CN112995005B - Virtual network data exchange method and device - Google Patents

Virtual network data exchange method and device Download PDF

Info

Publication number
CN112995005B
CN112995005B CN201911302290.4A CN201911302290A CN112995005B CN 112995005 B CN112995005 B CN 112995005B CN 201911302290 A CN201911302290 A CN 201911302290A CN 112995005 B CN112995005 B CN 112995005B
Authority
CN
China
Prior art keywords
address
virtual machine
service request
network
destination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911302290.4A
Other languages
Chinese (zh)
Other versions
CN112995005A (en
Inventor
葛茂
周清志
王少岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201911302290.4A priority Critical patent/CN112995005B/en
Publication of CN112995005A publication Critical patent/CN112995005A/en
Application granted granted Critical
Publication of CN112995005B publication Critical patent/CN112995005B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/825Involving tunnels, e.g. MPLS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4675Dynamic sharing of VLAN information amongst network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the disclosure discloses a virtual network data exchange method and a virtual network data exchange device. One embodiment of the method comprises: responding to the received service request, taking the virtual IP address of the target virtual machine of the service request as the target IP address of the service request, and taking the IP address of the source host machine of the service request as the source IP address of the service request to send a data packet corresponding to the service request to the exchange kernel; in the exchange kernel, inquiring an outbound transmission rule represented by the virtual IP address of the target virtual machine according to a preconfigured outbound rule table; and according to the outgoing transmission rule, encapsulating the data packet corresponding to the service request and then sending the encapsulated data packet from the underlay network to the overlay network. The virtual network of the embodiment does not need to establish a plurality of additional devices on each service host, thereby saving a large amount of memory occupied by the host due to the establishment of the devices.

Description

Virtual network data exchange method and device
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a virtual network data exchange method and device.
Background
With the continuous innovation and development of internet technology, an important capability for cloud computing service providers is to provide virtual Private cloud vpc (virtual Private cloud) service to isolate virtual machines vm (virtual machine) of many users in a manner that facilitates migration of failures. For the tunnel technology mainly applied at present, the public service needs to support the tunnel that encapsulates the traffic of each user VPC to its corresponding VPC, and completes the switching of the user data stream from the physical network underlay to the virtual network overlay in the tunnel, whereas for the data stream that enters the public service from the VM in the user VPC, the public service needs to support the tunnel that decapsulates the data stream to the corresponding VPC of each user, and completes the switching of the user data stream from the overlay to the underlay.
To realize the exchange of data streams between an underlay and an overlay, two main schemes currently exist: first, the exchange of data streams between an underlay and an overlay is achieved by creating a specialized device on the host to encapsulate and de-encapsulate the tunnel data stream. However, because each device only encapsulates/decapsulates the data stream of a tunnel corresponding to one VPC, and the public service supports thousands of VPCs, a large number of tunnel devices need to be created on each public service host, a large amount of memory of the host is occupied, and query, configuration and statistics of the data stream are very difficult in the large number of tunnel devices according to VPC information, which makes operation and maintenance very difficult in a scenario of creating a large number of tunnel devices, and in addition, because of lack of an interface for direct invocation of available supply, it becomes very difficult to set a data stream exchange rule for maintaining a large number of VPCs in a cloud computing multi-tenant scenario; secondly, creating an independent protocol stack, dynamically managing tunnel information of each VPC in the protocol stack, and encapsulating and decapsulating data streams according to the information to realize dynamic conversion of the data streams between an underlay network and an overlay network, but for each public service, creating one set of protocol stack independently and supporting development difficulty of data stream exchange in the protocol stack is high, and later maintenance cost is very high.
Disclosure of Invention
The embodiment of the disclosure provides a virtual network data exchange method and device.
In a first aspect, an embodiment of the present disclosure provides a virtual network data exchange method, where the method includes: responding to the received service request, taking the virtual IP address of the target virtual machine of the service request as the target IP address of the service request, taking the IP address of the source host machine of the service request as the source IP address of the service request, and sending a data packet corresponding to the service request to the exchange kernel, wherein the virtual IP address of the target virtual machine is different from the real IP address of the target virtual machine which needs to be accessed by the service request; in the exchange kernel, inquiring an outbound transmission rule represented by a virtual IP address of a target virtual machine according to a preconfigured outbound rule table, wherein the outbound rule table comprises a transmission rule of data from an underlay network to an overlay network, and the outbound transmission rule comprises a data encapsulation protocol and transmission path information of the data from the underlay network to the overlay network; and according to the outgoing transmission rule, encapsulating the data packet corresponding to the service request and then sending the encapsulated data packet from the underlay network to the overlay network.
In some embodiments, the data packet corresponding to the service request is encapsulated by: updating the target IP address of the mapped service request into the IP address of a target virtual machine of the service request in the VPC based on a Linux protocol stack, and updating the source IP address of the mapped service request into the IP address of a source host of the service request in the VPC, wherein the IP address of the source host of the service request in the VPC is different from other IP addresses in the VPC which can be accessed in the virtual machine; the MAC address of the target virtual machine is used as a target MAC address, and the MAC address of the source host of the service request is used as a source MAC address to package an MAC frame header for a data packet corresponding to the mapped service request; and taking the IP address of the host machine where the target virtual machine is located as a tunnel target IP address, taking the network identifier of the target virtual machine in the VPC as a tunnel identifier, taking the IP address of the source host machine as a tunnel source IP address, and encapsulating a tunnel header in the corresponding data packet of the mapped service request.
In some embodiments, after the data packet corresponding to the service request is encapsulated and then sent from the underlay network to the overlay network according to the outbound transmission rule, the method further includes: in response to receiving a response request of a service request returned by the overlay network to the underlay network, inquiring an ingress transmission rule represented by an IP address of a target virtual machine in a VPC, an IP address of a host machine where the target virtual machine is located and a network identifier of the target virtual machine in the VPC according to a pre-configured ingress rule table, wherein the ingress rule table comprises a transmission rule of data from the overlay network to the underlay network, and the ingress transmission rule comprises a data decapsulation protocol and transmission path information of the data from the overlay network to the underlay network; and according to the incoming transmission rule, decapsulating the data packet corresponding to the response request and then sending the decapsulated data packet to the underlay network from the overlay network.
In some embodiments, the corresponding data packet is decapsulated in response to the request by: based on a Linux protocol stack, taking an IP address of a source host machine as a tunnel destination IP address, taking an IP address of a host machine where a destination virtual machine is located as a tunnel source IP address, and removing a tunnel header of a data packet corresponding to a mapped response request; taking the MAC address of the source host machine of the service request as a target MAC address, taking the MAC address of the target virtual machine as a source MAC address, and removing the MAC frame header of the data packet corresponding to the mapped response request; and updating the destination IP address of the data packet corresponding to the mapped response request into the IP address of the source host machine of the service request, and updating the source IP address of the data packet corresponding to the mapped response request into the virtual IP address of the destination virtual machine of the service request.
In some embodiments, the outbound transport rule characterized by the virtual IP address of the destination virtual machine according to the preconfigured outbound rule table includes: searching whether a virtual IP address of a target virtual machine exists in the outbound rule table according to a hash function corresponding to the outbound rule table; in response to the presence, an outbound transport rule characterized by the virtual IP address of the destination virtual machine is extracted in an outbound rule table.
In some embodiments, according to a pre-configured ingress rule table, querying an ingress transmission rule characterized by an IP address of a destination virtual machine in a VPC, an IP address of a host where the destination virtual machine is located, and a network identifier of the destination virtual machine in the VPC, includes: according to a hash function corresponding to the entry rule table, whether the IP address of the target virtual machine in the VPC, the IP address of a host machine where the target virtual machine is located and the associated information of the network identifier of the target virtual machine in the VPC exist or not is searched in the entry rule table; and responding to the existence, extracting the inbound transmission rule characterized by the associated information of the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the network identifier of the destination virtual machine in the VPC from the inbound rule table.
In a second aspect, an embodiment of the present disclosure provides a virtual network data switching apparatus, including: the system comprises a sending unit, an outbound query unit and an outbound switching unit, wherein the sending unit is configured to respond to receiving a service request, use a virtual IP address of a target virtual machine of the service request as a target IP address of the service request, use a source host IP address of the service request as a source IP address of the service request, and send a data packet corresponding to the service request to a switching kernel, wherein the virtual IP address of the target virtual machine is different from a real IP address of the target virtual machine to be accessed by the service request; the outbound query unit is configured to query an outbound transmission rule represented by a virtual IP address of a destination virtual machine according to a preconfigured outbound rule table in the switching kernel, wherein the outbound rule table comprises a transmission rule of data from an underlay network to an overlay network, and the outbound transmission rule comprises a data encapsulation protocol and transmission path information of the data from the underlay network to the overlay network; and the outgoing switching unit is configured to encapsulate the data packet corresponding to the service request and then send the encapsulated data packet to the overlay network from the underlay network according to the outgoing transmission rule.
In some embodiments, the egress switching unit further comprises: the outbound updating sub-module is configured to update the mapped destination IP address of the service request to the IP address of the destination virtual machine of the service request in the VPC and update the mapped source IP address of the service request to the IP address of the source host of the service request in the VPC based on a Linux protocol stack, wherein the IP address of the source host of the service request in the VPC is different from other IP addresses in the VPC which can be accessed by the virtual machines; the encapsulation MAC header sub-module is configured to encapsulate an MAC header of a data packet corresponding to the mapped service request by taking the MAC address of the destination virtual machine as a destination MAC address and taking the MAC address of a source host of the service request as a source MAC address; and the encapsulation tunnel header submodule is configured to use the IP address of the host machine where the destination virtual machine is located as a tunnel destination IP address, use the network identifier of the destination virtual machine in the VPC as a tunnel identifier, use the IP address of the source host machine as a tunnel source IP address, and encapsulate a tunnel header in the corresponding data packet of the mapped service request.
In some embodiments, the apparatus further comprises: the inbound query unit is configured to respond to a response request of receiving a service request returned by an overlay network to an underlay network, and query an inbound transmission rule characterized by an IP address of a target virtual machine in a VPC, an IP address of a host machine where the target virtual machine is located and a network identifier of the target virtual machine in the VPC according to a preconfigured inbound transmission rule table, wherein the inbound transmission rule table comprises a transmission rule of data from the overlay network to the underlay network, and the inbound transmission rule comprises a data decapsulation protocol and transmission path information of the data from the overlay network to the underlay network; and the ingress switching unit is configured to send the data packet corresponding to the response request to the underlay network after decapsulating according to the ingress transmission rule.
In some embodiments, the inbound switching unit comprises: the tunnel header removing sub-module is configured to remove a tunnel header of a data packet corresponding to the mapped response request based on a Linux protocol stack by taking the IP address of a source host machine as a tunnel destination IP address and taking the IP address of a host machine where a destination virtual machine is located as a tunnel source IP address; the MAC header removing sub-module is configured to remove the MAC frame header of the data packet corresponding to the mapped response request by using the MAC address of the source host of the service request as a destination MAC address and the MAC address of the destination virtual machine as a source MAC address; and the inbound updating submodule is configured to update the destination IP address of the data packet corresponding to the mapped response request to the source host IP address of the service request, and update the source IP address of the data packet corresponding to the mapped response request to the virtual IP address of the destination virtual machine of the service request.
In some embodiments, the outbound query unit comprises: the outbound query submodule is configured to search whether the virtual IP address of the target virtual machine exists in the outbound rule table according to the hash function corresponding to the outbound rule table; an egress extraction submodule configured to extract, in response to the presence, an egress transmission rule characterized by the virtual IP address of the destination virtual machine in an egress rule table.
In some embodiments, the inbound query unit comprises: the entry query submodule is configured to search whether the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the associated information of the network identifier of the destination virtual machine in the VPC exist in the entry rule table according to the hash function corresponding to the entry rule table; and the inbound extraction submodule is configured to extract the inbound transmission rule characterized by the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the association information of the network identifier of the destination virtual machine in the VPC in the inbound rule table in response to the existence.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors, cause the one or more processors to implement the method as described in any of the implementations of the first aspect.
In a fourth aspect, an embodiment of the present disclosure provides a computer-readable medium on which a computer program is stored, wherein the computer program, when executed by a processor, implements the method as described in any implementation manner of the first aspect.
According to the virtual network data exchange method and device provided by the embodiment of the disclosure, the outbound transmission rule represented by the virtual IP address of the target virtual machine is inquired according to the preconfigured outbound transmission rule table, and then the data packet corresponding to the service request is encapsulated and sent to the overlay network from the underlay network according to the outbound transmission rule.
Drawings
Other features, objects and advantages of the disclosure will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram in which some embodiments of the present disclosure may be applied;
FIG. 2 is a flow diagram of one embodiment of a virtual network data exchange method according to the present disclosure;
fig. 3 is a schematic structural diagram of an application scenario of a virtual network data exchange method according to an embodiment of the present disclosure;
FIG. 4 is a flow diagram of yet another embodiment of a virtual network data exchange method according to the present disclosure;
FIG. 5 is a schematic block diagram of one embodiment of a virtual network data switching apparatus according to the present disclosure;
FIG. 6 is a schematic structural diagram of an electronic device suitable for use in implementing embodiments of the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that, in the present disclosure, the embodiments and features of the embodiments may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 illustrates an exemplary system architecture 100 of a virtual network data exchange method and apparatus to which embodiments of the present disclosure may be applied.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal apparatuses 101, 102, and 103 may be hardware or software. When the terminal devices 101, 102, 103 are hardware, they may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, laptop portable computers, desktop computers, and the like. When the terminal apparatuses 101, 102, 103 are software, they can be installed in the electronic apparatuses listed above. It may be implemented, for example, as multiple software or software modules to provide distributed services, or as a single software or software module. And is not particularly limited herein.
The server 105 may be a server providing various services, such as a host providing virtual network support for service requests of the terminal devices 101, 102, 103. The host may have a pre-created virtual machine, the virtual machine may be located in a VPC corresponding to a user who makes a service request, and the host may process data such as the received service request and feed back a processing result (for example, a data packet corresponding to a response request) to the terminal device.
It should be noted that the virtual network data exchange method provided by the embodiment of the present disclosure is generally executed by the server 105.
The server may be hardware or software. When the server is hardware, it may be implemented as a distributed server cluster formed by multiple servers, or may be implemented as a single server. When the server is software, it may be implemented as multiple pieces of software or software modules, for example, to provide distributed services, or as a single piece of software or software module. And is not particularly limited herein.
With continued reference to fig. 2, a flow 200 of one embodiment of a virtual network data exchange method according to the present disclosure is shown. The virtual network data exchange method comprises the following steps:
step 201, in response to receiving the service request, using the virtual IP address of the destination virtual machine of the service request as the destination IP address of the service request, and using the IP address of the source host of the service request as the source IP address of the service request to send a data packet corresponding to the service request to the switch kernel.
In this embodiment, an execution main body (for example, a server shown in fig. 1) of the virtual network data exchange method may receive a service request from a user terminal through a wired connection manner or a wireless connection manner, and when receiving the service request, take a virtual IP address of a destination virtual machine of the service request as a destination IP address of the service request, take a source host IP address of the service request as a source IP address of the service request, and send a data packet corresponding to the service request to a switch kernel, where the virtual IP address of the destination virtual machine is different from a real IP address of a destination virtual machine to be accessed by the service request, and the virtual IP address of the destination virtual machine may be configured when creating the destination virtual machine. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G/5G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future. The service request includes: add requests, delete requests, query requests, and analyze requests.
Step 202, in the switching kernel, according to the pre-configured outbound transmission rule table, the outbound transmission rule represented by the virtual IP address of the destination virtual machine is inquired.
In this embodiment, based on the virtual IP address of the destination virtual machine in step 201, the execution main body (for example, the server shown in fig. 1) may find, in a pre-configured outbound rule table, a data transmission rule characterized by the virtual IP address of the destination virtual machine as a key, where the outbound rule table includes a transmission rule for data from an underlay network to an overlay network, the outbound rule includes a data encapsulation protocol and transmission path information for data from the underlay network to the overlay network, and the outbound rule table may include: the IP address of the destination virtual machine, the IP address of the source host machine, the IP address of the destination virtual machine in the VPC, the IP address of the source host machine in the VPC, the MAC address of the destination virtual machine, the MAC address of the source host machine, the IP address of the destination virtual machine in the host machine and the network identifier of the destination virtual machine in the VPC.
Step 203, according to the outbound transmission rule, the data packet corresponding to the service request is encapsulated and then sent from the underlay network to the overlay network.
In this embodiment, the execution main body (for example, the server shown in fig. 1) may encapsulate the data packet corresponding to the service request according to the found outgoing-to-transmission rule, and send the encapsulated data packet from the physical network (i.e., the underlay network) to the virtual network (i.e., the overlay network).
In some optional implementations of this embodiment, the data packet corresponding to the service request is encapsulated as follows: updating the target IP address of the mapped service request into the IP address of a target virtual machine of the service request in the VPC based on a Linux protocol stack, and updating the source IP address of the mapped service request into the IP address of a source host of the service request in the VPC, wherein the IP address of the source host of the service request in the VPC is different from other IP addresses in the VPC which can be accessed in the virtual machine; the MAC address of the target virtual machine is used as a target MAC address, and the MAC address of the source host of the service request is used as a source MAC address to package an MAC frame header for a data packet corresponding to the mapped service request; and taking the IP address of the host machine where the target virtual machine is located as a tunnel target IP address, taking the network identifier of the target virtual machine in the VPC as a tunnel identifier, taking the IP address of the source host machine as a tunnel source IP address, and encapsulating a tunnel header in the corresponding data packet of the mapped service request. Based on a general Linux protocol stack technology, a unified interface which is convenient to call is provided, so that the exchange rule corresponding to the VPC with huge number of setting and maintenance becomes simple, and better development and operation and maintenance capabilities are achieved; the unified interface has higher portability and maintainability, does not need to develop and maintain a protocol stack independently, and reduces the development, operation and maintenance cost.
It should be noted that the above query method and the update method are well-known technologies that are widely researched and applied at present, and are not described herein again.
According to the method provided by the embodiment of the disclosure, the outbound transmission rule represented by the virtual IP address of the target virtual machine is inquired according to the preconfigured outbound transmission rule table, and then the data packet corresponding to the service request is encapsulated and sent to the overlay network from the underlay network according to the outbound transmission rule.
With continued reference to fig. 3, fig. 3 is a schematic diagram of an application scenario of the virtual network data exchange method according to the present embodiment. The host 302 first receives a data packet 303 of a service request sent from the terminal device 301, where a source IP address of the service request is an IP address 172.16.0.1 of the terminal device (i.e., a source host of the service request), and a destination IP address of the service request is a virtual IP address 240.0.0.1 of a destination virtual machine in the host 302, and sends the data packet corresponding to the service request to the switch kernel.
Next, in the switching kernel, the packet corresponding to the service request is analyzed, the virtual IP address 240.0.0.1 of the destination virtual machine is extracted, and the outbound transport rule represented by the virtual IP address of the destination virtual machine is looked up in the preconfigured outbound rule table.
And finally, encapsulating the data packet corresponding to the service request according to the searched out-direction transmission rule, and sending the encapsulated data packet to the overlay network from the underlay network.
According to the method provided by the embodiment of the disclosure, the outbound transmission rule represented by the virtual IP address of the target virtual machine is inquired according to the preconfigured outbound transmission rule table, and then the data packet corresponding to the service request is encapsulated and sent to the overlay network from the underlay network according to the outbound transmission rule.
With further reference to fig. 4, a flow 400 of yet another embodiment of a virtual network data exchange method is shown. The process 400 of the virtual network data exchange method includes the following steps:
step 401, in response to receiving the service request, using the virtual IP address of the destination virtual machine of the service request as the destination IP address of the service request, and using the IP address of the source host of the service request as the source IP address of the service request to send a data packet corresponding to the service request to the switch core.
Step 402, in the switching kernel, according to the pre-configured outbound transmission rule table, the outbound transmission rule represented by the virtual IP address of the destination virtual machine is inquired.
Step 403, according to the outbound transmission rule, sending the data packet corresponding to the service request from the underlay network to the overlay network after encapsulating the data packet.
In the embodiment, the specific operations of steps 401 to 403 are substantially the same as the operations of steps 201 to 203 in the embodiment shown in fig. 2, and are not repeated herein.
Step 404, in response to receiving a response request of the service request of the overlay network returned by the underlay network, querying an IP address of the destination virtual machine in the VPC, an IP address of a host where the destination virtual machine is located, and an entry-direction transmission rule represented by a network identifier of the destination virtual machine in the VPC according to a pre-configured entry-direction rule table.
In this embodiment, an executing main body (for example, a server shown in fig. 1) of the virtual network data exchange method may receive a response request returned from the overlay network to the underlay network based on the service request, and look up an ingress transmission rule of a data packet corresponding to the response request in a preconfigured ingress rule table according to association information of an IP address of a destination virtual machine in a VPC, an IP address of a host where the destination virtual machine is located, and a network identifier of the destination virtual machine in the VPC, where the ingress rule table includes a transmission rule of data from the overlay network to the underlay network, the ingress transmission rule includes a data decapsulation protocol and transmission path information of the data from the overlay network to the underlay network, and the ingress rule table may include: the IP address of the destination virtual machine, the IP address of the source host machine, the IP address of the destination virtual machine in the VPC, the IP address of the source host machine in the VPC, the MAC address of the destination virtual machine, the MAC address of the source host machine, the IP address of the destination virtual machine in the host machine and the network identifier of the destination virtual machine in the VPC.
The entry transmission rule for obtaining the data packet corresponding to the response request by searching the association information of the IP address of the target virtual machine in the VPC, the IP address of the host where the target virtual machine is located, and the network identifier of the target virtual machine in the VPC may be obtained by searching the entry rule table using the IP address of the target virtual machine in the VPC, the IP address of the host where the target virtual machine is located, and the network identifier of the target virtual machine in the VPC as keywords, and then associating the search rule table with the entry transmission rule corresponding to the data packet corresponding to the response request, or may be obtained by associating the IP address of the target virtual machine in the VPC, the IP address of the host where the target virtual machine is located, and the network identifier of the target virtual machine in the VPC as keywords, and then searching the entry transmission rule corresponding to the data packet corresponding to the response request.
Step 405, according to the incoming transmission rule, decapsulating the data packet corresponding to the response request and then sending the decapsulated data packet from the overlay network to the underlay network.
In this embodiment, the execution subject (for example, the server shown in fig. 1) may decapsulate the data packet corresponding to the response request according to the found inbound transmission rule, and send the decapsulated data packet from the overlay network to the underlay network.
In some optional implementations of this embodiment, the data packet corresponding to the response request is decapsulated in the following manner: based on a Linux protocol stack, taking an IP address of a source host machine as a tunnel destination IP address, taking an IP address of a host machine where a destination virtual machine is located as a tunnel source IP address, and removing a tunnel header of a data packet corresponding to a mapped response request; taking the MAC address of the source host machine of the service request as a target MAC address, taking the MAC address of the target virtual machine as a source MAC address, and removing the MAC frame header of the data packet corresponding to the mapped response request; and updating the destination IP address of the data packet corresponding to the mapped response request into the IP address of the source host machine of the service request, and updating the source IP address of the data packet corresponding to the mapped response request into the virtual IP address of the destination virtual machine of the service request. Based on a general Linux protocol stack technology, a unified interface which is convenient to call is provided, so that the exchange rule corresponding to the VPC with huge number of setting and maintenance becomes simple, and better development and operation and maintenance capabilities are achieved; the unified interface has higher portability and maintainability, does not need to develop and maintain a protocol stack independently, and reduces the development, operation and maintenance cost.
In some optional implementation manners of this embodiment, querying an egress transmission rule characterized by a virtual IP address of a destination virtual machine according to a preconfigured egress rule table includes: searching whether a virtual IP address of a target virtual machine exists in the outbound rule table according to a hash function corresponding to the outbound rule table; in response to the presence, an outbound transport rule characterized by the virtual IP address of the destination virtual machine is extracted in an outbound rule table.
In this embodiment, the execution body searches, according to the hash function, whether there is location information mapped by the virtual IP address of the destination virtual machine in an egress rule table, where the egress rule table is a hash table. By utilizing the hash table for inquiring, the required inquiry result is quickly and accurately positioned.
In some optional implementation manners of this embodiment, querying, according to a pre-configured ingress rule table, an ingress transmission rule characterized by an IP address of a destination virtual machine in a VPC, an IP address of a host where the destination virtual machine is located, and a network identifier of the destination virtual machine in the VPC includes: according to a hash function corresponding to the entry rule table, whether the IP address of the target virtual machine in the VPC, the IP address of a host machine where the target virtual machine is located and the associated information of the network identifier of the target virtual machine in the VPC exist or not is searched in the entry rule table; and responding to the existence, extracting the inbound transmission rule characterized by the associated information of the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the network identifier of the destination virtual machine in the VPC from the inbound rule table.
In this embodiment, the execution body searches, according to the hash function, in an outbound rule table, whether there is location information mapped by the association information of the IP address of the destination virtual machine in the VPC, the IP address of the host where the destination virtual machine is located, and the network identifier of the destination virtual machine in the VPC, where the outbound rule table is a hash table. By utilizing the hash table for inquiring, the required inquiry result is quickly and accurately positioned.
As can be seen from fig. 4, compared with the embodiment corresponding to fig. 2, the process 400 of the virtual network data exchange method in this embodiment is a virtual network data exchange method for a response request having feedback for a service request, and embodies steps of performing an out-direction rule table and an in-direction rule table query process by using a hash function, by querying, according to a pre-configured in-direction rule table, an IP address of a destination virtual machine in a VPC, an IP address of a host where the destination virtual machine is located, and an in-direction transmission rule characterized by a network identifier of the destination virtual machine in the VPC, decapsulating a data packet corresponding to the response request according to the in-direction transmission rule, and then sending the decapsulated data packet to an underlay network. Therefore, according to the scheme described in the embodiment, the hash table is used for querying, so that the required query result is quickly and accurately located, and the data processing efficiency is improved.
With further reference to fig. 5, as an implementation of the methods shown in the above-mentioned figures, the present disclosure provides an embodiment of a virtual network data exchange apparatus, where the apparatus embodiment corresponds to the method embodiment shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 5, the virtual network data exchange device 500 of the present embodiment includes: a sending unit 501, an outbound query unit 502 and an outbound switching unit 503. Wherein, the sending unit 501 is configured to, in response to receiving the service request, use a virtual IP address of a destination virtual machine of the service request as a destination IP address of the service request, and send a data packet corresponding to the service request to the switch kernel using a source host IP address of the service request as a source IP address of the service request, where the virtual IP address of the destination virtual machine is different from a real IP address of the destination virtual machine to be accessed by the service request; the outbound query unit 502 is configured to query an outbound transmission rule characterized by a virtual IP address of a destination virtual machine according to a preconfigured outbound rule table in the switching core, where the outbound rule table includes a transmission rule for data from an underlay network to an overlay network, and the outbound transmission rule includes a data encapsulation protocol and transmission path information for data from the underlay network to the overlay network; the outbound switching unit 503 is configured to encapsulate a data packet corresponding to the service request and send the encapsulated data packet from the underlay network to the overlay network according to the outbound transmission rule.
In this embodiment, specific processing of the sending unit 501, the outbound query unit 502, and the outbound switching unit 503 of the virtual network data switching apparatus 500 and technical effects brought by the processing can refer to the related descriptions of step 201 to step 203 in the embodiment corresponding to fig. 2, which are not described herein again.
In some optional implementations of this embodiment, the outbound switching unit of the apparatus further includes: the outbound updating sub-module is configured to update the mapped destination IP address of the service request to the IP address of the destination virtual machine of the service request in the VPC and update the mapped source IP address of the service request to the IP address of the source host of the service request in the VPC based on a Linux protocol stack, wherein the IP address of the source host of the service request in the VPC is different from other IP addresses in the VPC which can be accessed by the virtual machines; the encapsulation MAC header sub-module is configured to encapsulate an MAC header of a data packet corresponding to the mapped service request by taking the MAC address of the destination virtual machine as a destination MAC address and taking the MAC address of a source host of the service request as a source MAC address; and the encapsulation tunnel header submodule is configured to use the IP address of the host machine where the destination virtual machine is located as a tunnel destination IP address, use the network identifier of the destination virtual machine in the VPC as a tunnel identifier, use the IP address of the source host machine as a tunnel source IP address, and encapsulate a tunnel header in the corresponding data packet of the mapped service request.
In some optional implementations of this embodiment, the apparatus further includes: the inbound query unit is configured to respond to a response request of receiving a service request returned by an overlay network to an underlay network, and query an inbound transmission rule characterized by an IP address of a target virtual machine in a VPC, an IP address of a host machine where the target virtual machine is located and a network identifier of the target virtual machine in the VPC according to a preconfigured inbound transmission rule table, wherein the inbound transmission rule table comprises a transmission rule of data from the overlay network to the underlay network, and the inbound transmission rule comprises a data decapsulation protocol and transmission path information of the data from the overlay network to the underlay network; and the ingress switching unit is configured to send the data packet corresponding to the response request to the underlay network after decapsulating according to the ingress transmission rule.
In some optional implementations of this embodiment, the ingress switching unit of the apparatus includes: the tunnel header removing sub-module is configured to remove a tunnel header of a data packet corresponding to the mapped response request based on a Linux protocol stack by taking the IP address of a source host machine as a tunnel destination IP address and taking the IP address of a host machine where a destination virtual machine is located as a tunnel source IP address; the MAC header removing sub-module is configured to remove the MAC frame header of the data packet corresponding to the mapped response request by using the MAC address of the source host of the service request as a destination MAC address and the MAC address of the destination virtual machine as a source MAC address; and the inbound updating submodule is configured to update the destination IP address of the data packet corresponding to the mapped response request to the source host IP address of the service request, and update the source IP address of the data packet corresponding to the mapped response request to the virtual IP address of the destination virtual machine of the service request.
In some optional implementations of this embodiment, the outbound query unit of the apparatus includes: the outbound query submodule is configured to search whether the virtual IP address of the target virtual machine exists in the outbound rule table according to the hash function corresponding to the outbound rule table; an egress extraction submodule configured to extract, in response to the presence, an egress transmission rule characterized by the virtual IP address of the destination virtual machine in an egress rule table.
In some optional implementations of this embodiment, the incoming query unit of the apparatus includes: the entry query submodule is configured to search whether the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the associated information of the network identifier of the destination virtual machine in the VPC exist in the entry rule table according to the hash function corresponding to the entry rule table; and the inbound extraction submodule is configured to extract the inbound transmission rule characterized by the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the association information of the network identifier of the destination virtual machine in the VPC in the inbound rule table in response to the existence.
Referring now to fig. 6, a schematic diagram of an electronic device (e.g., the server or terminal device of fig. 1) 600 suitable for use in implementing embodiments of the present disclosure is shown. The terminal device in the embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like. The terminal device/server shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, electronic device 600 may include a processing means (e.g., central processing unit, graphics processor, etc.) 601 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM603, various programs and data necessary for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM 602, and the RAM603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 illustrates an electronic device 600 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in fig. 6 may represent one device or may represent multiple devices as desired.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 609, or may be installed from the storage means 608, or may be installed from the ROM 602. The computer program, when executed by the processing device 601, performs the above-described functions defined in the methods of embodiments of the present disclosure. It should be noted that the computer readable medium described in the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In embodiments of the present disclosure, however, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: responding to the received service request, taking the virtual IP address of the target virtual machine of the service request as the target IP address of the service request, and taking the IP address of the source host machine of the service request as the source IP address of the service request to send a data packet corresponding to the service request to the exchange kernel; in the exchange kernel, inquiring an outbound transmission rule represented by the virtual IP address of the target virtual machine according to a preconfigured outbound rule table; and according to the outgoing transmission rule, encapsulating the data packet corresponding to the service request and then sending the encapsulated data packet from the underlay network to the overlay network.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes a sending unit, an outbound query unit, and an outbound switching unit. The names of these units do not constitute a limitation on the units themselves in some cases, for example, the sending unit may also be described as "in response to receiving the service request, sending a packet corresponding to the service request to the switching core by using the virtual IP address of the destination virtual machine of the service request as the destination IP address of the service request and using the source and destination IP addresses of the service request as the source IP address of the service request".
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is made without departing from the inventive concept as defined above. For example, the above features and (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (14)

1. A virtual network data exchange method, comprising:
responding to a received service request, using a virtual IP address of a target virtual machine of the service request as a target IP address of the service request, and using an IP address of a source host machine of the service request as a source IP address of the service request to send a data packet corresponding to the service request to a switching kernel, wherein the virtual IP address of the target virtual machine is different from a real IP address of the target virtual machine to be accessed by the service request;
in the exchange kernel, inquiring an outbound transmission rule represented by the virtual IP address of the destination virtual machine according to a preconfigured outbound rule table, wherein the outbound rule table comprises a transmission rule of data from an underlay network to an overlay network, and the outbound transmission rule comprises a data encapsulation protocol and transmission path information of the data from the underlay network to the overlay network;
and according to the outbound transmission rule, transmitting the data packet corresponding to the service request from the underlay network to the overlay network after encapsulating the data packet.
2. The virtual network data switching method of claim 1, wherein the service request corresponds to a data packet encapsulated by:
updating the mapped destination IP address of the service request into the IP address of the destination virtual machine of the service request in the VPC and updating the mapped source IP address of the service request into the IP address of the source host of the service request in the VPC based on a Linux protocol stack, wherein the IP address of the source host of the service request in the VPC is different from other IP addresses in the VPC which can be accessed by the virtual machine;
taking the MAC address of the target virtual machine as a target MAC address, and taking the MAC address of a source host of the service request as a source MAC address to package an MAC frame header for a data packet corresponding to the mapped service request;
and taking the IP address of the host machine where the destination virtual machine is located as a tunnel destination IP address, taking the network identifier of the destination virtual machine in the VPC as a tunnel identifier, taking the IP address of the source host machine as a tunnel source IP address, and encapsulating a tunnel header in the mapped data packet corresponding to the service request.
3. The virtual network data exchange method according to claim 2, wherein after the encapsulating the data packet corresponding to the service request according to the outbound transport rule and sending the encapsulated data packet from the underlay network to the overlay network, the method further comprises:
in response to receiving a response request of the service request returned by the overlay network to the underlay network, inquiring an entry-direction transmission rule represented by an IP address of the target virtual machine in the VPC, an IP address of a host machine where the target virtual machine is located and a network identifier of the target virtual machine in the VPC according to a pre-configured entry-direction rule table, wherein the entry-direction rule table comprises a transmission rule of data from the overlay network to the underlay network, and the entry-direction transmission rule comprises a data decapsulation protocol and transmission path information of the data from the overlay network to the underlay network;
and according to the incoming transmission rule, decapsulating the data packet corresponding to the response request and then sending the decapsulated data packet to the underlay network from the overlay network.
4. The virtual network data switching method of claim 3, wherein the response requests the corresponding data packet to be decapsulated by:
based on a Linux protocol stack, taking the IP address of the source host machine as a tunnel destination IP address, taking the IP address of the host machine where the destination virtual machine is located as a tunnel source IP address, and removing a tunnel header of a data packet corresponding to the mapped response request;
taking the MAC address of the source host of the service request as a destination MAC address, taking the MAC address of the destination virtual machine as a source MAC address, and removing the MAC frame header of the data packet corresponding to the mapped response request;
and updating the destination IP address of the data packet corresponding to the mapped response request to the IP address of the source host machine of the service request, and updating the source IP address of the data packet corresponding to the mapped response request to the virtual IP address of the destination virtual machine of the service request.
5. The virtual network data exchange method according to claim 1, wherein the querying the outbound transport rule characterized by the virtual IP address of the destination virtual machine according to the preconfigured outbound rule table includes:
searching whether the virtual IP address of the target virtual machine exists in the outbound rule table according to the hash function corresponding to the outbound rule table;
in response to the presence, an outbound transport rule characterized by the virtual IP address of the destination virtual machine is extracted in the outbound rule table.
6. The virtual network data exchange method according to claim 3, wherein the querying, according to a preconfigured ingress rule table, an ingress transmission rule characterized by the IP address of the destination virtual machine in the VPC, the IP address of the host where the destination virtual machine is located, and the network identifier of the destination virtual machine in the VPC includes:
according to a hash function corresponding to the entry rule table, searching whether the IP address of the target virtual machine in the VPC, the IP address of a host machine where the target virtual machine is located and the associated information of the network identifier of the target virtual machine in the VPC exist in the entry rule table;
and in response to the existence, extracting the inbound transmission rule characterized by the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the association information of the network identifier of the destination virtual machine in the VPC from the inbound rule table.
7. A virtual network data switching apparatus, comprising:
the sending unit is configured to respond to a received service request, use a virtual IP address of a target virtual machine of the service request as a target IP address of the service request, and use a source host machine IP address of the service request as a source IP address of the service request to send a data packet corresponding to the service request to a switching kernel, wherein the virtual IP address of the target virtual machine is different from a real IP address of the target virtual machine to be accessed by the service request;
an outbound query unit configured to query, in the switch core, an outbound transmission rule characterized by the virtual IP address of the destination virtual machine according to a preconfigured outbound rule table, where the outbound rule table includes a transmission rule for data from an underlay network to an overlay network, and the outbound transmission rule includes a data encapsulation protocol and transmission path information for data from the underlay network to the overlay network;
and the outgoing switching unit is configured to encapsulate the data packet corresponding to the service request and then send the encapsulated data packet to the overlay network from the underlay network according to the outgoing transmission rule.
8. The virtual network data switching apparatus of claim 7, the egress switching unit, further comprising:
an outbound update sub-module configured to update the mapped destination IP address of the service request to the IP address of the destination virtual machine of the service request in the VPC based on a Linux protocol stack, and update the mapped source IP address of the service request to the IP address of the source host of the service request in the VPC, wherein the IP address of the source host of the service request in the VPC is different from other IP addresses in the VPC accessible within the virtual machine;
an encapsulating MAC header sub-module configured to encapsulate an MAC header of a packet corresponding to the service request mapped by using the MAC address of the destination virtual machine as a destination MAC address and using the MAC address of a source host of the service request as a source MAC address;
and the encapsulation tunnel header submodule is configured to use the IP address of the host where the destination virtual machine is located as a tunnel destination IP address, use the network identifier of the destination virtual machine in the VPC as a tunnel identifier, use the source host IP address as a tunnel source IP address, and encapsulate a tunnel header in the mapped data packet corresponding to the service request.
9. The virtual network data switching apparatus of claim 8, the apparatus further comprising:
the inbound query unit is configured to query an inbound transmission rule characterized by an IP address of the destination virtual machine in a VPC, an IP address of a host where the destination virtual machine is located and a network identifier of the destination virtual machine in the VPC according to a preconfigured inbound transmission rule table in response to receiving a response request of the service request returned by the overlay network to the underlay network by the overlay network, wherein the inbound transmission rule table comprises a transmission rule of data from the overlay network to the underlay network, and the inbound transmission rule comprises a data decapsulation protocol and transmission path information of the data from the overlay network to the underlay network;
and the ingress switching unit is configured to decapsulate the data packet corresponding to the response request and then send the decapsulated data packet to the underlay network from the overlay network according to the ingress transmission rule.
10. The virtual network data switching apparatus of claim 9, the ingress switching unit, comprising:
a tunnel header removing sub-module configured to remove the mapped tunnel header of the data packet corresponding to the response request based on a Linux protocol stack, with the IP address of the source host as a tunnel destination IP address, and with the IP address of the host where the destination virtual machine is located as a tunnel source IP address;
a MAC header removing sub-module configured to remove a MAC header of a packet corresponding to the mapped response request by using a MAC address of a source host of the service request as a destination MAC address and a MAC address of the destination virtual machine as a source MAC address;
and the in-direction updating submodule is configured to update the destination IP address of the data packet corresponding to the mapped response request to the source host IP address of the service request, and update the source IP address of the data packet corresponding to the mapped response request to the virtual IP address of the destination virtual machine of the service request.
11. The virtual network data switching apparatus of claim 7, wherein the outbound query unit comprises:
the outbound query submodule is configured to search whether the virtual IP address of the target virtual machine exists in the outbound rule table according to a hash function corresponding to the outbound rule table;
an egress extraction submodule configured to extract, in response to a presence, an egress transmission rule characterized by a virtual IP address of the destination virtual machine in the egress rule table.
12. The virtual network data switching apparatus of claim 9, wherein the inbound query unit comprises:
the entry query submodule is configured to search whether the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the associated information of the network identifier of the destination virtual machine in the VPC exist in the entry rule table according to a hash function corresponding to the entry rule table;
and the inbound extraction submodule is configured to extract the inbound transmission rule characterized by the IP address of the destination virtual machine in the VPC, the IP address of the host machine where the destination virtual machine is located and the association information of the network identifier of the destination virtual machine in the VPC in the inbound rule table in response to existence.
13. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-6.
14. A computer-readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method of any one of claims 1-6.
CN201911302290.4A 2019-12-17 2019-12-17 Virtual network data exchange method and device Active CN112995005B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911302290.4A CN112995005B (en) 2019-12-17 2019-12-17 Virtual network data exchange method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911302290.4A CN112995005B (en) 2019-12-17 2019-12-17 Virtual network data exchange method and device

Publications (2)

Publication Number Publication Date
CN112995005A CN112995005A (en) 2021-06-18
CN112995005B true CN112995005B (en) 2022-02-25

Family

ID=76342265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911302290.4A Active CN112995005B (en) 2019-12-17 2019-12-17 Virtual network data exchange method and device

Country Status (1)

Country Link
CN (1) CN112995005B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992404B (en) * 2021-10-27 2023-11-10 北京天融信网络安全技术有限公司 Attack evidence recording method and device
CN114697326B (en) * 2022-03-17 2024-04-30 浪潮云信息技术股份公司 Method for polygonal communication in edge computing scene

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161259A (en) * 2015-03-27 2016-11-23 杭州华三通信技术有限公司 The multicast data packet forwarding method and apparatus of virtual extended LAN VXLAN
CN107733670A (en) * 2016-08-11 2018-02-23 新华三技术有限公司 A kind of forwarding strategy collocation method and device
CN108429680A (en) * 2018-03-07 2018-08-21 北京优帆科技有限公司 A kind of method for configuring route, system, medium and equipment based on virtual private cloud
CN109218258A (en) * 2017-06-30 2019-01-15 华为技术有限公司 Data pack transmission method and gateway
CN110191042A (en) * 2019-05-21 2019-08-30 新华三技术有限公司 A kind of message forwarding method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9717021B2 (en) * 2008-07-03 2017-07-25 Silver Peak Systems, Inc. Virtual network overlay

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161259A (en) * 2015-03-27 2016-11-23 杭州华三通信技术有限公司 The multicast data packet forwarding method and apparatus of virtual extended LAN VXLAN
CN107733670A (en) * 2016-08-11 2018-02-23 新华三技术有限公司 A kind of forwarding strategy collocation method and device
CN109218258A (en) * 2017-06-30 2019-01-15 华为技术有限公司 Data pack transmission method and gateway
CN108429680A (en) * 2018-03-07 2018-08-21 北京优帆科技有限公司 A kind of method for configuring route, system, medium and equipment based on virtual private cloud
CN110191042A (en) * 2019-05-21 2019-08-30 新华三技术有限公司 A kind of message forwarding method and device

Also Published As

Publication number Publication date
CN112995005A (en) 2021-06-18

Similar Documents

Publication Publication Date Title
CN104301373B (en) Via the synchronous sending out notice of file-sharing service
US11016716B2 (en) Picture interface display method and apparatus according to jump protocol
CN109150677B (en) Cross-domain access processing method and device and electronic equipment
KR20140057553A (en) - virtualization gateway between virtualized and non-virtualized networks
US20230071561A1 (en) Wireless communication method and apparatus, device, storage medium, and computer program product
CN111580879A (en) Applet running method and device, electronic equipment and computer storage medium
US20140025695A1 (en) Methods and apparatus for providing unified access to various data resources using virtualized services
CN112995005B (en) Virtual network data exchange method and device
CN110177047B (en) Message sending method, device, electronic equipment and computer readable storage medium
CN112202744B (en) Multi-system data communication method and device
US20220366066A1 (en) Display method, display device, and electronic device
CN115174123A (en) SA5G network-oriented user tracing association method and system
CN113162836B (en) Virtual local area network communication method and device, cloud server, medium and electronic equipment
CN110489474B (en) Data processing method, device, medium and electronic equipment
CN109981546B (en) Method and device for acquiring remote call relation between application modules
CN114513552A (en) Data processing method, device, equipment and storage medium
WO2024066757A1 (en) Data frame transmission method and apparatus, and readable storage medium
WO2019192128A1 (en) Webpage access method and apparatus
CN110708238B (en) Method and apparatus for processing information
CN109005250B (en) Method and device for accessing server
JP2020004380A (en) Wearable device, information processing method, device and system
US11277300B2 (en) Method and apparatus for outputting information
CN104424260A (en) Browser information sharing method and device
WO2021155498A1 (en) Data reading method and terminal
CN112306984A (en) Data source routing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant