TW531998B - Method and system of enforcing the dispatching of IP datagrams on a plurality of servers according to a defined policy - Google Patents

Abstract

A method and a system, in a network device, of enforcing the dispatching of Internet Protocol (IP) datagrams on a plurality of servers (503) according to a defined policy, each IP datagram being sent from a source port on a source device to a destination port on a destination device in an Intranet network (502) comprising a plurality of servers (503) and at least one client (501). The method comprises the steps of: * determining (804, 806) whether the source device of an incoming IP datagram is a client (501) or a server (503); If (805) the source device of the IP datagram is a client (501): identifying (803, 904): client address (310), client port (312), destination address (311), and destination port (313) of the IP datagram (301); searching (906) for a server address and a server port in a first table (612), this first table comprising a server address (618) and a server port (617) for each connection (613) identified by a client address (614), a client port (615), a destination address (616) and a destination port (617); if a server address and a server port are identified in said first table, and If said server address and the destination address are different or if said server port and the destination port are different: replacing (907) the destination address (311) and the destination port (313) in the IP datagram respectively by the server address (618) and the server port (619); sending (909) the IP datagram over the IP network (502).

Description

531998 A7

Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economy The transmission mode strengthens the distribution system and method of the Internet Protocol (IP) address data column of a plurality of servers. A clear background: The Internet The Internet is a global network of computers and computer networks (referred to as the "network" Net). The Internet connects computers that use different operating systems including UNIX, DOS, Windows, Macintosh, and other different operating systems, or Gulu. It is a TCP / IP (Transmission Control Protocol / Internet Protocol) language. The TCP / IP protocol can support three basic applications on the Internet: • send and receive email, • log in to a remote computer (such as “Telnet”), and • transfer files and programs from one computer to another ("FTP" or "File Transfer Protocol").

TCP / IP This TCP / IP protocol combination is named after the two most important protocols: • Transmission Control Protocol (TCP), and • Internet Protocol (IP). The other is called "Internet Protocol Portfolio." TCP / IP is a more general term for this complete combination. The first design goal of TCPHP is page 4 · The paper size of this paper applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page) · I--I --- Order -----_ ί -Xin Qin 531998 A7 B7 V. Description of the invention () Build three interconnected networks that can provide global services: networks between networks, or the Internet. Each physical network has a communication interface related to its own technology, and is presented in the form of a program interface that can be executed between the physical network and the user application. The physical network architecture is hidden from the user. The second goal of TCP / IP is to connect different physical networks to form a large network for users. TCP is a transport layer protocol that provides endpoint-to-endpoint data transmission. It provides the ability to reliably exchange information between two computer systems. One TC; p connection between two computer systems can support multiple applications simultaneously. IP is an Internet-layer protocol that hides the physical network architecture. Β Part of the communication between computers is a routing function to ensure that these messages can be correctly directed to their destinations in the network. Β IP Provide the routing power. An IP message is called an IP address datagram. The application layer protocol is used on top of TCP / PP, so that an originating computer system can transfer user and application data to a destination computer system. Such application layer protocols are, for example, "File Transfer Protocol (FTp)", Telnet, Gopher, "Hyper-File Link Transfer Protocol (Ηττρ)". IP router A "router" is a computer that connects two networks and forwards messages from one network to another. The router can choose the best transmission path between the networks. This basic routing function is on page 5 of the TCP / IP stack. This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 public love) (Please read the precautions on the back before filling this page) --- Order ---------% Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the invention A host (or computer) or workstation that performs TCP / IP on more than one interface can theoretically send messages between networks. Because IP has basic routing functions, it is often called the term “IP router”. However, a dedicated network hardware device called a “router” provides more sophisticated routing functions than the basic functions implemented on IP. Global Information Network As the number and complexity of this global network continues to expand, many tools have been developed on the Internet to assist in searching for information. This is commonly referred to as a cruise or cruise system. Existing cruise systems include Archie, Gopher and WAIS. "World Wide Web" (referred to as WWW or "Web") is currently the better cruise system. The Web includes: • an Internet-based cruise system, • an Internet-based information distribution and management system, and • a dynamic format for communication on the Web. In use, the Web can integrate information formats flawlessly, including still images, text, audio, and video. Users using GUIs on the Web can transparently use different host computers on the system, different system applications (such as FTP and Teinet), and include, for example, text, sound, and graphics Etc. to communicate between different file and document information formats. Hypermedia, page 6 This paper size applies Chinese National Standard (CNS) A4 specifications (210 X 297 public love) (Please read the precautions on the back before filling this page), 9 ------- 丨 order- ------- Line * 531998 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the Invention () The Global Information Network uses hyperfile and hypermedia technologies. A hyperfile is a subset of hypermedia, which means a computer-based "file", in which the reader can move from one place in the file to another in a non-linear manner, or even other files within. To achieve this, the Web uses a "client-server" architecture. The web server allows users to access and use hyperdocuments and hypermedia information through the World Wide Web and user computers (here, the user computer is referred to as the client computer of the Web server). The client sends a request to the Web server, and the Web server will generate actions such as response, search and response. The Web can make requests through client application software and use hypertext linking capabilities from a case server on an information network to other hypermedia files to receive hypermedia files (including formatted Documents, audio, video, graphics, etc.). Then it is regarded as a set of document files hidden on the web host computer, and the files are connected with each other through a hyperlink through a network protocol, forming a virtual "information network" that extends on the Internet ". Common resource location Resources on the Internet are explicitly identified in the form of a common resource location (URL), which is a pointer to a specific resource located in a specific location. The URL can indicate the protocol used to access the server (HTTP, FTP ...), the server name, and the location where the file is stored on the server. Hyper File Transfer Protocol Each web page displayed on the World Wide Web client screen, or page 7 of this paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----- ^- --I ---------- Order --I ----- • line (Please read the precautions on the back before filling this page) 531998 A7 B7

Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 5. Description of the Invention () Appears in the form of integrating complex documents such as text, video, sound and animation. Each such webpage can also contain hyperlinks to other web files, so that users who operate the mouse on the client computer can click on an image or launch a hyperlink to jump to A new web page on the same or a different web server (this is a graphic screen of another document file).

A web server is a software program that runs on a web host computer and generally responds to requests from web clients through the Internet. All Webs use a language or protocol called the Hyper File Transfer Protocol (HTTp) to communicate with Web clients. All data types can be converted between various web servers and clients through this agreement, including HTML, graphics, sound effects and images. HTML describes the composition, content, and hyperlinks of documents and web pages. When browsing the web, the web client can: • convert user-specific commands into HTTP GET requests, • connect to the appropriate web server to retrieve information, and • wait for a response. The response from the server can be the requested document or an error message. When the requested document or an error message arrives, the connection between the Web client and the Web server ends. The first version of HTTP was a stateless protocol. Because of the use of HTTP, there is no continuous connection between each client and server. Web clients using HTTP can receive responses as HTML or other data. This description is applicable to HTTP version 1.0, page 8. The paper size is applicable to the Chinese National Standard (CNS) A4 specification (21 × 297 mm). ------ *-^ ------- ----- Order --------- line (please read the notes on the back before filling out this page) 531998 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs The 1.1 version of IE removes the obstacles of the stateless protocol by maintaining a connection between the client and the server under certain conditions. After the browser receives the data, the web client formats the data and displays the data, or launches an auxiliary application such as a sound player to display the data. To this end, the server and client can determine the various types of data received. Because the web client can actually browse the files retrieved from the web server, the web client ‘is also called a web browser. Domain name By this method called DNS (Domain Name Service), the host or computer name (such as www.entreprise.com) can be translated into a numerical Internet address (such as 1.94.56. 78.3), and vice versa. DNS is supported by a network-resident server, also known as a domain name server or DNS server. Intranets Some companies use the same mechanism as the World Wide Web for their intranet communications. In this case, the mechanism is called "intranet of the enterprise". Their companies use the same network construction / transmission protocols and local web servers to provide access to large amounts of corporate information in a cohesive manner. Because such information may be privately owned by the enterprise, the Chinese paper standard (CNS) A4 (210 X 297 mm) applies to the paper size on page 9. " " (Please read the precautions on the back before filling this page ) Maintaining the --------- line {531998 A7 B7 5. When the invention was described (), employees of the company still needed to access public network information, so their companies used a type called "Firewall" "To protect its network access. The firewall is used to prevent people not belonging to the company from accessing the company's private intranet from the public Internet. Firewall A firewall is used to protect one or more computers connected to the Internet from being accessed by external computers connected to the Internet. A firewall is a type of network configuration. It is usually made by hardware and software that can form a border between a computer connected to the Internet and a computer connected to the Internet outside the firewall. These computers located inside the firewall constitute a secure, subnet with access rights and resources that are not exposed to external computers. Generally, access to internal and external computers is controlled by a single computer with a firewall. Since the computer with the firewall on it directly interacts with the Internet, strict security measures must be taken for boring access from external computers. A firewall is often used to protect information such as email and data files in an actual office building or an organization's premises. ^ A firewall reduces the risk of unauthorized persons entering the Internet. In addition, the same security measures can be applied to those inside the firewall to access information outside the firewall 'to restrict or require the use of special software. The firewall can be set to use "Proxies" or "Socks" to control information access requests from both inside and outside. The paper size on page 10 applies to the Chinese National Standard (CNS) A4 specification (2W x 297 cm) ~ --- (Please read the precautions on the back before filling this page). 丨 — 丨 丨 丨 丨 Order · 丨丨 丨 丨 丨 丨 Printed by the Consumer Cooperative of Intellectual Property Bureau of Qin Economic Ministry 531998 Printed by the Consumer Cooperative of Intellectual Property Bureau of Ministry of Economic Affairs A7 B7 V. Description of the invention () Proxy server HTTP proxy is a special server. Provides access to the Internet. The server is usually run in conjunction with firewall software. The agent: β • waits for a request from inside the firewall (such as a Ηττρ request), • forwards the request to a remote server outside the firewall, • reads the request, and • sends the request back to the client . Earlier, one computer could run multiple server programs, and each server connection could be identified by different numbers. Just like an HTTP server or an FTP server, the proxy server takes up a lot. Generally, the connection will use the standard server number of each server (for example, HTTp = 80, FTP == 21, etc.). This is why an end user must select a specific server number for each of the defined agent servers. Web browsers usually allow end-users to set their host name and name on a custom panel. For example, HTTP, FTP, Gopher, WAIS and other security related cards can be set up with a proxy server. Agents are generally better on "Socks" in order to perform caching, high-level login and access control functions, because they can provide a specific connection for each network service agreement . HTTP cache page 11 This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page) --------- Order-- ------- Line Qin 531998 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Description of the invention () HTTP is used by the Tcp connection between the Web browser and the Ηττρ proxy server. Application layer "agreement. Therefore, the IP address data fields exchanged between the web browser and the Ηττρ proxy server constitute the Ηττρ data. Since the HTTP proxy server terminates and manages the Ηττρ connection, they can observe and process the HTTP data contained in the ιρ address data column, and can store a regional copy of the data in the internal cache . When the HTTP proxy server receives a request to retrieve τττρ data (Web page) on the target system (Web server) from the source system (Web browser), according to whether the requested HTTP data has been Stored in a local cache, two things can happen. • If the requested HTTP data is already in the local cache, the HTTP proxy server immediately sends a response back to the source system 'which includes the data in the local cache. • If the requested HTTP data is not stored in the local cache, the HTTP proxy server immediately forwards a request to the target Web system (Web server). When the HTTP proxy server receives a response message containing HTTP data (Web page) from the target Web system (Web server), the proxy server stores the HTTP data (Web page) in the local cache And forward the response message to the source system (web browser). When the HTTP data is already in the cache, the HTTP proxy server does not need to forward the request to the target Web system. The HTTP proxy server can send a response message directly. Page 12 --------, ------------ Order --------- line (Please read the precautions on the back before filling this page) This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 531998 A7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy Response time. When the Ηττρ data is already in the HTTP proxy server cache, the Ηττρ proxy server can immediately respond to the request to retrieve the Ηττρ data. • The use of network resources can be improved. It is no longer necessary to request the HTTP data that is already stored in the cache, and additionally requires a call connection between the Ηττρ proxy server and the target Web system. Slot and Slot Server Slot is a A protocol that performs some form of application-layer protocol encapsulation (such as FTP, Teinet, Gopher, HTTp). Through the socket, the application-layer connection between the system running the socket client software and the system running the socket server software On-line traffic will be encapsulated between the two systems In the proposed slot tunnel. The slot is mainly used in the corporate network to provide security measures for access from outside the corporate network. A slot server (also known as a relay server) that acts as a relay Slot gateway 詻) 'is a software that allows computers located inside the firewall to access the external Internet. Slot servers are usually installed in servers located inside or above the firewall. Located in the firewall The computers within it are connected to the slot server as the slot client to connect to the external Internet. Web browsers usually allow end users to set the host name of the slot server on a custom panel. And Fuhao. In some operating systems, the slot server will be marked in a separate file (such as socks.conf file). Since the slot server is on page 13, this paper standard applies the Chinese National Standard (CNS) A4 specification ( 210 X 297 mm) ----- ^ --- · -------- Order --------- line (please read the > it item on the back first) Fill out this page} 531998 A7 ___ B7___ 5. Description of the invention () The role of the server is in the above agreement (HTTP, FTP Under ???), so it can not cache the data (and the broker can), because the word slot clothes can not decode the various agreements in order to learn what it will transmit data. Options

Web browsers usually suggest end users to decide among different options such as "agentless server", "manual agent server configuration settings" or "automatic agent server configuration settings", etc. Sets the connection status between the user's computer and the Internet. • Users directly connected to the Internet should choose the default status, which is "Agentless Server". • If the corporate network is protected by one or more firewalls, the end user can: • Choose one of the firewalls as the selected proxy by entering the host name into the "Manual proxy server" "Configuration settings", or # By borrowing a common configuration file assigned to a remote server, it is automatically referenced by the agent attributes of different regional locations in the enterprise transmission mode. This can be achieved by selecting the "Automatic Agent Server Configuration" option and providing the unique address (URL) of the common configuration file located in the remote server to the Web browser. Today, most web browsers are set to forward all request messages through the "socket firewall", even internal hosts. So when a paper on page η applies the Chinese National Standard (CNS) A4 specification ⑽χ 29? (Public Chu) (Please read the precautions on the back before filling out this page)-* ί I ln 1_1 I Mm— such as «n ϋ ϋ a— n I MMB. Printed by the Employees 'Cooperatives of the Intellectual Property Bureau of the Ministry of Economy 531998 Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economics A7 ________B7_ V. Description of the Invention () An end user wants to access an internal When a web-based application is used, the user's request will first go to the firewall and then return to the internal network. This mechanism will generate internal traffic on a longer path, increase the additional burden on the firewall and the network, and slow down the response time to the user from the applications and web pages that the user wants to access. This method is called "inflexible" slot access (that is, all operations go through the slot server). Manual Agent Configuration Setting The manual agent configuration setting in a web browser is extremely simple. However, the main disadvantage is that the firewall (or proxy) selects jobs in a static way. There is currently no dynamic standard for selecting a firewall, such as selecting a firewall based on response time. After the firewall fails, the cruise software needs to be re-configured manually to point to another active firewall, because the manual setting generally allows only one firewall to be defined for each protocol, and it is not possible to set a backup firewall in advance. In addition to manual firewall configuration settings in the Web browser, external programs can also be used to provide some degree of toughness in firewall selection operations. For example, they all rely on the application of multiple firewalls with the same name defined by aliases in the Domain Name Feeder (DNS). However, this technique based on defining aliases has its drawbacks because, for example, It is said that when the Web client caches the name resolution (associating the name with the IP address) function locally, the DNS is not always contacted by the Web client for the name resolution. As for other external use, page 15 of this paper applies Chinese National Standard (CNS) A4 specifications (⑽χ 297 公 楚) -----: --- 7 ----------- Order ---- ----- line (Please read the notes on the back before filling this page) 531998 Printed by the Consumer Cooperatives of Intellectual Property Bureau of the Ministry of Economic Affairs Α7 Β7 V. Description of the invention () Hardware technology, such as loading and sending request The device can provide more toughness and load balancing functions, but still has its disadvantages such as the need for additional and expensive hardware equipment. Automatic proxy configuration setting Each time the Web browser is started, the automatic proxy configuration setting (also called the automatic proxy) can set the location of HTTP, FTP, Gopher, and so on. The auto-proxy retrieves an address range file and instructs the web browser to directly access the internal IBM host or go to the slot server to access the host on the Internet. For Web browsers, the automatic proxy configuration settings are better than the simple proxy server configuration settings, because more complicated rules (both directly and indirectly) regarding web page retrieval methods need to be implemented. The automatic proxy configuration setting is very useful for users, because when the proxy fails, the Web browser can still know how to fetch web pages directly. In addition, the agent's request can be transmitted to another agent server or multiple agents' according to the instructions of the system administrator, without requiring the end user to make additional modifications to their Web browser. Generally, these agent configuration profiles (also called automatic agent numbers) 'are written in Javascript language. The auto-proxy function can also include an address range tag to instruct the web browser to directly access the internal host or go to the slot server to access the host on the Internet. The slot server protects the internal network from unauthorized public access requests, while allowing network members to access the Internet. One of the shortcomings of this "automatic agent" mechanism is that it cannot be operated. Page 16 This paper size applies the Chinese National Standard (CNS) A4 specification ⑵Q χ 297 public Chu) '--(Please read the notes on the back before filling This page) Order --------- 531998 Printed by the Consumer Property Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the invention () Fire wall failure detection can not consider the response time. Further description of the technical field of the present invention in the previous sections can be found in the following publications incorporated by reference: "TCP / IP Tutorial and Technical Overview" by Martin W. Murhammer, Orcun Atakan, Stefan Bretz, Larry R. Pugh, Kazunari Suzuki, David H. Wood, International Technical Support Organization, October 1998, GG24-3 3 76-05. • "Java Network Programming" by Elliotte Rustt Harold, published by O'Reilly, February 1997. • " "Internet in a Nutshell" by Valerie Quercia, published by O'Reilly, October 1997. • "Buildinng Internet Firewalls" by Brent Chapman and Elizabeth Zwichky, published by O'Reilly, September 1 995 o Pending issues are how to set up the business Web traffic transmission mode of the intranet. When the source device of the corporate intranet uses multiple proxy servers (such as workstations running Web browser software) to access the Web system located on the corporate intranet, the network administrator usually defines the access Take regulations. The purpose of this access regulation is to define the companies that should be used by each source device (workstation) or group of source devices (group of workstations). Page 17 This paper applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) -----; -------------- Order (Please read the notes on the back before filling this page)

531998 A7 B7 V. Description of the Invention () The industry's network proxy server in order to access the Web system located on the intranet of the enterprise. For example, each source device located in France should use a proxy server located in France, and each source device located in Germany should use a proxy server located in Germany. The access requirements may vary according to the application layer agreement (ALP). ALP traffic can be considered as an IP address column containing the data retrieved by the ALP (for example, HTTP traffic can be considered as all the IP address columns that make up HTTP data). For example, the access rule may state that a source device located in Belgium requires HTTP traffic to access a specific proxy server in France, while FTP traffic requires access to another Belgium and a specific proxy server. Proxy server. These access rules can define a transmission mode for accessing the Web by the corporate network, and are therefore also referred to as "Web access transmission mode" or "Web traffic transmission mode". The main goals of this web access transmission mode are: • To optimize network resources on the corporate intranet. For example, the specification of the proxy server, and therefore its cost, is related to the number of source devices that can be accessed by it. One proxy server that can be accessed by 500 source devices is smaller and therefore cheaper compared to another proxy server that can be accessed by 10,000 source devices β • Improve the Web The performance of the access service (from the source device to the Web system within the corporate network). For example, a proxy server built in France is set to provide Web access services to a specific number of source devices in France. When there are more source devices than expected on page 18 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (please read the precautions on the back before filling this page) «— — — — — — I. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 A7 B7 Description of Invention () When the agent server is accessed, the performance of the agent server may deteriorate and affect the Web access service. • Maximize the availability of network resources, especially the minimum bandwidth required to access the Web system from the corporate network. For example, when a source device located in France wants to access the web system through a proxy server, the source device should use a proxy server located in France instead of a proxy server located in Japan. This makes it easy to minimize the path from the corporate network to the proxy server (thus minimizing the use of network resources and bandwidth between France and Japan). • Because the proxy server usually provides HTTP and FTP caching functions, Web traffic caching can be used: • Optimize the utilization of network resources between the proxy server and the Web system. When the HTTP data requested by the source device already exists in the local cache of the proxy server, then no traffic needs to be generated between the proxy server and the target Web system. • The HTTP service response time can be improved. Requests to retrieve HTTP data that already exists in the local cache of the proxy server can be provided immediately by the HTTP proxy server. It is generally recognized that efficient web caching must be as close as possible to the source device. In this way, it is important for the source device to be able to access a close proxy server. Page 19 This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) (Please read the precautions on the back before filling this page)

-· Nnnnnn l > 1-0, n »·· 1 ϋ« -Bi n ϋ I Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 A7 ____B7_ V. Description of the invention () (Please read the notes on the back before filling in (This page) This problem is the application of the Web access round mode on the entire intranet. For example, when the Web access transmission mode defines that a source device located in France must use a specific proxy server located in France, the problem becomes that it is necessary to determine that the source device does indeed use that specific proxy server and not Access to another agent server (for example, a specific agent server located in Japan). The existing solutions to this problem include: • Web application software running on a workstation (such as a Web browser). You can manually set the target proxy server. The disadvantages of this solution are: • The name of the agent feeder must be known and must be set manually by the end user. End users may enter the wrong proxy server name, making the web access transfer mode unsuitable. For example, an end user located in Toulouse, France, or manually set his Web browser ' to access a proxy server located in Paris instead of a proxy server located in Toulouse. • Its web browser can be set by the automatic proxy setting function. At this time, it is necessary to download the static target agent server ’s printed list of employee cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs to the web browser from the dedicated automatic agent URL system. The disadvantages of this solution are: • The end user must configure their web browser to use the auto-proxy function. If the end user page 20 of this paper size is in accordance with Chinese National Standard (CNS) A4 specifications (210 X 297 public love) 531998 A7 B7 V. Description of the invention () The Web browser is not set correctly, then it cannot be applied. Web access transmission mode. (Please read the notes on the back before filling out this page) • The auto agent function must be implemented on the intranet of the company. For example, the code of an auto agent must be implemented on the auto agent URL system. Objectives of the invention: • One of the objectives of the present invention is to enhance the sending function of the "Internet Protocol (IP)" data column on multiple servers according to a predetermined transmission mode. • Another object of the present invention is to optimize the performance of the web access service according to a specific web traffic service transmission mode by strengthening the source device to access the Internet through a specific proxy server. Into. • Another item of the present invention is to optimize the resource utilization of the intranet by reducing the amount of Web traffic on the intranet. • Another item of the present invention is to simplify the configuration and setting of the source device of Web traffic in the intranet of the enterprise. Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, printed by the Consumer Cooperative Summary of the Invention: On a network device, a method and system for enhancing the distribution of Internet Protocol (IP) address data columns of multiple servers according to a predetermined transmission mode From the source of the source device, send it to the target device on the intranet of the company. Page 21 This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 531998 A7 --- ___B7 V. Description of the invention () The target IP address data block includes multiple servers and at least one client. The method consists of the following steps: • Determine whether the source device of the received IP address data block is a server or a client; if the source device of the IP address data column is a client, then: φ identification · The client address, client client number, destination address, and destination client number in the ip address data block; • Search for the server address and server host number in the first list, and if the server The address and destination address are different, or the temple server and the destination server number are different, then: • Replace the server address and server server number with those in the 1p address column. Destination address and destination number, • Send the IP address data column on the IP network. The diagram briefly explains: · The features believed in the new and innovative features of the present invention are described; ^ styles, including within the scope of patent application. However, the invention itself and the better response model > ^ I implementation, including its purpose and advantages, can be made clear by referring to the detailed description of the following explanatory details, examples, and accompanying drawings, where * Λ • Fig. 1 is a logical view of the system of accessing the global information M user system in accordance with the prior art. Terminals of β π network • Figure 2 is a conceptual view of accessing global information ^ user system in accordance with previous techniques. • Figure 3 shows the IP address data that conforms to the previous technology _ ° page 22 ^ 〆 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling (This page) .Children's Book --------- Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 A7 B7 V. Description of the invention () • Figure 4 shows one that conforms to the previous art and has multiple agent servos. End user workstation. Figure 5 shows a web traffic transmission mode system in accordance with the present invention. • Figure 6 shows a list in accordance with the present invention extended by the Web traffic transmission mode. • Fig. 7 shows a flow chart of the "transmission mode definition system" element according to the present invention. • Figure 8 shows a flow diagram of a "traffic analysis" component consistent with the present invention. • Figure 9 shows a flowchart of an "internal transmission mode processor" component in accordance with the present invention. • Figure 10 shows a flowchart of an "outbound transmission mode processor" component in accordance with the present invention. • Figure 11 shows a flowchart of a "transport mode manager" component consistent with the present invention. ϋ | No. of hanging photos said Γ ---: --- installed -------- order --------- (Please read the precautions on the back before filling this page) Ministry of Economic Affairs intellectual property Printed by the Bureau ’s Consumer Cooperatives 101 Browser 102 User Interface 103 Server 104 Server 201 Browser 202 Intranet 203 Server 204 Internet 205 Feeder 206 Router 401 User Workstation 402 Intranet 403 Temple server 404 Internet page 23 This paper size is applicable to Chinese National Standard (CNS) A4 specification (210 X 297 mm) 531998 A7 B7 1. Description of invention (405 network system 407 browser 408 user workstation 501 workstation 502 Intranet 503 Server 504 Internet 505 Network system f Please read the notes on the back before filling out this page} 5 06 Routing system 507 ALP (application layer protocol) transmission mode definition system 508 ALP transmission mode definition list 509 routing element 5 10 Web traffic transmission mode expansion element 5 12 ALP transmission mode configuration setting list The preferred embodiment of the present invention: access to the World Wide Web logic Viewpoint Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs Figure 1 shows a user system with a user interface (102) including a browser (101) connected to the World Wide Web (WWW). The content of the WWW will be It is transmitted using the HTTP protocol. The HTTP request and response are performed between the browser program (1 01) 'and a web server (103) containing the information requested by the user. The browser program (1〇 丨) And the slot server (104) between the Web server (103), acting as an intermediary HTTP relay station that forwards the request and response to its destination. The browser program (101) sends the HTTP proxy The verb server (104) makes an HTTP request, and the HTTP proxy server forwards the request to the destination Web server (103). As for the reverse flow (HTTP response), the same page 24 Paper size applies Chinese national standard (CNS > A4 specification (210 X 297 mm) 531998 Printed by A7 B7, Consumer Cooperative of Intellectual Property Bureau, Ministry of Economic Affairs __ V. Description of invention () via HTTP proxy server (104) Back to the browse Program (1 0 1). In this way, the HTTP proxy server can be configured according to the configuration (based on some defined security and access control transmission modes), and restrict the traffic to the authorized conversation range . The HTTP proxy server can therefore protect the network on which the Web browser is located. Physical Perspective Figure 2 shows a physical perspective with the logical approach set out in Figure 1 above. In this particular example, the browser program (20 1) runs on a system (workstation) connected to the corporate network (202) network. The corporate network includes network devices like IP routers (206). The proxy server (203), which protects the intranet, can connect the (private) intranet (202) and the (public) internet (204). The destination web server (205) is also connected to the Internet. It should be noted that the proxy server is attached to two networks and therefore acts as an intermediary for communication between the two networks. Multiple proxy servers are generally used to provide tough access and load sharing capabilities. IP address data column The transmission unit of the data packet in TCP / IP is called IP address data column. This item consists of a header that contains information about the IP protocol, and data that is relevant only to its higher-level protocols. Figure 3 shows the format of the IP address data column. The environment is as described in Figure 1 and Figure 2: • (30 1) IP address data column. The IP address column is the information exchanged between the two computer systems through the TCP / IP network. The IP address data column can be divided into two parts: Page 25 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) --- I ---- ^ ------ ------- lir · — —------ (Please read the note on the back before filling this page) A7 531998 B7____ V. Description of the invention () • A header 'and • information. • (3 02) IP address column header. The header includes, for example, the following fields: • Source IP address (3 10) (Computer IP address of the sending IP address data field) ° • Destination IP address (311) (Receiving IP address data field Computer's IP address) 〇 • (3 03) IP address data blocks data. This field contains information passed from the origin to the destination. The destination computer system will process the data. Since the TCP / IP protocol combination organizes its structure in a hierarchical manner, the block of the IP address data column contains information related to higher-level protocols (in the present invention, the TCP data). • (304) TCP paragraph. A TCP message is usually called a Tcp paragraph. • (305) TCP header. The blocks in a TCP header include the source number (312) and destination number (313) that can be used to identify the application layer protocol transmitted by TCP (such as ^ 丁 1 ^, FTP, Telnet, Socks, etc. ). This field is mainly used in the destination of the IP address data column to determine which application should process the data transmitted by the TCP. Wang Shi • (306) TCP data. The TCP data field contains the application data transmitted to the destination computer system. The paper size on page 26 of this item applies the Chinese National Standard (CNS) A4 specification (210 X 297 public love) ^ ---- (Please read the precautions on the back before filling this page)-· 1111111 · 11! 11111. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, 531998 A7 5. The computer system of the invention description () will process the data. Because the TCP / IP agreement combination organizes its structure in a hierarchical manner, the TCP data part contains information related to higher-level, that is, application layer ’protocols (such as HTTP, FTP, Telnet, Socks, etc.). • (307) Application layer messages. The TCP data part 'in the IP address data column includes an application layer message. This is, for example, a Socks message, an HTTP message, an FTP message, or a Telnet message. According to different application layer agreements, the application layer news 4 can also be divided into two parts. • (308) Application layer header. The application layer header is a header related to an application protocol such as HTTP, FTP, Telnet, and the like. • (309) Application layer data. This is the portion of the data that should be used by applications that deal with application-level agreements. Generally, the information in this section is directly related to the end user (such as the data entered by the end user).

Web Browser and Agent Server Figure 4 shows an end user (401) connected to an intranet (402). The proxy server (403) protecting the intranet is attached to both the (private) intranet (402) and the (public) internet (404). The destination Web system (4 05) is also connected to the Internet (the Web system is, for example, like a Web server, FTP server, or anything attached to the Internet, and can be accessed by the intranet) To the Department of Green). Page 27 This paper size applies to China National Standard (CNS) A4 specification (210 X 297 public love) ----- r ---: --- install -------- order ----- ---- (Please read the notes on the back before filling out this page) 531998 Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Invention Description () Each agent server (403) is on its local cache , To store a regional copy of the HTTP (or possibly FTP) data retrieved by a corporate network workstation located on a web system on the Internet. The end-user workstation (401) consists of a software program called a Web browser (40 7). The web browser is configured to access a web system located on the internet via a proxy server (403). When the web browser needs to retrieve HTTP data (for example, a web page) from the destination web system (405), the end user workstation (408) sends an IP address data column address, including A request is made to retrieve the message that the HTTP data was sent to the destination proxy server on the corporate intranet. After the IP router on the intranet receives the address of the ιρ address data column, it routes it (409) to its destination. Each ip router determines the next hopping point on the corporate network by the destination IP address field in the header of its IP address data column. When the proxy server receives a request to retrieve the HTTP data (Web page) located on the destination Web system (Web server), the requested HTTP data already exists in the local cache, Or it does not exist on the local cache: • If the requested HTTP data already exists on the local cache, the HTTP proxy server immediately responds with a response containing the data in the cache (412 ) The request. • If the requested HTTP data does not yet exist on the local cache, the HTTP proxy server forwards the request to the destination (41〇) page 28. This paper standard applies Chinese National Standard (CNS) A4 Specifications (210 X 297 public love) ---- T 丨 丨 丨 丨-丨 · install -------- order --------- see (please read the notes on the back before filling This page) 531998 A7 B7_____ 5. Description of the invention () (Please read the precautions on the back before filling this page)

Web system (Web server). When the HTTP proxy server receives a response (411) containing the HTTP data (Web page) from the destination Web system (Web server), the HTTP data (Web page) is cached Memorize it locally and transfer it to the original source system (web browser). The workstation can also include a slot client software for accessing Web systems on the Internet. At this time, the access function is performed through the slot server system, not the agent server. The present invention relates to a system and method for establishing a Web traffic transmission mode for an intranet of an enterprise. Fig. 5 is a view of a specific embodiment of a specific system for formulating a Web traffic transmission mode in accordance with the present invention. Produced by consumer cooperation of the Intellectual Property Bureau of the Ministry of Economic Affairs, a certain end-user workstation (source device) (501) including a web browser is connected to the corporate network (502). A plurality of agent feeders (503) can access the Web system (505) connected to the Internet (504). According to the present invention, a system called an alp (application layer sufficient) transmission mode definition system (507) can be defined and located on the intranet of the enterprise. The ALP transmission mode definition system includes an alp transmission mode definition list (508). The ALP transmission mode definition list is set for each ALP traffic that requires a transmission mode in the intranet of the enterprise. In general, a list must be set for each major Web application layer agreement (such as http, ftP, Soc1cs, etc.). The definition of the ALP transmission mode definition list for each specific ALP includes information about the Web traffic transmission mode for that ALP. In particular, each AI ^ p transmission mode is determined on page 29. This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) ~ ^-531998 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Explanation of invention () The definition list includes a list of authorized servers, and these servers must be the destination of the IP address data shed that transmits the ALP data. For example, a list of ALP transmission mode definitions set for HTTP includes information about a list of HTTP proxy servers, and the word server means that each workstation (source device) on the intranet of the enterprise wants to access the Internet Feeder for Web systems on the Internet. It is also possible to use two mirrored ALP transmission mode definition systems in order to be able to provide backup capabilities to the ALP transmission mode definition list (usable, for example, as in a sending system that precedes both systems). According to the present invention, the IP routing system (506) on the intranet of the company is responsible for the routing operation of your IP address data. The IP routing system is also responsible for the Web traffic transmission mode. These include: • A routing component (509) to route any IP address column on the corporate network. The IP routing element can be any existing IP router. " • A Web traffic transmission mode expansion element (51).

Web Traffic Transmission Mode Extension This web traffic transmission mode extension provides a method for controlling the Web traffic transmission mode in the IP router system. The traffic transmission mode extension is set with the ALP transmission mode configuration setting list (5 1 2), and the list contains information about the ALP transmission mode definition list (508)-once started, the Web session Expansion of the transmission mode immediately started Page 30 This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----- M ------ ^^^ Installation ----- --- Order --------- (Please read the notes on the back before filling out this page) 531998 A7 Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economy (5 1 1) The transmission mode definition setting element uses the ALP transmission mode configuration setting list (512), which is obtained from the 8 1 ^ transmission mode definition system (507) and is extended to the ALP transmission mode definition list (508), and the Ip router system Store a local copy of the list (508). When the IP router system (506) is retrieved (5 1 8) from the end user workstation (5 0) by the IP address data block, the [ρ The address data column will be forwarded to the Web traffic transmission mode extension (5 10). Then, the IP address The data block is then forwarded to multiple other components in order to perform the method according to the present invention: (513) A traffic analyzer component can analyze the IP address data column and determine the IP address data column. Yes Originating from a source device (a workstation), or from a server (agent server). • (5 1 4) — an inbound transmission mode processor element that can process each source device originating from a source device IP address data column. The internal transmission mode processor: • The connection list (516) according to the transmission mode, and the source IP address, source number, destination IP address, and destination according to the IP address data block. Fu number and other niches to determine whether the IP address column must be updated, and • If the IP address column must be updated, the destination IP address and destination vehicle of the IP address column No., etc., to obtain page 31 from the transmission mode connection list (5 16) ----- J ---- ^ --- install -------- order ---- ----- (Please read the notes on the back before filling out this page) 531998 A7 B7 V. Description of the invention () The information is updated. • (515) — An external transmission mode processor element that can process each IP address data column derived from a server. The external transmission mode processor: • According to the transmission mode connection list (516 ), And according to the source IP address, source source number, destination IP address, and destination source number of the IP address data column to determine whether the IP address data column must be updated, and • if The IP address data block must be updated, then the destination IP address and destination number of the IP branch data column, and the data obtained from the transmission mode connection list (5 16) Update it. • (5 17) — A transport mode manager component can handle each IP address data block originating from a source device. The transmission mode manager: • determines the data alp (application layer protocol) contained in the IP address data field by using the destination address field of the IP address data block; • by the IP address The source IP address, source IP address, destination IP address, and destination IP address block of the address data block are received from the ALP transmission mode definition list (508) to receive information about the IP address information The transmission mode information (defined for the data ALP contained in the IP address data column). • If the transmission mode information is indeed required: page 32 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public love) (Please read the precautions on the back before filling this page) ----- --- Order --------- Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 A7 B7 V. Description of the invention () • Discard the IP address data block '• Use the IP address data column and The transmission mode information is used to build a transmission mode connection list (5 丨 6). • Use the transmission mode information to update fields such as the destination IP address and destination number. Finally, the Web traffic transmission mode extension will transmit the IP address data block to the IP router (509) element in the IP router system. The IP router component sends the IP address data column to its destination by path selection (519). The present invention has nothing to do with the IP router element, and does not rely on the IP router element's processing and path selection method for the IP address data column. The extended functions of the Web traffic transmission mode can be turned on or off by, for example, setting the configuration parameters of the IP router system. Usually ’The expanded functions of this Web traffic transmission mode: • Can be enabled by accessing the IP router system located at the edge of the corporate network. • Can be shut down by an IP router system located in the backbone of the corporate network.

Web Traffic Transport Mode Extension List Figure 6 describes the various lists that are used by the various elements included in this Web Traffic Transport Mode extension. The Web traffic transmission mode expansion uses a configuration setting list (508) containing Web traffic transmission mode information. There is a list of configuration settings on page 33. This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page) FREE tr ------ ---%, printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the invention () (508) is applicable to every network that needs to Establish ALP traffic for transmission mode. Generally, for each major Web application layer agreement (such as HTTP, FTP, Socks), a list needs to be set. After enabling the Web transmission mode traffic expansion, each configuration setting list is generated (for example, by a network administrator) and stored in the ALP transmission mode definition system (507). Next, the Web transmission mode traffic extension will retrieve and receive each alp transmission mode definition list from within the alp transmission wedge definition system (507) '. • (606) ALP transmission mode definition list. For each ALP traffic, ‘there will be a list that needs to be extended by this web transport mode traffic to formulate its transport mode rules. For each source device (usually a workstation) in the corporate network, or for each source device group, each list includes: • Should be adopted as a source from the source device, It also contains the server address of the destination of the IP address column using the data of the ALP, and • instructions for discarding the IP address column, and (60 1) ALP transmission mode configuration setting list. For each application layer agreement, this table includes the address of the related ALP transmission mode definition list, which contains the transmission mode information of each ALP, and • the frequency of retrieving the ALP transmission mode definition list. The other lists are built dynamically and are used by this web traffic transmission mode expansion for internal operation purposes: Page 34 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm)- -I--1 ---- ^ I--install ------- order ----- I --- (Please read the precautions on the back before filling this page) 531998 A7 B7 V. Invention Instructions () (Please read the notes on the back before filling out this page) • (6 1 2) Transmission mode connection list. For each source device that issues web traffic that must comply with the web traffic transmission mode to extend the transmission mode, this table includes: • the purpose used in the IP address data field from the source device A local server, and • a destination server as a mandatory destination for this transport mode traffic. The above three lists are detailed in Figure 6. ALP transmission mode configuration setting list The ALP transmission mode configuration setting list (601) (ordinary text file in this preferred embodiment) is made by a network administrator who manages the intranet of the enterprise. The table associates each application layer agreement with the address of the ALP transmission mode definition list, where the ALP transmission mode definition list contains transmission mode information for the ALP traffic and retrieves the ALP transmission mode definition The frequency of the list. The table contains a list of records (602), and each record lists the following information: • Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs • (603) ALP (Application Layer Agreement). For each application layer agreement that needs to be extended with the Web traffic transmission mode for the transmission mode, a value is specified. Generally, a record is defined for each major web protocol including HTTP, FTP, Socks, and so on. • (604) ALP—Transfer Mode—Definition—Address. This is the bit that defines the list of ALP transmission modes defined by each ALP (606). Page 35 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) '531998 A7 ______ B7 Wisdom of the Ministry of Economic Affairs Printed by the Consumers Cooperative of the Property Bureau V. Invention Description () address, and it is located on the ALP transmission mode definition system (507). The Web traffic transmission mode is extended with this information to obtain the ALP transmission mode definition list (508) from the ALP transmission mode definition system (507). The frequency is (605). The web traffic transmission mode extension waits for a given period of time before retrieving the new version of the ALP transmission mode definition list from the ALP transmission mode definition system. The Web traffic transmission mode extension uses this frequency value to periodically update a local copy of the ALP transmission mode definition list. ALP transmission mode definition list Each ALP transmission mode definition list (606) (a common text file in this preferred embodiment) is made by a network administrator who manages the intranet of the enterprise. For each ALP traffic that requires the Web traffic transmission mode extension to transmit mode, there will be a list ^ and each list can include each source device (usually a workstation) or source device group in the corporate network. Related to: • the server address that should be used as the destination of the ip address column, which is derived from the source device (or source device group), and • Contains the data used by the ALP, • Discard instructions in the IP address column. The table includes a list of records (607), and each record contains the following information: Page 36 (Please read the precautions on the back before filling this page) # 装 1T --------- if · This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 531998 A7 B7 V. Description of the invention (Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs • (608) Client JP_ address. This is the IP address of the source device (usually a workstation), or the IP address range of the source device group (such as all workstations in a specific area) in the corporate network. Usually, a record (607) is defined for each source device (or source device group) at the beginning of the traffic in the mode transmitted by the network manager. (609) Server_IP_Address. This is the server system IP address used by the source device (608) (or source device group) for ALP traffic. The server_IP # address must be an IP address field Destination IP address (311), and the IP address column is: • by the source Set (608), and • Contains TCP data (306) using application-layer protocols associated with the list (606) (each ALP defines a list). For example, this is set for HTTP The definition list of ALP transmission mode includes a list of HTTP proxy servers that must be used when a workstation in the corporate network accesses a Web system on the Internet. Therefore, the server "? _Address is The IP address of the HTTP proxy server that must be used by the workstation (608). • (6 1 0) server-Fuhao. This is used to identify the IP address (609) executed by the server. Program (application program) on the server system and must be used to handle the ALP traffic. Page 37 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public love) (please first Read the notes on the back and fill in this page) 1 • 丨 丨 丨 丨 丨 丨 丨 丨 丨 丨 丨 丨-* * 51 ^^. J. 531998 A7 B7 V. Description of the invention () Service benefit-Fuhao should be Fu No. (3 13) as the destination of the IP address data, and the IP address The data block system is: • issued by the source device (608), and • contains TCP data (306) containing application layer protocols associated with the list (606) (each ALP defines a list). That is, the list of ALP transmission mode definitions set for HTTP includes a list of HTTP proxy servers that must be used when workstations in the corporate network access the Web system on the Internet. The server-fuhao is the application program (such as 80) running on the HTTP proxy server to handle http traffic. This number will then be used by the workstation (608) as the destination number for HTTP traffic sent to the HTTP proxy server identified by the server address (609). • (6 11) Force a throw. This is an indication value used to indicate whether to discard the IP address data column issued by the source device (608). The mandatory-discard value can be "Yes" or "No": • "Yes" indicates that its destination is not the IP address data column of the server system (609), which must be extended by the Web traffic transmission mode. Abandoned, “No” indicates that its destination is not the IP address data column of the server system (609) and cannot be abandoned by the extension of the Web traffic transmission mode. For all sources that are not clearly defined in this specific file (60 7) Page 38 This paper size applies Chinese National Standard (CNS) A4 specifications (210 X 297 mm) (Please read the precautions on the back before filling This page is printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. 531998 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. A7 B7. Transmission mode connection list The transmission mode connection list (6 1 2) is an internal list established by the transmission mode manager component and used by the internal transmission mode processor and the external transmission mode processor component. The table is used to store the following information for each source device that issues web traffic from the web traffic transmission mode extension transmission mode. • The IP address data column issued by the source device, which is used by A destination server, and • a destination server as a mandatory destination for this transport mode traffic. The table includes a list of records (6 1 3). The following information is provided by Ji Luzhong: • (614) Client—IP address. This is the IP address of the source device sending the traffic that requires a transmission mode. The client_1? _Address contains the source IP address field (310) containing the IP address data field belonging to the traffic. • (615) Client—Fu. This is the program (application) used to identify the source device (application) called the source application that runs on the source device that issued the traffic that requires a transmission mode. The client_fu number contains the source fu number field value (312) which belongs to the IP address data column of the traffic. Generally speaking, every transmission in the enterprise intranet needs to be transmitted. Page 39 This paper standard applies to China National Standard (CNS) A4 (210 X 297 mm) ----- «· I-;- --- I ------- Order --------- (Please read the notes on the back before filling in this page) 531998 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Explanation (The system of type I traffic will have a record (6 1 3). Use the source device (identified by the client JP address (6 14)) and the source application (from the client to the Fu number (6 15)), each system is identified in this unique way. After that, each record (6 1 3) is based on its client-IP-address (6 14) and client-fu number (61 5) And other unique ways to identify. • (616) destination ~ IP address. This is the IP address of the server system 'that is sent by the client application identified by the source application (615)' The destination of the IP address data block on the source device identified by the client-IP-address (6 14). The destination-IP-address includes the IP The value of the destination IP address field (311) in the address data column. • (617) destination-Fu number. This is the program (the application) used to identify the server system (61 6). Fu number, that is, issued by the source application identified by the client No. 1 (6 15), and executed on the IP address data block on the source device identified by the client-one IP address (61 4) Destination. Destination—Fu No. contains the value of the destination Fu No. field (311). • (61 8) Server—IP address. This is the IP address of the server system. , The server system must be sent by the source application identified by the client- # (615) and run on the IP address data column on the source device identified by the client IP address (6 14) The destination of the server-IP address is the transmission mode manager component. Page 4Ό This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ------ Γ --- Ί II -------- Order --------- (Please read the notes on the back before filling this page) 531998

Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 5. Description of the invention () Determined by the definition list of ALP transmission mode. • (6 1 9) Server—Fuhao. This is used to identify the program (the application) that runs on the server system (616), the server system is issued by the source application identified by the client No. 1 (6 15), And the execution is performed on the destination of the IP address data column on the source device identified by the client_lp address (614). The server number is determined by the transmission mode manager component through the alp transmission mode definition list. Transmission mode definition creator The web traffic transmission mode extended transmission mode definition creator component 'If the computer program running on the IP router system will be better β This component is expensive: • Use ALP transmission mode configuration settings List (600), retrieve the ALP transmission mode definition list (606) from the ALP transmission mode definition system (507). • Store a local copy (508) of the table in the ip router system When the extension of the Web traffic transmission mode is started, the transmission mode definition creator element also acts immediately. Figure 7 shows a flowchart that can be used as a reference to define the internal logic of the transmission mode definition producer element "The element: • ( 701) Take all records from the ALP transmission mode configuration setting list (601, 705). • (702) For page 41 in the ALP transmission mode configuration setting list (705), the paper size is applicable to the Chinese country. Standard (CNS) A4 specification (210 X 297 mm) τ ---; ---- install ------- order ί I ---- I (Please read the precautions on the back before filling this page ) 531998 A7 _ B7 V. Description of Invention () Record (ALP) (603): • From the ALP transmission mode definition system (706) 'Class to take all ALP (603) related ALP transmission mode configuration settings list (7 0 7). This list will be used by the Web The service transmission mode extension is used to transmit the traffic related to the ALP (603). It is best to use the HTTP (or FTP) protocol to obtain the list (the ALP-definition of the transmission mode-the address is used as the URL Use). You can also use a coded protocol (such as secure HTTP). • In the network device implemented by the Web traffic transmission mode extension, store a copy of the list of ALP transmission mode configuration settings obtained by the capture. Local copy (508). • (703) Use the application layer agreement recorded in the ALP transmission mode configuration setting list (705) to build a list (ALP-transmission-mode-list). A record of ALP traffic that should be added with transmission mode has a record, so the ALP_transmission mode_ list contains all ALP lists (eg HTTP, FTP, socks, etc.) that should be extended by the Web traffic transmission mode. • (704) After waiting for a certain amount of time, Before the loop jumps to (701), once again retrieve the ALP transmission mode definition list (707). The length of this period will be deducted from the frequency field in the ALP transmission mode configuration setting list (601). For example, for HTTP In the record defined by (603), the frequency value of 30 minutes (605) refers to the definition list of ALP transmission mode definition for HTTP, which will be retrieved from the ALP transmission mode definition system at a frequency of once every 30 minutes. This mechanism can make the page 42 of this paper size applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page) ▼ Install ------- -Order ------ Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 A7 B7 V. Description of the invention () The creator of the mode definition (and therefore also the expansion of the Web traffic transmission mode) can be performed in a periodic manner, To retrieve and store the updated data of the ALP transmission mode definition list. It is also possible that the ALP transmission mode definition system (706) may temporarily store the transmission mode definition creator in order to automatically transmit the updated data of the ALP transmission mode definition list. Traffic analyst The traffic analyst component of the Web traffic transmission mode extension is better if it is a computer program executed on the IP router system. This component is expensive: • Decide whether each IP address data column received comes from a source device (usually a workstation) or a server system (usually an agent server). Figure 8 shows a flowchart that can be used as a reference to the internal logic of the traffic analyst component. The component: • (801) Retrieve an IP address data column (incoming IP address data column). • (802) Producer Get Lost Mode-List by this transfer mode definition. The ALP_Transport Mode_List contains a list of all ALPs (eg HTTP, FTP, Socks, etc.) that should be extended by the Web Traffic Transport Mode. • (803) From the IP address data block, retrieve information about the ALP used by the data contained in the IP address data column (303) ° • DT__Purpose— 皋 号 = Destination No. Column Bit (313) (located on page 43. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling out this page) | Install ------ --Order --------- Φ. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy 531998 A7 _____ Β7 ___ V. Description of the invention () Within the TCP header (305) of the IP address data column) • DT _Source-fu number = source Fu number nibble (3 1 2) (located in the TCP header (305) of the IP address data column) • (804) test whether the IP address data block comes from a certain Source devices, and contains data that uses ALP that must be transmitted. If the DT-Destination No. 1 is listed in the ALP-Transmission Mode 1 list, the IP address data block is from a source device and contains data that uses the ALP that must be transmitted (303) . • If " DT-Destination-Fuhao is listed in the ALP-Transmission Mode-List ● (805) Call Inbound Transmission Mode Processor • If DT-Destination-Fuhao is not listed in the ALP-Transmission Mode-List (806) Test whether the IP address data column is from a server system and contains data that uses the ALP that must be transmitted. If the DT_Purpose-Fu number is listed in the ALP_ ^ Transmission Mode_ list, the IP address data column is from a server system and contains data that uses the ALP that must be transmitted (303 ). • The purpose of DL—The Fu number is listed in the 8 1 ^ _Transmission Mode—list. • (807) Call Outbound Transmission Mode Processor Page 44 This paper standard applies to China National Standard (CNS) A4 (210 X 297 mm) ) (Please read the precautions on the back before filling out this page) · Install tr --------- Aw, printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 Printed by A7 B7 V. Description of the invention () • DT—Purpose—The Fu number is not listed in the list of ALP_Transmission Mode • (808) Forward the IP address data column to the ip router component • (809) Leave the The Web traffic transmission mode is expanded and waiting for the next IP address data block. Inbound transmission mode processor The Web traffic transmission mode extension of the inbound transmission mode processor component is better if it is a computer program running on the 1 p router system, and this component is expensive: • Connect according to the transmission mode List (6 1 2), and determine whether the IP address data must be updated according to the source IP address, source IP address, destination IP address, destination IP address, etc. of the IP address data column , And • If the IP address data block needs to be updated, use the information obtained by the transmission mode link list (6 12) to the destination IP address and destination number of the IP address data. Wait for the fields to be updated. Figure 9 shows a flowchart that can be used as a reference to the internal logic of the paired transfer mode processor element. The component: • (901) Retrieve a column of IP address data (the input IP field). • (902) Retrieve all the green records of the transmission mode link list (903). Page 45 This paper size applies to China National Standard (CNS) A4 specification (210 X 297 mm) -------- Γ --- installation -------- order ------ --- (Please read the precautions on the back before filling this page) 531998 A7 ____ B7 V. Description of the invention () • (904) Obtained from the IP address data block to indicate the source of the IP address data column and Destination information: • DT—source—IP—address = source IP address (310) (located in the IP header (302) of the IP address column) • DT—purpose—IP bit address = Destination IP address (311) (located in the IP header (302) of the IP address data column) • (905) Search in the transmission mode link list (903) with the following data identification (four conditions) to search One record (613): • Client—IP—Address (614) = DT_Source—IP_Address • Client—No. (615) = DT_Source_Fu No. • Destination-IP one digit Address (616) = DT-destination-one IP address • destination-fu number (617) = DT-destination one IP address • If there is no record that meets these four conditions: then the IP address data column is Belongs to this transmission mode Connection definition list. • (911) Call the transmission mode manager element. • If there is a record that meets these four conditions (referred to as "Record R"), then the IP address column belongs to the connection that has been defined in the transmission mode link list. • (906) Extract from the "Record R" information indicating which server system is the destination server system of the IP address data column: • Server—IP—Address (618) • Server_皋 号 (619) page 46 This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page) -Installation -------- Order ---------- Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy 531998 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy A7 _______B7 _ __ V. Description of the invention () • (907) for identification Information of the destination server system to update the 1p address data column: • The destination IP address field (311) located in the IP header (302) Erci server — IP — address (618) • The destination Fu field (313) located in the TCP header (305) = feeder-Fu number (619). This will send the IP address data block to the defined Web traffic transmission. The destination server system within the mode (618). The total audit field value of the IP address data column (such as the header and total audit in the IP header) will be updated accordingly. • (908) Continue to maintain the transmission mode link list (908), and specifically remove the connection records belonging to the closed connection list from the transmission mode link list (908). Closed connections can be detected by means such as FIN and ACK indications in the TCP header. Or you can also choose to determine that a connection is closed in a way that the connection still has no IP address data column after a period of time (the timing value can be, for example, a configuration setting in the extension of the Web traffic transmission mode) parameter). Any algorithm that is useful for detecting whether the TCP connection is closed or semi-closed (such as the extreme state of the abnormal disconnection of the connection) can be used to remove the connection from the table. • (909) Forward the updated IP address data column to the IP router component. Then, the updated IP address information on page 47 applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----- "--- J ---- · installation- ------- Order --------- (Please read the notes on the back before filling out this page) 531998 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of Invention () Then it is sent to the server system defined in the Web traffic transmission mode. (910) Leave the Web traffic transmission mode extension and wait for the next IP address data column. The transmission mode manager transmits the Web traffic transmission. The mode extension transmission mode manager component is better if it is a computer program running on the IP router system. This component handles each IP address data block sent by the source device. This component is expensive: * • Use the destination field in the IP address data column to determine the data alp (application layer agreement) included in the IP address data block. • Use the source IP of the IP address data column. Address, source source number, destination IP address, destination source number, etc., and the pair is included in the IP At the ALP transmission mode definition list (508) defined by the data ALP in the address data column, the extended part contains information about the transmission mode of the IP address data column. • If the transmission mode information does require: • Discard The IP address data is bad, • Use the characteristics of the IP address data column and the transmission mode information to build the transmission mode link list (6 1 2) 〇 • Use the transmission mode information to update the IP address Bad data such as destination IP address and destination Fu number. Page 48 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----: -J ---- Μ -------- Order --------- (Please read the precautions on the back before filling out this page) 531998 A7 B7 Inside the buried component 5. Description of the invention (Figure 10 shows a copy It can be used as a flow chart to refer to the logic of the transmission mode management department. The component: • (1001) retrieves an IP address data. ALP transmission mode definition list. This column amp & '』table is about the ALP used in the IP address data column Information on The

Edge ALP is equivalent to DT destination Fu. For example, if the IP bits ~-u address contain information about the use of HTTP, the selected one is used. This table is a list of definitions of ALP transmission modes related to the HTTP protocol. • (1003) from the selected ALP transmission mode definition list (ι〇04) ', there is a record about the IP address data column (called record P). The following items are used to identify the record: • Client-IP address (608) = DT-source-IP address (the client-IP address is a specific address that can be used to identify the source device) , Or • Client-IP address (608) contains DT-Source-Fu (the client-IP address is a range of IP addresses that can be used to identify a group of source devices). • (105) Check whether the IP address data column must be controlled by the transmission mode. When the destination system is not necessarily a server system, the IP address data column needs to be controlled by the transmission mode. This check uses the transmission mode information retrieved from "Record P". If (Both of them are satisfied): • DT one purpose one IP one address = server one IP · address (609), and this paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 feet)- ---- Ί — Install -------- Order --------- Refer to Γ Please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 A7

Then the destination of the π > address data block is the server system that must be used, and therefore the IP address data block does not need to be controlled by the transmission mode. Otherwise, it is necessary to control the transmission mode of the IP address data column. Β Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. • If the IP address data field does not need to be controlled by the transmission mode: The data column is forwarded to the IP router component. Then, the IP address data column will be sent to the server system that has been correctly set by the source device. There is no need to perform any traffic transmission mode control. • (1013) Leave the Web traffic transmission mode extension and wait for the next IP address data block. • If the IP address column needs to be controlled by the transmission mode: (1006) Check if the IP address column must be discarded. If the mandatory one discard (6 11) in "Record P" is "Yes", it means that the IP address data column must be discarded. • If the IP address column must be discarded: (1007): Discard the IP address column • (1013): Leave the Web traffic transmission mode extension and wait for the next IP address column. • If the IP address column does not need to be discarded: (1008) In the transmission mode link list (1009), a new record (613) is generated for the connection of the IP address column, where: • Client-IP address = DT_Source-IP address-page 50 This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) ----- y ------ -------— Order --------- ^ 9. (Please read the precautions on the back before filling out this page) 531998 A7 B7 Five Invention Instructions (Printed by the Consumers' Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs) System • Client—Fuhao_Address == DT—Fuhao_Address • Destination—IP—Address = DT_Destination—IP Address • Destination—Fuhao = DT__Destination—Fuhao • Server—IP—Address = Server—IP—Address (609) (press "Record P") Server-Fu No. = Feeder-Fu No. (61〇) (Press "Record p") • (1010) Update the IP address data with information used to identify the destination server system that must be used, namely: • The destination IP address shelf (3 11 in the IP header (302)) ) == Server—IP—Address ( 609) • The destination address (313) = server—number (610) located in the TCP header (305) This allows the IP address data column to be sent to the web traffic transmission mode defined The destination server system (609p and the total audit field value of the IP address data (such as the header and total audit in the IP header) will also be updated accordingly. • (1011) Continue to maintain the transmission Mode connection list (90 8) 'Specifically to remove the connection records belonging to the closed connection list from the transmission mode connection list (908). Connections that have been closed can use, for example, FIN and ACK in the TCP header. The method of detection is indicated on page 51. This paper size is applicable to Chinese National Standard (CNS) A4 (210 X 297). F Please read the precautions on the back before filling in this page} tl --------- ¾. 531998 Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of invention () Test. Or you can choose to identify a certain link in a way that there is still no IP address data block on the connection after a period of time. Connection is closed (this timing value can be e.g. like web The configuration setting parameters in the extension of the service transmission mode) β can also use any algorithm that is useful to detect whether the TCP connection is closed or semi-closed (for example, the abnormal state of the disconnected connection) Remove the connection in (1012) Forward the updated IP address data column to the IP router component. The updated IP address data field is then sent to the server system defined in the Web traffic transmission mode. • (1013) Leave the Web traffic transmission mode extension and wait for the next IP address column. External transmission mode processor The external transmission mode processor element of the Web traffic transmission mode extension is better if it is a computer program running on the IP router system. This component processes each column of IP address sent by the source device. This component is expensive: • According to the transmission mode connection list (6 1 2), and the source IP address, source source number, destination IP address, destination source number and other blocks based on the IP address data block, come Determine whether the IP address data column must be updated, and the paper size on page 52 applies the Chinese National Standard (CNS) A4 specification (210 X 297 meals) 11 ^ ------- I--11 ^- -------- (Please read the precautions on the back before filling out this page) 531998 A7 B7 Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Invention Description (• If the IP address data block must be updated , Then use the information obtained by the transmission mode link list (612) to update the source IP address, source number, etc. of the lp address data column. Figure 11 shows a copy for reference. Flow chart of the internal logic of the external transmission mode processor component. This component: • (1101) retrieves an IP address data column. • (1102) retrieves all records of the transmission mode link list (1 丨 03). • (1104 ) Obtain from the IP address data block to specify the source and purpose of the IP address data column Information: • DT—source-one IP address = source IP address (3 10) (located within the IP header (302) of the ip address data column) • DT—destination-one IP address = Destination IP address (3 11) (located in the IP header (302) of the IP address data column) • (11 0 5) is identified in the transmission mode link list (11 0 3) with the following information (4 Conditions) to search for a record (613): • Client_IP—Address (614) = DT—Destination—IP. Address • Client—Fuhao (615) = DT_Destination—Fu • Server—IP—Address (618) = DT ^ Source—IP_Address • Server—Fuhao (6 1 9) = DT_Source_Fuhao • If there are no records that meet these four conditions, then The IP address data column belongs to a connection that is not defined in the transmission mode link list. Therefore, there is no need to perform Web traffic transmission mode control on the 1p address data column. (1109) The IP address data The column is forwarded to the IP router component ° Page 53 This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 public love) ----------- riI--install --------- Order · -------- (Please Read the notes on the back and fill out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 531998 A7 -------- B7 V. Invention Description () • (1110) Leaving the Web traffic transmission mode expansion, And wait for the next IP address data. • If there is a record that meets these four conditions (referred to as "Record R"), the IP address data block belongs to the connection that has been defined in the transmission mode link list. • (1106) Extract from the "Record R" information describing the destination system of the IP address data block sent from the source device: • Destination-IP address (616) • Destination-Fuhao (617) • (Π 〇7) to update the IP address data column with the information used to identify the destination system: • the source IP address field (310) in the IP header (302) = Destination—IP address (616). • The source Fu field (3 13) located in the TCP header (305) = destination—Fu number (617). In this way, the IP address data column can be regarded as being transmitted by the system (6 1 6) which is the destination of the IP address data column, where the IP address data block originates from the source device (614). The total audit field value of the IP address data column (such as the header and total audit in the IP header) will be updated accordingly. Β (1108) Continue to maintain the transmission mode link list (1103), especially The destination is to be removed from the connection list of the transmission mode (908). The paper size that has been closed on page 54 applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ------ 7 ---; ------------ Order --------- (Please read the notes on the back before filling this page) 531998

The invention description (Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs can be used to detect, for example, the FIN and ACK instructions in the TCP header. Or you can choose to have the connection still not available after a period of time. IP address data block method to identify a connection as closed (the timing value can be, for example, a configuration setting parameter in the extension of the Web traffic transmission mode). It can also be used to detect the TCP connection The algorithm of the line is closed or semi-closed (such as the extreme state of abnormal connection disconnection) to remove the connection from the table. • (110) the updated IP address data column Forward to the IP router component. Then, the updated IP address data column is sent to the server system defined in the Web traffic transmission mode. (Π 10) Leave the Web traffic transmission mode extension And wait for the next IP address data block. Advantages The present invention can provide the following advantages: • The Web traffic transmission mode is defined in a central location and does not have to be grouped on multiple network devices or workstations Settings. • Update data related to the Web traffic transmission mode can be retrieved periodically from network devices that include the Web traffic transmission mode extension. For example, you can set a source device group A new agent server in order to provide better Web access services. Since the update data of the Web traffic transmission mode is captured periodically, page 55 This paper standard is applicable to China National Standard (CNS) A4 specifications (210 X 297 mm) 丨 丨 丨 丨 丨 丨 丨 丨 丨 丨 丨 丨. 丨 丨 丨 丨 丨 丨 丨 _ (Please read the precautions on the back before filling this page) 531998 Α7 Β7 V. Description of the invention ( ), Then the Web traffic transmission mode expansion can transmit the traffic sent from the source device group to the new agent server. (Please read the precautions on the back before filling this page) • Include The network device with the Web traffic transmission mode extension can automatically receive the updated data of the Web traffic transmission mode. For example, a new proxy server can be set for a source device group in order to provide a better Web Pick up Get the service. Because the update data of the Web traffic transmission mode can be automatically received, then the Web traffic transmission mode can be expanded to transmit the traffic sent from the source device group to the new agent server. Economy Printed by the Ministry of Intellectual Property Bureau's Consumer Cooperatives • This web traffic transmission mode can perform web traffic sent by end-user workstations to use preset feeders in the corporate intranet, even for the end-user The workstation has not been set up correctly. The Web traffic transmission mode is formulated in the corporate network (developed by the Web traffic transmission mode extension). Therefore, in the end user workstation configuration, even if there is Errors can also be corrected. For example, a workstation in Toulouse (France) might be configured to send HTTP traffic to an HTTP proxy server in Paris. The Web traffic transfer mode extension can direct the traffic to a closer HTTP proxy server (such as an HTTP proxy server located in Toulouse). • Optimize network resources in the corporate network. For example, the specifications of the & manager server and therefore its cost will be related to the number of source devices that can access it. One agent server that can be accessed by 5,000 source devices, and another one that can be accessed by 10,000 page 56. This paper size applies Chinese National Standard (CNS) A4 (210 X 297 mm ) 531998 A7 _ B7 _____ Five "Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs and printed by the Consumer Cooperatives of the People's Republic of China" (Invention Note) () The proxy server received by the source device will be smaller and therefore cheaper. (Please read the notes on the back before filling this page) • Improve the performance of the web access service (from the source device to the web system within the corporate network). For example, a proxy server built in France is set to provide Web access services to a specific number of source devices in France. When more source devices access the agent server than expected, the performance of the agent server may deteriorate and affect the web access service. • Optimize the utilization of network resources In particular, it means that the bandwidth required to access the Web system from the corporate network is minimized. For example, when a source device located in France wants to access the web system through a proxy server, the source device should use a proxy server located in France instead of a proxy server located in Japan. This makes it easy to minimize the path from the corporate network to the proxy server (thus minimizing the use of network resources and bandwidth between France and Japan). • Does not affect or rely on the end-user workstation; no need to run specific software on the end-user workstation. Although specific embodiments of the present invention are described with specific drawings and text, it should be understood that various forms and details can be changed without departing from the spirit and scope of the present invention. In particular, the present invention is not limited to Web traffic handled by a proxy server, but is applicable to any server (socss server, FTP server, HTTP server, ...) in an enterprise intranet. To handle any ιρ traffic (Socks, FTP, HTTP, ...). P.57 This paper is sized for China National Standard (CNS) A4 (210 x 297 meals)

Claims (1)

r \ c 9. Weng 53 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 1 A8, B8 _S8b —_ Patent application scope U An Internet protocol that strengthens a plurality of servers (503) in a network device according to a predetermined transmission mode (IP) address data distribution method, each IP address data column is composed of a source device containing multiple servers (503) and at least one client (501) intranet (502) The source vehicle is sent to the destination device of the destination device. The method includes the following steps: determining (804,806) the source device of the input IP address data block is the client (501) or the server (503); if the The source device of the IP address data block is the client (501), then: The following information of the IP address data block (301) is used to identify (80,90.4): • Client address (31 0), • client number (312), • destination address (311), • destination number (313); search (905) server address and server number in the first list (612) 'Where the first list is for each client address (614), client number (615), The destination address (616) and the connection (61 3) identified by the destination Fu (6 1 7) both include the server address (61 8) and the server Fu (619); if the A list identifies a server address and server number, and if the server address is different from the destination address, or if the server number is different from the destination number, then: The destination address (311) and destination number (313) in the address data block are replaced (907) with the server address (61 8) and the server page 58 (please read the precautions on the back first) (Fill in this page again)-The size of the Chinese paper is applicable to China National Standard (CNS) A4 (210X297 mm) _Please patent scope; ws: grape filling number (619); send out the IP address data column on the IP network (502) (90.9) Second, the method described in the scope of patent application item i, which It also includes the following steps: b If the server address is the same as the destination address, and if the feeder number is the same as the destination number, then: • Keep the destination address in the ip address data block (311) is the same as the destination Fu number (313); • Send the IP address data column on the IP network (502). 3. The method described in item 丨 of the scope of patent application, further comprising the following steps: If (807) the source device of the IP address data block is a server (503), then: (301) to identify (803, 1104): • server address (31 0), • server number (312), • client address (311), • client number ( 313); • search (110) destination address and destination number in the first list (612), where the first list is for each server address (6 丨 8), feeder No. (619), client address (614), and client No. page 59 This paper size applies to China National Standard (CNS) A4 specifications (210X297 mm) "-(Please read the precautions on the back before (Fill in this page)-Ordered by the Intellectual Property Bureau of the Ministry of Economic Affairs of the People's Republic of China and printed by the Consumer Cooperatives. Supplement VI. The connection (613) identified in the scope of patent application (615) contains the destination address (616) and the destination No. (617); (Please read the notes on the back before filling this page) The table identifies a destination address and the destination number. If the server address is different from the destination address, or the server number is different from the destination number, then: The address of the server (31〇) and the feeder No. (312) in the address data column are replaced (1107) with the destination address (616) and the destination No. (6 1 7), respectively; The network (502) blocks the IP address data (1109). 4. The method described in item 2 of the scope of patent application, further comprising the following steps: If (807) the source device of the IP address data column is a server (503), then: • Block with 1p address data (301) The following information is used to identify (803, 1104): • Server address (310), • Server Fu (31 2), printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs • Client address (311), • the client number (313); • search (1106) the destination address and the destination number in the first list (612), where the first list is for each server address (6丨 8), the ancestral server number (619), the client address (614), and the connection (6 丨 3) identified by the client number (61 5), all include the destination address (6 j 6 ) P.60 This paper size applies Chinese National Standard (CNS) A4 specification (210X297). 531 ^ 98... 丄 丄. 8 8 8-ABCD, patent application scope and destination number (61 7); (Please Read the notes on the back before filling out this page} If a destination address and destination number are identified in the first list And if the server address is different from the destination address, or the server number is different from the destination number, then: • The server address (31〇) in the original IP address data column and the server Device Fu (312), replace (1107) with the destination address (616) and destination Fu (617), respectively; • Block the IP address data on the 1P network (502) (11〇9 ) 5. The method as described in Shen Qing's patent scope item 1, 2, 3 or 4, wherein: if the destination address and destination number are not identified in the first list, or If the server address is the same as the destination address and if either the > (server server number is the same as the destination number, then: • keep the server address in the IP address data block (31 0 ) And server No. (312) unchanged; • Block the IP address data on the IP network (502). Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 6. If the scope of patent application is No. 1, 2 The method described in item 3, or 4, wherein the IP address data field is included in the IP header (302) to identify the source The source IP address bit (310) and destination IP address block (311) of the destination device and the destination device, and the "Transmission Control Protocol" TCP header (305) is used to identify the source device and the destination Source of the device: page 61 This paper size applies to China National Standard (CNS) A4 (210X297 mm) ABCD 531 Fox 23 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. The scope of application for the patent and the destination Fu No. source Fu No. (312) and destination Fu No. (31 3). Please read the precautions in the back first and then fill in 7. The method described in item 5 of the scope of patent application, which is included in the IP address data block. The IP header (302) is used to identify the source device and destination The source IP address field (31 0) and destination IP address field (311) of the device, and the "Transmission Control Protocol" TCP header (305) used to identify the source device and the destination device. Source Fu No. and destination No. Source No. (312) and destination No. (31 3) 〇8 · As described in the scope of patent application No. 1, 2, 3 or 4 The method includes the steps of determining whether the source device (804, 806) of the input IP address data block is a client (501) or a server (503), and further includes the following steps: • determining whether to include the IP address Is the value of the destination number shed (313) in the address data block equal to the value of the destination number on the server (503), or is the source number column included in the IP address data block Whether the value of bit (312) is equal to the source number on the server (503). 9. The method as described in item 7 of the scope of patent application, wherein the source device (804, 806) that determines the input data address block is the client (50) and the server (503) Steps, including the following steps: • Determine whether the value of the destination car number pick-up (313) included in the IP address data block is equal to the destination monk value on the temple server (503) ， Page 62 This paper size applies Chinese National Standard (CNS) A4 specification (210X297). Quot; ---- 8 8 8 8 ABCD I 531998 6. The scope of patent application or the information contained in the IP address Is the value of the source Fu block (312) inside equal to the source Fu number on the server (503) (please read the precautions on the back before filling this page) 1．If the scope of patent application is No. i, The method according to item 2, 3 or 4, wherein the IP address data block uses an application layer protocol to transmit data, and wherein the server address and the server number are searched in the first list (61 2). Step (905) further includes the following steps: If (911) fails to use the client address (614), the client Number (615), destination address (616), and destination number (617), and a server address and server number are identified in the first list (61 2), then • identify (1〇 〇2) The application layer protocol used for the data transmitted in the IP address data block; • By referring to the second list (606) to determine (1003) the server address and the server number 'where The second list (60 6) includes each client or client group for identifying the application layer protocol, and is identified by the client address (608) or the client address range. The server address (609) and the server Fu number (61). If (1005) the destination address (311) is different from the server address (609), or the destination number (313) is different from the server number (61), then: Printed by the cooperative • Generate (1008) a new record in the first list (612), which includes: • Client address (310, 608, 614); • Client Fu number (311, 615); • Destination address (313, 616); page 63 This paper size applies Chinese National Standard (CNS) A4 specification (210X297 mm) 531998 ABCD patent application scope • Destination No. (313, 617); • Server location Address (6 0 9, 6 1 8); (Please read the precautions on the back before filling in this page) • Server No. (61 0, 61 9). 11. The method as described in item 9 of the scope of patent application, wherein the IP address data block uses an application layer protocol to transmit data, and wherein the server address and server are searched in the first list (6 1 2) The step (905) of Qifu No. further includes the following steps: If (911) fails to use the client address (614), the client Fu No. (615), the destination address (61 6) and the destination Number (617), and a certain temple server address and feeder server number are identified in the first list (61 2), then • identify (1002) the data transmitted in the IP address data block Application layer protocols used; • By referring to the second list (606) to determine (1003) the server address and server number, where the second list (606) identifies the application layer agreement, It includes each client or client group, and the server address (609) and server number (61) identified by the client address (608) or the client address range. 0). Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. If (1005) the destination address (311) is different from the server address (609), refer to the destination Fu (31 3) and the server Fu (61) Different, then: • Generate (1008) a new record in the first list (612), which includes: • Client address (310, 608, 614); • Client Fu number (311, 615) ; Page 64 This paper size applies to China National Standard (CNS) A4 (210X297 mm) 53199: 8 Patent application scope ABCD Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs • Destination address (31 3, 61 6); • Destination Fu number (313, 617); • Feeder address (609, 618); • Server Fu (610, 619). 12. The method as described in item i, 2, 3 or 4 of the scope of patent application, wherein the IP address data block uses an application layer protocol to transfer the data, and among them is in the first list (612) The step (905) of determining the server server address and server server number further includes the following steps: If the client address (614), client car number (615), and destination address cannot be used (616) and destination Fu number (61?), And if a server address and server Fu number are identified in the second list (612), then: • identify (102) the IP address data Application layer protocol used in the transmission of data in the block; • By referring to the second list (606) to determine (1 003) the server address and server number, where the second list (606) is Identify the application layer protocol, including each client or client group, and the server address (609) and server identified by the client address (608) or the client address range Mon (610). If (1005) the destination address (311) is different from the server address (609), or the destination number (313) is different from the server number (610), then: • In the second list ( 606) Identify the indicator that discards the IP address data column. For the identified application layer agreement, in the second list (606), it is determined by the client address (608) or the client address range. It is identified on page 65 that this paper size is applicable to the Chinese National Standard (CNS) A4 specification (210X297 mm) ............... .... # (Please read the notes on the back before filling out this page) 53 «, n Still A8 B8 C8 D8 Each client or client group in the scope of patent application includes a description of whether to discard the IP bit Index of data block (611). If (1006) the indicator indicating whether to discard the IP address data block (611) has been set, then: • Discard (1 007) the IP address data block; if the description indicates whether to discard the index of the IP address data column (611) has been set, then: • Generate (1008) a new record in the first list (612), which includes: • Client address (31 0 • Client number (311 • Destination address) (31 3 • Destination Fu (31 3 • Server Address (609 • Server Fu (61 0 608, 614); 615); 616); 617); 618); 619). Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs13. The method described in item 9 of the scope of patent application, wherein the IP address data block uses an application layer agreement to transmit data, and among the first list (6 1 2 ) The decision> (the step of the server server address and the temple server fu number (905)) further includes the following steps: If the client address (614), the client fu number ( 615), the destination address (616) and the destination Fu number (617), and a certain server address and server Fu number are identified in the first list (61 2), then: • identify (1〇 〇2) The paper size used on page 66 of this IP address data block applies the Chinese National Standard (CNS) A4 specification (210X297 mm) -......... ........ Order ......... (Please read the precautions on the back before filling out this page) 5 f Supplement 30 2 ABCD-C Intellectual Property Bureau of the Ministry of Economy Employees' Cooperatives Printed Patent Application Scope application layer agreement; • By referring to the second list (606) to determine (1003) the server address and server number 'of which the second list (606) In order to identify the application layer protocol, each client or client group is included, and the server address (609) and the server are identified by the client address (608) or the client address range. Qifu (61〇). If (1005) the destination address (311) is different from the server address (609), or the destination Fu (313) is different from the server Fu (61〇), then : • Identify the indicators discarding the IP address data block in the second list (606), and for the identified application layer agreement, in the second list (606), identify the client address (608) Or each client or client group identified by the client address range includes an indicator (611) indicating whether to discard the IP address data block. If (1006) the description indicates whether to discard the IP bit If the index (611) of the IP address block is set, then: • Discard (1 0 7) the IP address block; if the index (611) indicating whether to discard the IP address block is set, then: A new record is generated (1008) in the first list (612), which includes: Client address (310, 608, 614); • Client Fu number (311, 615); • Destination address (31 3, 61 6); • Destination Fu number (313, 617); Page 67 of this Paper size applies Chinese National Standard (CNS) A4 specification (210X297 public love) (Please read the precautions on the back before filling out this page) Order · S 00- ^, 9 1X 3 5 ABCD Sixth Intellectual Property Bureau Employee Consumer Cooperative Scope of patent application for printing • Server address (609, 618); • Server Fu number (610, 619). 14 • The method described in item 10 of the scope of patent application, further including the following steps: • Configure the second list (606), and the list includes a copy of each supported application layer agreement List. 15. The method described in item 11 of the scope of patent application, further comprising the following steps: • Configure the second list (606), and the list includes a copy of each supportable application layer agreement List. 16 · The method as described in item 13 of the scope of patent application, further including the following steps: • Configure the second list (606), and the list includes one for each supported application layer agreement Copy list. 1 7 · The method as described in item 10 of the scope of patent application, wherein the step of configuring the _ list (60 6) includes the following steps: • One or one of the 1P network (502) At a plurality of server systems (507), a part or all of the second list (⑼g) is retrieved (702). ° 18. The method described in item 16 of the scope of patent application, wherein the paper size on page 68 applies the Chinese National Standard (CNS) A4 specification (210X297 Grace) ........... ........ Order ......... Mu (please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A8 B8 C8 D8 VI. List of Patent Scope (606) The steps of configuration setting include the following steps: • From one or more server systems (507) in the IP network (502), access (702) part or all of the second list (606) 19. The method as described in item 10 of the scope of patent application, wherein the step of configuring the second list further includes the following steps: • One or more server systems (507 in the network) ), The updated information of the second list (606) is obtained. 20. The method described in item 18 of the scope of patent application, wherein the step of configuring the second list further includes the following steps: At one or more server systems (507) in the network, _ take the update of the second list (606) New information 21. The method as described in item 10 of the scope of patent application, wherein the _ takes part or all of the second list (606), and retrieves updated data of the second list (606), more It includes the following steps: • By referring to the third list (60 1), to determine the address of one or more server systems (507) that contains part or all of the second list (60 0). 22. The method as described in item 20 of the scope of patent application, wherein the second list (606) which is partly or wholly extracted, and updated information of the second list (606) is retrieved, further including the following Steps: The 6th paper size is subject to the Chinese National Standard (CNS) A4 (210X297 mm). .... S (Please read the notes on the back before filling this page) Α8 Β8 C8 D8 Printed by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 53 Shaoxie 2 3 6. Scope of Patent Application • By referring to the third list (60 1), it is decided to store one or all of the second list (606) Or multiple server systems (507). 23. The method as described in item 1 () of the scope of patent application, wherein the step of configuring the second list (606) includes the following steps: • by one or more server systems in the network ( 507), receiving part or all of the second list. 24. The method according to item 22 of the scope of patent application, wherein the step of configuring the second list (606) includes the following steps: • One or more server systems (50 At 7), a second list of part or all is received. 25. The method as described in item 10 of the scope of patent application, wherein the step of configuring and setting the second list includes the following steps: • One or more server systems in the network, all (507) locations To receive updated information of the second list. 26. The method as described in claim 24, wherein the step of configuring the second list includes the following steps: • Received by one or more server systems (507) in the network Updates to this second list. 2 7 · The method as described in item 10 of the scope of the patent application, wherein the pair of second paper sizes are suitable for wealth and family (CNS) A4 specifications (21GX297 public love) '' * ... .............. Order (Please read the precautions on the back before filling out this page) § 5B1998 Year A ' Supplementary 6. The steps for setting the patent scope list and including the following steps include storing the second list (606) locally in the network device (506), i.e., the second list List (6〇6) update data 8. The method as described in the scope of patent application No. 26, wherein the step of configuring and setting the second list includes the following steps: a network device (5 06) Within the local list, the second list (606) 'is stored locally, that is, updated data of the second list (606). 29. If the scope of patent application is the first! The method described in item 〇, wherein the step of configuring and setting the second list includes the following steps: a. Locally storing the second list (606) in the network device (506), that is, / or Updates to this second list (606). 30. The method according to item 28 of the scope of patent application, wherein the step of configuring and setting the second list includes the following steps:-• storing the second list locally in the network device (506) The list (606) is the updated information of the second list (606). Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs (please read the precautions on the back, and then fill out this page.) 31 · A network device, especially a router (506), which contains the adjusted Any device described in the scope of patent application ^ 32 ·-a kind of computer-readable media, #contains useful information to implement the aforementioned application on page 71. This paper size applies to the Chinese National Standard (CNS) A4 (210X297 mm) 5 8 8 8 8 ABCD VI. Application for Patent Scope Instructions for the method described in any one of the patent scope 1 to 30. Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs This paper size applies to China National Standard (CNS) A4 (210X 297 mm)