CN110061921B - Cloud platform data packet distribution method and system - Google Patents

Cloud platform data packet distribution method and system Download PDF

Info

Publication number
CN110061921B
CN110061921B CN201910308684.4A CN201910308684A CN110061921B CN 110061921 B CN110061921 B CN 110061921B CN 201910308684 A CN201910308684 A CN 201910308684A CN 110061921 B CN110061921 B CN 110061921B
Authority
CN
China
Prior art keywords
data packet
key value
value pair
target data
pair container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910308684.4A
Other languages
Chinese (zh)
Other versions
CN110061921A (en
Inventor
苑超
王凯
向阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING YUNSHAN NETWORKS Inc
Original Assignee
BEIJING YUNSHAN NETWORKS Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING YUNSHAN NETWORKS Inc filed Critical BEIJING YUNSHAN NETWORKS Inc
Priority to CN201910308684.4A priority Critical patent/CN110061921B/en
Publication of CN110061921A publication Critical patent/CN110061921A/en
Application granted granted Critical
Publication of CN110061921B publication Critical patent/CN110061921B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/354Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches

Abstract

The embodiment of the invention provides a cloud platform data packet distribution method and a cloud platform data packet distribution system, wherein the cloud platform data packet distribution method comprises the following steps: processing the data packet by the container according to the interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the container through the MAC address and the IP address of the virtual machine; and matching the target data packet according to the path key value pair container, and executing the distribution operation corresponding to the path key value pair container on the target data packet according to the matching result. According to the embodiment of the invention, the MAC address and the IP address of the virtual machine in the cloud platform are associated into the resource group ID, and the strategy configuration is carried out through the resource group, so that the precision of strategy matching and the distribution efficiency of the data packet are improved.

Description

Cloud platform data packet distribution method and system
Technical Field
The invention relates to the technical field of data processing, in particular to a cloud platform data packet distribution method and system.
Background
With the rapid development of cloud computing and internet of things, in order to meet different service requirements of network users, packet classification has become a basis for realizing different services such as firewall packet filtering, policy-based routing, virtual private networks, flow counting and the like.
Most of the existing packet classification methods are realized based on software, the software cannot keep up with the needs of network performance development, including OpenvSwitch and NetFilter, and only matches and strategies are performed on the content information of the packets, so that when the packet classification methods are used in a cloud platform environment, the matching cannot be well matched, and a series of problems of inaccurate matching, strategy failure, low distribution performance and the like are often caused.
Therefore, a cloud platform data packet distribution method and system are needed to solve the above problems.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a cloud platform data packet distribution method and system.
In a first aspect, an embodiment of the present invention provides a cloud platform data packet distribution method, including:
processing the data packet by the container according to the interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the container through the MAC address and the IP address of the virtual machine;
and matching the target data packet according to the path key value pair container, and executing the distribution operation corresponding to the path key value pair container on the target data packet according to the matching result.
In a second aspect, an embodiment of the present invention provides a cloud platform data packet distribution system, including:
the processing module is used for processing the data packet by the container according to the interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the MAC address and the IP address of the virtual machine;
and the distribution module is used for matching the target data packet according to the path key value pair container and executing distribution operation corresponding to the path key value pair container on the target data packet according to a matching result.
In a third aspect, an embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the steps of the method provided in the first aspect when executing the program.
In a fourth aspect, an embodiment of the present invention provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the method as provided in the first aspect.
According to the cloud platform data packet distribution method and system provided by the embodiment of the invention, the MAC address and the IP address of the virtual machine in the cloud platform are associated into a resource group ID, and the strategy configuration is carried out through the resource group, so that the precision of strategy matching and the distribution efficiency of the data packet are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a cloud platform data packet distribution method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a policy lookup process of a fast path key value pair container according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a policy lookup process for a first-time path key value pair container according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a cloud platform data packet distribution system according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The existing data packet distribution method carries out strategy search and matching aiming at the information of the data packet, and is not butted with the cloud platform information. When the traffic of all virtual machines in an Elastic Private Cloud (EPC for short) needs to be collected, the traffic can only be collected by configuring IP address segments, etc., however, the IP addresses of the virtual machines in different EPCs may be the same or the same network segment, which may cause redundancy of the collected traffic.
Fig. 1 is a schematic flow diagram of a cloud platform data packet distribution method provided in an embodiment of the present invention, and as shown in fig. 1, an embodiment of the present invention provides a cloud platform data packet distribution method, including:
step 101, processing a data packet by a container according to an interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the container through an MAC address and an IP address of a virtual machine.
In the embodiment of the invention, in combination with cloud platform information, when targets are all virtual machines in an EPC, MAC-IP address pairs of all the virtual machines are used as a resource group ID, and different key value pair containers (Map) are generated according to the matching conditions of the data packet distribution strategies. Firstly, corresponding keys (keys) are created according to the obtained source resource group ID (SrcGroupIDs), the obtained target resource group ID (DstGroupIDs), the obtained source port (SrcPorts) and the obtained target port (DstPorts), and then an interface Key value pair container is generated according to the keys. In addition, in the embodiment of the invention, the cloud platform information and the resource group information corresponding to the target data packet are obtained for subsequent strategy matching and generation of various maps.
And 102, matching the target data packet according to the path key value pair container, and executing distribution operation corresponding to the path key value pair container on the target data packet according to a matching result.
In the embodiment of the invention, the path key value pair container comprises a fast path key value pair container (FastPathMap) and a first path key value pair container (FirstPathMap), so that two different search paths are performed on the target data packet. Wherein, the first pathmap searches the target data packet in full, and the Fastpathmap searches the target data packet in strategy quickly. In the embodiment of the invention, when the distribution strategy of the target data packet is searched, the target data packet is firstly searched through the FastPath map, and when the corresponding strategy is not searched, the target data packet is searched through the FirstPath map. It should be noted that, in the embodiment of the present invention, after a FirstPathMap completes a lookup, a lookup result is sent to a FastPathMap, so as to update the FastPathMap, specifically, a corresponding Mask (Mask) is respectively obtained in an IP address Mask Key Value pair container (IpNetmaskMap) according to a source IP address and a destination IP address, so as to obtain a source Mask IP (srcmaskedlp) and a destination Mask IP (dstmaskedlp), srcmaskedlp and dstmaskedlp are used as to establish a first-level Map, a Value (Value) corresponding to Key in the first Map is used as a second-level Map, and then a Value (Value) corresponding to srcpld + dstepcds + srcts + dstportportid or srcpld + dstids + virtual local area network (vklan) corresponding to a target data packet in cloud platform information is used to generate a second-level Map, so as to complete a second-level Map update.
Specifically, the description is made through an embodiment of the present invention, first, a data packet is captured from a network card, and the data packet is analyzed, so as to obtain packet header information of the data packet, where the packet header may be divided into multiple layers of protocols according to network protocols, for example, a two-layer ethernet protocol, a three-layer IP protocol, a four-layer TCP protocol, and the like; then, acquiring a corresponding policy from the Map according to the packet header information, wherein it needs to be explained that in the embodiment of the present invention, policy matching is performed once for each data packet, so as to implement fine-grained policy matching; and finally, distributing the data packet according to the execution instruction corresponding to the strategy obtained by matching.
According to the cloud platform data packet distribution method provided by the embodiment of the invention, the MAC address and the IP address of the virtual machine in the cloud platform are associated into a resource group ID, and the strategy configuration is carried out through the resource group, so that the strategy matching accuracy and the data packet distribution efficiency are improved.
On the basis of the above embodiment, the matching the target data packet according to the path key value pair container, and performing, according to a matching result, a distribution operation corresponding to the path key value pair container on the target data packet includes:
and matching the target data packet according to the quick path key value pair container, and if the matching is successful, executing distribution operation corresponding to the quick path key value pair container on the target data packet.
Fig. 2 is a schematic diagram of a policy lookup process of a fast path key value pair container according to an embodiment of the present invention, as shown in fig. 2, in the embodiment of the present invention, specific steps are as follows:
step 201, inquiring a corresponding Mask in the IPMask map according to the IP address in the target data packet to obtain SrcMaskIp and DstMaskIp;
step 202, inquiring in the first stage of FastPath according to SrcMaxkIP and DstMaskIP to obtain MacEpcMap and VlanPolicyMap;
step 203, inquiring in MacEpcMap to obtain a Mac address of the target data packet;
step 204, judging whether Vlan exists according to the Mac address of the target data packet, if yes, executing step 205, and if not, executing step 206;
step 205, generating a series of Vlan Policy (Policy) query keys using SrcEpcId + DstEpcId + Vlan;
step 206, generating a series of portPolicoy query keys by using SrcEpcId + DstEpcId + SrcPort + DstPort;
and step 207, inquiring in the corresponding Map according to the keys generated in the steps 205 and 206, merging the acquired inquiry results, and returning the corresponding distribution operation to distribute the target data packet.
Through the above steps, each target data packet is distributed through fastmapmap, it should be noted that fastmapmap is a multi-level Map, and the corresponding maps are:
map[SrcMaskedIp+DstMaskedIp]VlanAndPort;
wherein, the vlan andport comprises the following Map series:
map[SrcEpcId+DstEpcId+vlan]action;
[proto]map[SrcEpcId+DstEpcId+SrcPort+DstPort]action;
map[mac]epcId;
specifically, in an embodiment of the present invention, a description is given of a distribution process of fastmapmap, where first, a target data packet to be distributed is obtained, where information corresponding to the target data packet is: under the TCP protocol, from mac1: ip1: port1 to mac2: ip2: port 2; then, acquiring ports and protocol fields of corresponding resource groups and target data packets from the interface key value pair container, and inquiring in an interest key value pair container (interest maps), wherein if the result is false, the corresponding fields are 0, and the source resource group 10 is obtained through inquiry, the target resource group is 20, the source port is 0, the target port is port2, and the protocol is 0; respectively inquiring and acquiring corresponding masks in the IpNetmaskMap according to the ip1 and the ip2, and calculating and acquiring SrcMaxkedIp and DstMaskedIp; then obtaining vlan andport in the first-level query of fastmapmap according to SrcMaskedIp and DstMaskedIp, and obtaining srceppid as 1 and dstepcd as 2 in the map [ mac ] epcdd of vlan andport according to mac1 and mac 2; inquiring according to the 'proto' map [ SrcEpcId + DstEpcId + SrcPort ] action of Protocol + SrcPort + DstEpcId + DstEpcPort ] in VlanAndPort to obtain [0] map [1+2+0+ port1] action 1; and finally returning the acquired action to distribute the target data packet.
The embodiment of the invention improves the strategy searching rate through the FastPath map so as to ensure that all target data packets finish the strategy acquisition on the FastPath layer, and acquires the information of the target data packets on the cloud platform and the corresponding resource group ID through the butt joint of the cloud platform, thereby carrying out strategy matching and avoiding matching errors caused by the condition that different EPCs have the same IP.
On the basis of the above embodiment, the matching the target data packet according to the path key value pair container, and performing, according to a matching result, a distribution operation corresponding to the path key value pair container on the target data packet, further includes:
matching the target data packet according to the quick path key value pair container, and if the matching is unsuccessful, sending the target data packet to a first path key value pair container for matching so as to execute the distribution operation corresponding to the first path key value pair container on the target data packet;
after the target data packet is matched with the first path key value pair container, sending a corresponding strategy result after matching to the fast path key value pair container for updating the fast path key value pair container.
Fig. 3 is a schematic diagram of a policy lookup process of a first-time path key value pair container according to an embodiment of the present invention, as shown in fig. 3, in the embodiment of the present invention, specific steps are as follows:
301, acquiring corresponding cloud platform data and resource group information according to header information of a target data packet;
step 302, judging whether the cloud platform data and the resource group information contain Vlan, if so, executing step 303, and if not, executing step 304;
step 303, generating a series of Vlan policy query keys by using SrcGroupIDs + DstGroupIDs + Vlan;
step 304, using SrcGroupIDs + DstGroupIDs + SrcPorts + DstPorts to generate a series of PortPlalicoy query keys;
step 305, inquiring a strategy in corresponding Maps [ Protocol ] according to the Key generated in step 304 and step 305;
step 306, inserting the obtained strategy into the corresponding FastPolicoMap;
and 307, merging the acquired strategies, and returning the corresponding distribution operation to distribute the target data packet.
Through the above steps, the target data package is distributed through the FirstPathMap, and it should be noted that the FirstPathMap includes:
[proto]map[SrcGroupId+DstGroupId+SrcPort+DstPort]action;
map[SrcGroupId+DstGroupId+vlan]action;
specifically, in an embodiment of the present invention, a distribution process of firstdatamap is described, first, a target data packet is obtained, where information corresponding to the target data packet is: under the TCP protocol, from mac1: ip1: port1 to mac2: ip2: port 2; then, according to mac1+ ip1 and mac2+ ip2, respectively acquiring corresponding interface (interface) 1 and interface2 through an interface key value pair container; inquiring in InterestMaps according to the port and protocol field of the resource group and the target data packet corresponding to the interface1 and the interface2, if the result is false, the corresponding field is 0, inquiring to obtain a source resource group 10, the target resource group is 20, the source port is 0, the target port is port2, and the protocol is 0; matching the query result through the FirstPathMap, wherein the result is represented as [0] map [10+20+0+ port2] action1, so that the matching result is obtained, and corresponding distribution operation is returned to distribute the target data packet; finally, the match result is added to fastmapp.
According to the embodiment of the invention, according to the change of the configuration information of the virtual machine in the cloud platform, the strategy inquired by the FirstPathMap is inserted into the FastProcyMap, the resource group and the strategy configuration are adjusted in time, and the distribution of the data packet and the accurate matching of the strategy are realized through two different search paths.
On the basis of the foregoing embodiment, the matching the target data packet according to the fast path key value pair container, and if the matching is unsuccessful, sending the target data packet to a primary path key value pair container for matching so as to execute a distribution operation corresponding to the primary path key value pair container on the target data packet, includes:
searching the fields of the target data packet according to the interest key value pair container, judging and obtaining according to the search result, if the fields of the target data packet are not searched in the interest key value pair container, generating corresponding keys according to the resource group ID of the data packet for updating the first path key value pair container, sending the target data packet to the updated first path key value pair container for matching, and executing distribution operation corresponding to the updated first path key value pair container on the target data packet.
In the embodiment of the present invention, an interest key value pair container (InterestMaps) initializes a policy, and records a group ids, a Protocol and a Ports field in the policy, wherein the InterestMaps include 3 maps, which are respectively:
map[GroupId]bool;
map[Protocol]bool;
map[Port]bool。
before a target data packet is queried in a first datamap, querying in an InterestMaps through a corresponding field, if the corresponding field is not found in the InterestMaps, setting the field to be 0 (matching a full-acquisition strategy), then finding out the GroupIDs of the target data packet by combining a cloud platform, and generating a series of Keys for finding out the first datamap so as to update the first datamap.
On the basis of the above embodiment, the data packet to be distributed is acquired according to the interface key value pair container obtained by the MAC address and the IP address of the virtual machine, and the method further includes:
acquiring a data packet distribution strategy matching condition, wherein the data packet distribution strategy condition comprises a source resource group ID, a target resource group ID, an IP protocol, a virtual local area network, a source port and a target port;
and generating a corresponding key value pair container according to the data packet distribution strategy conditions.
In the embodiment of the invention, after the strategy is issued, a series of corresponding keys are generated according to SrcGroupIDs, DstGroupIDs, SrcPorts and Dstports in the strategy, and then the corresponding Map is generated by performing table division storage through a Protocol field of the strategy.
On the basis of the above embodiment, the key-value pair container includes an interface key-value pair container, an interest key-value pair container, an IP address mask key-value pair container, a first-time path key-value pair container, and a fast-path key-value pair container.
On the basis of the foregoing embodiment, the generating a corresponding key-value pair container according to the packet distribution policy condition includes:
processing cloud platform information and resource group information through a Hash algorithm to obtain the interface key value pair container, wherein the cloud platform information comprises an MAC (media access control) address and an IP (Internet protocol) address of a virtual machine;
generating corresponding keys according to the source resource group ID, the target resource group ID, the IP protocol, the virtual local area network, the source port and the target port of the data packet distribution strategy condition so as to obtain a first path key value pair container;
and generating the IP address mask key value pair container according to the IP mask pair of the cloud platform information and the resource group information, and acquiring the fast path key value pair container according to the IP address mask key value pair container.
Fig. 4 is a schematic structural diagram of a cloud platform data packet collecting and distributing system provided in an embodiment of the present invention, and as shown in fig. 4, an embodiment of the present invention provides a cloud platform data packet collecting and distributing system, including: the system comprises a processing module 401 and a distributing module 402, wherein the processing module 401 is configured to process a data packet by a container according to an interface key value to obtain a target data packet to be distributed, and the interface key value is obtained by the container through an MAC address and an IP address of a virtual machine; the distributing module 402 is configured to match the target data packet with the container according to the path key value, and execute a distributing operation corresponding to the path key value on the target data packet according to a matching result.
According to the cloud platform data packet distribution system provided by the embodiment of the invention, the MAC address and the IP address of the virtual machine in the cloud platform are associated into a resource group ID, and the strategy configuration is carried out through the resource group, so that the strategy matching accuracy and the data packet distribution efficiency are improved.
On the basis of the above embodiment, the distribution module 402 includes: and the fast path distribution unit is used for matching the target data packet according to the fast path key value pair container, and if the matching is successful, executing distribution operation corresponding to the fast path key value pair container on the target data packet.
On the basis of the above embodiment, the distribution module 402 further includes: the device comprises a primary path distribution unit and a fast path updating unit, wherein the primary path distribution unit is used for sending the target data packet to a primary path key value pair container for matching when the target data packet fails to be matched in the fast path key value pair container so as to execute distribution operation corresponding to the primary path key value pair container on the target data packet; and the fast path updating unit is used for sending the matched corresponding strategy result to the fast path key value pair container after the target data packet is matched with the first path key value pair container, so as to update the fast path key value pair container.
On the basis of the above embodiment, the first path distribution unit includes: and the primary path updating subunit is used for searching the field of the target data packet according to the interest key value pair container, judging and obtaining according to the search result, if the field of the target data packet is not searched in the interest key value pair container, generating a corresponding key according to the resource group ID of the data packet so as to update the primary path key value pair container, sending the target data packet to the updated primary path key value pair container for matching, and executing distribution operation corresponding to the updated primary path key value pair container on the target data packet.
On the basis of the above embodiment, the system further includes: the system comprises a strategy acquisition module and a key-value-pair container generation module, wherein the strategy acquisition module is used for acquiring matching conditions of a data packet distribution strategy, and the data packet distribution strategy conditions comprise a source resource group ID, a target resource group ID, an IP protocol, a virtual local area network, a source port and a target port; and the key value pair container generating module is used for generating a corresponding key value pair container according to the data packet distribution strategy conditions, wherein the key value pair container comprises an interface key value pair container, an interest key value pair container, an IP address mask key value pair container, a first path key value pair container and a quick path key value pair container.
On the basis of the above embodiment, the key-value pair generating module includes: the system comprises an interface key value pair container generating unit, a primary path key value pair container generating unit and a quick path key value pair container generating unit, wherein the interface key value pair container generating unit is used for processing cloud platform information and resource group information through a Hash algorithm to obtain an interface key value pair container, and the cloud platform information comprises an MAC (media access control) address and an IP (Internet protocol) address of a virtual machine; the primary path key value pair container generating unit is used for generating corresponding keys according to the source resource group ID, the target resource group ID, the IP protocol, the virtual local area network, the source port and the target port of the data packet distribution strategy condition so as to obtain a primary path key value pair container; the quick path key value pair container generating unit is used for generating the IP address mask code key value pair container according to the IP mask code pair of the cloud platform information and the resource group information, and acquiring the quick path key value pair container according to the IP address mask code key value pair container.
The system provided by the embodiment of the present invention is used for executing the above method embodiments, and for details of the process and the details, reference is made to the above embodiments, which are not described herein again.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 5, the electronic device may include: a Processor (Processor)501, a communication Interface (Communications Interface)502, a Memory (Memory)503, and a communication bus 504, wherein the Processor 501, the communication Interface 502, and the Memory 503 are configured to communicate with each other via the communication bus 504. The processor 501 may call logic instructions in the memory 503 to perform the following method: processing the data packet by the container according to the interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the container through the MAC address and the IP address of the virtual machine; and matching the target data packet according to the path key value pair container, and executing the distribution operation corresponding to the path key value pair container on the target data packet according to the matching result.
In addition, the logic instructions in the memory 503 may be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
An embodiment of the present invention discloses a computer program product, which includes a computer program stored on a non-transitory computer readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer can execute the methods provided by the above method embodiments, for example, the method includes: processing the data packet by the container according to the interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the container through the MAC address and the IP address of the virtual machine; and matching the target data packet according to the path key value pair container, and executing the distribution operation corresponding to the path key value pair container on the target data packet according to the matching result.
An embodiment of the present invention provides a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores a server instruction, and the computer instruction causes a computer to execute the cloud platform data packet collection and distribution method provided in the foregoing embodiment, for example, the method includes: processing the data packet by the container according to the interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the container through the MAC address and the IP address of the virtual machine; and matching the target data packet according to the path key value pair container, and executing the distribution operation corresponding to the path key value pair container on the target data packet according to the matching result.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A cloud platform data packet distribution method is characterized by comprising the following steps:
processing the data packet by the container according to the interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the container through the MAC address and the IP address of the virtual machine;
matching the target data packet according to the path key value pair container, and executing distribution operation corresponding to the path key value pair container on the target data packet according to a matching result;
the path key value pair container comprises a fast path key value pair container and a first path key value pair container, so that two different search paths are carried out on the target data packet, wherein the first path key value pair container carries out full search on the target data packet, and the fast path key value pair container carries out strategy fast search on the target data packet.
2. The cloud platform data packet distribution method according to claim 1, wherein the matching the target data packet according to a path key value pair container, and performing, according to a matching result, a distribution operation corresponding to the path key value pair container on the target data packet includes:
and matching the target data packet according to the quick path key value pair container, and if the matching is successful, executing distribution operation corresponding to the quick path key value pair container on the target data packet.
3. The cloud platform data packet distribution method according to claim 2, wherein the matching of the target data packet is performed on the container according to the path key value, and the distribution operation corresponding to the path key value is performed on the target data packet according to a matching result, and further comprising:
matching the target data packet according to the quick path key value pair container, and if the matching is unsuccessful, sending the target data packet to a first path key value pair container for matching so as to execute the distribution operation corresponding to the first path key value pair container on the target data packet;
after the target data packet is matched with the first path key value pair container, sending a corresponding strategy result after matching to the fast path key value pair container for updating the fast path key value pair container.
4. The cloud platform data packet distribution method according to claim 3, wherein the matching the target data packet according to the fast path key value pair container, and if the matching is unsuccessful, the target data packet is sent to a first path key value pair container for matching, so as to perform a distribution operation corresponding to the first path key value pair container on the target data packet, and the method includes:
searching the fields of the target data packet according to the interest key value pair container, judging and obtaining according to the search result, if the fields of the target data packet are not searched in the interest key value pair container, generating corresponding keys according to the resource group ID of the data packet for updating the first path key value pair container, sending the target data packet to the updated first path key value pair container for matching, and executing distribution operation corresponding to the updated first path key value pair container on the target data packet.
5. The cloud platform data packet distribution method according to claim 1, wherein the data packet to be distributed is acquired according to an interface key value pair container obtained by a MAC address and an IP address of a virtual machine, and the method further comprises:
acquiring a data packet distribution strategy matching condition, wherein the data packet distribution strategy condition comprises a source resource group ID, a target resource group ID, an IP protocol, a virtual local area network, a source port and a target port;
and generating a corresponding key value pair container according to the data packet distribution strategy conditions.
6. The cloud platform data packet distribution method of claim 5, wherein the key-value pair containers include an interface key-value pair container, an interest key-value pair container, an IP address mask key-value pair container, a first-time path key-value pair container, and a fast-path key-value pair container.
7. The cloud platform data packet distribution method according to claim 6, wherein the generating a corresponding key-value pair container according to the data packet distribution policy condition includes:
processing cloud platform information and resource group information through a Hash algorithm to obtain the interface key value pair container, wherein the cloud platform information comprises an MAC (media access control) address and an IP (Internet protocol) address of a virtual machine;
generating corresponding keys according to the source resource group ID, the target resource group ID, the IP protocol, the virtual local area network, the source port and the target port of the data packet distribution strategy condition so as to obtain a first path key value pair container;
and generating the IP address mask key value pair container according to the IP mask pair of the cloud platform information and the resource group information, and acquiring the fast path key value pair container according to the IP address mask key value pair container.
8. A cloud platform data packet distribution system, comprising:
the processing module is used for processing the data packet by the container according to the interface key value to obtain a target data packet to be distributed, wherein the interface key value is obtained by the MAC address and the IP address of the virtual machine;
the distribution module is used for matching the target data packet according to the path key value pair container and executing distribution operation corresponding to the path key value pair container on the target data packet according to a matching result;
the path key value pair container comprises a fast path key value pair container and a first path key value pair container, so that two different search paths are carried out on the target data packet, wherein the first path key value pair container carries out full search on the target data packet, and the fast path key value pair container carries out strategy fast search on the target data packet.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method according to any of claims 1 to 7 are implemented when the processor executes the program.
10. A non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
CN201910308684.4A 2019-04-17 2019-04-17 Cloud platform data packet distribution method and system Active CN110061921B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910308684.4A CN110061921B (en) 2019-04-17 2019-04-17 Cloud platform data packet distribution method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910308684.4A CN110061921B (en) 2019-04-17 2019-04-17 Cloud platform data packet distribution method and system

Publications (2)

Publication Number Publication Date
CN110061921A CN110061921A (en) 2019-07-26
CN110061921B true CN110061921B (en) 2021-07-06

Family

ID=67317805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910308684.4A Active CN110061921B (en) 2019-04-17 2019-04-17 Cloud platform data packet distribution method and system

Country Status (1)

Country Link
CN (1) CN110061921B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719345B (en) * 2019-10-25 2022-12-27 苏州浪潮智能科技有限公司 Virtual machine MAC address generation method, system, equipment and computer medium
CN111181861A (en) * 2020-01-13 2020-05-19 山东汇贸电子口岸有限公司 Policy routing implementation method and device
CN114615022A (en) * 2022-02-17 2022-06-10 奇安信科技集团股份有限公司 Cloud internal flow traction method and device
CN116032929B (en) * 2023-03-30 2023-06-23 阿里巴巴(中国)有限公司 Data processing system, method and equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104346401A (en) * 2013-08-08 2015-02-11 中国电信股份有限公司 Method and device for message forwarding between components in cloud management platform
CN105791402A (en) * 2016-03-02 2016-07-20 付宏伟 Network virtualization realization method of cloud computing platform and corresponding plug-in and agent
CN106161277A (en) * 2016-06-29 2016-11-23 合肥民众亿兴软件开发有限公司 A kind of parallel network flow sorting technique based on body
CN106506240A (en) * 2016-12-09 2017-03-15 上海斐讯数据通信技术有限公司 A kind of method of cloud terminal batch configuration and cloud terminal management system
CN107391502A (en) * 2016-05-16 2017-11-24 阿里巴巴集团控股有限公司 The data query method, apparatus and index structuring method of time interval, device
CN107547242A (en) * 2017-05-24 2018-01-05 新华三技术有限公司 The acquisition methods and device of VM configuration informations
CN107612843A (en) * 2017-09-27 2018-01-19 国云科技股份有限公司 A kind of method for preventing cloud platform IP and MAC from forging

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100782854B1 (en) * 2006-08-10 2007-12-06 삼성전자주식회사 Managing content method and apparatus using remote user interface
CN105282141A (en) * 2015-09-08 2016-01-27 北京元心科技有限公司 Method for detecting security of wireless network accessed by intelligent terminal and intelligent terminal
CN106209563A (en) * 2016-08-07 2016-12-07 付宏伟 A kind of cloud computing platform network virtualization implementation method and accordingly plug-in unit and agency
CN106911779A (en) * 2017-02-27 2017-06-30 郑州云海信息技术有限公司 A kind of cloud platform virtual machine obtains IP method and devices
CN109039687A (en) * 2017-06-12 2018-12-18 北京信威通信技术股份有限公司 Load-balancing method, device, system, equipment and the storage medium of request
CN109240796A (en) * 2018-08-10 2019-01-18 新华三云计算技术有限公司 Virtual machine information acquisition methods and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104346401A (en) * 2013-08-08 2015-02-11 中国电信股份有限公司 Method and device for message forwarding between components in cloud management platform
CN105791402A (en) * 2016-03-02 2016-07-20 付宏伟 Network virtualization realization method of cloud computing platform and corresponding plug-in and agent
CN107391502A (en) * 2016-05-16 2017-11-24 阿里巴巴集团控股有限公司 The data query method, apparatus and index structuring method of time interval, device
CN106161277A (en) * 2016-06-29 2016-11-23 合肥民众亿兴软件开发有限公司 A kind of parallel network flow sorting technique based on body
CN106506240A (en) * 2016-12-09 2017-03-15 上海斐讯数据通信技术有限公司 A kind of method of cloud terminal batch configuration and cloud terminal management system
CN107547242A (en) * 2017-05-24 2018-01-05 新华三技术有限公司 The acquisition methods and device of VM configuration informations
CN107612843A (en) * 2017-09-27 2018-01-19 国云科技股份有限公司 A kind of method for preventing cloud platform IP and MAC from forging

Also Published As

Publication number Publication date
CN110061921A (en) 2019-07-26

Similar Documents

Publication Publication Date Title
CN110061921B (en) Cloud platform data packet distribution method and system
US10897431B2 (en) Cloud resource processing method and physical node
US9948557B2 (en) Methods and apparatuses for routing and forwarding, establishing routing table, and acquiring content
US10333845B2 (en) Forwarding data packets
US10574570B2 (en) Communication processing method and apparatus
US11516179B2 (en) Automatic recovery from duplicate network addresses
CN107547242B (en) The acquisition methods and device of VM configuration information
CN104734955A (en) Network function virtualization implementation method, wide-band network gateway and control device
CN109743414B (en) Method for improving address translation availability using redundant connections and computer readable storage medium
CN108199982A (en) Message processing method, device, storage medium and computer equipment
CN104243344A (en) Effective data packet capturing method and request redirection server
CN108540387A (en) Method for network access control and device
EP3178215B1 (en) Routing requests with varied protocols to the same endpoint within a cluster
US20220174081A1 (en) Monitoring of abnormal host
US20170012874A1 (en) Software router and methods for looking up routing table and for updating routing entry of the software router
US8539547B2 (en) Policy selector representation for fast retrieval
CN114785733B (en) Method for realizing session tracing in cross-VPC network flow forwarding
US10541914B2 (en) Data packet forwarding method and network device
CN109729010B (en) Method, equipment and system for determining traffic transmission path in network
CN110636005B (en) Knowledge routing method and device of knowledge center network
CN104994186A (en) Query method, processor and device of media access control address
CN112187743B (en) Network policy matching method and system based on IP address longest prefix
WO2021017907A1 (en) Method and device for optimized inter-microservice communication
US11924102B2 (en) Minimizing deviation from average latency of table lookups
CN117336015A (en) Attack tracing realization method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant