Information transmission method and device, storage medium and electronic equipment

By setting up a preset table and communication tunnel in the DPI system, parsing the five-tuple information of the data stream, generating and sending messages using the communication tunnel, the problem of low processing efficiency of the DPI system under high traffic conditions is solved, and more efficient business processing is achieved.

CN116248438BActive Publication Date: 2026-06-23CHINA TELECOM CORP LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA TELECOM CORP LTD
Filing Date
2022-12-28
Publication Date
2026-06-23

Smart Images

  • Figure CN116248438B_ABST
    Figure CN116248438B_ABST
Patent Text Reader

Abstract

The application discloses a kind of information transmission method, device, storage medium and electronic equipment.The method comprises: controller obtains the data stream sent by the terminal equipment of user, and parses data stream, obtains five tuple information;Determine the target application information of data stream access by the destination IP in five tuple information, and judge whether target application information exists in preset table;In the case where target application information exists in preset table, according to five tuple information, generate preset communication tunnel, and obtain the access strategy information corresponding to five tuple information from preset table;Obtain the initial message header associated with preset communication tunnel, generate target message according to access strategy information, five tuple information and initial message header, and send target message to terminal equipment through preset communication tunnel.By the present application, with the increase of service traffic in the related art, the problem that DPI system cannot efficiently handle a large number of services is solved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data transmission, and more specifically, to a method, apparatus, storage medium, and electronic device for transmitting information. Background Technology

[0002] To enable in-depth traffic mining and analysis, the construction of DPI (Deep Packet Inspection) systems provides operators with self-awareness of traffic and a comprehensive view of network data. This also facilitates better market strategy and operational management, and meets the needs of network security and information security systems. However, traditional DPI systems require all traffic to be imported into the DPI system for analysis and scheduling. Faced with the ever-increasing business traffic of operators, DPI systems suffer from insufficient computing power and forwarding capabilities, high costs, and slow efficiency gains, ultimately impacting business processing efficiency.

[0003] There is currently no effective solution to the problem that DPI systems cannot efficiently handle large volumes of business as business traffic increases in related technologies. Summary of the Invention

[0004] This application provides an information transmission method, apparatus, storage medium, and electronic device to solve the problem in the related art that as business traffic increases, the DPI system cannot efficiently handle a large number of business transactions.

[0005] According to one aspect of this application, a method for transmitting information is provided. The method includes: a controller acquiring a data stream sent by a user's terminal device and parsing the data stream to obtain 5-tuple information; determining the target application information accessed by the data stream through the destination IP in the 5-tuple information, and determining whether the target application information exists in a preset table, wherein the preset table includes multiple application information, 5-tuple information associated with each application information, and access policy information corresponding to each 5-tuple information; if the target application information exists in the preset table, generating a preset communication tunnel based on the 5-tuple information, and obtaining the access policy information corresponding to the 5-tuple information from the preset table; obtaining an initial message header associated with the preset communication tunnel, generating a target message based on the access policy information, the 5-tuple information, and the initial message header, and sending the target message to the terminal device through the preset communication tunnel.

[0006] Optionally, the preset table also includes user information corresponding to each five-tuple information. Obtaining access policy information corresponding to the five-tuple information from the preset table includes: determining the user information corresponding to the source IP based on the source IP in the five-tuple information; and determining the access policy information that is jointly corresponding to the user information and the target application information as the access policy information corresponding to the five-tuple information.

[0007] Optionally, after determining whether the target application information exists in the preset table, the method further includes: if the target application information does not exist in the preset table, sending the target application information and the five-tuple information to the target system, and receiving the access policy information and user information corresponding to the five-tuple information and the target application information returned by the target system to obtain the target access policy information and the target user information; and storing the target access policy information, the target user information, the five-tuple information and the target application information in the preset table in association.

[0008] Optionally, generating a preset communication tunnel based on the 5-tuple information includes: obtaining multiple routing nodes between the controller and the source IP, generating multiple initial communication tunnels between the controller and the source IP from the multiple routing nodes; determining the transmission performance information of each initial communication tunnel to obtain multiple transmission performance information, and obtaining the transmission indicator information in the access policy information; obtaining the transmission performance information with the highest matching degree with the transmission indicator information from the multiple transmission performance information to obtain the target transmission performance information, and determining the initial communication tunnel corresponding to the target transmission performance information as the preset communication tunnel.

[0009] Optionally, obtaining the initial message header associated with the preset communication tunnel and generating the target message based on the access policy information, the 5-tuple information, and the initial message header includes: obtaining the address of each routing node in the preset communication tunnel to obtain multiple routing addresses; sequentially connecting each routing address according to the order of each routing node in the preset communication tunnel to obtain the initial message header; and using the 5-tuple information and the initial message header as the message header and the access policy information as the message content to obtain the target message.

[0010] Optionally, after determining the initial communication tunnel corresponding to the target transmission performance information as the preset communication tunnel, the method further includes: monitoring the target transmission performance information of the preset communication tunnel according to a preset period, and determining whether the target transmission performance information is less than the preset transmission performance information; if the target transmission performance information is less than the preset transmission performance information, issuing an alarm message, and resetting the communication tunnel from multiple initial communication tunnels.

[0011] Optionally, before sending the target message to the terminal device through the preset communication tunnel, the method further includes: determining whether the preset communication tunnel is abnormal; if the preset communication tunnel is abnormal, obtaining a backup tunnel from multiple initial communication tunnels, and performing the step of sending the target message to the terminal device through the preset communication tunnel through the backup tunnel.

[0012] According to another aspect of this application, an information transmission apparatus is provided. The apparatus includes: a parsing unit, configured to acquire a data stream sent by a user's terminal device and parse the data stream to obtain 5-tuple information; a first determining unit, configured to determine the target application information accessed by the data stream through the destination IP in the 5-tuple information, and determine whether the target application information exists in a preset table, wherein the preset table includes multiple application information, 5-tuple information associated with each application information, and access policy information corresponding to each 5-tuple information; a generating unit, configured to generate a preset communication tunnel based on the 5-tuple information if the target application information exists in the preset table, and obtain the access policy information corresponding to the 5-tuple information from the preset table; and a first obtaining unit, configured to obtain the initial message header associated with the preset communication tunnel, generate a target message based on the access policy information, the 5-tuple information, and the initial message header, and send the target message to the terminal device through the preset communication tunnel.

[0013] According to another aspect of the present invention, a computer storage medium is also provided for storing a program, wherein the program, when running, controls the device where the computer storage medium is located to execute an information transmission method.

[0014] According to another aspect of the present invention, an electronic device is also provided, comprising one or more processors and a memory; the memory stores computer-readable instructions, and the processor is configured to execute the computer-readable instructions, wherein the computer-readable instructions execute an information transmission method when executed.

[0015] This application employs the following steps: The controller acquires the data stream sent by the user's terminal device and parses the data stream to obtain 5-tuple information; it determines the target application information accessed by the data stream through the destination IP in the 5-tuple information and checks whether the target application information exists in a preset table, wherein the preset table includes multiple application information, the 5-tuple information associated with each application information, and the access policy information corresponding to each 5-tuple information; if the target application information exists in the preset table, a preset communication tunnel is generated based on the 5-tuple information, and the access policy information corresponding to the 5-tuple information is obtained from the preset table; the initial message header associated with the preset communication tunnel is obtained, and a target message is generated based on the access policy information, the 5-tuple information, and the initial message header, and the target message is sent to the terminal device through the preset communication tunnel. This solves the problem in related technologies where the DPI system cannot efficiently handle a large number of services as business traffic increases. By setting a preset table, the business content that needs to be processed by the DPI system is processed accordingly in the preset table to obtain message information, and the message information that needs to be fed back is fed back according to the preset tunnel, thereby reducing the business processing load of the DPI system and thus improving business processing efficiency. Attached Figure Description

[0016] The accompanying drawings, which form part of this application, are used to provide a further understanding of this application. The illustrative embodiments and descriptions of this application are used to explain this application and do not constitute an undue limitation of this application. In the drawings:

[0017] Figure 1 This is a flowchart of an information transmission system provided according to an embodiment of this application;

[0018] Figure 2 This is a flowchart of an information transmission method provided according to an embodiment of this application;

[0019] Figure 3 This is an optional flowchart for determining a preset communication tunnel according to an embodiment of this application;

[0020] Figure 4 This is a flowchart of a tunnel inspection provided according to an embodiment of this application;

[0021] Figure 5 This is a schematic diagram of an information transmission device according to an embodiment of this application. Detailed Implementation

[0022] It should be noted that, unless otherwise specified, the embodiments and features described in this application can be combined with each other. This application will now be described in detail with reference to the accompanying drawings and embodiments.

[0023] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of the present application.

[0024] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate for the embodiments of this application described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0025] It should be noted that all information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for display, data used for analysis, etc.) involved in this disclosure are information and data authorized by the user or fully authorized by all parties. For example, this system has an interface with relevant users or organizations. Before obtaining relevant information, it is necessary to send an acquisition request to the aforementioned user or organization through the interface, and obtain the relevant information after receiving consent information from the aforementioned user or organization.

[0026] In this embodiment, Figure 1 This is a flowchart of an information transmission system provided according to an embodiment of this application, such as... Figure 1 As shown, the aforementioned information transmission method is executed using an optional information transmission system as the execution subject. This information transmission system includes at least:

[0027] Orchestration Module 101: The orchestration system is responsible for managing the correspondence between information such as user information and access policy information.

[0028] DPI module 102: Connected to the orchestration system, it is used by the DPI system to provide the mapping relationship between applications and destination IPs based on application identification rules through application traffic analysis.

[0029] Controller 103: Connected to the orchestration system, the controller 103 translates and converts the access policy information defined by the orchestration system, and submits the configuration and management of the corresponding network functional units.

[0030] Authentication docking module 104: Connected to controller 103, it is used to synchronize the correspondence between source IP address and user service attribute in the application network in real time, so as to ensure that when the IP changes due to user online / offline or network switching, the policy implementation still applies to the specific user source IP.

[0031] Network execution module 105: connected to controller 103, used to build SRv6-TE tunnels between network element systems according to the control strategy of controller 103, and to perform traffic path scheduling as needed.

[0032] Network acquisition module 106: Connects to authentication interface module 104 and network element system, used to monitor real-time network performance and real-time performance of specific application traffic, etc.

[0033] According to an embodiment of this application, an information transmission method is provided.

[0034] Figure 2 This is a flowchart of an information transmission method provided according to an embodiment of this application. For example... Figure 2 As shown, the method includes the following steps:

[0035] In step S201, the controller acquires the data stream sent by the user's terminal device and parses the data stream to obtain the quintuple information.

[0036] Specifically, the user terminal can be a user's computer or mobile phone, and the data stream can be a data stream from a user accessing a website or application. After receiving the data stream, the controller needs to determine whether the user can access the website or application, and then provide the user with corresponding information based on the determination result. For example, if user A wants to access application A, but user A does not have permission, then the controller will provide user A with the corresponding return information based on user A's access policy.

[0037] Step S202: Determine the target application information for data flow access through the destination IP in the five-tuple information, and determine whether the target application information exists in a preset table. The preset table includes multiple application information, the five-tuple information associated with each application information, and the access policy information corresponding to each five-tuple information.

[0038] Specifically, after parsing the data stream, we can obtain the five-tuple information of the data stream, which are: source IP address, source port, destination IP address, destination port and transport layer protocol. We can determine the target application information corresponding to the target IP address based on the target IP address. After obtaining the target application information, we can determine whether the application information exists in the preset table. For example, as shown in Table 1: if the target application information is A, we can determine that A exists in the preset table.

[0039] Table 1

[0040] Application Categories Application Name target IP address Protocol type port domain name Access Policy game A 129.*.*.* TCP / UDP 443 https: / / xx B game C 128.*.*.* TCP / UDP 443 https: / / yy D

[0041] Step S203: If the target application information exists in a preset table, generate a preset communication tunnel based on the 5-tuple information, and obtain the access policy information corresponding to the 5-tuple information from the preset table.

[0042] It should be noted that the behavior strategy includes the return strategy executed for the user's application access behavior, as well as the communication strategy required by the user. For example, if user A requires a communication strategy that ensures smoothness but does not require information transmission speed, then the tunnel can be created according to the user's needs when creating the tunnel.

[0043] Specifically, assuming the target application information exists in a pre-defined table, a pre-defined communication tunnel for sending behavioral policies to users can be generated based on the five-tuple information. This pre-defined communication tunnel can be a tunnel between two systems, such as a tunnel between a controller and a terminal device. The pre-defined communication tunnel can be an SRv6-TE tunnel. SD-WAN nodes are deployed in the required systems, and IPv6 neighbor relationships are configured to achieve interoperability. Three SRv6-TE tunnels can be pre-defined between systems: a Master tunnel (the tunnel with the optimal path in the primary plane), a Slave tunnel (the tunnel with the optimal path in the backup plane), and an unconstrained tunnel (a tunnel without path calculation constraints, serving as a multi-point fault protection tunnel). By connecting these SRv6-TE paths, the controller calculates the path that meets the user's requirements in the behavioral policy based on latency and sends the SRv6 path information to the head node via SRv6 Policy. The head node imports traffic into the SRv6 Policy and forwards packets according to the path calculated by the controller to meet the user's traffic requirements.

[0044] The SRv6-TE tunnel forwards data between preset nodes: After receiving an SRv6 packet, a node queries its local SID table based on the IPv6 destination address to determine whether the SID information in the SRv6 packet is of type EndSID. If so, the node continues to query the IPv6 forwarding table and forwards the data to the next preset node according to the next interface found in the IPv6 forwarding table. The SID table includes information on all nodes through which the tunnel passes.

[0045] Step S204: Obtain the initial message header associated with the preset communication tunnel, generate the target message based on the access policy information, the five-tuple information and the initial message header, and send the target message to the terminal device through the preset communication tunnel.

[0046] Specifically, each preset communication tunnel contains information on multiple nodes, each node corresponding to an address. The address information of multiple nodes can form an initial message header, and a basic message header is generated based on the five-tuple information. The initial message header, the basic message header, and the access policy information to be sent to the user are combined to obtain the target message, which is then sent to the terminal device via the preset communication tunnel. This allows for the feedback of information on the user's access data stream without the need for a DPI system.

[0047] The information transmission method provided in this application embodiment obtains the data stream sent by the user's terminal device through a controller, parses the data stream to obtain five-tuple information, determines the target application information accessed by the data stream through the destination IP in the five-tuple information, and determines whether the target application information exists in a preset table. The preset table includes multiple application information, five-tuple information associated with each application information, and access policy information corresponding to each five-tuple information. If the target application information exists in the preset table, a preset communication tunnel is generated based on the five-tuple information, and the access policy information corresponding to the five-tuple information is obtained from the preset table. The initial message header associated with the preset communication tunnel is obtained, and a target message is generated based on the access policy information, five-tuple information, and initial message header. The target message is then sent to the terminal device through the preset communication tunnel. This solves the problem in related technologies where the DPI system cannot efficiently handle a large number of services as service traffic increases. By setting a preset table, the service content that needs to be processed by the DPI system is processed accordingly in the preset table to obtain message information. The message information that needs to be fed back is then fed back according to the preset tunnel, thereby reducing the service processing load of the DPI system and improving service processing efficiency.

[0048] Optionally, in the information transmission method provided in the embodiments of this application, the preset table also includes user information corresponding to each five-tuple information. Obtaining access policy information corresponding to the five-tuple information from the preset table includes: determining the user information corresponding to the source IP based on the source IP in the five-tuple information; and determining the access policy information that is jointly corresponding to the user information and the target application information as the access policy information corresponding to the five-tuple information.

[0049] Specifically, the preset table can also include user information corresponding to each quintuple. The user information can be the user account and the access network type, as shown in Table 2. After obtaining the quintuple information, the user account information, such as the user's mobile phone number or broadband account, can be determined according to the correspondence in Table 2. Since each user can switch between broadband account and mobile phone number, the preset table can still identify that the two data streams were sent by the same user when the user changes the account and network type, thus ensuring the consistency of policy information.

[0050] Table 2

[0051] Application Categories Application Name target IP address User Account Access Network Type Access Policy game A 129.*.*.* Broadband account broadband B game C 129.*.*.* Phone number Mobile network D

[0052] After determining the user information, the access policy information corresponding to the user information and the application accessed in this data stream can be obtained from the preset table, thereby achieving the effect of providing the user with accurate access policy information.

[0053] Optionally, in the information transmission method provided in the embodiments of this application, after determining whether the target application information exists in the preset table, the method further includes: if the target application information does not exist in the preset table, sending the target application information and the five-tuple information to the target system, and receiving the access policy information and user information corresponding to the five-tuple information and the target application information returned by the target system to obtain the target access policy information and the target user information; and storing the target access policy information, the target user information, the five-tuple information and the target application information in the preset table in association.

[0054] Specifically, if the target application information does not exist in the preset table, the behavior indicating that the user accessed that user information has not been added to the preset table. In this case, the target application information and the five-tuple information need to be sent to the target system, where the target application information can be the DPI system. The DPI system will then use SRV6-TE configuration to direct all traffic under the corresponding source address to the DPI system to ensure the integrity of the application identification context. After identifying the node context information and completing the application classification, the DPI system will send the access policy information and user information corresponding to that application under the five-tuple information to the preset table. Thus, the target access policy information, target user information, five-tuple information, and target application information can be obtained from the preset table. Therefore, if the user sends the same amount of traffic again, it can be processed directly through the preset table without needing to obtain information from the DPI system again.

[0055] Optionally, in the information transmission method provided in this application embodiment, generating a preset communication tunnel based on the five-tuple information includes: obtaining multiple routing nodes between the controller and the source IP, generating multiple initial communication tunnels between the controller and the source IP from the multiple routing nodes; determining the transmission performance information of each initial communication tunnel to obtain multiple transmission performance information, and obtaining transmission indicator information from the access policy information; obtaining the transmission performance information with the highest matching degree with the transmission indicator information from the multiple transmission performance information to obtain the target transmission performance information, and determining the initial communication tunnel corresponding to the target transmission performance information as the preset communication tunnel.

[0056] Specifically, Figure 3 This is a flowchart of an optional process for determining a preset communication tunnel according to an embodiment of this application, such as... Figure 3 As shown, firstly, multiple routing nodes between the controller and the source IP are obtained, such as nodes A, B, C, D, and E in the figure, and node F is the source IP. After determining the multiple routing nodes between the controller and the source IP, it is necessary to determine the information transmission path. The information transmission path is a set of multiple paths that can complete the information transmission. Each path can transmit information, but the efficiency and effect of information transmission are different.

[0057] After determining the transmission performance information of each initial communication tunnel, the user's preset required performance can be obtained, and the transmission performance information that is closest to the user's required performance can be obtained from multiple transmission performance information. The initial communication tunnel where the outgoing performance information is located is then determined as the target communication tunnel.

[0058] For example, such as Figure 3 As shown, network topology information is reported to the network controller. Topology information includes node and link information, as well as attributes such as link cost, bandwidth, and latency. Based on the collected topology information, the controller calculates the optimal path to a specified destination IP or destination AS according to user service requirements, to meet those requirements. Figure 3 There are ACE paths and ABDCE paths. In this case, due to the high latency and low bandwidth between ACs, and the large bandwidth of BD and the low latency of DC, the packet loss phenomenon of CE occurs less. Therefore, although the ACE path is short, the ABDCE path is more in line with the user's needs. Therefore, the ABDCE path can be used as the preset communication tunnel.

[0059] Optionally, in the information transmission method provided in this application embodiment, obtaining the initial message header associated with the preset communication tunnel and generating the target message based on the access policy information, the 5-tuple information and the initial message header includes: obtaining the address of each routing node in the preset communication tunnel to obtain multiple routing addresses; sequentially connecting each routing address according to the arrangement order of each routing node in the preset communication tunnel to obtain the initial message header; and using the 5-tuple information and the initial message header as the message header and the access policy information as the message content to obtain the target message.

[0060] Specifically, when generating the target message, the addresses of each routing node in the preset communication tunnel need to be combined according to the message sending order to obtain the initial message header. That is, when sending to each routing node, the address of the next routing node can be determined by the routing node information in the initial message header and the current routing node information, and information can be sent to the next routing node. At the same time, it can also be determined whether it is the last routing node, thereby determining whether the information transmission has been completed.

[0061] It should be noted that IPv6 packets consist of an IPv6 standard header, an extension header (0…n), and a payload. To implement Segment Routing IPv6 (SRv6) based on the IPv6 forwarding plane, a new IPv6 extension header called the SRH (Segment Routing Header) extension header is added. This extension header specifies an explicit IPv6 path and stores the IPv6 SegmentList information. Segment List[0], Segment List[1], Segment List[2], ..., Segment List[n]. Segment List[0] is the first Segment List to be processed on the SRv6 path, Segment List[1] is the second, Segment List[2] is the third, ..., Segment List[n] is the (n+1)th. The head node adds an SRH extension header to the IPv6 packet, and the intermediate nodes can forward the packets according to the path information contained in the SRH extension header.

[0062] Optionally, in the information transmission method provided in the embodiments of this application, after determining the initial communication tunnel corresponding to the target transmission performance information as the preset communication tunnel, the method further includes: monitoring the target transmission performance information of the preset communication tunnel according to a preset period, and determining whether the target transmission performance information is less than the preset transmission performance information; if the target transmission performance information is less than the preset transmission performance information, issuing an alarm message, and resetting the communication tunnel from multiple initial communication tunnels.

[0063] Specifically, the controller can collect the performance of the preset communication tunnel in real time through the network acquisition module. When the target transmission performance information of the preset communication tunnel is less than the preset transmission performance information, it indicates that the link between two nodes in the tunnel needs to be optimized. At this time, the preset communication tunnel needs to be canceled and a new preset communication tunnel needs to be determined between the normally operating link and node, thereby optimizing the abnormal tunnel and ensuring the effect of information transmission.

[0064] Figure 4 This is a flowchart of tunnel inspection provided according to an embodiment of this application, such as... Figure 4 As shown, with changes in the network environment, if a specific SRv6-TE tunnel deteriorates, it will affect the communication quality and continuity of the terminal. Link optimization is performed based on the degree of network degradation, enabling quantitative analysis of the degree of network quality degradation. This provides an objective basis for triggering service link optimization, thereby improving the reliability and accuracy of service link optimization. Link factors such as latency factor a, packet loss factor b, and jitter factor c are defined, along with a weighted sum of user-sensitive parameters w. a wb w c Etc. Define the path degradation level d:

[0065] d=a·w a +b·w b +c·w c +…

[0066] Where d∈(0,1)

[0067] For example, when d is less than 0.6, the user's tunnel is considered degraded, a tunnel optimization strategy is issued, and a new communication tunnel is selected.

[0068] Optionally, in the information transmission method provided in the embodiments of this application, before sending the target message to the terminal device through the preset communication tunnel, the method further includes: determining whether the preset communication tunnel is abnormal; if the preset communication tunnel is abnormal, obtaining a backup tunnel from multiple initial communication tunnels, and performing the step of sending the target message to the terminal device through the preset communication tunnel through the backup tunnel.

[0069] Specifically, the tunnels connecting nodes can be three pre-constructed SRv6-TE tunnels: Master tunnel: the tunnel with the optimal path in the primary plane; Slave tunnel: the tunnel with the optimal path in the backup plane; and Unconstrained tunnel: a tunnel without path calculation constraints, serving as a multi-point fault protection tunnel. By constructing these SRv6-TE paths, the controller calculates the path that meets the user's requirements in the behavior policy based on latency, and sends the SRv6 path information to the head node via SRv6 Policy. The head node imports traffic into the SRv6 Policy and forwards packets according to the path calculated by the controller to meet the user's traffic requirements.

[0070] For example, if a tunnel, such as the Master tunnel, malfunctions, data can be transmitted through two backup tunnels, thus ensuring normal data transmission between nodes.

[0071] It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and although a logical order is shown in the flowchart, in some cases the steps shown or described may be executed in a different order than that shown here.

[0072] This application also provides an information transmission device. It should be noted that the information transmission device of this application can be used to execute the information transmission method provided in this application. The information transmission device provided in this application will be described below.

[0073] Figure 5This is a schematic diagram of an information transmission apparatus according to an embodiment of this application. Figure 5 As shown, the device includes: a parsing unit 51, a first judgment unit 52, a generation unit 53, and a first acquisition unit 54.

[0074] The parsing unit 51 is used by the controller to obtain the data stream sent by the user's terminal device, and parse the data stream to obtain the quintuple information.

[0075] The first judgment unit 52 is used to determine the target application information accessed by the data flow through the destination IP in the five-tuple information, and to determine whether the target application information exists in a preset table. The preset table includes multiple application information, five-tuple information associated with each application information, and access policy information corresponding to each five-tuple information.

[0076] The generation unit 53 is used to generate a preset communication tunnel based on the five-tuple information when the target application information exists in the preset table, and to obtain the access policy information corresponding to the five-tuple information from the preset table.

[0077] The first acquisition unit 54 is used to acquire the initial message header associated with the preset communication tunnel, generate a target message based on the access policy information, the five-tuple information and the initial message header, and send the target message to the terminal device through the preset communication tunnel.

[0078] The information transmission apparatus provided in this application embodiment includes a parsing unit 51, used by the controller to acquire data streams sent by the user's terminal device and parse the data streams to obtain 5-tuple information. A first judgment unit 52 is used to determine the target application information accessed by the data stream through the destination IP in the 5-tuple information, and to determine whether the target application information exists in a preset table. The preset table includes multiple application information items, 5-tuple information associated with each application information item, and access policy information corresponding to each 5-tuple information item. A generation unit 53 is used to generate a preset communication tunnel based on the 5-tuple information if the target application information exists in the preset table, and to obtain the access policy information corresponding to the 5-tuple information from the preset table. A first acquisition unit 54 is used to acquire the initial message header associated with the preset communication tunnel, generate a target message based on the access policy information, the 5-tuple information, and the initial message header, and send the target message to the terminal device through the preset communication tunnel. This solves the problem in related technologies where, with the increase in service traffic, the DPI system cannot efficiently handle a large number of services. By setting up a preset table, the business content that needs to be processed through the DPI system is processed accordingly in the preset table to obtain message information. Then, according to the preset tunnel, the message information that needs to be fed back is fed back, thereby reducing the business processing load of the DPI system and thus improving the business processing efficiency.

[0079] Optionally, in the information transmission device provided in the embodiments of this application, the preset table also includes user information corresponding to each five-tuple information, and the generation unit 53 includes: a first determining module, used to determine the user information corresponding to the source IP according to the source IP in the five-tuple information; and a second determining module, used to determine the access policy information that is jointly corresponding to the user information and the target application information as the access policy information corresponding to the five-tuple information.

[0080] Optionally, in the information transmission device provided in the embodiments of this application, the device further includes: a sending unit, configured to send the target application information and the five-tuple information to the target system when the target application information does not exist in a preset table, and receive the access policy information and user information corresponding to the five-tuple information and the target application information returned by the target system, thereby obtaining target access policy information and target user information; and a storage unit, configured to store the target access policy information, target user information, five-tuple information and target application information in association in a preset table.

[0081] Optionally, in the information transmission device provided in the embodiments of this application, the generation unit 53 includes: a first acquisition module, used to acquire multiple routing nodes between the controller and the source IP, and generate multiple initial communication tunnels between the controller and the source IP by the multiple routing nodes; a third determination module, used to determine the transmission performance information of each initial communication tunnel, obtain multiple transmission performance information, and acquire the transmission indicator information in the access policy information; and a second acquisition module, used to acquire the transmission performance information with the highest matching degree with the transmission indicator information from the multiple transmission performance information, obtain the target transmission performance information, and determine the initial communication tunnel corresponding to the target transmission performance information as a preset communication tunnel.

[0082] Optionally, in the information transmission device provided in the embodiments of this application, the first acquisition unit 54 includes: a third acquisition module, used to acquire the address of each routing node in the preset communication tunnel to obtain multiple routing addresses; a connection module, used to connect each routing address sequentially according to the arrangement order of each routing node in the preset communication tunnel to obtain an initial message header; and a combination module, used to combine the five-tuple information and the initial message header as the message header and the access policy information as the message content to obtain a target message.

[0083] Optionally, in the information transmission device provided in the embodiments of this application, the device further includes: a second judgment unit, configured to monitor the target transmission performance information of the preset communication tunnel according to a preset period, and determine whether the target transmission performance information is less than the preset transmission performance information; and an alarm unit, configured to issue an alarm message when the target transmission performance information is less than the preset transmission performance information, and re-preset the communication tunnel from multiple initial communication tunnels.

[0084] Optionally, in the information transmission device provided in the embodiments of this application, the device further includes: a third judgment unit, used to judge whether there is an anomaly in the preset communication tunnel; and a second acquisition unit, used to acquire a backup tunnel from multiple initial communication tunnels when there is an anomaly in the preset communication tunnel, and to perform the step of sending the target message to the terminal device through the preset communication tunnel through the backup tunnel.

[0085] The aforementioned information transmission device includes a processor and a memory. The parsing unit 51, the first judgment unit 52, the generation unit 53, the first acquisition unit 54, etc., are all stored in the memory as program units. The processor executes the aforementioned program units stored in the memory to realize the corresponding functions.

[0086] The processor contains a kernel, which retrieves the corresponding program units from memory. One or more kernels can be configured, and adjusting kernel parameters can address the problem in related technologies where increasing traffic volume causes DPI systems to be unable to efficiently handle large volumes of business.

[0087] The memory may include non-permanent memory in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM, and the memory includes at least one memory chip.

[0088] This invention provides a computer-readable storage medium storing a program thereon, which, when executed by a processor, implements a method for transmitting the information.

[0089] This invention provides a processor for running a program, wherein the program executes a method for transmitting the information during runtime.

[0090] This invention provides an electronic device, including a processor, a memory, and a program stored in the memory and executable on the processor. When the processor executes the program, it performs the following steps: A controller acquires a data stream sent by a user's terminal device and parses the data stream to obtain 5-tuple information; it determines the target application information accessed by the data stream through the destination IP address in the 5-tuple information and checks whether the target application information exists in a preset table. The preset table includes multiple application information entries, 5-tuple information associated with each application information entry, and access policy information corresponding to each 5-tuple information entry; if the target application information exists in the preset table, a preset communication tunnel is generated based on the 5-tuple information, and the access policy information corresponding to the 5-tuple information entry is obtained from the preset table; the initial message header associated with the preset communication tunnel is obtained, and a target message is generated based on the access policy information, the 5-tuple information, and the initial message header, and the target message is sent to the terminal device through the preset communication tunnel. The device in this document can be a server, PC, PAD, mobile phone, etc.

[0091] This application also provides a computer program product, which, when executed on a data processing device, is suitable for executing an initialization program with the following steps: the controller acquires a data stream sent by a user's terminal device and parses the data stream to obtain 5-tuple information; determines the target application information accessed by the data stream through the destination IP in the 5-tuple information, and determines whether the target application information exists in a preset table, wherein the preset table includes multiple application information, 5-tuple information associated with each application information, and access policy information corresponding to each 5-tuple information; if the target application information exists in the preset table, generates a preset communication tunnel based on the 5-tuple information, and obtains the access policy information corresponding to the 5-tuple information from the preset table; obtains the initial message header associated with the preset communication tunnel, generates a target message based on the access policy information, the 5-tuple information, and the initial message header, and sends the target message to the terminal device through the preset communication tunnel.

[0092] Those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, this application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0093] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0094] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0095] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0096] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.

[0097] Memory may include non-persistent memory in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0098] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0099] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.

[0100] The above are merely embodiments of this application and are not intended to limit the scope of this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the scope of the claims of this application.

Claims

1. A method for transmitting information, characterized in that, include: The controller acquires the data stream sent by the user's terminal device and parses the data stream to obtain the quintuple information; The target application information accessed by the data stream is determined by the destination IP in the five-tuple information, and it is determined whether the target application information exists in a preset table. The preset table includes multiple application information, five-tuple information associated with each application information, and access policy information corresponding to each five-tuple information. If the target application information exists in the preset table, a preset communication tunnel is generated based on the five-tuple information, and the access policy information corresponding to the five-tuple information is obtained from the preset table. The five-tuple information includes the source IP. Generating a preset communication tunnel based on the five-tuple information includes: obtaining multiple routing nodes between the controller and the source IP; generating multiple initial communication tunnels between the controller and the source IP using the multiple routing nodes; determining the transmission performance information of each initial communication tunnel to obtain multiple transmission performance information, and obtaining transmission indicator information from the access policy information; obtaining the transmission performance information with the highest matching degree with the transmission indicator information from the multiple transmission performance information to obtain target transmission performance information, and determining the initial communication tunnel corresponding to the target transmission performance information as the preset communication tunnel. Obtain the initial message header associated with the preset communication tunnel, generate a target message based on the access policy information, the five-tuple information and the initial message header, and send the target message to the terminal device through the preset communication tunnel.

2. The method according to claim 1, characterized in that, The preset table also includes user information corresponding to each five-tuple information. Obtaining access policy information corresponding to the five-tuple information from the preset table includes: The user information corresponding to the source IP is determined based on the source IP in the 5-tuple information; The access policy information that corresponds to both the user information and the target application information is determined as the access policy information corresponding to the five-tuple information.

3. The method according to claim 2, characterized in that, After determining whether the target application information exists in a preset table, the method further includes: If the target application information does not exist in the preset table, the target application information and the five-tuple information are sent to the target system, and the access policy information and user information corresponding to the five-tuple information and the target application information returned by the target system are received to obtain the target access policy information and target user information. The target access policy information, the target user information, the five-tuple information, and the target application information are associated and stored in the preset table.

4. The method according to claim 1, characterized in that, Obtaining the initial message header associated with the preset communication tunnel, and generating the target message based on the access policy information, the five-tuple information, and the initial message header includes: Obtain the address of each routing node in the preset communication tunnel to obtain multiple routing addresses; The initial message header is obtained by sequentially connecting each routing node to the routing address according to the arrangement order of each routing node in the preset communication tunnel; The target message is obtained by using the quintuple information and the initial message header as the message header and the access policy information as the message content.

5. The method according to claim 1, characterized in that, After determining the initial communication tunnel corresponding to the target transmission performance information as the preset communication tunnel, the method further includes: Monitor the target transmission performance information of the preset communication tunnel according to a preset period, and determine whether the target transmission performance information is less than the preset transmission performance information; If the target transmission performance information is less than the preset transmission performance information, an alarm message is issued, and a new communication tunnel is preset from the plurality of initial communication tunnels.

6. The method according to claim 1, characterized in that, Before sending the target message to the terminal device through the preset communication tunnel, the method further includes: Determine whether there is any abnormality in the preset communication tunnel; In the event of an anomaly in the preset communication tunnel, a backup tunnel is obtained from the plurality of initial communication tunnels, and the step of sending the target message to the terminal device through the preset communication tunnel is performed through the backup tunnel.

7. An information transmission device, characterized in that, include: The parsing unit is used by the controller to acquire the data stream sent by the user's terminal device and parse the data stream to obtain the quintuple information; The first judgment unit is used to determine the target application information accessed by the data stream through the destination IP in the five-tuple information, and to determine whether the target application information exists in a preset table, wherein the preset table includes multiple application information, five-tuple information associated with each application information, and access policy information corresponding to each five-tuple information. The generation unit is configured to generate a preset communication tunnel based on the five-tuple information when the target application information exists in the preset table, and to obtain access policy information corresponding to the five-tuple information from the preset table. The five-tuple information includes a source IP address. The generation unit includes: a first acquisition module, configured to acquire multiple routing nodes between the controller and the source IP address, and generate multiple initial communication tunnels between the controller and the source IP address using the multiple routing nodes; a third determination module, configured to determine the transmission performance information of each initial communication tunnel, obtain multiple transmission performance information, and acquire the transmission indicator information in the access policy information; and a second acquisition module, configured to acquire the transmission performance information with the highest matching degree with the transmission indicator information from the multiple transmission performance information, obtain the target transmission performance information, and determine the initial communication tunnel corresponding to the target transmission performance information as the preset communication tunnel. The first acquisition unit is used to acquire the initial message header associated with the preset communication tunnel, generate a target message according to the access policy information, the five-tuple information and the initial message header, and send the target message to the terminal device through the preset communication tunnel.

8. A computer storage medium, characterized in that, The computer storage medium is used to store a program, wherein the program, when running, controls the device where the computer storage medium is located to execute the information transmission method according to any one of claims 1 to 6.

9. An electronic device, characterized in that, It includes one or more processors and a memory, the memory being used to store one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors cause the one or more processors to implement the information transmission method according to any one of claims 1 to 6.