CN107278360B

CN107278360B - System, method and device for realizing network interconnection

Info

Publication number: CN107278360B
Application number: CN201780000451.7A
Authority: CN
Inventors: 唐全德
Original assignee: Individual
Current assignee: Individual
Priority date: 2017-06-16
Filing date: 2017-06-16
Publication date: 2020-07-14
Anticipated expiration: 2037-06-16
Also published as: CN107278360A; WO2018227519A1

Abstract

The present application relates to the field of communications technologies, and in particular, to a system, a method, and an apparatus for implementing network interconnection, so as to solve the problems of poor transmission performance and low bandwidth utilization rate in a cross-wan interconnection scheme of a data center in the prior art. The method provided by the embodiment of the application comprises the following steps: receiving a data packet which is forwarded by a route and sent to a second server deployed in a second data center by a first server deployed in a first data center, wherein the packet header of the data packet contains a quintuple; modifying the source address in the quintuple of the data packet into the address of a first proxy server and modifying the destination address into the address of a second proxy server; and sending the modified data packet to a second proxy server deployed in the second data center, so that the second proxy server restores the five-tuple of the modified data packet into the five-tuple before modification and sends the restored data packet to the second server, and the second server responds to the restored data packet.

Description

System, method and device for realizing network interconnection

Technical Field

The present application relates to the field of communications technologies, and in particular, to a system, a method, and an apparatus for implementing network interconnection.

Background

With the increasing construction of distributed networks, the network construction between each enterprise and the headquarters of the company is increasingly perfect, most enterprises tend to construct centralized data centers, and interconnection between various data centers across Wide Area Networks (WANs) faces many problems.

At present, two popular ways of interconnecting across wan networks mainly include private line and Virtual Private Network (VPN). The dedicated line mainly includes a Digital Data Network (DDN), a Synchronous Digital Hierarchy (SDH), and the like, and has advantages of high transmission quality, short delay, and high rate. However, the construction cost of large-scale trans-regional dedicated line construction is relatively high, so that the method is not suitable for enterprises. The VPN is mainly used for establishing a communication line on a public network (Internet, short for public network) or a private line, and does not need to invest a large amount of manpower and material resources to install and maintain WAN equipment and remote access equipment, so that the construction cost can be saved, and the application in enterprises is wide. The most critical part for realizing the VPN is the tunnel mode, and the method mainly encapsulates a layer of message as a tunnel packet header on the outer layer of an original data packet sent by a sending end to encrypt and transmit the data packet. The drawbacks of this tunnel mode are mainly reflected in: since the Maximum Transmission Unit (MTU) agreed by the wan is 1500, if the packet length of the inner layer packet is the Maximum MTU length, the encapsulation is continued, the fragmentation of the packet may be caused by increasing the tunnel header, and accordingly, the receiving end needs to perform packet reassembly, which greatly reduces the Transmission performance of the packet. Moreover, the method of encapsulating the original data packet and adding the tunnel packet header increases the length of the data packet, which results in lower bandwidth utilization rate during transmission. Therefore, the problem of poor transmission performance and low bandwidth utilization rate exists when the VPN is adopted to realize the cross-wide area network interconnection of the data center.

In view of the above, there is a need for a new solution to overcome the above problems to achieve interconnection of data centers across wide area networks.

Disclosure of Invention

The embodiment of the application provides a system, a method and a device for realizing network interconnection, which are used for solving the problems of poor transmission performance and low bandwidth utilization rate in a cross-wide area network interconnection scheme of a data center in the prior art.

The system for realizing network interconnection provided by the embodiment of the application comprises: the system comprises a first server and a first proxy server which are both deployed in a first data center, and a second server and a second proxy server which are both deployed in a second data center; wherein the content of the first and second substances,

the system comprises a first server, a second server and a third server, wherein the first server is used for sending a data packet to the second server, and the packet header of the data packet contains a quintuple;

the first proxy server is used for receiving a data packet which is transmitted to the second server by the first server and is forwarded by the route; modifying the source address in the quintuple of the data packet into the address of a first proxy server and modifying the destination address into the address of a second proxy server; sending the modified data packet to a second proxy server;

the second proxy server is used for reducing the five-tuple of the modified data packet into a five-tuple before modification; sending the restored data packet to a second server;

and the second server is used for receiving and responding to the restored data packet.

Another embodiment of the present application provides a method for implementing network interconnection, including:

receiving a data packet which is forwarded by a route and sent to a second server deployed in a second data center by a first server deployed in a first data center, wherein the packet header of the data packet contains a quintuple;

modifying the source address in the quintuple of the data packet into the address of a first proxy server and modifying the destination address into the address of a second proxy server;

and sending the modified data packet to a second proxy server deployed in the second data center, so that the second proxy server restores the five-tuple of the modified data packet into a five-tuple before modification and sends the restored data packet to the second server, and the second server responds to the restored data packet.

Optionally, modifying the source address in the five-tuple of the data packet to the address of the first proxy server and modifying the destination address to the address of the second proxy server includes:

searching first sending conversation information containing an address with a source address as the first server and an address with a destination address as the second server according to a received quintuple of a data packet sent to the second server by the first server forwarded by a route;

determining first receiving session information associated with the first sending session information according to an association relation between preset session information; the source address contained in the first receiving session information is the address of the second proxy server, and the destination address is the address of the first proxy server;

and modifying the destination address in the quintuple of the data packet sent to the second server by the first server into the source address and the source address in the first receiving session information.

Optionally, the first sending session information and the first receiving session information are generated according to the following manner:

if a data packet which is transmitted to a second server by a first server and forwarded through a route is received for the first time, first transmitting session information which comprises a source address of the first server and a destination address of the second server is generated according to a quintuple of the received data packet; and the number of the first and second electrodes,

determining a server corresponding to a network segment matched with a destination address as a second proxy server according to the destination address in the quintuple of the received data packet;

generating first receiving session information containing a source address as the address of the second proxy server and a destination address as the address of the first proxy server; and the number of the first and second electrodes,

and establishing an association relation between the first sending session information and the first receiving session information.

Optionally, if a first-received data packet sent by the first server to the second server and forwarded by the route is a data packet for requesting to establish a Transmission Control Protocol (TCP) connection, before modifying a source address in a five-tuple of the data packet to an address of the first proxy server and modifying a destination address to an address of the second proxy server, the method further includes:

and storing the modified quintuple of the packet header of the data packet for requesting the establishment of the TCP connection in the data packet.

Optionally, after receiving a data packet sent by the first server to the second server via route forwarding and used for requesting to establish a TCP connection, the method further includes:

feeding back a data packet for replying to the TCP connection establishment request to the first server;

receiving and caching a data packet which is sent to the first server by the first server and carries user data information;

and after receiving a data packet which is forwarded by the second proxy server and responded by the second server and used for replying the TCP connection establishment request, sending the cached data packet carrying the user data information to the second server through the second proxy server.

Optionally, if a first-received Data packet sent by the first server to the second server and forwarded by the route is a User Data Protocol (UDP) -based Data packet, before modifying a source address in a five-tuple of the Data packet to an address of the first proxy server and modifying a destination address to an address of the second proxy server, the method further includes:

receiving and caching a data packet based on a UDP (user Datagram protocol) protocol sent to a second server by a first server; and the number of the first and second electrodes,

generating a session request packet for requesting the second proxy server to create a session and transmitting the session request packet to the second proxy server;

after receiving a session response data packet sent by the second proxy server and used for indicating that the session is successfully created, modifying the source address in the five-tuple of the data packet based on the UDP protocol and sent by the first server and cached to the second server into the address of the first proxy server and modifying the destination address into the address of the second proxy server.

receiving a data packet which is transmitted to a second server by a first server and is forwarded by a first proxy server; the source address in the quintuple of the packet header of the data packet is modified into the address of the first proxy server by the first proxy server, and the destination address is modified into the address of the second proxy server by the first proxy server;

reducing the quintuple in the data packet modified by the first proxy server into a quintuple before modification;

sending the restored data packet to a second server so that the second server can respond to the restored data packet; the first proxy server and the first server are deployed in a first data center, and the second server is deployed in a second data center.

Optionally, the reducing the quintuple in the packet modified by the first proxy server to the quintuple before modification includes:

searching second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the quintuple in the data packet modified by the first proxy server;

determining second sending session information associated with the second receiving session information according to the association relationship between the preset session information; wherein, the source address contained in the second sending session information is the address of the second server, and the destination address is the address of the first server;

and modifying the destination address in the five-tuple of the modified data packet into a source address and a source address in the second sending session information into a destination address in the second sending session information.

Optionally, if the received data packet forwarded by the first proxy server is a data packet for requesting to establish a TCP connection, the data packet forwarded by the first proxy server further includes a quintuple of the data packet before being modified by the first proxy server;

generating second transmission session information and second reception session information according to the following manner:

generating second sending session information including an address of the second server as a source address and an address of the first server as a destination address according to the quintuple of the data packet before modification by the first proxy server;

generating second receiving session information including an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the modified quintuple in the data packet forwarded by the first proxy server;

and establishing an association relation between the second sending session information and the second receiving session information.

Optionally, if the received packet forwarded by the first proxy server is a UDP protocol-based packet, before the five-tuple in the packet modified by the first proxy server is reduced to the five-tuple before modification, the method further includes:

receiving a session request data packet which is sent by the first proxy server and used for requesting to create a session; the session request data packet comprises two quintuple sets, wherein the first quintuple set is a quintuple set in a data packet which is received for the first time and sent to a second server by a first server, and the second quintuple set is a quintuple set of which the source address is a first proxy server, the destination address is a second proxy server and the transport layer protocol is a designated transport protocol;

generating second sending session information containing an address of a second server as a source address and an address of a first server as a destination address according to the first quintuple; and the number of the first and second groups,

generating second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the second quintuple; and the number of the first and second electrodes,

Another embodiment of the present application provides an apparatus for implementing network interconnection, including:

the receiving module is used for receiving a data packet which is forwarded by a route and sent by a first server deployed in a first data center to a second server deployed in a second data center, and a packet header of the data packet contains a quintuple;

the processing module is used for modifying a source address in the quintuple of the data packet into an address of a first proxy server and modifying a destination address into an address of a second proxy server;

and the sending module is used for sending the modified data packet to a second proxy server deployed in the second data center.

the receiving module is used for receiving a data packet which is transmitted to a second server by a first server and is forwarded by a first proxy server; the source address in the quintuple of the packet header of the data packet is modified into the address of the first proxy server by the first proxy server, and the destination address is modified into the address of the second proxy server by the first proxy server;

the processing module is used for reducing the quintuple in the data packet modified by the first proxy server into a quintuple before modification;

the sending module is used for sending the restored data packet to the second server so that the second server can respond to the restored data packet; the first proxy server and the first server are deployed in a first data center, and the second server is deployed in a second data center.

Yet another embodiment of the present application provides a computer apparatus, which includes a processor, and the processor is configured to implement the steps of any method for implementing network interconnection according to the embodiments of the present application when executing computer program instructions stored in a memory.

Yet another embodiment of the present application provides a computer-readable storage medium, on which computer program instructions are stored, the computer program instructions, when executed by a processor, implement the steps of any method for implementing network interconnection of the embodiments of the present application.

The beneficial effects of the embodiment of the application are as follows: data packets communicated between a first server deployed in a first data center and a second server deployed in a second data center can be transmitted across the data centers in a multi-level proxy mode. The first proxy server deployed in the first data center and the second proxy server deployed in the second data center can modify or restore the packet header five-tuple of the data packet to be forwarded, so that the data packet can support transmission across the data centers. Compared with the prior art, only the address of the packet header quintuple of the data packet is modified in the embodiment of the application, the modified data packet does not reach the maximum MTU length, and compared with a tunnel mode in the prior art, fragmentation and recombination of the data packet can be effectively avoided, so that the data transmission performance of a data center across a wide area network is improved, and the bandwidth utilization rate is improved.

Drawings

Fig. 1 is a schematic networking diagram of a system for implementing network interconnection according to an embodiment of the present application;

fig. 2 is a flowchart of a method for implementing network interconnection according to a second embodiment of the present application;

fig. 3 is a scene schematic diagram for implementing cross-regional interconnection of data centers according to the second embodiment of the present application;

fig. 4 is a process of establishing a TCP connection between a server E and a server F through a proxy server C and a proxy server D according to the second embodiment of the present application;

fig. 5 is a process of data transmission between a server E and a server F according to a TCP connection according to the second embodiment of the present application;

fig. 6 is a diagram illustrating a data transmission process of the server E and a server based on the UDP protocol through the proxy servers C and D according to the second embodiment of the present application;

fig. 7 is a schematic structural diagram of an apparatus for implementing network interconnection according to a third embodiment of the present application;

fig. 8 is a schematic structural diagram of an apparatus for implementing network interconnection according to a fourth embodiment of the present application;

fig. 9 is a schematic structural diagram of a computing device according to a fifth embodiment of the present application;

fig. 10 is a schematic structural diagram of a computing device according to a seventh embodiment of the present application.

Detailed Description

In order to solve the problems of poor transmission performance and low bandwidth utilization rate in the cross-wide area network interconnection scheme of the data center in the prior art, the application provides a system, a method and a device for realizing network interconnection. The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The scheme of the present application will be described in detail by specific examples, but the present application is not limited to the following examples.

Example one

Referring to fig. 1, a networking schematic diagram of a system for implementing network interconnection provided in an embodiment of the present application is shown. The system comprises a first server and a first proxy server which are both deployed in a first data center, and a second server and a second proxy server which are both deployed in a second data center.

And the first server is used for sending the data packet to the second server.

The data packet sent by the first server to the second server may be a data packet based on a TCP protocol or a data packet based on a UDP protocol. The TCP protocol is a connection-oriented protocol, so that the first server can firstly send a data packet for requesting to establish the TCP connection to the second server, and after the TCP connection is successfully established, the data packet carrying user data information is sent to the second server based on the established TCP connection; the UDP protocol is a non-connection oriented protocol, so a UDP protocol-based data packet sent by the first server to the second server may be a data packet carrying user data information directly.

Specifically, a packet header of a data packet sent by the first server to the second server includes a five-tuple, where a source IP address in the five-tuple is an IP address of the first server, a source port is a port of the first server, a destination IP address is an IP address of the second server, and a destination port is a port of the second server, and a transport layer protocol is a TCP protocol or a UDP protocol. And the IP addresses of the first server and the second server are both addresses under the network segment of the corresponding data center, namely, the IP addresses are internal network addresses under the corresponding data center.

The first proxy server is used for receiving a data packet which is transmitted to the second server by the first server and is forwarded by the route; and modifying the source address in the quintuple of the data packet into the address of the first proxy server and modifying the destination address into the address of the second proxy server, and sending the modified data packet to the second proxy server.

Here, the first proxy server may be deployed at an egress gateway of a first data center and the second proxy server may be deployed at an egress gateway of a second data center.

The modified addresses of the first proxy server and the second proxy server can be preset by the transmission mode of the data packet between the first proxy server and the second proxy server in practical application. The first proxy server may send the received data packet to the second proxy server via the public network, and then, the addresses of the first proxy server and the second proxy server correspond to the IP address of the public network. The first proxy server may also send the received data packet to the second proxy server via the private line, and then the addresses of the first proxy server and the second proxy server may also correspond to the IP addresses in the private line.

For convenience of explanation in the embodiments of the present application, the IP address and the port number of the server or the proxy server are collectively referred to as an address, so that the modification and restoration of the address in the present application is actually the modification and restoration of the IP address and the port number. Then, the source address in the five-tuple of the data packet is modified to the address of the first proxy server, and the destination address is modified to the address of the second proxy server, that is, the source IP address in the five-tuple of the data packet is modified to the IP address of the first proxy server, the source port number is modified to the port number of the first proxy server, the destination IP address is modified to the IP address of the second proxy server, and the destination port number is modified to the port number of the second proxy server.

And the second proxy server is used for reducing the quintuple of the modified data packet into the quintuple before modification after receiving the modified data packet sent by the first proxy server and sending the reduced data packet to the second server.

Here, the second proxy server may restore the modified five-tuple of the data packet to obtain the five-tuple of the data packet sent to the second server by the original first server, and for the first server and the second server, information in the data packet is not changed to achieve the effect of transparent forwarding.

Therefore, data packets communicated between a first server deployed in a first data center and a second server deployed in a second data center can be transmitted across the data centers in a multi-level proxy mode. The first proxy server deployed in the first data center and the second proxy server deployed in the second data center can modify or restore the packet header five-tuple of the data packet to be forwarded, so that the data packet can support transmission across the data centers. Compared with the prior art, only the address of the packet header quintuple of the data packet is modified in the embodiment of the application, the modified data packet does not reach the maximum MTU length, and compared with a tunnel mode in the prior art, fragmentation and recombination of the data packet can be effectively avoided, so that the data transmission performance of a data center across a wide area network is improved, and the bandwidth utilization rate is improved.

Next, the following describes in detail the processing procedure of the first proxy server and the second proxy server when forwarding the data packet, with reference to the specific embodiment.

Specifically, the first proxy server may modify a packet header five-tuple of the packet according to the first sending session information and the first receiving session information generated in advance. The first sending session information is used for identifying session information of a data packet sent out by the first server through the first proxy server, namely session information representing an outgoing direction for the first data center, and the first receiving session information is used for identifying session information of a data packet received by the first server through the first proxy server, namely session information representing an incoming direction for the first data center. Correspondingly, the second proxy server can also restore the modified five-tuple information according to the pre-generated second sending information and second receiving session information. The second sending session information is used for identifying session information of a data packet sent out by the second server through the second proxy server, namely session information representing an outgoing direction for the second data center, and the second receiving session information is used for identifying session information of a data packet received by the second server through the second proxy server, namely session information representing an incoming direction for the second data center.

Here, the session information may include a source address and a destination address of a transmitted or received packet, where the source address includes a source IP address and a source port number, and the destination address includes a destination IP address and a destination port number, and of course, the session information may further include a transport layer protocol, and the transport layer protocol of the session information in the outgoing direction is consistent with the transport layer protocol of the quintuple in the original packet sent by the first server or the second server, while the transport layer protocol of the session information in the incoming direction is not necessarily consistent with the transport layer protocol of the quintuple in the original packet, and may also be a protocol used in a transmission process of the packet between proxy servers.

The specific implementation manner of the first proxy server modifying the packet header quintuple of the data packet is as follows:

determining first receiving session information associated with the first sending session information according to the association relation between the preset session information; the source address contained in the first receiving session information is the address of the second proxy server, and the destination address is the address of the first proxy server;

The specific implementation manner of the second proxy server reducing the modified quintuple of the data packet to the quintuple before modification is as follows:

searching second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the received five-tuple of the modified data packet forwarded by the first proxy server;

and modifying the destination address in the five-tuple of the modified data packet into a source address in the second sending session information, and modifying the source address into a destination address in the second sending session information.

In specific implementation, for a transport layer protocol in a quintuple of the data packet, the first proxy server may not be modified, and of course, according to actual requirements, the first proxy server may also be modified into any transport layer protocol capable of implementing transmission of the data packet between the first proxy server and the second proxy server, such as an HTTP protocol, which is not limited in this application. If the first proxy server modifies the transport layer protocol of the data packet in the process of forwarding the data packet to the second proxy server, the transmission process of the data packet between the first proxy server and the second proxy server may be adjusted based on the modified protocol, and is not limited to the transmission process described in the embodiments described later in this application. Correspondingly, after receiving the data packet, the second proxy server needs to restore the transport layer protocol in the data packet quintuple according to the transport layer protocol in the second receiving session information, in addition to restoring the address in the data packet quintuple.

Further, a process of the first proxy server and the second proxy server generating the session information is explained:

the specific implementation manner of the first proxy server generating the first sending session information and the first receiving information includes:

determining a server corresponding to a network segment matched with the destination address as a second proxy server according to the destination address in the quintuple of the received data packet;

generating first receiving session information containing an address of the second proxy server as a source address and an address of the first proxy server as a destination address; and the number of the first and second electrodes,

The data packet which is first received by the first proxy server and is sent to the second server by the first server through the route forwarding may have two situations, one is a data packet for requesting to establish a TCP connection, and the other is a data packet based on a UDP protocol. Also, the above-described process of the first proxy server generating the first transmission session information and the first reception information is applicable to both cases.

It should be noted that, for the above two cases, the first proxy server needs to perform other processing procedures in addition to the processing procedures for generating the first sending session information and the first receiving session information. Correspondingly, the second proxy server generates the second sending session information and the second receiving session information in different manners under the two situations, specifically:

(1) in the first case: the data packet received by the first proxy server for the first time is a data packet for requesting to establish a TCP connection.

The first proxy server is further configured to:

and before the source address in the quintuple of the data packet is modified into the address of the first proxy server and the destination address is modified into the address of the second proxy server, storing the quintuple of the data packet before modification in the data packet.

In this case, since a session based on a TCP connection has not been established among the first server, the first proxy server, the second proxy server, and the second server, the first proxy server stores the five tuple of the packet before modification, that is, the original five tuple information of the packet in the packet, so as to inform the second proxy server of the five tuple information of the packet before modification.

Specifically, the quintuple of the packet before modification may be stored in a data area of the packet for storing the user data information, and the quintuple of the packet after modification may be stored in the data area in addition to the header of the packet.

Accordingly, the second proxy server is further configured to:

generating second sending session information containing an address of a second server as a source address and an address of a first server as a destination address according to a quintuple stored in the received data packet before modification;

generating second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the modified quintuple in the received data packet;

(2) In the second case: the data packet which is firstly received by the first proxy server and is sent to the second server by the first server through route forwarding is a data packet based on a UDP protocol.

The first proxy server is further configured to:

before a source address in the quintuple of the data packet is modified into an address of a first proxy server and a destination address is modified into an address of a second proxy server, receiving and caching a data packet which is sent to the second server by the first server and is based on a UDP protocol; and the number of the first and second electrodes,

The session request data packet comprises two quintuple sets, wherein the first quintuple set is a quintuple set in a data packet which is received for the first time and sent to a second server by a first server, and the second quintuple set is a quintuple set of which the source address is a first proxy server, the destination address is a second proxy server and the transport layer protocol is a designated transport protocol. The two quintuple groups can be located in a data area of the session request data packet for storing user data information, or the first quintuple group can be stored in the data area of the session request packet, and the second quintuple group can be stored in a header of the session request packet.

Accordingly, the second proxy server is further configured to:

In addition, an embodiment of the present application further provides a preferred implementation manner, that is, after receiving a data packet sent by a first server to a second server via route forwarding and used for requesting to establish a TCP connection, a first proxy server may also feed back a data packet for replying the TCP connection establishment request to the first server;

Based on the above preferred embodiment, the first proxy server may send the data packet for requesting to establish the TCP connection to the second proxy server, request to establish the TCP connection with the second proxy server and the second server, and establish the TCP connection with the first server locally, thereby caching all the data packets sent by the first server based on the TCP connection. Therefore, the first server does not need to wait for a data packet which is transmitted by the second server through the multi-level proxy and used for replying the TCP connection establishment request, the success of the TCP connection can be determined locally in advance, the data packet required in the session based on the TCP connection is transmitted to the first proxy server first and is cached by the first proxy server, and then the subsequent first proxy server can directly transmit the locally cached data packet to the second server through the second proxy server after receiving the data packet which is responded by the second server and used for replying the TCP connection establishment request, so that the establishment time of the TCP connection can be effectively shortened, the transmission efficiency of the data packet in the session based on the TCP connection is improved, and the transmission acceleration requirement in network interconnection is better met.

Example two

With reference to the system for implementing network interconnection described in the first embodiment, a second embodiment of the present application provides a method for implementing network interconnection, and specifically refers to the method flowchart shown in fig. 2:

step 201: the first proxy server receives a data packet which is forwarded by a route and sent by a first server deployed in a first data center to a second server deployed in a second data center, and the header of the data packet contains a five-tuple.

Step 202: and the first proxy server modifies the source address in the five-tuple of the data packet into the address of the first proxy server and modifies the destination address into the address of the second proxy server.

Step 203: and the first proxy server sends the modified data packet to a second proxy server deployed in the second data center.

Step 204: the second proxy server restores the five-tuple in the packet modified by the first proxy server to the five-tuple before modification.

Step 205: and sending the restored data packet to the second server so that the second server can respond to the restored data packet.

In a specific implementation, if the first proxy server receives the data packet sent to the second server via the forwarded first server for the first time in step 201, before performing step 202, the first sending session information and the first receiving session information may be generated according to the following manner:

generating first sending session information containing an address of a first server as a source address and an address of a second server as a destination address according to a received quintuple of a data packet; and the number of the first and second electrodes,

If the first received data packet forwarded by the route and sent to the second server is a data packet for requesting to establish a TCP connection, before step 202 is executed, a modified five-tuple of a header of the data packet for requesting to establish the TCP connection may be stored in the data packet.

And, a data packet for replying to the TCP connection establishment request may be fed back to the first server, so as to receive and cache the data packet carrying the user data information sent to the first server by the first server, and after receiving the data packet for replying to the TCP connection establishment request, which is forwarded by the second proxy server and responded by the second server, the cached data packet carrying the user data information is sent to the second server via the second proxy server.

If the first received data packet sent to the second server by the first server and forwarded by the route is a UDP protocol-based data packet, before step 202 is executed, a session may be created between the first proxy server and the second proxy server, before the session is created, the received UDP protocol-based data packet sent to the second server by the first server is cached locally, and a session request data packet for requesting the second proxy server to create the session is generated and sent to the second proxy server, and if a session response data packet sent by the second proxy server and indicating that the session is successfully created is subsequently received, it is determined that the session is successfully created, and step 202 is executed.

Further, in step 202, the modifying the five-tuple of the data packet according to the pre-generated first sending session information and the first receiving session information specifically includes:

Further, before performing step 203, the second proxy server may further establish second sending session information and second receiving session information based on a received five-tuple carried in the data packet forwarded by the first proxy server.

If the received data packet forwarded by the first proxy server is a data packet for requesting to establish a TCP connection, the data packet forwarded by the first proxy server further comprises a quintuple of the data packet before being modified by the first proxy server, and the second proxy server can generate second sending session information comprising an address with a source address as the second server and an address with a destination address as the first server according to the quintuple of the data packet before being modified by the first proxy server; generating second receiving session information including an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the modified quintuple in the packet header of the data packet forwarded by the first proxy server; and establishing an association relation between the second sending session information and the second receiving session information.

Wherein, if the received data packet forwarded by the first proxy server is a data packet based on the UDP protocol, before the quintuple in the data packet modified by the first proxy server is reduced to the quintuple before modification, the method further comprises:

Further, in step 203, the method may restore the five-tuple in the data packet modified by the first proxy server to the five-tuple before modification according to the second sending session information and the second receiving session information generated in advance, which specifically includes:

In the following, with reference to the contents described in the first embodiment and the second embodiment, taking the data center a and the data center B deployed in different areas as an example, a method for implementing network interconnection between the two data centers is described as an example.

First, referring to fig. 3, a scene diagram for implementing cross-regional interconnection of data centers is shown. The network segment corresponding to the data center A is assumed to be NET _ A, and the network segment corresponding to the data center B is assumed to be NET _ B; the proxy server C and the proxy server D are respectively deployed at exit gateways of the data center A and the data center B, the data center A directs the route of NET _ B to an intranet IP address IP _ C of the local proxy server C, the data center B directs the route of NET _ A to an intranet IP address IP _ D of the local proxy server D, public network IP addresses of the two proxy servers are respectively EIP _ C, EIP _ D, an intranet IP address of a server E of the data center A is IP _ E, and an intranet IP address of a server F of the data center B is IP _ F.

Specifically, a process of implementing network interconnection between two data centers is introduced for a data packet of a TCP protocol and a data packet of a UDP protocol, respectively.

(1) IP data packet for TCP protocol

First, referring to fig. 4, a process of establishing a TCP connection between a server E of a data center a and a server F of a data center B through proxy servers C and D is specifically as follows:

step 401: the server E sends a synchronous packet (SYN packet) for requesting establishment of a TCP connection to the server F, wherein the header of the SYN packet includes a five-tuple (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ TCP).

Step 402: and the proxy server C receives the SYN packet which is forwarded by the route and sent to the F by the server E, searches the route according to the destination IP address IP _ F, matches the NET _ B network segment corresponding to the data center B, and further searches the proxy server D deployed at the exit gateway of the data center B.

Here, since server E of data center a has directed the route of the NET _ B segment to home agent server C, the SYN packet sent by server E to server F deployed in the NET _ B segment may be forwarded to home agent server C via the route.

Step 403: the proxy server C generates first sending session information S1 according to the header 5-tuple of the received SYN packet, where the source IP address in the first sending session information S1 is IP _ E, the destination IP address is IP _ F, the source PORT number is PORT _ E, the destination PORT number is PORT _ F, and the transport layer protocol is PROTO _ TCP.

Generating first receiving session information S2 according to the found IP address of the remote proxy server D being EIP _ D, the remote proxy PORT _ D, the local IP address EIP _ C and the local proxy PORT _ C, wherein in the first receiving session information S2, the source IP address is EIP _ D, the destination IP address is EIP _ C, the source PORT number is PORT _ D, the destination PORT number is PORT _ C, and the transport layer protocol PROTO _ TCP), and establishing an association relationship between the session information S1 and S2.

Step 404: the proxy server C searches the first sending session information S1 according to the header quintuple of the SYN packet, further modifies the original header quintuple (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ TCP) of the SYN packet into (EIP _ C, EIP _ D, PORT _ C, PORT _ D, PROTO _ TCP) according to the first receiving session information S2 associated with S1, stores the original header quintuple (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ TCP) in the SYN packet, and sends the modified SYN packet to the proxy server D.

Here, since the packet length of the SYN packet is small, the packet header of the SYN packet is modified and the original packet header quintuple is added to the data packet, and since the packet length occupied by the quintuple information is small, the modified data packet does not reach the maximum MTU length in the modification mode of the data packet, and fragmentation and reassembly of the data packet are effectively avoided.

It should be noted that, after the first receipt of the SYN packet, the proxy server C stores the original header quintuple in the data area of the data packet, so that the peer proxy server D generates the corresponding session information. After the subsequent TCP connection is successfully established, when the proxy server C forwards the data packet sent by the server E based on the TCP connection, the proxy server C may only modify the packet header of the data packet, and does not perform the action of storing the original packet header quintuple in the data packet. The data transmission process after the TCP connection is successfully established will be described in detail later.

In a specific implementation, the proxy server C may encrypt the original packet header five-tuple stored in the SYN packet, where the specific encryption process may refer to an existing flow, and this is not limited in this application.

Step 405: after receiving the SYN packet forwarded by the proxy server C, the proxy server D establishes second sending session information S3 according to the packet header quintuple in the SYN packet, where in S3, the source IP address is IP _ F, the destination IP address is IP _ E, the source PORT number is PORT _ F, the destination PORT number is PORT _ E, and the transport layer protocol is PROTO _ TCP;

establishing second receiving session information S4 according to the modified quintuple in the SYN packet, wherein in S4, the source IP address is EIP _ C, the destination IP address is EIP _ D, the source PORT number is PORT _ C, the destination PORT number is PORT _ D, and the transport layer protocol is PROTO _ TCP; and establishes an association relationship between the session information S3, S4.

Here, if the SYN packet is encrypted, after receiving the SYN packet, the data packet may be decrypted first, and the validity and integrity of the data packet are verified, and the specific decryption and verification process may refer to an existing flow, which is not limited in this application.

Step 406: the proxy server D finds the second receiving information S4 according to the five-tuple of the header of the SYN packet, and further modifies the five-tuple of the header of the SYN packet (EIP _ C, EIP _ D, PORT _ C, PORT _ D, PROTO _ TCP) into (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ TCP) according to the second sending session information S3 associated with S4, and forwards the modified packet to the server F through the route.

Step 407: the server F monitors and receives a SYN packet at a PORT _ F based on a TCP protocol, and sends a SYN-ACK packet for replying a TCP connection establishment request after processing the SYN packet, wherein the packet header of the SYN-ACK packet comprises five tuples (IP _ F, IP _ E, Port _ F, Port _ E and PROTO _ TCP).

Step 408: the proxy server D receives the SYN-ACK packet forwarded by the route, searches for second sending session information S3 according to the packet header quintuple of the SYN-ACK packet, determines associated second receiving session information S4 according to S3, modifies the packet header quintuple of the SYN-ACK packet (IP _ F, IP _ E, PORT _ F, PORT _ E, PROTO _ TCP) to (EIP _ D, EIP _ C, PORT _ D, PORT _ C, PROTO _ TCP), and forwards the modified SYN-ACK packet to the proxy server C.

Step 409: after receiving the SYN-ACK packet, the proxy server C searches for the first receiving session information S2 according to the packet header quintuple of the SYN-ACK packet, determines the associated first sending session information S1 according to S2, modifies the packet header quintuple (EIP _ D, EIP _ C, PORT _ D, PORT _ C, PROTO _ TCP) of the SYN-ACK packet into (IP _ F, IP _ E, PORT _ F, PORT _ E, PROTO _ TCP), and forwards the modified packet header quintuple to the server E.

And step 410, the server E receives the SYN-ACK packet returned by the server F, and further returns L AST-ACK packet for indicating that the TCP connection is successfully established to the server F.

Step 504 in the figure is a simplified process, and specifically, the L AST-ACK packet forwarding process may refer to the SYN packet forwarding process (proxy C → proxy D → server E) to forward, when server F receives the L AST-ACK packet sent by server E, it is determined that the TCP connection with server E is successfully established, and subsequently, bidirectional transmission of the data packet may be performed between the two servers based on the established TCP connection.

It should be noted that, here, the process of TCP connection establishment in step 401 to step 410 is performed when the proxy server C operates in the incomplete proxy operation mode.

Preferably, in this embodiment of the present application, the proxy server may further operate in a full proxy operating mode, where the TCP connection establishment process in the full proxy operating mode is different from that in the incomplete proxy operating mode in the following points:

firstly, after completing step 401, proxy server C may immediately feed back a SYN-ACK packet for replying to the TCP connection establishment request to server E after receiving the SYN packet for requesting to establish the TCP connection, and further temporarily buffer the received SYN-ACK packet until receiving the SYN-ACK packet sent by proxy server D back to server F before proxy server D returns the SYN-ACK packet sent by server F, if it receives L AST-ACK packet sent by server E for route forwarding and the subsequent ACK packet, it determines that the TCP connection establishment between local proxy server C and server E is successful.

Secondly, after the step 408 is executed (steps 409 to 410 are not executed), the proxy server C forwards the L AST-ACK packet which is sent by the server E and used for indicating that the TCP connection is successfully established and the subsequent ACK packet to the server f via the proxy server D.

When server F receives L AST-ACK packet sent by server E, it determines that the TCP connection with server E is successfully established, and subsequently, two servers can perform bidirectional transmission of data packet based on the established TCP connection.

Further, referring to fig. 5, a process of data transmission between the server E of the data center a and the server F of the data center B based on TCP connection includes the following specific flow:

step 501: the server E sends a data packet carrying user data information to the server F based on the TCP connection, where the packet header of the data packet is (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ TCP).

Step 502: the proxy server C receives the data packet forwarded by the route and sent to the F by the server E, searches for the first sending session information S1 generated in advance according to the packet header quintuple of the data packet, determines the associated first receiving session information S2 according to S1, modifies the packet header quintuple (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ TCP) of the data packet into (EIP _ C, EIP _ D, PORT _ C, PORT _ D, PROTO _ TCP), and forwards the modified data packet to the proxy server D.

Specifically, if the proxy server C caches the data packet sent by the server E to the server F based on the TCP connection after the proxy server C completes the TCP establishing process with the server E locally, the cached data packet may be directly modified and forwarded to the proxy server D.

Step 503: after receiving the data packet forwarded by the proxy server C, the proxy server D searches the pre-generated second receiving session information S4 according to the header quintuple (EIP _ C, EIP _ D, PORT _ C, PORT _ D, PROTO _ TCP) of the data packet, determines the associated second receiving session information S3 according to S4, modifies the header quintuple (EIP _ C, EIP _ D, PORT _ C, PORT _ D, PROTO _ TCP) of the data packet into (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ TCP), and forwards the modified data packet to the server F.

Step 504: server F receives and responds to packets sent by server E over the TCP connection.

In the figure, step 504 is a simplified process, and specifically, the process of forwarding the data packet responded by the server F to the server E of the data center a through the proxy server D, C may refer to the forwarding process of the data packet, which is not described in detail.

Based on the above process, the server E of the data center a and the server F of the data center may perform bidirectional transmission of data packets based on the established TCP connection until the established TCP connection is timed out, or the TCP connection is actively disconnected by the servers E or F.

(2) IP data packet for UDP protocol

First, referring to fig. 6, a data transmission process based on the UDP protocol is performed between a server E of a data center a and a server F of a data center B through proxy servers C and D, and the specific flow is as follows:

step 601: the server E sends a UDP packet (UDP packet for short) based on the UDP protocol to the server F, where the header of the UDP packet is (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ UDP).

Step 602: and the proxy server C receives the UDP packet which is forwarded by the route and sent to the F by the server E, searches the route according to the destination IP address IP _ F, matches the NET _ B network segment corresponding to the data center B, and further searches the proxy server D deployed at the exit gateway of the data center B.

Step 603: the proxy server C generates first sending session information S1 according to the header 5-tuple of the received UDP packet, where the content included in the session information is as described in the above embodiment and is not described herein again;

and according to the searched remote proxy server D, determining that the remote proxy IP address is EIP _ D and the remote proxy PORT is PORT _ D, further according to the known local IP address EIP _ C and the known local proxy PORT PORT _ C, generating first receiving session information S2, and establishing an association relationship between the session information S1 and S2.

Step 604: the proxy server C caches the UDP packet sent by the server E, generates a session request data packet for requesting the proxy server D to create a session, and sends the session request data packet to the remote proxy server D.

The session request data packet includes two quintuple sets, the first is an original header quintuple set (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ UDP) of the UDP packet, and the second is a quintuple set (EIP _ C, EIP _ D, PORT _ C, PORT _ D, PROTO _ UDP) of the data packet constructed by the proxy server C, and the two quintuple sets can be stored in a data area of the data packet according to a protocol agreed format. And, the header of the session request packet may be encapsulated according to a determined transport layer protocol that enables data transmission between the proxy server C and the proxy server E.

In a specific implementation, the proxy server C may buffer locally the received packets related to the UDP session sent by the server E via route forwarding before receiving the response packet returned by the proxy server D to indicate that the session is successfully established. Moreover, the proxy server C may encrypt the two quintuple stored in the data area of the data packet, and the specific encryption process may refer to the existing flow, which is not limited in this application.

Here, the original UDP packet is stored locally, and a data packet including the quintuple constructed by the proxy server C and the packet header quintuple of the original UDP packet is regenerated, because the data packet includes only two quintuples and the packet length occupied by the quintuple information is small, the processing method of the data packet in the present application does not make the processed data packet reach the maximum MTU length, thereby effectively avoiding fragmentation and reassembly of the data packet. And, through two quintuple in the generated data packet, the proxy server D can generate session information to realize the forwarding of the data packet between the proxy servers C and D.

Step 605: after receiving the UDP packet forwarded by the proxy server C, the proxy server D generates second sending session information S3 according to the quintuple in the header in the UDP packet;

the second reception session information S4 is generated from the five-tuple of the packet constructed by the proxy server C, and an association relationship is established between the session information S3, S4.

Step 606: the proxy server D transmits a session response packet indicating that the session creation is successful to the proxy server C.

Step 607: after receiving the response data packet sent by the proxy server D, the proxy server C determines that the UDP session initiated by the server E has been successfully established in the proxy server D.

Step 608: and the proxy server C forwards the UDP packet sent to the F by the server E in the local cache to the proxy server D.

Specifically, first, the first sending session information S1 is searched according to the header quintuple of the UDP packet, the first receiving session information S2 associated with S1 is determined, the header quintuple (IP _ E, IP _ F, PORT _ E, PORT _ F, UDP) of the UDP packet is modified to (EIP _ C, EIP _ D, PORT _ C, PORT _ D, UDP), and the modified UDP packet is sent to the proxy server D.

Here, the information stored in the data area in the UDP packet may also be encrypted and compressed, which may specifically refer to the existing flow, and is not described in detail here.

Step 609: after receiving the UDP packet forwarded by the proxy server C, the proxy server D searches the second receiving session information S4 according to the packet header quintuple of the UDP packet, determines the associated second receiving session information S3 according to S4, modifies the packet header quintuple (EIP _ C, EIP _ D, PORT _ C, PORT _ D, PROTO _ UDP) of the UDP packet into (IP _ E, IP _ F, PORT _ E, PORT _ F, PROTO _ UDP), and forwards the modified UDP packet to the server F.

Here, if the UDP packet is encrypted and compressed, after receiving the UDP packet, the data packet may be decrypted first, the validity and the completeness of the data packet are verified, and the data information in the data packet is decompressed, and the specific decoding and decompressing process may refer to the existing flow, which is not limited in this application.

Step 610: server F receives and responds to UDP packets sent from server E.

Here, step 610 shown in the figure is to simplify the flow, specifically, the data packet responded by the server F may also be sent to the server E via the proxy server D and the proxy server C, and the forwarding flow in the proxy server is similar to the above-mentioned flow, and is not described again. Subsequently, the data packets exchanged between the server E and the server F may be forwarded through the proxy server C, D until the UDP session established between the proxy server C and the proxy server D is released over time.

In addition, in this embodiment, the server E and the server F are only used as examples, and in a specific implementation, a plurality of data packets sent by a plurality of servers in the data center a may be simultaneously supported to be forwarded to a corresponding server in the data center B via the proxy servers C and D, where the proxy server C is configured to modify all intranet addresses in a plurality of data packet quintuples sent by the plurality of servers to a public network address corresponding to the proxy server D, and correspondingly, the proxy server D is configured to restore the received plurality of data packet quintuples based on the pre-generated session information, so as to forward the received plurality of data packets to the corresponding server in the data center B. For a specific forwarding process, reference may be made to the above process, which is not described herein again.

In addition, in practical application, in addition to deploying proxy servers at the edge of the data center, proxy servers may be deployed at edge access points corresponding to two data centers in the public network, for example, proxy server M may be deployed at an edge access point corresponding to data center a in the public network, and proxy server N may be deployed at an edge access point corresponding to data center B in the public network, so that a data packet sent by a server of data center a to a server of data center B may be forwarded to a server corresponding to data center B via proxy C → proxy M → proxy N → proxy D, and a forwarding flow in a multi-level proxy server may refer to the above-mentioned flow, which is not described herein again.

Based on the same application concept, the embodiment of the present application further provides a device for implementing network interconnection corresponding to the method for implementing network interconnection, and as the principle of solving the problem of the device is similar to the method for implementing network interconnection in the embodiment of the present application, the implementation of the device may refer to the implementation of the method, and repeated details are not repeated.

EXAMPLE III

As shown in fig. 7, a schematic structural diagram of an apparatus for implementing network interconnection provided in the third embodiment of the present application includes:

a receiving module 71, configured to receive a data packet sent by a first server deployed in a first data center to a second server deployed in a second data center, where a packet header of the data packet includes a five tuple;

a processing module 72, configured to modify a source address in the five-tuple of the data packet into an address of a first proxy server, and modify a destination address into an address of a second proxy server;

a sending module 73, configured to send the modified data packet to a second proxy server deployed in the second data center.

Example four

As shown in fig. 8, a schematic structural diagram of an apparatus for implementing network interconnection provided in the fourth embodiment of the present application includes:

a receiving module 81, configured to receive a data packet that is forwarded by the first proxy server and sent by the first server to the second server; the source address in the quintuple of the packet header of the data packet is modified into the address of the first proxy server by the first proxy server, and the destination address is modified into the address of the second proxy server by the first proxy server;

a processing module 82, configured to reduce the quintuple in the data packet modified by the first proxy server to a quintuple before modification;

a sending module 83, configured to send the restored data packet to the second server, so that the second server responds to the restored data packet; the first proxy server and the first server are deployed in a first data center, and the second server is deployed in a second data center.

EXAMPLE five

Fig. 9 illustrates a computing device that may include a Central Processing Unit (CPU) 901, a memory 902, an input device 903, an output device 904, and the like, where the input device may include a keyboard, a mouse, a touch screen, and the like, and the output device may include a Display device, such as a liquid Crystal Display (L acquired Crystal Display, L CD), a Cathode ray tube (Cathode RayTube, CRT), and the like.

The memory may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides the processor with program instructions and data stored in the memory. In embodiments of the present application, the memory may be used to store program instructions that implement the method of interconnecting networks.

The processor is used for executing the following steps according to the obtained program instructions by calling the program instructions stored in the memory: receiving a data packet which is forwarded by a route and sent to a second server deployed in a second data center by a first server deployed in a first data center, wherein the packet header of the data packet contains a quintuple; modifying the source address in the quintuple of the data packet into the address of a first proxy server and modifying the destination address into the address of a second proxy server; and sending the modified data packet to a second proxy server deployed in the second data center, so that the second proxy server restores the five-tuple of the modified data packet into a five-tuple before modification and sends the restored data packet to the second server, and the second server responds to the restored data packet.

EXAMPLE six

A sixth embodiment of the present application provides a computer storage medium, which is used to store computer program instructions for the computing device in the fifth embodiment, and which contains a program for executing the method for implementing network interconnection.

The computer storage media may be any available media or data storage device that can be accessed by a computer, including but not limited to magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memory (NAND F L ASH), Solid State Disks (SSDs)), etc.

EXAMPLE seven

As shown in fig. 10, the computing device may include a Central Processing Unit (CPU) 1001, a memory 1002, an input device 1003, an output device 1004, and the like, the input device may include a keyboard, a mouse, a touch screen, and the like, and the output device may include a Display device, such as a liquid Crystal Display (L acquired Crystal Display, L CD), a Cathode Ray Tube (CRT), and the like.

The processor is used for executing the following steps according to the obtained program instructions by calling the program instructions stored in the memory: receiving a data packet which is transmitted to a second server by a first server and is forwarded by a first proxy server; the source address in the quintuple of the packet header of the data packet is modified into the address of the first proxy server by the first proxy server, and the destination address is modified into the address of the second proxy server by the first proxy server; reducing the quintuple in the data packet modified by the first proxy server into a quintuple before modification; sending the restored data packet to a second server so that the second server can respond to the restored data packet; the first proxy server and the first server are deployed in a first data center, and the second server is deployed in a second data center.

Example eight

An eighth embodiment of the present application provides a computer storage medium, which is used to store computer program instructions for the computing device in the seventh embodiment, and which contains a program for executing the method for implementing network interconnection.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims

1. A system for implementing network interconnection, the system comprising: a first server and a first proxy server both deployed in a first data center, a second server and a second proxy server both deployed in a second data center, the first proxy server being deployed at an egress gateway of the first data center, the second proxy server being deployed at an egress gateway of the second data center, i.e. the address of the first proxy server and the address of the second proxy server are both IP addresses of a public network, wherein,

the second proxy server is used for reducing the modified quintuple of the data packet into a quintuple before modification, and comprises: searching second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the received five-tuple of the modified data packet forwarded by the first proxy server; determining second sending session information associated with the second receiving session information according to the association relationship between the preset session information; wherein, the source address contained in the second sending session information is the address of the second server, and the destination address is the address of the first server; modifying the destination address in the quintuple of the modified data packet into a source address in second sending session information, modifying the source address into a destination address in the second sending session information, and sending the restored data packet to a second server;

2. The system of claim 1, wherein the first proxy server is specifically configured to:

3. The system of claim 2, wherein the first proxy server is further to:

4. The system of claim 1, wherein if the first proxy server first receives a data packet that the first server forwarded via the route sends to the second server as a data packet for requesting to establish a TCP connection, the first proxy server is further configured to:

before the source address in the quintuple of the data packet is modified into the address of the first proxy server and the destination address is modified into the address of the second proxy server, storing the quintuple of the data packet before modification in the data packet;

the second proxy server is further to:

5. The system of claim 4, wherein the first proxy server is further to:

after receiving a data packet which is sent to a second server by a first server and forwarded by a route and used for requesting to establish a TCP connection, feeding back a data packet used for replying the TCP connection establishment request to the first server;

6. The system of claim 3, wherein if the first proxy server first receives a data packet sent by the first server to the second server via the route forwarding, the data packet is a data packet based on a User Datagram Protocol (UDP), the first proxy server is further configured to:

after receiving a session response packet sent by the second proxy server to indicate that the session is successfully created, the first proxy server is specifically configured to:

and modifying the source address in the quintuple of the UDP-based data packet which is received and cached and sent by the first server to the second server into the address of the first proxy server and modifying the destination address into the address of the second proxy server.

7. The system of claim 6, wherein the session request packet includes two quintuples, the first quintuple is a quintuple in a packet sent by the first server to the second server and received for the first time, the second quintuple is a quintuple with a source address of the first proxy server, a destination address of the second proxy server and a transport layer protocol of a specified transport protocol;

the second proxy server is further to:

8. A method for implementing network interconnection, the method comprising:

sending the modified data packet to a second proxy server deployed in the second data center, so that the second proxy server reduces the five-tuple of the modified data packet to the five-tuple before modification and sends the reduced data packet to the second server, and the second proxy server responds to the reduced data packet by reducing the five-tuple of the modified data packet to the five-tuple before modification according to the following method, including: searching second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the received five-tuple of the modified data packet forwarded by the first proxy server; determining second sending session information associated with the second receiving session information according to the association relationship between the preset session information; wherein, the source address contained in the second sending session information is the address of the second server, and the destination address is the address of the first server; modifying the destination address in the quintuple of the modified data packet into a source address in second sending session information, modifying the source address into a destination address in the second sending session information, and sending the restored data packet to a second server;

the first proxy server is deployed at an exit gateway of a first data center, and the second proxy server is deployed at an exit gateway of a second data center, namely, the address of the first proxy server and the address of the second proxy server are both IP addresses of a public network.

9. The method of claim 8, wherein modifying the source address in the five tuple of the data packet to the address of the first proxy server and the destination address to the address of the second proxy server comprises:

10. The method of claim 9, wherein the first sending session information and the first receiving session information are generated according to:

11. The method of claim 10, wherein if the first received data packet forwarded by the route from the first server to the second server is a data packet for requesting to establish a TCP (transmission control protocol) connection, before modifying the source address in the five tuple of the data packet to the address of the first proxy server and modifying the destination address to the address of the second proxy server, the method further comprises:

12. The method of claim 11, wherein after receiving a data packet sent by the first server to the second server via route forwarding for requesting establishment of a TCP connection, the method further comprises:

13. The method of claim 10, wherein if the first received data packet sent by the first server to the second server via the route forwarding is a UDP (user datagram protocol) -based data packet, before modifying a source address in a five tuple of the data packet to an address of the first proxy server and modifying a destination address to an address of the second proxy server, the method further comprises:

14. A method for implementing network interconnection, the method comprising:

reducing the quintuple in the data packet modified by the first proxy server to the quintuple before modification, including: searching second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the quintuple in the data packet modified by the first proxy server; determining second sending session information associated with the second receiving session information according to the association relationship between the preset session information; wherein, the source address contained in the second sending session information is the address of the second server, and the destination address is the address of the first server; modifying the destination address in the five-tuple of the modified data packet into a source address and a source address in the second sending session information into a destination address in the second sending session information;

sending the restored data packet to a second server so that the second server can respond to the restored data packet; the first proxy server and the first server are deployed in a first data center, and the second server is deployed in a second data center;

15. The method of claim 14, wherein if the received packet forwarded by the first proxy server is a packet for requesting establishment of a TCP (transmission control protocol) connection, the packet forwarded by the first proxy server further includes a quintuple of the packet before modification by the first proxy server;

generating second receiving session information including an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the modified quintuple in the packet header of the data packet forwarded by the first proxy server;

16. The method of claim 14, wherein if the packet forwarded by the first proxy server is received as a UDP (user datagram protocol) protocol based packet, before the quintuple in the packet modified by the first proxy server is reduced to the quintuple before modification, the method further comprises:

17. An apparatus for implementing network interconnection, the apparatus comprising:

the sending module is used for sending the modified data packet to a second proxy server deployed in the second data center, so that the second proxy server can restore the quintuple of the modified data packet to a quintuple before modification and send the restored data packet to the second server, and the second server responds to the restored data packet; the second proxy server reduces the modified quintuple of the data packet to a quintuple before modification according to the following method, including: searching second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the received five-tuple of the modified data packet forwarded by the first proxy server; determining second sending session information associated with the second receiving session information according to the association relationship between the preset session information; wherein, the source address contained in the second sending session information is the address of the second server, and the destination address is the address of the first server; modifying the destination address in the quintuple of the modified data packet into a source address in second sending session information, modifying the source address into a destination address in the second sending session information, and sending the restored data packet to a second server;

18. An apparatus for implementing network interconnection, the apparatus comprising:

a processing module, configured to reduce the quintuple in the packet modified by the first proxy server to a quintuple before modification, including: searching second receiving session information containing an address of the first proxy server as a source address and an address of the second proxy server as a destination address according to the quintuple in the data packet modified by the first proxy server; determining second sending session information associated with the second receiving session information according to the association relationship between the preset session information; wherein, the source address contained in the second sending session information is the address of the second server, and the destination address is the address of the first server; modifying the destination address in the five-tuple of the modified data packet into a source address and a source address in the second sending session information into a destination address in the second sending session information; the sending module is used for sending the restored data packet to the second server so that the second server can respond to the restored data packet; the first proxy server and the first server are deployed in a first data center, and the second server is deployed in a second data center.

19. A computer arrangement comprising a processor for implementing the steps of the method according to any one of claims 9-14 when executing computer program instructions stored in a memory.

20. A computer-readable storage medium having computer program instructions stored thereon, characterized in that: the computer program instructions, when executed by a processor, implement the steps of the method of any one of claims 9 to 14.

21. A computer arrangement comprising a processor for implementing the steps of the method according to any one of claims 15-18 when executing computer program instructions stored in a memory.

22. A computer-readable storage medium having computer program instructions stored thereon, characterized in that: the computer program instructions, when executed by a processor, implement the steps of the method of any one of claims 15 to 18.