CN110971482A - Back-end server detection method and device based on ebpf and electronic equipment - Google Patents
Back-end server detection method and device based on ebpf and electronic equipment Download PDFInfo
- Publication number
- CN110971482A CN110971482A CN201911071781.2A CN201911071781A CN110971482A CN 110971482 A CN110971482 A CN 110971482A CN 201911071781 A CN201911071781 A CN 201911071781A CN 110971482 A CN110971482 A CN 110971482A
- Authority
- CN
- China
- Prior art keywords
- data packet
- end server
- ebpf
- packet
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the disclosure provides a back-end server detection method, a back-end server detection device and electronic equipment based on ebpf, belonging to the technical field of data processing, wherein the method comprises the following steps: acquiring a first data packet sent by a client aiming at a back-end server, wherein the first data packet comprises a VIP field pointing to the address of the back-end server; analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller; adding an IPIP tunnel head to the first data packet according to the somark value in the first data packet to form a second data packet sent to the back-end server; and detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet. The scheme of the disclosure can accurately detect the performance of the back-end server.
Description
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a backend server detection method and apparatus based on ebpf, and an electronic device.
Background
Determining the health of servers and applications through health checks is a very important function of a load balancer. Without a load balancer, a client may send a request to a server that has been down. The network administrator must manually intervene to replace the server or troubleshoot the server. Sometimes the server may not be down, but for some reason, such as a software bug, the application system running on the server may not work properly. For example, a Web application may be running normally, but the page it returns is the wrong content. The load balancer can detect these conditions and immediately direct client requests to the normal servers without intervention by an administrator.
In general, health checks fall into two categories: in-band health check and out-of-band health check. The in-band health check is that the load balancer observes the traffic between the client and the server to judge whether the server is healthy or not. For example, if the load balancer sends a SYN packet for a client to a real server, but does not receive a SYN ACK packet response, the load balancer may suspect that the real server is in problem. The load balancer can also directly send health-checked data packets to check whether the real server is healthy, and the data packets are generated by the load balancer itself.
In the existing health check, a health check heartbeat is sent to a rear-end RS (rear-end server) on an LB (load balancing) machine, and the RS returns a health check packet to the LB after receiving the health check packet. The existing health examination program cannot completely simulate the LB package issuing process. This can result in the instant RS not being configured with tunnels and VIPs (virtual IP), and the health check is still successful, leading to false alarm conditions.
Disclosure of Invention
In view of this, embodiments of the present disclosure provide a backend server detection method and apparatus based on ebpf, and an electronic device, which at least partially solve the problems in the prior art.
In a first aspect, an embodiment of the present disclosure provides a backend server detection method based on ebpf, including:
acquiring a first data packet sent by a client aiming at a back-end server, wherein the first data packet comprises a VIP field pointing to the address of the back-end server;
analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller;
adding an IPIP tunnel head to the first data packet according to the somark value in the first data packet to form a second data packet sent to the back-end server;
and detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes:
writing an ebpf program related code, and sending the code to a hook point of the flow controller.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes:
setting a mapping relation graph in the ebpf program;
and issuing the corresponding relation between the somark value and the IP of the back-end server to a mapping relation graph of ebpf.
According to a specific implementation manner of the embodiment of the present disclosure, the analyzing the data content in the first data packet by using an ebpf program set at a hook point on the flow controller includes:
after the client initiates connection to the back-end server, a socket data packet containing a socket value, which is sent to the back-end server by the client, is obtained;
and taking the socket data packet as the first data packet.
According to a specific implementation manner of the embodiment of the present disclosure, adding an IPIP tunnel header to the first data packet according to the somark value in the first data packet to form a second data packet sent to the backend server, includes:
adding an IPIP tunnel header to a first data packet based on a somark value in the first data packet by utilizing an ebpf program;
setting a source IP of the first data packet as an outlet IP of the flow control;
and setting the destination IP of the first data packet as the IP of the back-end server.
According to a specific implementation manner of the embodiment of the present disclosure, the detecting the performance of the back-end server based on the third data packet responded by the back-end server with respect to the second data packet includes:
analyzing the content in the third data packet;
and detecting the health condition of the back-end server based on the analysis result.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes:
creating a socket data packet;
binding the source IP of the socket data packet to be the outlet IP of the client;
and setting a socket value in the socket data packet according to the IP field of the back-end server which needs to be detected currently.
According to a specific implementation manner of the embodiment of the present disclosure, adding an IPIP tunnel header to the first data packet according to the somark value in the first data packet to form a second data packet sent to the backend server, includes:
setting a field containing a VIP in the second data packet so that whether to receive the second data packet is determined based on whether the IP in the tunnel of the second data packet is the VIP after the back-end server receives the second data packet.
In a second aspect, an embodiment of the present disclosure provides an ebpf-based backend server detection apparatus, including:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a first data packet sent by a client aiming at a back-end server, and the first data packet comprises a VIP field pointing to a back-end server address;
the second acquisition module is used for analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller;
a forming module, configured to add an IPIP tunnel header to the first data packet according to a somark value in the first data packet, and form a second data packet sent to the backend server;
and the detection module is used for detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, where the electronic device includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any of the first aspects or the ebpf-based backend server detection method in any implementation manner of the first aspect.
In a fourth aspect, this disclosed embodiment also provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the ebpf-based backend server detection method in the foregoing first aspect or any implementation manner of the first aspect.
In a fifth aspect, the present disclosure also provides a computer program product, where the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by a computer, the computer executes the ebpf-based backend server detection method in the foregoing first aspect or any implementation manner of the first aspect.
The back-end server detection scheme based on ebpf in the embodiment of the disclosure comprises the steps of obtaining a first data packet sent by a client aiming at a back-end server, wherein the first data packet comprises a VIP field pointing to the address of the back-end server; analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller; adding an IPIP tunnel head to the first data packet according to the somark value in the first data packet to form a second data packet sent to the back-end server; and detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet. According to the scheme, a hook of the EBPF is added to the flow controller of the linux kernel, different tunnels are marked for different data packets according to the somark values in the data packets, the DSR packet sending mode of the load balancer is completely simulated, and after the back-end server receives the data packets, the packets are uncovered according to the normal flow mode and are returned to the load balancer. By the method, the problem of misinformation caused by the fact that the health examination packet sending and the normal flow packet do not belong to the same data path is solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram illustrating a detection process of a backend server based on ebpf according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a backend server detection system based on ebpf according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram illustrating another ebpf-based backend server detection process provided by the embodiment of the present disclosure;
fig. 4 is a schematic diagram illustrating another ebpf-based backend server detection process provided by the embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a backend server detection apparatus based on ebpf according to an embodiment of the present disclosure;
fig. 6 is a schematic diagram of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
The embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure in the specification. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present disclosure, and the drawings only show the components related to the present disclosure rather than the number, shape and size of the components in actual implementation, and the type, amount and ratio of the components in actual implementation may be changed arbitrarily, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The embodiment of the disclosure provides a backend server detection method based on ebpf. The ebpf-based backend server detection method provided by the embodiment can be executed by a computing device, which can be implemented as software or as a combination of software and hardware, and can be integrally arranged in a server, a terminal device and the like.
Referring to fig. 1 and fig. 2, a backend server detection method based on ebpf provided by the embodiment of the present disclosure includes the following steps:
s101, a first data packet sent by a client aiming at a back-end server is obtained, wherein the first data packet comprises a VIP field pointing to the address of the back-end server.
The client is a terminal device with data processing capability, and a user can query the performance status (for example, health status) of the back-end server through the client. The client is in communication connection with the back-end server in a wired or wireless mode.
As a situation, a communication message (data packet) between the client and the backend server includes a preset communication field, see fig. 2, a message sent out by the client device includes a CIP field and a VIP field, the CIP field is used to identify a source IP of the data packet as the client itself, and the VIP field is used to identify a destination backend server address of the communication message.
In the process of acquiring the performance parameters of the back-end server, the client sends a first data packet to the back-end server, and the first data packet is relayed by a Load Balancer (LB).
S102, analyzing the data content in the first data packet by using the ebpf program set at the hook point on the traffic controller.
The load balancer may be a device operating based on a Linux operating system, and for this purpose, a hook point may be set on a flow controller (TC) on a QoS module under Linux, and a data packet sent from a client to a backend server may be acquired through the hook point.
In order to analyze and repackage the message acquired by the hook point, an ebpf (extended query Packet filter) program is set on the hook point, and various function settings can be performed through the ebpf, for example, network performance evaluation, firewall setting, program analysis tracking, device driving and the like can be performed. The set data packet analyzing and encapsulating functions can be added to the ebpf program codes in a mode of writing the ebpf program codes, and finally the ebpf codes are issued to hook points on the flow controller.
The data contained in the first data packet can be analyzed through the ebpf program, the CIP field and the VIP field contained in the first data packet can be obtained, besides, the client side is also provided with a somark value used for representing the target back-end server in the first data packet, and the somark value can be packaged and set in a socket mode as a preset mark value. For example, a somark may be set as an option value in socket data.
S103, adding an IPIP tunnel head to the first data packet according to the somark value in the first data packet to form a second data packet sent to the back-end server.
To repackage the first packet, it may be done in DSR (Direct Server Return) mode, which may be suitable for large concurrent, large flow environments, greatly reducing the possibility of the load balancing device becoming a bottleneck.
Specifically, the ebpf program may be used to repackage the first data packet based on the obtained somark value, and add an IPIP tunnel header to the first data packet (for example, a VIP field may be added to the IPIP tunnel header), where the IPIP tunnel is a simple protocol for encapsulating an IP data packet between two routers, and an IPIP tunnel interface appears in an interface list as a physical interface, thereby completely simulating a packet sending process of the load balancer. After encapsulating the first data packet, a second data packet may be formed. The second data packet may be sent directly through the load balancer.
And S104, detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet.
After the back-end server acquires the second data packet, the back-end server analyzes and judges the content in the second data packet, finds that the IP in the tunnel in the second data packet is VIP through analysis, and meanwhile, the back-end server also has a VIP field, receives the second data packet, queries performance parameters (such as software and hardware running condition parameters) in the back-end server based on a query request field in the second data packet, and returns the queried performance parameters to the load balancer through a third data packet.
By the mode, the LB package sending process is completely simulated. The tunnel and the VIP are not configured on the immediate RS, the health check is still successful, and the false alarm condition is prevented.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes: writing an ebpf program related code, and sending the code to a hook point of the flow controller.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes: setting a mapping relation graph in the ebpf program; and issuing the corresponding relation between the somark value and the IP of the back-end server to a mapping relation graph of ebpf.
According to a specific implementation manner of the embodiment of the present disclosure, the analyzing the data content in the first data packet by using an ebpf program set at a hook point on the flow controller includes: after the client initiates connection to the back-end server, a socket data packet containing a socket value, which is sent to the back-end server by the client, is obtained; and taking the socket data packet as the first data packet.
Referring to fig. 3, according to a specific implementation manner of the embodiment of the present disclosure, adding an IPIP tunnel header to the first data packet according to the somark value in the first data packet to form a second data packet sent to the backend server, may include the following steps:
s301, adding an IPIP tunnel header to the first data packet based on the somark value in the first data packet by utilizing an ebpf program.
S302, setting the source IP of the first data packet as the outlet IP of the flow control.
S303, setting the destination IP of the first data packet as the IP of the backend server.
According to a specific implementation manner of the embodiment of the present disclosure, the detecting the performance of the back-end server based on the third data packet responded by the back-end server with respect to the second data packet includes: analyzing the content in the third data packet; and detecting the health condition of the back-end server based on the analysis result.
Referring to fig. 4, according to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes:
s401, creating a socket data packet.
A socket packet may be created at the client, and various data fields may be set in the socket packet by creating the socket packet.
S402, binding the source IP of the socket data packet as the outlet IP of the client.
By obtaining the egress IP of the client, the egress IP can be bound as the source IP of the socket packet.
And S403, setting a somark value in the socket data packet according to the IP field of the back-end server which needs to be detected currently.
According to a specific implementation manner of the embodiment of the present disclosure, adding an IPIP tunnel header to the first data packet according to the somark value in the first data packet to form a second data packet sent to the backend server, includes: setting a field containing a VIP in the second data packet so that whether to receive the second data packet is determined based on whether the IP in the tunnel of the second data packet is the VIP after the back-end server receives the second data packet.
Corresponding to the above method embodiment, referring to fig. 5, an embodiment of the present disclosure further provides an ebpf-based backend server detection apparatus 50, including:
a first obtaining module 501, configured to obtain a first data packet sent by a client for a backend server, where the first data packet includes a VIP field pointing to an address of the backend server.
The client is a terminal device with data processing capability, and a user can query the performance status (for example, health status) of the back-end server through the client. The client is in communication connection with the back-end server in a wired or wireless mode.
As a situation, a communication message (data packet) between the client and the backend server includes a preset communication field, see fig. 2, a message sent out by the client device includes a CIP field and a VIP field, the CIP field is used to identify a source IP of the data packet as the client itself, and the VIP field is used to identify a destination backend server address of the communication message.
In the process of acquiring the performance parameters of the back-end server, the client sends a first data packet to the back-end server, and the first data packet is relayed by a Load Balancer (LB).
The second obtaining module 502 is configured to parse the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller.
The load balancer may be a device operating based on a Linux operating system, and for this purpose, a hook point may be set on a flow controller (TC) on a QoS module under Linux, and a data packet sent from a client to a backend server may be acquired through the hook point.
In order to analyze and repackage the message acquired by the hook point, an ebpf (extended query Packet filter) program is set on the hook point, and various function settings can be performed through the ebpf, for example, network performance evaluation, firewall setting, program analysis tracking, device driving and the like can be performed. The set data packet analyzing and encapsulating functions can be added to the ebpf program codes in a mode of writing the ebpf program codes, and finally the ebpf codes are issued to hook points on the flow controller.
The data contained in the first data packet can be analyzed through the ebpf program, the CIP field and the VIP field contained in the first data packet can be obtained, besides, the client side is also provided with a somark value used for representing the target back-end server in the first data packet, and the somark value can be packaged and set in a socket mode as a preset mark value. For example, a somark may be set as an option value in socket data.
A forming module 503, configured to add an IPIP tunnel header to the first data packet according to the somark value in the first data packet, and form a second data packet sent to the backend server.
To repackage the first packet, it may be done in DSR (Direct Server Return) mode, which may be suitable for large concurrent, large flow environments, greatly reducing the possibility of the load balancing device becoming a bottleneck.
Specifically, the ebpf program may be used to repackage the first data packet based on the obtained somark value, and add an IPIP tunnel header to the first data packet (for example, a VIP field may be added to the IPIP tunnel header), where the IPIP tunnel is a simple protocol for encapsulating an IP data packet between two routers, and an IPIP tunnel interface appears in an interface list as a physical interface, thereby completely simulating a packet sending process of the load balancer. After encapsulating the first data packet, a second data packet may be formed. The second data packet may be sent directly through the load balancer.
A detecting module 504, configured to detect performance of the backend server based on a third data packet that the backend server responds to the second data packet.
After the back-end server acquires the second data packet, the back-end server analyzes and judges the content in the second data packet, finds that the IP in the tunnel in the second data packet is VIP through analysis, and meanwhile, the back-end server also has a VIP field, receives the second data packet, queries performance parameters (such as software and hardware running condition parameters) in the back-end server based on a query request field in the second data packet, and returns the queried performance parameters to the load balancer through a third data packet.
By the mode, the LB package sending process is completely simulated. The tunnel and the VIP are not configured on the immediate RS, the health check is still successful, and the false alarm condition is prevented.
The apparatus shown in fig. 5 may correspondingly execute the content in the above method embodiment, and details of the part not described in detail in this embodiment refer to the content described in the above method embodiment, which is not described again here.
Referring to fig. 6, an embodiment of the present disclosure also provides an electronic device 60, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the ebpf-based backend server detection method in the aforementioned method embodiments.
The disclosed embodiments also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the foregoing method embodiments.
The disclosed embodiments also provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the ebpf-based backend server detection method in the aforementioned method embodiments.
Referring now to FIG. 6, a schematic diagram of an electronic device 60 suitable for use in implementing embodiments of the present disclosure is shown. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, the electronic device 60 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 60 are also stored. The processing device 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 60 to communicate with other devices wirelessly or by wire to exchange data. While the figures illustrate an electronic device 60 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 609, or may be installed from the storage means 608, or may be installed from the ROM 602. The computer program, when executed by the processing device 601, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring at least two internet protocol addresses; sending a node evaluation request comprising the at least two internet protocol addresses to node evaluation equipment, wherein the node evaluation equipment selects the internet protocol addresses from the at least two internet protocol addresses and returns the internet protocol addresses; receiving an internet protocol address returned by the node evaluation equipment; wherein the obtained internet protocol address indicates an edge node in the content distribution network.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a node evaluation request comprising at least two internet protocol addresses; selecting an internet protocol address from the at least two internet protocol addresses; returning the selected internet protocol address; wherein the received internet protocol address indicates an edge node in the content distribution network.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present disclosure should be covered within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (11)
1. A backend server detection method based on ebpf is characterized by comprising the following steps:
acquiring a first data packet sent by a client aiming at a back-end server, wherein the first data packet comprises a VIP field pointing to the address of the back-end server;
analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller;
adding an IPIP tunnel head to the first data packet according to the somark value in the first data packet to form a second data packet sent to the back-end server;
and detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet.
2. The method of claim 1, wherein before parsing the data content in the first packet using an ebpf program located at a hook point on the traffic controller, the method further comprises:
writing an ebpf program related code, and sending the code to a hook point of the flow controller.
3. The method of claim 1, wherein before parsing the data content in the first packet using an ebpf program located at a hook point on the traffic controller, the method further comprises:
setting a mapping relation graph in the ebpf program;
and issuing the corresponding relation between the somark value and the IP of the back-end server to a mapping relation graph of ebpf.
4. The method of claim 1, wherein parsing the data content in the first packet using an ebpf program located at a hook point on the traffic controller comprises:
after the client initiates connection to the back-end server, a socket data packet containing a socket value, which is sent to the back-end server by the client, is obtained;
and taking the socket data packet as the first data packet.
5. The method according to claim 1, wherein said adding an IPIP tunnel header to the first packet according to the somark value in the first packet to form a second packet to be sent to the backend server comprises:
adding an IPIP tunnel header to a first data packet based on a somark value in the first data packet by utilizing an ebpf program;
setting a source IP of the first data packet as an outlet IP of the flow control;
and setting the destination IP of the first data packet as the IP of the back-end server.
6. The method of claim 1, wherein the detecting the performance of the back-end server based on a third packet responded to by the back-end server for the second packet comprises:
analyzing the content in the third data packet;
and detecting the health condition of the back-end server based on the analysis result.
7. The method of claim 1, wherein before parsing the data content in the first packet using an ebpf program located at a hook point on the traffic controller, the method further comprises:
creating a socket data packet;
binding the source IP of the socket data packet to be the outlet IP of the client;
and setting a socket value in the socket data packet according to the IP field of the back-end server which needs to be detected currently.
8. The method according to claim 1, wherein said adding an IPIP tunnel header to the first packet according to the somark value in the first packet to form a second packet to be sent to the backend server comprises:
setting a field containing a VIP in the second data packet so that whether to receive the second data packet is determined based on whether the IP in the tunnel of the second data packet is the VIP after the back-end server receives the second data packet.
9. A backend server detection device based on ebpf includes:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a first data packet sent by a client aiming at a back-end server, and the first data packet comprises a VIP field pointing to a back-end server address;
the second acquisition module is used for analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller;
a forming module, configured to add an IPIP tunnel header to the first data packet according to a somark value in the first data packet, and form a second data packet sent to the backend server;
and the detection module is used for detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet.
10. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the ebpf-based backend server detection method of any preceding claim 1-8.
11. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the ebpf-based backend server detection method of any preceding claim 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911071781.2A CN110971482B (en) | 2019-11-05 | 2019-11-05 | Back-end server detection method and device based on ebpf and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911071781.2A CN110971482B (en) | 2019-11-05 | 2019-11-05 | Back-end server detection method and device based on ebpf and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110971482A true CN110971482A (en) | 2020-04-07 |
| CN110971482B CN110971482B (en) | 2021-07-23 |
Family
ID=70030179
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911071781.2A Active CN110971482B (en) | 2019-11-05 | 2019-11-05 | Back-end server detection method and device based on ebpf and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110971482B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113765867A (en) * | 2020-08-12 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Data transmission method, device, equipment and storage medium |
| US11507353B1 (en) | 2021-07-14 | 2022-11-22 | International Business Machines Corporation | Adapting pre-compiled eBPF programs at runtime for the host kernel by offset inference |
| CN115589383A (en) * | 2022-09-28 | 2023-01-10 | 建信金融科技有限责任公司 | eBPF-based virtual machine data transmission method, device, equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104144064A (en) * | 2013-05-09 | 2014-11-12 | 张焰 | Server fault detection and switchover method |
| CN107026890A (en) * | 2016-02-02 | 2017-08-08 | 华为技术有限公司 | A kind of message forming method and load equalizer based on server cluster |
| CN108011801A (en) * | 2016-11-01 | 2018-05-08 | 阿里巴巴集团控股有限公司 | Method, unit and the system of data transfer |
| CN108027828A (en) * | 2015-09-14 | 2018-05-11 | 微软技术许可有限责任公司 | It is synchronous with the trust instrument of stateless synchronization node |
| CN108200199A (en) * | 2018-02-05 | 2018-06-22 | 重庆大学 | SiteServer LBS and method in IPV4 over IPV6 tunnels scene |
| CN109086193A (en) * | 2017-06-13 | 2018-12-25 | 阿里巴巴集团控股有限公司 | Monitoring method, apparatus and system |
| US20190173841A1 (en) * | 2017-12-06 | 2019-06-06 | Nicira, Inc. | Load balancing ipsec tunnel processing with extended berkeley packet filer (ebpf) |
| CN110247823A (en) * | 2019-06-13 | 2019-09-17 | 北京奇艺世纪科技有限公司 | A kind of fault detection method, device and relevant device |
| CN110311988A (en) * | 2019-07-30 | 2019-10-08 | 中国工商银行股份有限公司 | Health examination method, load-balancing method and the device of back-end server |
| CN110324244A (en) * | 2018-03-28 | 2019-10-11 | 北京华为数字技术有限公司 | A kind of method for routing and server based on Linux virtual server |
| CN110325929A (en) * | 2016-12-07 | 2019-10-11 | 阿瑞路资讯安全科技股份有限公司 | System and method for detecting the waveform analysis of cable network variation |
-
2019
- 2019-11-05 CN CN201911071781.2A patent/CN110971482B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104144064A (en) * | 2013-05-09 | 2014-11-12 | 张焰 | Server fault detection and switchover method |
| CN108027828A (en) * | 2015-09-14 | 2018-05-11 | 微软技术许可有限责任公司 | It is synchronous with the trust instrument of stateless synchronization node |
| CN107026890A (en) * | 2016-02-02 | 2017-08-08 | 华为技术有限公司 | A kind of message forming method and load equalizer based on server cluster |
| CN108011801A (en) * | 2016-11-01 | 2018-05-08 | 阿里巴巴集团控股有限公司 | Method, unit and the system of data transfer |
| CN110325929A (en) * | 2016-12-07 | 2019-10-11 | 阿瑞路资讯安全科技股份有限公司 | System and method for detecting the waveform analysis of cable network variation |
| CN109086193A (en) * | 2017-06-13 | 2018-12-25 | 阿里巴巴集团控股有限公司 | Monitoring method, apparatus and system |
| US20190173841A1 (en) * | 2017-12-06 | 2019-06-06 | Nicira, Inc. | Load balancing ipsec tunnel processing with extended berkeley packet filer (ebpf) |
| CN108200199A (en) * | 2018-02-05 | 2018-06-22 | 重庆大学 | SiteServer LBS and method in IPV4 over IPV6 tunnels scene |
| CN110324244A (en) * | 2018-03-28 | 2019-10-11 | 北京华为数字技术有限公司 | A kind of method for routing and server based on Linux virtual server |
| CN110247823A (en) * | 2019-06-13 | 2019-09-17 | 北京奇艺世纪科技有限公司 | A kind of fault detection method, device and relevant device |
| CN110311988A (en) * | 2019-07-30 | 2019-10-08 | 中国工商银行股份有限公司 | Health examination method, load-balancing method and the device of back-end server |
Non-Patent Citations (3)
| Title |
|---|
| DOMINIK SCHOLZ,: ""Performance Implications of Packet Filtering with Linux eBPF"", 《 2018 30TH INTERNATIONAL TELETRAFFIC CONGRESS (ITC 30)》 * |
| SHARMA SD,: ""Enhanced Userspace and In-Kernel Trace Filtering for Production"", 《JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY》 * |
| 周怡臻,: ""基于OpenStack的Web-EDA云计算平台及应用管理系统开发"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113765867A (en) * | 2020-08-12 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Data transmission method, device, equipment and storage medium |
| CN113765867B (en) * | 2020-08-12 | 2023-05-12 | 北京沃东天骏信息技术有限公司 | Data transmission method, device, equipment and storage medium |
| US11507353B1 (en) | 2021-07-14 | 2022-11-22 | International Business Machines Corporation | Adapting pre-compiled eBPF programs at runtime for the host kernel by offset inference |
| CN115589383A (en) * | 2022-09-28 | 2023-01-10 | 建信金融科技有限责任公司 | eBPF-based virtual machine data transmission method, device, equipment and storage medium |
| CN115589383B (en) * | 2022-09-28 | 2024-04-26 | 建信金融科技有限责任公司 | EBPF-based virtual machine data transmission method, eBPF-based virtual machine data transmission device, eBPF-based virtual machine data transmission apparatus, eBPF-based virtual machine data transmission device, eBPF-based virtual machine data transmission storage medium, and eBPF-based virtual machine data transmission program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110971482B (en) | 2021-07-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108959000B (en) | Server pressure testing method, system and terminal | |
| CN110971482B (en) | Back-end server detection method and device based on ebpf and electronic equipment | |
| US10212063B2 (en) | Network aware distributed business transaction anomaly detection | |
| CN111177617A (en) | Web direct operation and maintenance method and device based on operation and maintenance management system and electronic equipment | |
| US8996921B2 (en) | Indicating coverage of Web application testing | |
| CN111694674B (en) | Message distribution processing method, device, equipment and storage medium | |
| US20170126789A1 (en) | Automatic Software Controller Configuration based on Application and Network Data | |
| EP3490304A1 (en) | Method for identifying access point and hotspot, and related product | |
| CN109873735B (en) | Performance test method and device for H5 page and computer equipment | |
| US10404568B2 (en) | Agent manager for distributed transaction monitoring system | |
| US9253228B2 (en) | Cloud computing method, computing apparatus and server using the same | |
| US20210014331A1 (en) | Information processing apparatus and information processing system | |
| US9577900B1 (en) | Application centric network experience monitoring | |
| CN106161396A (en) | A kind of virtual machine network that realizes accesses the method and device controlled | |
| CN109491908B (en) | Page detection method and device, electronic equipment and storage medium | |
| CN115756881A (en) | Data processing method, device, equipment and storage medium based on SDK | |
| KR20170028218A (en) | Commucation device providing dynamic modbus protocol mapping | |
| CN112291121B (en) | Data processing method and related equipment | |
| CN112235300A (en) | Cloud virtual network vulnerability detection method, system and device and electronic equipment | |
| CN111125759A (en) | Database login account shielding method and device and electronic equipment | |
| CN115842789A (en) | Data packet scheduling method and device and readable storage medium | |
| CN112379967B (en) | Simulator detection method, device, equipment and medium | |
| CN110633182B (en) | System, method and device for monitoring server stability | |
| US9237127B2 (en) | Method and apparatus for dynamic host operating system firewall configuration | |
| CN111131369B (en) | APP use condition transmission method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing. Patentee after: Tiktok vision (Beijing) Co.,Ltd. Address before: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing. Patentee before: BEIJING BYTEDANCE NETWORK TECHNOLOGY Co.,Ltd. Address after: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing. Patentee after: Douyin Vision Co.,Ltd. Address before: 100041 B-0035, 2 floor, 3 building, 30 Shixing street, Shijingshan District, Beijing. Patentee before: Tiktok vision (Beijing) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |