Disclosure of Invention
In view of this, embodiments of the present disclosure provide a backend server detection method and apparatus based on ebpf, and an electronic device, which at least partially solve the problems in the prior art.
In a first aspect, an embodiment of the present disclosure provides a backend server detection method based on ebpf, including:
acquiring a first data packet sent by a client aiming at a back-end server, wherein the first data packet comprises a VIP field pointing to the address of the back-end server;
analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller;
adding an IPIP tunnel head to the first data packet according to the somark value in the first data packet to form a second data packet sent to the back-end server;
and detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes:
writing an ebpf program related code, and sending the code to a hook point of the flow controller.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes:
setting a mapping relation graph in the ebpf program;
and issuing the corresponding relation between the somark value and the IP of the back-end server to a mapping relation graph of ebpf.
According to a specific implementation manner of the embodiment of the present disclosure, the analyzing the data content in the first data packet by using an ebpf program set at a hook point on the flow controller includes:
after the client initiates connection to the back-end server, a socket data packet containing a socket value, which is sent to the back-end server by the client, is obtained;
and taking the socket data packet as the first data packet.
According to a specific implementation manner of the embodiment of the present disclosure, adding an IPIP tunnel header to the first data packet according to the somark value in the first data packet to form a second data packet sent to the backend server, includes:
adding an IPIP tunnel header to a first data packet based on a somark value in the first data packet by utilizing an ebpf program;
setting a source IP of the first data packet as an outlet IP of the flow control;
and setting the destination IP of the first data packet as the IP of the back-end server.
According to a specific implementation manner of the embodiment of the present disclosure, the detecting the performance of the back-end server based on the third data packet responded by the back-end server with respect to the second data packet includes:
analyzing the content in the third data packet;
and detecting the health condition of the back-end server based on the analysis result.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes:
creating a socket data packet;
binding the source IP of the socket data packet to be the outlet IP of the client;
and setting a socket value in the socket data packet according to the IP field of the back-end server which needs to be detected currently.
According to a specific implementation manner of the embodiment of the present disclosure, adding an IPIP tunnel header to the first data packet according to the somark value in the first data packet to form a second data packet sent to the backend server, includes:
setting a field containing a VIP in the second data packet so that whether to receive the second data packet is determined based on whether the IP in the tunnel of the second data packet is the VIP after the back-end server receives the second data packet.
In a second aspect, an embodiment of the present disclosure provides an ebpf-based backend server detection apparatus, including:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a first data packet sent by a client aiming at a back-end server, and the first data packet comprises a VIP field pointing to a back-end server address;
the second acquisition module is used for analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller;
a forming module, configured to add an IPIP tunnel header to the first data packet according to a somark value in the first data packet, and form a second data packet sent to the backend server;
and the detection module is used for detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, where the electronic device includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any of the first aspects or the ebpf-based backend server detection method in any implementation manner of the first aspect.
In a fourth aspect, this disclosed embodiment also provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the ebpf-based backend server detection method in the foregoing first aspect or any implementation manner of the first aspect.
In a fifth aspect, the present disclosure also provides a computer program product, where the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by a computer, the computer executes the ebpf-based backend server detection method in the foregoing first aspect or any implementation manner of the first aspect.
The back-end server detection scheme based on ebpf in the embodiment of the disclosure comprises the steps of obtaining a first data packet sent by a client aiming at a back-end server, wherein the first data packet comprises a VIP field pointing to the address of the back-end server; analyzing the data content in the first data packet by utilizing an ebpf program arranged on a hook point on the flow controller; adding an IPIP tunnel head to the first data packet according to the somark value in the first data packet to form a second data packet sent to the back-end server; and detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet. According to the scheme, a hook of the EBPF is added to the flow controller of the linux kernel, different tunnels are marked for different data packets according to the somark values in the data packets, the DSR packet sending mode of the load balancer is completely simulated, and after the back-end server receives the data packets, the packets are uncovered according to the normal flow mode and are returned to the load balancer. By the method, the problem of misinformation caused by the fact that the health examination packet sending and the normal flow packet do not belong to the same data path is solved.
Detailed Description
The embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure in the specification. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present disclosure, and the drawings only show the components related to the present disclosure rather than the number, shape and size of the components in actual implementation, and the type, amount and ratio of the components in actual implementation may be changed arbitrarily, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The embodiment of the disclosure provides a backend server detection method based on ebpf. The ebpf-based backend server detection method provided by the embodiment can be executed by a computing device, which can be implemented as software or as a combination of software and hardware, and can be integrally arranged in a server, a terminal device and the like.
Referring to fig. 1 and fig. 2, a backend server detection method based on ebpf provided by the embodiment of the present disclosure includes the following steps:
s101, a first data packet sent by a client aiming at a back-end server is obtained, wherein the first data packet comprises a VIP field pointing to the address of the back-end server.
The client is a terminal device with data processing capability, and a user can query the performance status (for example, health status) of the back-end server through the client. The client is in communication connection with the back-end server in a wired or wireless mode.
As a situation, a communication message (data packet) between the client and the backend server includes a preset communication field, see fig. 2, a message sent out by the client device includes a CIP field and a VIP field, the CIP field is used to identify a source IP of the data packet as the client itself, and the VIP field is used to identify a destination backend server address of the communication message.
In the process of acquiring the performance parameters of the back-end server, the client sends a first data packet to the back-end server, and the first data packet is relayed by a Load Balancer (LB).
S102, analyzing the data content in the first data packet by using the ebpf program set at the hook point on the traffic controller.
The load balancer may be a device operating based on a Linux operating system, and for this purpose, a hook point may be set on a flow controller (TC) on a QoS module under Linux, and a data packet sent from a client to a backend server may be acquired through the hook point.
In order to analyze and repackage the message acquired by the hook point, an ebpf (extended query Packet filter) program is set on the hook point, and various function settings can be performed through the ebpf, for example, network performance evaluation, firewall setting, program analysis tracking, device driving and the like can be performed. The set data packet analyzing and encapsulating functions can be added to the ebpf program codes in a mode of writing the ebpf program codes, and finally the ebpf codes are issued to hook points on the flow controller.
The data contained in the first data packet can be analyzed through the ebpf program, the CIP field and the VIP field contained in the first data packet can be obtained, besides, the client side is also provided with a somark value used for representing the target back-end server in the first data packet, and the somark value can be packaged and set in a socket mode as a preset mark value. For example, a somark may be set as an option value in socket data.
S103, adding an IPIP tunnel head to the first data packet according to the somark value in the first data packet to form a second data packet sent to the back-end server.
To repackage the first packet, it may be done in DSR (Direct Server Return) mode, which may be suitable for large concurrent, large flow environments, greatly reducing the possibility of the load balancing device becoming a bottleneck.
Specifically, the ebpf program may be used to repackage the first data packet based on the obtained somark value, and add an IPIP tunnel header to the first data packet (for example, a VIP field may be added to the IPIP tunnel header), where the IPIP tunnel is a simple protocol for encapsulating an IP data packet between two routers, and an IPIP tunnel interface appears in an interface list as a physical interface, thereby completely simulating a packet sending process of the load balancer. After encapsulating the first data packet, a second data packet may be formed. The second data packet may be sent directly through the load balancer.
And S104, detecting the performance of the back-end server based on a third data packet responded by the back-end server aiming at the second data packet.
After the back-end server acquires the second data packet, the back-end server analyzes and judges the content in the second data packet, finds that the IP in the tunnel in the second data packet is VIP through analysis, and meanwhile, the back-end server also has a VIP field, receives the second data packet, queries performance parameters (such as software and hardware running condition parameters) in the back-end server based on a query request field in the second data packet, and returns the queried performance parameters to the load balancer through a third data packet.
By the mode, the LB package sending process is completely simulated. The tunnel and the VIP are not configured on the immediate RS, the health check is still successful, and the false alarm condition is prevented.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes: writing an ebpf program related code, and sending the code to a hook point of the flow controller.
According to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes: setting a mapping relation graph in the ebpf program; and issuing the corresponding relation between the somark value and the IP of the back-end server to a mapping relation graph of ebpf.
According to a specific implementation manner of the embodiment of the present disclosure, the analyzing the data content in the first data packet by using an ebpf program set at a hook point on the flow controller includes: after the client initiates connection to the back-end server, a socket data packet containing a socket value, which is sent to the back-end server by the client, is obtained; and taking the socket data packet as the first data packet.
Referring to fig. 3, according to a specific implementation manner of the embodiment of the present disclosure, adding an IPIP tunnel header to the first data packet according to the somark value in the first data packet to form a second data packet sent to the backend server, may include the following steps:
s301, adding an IPIP tunnel header to the first data packet based on the somark value in the first data packet by utilizing an ebpf program.
S302, setting the source IP of the first data packet as the outlet IP of the flow control.
S303, setting the destination IP of the first data packet as the IP of the backend server.
According to a specific implementation manner of the embodiment of the present disclosure, the detecting the performance of the back-end server based on the third data packet responded by the back-end server with respect to the second data packet includes: analyzing the content in the third data packet; and detecting the health condition of the back-end server based on the analysis result.
Referring to fig. 4, according to a specific implementation manner of the embodiment of the present disclosure, before parsing the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller, the method further includes:
s401, creating a socket data packet.
A socket packet may be created at the client, and various data fields may be set in the socket packet by creating the socket packet.
S402, binding the source IP of the socket data packet as the outlet IP of the client.
By obtaining the egress IP of the client, the egress IP can be bound as the source IP of the socket packet.
And S403, setting a somark value in the socket data packet according to the IP field of the back-end server which needs to be detected currently.
According to a specific implementation manner of the embodiment of the present disclosure, adding an IPIP tunnel header to the first data packet according to the somark value in the first data packet to form a second data packet sent to the backend server, includes: setting a field containing a VIP in the second data packet so that whether to receive the second data packet is determined based on whether the IP in the tunnel of the second data packet is the VIP after the back-end server receives the second data packet.
Corresponding to the above method embodiment, referring to fig. 5, an embodiment of the present disclosure further provides an ebpf-based backend server detection apparatus 50, including:
a first obtaining module 501, configured to obtain a first data packet sent by a client for a backend server, where the first data packet includes a VIP field pointing to an address of the backend server.
The client is a terminal device with data processing capability, and a user can query the performance status (for example, health status) of the back-end server through the client. The client is in communication connection with the back-end server in a wired or wireless mode.
As a situation, a communication message (data packet) between the client and the backend server includes a preset communication field, see fig. 2, a message sent out by the client device includes a CIP field and a VIP field, the CIP field is used to identify a source IP of the data packet as the client itself, and the VIP field is used to identify a destination backend server address of the communication message.
In the process of acquiring the performance parameters of the back-end server, the client sends a first data packet to the back-end server, and the first data packet is relayed by a Load Balancer (LB).
The second obtaining module 502 is configured to parse the data content in the first data packet by using an ebpf program set at a hook point on the traffic controller.
The load balancer may be a device operating based on a Linux operating system, and for this purpose, a hook point may be set on a flow controller (TC) on a QoS module under Linux, and a data packet sent from a client to a backend server may be acquired through the hook point.
In order to analyze and repackage the message acquired by the hook point, an ebpf (extended query Packet filter) program is set on the hook point, and various function settings can be performed through the ebpf, for example, network performance evaluation, firewall setting, program analysis tracking, device driving and the like can be performed. The set data packet analyzing and encapsulating functions can be added to the ebpf program codes in a mode of writing the ebpf program codes, and finally the ebpf codes are issued to hook points on the flow controller.
The data contained in the first data packet can be analyzed through the ebpf program, the CIP field and the VIP field contained in the first data packet can be obtained, besides, the client side is also provided with a somark value used for representing the target back-end server in the first data packet, and the somark value can be packaged and set in a socket mode as a preset mark value. For example, a somark may be set as an option value in socket data.
A forming module 503, configured to add an IPIP tunnel header to the first data packet according to the somark value in the first data packet, and form a second data packet sent to the backend server.
To repackage the first packet, it may be done in DSR (Direct Server Return) mode, which may be suitable for large concurrent, large flow environments, greatly reducing the possibility of the load balancing device becoming a bottleneck.
Specifically, the ebpf program may be used to repackage the first data packet based on the obtained somark value, and add an IPIP tunnel header to the first data packet (for example, a VIP field may be added to the IPIP tunnel header), where the IPIP tunnel is a simple protocol for encapsulating an IP data packet between two routers, and an IPIP tunnel interface appears in an interface list as a physical interface, thereby completely simulating a packet sending process of the load balancer. After encapsulating the first data packet, a second data packet may be formed. The second data packet may be sent directly through the load balancer.
A detecting module 504, configured to detect performance of the backend server based on a third data packet that the backend server responds to the second data packet.
After the back-end server acquires the second data packet, the back-end server analyzes and judges the content in the second data packet, finds that the IP in the tunnel in the second data packet is VIP through analysis, and meanwhile, the back-end server also has a VIP field, receives the second data packet, queries performance parameters (such as software and hardware running condition parameters) in the back-end server based on a query request field in the second data packet, and returns the queried performance parameters to the load balancer through a third data packet.
By the mode, the LB package sending process is completely simulated. The tunnel and the VIP are not configured on the immediate RS, the health check is still successful, and the false alarm condition is prevented.
The apparatus shown in fig. 5 may correspondingly execute the content in the above method embodiment, and details of the part not described in detail in this embodiment refer to the content described in the above method embodiment, which is not described again here.
Referring to fig. 6, an embodiment of the present disclosure also provides an electronic device 60, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the ebpf-based backend server detection method in the aforementioned method embodiments.
The disclosed embodiments also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the foregoing method embodiments.
The disclosed embodiments also provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the ebpf-based backend server detection method in the aforementioned method embodiments.
Referring now to FIG. 6, a schematic diagram of an electronic device 60 suitable for use in implementing embodiments of the present disclosure is shown. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, the electronic device 60 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 60 are also stored. The processing device 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 60 to communicate with other devices wirelessly or by wire to exchange data. While the figures illustrate an electronic device 60 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 609, or may be installed from the storage means 608, or may be installed from the ROM 602. The computer program, when executed by the processing device 601, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring at least two internet protocol addresses; sending a node evaluation request comprising the at least two internet protocol addresses to node evaluation equipment, wherein the node evaluation equipment selects the internet protocol addresses from the at least two internet protocol addresses and returns the internet protocol addresses; receiving an internet protocol address returned by the node evaluation equipment; wherein the obtained internet protocol address indicates an edge node in the content distribution network.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a node evaluation request comprising at least two internet protocol addresses; selecting an internet protocol address from the at least two internet protocol addresses; returning the selected internet protocol address; wherein the received internet protocol address indicates an edge node in the content distribution network.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present disclosure should be covered within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.