CN111224812A - Network traffic forwarding method and device, electronic equipment and machine-readable storage medium - Google Patents

Network traffic forwarding method and device, electronic equipment and machine-readable storage medium Download PDF

Info

Publication number
CN111224812A
CN111224812A CN201911078280.7A CN201911078280A CN111224812A CN 111224812 A CN111224812 A CN 111224812A CN 201911078280 A CN201911078280 A CN 201911078280A CN 111224812 A CN111224812 A CN 111224812A
Authority
CN
China
Prior art keywords
service session
target
network traffic
layer
target network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911078280.7A
Other languages
Chinese (zh)
Inventor
岳林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201911078280.7A priority Critical patent/CN111224812A/en
Publication of CN111224812A publication Critical patent/CN111224812A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/084Configuration by using pre-existing information, e.g. using templates or copying from other elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a network traffic forwarding method and device, electronic equipment and a machine-readable storage medium. In the application, the main equipment receives the target network flow and locally generates corresponding three-layer service session information; the main device generates a service session migration table item corresponding to the three layers of service session information, and synchronizes the service session migration table item to the standby device; the service session migration table entry comprises the three-layer service session information and two-layer service session information corresponding to the three-layer service session information; when the crash of the main equipment is detected, the standby equipment directly carries out three-layer flow forwarding on the target network flow based on the service session migration table entry, reduces the ARP learning process of the standby equipment for the target network flow and the time for switching the main equipment and the standby equipment, and improves the HA system efficiency.

Description

Network traffic forwarding method and device, electronic equipment and machine-readable storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a network traffic forwarding method and apparatus, an electronic device, and a machine-readable storage medium.
Background
With the continuous development of the internet and the mobile internet, various applications based on the network are increasing, and thus the requirement for the stability of the network is increasing. In a general networking environment, only one network device is deployed at a network outlet as a gateway, and when the network device fails, communication between all hosts using the network device as a default gateway and an external network in an internal network is interrupted, so that communication reliability cannot be guaranteed.
Due to the appearance of the High availability HA (High availability) technology associated with dual-machine hot standby or multi-machine hot standby, the problem of network communication interruption caused by single-point failure is effectively solved. Based on the HA technology, two or more gateway devices with hot standby relation are deployed at the network exit position; one or more gateway devices are used as a main device to process network traffic, other gateway devices are used as backup nodes of the main device, namely, a backup device, and when the current main device cannot work normally, the network traffic needs to be automatically and quickly switched to the backup device, so that the normal operation of the whole network system is ensured.
Disclosure of Invention
The application provides a network flow forwarding method, which is applied to member network equipment of an HA system; wherein the member network device may be configured as a master device or a slave device; the method comprises the following steps:
the method comprises the steps that a main device receives target network flow and locally generates corresponding three-layer service session information;
the main device generates a service session migration table item corresponding to the three layers of service session information, and synchronizes the service session migration table item to the standby device; the service session migration table entry comprises the three-layer service session information and two-layer service session information corresponding to the three-layer service session information;
and when the downtime of the main equipment is detected, the standby equipment directly transmits the three-layer traffic to the target network traffic based on the service session migration table entry.
Optionally, the three-layer service session information is a unique identifier of the target network traffic, and the three-layer service session information includes IP quintuple information of the target network traffic.
Optionally, the layer two service session information at least includes an ingress port and an egress port of the target network traffic at a host device, and a source MAC and a destination MAC of the target network traffic;
the main device generates a service session migration table entry corresponding to the three-layer service session information, including:
when the state of an enable switch preset by a user is enabled, the main equipment analyzes a two-layer message and inquires a forwarding path of the target network flow to obtain an input port and an output port of the main equipment, a source MAC (media access control) and a target MAC of the target network flow, which correspond to the IP quintuple information of the target network flow;
and the master device generates a service session migration table entry corresponding to the three-layer service session information based on the IP quintuple information of the target network traffic, the input port and the output port of the master device corresponding to the IP quintuple information of the target network traffic, and the source MAC and the target MAC of the target network traffic.
Optionally, after detecting that the main device is down, the standby device directly performs three-layer traffic forwarding on the target network traffic based on the service session migration entry, including:
the standby equipment acquires a service session migration table item which is sent by the main equipment and corresponds to the target flow;
when the downtime of the main equipment is detected, the standby equipment receives the target flow and locally generates corresponding three-layer service session information;
the standby equipment searches whether a list item matched with the three-layer service session information corresponding to the target flow exists in a locally stored service session migration list item or not;
if the target flow exists, the standby equipment replaces the target MAC of the target flow based on the target MAC of the matched service session migration table entry; and taking the replaced target flow as three-layer flow, and directly forwarding the target flow out of the standby equipment from an output port of the standby equipment corresponding to the output port of the matched service session migration table entry.
The application also provides a network flow forwarding device, which is applied to member network equipment of the HA system; wherein the member network device may be configured as a master device or a slave device; the device comprises:
the generation module is used for receiving the target network flow and locally generating corresponding three-layer service session information by the main equipment;
the generation module further generates a service session migration table entry corresponding to the three-layer service session information by the primary device, and synchronizes the service session migration table entry to the standby device; the service session migration table entry comprises the three-layer service session information and two-layer service session information corresponding to the three-layer service session information;
and the forwarding module is used for directly forwarding the three-layer traffic to the target network traffic by the standby equipment based on the service session migration table entry after the main equipment is detected to be down.
Optionally, the three-layer service session information is a unique identifier of the target network traffic, and the three-layer service session information includes IP quintuple information of the target network traffic.
Optionally, the layer two service session information at least includes an ingress port and an egress port of the target network traffic at a host device, and a source MAC and a destination MAC of the target network traffic;
the generation module further:
when the state of an enable switch preset by a user is enabled, the main equipment analyzes a two-layer message and inquires a forwarding path of the target network flow to obtain an input port and an output port of the main equipment, a source MAC (media access control) and a target MAC of the target network flow, which correspond to the IP quintuple information of the target network flow;
and the master device generates a service session migration table entry corresponding to the three-layer service session information based on the IP quintuple information of the target network traffic, the input port and the output port of the master device corresponding to the IP quintuple information of the target network traffic, and the source MAC and the target MAC of the target network traffic.
Optionally, the forwarding module further:
the standby equipment acquires a service session migration table item which is sent by the main equipment and corresponds to the target flow;
when the downtime of the main equipment is detected, the standby equipment receives the target flow and locally generates corresponding three-layer service session information;
the standby equipment searches whether a list item matched with the three-layer service session information corresponding to the target flow exists in a locally stored service session migration list item or not;
if the target flow exists, the standby equipment replaces the target MAC of the target flow based on the target MAC of the matched service session migration table entry; and taking the replaced target flow as three-layer flow, and directly forwarding the target flow out of the standby equipment from an output port of the standby equipment corresponding to the output port of the matched service session migration table entry.
The application also provides an electronic device, which comprises a communication interface, a processor, a memory and a bus, wherein the communication interface, the processor and the memory are mutually connected through the bus;
the memory stores machine-readable instructions, and the processor executes the method by calling the machine-readable instructions.
The present application also provides a machine-readable storage medium having stored thereon machine-readable instructions which, when invoked and executed by a processor, implement the above-described method.
Through the embodiment, the service session migration table entry corresponding to the target network traffic is generated based on the main device in the HA system and is synchronously provided for the standby device, so that the target network traffic directly carries out three-layer traffic forwarding based on the service session migration table entry after the main device is down, the ARP learning process of the standby device for the target network traffic and the time for switching between the main device and the standby device are reduced, and the efficiency of the HA system is improved.
Drawings
Fig. 1 is a schematic networking diagram of an HA system according to an exemplary embodiment;
fig. 2 is a flow chart of a method for forwarding network traffic according to an example embodiment;
fig. 3 is a block diagram of a network traffic forwarding device provided by an example embodiment;
fig. 4 is a hardware block diagram of an electronic device according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In order to enable those skilled in the art to better understand the technical solution in the embodiment of the present application, a brief description will be given below to the related technology of network traffic forwarding related to the embodiment of the present application.
Referring to fig. 1, fig. 1 is a schematic networking diagram of an HA system according to an embodiment of the present disclosure.
The networking shown in fig. 1 includes: several hosts (including H1, H2), HA systems (within the dashed box shown in fig. 1); the HA system comprises a Master and a Slave.
As shown in fig. 1, both Master and Slave are member network devices in the HA system; the Master is used as a main device of the HA system, and the Slave is used as a standby device of the HA system, that is, the Slave is a backup node of the Master.
As shown in fig. 1, the Master includes ports: a1, a2, A3, B1, B2, B3; the Slave comprises the following ports: a11, a22, a33, B11, B22, B33;
wherein, the Master has a strict corresponding relation with the ports of the Slave.
For example: a1 and A11, A2 and A22, A3 and A33, B1 and B11, B2 and B22, and B3 and B33 are in strict correspondence respectively.
When the Master masters are working normally, the network traffic from the Master H1 to the Master H2 flows to the ports A1- > H1- > H2 of the H1- > Master as shown in S1 and S2 of FIG. 1. As shown in S11 and S22 in fig. 1, when the Master is down, the Slave device Slave takes over the Master to forward the network traffic from the host H1 to the host H2, and the flow direction of the network traffic from the host H1 to the host H2 is H1- > port a11- > port B11- > H2 of the Slave.
As shown in fig. 1, a port where network traffic enters a Master device Master or a Slave device Slave is called an ingress port; the port where the network traffic is forwarded from the Master or Slave is called an egress port.
For example, when the flow direction of the network traffic from the host H1 to the host H2 is H1- > Master port a1- > Master port B1- > H2, a1 is the ingress port of the network traffic at the Master, and B1 is the egress port of the network traffic at the Master. Similarly, when the flow direction of the network traffic from the host H2 to the host H1 is H2- > port B1- > port a1- > H1 of the Master, B1 is the ingress port of the network traffic at the Master, and a1 is the egress port of the network traffic at the Master.
For another example, when the flow direction of the network traffic from the host H1 to the host H2 is H1- > port a11- > port B11- > H2 of the Slave, a11 is an ingress port of the network traffic at the Master, and B11 is an egress port of the network traffic at the Master. Similarly, when the flow direction of the network traffic from the host H2 to the host H1 is H2- > port B11- > port a11- > H1 of the Slave, B11 is the ingress port of the network traffic in the Slave, and a11 is the egress port of the network traffic in the Slave.
In some scenarios, based on the networking shown in fig. 1, the existing technical solution is generally: when a Master fails, network traffic (for example, H1 to H2) is switched to a Slave, and when the network traffic enters the Slave, the network traffic is forwarded by matching with a corresponding session entry, because the Slave only has three layers of session entries but does not have two layers of ARP entries, a destination MAC address and an output port corresponding to the network traffic cannot be obtained, and the Slave needs to perform a process of performing ARP learning and output port lookup again for the network traffic, which is performed by a CPU that generally needs to send the network traffic to the Slave.
Therefore, when massive ARP learning requests under similar conditions exist, huge impact is caused on the CPU use of the Slave, and the efficiency of the Slave system is reduced; in addition, as more forwarding table entries need to be generated and queried at the output port of the network traffic need to be searched, the switching and forwarding delay of the traffic is increased and the data loss is increased.
On the basis of the networking architecture, the present application aims to provide a technical scheme that a service session migration table entry corresponding to a target network traffic is generated and synchronized in advance by a primary device as a secondary device, so that after the primary device and the secondary device are switched, the secondary device performs network traffic fast forwarding based on the service session migration table entry.
When the method is implemented, the HA system consists of a plurality of member network devices; wherein the member network device may be configured as a master device or a slave device.
Further, the main device receives the target network flow and locally generates corresponding three-layer service session information; generating a service session migration table entry corresponding to the three-layer service session information, and synchronizing the service session migration table entry to the standby equipment; the service session migration table entry comprises three layers of service session information and two layers of service session information corresponding to the three layers of service session information.
Further, after detecting that the main device is down, the standby device directly performs three-layer traffic forwarding on the target network traffic based on the service session migration table entry.
In the above scheme, the service session migration table entry corresponding to the target network traffic is generated based on the main device in the HA system and is synchronously provided to the standby device, so that the target network traffic directly performs three-layer traffic forwarding based on the service session migration table entry after the main device is down, the ARP learning process of the standby device for the target network traffic and the time for switching between the main device and the standby device are reduced, and the efficiency of the HA system is improved.
The present application is described below with reference to specific embodiments and specific application scenarios.
Referring to fig. 2, fig. 2 is a flowchart of a network traffic forwarding method according to an embodiment of the present application, where the method is applied to a member network device of an HA system; wherein the member network device may be configured as a master device or a slave device, the method performing the steps of:
step 202, the master device receives the target network traffic and locally generates corresponding three-layer service session information.
Step 204, the master device generates a service session migration entry corresponding to the three-layer service session information, and synchronizes the service session migration entry to the slave device; the service session migration table entry includes the three-layer service session information and two-layer service session information corresponding to the three-layer service session information.
And step 206, after detecting that the main device is down, the standby device directly performs three-layer traffic forwarding on the target network traffic based on the service session migration table entry.
In this specification, the HA system may include an HA system constructed by at least two network devices in any form as member network devices.
For example, in practical applications, the HA system may include an HA system constructed by two firewall devices as member network devices; the HA system may also include an HA system constructed by three switch devices as member network devices; the HA system may also include an HA system constructed by five router devices as member network devices.
In this specification, the member network device of the above-described HA system may be configured as a master device or a slave device.
For example, in practical applications, the HA system HAs two member network devices; one of which may be configured as a master device and the other as a slave device.
For another example, in practical applications, the HA system HAs three member network devices; one of which may be configured as a master device and the other two of which may be configured as slave devices.
For another example, in practical applications, the HA system HAs three member network devices; two of which may be configured as master devices and the other as slave devices.
It should be noted that, in the member network devices of the HA system, at least one of the member network devices serves as a master device, and the other member network device serves as a slave device. The backup mode of the primary device and the Standby device of the HA system may be a primary-Standby mode (Active-Standby mode) or a dual-host mode (Active-Active mode), and is not particularly limited in this specification.
In this specification, the target network traffic refers to network traffic that is forwarded via the HA system.
For example, referring to fig. 1, the target network traffic may be network traffic from host H1 to host H2, and the flow of the network traffic is H1- > Master port a1- > Master port B1- > H2. The target network traffic may also be network traffic from host H2 to host H1, and the flow direction of the network traffic is H2- > port B1- > port a1- > H1 of Master.
For another example, referring to fig. 1, the target network traffic may be network traffic from host H1 to host H2, and the flow direction of the network traffic is H1- > port a11- > port B11- > H2 of Slave. The target network traffic may also be network traffic from host H2 to host H1, and the flow direction of the network traffic is H2- > port B11- > port a11- > H1 of Slave.
For convenience of description and understanding, please refer to fig. 1, and the HA system formed by the two member network devices is described as an example in the following.
In this specification, for convenience of description and understanding, the master of the above HA system, simply referred to as "master"; the backup device of the HA system is simply referred to as "backup device".
In this specification, the three-layer service session information is locally generated by the member network device and is used to uniquely identify the three-layer information in an OSI (Open System Interconnection) model corresponding to the target network traffic. Please refer to the OSI model description, which is not repeated herein.
In an embodiment, the three-layer service session information may include IP quintuple information of the target network traffic.
For example, referring to fig. 1, taking the target network traffic as the network traffic from the host H1 to the host H2 through the Master, the three-layer service session information is the service session information that is locally generated by the Master and is used for uniquely identifying the target network traffic, and the three-layer service session information includes IP quintuple information (source IP, source port, destination IP, destination port, protocol) of the target network traffic.
Of course, in practical application, the three-layer service session information may include information of four to seven layers in an OSI model corresponding to the target network traffic, in addition to the IP quintuple information of the target network traffic, and is not limited in this specification.
In this specification, the master device receives the target network traffic and locally generates corresponding three-tier service session information.
Then, continuing the example from the above example, in practical application, the Master device Master may perform complete detection of IP five-tuple information on the first packet (the first packet) of the target network traffic, and locally generate the three-layer service session information corresponding to the target network traffic.
In this specification, the two-layer service session information refers to two-layer information in the OSI model that is locally generated by the member network device and corresponds to the three-layer service session information.
In an embodiment, the two-layer service session information at least includes an ingress port and an egress port of the target network traffic at a host device, and a source MAC and a destination MAC of the target network traffic.
Continuing the example from the above example, the two-layer service session information at least includes the target network traffic (the network traffic from the host H1 to the host H2 via the Master device Master) at the ingress port a1 and the egress port B1 of the Master device Master, the source MAC of the target network traffic (the MAC address of the network card that sends the target network traffic is corresponding to the host H1), and the destination MAC (the MAC address of the network card that receives the target network traffic is corresponding to the host H2).
In this specification, the service session migration entry refers to a service session migration entry locally generated by the member network device and corresponding to the three-tier service session information.
In an embodiment shown in the present invention, the service session migration entry includes the three-layer service session information and the two-layer service session information corresponding to the three-layer service session information.
Continuing to illustrate the above example, the service session migration entry includes three layers of service session information of the target network traffic, that is, IP five-tuple information (source IP, source port, destination IP, destination port, protocol); and, the service session migration entry further includes two-layer service session information corresponding to the three-layer service session information of the target network traffic, that is, the target network traffic is at an ingress port a1 and an egress port B1 of the host device, and a source MAC and a destination MAC of the target network traffic.
In this specification, the primary device generates the service session migration entry corresponding to the three layers of service session information, and synchronizes the service session migration entry to the secondary device.
Then, by continuing the example in the above example, after the main device locally generates the service session migration entry corresponding to the three-layer service session information, and through a preset heartbeat interface of the main device and the standby device (see the HA technical description for details, which is not described here), the service session migration entry is synchronized to the standby device.
Of course, in practical application, the standby device may also periodically query the primary device and obtain the service session migration entry.
In an embodiment shown in the present invention, in a process that the master device generates the service session migration entry corresponding to the three-tier service session information, the master device may control whether to generate the service session migration entry based on an enable switch preset by a user.
For example, in practical applications, when the state of the enable switch preset by the user is enabled (for example, the value of the enable switch preset by the user is 1, which indicates that the state of the enable switch is enabled), indicating that the master device may generate a service session migration entry corresponding to the target network traffic (including the three-layer service session information and the two-layer service session information corresponding to the target network traffic); when the state of the enable switch preset by the user is off (for example, the value of the enable switch preset by the user is 0, which indicates that the state of the enable switch is off), the master device is instructed to generate only the three-layer service session information corresponding to the target network traffic, and not generate the two-layer service session information corresponding to the target network traffic.
In this specification, further, when the state of the enable switch preset by the user is enabled, the host device performs two-layer packet parsing and forwarding path query on the target network traffic to obtain an ingress port and an egress port of the host device, a source MAC and a destination MAC of the target network traffic, which correspond to the IP quintuple information of the target network traffic.
For example, in practical applications, the master device may perform data analysis on the target network traffic to obtain a source MAC and a destination MAC of the target network traffic, where the source MAC and the destination MAC are the target network traffic; and the master device may perform forwarding path query of the target network traffic in a route forwarding table and an ARP table based on the IP quintuple information, thereby obtaining an ingress port and an egress port of the master device corresponding to the IP quintuple information of the target network traffic.
In this specification, the master device further generates the service session migration entry corresponding to the three-layer service session information based on the IP quintuple information of the target network traffic, the ingress port and the egress port of the master device corresponding to the IP quintuple information of the target network traffic, and the source MAC and the destination MAC of the target network traffic.
For example, taking target network traffic as network traffic from the host H1 to the host H2 through the Master device, the service session migration entry generated by the Master device and corresponding to the target network traffic includes: IP quintuple information (source IP, source port, destination IP, destination port, protocol) of the target network traffic, ingress port a1 and egress port B1 of the target network traffic, source MAC and destination MAC of the target network traffic.
In this specification, when the downtime of the main device is detected, the standby device directly performs three-layer traffic forwarding on the target network traffic based on the service session migration entry.
Continuing with the example from the above, please refer to S11 and S22 in fig. 1, that when the master device goes down, the standby device may detect an abnormal event that the master device goes down through a preset heartbeat interface between the master device and the standby device, and based on the service session migration table entry, the standby device directly forwards the target network traffic through OSI three-layer traffic, where the flow direction of the network traffic is H1- > port a11- > port B11- > H2 of the Slave.
In an embodiment shown in the present invention, after detecting that the main device is down, the standby device obtains the service session migration table entry corresponding to the target traffic, which is sent by the main device, in a process that the standby device directly performs three-layer traffic forwarding on the target network traffic based on the service session migration table entry.
Continuing to illustrate the example, the standby device obtains a service session migration entry corresponding to the target traffic, where the service session migration entry includes: IP quintuple information (source IP, source port, destination IP, destination port, protocol) of the target network traffic, ingress port a1 and egress port B1 of the target network traffic, source MAC and destination MAC of the target network traffic.
It should be noted that, in the present specification,
in this specification, further, after detecting that the main device is down, the standby device receives the target traffic and locally generates corresponding three-tier service session information.
Continuing with the example from the above, referring to fig. 1, after detecting that the Master Mater goes down, the Slave receives the target traffic (the target network traffic is the network traffic from the Master H1 to the Master H2), and generates corresponding three-tier service session information (IP quintuple information corresponding to the target traffic) locally on the Slave.
In this specification, further, the standby device searches whether an entry matching the three-tier service session information corresponding to the target traffic exists in a locally stored service session migration entry.
Continuing the example from the above example, the standby device searches whether an entry matching the three-tier service session information corresponding to the target traffic (the target network traffic is the network traffic from the host H1 to the host H2 via the Master device Master) exists in the locally stored service session migration entry (several service session migration entries synchronized by the Master device for several different network traffics).
In this specification, further, if a locally stored service session migration entry of the standby device has an entry matching with three-layer service session information corresponding to the target traffic, the standby device replaces a target MAC of the target traffic based on a target MAC of the matched service session migration entry; and taking the replaced target flow as three-layer flow, and directly forwarding the target flow out of the standby equipment from an output port of the standby equipment corresponding to the output port of the matched service session migration table entry.
Continuing the example from the above example, if the standby device has a table entry matching the three-layer service session information corresponding to the target traffic in the locally stored service session migration table entry, the standby device replaces the destination MAC of the target traffic (the MAC address of the port a11, where the standby device corresponds to receive the target network traffic) based on the destination MAC of the matched service session migration table entry (the MAC address of the network card, where the host H2 corresponds to receive the target network traffic); and taking the replaced target traffic as three-layer traffic, and directly forwarding the target traffic out of the standby device from the standby device output port B11 corresponding to the output port B1 of the matched service session migration table entry.
In the HA system, the ports of the master device and the slave device have a strict correspondence relationship. For example, please refer to fig. 1, the ports of the Master device Master and the Slave device Slave have a strict correspondence, which is described in detail in the foregoing description and is not described herein again. The ports of the main equipment and the standby equipment have strict corresponding relation, so that the actual physical connection relation between the main equipment and the standby equipment and the host of the target network flow can be kept consistent.
In the present specification, in the above description of the technical solution, the target network traffic is the network traffic from the host H1 to the host H2 through the Master device Master. In practical applications, further, when the target network traffic is the network traffic from the host H2 to the host H1 through the Master device Master (that is, the target network traffic is the reverse traffic of the network traffic from the host H1 to the host H2 through the Master device Master), the overall process principle is similar to that of the network traffic from the host H1 to the host H2 through the Master device Master, and the main difference is that: the standby equipment replaces the target MAC of the target flow based on the source MAC (the MAC address of the host H1) of the matched service session migration table entry; and taking the replaced target traffic as three-layer traffic, and directly forwarding the three-layer traffic out of the standby device from the standby device ingress port A11 corresponding to the ingress port A1 of the matched service session migration table entry.
In the above technical solution, the service session migration table entry corresponding to the target network traffic is generated based on the main device in the HA system and is synchronously provided to the standby device, so that the standby device directly performs three-layer traffic forwarding on the target network traffic based on the service session migration table entry after the main device is down, the ARP learning process of the standby device for the target network traffic and the time for switching between the main device and the standby device are reduced, and the efficiency of the HA system is improved.
Fig. 3 is a block diagram of a network traffic forwarding device according to an exemplary embodiment of the present application. Corresponding to the above method embodiment, the present application further provides an embodiment of a network traffic forwarding apparatus, where the apparatus is applied to a member network device of an HA system; the member network device may be configured as a master device or a standby device, please refer to fig. 3, which illustrates a network traffic forwarding apparatus 30, and the apparatus includes:
the generation module 301, the master device receives the target network traffic and locally generates corresponding three-layer service session information;
the generating module 301 further generates a service session migration entry corresponding to the three layers of service session information by the primary device, and synchronizes the service session migration entry to the secondary device; the service session migration table entry comprises the three-layer service session information and two-layer service session information corresponding to the three-layer service session information;
and the forwarding module 302, after detecting that the main device is down, the standby device directly performs three-layer traffic forwarding on the target network traffic based on the service session migration table entry.
In this embodiment, the three-tier service session information is a unique identifier of the target network traffic, and the three-tier service session information includes IP quintuple information of the target network traffic.
In this embodiment, the layer two service session information at least includes an ingress port and an egress port of the target network traffic at a host device, and a source MAC and a destination MAC of the target network traffic;
the generation module 301 further:
when the state of an enable switch preset by a user is enabled, the main equipment analyzes a two-layer message and inquires a forwarding path of the target network flow to obtain an input port and an output port of the main equipment, a source MAC (media access control) and a target MAC of the target network flow, which correspond to the IP quintuple information of the target network flow;
and the master device generates a service session migration table entry corresponding to the three-layer service session information based on the IP quintuple information of the target network traffic, the input port and the output port of the master device corresponding to the IP quintuple information of the target network traffic, and the source MAC and the target MAC of the target network traffic.
In this embodiment, the forwarding module 302 further:
the standby equipment acquires a service session migration table item which is sent by the main equipment and corresponds to the target flow;
when the downtime of the main equipment is detected, the standby equipment receives the target flow and locally generates corresponding three-layer service session information;
the standby equipment searches whether a list item matched with the three-layer service session information corresponding to the target flow exists in a locally stored service session migration list item or not;
if the target flow exists, the standby equipment replaces the target MAC of the target flow based on the target MAC of the matched service session migration table entry; and taking the replaced target flow as three-layer flow, and directly forwarding the target flow out of the standby equipment from an output port of the standby equipment corresponding to the output port of the matched service session migration table entry.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The systems, devices, modules or modules illustrated in the above embodiments may be implemented by a computer chip or an entity, or by an article of manufacture with certain functionality. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiment of the network traffic forwarding apparatus of the present application can be applied to the electronic device shown in fig. 4. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is a machine executable instruction formed by reading a corresponding computer program instruction in a machine readable storage medium through a processor of the electronic device where the device is located and then running the computer program instruction. In terms of hardware, as shown in fig. 4, the electronic device in which the network traffic forwarding apparatus is located according to the present application is a hardware structure diagram, except for the processor, the communication interface, the bus, and the machine-readable storage medium shown in fig. 4, the electronic device in which the apparatus is located in the embodiment may also include other hardware according to an actual function of the electronic device, which is not described again.
Correspondingly, an embodiment of the present application further provides a hardware structure of an electronic device of the apparatus shown in fig. 3, please refer to fig. 4, and fig. 4 is a schematic diagram of the hardware structure of the electronic device provided in the embodiment of the present application. The apparatus comprises: a communication interface 401, a processor 402, a machine-readable storage medium 403, and a bus 404; the communication interface 401, the processor 402 and the machine-readable storage medium 403 are configured to communicate with each other via a bus 404. The communication interface 401 is used for performing network communication. The processor 402 may be a Central Processing Unit (CPU), and the processor 402 may execute machine-readable instructions stored in a machine-readable storage medium 403 to implement the methods described above.
The machine-readable storage medium 403 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: volatile memory, non-volatile memory, or similar storage media. In particular, the machine-readable storage medium 403 may be a RAM (random Access Memory), a flash Memory, a storage drive (e.g., a hard disk drive), a solid state disk, any type of storage disk (e.g., a compact disk, a DVD, etc.), or similar storage medium, or a combination thereof.
Up to this point, the description of the hardware configuration shown in fig. 4 is completed.
Further, the present application provides a machine-readable storage medium, such as machine-readable storage medium 403 in fig. 4, including machine-executable instructions, which can be executed by processor 402 in the data processing apparatus to implement the data processing method described above.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (10)

1. A network flow forwarding method is characterized in that the method is applied to member network equipment of an HA system; wherein the member network device may be configured as a master device or a slave device; the method comprises the following steps:
the method comprises the steps that a main device receives target network flow and locally generates corresponding three-layer service session information;
the main device generates a service session migration table item corresponding to the three layers of service session information, and synchronizes the service session migration table item to the standby device; the service session migration table entry comprises the three-layer service session information and two-layer service session information corresponding to the three-layer service session information;
and when the downtime of the main equipment is detected, the standby equipment directly transmits the three-layer traffic to the target network traffic based on the service session migration table entry.
2. The method of claim 1, wherein the triple-layer service session information is used for uniquely identifying the target network traffic, and the triple-layer service session information comprises IP quintuple information of the target network traffic.
3. The method of claim 2, wherein the layer two service session information at least comprises an ingress port and an egress port of the target network traffic at a host device, a source MAC and a destination MAC of the target network traffic;
the main device generates a service session migration table entry corresponding to the three-layer service session information, including:
when the state of an enable switch preset by a user is enabled, the main equipment analyzes a two-layer message and inquires a forwarding path of the target network flow to obtain an input port and an output port of the main equipment, a source MAC (media access control) and a target MAC of the target network flow, which correspond to the IP quintuple information of the target network flow;
and the master device generates a service session migration table entry corresponding to the three-layer service session information based on the IP quintuple information of the target network traffic, the input port and the output port of the master device corresponding to the IP quintuple information of the target network traffic, and the source MAC and the target MAC of the target network traffic.
4. The method according to claim 3, wherein after detecting that the master device is down, the standby device directly performs three-layer traffic forwarding on the target network traffic based on the service session migration entry, including:
the standby equipment acquires a service session migration table item which is sent by the main equipment and corresponds to the target flow;
when the downtime of the main equipment is detected, the standby equipment receives the target flow and locally generates corresponding three-layer service session information;
the standby equipment searches whether a list item matched with the three-layer service session information corresponding to the target flow exists in a locally stored service session migration list item or not;
if the target flow exists, the standby equipment replaces the target MAC of the target flow based on the target MAC of the matched service session migration table entry; and taking the replaced target flow as three-layer flow, and directly forwarding the target flow out of the standby equipment from an output port of the standby equipment corresponding to the output port of the matched service session migration table entry.
5. The network traffic forwarding device is applied to member network equipment of an HA system; wherein the member network device may be configured as a master device or a slave device; the device comprises:
the generation module is used for receiving the target network flow and locally generating corresponding three-layer service session information by the main equipment;
the generation module further generates a service session migration table entry corresponding to the three-layer service session information by the primary device, and synchronizes the service session migration table entry to the standby device; the service session migration table entry comprises the three-layer service session information and two-layer service session information corresponding to the three-layer service session information;
and the forwarding module is used for directly forwarding the three-layer traffic to the target network traffic by the standby equipment based on the service session migration table entry after the main equipment is detected to be down.
6. The apparatus of claim 5, wherein the triple-layer service session information is used for uniquely identifying the target network traffic, and wherein the triple-layer service session information comprises IP quintuple information of the target network traffic.
7. The apparatus of claim 6, wherein the layer two service session information at least comprises an ingress port and an egress port of the target network traffic at a host device, a source MAC and a destination MAC of the target network traffic;
the generation module further:
when the state of an enable switch preset by a user is enabled, the main equipment analyzes a two-layer message and inquires a forwarding path of the target network flow to obtain an input port and an output port of the main equipment, a source MAC (media access control) and a target MAC of the target network flow, which correspond to the IP quintuple information of the target network flow;
and the master device generates a service session migration table entry corresponding to the three-layer service session information based on the IP quintuple information of the target network traffic, the input port and the output port of the master device corresponding to the IP quintuple information of the target network traffic, and the source MAC and the target MAC of the target network traffic.
8. The apparatus of claim 7, wherein the forwarding module is further to:
the standby equipment acquires a service session migration table item which is sent by the main equipment and corresponds to the target flow;
when the downtime of the main equipment is detected, the standby equipment receives the target flow and locally generates corresponding three-layer service session information;
the standby equipment searches whether a list item matched with the three-layer service session information corresponding to the target flow exists in a locally stored service session migration list item or not;
if the target flow exists, the standby equipment replaces the target MAC of the target flow based on the target MAC of the matched service session migration table entry; and taking the replaced target flow as three-layer flow, and directly forwarding the target flow out of the standby equipment from an output port of the standby equipment corresponding to the output port of the matched service session migration table entry.
9. An electronic device is characterized by comprising a communication interface, a processor, a memory and a bus, wherein the communication interface, the processor and the memory are connected with each other through the bus;
the memory has stored therein machine-readable instructions, the processor executing the method of any of claims 1 to 4 by calling the machine-readable instructions.
10. A machine-readable storage medium having stored thereon machine-readable instructions which, when invoked and executed by a processor, carry out the method of any of claims 1 to 4.
CN201911078280.7A 2019-11-06 2019-11-06 Network traffic forwarding method and device, electronic equipment and machine-readable storage medium Pending CN111224812A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911078280.7A CN111224812A (en) 2019-11-06 2019-11-06 Network traffic forwarding method and device, electronic equipment and machine-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911078280.7A CN111224812A (en) 2019-11-06 2019-11-06 Network traffic forwarding method and device, electronic equipment and machine-readable storage medium

Publications (1)

Publication Number Publication Date
CN111224812A true CN111224812A (en) 2020-06-02

Family

ID=70827572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911078280.7A Pending CN111224812A (en) 2019-11-06 2019-11-06 Network traffic forwarding method and device, electronic equipment and machine-readable storage medium

Country Status (1)

Country Link
CN (1) CN111224812A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556291A (en) * 2021-07-08 2021-10-26 北京奇艺世纪科技有限公司 Flow tracking method, device, equipment and computer readable medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140317227A1 (en) * 2013-04-18 2014-10-23 Avaya Inc. System and method for network migration
CN106330715A (en) * 2015-06-30 2017-01-11 杭州华三通信技术有限公司 Message processing method and device
CN108199962A (en) * 2017-12-22 2018-06-22 新华三技术有限公司 Address transfer method, apparatus, the network equipment and readable storage medium storing program for executing
CN109039889A (en) * 2018-08-17 2018-12-18 新华三信息安全技术有限公司 A kind of message forwarding method and device
CN109413118A (en) * 2017-08-15 2019-03-01 东软集团股份有限公司 A kind of method, apparatus that realizing session synchronization and storage medium, program product

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140317227A1 (en) * 2013-04-18 2014-10-23 Avaya Inc. System and method for network migration
CN106330715A (en) * 2015-06-30 2017-01-11 杭州华三通信技术有限公司 Message processing method and device
CN109413118A (en) * 2017-08-15 2019-03-01 东软集团股份有限公司 A kind of method, apparatus that realizing session synchronization and storage medium, program product
CN108199962A (en) * 2017-12-22 2018-06-22 新华三技术有限公司 Address transfer method, apparatus, the network equipment and readable storage medium storing program for executing
CN109039889A (en) * 2018-08-17 2018-12-18 新华三信息安全技术有限公司 A kind of message forwarding method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556291A (en) * 2021-07-08 2021-10-26 北京奇艺世纪科技有限公司 Flow tracking method, device, equipment and computer readable medium
CN113556291B (en) * 2021-07-08 2024-04-30 北京奇艺世纪科技有限公司 Flow tracking method, device, equipment and computer readable medium

Similar Documents

Publication Publication Date Title
US11323307B2 (en) Method and system of a dynamic high-availability mode based on current wide area network connectivity
CN109845200B (en) Method, system, storage medium, and apparatus for detecting and preventing network loops
EP3300316B1 (en) Deterministic controller-based path query
CN108173691B (en) Cross-device aggregation method and device
CN109728962B (en) Method and equipment for sending message
CN107846358B (en) Data transmission method, device and network system
CN108234191A (en) The management method and device of cloud computing platform
EP2775676B1 (en) Policy based routing method and device
US10574570B2 (en) Communication processing method and apparatus
CN113992569B (en) Multipath service convergence method, device and storage medium in SDN network
WO2019085975A1 (en) Network topology display method and network management device
CN113328916B (en) BFD detection mode switching method, device and equipment
US11824765B2 (en) Fast redirect of traffic when pods fail
CN107645402A (en) A kind of route management method and device
CN103036702A (en) Network segment crossing N+1 backup method and network segment crossing N+1 backup device
US9515872B2 (en) Systems and methods for tunnel-free fast rerouting in internet protocol networks
CN110708275B (en) Protocol message processing method and device
CN109815065B (en) Main-standby switching method and device for dual computers and electronic equipment
US10033593B2 (en) Using timestamps to analyze network topologies
CN111224812A (en) Network traffic forwarding method and device, electronic equipment and machine-readable storage medium
CN113992571B (en) Multipath service convergence method, device and storage medium in SDN network
CN115225634B (en) Data forwarding method, device and computer program product under virtual network
CN107547449B (en) Mirror image message forwarding method, device and system
CN114157606B (en) Virtual network element device switching method, device and storage medium
CN110401594B (en) Message forwarding method and device, electronic equipment and machine-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200602

RJ01 Rejection of invention patent application after publication