CN110545230B - Method and device for forwarding VXLAN message - Google Patents
Method and device for forwarding VXLAN message Download PDFInfo
- Publication number
- CN110545230B CN110545230B CN201910839835.9A CN201910839835A CN110545230B CN 110545230 B CN110545230 B CN 110545230B CN 201910839835 A CN201910839835 A CN 201910839835A CN 110545230 B CN110545230 B CN 110545230B
- Authority
- CN
- China
- Prior art keywords
- real
- address
- client
- port
- vxlan message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Abstract
The embodiment of the disclosure discloses a method and a device for forwarding a VXLAN message. One embodiment of the method comprises the following steps: the load balancing equipment responds to receiving the VXLAN message from the client, and analyzes the real IP address and port of the client from the VXLAN message; the appointed IP address and port are used for replacing the real IP address and port of the client in the VXLAN message; selecting a target real server from at least one real server; replacing a specific field in the VXLAN message by using the resolved real IP address and port of the client; and forwarding the modified VXLAN message to a target real server. And the real server responds to the received VXLAN message forwarded by the load balancing equipment, and analyzes the real IP address and port of the client from a specific field of the VXLAN message according to the analysis mode of the real server to perform service processing. The embodiment can improve the reliability of the cloud computing service.
Description
Technical Field
Embodiments of the present disclosure relate to the field of computer technology, and in particular, to a method and apparatus for forwarding VXLAN messages.
Background
With the explosive growth of current internet traffic and bandwidth, load balancing products are increasingly applied: a single IP+Port can be provided to the outside and is used as a unified entry for accessing the service; the traffic can be distributed to a plurality of real servers in an even way, so that each real server cannot process requests exceeding the capacity range of the real server, and when a single real server cannot provide service, the traffic can be shared by other surviving real servers, and the high reliability of the service is realized.
The cloud computing field widely adopts an Overlay technology, a logical network communication link is built on two physical devices, and compared with an Underlay network, the Overlay technology can very flexibly build a plurality of virtual subnets to support services such as multi-tenant, virtual machine migration and the like. The most popular Overlay solution at present should be VXLAN (virtual extended lan) protocol.
When incoming traffic from a client passes through a load balancing device, DNAT (destination address translation) from vip+vport (virtual service IP address+port) to rsip+rsport (real server IP address+port) is commonly performed, and SNAT (source address translation) is sometimes performed to isolate traffic from an internal and external network, and cip+cport (client IP address+port) is replaced with other ip+port. The transmission of cip+cport to the back-end server is sometimes really a real requirement of the service, such as ACL (access control list), qoS (quality of service), charging, etc.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for forwarding a VXLAN message.
In a first aspect, an embodiment of the present disclosure provides a method for forwarding VXLAN packets, applied to a load balancing device, including: responding to receiving the VXLAN message from the client, and analyzing the real IP address and port of the client from the VXLAN message; the appointed IP address and port are used for replacing the real IP address and port of the client in the VXLAN message; selecting a target real server from at least one real server; replacing a specific field in the VXLAN message by using the resolved real IP address and port of the client; and forwarding the modified VXLAN message to a target real server.
In some embodiments, the specific field includes at least one of: source MAC address in inner layer ether header, TCPoption, IPoption.
In some embodiments, before replacing a particular field in the VXLAN message with the resolved real IP address and port of the client, the method further comprises: obtaining an analysis mode of a target real server; and determining the specific field to be replaced according to the analysis mode.
In some embodiments, selecting a target real server from at least one real server includes: acquiring an analysis mode of at least one real server; a target real server whose resolution pattern matches the package pattern of the load balancing device is selected from the at least one real server.
In a second aspect, embodiments of the present disclosure provide a method for forwarding VXLAN messages, applied to a real server, including: responding to the received VXLAN message forwarded by the load balancing equipment, and resolving the real IP address and port of the client from a specific field of the VXLAN message according to the resolving mode of the real server, wherein the specific field comprises at least one of the following: source MAC address in inner layer ether header, TCPoption, IPoption; and carrying out service processing based on the analyzed real IP address and port of the client.
In some embodiments, the method further comprises: and responding to the received configuration command of the analysis mode, and switching the analysis mode according to the configuration command.
In some embodiments, the method further comprises: verifying the resolved real IP address and port of the client; if the verification fails, the real IP address and port of the client are resolved again from the specific field of the VXLAN message after the resolution mode is switched.
In a third aspect, embodiments of the present disclosure provide a system for forwarding VXLAN messages, including a load balancing device and at least one real server: a load balancing device configured to: responding to receiving the VXLAN message from the client, and analyzing the real IP address and port of the client from the VXLAN message; the appointed IP address and port are used for replacing the real IP address and port of the client in the VXLAN message; selecting a target real server from at least one real server; replacing a specific field in the VXLAN message by using the resolved real IP address and port of the client; forwarding the modified VXLAN message to a target real server; a real server configured to: responding to the received VXLAN message forwarded by the load balancing equipment, and resolving the real IP address and port of the client from a specific field of the VXLAN message according to the resolving mode of the real server, wherein the specific field comprises at least one of the following: source MAC address in inner layer ether header, TCPoption, IPoption; and carrying out service processing based on the analyzed real IP address and port of the client.
In a fourth aspect, an embodiment of the present disclosure provides an apparatus for forwarding VXLAN packets, applied to a load balancing device, including: the first analysis unit is configured to respond to receiving the VXLAN message from the client and analyze the real IP address and the port of the client from the VXLAN message; a first replacing unit configured to replace the real IP address and port of the client in the VXLAN message with the specified IP address and port; a scheduling unit configured to select a target real server from the at least one real server; a second replacing unit configured to replace a specific field in the VXLAN message with the resolved real IP address and port of the client; and the sending unit is configured to forward the modified VXLAN message to the target real server.
In some embodiments, the specific field includes at least one of: source MAC address in inner layer ether header, TCPoption, IPoption.
In some embodiments, the apparatus further comprises a determination unit configured to: before replacing a specific field in the VXLAN message by using the resolved real IP address and port of the client, obtaining the resolving mode of the target real server; and determining the specific field to be replaced according to the analysis mode.
In some embodiments, the scheduling unit is further configured to: acquiring an analysis mode of at least one real server; a target real server whose resolution pattern matches the package pattern of the load balancing device is selected from the at least one real server.
In a fifth aspect, embodiments of the present disclosure provide an apparatus for forwarding VXLAN packets, applied to a real server, including: the second parsing unit is configured to parse the real IP address and the port of the client from a specific field of the VXLAN message according to the parsing mode of the real server in response to receiving the VXLAN message forwarded by the load balancing device, wherein the specific field comprises at least one of the following: source MAC address in inner layer ether header, TCPoption, IPoption; and the service unit is configured to perform service processing based on the analyzed real IP address and port of the client.
In some embodiments, the apparatus further comprises a switching unit configured to: and responding to the received configuration command of the analysis mode, and switching the analysis mode according to the configuration command.
In some embodiments, the apparatus further comprises a verification unit configured to: verifying the resolved real IP address and port of the client; if the verification fails, the real IP address and port of the client are resolved again from the specific field of the VXLAN message after the resolution mode is switched.
In a sixth aspect, embodiments of the present disclosure provide an electronic device for forwarding VXLAN messages, including: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors, cause the one or more processors to implement the method as in any of the first aspects.
In a seventh aspect, embodiments of the present disclosure provide a computer readable medium having a computer program stored thereon, wherein the program when executed by a processor implements a method as in any of the first aspects.
The method and the device for forwarding the VXLAN message provided by the embodiment of the disclosure can adopt a mode of adding custom data in the message and multiplexing a field of a source MAC address in an inner layer ether head in the message when the real IP+Port information is transmitted to the real server. Fields in the message can be adaptively identified, avoiding that intermediate forwarding devices may discard them because they cannot be identified. Multiplexing the field of the source MAC address in the inner layer ether header does not lengthen the message, and does not generate a situation that the message exceeds the MTU (maximum transmission unit) of the device, so that the message is fragmented or discarded.
Drawings
Other features, objects and advantages of the present disclosure will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings:
FIG. 1 is an exemplary system architecture diagram in which an embodiment of the present disclosure may be applied;
fig. 2 is a flow chart of one embodiment of a method for forwarding VXLAN messages according to the present disclosure;
fig. 3 is a flow chart of yet another embodiment of a method for forwarding VXLAN messages according to the present disclosure;
fig. 4a-4c are schematic diagrams of application scenarios of a method for forwarding VXLAN messages according to the present disclosure;
fig. 5 is a schematic diagram of an embodiment of an apparatus for forwarding VXLAN messages according to the present disclosure;
fig. 6 is a schematic diagram of an architecture of yet another embodiment of an apparatus for forwarding VXLAN messages according to the present disclosure;
fig. 7 is a schematic diagram of a computer system suitable for use in implementing embodiments of the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present disclosure and features of the embodiments may be combined with each other. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of the methods of the present disclosure for forwarding VXLAN messages or apparatuses for forwarding VXLAN messages may be applied.
As shown in fig. 1, the system architecture 100 may include a client (client) 101, a load balancing device (load balancing) 102, and a real server (real server) 103. The network is used as a medium to provide communication links between the client 101, the load balancing device 102, the real server 103. The network may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the load balancing device 102 over a network using the client 101 to receive or send messages, etc. The client 101 may have installed thereon various communication client applications such as a web browser application, a shopping class application, a search class application, an instant messaging tool, a mailbox client, social platform software, and the like.
The client 101 may be hardware or software. When the client 101 is hardware, it may be various electronic devices having a display screen and supporting web browsing, including but not limited to a smart phone, a tablet computer, an electronic book reader, an MP3 player (movingpictureexpertsgroupadiayeriii), an MP4 (movingpictureexpertise groupadiayeriv), a laptop and desktop computer, and the like. When the client 101 is software, it can be installed in the above-listed electronic device. Which may be implemented as multiple software or software modules (e.g., to provide distributed services), or as a single software or software module. The present invention is not particularly limited herein.
The load balancing device 102 can be used to quickly and easily construct a high-performance server cluster in the cloud to enable new services or existing services of an enterprise to be cloud-loaded. To solve the Overlay traffic identification problem, a single instance or multiple instance manner is generally used to provide load balancing service for tenants. For each load balancing instance created by a user, the cloud service provider starts one or more reverse proxy instances (i.e. load balancing instances) for the user in the background, the front end uniformly uses different identities < IP, port > for access, and the rear end returns to the source through fixed configuration; these reverse proxy instances typically use a customized configuration based on each user's different business needs. Since then, these reverse proxy instances are dedicated to a user, as long as the front-end layer 4 network device is able to forward specific traffic to a specific set of reverse proxy instances, traffic flowing through these instances is also forwarded to the user-specified real server 103 according to the given configuration.
It should be noted that, the method for forwarding VXLAN packets provided by the embodiments of the present disclosure is generally performed by the load balancing device 102 and the real server 103, and accordingly, the apparatus for forwarding VXLAN packets is generally disposed in the load balancing device 102 and the real server 103.
It should be understood that the number of clients 101, load balancing devices 102, real servers 103 in fig. 1 is merely illustrative. There may be any number of clients 101, load balancing devices 102, real servers 103, as desired for implementation.
With continued reference to fig. 2, a flow 200 of one embodiment of a method for forwarding VXLAN messages according to the present disclosure is shown. The method for forwarding the VXLAN message comprises the following steps:
in step 201, in response to receiving the VXLAN message from the client, the real IP address and port of the client are parsed from the VXLAN message.
In this embodiment, an execution body of the method for forwarding VXLAN packets (e.g., the load balancing device shown in fig. 1) may receive VXLAN packets from a client that uses the VXLAN packets for cloud computing by a user through a wired connection manner or a wireless connection manner. And then the real IP address and port of the client are analyzed from the VXLAN message. The message structure can be as shown in fig. 4 a.
From this message three parts can be seen:
1. the outermost IP/UDP protocol messages are used as the basis for transmission over the underlying network, i.e., inter-communication between vteps.
2. In the middle is the VXLAN header, after vtep receives the message, the previous IP/UDP protocol part is removed, and the logic to process VXLAN according to this part is mainly sent to the final virtual machine according to the VNI.
3. The innermost part is the original message, namely the message content seen by the virtual machine.
The meaning of each part of the message is as follows:
vxlan header: VXLAN protocol related part, total of 8 bytes
VXLANflags: sign bit
Reserved: reserved bits
VNID: 24-bit VNI field, which is also where VXLAN can support tens of millions of tenants
Reserved: reserved field
UDP header, 8 bytes
The UDP application communication two parties are vtep application, wherein the destination port is the port used by the receiving party vtep, and the IANA allocated port is 4789
IP header: 20 bytes
The address of communication between hosts may be the network card IP address of the host or the multicast IP address
MAC header: 14 bytes
The MAC address of the communication between the hosts, the source MAC address is the host MAC address, and the destination MAC address is the MAC address of the next hop device.
From the message, it can be seen that VXLAN protocol is 50 bytes more than the original message, which reduces the proportion of the network link that is transmitting valid data. The most important of VXLAN headers is the VNID field, which is reserved for future expansion, and is currently reserved for different vendors to add their own functions.
Step 202 replaces the real IP address and port of the client in the VXLAN message with the specified IP address and port.
In this embodiment, incoming traffic from clients, when passing through the load balancing device, generally goes from vip+vport to RS ip+rs Port, and sometimes, in order to isolate traffic of the internal and external networks, SNAT is also performed, and other ip+port is used to replace cip+cport. That is, the source IP and source Port in the Inner IP header are replaced.
Step 203, selecting a target real server from at least one real server.
In this embodiment, the target real server may be selected from at least one real server through a preset scheduling algorithm. Such as polling, source address hash, and the like. And the real server with the lowest resource occupancy rate can be selected as the target real server according to the load condition of the real server.
In some optional implementations of the present embodiment, selecting the target real server from the at least one real server includes: acquiring an analysis mode of at least one real server; a target real server whose resolution pattern matches the package pattern of the load balancing device is selected from the at least one real server. For example, if the load balancing device is configured to replace the source MAC address in the inner layer ether header, then a real server that supports source MAC address resolution in the inner layer ether header to cip+cport needs to be selected from the at least one real server.
Step 204, replacing the specific field in the VXLAN message with the resolved real IP address and port of the client.
In this embodiment, the specific field may include at least one of: source MAC address in inner layer ether header, TCPoption, IPoption.
The process of replacing TCPoption in VXLAN message with resolved real IP address and port of client is shown in fig. 4 b. And the load balancing equipment fills CIP+CPort into the position of TCPoption in the VXLAN message.
Fig. 4c shows a process of replacing the source MAC address in the inner layer ether header in the VXLAN message with the resolved real IP address and port of the client. And the load balancing equipment fills CIP+CPort into the position of the source MAC address in the inner layer ether head in the VXLAN message. Typically, this source MAC address is the last gateway address of the tenant virtual network, which has not much effect in the subsequent data forwarding process and can be reused to carry the required ip+port information. A 48bits source MAC address may just carry 32bits IP and 16bits port information. With non-standard TCP option, IP option or custom protocols, there is no risk of being dropped due to failure to identify, and the message length does not change before and after the conversion, nor is there a possibility of being fragmented or dropped due to exceeding the MTU.
In some optional implementations of this embodiment, before replacing a specific field in the VXLAN message with the resolved real IP address and port of the client, the method further includes: obtaining an analysis mode of a target real server; and determining the specific field to be replaced according to the analysis mode. The load balancing device may be replaced with a specified specific field and then adaptively parsed by the real server. The load balancing device may also adapt the group package according to the resolution mode of the selected target server. The parsing scheme includes at least one of: a source MAC address resolution mode, a TCPoption resolution mode and an IPoption resolution mode in an inner layer ether header.
And step 205, forwarding the modified VXLAN message to a target real server.
In this embodiment, the modified VXLAN message is forwarded to the target real server determined in step 203. CIP+CPort is extracted from the target real server for business processing.
With continued reference to fig. 3, a flow 300 of yet another embodiment of a method for forwarding VXLAN messages according to the present disclosure is shown. The method for forwarding the VXLAN message comprises the following steps:
step 301, in response to receiving the VXLAN message forwarded by the load balancing device, resolving the real IP address and port of the client from the specific field of the VXLAN message according to the resolution mode of the real server.
In this embodiment, the execution body of the method for forwarding VXLAN packets (e.g., the real server shown in fig. 1) may receive VXLAN packets from the load balancing device for real server scheduling through a wired connection or a wireless connection. And then resolving the real IP address and port of the client from the specific field of the VXLAN message according to the resolving mode of the real server. The VXLAN message is generated by the load balancer according to steps 201-204. Wherein the specific field includes at least one of: source MAC address in inner layer ether header, TCPoption, IPoption.
The parsing mode may be set by a command. When the real server is set to the parsing mode, the VXLAN message is parsed according to the parsing mode to be set.
In some optional implementations of the present embodiment, the method further includes: verifying the resolved real IP address and port of the client; if the verification fails, the real IP address and port of the client are resolved again from the specific field of the VXLAN message after the resolution mode is switched. Thus, the analysis mode can be adaptively adjusted. For example, the original parsing mode is to parse the real IP address and port of the client from the position of the source MAC address in the inner layer ethernet header in the message. However, if the parsed values do not meet the rules of the IP address and port, the load balancer is not considered to replace the source MAC address in the inner layer ether header. The real server may switch to the TCPoption mode to continue resolution.
And 302, performing service processing based on the analyzed real IP address and port of the client.
In this embodiment, the data encapsulated in the inner layer ethernet source MAC or other specific fields is extracted by the specific kernel module, and then finally transferred to the application program by means of the custom system call. The real IP address and port may be used to identify the identity of the individual.
With further reference to fig. 5, as an implementation of the method shown in the foregoing figures, the present disclosure provides an embodiment of an apparatus (applied to a load balancing device) for forwarding VXLAN packets, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied in various electronic devices.
As shown in fig. 5, the apparatus (applied to the load balancing device) 500 for forwarding VXLAN packets of the present embodiment includes: a first parsing unit 501, a first replacing unit 502, a scheduling unit 503, a second replacing unit 504 and a transmitting unit 505. Wherein, the first parsing unit 501 is configured to parse a real IP address and a port of a client from a VXLAN packet in response to receiving the VXLAN packet from the client; a first replacing unit 502 configured to replace the real IP address and port of the client in the VXLAN message with the specified IP address and port; a scheduling unit 503 configured to select a target real server from the at least one real server; a second replacing unit 504 configured to replace a specific field in the VXLAN message with the parsed real IP address and port of the client; a sending unit 505 configured to forward the modified VXLAN message to the target real server.
Specific processes of the first parsing unit 501, the first replacing unit 502, the scheduling unit 503, the second replacing unit 504, and the sending unit 505 of the apparatus 500 for forwarding VXLAN packets in this embodiment may refer to steps 201, 202, 203, 204, and 205 in the corresponding embodiment of fig. 2.
In some alternative implementations of the present embodiment, the specific field includes at least one of: source MAC address in inner layer ether header, TCPoption, IPoption.
In some optional implementations of the present embodiment, the apparatus 500 further comprises a determining unit (not shown in the drawings) configured to: before replacing a specific field in the VXLAN message by using the resolved real IP address and port of the client, obtaining the resolving mode of the target real server; and determining the specific field to be replaced according to the analysis mode.
In some optional implementations of the present embodiment, the scheduling unit 503 is further configured to: acquiring an analysis mode of at least one real server; a target real server whose resolution pattern matches the package pattern of the load balancing device is selected from the at least one real server.
With further reference to fig. 6, as an implementation of the method shown in the foregoing figures, the present disclosure provides an embodiment of an apparatus (applied to a real server) for forwarding VXLAN packets, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 3, and the apparatus may be specifically applied in various electronic devices.
As shown in fig. 6, the apparatus (applied to the real server) 600 for forwarding VXLAN packets according to the present embodiment includes: a second parsing unit 601 and a service unit 602. The second parsing unit 601 is configured to parse, in response to receiving the VXLAN packet forwarded by the load balancing device, the real IP address and the port of the client from a specific field of the VXLAN packet according to a parsing mode of the real server, where the specific field includes at least one of: source MAC address in inner layer ether header, TCPoption, IPoption; a service unit 602 configured to perform service processing based on the parsed real IP address and port of the client.
In some optional implementations of the present embodiment, the apparatus 600 further includes a switching unit (not shown in the drawings) configured to: and responding to the received configuration command of the analysis mode, and switching the analysis mode according to the configuration command.
In some optional implementations of the present embodiment, the apparatus 600 further includes a verification unit (not shown in the drawings) configured to: verifying the resolved real IP address and port of the client; if the verification fails, the real IP address and port of the client are resolved again from the specific field of the VXLAN message after the resolution mode is switched.
Referring now to fig. 7, a schematic diagram of an electronic device (e.g., the load balancing device or real server of fig. 1) 700 suitable for use in implementing embodiments of the present disclosure is shown. The load balancing device or real server illustrated in fig. 7 is only one example and should not impose any limitations on the functionality and scope of use of embodiments of the present disclosure.
As shown in fig. 7, the electronic device 700 may include a processing means (e.g., a central processor, a graphics processor, etc.) 701, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage means 708 into a Random Access Memory (RAM) 703. In the RAM703, various programs and data required for the operation of the electronic device 700 are also stored. The processing device 701, the ROM702, and the RAM703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
In general, the following devices may be connected to the I/O interface 705: input devices 706 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 707 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 708 including, for example, magnetic tape, hard disk, etc.; and a communication device 709. The communication means 709 may allow the electronic device 700 to communicate wirelessly or by wire with other devices to exchange data. While fig. 7 shows an electronic device 700 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead. Each block shown in fig. 7 may represent one device or a plurality of devices as needed.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via communication device 709, or installed from storage 708, or installed from ROM 702. The above-described functions defined in the methods of the embodiments of the present disclosure are performed when the computer program is executed by the processing device 701. It should be noted that, the computer readable medium according to the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In an embodiment of the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. Whereas in embodiments of the present disclosure, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: responding to receiving the VXLAN message from the client, and analyzing the real IP address and port of the client from the VXLAN message; the appointed IP address and port are used for replacing the real IP address and port of the client in the VXLAN message; selecting a target real server from at least one real server; replacing a specific field in the VXLAN message by using the resolved real IP address and port of the client; and forwarding the modified VXLAN message to a target real server. Alternatively, the electronic device is caused to: responding to the received VXLAN message forwarded by the load balancing equipment, and resolving the real IP address and port of the client from a specific field of the VXLAN message according to the resolving mode of the real server, wherein the specific field comprises at least one of the following: source MAC address in inner layer ether header, TCPoption, IPoption; and carrying out service processing based on the analyzed real IP address and port of the client.
Computer program code for carrying out operations of embodiments of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments described in the present disclosure may be implemented by means of software, or may be implemented by means of hardware. The described units may also be provided in a processor, for example, described as: a processor includes a first parsing unit, a first replacing unit, a scheduling unit, a second replacing unit, and a transmitting unit. The names of these units do not in some cases limit the unit itself, for example, the first parsing unit may also be described as "a unit that parses the real IP address and port of the client from the VXLAN message in response to receiving the VXLAN message from the client".
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the invention referred to in this disclosure is not limited to the specific combination of features described above, but encompasses other embodiments in which any combination of features described above or their equivalents is contemplated without departing from the inventive concepts described. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).
Claims (13)
1. A method for forwarding VXLAN messages, applied to load balancing devices, comprising:
responding to receiving a VXLAN message from a client, and analyzing a real IP address and a port of the client from the VXLAN message;
replacing the real IP address and port of the client in the VXLAN message by using the appointed IP address and port;
selecting a target real server from at least one real server;
replacing a specific field in the VXLAN message with the parsed real IP address and port of the client, where the specific field includes at least one of the following: source MAC address in inner layer ether header, TCPoption, IPoption;
forwarding the modified VXLAN message to the target real server, so that the real server analyzes the real IP address and port of the client from a specific field of the VXLAN message according to an analysis mode, and checking the analyzed real IP address and port of the client; if the verification fails, resolving the real IP address and port of the client from the specific field of the VXLAN message after switching the resolving mode; and carrying out service processing based on the analyzed real IP address and port of the client.
2. The method of claim 1, wherein prior to replacing a particular field in the VXLAN message with the parsed real IP address and port of the client, the method further comprises:
acquiring an analysis mode of the target real server;
and determining a specific field to be replaced according to the analysis mode.
3. The method of claim 1, wherein the selecting a target real server from at least one real server comprises:
acquiring an analysis mode of the at least one real server;
and selecting a target real server with a resolution mode matched with the package mode of the load balancing equipment from the at least one real server.
4. A method for forwarding VXLAN messages, applied to a real server, comprising:
responding to receiving a VXLAN message forwarded by load balancing equipment, and resolving a real IP address and a port of a client from a specific field of the VXLAN message according to a resolving mode of the real server, wherein the specific field comprises at least one of the following: source MAC address in inner layer ether header, TCPoption, IPoption;
verifying the resolved real IP address and port of the client;
if the verification fails, resolving the real IP address and port of the client from the specific field of the VXLAN message after switching the resolving mode;
and carrying out service processing based on the analyzed real IP address and port of the client.
5. The method of claim 4, wherein the method further comprises:
and responding to the received configuration command of the analysis mode, and switching the analysis mode according to the configuration command.
6. A system for forwarding VXLAN messages, comprising a load balancing device and at least one real server:
a load balancing device configured to: responding to receiving a VXLAN message from a client, and analyzing a real IP address and a port of the client from the VXLAN message; replacing the real IP address and port of the client in the VXLAN message by using the appointed IP address and port; selecting a target real server from at least one real server; replacing a specific field in the VXLAN message by using the resolved real IP address and port of the client; forwarding the modified VXLAN message to the target real server;
a real server configured to: responding to receiving a VXLAN message forwarded by load balancing equipment, and resolving a real IP address and a port of a client from a specific field of the VXLAN message according to a resolving mode of the real server, wherein the specific field comprises at least one of the following: source MAC address in inner layer ether header, TCPoption, IPoption; verifying the resolved real IP address and port of the client; if the verification fails, resolving the real IP address and port of the client from the specific field of the VXLAN message after switching the resolving mode; and carrying out service processing based on the analyzed real IP address and port of the client.
7. An apparatus for forwarding VXLAN messages, applied to load balancing devices, comprising:
the first analysis unit is configured to respond to receiving the VXLAN message from the client and analyze the real IP address and the port of the client from the VXLAN message;
a first replacing unit configured to replace a real IP address and port of the client in the VXLAN message with a specified IP address and port;
a scheduling unit configured to select a target real server from the at least one real server;
a second replacing unit configured to replace a specific field in the VXLAN message with the parsed real IP address and port of the client, where the specific field includes at least one of: source MAC address in inner layer ether header, TCPoption, IPoption;
the sending unit is configured to forward the modified VXLAN message to the target real server, so that the real server analyzes the real IP address and port of the client from a specific field of the VXLAN message according to the analysis mode, and verifies the analyzed real IP address and port of the client; if the verification fails, resolving the real IP address and port of the client from the specific field of the VXLAN message after switching the resolving mode; and carrying out service processing based on the analyzed real IP address and port of the client.
8. The apparatus of claim 7, wherein the apparatus further comprises a determination unit configured to:
before replacing a specific field in the VXLAN message by using the resolved real IP address and port of the client, obtaining the resolving mode of the target real server;
and determining a specific field to be replaced according to the analysis mode.
9. The apparatus of claim 7, wherein the scheduling unit is further configured to:
acquiring an analysis mode of the at least one real server;
and selecting a target real server with a resolution mode matched with the package mode of the load balancing equipment from the at least one real server.
10. An apparatus for forwarding VXLAN messages, applied to a real server, comprising:
the second parsing unit is configured to parse the real IP address and the port of the client from a specific field of the VXLAN message according to the parsing mode of the real server in response to receiving the VXLAN message forwarded by the load balancing device, wherein the specific field comprises at least one of the following: source MAC address in inner layer ether header, TCPoption, IPoption;
a verification unit configured to: verifying the resolved real IP address and port of the client; if the verification fails, resolving the real IP address and port of the client from the specific field of the VXLAN message after switching the resolving mode;
and the service unit is configured to perform service processing based on the analyzed real IP address and port of the client.
11. The apparatus of claim 10, wherein the apparatus further comprises a switching unit configured to:
and responding to the received configuration command of the analysis mode, and switching the analysis mode according to the configuration command.
12. An electronic device for forwarding VXLAN messages, comprising:
one or more processors;
a storage device having one or more programs stored thereon,
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-5.
13. A computer readable medium having stored thereon a computer program, wherein the program when executed by a processor implements the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910839835.9A CN110545230B (en) | 2019-09-06 | 2019-09-06 | Method and device for forwarding VXLAN message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910839835.9A CN110545230B (en) | 2019-09-06 | 2019-09-06 | Method and device for forwarding VXLAN message |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110545230A CN110545230A (en) | 2019-12-06 |
| CN110545230B true CN110545230B (en) | 2023-09-26 |
Family
ID=68712794
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910839835.9A Active CN110545230B (en) | 2019-09-06 | 2019-09-06 | Method and device for forwarding VXLAN message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110545230B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111800423A (en) * | 2020-07-06 | 2020-10-20 | 中国工商银行股份有限公司 | Method, system, computing device and medium for processing IP address |
| CN112636997B (en) * | 2020-11-17 | 2022-08-30 | 新华三技术有限公司 | Path detection method and device |
| CN114157632B (en) * | 2021-10-12 | 2023-11-21 | 北京华耀科技有限公司 | Network isolation method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105554065A (en) * | 2015-12-03 | 2016-05-04 | 华为技术有限公司 | Method, conversion unit and application unit for message processing |
| CN106878194A (en) * | 2016-12-30 | 2017-06-20 | 新华三技术有限公司 | A kind of message processing method and device |
| CN107026890A (en) * | 2016-02-02 | 2017-08-08 | 华为技术有限公司 | A kind of message forming method and load equalizer based on server cluster |
| WO2018014874A1 (en) * | 2016-07-21 | 2018-01-25 | 深圳奇迹智慧网络有限公司 | Mobile terminal mac data acquisition method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111800423A (en) * | 2020-07-06 | 2020-10-20 | 中国工商银行股份有限公司 | Method, system, computing device and medium for processing IP address |
-
2019
- 2019-09-06 CN CN201910839835.9A patent/CN110545230B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105554065A (en) * | 2015-12-03 | 2016-05-04 | 华为技术有限公司 | Method, conversion unit and application unit for message processing |
| CN107026890A (en) * | 2016-02-02 | 2017-08-08 | 华为技术有限公司 | A kind of message forming method and load equalizer based on server cluster |
| WO2018014874A1 (en) * | 2016-07-21 | 2018-01-25 | 深圳奇迹智慧网络有限公司 | Mobile terminal mac data acquisition method |
| CN106878194A (en) * | 2016-12-30 | 2017-06-20 | 新华三技术有限公司 | A kind of message processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110545230A (en) | 2019-12-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11652665B2 (en) | Intelligent multi-channel VPN orchestration | |
| US10659354B2 (en) | Processing data packets using a policy based network path | |
| US11336580B2 (en) | Methods, apparatuses and computer program products for transmitting data | |
| US9602307B2 (en) | Tagging virtual overlay packets in a virtual networking system | |
| US9246819B1 (en) | System and method for performing message-based load balancing | |
| CA2968964C (en) | Source ip address transparency systems and methods | |
| CN110022264B (en) | Method for controlling network congestion, access device and computer readable storage medium | |
| CN113326228B (en) | Message forwarding method, device and equipment based on remote direct data storage | |
| CN110545230B (en) | Method and device for forwarding VXLAN message | |
| US11095716B2 (en) | Data replication for a virtual networking system | |
| CN110708393A (en) | Method, device and system for transmitting data | |
| US10284460B1 (en) | Network packet tracing | |
| CN106657180B (en) | Information transmission method and device for cloud service, terminal equipment and system | |
| US10178033B2 (en) | System and method for efficient traffic shaping and quota enforcement in a cluster environment | |
| CN109196842B (en) | Session keeping method, device and storage medium | |
| US10673971B1 (en) | Cross-partition messaging using distributed queues | |
| US11064021B2 (en) | Method, device and computer program product for managing network system | |
| CN111245637B (en) | Generating application-based proxy autoconfiguration | |
| CN111866100A (en) | Method, device and system for controlling data transmission rate | |
| CN113114565B (en) | Data message forwarding method and device, storage medium and electronic equipment | |
| CN113169936A (en) | Service chaining mechanism for data stream processing | |
| CN114828140B (en) | Service flow message forwarding method and device, storage medium and electronic equipment | |
| CN116260855B (en) | Communication method, communication device, electronic equipment and storage medium | |
| CN116418794A (en) | CDN scheduling method, device, system, equipment and medium suitable for HTTP3 service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |