CN110809033B - Message forwarding method and device and switching server - Google Patents

Message forwarding method and device and switching server Download PDF

Info

Publication number
CN110809033B
CN110809033B CN201911011778.1A CN201911011778A CN110809033B CN 110809033 B CN110809033 B CN 110809033B CN 201911011778 A CN201911011778 A CN 201911011778A CN 110809033 B CN110809033 B CN 110809033B
Authority
CN
China
Prior art keywords
node
destination node
address
message
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911011778.1A
Other languages
Chinese (zh)
Other versions
CN110809033A (en
Inventor
郭可岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN201911011778.1A priority Critical patent/CN110809033B/en
Publication of CN110809033A publication Critical patent/CN110809033A/en
Application granted granted Critical
Publication of CN110809033B publication Critical patent/CN110809033B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2546Arrangements for avoiding unnecessary translation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the disclosure provides a message forwarding method, a message forwarding device and a message forwarding server, wherein the message forwarding server records a correspondence between an identifier of a node and an address of the node, extracts a payload from a message to be forwarded sent by the node, searches a target correspondence between a destination node identifier and a destination node address according to the destination node identifier in the payload, searches a destination node address corresponding to the destination node identifier in the payload according to the searched target correspondence, and sends the payload to a destination node corresponding to the destination node address. Through the design, two nodes needing to communicate do not need to know the external communication address of the other party, and the complicated NAT penetration process is avoided.

Description

Message forwarding method and device and switching server
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method and an apparatus for forwarding a packet, and an exchange server.
Background
The node A and the node B belonging to the heterogeneous network can not directly exchange data. Currently, external communication addresses (e.g., a public Network Address and a public Network port) of nodes a and B are determined mainly through a Network Address Translation (NAT) traversal technology, and peer-to-peer (P2P) communication is implemented based on the external communication addresses.
However, the NAT traversal technology is relatively complex to implement, and it is difficult for node a and node B to know the external communication address of the other party, which makes it difficult for node a and node B to implement data exchange.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide a message forwarding method, a message forwarding apparatus and a switching server.
In order to achieve the above purpose, the technical scheme adopted by the disclosure is as follows:
in a first aspect, the present disclosure provides a packet forwarding method, applied to an exchange server, where a correspondence between an identifier of a node and an address of the node is stored in the exchange server, and the method includes:
receiving a message to be forwarded, wherein the destination address of the message to be forwarded is the address of the switching server, and the effective load of the message to be forwarded comprises a destination node identifier;
extracting the effective load from the message to be forwarded, and searching a target corresponding relation between the target node identification and a target node address according to the target node identification in the effective load;
and searching a destination node address corresponding to the destination node identifier in the payload according to the searched target corresponding relation, and sending the payload to a destination node corresponding to the destination node address.
In a second aspect, the present disclosure provides a packet forwarding apparatus, applied to an exchange server, where the exchange server stores a correspondence between an identifier of a node and an address of the node, and the apparatus includes:
a first interface module, configured to forward a packet to be forwarded, where a destination address of the packet to be forwarded is an address of the switching server, and a payload of the packet to be forwarded includes a destination node identifier;
a forwarding control module to:
extracting the effective load from the message to be forwarded, and searching a target corresponding relation between the target node identification and a target node address according to the target node identification in the effective load;
and searching a destination node address corresponding to the destination node identifier in the payload according to the searched target corresponding relation, and sending the payload to a destination node corresponding to the destination node address.
In a third aspect, the present disclosure provides a switching server comprising a processor and a machine-readable storage medium storing machine-executable instructions that, when executed, cause the processor to implement the method of any one of the preceding embodiments.
In a fourth aspect, the present disclosure provides a machine-readable storage medium having stored thereon machine-executable instructions that, when executed, implement the method of any one of the preceding embodiments.
The invention provides a message forwarding method, a message forwarding device and a message forwarding server, wherein the message forwarding server records the corresponding relation between the identifier of a node and the address of the node, extracts a payload from a message to be forwarded sent by the node, searches the target corresponding relation between a target node identifier and a target node address according to the target node identifier in the payload, searches the target node address corresponding to the target node identifier in the payload according to the searched target corresponding relation, and sends the payload to the target node corresponding to the target node address. Through the design, two nodes needing to communicate do not need to know the external communication address of the other party, and the complicated NAT penetration process is avoided.
In order to make the aforementioned objects, features and advantages of the present disclosure more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
To more clearly illustrate the technical solutions of the present disclosure, the drawings needed in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate certain embodiments of the present disclosure and therefore should not be considered as limiting the scope, and those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 shows a schematic diagram of a framework of an exchange server provided by the present disclosure;
FIG. 2 illustrates an interaction diagram of a switching server and a node provided by the present disclosure;
FIG. 3 illustrates another interaction diagram of a switching server and a node provided by the present disclosure;
FIG. 4 illustrates an architectural diagram of one type of I/O channel provided by the present disclosure;
FIG. 5 illustrates another interaction diagram of a switching server and a node provided by the present disclosure;
fig. 6 shows a schematic flow chart of a message forwarding method provided by the present disclosure;
fig. 7 shows another flow chart of the packet forwarding method provided by the present disclosure.
Detailed Description
The technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the accompanying drawings, and it is to be understood that the described embodiments are only some, but not all, of the embodiments of the present disclosure. The components of the embodiments of the present disclosure, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present disclosure, presented in the figures, is not intended to limit the scope of the claimed disclosure, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the disclosure without making creative efforts, shall fall within the protection scope of the disclosure.
In order to implement data exchange between two nodes belonging to a heterogeneous network, the present embodiment provides a message forwarding method, a message forwarding apparatus, and an exchange server, which will be described in detail below.
Referring to fig. 1, fig. 1 shows a schematic structural diagram of a switching server 100 according to the present embodiment. The switching server 100 includes a processor 101, a machine-readable storage medium 102, and a message forwarding device 110, wherein the processor 101 and the machine-readable storage medium 102 are communicatively connected via a system bus to implement data communication.
The message forwarding apparatus 110 includes at least one software functional module that can be stored in the machine-readable storage medium 102 in the form of machine-executable instructions, and the processor 101 can implement the message forwarding method provided by this embodiment by reading and executing the machine-executable instructions in the machine-readable storage medium 102.
It should be understood that the structure shown in fig. 1 is only illustrative, and that the switching server 100 may also include more or fewer components than shown in fig. 1, for example, may also include the network element 103, or may have a completely different configuration than that described in fig. 1. The components shown in fig. 1 may be implemented by software and/or hardware, which is not limited in this embodiment.
Referring to fig. 2, fig. 2 is a schematic view of an application scenario provided in this embodiment, in which heterogeneous networks 200 and 300 are shown, a node 210 exists in the network 300, and a node 310 exists in the network 300. Node 210 and node 310 are each communicatively coupled to switching server 100.
Heterogeneous means that two networks use different network access technologies, or have different network structures, etc. The node of the present embodiment may be any electronic device having a communication function.
In some embodiments, NAT traversal techniques may be employed to facilitate data exchange between node 210 and node 310. That is, the external communication addresses of the node 210 and the node 310 are determined, respectively, and communication is performed based on the external communication addresses. However, taking node 210 as an example, the external communication address thereof is typically assigned by a gateway (with NAT function deployed) of network 10, and may change, making it difficult to accurately determine the external communication address of node 210. Similarly, the determination of the external communication address of node 310 may also present difficulties. Thus, it is very difficult to implement data exchange between node 210 and node 310.
In order to improve the above problem, in this embodiment, the switching server has a determined external communication address (e.g., a specific domain name or a public network address), and stores a correspondence between an identifier of a node and an address of the node, then the node 210 and the node 310 may communicate with the switching server respectively, and forward a packet sent by the node based on the correspondence stored on the switching server.
Referring to fig. 2 again, the message forwarding device 110 provided in this embodiment is functionally divided, and may include a forwarding control module 111 and a first interface module 112.
The first interface module 112 is configured to receive a message to be forwarded.
The destination address of the to-be-forwarded message is an address of the switching server 100, and the destination address may be, for example, a destination IP (internet protocol) address, a destination MAC (media access control) address, and the like, and is used to indicate a forwarding device between the source node and the switching server, and send the to-be-forwarded message to the switching server.
The payload (payload) of the message to be forwarded includes a destination node identifier, and the destination node identifier is an identifier of a destination node that needs to receive the message to be forwarded. The payload of the packet to be forwarded may further include a source node identifier, which is an identifier of a source node that sends the packet to be forwarded to the switching server 100. For example, the node 210 sends a packet to be forwarded to the node 12, where the source node identifier in the payload is the identifier of the node 210, and the destination node identifier is the identifier of the node 310.
In addition, the payload may further include message content, and the message content may be in a text form or a binary form, which is not limited in this embodiment.
The forwarding control module 111 is configured to: extracting the effective load from the message to be forwarded, and searching a target corresponding relation between the target node identification and a target node address according to the target node identification in the effective load; and searching a destination node address corresponding to the destination node identifier in the payload according to the searched target corresponding relation, and sending the payload to a destination node corresponding to the destination node address.
In this embodiment, for each node accessing the switching server 100, the switching server 100 stores the correspondence between the identifier of the node and the address of the node. Thus, based on the payload extracted from the packet to be forwarded, the forwarding control module 111 may identify the destination node identifier in the payload, and search the corresponding relationship hit by the destination node identifier from the stored corresponding relationship, that is, search the corresponding relationship containing the destination node identifier. The found corresponding relation is the target corresponding relation, and the address in the target corresponding relation is the destination node address.
The forwarding control module 111 may send the payload to the address in the target correspondence, so that the payload may reach the destination node corresponding to the destination node address.
By the message forwarding device provided by the embodiment, two nodes needing to communicate can not need to know the external communication address of the other party, so that a NAT (network address translation) penetrating process required for acquiring the external communication address of the other party when the two nodes belong to the heterogeneous network is avoided, and data exchange between the two nodes belonging to the heterogeneous network can be realized very conveniently.
Referring to fig. 3, another schematic diagram of the interaction between the packet forwarding device 110 and the nodes 210 and 310 is exemplarily shown.
The message forwarding apparatus 110 may further include an access control module 114, and through the access control module 114, the switching server 100 may verify a node that needs to be accessed, and if the node passes the verification, create a corresponding interface module to establish a websocket connection with the node, so as to obtain an address of the node through the websocket connection, and record a corresponding relationship between the address of the node and an identifier of the node.
In detail, in this embodiment, the access control module 114 may be configured to:
before a forwarding control module searches a target corresponding relation between a target node identifier and a target node address according to the target node identifier in a payload, receiving an access request sent by a target node, and performing access verification on the target node according to the access request;
when the target node passes the access verification, a second interface module at least comprising a websocket object is created, and websocket connection is established with the target node through the websocket object;
and storing a first association relationship between the second interface module and the destination node identifier and a second association relationship between the websocket object in the second interface module and the destination node address in an exchange server, wherein the target correspondence relationship comprises the first association relationship and the second association relationship.
In one example, access control module 114 may default that all access requests are authenticated.
In another example, access control module 114 may store an admission list and verify the nodes requiring access based on the admission list. Wherein the admission list can be changed as required. The access authentication procedure in this example is described below with the node 310 as an example:
first, the switching server 100 may send a token (token) to the node 310 in response to a configuration operation of an administrator, or actively send the token to the node 310 when the node 310 obtains a corresponding right (e.g., a forwarding service of the switching server is purchased, etc.).
Wherein the token may be an identifier generated according to a particular algorithm.
And secondly, associating and storing the metadata (metadata) of the node 310 and the token into an admission list. The metadata may be, for example, information capable of identifying the node identity, such as an identifier of the node, a device type, device vendor information, and a gateway IP address of the affiliated network, which is not limited in this embodiment.
Third, the node 310 installs an agent 311, and configures its metadata and token in the agent 311.
Among other things, the agent 311 includes at least a websocket object, such as a websocket client (client), through which a websocket connection can be established with the switching server 100.
Fourthly, the agent 311 may send an access request to the switching server 100 through an HTTPS (hypertext transfer protocol secure layer) protocol, where a request body of the access request includes the metadata and the token of the node 310.
Fifthly, the switching server 100 receives the access request through the access control module 114, and searches whether the metadata and the token in the request body of the access request exist in an admission list, if yes, the node 310 is judged to pass the access verification, and if not, the node 310 is judged not to pass the access verification.
Sixthly, the access control module creates an interface instance as the second interface module 113 when the node 310 passes the access verification, where the second interface module 113 at least includes a websocket object, and stores a first association relationship between the second interface module 113 and the identifier of the node 310 in the switching server 100.
The websocket object in the second interface module 113 may be, for example, a websocket server.
Seventhly, the access control module 114 establishes a websocket connection with the websocket client in the agent 311 of the node 310 through the websocket server in the second interface module 113, and stores a second association relationship between the websocket server in the second interface module 113 and the address of the node 310 in the switching server 100.
The websocket server of the second interface module 113 generally monitors a transport layer port, and the websocket server can communicate with the outside through the transport layer port. Then, the second interface module 113 may carry the port number of the transport layer port in an HTTPS response message and return the HTTPS response message to the agent program 311, and a websocket client in the agent program 311 may establish a websocket connection with a websocket server in the second interface module 113 through the transport layer port.
In this embodiment, the correspondence between the address of the node 310 and the identifier of the node 310 may include the first association and the second association. In this case, the forwarding control module 111 searches, according to the found target correspondence, a destination node address corresponding to the destination node identifier in the payload, and a manner of sending the payload to a destination node corresponding to the destination node address may be:
searching the second interface module corresponding to the destination node identification according to the first incidence relation;
and calling a sending instruction of the websocket object in the second interface module, and sending the payload to the destination node address associated with the websocket object according to the second association relation.
The first association relationship may have a plurality of implementation forms.
Illustratively, switching server 100 may store a mapping table and a forwarding table, and access control module 114 may allocate an interface identifier, for example, port-310, to the created second interface module 113 and add a mapping table entry in the mapping table, where the mapping table entry includes interface identifier port-310 of second interface module 113 and a structure of second interface module 113. Then, the agent 311 of the node 310 is allocated with the node identifier node-310, and adds a forwarding table entry in the forwarding table, where the forwarding table entry includes the node identifier node-310 and the interface identifier port-310.
The first association relationship may include the mapping table entry and the forwarding table entry.
Through the first association relationship and the second association relationship, the switching server 100 may implement forwarding processing on the packet whose destination node is identified as the identifier of the node 310.
For example, a to-be-forwarded message d1 sent by the node 210 enters the switching server 100, a payload of the to-be-forwarded message d1 includes a source node identifier node-210 and a destination node identifier node-310, and the forwarding control module 111 may identify the destination node identifier node-310 from the payload of the to-be-forwarded message d1, so as to search a forwarding table according to the identified node identifier node-310 and determine an interface identifier port-310 of an interface module for sending the message to the node 310 indicated by the node-310; and then, according to the determined interface identifier port-310, looking up a mapping table, and determining a structural body of the second interface module 113 used for sending the message to the node 310.
The structural body of the second interface module 113 encapsulates a plurality of instructions, such as a sending instruction, of the websocket server, and the forwarding control module 111 may call the sending instruction of the websocket server of the second interface module 113 through the structural body to send a payload.
Since there is a websocket connection between the websocket server in the second interface module 113 and the websocket client in the agent 311 of the node 310, when the sending instruction of the websocket server of the second interface module 113 is called, the payload of the message d1 to be forwarded is sent to the address associated with the websocket server in the second interface module 113, that is, the address of the node 310, according to the second association relationship.
Then the websocket client in agent 311 may receive the payload containing message m1 that node 210 wishes to send to node 310 and pass the payload to node 310.
Similarly, the access control module 114 may perform access authentication on the node 210 before receiving the packet to be forwarded, which is sent by the node 210, by referring to the authentication procedure for the node 310 described above.
The node 210 includes an agent 211, and the agent 211 includes a websocket client. The first interface module 112 is an interface instance created by the switching server 100 when the node 210 passes the access authentication, and the first interface module 112 at least includes a websocket client, and a websocket connection is established between the websocket client and the websocket client in the agent 211. The switching server 100 further stores a correspondence between the identifier of the node 210 and the address of the node 210, where the correspondence includes: a first association relationship between the first interface module 112 and the identifier of the node 210, and a second association relationship between the websocket server in the first interface module 112 and the address of the node 210.
Correspondingly, the first association relationship between the identifiers of the first interface module 112 and the node 210 may include a mapping table and a forwarding table, the forwarding table may include the interface identifier port-210 of the first interface module 112 and the node identifier node-210 of the node 210, and the mapping table may include the interface identifier port-210 and the structure of the first interface module 112.
Node 210 may send a payload including source node identifier node-210, destination node identifier node-310, and message m1 by calling a send instruction of the websocket client in agent 211. Since a websocket connection exists between the websocket client in the agent 211 and the websocket server in the first interface module 112, the payload is encapsulated into a message d1 to be forwarded (the destination address is the address of the switching server 100), and is sent to the websocket server in the first interface module 112, and then the forwarding control module 111 forwards the message d1 to be forwarded according to the foregoing process.
In this embodiment, a node needs to obtain an identifier of an opposite node, and then sends a message to the opposite node through the switching server. Therefore, after establishing a websocket connection with a corresponding node through the websocket object in the interface module, the access control module 114 of this embodiment may send a node access notification to all nodes other than the node and accessing the switching server 100, where the node access notification includes the identifier and the metadata of the new corresponding node, so that all other nodes record the identifier and the metadata of the corresponding node.
In some scenarios, when a node sends a message to a peer node through the switching server 100, the peer node may have disconnected from the switching server 100, and the message will be discarded, resulting in packet loss. To avoid this problem, the access control module 114 may be further configured to send a node disconnection notification to all nodes accessing the switching server 100 except the corresponding node when the websocket connection between the corresponding node and the switching server 100 is disconnected, where the node disconnection notification may include the identifier of the corresponding node, so that all other nodes delete the identifier and the metadata of the corresponding node.
In addition, in an example, after the access control module 114 sends the node disconnection notification including the identifier of the node 310, the access control module may also delete the correspondence between the identifier of the node 310 and the address of the node 310, and delete the second interface module 113.
In this embodiment, the switching server 100 may have different trigger conditions for disconnecting the websocket connection with the node.
For example, when detecting that the token of the node expires, the access control module 114 calls a disconnection instruction of the websocket object in the interface module corresponding to the node, and actively disconnects the websocket connection with the node. For another example, the node may actively send a disconnection request packet to a corresponding interface module on the switching server 100, so that the interface module calls a connection disconnection instruction of the websocket object to disconnect the websocket connection. As another example, the configuration performed by the administrator of switching server 100 may cause access control module 114 to call a disconnection command for the websocket object in the interface module to disconnect the websocket connection with the corresponding node.
For another example, when detecting a network connection error, the interface module actively calls a connection disconnection instruction of the websocket object of the interface module, and disconnects the websocket connection with the corresponding node. The network connection error may be caused by a change in an external communication address in the node, for example, in this case, the agent of the node may send an access request to the switching server 100 again, the switching server 100 performs access verification on the node again, and records a correspondence between the identifier of the node and the new address of the node, thereby continuing to implement transmission and reception of the packet of the node. Therefore, the problem that in the related technology, the NAT traversal technology is difficult to accurately determine the external communication address of the node due to the change of the external communication address of the node, so that the data exchange of the heterogeneous network node is difficult can be solved.
Optionally, in order to improve the data throughput capability of the switching server 100, each interface module (interface example) may further include a buffer component (buffer). For example, the first interface module 112 and the second interface module 113 each include a respective buffer.
In this case, the manner in which the forwarding control module 111 calls the sending instruction of the websocket object in the second interface module 113 and sends the payload to the destination node address associated with the websocket object according to the second association relationship may be:
calling the sending instruction, writing the message to be forwarded into a buffer component of the second interface module 113, triggering a websocket object of the second interface module 113 to sequentially read the message in the buffer component, and sending the read message to the associated destination node address according to a second association relationship.
Taking the message d1 to be forwarded as an example, the forwarding control module 111 calls a sending instruction of the websocket server of the second interface module 113 to send the payload of the message d1 to be forwarded, and then the payload is written into the buffer of the second interface module 113, and the websocket server of the second interface module 113 reads the payload of the message d1 to be forwarded from the buffer, and sends the read payload to the address associated with the server, that is, the address of the node 310 through the websocket connection.
To further improve the data throughput capability of the switching server 100, the message forwarding device 110 may further include an I/O channel 115 shown in fig. 4, where the I/O channel 115 includes a Load Balance (LB) and at least one queue (queue), for example, queues Q1, Q2, and Qm shown in fig. 4.
In the initial state, the I/O channel 115 only includes one queue, and the capacity of the queue is L. When the LB detects that the occupancy of the queue reaches a first set rate, a new queue may be created. Correspondingly, where the I/O channel 115 contains multiple queues, the LB may create a new queue when the occupancy of each queue reaches a first set rate. The first setting ratio may be set according to requirements, and may be, for example, 75% to 85%, such as 80%.
In addition, the LB may also transfer the messages in the partial queue to another queue and delete the partial queue when the duration in which the total occupancy of all queues in the I/O channel 115 is lower than the second set ratio reaches the preset duration. The second setting ratio and the preset time can be set according to requirements. For example, the second set ratio may be 35% -45%, such as 40%; the preset time period may be 1 hour, 2 hours, 1 day, etc.
The occupancy rate is a ratio of a current data amount in the queue to a data capacity of the queue. Correspondingly, when the duration that the total occupancy rate of the queues in the I/O channel is lower than the second set ratio reaches the preset duration, copying the data in the partial queues to other queues, and deleting the partial queues.
The first interface module 112 may be configured to, after receiving the to-be-forwarded packet, transmit the received to-be-forwarded packet to the LB, where the LB selects one target queue according to the current occupancy rate of each queue, and adds the to-be-forwarded packet to the target queue. For example, the queue with the minimum current occupancy rate may be selected as the target queue.
The forwarding control module 111 may read the message to be forwarded from the target queue, and perform subsequent forwarding processing.
Optionally, the forwarding control module 111 may create, when a queue in the I/O channel is created, a thread corresponding to the queue, where the thread is configured to read a packet to be forwarded in the queue, and forward the read packet to be forwarded according to the forwarding table and the mapping table.
Referring to fig. 5, a schematic diagram of an interaction between a packet forwarding device 510 and multiple nodes in a switching server according to this embodiment is shown. The nodes are nodes 1, 2, … …, and N (N is a positive integer), the packet forwarding apparatus 510 includes a forwarding control module 511, an access control module 512, and an I/O channel 513, and the access control module 512 maintains an admission list.
A specific example is given below with reference to the scenario shown in fig. 5 to further describe the workflow of the message forwarding apparatus 510 provided in this embodiment. First, an access authentication procedure of a node will be described.
The access control module 512 responds to the configuration operation of the administrator, sends a corresponding token x1 to node 1, and stores the metadata of node 1 and token x1 in an admission list in association.
The node 1 installs an AGENT AGENT-1, wherein the AGENT-1 comprises a websocket client and a buffer. Node 1 configures token x1 and the address (e.g., public network address) of switching server 100 in AGENT-1.
The AGENT-1 transmits an access request r1 based on the HTTPS protocol to the switching server 500 according to the address of the switching server 500, the access request r1 including the metadata of the node 1 and the token x 1.
The switching server 500 receives the access request r1 through the access control module 512, determines that the metadata in the access request r1 and the token x1 exist in the admission list, and thus determines that the node 1 creates an interface instance through access authentication, which may be the interface module above.
The access control module 512 allocates an interface identifier PORT-1 to the created interface instance, where the interface instance PORT-1 includes a websocket server and a buffer, generates a mapping table entry including the structure of the interface identifier PORT-1 and the interface instance PORT-1, for example < key: PORT-1, value: PORT >, and stores the mapping table entry in a mapping table (PORT-MAP).
The access control module 512 allocates a NODE identifier NODE-1 to the NODE 1 where the AGENT-1 is located, generates a forwarding table entry, such as < key: NODE-1, value: PORT-1>, including the NODE identifier NODE-1 and the interface identifier PORT-1, and stores the forwarding table entry into a forwarding table (SWITCH-MAP).
The access control module 512 carries a PORT number of a TCP (transmission control protocol) PORT monitored by the websocket server of the interface instance PORT-1 in an HTTPS response message and returns the HTTPS response message to the AGENT-1. And the websocket client in AGENT-1 establishes websocket connection with the websocket server in the interface instance PORT-1 through the TCP PORT, and the websocket server is associated with the address of the node 1.
At this time, no other node has accessed the switching server 500, and the access control module 512 may not have to send a node access notification to the other node.
For the other nodes 2 to n, authentication may be performed with reference to the access authentication procedure described above.
Correspondingly, the NODE 2 is provided with an AGENT AGENT-2, the AGENT-2 comprises a websocket client and a buffer, and the NODE identifier of the NODE 2 is NODE-2. The message forwarding device 510 includes an interface instance PORT-2, which includes a buffer and a websocket server that establishes a websocket connection with a websocket client of the AGENT-2, where the websocket server is associated with an address of the node 2.
The NODE N is provided with an AGENT program AGENT-N, the AGENT-N comprises a websocket client and a buffer, and the NODE identification of the NODE N is NODE-N. The message forwarding device 510 includes an interface instance PORT-N, which includes a buffer, and a websocket server that establishes a websocket connection with a websocket client of the AGENT-N, where the websocket server is associated with an address of the node N.
After the websocket server in the interface instance PORT-i (i is greater than or equal to 2 and less than or equal to N, and i is a positive integer) establishes websocket connection with the websocket client in the AGENT-i of the node i, the access control module 512 may send a node access notification to other nodes in different manners.
In one approach, the access control module 512 may send the node access notification a in a multicast manner to all other nodes accessing the switching server 500 except the node i.
In this case, the destination node identification of the node access notification a includes the identifications of all other nodes accessing the switching server 500 except the node i. The access control module 512 passes the node access notification a to the LB in the I/O channel 513, which passes the node access notification to a queue with the least queue occupancy, such as Q1.
Reading a thread Th1 corresponding to the queue Q1 in the access control module 512 from the Q1 to a node access notification A, determining an interface identifier corresponding to the destination node identifier according to a forwarding table for each destination node identifier in the node access notification A, determining an interface instance corresponding to the interface identifier according to a mapping table, and writing the node access notification A into a buffer of the determined interface instance to be sent out through a websocket server of the interface instance.
In another manner, the access control module 512 may send the node access notification B to all nodes accessing the switching server 500 in a broadcast manner.
In this case, the destination node id of the node access notification B may be a preset character, for example, a character of all 0 s. Similarly, the node access notification B is added to a certain queue by the LB, a corresponding thread in the forwarding control module 511 reads the node access notification B from the queue, and if the destination node identifier is identified as the preset character, the node access notification B is written into the buffers of all interface instances, so that the node access notification B can be sent to all nodes accessing the switching server 500.
The following explains the packet forwarding process by taking an example that the node 1 needs to send a message m2 to the node 2.
The NODE 1 calls a sending instruction of a websocket server in the AGENT-1 to send a payload data, the data comprises a message m2, a source NODE identification NODE-1 and a destination NODE identification NODE-2, the data is written into a buffer of the AGENT-1, a websocket client of the AGENT-1 reads the data in the buffer, and the data is sent to the websocket server in the interface instance PORT-1 by using websocket connection.
The data is encapsulated into a to-be-forwarded message d2 with a destination address being the address of the switching server 500, the to-be-forwarded message d2 reaches a websocket server in the interface instance PORT-1, and the websocket server transmits the to-be-forwarded message d2 to an LB of the I/O channel 513.
The LB determines a target queue with the minimum occupancy rate from the existing queues Q1 to Qm, for example, Q1, writes a message d2 to be forwarded into the target queue Q1, reads the message d2 to be forwarded from the target queue Q1 by the thread Th1 in the forwarding control module 511, extracts the payload data of the message d2 to be forwarded, identifies the destination NODE identifier NODE-2 from the payload data, determines the interface identifier PORT-2 corresponding to the NODE identifier NODE-2 by searching the forwarding table, and determines the structural body of the interface instance corresponding to the interface identifier PORT-2 by searching the mapping table. Through the structural body, a sending instruction of a websocket server in the interface instance PORT-2 is called, and the payload data is sent. Then, the payload data is written into the buffer of the interface instance PORT-2, and the websocket server in the interface instance PORT-2 reads the data from the buffer and sends the data to the address of the associated node 2.
The payload data reaches the websocket client in the AGENT-2 of the node 2, and the websocket client can transmit the payload data to the node 2.
For the communication between any two other nodes, the process is similar to the above process, and is not described herein again.
In practical applications, it is possible for a node accessing the switching server to be disconnected from the switching server during operation. The following explains the process of disconnecting the node by taking the disconnection of the node N from the switching server as an example.
The access control module 512 generates a node disconnection notification when detecting that the websocket connection between the websocket client in the AGENT-N and the websocket server in the interface instance PORT-N is disconnected.
In this case, the forwarding process flow for node disconnection notification is similar to the node access notification a described above.
The node disconnection notification may also be a broadcast message, that is, the destination node identifier is a preset character. In this case, the forwarding process flow for node disconnection notification is similar to the node access notification B described above.
After sending the node disconnection notification, the access control module 512 may further delete a forwarding table entry including the interface identifier PORT-N in the forwarding table, delete a mapping table entry including the interface identifier PORT-N in the mapping table, and delete the interface instance PORT-N.
Referring to fig. 6, a flowchart of a message forwarding method applied to the switching server 100 according to this embodiment is shown, where the method may include the following steps.
Step S601, receiving a to-be-forwarded message, where a destination address of the to-be-forwarded message is an address of the switching server, and a payload of the to-be-forwarded message includes a destination node identifier.
The payload of the packet to be forwarded may further include a source node identifier, and step S601 may be executed by the first interface module 112 described above.
Step S602, extracting the effective load from the message to be forwarded, and searching the target corresponding relation between the target node identification and the target node address according to the target node identification in the effective load.
Step S603, according to the searched target correspondence, searching for a destination node address corresponding to the destination node identifier in the payload, and sending the payload to a destination node corresponding to the destination node address.
Wherein steps S602 and S603 may be performed by the forwarding control module 111 described above.
Optionally, before performing step S602, the message forwarding method may further include the following steps:
receiving an access request sent by the destination node, and performing access verification on the destination node according to the access request;
if the target node passes the access verification, an interface instance at least comprising a network socket object is created, and the websocket connection is established with the target node through the websocket object;
storing a first incidence relation between the interface instance and the destination node identification and a second incidence relation between the websocket object in the interface instance and the destination node address; wherein the target corresponding relation comprises the first incidence relation and the second incidence relation.
In the case that the target correspondence includes a first association and a second association, step S603 may be implemented by the following sub-steps:
searching the interface instance corresponding to the destination node identification according to the first incidence relation;
and calling a sending instruction of the websocket object in the interface instance, and sending the payload to the destination node address associated with the websocket object according to the second association relation.
The interface instance corresponding to the destination node identifier may be the second interface module 113.
Optionally, the interface instance may include a buffer component. In this case, the step of calling the sending instruction of the websocket object in the interface instance and sending the payload to the destination node address associated with the websocket object according to the second association relationship may be implemented by the following processes:
calling the sending instruction, writing the message to be forwarded into the buffer assembly of the interface example, triggering the websocket object to sequentially read the message in the buffer assembly, and sending the read message to the associated destination node address according to the second association relation.
Optionally, the switching server 100 may further include at least one queue. In this case, as shown in fig. 7, the message forwarding method provided in this embodiment may further include the following steps:
step S604, searching the target queue with the minimum occupancy rate from the at least one queue, and adding the received packet to be forwarded to the target queue.
The occupancy rate of the queue is the ratio of the current data volume in the queue to the data capacity of the queue. Step S604 may be performed by the load balancer described above after step S601, and the description of step S604 may refer to the description of the load balancer described above.
Step S605, obtaining the packet to be forwarded from the target queue.
Wherein step S605 is executed before step S602.
Optionally, the message forwarding method provided in this embodiment may further include the following management steps for the queue:
if the occupancy rate of each queue reaches a first set ratio, a new queue is created; and/or the presence of a gas in the gas,
and if the total occupancy rates of all queues are lower than the duration of the second set ratio and reach the preset duration, transferring the messages in the partial queues to other queues, and deleting the partial queues.
The above management steps for the queues may be performed by the load balancer, and the detailed description may refer to the foregoing description of the load balancer.
Optionally, in this embodiment, the packet forwarding method may further include:
after establishing the websocket connection with the target node through the websocket object, sending a node access notification to all other nodes except the target node and accessed to the switching server, wherein the node access notification comprises the target node identification and the metadata of the target node; or,
when the websocket connection between a target node and the exchange server is disconnected, sending a node disconnection notification to all other nodes except the target node and accessed to the exchange server, wherein the node disconnection notification comprises a target node identifier; and deleting the target corresponding relation and deleting the interface instance.
With regard to the description of the above steps, reference may be made to the foregoing detailed description of the corresponding modules.
In summary, according to the packet forwarding method, the packet forwarding apparatus, and the packet forwarding server provided by the present disclosure, the packet forwarding server records the correspondence between the identifier of the node and the address of the node, extracts the payload from the packet to be forwarded sent by the node, searches for the target correspondence between the destination node identifier and the destination node address according to the destination node identifier in the payload, searches for the destination node address corresponding to the destination node identifier in the payload according to the found target correspondence, and sends the payload to the destination node corresponding to the destination node address. Through the design, two nodes needing to communicate do not need to know the external communication address of the other party, and the complicated NAT penetration process is avoided.
The foregoing is illustrative of selected embodiments of the present disclosure only and is not intended to be limiting thereof, as numerous modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (10)

1. A message forwarding method is applied to a switching server, wherein the switching server stores a corresponding relation between an identifier of a node and an address of the node, and the method comprises the following steps:
receiving a message to be forwarded, wherein the destination address of the message to be forwarded is the address of the switching server, and the payload of the message to be forwarded comprises a destination node identifier;
extracting the payload from the message to be forwarded, and searching a target corresponding relation between the destination node identifier and a destination node address according to the destination node identifier in the payload, wherein the target corresponding relation comprises a first associated relation and a second associated relation, the first associated relation represents a corresponding relation between an interface instance and the destination node identifier, and the second associated relation represents a corresponding relation between a websocket object in the interface instance and the destination node address;
searching the interface instance corresponding to the destination node identification according to the first incidence relation;
and calling a sending instruction of the websocket object in the interface instance, and sending the payload to the destination node address associated with the websocket object according to the second association relation.
2. The method of claim 1, prior to finding the destination correspondence between the destination node identifier and the destination node address according to the destination node identifier in the payload, further comprising:
receiving an access request sent by the destination node, and performing access verification on the destination node according to the access request;
if the destination node passes the access verification, creating an interface instance at least comprising a network socket object, and storing a first association relation between the interface instance and the destination node identifier;
and establishing a websocket connection with the destination node through the websocket object, and storing a second association relationship between the websocket object and the destination node address in the interface instance.
3. The method of claim 1, wherein the interface instance comprises a buffer component; the calling the sending instruction of the websocket object in the interface instance and sending the payload to the destination node address associated with the websocket object according to the second association relation includes:
calling the sending instruction, writing the message to be forwarded into the buffer assembly of the interface example, triggering the websocket object to sequentially read the message in the buffer assembly, and sending the read message to the associated destination node address according to the second association relation.
4. The method of claim 3, wherein the switching server further comprises at least one queue; the method further comprises the following steps:
after receiving a message to be forwarded, searching a target queue with the minimum occupancy rate from the at least one queue, and adding the received message to be forwarded to the target queue, wherein the occupancy rate of the queue is the ratio of the current data volume in the queue to the data capacity of the queue; and before extracting the effective load from the message to be forwarded, acquiring the message to be forwarded from the target queue.
5. The method of claim 4, further comprising:
if the occupancy rate of each queue reaches a first set ratio, a new queue is created; and/or the presence of a gas in the gas,
and if the total occupancy rates of all the queues are lower than the duration of a second set ratio and reach a preset duration, transferring part of the messages in the queues to other queues, and deleting part of the queues.
6. The method according to any one of claims 2-5, further comprising:
after establishing a websocket connection with the destination node through the websocket object, sending a node access notification to all other nodes except the destination node and accessing the switching server, wherein the node access notification comprises a destination node identifier and metadata of the destination node; or,
when the websocket connection between the destination node and the exchange server is disconnected, sending a node disconnection notification to all other nodes except the destination node and accessed to the exchange server, wherein the node disconnection notification comprises the destination node identifier; and deleting the target corresponding relation and deleting the interface instance.
7. The method according to any of claims 1-5, wherein the payload of the packet to be forwarded further comprises a source node identifier.
8. A message forwarding device is applied to a switching server, wherein the switching server stores a correspondence between an identifier of a node and an address of the node, and the device comprises:
a first interface module, configured to receive a packet to be forwarded, where a destination address of the packet to be forwarded is an address of the switching server, and a payload of the packet to be forwarded includes a destination node identifier;
a forwarding control module to:
extracting the payload from the message to be forwarded, and searching a target corresponding relation between the destination node identifier and a destination node address according to the destination node identifier in the payload, wherein the target corresponding relation comprises a first associated relation and a second associated relation, the first associated relation represents a corresponding relation between an interface instance and the destination node identifier, and the second associated relation represents a corresponding relation between a websocket object in the interface instance and the destination node address;
searching the interface instance corresponding to the destination node identification according to the first incidence relation;
and calling a sending instruction of the websocket object in the interface instance, and sending the payload to the destination node address associated with the websocket object according to the second association relation.
9. A switching server comprising a processor and a machine-readable storage medium having stored thereon machine-executable instructions that, when executed, cause the processor to implement the method of any one of claims 1-7.
10. A machine-readable storage medium having stored thereon machine-executable instructions which, when executed, implement the method of any one of claims 1-7.
CN201911011778.1A 2019-10-23 2019-10-23 Message forwarding method and device and switching server Active CN110809033B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911011778.1A CN110809033B (en) 2019-10-23 2019-10-23 Message forwarding method and device and switching server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911011778.1A CN110809033B (en) 2019-10-23 2019-10-23 Message forwarding method and device and switching server

Publications (2)

Publication Number Publication Date
CN110809033A CN110809033A (en) 2020-02-18
CN110809033B true CN110809033B (en) 2022-07-12

Family

ID=69488952

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911011778.1A Active CN110809033B (en) 2019-10-23 2019-10-23 Message forwarding method and device and switching server

Country Status (1)

Country Link
CN (1) CN110809033B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844878B (en) * 2022-03-29 2023-04-11 宁德星云检测技术有限公司 WebSocket-based lithium battery test system communication method and device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127758A (en) * 2006-08-16 2008-02-20 华为技术有限公司 IP address acquisition method and acquisition system for mobile nodes
CN101296238A (en) * 2008-06-17 2008-10-29 杭州华三通信技术有限公司 Method and equipment for remaining persistency of security socket layer conversation
CN101594297A (en) * 2008-05-30 2009-12-02 当代天启技术(北京)有限公司 The swap server of data addressing and forwarding, system and method in the Control Network
CN102088412A (en) * 2011-03-02 2011-06-08 华为技术有限公司 Exchange unit chip, router and transmission method of cell information
CN102098349A (en) * 2009-12-09 2011-06-15 中兴通讯股份有限公司 Address mapping method and access service node
CN102684969A (en) * 2011-03-18 2012-09-19 日电(中国)有限公司 VPN (virtual private network) node, VPN node identification analysis agency and VPN node identification analysis, VPN server
CN102752413A (en) * 2012-07-02 2012-10-24 杭州华三通信技术有限公司 Method for selecting DHCP (dynamic host configuration protocol) server and network equipment
EP2787693A1 (en) * 2013-04-05 2014-10-08 Telefonaktiebolaget LM Ericsson (PUBL) User plane traffic handling using network address translation and request redirection
CN107370727A (en) * 2017-06-22 2017-11-21 北京邮电大学 A kind of ZigBee-network interior joint equipment triggering method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127758A (en) * 2006-08-16 2008-02-20 华为技术有限公司 IP address acquisition method and acquisition system for mobile nodes
CN101594297A (en) * 2008-05-30 2009-12-02 当代天启技术(北京)有限公司 The swap server of data addressing and forwarding, system and method in the Control Network
CN101296238A (en) * 2008-06-17 2008-10-29 杭州华三通信技术有限公司 Method and equipment for remaining persistency of security socket layer conversation
CN102098349A (en) * 2009-12-09 2011-06-15 中兴通讯股份有限公司 Address mapping method and access service node
CN102088412A (en) * 2011-03-02 2011-06-08 华为技术有限公司 Exchange unit chip, router and transmission method of cell information
CN102684969A (en) * 2011-03-18 2012-09-19 日电(中国)有限公司 VPN (virtual private network) node, VPN node identification analysis agency and VPN node identification analysis, VPN server
CN102752413A (en) * 2012-07-02 2012-10-24 杭州华三通信技术有限公司 Method for selecting DHCP (dynamic host configuration protocol) server and network equipment
EP2787693A1 (en) * 2013-04-05 2014-10-08 Telefonaktiebolaget LM Ericsson (PUBL) User plane traffic handling using network address translation and request redirection
CN107370727A (en) * 2017-06-22 2017-11-21 北京邮电大学 A kind of ZigBee-network interior joint equipment triggering method and device

Also Published As

Publication number Publication date
CN110809033A (en) 2020-02-18

Similar Documents

Publication Publication Date Title
CN113115480B (en) Address information sending method, address information obtaining method, address information sending device, address information obtaining device, address information sending equipment and address information obtaining medium
US11075948B2 (en) Method and system for virtual machine aware policy management
US9438679B2 (en) Method, apparatus, name server and system for establishing FCOE communication connection
EP2993838A1 (en) Method for setting identity of gateway device and management gateway device
CN111327668B (en) Network management method, device, equipment and storage medium
US20170214691A1 (en) Methods, systems, and computer readable media for remote authentication dial-in user service (radius) topology hiding
KR20150076041A (en) System for supporting multi-tenant based on private ip address in virtual private cloud networks and operating method thereof
CN107094110B (en) DHCP message forwarding method and device
WO2022033345A1 (en) Pdu session establishment method, terminal device, and chip system
US20110035413A1 (en) Diameter bus communications between processing nodes of a network element
CN113709250B (en) Cross-domain user data synchronization method based on subscription transmission mode
CN112437127A (en) Message processing method and device, load balancer and server
CN113810349B (en) Data transmission method, device, computer equipment and storage medium
EP2218214B1 (en) Network location service
CN111953806B (en) Link selection method, device, computer equipment and computer storage medium
CN104488240B (en) Session management method, address management method and relevant device
CN109561004B (en) Message forwarding method and device and switch
CN109120556B (en) A kind of method and system of cloud host access object storage server
CN115379010A (en) Container network construction method, device, equipment and storage medium
US10069715B2 (en) Method for deploying resource in cloud computing environment
EP2165502B1 (en) Lawful interception of data of a roaming mobile node
CN102946350B (en) A kind of data transmission method based on priority and equipment
CN110809033B (en) Message forwarding method and device and switching server
WO2013129207A1 (en) Mobile communication system, communication system, node, flow-control network, and communication-control method
JP2024511907A (en) Network function registration method, discovery method, equipment, device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant