CN109474713B - Message forwarding method and device - Google Patents
Message forwarding method and device Download PDFInfo
- Publication number
- CN109474713B CN109474713B CN201811343854.4A CN201811343854A CN109474713B CN 109474713 B CN109474713 B CN 109474713B CN 201811343854 A CN201811343854 A CN 201811343854A CN 109474713 B CN109474713 B CN 109474713B
- Authority
- CN
- China
- Prior art keywords
- forwarding
- address
- message
- vrf
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/10—Packet switching elements characterised by the switching fabric construction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
Abstract
The application provides a message forwarding method and a message forwarding device, which are applied to forwarding equipment, wherein the forwarding equipment comprises a plurality of forwarding processes, and the method comprises the following steps: respectively receiving request messages sent by a client based on each forwarding process; the destination IP address of the request message is a virtual IP address corresponding to the forwarding process; determining a VRF identifier corresponding to the request message based on the destination IP address of the request message; based on the forwarding table item corresponding to the VRF identification, performing network address translation on the request message; based on the forwarding process, forwarding the converted request message to a server side so that the server side returns a response message corresponding to the converted request message; and the IP address of the server is the destination IP address of the converted request message. According to the technical scheme, unnecessary hardware resource consumption can be avoided, and meanwhile message forwarding efficiency can be improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for forwarding a packet.
Background
SLB (Server Load Balancing) is a network Load Balancing technology designed for cloud computing platforms. In practical application, the client may send the access request to the SLB device based on a VIP (Virtual IP Address) of the SLB device, and then the SLB device forwards the access request of the client to the server of the back end for corresponding service processing based on a certain forwarding policy. As the service types gradually increase, the service complexity also increases, and different users may need to be created for different services. In such a situation, how to isolate networks that handle services of different users becomes an urgent problem to be solved.
Disclosure of Invention
In view of this, the present application provides a message forwarding method and apparatus. Specifically, the method is realized through the following technical scheme:
in a first aspect, the present application provides a packet forwarding method, where the method is applied to a forwarding device, where the forwarding device includes multiple forwarding processes, and the method includes:
respectively receiving request messages sent by a client based on each forwarding process; the destination IP address of the request message is a virtual IP address corresponding to the forwarding process;
determining a VRF identifier corresponding to the request message based on the destination IP address of the request message;
based on the forwarding table item corresponding to the VRF identification, performing network address translation on the request message;
based on the forwarding process, forwarding the converted request message to a server side so that the server side returns a response message corresponding to the converted request message; and the IP address of the server is the destination IP address of the converted request message.
In a second aspect, the present application provides a packet forwarding apparatus, where the apparatus is applied to a forwarding device, where the forwarding device includes a plurality of forwarding processes, and the apparatus includes:
the first receiving module is used for respectively receiving the request message sent by the client based on each forwarding process; the destination IP address of the request message is a virtual IP address corresponding to the forwarding process;
the determining module is used for determining the VRF identification corresponding to the request message based on the destination IP address of the request message;
a first conversion module, configured to perform network address conversion on the request packet based on a forwarding table entry corresponding to the VRF identifier;
the first forwarding module is used for forwarding the converted request message to the server based on the forwarding process so that the server returns a response message corresponding to the converted request message; and the IP address of the server is the destination IP address of the converted request message.
In the above technical solution, it is no longer necessary to create multiple virtual devices in the forwarding device, but data isolation between different users can be implemented based on multiple forwarding processes in the forwarding device. Because hardware resources such as a CPU (central processing unit), a memory and the like do not need to be distributed to each forwarding process, unnecessary hardware resource consumption can be avoided, and meanwhile, the message forwarding efficiency can be improved.
Drawings
Fig. 1 is a schematic diagram of a message forwarding system in the related art;
fig. 2 is a schematic diagram of a message forwarding system according to an exemplary embodiment of the present application;
fig. 3 is a flowchart illustrating a message forwarding method according to an exemplary embodiment of the present application;
fig. 4 is a hardware structure diagram of a device where a message forwarding apparatus is located according to an exemplary embodiment of the present application;
fig. 5 is a block diagram of a message forwarding apparatus according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Referring to fig. 1, fig. 1 is a schematic diagram of a message forwarding system in the related art. As shown in fig. 1, in practical applications, since the server is usually deployed in a private network, the client is usually deployed in a public network, and the client and the server are usually not allowed to directly communicate with each other in order to ensure the security of the service data, a forwarding device may be generally deployed between the client and the server, so that the client can access the server through the forwarding device to obtain the service data in the server.
In the related art, different users usually use different clients, and in this case, in order to ensure data isolation between different users, multiple virtual devices may be created in the forwarding device, and different virtual IP addresses, which are private network IP addresses, may be configured for the different virtual devices. Gateway equipment can be deployed between the forwarding equipment and the client, and the client used by the same user can communicate with certain virtual equipment through the gateway equipment based on the virtual IP address of the virtual equipment.
On the other hand, the service end that the client used by the user needs to access can be added to the same VLAN (Virtual Local Area Network) or VXLAN (Virtual extended LAN) with the Virtual device, so that the service end that the client used by the user needs to access can communicate with the Virtual device in the VLAN or VXLAN. In this way, since the service terminals used by different users and accessed by the clients are in different VLANs or VXLANs, data isolation between different users can be ensured.
When a virtual device is created in a forwarding device, hardware resources such as a Central Processing Unit (CPU) and a memory need to be allocated to each created virtual device. However, if the size of the allocated hardware resource is not reasonable, the message forwarding efficiency is affected, and unnecessary hardware resource consumption may also be caused.
In order to solve the above problem, the present application provides a method and an apparatus for forwarding a packet, so as to improve the efficiency of forwarding the packet and reduce the consumption of hardware resources.
Referring to fig. 2, fig. 2 is a schematic diagram of a message forwarding system according to an exemplary embodiment of the present application. As shown in fig. 2, in the message forwarding system, multiple forwarding processes may be run in the forwarding device, and different virtual IP addresses may be configured for different forwarding processes. Wherein, the forwarding process may be a section of program code for implementing a message forwarding function; the same forwarding process may be used to forward a message sent by a client used by the same user or a message sent to a client used by the user, that is, the client used by the same user may access the server through the same forwarding process.
It should be noted that the virtual IP address configured for the forwarding process may be a public network IP address, so that a client used by the same user may directly communicate with a virtual device based on the virtual IP address of the virtual device. Or, the virtual IP address configured for the forwarding process may also be a private network IP address, so that a client used by the same user may communicate with a virtual device through a gateway device based on the virtual IP address of the virtual device.
On the other hand, a corresponding Virtual Routing Forwarding (VRF) may be created for a Virtual IP address of a Forwarding process corresponding to the client used by the user, and a private network IP address for communicating with the server is configured for the Forwarding process. It should be noted that all forwarding processes running on the forwarding device may use one same private network IP address to communicate with different service terminals, or may also use different private network IP addresses to communicate with different service terminals, which is not limited in this application. Subsequently, the configured private network IP address and the IP address of the server that the client used by the user needs to access can be added to the VRF, that is, the forwarding process and the server that the client used by the user needs to access are added to the same VRF.
Referring to fig. 3, fig. 3 is a flowchart illustrating a message forwarding method according to an exemplary embodiment of the present application. The method can be applied to the forwarding device shown in fig. 2, and comprises the following steps:
step 301: respectively receiving request messages sent by a client based on each forwarding process; and the destination IP address of the request message is a virtual IP address corresponding to the forwarding process.
Step 302: and determining the VRF identification corresponding to the request message based on the destination IP address of the request message.
Step 303: and performing network address translation on the request message based on a forwarding table entry corresponding to the VRF identifier.
Step 304: based on the forwarding process, forwarding the converted request message to a server side so that the server side returns a response message corresponding to the converted request message; and the IP address of the server is the destination IP address of the converted request message.
In this embodiment, for a client used by the same user, the client may access the server through the same forwarding process running in the forwarding device.
Specifically, the client may send a request packet, where a source IP address of the request packet is an IP address of the client, and a destination IP address of the request packet is a virtual IP address corresponding to the forwarding process (that is, a virtual IP address configured for the forwarding process).
The forwarding device may receive the request packet sent by the client based on the forwarding process.
After receiving the request packet, the forwarding device may determine, based on the destination IP address of the request packet, the VRF identifier corresponding to the request packet. In this case, one VRF identifier may be used to characterize one unique VRF, that is, the forwarding device may determine, based on the virtual IP address corresponding to the forwarding process, the VRF created for the virtual IP address.
After determining the VRF identifier corresponding to the request message, the forwarding device may perform Network Address Translation (NAT) on the request message based on a forwarding table entry corresponding to the VRF identifier (that is, the VRF represented by the VRF identifier). Specifically, the forwarding device may convert the source IP address of the request packet into an IP address used when the forwarding process communicates with the server, and convert the destination IP address of the request packet into an IP address of the server that the client needs to access.
In one embodiment, the forwarding device may be an SLB device or a network device integrating SLB functionality.
In this case, after determining the VRF identifier corresponding to the request packet, the forwarding device may determine, based on the forwarding table entry corresponding to the VRF identifier, an IP address of the server that can be accessed by the client. On the other hand, the forwarding device may select one service end from the service ends based on a preset load balancing policy, and convert the destination IP address of the request packet into the IP address of the selected service end. Wherein, the load balancing strategy can be preset by a user. For example, the forwarding device may select a service end with the smallest current load from the service ends, and convert the destination IP address of the request packet into the IP address of the service end with the smallest current load.
In addition, the forwarding device may further determine forwarding information such as an outgoing interface of the request packet based on the forwarding table entry corresponding to the VRF identifier. After the network address translation of the request packet is completed, the forwarding device may forward the translated request packet to a corresponding server (i.e., a server whose IP address is the destination IP address of the request packet) based on the forwarding process and the determined forwarding information.
When receiving the converted request message, the server may perform corresponding service processing based on the converted request message, and construct a response message based on the service data obtained by the processing. Subsequently, the server may return the response message to the client that sent the request message, so that the client may obtain the service data in the server.
It should be noted that, when constructing a response packet based on the processed service data, the server may construct a response packet whose source IP address is the IP address of the server and whose destination IP address is the IP address used when the forwarding process communicates with the server, and return the response packet.
Likewise, the forwarding device may receive the response packet returned by the server based on the forwarding process.
In practical application, the forwarding process may establish a connection with the server through the socket, that is, the forwarding device may forward the converted request packet to the corresponding server based on the socket of the forwarding process, and receive a response packet returned by the server. In this case, attribute information for characterizing the VRF corresponding to the forwarding process may be set for each forwarding process, that is, when the forwarding device receives a response packet returned by the server based on a socket of a certain forwarding process, the VRF corresponding to the response packet may be determined based on the attribute information of the socket of the forwarding process.
After receiving the response packet, the forwarding device may determine the VRF identifier corresponding to the response packet based on forwarding information such as an ingress interface of the response packet, so as to determine a forwarding table entry corresponding to the VRF identifier. Subsequently, the forwarding device may perform reverse network address translation on the response packet based on the forwarding table entry. Specifically, the forwarding device may convert the source IP address of the response packet into the virtual IP address corresponding to the forwarding process, and convert the destination IP address of the response packet into the IP address of the client that sends the request packet.
After the reverse network address translation of the response packet is completed, the forwarding device may forward the translated response packet to the client sending the request packet (i.e., the client whose IP address is the destination IP address of the response packet) based on the forwarding process.
In practical application, for a service side, the service side which a client used by the same user needs to access can be added into the same VXLAN. In this case, the forwarding device can communicate in the VXLAN with the service that the client used by the user needs to access. In this way, the IP addresses of the servers in different VXLANs may be the same.
Specifically, after determining the VRF identifier corresponding to the request packet, the forwarding device may perform network address translation on the request packet based on the forwarding table entry corresponding to the VRF identifier. On the other hand, the forwarding device may determine, based on the forwarding table entry, the VXLAN identifier corresponding to the request message. Wherein, a VXLAN identifier may be used to characterize a unique VXLAN, that is, the forwarding device may determine to forward the request message in a VXLAN (that is, a VXLAN identified by the VXLAN identifier) where the service end whose IP address is the destination IP address of the converted request message is located.
Subsequently, the forwarding device may encapsulate the converted request packet into a VXLAN packet based on the VXLAN identifier. In addition, the forwarding device may further determine forwarding information such as an outgoing interface of the request message based on the forwarding table entry corresponding to the VRF identifier, so that the forwarding device may forward the VXLAN message to a corresponding server in the VXLAN represented by the VXLAN identifier based on the forwarding process and the determined forwarding information.
When receiving the VXLAN message, the server may first parse the VXLAN message to obtain the request message sent by the client. Subsequently, the server may perform corresponding service processing based on the request packet, and construct a response packet based on the service data obtained by the processing. The server can encapsulate the response message into a VXLAN message and return the VXLAN message.
Likewise, the forwarding device may receive the VXLAN message returned by the service based on the forwarding process.
After receiving the VXLAN message, the forwarding device may analyze the VXLAN message to obtain the response message returned by the service end. Subsequently, the forwarding device may determine the VRF identifier corresponding to the VXLAN packet based on forwarding information such as an ingress interface of the VXLAN packet, so as to determine a forwarding table entry corresponding to the VRF identifier, and then perform reverse network address translation on the response packet based on the forwarding table entry.
After the reverse network address translation of the response packet is completed, the forwarding device may forward the translated response packet to the client that sent the request packet based on the forwarding process.
In the above technical solution, it is no longer necessary to create multiple virtual devices in the forwarding device, but data isolation between different users can be implemented based on multiple forwarding processes in the forwarding device. Because hardware resources such as a CPU (central processing unit), a memory and the like do not need to be distributed to each forwarding process, unnecessary hardware resource consumption can be avoided, and meanwhile, the message forwarding efficiency can be improved.
The above technical solution is exemplified below.
Continuing to refer to fig. 2, assume that in the message forwarding system shown in fig. 2, the IP address of the client 1 used by the user 1 is 22.23.1.1, and the IP address of the client 2 used by the user 2 is 22.23.2.1; a forwarding process 1 and a forwarding process 2 run on the forwarding device, wherein the virtual IP address corresponding to the forwarding process 1 is 22.20.1.1, a VRF1 is created for the forwarding process 1, the virtual IP address corresponding to the forwarding process 2 is 22.20.1.2, a VRF2 is created for the forwarding process 2, and the IP addresses used for the forwarding process 1 and the forwarding process 2 to communicate with the server respectively are 100.0.0.1; service 1 is a service that client 1 can access, has an IP address of 10.159.1.1 and is added to VXLAN1, and service 2 is a service that client 2 can access, also has an IP address of 10.159.1.1 and is added to VXLAN 2.
In one example, when the user 1 uses the client 1 to access the server 1, the client 1 may send a request message with partial fields as shown in the following table 1:
| source IP address | Destination IP address |
| 22.23.1.1 | 22.20.1.1 |
TABLE 1
When receiving the request message, the forwarding process 1 may determine, based on the IP address 22.20.1.1, that the VRF corresponding to the request message is VRF 1.
Subsequently, the forwarding process 1 may determine, in the VRF1, the IP address of the server that processes the request packet, that is, the IP address 10.159.1.1 of the server 1, so that the destination IP address of the request packet may be converted into 10.159.1.1. On the other hand, the forwarding process 1 may translate the source IP address of the request message into the IP address 100.0.0.1 used by the forwarding process 1 to communicate with the server.
The partial fields of the converted request message are shown in table 2 below:
| source IP address | Destination IP address |
| 100.0.0.1 | 10.159.1.1 |
TABLE 2
In addition, forwarding process 1 may determine the outgoing interface of the request message in VRF 1. Subsequently, the forwarding process 1 may forward the converted request packet to the server 1 through the outgoing interface.
When receiving the converted request message, the server 1 may perform corresponding service processing based on the converted request message. Subsequently, the server 1 may construct a response packet based on the processed service data.
The partial fields of the response message constructed by the server 1 are shown in table 3 below:
| source IP address | Destination IP address |
| 10.159.1.1 | 100.0.0.1 |
TABLE 3
When receiving the response packet returned by the server 1, the forwarding process 1 may first determine, based on the input interface of the response packet, that the VRF corresponding to the response packet is VRF 1.
Subsequently, the forwarding process 1 may determine, in the VRF1, the IP address of the client that receives the response packet, i.e., the IP address 22.23.1.1 of the client 1, so that the destination IP address of the response packet may be converted into 22.23.1.1. On the other hand, the forwarding process 1 may translate the source IP address of the response packet into the virtual IP address 22.20.1.1 corresponding to the forwarding process 1.
The partial fields of the converted response message are shown in table 4 below:
| source IP address | Destination IP address |
| 22.20.1.1 | 22.23.1.1 |
TABLE 4
The forwarding process 1 may forward the converted response packet to the client 1, so that the client 1 may obtain the service data in the server 1.
When the user 2 uses the client 2 to access the server 2, the client 2 may send a request message with partial fields as shown in the following table 5:
| source IP address | Destination IP address |
| 22.23.2.1 | 22.20.1.2 |
TABLE 5
When receiving the request message, the forwarding process 2 may determine, based on the IP address 22.20.1.2, that the VRF corresponding to the request message is VRF 2.
Subsequently, the forwarding process 2 may determine, in the VRF2, the IP address of the server that processes the request packet, that is, the IP address 10.159.1.1 of the server 2, so that the destination IP address of the request packet may be converted into 10.159.1.1. On the other hand, the forwarding process 2 may translate the source IP address of the request message into the IP address 100.0.0.1 used by the forwarding process 2 to communicate with the server.
The partial fields of the converted request message are shown in table 2 below:
| source IP address | Destination IP address |
| 100.0.0.1 | 10.159.1.1 |
TABLE 6
In addition, forwarding process 2 may determine the outgoing interface of the request message in VRF 2. Subsequently, the forwarding process 2 may forward the converted request packet to the server 2 through the outgoing interface.
When receiving the converted request packet, the server 2 may perform corresponding service processing based on the converted request packet. Subsequently, the server 2 may construct a response packet based on the processed service data.
The partial fields of the response message constructed by the server 2 are shown in table 7 below:
| source IP address | Destination IP address |
| 10.159.1.1 | 100.0.0.1 |
TABLE 7
When receiving the response packet returned by the server 2, the forwarding process 2 may first determine, based on the input interface of the response packet, that the VRF corresponding to the response packet is VRF 2.
Subsequently, the forwarding process 2 may determine, in the VRF2, the IP address of the client that receives the response packet, i.e., the IP address 22.23.2.1 of the client 2, so that the destination IP address of the response packet may be converted into 22.23.2.1. On the other hand, the forwarding process 2 may translate the source IP address of the response packet into the virtual IP address 22.20.1.2 corresponding to the forwarding process 2.
The partial fields of the converted response message are shown in table 8 below:
| source IP address | Destination IP address |
| 22.20.1.2 | 22.23.2.1 |
TABLE 8
The forwarding process 2 may forward the converted response packet to the client 2, so that the client 2 may obtain the service data in the server 2.
In another example, when the user 1 uses the client 1 to access the server 1, the client 1 may send a request message with partial fields as shown in the following table 9:
| source IP address | Destination IP address |
| 22.23.1.1 | 22.20.1.1 |
TABLE 9
When receiving the request message, the forwarding process 1 may determine, based on the IP address 22.20.1.1, that the VRF corresponding to the request message is VRF 1.
Subsequently, the forwarding process 1 may determine, in the VRF1, the IP address of the server that processes the request packet, that is, the IP address 10.159.1.1 of the server 1, so that the destination IP address of the request packet may be converted into 10.159.1.1. On the other hand, the forwarding process 1 may translate the source IP address of the request message into the IP address 100.0.0.1 used by the forwarding process 1 to communicate with the server.
In addition, since the service end 1 is in VXLAN1, the forwarding process 1 may encapsulate the converted request message into a VXLAN message carrying VXLAN identifier 1 to characterize that the VXLAN message is forwarded in VXLAN 1.
The partial fields of the VXLAN message encapsulated by forwarding process 1 are shown in table 10 below:
| VXLAN identification | Source IP address | Destination IP address |
| 1 | 100.0.0.1 | 10.159.1.1 |
Watch 10
Forwarding process 1 may determine the outgoing interface of the request message in VRF 1. Subsequently, the forwarding process 1 may forward the VXLAN message to the service end 1 through the outgoing interface.
When receiving the VXLAN message, the service end 1 may analyze the VXLAN message to obtain the request message sent by the client end 1, and perform corresponding service processing based on the request message. Subsequently, the server 1 may perform corresponding service processing based on the request packet, and construct a response packet based on the service data obtained by the processing. The service end 1 may encapsulate the response message into a VXLAN message, and return the VXLAN message.
Part of the fields of the VXLAN message encapsulated by the service 1 are shown in table 11 below:
| VXLAN identification | Source IP address | Destination IP address |
| 1 | 10.159.1.1 | 100.0.0.1 |
TABLE 11
When receiving the VXLAN message returned by the service end 1, the forwarding process 1 may first parse the VXLAN message to obtain the response message returned by the service end 1, and determine that the VRF corresponding to the response message is the VRF1 based on the input interface of the response message.
Subsequently, the forwarding process 1 may determine, in the VRF1, the IP address of the client that receives the response packet, i.e., the IP address 10.159.1.1 of the client 1, so that the destination IP address of the response packet may be converted into 10.159.1.1. On the other hand, the forwarding process 1 may translate the source IP address of the response packet into the virtual IP address 10.20.1.1 corresponding to the forwarding process 1.
The partial fields of the converted response message are shown in table 12 below:
| source IP address | Destination IP address |
| 22.20.1.1 | 22.23.1.1 |
TABLE 12
The forwarding process 1 may forward the converted response packet to the client 1, so that the client 1 may obtain the service data in the server 1.
When the user 2 uses the client 2 to access the server 2, the client 2 may send a request message with partial fields as shown in the following table 13:
| source IP address | Destination IP address |
| 22.23.2.1 | 22.20.1.2 |
Watch 13
When receiving the request message, the forwarding process 2 may determine, based on the IP address 10.20.1.2, that the VRF corresponding to the request message is VRF 2.
Subsequently, the forwarding process 2 may determine, in the VRF2, the IP address of the server that processes the request packet, that is, the IP address 32.32.32.2 of the server 2, so that the destination IP address of the request packet may be converted into 32.32.32.2. On the other hand, the forwarding process 2 may translate the source IP address of the request message into the IP address 100.0.0.1 used by the forwarding process 2 to communicate with the server.
In addition, since the service end 2 is in VXLAN2, the forwarding process 2 may encapsulate the converted request message into a VXLAN message carrying VXLAN identifier 2, so as to characterize that the VXLAN message is forwarded in VXLAN 2.
The partial fields of the VXLAN message encapsulated by forwarding process 2 are shown in table 14 below:
| VXLAN identification | Source IP address | Destination IP address |
| 2 | 100.0.0.1 | 10.159.1.1 |
TABLE 14
Forwarding process 2 may determine the outgoing interface of the request message in VRF 2. Subsequently, the forwarding process 2 can forward the VXLAN message to the service end 2 through the outgoing interface.
When receiving the VXLAN message, the service end 2 may analyze the VXLAN message to obtain the request message sent by the client end 2, and perform corresponding service processing based on the request message. Subsequently, the server 2 may perform corresponding service processing based on the request packet, and construct a response packet based on the service data obtained by the processing. The service end 2 may encapsulate the response message into a VXLAN message and return the VXLAN message.
The partial fields of the VXLAN message encapsulated by the service 2 are shown in table 15 below:
| VXLAN identification | Source IP address | Destination IP address |
| 2 | 10.159.1.1 | 100.0.0.1 |
Watch 15
When receiving the VXLAN message returned by the service end 2, the forwarding process 2 may first parse the VXLAN message to obtain the response message returned by the service end 2, and determine that the VRF corresponding to the response message is the VRF2 based on the input interface of the response message.
Subsequently, the forwarding process 2 may determine, in the VRF2, the IP address of the client that receives the response packet, i.e., the IP address 10.159.2.1 of the client 2, so that the destination IP address of the response packet may be converted into 10.159.2.1. On the other hand, the forwarding process 2 may translate the source IP address of the response packet into the virtual IP address 10.20.1.2 corresponding to the forwarding process 2.
The partial fields of the converted response message are shown in table 16 below:
| source IP address | Destination IP address |
| 22.20.1.2 | 22.23.2.1 |
TABLE 16
The forwarding process 2 may forward the converted response packet to the client 2, so that the client 2 may obtain the service data in the server 2.
Corresponding to the embodiment of the message forwarding method, the application also provides an embodiment of a message forwarding device.
The embodiment of the message forwarding device can be applied to forwarding equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor of the device where the software implementation is located as a logical means. In terms of hardware, as shown in fig. 4, the present application is a hardware structure diagram of a forwarding device where a packet forwarding apparatus is located, and except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 4, the forwarding device where the apparatus is located in the embodiment may also include other hardware according to an actual function of forwarding the packet, which is not described again.
Referring to fig. 5, fig. 5 is a block diagram of a message forwarding apparatus according to an exemplary embodiment of the present application. The apparatus 500 may be applied to the forwarding device shown in fig. 4, and includes:
a first receiving module 501, configured to receive request messages sent by clients based on each forwarding process; the destination IP address of the request message is a virtual IP address corresponding to the forwarding process;
a determining module 502, configured to determine, based on the destination IP address of the request packet, a VRF identifier corresponding to the request packet;
a first conversion module 503, configured to perform network address conversion on the request packet based on a forwarding table entry corresponding to the VRF identifier;
a first forwarding module 504, configured to forward the converted request packet to a server based on the forwarding process, so that the server returns a response packet corresponding to the converted request packet; and the IP address of the server is the destination IP address of the converted request message.
In an optional embodiment, the first forwarding module 504 may specifically be configured to:
determining a VXLAN identifier corresponding to the request message based on the forwarding table item;
packaging the converted request message into a VXLAN message based on the VXLAN identification;
and forwarding the VXLAN message to a server based on the forwarding process.
In an optional embodiment, the apparatus 500 may further include:
a second receiving module 505, configured to receive the response packet returned by the server based on the forwarding process, and determine a VRF identifier corresponding to the response packet;
a second conversion module 506, configured to perform reverse network address conversion on the response packet based on a forwarding table entry corresponding to the VRF identifier;
the second forwarding module 507 is configured to forward the converted response packet to the client based on the forwarding process.
In an optional embodiment, the second receiving module 505 may specifically be configured to:
based on the forwarding process, receiving a VXLAN message returned by the server side, and determining a VRF identifier corresponding to the response message;
the second conversion module is specifically configured to:
analyzing the VXLAN message to obtain the response message returned by the server;
and performing reverse network address conversion on the response message based on the forwarding table entry corresponding to the VRF identifier.
In an optional embodiment, the first conversion module 503 may be specifically configured to:
and performing network address translation on the request message based on a forwarding table item corresponding to the VRF identifier and a preset load balancing strategy.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. A message forwarding method is applied to a forwarding device, wherein the forwarding device comprises a plurality of forwarding processes, and the method comprises the following steps:
respectively receiving request messages sent by a client based on each forwarding process; the destination IP address of the request message is a virtual IP address corresponding to the forwarding process;
determining a VRF identifier corresponding to the request message based on the destination IP address of the request message; each VRF identification represents one VRF, and the VRF is created based on a virtual IP address of a forwarding process corresponding to the client;
performing network address conversion on the request message based on the VRF represented by the VRF identifier;
based on the forwarding process, forwarding the converted request message to a server side so that the server side returns a response message corresponding to the converted request message; and the IP address of the server is the destination IP address of the converted request message.
2. The method according to claim 1, wherein forwarding the converted request packet to the server based on the forwarding process comprises:
determining a virtual extensible local area network (VXLAN) identifier corresponding to the request message based on the forwarding table item;
packaging the converted request message into a VXLAN message based on the VXLAN identification;
and forwarding the VXLAN message to a server based on the forwarding process.
3. The method of claim 1, further comprising:
receiving the response message returned by the server based on the forwarding process, and determining a VRF (virtual router function) identifier corresponding to the response message;
based on the forwarding table item corresponding to the VRF identification, carrying out reverse network address conversion on the response message;
and forwarding the converted response message to the client based on the forwarding process.
4. The method according to claim 3, wherein the receiving the response packet returned by the server and determining the VRF identifier corresponding to the response packet based on the forwarding process comprises:
based on the forwarding process, receiving a VXLAN message returned by the service end, and determining a VRF identifier corresponding to the VXLAN message;
the performing reverse network address translation on the response message based on the forwarding table entry corresponding to the VRF identifier includes:
analyzing the VXLAN message to obtain the response message returned by the server;
and performing reverse network address conversion on the response message based on the forwarding table entry corresponding to the VRF identifier.
5. The method according to claim 1, wherein the performing network address translation on the request packet based on the forwarding table entry corresponding to the VRF identifier comprises:
and performing network address translation on the request message based on a forwarding table item corresponding to the VRF identifier and a preset load balancing strategy.
6. A message forwarding apparatus, wherein the apparatus is applied to a forwarding device, the forwarding device includes a plurality of forwarding processes, and the apparatus includes:
the first receiving module is used for respectively receiving the request message sent by the client based on each forwarding process; the destination IP address of the request message is a virtual IP address corresponding to the forwarding process;
the determining module is used for determining the VRF identification corresponding to the request message based on the destination IP address of the request message; each VRF identification represents one VRF, and the VRF is created based on a virtual IP address of a forwarding process corresponding to the client;
the first conversion module is used for carrying out network address conversion on the request message based on the VRF represented by the VRF identifier;
the first forwarding module is used for forwarding the converted request message to the server based on the forwarding process so that the server returns a response message corresponding to the converted request message; and the IP address of the server is the destination IP address of the converted request message.
7. The apparatus of claim 6, wherein the first forwarding module is specifically configured to:
determining a VXLAN identifier corresponding to the request message based on the forwarding table item;
packaging the converted request message into a VXLAN message based on the VXLAN identification;
and forwarding the VXLAN message to a server based on the forwarding process.
8. The apparatus of claim 6, further comprising:
a second receiving module, configured to receive the response packet returned by the server based on the forwarding process, and determine a VRF identifier corresponding to the response packet;
a second conversion module, configured to perform reverse network address conversion on the response packet based on a forwarding table entry corresponding to the VRF identifier;
and the second forwarding module is used for forwarding the converted response message to the client based on the forwarding process.
9. The apparatus of claim 8, wherein the second receiving module is specifically configured to:
based on the forwarding process, receiving a VXLAN message returned by the server side, and determining a VRF identifier corresponding to the response message;
the second conversion module is specifically configured to:
analyzing the VXLAN message to obtain the response message returned by the server;
and performing reverse network address conversion on the response message based on the forwarding table entry corresponding to the VRF identifier.
10. The apparatus of claim 6, wherein the first conversion module is specifically configured to:
and performing network address translation on the request message based on a forwarding table item corresponding to the VRF identifier and a preset load balancing strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811343854.4A CN109474713B (en) | 2018-11-13 | 2018-11-13 | Message forwarding method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811343854.4A CN109474713B (en) | 2018-11-13 | 2018-11-13 | Message forwarding method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109474713A CN109474713A (en) | 2019-03-15 |
| CN109474713B true CN109474713B (en) | 2021-12-24 |
Family
ID=65672121
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811343854.4A Active CN109474713B (en) | 2018-11-13 | 2018-11-13 | Message forwarding method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109474713B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131496A (en) * | 2019-12-31 | 2020-05-08 | 易票联支付有限公司 | Communication transfer method, system, device and medium based on identification information |
| US20210266255A1 (en) * | 2020-02-24 | 2021-08-26 | Cisco Technology, Inc. | Vrf segregation for shared services in multi-fabric cloud networks |
| CN113922972B (en) * | 2021-12-10 | 2022-03-08 | 北京华云安信息技术有限公司 | Data forwarding method and device based on MD5 identification code |
| CN115334045B (en) * | 2022-08-12 | 2023-12-19 | 迈普通信技术股份有限公司 | Message forwarding method, device, gateway equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159750A (en) * | 2007-11-20 | 2008-04-09 | 杭州华三通信技术有限公司 | Identification authenticating method and apparatus |
| CN101227376A (en) * | 2008-02-04 | 2008-07-23 | 杭州华三通信技术有限公司 | Equipment and method for virtual special-purpose network multi-case safe access |
| CN101599901A (en) * | 2009-07-15 | 2009-12-09 | 杭州华三通信技术有限公司 | The method of remotely accessing MPLS VPN, system and gateway |
| US8451837B1 (en) * | 2010-06-16 | 2013-05-28 | Cisco Technology, Inc. | Discovery of MPLS VPN links |
| CN107659485A (en) * | 2017-10-31 | 2018-02-02 | 新华三技术有限公司 | A kind of method and device of equipment and server communication in VPN VPN |
-
2018
- 2018-11-13 CN CN201811343854.4A patent/CN109474713B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159750A (en) * | 2007-11-20 | 2008-04-09 | 杭州华三通信技术有限公司 | Identification authenticating method and apparatus |
| CN101227376A (en) * | 2008-02-04 | 2008-07-23 | 杭州华三通信技术有限公司 | Equipment and method for virtual special-purpose network multi-case safe access |
| CN101599901A (en) * | 2009-07-15 | 2009-12-09 | 杭州华三通信技术有限公司 | The method of remotely accessing MPLS VPN, system and gateway |
| US8451837B1 (en) * | 2010-06-16 | 2013-05-28 | Cisco Technology, Inc. | Discovery of MPLS VPN links |
| CN107659485A (en) * | 2017-10-31 | 2018-02-02 | 新华三技术有限公司 | A kind of method and device of equipment and server communication in VPN VPN |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109474713A (en) | 2019-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109474713B (en) | Message forwarding method and device | |
| US10389542B2 (en) | Multicast helper to link virtual extensible LANs | |
| US9900250B2 (en) | Scalable handling of BGP route information in VXLAN with EVPN control plane | |
| CN107872542B (en) | Data transmission method and network equipment | |
| US9654395B2 (en) | SDN-based service chaining system | |
| US10075377B1 (en) | Statistical collection in a network switch natively configured as a load balancer | |
| US10461958B2 (en) | Packet transmission method and apparatus | |
| CN107046506B (en) | Message processing method, flow classifier and service function example | |
| CN109525684B (en) | Message forwarding method and device | |
| CN105144652A (en) | Address resolution in software-defined networks | |
| EP2815546A1 (en) | Construct Large-scale DVPN | |
| CN110999265A (en) | Managing network connectivity between cloud computing service endpoints and virtual machines | |
| US10693785B2 (en) | Method and system for forwarding data, virtual load balancer, and readable storage medium | |
| CN110012118B (en) | Method and controller for providing Network Address Translation (NAT) service | |
| CN105208053A (en) | Method for realizing load balance, device and load balance service system | |
| JP2017147733A (en) | Method and system for routing diameter message in diameter signaling router and computer readable medium | |
| CN107547346B (en) | Message transmission method and device | |
| CN111756565A (en) | Managing satellite devices within a branch network | |
| CN111698346A (en) | Private network address conversion method and device, private network gateway and storage medium | |
| CN107517129B (en) | Method and device for configuring uplink interface of equipment based on OpenStack | |
| CN109413224B (en) | Message forwarding method and device | |
| EP3096492B1 (en) | Page push method and system | |
| EP3503484B1 (en) | Message transmission methods and devices | |
| US9929951B1 (en) | Techniques for using mappings to manage network traffic | |
| CN114157632B (en) | Network isolation method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |