CN109151095B - Method and apparatus for network communication - Google Patents

Method and apparatus for network communication Download PDF

Info

Publication number
CN109151095B
CN109151095B CN201811298258.9A CN201811298258A CN109151095B CN 109151095 B CN109151095 B CN 109151095B CN 201811298258 A CN201811298258 A CN 201811298258A CN 109151095 B CN109151095 B CN 109151095B
Authority
CN
China
Prior art keywords
address
internal
request message
external
domain name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811298258.9A
Other languages
Chinese (zh)
Other versions
CN109151095A (en
Inventor
宋晓丽
王煦
王正浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201811298258.9A priority Critical patent/CN109151095B/en
Publication of CN109151095A publication Critical patent/CN109151095A/en
Application granted granted Critical
Publication of CN109151095B publication Critical patent/CN109151095B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses

Abstract

The present disclosure provides a method for network communication. The method comprises the following steps: receiving a first external request message from an external network, wherein the destination IP address of the first external request message is the floating IP address of the internal network; analyzing the first external request message to acquire a first service domain name of a service requested by the first external request message; determining a first internal IP address corresponding to the first service domain name according to the mapping relation between the service domain name and the internal IP address in the intranet; and taking the first internal IP address as a destination IP address of the first external request message, and repackaging the first external request message to obtain a first internal request message, wherein the first internal request message is used for accessing the first virtual machine. The present disclosure also provides an apparatus, system, and medium for network communication.

Description

Method and apparatus for network communication
Technical Field
The present disclosure relates to a method and apparatus for network communication.
Background
IP address resources are very limited in the internet. Therefore, the intranet typically accesses the internet through a floating IP address. When the message reaches the router, the floating I Address P is correspondingly converted with the internal IP Address of the virtual machine in the internal network through the NAT (network Address Translation) function of the router, so that the access of the virtual machine in the external network and the virtual machine in the internal network is realized. The correct conversion of the floating IP address of the intranet to the internal IP address is very important for the successful access of the intranet by the extranet, especially when a large number of virtual machines in the intranet provide a variety of different services.
Disclosure of Invention
One aspect of the present disclosure provides a method for network communication. The method comprises the following steps: receiving a first external request message from an external network, wherein the destination IP address of the first external request message is the floating IP address of the internal network; the intranet is further connected with a plurality of virtual machines, wherein each virtual machine has a corresponding internal IP address: the intranet accesses an external network through the floating IP address and accesses a corresponding virtual machine through the internal IP address; analyzing the first external request message to acquire a first service domain name of a service requested by the first external request message; determining a first internal IP address corresponding to the first service domain name according to the mapping relation between the service domain name and the internal IP address in the intranet; and taking the first internal IP address as a destination IP address of the first external request message, and repackaging the first external request message to obtain a first internal request message, wherein the first internal request message is used for accessing the first virtual machine.
Optionally, the method further includes setting a mapping relationship between the service domain name and the internal IP address in the intranet.
Optionally, the method further includes forwarding the first internal request packet to the first virtual machine.
Optionally, the analyzing the first external request packet to obtain the first service domain name of the service requested by the first external request packet includes extracting the first service domain name from a host field or a referrer field in a request header of the first external request packet.
Optionally, the method further comprises: receiving a first internal and external message, wherein the first internal and external message is a message which is sent by the first virtual machine and needs to access an external network, and a source IP address of the first internal and external message is the first internal address; and taking the floating IP address as a source IP address in the first internal and external messages, and re-encapsulating the first internal and external messages to obtain a first outgoing message, wherein the first outgoing message is used for accessing an external network.
Optionally, the method further includes forwarding the first outgoing packet to an external network.
Another aspect of the present disclosure also provides an apparatus for network communication. The device comprises a request message receiving module, a service domain name analyzing module, a mapping determining module and a secondary packaging module. The request message receiving module is used for receiving a first external request message from an external network, wherein the destination IP address of the first external request message is the floating IP address of the internal network; the intranet is further connected with a plurality of virtual machines, wherein each virtual machine has a corresponding internal IP address: the internal network accesses the external network through the floating IP address and accesses the corresponding virtual machine through the internal IP address. The service domain name resolution module is used for resolving the first external request message to acquire a first service domain name of a service requested by the first external request message. The mapping determining module is configured to determine a first internal IP address corresponding to the first service domain name according to a mapping relationship between the service domain name and the internal IP address in the intranet. And the secondary encapsulation module is used for taking the first internal IP address as a destination IP address of the first external request message, and re-encapsulating the first external request message to obtain a first internal request message, wherein the first internal request message is used for accessing the first virtual machine.
Optionally, the apparatus further includes an intranet forwarding module. And the intranet forwarding module is used for forwarding the first internal request message to the first virtual machine.
Optionally, the apparatus further includes a mapping relationship setting module. The mapping relation setting module is used for setting the mapping relation between the service domain name and the internal IP address in the intranet.
Optionally, the service domain name resolution module is specifically configured to extract the first service domain name from a host field or a referrer field in a request header of the first external request packet.
Optionally, the apparatus further includes an outgoing message receiving module and an outgoing message secondary encapsulation module. The external message receiving module is configured to receive a first internal and external message, where the first internal and external message is a message sent by the first virtual machine and needs to access an external network, and a source IP address of the first internal and external message is the first internal address. And the secondary outgoing message encapsulating module is used for taking the floating IP address as a source IP address in the first internal and external messages, and re-encapsulating the first internal and external messages to obtain a first outgoing message, wherein the first outgoing message is used for accessing an external network.
Optionally, the apparatus further comprises an extranet forwarding module. And the external network forwarding module is used for forwarding the first outgoing message to an external network.
Another aspect of the disclosure also provides a computer system for network communication, comprising one or more processors, and one or more storage devices. The storage device stores computer readable instructions. The instructions when executed by the processor are for implementing the method as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario of the method and apparatus for network communication according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a flow chart of a method for network communication according to an embodiment of the present disclosure;
fig. 3 schematically illustrates a flow chart of a method for network communication according to another embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart of a method for network communication according to yet another embodiment of the present disclosure;
fig. 5 schematically illustrates one system architecture example of a method for network communication according to an embodiment of the present disclosure;
fig. 6 schematically illustrates a block diagram of an apparatus for network communication according to an embodiment of the present disclosure; and
FIG. 7 schematically shows a block diagram of a computer system for network communication according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon for use by or in connection with an instruction execution system.
In the prior art, the mapping between the floating IP address of the intranet and the internal IP address can be determined by the port information in the message. However, this implementation has at least two major drawbacks. On one hand, the port number is limited, and especially some internal networks can set firewall rules to allow only specific port numbers to be open to the outside. At this time, if the number of services provided by the intranet virtual machine is greater than the number of available port numbers, different services cannot be distinguished through the port numbers. On the other hand, some services use a uniform port, for example, a web server usually uses an 80 port, and if multiple messages use a default port (i.e., the 80 port) to request different network services, the corresponding virtual machine cannot be located through the port number.
In view of this, embodiments of the present disclosure provide a method, an apparatus, a system, and a medium for network communication, which can implement more flexible IP address conversion when an intranet interacts with an extranet, and can conveniently distinguish virtual machines providing different services in the intranet, thereby effectively saving IP address resources of the internet. The method comprises the steps of firstly receiving a first external request message from an external network, wherein the destination IP address of the first external request message is the floating IP address of an internal network. And then, the first external request message is analyzed to obtain a first service domain name of the service requested by the first external request message. And then, determining a first internal IP address corresponding to the first service domain name according to the mapping relation between the service domain name and the internal IP address in the intranet. And then, taking the first internal IP address as a destination IP address of the first external request message, and repackaging the first external request message to obtain the first internal request message, wherein the first internal request message is used for accessing the first virtual machine.
According to the embodiment of the disclosure, a first service domain name identifying a requested service is obtained by analyzing a first external request message, and then a first internal IP address of a first virtual machine to be accessed by the first external request message is obtained according to a mapping relation between the service domain name and the internal IP address in an intranet, so that the first internal request message can be obtained by repackaging the first external request message through the first internal IP address, and then the access to the first virtual machine is realized through the first internal request message. In this way, the outer network can effectively and accurately access the virtual machines providing different services in the inner network through one floating IP address, and the IP address resources of the Internet can be effectively saved.
According to the embodiment of the disclosure, the mapping relation between the service domain name in the floating IP address in the intranet and the internal IP address can be maintained in the router, so that flexible IP address conversion can be realized when the router interacts with the extranet. Moreover, the dynamic conversion of the IP address can be realized by changing the mapping relation. For example, if a virtual machine providing a certain service fails, the mapping relationship can be modified to ensure the smooth interaction with the external network in a convenient and low-cost manner.
Fig. 1 schematically illustrates an application scenario 100 of a method and apparatus for network communication according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the application scenario 100 includes an extranet 110 and an intranet 120. The external network 110 is a network system that performs interactive access using the internet 114 as a medium. The intranet 120 is a network system that performs interactive access via the internal network 123. The intranet 120 and the extranet 110 realize information interaction through the network address translation function of the router 121.
Extranet 110 may include the Internet (Internet)114 and a plurality of extranet visitors connected via Internet 114. The extranet visitor may be, for example, terminal server 111, terminal device 112, or proxy server 113. Of course, the extranet visitor may be an intranet other than intranet 120. In addition, the entire intranet 120 may be regarded as an extranet visitor.
Intranet 120 may include a router 121, an internal network 123, and a plurality of virtual machines (also may be referred to as instances) 122-1, 122-2. The internal network 123 may be supported by one or more servers providing services. Router 121, and a plurality of virtual machines 122-1, 122-2, each having a corresponding internal IP address, are connected to internal network 123. The router 121 receives the access packet of the external network 110, and then forwards the access packet to the corresponding virtual machine through the internal network 123. Accordingly, when a message is sent out, the message to be sent out is first transmitted to the router 121 through the internal network 123, and then forwarded to the internet 114 by the router 121.
Intranet 120 interacts with extranet 110 using floating IP addresses while accessing multiple virtual machines 122-1, 122-2 through internal IP addresses. Router 121 may effect translation between the floating IP address and the internal IP address of the corresponding virtual machine.
Additionally, it is understood that intranet 120 may have one or more floating IP addresses, each corresponding to a plurality of particular virtual machines. In the following description of the present disclosure, the intranet 120 is described as having a floating IP address. For the case of intranet 120 having multiple floating IP addresses, the floating IP addresses can be obtained by analogy with the processing situation of one floating IP address.
The method for network communication according to the embodiment of the present disclosure may be applied to the router 121. Accordingly, the apparatus, system, and medium for network communication according to the embodiments of the present disclosure may also be disposed in the router 121. Alternatively, the method for network communication according to the embodiment of the present disclosure may be applied to one or more servers providing the internal network 123. Accordingly, the apparatus, system, and medium for network communication according to the embodiments of the present disclosure may be provided to one or more servers providing the internal network 123. Alternatively, the method for network communication according to the embodiment of the present disclosure may be applied to the router 121 in part and to one or more servers providing the internal network 123 in part. Accordingly, the apparatus, system, and medium for network communication according to the embodiments of the present disclosure may be partially disposed in the router 121 and partially disposed in one or more servers of the internal network 123.
It should be understood that the number and type of devices, networks, and servers in fig. 1 are merely illustrative. There may be any number and type of devices, networks, and servers, as desired for an implementation.
Fig. 2 schematically illustrates a flow chart of a method for network communication according to an embodiment of the disclosure.
As shown in fig. 2, the method for network communication may include operations S201 to S204.
In operation S201, a first external request message from the external network 110 is received. The destination IP address of the first external request message is a floating IP address of the intranet 120. Intranet 120 also connects a plurality of virtual machines 122-1, 122-2, each having a corresponding internal IP address. The intranet 120 accesses the extranet 110 through the floating IP address and accesses the corresponding virtual machine through the internal IP address.
In operation S202, the first external request packet is parsed to obtain a first service domain name of a service requested by the first external request packet. According to the embodiment of the present disclosure, operation S202 may specifically be to extract the first service domain name from a host field or a referrer field in a request header of the first external request packet.
In operation S203, a first internal IP address corresponding to the first service domain name is determined according to the mapping relationship between the service domain name and the internal IP address in the intranet 120.
In operation S204, the first internal IP address is used as a destination IP address of the first external request message, and the first external request message is repackaged to obtain a first internal request message, where the first internal request message is used to access a first virtual machine (i.e., one of the virtual machines 122-1, 122-2.. times).
According to the embodiment of the disclosure, a first service domain name identifying a requested service is obtained by analyzing a first external request message, and then a first internal IP address of a first virtual machine to be accessed by the first external request message is obtained according to a mapping relation between the service domain name and the internal IP address in an intranet, so that the first internal request message can be obtained by repackaging the first external request message through the first internal IP address, and then the access to the first virtual machine is realized through the first internal request message. In this way, the outer network can effectively and accurately access the virtual machines providing different services in the inner network through one floating IP address, and the IP address resources of the Internet can be effectively saved.
Fig. 3 schematically illustrates a flow chart of a method for network communication according to another embodiment of the present disclosure.
As shown in fig. 3, according to another embodiment of the present disclosure, the method for network communication may further include operation S301 in addition to operations S201 to S204.
In operation S301, a mapping relationship between a service domain name and an internal IP address in the intranet 120 is set. For example, a "Floating IP address-service domain name-Internal IP address" (i.e., Floating _ IP: service _ host: Internal _ IP) mapping table is maintained locally at router 121. There is a one-to-one mapping between the service domain name and the internal IP address, and a many-to-one mapping between the floating IP address and the service domain name (or the internal IP address). The same floating IP address can correspond to a plurality of internal IP addresses, and virtual machines corresponding to different internal IP addresses are distinguished through service domain names respectively providing services. When the intranet 120 has only one floating IP address, the router 121 may set and maintain a mapping relationship between the service domain name of the virtual machine within the domain of the floating IP address and the internal IP address.
In a particular implementation, for example, a "floating IP address-service domain name-internal IP address" mapping table is located in router 121. For the mapping relation of the locally maintained floating IP address-service domain name-internal IP address, the registration maintenance can be carried out when the service is released.
For example, in operation 301, router 121 locally stores and maintains a "floating IP address-service domain name-internal IP address" mapping table. In addition, a service domain name resolution module may be further added in the router 121, and the service domain name resolution module is configured to extract a service domain name string (service _ host) for uniquely identifying the requested service according to the header field in the first external request message in operation S202. For example, the extraction may be performed from a host field in an http request header, or a referrer field. In addition, a dynamic floating IP address processing function may be added to a forwarding module of the iptables in the router 121, so that the dynamic floating IP address processing function may perform repackaging processing on the packet header of the first request packet in operation S204 according to the mapping relationship between the floating IP address and the internal IP address obtained by the service domain name resolution module, to obtain the first internal request packet.
With continuing reference to fig. 3, further, in accordance with some embodiments of the present disclosure, the method for network communication may further include operation S305 after operation S204. In operation S305, the first internal request packet is forwarded to the first virtual machine, so as to implement access to the first virtual machine.
Fig. 4 schematically illustrates a flow chart of a method for network communication according to yet another embodiment of the present disclosure.
As shown in fig. 4, the method for network communication may further include operations S406 and S407 according to still another embodiment of the present disclosure. Further, according to other embodiments of the present disclosure, operation S408 may be further included after operation S407.
In operation S406, a first inner and outer packet is received. The first internal and external packets are packets sent by the first virtual machine and needing to access the external network 110, where a source IP address of the first internal and external packets is a first internal address. In some embodiments, the first internal and external messages may be, for example, response messages of the first virtual machine to the first external request message. In this case, operation S406 is performed after operation S305. In other embodiments, the first internal and external messages may also be messages sent by the first virtual machine to request to access the service of the external network 110, in which case, the operations in the method flow of fig. 3 and operation S406 may not be limited in sequence.
In operation S407, the floating IP address is used as a source IP address in the first internal and external messages, and the first internal and external messages are re-encapsulated to obtain a first outgoing message, where the first outgoing message is used to access the external network 110. For example, a dynamic floating IP address processing function may be added to the nesting module of the iptables in the router 121, so that the dynamic floating IP address processing function can perform repackaging processing on the packet headers of the first inner and outer packets according to the mapping relationship between the floating IP address and the inner IP address to obtain the first outgoing packet.
The first outgoing packet is then forwarded to the foreign network 110 in operation S408.
Fig. 5 schematically illustrates one system architecture example of a method for network communication according to an embodiment of the present disclosure.
Fig. 5 illustrates a system framework flow for implementing information interaction between the external network 110 and the internal network 120 by using a mapping relationship of "floating IP address-service domain name-internal IP address" in the internal network 120 according to an embodiment of the present disclosure.
A mapping table 501 of "Floating IP address-service domain name-Internal IP address" (i.e., Floating _ IP: service _ host: Internal _ IP) is shown in FIG. 5. The service domain name (service _ host) and the Internal IP address (Internal _ IP) are mapped one to one, and the Floating IP address (Floating _ IP) and the Internal IP address (Internal _ IP) are mapped many to one. That is, the same floating IP address may correspond to multiple internal IP addresses, and virtual machines corresponding to different internal IP addresses are distinguished by service domain names that each provide services.
The floating IP address enables the external network 110 to access the virtual machine in the internal network 120 by applying network address translation rules of iptables on the router 121. According to the embodiment of the present disclosure, the external request packet may be deeply analyzed by a forwarding module of the router 121. Specifically, the forwarding module of the Iptables parses the header of the packet after receiving the first external request packet, and in operation S202, for example, may extract a unique identifier of the service domain name in the http request header (for example, through a host field (http 1.1 mandatory field), a referrer field (extracting service domain name related information), and parse to obtain the first service domain name of the first external request packet. Then, in operation S203, the mapping relationship table 501 of "floating IP address-service domain name-internal IP address" maintained locally is compared and queried, and according to the mapping relationship table 501, the matched first internal IP address is used as the destination IP address of the first external request packet, and the first external request is repackaged to obtain the first internal request packet. And then performs a forwarding process in operation S305. Similarly, for the message sent out by the virtual machine, for example, the popping module may send the received first internal and external message sent out by the first virtual machine, in operation S407, the floating IP address provided to the outside is used as the source IP address of the first internal and external message, and the floating IP address is re-encapsulated and then sent to the external network 110.
The implementation process of the method for network communication according to the embodiment of the present disclosure shown in fig. 2 to 4 is described in detail below in conjunction with the system architecture of fig. 5. According to an embodiment of the present disclosure, a mapping relation table 501 of "floating IP address-service domain name-internal IP address" may be stored and maintained in the router 121 (operation S301). Thereafter, after receiving the first external request packet from the external network 110 (operation S201), the router 121 may analyze a header of the first external request packet (operation S202), and extract a first service domain name string (service _ host) uniquely identifying the service. Then, according to the first service domain name, the mapping relationship table 501 is searched, and a first internal IP address corresponding to the first service domain name is found (operation S203). Thus, the forwarding module may repackage the first external request packet with the first internal IP address as the destination IP address (where the source IP is not changed), obtain a first internal request packet (operation S204), and forward the first internal request packet to the first virtual machine through the internal network 123 (operation S305). The first virtual machine can analyze and process the received message and return a response result. The posistrolling module receives a first internal and external packet sent by the first virtual machine (operation S406), may call the service domain name resolution module to search the mapping relation table 501, search for a corresponding floating IP address according to the first internal IP address, repackage the first internal and external packet with the floating IP address as a source IP address (the destination IP address is unchanged) (operation S407), and forward to the external network 110 (operation S408).
According to the embodiment of the present disclosure, the mapping relationship between the service domain name and the internal IP address in each floating IP address in the intranet 120 can be maintained in the router 121, so that flexible IP address conversion can be realized when interacting with the extranet 110. Moreover, the dynamic conversion of the IP address can be realized by changing the mapping relation. For example, if a virtual machine providing a certain service fails, the mapping relationship can be modified to ensure the smooth interaction with the external network 110 in a convenient and low-cost manner.
Fig. 6 schematically shows a block diagram of an apparatus 600 for network communication according to an embodiment of the present disclosure.
As shown in fig. 6, according to an embodiment of the present disclosure, the apparatus 600 may include a request packet receiving module 610, a service domain name resolution module 620, a mapping determination module 630, and a secondary encapsulation module 640. According to the embodiment of the present disclosure, the apparatus 600 may be configured to execute the method according to the embodiment of the present disclosure, and may implement more flexible IP address conversion when interacting with the external network 110, so as to effectively save IP address resources of the internet.
The request message receiving module 610 may execute operation S201, for example, to receive a first external request message from the external network 110, where a destination IP address of the first external request message is a floating IP address of the internal network 120. Intranet 120 also connects a plurality of virtual machines 122-1, 122-2, each having a corresponding internal IP address. The intranet 120 accesses the extranet 110 through the floating IP address and accesses the corresponding virtual machine through the internal IP address.
The service domain name resolution module 620 may perform operation S202, for example, to resolve the first external request packet to obtain a first service domain name of a service requested by the first external request packet. According to an embodiment of the present disclosure, the service domain name resolution module 620 is specifically configured to extract the first service domain name from a host field or a referrer field in a request header of the first external request packet.
The mapping determining module 630 may execute operation S203, for example, to determine a first internal IP address corresponding to the first service domain name according to a mapping relationship between the service domain name and the internal IP address in the intranet 120.
The secondary encapsulation module 640 may perform operation S204, for example, to take the first internal IP address as a destination IP address of the first external request packet, and re-encapsulate the first external request packet to obtain a first internal request packet, where the first internal request packet is used to access the first virtual machine.
According to an embodiment of the present disclosure, the apparatus 600 may further include an intranet forwarding module 650. Intranet forwarding module 650 may perform operation S305, for example, to forward the first internal request packet to the first virtual machine.
According to an embodiment of the present disclosure, the apparatus 600 further includes a mapping relation setting module 660. The mapping relationship setting module 660 may perform operation S301, for example, to set a mapping relationship between a service domain name and an internal IP address in each floating IP address of the intranet 120.
According to the embodiment of the present disclosure, the apparatus 600 further includes an outgoing message receiving module 670 and an outgoing message secondary encapsulation module 680. According to another embodiment of the present disclosure, the apparatus 600 may further include an extranet forwarding module 690.
Specifically, the outbound message receiving module 670 may execute operation S406, for example, to receive a first internal and external message, where the first internal and external message is a message sent by the first virtual machine and needs to access the external network, and a source IP address of the first internal and external message is a first internal address.
The outgoing message secondary encapsulation module 680 may perform operation S407, for example, to use the floating IP address as the source IP address in the first outgoing and outgoing message, and re-encapsulate the first outgoing and outgoing message to obtain the first outgoing message, where the first outgoing message is used to access the external network 110.
The extranet forwarding module 690 may perform operation S408, for example, for forwarding the first outgoing packet to the extranet 110.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any of the request packet receiving module 610, the service domain name resolution module 620, the mapping determination module 630, the secondary encapsulation module 640, the intranet forwarding module 650, the mapping relationship setting module 660, the outbound packet receiving module 670, the outbound packet secondary encapsulation module 680, and the extranet forwarding module 690 may be combined into one module to be implemented, or any one of them may be split into multiple modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to the embodiment of the present disclosure, at least one of the request packet receiving module 610, the service domain name resolution module 620, the mapping determination module 630, the secondary encapsulation module 640, the internal network forwarding module 650, the mapping relationship setting module 660, the external packet receiving module 670, the external packet secondary encapsulation module 680, and the external network forwarding module 690 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or encapsulating a circuit, or implemented by any one of three implementation manners of software, hardware, and firmware, or implemented by a suitable combination of any of them. Alternatively, at least one of the request packet receiving module 610, the service domain name resolution module 620, the mapping determination module 630, the secondary encapsulation module 640, the intranet forwarding module 650, the mapping relationship setting module 660, the outbound packet receiving module 670, the outbound packet secondary encapsulation module 680, and the extranet forwarding module 690 may be at least partially implemented as a computer program module, which when executed, may perform corresponding functions.
Fig. 7 schematically illustrates a block diagram of a computer system 700 for network communication, in accordance with an embodiment of the present disclosure. The computer system 700 shown in fig. 7 is only an example and should not bring any limitations to the functionality or scope of use of the embodiments of the present disclosure.
As shown in fig. 7, computer system 700 includes a processor 710 and a computer-readable storage medium 720. The computer system 700 may perform a method according to an embodiment of the disclosure.
In particular, processor 710 may comprise, for example, a general purpose microprocessor, an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 710 may also include on-board memory for caching purposes. Processor 710 may be a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
Computer-readable storage medium 720, for example, may be a non-volatile computer-readable storage medium, specific examples including, but not limited to: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and so on.
The computer-readable storage medium 720 may include a computer program 721, which computer program 721 may include code/computer-executable instructions that, when executed by the processor 710, cause the processor 710 to perform a method according to an embodiment of the disclosure, or any variation thereof.
The computer program 721 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 721 may include one or more program modules, including 721A, modules 721B, … …, for example. It should be noted that the division and number of modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, so that the processor 710 may execute the method according to the embodiment of the present disclosure or any variation thereof when the program modules are executed by the processor 710.
According to an embodiment of the present invention, at least one of the request packet receiving module 610, the service domain name resolution module 620, the mapping determination module 630, the secondary encapsulation module 640, the intranet forwarding module 650, the mapping relationship setting module 660, the outbound packet receiving module 670, the outbound packet secondary encapsulation module 680, and the extranet forwarding module 690 may be implemented as a computer program module described with reference to fig. 7, which when executed by the processor 710, may implement the corresponding operations described above.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.

Claims (10)

1. A method for network communication, comprising:
receiving a first external request message from an external network, wherein the destination IP address of the first external request message is the floating IP address of the internal network; the intranet is further connected with a plurality of virtual machines, wherein each virtual machine has a corresponding internal IP address: the intranet accesses an external network through the floating IP address and accesses a corresponding virtual machine through the internal IP address;
analyzing the first external request message to acquire a first service domain name of a service requested by the first external request message;
determining a first internal IP address corresponding to the first service domain name according to a mapping relation between the service domain name and the internal IP address in the intranet, wherein the determining comprises the following steps:
storing and maintaining a mapping relation table of the service domain name and the internal IP address;
querying the mapping relation table according to the first service domain name to determine the first internal IP address;
and
and taking the first internal IP address as a destination IP address of the first external request message, and repackaging the first external request message to obtain a first internal request message, wherein the first internal request message is used for accessing the first virtual machine.
2. The method of claim 1, further comprising:
and setting a mapping relation between the service domain name and the internal IP address in the intranet.
3. The method of claim 1, further comprising:
and forwarding the first internal request message to the first virtual machine.
4. The method of claim 1, wherein parsing the first external request message to obtain a first service domain name for a service requested by the first external request message comprises:
and extracting the first service domain name from a host field or a referrer field in a request header of the first external request message.
5. The method of claim 1, further comprising:
receiving a first internal and external message, wherein the first internal and external message is a message which is sent by the first virtual machine and needs to access an external network, and a source IP address of the first internal and external message is the first internal address; and
and taking the floating IP address as a source IP address in the first internal and external messages, and re-encapsulating the first internal and external messages to obtain a first outgoing message, wherein the first outgoing message is used for accessing an external network.
6. The method of claim 5, further comprising:
and forwarding the first outgoing message to an external network.
7. An apparatus for network communication, comprising:
the request message receiving module is used for receiving a first external request message from an external network, wherein the destination IP address of the first external request message is the floating IP address of the internal network; the intranet is further connected with a plurality of virtual machines, wherein each virtual machine has a corresponding internal IP address: the intranet accesses an external network through the floating IP address and accesses a corresponding virtual machine through the internal IP address;
the service domain name resolution module is used for resolving the first external request message to acquire a first service domain name of a service requested by the first external request message;
a mapping determining module, configured to determine a first internal IP address corresponding to the first service domain name according to a mapping relationship between the service domain name and the internal IP address in the intranet, where the mapping determining module includes:
storing and maintaining a mapping relation table of the service domain name and the internal IP address;
querying the mapping relation table according to the first service domain name to determine the first internal IP address;
and
and the secondary encapsulation module is used for taking the first internal IP address as a destination IP address of the first external request message, and re-encapsulating the first external request message to obtain a first internal request message, wherein the first internal request message is used for accessing the first virtual machine.
8. The apparatus of claim 7, further comprising:
and the intranet forwarding module is used for forwarding the first internal request message to the first virtual machine.
9. The apparatus of claim 7, further comprising:
and the mapping relation setting module is used for setting the mapping relation between the service domain name and the internal IP address in the intranet.
10. The apparatus according to claim 7, wherein the service domain name resolution module is specifically configured to:
and extracting the first service domain name from a host field or a referrer field in a request header of the first external request message.
CN201811298258.9A 2018-11-01 2018-11-01 Method and apparatus for network communication Active CN109151095B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811298258.9A CN109151095B (en) 2018-11-01 2018-11-01 Method and apparatus for network communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811298258.9A CN109151095B (en) 2018-11-01 2018-11-01 Method and apparatus for network communication

Publications (2)

Publication Number Publication Date
CN109151095A CN109151095A (en) 2019-01-04
CN109151095B true CN109151095B (en) 2021-03-19

Family

ID=64807258

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811298258.9A Active CN109151095B (en) 2018-11-01 2018-11-01 Method and apparatus for network communication

Country Status (1)

Country Link
CN (1) CN109151095B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217845B (en) * 2019-07-09 2022-01-18 华为技术有限公司 Data transmission method based on Netconf protocol and related equipment
CN112217915B (en) * 2020-09-28 2022-10-11 中国工商银行股份有限公司 Cloud adaptation transformation method and device for traditional environment internet access area
CN112688917A (en) * 2020-12-10 2021-04-20 龙芯中科技术股份有限公司 Network access method, device, electronic equipment and storage medium
CN114338597A (en) * 2021-11-30 2022-04-12 奇安信科技集团股份有限公司 Network access method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107301083A (en) * 2017-06-16 2017-10-27 郑州云海信息技术有限公司 One kind creates OpenStack virtual machines method and OpenStack dummy machine systems
US9841988B1 (en) * 2016-11-16 2017-12-12 Red Hat Israel, Ltd. Updating service virtual machines using a new image that is certified
CN107689987A (en) * 2017-08-11 2018-02-13 东软集团股份有限公司 Virtual network service process for exposing and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729998A (en) * 2008-10-29 2010-06-09 华为技术有限公司 Information transmission, common guide architecture, and authentication method, system and device
US9887959B2 (en) * 2014-08-19 2018-02-06 Futurewei Technologies, Inc. Methods and system for allocating an IP address for an instance in a network function virtualization (NFV) system
US9781037B2 (en) * 2015-09-15 2017-10-03 Cisco Technology, Inc. Method and apparatus for advanced statistics collection
CN106878482B (en) * 2017-01-03 2020-01-03 新华三技术有限公司 Network address translation method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9841988B1 (en) * 2016-11-16 2017-12-12 Red Hat Israel, Ltd. Updating service virtual machines using a new image that is certified
CN107301083A (en) * 2017-06-16 2017-10-27 郑州云海信息技术有限公司 One kind creates OpenStack virtual machines method and OpenStack dummy machine systems
CN107689987A (en) * 2017-08-11 2018-02-13 东软集团股份有限公司 Virtual network service process for exposing and device

Also Published As

Publication number Publication date
CN109151095A (en) 2019-01-04

Similar Documents

Publication Publication Date Title
CN109151095B (en) Method and apparatus for network communication
US20210036990A1 (en) Distributed identity-based firewalls
TWI746506B (en) Method and device for network load balancing, control and network interaction
US9602307B2 (en) Tagging virtual overlay packets in a virtual networking system
KR101764402B1 (en) Network packet encapsulation and routing
US8725898B1 (en) Scalable port address translations
US9397901B2 (en) Methods, systems, and computer readable media for classifying application traffic received at a network traffic emulation device that emulates multiple application servers
US10164866B2 (en) Virtual extensible LAN intercommunication mechanism for multicast in networking
US9253061B2 (en) Tunnel health check mechanism in overlay network
EP2972784B1 (en) Service bridges
CN110858821B (en) Container communication method and device
CN112333135B (en) Gateway determination method, device, server, distributor, system and storage medium
US10826725B1 (en) System for scaling network address translation (NAT) and firewall functions
US10447811B2 (en) Cloud to on-premises debug service routing
US20160380833A1 (en) Server, physical switch and communication system
US11777897B2 (en) Cloud infrastructure resources for connecting a service provider private network to a customer private network
US20240056374A1 (en) Systems and methods for monitoring network traffic
US20160094514A1 (en) Translating Network Attributes of Packets in a Multi-Tenant Environment
US9473451B2 (en) Methods, systems, and computer readable media for providing mapping information associated with port control protocol (PCP) in a test environment
CN112910917B (en) Network isolation method, device, equipment and readable storage medium
US20230188496A1 (en) Microservice visibility and control
US9385935B2 (en) Transparent message modification for diagnostics or testing
CN111147520B (en) Information processing method and device executed by firewall

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant