Search

CN-121486329-B - Method, device, equipment and system for communication based on edge gateway

CN121486329BCN 121486329 BCN121486329 BCN 121486329BCN-121486329-B

Abstract

The invention relates to the technical field of edge communication, in particular to a method, a device, equipment and a system for carrying out communication based on an edge gateway, which uniformly uses one IP address to access a large number of edge devices to a network through address conversion, so as to reduce the demand of the IP address in a public network/a bearing network, save a large number of IP address resources in the bearing network, realize the intensive utilization of the IP address resources, reduce the demand of special network equipment, reduce the hardware investment cost, hide the real address of an intranet object after the gateway address by combining dynamic address conversion operation, reduce the security risk of intranet topology exposure, ensure that the session state of each request is accurately recorded, provide reliable link matching basis for reverse dynamic address conversion, reduce link confusion and conversion errors, realize the transparency of bidirectional communication between a request end and the object, ensure that the request end does not need to perceive an intranet structure, ensure that the real address is not exposed, and greatly improve the bidirectional communication efficiency and security.

Inventors

  • LIANG JIAMING
  • LIN LI
  • WANG PING
  • JIANG LINGJIE
  • LIU JIEFENG
  • LAO HUAJUN
  • Weng Ziliang
  • LIU JINWEN

Assignees

  • 特微乐行(广州)技术有限公司

Dates

Publication Date
20260508
Application Date
20260109

Claims (10)

  1. 1. A method of communicating based on an edge gateway, the method comprising: The edge gateway detects a data access request sent by a request end, wherein the data access request carries a data packet, analyzes the data packet to obtain quintuple information, and the quintuple information comprises a source IP, a source port, a destination IP, a destination port and an information transmission protocol; The edge gateway determines a target object of information required to be acquired by the request end according to the content included by the quintuple information, performs dynamic address conversion operation for the target object according to the content included by the quintuple information to obtain target quintuple information after address conversion, records a communication tracking link matched with the target quintuple information, and sends the target quintuple information to the target object to trigger the target object to execute the operation of sending the target information to the edge gateway; And the edge gateway receives the target information sent by the target object, executes reverse dynamic address conversion operation on the target object according to the communication tracking link matched with the target five-tuple information, and sends the target information to the request terminal after the conversion is successful.
  2. 2. The method for performing communication based on an edge gateway according to claim 1, wherein the five-tuple information specifically includes an IP of which a source IP is the request end, a port of which a source port is the request end, a bearer network IP of which a destination IP is the edge gateway, a gateway port of which a destination port is the edge gateway, and an information transmission protocol; The edge gateway determines a target object of information required to be acquired by the request end according to the content included in the quintuple information, and performs dynamic address conversion operation for the target object according to the content included in the quintuple information to obtain target quintuple information after address conversion, including: the edge gateway obtains a target object bound with a gateway port of the edge gateway according to a pre-established NAT mapping table, obtains the IP and the port of the target object, and distributes a corresponding dynamic address mapping port for the target object; The edge gateway modifies the source IP from the IP of the request end to the intranet IP of the edge gateway, modifies the source port from the port of the request end to the dynamic address mapping port, modifies the destination IP from the bearing network IP of the edge gateway to the IP of the target object, and modifies the destination port from the gateway port of the edge gateway to the port of the target object to obtain target five-tuple information; the edge gateway sends the target five-tuple information to the target object, including: and the edge gateway sends the target five-tuple information to the target object according to the IP and the port of the target object.
  3. 3. The method according to claim 2, wherein the performing, by the edge gateway, reverse dynamic address translation operation on the target object according to the communication tracking link matched with the target five-tuple information, and after the conversion is successful, sending the target information to the request end includes: The edge gateway obtains a communication tracking link matched with the target quintuple information according to the target quintuple information, modifies the source IP from the IP of the target object to the bearing network IP of the edge gateway, modifies the source port from the port of the target object to the gateway port of the edge gateway, modifies the destination IP from the intranet IP of the edge gateway to the IP of the request end, modifies the destination port from the dynamic address mapping port to the port of the request end, and after the modification is successful, sends the target information to the request end according to the destination IP and the target port.
  4. 4. A method of edge gateway based communication according to claim 2 or 3, wherein the method further comprises: The edge gateway obtains IP header information and UDP header information of the data packet, and judges whether a target IP pointed by the data packet is an ONVIF multicast address and whether a target port is an ONVIF standard discovery port according to the IP header information and the UDP header information; When the result is judged to be yes, the edge gateway determines a source interface of the request end, when the source interface of the request end is used for representing that the request end is an internal source interface, whether the information transmission protocol is matched with a preset video transmission protocol or not is checked, and when the verification is passed, the operation of determining a target object of the request end needing to acquire information according to the content included in the quintuple information is executed; When the source interface of the request end is used for indicating that the request end is an external source interface, the edge gateway carries out UDP load depth detection on the data packet to obtain a detection result, when the detection result is used for indicating that the data access request is an ONVIF request or when the information transmission protocol is not checked, interception operation is carried out on the data access request, an audit log corresponding to the data access request is generated according to interception reasons, interception time and the data packet, and alarm notification is sent to a supervision platform and the data packet is discarded.
  5. 5. The method of communicating based on an edge gateway of claim 4, wherein the edge gateway assigns a corresponding dynamic address mapping port to the target object, comprising: The edge gateway judges whether a matching port matched with the target object exists in the NAT mapping table according to the IP of the target object, and when judging that the matching port exists, the edge gateway determines the matching port as a dynamic address mapping port corresponding to the target object; When judging that the matched ports do not exist, the edge gateway acquires a plurality of ports in an idle state currently, and screens one port from all the ports to serve as a dynamic address mapping port corresponding to the target object; When the source interface of the request end is used for indicating that the request end is an internal source interface, the edge gateway screens one port from all the ports, and before the one port is used as a dynamic address mapping port corresponding to the target object, the method further comprises: The edge gateway sends the data packet to the target object to trigger the target object to generate response information after receiving the data packet and send the response information to the edge gateway, wherein the response information comprises a source IP and a source port corresponding to the target object; And the edge gateway analyzes the response information to obtain a source IP and a source port corresponding to the target object, checks whether the source IP corresponding to the target object is the target IP and whether the source port corresponding to the target object is the target port, and when the verification is passed, executes the operation of screening one port from all the ports to serve as a dynamic address mapping port corresponding to the target object.
  6. 6. A method of edge gateway based communication according to any of claims 1-3, wherein the method further comprises: The edge gateway writes the data packet in the data access request into a preset ring buffer area through DMA, and an interrupt mechanism is called by an interrupt handler to close the interrupt of the edge gateway, and a network card of the edge gateway is added into a preset polling list, and polls the preset polling list through a kernel thread, and a network card driving function of the edge gateway is called to transfer the data packet from the preset ring buffer area to a protocol stack, so that the protocol stack is triggered to execute a verification operation on the type of the data packet, and after the data packet passes the verification operation, the verification operation is executed on an IP version number, a head length, a total length and a head in the data packet, and after the verification is passed, the data packet is executed to analyze, so that five-tuple information operation is obtained; The method further comprises the steps of: the edge gateway carries out hash calculation on the quintuple information to obtain a hash value of the quintuple information, searches a hash rule table according to the hash value of the quintuple information, and executes verification operation on the source IP, the information transmission protocol and the destination port according to the hash rule table; When the source IP, the information transmission protocol and the destination port pass the verification, the edge gateway judges whether the hash rule table indicates that deep packet inspection is required; When the deep packet inspection is judged to be needed, the edge gateway extracts application layer loads of all the data packets, calculates initial load offset of the application layer loads in all the data packets, carries out pattern matching on the extracted application layer loads based on a multi-pattern character string matching algorithm according to the initial load offset, and executes the operation of determining a target object of the information required to be acquired by the request terminal according to the content included in the quintuple information when the pattern matching is successful; And when the pattern matching is unsuccessful, the edge gateway judges whether the data packet needs to be transmitted through a route, and when the data packet needs to be transmitted, the edge gateway executes the operation of determining a target object of the information required to be acquired by the request terminal according to the content included in the quintuple information.
  7. 7. A method of edge gateway based communication according to any of claims 1-3, wherein the method further comprises: The edge gateway obtains a target scene corresponding to the data packet, matches a corresponding load balancing mode for the data packet according to the target scene, and obtains load data of each first server in a plurality of first servers which are determined in advance and used for data transmission; The edge gateway analyzes the load data of all the first servers according to the load balancing mode to obtain target servers; the edge gateway sends the target five-tuple information to the target object, including: The edge gateway sends the target five-tuple information to the target object through the target server; The method further comprises the steps of: When the data access request is detected, the edge gateway obtains the equipment address of the request end, judges whether the equipment type of the request end is IP equipment type according to the equipment address of the request end, and when the equipment type of the request end is judged to be IP equipment type, executes the operation of analyzing the data packet to obtain five-tuple information; When judging that the equipment type of the request terminal is the non-IP equipment type, the edge gateway obtains a binding object bound with the equipment address of the request terminal according to a predetermined serial number mapping relation, obtains the IP and the port of the binding object as the IP and the port of the request terminal, and executes the operation of analyzing the data packet to obtain five-tuple information.
  8. 8. An apparatus for communicating based on an edge gateway, the apparatus being adapted for use with an edge gateway, the apparatus comprising: the detection module is used for detecting a data access request sent by a request end, wherein the data access request carries a data packet, and analyzes the data packet to obtain quintuple information, and the quintuple information comprises a source IP, a source port, a destination IP, a destination port and an information transmission protocol; The address conversion module is used for determining a target object of information required to be acquired by the request end according to the content included by the quintuple information, executing dynamic address conversion operation for the target object according to the content included by the quintuple information to obtain target quintuple information after address conversion, and recording a communication tracking link matched with the target quintuple information; The communication module is used for sending the target five-tuple information to the target object so as to trigger the target object to execute the operation of sending the target information to the edge gateway; the communication module is further used for receiving the target information sent by the target object; The address conversion module is further used for executing reverse dynamic address conversion operation on the target object according to the communication tracking link matched with the target five-tuple information; The communication module is further configured to send the target information to the request end after the conversion is successful.
  9. 9. An edge gateway, the edge gateway comprising: A memory storing executable program code; A processor coupled to the memory; The processor invokes the executable program code stored in the memory to perform the method of edge gateway based communication as claimed in any one of claims 1 to 7.
  10. 10. An edge communication system, comprising an IP device, a non-IP device, and an edge gateway, wherein the edge gateway communicates with the IP device or the non-IP device to implement the method for performing communication based on the edge gateway according to any one of claims 1-7.

Description

Method, device, equipment and system for communication based on edge gateway Technical Field The present invention relates to the field of edge communication technologies, and in particular, to a method, an apparatus, a device, and a system for performing communication based on an edge gateway. Background With the development and standardization of edge computing, more and more edge nodes access the network in a TCP/IP mode, each node needs an IP address, and maintenance personnel manage the IP through the IP address and the IP of the edge node equipment in a one-to-one mode. And meanwhile, the non-IP equipment performs maintenance and communication through the serial port. Currently, the main prior art schemes include directly allocating a public network IP address or a bearer network IP address, that is, directly allocating an IP address of an accessed network, such as a public network IP address or an IP address of a bearer network, to an IP device of an already IP-enabled device, so as to implement direct IP-to-IP communication between two communication ends, or performing network address conversion by using a dedicated router or a firewall device, deploying an independent network device by each edge node, adopting static port mapping, and needing to pre-configure a port mapping relationship of each intranet device, where external access is directed to the intranet device by means of a specific port of the public network IP. However, according to the technical scheme, each edge device needs to independently allocate the public network/carrier network IP, such as directly allocating the public network IP and performing conventional NAT static mapping, so that a large amount of IP address resources of the public network or the carrier network are consumed, and particularly, under the condition that IPv4 address resources are short, it is difficult to satisfy that each device independently shares an IP address, the public network IP address segment allocated by the enterprise is limited, and large-scale edge device deployment, such as a camera and a serial port device, cannot be supported. Therefore, a new edge gateway communication method is needed to reduce the IP address requirement in the public network/bearer network, and implement the technical scheme of intensive use of IP address resources. Disclosure of Invention The invention provides a method, a device, equipment and a system for communication based on an edge gateway, which can reduce the demand of IP addresses in a public network/a bearing network and realize the intensive utilization of IP address resources. In order to solve the above technical problems, a first aspect of the embodiments of the present invention discloses a method for performing communication based on an edge gateway, where the method includes: The edge gateway detects a data access request sent by a request end, wherein the data access request carries a data packet, analyzes the data packet to obtain quintuple information, and the quintuple information comprises a source IP, a source port, a destination IP, a destination port and an information transmission protocol; The edge gateway determines a target object of information required to be acquired by the request end according to the content included by the quintuple information, performs dynamic address conversion operation for the target object according to the content included by the quintuple information to obtain target quintuple information after address conversion, records a communication tracking link matched with the target quintuple information, and sends the target quintuple information to the target object to trigger the target object to execute the operation of sending the target information to the edge gateway; And the edge gateway receives the target information sent by the target object, executes reverse dynamic address conversion operation on the target object according to the communication tracking link matched with the target five-tuple information, and sends the target information to the request terminal after the conversion is successful. The second aspect of the embodiment of the invention discloses a device for carrying out communication based on an edge gateway, which is applied to the edge gateway and comprises: the detection module is used for detecting a data access request sent by a request end, wherein the data access request carries a data packet, and analyzes the data packet to obtain quintuple information, and the quintuple information comprises a source IP, a source port, a destination IP, a destination port and an information transmission protocol; The address conversion module is used for determining a target object of information required to be acquired by the request end according to the content included by the quintuple information, executing dynamic address conversion operation for the target object according to the content included by the quintuple information to obtain target quintup