CN108667730B - Message forwarding method, device, storage medium and equipment based on load balancing - Google Patents
Message forwarding method, device, storage medium and equipment based on load balancing Download PDFInfo
- Publication number
- CN108667730B CN108667730B CN201810344312.2A CN201810344312A CN108667730B CN 108667730 B CN108667730 B CN 108667730B CN 201810344312 A CN201810344312 A CN 201810344312A CN 108667730 B CN108667730 B CN 108667730B
- Authority
- CN
- China
- Prior art keywords
- forwarding
- message
- processed
- session
- core
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/302—Route determination based on requested QoS
- H04L45/306—Route determination based on the nature of the carried application
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/1607—Details of the supervisory signal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1008—Server selection for load balancing based on parameters of servers, e.g. available memory or workload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Abstract
The present disclosure relates to a method, an apparatus, a storage medium and a device for forwarding a packet based on load balancing, wherein the method comprises: when a message to be processed is received, inquiring whether a session table item corresponding to the message to be processed exists in a Hash session table according to effective load information obtained by analyzing the message to be processed; when the session table entry does not exist, determining a target forwarding core for forwarding the message to be processed in the forwarding cores according to the load balancing states of the forwarding cores; creating a session table item corresponding to the message to be processed according to the effective load information through the target forwarding core; and based on the session table item, forwarding the message to be processed through the target forwarding core. The resource independence of each forwarding core in the message forwarding processing process can be realized, so that the throughput performance of the multi-core lower seven-layer load balancing system is increased along with the increase of the number of cores.
Description
Technical Field
The present disclosure relates to the field of network communication technologies, and in particular, to a method, an apparatus, a storage medium, and a device for forwarding a packet based on load balancing.
Background
With the rapid development of the internet, the traffic of each large website also rapidly increases, the load balancing technology gradually becomes one of the most important technologies in network information security, and the load balancing equipment also becomes the necessary core equipment of a large-scale application network. The load balancing system is used for performing balanced distribution on loads (work tasks), so that the loads can be shared by a plurality of units or systems to be executed (such as web servers, ftp servers and the like), and the purpose that the work tasks are completed by a plurality of servers together is achieved. The current major load balancing techniques include seven-tier load balancing and four-tier load balancing. Wherein, the seven-layer load balancing, also called "content exchange", means that the load balancing device selects the target internal server through the application layer information (URL (Uniform Resource Locator, Uniform Resource Locator) and HTTP (HyperText Transfer Protocol) header information and the like) in the message and the load balancing algorithm; the four-layer load balancing is to select a final destination server through a target IP address in a message and a port load balancing algorithm.
At present, the seven-layer load balancing technology performs load balancing according to the content of a message, and compared with the four-layer load balancing technology which performs load balancing only according to an IP address and a port, the seven-layer load balancing technology performs load balancing according to the content of the message, is more intelligent, and has higher flexibility. However, message identification according to the content requires that the load balancing server selects the server to perform three-way handshake after extracting the message content, so that the server applying the seven-layer load balancing technology needs to add an agent function when implementing, which causes performance consumption. Moreover, the seven-layer load balancing server needs to extract the content of each connection packet for analysis, and this process also causes an increase in load and a certain performance consumption.
Disclosure of Invention
The invention aims to provide a message forwarding method, a message forwarding device, a message forwarding storage medium and message forwarding equipment based on load balancing, which are used for solving the problem of high performance consumption of a seven-layer load balancing system.
In order to achieve the above object, according to a first aspect of the embodiments of the present disclosure, a method for forwarding a packet based on load balancing is provided, where the method is applied to a gateway device including multiple forwarding cores, and the method includes:
when a message to be processed is received, inquiring whether a session table item corresponding to the message to be processed exists in a Hash session table according to effective load information obtained by analyzing the message to be processed;
when the session table entry does not exist, determining a target forwarding core for forwarding the message to be processed in the forwarding cores according to the load balancing states of the forwarding cores;
creating a session table entry corresponding to the message to be processed according to the effective load information through the target forwarding core;
and forwarding the message to be processed through the target forwarding core based on the session table entry.
Optionally, when receiving a message to be processed, querying whether a session table entry corresponding to the message to be processed exists in a hash session table according to payload information obtained by parsing the message to be processed, including:
when at least one forwarding core in the gateway device receives the message to be processed, determining whether a session table entry corresponding to the message to be processed exists or not by inquiring whether a key value and a session state corresponding to the message to be processed exist in the session hash table or not for each forwarding core receiving the message to be processed;
when the session hash table does not have the key value and the session state corresponding to the message to be processed, determining that a session table item corresponding to the message to be processed does not exist;
when a key value and a session state corresponding to the message to be processed exist in the session hash table, determining that a session table entry corresponding to the message to be processed exists;
wherein the session hash table is set as a session hash table that allows the multiple forwarding cores to query simultaneously without a resource lock.
Optionally, the to-be-processed packet is a packet in a left direction, where the left direction is a direction from the client to the server, and before determining, in the multiple forwarding cores, a target forwarding core for forwarding the to-be-processed packet according to a load balancing state of the multiple forwarding cores when the session entry does not exist, the method further includes:
for each forwarding core receiving the message to be processed, hanging a left direction session key corresponding to the message to be processed into the hash session table based on three-way handshake with a client sending the message to be processed;
determining whether the session state of the left directional session key is successfully established or not according to the result of the three-way handshake;
and when the session state of the left directional session key is determined to be successfully established, determining a target server of the message to be processed according to the effective load information in the message to be processed and a preset connection matching strategy.
Optionally, the forwarding, based on the session entry, the packet to be processed through the target forwarding core includes:
hanging a right direction session key corresponding to the message to be processed into the session hash table; the right direction is the direction from the server side to the client side;
and after the target forwarding core and the target server perform three-way handshake, forwarding the packet to be processed to the target server.
Optionally, the determining, according to the load balancing status of the multiple forwarding cores, the target forwarding core for forwarding the packet to be processed includes:
determining whether a load balancing state exists among the plurality of forwarding cores;
when determining that the forwarding cores are in a load balancing state, taking the forwarding core currently receiving the message to be processed as the target forwarding core; alternatively, the first and second electrodes may be,
and when at least one forwarding core in the plurality of forwarding cores is determined to be in a load imbalance state, taking the forwarding core with the minimum load in the plurality of forwarding cores as the target forwarding core.
Optionally, the creating, by the target forwarding core according to the payload information, a session entry corresponding to the packet to be processed includes:
when the target forwarding core is the forwarding core receiving the message to be processed, creating the session table entry in the forwarding core receiving the message to be processed;
modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the Hash session table; alternatively, the first and second electrodes may be,
when the target forwarding core is the forwarding core with the minimum load, setting the session state of the left direction session key to be load balanced to be established;
the message to be processed is inverted from the forwarding core receiving the message to be processed to the target forwarding core;
creating the session table entry in the target forwarding core;
and modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the Hash session table.
Optionally, the determining, according to the result of the three-way handshake, whether the session state of the left directional session key is successfully established includes:
when the target forwarding core does not receive the ACK message replied by the client within the preset time, confirming that the three-way handshake is unsuccessful;
deleting the left direction session key in the session hash table; alternatively, the first and second electrodes may be,
when the target forwarding core receives the ACK message replied by the client in the preset time, confirming that the three-way handshake is successful;
and determining the session state of the left directional session key as successfully established.
Optionally, after the target forwarding core and the target server perform three-way handshake, forwarding the packet to be processed to the target server includes:
sending a SYN message to the target server through the target forwarding core;
receiving a SYN-ACK synchronization response message replied by the target server through a first forwarding core, wherein the first forwarding core is used for receiving messages in the right direction in the plurality of forwarding cores;
checking back the SYN-ACK message from the first forwarding core to the target forwarding core;
replying an ACK message to the target server through the target forwarding core to complete three-way handshake between the target forwarding core and the target server;
and forwarding the message to be processed to the target server through the target forwarding core.
Optionally, the method further includes:
when the session table entry exists, determining whether the message to be processed triggers the change of the session state in the session table entry in a first direction, wherein the first direction is the sending direction of the received message;
determining whether to perform reverse-core processing on the message to be processed according to the change condition of the session state in the session table item in the first direction so as to determine an actual forwarding core of the message to be processed in the first direction;
and forwarding the message to be processed through the actual forwarding core.
Optionally, the determining, according to the change condition of the session state in the session table entry in the first direction, whether to perform a back-check processing on the packet to be processed to determine an actual forwarding core of the packet to be processed in the first direction includes:
when determining that the session state in the session table entry in the first direction does not change, not performing the reverse core processing, and determining a forwarding core receiving the message to be processed as the actual forwarding core; alternatively, the first and second electrodes may be,
when determining that the session state in the session table entry in the first direction changes, checking the message to be processed to a forwarding core where the session table entry is located;
and taking the forwarding core in which the session table item is positioned as the actual forwarding core to update the session table item.
According to a second aspect of the embodiments of the present disclosure, there is provided a packet forwarding apparatus based on load balancing, which is applied to a gateway device including a plurality of forwarding cores, and the apparatus includes:
the table item query module is used for querying whether a session table item corresponding to the message to be processed exists in a Hash session table according to the effective load information analyzed from the message to be processed when the message to be processed is received;
a forwarding core determining module, configured to determine, when the session entry does not exist, a target forwarding core for forwarding the to-be-processed packet in the multiple forwarding cores according to a load balancing state of the multiple forwarding cores;
a table item creating module, configured to create, by the target forwarding core, a session table item corresponding to the to-be-processed packet according to the payload information;
and the first message forwarding module is used for forwarding the message to be processed through the target forwarding core based on the session table entry.
Optionally, the table entry querying module includes:
a table entry query submodule, configured to determine, when at least one forwarding core in the gateway device receives the packet to be processed, whether a session table entry corresponding to the packet to be processed exists by querying whether a key value and a session state corresponding to the packet to be processed exist in the session hash table for each forwarding core that receives the packet to be processed;
a table entry determining submodule, configured to determine that a session table entry corresponding to the to-be-processed packet does not exist when a key value and a session state corresponding to the to-be-processed packet do not exist in the session hash table; or
When a key value and a session state corresponding to the message to be processed exist in the session hash table, determining that a session table entry corresponding to the message to be processed exists;
wherein the session hash table is set as a session hash table that allows the multiple forwarding cores to query simultaneously without a resource lock.
Optionally, the message to be processed is a left-direction message, where the left direction is a direction from the client to the server, and the apparatus further includes:
a session key generation module, configured to, for each forwarding core that receives the to-be-processed packet, suspend, based on a triple handshake with a client that sends the to-be-processed packet, a left direction session key corresponding to the to-be-processed packet in the hash session table;
the state determining module is used for determining whether the session state of the left directional session key is successfully established or not according to the result of the three-way handshake;
and the server determining module is used for determining a target server of the message to be processed according to the effective load information in the message to be processed and a preset connection matching strategy when the session state of the left directional session key is determined to be successfully established.
Optionally, the first packet forwarding module includes:
a session key generation submodule for hanging a right direction session key corresponding to the message to be processed into the session hash table; the right direction is the direction from the server side to the client side;
and the message forwarding sub-module is used for forwarding the message to be processed to the target server after the target forwarding core and the target server perform three-way handshake.
Optionally, the forwarding core determining module includes:
a load balancing determination submodule, configured to determine whether the forwarding cores are in a load balancing state;
a first forwarding core determining submodule, configured to, when it is determined that the forwarding cores are in a load balancing state, take a forwarding core currently receiving the to-be-processed packet as the target forwarding core; alternatively, the first and second electrodes may be,
and when at least one forwarding core in the plurality of forwarding cores is determined to be in a load imbalance state, taking the forwarding core with the minimum load in the plurality of forwarding cores as the target forwarding core.
Optionally, the table entry creating module is configured to:
when the target forwarding core is the forwarding core receiving the message to be processed, creating the session table entry in the forwarding core receiving the message to be processed;
modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the Hash session table; alternatively, the first and second electrodes may be,
when the target forwarding core is the forwarding core with the minimum load, setting the session state of the left direction session key to be load balanced to be established;
the message to be processed is inverted from the forwarding core receiving the message to be processed to the target forwarding core;
creating the session table entry in the target forwarding core;
and modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the Hash session table.
Optionally, the state determining module is configured to:
when the target forwarding core does not receive the ACK message replied by the client within the preset time, confirming that the three-way handshake is unsuccessful;
deleting the left direction session key in the session hash table; alternatively, the first and second electrodes may be,
when the target forwarding core receives the ACK message replied by the client in the preset time, confirming that the three-way handshake is successful;
and determining the session state of the left directional session key as successfully established.
Optionally, the packet forwarding sub-module is configured to:
sending a SYN message to the target server through the target forwarding core;
receiving a SYN-ACK synchronization response message replied by the target server through a first forwarding core, wherein the first forwarding core is used for receiving messages in the right direction in the plurality of forwarding cores;
checking back the SYN-ACK message from the first forwarding core to the target forwarding core;
replying an ACK message to the target server through the target forwarding core to complete three-way handshake between the target forwarding core and the target server;
and forwarding the message to be processed to the target server through the target forwarding core.
Optionally, the apparatus further comprises:
a state monitoring module, configured to determine whether the to-be-processed packet triggers a change in a session state in the session entry in a first direction when the session entry exists, where the first direction is a sending direction of the received packet;
a reverse core determining module, configured to determine whether to reverse core the to-be-processed packet according to a change condition of the session state in the session table entry in the first direction, so as to determine an actual forwarding core of the to-be-processed packet in the first direction;
and the second message forwarding module is used for forwarding the message to be processed through the actual forwarding core.
Optionally, the inverted core determining module includes:
a second forwarding core determining submodule, configured to, when it is determined that the session state in the session table entry in the first direction does not change, not perform the reverse core processing, and determine a forwarding core that receives the to-be-processed packet as the actual forwarding core; alternatively, the first and second electrodes may be,
the message countdown sub-module is used for checking the message to be processed to the forwarding core of the session table item when the change of the session state in the first direction in the session table item is determined;
and the table item updating submodule is used for updating the session table item by taking the forwarding core where the session table item is positioned as the actual forwarding core.
According to a third aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the load balancing-based message forwarding method provided in the first aspect.
According to a fourth aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including: the computer-readable storage medium provided by the third aspect; and one or more processors to execute the computer program in the computer-readable storage medium.
By the technical scheme, when the message to be processed is received, whether the session table item corresponding to the message to be processed exists or not can be inquired in the hash session table according to the effective load information obtained by analyzing the message to be processed; when the session table entry does not exist, determining a target forwarding core for forwarding the message to be processed in the forwarding cores according to the load balancing states of the forwarding cores; creating a session table item corresponding to the message to be processed according to the effective load information through the target forwarding core; and based on the session table item, forwarding the message to be processed through the target forwarding core. The resource independence of each forwarding core in the message forwarding processing process can be realized, so that the throughput performance of the multi-core lower seven-layer load balancing system is increased along with the increase of the number of cores.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
fig. 1 is a flowchart illustrating a method for packet forwarding based on load balancing according to an exemplary embodiment;
FIG. 2 is a flow diagram illustrating a method for session entry lookup according to the embodiment shown in FIG. 1;
fig. 3 is a flowchart illustrating another message forwarding method based on load balancing according to the embodiment shown in fig. 1;
fig. 4 is a flow chart of a message forwarding method according to the embodiment shown in fig. 1;
FIG. 5 is a flow diagram illustrating a method for forwarding core determination according to the embodiment shown in FIG. 1;
fig. 6 is a flowchart illustrating another message forwarding method based on load balancing according to the embodiment shown in fig. 3;
fig. 7 is a flowchart illustrating another message forwarding method based on load balancing according to the embodiment shown in fig. 6;
fig. 8 is a block diagram illustrating a load balancing based message forwarding apparatus according to an example embodiment;
FIG. 9 is a block diagram illustrating an entry lookup module according to the embodiment shown in FIG. 8;
fig. 10 is a block diagram of another message forwarding apparatus based on load balancing according to the embodiment shown in fig. 8;
fig. 11 is a block diagram of a first message forwarding module according to the embodiment shown in fig. 8;
FIG. 12 is a block diagram illustrating a forwarding core determination module according to the embodiment shown in FIG. 8;
fig. 13 is a block diagram of another message forwarding apparatus based on load balancing according to the embodiment shown in fig. 10;
fig. 14 is a block diagram of another message forwarding apparatus based on load balancing according to the embodiment shown in fig. 13;
FIG. 15 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
Fig. 1 is a flowchart illustrating a method for forwarding a packet based on load balancing according to an exemplary embodiment, where the method is applied to a gateway device including multiple forwarding cores, and as shown in fig. 1, the method includes:
Wherein the session hash table is set to a session hash table that allows the multiple forwarding cores to query simultaneously without a resource lock. The session hash table is a global table and is used for recording forwarding cores related to sessions corresponding to each received message and addresses where the session table is located in the form of key values. It should be noted that, because the session hash table supports global lock-free query, multiple forwarding cores are supported to query the session hash table at the same time, but lock protection is still adopted when adding (adding from the table head) and deleting operations are performed (it is understood that adding and deleting operations of a hash table entry may be limited to only allow the forwarding core that created the hash table entry to perform), so as to ensure the efficiency of multi-core concurrent query and the operation security when creating and deleting hash table entries under multi-core concurrent conditions. The hash table entry is included in the session hash table, and the specific content of the hash table entry is a key value corresponding to the session table entry calculated by a hash algorithm according to the content of the session table entry in the session table corresponding to the packet. In addition, because the operation of querying the session hash table is lock-free, and the session table owned by each forwarding core is used as an independent resource of each forwarding core, the forwarding operation of the packet by each forwarding core is lock-free in the whole forwarding process.
Illustratively, when a message is sent from at least one client, the message is first received by any forwarding core of the forwarding cores, and the forwarding cores may actually be multiple CPU (Central Processing Unit) chips in the gateway device.
This embodiment describes, by taking a process of forwarding a packet from a client to a corresponding server as an example, a packet forwarding method based on load balancing provided by the present disclosure:
for example, when a gateway device receives a to-be-processed packet sent by a client, a forwarding core is first used to query a session hash table according to packet content of the packet, and determine whether a session table entry corresponding to the to-be-processed packet exists in the gateway device, where the forwarding core is a target forwarding core for receiving the to-be-processed packet, and is selected by the gateway device based on a preset allocation policy and a session direction (in this embodiment, a direction from the client to the server is referred to as a left direction, and a direction from the server to the client is referred to as a right direction, and at this time, a packet sent by the client is received, and is then the left direction). When the conversation table item exists, according to the direction and the conversation state of the message to be processed, determining whether the message to be processed is directly forwarded or needs to be subjected to reverse kernel processing and then forwarded; or, when it is determined that there is no session entry, it is necessary to create a session entry corresponding to the to-be-processed packet after the target forwarding core and the client end complete the three-way handshake in the following step 103, and then implement multi-core parallel lock-free packet forwarding based on the session table independent for each core after the target forwarding core and the server establish the three-way handshake.
Wherein the gateway device may be a network firewall that includes multiple forwarding cores and supports seven-layer load balancing policies. The connection between the client and the server is called a session, and the session connection in this embodiment is completed based on the seven-layer load balancing policy. Here, the connection from the client to the server is referred to as a left direction session, and the connection from the server to the client is referred to as a right direction session. Each session corresponds to a session table, each forwarding core corresponds to a session table, and only the forwarding core establishing the session table can add and delete session table entries in the session table. The session table contains three parts of content, namely Common info content, left info content and right info content, wherein the Common info content comprises: a matching policy of the session, whether the session is in a persistent state, message forwarding related information (such as a Media Access Control (MAC) address, etc.), a delta difference between the proxy and the real server, and a message to be sent cached in each direction, etc.; the left info content and the right info content each include a session state in the respective direction. The session state is recorded by the state machine to reflect the connection of the session in different directions. The session table entry may be understood as specific content written according to the above-mentioned three parts of content in the session table corresponding to the message to be processed.
And step 102, when the session table entry does not exist, determining a target forwarding core for forwarding the message to be processed in the forwarding cores according to the load balancing states of the forwarding cores.
Illustratively, when it is determined that the session entry does not exist, an appropriate forwarding core, that is, the target forwarding core, needs to be selected according to the load balancing states of all forwarding cores in the gateway device, and the target forwarding core completes subsequent forwarding of the packet and adding processing to the session entry, so as to implement load balancing among multiple forwarding cores, that is, to ensure that the task amount to be processed by each forwarding core in the multiple forwarding cores is balanced. It should be noted that the target forwarding core and the forwarding core that receives the to-be-processed packet may be the same forwarding core or different forwarding cores.
Illustratively, since the seven-layer load balancing technology is implemented based on the proxy function, in a general packet forwarding process, a client needs to perform three-way handshake with a forwarding core, and then the forwarding core selects an appropriate target server according to current payload information of a packet and a matching policy, and then forwards the packet to the selected target server. On the basis of this process, the client needs to perform three-way handshake with the forwarding core that receives the to-be-processed packet, and meanwhile, needs to hang the session key corresponding to the generated to-be-processed packet in the hash session table, and then, after determining an appropriate target server, creates a corresponding session table entry for the to-be-processed packet by using the target forwarding core selected in step 102, which may be understood as adding a session table entry in the session table corresponding to the session in which the to-be-processed packet is located. In addition, in the three-way handshake, the process of determining the target forwarding core through load balancing among the multiple forwarding cores, and creating the session table entry, the session state corresponding to the to-be-processed packet may change, so that the session state of the session key needs to be recorded and updated in the whole process.
And 104, based on the session table item, forwarding the message to be processed through the target forwarding core.
For example, the embodiments corresponding to the above steps 101 to 104 take a forwarding process of forwarding a packet from a client to a corresponding server as an example, and describe the packet forwarding method based on load balancing provided by the present disclosure. Optionally, when a packet needs to be forwarded from the server to the corresponding client, a method similar to the foregoing embodiment may be used to forward the packet: when the gateway device receives a message sent by a server, firstly, a forwarding core queries a session hash table according to the message content of the message, and determines whether a session table entry corresponding to the message exists in the gateway device, wherein the forwarding core is selected by the gateway device based on a preset distribution strategy and a session direction (here, the right direction) and is used for receiving the message. When the conversation table item exists, determining whether to directly forward the message or forward the message after the message needs to be subjected to the countdown processing according to the direction and the conversation state of the message; or, when it is determined that there is no session entry, it is necessary to create a session entry corresponding to the message in the target forwarding core selected according to the load balancing state of the multiple forwarding cores after the forwarding core receiving the message to be processed and the server finish the three-way handshake in step 103, and then implement multi-core parallel lock-free message forwarding in the right direction based on the session table independent for each forwarding core after the target forwarding core and the client establish the three-way handshake.
To sum up, when a message to be processed is received, the present disclosure can query whether a session table entry corresponding to the message to be processed exists in a hash session table according to the payload information obtained by parsing the message to be processed; when the session table entry does not exist, determining a target forwarding core for forwarding the message to be processed in the forwarding cores according to the load balancing states of the forwarding cores; creating a session table item corresponding to the message to be processed according to the effective load information through the target forwarding core; and based on the session table item, forwarding the message to be processed through the target forwarding core. The resource independence of each forwarding core in the message forwarding processing process can be realized, so that the throughput performance of the multi-core lower seven-layer load balancing system is increased along with the increase of the number of cores.
Fig. 2 is a flowchart illustrating a session table entry query method according to the embodiment shown in fig. 1, wherein, as shown in fig. 2, the step 101 may include:
Fig. 3 is a flowchart illustrating another message forwarding method based on load balancing according to the embodiment shown in fig. 1, where, as shown in fig. 3, when it is determined that there is no session entry corresponding to the message to be processed, before step 102, the method may include:
and 105, for each forwarding core receiving the message to be processed, hanging a left direction session key corresponding to the message to be processed into the hash session table based on three-way handshake with the client sending the message to be processed.
Illustratively, when the forwarding core that receives the to-be-processed packet receives a SYN (synchronization) message in the three-way handshake sent by the client, a corresponding session entry is not immediately established, but the forwarding core that receives the to-be-processed packet replies a SYN-ACK (synchronization-Acknowledgement) message to the client first, and calculates a session key corresponding to the to-be-processed packet according to the content of the to-be-processed packet (since the sending direction of the packet is the left direction, the session key is the left direction session key), and meanwhile, the left direction session key is hung in the global hash table, and the session state is recorded as SYN-ACK (synchronization-Acknowledgement). Wherein, the calculation process of the left direction conversation key comprises the following steps: and determining left info in the session table entry according to the acquired address of the session table entry, and calculating a key value (namely, a left direction session key) corresponding to the left info according to the left info and a hash algorithm.
And step 106, determining whether the session state of the left directional session key is successfully established according to the result of the three-way handshake.
Illustratively, this step 106 may include: recording and judging the time of replying an ACK (Acknowledgement) message by a client through an overtime table item, confirming that three-way handshake is unsuccessful when a forwarding core receiving the message to be processed does not receive the ACK message replied by the client within preset time, and adding one to the number of unsuccessful three-way handshake of the forwarding core receiving the message to be processed; when the three-way handshake is determined to be unsuccessful, deleting the left direction session key in the session hash table, and keeping the number of the current three-way handshake unsuccessful of the forwarding core receiving the message to be processed unchanged; or, when the forwarding core receiving the message to be processed receives the ACK message replied by the client within the preset time, confirming that the three-way handshake is successful; and when the three-way handshake is determined to be successful, determining that the session state of the left directional session key is successfully established (indicating that the three-way handshake is successfully established), and reducing the number of unsuccessful three-way handshakes of the forwarding core receiving the message to be processed by one. Therefore, when the server encounters SYN attack of a flood level, excessive useless or malicious SYN messages occupying a large number of session key positions to cause excessive memory consumption can be avoided. In addition, a timer can be added for the session with successful three-way handshake, so as to ensure that the session key is automatically deleted after a certain time, and further reduce the memory consumption.
And 107, when the session state of the left directional session key is determined to be successfully established, determining a target server of the message to be processed according to the effective load information in the message to be processed and a preset connection matching strategy.
The payload information may be information such as a URL (Uniform Resource Locator) and an HTTP (HyperText Transfer Protocol) header, and the link matching policy is used to determine a target server matched with the to-be-processed packet in combination with the payload information.
Further, based on the steps 105 to 107, the step 103 may include: when the target forwarding core is the forwarding core which receives the message to be processed, creating the session table item in the forwarding core which receives the message to be processed, and modifying the session state (successfully established by three-way handshake) of the left direction session key corresponding to the message to be processed into the established load balance in the hash session table; or, when the target forwarding core is the forwarding core with the minimum load, setting the session state of the left direction session key to be load balanced to be established (originally, the establishment of the three-way handshake is successful); the message to be processed is inverted from the forwarding core receiving the message to be processed to the target forwarding core; and creating the session table entry in the target forwarding core, and modifying the session state (to be established by load balancing) of the left direction session key corresponding to the message to be processed into the session state with the established load balancing in the hash session table.
Fig. 4 is a flowchart of a message forwarding method according to the embodiment shown in fig. 1, and as shown in fig. 4, the step 104 may include:
The right direction is a direction from the server side to the client side. Before the following step 1042 is performed, it is necessary to determine the right info in the session entry according to the obtained address of the session entry, further calculate a key value (i.e., a right direction session key) corresponding to the right info according to the right info and a hash algorithm, and then hang the right direction session key in the global hash table. That is, the right direction session key needs to be calculated in advance and hung in the session hash table for use in the subsequent three-way handshake process between the forwarding core and the server.
Illustratively, this step 1042 may include: sending a SYN message to the target server through the target forwarding core; receiving a SYN-ACK synchronous response message replied by the target server through a first forwarding core; checking the SYN-ACK message from the first forwarding core to the target forwarding core; replying an ACK message to the target server through the target forwarding core to complete three-way handshake between the target forwarding core and the target server; and forwarding the message to be processed to the target server through the target forwarding core. It should be noted that the first forwarding core is, of the multiple forwarding cores, a forwarding core for receiving a right-direction packet, and in a process of performing three-way handshake between the forwarding core and the server, the SYN-ACK message replied by the target server is first received by the first forwarding core, and then the SYN-ACK message is transmitted to the target forwarding core by the first forwarding core, and the target forwarding core performs subsequent processing. Wherein the first forwarding core is a forwarding core for receiving the SYN-ACK message, which is selected by the gateway device based on a preset allocation policy and a session direction (here, a right direction).
Fig. 5 is a flowchart illustrating a forwarding core determination method according to the embodiment shown in fig. 1, where as shown in fig. 5, the step 102 may include:
at step 1021, it is determined whether the plurality of forwarding cores are in a load balancing state.
And step 1023, when at least one forwarding core in the multiple forwarding cores is determined to be in the load imbalance state, taking the forwarding core with the smallest load in the multiple forwarding cores as the target forwarding core.
Fig. 6 is a flowchart illustrating another message forwarding method based on load balancing according to the embodiment shown in fig. 3, where as shown in fig. 6, when it is determined that a session entry corresponding to the message to be processed exists, the method shown in fig. 3 may further include:
The first direction is the sending direction of the received message, and since the step 108 is performed in the step 101, the first direction is the left direction in this embodiment. It should be noted that, when the sending direction of the message is the right direction, that is, the message is a message that the server replies to the client, in most cases, it may be determined that the session entry corresponding to the message exists, and at this time, the step 108 and the following steps 109 and 110 are also applicable.
For example, it is required to detect whether a session state in the session table entry in the first direction changes (where the changed state is triggered by the arrival of a packet), so as to determine whether to directly continue to perform the following step 110 to forward the packet to be processed, or to perform the step 110 after performing the back-checking on the packet to be processed.
And step 110, forwarding the message to be processed through the actual forwarding core.
Fig. 7 is a flowchart illustrating another message forwarding method based on load balancing according to the embodiment shown in fig. 6, where, as shown in fig. 7, the step 109 may include:
For example, the condition causing the change of the session state in the first direction in the session table entry may include: the message to be processed is a message needing to be cached, and the message to be processed is a message needing to clear the cache, or the message to be processed is a message needing to delete the session table entry.
It is understood that the principle of this step 1092 and the following step 1093 is to ensure that only one forwarding core operates when the session table and the cache need to be changed, so as to ensure that the operations on the session table under multiple forwarding cores are unique and secure. For example, when the session state related to the current packet is between the load balancing to-be-established state and the load balancing establishment state, that is, when the three-way handshake with the server is not completed, the packet sent by the client again needs to be cached, and at this time, the packet needs to be sent to the forwarding core where the session entry is located for caching. For the message requiring to delete the session table entry, the message also needs to be subjected to reverse-core processing, the session state of the session table entry needs to be set to dead in the processing process, overtime deletion is set, and finally the forwarding core where the session table entry is located deletes the session table entry, and the content of the corresponding left direction session key and right direction session key in the session hash table is removed.
It should be noted that, in the case that a session entry needs to be deleted, the duration of a persistent state in the state machine needs to be guaranteed to be kept within the timeout period. Specifically, for example, after the client sends a FIN (Finish) message, the session table entry is not deleted, but only the session state of the session table is changed, and the session state of the direction key to the left of the session hash table is changed to dead, and the address of the session table is reserved. When the client sends the SYN message again, the forwarding core continues to reply to the SYN-ACK message while setting the session state to Persistent-SYN-ACK (Persistent state-synchronization-response) to wait for timeout. If the client replies the ACK message within the specified time, the forwarding core where the session table is located is searched, and the message is transferred to the forwarding core to calculate and record the delta value of the session. And finally, discarding the message and setting the state of the session table as load balance establishment.
To sum up, when a message to be processed is received, the present disclosure can query whether a session table entry corresponding to the message to be processed exists in a hash session table according to the payload information obtained by parsing the message to be processed; when the session table entry does not exist, determining a target forwarding core for forwarding the message to be processed in the forwarding cores according to the load balancing states of the forwarding cores; creating a session table item corresponding to the message to be processed according to the effective load information through the target forwarding core; and based on the session table item, forwarding the message to be processed through the target forwarding core. The method can prevent a large number of SYN attacks, save the memory, ensure the high robustness of the system, and realize the resource independence of each forwarding core in the message forwarding processing process, thereby increasing the throughput performance of the multi-core lower seven-layer load balancing system along with the increase of the number of the cores.
Fig. 8 is a block diagram of a packet forwarding apparatus based on load balancing according to an exemplary embodiment, which is applied to a gateway device including multiple forwarding cores, as shown in fig. 8, where the apparatus 800 includes:
the table entry querying module 8010 is configured to, when a to-be-processed packet is received, query whether a session table entry corresponding to the to-be-processed packet exists in a hash session table according to payload information obtained by parsing the to-be-processed packet;
a forwarding core determining module 8020, configured to determine, when the session table does not exist, a target forwarding core for forwarding the to-be-processed packet in the multiple forwarding cores according to the load balancing states of the multiple forwarding cores;
a table item creating module 8030, configured to create, by the target forwarding core, a session table item corresponding to the to-be-processed packet according to the payload information;
a first message forwarding module 8040, configured to forward the to-be-processed message through the target forwarding core based on the session table entry.
FIG. 9 is a block diagram of an entry lookup module, such as the one shown in FIG. 7, according to the embodiment shown in FIG. 8, where the entry lookup module 8010 includes:
the table entry querying sub-module 8011 is configured to, when at least one forwarding core in the gateway device receives the to-be-processed packet, query, for each forwarding core that receives the to-be-processed packet, whether a key value and a session state corresponding to the to-be-processed packet exist in the session hash table to determine whether a session table entry corresponding to the to-be-processed packet exists;
the table entry determining sub-module 8012 is configured to determine that a session table entry corresponding to the message to be processed does not exist when the session hash table does not have a key value and a session state corresponding to the message to be processed; or
When the session hash table has a key value and a session state corresponding to the message to be processed, determining that a session table entry corresponding to the message to be processed exists;
wherein the session hash table is set to a session hash table that allows the multiple forwarding cores to query simultaneously without a resource lock.
Fig. 10 is a block diagram of another load balancing-based message forwarding apparatus according to the embodiment shown in fig. 8, where the message to be processed is a message in a left direction, and the left direction is a direction from the client to the server, as shown in fig. 10, the apparatus 800 further includes:
a session key generation module 8050, configured to, for each forwarding core that receives the to-be-processed packet, suspend, based on a three-way handshake with a client that sends the to-be-processed packet, a left direction session key corresponding to the to-be-processed packet in the hash session table;
a state determining module 8060, configured to determine, according to a result of the three-way handshake, whether a session state of the left directional session key is successfully established;
the server determining module 8070 is configured to, when it is determined that the session state of the left directional session key is successfully established, determine a target server of the to-be-processed message according to the payload information in the to-be-processed message and a preset connection matching policy.
Fig. 11 is a block diagram of a first message forwarding module according to the embodiment shown in fig. 8, and as shown in fig. 11, the first message forwarding module 8040 includes:
a session key generation submodule 8041, configured to hang a right direction session key corresponding to the to-be-processed packet into the session hash table; the right direction is the direction from the server side to the client side;
the packet forwarding sub-module 8042 is configured to forward the to-be-processed packet to the target server after the target forwarding core and the target server perform three-way handshake.
Fig. 12 is a block diagram of a first packet forwarding module according to the embodiment shown in fig. 8, and as shown in fig. 12, the forwarding core determining module 8020 includes:
a load balancing determining submodule 8021, configured to determine whether the forwarding cores are in a load balancing state;
a first forwarding core determining submodule 8022, configured to, when it is determined that the multiple forwarding cores are in a load balancing state, take the forwarding core currently receiving the to-be-processed packet as the target forwarding core; alternatively, the first and second electrodes may be,
and when at least one forwarding core in the plurality of forwarding cores is determined to be in a load imbalance state, taking the forwarding core with the smallest load in the plurality of forwarding cores as the target forwarding core.
Optionally, the table entry creating module 8030 is configured to:
when the target forwarding core is the forwarding core which receives the message to be processed, creating the session table item in the forwarding core which receives the message to be processed, and modifying the session state of a left direction session key corresponding to the message to be processed into the session state with the established load balance in the hash session table; alternatively, the first and second electrodes may be,
when the target forwarding core is the forwarding core with the minimum load, setting the session state of the left direction session key as load balance to be established;
the message to be processed is inverted from the forwarding core receiving the message to be processed to the target forwarding core;
and creating the session table entry in the target forwarding core, and modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the hash session table.
Optionally, the state determining module 8060 is configured to:
when the target forwarding core does not receive the ACK message replied by the client within the preset time, confirming that the three-way handshake is unsuccessful;
deleting the left direction session key in the session hash table; alternatively, the first and second electrodes may be,
when the target forwarding core receives the ACK message replied by the client in the preset time, the success of three-way handshake is confirmed;
and determining the session state of the left directional session key as successful establishment.
Optionally, the message forwarding sub-module 8042 is configured to:
sending a SYN message to the target server through the target forwarding core;
receiving a SYN-ACK synchronous response message replied by the target server through a first forwarding core, wherein the first forwarding core is used for receiving messages in the right direction in the plurality of forwarding cores;
checking the SYN-ACK message from the first forwarding core to the target forwarding core;
replying an ACK message to the target server through the target forwarding core to complete three-way handshake between the target forwarding core and the target server;
and forwarding the message to be processed to the target server through the target forwarding core.
Fig. 13 is a block diagram of another packet forwarding apparatus based on load balancing according to the embodiment shown in fig. 10, and as shown in fig. 13, the apparatus 800 further includes:
a state monitoring module 8080, configured to determine, when the session entry exists, whether the to-be-processed message triggers a change of a session state in the session entry in a first direction, where the first direction is a sending direction of the received message;
a reverse core determining module 8090, configured to determine, according to a change condition of a session state in the session table entry in the first direction, whether to perform reverse core processing on the to-be-processed packet to determine an actual forwarding core of the to-be-processed packet in the first direction;
and a second message forwarding module 8100, configured to forward the to-be-processed message through the actual forwarding core.
Fig. 14 is a block diagram illustrating another packet forwarding based on load balancing according to the embodiment shown in fig. 13, where as shown in fig. 14, the countdown determining module 8090 includes:
a second forwarding core determining submodule 8091, configured to, when it is determined that the session state in the first direction in the session table entry does not change, not perform the core reversing processing, and determine the forwarding core that receives the to-be-processed packet as the actual forwarding core; alternatively, the first and second electrodes may be,
a message countdown submodule 8092, configured to, when it is determined that the session state in the session entry in the first direction changes, countdown the to-be-processed message to the forwarding core where the session entry is located;
the table entry updating submodule 8093 is configured to update the session table entry by using the forwarding core where the session table entry is located as the actual forwarding core.
To sum up, when a message to be processed is received, the present disclosure can query whether a session table entry corresponding to the message to be processed exists in a hash session table according to the payload information obtained by parsing the message to be processed; when the session table entry does not exist, determining a target forwarding core for forwarding the message to be processed in the forwarding cores according to the load balancing states of the forwarding cores; creating a session table item corresponding to the message to be processed according to the effective load information through the target forwarding core; and based on the session table item, forwarding the message to be processed through the target forwarding core. The method can prevent a large number of SYN attacks, save the memory, ensure the high robustness of the system, and realize the resource independence of each forwarding core in the message forwarding processing process, thereby increasing the throughput performance of the multi-core lower seven-layer load balancing system along with the increase of the number of the cores.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
FIG. 15 is a block diagram illustrating an electronic device 1500 in accordance with an example embodiment. As shown in fig. 15, the electronic device 1500 may include: a processor 1501, memory 1502, multimedia components 1503, input/output (I/O) interfaces 1504, and communication components 1505.
The processor 1501 is configured to control the overall operation of the electronic device 1500, so as to complete all or part of the steps in the message forwarding method based on load balancing. The memory 1502 is used to store various types of data to support operation at the electronic device 1500, such as instructions for any application or method operating on the electronic device 1500, as well as application-related data, such as contact data, messaging, pictures, audio, video, and the like. The Memory 1502 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. The multimedia component 1503 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 1502 or transmitted via the communication component 1505. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 1504 provides an interface between the processor 1501 and other interface modules, such as a keyboard, mouse, buttons, and the like. These buttons may be virtual buttons or physical buttons. The communication component 1505 is used for wired or wireless communication between the electronic device 1500 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, or 4G, or a combination of one or more of them, so that the corresponding Communication component 1505 may include: Wi-Fi module, bluetooth module, NFC module.
In an exemplary embodiment, the electronic Device 1500 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the load balancing based message forwarding method described above.
In another exemplary embodiment, a computer readable storage medium comprising program instructions, such as the memory 1502 comprising program instructions, executable by the processor 1501 of the electronic device 1500 to perform the load balancing based message forwarding method described above is also provided.
In summary, the present disclosure determines the correlation between two knowledge points according to the specified knowledge point information of any two knowledge points in the preset knowledge point range, further determines whether the two knowledge points are related knowledge points according to the correlation between the two knowledge points and a preset correlation threshold, and determines that the two knowledge points are related knowledge points when the correlation between the two knowledge points is greater than or equal to the correlation threshold, so as to associate the knowledge points according to the correlation.
Preferred embodiments of the present disclosure are described in detail above with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and other embodiments of the present disclosure may be easily conceived by those skilled in the art within the technical spirit of the present disclosure after considering the description and practicing the present disclosure, and all fall within the protection scope of the present disclosure.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. Meanwhile, any combination can be made between various different embodiments of the disclosure, and the disclosure should be regarded as the disclosure of the disclosure as long as the combination does not depart from the idea of the disclosure. The present disclosure is not limited to the precise structures that have been described above, and the scope of the present disclosure is limited only by the appended claims.
Claims (18)
1. A message forwarding method based on load balancing is applied to a gateway device comprising a plurality of forwarding cores, and the method comprises the following steps:
when a message to be processed is received, inquiring whether a session table item corresponding to the message to be processed exists in a Hash session table according to effective load information obtained by analyzing the message to be processed;
when the session table entry does not exist, determining a target forwarding core for forwarding the message to be processed in the forwarding cores according to the load balancing states of the forwarding cores;
creating a session table entry corresponding to the message to be processed according to the effective load information through the target forwarding core;
based on the session table item, forwarding the message to be processed through the target forwarding core;
the determining the target forwarding core for forwarding the packet to be processed according to the load balancing status of the forwarding cores includes:
determining whether a load balancing state exists among the plurality of forwarding cores;
when determining that the forwarding cores are in a load balancing state, taking the forwarding core currently receiving the message to be processed as the target forwarding core; alternatively, the first and second electrodes may be,
and when at least one forwarding core in the plurality of forwarding cores is determined to be in a load imbalance state, taking the forwarding core with the minimum load in the plurality of forwarding cores as the target forwarding core.
2. The method according to claim 1, wherein the packet to be processed is a packet in a left direction, the left direction is a direction from a client to a server, and before the determining, according to the load balancing status of the forwarding cores, a target forwarding core for forwarding the packet to be processed in the forwarding cores, the method further comprises:
for each forwarding core receiving the message to be processed, hanging a left direction session key corresponding to the message to be processed into the hash session table based on three-way handshake with a client sending the message to be processed;
determining whether the session state of the left directional session key is successfully established or not according to the result of the three-way handshake;
and when the session state of the left directional session key is determined to be successfully established, determining a target server of the message to be processed according to the effective load information in the message to be processed and a preset connection matching strategy.
3. The method according to claim 2, wherein forwarding the to-be-processed packet through the target forwarding core based on the session table entry includes:
hanging a right direction session key corresponding to the message to be processed into the session hash table; the right direction is the direction from the server side to the client side;
and after the target forwarding core and the target server perform three-way handshake, forwarding the packet to be processed to the target server.
4. The method according to claim 2, wherein the creating, by the target forwarding core according to the payload information, the session table entry corresponding to the packet to be processed includes:
when the target forwarding core is the forwarding core receiving the message to be processed, creating the session table entry in the forwarding core receiving the message to be processed;
modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the Hash session table; alternatively, the first and second electrodes may be,
when the target forwarding core is the forwarding core with the minimum load, setting the session state of the left direction session key to be load balanced to be established;
the message to be processed is inverted from the forwarding core receiving the message to be processed to the target forwarding core;
creating the session table entry in the target forwarding core;
and modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the Hash session table.
5. The method of claim 2, wherein the determining whether the session state of the left directional session key is successfully established according to the result of the three-way handshake comprises:
when the target forwarding core does not receive the ACK message replied by the client within the preset time, confirming that the three-way handshake is unsuccessful;
deleting the left direction session key in the session hash table; alternatively, the first and second electrodes may be,
when the target forwarding core receives the ACK message replied by the client in the preset time, confirming that the three-way handshake is successful;
and determining the session state of the left directional session key as successfully established.
6. The method according to claim 3, wherein the forwarding the packet to be processed to the target server after the three-way handshake between the target forwarding core and the target server includes:
sending a SYN message to the target server through the target forwarding core;
receiving a SYN-ACK synchronization response message replied by the target server through a first forwarding core, wherein the first forwarding core is used for receiving messages in the right direction in the plurality of forwarding cores;
checking back the SYN-ACK message from the first forwarding core to the target forwarding core;
replying an ACK message to the target server through the target forwarding core to complete three-way handshake between the target forwarding core and the target server;
and forwarding the message to be processed to the target server through the target forwarding core.
7. The method of claim 1, further comprising:
when the session table entry exists, determining whether the message to be processed triggers the change of the session state in the session table entry in a first direction, wherein the first direction is the sending direction of the received message;
determining whether to perform reverse-core processing on the message to be processed according to the change condition of the session state in the session table item in the first direction so as to determine an actual forwarding core of the message to be processed in the first direction;
and forwarding the message to be processed through the actual forwarding core.
8. The method according to claim 7, wherein the determining whether to perform a back-off process on the packet to be processed to determine an actual forwarding core of the packet to be processed in the first direction according to the change condition of the session state in the session table entry in the first direction includes:
when determining that the session state in the session table entry in the first direction does not change, not performing the reverse core processing, and determining a forwarding core receiving the message to be processed as the actual forwarding core; alternatively, the first and second electrodes may be,
when determining that the session state in the session table entry in the first direction changes, checking the message to be processed to a forwarding core where the session table entry is located;
and taking the forwarding core in which the session table item is positioned as the actual forwarding core to update the session table item.
9. A message forwarding apparatus based on load balancing is applied to a gateway device including a plurality of forwarding cores, and the apparatus includes:
the table item query module is used for querying whether a session table item corresponding to the message to be processed exists in a Hash session table according to the effective load information analyzed from the message to be processed when the message to be processed is received;
a forwarding core determining module, configured to determine, when the session entry does not exist, a target forwarding core for forwarding the to-be-processed packet in the multiple forwarding cores according to a load balancing state of the multiple forwarding cores;
a table item creating module, configured to create, by the target forwarding core, a session table item corresponding to the to-be-processed packet according to the payload information;
a first message forwarding module, configured to forward the to-be-processed message through the target forwarding core based on the session table entry;
the forwarding core determining module includes:
a load balancing determination submodule, configured to determine whether the forwarding cores are in a load balancing state;
a first forwarding core determining submodule, configured to, when it is determined that the forwarding cores are in a load balancing state, take a forwarding core currently receiving the to-be-processed packet as the target forwarding core; alternatively, the first and second electrodes may be,
and when at least one forwarding core in the plurality of forwarding cores is determined to be in a load imbalance state, taking the forwarding core with the minimum load in the plurality of forwarding cores as the target forwarding core.
10. The apparatus according to claim 9, wherein the message to be processed is a message in a left direction, and the left direction is a direction from the client to the server, the apparatus further comprising:
a session key generation module, configured to, for each forwarding core that receives the to-be-processed packet, suspend, based on a triple handshake with a client that sends the to-be-processed packet, a left direction session key corresponding to the to-be-processed packet in the hash session table;
the state determining module is used for determining whether the session state of the left directional session key is successfully established or not according to the result of the three-way handshake;
and the server determining module is used for determining a target server of the message to be processed according to the effective load information in the message to be processed and a preset connection matching strategy when the session state of the left directional session key is determined to be successfully established.
11. The apparatus of claim 10, wherein the first packet forwarding module comprises:
a session key generation submodule for hanging a right direction session key corresponding to the message to be processed into the session hash table; the right direction is the direction from the server side to the client side;
and the message forwarding sub-module is used for forwarding the message to be processed to the target server after the target forwarding core and the target server perform three-way handshake.
12. The apparatus of claim 10, wherein the entry creation module is configured to:
when the target forwarding core is the forwarding core receiving the message to be processed, creating the session table entry in the forwarding core receiving the message to be processed;
modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the Hash session table; alternatively, the first and second electrodes may be,
when the target forwarding core is the forwarding core with the minimum load, setting the session state of the left direction session key to be load balanced to be established;
the message to be processed is inverted from the forwarding core receiving the message to be processed to the target forwarding core;
creating the session table entry in the target forwarding core;
and modifying the session state of the left direction session key corresponding to the message to be processed into the session state with the established load balance in the Hash session table.
13. The apparatus of claim 10, wherein the status determination module is configured to:
when the target forwarding core does not receive the ACK message replied by the client within the preset time, confirming that the three-way handshake is unsuccessful;
deleting the left direction session key in the session hash table; alternatively, the first and second electrodes may be,
when the target forwarding core receives the ACK message replied by the client in the preset time, confirming that the three-way handshake is successful;
and determining the session state of the left directional session key as successfully established.
14. The apparatus of claim 11, wherein the message forwarding sub-module is configured to:
sending a SYN message to the target server through the target forwarding core;
receiving a SYN-ACK synchronization response message replied by the target server through a first forwarding core, wherein the first forwarding core is used for receiving messages in the right direction in the plurality of forwarding cores;
checking back the SYN-ACK message from the first forwarding core to the target forwarding core;
replying an ACK message to the target server through the target forwarding core to complete three-way handshake between the target forwarding core and the target server;
and forwarding the message to be processed to the target server through the target forwarding core.
15. The apparatus of claim 9, further comprising:
a state monitoring module, configured to determine whether the to-be-processed packet triggers a change in a session state in the session entry in a first direction when the session entry exists, where the first direction is a sending direction of the received packet;
a reverse core determining module, configured to determine whether to reverse core the to-be-processed packet according to a change condition of the session state in the session table entry in the first direction, so as to determine an actual forwarding core of the to-be-processed packet in the first direction;
and the second message forwarding module is used for forwarding the message to be processed through the actual forwarding core.
16. The apparatus of claim 15, wherein the back-off determination module comprises:
a second forwarding core determining submodule, configured to, when it is determined that the session state in the session table entry in the first direction does not change, not perform the reverse core processing, and determine a forwarding core that receives the to-be-processed packet as the actual forwarding core; alternatively, the first and second electrodes may be,
the message countdown sub-module is used for checking the message to be processed to the forwarding core of the session table item when the change of the session state in the first direction in the session table item is determined;
and the table item updating submodule is used for updating the session table item by taking the forwarding core where the session table item is positioned as the actual forwarding core.
17. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
18. An electronic device, comprising:
the computer-readable storage medium recited in claim 17; and
one or more processors to execute the program in the computer-readable storage medium.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810344312.2A CN108667730B (en) | 2018-04-17 | 2018-04-17 | Message forwarding method, device, storage medium and equipment based on load balancing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810344312.2A CN108667730B (en) | 2018-04-17 | 2018-04-17 | Message forwarding method, device, storage medium and equipment based on load balancing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108667730A CN108667730A (en) | 2018-10-16 |
| CN108667730B true CN108667730B (en) | 2021-02-12 |
Family
ID=63783645
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810344312.2A Active CN108667730B (en) | 2018-04-17 | 2018-04-17 | Message forwarding method, device, storage medium and equipment based on load balancing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108667730B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109347623B (en) * | 2018-10-18 | 2022-09-09 | 苏州盛科通信股份有限公司 | Method and device for session maintenance in link load balancing application |
| CN109714648B (en) * | 2018-12-03 | 2021-09-03 | 南方电网科学研究院有限责任公司 | Video stream load balancing method and device |
| CN109495504B (en) * | 2018-12-21 | 2021-05-25 | 东软集团股份有限公司 | Firewall equipment and message processing method and medium thereof |
| CN110138662B (en) * | 2019-05-08 | 2021-09-14 | 东软集团股份有限公司 | Session table item processing method and device in multi-core system and multi-core system |
| CN110381032B (en) * | 2019-06-24 | 2022-01-07 | 东软集团股份有限公司 | Session table item processing method and device in multi-core system and related products |
| CN110247806A (en) * | 2019-06-25 | 2019-09-17 | 杭州迪普科技股份有限公司 | Session failure processing method, device, electronic equipment |
| CN111835729B (en) * | 2020-06-15 | 2022-08-02 | 东软集团股份有限公司 | Message forwarding method, system, storage medium and electronic equipment |
| CN111865713B (en) * | 2020-06-23 | 2022-02-08 | 东软集团股份有限公司 | Throughput testing method and device, storage medium and electronic equipment |
| CN112615784B (en) * | 2020-12-17 | 2023-03-07 | 北京天融信网络安全技术有限公司 | Method, device, storage medium and electronic equipment for forwarding message |
| CN113489775B (en) * | 2021-06-30 | 2023-07-21 | 深圳市风云实业有限公司 | Seven-layer load balancing server and load balancing method based on VPP |
| CN114513466A (en) * | 2022-03-23 | 2022-05-17 | 杭州迪普科技股份有限公司 | Session processing method and device for load balancing equipment |
| CN116436855B (en) * | 2023-06-12 | 2023-09-12 | 建信金融科技有限责任公司 | Data information processing method, device, electronic equipment and medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6980550B1 (en) * | 2001-01-16 | 2005-12-27 | Extreme Networks, Inc | Method and apparatus for server load balancing |
| CN102480430A (en) * | 2010-11-24 | 2012-05-30 | 迈普通信技术股份有限公司 | Method and device for realizing message order preservation |
| US8619584B2 (en) * | 2010-04-30 | 2013-12-31 | Cisco Technology, Inc. | Load balancing over DCE multipath ECMP links for HPC and FCoE |
| US8660005B2 (en) * | 2010-11-30 | 2014-02-25 | Marvell Israel (M.I.S.L) Ltd. | Load balancing hash computation for network switches |
| US9083710B1 (en) * | 2012-01-03 | 2015-07-14 | Google Inc. | Server load balancing using minimally disruptive hash tables |
| CN106453116A (en) * | 2016-11-03 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | SDN (Software Defined Network) based least connection load balancing method and system |
| CN106534345A (en) * | 2016-12-07 | 2017-03-22 | 东软集团股份有限公司 | Message forwarding method and device |
| CN107612840A (en) * | 2017-09-26 | 2018-01-19 | 东软集团股份有限公司 | A kind of data processing method and device of four-layer load-equalizing equipment |
| US9875126B2 (en) * | 2014-08-18 | 2018-01-23 | Red Hat Israel, Ltd. | Hash-based load balancing for bonded network interfaces |
| US10050885B2 (en) * | 2014-04-01 | 2018-08-14 | Endace Technology Limited | Hash tag load balancing |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9602428B2 (en) * | 2014-01-29 | 2017-03-21 | Telefonaktiebolaget L M Ericsson (Publ) | Method and apparatus for locality sensitive hash-based load balancing |
| US20160269297A1 (en) * | 2015-03-10 | 2016-09-15 | Nec Laboratories America, Inc. | Scaling the LTE Control Plane for Future Mobile Access |
-
2018
- 2018-04-17 CN CN201810344312.2A patent/CN108667730B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6980550B1 (en) * | 2001-01-16 | 2005-12-27 | Extreme Networks, Inc | Method and apparatus for server load balancing |
| US8619584B2 (en) * | 2010-04-30 | 2013-12-31 | Cisco Technology, Inc. | Load balancing over DCE multipath ECMP links for HPC and FCoE |
| CN102480430A (en) * | 2010-11-24 | 2012-05-30 | 迈普通信技术股份有限公司 | Method and device for realizing message order preservation |
| US8660005B2 (en) * | 2010-11-30 | 2014-02-25 | Marvell Israel (M.I.S.L) Ltd. | Load balancing hash computation for network switches |
| US9083710B1 (en) * | 2012-01-03 | 2015-07-14 | Google Inc. | Server load balancing using minimally disruptive hash tables |
| US10050885B2 (en) * | 2014-04-01 | 2018-08-14 | Endace Technology Limited | Hash tag load balancing |
| US9875126B2 (en) * | 2014-08-18 | 2018-01-23 | Red Hat Israel, Ltd. | Hash-based load balancing for bonded network interfaces |
| CN106453116A (en) * | 2016-11-03 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | SDN (Software Defined Network) based least connection load balancing method and system |
| CN106534345A (en) * | 2016-12-07 | 2017-03-22 | 东软集团股份有限公司 | Message forwarding method and device |
| CN107612840A (en) * | 2017-09-26 | 2018-01-19 | 东软集团股份有限公司 | A kind of data processing method and device of four-layer load-equalizing equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108667730A (en) | 2018-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108667730B (en) | Message forwarding method, device, storage medium and equipment based on load balancing | |
| US11438446B2 (en) | Load balancing and session persistence in packet networks | |
| US10313402B2 (en) | Single pass load balancing and session persistence in packet networks | |
| US9628443B2 (en) | Low latency server-side redirection of UDP-based transport protocols traversing a client-side NAT firewall | |
| CN101094236B (en) | Method for processing message in address resolution protocol, communication system, and forwarding planar process portion | |
| US8874789B1 (en) | Application based routing arrangements and method thereof | |
| KR101850351B1 (en) | Method for Inquiring IoC Information by Use of P2P Protocol | |
| CN110266650B (en) | Identification method of Conpot industrial control honeypot | |
| JP2009260988A (en) | Routing hints | |
| US10536549B2 (en) | Method and apparatus to accelerate session creation using historical session cache | |
| CN110784436B (en) | Method and apparatus for maintaining an internet protocol security tunnel | |
| US11658995B1 (en) | Methods for dynamically mitigating network attacks and devices thereof | |
| CN113852697B (en) | SDP terminal flow proxy method, device, equipment and storage medium | |
| US20070147376A1 (en) | Router-assisted DDoS protection by tunneling replicas | |
| Li et al. | Prospect for the future internet: A study based on TCP/IP vulnerabilities | |
| WO2016106718A1 (en) | Network control method and virtual switch | |
| US20230164149A1 (en) | Causing or preventing an update to a network address translation table | |
| CN112866031B (en) | Route configuration method, device, equipment and computer readable storage medium | |
| JP2011166312A (en) | Virtual private network system, communication method and computer program | |
| JP6111067B2 (en) | COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND PROGRAM | |
| CN117714115A (en) | Attack protection method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |