the configuration scheme based on the port static mapping is adopted to carry out communication or data interaction between the source machine and the target machine, the monitored port and the corresponding actual target address information of the target machine are configured in the system file of the proxy server, so that the proxy server needs to be restarted after the configuration information is modified each time to enable the configuration to be effective. In addition, if the source machine only temporarily accesses one target machine, the user is required to manually close the monitored port and the configuration information of the actual target address of the temporarily accessed target machine after the access is finished, otherwise network port resources are wasted. Or when a target machine is newly added in the target network, a new configuration item is required to enable the source machine to communicate or interact data with the newly added target machine.
The theoretical range of port numbers is from 0 to 65535, i.e. the number of ports of the proxy server is limited. When a configuration scheme based on port static mapping is adopted to conduct communication or data interaction between a source machine and a target machine, the number of the target machines which can be proxied by the scheme is limited due to the limited number of ports. That is, when the machine scale in the target network is large, the configuration scheme based on the port static mapping is not applicable.
The existing configuration schemes based on the port static mapping are all applied to the scene of a single target network, namely, after receiving a request of a source machine, a proxy server searches a corresponding target machine from the single target network and performs communication or data interaction. However, in some embodiments, the proxy server needs to communicate with multiple target networks simultaneously, and seek corresponding target machines from multiple target networks for communication or data interaction.
For example, in a cloud computing scenario, a cloud vendor may sell on the cloud, provide services for cloud users, etc. through a cloud database. Cloud vendors can deploy and provide a sleeve-controlled operation and maintenance service system in a source network (source VPC) to facilitate unified security management for cloud users. Cloud users can create their own database clusters based on the managed operation and maintenance service system, wherein the database clusters created by different cloud users are located in different target networks (target VPCs). The source machine in the management and control operation service system can be simultaneously communicated to the target VPCs where the database clusters are located through the proxy server.
Under the situation, when a source machine in the management and control operation and maintenance service system needs to communicate or interact data with a certain target machine, if an existing configuration scheme based on port static mapping is adopted, a plurality of proxy servers need to be set to communicate the management and control operation and maintenance service system with each target VPC respectively, so that the operation and maintenance cost of the whole system is high. For example, when the management operation and maintenance service system communicates 3 independent target VPCs at the same time, 3 proxy servers need to be set.
To save costs, as shown in fig. 2, one proxy server may be provided to communicate with multiple target networks (e.g., multiple target VPCs) at the same time, e.g., in fig. 2, the proxy server may communicate with target VPC1, target VPC2, and target VPC3 at the same time, and communication and data interaction between the source machine and the target machines in different target VPCs may be performed through one proxy server.
As described above, in different VPCs, the user may customize the network segment division, IP address, routing policy, etc. of the machines in the VPC, so that in different VPCs, machines with the same IP address may exist (e.g., there is a duplicate portion of the IP address end in VPC1 and VPC2, resulting in machines with an IP address 192.168.0.9 in both VPC1 and VPC 2). In this case, how to address a target machine in a corresponding VPC network in a plurality of target VPCs according to a request of a source machine after the proxy server receives the request of the source machine is also a problem to be solved.
In order to solve the above-mentioned problems, an embodiment of the present disclosure provides a method for forwarding a request, which can determine an actual target address of a target machine according to a virtual target address sent by a source machine and forward the request. The technical scheme disclosed by the invention is used for forwarding the request based on the virtual target address, and can be suitable for a scene with a large machine scale in a network. When the proxy server is simultaneously communicated with a plurality of target networks, the virtual target address can indicate the target network where the target machine is located and the actual target address of the target machine, so that the proxy server can address the target machine in the corresponding target network in the plurality of target networks.
The method for forwarding a request provided by the embodiment of the present disclosure is described in detail below with reference to fig. 3. The method shown in fig. 3 can be applied to the system architecture shown in fig. 1 and 2.
In the embodiment of the present disclosure, the proxy server may be a proxy server based on the SOCKS protocol. The proxy server is communicatively coupled to the source machine in the source network and the target machine in the first target network. In the scenario of multiple target networks, the first target network may refer to a target network in which the target machine is located, in other words, the first target network may refer to a target network to which the target machine in the multiple target networks belongs.
In step 310, the source machine establishes a SOCKS connection with the proxy server.
In some embodiments, the proxy server may be a proxy server based on the SOCKS protocol, such that the proxy server may support the source machine to pass the target address and the fixed port during proxy.
The source machine may establish a SOCKS connection with the proxy server. Specifically, as one implementation, as shown in fig. 4, the source machine may send a SOCKS connection request to the proxy server. Taking the HTTP protocol as an example at the application layer, the source machine may initiate an HTTP request "Curl- -locks 5 192.168.0.5:1080http:// [: 2]:8080/hello" at the application layer via a Curl tool. In this request, the source machine requests that a SOCKS5 connection be established with a proxy server having an IP address of 192.168.0.5:1080.
After receiving the connection request of the source machine, the proxy server can complete connection with the source machine based on the SOCKS protocol (or completes handshake and authentication of the SOCKS protocol). After the source machine and the proxy server establish the SOCKS connection, the source machine may continue to send the virtual target address to the proxy server, which determines the actual target address of the target machine based on the virtual target address, and forwards the request of the source machine to the target machine.
At step 320, the source machine sends the virtual target address of the target machine to the proxy server.
The virtual target address may be used to indicate an identity of the first target network and a real target address of the target machine. The form of the virtual target address is not particularly limited by the present disclosure. In some embodiments, the virtual target address may be a virtual host name (or, alternatively, a virtual domain name). For example, the virtual target address may be expressed as "vpc1-machine2". In some embodiments, the virtual target address may be a virtual IP address. For example, the virtual target address may be an IPV4 address or an IPV6 address. In some embodiments, the virtual destination address may also include a virtual port number, i.e., the virtual destination address may be a combination of a virtual host name and a virtual port number, or may be a combination of a virtual IP address and a virtual port number. For example, when the virtual target address is a combination of a virtual host name and a virtual port number, the virtual target address may be expressed as "vpc1-machine2:8080"; when the virtual destination address is a combination of a virtual IP address and a virtual port number, the virtual destination address may be expressed as "[: 2]:8080".
The virtual target address can represent an unlimited address range, unlike the port mapping mode, so that the virtual target address mapping mode can be suitable for a scene with a larger machine scale under a target network.
The virtual target address may be used to map the actual target address of the target machine. In some embodiments, when the proxy server is simultaneously in communication with multiple target networks, the virtual target address may be used to map the actual target address of a target machine within a target network. In other words, when the proxy server communicates with a plurality of target networks simultaneously, the target network in which the target machine is located may refer to a first target network of the plurality of target networks communicatively connected to the proxy server. When the target machine is located in a first target network of the plurality of target networks, the virtual target address may be used to map an identification of the first target network with an actual target address of the target machine located in the first target network. For example, in the system architecture shown in FIG. 2, a virtual target address [: 2]:8080 may be used to map target machines located in VPC1, with addresses 10.22.12.11:8080.
In some embodiments, when the target network in which the target machine is located is a first target network of a plurality of target networks communicatively coupled to the proxy server, the proxy server may further determine an identification of the first target network based on the virtual target address. For example, the target machine is determined to be located in VPC1 based on the virtual target address.
The generation manner of the virtual target address is not particularly limited in the present disclosure. As one implementation, the source machine may determine, based on the actual target address of the target machine, the virtual target address corresponding to the target machine by querying pre-recorded configuration information.
The pre-recorded configuration information may be used to store a mapping of virtual target addresses and real target addresses. As one implementation, the pre-recorded configuration information may be configured in a database. The present disclosure does not limit the type of storage of the database. For example, the database may be a relational database, such as MySQL, oracle, etc.; alternatively, the database may be a non-relational (NoSql) database, such as Redis, memcassette, etc.
The present disclosure does not specifically limit the structure of the data model in the configuration information, as long as the structure of the data model can express the mapping relationship between the virtual target address and the actual target address. As one example, the data model in the configuration information may be designed as the structure shown in table 1.
TABLE 1
| Virtual target address | Actual target address | Identification of target network |
| [::2]:8080 | 10.22.12.11:8080 | VPC1 |
| [::1]:8000 | 198.168.0.0:80 | VPC2 |
As shown in Table 1, assuming that the source machine wants to communicate or interact data with a target machine located in VPC1 and having an actual target address of 10.22.12.11:8080, the source machine can query the target machine for a virtual target address of [: 2]:8080, based on the configuration information in Table 1.
As another implementation manner, the source machine may calculate, by using a preset algorithm, a virtual target address corresponding to the target machine based on an actual target address of the target machine. Fig. 5 is a flowchart illustrating a process of calculating a virtual target address by using a preset algorithm according to an embodiment of the present disclosure.
As shown in fig. 5, in steps 510 to 520, the actual destination address of the destination machine is obtained, and if the actual destination address is a combination of the IP address and the port number, the IP address and the port number are separated.
Taking the example that the target machine is located in the VPC1 and the actual target address of the target machine is 10.22.12.11:8080 as an implementation manner, the IP address and the port number of the target machine can be separated according to a separator between the IP address and the port number. For example, the IP address and port number of the actual destination address 10.22.12.11:8080 of the destination machine are separated according to the separator, and then can be expressed as: 10.22.12.11 and 8080.
At step 530, the IP address of the target machine is converted to a numeric type. For example, it may be converted to integer values, such as 32-bit integer values, etc.
The manner in which the IP address is converted to a numeric type is not particularly limited by the present disclosure. For example, each segment of an IP address may be considered as an integer between 0-255, split into values in binary form and combined, and then convert the binary into a decimal long integer (e.g., 32 is an integer). The following description will take an IP address 10.22.12.11 as an example.
As shown in table 2, the IP address 10.22.12.11 is divided into four segments, wherein the first segment is 10, the second segment is 22, the third segment is 12, and the fourth segment is 11. The values after splitting the four segments into binary forms are shown in table 2, the first segment 10 is split into binary numbers to be 00001010, the second segment 22 is split into binary numbers to be 00010110, the third segment 12 is split into binary numbers to be 00001100, and the fourth segment 11 is split into binary numbers to be 00001011.
TABLE 2
| Each segment of numbers | Corresponding binary number |
| 10 | 00001010 |
| 22 | 00010110 |
| 12 | 00001100 |
| 11 | 00001011 |
The four binary values may then be combined in sequence, which may be denoted 00001010 00010110 00001100 00001011. Finally, the combined value may be converted to a decimal integer, which may be 169217035, i.e., IP address 10.22.12.11 may be represented as 169217035, which may be converted to a value type.
In step 540 to step 550, the identifier of the target network where the target machine is located is obtained, and the identifier of the target network, the numerical value corresponding to the IP address and the port number are spliced. The character string formed after the splicing is the virtual target address.
Taking the example that the target machine is located in the VPC1 and the actual target address of the target machine is 10.22.12.11:8080, after the identification of the target network where the target machine is located is obtained as the VPC1, splicing the identification, the numerical value corresponding to the IP address and the port number to form a character string VPC1-169217035-8080, and generating a virtual target address VPC1-169217035-8080.
When calculating a virtual target address corresponding to a target machine based on an actual target address of the target machine by using a preset algorithm, the calculated virtual target address accords with an address specification. As one example, the virtual target address is to conform to a hostname specification, e.g., an underline, chinese character, etc. cannot be included in the virtual target name.
In steps 330 through 340, the proxy server determines the actual target address of the target machine based on the virtual target address and forwards the source machine's request to the target machine.
In some embodiments, the actual target address of the target machine may be determined from the virtual target address by querying pre-recorded configuration information.
With continued reference to Table 1, assume that the virtual target address of the target machine sent by the source machine to the proxy server is [: 2]:8080, and after the proxy server receives the virtual target address, the proxy server queries the pre-recorded configuration information as shown in Table 1 to obtain the virtual target address [: 2]:8080, the actual target address corresponding to the virtual target address is 10.22.12.11:8080, and the target machine is located in VPC 1. The proxy server forwards the request of the source machine to the target machine with IP address 10.22.12.11:8080 in VPC1 according to the result of the query.
In a multi-target network scenario, target machines with the same address may exist under different target networks, so that mapping relations between virtual target addresses and identifiers of target networks and actual target addresses are recorded in pre-recorded configuration information, and the problem that when machines with the same IP address exist in different target networks, a proxy server cannot address to a target machine in a corresponding target network can be avoided. If there is only one target network proxied by the proxy server, or the proxy server does not support simultaneous proxy of multiple target networks, the mapping relationship between the virtual target address and the identification of the target network may not be configured in the configuration information, or the identification of the target network may be ignored during the query.
The mapping mode based on dynamic configuration is adopted to determine the actual target address, and when the mapping relation between the virtual target address and the actual target address changes, the monitoring port is unchanged, so that the proxy server does not need to be restarted to enable the configuration to be effective. In addition, the proxy server only needs to monitor one port fixedly, so that occupation and waste of network port resources can be reduced.
In some embodiments, the actual target address of the target machine may be calculated from the virtual target address using a preset algorithm.
As described above, the virtual target address corresponding to the target machine may be calculated based on the actual target address of the target machine by using a preset algorithm. Conversely, the actual target address of the target machine may be calculated reversely from the virtual target address by using the preset algorithm.
The type of the preset algorithm is not particularly limited in the present disclosure, so long as the corresponding virtual target address can be uniquely determined according to the actual target address, otherwise, the corresponding actual target address can be uniquely determined according to the virtual target address.
When the source machine needs to communicate or data interact with the target machine, the source machine can convert the actual target address of the target machine into a virtual target address based on the mapping relation of the algorithm, and then send the virtual target address to the proxy server. After receiving the request of the source machine, the proxy server reversely calculates the actual target address of the target machine corresponding to the virtual target address by using a preset algorithm according to the virtual target address sent by the source machine, for example, reversely calculates the actual target address as the 8080 port of the 10.22.12.11 machine in the VPC1 network according to the virtual target address VPC1-169217035-8080. After calculating the actual target address, the proxy server may forward the source machine's request to the actual target address.
The method for determining the actual target address based on the algorithm mapping can ensure that the monitoring port is unchanged when the mapping relation between the virtual target address and the actual target address is changed, so that a proxy server is not required to be restarted to enable configuration to be effective, and occupation and waste of network port resources can be avoided. In addition, the actual target address is determined by adopting a mode based on algorithm mapping, and when the source machine is to access the newly added target machine, a configuration item is not required to be added, so that resources are saved.
Method embodiments of the present disclosure are described above in detail in connection with fig. 1-5, and apparatus embodiments of the present disclosure are described below in detail in connection with fig. 6-8. It is to be understood that the description of the method embodiments corresponds to the description of the device embodiments, and that parts not described in detail can therefore be seen in the preceding method embodiments.
The embodiment of the disclosure provides a system for forwarding a request. The system for forwarding the request may include a proxy server, a source machine, and a target machine.
In the system, the proxy server is a proxy server based on a SOCKS protocol, and the proxy server is in communication connection with a source machine in a source network and a target machine in a first target network, wherein the first target network is a target network to which a target machine in a plurality of target networks belongs.
In the system, the source machine may be configured to establish a SOCKS connection with the proxy server and send a virtual target address of the target machine to the proxy server, the virtual target address being configured to indicate an identity of the first target network and an actual target address of the target machine.
In the system, the proxy server may be configured to determine an actual target address of the target machine based on the virtual target address and forward the request of the source machine to the target machine.
Optionally, the proxy server is further configured to determine the actual target address by querying pre-recorded configuration information according to the virtual target address, wherein the configuration information records a mapping relationship between the virtual target address and the actual target address.
Optionally, the proxy server is further configured to calculate the actual target address from the virtual target address using a preset algorithm.
Optionally, the virtual target address is a virtual hostname or a virtual IP address.
Optionally, the virtual target address further comprises a virtual port number.
Optionally, the source network and/or the plurality of target networks are virtual private cloud VPCs.
Fig. 6 is a schematic structural diagram of a proxy server according to an embodiment of the present disclosure. The proxy server 600 of fig. 6 is a proxy server based on the SOCKS protocol. The proxy server 600 is communicatively coupled to a source machine in a source network and a target machine in a first target network, the first target network being a target network to which the target machine in a plurality of target networks belongs. The proxy server 600 may include a connection unit 610, a reception unit 620, a determination unit 630, and a forwarding unit 640. These units are described in detail below.
The connection unit 610 may be configured to establish a SOCKS connection with the source machine.
The receiving unit 620 may be configured to receive a virtual target address of the target machine from the source machine, the virtual target address being used to indicate an identification of the first target network and an actual target address of the target machine.
The determination unit 630 may be configured to determine the actual target address of the target machine from the virtual target address.
The forwarding unit 640 may be configured to forward the request of the source machine to the target machine.
Alternatively, the determining unit 630 may be further configured to determine the actual target address by querying pre-recorded configuration information according to the virtual target address, wherein the configuration information records a mapping relationship between the virtual target address and the actual target address.
Optionally, the determining unit 630 may be further configured to calculate the actual target address according to the virtual target address using a preset algorithm.
Optionally, the virtual target address is a virtual hostname or a virtual IP address.
Optionally, the virtual target address further comprises a virtual port number.
Optionally, the source network and/or the target network is a virtual private cloud VPC.
Fig. 7 is a schematic structural diagram of a network device according to an embodiment of the present disclosure. The network device 700 of fig. 7 is a source machine, which is communicatively connected to a target machine in a first target network through a proxy server, where the first target network is a target network to which the target machine belongs in a plurality of target networks. The proxy server is a proxy server based on the SOCKS protocol. The network device 700 may include a first transmitting unit 710 and a second transmitting unit 720. These units are described in detail below.
The first sending unit 710 may be configured to send a virtual target address of the target machine to the proxy server, the virtual target address being used to indicate an identification of the first target network and an actual target address of the target machine.
The second sending unit 720 may be configured to send the request of the source machine to the proxy server, so that the proxy server forwards the request of the source machine to the target machine based on the actual target address of the target machine.
Optionally, the virtual target address is a virtual hostname or a virtual IP address.
Optionally, the virtual target address further comprises a virtual port number.
Optionally, the source network and/or the target network is a virtual private cloud VPC.
Fig. 8 is a schematic structural diagram of an apparatus for forwarding a request according to an embodiment of the present disclosure. The apparatus 800 shown in fig. 8 may be a computing device having computing functionality, for example, the apparatus 800 may be a server. The apparatus 800 may include a memory 810 and a processor 820. Memory 810 may be used to store executable code. Processor 820 may be used to execute executable code stored in memory 810 to implement the steps in the various methods described previously. In some embodiments, the apparatus 800 may further include a network interface 830, and data exchange of the processor 820 with external devices may be achieved through the network interface 830.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present disclosure, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (Digital Subscriber Line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy Disk, a hard Disk, a magnetic tape), an optical medium (e.g., a digital video disc (Digital Video Disc, DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present disclosure may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The foregoing is merely specific embodiments of the disclosure, but the protection scope of the disclosure is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the disclosure, and it is intended to cover the scope of the disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (10)
1. A method of forwarding a request, the method being applied to a proxy server, the proxy server being a proxy server based on a SOCKS protocol, the proxy server being communicatively connected to a source machine in a source network and a target machine in a first target network, the first target network being a target network to which the target machine in a plurality of target networks belongs, the method comprising:
establishing SOCKS connection with the source machine;
receiving a virtual target address of the target machine from the source machine, the virtual target address being indicative of an identity of the first target network and an actual target address of the target machine;
determining an actual target address of the target machine by using a preset algorithm according to the virtual target address;
forwarding the request of the source machine to the target machine.
2. The method of claim 1, the virtual target address being a virtual hostname or a virtual IP address.
3. The method of claim 2, the virtual target address further comprising a virtual port number.
4. The method of claim 1, the source network and/or the plurality of target networks being virtual private cloud, VPC.
5. A system for forwarding a request, the system for forwarding a request comprising a proxy server, a source machine and a target machine, the proxy server being a proxy server based on a SOCKS protocol, the proxy server being communicatively connected to the source machine in a source network and the target machine in a first target network, the first target network being a target network to which the target machine in a plurality of target networks belongs,
the source machine is used for establishing SOCKS connection with the proxy server and sending a virtual target address of the target machine to the proxy server, wherein the virtual target address is used for indicating the identification of the first target network and the actual target address of the target machine;
the proxy server is configured to determine, according to the virtual target address, an actual target address of the target machine by using a preset algorithm, and forward a request of the source machine to the target machine.
6. The system of claim 5, the virtual target address being a virtual hostname or a virtual IP address.
7. The system of claim 6, the virtual target address further comprising a virtual port number.
8. The system of claim 5, the source network and/or the plurality of target networks being virtual private cloud, VPC.
9. A proxy server, the proxy server being a proxy server based on a SOCKS protocol, the proxy server being communicatively connected to a source machine in a source network and a target machine in a first target network, the first target network being a target network to which the target machine in a plurality of target networks belongs, the proxy server comprising:
a connection unit configured to establish a SOCKS connection with the source machine;
a receiving unit configured to receive a virtual target address of the target machine from the source machine, the virtual target address being used to indicate an identity of the first target network and an actual target address of the target machine;
a determining unit configured to determine an actual target address of the target machine by using a preset algorithm according to the virtual target address;
and a forwarding unit configured to forward the request of the source machine to the target machine.
10. An apparatus for forwarding a request, comprising a memory having executable code stored therein and a processor configured to execute the executable code to implement the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111221514.6A CN114025009B (en) | 2021-10-20 | 2021-10-20 | Method, system, proxy server and device for forwarding request |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111221514.6A CN114025009B (en) | 2021-10-20 | 2021-10-20 | Method, system, proxy server and device for forwarding request |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114025009A CN114025009A (en) | 2022-02-08 |
| CN114025009B true CN114025009B (en) | 2024-04-16 |
Family
ID=80056823
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111221514.6A Active CN114025009B (en) | 2021-10-20 | 2021-10-20 | Method, system, proxy server and device for forwarding request |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114025009B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115189920A (en) * | 2022-06-16 | 2022-10-14 | 阿里巴巴(中国)有限公司 | Cross-network domain communication method and related device |
| CN115988078A (en) * | 2022-11-28 | 2023-04-18 | 中国联合网络通信集团有限公司 | Communication method, system, electronic device and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105094799A (en) * | 2014-05-23 | 2015-11-25 | Sap欧洲公司 | Hybrid applications operating between on-premise and cloud platforms |
| CN107770138A (en) * | 2016-08-22 | 2018-03-06 | 阿里巴巴集团控股有限公司 | Specify the method and proxy server, client of IP address |
| CN108833472A (en) * | 2018-05-07 | 2018-11-16 | 杭州数梦工场科技有限公司 | System is established in the connection of cloud host |
| CN109474687A (en) * | 2018-11-23 | 2019-03-15 | 杭州数梦工场科技有限公司 | A kind of methods, devices and systems of different private internetwork communications |
| CN112738284A (en) * | 2021-04-01 | 2021-04-30 | 腾讯科技(深圳)有限公司 | Data transmission method, device, equipment and storage medium in service integration |
| WO2021203126A1 (en) * | 2020-03-31 | 2021-10-07 | Bmc Software, Inc. | Cloud-native proxy gateway to cloud resources |
-
2021
- 2021-10-20 CN CN202111221514.6A patent/CN114025009B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105094799A (en) * | 2014-05-23 | 2015-11-25 | Sap欧洲公司 | Hybrid applications operating between on-premise and cloud platforms |
| CN107770138A (en) * | 2016-08-22 | 2018-03-06 | 阿里巴巴集团控股有限公司 | Specify the method and proxy server, client of IP address |
| CN108833472A (en) * | 2018-05-07 | 2018-11-16 | 杭州数梦工场科技有限公司 | System is established in the connection of cloud host |
| CN109474687A (en) * | 2018-11-23 | 2019-03-15 | 杭州数梦工场科技有限公司 | A kind of methods, devices and systems of different private internetwork communications |
| WO2021203126A1 (en) * | 2020-03-31 | 2021-10-07 | Bmc Software, Inc. | Cloud-native proxy gateway to cloud resources |
| CN112738284A (en) * | 2021-04-01 | 2021-04-30 | 腾讯科技(深圳)有限公司 | Data transmission method, device, equipment and storage medium in service integration |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114025009A (en) | 2022-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11362986B2 (en) | Resolution of domain name requests in heterogeneous network environments | |
| EP3557822B1 (en) | Fully qualified domain name-based traffic control for virtual private network access control | |
| CN108449282B (en) | Load balancing method and device | |
| US8767737B2 (en) | Data center network system and packet forwarding method thereof | |
| CN107508795B (en) | Cross-container cluster access processing device and method | |
| CN106686070B (en) | Database data migration method, device, terminal and system | |
| US6871347B2 (en) | Method and apparatus for facilitating load balancing across name servers | |
| CN106850324B (en) | virtual network interface object | |
| US20120240184A1 (en) | System and method for on the fly protocol conversion in obtaining policy enforcement information | |
| US8359379B1 (en) | Method of implementing IP-based proxy server for ISCSI services | |
| CN114025009B (en) | Method, system, proxy server and device for forwarding request | |
| WO2021063028A1 (en) | Method and apparatus for providing network service for service, and computing device | |
| CN111629084B (en) | Data transmission method and device, storage medium and electronic equipment | |
| WO2021043062A1 (en) | Cross-network wake-up method and related device | |
| CN113364741A (en) | Application access method and proxy server | |
| KR20200059683A (en) | System and method for cloud based hosting service | |
| CN111464622A (en) | Volume mapping processing method and device in distributed storage system | |
| CN111585786A (en) | Realization of secret-free building method of big data cluster | |
| US11750716B2 (en) | Methods for publishing resource, and gateway | |
| US10764330B2 (en) | LAN/SAN network security management | |
| CN114025010B (en) | Method for establishing connection and network equipment | |
| US20150047009A1 (en) | Access control method, access control system and access control device | |
| WO2023138335A1 (en) | Differentiated control method and apparatus for user terminal, and related device | |
| EP3176986A1 (en) | Method, device and system for remote desktop protocol gateway to conduct routing and switching | |
| EP4503571A1 (en) | Address configuration method and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |