WO2023202241A1

WO2023202241A1 - Communication method and related product

Info

Publication number: WO2023202241A1
Application number: PCT/CN2023/079651
Authority: WO
Inventors: 张伟; 张永明; 黄毽
Original assignee: 华为云计算技术有限公司
Priority date: 2022-04-21
Filing date: 2023-03-03
Publication date: 2023-10-26
Also published as: CN116980476A

Abstract

Provided in the present application are a communication method and a related product. The method comprises: a first network proxy establishing a first virtual channel on a communication channel between same and a second network proxy, wherein the first network proxy is responsible for access to a first service, the second network proxy is responsible for access to a second service, the first virtual channel is used for transmitting a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, and the current identifier of the first virtual channel is a first identifier; and then, the first network proxy changing the identifier of the first virtual channel from the first identifier to a second identifier, wherein the length of the second identifier is less than the length of the first identifier. In this way, more service data can be carried in a communication message, which is transmitted by means of a first virtual channel, such that the efficiency of communication between a first service and a second service can be improved.

Description

A communication method and related products

This application claims priority to the Chinese patent application filed with the China Patent Office on April 21, 2022, with application number 202210423516.1 and application title "A communication method and related products", the entire content of which is incorporated into this application by reference. .

Technical field

This application relates to the field of cloud computing technology, and in particular, to a communication method and related products.

Background technique

In cloud computing scenarios, the scale of applications continues to grow. An application is often composed of multiple application services, and multiple application services use service mesh technology to implement calls to each other. Based on service mesh technology, client application services and server application services need to communicate through client proxies and server proxies, which increases the communication delay between client application services and server application services.

In order to reduce the communication delay between the two, the main methods currently used are: ① Use a new application layer protocol between the client agent and the server agent, such as: Hypertext Transfer Protocol 2 (Hypertext Transfer Protocol 2) , HTTP2), low-latency Internet connection (quick user datagram protocol Internet connection) protocol and proxy protocol (proxyprotocol) based on user datagram protocol to proxy the default application layer protocol, that is, the client's application service and the server's application service The negotiated application layer protocol can reduce the number of transmission control protocol (TCP) connections established between the client's application service and the server's application service, thereby reducing the communication delay between the two. ② Use the kernel connection multiplexer (KCM) protocol to increase the rate at which the client's application service and the server's application service send and receive TCP messages, thereby reducing the communication delay between the two. However, both of the above methods have the problem of limited scope of use.

Therefore, how to improve the communication efficiency between application services is still an urgent problem to be solved.

Contents of the invention

This application provides a communication method and related products, which can improve the communication efficiency between services.

In a first aspect, this application provides a communication method, which method includes: a first network agent establishing a first virtual channel on a communication channel with a second network agent, wherein the first network agent is responsible for the first service Access, the second network agent is responsible for access to the second service, the first virtual channel is used to transmit communication messages between the first service and the second service, the communication message carries the identification of the first virtual channel, the current The identification of a virtual channel is the first identification. Afterwards, the first network agent changes the identity of the first virtual channel from the first identity to a second identity, where the length of the second identity is less than the length of the first identity. In this way, the communication message transmitted through the first virtual channel can carry more business data, thereby improving the communication efficiency between the first service and the second service.

In a possible implementation of the first aspect, the second identification is an identification of a second virtual channel on the communication channel.

In a possible implementation of the first aspect, when one or more of the following conditions are met, the first network agent changes the identity of the first virtual channel from the first identity to the second identity: transmission on the first virtual channel The priority of the service data is higher than the priority of the service data transmitted on the second virtual channel, and the efficiency of transmitting the service data on the first virtual channel is lower than the efficiency of transmitting the service data on the second virtual channel. In this way, it can be guaranteed that the identification of the first virtual channel is changed from the first identification After changing to the second ID, the services on the second virtual channel will not be greatly affected.

In a possible implementation of the first aspect, the second network proxy stores a first mapping relationship between the identifier of the first virtual channel and the identifier of the second service, where the first mapping relationship is used to indicate the second The network proxy forwards the service data from the first virtual channel to the second service. In this way, when the second network agent receives the communication message from the first virtual channel, it can determine to forward the business data in the message to the second service based on the identification of the first virtual channel in the message. That is to say, The second network agent can forward the business data in the above message to the second service without parsing it, which improves the efficiency of sending business data, thereby improving the communication efficiency between the first service and the second service.

In a possible implementation of the first aspect, the first network proxy stores a second mapping relationship between the identifier of the first virtual channel and the identifier of the first service, where the second mapping relationship is used to indicate the first The network agent forwards the service data from the first virtual channel to the first service. The above-mentioned first network agent changes the identification of the first virtual channel from the first identification to the second identification, including: the first network agent changes the identification of the first virtual channel in the second mapping relationship from the first identification to the second identification. . In this way, when the first network agent receives the communication message from the first virtual channel, it can determine to forward the business data in the message to the first service based on the identification of the first virtual channel in the message. That is to say, The first network agent can forward the business data in the above message to the first service without parsing it, which improves the efficiency of sending business data, thereby improving the communication efficiency between the first service and the second service.

In a possible implementation manner of the first aspect, the above-mentioned first network agent changes the identity of the first virtual channel in the second mapping relationship from the first identity to the second identity, including: the first network agent changes the identity of the first virtual channel to the second identity. The network agent sends an identity change request, where the identity change request is used to instruct the second network agent to change the identity of the first virtual channel in the first mapping relationship from the first identity to the second identity. Afterwards, the first network agent changes the identifier carried in the communication message sent to the second network agent through the first virtual channel from the first identifier to the second identifier. Afterwards, the first network agent receives the identity change response returned by the second network agent, and changes the identity used to forward the service data from the first virtual channel to the first service from the first identity to the second identity based on the identity change response. In this way, the identity of the first virtual channel can be changed without affecting the use of the first virtual channel to transmit communication messages.

In a possible implementation of the first aspect, the communication channel is a TCP channel, and before the first network agent establishes the first virtual channel on the communication channel with the second network agent, the method further includes: first The network agent sends a TCP connection message to the second network agent to establish the above communication channel.

In another possible implementation of the first aspect, the above-mentioned communication channel is a TCP channel, and before the first network agent establishes the first virtual channel on the communication channel with the second network agent, the above-mentioned method further includes: A network agent establishes the communication channel based on the TCP connection message sent by the second network agent. In this way, the service (first service) in the public network can access the service (second service) in the private network.

In a possible implementation of the first aspect, the above-mentioned first network agent establishes a first virtual channel on the communication channel with the second network agent, including: in response to a message sent by the first service, the first network agent The agent establishes a first virtual channel, in which the message sent by the first service does not carry the business data sent by the first service to the second service. In this way, the first service and the second service can communicate using an application layer protocol such as MySQL. Such protocols require the second service (server) to push the first service (client) to send business data to it.

In a possible implementation of the first aspect, the above-mentioned first network agent establishes a first virtual channel on the communication channel with the second network agent, including: the first network agent sends a message to the second network through the above-mentioned communication channel. The agent sends a virtual connection message, where the virtual connection message includes an identifier of the first virtual channel and an identifier of the second service, and the virtual connection message is used to instruct the second network agent to establish a communication channel with the second service. In this way, when the first virtual channel is established, the second network agent is automatically triggered to establish a communication channel with the second service.

In a second aspect, this application provides a communication method, which is applied to a container system. The container system includes a first container system. The server, the second container, and the first network agent and the second network agent described in any of the foregoing first aspects and any implementation manner of the first aspect. Wherein, the first container runs the first service; the second container runs the second service; the first network agent establishes a first virtual channel on the communication channel with the second network agent, wherein the first network agent is responsible for the first service The second network agent is responsible for access to the second service. The first virtual channel is used to transmit communication messages between the first service and the second service. The communication message carries the identification of the first virtual channel. Currently, the first virtual channel is used to transmit communication messages between the first service and the second service. The identity of the virtual channel is a first identity; the first network agent changes the identity of the first virtual channel from the first identity to a second identity, where the length of the second identity is less than the length of the first identity. In this way, the communication message transmitted through the first virtual channel can carry more business data, thereby improving the communication efficiency between the first service and the second service.

In a possible implementation of the second aspect, the communication channel is a TCP channel. Before the first network agent establishes the first virtual channel on the communication channel with the second network agent, the method further includes: One network agent sends a TCP connection message to the second network agent to establish the above communication channel.

In a possible implementation of the second aspect, the communication channel is a TCP channel. Before the first network agent establishes the first virtual channel on the communication channel with the second network agent, the method further includes: The second network agent sends a TCP connection message to the first network agent to establish the above communication channel.

In a possible implementation of the second aspect, the above-mentioned first network agent establishes a first virtual channel on the communication channel with the second network agent, including: in response to a message sent by the first service, the first network agent The agent establishes a first virtual channel, in which the message sent by the first service does not carry the business data sent by the first service to the second service. In this way, the first service and the second service can communicate using an application layer protocol such as MySQL. Such protocols require the second service (server) to push the first service (client) to send business data to it.

In a third aspect, this application provides a first network agent. The first network agent includes a service access module, a channel establishment module, and an identity change module. Wherein, the business access module is used for accessing the first service; the channel establishment module is used for establishing a first virtual channel on the communication channel with the second network agent, wherein the second network agent is responsible for accessing the second service, The first virtual channel is used to transmit communication messages between the first service and the second service. The communication message carries the identifier of the first virtual channel. The current identifier of the first virtual channel is the first identifier; the identifier changing module is used to The identification of the first virtual channel is changed from the first identification to a second identification, where the length of the second identification is less than the length of the first identification.

In a fourth aspect, this application provides a container system, which includes a first container, a second container, a first network agent and a second network agent described in any of the foregoing first aspects and any implementation of the first aspect. Web proxy. Wherein, the first container is used to run the first service; the second container is used to run the second service; the second network agent is used to be responsible for access to the second service; the first network agent is used to be responsible for access to the first service, and in A first virtual channel is established on the communication channel with the second network agent, where the first virtual channel is used to transmit communication messages between the first service and the second service, and the communication messages carry the identification of the first virtual channel. , the current identifier of the first virtual channel is the first identifier, and the identifier of the first virtual channel is changed from the first identifier to the second identifier, where the length of the second identifier is smaller than the length of the first identifier.

In a fifth aspect, the present application provides a computing device. The computing device includes a processor and a memory. The processor executes the computer program code in the memory to implement the aforementioned first aspect and the part described in any implementation manner of the first aspect. Or all methods.

In a sixth aspect, the present application provides a computer-readable storage medium. The computer storage medium stores computer program code. When the computer program code is executed by a computing device, the computing device executes the aforementioned first aspect and any of the first aspects. An implementation describes some or all of the methods.

Description of the drawings

Figure 1 is a schematic structural diagram of an adjustment system provided by an embodiment of the present application;

Figure 2 is a schematic structural diagram of a distributed storage system provided by an embodiment of the present application;

Figure 3 is a schematic structural diagram of a container system provided by an embodiment of the present application;

Figure 4 is a schematic structural diagram of another container system provided by an embodiment of the present application;

Figure 5 is a schematic structural diagram of yet another container system provided by an embodiment of the present application;

Figure 6 is a schematic structural diagram of a Kubernetes container system provided by an embodiment of the present application;

Figure 7 is a schematic flowchart of a method for establishing a communication channel provided by an embodiment of the present application;

Figure 8 is a schematic flowchart of a communication method provided by an embodiment of the present application;

Figure 9 is a schematic flowchart of another communication method provided by an embodiment of the present application;

Figure 10 is a schematic flowchart of a method for changing the identity of a first virtual channel provided by an embodiment of the present application;

Figure 11 is a schematic flow chart of communication before and after changing the identity of the first virtual channel provided by an embodiment of the present application;

Figure 12 is a schematic structural diagram of a message transmitted based on the first virtual channel provided by an embodiment of the present application;

Figure 13 is a schematic structural diagram of a first network proxy provided by an embodiment of the present application;

Figure 14 is a schematic structural diagram of a computing device provided by an embodiment of the present application;

Figure 15 is a schematic structural diagram of a computing device system provided by an embodiment of the present application.

Detailed ways

In order to facilitate understanding of the technical solutions provided in this application, relevant terms are first explained before detailed description.

An application (APP) is a collection of computer programs written for a special application purpose of the user. Specifically, it can be a single application or a collection of multiple application programs. For example, an application can be an editor, etc. Applications can also be application software such as e-commerce systems and government and enterprise management systems.

Container technology is a kernel virtualization technology that can provide lightweight virtualization and facilitate the isolation of processes and resources. With the rapid development of container technology, the application's operating environment is isolated in units of containers, and the application's configuration information and operating environment are packaged and encapsulated together, and then orchestrated and managed through container cluster scheduling technology (such as Kubernetes) , has become a development trend, which can bring the deployment and life cycle management of large-scale applications, as well as the iterative development and online efficiency of applications to a new level. Therefore, more and more users choose to deploy their business on the cloud in the form of applications.

As the scale of applications continues to grow, an application often needs to be split into multiple application services. Multiple application services are deployed on multiple containers, and multiple application services work together to realize the functions of the application. Application services in this application refer to application-related services, which can be understood as software systems used to complete one or more specific business functions. In one implementation, a microservice architecture (such as Spring Cloud, Dubbo) can be used to split the application into several application services. It should be noted that the application services split from the microservice architecture are also called microservices (microservices). Each microservice is decoupled from each other and can be independently replaced, upgraded, and scaled. Therefore, using a microservice architecture not only helps developers update and maintain applications, but also allows other microservices to continue working when a single microservice fails, improving the stability of the application.

As the scale of the multiple application services that make up an application continues to grow, the complexity of calls between these application services also increases simultaneously. As a result, service mesh technology emerged. Service mesh technology is an application network technology based on the traditional Internet Protocol (IP) network. By assigning agents (also called sidecar processes) to application services, The non-functional service governance logic in application services is separated from the business process into the sidecar process, thereby providing connection, security, flow control, grayscale publishing and observation capabilities between application services in a non-invasive way, and achieving lightweight business and service governance basics Facilityization. As an implementation of service mesh technology, Istio implements communication between application services by using envoy as the sidecar of application services. Because envoy supports hot restart, dynamic configuration and plug-in structure, and also has complete service governance, flow control and observability capabilities, Istio is commonly used among application services to implement service governance.

In one possible implementation, as shown in Figure 1, for an application, a microservice architecture is used to split the application into multiple microservices, and multiple microservices are deployed on multiple containers. Kubernetes is used to The above multiple containers are managed and orchestrated, and Istio is used to implement service governance between multiple microservices. Taking into account the advantages of microservice architecture, container technology, container cluster scheduling technology and service grid technology, it can be determined that the above methods can not only simplify the deployment difficulty, maintenance and expansion difficulty of applications, but also improve the stability and reliability of applications. and usability to provide users with higher quality services. In addition, resources on the physical host can be utilized more efficiently. Therefore, many users currently choose to deploy applications on the cloud using the above methods.

It should be understood that there may be communication requirements between applications or between application services. In this application, communication between applications and communication between application services are collectively referred to as communication between services. Currently, application layer protocols commonly used between businesses include HTTP1 and relational database management system (MySQL), and transport layer protocols commonly used include TCP. For containerized applications that use service mesh technology to achieve communication, from a data plane perspective, the communication between the two also needs to go through a downstream proxy and an upstream proxy. Among them, the downstream agent is the agent of the party that sends the request (i.e., the client) and is used to be responsible for the client's communication; the upstream agent is the agent of the party that receives the request (i.e., the server) and is used to be responsible for the server's communication. communication. It is worth noting that "downstream agent" and "upstream agent" can have different names. For example, different standards, different versions of the same standard, different manufacturers, and different application scenarios can have different names for "downstream agent" and "upstream agent". Different names, for example, the term "downstream proxy" is sometimes also called "client proxy", and "upstream proxy" is sometimes called "server proxy".

As shown in Figure 2, in order to realize business communication between the client and the server, a TCP channel between the client and the server needs to be established first. The TCP channel between the client and the server consists of three sections: client The TCP channel with the downstream proxy, the TCP channel between the downstream proxy and the upstream proxy, and the TCP channel between the upstream proxy and the server, which causes the connection establishment time between the client and the server to be too long. In addition, a TCP channel can only handle one service request at the same time, and after a service request is completed, the TCP channel used to transmit the service request often needs to be disconnected. When communication between the client and the server is frequent, The communication delay between the two will gradually increase, causing a large number of business requests to fail due to response timeouts. This will have a greater impact on applications with high latency requirements (such as financial services and e-commerce services). To address this problem, although there are two methods commonly used in the existing technology (for details, please refer to the background art), which can reduce the communication delay between the client and the server to a certain extent, the scope of use of these two methods is very limited. limitations. For example, HTTP2 and proxyprotocol mentioned in method ① do not support application layer protocols such as proxy MySQL, in which the server actively pushes data to the client after establishing a communication channel, nor do they support reverse connections (that is, initiated by the server to the client). connection) is established. For another example, the utilization method ② requires modification of the kernel protocol stack, and the client needs to use a new socket interface to establish a connection with the server, which results in the low versatility of this method.

In response to the above problems, this application provides a proxy protocol. The proxy protocol includes the following content: in response to a message sent by the client (the message may or may not carry the business data that the client wants to send to the server), the downstream agent communicates with A virtual channel is established on the communication channel between the upstream agents, where the virtual channel is used to transmit communication messages between the client and the server. After the above virtual channel is established, the downstream agent stores the mapping relationship between the identifier of the virtual channel and the identifier of the client, and the upstream agent stores the mapping relationship between the identifier of the virtual channel and the identifier of the server. In this way, when the downstream agent receives the business data (such as HTTP1 messages, MySQL messages) that the client wants to send to the server, the downstream agent can use the virtual channel identifier to encapsulate the above business data based on the locally stored mapping relationship, and then pass it through Send the encapsulated business data to the upstream agent through the virtual channel. Correspondingly, the upstream agent can also use the identification of the virtual channel to decapsulate the above-mentioned encapsulated business data based on the locally stored mapping relationship, and forward the decapsulated business data to the server. Similarly, when the above agent receives the business data that the server wants to return to the client (such as HTTP1 message, MySQL message), the upstream agent and the downstream agent can send the above business data from the server to the client based on their respective stored mapping relationships. end.

In addition, the proxy protocol also supports: ① The communication channel between the downstream proxy and the upstream proxy can be a TCP channel, and the TCP channel can be a forward TCP channel or a reverse TCP channel. Among them, the forward TCP channel refers to the TCP channel established by the downstream agent sending a TCP connection message to the upstream agent, and the reverse TCP channel refers to the TCP channel established by the upstream agent sending a TCP connection message to the downstream agent. ② Multiple communication channels can be established between the downstream agent and the upstream agent, and the virtual channel can be flexibly established on any of the above communication channels. ③ Multiple virtual channels can be established on the communication channel between the downstream agent and the upstream agent, and the identifier of the virtual channel can be changed.

The above proxy protocol can be applied to container systems where applications are deployed. Figure 3 exemplarily shows a schematic structural diagram of a container system. As shown in Figure 3, the container system 100 includes a control node 110 and a plurality of computing nodes 120. The various components of container system 100 are briefly described below.

The control node 110 may be a physical host or a virtual machine (VM). The control node 110 is used to manage and control the scheduling of resources and the execution of tasks in the container system 100, for example, managing resources (including computing resources, storage resources and network resources) on multiple computing nodes 120; for example, based on each computing node The resource usage on 120 allocates the application to the appropriate computing node 120 for running.

Similar to the control node 110, the computing node 120 may also be a physical host or a VM. The computing node 120 includes one or more container groups 121, where the container group 121 is the smallest deployment unit in the container system 100. Each container group 121 has a corresponding Internet Protocol (IP) address, and each container group 121 includes one or more containers 1211. Each container 1211 can run one or more services. The service here can be an application or an application service (such as a microservice) that constitutes an application. The computing node 120 also includes a network agent 122. The network agent 122 is responsible for accessing services in the node (hereinafter, this network agent responsible for accessing services in the computing node will be referred to as a node agent for short). For example, the network agent 122 is responsible for accessing external services. The request is forwarded to the corresponding container and the local business response is forwarded. In a possible implementation manner, the network agent 122 can be deployed on the computing node 120 in the form of a container, or can also be deployed on the computing node 120 in the form of a device. When the network agent 122 is deployed on the computing node 120 in the form of a device, the network agent 122 may be a software system, a hardware device, or a combination of a software system and a hardware device.

It should be understood that Figure 3 only shows an exemplary structure of the container system. In actual applications, the above-mentioned container system may also have other structures, for example, the container system 200 shown in Figure 4 and the container system 200 shown in Figure 5 Container system 300. Compared with the container system 100 shown in Figure 3, in the container system 200 shown in Figure 4, each container group 221 in the multiple computing nodes 220 includes not only one or more containers 2211, but also a network agent 2212, where , the network agent 2212 is responsible for accessing services in this container group (hereinafter, this network agent responsible for accessing services in the container group is referred to as a container group agent for short). Compared with the container system 100 shown in Figure 3, in the container system 300 shown in Figure 5, the network agents in some computing nodes 320 are node agents, that is, the network agents 322, and the network agents in some computing nodes 320 are container groups. Agent, i.e. network agent 3212. It should be noted that other parts in the container system 200 shown in Figure 4 and the container system 300 shown in Figure 5, such as the control node 210, the computing node 220, the container group 221, the container 2211, and the control node 310, computing node The functions of the node 320, the container group 321, and the container 3211 are similar to the functions of the control node 110, the computing node 120, the container group 121, and the container 1211 in the container system 100 shown in Figure 3. For simplicity, the embodiments of this application will not Describe similar sections as above.

Containers in the container system (including container system 100, container system 200, and container system 300) involved in the embodiment of this application can be orchestrated using various tools such as Kubernetes, Docker swarm, Docker compose, or apache Mesos.

For example, when the containers in the container system are orchestrated using Kubernetes, as shown in Figure 6, taking the container system 100 as an example, the control node 110 is also called the master node, and the computing node 120 is also called the node node. , the container group 121 in the computing node 120 here refers to Pod. In addition, the control node 110 may include one or more of the following components: an application programming interface server (API server) 111, a control management component (controller manager) 112, a scheduling component (scheduler) 113, and a storage component (ETCD). ) 114, these components are used to manage and control the scheduling of resources and the execution of tasks in the container system 100. Among them, the application programming interface service component 111 is used to receive external requests and serve as a transfer station for other components to communicate with each other. It is also used to write various received information to the storage component 114; the control management component 112 is used to execute cluster-level Operations, for example, view the configuration information of the computing node 120, handle the failure of the computing node 120, manage and control the container 1211 on the computing node 120, etc.; the scheduling component 113 is responsible for the scheduling of the application, for example, scheduling the container with the application deployed to the appropriate location. running on the computing node 120; the storage component 114 is used to store all information on the container system 100, for example, information written by the application programming interface service component 111. The computing node 120 may also include a Kubelet component 123 and a container runtime component 124. Among them, the Kubelet component 123 is mainly responsible for interacting with the container running component 124 and the application programming interface service component 111 in the control node 110 to manage the container 1211 on this node, for example, sending the control node 110 to this node Allocate tasks to containers, or regularly report the usage of resources on this node to the control node 110. The container running component 124 is used to download the image when the container 1211 is running, and control the running of the container 1211.

It should be understood that Figure 6 is only an exemplary display. In actual applications, the container system 200 and the container system 300 can also use Kubernetes for container orchestration. In addition, the container system involved in the embodiments of the present application can also use other tools for container orchestration, which is not limited by the embodiments of the present application, but for the sake of simplicity, the description will not be repeated here.

As can be seen from the foregoing, services can be run on the containers in the container system (including the container system shown in Figures 3 to 6), and there are communication requirements between different services. When communication between services needs to be implemented across network proxies, the proxy protocol provided by this application can be used to reduce communication delay, thereby improving communication efficiency between services. The following takes the communication between the first service and the second service running on the above-mentioned container system as an example, and describes in detail how the proxy protocol provided by this application realizes the communication between the first service and the second service in conjunction with Figures 7-12. communication.

First, it should be noted that the first service and the second service may be applications or application services constituting applications. For example, the first service and the second service may be different applications, or different application services that constitute the same application, or application services that constitute different applications; for another example, the first service is an application, and the second service is An application service that constitutes another application, or the second service is an application and the first service is an application service that constitutes another application. Furthermore, the network agent responsible for access to the first service is different from the network agent responsible for access to the second service.

The container system includes two types of container groups: a first type container group having containers running a first service, and a second type container group having containers running a second service. The first type of container group may include one or more containers running the first service, and the second type container group may also include one or more containers running the second service.

Optionally, the number of the first type of container group and the number of the second type of container group can be one or more. The above-mentioned one or more first-type container groups may be located on one or more computing nodes in the container system, and the one or more second-type container groups may also be located on one or more computing nodes in the container system. Moreover, the first type of container group and the second type of container group may be located on the same computing node, or may be located on different computing nodes. But it is worth noting that when the first type of container group and the second type When the class container group is located on the same computing node, the network agent responsible for access to the first service may be located in the first class container group, and the network agent responsible for access to the second service may be located in the second class container group. In this way, it can be ensured that the network agent responsible for access to the first service is different from the network agent responsible for access to the second service.

It should also be noted that the above-mentioned container system can be any of the container systems shown in Figures 3 to 6. In other words, the first type of container group and the computing node where it is located, the second type of container group and the computing node where it is located, The container running the first service and the container running the second service, the network agent responsible for access to the first service and the network agent responsible for access to the second service may be computing nodes, container groups, containers and network agents in the corresponding container system. , this application does not make specific limitations. In actual applications, adaptive adjustment and deployment can be made according to the resource usage and specific business requirements on the container system.

Assume that the first service wants to send business data D ₁ to the second service. At this time, the first service will act as the client and the second service will act as the server. The communication process between the first service and the second service can be divided into the following two stages.

The first phase, the establishment of the communication channel between the first service and the second service (shown in Figure 7)

S101: The first service establishes a first communication channel with the first network agent.

The first service runs on a container in a first container group, and the first container group belongs to the first type of container group. The first network agent (ie, the downstream agent in the preceding article) is responsible for accessing the first service. The first network agent may be a container group agent (such as network agent 2212) or a node agent (such as network agent 122).

In some embodiments, the first communication channel is a TCP channel, then the first service establishes the first communication channel with the first network agent, including: the first service sends a first communication channel establishment request to the first network agent. , after receiving the above request, the first network agent returns a response confirming the establishment of the first communication channel to the first service. After receiving the above response, the first service again sends a message confirming the establishment of the first communication channel to the first network agent, After the above three-way handshake, the first communication channel between the first container group and the first network agent is established.

S102: The first service sends the first message to the first network agent through the first communication channel.

The first message is used to instruct the first network agent to establish a communication channel with the second service. The first message includes the service name of the second service, the IP address of the second service and the port of the second service (port A). At least one of them, port A is a port on the second container group used to send and receive messages related to the second service.

Optionally, the first message may carry the service data D ₁ , or may not carry the service data D ₁ . Among them, the business data D ₁ refers to the message generated based on the application layer protocol between the first service and the second service. Since the first service and the second service can use multiple application layer protocols to implement communication, such as HTTP1 and MySQL, therefore The business data D ₁ can be an HTTP1 message, a MySQL message, etc. When the first message does not carry the service data D ₁ , the first message may be a connection type message, that is, a message used to establish a communication channel, such as a TCP three-way handshake message.

S103: The first network agent determines the second network agent based on the first message.

Specifically, after receiving the first message, the first network agent determines the second service based on the first message, then determines the second container group based on the second service, and then determines the second network agent based on the second container group (i.e., as mentioned above the upstream agent). Wherein, the second container group belongs to the second type of container group, that is, the second container group includes containers running the second service, and the second network agent is used to be responsible for access to the business (including the second service) in the second container group. The second network agent may be a container group agent (such as network agent 2212) or a node agent (such as network agent 122).

Further, considering that the second service can run on multiple second-type container groups, the first network agent determines the second container group based on the second service, including: the first network agent determines multiple second container groups based on the second service. class container group, and then use a load balancing algorithm to determine a second container group from the plurality of second class container groups. The load balancing algorithm may include a polling algorithm, a random algorithm, a minimum connection algorithm, etc., which are not limited in the embodiments of this application.

It should be noted that _since the first message may carry the service data D ₁ or not, compared with the first message not carrying the service data D ₁ , when the first message carries the service data D ₁ , the first network agent needs to The second network agent can only be determined by performing more processing on a message (that is, using an application layer protocol to decapsulate the service data _D1 in the first message).

S104: The first network agent determines whether the second communication channel with the second network agent has been established. If the second communication channel is not established, S105-S110 is executed; if the second communication channel is established, S106-S110 is executed.

Wherein, the second communication channel may be a TCP channel. When the second communication channel is a TCP channel, the second communication channel may be a forward TCP channel or a reverse TCP channel. The forward TCP channel refers to the TCP channel established by the first network agent sending a TCP connection message to the second network agent. For the specific establishment process, please refer to S105; the reverse TCP channel refers to the TCP channel established by the second network agent to the second network agent. A TCP channel is established by sending a TCP connection message through a network agent. Please refer to the following description for the specific establishment process.

When the second communication channel is a reverse TCP channel, the second communication channel has been established before the first network agent executes S104. Specifically, the second network agent sends the establishment request of the second communication channel to the first network agent. After receiving the above request, the first network agent returns a response confirming the establishment of the second communication channel to the second network agent. After receiving the above response, the second network agent sends a message confirming the establishment of the second communication channel to the first network agent again, thus completing the establishment of the second communication channel. In addition, after the establishment of the second communication channel is completed, the first network agent also stores a mapping relationship between the identifier of the second network agent and the identifier of the second communication channel. The identification of the second network agent may be an ID, number, etc. assigned to the second network agent by the first network agent or a control node (such as the control node 110, the control node 210, and the control node 310) in the container system, which can be used to identify the second network agent. The information of the second network agent or the identity of the second network agent can be flexibly set based on the type of the second network agent. For example, when the second network agent is a container group agent, the identity of the second network agent can be the second network agent. The IP address of the second container group; when the second network agent is a node agent, the identifier of the second network agent may be the IP address of the computing node where the second network agent is located. The identification of the second communication channel may be an ID, a number, or other information assigned to the second communication channel by the first network agent or the control node in the container system, which can be used to identify the second communication channel.

In some embodiments, the first network agent determines whether the second communication channel with the second network agent has been established, including: when the first network agent stores an identifier of the second network agent and an identifier of the second communication channel. When the first network agent determines that the second communication channel has been established; when the first network agent does not store the mapping relationship between the identifier of the second network agent and the identifier of the second communication channel, the first network agent It is determined that the second communication channel is not established.

Optionally, the first service may be a service running in a public network, and the second service may be a service running in a private network (such as a virtual private cloud (VPC)). Then, when the second communication channel can be a reverse TCP channel, it means that the proxy provided by this application supports services running in the public network to access services running in the private network. It is worth noting that considering that the following situation may occur in actual applications: there are multiple private networks with the same IP address as the above-mentioned private network running the second service. Therefore, the identifier of the second network proxy may include private network. The network identifier and the IP address of the private network.

S105: The first network agent establishes a second communication channel with the second network agent.

Specifically, the first network agent sends the establishment request of the second communication channel to the second network agent. After receiving the above request, the second network agent returns a response confirming the establishment of the second communication channel to the first network agent. After receiving the above response, the first network agent sends a message confirming the establishment of the second communication channel to the second network agent again, thus completing the establishment of the second communication channel.

Optionally, in order to improve the security of communication between the first service and the second service, after the second communication channel is successfully established (the second communication channel here includes a forward TCP channel and a reverse TCP channel), the second communication channel is A network proxy can also establish a secure channel on the second communication channel, for example, a secure socket layer (SSL) connection or a transport layer security (TLS) connection. Taking the SSL channel as an example, the first network proxy can use the following method to Establishing a secure channel on the second communication channel: First, the first network agent sends a secure channel establishment request (such as a client hello message) to the second network agent through the second communication channel. After receiving the above request, the second network agent sends the request to the second network agent through the second communication channel. The second communication channel returns a corresponding response message (such as a server hello message) to the first network agent, where the above response message includes the public key in the key pair generated by the second network agent. Afterwards, the first network agent generates a session key, uses the public key to encrypt the session key, and then sends the encrypted session key to the second network agent through the second communication channel. After receiving the encrypted session key, the second network agent uses the private key to decrypt the encrypted session key to obtain the session key. Afterwards, the first network agent and the second network agent can use the session key to encrypt the data to be transmitted, thereby completing the establishment of the SSL channel. It should be understood that in practical applications, in addition to establishing a secure channel on the second communication channel, a secure channel can also be established on the first communication channel mentioned above and the third communication channel mentioned below. The specific establishment process can be found in The process of establishing a secure channel on the second communication channel will not be described here for simplicity.

Optionally, after the second communication channel is established, the first network agent also stores a mapping relationship between the identifier of the second network agent and the identifier of the second communication channel.

S106: The first network agent configures the second communication channel as a proxy channel.

In some embodiments, the first network agent configures the second communication channel as a proxy channel, including: the first network agent sends a first negotiation request to the second network agent through the second communication channel, wherein the first negotiation request is used to Negotiate with the second network agent to configure the second communication channel as a proxy channel. The proxy channel refers to a channel that transmits messages based on the proxy protocol. The proxy channel supports multiplexing, that is, at least two services (including the first service and the first service) can be transmitted on the proxy channel. communication messages between the second service). After receiving the first negotiation request, the second network agent configures the second communication channel as a proxy channel based on the first negotiation request, and returns a first negotiation response to the first network agent to inform the first network agent to confirm that the second communication channel will be used. The channel is configured as a proxy channel.

Among them, both the first negotiation request and the first negotiation response include a negotiation identifier. The negotiation identifier is used to indicate that the message is used to negotiate whether to configure a certain communication channel as a proxy channel. The negotiation identifier can be a magic number or a calibration number. Verifier, etc.

Optionally, the first negotiation request also includes an identification of the second communication channel. Here, in addition to the ID and number assigned to the second communication channel by the first network agent or the control node in the container system mentioned in S104 above, the identifier of the second communication channel may also be the IP of the first network agent. address. It should be noted that when the identifier of the second communication channel is the IP address of the first network agent, after receiving the first negotiation request, the second network agent first determines the first network agent based on the identifier of the second communication channel, and then determines the first network agent based on the identifier of the second communication channel. The first network agent determines the second communication channel, and then uses the negotiation identifier in the first negotiation request to learn whether the first network agent wants to negotiate with it whether to configure the second communication channel as a proxy channel.

Optionally, the first negotiation request also includes a connection timeout period, where the connection timeout period is used to inform the second network agent that after sending the first negotiation request, the first network agent expects to receive a heartbeat message returned by the second network agent. time, where the heartbeat message is used to indicate that the second communication channel is in a normal connection state. In some embodiments, if the first network agent does not receive the heartbeat message returned by the second network agent within the above-mentioned connection timeout period, the first network agent may disconnect the second communication channel. It should be understood that since the second communication channel may be a reverse TCP channel, when the above-mentioned connection timeout period is calculated from the time when the first network agent sends the first negotiation request, it can be guaranteed that the second communication channel will be established for a long time after Normal connection status can still be maintained when not in use. In addition, regarding the above-mentioned heartbeat message, the embodiment of the present application also proposes that the first network agent and the second network agent use the "drum-beating and flower-passing" mode to send heartbeat messages to each other, that is, the heartbeat message is not sent by one party and received by the other party. Both parties alternate sending and receiving.

Optionally, the first negotiation response also includes information that can be used to indicate that the second network agent agrees to configure the second communication channel as a proxy channel, for example, characters preset by the user, etc.

Optionally, since a secure channel can also be established on the second communication channel, the first network agent can also Full channel configures the second communication channel as a proxy channel. Specifically, taking the secure channel as an SSL channel as an example: Based on the application layer protocol negotiation (ALPN) protocol, the first network agent sends a secure channel establishment request (such as a client hello message) to the second network agent. may include identifiers of one or more protocols supported by the first network proxy, wherein the identifiers of the one or more protocols include identifiers of the above-mentioned proxy protocols. In response to the above secure channel establishment request, the second network agent selects a protocol it supports (including a proxy protocol) from the above one or more protocols, and sends the identifier of the proxy protocol through a corresponding response message (such as a server hello message). Return to first network proxy. In this way, after the SSL channel is established, the first network agent can send the first negotiation request to the second network agent through the SSL channel, and the second network agent can also return the first negotiation response to the first network agent through the SSL channel, thereby The second communication channel is configured as a proxy channel.

It should be noted that the above process describes the establishment process of configuring the second communication channel as a proxy channel when the second network proxy supports the proxy protocol. However, in practical applications, there may be situations where the second network agent does not support the proxy protocol. To this end, embodiments of the present application propose that when the second network agent does not support the proxy protocol, the first network agent can disconnect the second communication. channel, or use other methods to continue to implement communication between the first service and the second service. For example, use any method mentioned in the prior art to implement communication between the first service and the second service.

Further, the first network agent may determine that the second network agent does not support the proxy protocol in any of the following ways: (1) After the first network agent sends the first negotiation request, it does not receive it or does not receive it within the expected time. The first negotiation response returned by the second network proxy. (2) After the first network agent sends a secure channel establishment request (including a negotiation identifier), the response message returned by the second network agent does not include the negotiation identifier.

In other embodiments, the first network agent configures the second communication channel as a proxy channel, including: the first network agent receives a second negotiation request sent by the second network agent through the second communication channel, and the first network agent receives After the second negotiation request, the second communication channel is configured as a proxy channel based on the second negotiation request, and a second negotiation response is returned to the second network agent, thereby configuring the second communication channel as a proxy channel. The second negotiation request is similar to the first negotiation request. The second negotiation request is used to negotiate with the first network agent to configure the second communication channel as a proxy channel. The second negotiation request includes the above negotiation identifier. In addition, it also The identifier of the second communication channel and the connection timeout may be included. It should be noted that, in addition to the ID and number assigned to the second communication channel by the first network agent or the control node in the container system mentioned in S104, the identifier of the second communication channel in the second negotiation request may also be the identifier of the second communication channel. Can be the IP address of the second network proxy. The second negotiation response is similar to the first negotiation response and is used to inform the second network agent to confirm that the second communication channel is configured as a proxy channel. The second protocol response includes the above negotiation identifier. In addition, it may also include information that can be used to indicate Information that the first network agent agrees to configure the second communication channel as a proxy channel.

S107: The first network agent stores the mapping relationship between the identifier of the second network agent and the identifier of the agent channel.

The identifier of the proxy channel may be an ID, a number, and other information assigned to the proxy channel by the first network proxy or the control node in the container system that can be used to identify the proxy channel.

Optionally, the identifier of the proxy channel and the identifier of the second communication channel may be the same identifier, or they may be different identifiers. It should be noted that the purpose of the first network agent storing the mapping relationship between the identifier of the second network agent and the identifier of the agent channel is: in subsequent communications, it can be determined that the second communication channel has been configured as a proxy channel, and the second communication channel has been configured as a proxy channel. The purpose of a network agent storing the mapping relationship between the identifier of the second network agent and the identifier of the second communication channel is to determine that the second communication channel has been established in subsequent communications. Therefore, when the identity of the proxy channel and the identity of the second communication channel are the same identity, in order to satisfy the above two purposes at the same time, the embodiment of the present application proposes: the first network proxy can configure the second communication channel as a proxy channel Then store the mapping relationship between the second network agent and the identifier of the second communication channel (that is, the identifier of the agent channel).

S108: The first network agent establishes the first virtual channel on the second communication channel and stores the identifier of the first virtual channel. Mapping relationship with the identity of the first service.

The first virtual channel is used to transmit communication messages between the first service and the second service. The identification of the first virtual channel may be an ID, a number, or other information assigned to the first virtual channel by the first network agent or the control node in the container system, which can be used to identify the first virtual channel. It should be understood that from the above S105, the proxy channel can support multiplexing, that is to say, the second communication channel can carry multiple virtual channels, and each virtual channel can be used to transmit communication messages between two services. Therefore, in a specific implementation, the identifier of the first virtual channel may be mainly used to identify the first virtual channel among the plurality of virtual channels, that is, the identifier of the first virtual channel remains unique among the identifiers of the plurality of virtual channels. Can.

In this embodiment of the present application, the first network agent or control node can use multiple rules to allocate identifiers to the virtual channels (including the first virtual channel) on the second communication channel. Several possible allocation rules are listed below:

(1) Generate multiple different random numbers, and assign the above multiple different random numbers to different virtual channels as their identifiers.

(2) Assign a number to each virtual channel as its identification in order from small to large or from large to small. For example, assuming that the first network agent successively establishes virtual channel 1, virtual channel 2, ..., virtual channel n (where n is an integer greater than 1) on the second communication channel, then the first network agent provides the above n virtual channels with The identification of channel allocation can be 1, 2,..., n-1; or m, m-1,..., m-n+2 (where m is an integer greater than or equal to n).

(3) The identifier assigned to the virtual channel includes two fields: the first field and the second field, where the first field is a field indicating the length of the identifier, and the second field is a number set within the range that meets the above length requirements ( or ID) field.

For example, the identifier of the virtual channel has three formats: ① an identifier with a length of 4 bits (bit), ② an identifier with a length of 8 bits, and ③ an identifier with a length of 16 bits. In a possible implementation, the first field in the above three formats of identifiers can be set based on whether the length of the identifier is greater than 4 bits, and whether it is less than 16 bits. For example, when the length of the identifier is less than or equal to 4 bits, It is recorded as "0". When the length of the identifier is greater than 4 bits, it is recorded as "1". When the length of the identifier is less than 16 bits, it is recorded as "0". When the length of the identifier is greater than or equal to 16 bits, it is recorded as "1". Then, as shown in Table 1, for an identifier with a length of 4 bits, the first field is "0", occupying 1 bit; for an identifier with a length of 8 bits, the first field is "01", occupying 2 bits; For an identifier with a length of 16 bits, the first field is "11", occupying 2 bits. Further, for an identifier with a length of 4 bits, the second field can occupy 3 bits, and its representation range is 0-7; for an identifier with a length of 8 bits, the second field occupies 6 bits, and its representation range is 0-7. 63; For an identifier with a length of 16 bits, the second field occupies 14 bits, and its representation range is 0-16383. Furthermore, format ① can be used to identify 8 virtual channels, format ② can be used to identify 64 virtual channels, and format ③ can be used to identify 16384 virtual channels, that is, a total of 8+64+16384=16456 can be identified using the above three formats. virtual channel.

Table 1

It should be understood that the first field in the above three formats of identification can also be set in other forms. For example, other identifiers (such as numbers and characters) can be used to indicate that the length of the identification is 4 bits, 8 bits, or 16 bits. In addition, in addition to the above three formats, the first field in the identification can also be flexibly set based on the number of virtual channels that can be carried on the second communication channel, the size of the data to be transmitted, and the communication quality. For example, Set to a different length of identifier, or set more lengths of identifiers.

It should also be understood that in actual applications, the length of the virtual logo is generally preset, so method (1) or method When formula (2) is used to assign identifiers to virtual channels, the identifiers of different virtual channels have the same length. Then, compared with methods (1) and (2), using method (3) to assign identifiers to virtual channels can improve the transmission efficiency of business data. The reasons are as follows: For example, assume that method (2) is used to allocate identifiers to virtual channels. The length of the identifier is set to 16 bits. Then, when allocating identifiers to virtual channel 8 in ascending order as mentioned in method (2), the identifier of virtual channel 8 is 0000000000000111, while using method (3) to assign identifiers to virtual channel 8 8 When allocating identifiers, the identifier of virtual channel 8 is 0111; when using method (2) to allocate identifiers to virtual channel 72 in ascending order, the identifier of virtual channel 72 is 0000000001001000, and using method (3) to When the virtual channel 72 is assigned an identifier, the identifier of the virtual channel 72 is 10111111. It is not difficult to see that the identifier assigned to the virtual channel using method (3) can occupy fewer bytes. As can be seen from Figures 8 and 9 below, messages transmitted through a virtual channel need to carry the identifier of the virtual channel. When the identifier of the virtual channel occupies fewer bytes, the message can carry more business data. This improves the transmission efficiency of business data.

The identification of the first service may be an ID, a number, or other information that can identify the first service assigned to the first service by the first network agent or the control node in the container system. Alternatively, the identity of the first service can also be flexibly set based on the type of the first network proxy. For example, when the first network proxy is a container group proxy, the identity of the first service can be the service name of the first service, the first The ID, number, etc. assigned by the container group to the first service; when the first network agent is a node agent, the identification of the first service may include at least the IP address of the first container group and the port (port B) of the first service. One, wherein port B is a port on the first container group used to send and receive messages related to the first service. Alternatively, the identification of the first service may also be information that can identify the first communication channel, such as an ID, a number, etc. assigned to the first communication channel by the first network agent or the control node in the container system.

In some embodiments, the first network agent establishes the first virtual channel on the second communication channel, including: the first network agent sends a virtual connection message to the second network agent. The virtual connection message includes an identifier of the first virtual channel. In this way, after the second network agent receives the virtual connection message, it can be determined based on the virtual connection message that the first virtual channel is established on the second communication channel.

The virtual connection message also includes the identification of the second service. The identifier of the second service may be similar to the identifier of the first service: the identifier of the second service may be an ID, number, or other information that can identify the second service assigned by the first network agent or the control node in the container system to the second service. The identity of the second service can also be flexibly set based on the type of the second network proxy. For example, when the second network proxy is a container group proxy, the identity of the second service can be the service name of the second service, the second container group The ID, number, etc. assigned to the second service; when the second network agent is a node agent, the identifier of the second service may include at least one of the IP address of the second container group and port A. The identification of the second service may also be information that can identify the third communication channel, such as an ID, a number, etc. assigned by the first network agent or the control node in the container system to the third communication channel later.

It should be noted that the embodiment of the present application is not limited to the first network agent establishing the first virtual channel on the second communication channel and storing the mapping relationship between the identifier of the first virtual channel and the identifier of the first service. The execution order of the steps, that is, the two steps can be executed at the same time or one after another.

S109: The second network agent stores the mapping relationship between the identifier of the first virtual channel and the identifier of the second service based on the virtual connection message.

Specifically, after receiving the virtual connection message, the second network agent obtains the identity of the first virtual channel and the identity of the second service based on the virtual connection message, and then stores the relationship between the identity of the first virtual channel and the identity of the second service. Mapping relations.

S110: The second network agent establishes a third communication channel with the second service based on the virtual connection message.

Specifically, after receiving the virtual connection message, the second network agent obtains the identity of the second service based on the virtual connection message, and then establishes a third communication channel with the second service based on the identity of the second service. Among them, the process of the second network agent establishing the third communication channel with the second service is the same as the process of the first service establishing the third communication channel with the first network agent in S101. The process of the first communication channel between the two parties is similar and is established through a three-way handshake. Therefore, for the sake of simplicity, this process will not be described here.

Through the above-mentioned S101-S110, the communication channel (including the first communication channel, the first virtual channel and the third communication channel) between the first service and the second service is established, and then the second phase is performed.

In the second phase, the first service and the second service communicate based on the above-mentioned established communication channel.

Among them, in view of the various application layer protocols adopted by the first service and the second service, the communication between the first service and the second service is divided into the following two situations.

Case 1: The first service actively sends business data to the second service, that is, the first service and the second service communicate using an application layer protocol such as HTTP1. Then, the communication process between the first service and the second service can be seen in Figure 8.

S201: The first service sends a second message to the first network agent through the first communication channel.

The second message includes the service data D ₁ that the first service wants to send to the second service. It should be noted that when the first message in S102 above carries service data D ₁ , the second message and the first message may be the same message.

S202: The first network agent generates a data transmission message R ₁ based on the second message, and sends the data transmission message R ₁ to the second network agent through the first virtual channel.

Specifically, the first network agent determines that the business data D ₁ in the message needs to be sent to the second service by parsing the second message, thereby determining the second container group running the second service and being responsible for business access in the second container group. second network proxy. Afterwards, the first network agent determines the second network agent based on the locally stored mapping relationship between the identifier of the second network agent and the identifier of the second communication channel, and the mapping relationship between the identifier of the second network agent and the identifier of the agent channel. The communication channel is established and the second communication channel is the proxy channel. Then, the first network agent obtains the identity of the first virtual channel based on the second message from the first service and the mapping relationship between the locally stored identity of the first virtual channel and the identity of the first service. Afterwards, the first network agent encapsulates the service data D ₁ based on the identifier of the first virtual channel to obtain the data transmission message R ₁ , and sends the data transmission message R ₁ to the second network agent through the first virtual channel. In addition to the identification of the first virtual channel and the service data D ₁ , the data transmission message R ₁ may also include the length of the service data D ₁ .

S203: The second network agent forwards the service data D ₁ to the second service through the third communication channel based on the data transmission message R ₁ .

Specifically, after receiving the data transmission message R ₁ , the second network agent obtains the identity of the first virtual channel and the service data D ₁ based on the data transmission message R ₁ , and then obtains the identity of the first virtual channel and the second service based on the locally stored identity of the first virtual channel. The mapping relationship between the identifiers sends the business data D ₁ to the second service through the third communication channel.

Optionally, after the second service receives the service data D ₁ sent by the first service, in response to the service data D ₁ , the second service may also return service data D ₂ to the first service, where the service data D ₁ is similar to the service data D 1 . , the business data D ₂ refers to a message generated based on the application layer protocol between the first service and the second service. Therefore, the communication between the first service and the second service may also include the following S204-S206.

S204: The second service generates a third message based on the service data _D2 , and sends the third message to the second network agent through the third communication channel. Among them, the third message includes the above-mentioned service data D ₂ .

S205: The second network agent generates the data transmission message R ₂ based on the third message, and sends the data transmission message R ₂ to the first network agent through the first virtual channel.

Specifically, the second network agent determines by parsing the third message that the service data _D2 in the message needs to be sent to the first service, that is, the message is a response to the second message, thereby obtaining the identity of the first virtual channel. Then, the second network agent encapsulates the service data D ₂ based on the identification of the first virtual channel to obtain the data transmission message R ₂ , and sends the data transmission message R ₂ to the first network agent through the first virtual channel. In addition to the identification of the first virtual channel and the service data D ₂ , the data transmission message R ₂ may also include the length of the service data D ₂ .

S206: The first network agent forwards the service data _D2 to the first service through the first communication channel based on the data transmission message _R2 .

Specifically, after receiving the data transmission message R ₂ , the first network agent obtains the identity of the first virtual channel and the service data D ₂ based on the data transmission message R ₂ , and then obtains the identity of the first virtual channel and the first service based on the locally stored identity of the first virtual channel. The mapping relationship between the identifiers forwards the service data _D2 to the first service through the first communication channel.

Case 2: The second service pushes the first service to send business data to it (the first service sends business data to the second service only after the second service sends a message to the first service), that is, the first service and the second service use, for example, Application layer protocols such as MySQL communicate. Then, the communication process between the first service and the second service can be seen in Figure 9.

S301: The second service sends a fourth message to the second network agent through the third communication channel.

The fourth message includes instruction data used to instruct the first service to send service data to the second service. The indication data refers to a message generated based on the application layer protocol between the first service and the second service (here it may be a MySQL message).

S302: The second network agent generates the data transmission message R ₃ based on the fourth message, and sends the data transmission message R ₃ to the first network agent through the first virtual channel.

The data transmission message R ₃ includes the identification of the first virtual channel and the above-mentioned indication data.

S303: The first network agent forwards the above instruction data to the first service through the first communication channel based on the data transmission message _R3 .

After receiving the above indication data, the first service sends the service data D ₁ to the second service. For the specific process, please refer to the above S201-S203, and the description will not be repeated here. In addition, similar to case 1, after the second service receives the business data D ₁ , in response to the business data D ₁ , the second service may also return the business data D ₂ to the first service. For the specific process, please refer to S204-S206 above. The description will not be repeated here. It should also be understood that the above-mentioned process (S301-S303) of the second service sending the instruction data to the first service is similar to the above-mentioned process (S204-S206) of the second service sending the business data _D2 to the first service. Therefore, for simplicity, This process will not be described here.

Several points worth noting are: ① It can be seen from the above S202, S205 and S302 that the messages transmitted between the first network agent and the second network agent (including data transmission message R ₁ , data transmission message R ₂ and data transmission message R ₃ ) are obtained by encapsulating the data to be transmitted (including business data D ₁ , business data D ₁ and indication data) using the identifier of the first virtual channel. The encapsulation process is "transparent" to the application layer protocol. That is, the data to be transmitted will not be aware that the proxy protocol is used to encapsulate it. Therefore, the use of the proxy protocol will not affect the application layer protocol. ② It can be seen from the above S203 that when the second network agent receives the data transmission message R ₁ sent from the first network agent, since the second network agent supports the agent protocol, the second network agent can use the identification pair of the first virtual channel. The data transmission message R ₁ is decapsulated to obtain service data D ₁ . In addition, the second network agent can also forward the business data D 1 to the second service based on the mapping relationship between the locally stored identity of the first virtual channel and the identity of the second service. In this process, the second network agent forwards the business data D ₁ to the second service. The second network agent can directly forward the service data D ₁ to the second service without using the application layer protocol to decapsulate the service data D ₁ , thus improving the transmission efficiency of the service data D ₁ . Similarly, in the above-mentioned S206 and S303, since the proxy protocol is also used, the transmission efficiency of the service data _D1 and the instruction data is also improved.

Based on the above figures 7 to 9, it can be seen that when the first network agent and the second network agent transmit service data based on the agent protocol, they need to use the identifier of the first virtual channel to encapsulate the service data, and the encapsulated service data needs to be carried in the transmission In terms of layer messages, transport layer messages refer to messages transmitted on the second communication channel. For example, when the second communication channel is a TCP channel, the transport layer message may be a TCP message. For transport layer messages, the more bytes the identifier of the first virtual channel occupies, the fewer bytes the service data occupies. In other words, the fewer bytes the identifier of the first virtual channel occupies, the less bytes the identifier of the first virtual channel occupies. Can carry more business data. Therefore, the embodiment of this application proposes that if the current identification of the first virtual channel (with When the identifier F ₁ (hereinafter referred to as the identifier) cannot meet the communication requirements between the first service and the second service, the first network agent changes the identifier of the first virtual channel from the identifier F ₁ to the identifier F ₂ . Among them, the length of the mark F ₂ is smaller than the length of the mark F ₁ .

In some embodiments, when one or more of the following conditions are met, the identification of the first virtual channel cannot meet the communication requirements between the first service and the second service: ① The priority of the service data transmitted on the first virtual channel Higher than the first threshold; ② The efficiency of transmitting service data on the first virtual channel is lower than the second threshold. The first threshold may be a priority preset by the user, or may be dynamically adjusted by the first network agent based on the priority of business data transmitted by each virtual channel on the second communication channel and actual business requirements; the second threshold may be It is preset by the user, or may be dynamically adjusted by the first network agent based on the efficiency of transmitting business data of each of the above virtual channels and the actual business requirements.

In a possible implementation, as shown in Figure 10, the first network agent changes the identity of the first virtual channel from the identity F ₁ to the identity F ₂ , including the following steps:

S401: The first network agent determines the identifier F ₂ .

In some embodiments, the identifier F ₂ is the identifier of the second virtual channel on the second communication channel. Then, the first network agent determines the identifier F ₂ , including: the first network agent determines the multiplexed number established on the second communication channel. virtual channels, wherein the plurality of virtual channels include a first virtual channel and a second virtual channel. Then, the first network agent determines at least one of a priority of the service data transmitted on each of the plurality of virtual channels and an efficiency of each virtual channel in transmitting the service data, wherein the efficiency of the virtual channel in transmitting the service data It refers to the proportion of business data in the messages transmitted through the channel within a unit time. Then, the first network agent determines the second virtual channel based on at least one of the priority of the service data transmitted on each virtual channel and the efficiency of each virtual channel in transmitting the service data, thereby determining the identifier F ₂ , where the second The virtual channel is used to transmit business data when communicating with other services. The second virtual channel satisfies one or more of the following conditions: the priority of the business data transmitted on the second virtual channel is lower than the priority of the business data transmitted on the first virtual channel. level, and the efficiency of transmitting service data on the second virtual channel is less than the efficiency of transmitting service data on the first virtual channel.

Further, the first network agent can determine the data transmission efficiency of each virtual channel in the following manner: the first network agent determines the rate at which each virtual channel sends messages, the size of the message, and the size of the business data carried in the message, thereby calculating Obtain the efficiency of each virtual channel in transmitting business data.

In other embodiments, the first network agent is set with a backup identifier set. For example, if the allocation rule (3) in S108 above is used to allocate identifiers to the virtual channel on the second communication channel, the partial length may be shorter. The identifier (such as a 4-bit identifier) is added to the backup identifier set. The identifiers in the standby identifier set can be used to be assigned to the virtual channel whose identifier needs to be changed, and the identifier _F2 can be any one in the standby identifier set.

S402: The first network agent sends a first identity change request to the second network agent through the second communication channel.

Wherein, the first identification change request includes identification F ₁ and identification F ₂ .

Optionally, the first network agent may send the first identity change request to the second network agent through the first virtual channel, or may send the first identity change request to the second network agent through the second virtual channel.

S403: The first network agent changes the identity of the first virtual channel in the sending direction from the identity F ₁ to the identity F ₂ .

Among them, as can be seen from the above, the identifier of the first virtual channel in the first network agent includes the following two functions: ① When the first network agent sends a message through the first virtual channel, the identifier of the first virtual channel needs to be used to encapsulate the message to be processed. Transmitted business data; ② When the first network agent receives a message from the first virtual channel, it needs to use the identifier of the first virtual channel to forward the business data in the above message to the first service. The above identification of the first virtual channel in the sending direction refers to the identification used to implement function ①, that is, the message sent by the first network agent to the second network agent through the first virtual channel needs to carry the identification of the first virtual channel in the sending direction. .

In some embodiments, the first network agent stores a mapping relationship between the identifier of the first virtual channel and the identifier of the first service. The first network agent implements the above function ① based on the mapping relationship. Therefore, the first network agent will sending direction Changing the identity of the first virtual channel from the identity F ₁ to the identity F ₂ includes: the first network agent changes the mapping relationship of the sending direction from the mapping relationship between the identity F ₁ and the identity of the first service to the mapping relationship between the identity F ₂ and the first service. The mapping relationship between the identifiers of a service. Among them, the mapping relationship in the sending direction refers to the mapping relationship used to realize the above function ①.

S404: The second network agent changes the identity of the first virtual channel from the identity F ₁ to the identity F ₂ based on the first identity change request.

In some embodiments, the second network agent stores a mapping relationship between the identifier of the first virtual channel and the identifier of the second service, and the current identifier of the first virtual channel is the identifier F ₁ . Therefore, the second network agent is based on The first identity change request changes the identity of the first virtual channel from the identity F ₁ to the identity F ₂ , including: the second network agent changes the mapping relationship between the identity F ₁ and the identity of the second service based on the first identity change request. is the mapping relationship between the identifier F ₂ and the identifier of the second service.

S405: The second network agent sends the first identity change response to the first network agent through the first virtual channel.

Wherein, the first identification change response includes identification F ₁ and identification F ₂ .

S406: The first network agent changes the identity of the first virtual channel in the receiving direction from the identity F ₁ to the identity F ₂ based on the first identity change response.

The identifier of the first virtual channel in the receiving direction refers to the identifier used to implement the above function ②, that is, the identifier used to forward the service data from the first virtual channel to the first service.

In some embodiments, the first network agent can not only realize the above function ① but also realize the above function ② based on the mapping relationship between the identity of the first virtual channel and the identity of the first service. Therefore, the first network agent will receive the direction Changing the identity of the first virtual channel from the identity F ₁ to the identity F ₂ includes: the first network agent changes the mapping relationship in the receiving direction from the mapping relationship between the identity F ₁ and the identity of the first service to the mapping relationship between the identity F ₂ and the identity of the first service. The mapping relationship between the identifiers of the first service. Among them, the mapping relationship in the receiving direction refers to the mapping relationship used to realize the above function ②.

It should be understood that in the case where the identifier _F2 is the identifier of the second virtual channel, after the identifier of the first virtual channel is changed from the identifier _F1 to the identifier _F2 , in order to avoid communication abnormalities, the identifier of the second virtual channel also needs to be changed. . Optionally, the identity of the second virtual channel can be changed from the identity F ₂ to the identity F ₁ , or from the identity F ₂ to the identity F ₃ , where the identity F ₃ is the first network agent or the control node in the container system. The identifier newly assigned to the second virtual channel. The process of changing the identity of the second virtual channel is similar to the above-mentioned process of changing the identity of the first virtual channel, and therefore will not be described further.

However, it is worth noting that during the process of changing the identifiers of the first virtual channel and the second virtual channel, in order not to affect the transmission of messages by the first virtual channel and the second virtual channel, the two should be performed simultaneously. For example, when the first network agent sends an identity change request to the second network agent, it also sends a second identity change request to the second network agent to instruct the second network agent to change the identity of the second virtual channel; for another example, the first network agent sends an identity change request to the second network agent. When a network agent changes the identity of the first virtual channel in the receiving direction, it also changes the identity of the second virtual channel in the receiving direction.

Optionally, when the identity of the second virtual channel is changed from the identity F ₂ to the identity F ₁ , it is equivalent to exchanging the identity of the first virtual channel and the identity of the second virtual channel. Therefore, in order to save communication resources, the first identity change request may be configured to instruct the second network agent to exchange the identity F ₁ and the identity F ₂ (ie, change the identity of the first virtual channel from the identity F ₁ to the identity F ₂ , and An instruction to change the identification of the second virtual channel from identification F ₂ to identification F ₁ ). At this time, the first network agent does not need to send the second identity change request to the second network agent. However, considering that situations 1 to 3 described below may occur in actual applications, the second network agent should also return the first identity change response and the second identity to the first network agent through the first virtual channel and the second virtual channel respectively. Change response.

It can be seen that when the identifier _F2 is the identifier of the second virtual channel, the above method of changing the identifier of the first virtual channel will not interrupt the process of transmitting messages between the first virtual channel and the second virtual channel. In other words, the above method can On the basis of not affecting the use of the first virtual channel and the second virtual channel to transmit messages, the identifier of the first virtual channel is changed. to pass the exchange mark Taking the method of identifying F ₁ and identifying F ₂ as an example to change the identity of the first virtual channel, as shown in Figure 11, assume that the second virtual channel is used to transmit communication messages between the third service and the second service:

(1) Before the first network agent sends the first identity change request to the second network agent, the identity of the first virtual channel is the identity F ₁ and the identity of the second virtual channel is the identity F ₂ , therefore, the first network agent and The second network agent will use the identifier _F1 to process the service data that needs to be transmitted through the first virtual channel, and use the identifier _F2 to process the service data that needs to be transmitted through the second virtual channel. Specifically, the message sent by the first network agent (second network agent) to the second network agent (first network agent) through the first virtual channel will carry the identifier F ₁ ; the first network agent (second network agent) receives When receiving a message from the first virtual channel, the identifier F ₁ will be used to forward the business data in the message to the first service (second service); the first network agent (second network agent) sends the message through the second virtual channel. The message to the second network agent (first network agent) will carry the identifier F ₂ ; when the first network agent (second network agent) receives the message from the second virtual channel, it will use the identifier F ₂ to convert the message. The business data in is forwarded to the third service (fourth service).

(2) After the first network agent sends the first identity change request to the second network agent, it can be known from the above S403 that the first network agent will change the identity of the first virtual channel in the sending direction from the identity F ₁ to the identity F ₂ , and the identity of the second virtual channel in the sending direction is changed from the identity F ₂ to the identity F ₁ , so the message sent by the first network agent to the second network agent through the first virtual channel carries the identity F ₁ . The message sent by the second virtual channel to the second network agent carries the identifier F ₂ . It can be seen from the above S404 that after receiving the first identity change request, the second network agent will change the identity of the first virtual channel from the identity F ₁ to the identity F ₂ based on the first identity change request, and change the identity of the second virtual channel to The identifier F ₂ is changed to the identifier F ₁ , so in the subsequent process, when the second network agent receives a message from the first virtual channel, it will use the identifier F ₂ to forward the business data in the message to the second service. When the second network agent receives the message from the second virtual channel, it will use the identifier _F1 to forward the service data in the message to the fourth service.

(3) After the second network agent returns the first identity change response and the second identity change response to the first network agent, since the second network agent has changed the identity of the first virtual channel from the identity F ₁ to the identity F ₂ , And the identity of the second virtual channel is changed from the identity F ₂ to the identity F ₁ , so in the subsequent process, the message sent by the second network agent to the first network agent through the first virtual channel carries the identity F ₂ , through The message sent by the second virtual channel to the first network agent carries the identifier F ₁ . It can be seen from the above S406 that after receiving the first identity change response, the first network agent will change the identity of the first virtual channel in the receiving direction from the identity F ₁ to the identity F ₂ based on the first identity change response. The first network agent receives After receiving the second identity change response, the identity of the second virtual channel in the receiving direction is changed from the identity F ₂ to the identity F ₁ based on the second identity change response. Therefore, in the subsequent process, when the first network agent receives the message from the first virtual channel, it will use the identifier _F2 to forward the business data in the message to the first service. The first network agent receives the message from the second virtual channel. When sending a message to the channel, the identifier F ₁ will be used to forward the business data in the message to the third service.

In the embodiment of this application, in addition to improving the transmission efficiency of business data by changing the identity of the first virtual channel as described above, it can also be achieved in the following ways:

Considering that multiple communication channels (including the above-mentioned second communication channel) can be established between the first network agent and the second network agent, a virtual channel can be established on each communication channel, and the process can be referred to the above-mentioned S106-S108. Therefore, the first network agent can select the communication channel that carries the smallest number of virtual channels from the plurality of communication channels, and then establish the first virtual channel on the communication channel. In this way, the first network agent or the control node of the container system can allocate a short-length identifier to the first virtual channel.

In specific implementation, before creating the first virtual channel, the first network agent may first determine the size of the service data to be transmitted. When the business data to be transmitted is large, the first network agent can select the communication channel with the smallest number of virtual channels and establish the first virtual channel on this channel, or the first network agent can establish a new connection. to the communication channel of the second network agent, and establish the first virtual channel on the new channel.

The above-mentioned Figures 7 to 10 describe the communication process between the first service and the second service when the first virtual channel is normal. However, in actual applications, there may also be situations where the first virtual channel is disconnected. The situations that cause the first virtual channel to be disconnected include one or both of the following: disconnection of the first service and the first network agent. a first communication channel, and a third communication channel between the second service disconnect and the second network agent. The following describes respectively the disconnection process of the communication between the first service and the second service in one or both of the above situations.

Scenario 1: The first service disconnects the first communication channel with the first network agent

The first service sends a notification message to the first network agent to disconnect the first communication channel. After receiving the notification message for disconnecting the first communication channel, the first network agent sends a first disconnect message to the second network agent, where the first disconnect message is used to indicate that the first network agent currently locally disconnects the first communication channel. The virtual channel is set to a semi-closed state. The semi-closed state includes that the first network agent can receive a specified message from the first virtual channel (such as the second disconnect message below), but cannot receive data from the first virtual channel. Transmission messages (such as data transmission message R ₂ and data transmission message R ₃ ). After receiving the first disconnection message, the second network agent returns the second disconnection message to the first network agent, and deletes the mapping relationship between the identifier of the first virtual channel and the identifier of the second service, wherein the second disconnection message The open message is used to indicate that the second network agent currently sets the first virtual channel to a fully closed state locally. The fully closed state includes that the second network agent does not receive all messages from the first virtual channel. After receiving the second disconnection message, the first network agent deletes the mapping relationship between the identifier of the first virtual channel and the identifier of the first service, and disconnects the first virtual channel. In this way, the identity of the first virtual channel is released, and the first network agent can allocate the identity to other virtual channels.

Optionally, if the first network agent, after receiving the above-mentioned notification message for disconnecting the first communication channel, also receives a data transmission message (such as data transmission message R2 and data transmission message _R2 ) sent by the second network agent through the first virtual channel. transmission message R ₃ ), the first network agent discards the above-mentioned data transmission message.

Optionally, if situation 1 occurs before changing the identity of the first virtual channel, that is, the first network agent receives the above-mentioned notification message of disconnecting the first communication channel and occurs when the first network agent sends the first identity to the second network agent. Before the change request (ie S402), the first network agent may not send the first identity change request to the second network agent.

Optionally, if situation 1 occurs during the process of changing the identity of the first virtual channel, then the first virtual channel is disconnected after the identity of the first virtual channel is changed from the identity F ₁ to the identity F ₂ , that is, the first virtual channel is disconnected. The occurrence does not interrupt the process of changing the identity of the first virtual channel. Specifically: when the first network agent receives the above-mentioned notification message to disconnect the first communication channel (here the message carries the identifier F ₁ ), after the first network agent sends the first identifier change request to the second network agent, for For the second network agent, the second network agent will first receive the first identity change request, and then receive the first disconnect message. Therefore, the second network agent will first execute the above-mentioned S404-S405, and then execute: return the second disconnect message to the first network agent (here, the message carries the identifier F ₂ ), and delete the identifier F ₂ and the identifier of the second service. mapping relationship between them. Correspondingly, the first network agent will first execute the above-mentioned S406, and after receiving the above-mentioned second disconnection message, then execute: delete the mapping relationship between the identifier F ₂ and the identifier of the first service, and disconnect the first virtual channel .

Scenario 2: The second service disconnects the third communication channel with the second network agent

The second service sends a notification message to the second network agent to disconnect the third communication channel. After receiving the notification message for disconnecting the third communication channel, the second network agent sends a second disconnect message to the first network agent, and deletes the mapping relationship between the identifier of the first virtual channel and the identifier of the second service. After receiving the second disconnection message, the first network agent deletes the mapping relationship between the identifier of the first virtual channel and the identifier of the first service, and disconnects the first virtual channel.

Optionally, if the second network agent, after receiving the notification message for disconnecting the third communication channel, also receives a data transmission message (such as data transmission message R ₁ ) sent by the first network agent through the first virtual channel, Then the second network agent discards the above data transmission message.

Optional, if situation 2 occurs during the process of changing the identity of the first virtual channel, specifically:

(1) When the second network agent receives the notification message for disconnecting the third communication channel, it occurs after the first network agent sends the first identity change request to the second network agent (i.e. S402), and the second network agent receives Before the first identity change request, that is to say, the second network agent will first receive the notification message for disconnecting the third communication channel, and then receive the first identity change request. Therefore, the second network agent will first send a second disconnect message to the first network agent (here, the message carries the identifier F ₁ ), and then delete the mapping relationship between the identifier F ₁ and the identifier of the second service. Correspondingly, the first network agent will first execute the above-mentioned S401-S403; after receiving the above-mentioned second disconnection message, it will then execute: delete the identifier of the first virtual channel in the receiving direction (ie, the identifier F ₁ ) and the identifier of the first service. deleting the mapping relationship between the identifier of the first virtual channel in the sending direction (ie, the identifier F ₂ ) and the identifier of the first service, and disconnecting the first virtual channel.

(2) When the second network agent receives the notification message for disconnecting the third communication channel, it occurs before the second network agent receives the first identity change request. That is to say, the second network agent will first receive the first identification change request. The identification change request is received, and then the notification message for disconnecting the third communication channel is received. Therefore, the second network agent will first perform the above-mentioned S404-S405, and then send the second disconnect message to the first network agent (here, the message carries the identifier F ₂ ). Correspondingly, the first network agent will first receive the above-mentioned first identification change response, and then receive the above-mentioned second disconnection message. Therefore, the first network agent will first execute S406, and then execute: delete the identifier F ₂ and the first service mapping relationship between the identifiers, and disconnecting the first virtual channel.

Case 3: The first network agent receives a notification message sent by the first service to disconnect the first communication channel, and at the same time, the second network agent receives a notification message sent by the second service to disconnect the third communication channel.

The first service sends a notification message to the first network agent to disconnect the first communication channel. After receiving the notification message for disconnecting the first communication channel, the first network agent sends the first disconnect message to the second network agent, and discards the data transmission message sent by the second network agent through the first virtual channel.

The second service sends a notification message to the second network agent to disconnect the third communication channel. After receiving the notification message for disconnecting the third communication channel, the second network agent sends a second disconnect message to the first network agent, deletes the mapping relationship between the identifier _F1 and the identifier of the second service, and discards the third communication channel. All messages sent by a network agent through the first virtual channel (including the above-mentioned first disconnect message).

After receiving the second disconnection message, the first network agent deletes the mapping relationship between the identifier F ₁ and the identifier of the first service, and disconnects the first virtual channel.

Optionally, if situation 3 occurs before changing the identity of the first virtual channel, the first network agent may not send the first identity change request to the second network agent.

Optionally, if situation 3 occurs in the process of changing the identity of the first virtual channel, the disconnection process of the first virtual channel and the change process of the identity of the first virtual channel are the same as the above situation 1 and situation 2 that occur in the change process. The process of identifying the first virtual channel has the same implementation idea, so for the sake of simplicity, it will not be described here.

It should be noted that the disconnection of the first virtual channel (including any of the above situations) will not affect the change of the identifier of the second virtual channel. The reason is as follows: as long as the second network agent can receive the second identity change request sent by the first network agent (or can instruct the second network agent to exchange the first identity change request of identity F ₁ and identity F ₂ ), it means that the first identity change request The network agent has changed the identity of the second virtual channel in the sending direction, and the second network agent can change the identity of the second virtual channel to the identity F ₁ . Since the second virtual channel is in a normal connection state, the second network agent can send a second identity change response to the first network agent through the second virtual channel, and then the first network agent can change the identity of the second virtual channel in the receiving direction. In this way, the change of the identity of the second virtual channel can be completed.

Combining the above-mentioned Figures 7 to 11, it can be seen that the messages transmitted through the first virtual channel are diverse, and may specifically include the heartbeat message in S106, the virtual connection message in S108, the data transmission message R ₁ in S202, and the data in S205. transmission message message R ₂ , the data transmission message R ₃ in S302, the first identity change request in S402, the first identity change response in S405, and the above-mentioned first disconnection message and second disconnection message. In order to distinguish this information, the embodiment of the present application sets an operation type field in the message transmitted based on the first virtual channel. This field can be set to different values to distinguish different operations performed on the first virtual channel.

For example, as shown in Figure 12, the operation type field may include multiple parts. Among them, the first field can be used to divide the messages transmitted based on the first virtual channel into two categories. One category is the virtual connection message, the data transmission message R ₁ , the data transmission message R ₂ , the data transmission message R ₃ , and the first disconnection message. messages and second disconnect messages, the first fields of such messages are all 0; the other type are heartbeat messages, first identity change requests and first identity change responses, the first fields of such messages are all 1.

For messages whose first fields are all 0, they can be distinguished by the third field. Specifically: a third field of 0 indicates that the message is a message for establishing a virtual channel, that is, the above virtual connection message; a third field of 1 indicates that the message is The message is a message used to transmit business data, that is, the above-mentioned data transmission message R ₁ , data transmission message R ₂ , and data transmission message R ₃ ; the third field is 2, indicating that the message is a message used to disconnect the virtual channel, that is, the above-mentioned The first disconnect message and the second disconnect message. In addition, the first disconnect message and the second disconnect message can be distinguished by a fourth field, where a fourth field of 0 indicates that the message is the first disconnect message, and a fourth field of 1 indicates that the message is The second disconnect message above.

For messages whose first fields are all 1, they can be distinguished by the second field. Specifically: if the second field is 0, it means that the message is a request to change the identity of the virtual channel, that is, the above-mentioned first identity change request; the second field A value of 1 indicates that the message is a response to the first identity change request, that is, the above-mentioned first identity change response; a value of 2 in the second field indicates that the message is the above-mentioned heartbeat message.

It should be understood that FIG. 12 only shows an exemplary message structure. In practical applications, various types of messages transmitted based on the first virtual channel can be distinguished in other formats, which is not limited by the embodiment of the present application.

The proxy protocol provided by this application has been described in detail through the communication process between the first service and the second service. The following is a detailed description of the proxy protocol provided by the present application through the communication process between the first service and the second service. In conjunction with Figures 13 to 15, from the structure of the first network proxy and the second network proxy that support the proxy protocol, Further describe the above agency agreement.

Figure 13 exemplarily shows a schematic structural diagram of a first network agent. The first network agent in the figure may be the first network agent in the above method embodiment (ie, the first network agent in Figures 7 to 12). As shown in FIG. 13 , the first network agent 400 includes a service access module 410 , a channel establishment module 420 , an identity change module 430 and a data storage module 440 . The service access module 410, the channel establishment module 420, the identification changing module 430 and the data storage module 440 work together to implement the steps performed by the first network agent in the above method embodiment. Specifically, the business access module 410 is responsible for accessing the first service, including the step of receiving the first message in the above S102, the step of receiving the second message in the above S201, the above S202, the above S206, the above S303, and receiving the message from the first service. The step of disconnecting the notification message of the first virtual channel of a service; the channel establishment module 420 is used to perform the steps related to establishing the first communication channel in the above S101, the above S103-S106, and the above S108 related to the establishment of the first virtual channel. The steps, as well as the related steps of sending a first disconnection message to the second network agent and receiving a second disconnection message from the second network agent; the identification changing module 430 is used to perform the above-mentioned S401-S403 and the above-mentioned S406; the storage module 440 For performing the above S107, storing the mapping relationship between the identifier of the first virtual channel and the identifier of the first service in the above S108, and deleting the identifier of the first virtual channel and the first service when the first virtual channel is disconnected. The relevant steps of the mapping relationship between the identifications.

It should be understood that the schematic structural diagram shown in Figure 13 is only an exemplary structural division method for dividing the first network agent according to functions. The embodiment of the present application does not limit the specific division method of the structure of the first network agent. . It should also be understood that each module within the first network agent may be a software module or a hardware module, or may be partly a software module and partly a hardware module.

Figure 14 shows a schematic structural diagram of a computing device. The above-mentioned first network agent 400 can be deployed on the computing device. The computing device can be a computing device (such as a server) in a cloud environment, or a computing device in an edge environment. , or terminal computing device. As shown in Figure 14, the computing device 500 includes a memory 510, a processor 520, a communication interface 530, and a bus 540. The memory 510, the processor 520, and the communication interface 530 implement communication connections with each other through the bus 540.

The memory 510 may include a read only memory (ROM), a static storage device, a dynamic storage device, a random access memory (RAM), a hard disk, etc. The memory 510 may store program codes, for example, program codes in the service access module 410, program codes in the channel establishment module 420, program codes in the identification changing module 430, and program codes in the data storage module 440, etc. When the program code stored in the memory 510 is executed by the processor 520, the processor 520 and the communication interface 530 are used to execute part or all of the methods executed by the first network agent 400 (including the above-mentioned S101-S108, S201-S202, S206, The steps performed by the first network agent in S303, and the steps performed by the first network agent when the first virtual channel is disconnected). The memory 510 may also store data, such as intermediate data or result data generated by the processor 520 during execution, such as the identification of the first virtual channel, the data transmission message R ₁ , etc.

The processor 520 may be a central processing unit (CPU), an application specific integrated circuit (ASIC), a graphics processing unit (GPU), or one or more integrated circuits.

The processor 520 may also be an integrated circuit chip with signal processing capabilities. During the implementation process, the functions of the first network agent 400 can be completed by instructions in the form of hardware integrated logic circuits or software in the processor 520 . The processor 520 can also be a general-purpose processor, a digital signal process (DSP), a field programmable gate array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, Discrete hardware components can implement or execute the methods, steps and logical block diagrams disclosed in the embodiments of this application. Among them, the general processor can be a microprocessor or the processor can be any conventional processor, etc. The method disclosed in combination with the embodiments of the present application can be directly implemented as a hardware decoding processor to complete the execution, or can be performed using decoding processing. The combination of hardware and software modules in the device is executed. The software module can be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other mature storage media in this field. The storage medium is located in the memory 510. The processor 520 reads the information in the memory 510 and completes part or all of the functions of the first network agent 400 in combination with its hardware.

The communication interface 530 uses a transceiver module, such as but not limited to a transceiver, to implement communication between the computing device 500 and other devices or communication networks. Exemplarily, a message (such as a first message) from the first service is received through the communication interface 530, and a message (such as a data transmission message R ₁ ) is sent to the second network agent.

Bus 540 may include a path that carries information between various components in computing device 500 (eg, memory 510, processor 520, and communication interface 530).

Figure 15 shows a schematic structural diagram of a computing device system. The computing device system includes multiple computing devices. The above-mentioned first network agent 400 can be deployed on multiple computing devices in the computing device system in a distributed manner. As shown in Figure 15, the computing device system 600 includes multiple computing devices 700. Each computing device 700 includes a memory 710, a processor 720, a communication interface 730, and a bus 740. The memory 710, the processor 720, and the communication interface 730 pass through Bus 740 implements communication connections between each other.

Memory 710 may include ROM, RAM, static storage devices, dynamic storage devices, hard disks (such as SSD, HDD) etc. The memory 710 may store program codes, for example, a part of the program code in the service access module 410, a part of the program code in the channel establishment module 420, a part of the program code in the identification changing module 430, and a part of the program code in the data storage module 440, etc. When the program code stored in the memory 710 is executed by the processor 720, the processor 720 and the communication interface 730 are used to execute part of the method executed by the first network agent 400 (including the above-mentioned S101-S108, S201-S202, S206, S303). steps performed by the first network agent, and steps performed by the first network agent when the first virtual channel is disconnected). The memory 710 may also store data, such as intermediate data or result data generated by the processor 720 during execution, such as the identification of the first virtual channel, the data transmission message R ₁ , etc.

Processor 720 may employ a CPU, GPU, ASIC, or one or more integrated circuits. The processor 720 may also be an integrated circuit chip with signal processing capabilities. During the implementation process, part of the functions of the first network agent 400 may be implemented by instructions in the form of integrated logic circuits or software in the hardware of the processor 720 . The processor 720 can also be a DSP, FPGA, general-purpose processor, other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and can implement or execute some of the methods, steps and logic block diagrams disclosed in the embodiments of this application. The general processor may be a microprocessor or the processor may be any conventional processor, etc. The steps of the method disclosed in conjunction with the embodiments of the present application may be directly implemented as a hardware decoding processor, or may be executed using a decoding processor. The combination of hardware and software modules in the code processor is executed. The software module can be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other mature storage media in this field. The storage medium is located in the memory 710. The processor 720 reads the information in the memory 710 and completes some functions of the first network agent 400 in combination with its hardware.

The communication interface 730 uses a transceiver module, such as but not limited to a transceiver, to implement communication between the computing device 700 and other computing devices or communication networks. For example, a message from the first service (such as a first message) is received through the communication interface 730, or a message (such as a data transmission message R ₁ ) is sent to the second network agent.

Bus 740 may include a path that carries information between various components in computing device 700 (eg, memory 710, processor 720, and communication interface 730).

Communication paths are established between the above-mentioned plurality of computing devices 700 through a communication network to implement the function of the first network agent 400 . Any computing device may be a computing device (eg, a server) in a cloud environment, a computing device in an edge environment, or a terminal computing device.

In the embodiment of the present application, the structure of the second network agent may be the same as the structure of the first network agent shown in the above-mentioned Figures 13-15, or it may be a modified structure designed based on the structure of the above-mentioned first network agent. Therefore, the present application The embodiment will no longer describe the structure of the second network proxy.

The descriptions of the processes corresponding to each of the above drawings have different emphases. For parts that are not described in detail in a certain process, you can refer to the relevant descriptions of other processes.

In the above embodiments, it may be implemented in whole or in part by software, hardware, or a combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product providing the first network agent 400 or the container system (including the container system shown in Figures 3-6) respectively includes one or more computer program codes executed by the first network agent 400, and one or more computer program codes executed by the container system. computer program code. When these computer program codes are loaded and executed on a computer, the processes or functions described in the embodiments of the present application are generated in whole or in part.

The above-mentioned computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The above-mentioned computer program code can be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another. For example, the above-mentioned computer program code can be transferred from a website, computer, server or data center Transmission to another website, computer, server or data center through wired (such as coaxial cable, optical fiber, twisted pair or wireless (such as infrared, wireless, microwave), etc.) means. The above computer readable storage The storage medium stores computer program code provided for execution by the first network agent 400 or the container system (including the container system shown in Figures 3-6). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or data center that contains one or more integrated media. The above available media may be magnetic media (eg, floppy disk, hard disk, magnetic tape), optical media (eg, optical disk), or semiconductor media (eg, solid state disk (SSD)).

Claims

A communication method, characterized by including:

The first network agent establishes a first virtual channel on the communication channel with the second network agent, wherein the first network agent is responsible for access to the first service, and the second network agent is responsible for access to the second service, The first virtual channel is used to transmit communication messages between the first service and the second service. The communication message carries an identifier of the first virtual channel. The current identifier of the first virtual channel is The logo is the first logo;

The first network agent changes the identification of the first virtual channel from the first identification to a second identification, wherein the length of the second identification is less than the length of the first identification.
The method according to claim 1, characterized in that the second identification is an identification of a second virtual channel on the communication channel.
The method according to claim 2, characterized in that when one or more of the following conditions are met, the first network agent changes the identity of the first virtual channel from the first identity to a second identity:

The priority of service data transmitted on the first virtual channel is higher than the priority of service data transmitted on the second virtual channel, and the efficiency of transmitting service data on the first virtual channel is lower than that of the second virtual channel. The efficiency of transmitting business data on virtual channels.
The method according to any one of claims 1 to 3, characterized in that the second network proxy stores a first mapping relationship between the identifier of the first virtual channel and the identifier of the second service, Wherein, the first mapping relationship is used to instruct the second network agent to forward the service data from the first virtual channel to the second service.
The method of claim 4, wherein the first network proxy stores a second mapping relationship between the identifier of the first virtual channel and the identifier of the first service, wherein the first network agent stores a second mapping relationship between the identifier of the first virtual channel and the identifier of the first service. The second mapping relationship is used to instruct the first network agent to forward the service data from the first virtual channel to the first service;

The first network agent changes the identity of the first virtual channel from the first identity to a second identity, including:

The first network agent changes the identity of the first virtual channel in the second mapping relationship from the first identity to the second identity.
The method according to claim 5, characterized in that the first network agent changes the identity of the first virtual channel in the second mapping relationship from the first identity to the second identity, include:

The first network agent sends an identity change request to the second network agent, wherein the identity change request is used to instruct the second network agent to change the identity of the first virtual channel in the first mapping relationship. The identification is changed from the first identification to the second identification;

The first network agent changes the identifier carried in the communication message sent to the second network agent through the first virtual channel from the first identifier to the second identifier;

The first network agent receives the identity change response returned by the second network agent, and based on the identity change response, changes the identity used to forward the business data from the first virtual channel to the first service from the identity change response. The first identifier is changed to the second identifier.
The method according to any one of claims 1 to 6, characterized in that the communication channel is a Transmission Control Protocol TCP channel, and the first network agent establishes a first communication channel on the communication channel with the second network agent. Before the virtual channel, the method also includes:

The first network agent sends a TCP connection message to the second network agent to establish the communication channel.
The method according to any one of claims 1 to 6, characterized in that the communication channel is a TCP channel, and the first network agent establishes a first virtual channel on the communication channel with the second network agent before , the method also includes:

The first network agent establishes the communication channel based on the TCP connection message sent by the second network agent.
The method according to any one of claims 1 to 8, characterized in that the first network agent establishes a first virtual channel on the communication channel with the second network agent, including:

In response to the message sent by the first service, the first network agent establishes the first virtual channel, wherein the message sent by the first service does not carry the message sent by the first service to the second service. business data.
The method according to any one of claims 1 to 9, characterized in that the first network agent establishes a first virtual channel on the communication channel with the second network agent, including:

The first network agent sends a virtual connection message to the second network agent through the communication channel, wherein the virtual connection message includes an identifier of the first virtual channel and an identifier of the second service, and The virtual connection message is used to instruct the second network agent to establish a communication channel with the second service.
A communication method, characterized in that it is applied to a container system, the system includes a first container, a second container, and the first network agent and the second network agent according to any one of the preceding claims 1-10, wherein ,

The first container runs a first service;

The second container runs a second service;

The first network agent establishes a first virtual channel on the communication channel with the second network agent, wherein the first network agent is responsible for access to the first service, and the second network agent is responsible for Access to the second service, the first virtual channel is used to transmit communication messages between the first service and the second service, and the communication messages carry the identification of the first virtual channel, The current identifier of the first virtual channel is the first identifier;

The first network agent changes the identification of the first virtual channel from the first identification to a second identification, wherein the length of the second identification is less than the length of the first identification.
The method of claim 11, wherein the communication channel is a Transmission Control Protocol (TCP) channel, and the first network agent establishes a first virtual channel on the communication channel with the second network agent before , the method also includes:

The first network agent sends a TCP connection message to the second network agent to establish the communication channel.
The method of claim 11, wherein the communication channel is a TCP channel, and before the first network agent establishes a first virtual channel on the communication channel with the second network agent, the Methods also include:

The second network agent sends a TCP connection message to the first network agent to establish the communication channel.
The method according to any one of claims 11 to 13, characterized in that the first network agent establishes a first virtual channel on the communication channel with the second network agent, including:

In response to the message sent by the first service, the first network agent establishes the first virtual channel, wherein the message sent by the first service does not carry the message sent by the first service to the second service. business data.
A first network agent, characterized by including:

The business access module is responsible for access to the first service;

A channel establishment module, configured to establish a first virtual channel on the communication channel with a second network agent, wherein the second network agent is responsible for accessing the second service, and the first virtual channel is used to transmit the The communication message between the first service and the second service, the communication message carries the identifier of the first virtual channel, and the current identifier of the first virtual channel is the first identifier;

An identification changing module, configured to change the identification of the first virtual channel from the first identification to a second identification, wherein the length of the second identification is smaller than the length of the first identification.
A container system, characterized by comprising a first container, a second container, and the first network agent and the second network agent according to any one of the preceding claims 1-10, wherein,

The first container is used to run the first service;

The second container is used to run the second service;

The second network agent is responsible for access to the second service;

The first network agent is responsible for accessing the first service and establishing a first virtual channel on the communication channel with the second network agent, wherein the first virtual channel is used for transmission The communication message between the first service and the second service, the communication message carries the identifier of the first virtual channel, the current identifier of the first virtual channel is the first identifier, and the The identity of the first virtual channel is changed from the first identity to a second identity, wherein the length of the second identity is less than the length of the first identity.
A computing device, characterized by comprising a processor and a memory, the processor executing computer program code in the memory to implement the method of any one of the preceding claims 1-10.
A computer-readable storage medium, characterized in that computer program code is stored therein. When the computer program code is executed by a computing device, the computing device performs the method described in any one of the preceding claims 1-10.