CN111277516A - User plane concentration unit, data processing device and data processing method - Google Patents

User plane concentration unit, data processing device and data processing method Download PDF

Info

Publication number
CN111277516A
CN111277516A CN201811480496.1A CN201811480496A CN111277516A CN 111277516 A CN111277516 A CN 111277516A CN 201811480496 A CN201811480496 A CN 201811480496A CN 111277516 A CN111277516 A CN 111277516A
Authority
CN
China
Prior art keywords
data packet
layer switching
processing
switching module
network interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811480496.1A
Other languages
Chinese (zh)
Other versions
CN111277516B (en
Inventor
马明礼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201811480496.1A priority Critical patent/CN111277516B/en
Publication of CN111277516A publication Critical patent/CN111277516A/en
Application granted granted Critical
Publication of CN111277516B publication Critical patent/CN111277516B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L2012/4629LAN interconnection over a backbone network, e.g. Internet, Frame Relay using multilayer switching, e.g. layer 3 switching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a user plane centralized unit, a data processing device and a data processing method. The user plane concentration unit comprises a first data processing means and a second data processing means coupled to the first data processing means. The first data processing device comprises a network interface card, a three-layer switching module and an encryption and decryption module, and the second data processing device comprises a two-layer switching module and a virtual machine. After a first network interface on a network interface card receives a data packet, the data packet is subjected to three-layer exchange processing through a three-layer exchange module, is subjected to two-layer exchange processing through a two-layer exchange module, is subjected to PDCP processing through a virtual machine, is subjected to encryption or decryption processing through an encryption/decryption module, is subjected to PDCP processing on the encrypted or decrypted data packet through the virtual machine, is subjected to two-layer exchange processing through the two-layer exchange module, is subjected to three-layer exchange processing through the three-layer exchange module, and is output through a second network interface of the network interface card.

Description

User plane concentration unit, data processing device and data processing method
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a user plane centralized unit, a data processing apparatus, and a data processing method.
Background
Virtualization technology starts from IT industry data center applications, and the core of the technology is virtualization of resources. With the development of virtualization technology, more and more applications realized based on a physical platform are migrated to a cloud platform. Centralized/distributed unit (CU/DU) separated 5G base stations are defined in the 5G 3GPP specifications. The CU mainly processes non-real-time information streams and protocol stacks, can run on a general processor, is suitable for clouding, realizes software and hardware decoupling, and generates centralized cooperation gain; the DU focuses on processing delay-sensitive underlying information, involves a large amount of scheduling, modulation and demodulation, encoding and decoding, and requires dedicated hardware to ensure air interface performance.
The CU is further split into a control plane CU (CU-C) and a user plane CU (CU-U) according to control plane and user plane separation principles. The functions of the CU-C include Radio Resource Control (RRC), Radio Resource Management (RRM), and the like; the CU-U mainly implements service data processing, that is, mainly implements a Packet Data Convergence Protocol (PDCP) function, where a forwarding and switching capability of service data is a key link.
In the prior art, a CU-U is implemented based on a virtualized data transmission processing framework (HOST OVS + DPDK combination mode), specifically, an open source virtual switch (OVS) is deployed on a HOST (HOST) to implement a two-layer switch (L2switch) function of service data, and meanwhile, in order to improve OVS data receiving and forwarding efficiency and implement network port virtualization, a Data Plane Development Kit (DPDK) component is deployed on the HOST, in addition, a DPDK component is deployed on a client operating system (est guos) to perform data reception and three-layer switch/network address translation (L3switch/NAT, where NAT is an abbreviation of network address translation) in a Virtual Machine (VM), and all processing flows described above completely depend on a Central Processing Unit (CPU) and CPU capacity is consumed seriously.
The CU-U software runs on a virtual machine (GUEST OS), and the business data streams need to interact with the GUEST OS through HOST. Specifically, as shown in fig. 1, the core of the internal and external traffic switching modules includes two parts: two-tier switching (L2Switch) and three-tier switching/network address translation (L3 Switch/NAT). The L2Switch solution adopts OVS Host Brigde realized based on software or SR-IOV realized based on hardware, and the L3Switch/NAT is realized by OVS + DPDK.
As shown in fig. 1, a process of entering a packet from a Network Interface Card (NIC) port 0 to an egress port 1 includes the following 11 processing steps:
step 1: the data packet enters the network port 0;
step 2: the data packet is sent to a HOST bridge (HOST bridge) for two-layer switching (L2Switch) processing;
and step 3: the data packet is sent to VM to carry out three-layer switching processing/address translation (L3 switch/NAT);
and 4, step 4: the data packet is sent to a HOST bridge (HOST bridge) for the second layer exchange process again;
and 5: the data packet is sent to the VM for PDCP processing;
step 6: sending the data packet to an encryption and decryption card for encryption and decryption;
and 7: the data packet is sent to the VM for PDCP processing;
and 8: the packet is sent to the HOST bridge (HOST bridge) again for layer two switching (L2switch) processing;
and step 9: the data packet is sent to the VM to be processed by three-layer switching/address translation (L3 switch/NAT);
step 10: the packet is sent to the HOST bridge (HOST bridge) again for layer two switching (L2switch) processing;
step 11: the data packet is output from the network port 1.
It can be seen that the unidirectional data stream passes through the two-layer switch (L2switch) twice, and the switching efficiency is low. Because the data flow needs to be processed by the two-layer switch (L2switch), then the three-layer switch/network address translation (L3switch/NAT), and finally the two-layer switch (L2switch) and delivered to the PDCP module for processing, the unidirectional data flow needs to be processed by the L2switch twice, so as to form the superposition of data flow, and if the unidirectional data flow is not to become a bottleneck, more CPU resources need to be reserved for the switching processing.
In the prior art, a general CPU is adopted to operate OVS and DPDK to realize L3switch/NAT, the cost is huge, the number of CPU cores for L3switch/NAT and the number of CPU cores for PDCP service processing are actually measured to be about 1:2, namely, 33 percent of CPU resources of the whole system are occupied by transmission switching.
Disclosure of Invention
The embodiment of the application provides a user plane centralized unit, a data processing device and a data processing method, which are used for improving the data processing efficiency.
In a first aspect, a user plane concentration unit is provided, which includes: a first data processing device and a second data processing device coupled to the first data processing device. The first data processing device comprises a network interface card, a three-layer switching module and an encryption and decryption module, and the second data processing device comprises a two-layer switching module and a virtual machine. After a first network interface on the network interface card receives a data packet, the data packet sequentially passes through the three-layer switching module to perform three-layer switching processing, passes through the two-layer switching module to perform two-layer switching processing, passes through the virtual machine to perform Packet Data Convergence Protocol (PDCP) processing, passes through the encryption and decryption module to perform encryption or decryption processing, passes through the virtual machine to perform PDCP processing on the encrypted or decrypted data packet, passes through the two-layer switching module to perform two-layer switching processing, passes through the three-layer switching module to perform three-layer switching processing and passes through the second network interface output of the network interface card.
In one possible implementation, the three-layer switching module is implemented by a hardware accelerator.
In a possible implementation manner, the two-layer switching module is implemented by a software virtual switch or a hardware virtual switch.
In one possible implementation, the network interface card is specifically configured to: determining a virtual function interface corresponding to a data packet received by the first network interface; the two-layer switching module is specifically configured to: and sending the data packet to a virtual machine through the corresponding virtual function interface according to the virtual function interface corresponding to the data packet from the three-layer switching module.
In a second aspect, a data processing apparatus is provided, including: the data processing device is coupled with another data processing device, and the other data processing device comprises a two-layer switching module and a virtual machine. The network interface card is used for receiving a data packet from the first network interface and then sending the data packet to the three-layer switching module; the three-layer switching module is used for carrying out three-layer switching processing after receiving a data packet from the network interface card and sending the data packet to the two-layer switching module; after receiving the data packet processed by the two-layer switching module, performing three-layer switching processing and sending the data packet to the network interface card; and the network interface card is also used for outputting the data packet processed by the three-layer switching module from a second network interface. And the encryption and decryption module is used for receiving the data packet from the virtual machine in the other data processing device, carrying out encryption or decryption processing, and returning the encrypted or decrypted data packet to the virtual machine in the other data processing device.
In one possible implementation manner, the method further includes: and the encryption and decryption module is used for receiving the data packet from the other data processing device, carrying out encryption or decryption processing and returning the encrypted or decrypted data packet to the other data processing device.
In one possible implementation, the three-layer switching module is implemented by a hardware accelerator.
In one possible implementation, the network interface card is specifically configured to: and determining a virtual function interface corresponding to the data packet received by the first network interface, so that the two-layer switching module sends the data packet to a virtual machine through the corresponding virtual function interface according to the virtual function interface corresponding to the data packet from the three-layer switching module.
In a third aspect, a data processing method is provided, which is applied to a data processing procedure implemented by the user plane centralized unit in any one of the above first aspects, and includes: a first network interface on the network interface card receives a data packet and sends the data packet to the three-layer switching module; the three-layer switching module carries out three-layer switching processing on the data packet from the network interface card and sends the data packet after the three-layer switching processing to the two-layer switching module; the second-layer switching module carries out second-layer switching processing on the data packet from the third-layer switching module and sends the data packet after the second-layer switching processing to the virtual machine; the virtual machine carries out PDCP processing on the data packet from the two-layer switching module and sends the data packet after the PDCP processing to the encryption and decryption module; the encryption and decryption module encrypts or decrypts the data packet from the virtual machine and then sends the data packet to the virtual machine; the virtual machine carries out PDCP processing on the encrypted or decrypted data packet and sends the data packet to the two-layer exchange module; the two-layer switching module carries out two-layer switching processing on the data packet from the virtual machine and sends the data packet after the two-layer switching processing to the three-layer switching module; the three-layer switching module carries out three-layer switching processing on the data packet from the two-layer switching module and sends the data packet after the three-layer switching processing to the network interface card; and the network interface card outputs the data packet from the three-layer switching module from a second network interface.
In a possible implementation manner, after receiving the data packet, the first network interface on the network interface card further includes: determining a virtual function interface corresponding to a data packet received by the first network interface; the two-layer switching module sends the data packet after the two-layer switching to the virtual machine, and the two-layer switching module comprises: and the two-layer switching module sends the data packet to a virtual machine through a corresponding virtual function interface according to the virtual function interface corresponding to the data packet from the three-layer switching module.
In the above embodiment of the present application, since the first data processing apparatus includes the network interface card, the three-layer switch module and the encryption/decryption module, and the second data processing apparatus coupled to the first data processing apparatus includes the two-layer switch module and the virtual machine, after the first network interface on the network interface card receives the data packet, the data packet sequentially passes through the three-layer switch module to perform three-layer switch processing, passes through the two-layer switch module to perform two-layer switch processing, passes through the virtual machine to perform Packet Data Convergence Protocol (PDCP) processing, and passes through the encryption/decryption module to perform encryption or decryption processing, passes through the two-layer switch module to perform two-layer switch processing, passes through the three-layer switch module to perform three-layer switch processing, passes through the second network interface output of the network interface card, compared with the prior art, the number of times of the two-layer switch processing process is reduced, and thus data processing efficiency can be improved.
Drawings
FIG. 1 is a schematic diagram of CU-U data forwarding in the prior art;
FIG. 2 is a schematic structural diagram of a CU-U according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a data processing flow implemented on the CU-U shown in FIG. 2;
FIG. 4 is a schematic diagram of a CU-U structure according to another embodiment of the present application;
FIG. 5 is a schematic diagram of a data processing flow implemented based on the CU-U shown in FIG. 4 according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides a user plane centralized unit, a data processing device and a data processing method, which are used for improving the data processing efficiency.
In the embodiment of the application, the three-layer exchange processing module sinks to the data processing device integrated with the network interface card, so that the processing sequence of the three-layer exchange and the two-layer exchange is adjusted, the unidirectional data stream can be prevented from being processed by the two-layer exchange twice, and the data processing efficiency is improved.
The embodiments of the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 2, a schematic structural diagram of a CU-U according to an embodiment of the present disclosure is provided.
As shown, the CU-U200 may include: a first data processing means 21 and a second data processing means 22 coupled to the first data processing means 21.
Wherein the coupling includes, but is not limited to, electrical coupling. For example, the first data processing apparatus 21 and the second data processing apparatus 22 may be implemented by integrated circuits, and may be connected to each other through a data line or a circuit interface, such as a PCIe interface.
The first data processing apparatus 21 includes a network interface card (network card) 211 and a three-layer switching module 212. The second data processing apparatus 22 includes a two-layer switch module 221 and a virtual machine 222. The number of virtual machines may be one or more.
The network interface card 211 has a function of a universal network card, for example, a universal network card bridge matching with a physical port capability, a physical layer and Media Access Control (MAC) layer function of an Ethernet (ETH) network card, presents a physical network port (for example, network port 0 and network port 1 shown in the figure) to the outside, and is internally connected to the three-layer switch module 212.
Further, the network interface card 211 may also support a network card virtualization function, that is, the network interface card 211 presents a physical port (e.g., port 0 and port 1 in the figure) to the outside and presents a plurality of Virtual Function (VF) interfaces to the inside. The network interface card 211 supports virtualizing a single physical network card into multiple VF interfaces, each VF interface has a separate virtual PCIe channel, and these virtual PCIe channels share a PCIe channel of the physical network card. Each virtual machine can occupy one or more VF interfaces, so that the virtual machine can directly access the VF interface of the virtual machine without the coordination intervention of a Hypervisor (an intermediate software layer running between a basic physical server and an operating system and allowing a plurality of operating systems and applications to share hardware), thereby improving the network throughput performance.
The three-layer switching module 212 is used to implement data three-layer switching functions, such as three-layer forwarding functions and/or network address mapping functions. The three-layer switching belongs to the operation of a network layer, can identify network layer information in a data packet, such as an IP address, and forwards the data packet according to the IP address.
The two-layer switching module 221 is configured to implement a two-layer data switching function. The two-layer exchange belongs to the operation of a data link layer, can identify MAC addresses in a data packet, forwards the data packet according to the MAC addresses, and records the MAC addresses and corresponding ports in an address table.
Virtual machine 222 is a virtual computing device that is modeled and can be viewed as a logically separate computing device. The virtual machine 222 may implement a Packet Data Convergence Protocol (PDCP) layer function, that is, perform PDCP layer processing on a data packet. The PDCP protocol layer has a main purpose of transmitting or receiving packet data of a peer PDCP entity. The sublayer mainly performs the following functions: compression and decompression of an IP packet header, encryption of data and signaling, integrity protection of the signaling and the like.
Alternatively, in some embodiments, the three-layer switching module 212 may be implemented by a hardware accelerator, such as, but not limited to, a conventional network processor or a field-programmable gate array (FPGA), etc. A hardware accelerator is adopted to realize a three-layer switching function (L3switch/NAT) to replace CPU software to realize L3switch/NAT, so that the data processing performance can be improved. In the prior art, the L3switch/NAT is realized by running OVS and DPDK by a CPU, the cost is huge, the number of CPU cores for L3switch/NAT and the number of CPU cores for PDCP service processing are actually measured to be about 1:2, namely, 33 percent of CPU resources of the whole system are occupied by transmission switching. Compared with the implementation of L3switch/NAT by using CPU software, the embodiment of the application can save 33% of CPU processing resources through the hardware accelerator, can also improve the PDCP service processing capability of the system and improve the energy efficiency ratio, so that the unit power consumption processing capability of the system is stronger.
Alternatively, in some embodiments, the layer two switching module 221 may be implemented by a software virtual switch (e.g., OVS Host bridge based on a software implementation) or by a hardware virtual switch (e.g., SR-IOV based on a hardware implementation).
In the CU-U200, the first data processing apparatus 21 may also be referred to as an "intelligent convergence accelerator card", and a network interface card and a three-layer switch module may be integrated on one chip through the "intelligent convergence accelerator card" to change a data processing flow, so as to prevent a data stream from passing through two-layer switches many times, thereby improving data processing efficiency.
Based on the CU-U200, the processing of the unidirectional data stream may include: after receiving the data packet, the first network interface (e.g., the network port 0) on the network interface card 211 sequentially performs three-layer switching processing by the three-layer switching module 212, two-layer switching processing by the two-layer switching module 221, PDCP processing by the virtual machine 222, two-layer switching processing by the two-layer switching module 221, three-layer switching processing by the three-layer switching module 212, and output by the second network interface (e.g., the network port 1) of the network interface card 211.
Fig. 3 exemplarily shows a unidirectional data flow processing procedure implemented on the basis of the CU-U200, which is described by taking an example of a packet input from port 0 to an output from port 1, and as shown, the procedure may include:
s301: the data packet arrives at port 0 on the network interface card in the first data processing device.
In one possible scenario, the packet may come from a DU, and in another possible scenario, the packet may also come from a CU-C.
Optionally, in this step, the network interface card may determine a VF interface corresponding to the data packet received by the portal 0, so as to send the data packet to a corresponding VM through the corresponding VF interface for processing.
S302: the network port 0 sends the data packet to the three-layer switching module, and the three-layer switching module carries out three-layer switching processing on the data packet from the network port 0.
In this step, the three-layer switch module may identify network layer information in the data packet, such as an IP address, and forward the data packet according to the IP address. The three-layer switching module can also carry out NAT processing on the data packet.
S303: the data packet after the three-layer exchange processing is sent to the two-layer exchange module, and the two-layer exchange module carries out the two-layer exchange processing on the data packet.
In this step, the two-layer switching module may forward the data packet according to the MAC address in the data packet.
Optionally, in this step, the second layer switching module may send the data packet to the corresponding VM through the corresponding VF interface according to the VF interface corresponding to the data packet from the third layer switching module.
S304: and the VM is used for carrying out PDCP protocol layer processing on the data packet after the two-layer exchange.
In this step, the PDCP protocol layer processing may specifically include: compressing or decompressing the IP header, transmitting user data and maintaining the sequence number of the radio bearer set for a lossless radio network service subsystem (SRNS), encrypting data and signaling, and protecting the integrity of the signaling.
S305: the data packet processed by the PDCP layer is sent to the two-layer switching module, and the two-layer switching module performs two-layer switching processing on the data packet.
S306: and the data packet after the two-layer exchange processing is sent to the three-layer exchange module, and the three-layer exchange module carries out three-layer exchange processing on the data packet.
S307: the data packet after the three-layer exchange processing is output through the network port 1 of the network interface card.
The process from the input of the data packet from port 0 to the output from port 1 is described above, and the process from the input of the data packet from port 1 to the output from port 0 is similar and will not be repeated here.
It can be seen from the above description that, in the embodiment of the present application, a CU-U service data processing flow is designed based on an "intelligent fusion accelerator card", and a processing sequence of L3switch/NAT and L2switch is adjusted, so that a unidirectional data stream can be prevented from passing through an L2switch twice, a data exchange flow can be simplified, and CPU resources required for processing an L2switch can be saved. A three-layer switching module realized by hardware is adopted to realize the L3switch/NAT function, and the original CPU software realization mode is replaced, so that the performance is improved.
In other embodiments, on the basis of the CU-U200, an encryption/decryption module may be integrated inside the first data processing apparatus. FIG. 4 schematically shows a CU-U400 comprising an encryption/decryption module.
In the CU-U400, the encryption/decryption module 413 may perform encryption or decryption processing on the data packet. The supported encryption and decryption algorithms may include at least one of AES, SNOW3G, ZUC. The embodiment of the present application does not limit the kind of encryption and decryption algorithms supported by the encryption and decryption module 413.
Accordingly, the network interface card 41 may be implemented using an integrated circuit chip or FPGA or a processor with encryption and decryption peripheral components. The network interface card integrates encryption and decryption functions and can support virtualization of encryption and decryption channels.
Based on the CU-U400, after the data packet is PDCP-processed by the VM and before it reaches the layer two switching module, the method further includes: the data packet is encrypted and decrypted by the encryption and decryption module, and PDCP processing is carried out on the encrypted or decrypted data packet by the virtual machine.
Fig. 5 exemplarily shows a unidirectional data flow processing procedure implemented on the basis of the CU-U400, which is described by taking an example of a packet input from port 0 to an output from port 1, and as shown, the procedure may include:
s501: the data packet arrives at port 0 on the network interface card in the first data processing device.
The specific implementation of this step can be seen in S301 in fig. 3.
S502: the network port 0 sends the data packet to the three-layer switching module, and the three-layer switching module carries out three-layer switching processing on the data packet from the network port 0.
The specific implementation of this step can be seen in S302 in fig. 3.
S503: the data packet after the three-layer exchange processing is sent to the two-layer exchange module, and the two-layer exchange module carries out the two-layer exchange processing on the data packet.
The specific implementation of this step can be seen in S303 in fig. 3.
S504: and the VM is used for carrying out PDCP protocol layer processing on the data packet after the two-layer exchange.
The specific implementation of this step can be seen in S304 in fig. 3.
S505: the data packet processed by the PDCP protocol layer is sent to the encryption and decryption module, and the encryption and decryption module encrypts or decrypts the data packet.
S506: the encrypted or decrypted data packet is sent to the VM, and the VM performs PDCP protocol layer processing on the data packet.
S507: the data packet processed by the PDCP layer is sent to the two-layer switching module, and the two-layer switching module performs two-layer switching processing on the data packet.
The specific implementation of this step can be seen in S305 in fig. 3.
S508: and the data packet after the two-layer exchange processing is sent to the three-layer exchange module, and the three-layer exchange module carries out three-layer exchange processing on the data packet.
The specific implementation of this step can be seen in S306 in fig. 3.
S509: the data packet after the three-layer exchange processing is output through the network port 1 of the network interface card.
The process from the input of the data packet from port 0 to the output from port 1 is described above, and the process from the input of the data packet from port 1 to the output from port 0 is similar and will not be repeated here.
As can be seen from the above description, in the embodiment of the present application, a CU-U service data processing flow is designed based on an "intelligent fusion accelerator card (i.e., a first data processing apparatus)", and a processing sequence of L3switch/NAT and L2switch is adjusted, so that a unidirectional data stream can be prevented from passing through L2switch twice, a data exchange flow can be simplified, and CPU resources required by L2switch processing can be saved. A three-layer switching module realized by hardware is adopted to realize the L3switch/NAT function, and the original CPU software realization mode is replaced, so that the performance is improved. In addition, because the encryption and decryption module is integrated in the intelligent convergence acceleration card (namely the first data processing device), the implementation cost can be reduced and the utilization rate of the PCIe bus can be improved compared with the encryption and decryption card which is independent. The three-layer switching module and the encryption and decryption module are integrated on the intelligent fusion accelerator card, so that the transmission switching and the encryption and decryption are integrated into one card, the cost for realizing the transmission switching and encryption and decryption functions of the CU-U can be reduced, the integration level of the CU-U equipment is improved, the equipment volume is reduced, or the obstruction is removed by improving the equipment capacity.
Based on the same technical concept, the embodiment of the present application further provides a data processing apparatus, and the structure and the implemented functions of the data processing apparatus are as shown in the foregoing "first data processing apparatus" in fig. 2 or fig. 4.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (9)

1. A user plane concentration unit, comprising: a first data processing device and a second data processing device coupled with the first data processing device;
the first data processing device comprises a network interface card, a three-layer switching module and an encryption and decryption module, and the second data processing device comprises a two-layer switching module and a virtual machine;
after a first network interface on the network interface card receives a data packet, the data packet sequentially passes through the three-layer switching module to perform three-layer switching processing, passes through the two-layer switching module to perform two-layer switching processing, passes through the virtual machine to perform Packet Data Convergence Protocol (PDCP) processing, passes through the encryption/decryption module to perform encryption or decryption processing, passes through the virtual machine to perform PDCP processing on the encrypted or decrypted data packet, passes through the two-layer switching module to perform two-layer switching processing, passes through the three-layer switching module to perform three-layer switching processing, and passes through the second network interface output of the network interface card.
2. The user plane concentrator unit of claim 1, wherein the three tier switching module is implemented by a hardware accelerator.
3. The user plane concentration unit of claim 1, wherein the layer two switching module is implemented by a software virtual switch or by a hardware virtual switch.
4. The user plane concentrator unit of claim 1, wherein:
the network interface card is specifically configured to: determining a virtual function interface corresponding to a data packet received by the first network interface;
the two-layer switching module is specifically configured to: and sending the data packet to a virtual machine through the corresponding virtual function interface according to the virtual function interface corresponding to the data packet from the three-layer switching module.
5. A data processing apparatus, comprising: the data processing device is coupled with another data processing device, and the other data processing device comprises a two-layer switching module and a virtual machine;
the network interface card is used for receiving a data packet from the first network interface and then sending the data packet to the three-layer switching module;
the three-layer switching module is used for carrying out three-layer switching processing after receiving a data packet from the network interface card and sending the data packet to the two-layer switching module; after receiving the data packet processed by the two-layer switching module, performing three-layer switching processing and sending the data packet to the network interface card;
the network interface card is also used for outputting the data packet processed by the three-layer switching module from a second network interface;
and the encryption and decryption module is used for receiving the data packet from the virtual machine in the other data processing device, carrying out encryption or decryption processing, and returning the encrypted or decrypted data packet to the virtual machine in the other data processing device.
6. The data processing apparatus of claim 5, wherein the three-tier switching module is implemented by a hardware accelerator.
7. The data processing apparatus of claim 5, wherein:
the network interface card is specifically configured to: and determining a virtual function interface corresponding to the data packet received by the first network interface, so that the two-layer switching module sends the data packet to a virtual machine through the corresponding virtual function interface according to the virtual function interface corresponding to the data packet from the three-layer switching module.
8. A data processing method applied to a data processing procedure implemented by the user plane concentration unit according to any one of claims 1 to 5, comprising:
a first network interface on the network interface card receives a data packet and sends the data packet to the three-layer switching module;
the three-layer switching module carries out three-layer switching processing on the data packet from the network interface card and sends the data packet after the three-layer switching processing to the two-layer switching module;
the second-layer switching module carries out second-layer switching processing on the data packet from the third-layer switching module and sends the data packet after the second-layer switching processing to the virtual machine;
the virtual machine carries out Packet Data Convergence Protocol (PDCP) processing on the data packet from the two-layer switching module and sends the data packet after the PDCP processing to the encryption and decryption module;
the encryption and decryption module encrypts or decrypts the data packet from the virtual machine and then sends the data packet to the virtual machine;
the virtual machine carries out PDCP processing on the encrypted or decrypted data packet and sends the data packet to the two-layer exchange module;
the two-layer switching module carries out two-layer switching processing on the data packet from the virtual machine and sends the data packet after the two-layer switching processing to the three-layer switching module;
the three-layer switching module carries out three-layer switching processing on the data packet from the two-layer switching module and sends the data packet after the three-layer switching processing to the network interface card;
and the network interface card outputs the data packet from the three-layer switching module from a second network interface.
9. The method of claim 8, wherein:
after the first network interface on the network interface card receives the data packet, the method further comprises: determining a virtual function interface corresponding to a data packet received by the first network interface;
the two-layer switching module sends the data packet after the two-layer switching to the virtual machine, and the two-layer switching module comprises: and the two-layer switching module sends the data packet to a virtual machine through a corresponding virtual function interface according to the virtual function interface corresponding to the data packet from the three-layer switching module.
CN201811480496.1A 2018-12-05 2018-12-05 User plane concentration unit, data processing device and data processing method Active CN111277516B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811480496.1A CN111277516B (en) 2018-12-05 2018-12-05 User plane concentration unit, data processing device and data processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811480496.1A CN111277516B (en) 2018-12-05 2018-12-05 User plane concentration unit, data processing device and data processing method

Publications (2)

Publication Number Publication Date
CN111277516A true CN111277516A (en) 2020-06-12
CN111277516B CN111277516B (en) 2021-04-16

Family

ID=71001544

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811480496.1A Active CN111277516B (en) 2018-12-05 2018-12-05 User plane concentration unit, data processing device and data processing method

Country Status (1)

Country Link
CN (1) CN111277516B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103621026A (en) * 2013-04-01 2014-03-05 华为技术有限公司 Virtual machine data exchange method, apparatus and system
CN104348694A (en) * 2013-07-25 2015-02-11 凯为公司 Network interface card with virtual switch and traffic flow policy enforcement
US20160232019A1 (en) * 2015-02-09 2016-08-11 Broadcom Corporation Network Interface Controller with Integrated Network Flow Processing
US20180084459A1 (en) * 2012-08-21 2018-03-22 International Business Machines Corporation Processing of overlay networks using an accelerated network interface card

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180084459A1 (en) * 2012-08-21 2018-03-22 International Business Machines Corporation Processing of overlay networks using an accelerated network interface card
CN103621026A (en) * 2013-04-01 2014-03-05 华为技术有限公司 Virtual machine data exchange method, apparatus and system
CN104348694A (en) * 2013-07-25 2015-02-11 凯为公司 Network interface card with virtual switch and traffic flow policy enforcement
US20160232019A1 (en) * 2015-02-09 2016-08-11 Broadcom Corporation Network Interface Controller with Integrated Network Flow Processing

Also Published As

Publication number Publication date
CN111277516B (en) 2021-04-16

Similar Documents

Publication Publication Date Title
US10630654B2 (en) Hardware-accelerated secure communication management
CN113132201B (en) Communication method and device between VPCs
WO2018023499A1 (en) Network interface card, computer device and data packet processing method
WO2016187813A1 (en) Data transmission method and device for photoelectric hybrid network
CN105791214B (en) Method and equipment for converting RapidIO message and Ethernet message
US9311264B2 (en) Pass-through converged network adaptor (CNA) using existing Ethernet switching device
CN107846699B (en) Data processing method and system for multi-board LTE gateway
CN107925623A (en) The interconnection of overlay network
CN104410541A (en) Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch
CN109992405A (en) A kind of method and network interface card handling data message
CN107133109B (en) Method and device for communication between modules and computing equipment
US10541842B2 (en) Methods and apparatus for enhancing virtual switch capabilities in a direct-access configured network interface card
CN109150829B (en) Software-defined cloud network trusted data distribution method, readable storage medium and terminal
EP3691210B1 (en) Flexible ethernet message forwarding method and apparatus
CN113765801B (en) Message processing method and device applied to data center, electronic equipment and medium
CN111277516B (en) User plane concentration unit, data processing device and data processing method
CN108900518B (en) Credible software-defined cloud network data distribution system
WO2022227484A1 (en) Data communication method and apparatus, computer device, and storage medium
WO2022160714A1 (en) Communication method, apparatus, and system
US20220321403A1 (en) Programmable network segmentation for multi-tenant fpgas in cloud infrastructures
WO2017045486A1 (en) Method, apparatus and system for wireless data transmission
US9258273B2 (en) Duplicating packets efficiently within a network security appliance
US9473389B2 (en) Excluding a data frame from a link aggregation group
US11050682B2 (en) Reordering of data for parallel processing
Taguchi et al. Fast datapath processing based on hop-by-hop packet aggregation for service function chaining

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant