CN113098728A - Health check method of load balancing system and related equipment - Google Patents

Health check method of load balancing system and related equipment Download PDF

Info

Publication number
CN113098728A
CN113098728A CN201911341247.9A CN201911341247A CN113098728A CN 113098728 A CN113098728 A CN 113098728A CN 201911341247 A CN201911341247 A CN 201911341247A CN 113098728 A CN113098728 A CN 113098728A
Authority
CN
China
Prior art keywords
server
tenant
load balancing
vpc
switch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911341247.9A
Other languages
Chinese (zh)
Other versions
CN113098728B (en
Inventor
朱小平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201911341247.9A priority Critical patent/CN113098728B/en
Publication of CN113098728A publication Critical patent/CN113098728A/en
Application granted granted Critical
Publication of CN113098728B publication Critical patent/CN113098728B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The embodiment of the invention provides a health check method of a load balancing system and related equipment, wherein the method is applied to the health check of the load balancing system in a Virtual Private Cloud (VPC), and comprises the following steps: the first load balancing server sends a first detection message to the switch; the first detection message is used for detecting whether the first server normally operates or not; the switch is used for determining whether to forward the first detection message to the first server according to the configured security group rule; the first server is a server of a first tenant in the VPC; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first load balancing server is a server in a load balancing cluster of the VPC. By adopting the embodiment of the invention, the potential safety hazard can be reduced.

Description

Health check method of load balancing system and related equipment
Technical Field
The invention relates to the technical field of cloud networks, in particular to a health check method of a load balancing system and related equipment.
Background
Elastic Load Balance (ELB) is a traffic distribution control service that distributes access traffic to multiple back-end servers according to a forwarding policy. Elastic load balancing can expand the external service capability of the application system through flow distribution and improve the availability of the application system through eliminating single-point faults.
Resilient load balancing services are typically implemented by resilient load balancing clusters. A resilient load balancing cluster typically contains multiple load balancing servers, and the resilient load balancing cluster needs to periodically initiate health checks to ensure that the response service of the backend server is not interrupted. In a virtual private cloud network, each load balancing server in an elastic load balancing cluster needs to detect whether the service of a backend server is in an active state to determine whether the backend servers can respond to an access request. Each load balancing server may actively initiate detection of a back-end server, which may be detected by a Transmission Control Protocol (TCP) message, a User Datagram Protocol (UDP) message, or an Internet Control Message Protocol (ICMP) message.
In a health check method in an existing Virtual Private Cloud (VPC) -based load balancing system, a detection packet sent by an elastic load balancing cluster is determined whether to be forwarded to a server of a back-end tenant through a security group rule configured by default on a virtual switch, and the tenant cannot sense that the detection packet is sent to the server under its own name, that is, the detection packet bypasses the security group rule of the tenant, resulting in potential safety hazard.
Therefore, how to reduce the potential safety hazard in the health check of the load balancing system based on the virtual private cloud and improve the safety is a problem to be solved by the technical personnel in the field.
Disclosure of Invention
The embodiment of the application discloses a health check method of a load balancing system and related equipment, which can reduce potential safety hazards and improve safety in health check of the load balancing system of a virtual private cloud.
In a first aspect, an embodiment of the present application discloses a health check method for a load balancing system, where the method is applied to a health check of a load balancing system in a virtual private cloud VPC, and the method includes:
the first load balancing server sends a first detection message to the switch; the first detection message is used for detecting whether the first server normally operates or not; the switch is used for determining whether to forward the first detection message to the first server according to a configured security group rule; the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first load balancing server is a server in a load balancing cluster of the VPC.
Compared with the prior art that whether the detection message is forwarded to the server of the back-end tenant is determined through the security group rule configured on the virtual switch in a default mode, in the embodiment of the application, whether the detection message is forwarded to the server of the back-end tenant is determined through the security group rule configured on the virtual switch by the tenant, so that the tenant can completely control information flow entering and exiting the back-end server, potential safety hazards are reduced, and safety is improved.
In one possible implementation manner, the probe packet source address is one of addresses of VPC network segments supported by the first tenant, or a preset public network IP address.
Compared with the address of the address field used by the cloud infrastructure used in the prior art, the tenant cannot sense, in the embodiment of the application, the source address of the detection message of the health check of the load balancing system is the address of the VPC network segment or the public network address, so that the tenant can sense the access of the detection message to the back-end server, potential safety hazards are reduced, and the safety is improved.
In one possible implementation manner, the probe packet source address is one of addresses of VPC network segments supported by the first tenant, which are determined according to the indication of the first tenant; or, the source address of the probe message is a specific address in the addresses of the VPC network segment supported by the first tenant.
In one possible implementation, the servers in the load balancing cluster use the same address as the source address of the probe packet for probing whether the server of the first tenant is operating normally, where the same address is within the range of the probe packet source addresses included in the security group rule that allow access to the server of the first tenant.
In the embodiment of the present application, for the detection of the health condition of the server of the same tenant, the multiple load balancing servers in the load balancing cluster may use the same address as the source address of the detection message, so that the occupation of the address may be reduced, and the address overhead may be saved.
In one possible implementation manner, when the source address of the probe packet is the preset public network IP address, the servers in the load balancing cluster uniformly use the preset public network IP address as the source address of the probe packet for detecting whether the server of the tenant in the VPC normally operates.
In the embodiment of the application, because the public network IP address is an address that all tenants can perceive, the load balancing server can use the same public network IP address as the source address of the detection message of the servers of multiple tenants, thereby reducing the occupation of the address and saving the address overhead.
In one possible implementation, each server in the load balancing cluster uses a different source port as a source port of a probe packet for detecting whether a server of a tenant in the VPC is operating normally.
In this embodiment of the present application, because the source addresses of the detection messages of the multiple load balancing servers use the same address, in order to facilitate distinguishing which load balancing server sends the detection message, the source ports of the detection messages of different load balancing servers are set to be different, so that it is ensured that the detection connections do not collide, and the response message of the detection message can be correctly returned to the load balancing server that sends the detection message.
In a second aspect, an embodiment of the present application discloses a health check method for a load balancing system, where the method is applied to a health check of a load balancing system in a virtual private cloud VPC, and the method includes:
the switch receives a first detection message sent by a first load balancing server; the first detection message is used for detecting whether a first server normally operates or not, wherein the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the first load balancing server is a server in a load balancing cluster of the VPC;
the switch determines whether to forward the first detection message to the first server according to a configured security group rule; wherein the security group rule is a rule configured according to an indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant;
the switch sends the first probe message to the first server if the source address of the first probe message is within the range of probe message source addresses that allow access to the first tenant's server.
In a third aspect, an embodiment of the present application discloses a health check method for a load balancing system, where the method is applied to a health check of a load balancing system in a virtual private cloud VPC, and the method includes:
the method comprises the steps that a first server receives a first detection message sent by a switch; the first detection message is used for detecting whether a first server normally operates or not, wherein the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the switch is used for determining whether to forward the first detection message to the first server according to a configured security group rule; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first detection message is sent to the switch by a first load balancing server, and the first load balancing server is a server in a load balancing cluster of the VPC;
and under the condition that the first server normally operates, the first server sends a response message to the first load balancing server according to the first detection message.
In a fourth aspect, an embodiment of the present application provides a load balancing server, where the load balancing server is a server in a load balancing cluster of a virtual private cloud VPC; the load balancing server includes:
a sending unit, configured to send a first probe packet to a switch; the first detection message is used for detecting whether the first server normally operates or not; the switch is used for determining whether to forward the first detection message to the first server according to a configured security group rule; the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant.
In one possible implementation manner, the probe packet source address is one of addresses of VPC network segments supported by the first tenant, or a preset public network IP address.
In one possible implementation manner, the probe packet source address is one of addresses of VPC network segments supported by the first tenant, which are determined according to the indication of the first tenant; or, the source address of the probe message is a specific address in the addresses of the VPC network segment supported by the first tenant.
In one possible implementation, the servers in the load balancing cluster uniformly use the same address as the source address of the probe packet for probing whether the server of the first tenant is operating normally, where the same address is within the range of the probe packet source addresses included in the security group rule that allow access to the server of the first tenant.
In one possible implementation manner, when the source address of the probe packet is the preset public network IP address, the servers in the load balancing cluster uniformly use the preset public network IP address as the source address of the probe packet for detecting whether the server of the tenant in the VPC normally operates.
In one possible implementation, each server in the load balancing cluster uses a different source port as a source port of a probe packet for detecting whether a server of a tenant in the VPC is operating normally.
The beneficial effects of the fourth aspect may correspond to the description of the first aspect, and are not described herein again.
In a fifth aspect, an embodiment of the present application provides a switch, where the switch is a switch in a VPC, and the switch includes:
the receiving unit is used for receiving a first detection message sent by a first load balancing server; the first detection message is used for detecting whether a first server normally operates or not, wherein the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the first load balancing server is a server in a load balancing cluster of the VPC;
a determining unit, configured to determine whether to forward the first probe packet to the first server according to a configured security group rule; wherein the security group rule is a rule configured according to an indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant;
a sending unit, configured to send the first probe packet to the first server if the source address of the first probe packet is within the range of the probe packet source addresses of the servers that are allowed to access the first tenant.
In a sixth aspect, an embodiment of the present application provides a server, where the server is a server of a first tenant in a virtual private cloud VPC, and the server includes:
the receiving unit is used for receiving a first detection message sent by the switch; the first detection message is used for detecting whether the server normally operates or not; the switch is used for determining whether to forward the first detection message to the server according to the configured security group rule; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first detection message is sent to the switch by a first load balancing server, and the first load balancing server is a server in a load balancing cluster of the VPC;
and the sending unit is used for sending a response message to the first load balancing server according to the first detection message under the condition that the server normally operates.
In a seventh aspect, an embodiment of the present application provides a load balancing server, where the load balancing server is a server in a load balancing cluster of a virtual private cloud VPC; the load balancing server comprises a processor, a memory and a communication interface; the memory and the communication interface are coupled to the processor, the memory storing a computer program, the processor invoking the computer program to perform the following operations:
sending a first detection message to a switch through the communication interface; the first detection message is used for detecting whether the first server normally operates or not; the switch is used for determining whether to forward the first detection message to the first server according to a configured security group rule; the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first load balancing server is a server in a load balancing cluster of the VPC.
In one possible implementation manner, the probe packet source address is one of addresses of VPC network segments supported by the first tenant, or a preset public network IP address.
In one possible implementation manner, the probe packet source address is one of addresses of VPC network segments supported by the first tenant, which are determined according to the indication of the first tenant; or, the source address of the probe message is a specific address in the addresses of the VPC network segment supported by the first tenant.
In one possible implementation, the servers in the load balancing cluster use the same address as the source address of the probe packet for probing whether the server of the first tenant is operating normally, where the same address is within the range of the probe packet source addresses included in the security group rule that allow access to the server of the first tenant.
In one possible implementation manner, when the source address of the probe packet is the preset public network IP address, the servers in the load balancing cluster uniformly use the preset public network IP address as the source address of the probe packet for detecting whether the server of the tenant in the VPC normally operates.
In one possible implementation, each server in the load balancing cluster uses a different source port as a source port of a probe packet for detecting whether a server of a tenant in the VPC is operating normally.
The beneficial effects of the seventh aspect may correspond to the description of the first aspect, and are not described herein again.
In an eighth aspect, an embodiment of the present application provides a switch, where the switch is a switch in a virtual private cloud VPC; the switch comprises a processor, a memory and a communication interface; the memory and the communication interface are coupled to the processor, the memory storing a computer program, the processor invoking the computer program to perform the following operations:
receiving a first detection message sent by a first load balancing server through the communication interface; the first detection message is used for detecting whether a first server normally operates or not, wherein the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the first load balancing server is a server in a load balancing cluster of the VPC;
determining whether to forward the first detection message to the first server according to a configured security group rule; wherein the security group rule is a rule configured according to an indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant;
sending the first probe message to the first server through the communication interface if the source address of the first probe message is within the range of probe message source addresses that allow access to the first tenant's server.
In a ninth aspect, an embodiment of the present application provides a server, where the server is a server of a first tenant in a virtual private cloud VPC; the server comprises a processor, a memory and a communication interface; the memory and the communication interface are coupled to the processor, the memory storing a computer program, the processor invoking the computer program to perform the following operations:
receiving a first detection message sent by a switch through the communication interface; the first detection message is used for detecting whether the server normally operates or not; the switch is used for determining whether to forward the first detection message to the server according to the configured security group rule; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first detection message is sent to the switch by a first load balancing server, and the first load balancing server is a server in a load balancing cluster of the VPC;
and under the condition that the server normally operates, sending a response message to the first load balancing server through the communication interface according to the first detection message.
In a tenth aspect, the present application provides a computer-readable storage medium, which stores a computer program, where the computer program is executed by a processor to implement the method of any one of the first aspect.
In an eleventh aspect, the present application provides a computer-readable storage medium, where a computer program is stored, and the computer program is executed by a processor to implement the method of the second aspect.
In a twelfth aspect, the present application provides a computer-readable storage medium, where a computer program is stored, and the computer program is executed by a processor to implement the method in the third aspect.
In a thirteenth aspect, embodiments of the present application disclose a computer program, which, when executed on a computer, will make the computer implement the method of any one of the above first aspects.
In a fourteenth aspect, embodiments of the present application disclose a computer program, which, when executed on a computer, will enable the computer to implement the method of the second aspect.
In a fifteenth aspect, an embodiment of the present application discloses a computer program, which, when executed on a computer, will make the computer implement the method of the third aspect.
In a sixteenth aspect, the present application provides a computer program product, when the computer program product is read and executed by a computer, the method of any one of the first aspect is executed.
In a seventeenth aspect, the present application provides a computer program product, when the computer program product is read and executed by a computer, the method of the second aspect is executed.
In an eighteenth aspect, the present application provides a computer program product, when the computer program product is read and executed by a computer, the method of the third aspect is executed.
In summary, compared with the prior art that the detection message is determined to be forwarded to the server of the back-end tenant through the security group rule configured on the virtual switch by default, in the embodiment of the present application, the detection message is determined to be forwarded to the server of the back-end tenant through the security group rule configured on the virtual switch by the tenant, so that the tenant can completely control information traffic entering and exiting the back-end server, thereby reducing potential safety hazards and improving security. In addition, the embodiment of the application can use the same address to detect a plurality of servers, so that the occupation of the address is reduced, and the address overhead is saved.
Drawings
The drawings to be used in the embodiments of the present application will be described below.
Fig. 1 is a schematic view of a scenario in which a health check method of a load balancing system according to an embodiment of the present disclosure is applicable;
fig. 2 is a schematic flow chart of a health check method of a load balancing system according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a logical structure of a load balancing server according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a logical structure of a switch according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a logical structure of a server according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a hardware structure of a load balancing server according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a hardware structure of a switch according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a hardware structure of a server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application are described below with reference to the drawings.
In order to better understand the health check method of the load balancing system provided by the embodiment of the present invention, an exemplary description is given below of a scenario in which the embodiment of the present invention is applicable. Referring to fig. 1, fig. 1 is a schematic diagram of a system architecture of a health check method of a load balancing system according to an embodiment of the present invention. As shown in fig. 1, a system architecture may include a load balancing cluster 100, one or more switches 110, and one or more tenants 120, wherein:
the load balancing cluster 100 includes a plurality of load balancing servers 101, and the load balancing servers 101 may distribute access traffic of a client (not shown in fig. 1) to a plurality of backend servers (e.g., servers 121 in fig. 1) of a corresponding tenant according to a forwarding policy to implement a traffic distribution control service. Load balancing can expand the external service capacity of the application system through flow distribution and improve the availability of the application system by eliminating single-point faults. In a specific embodiment, the access request sent by the client may first reach the load balancing server 100, and the load balancing server 100 determines, according to the forwarding policy, to which backend server (the backend server may be, for example, the server 121 in fig. 1) the access request needs to be sent, where the backend server is configured to respond to the access request. The load balancing server 100 then sends the access request to the back-end server. Then, in order to ensure that the backend servers receiving the access request can work normally, the load balancing server 100 needs to periodically check whether the backend servers work normally. When the access request of the client is forwarded, the access request is only forwarded to the back-end server which normally works for responding, so that the normal provision of the response service is ensured.
Optionally, in the virtual private cloud, the load balancing server 101 may be a cloud server, or may also be a physical server.
The switch 110 may be used to route and forward messages sent by the load balancing server 101 to a target server under a target tenant. Optionally, in the virtual private cloud, the switch 110 may be a virtual switch (vSwitch), or may also be a physical switch.
Each tenant 120 may include one or more servers 121, which may be referred to as back-end servers, which are servers for responding to access requests from clients (not shown in fig. 1). Alternatively, in the virtual private cloud, the server 121 may be a Virtual Machine (VM) or a physical server.
It should be noted that the usage scenario of the health check method of the load balancing system provided in the embodiment of the present application is not limited to the scenario described above, and any scenario applicable to the health check method of the load balancing system provided in the embodiment of the present application is not repeated herein as long as the scenario is applied to the embodiment of the present application.
The following provides a health check method for a load balancing system, which can be applied to the system architecture shown in fig. 1. Referring to fig. 2, the method includes, but is not limited to, the steps of:
step 201, a first load balancing server sends a first detection message to a switch; the first detection message is used for detecting whether the first server operates normally.
In a specific embodiment, the first server may be a backend server responding to an access request of a client. The first server may be any one of the servers of the first tenant. The first tenant may be any one of one or more tenants included in the virtual private cloud VPC.
The first load balancing server may be any one of a plurality of servers included in the load balancing cluster of the VPC. The first load balancing server may be a cloud server or a physical server, and is determined according to the actual situation, which is not limited by the present solution.
The first load balancing server checks whether the first server is operating normally by sending a probe message to the first server (i.e. the first probe message may be sent to the switch first and forwarded by the switch). The first detection message may be a TCP message, a UDP message, or an ICMP message. The specific protocol of the first detection packet is determined according to the actual situation, and the scheme does not limit the protocol.
S202, the switch determines whether to forward the first probe packet to the first server according to a configured security group rule, where the security group rule includes a probe packet source address that allows access to a server of the first tenant.
In a specific embodiment, a security group rule is configured in the switch, and the security group rule is configured according to the indication of the first tenant. Illustratively, a tenant-side management server may be in interactive communication with the switch, and the tenant-side management server may configure the security group rules on the switch as dictated by the tenant. After the configuration is completed, the management server of the tenant side can query and display the configured security group rule.
The security group rule includes a probe message source address that allows access to the first tenant's server. That is, in the probe message received by the switch, the switch will forward the corresponding message to the server of the first tenant to which the destination address of the message points, only if the source address of the probe message is within the range of the probe message source address included in the security rule and allowing access to the server of the first tenant. Probe messages that are not within this range cannot be forwarded to the first tenant's server. I.e. addresses not within this range cannot access the server of the first tenant.
After the switch receives the first probe packet, the switch may first parse the first probe packet to obtain a source address and a destination address of the first probe packet, and then compare the source address with a probe packet source address of the server of the first tenant allowed to be accessed in the security group rule, so as to determine whether the source address of the first probe packet is within a range of the probe packet source address of the server of the first tenant allowed to be accessed, which is included in the security rule.
S203, in case that the source address of the first probe packet is within the range of the source address of the probe packet that allows the access to the server of the first tenant, the switch sends the first probe packet to the first server.
In a specific embodiment, if the comparison result indicates that the source address of the first probe packet is within the range of the source addresses of the probe packets allowed to access the server of the first tenant, the switch may repackage the first probe packet and send the first probe packet to the first server according to the destination address of the first probe packet.
S204, the first server receives the first detection packet.
S205, under the condition that the first server normally operates, the first server sends a response message to the switch according to the first detection message.
S206, the switch receives the response message.
S207, the switch sends the response packet to the first load balancing server.
In a specific embodiment, after the first server receives the first probe packet, if the first server is operating normally, the first server generates a response packet according to the first probe packet, and then sends the response packet to the switch, and the response packet is forwarded to the first load balancing server by the switch.
After receiving the response message, the load balancing server may determine that the first server is not faulty and is operating normally. Thus, the first load-balancing server may continue to send client access requests to the first server.
Compared with the prior art that whether the detection message is forwarded to the server of the back-end tenant is determined through the security group rule configured on the virtual switch in a default mode, in the embodiment of the application, whether the detection message is forwarded to the server of the back-end tenant is determined through the security group rule configured on the virtual switch by the tenant, so that the tenant can completely control information flow entering and exiting the back-end server, potential safety hazards are reduced, and safety is improved.
In one possible implementation, if the first server fails, the first load balancing server does not receive a response message from the first server. At this time, the first load balancing server may send the probe packet to the first server again, and if the probe packet sent for the preset number of times does not receive the response packet, the first load balancing server may determine that the first server fails. Then, during the failure of the first server, the first load balancing server will not send the client's access request to the first server.
In one possible implementation manner, the probe message source address included in the security group rule and allowing the server of the first tenant to access may be one of addresses of VPC network segments supported by the first tenant, or a preset public network IP address. That is, the source address of the first probe packet sent by the first load balancing server to the first server may be set to one of the addresses of the VPC network segment supported by the first tenant, or may be the preset public network IP address.
Optionally, the address of the VPC segment supported by the tenant to which the first server belongs may include an address of any one of 10.0.0.0/8-24 segments, 172.16.0.0/12-24 segments, and 192.168.0.0/16-24 segments.
Compared with the prior art that the tenant cannot sense the address of the address field used by the cloud infrastructure, for example, the address of the 100.x.x.x/10 address field, in the embodiment of the present application, the source address of the probe packet for health check of the load balancing system uses the address of the VPC network segment of the tenant or the public network IP address, and can be sensed by the tenant, that is, the traffic entering and exiting the backend server of the tenant can be controlled through the security group rule configured by the tenant.
In addition, because the source address of the probe message in the prior art uses the address used by the cloud infrastructure, the tenant cannot sense the address, if a plurality of network cards exist in the server of the tenant, in order to correctly send the response message of the probe message to the load balancing server sending the probe message, the response message needs to be sent from a specific network card, and because different network cards correspond to different networks, the response message cannot be correctly returned if the network cards are selected incorrectly. Therefore, an additional route needs to be configured in the server of the tenant, so that the tenant can sense the route and correctly return the response packet, and the additionally configured route increases the load of the server. In the embodiment of the application, the source address of the detection message uses the address which can be sensed by the tenant, and no route needs to be configured in the server of the tenant, so that the burden of the server is reduced.
Two configurations of the source address of the first probe packet are described below.
In a first case, the source address of the first probe packet is configured as one of addresses of a VPC network segment supported by a tenant to which the first server belongs, that is, the first tenant.
In this case, in a particular embodiment, the source address of the first probe message may be determined according to an indication of the tenant to which the first server belongs, i.e., from the perspective of the tenant that the source address of the first probe message is specifiable by the tenant. Alternatively, the source address of the first probe packet may also be a specific address in the addresses of the VPC network segment, for example, the source address may be a third address in the addresses of the VPC network segment. For example, assuming that the VPC segment is 10.0.0.0/8, the source address of the first probe message may be configured to be 10.0.0.3/32.
In a specific embodiment, if the server of the tenant includes a plurality of servers, the load balancing server needs to check the health status of the plurality of servers, i.e., check whether the plurality of servers are working properly. The load balancing server may send the probe packet to a plurality of servers of the tenant, respectively.
In one possible implementation, if the VPC includes multiple tenants, addresses of VPC segments supported by each tenant are different. Then the load balancing server uses the address of the VPC network segment supported by the corresponding tenant as the source address of the probe message. Illustratively, the VPC includes two tenants, respectively referred to as a first tenant and a second tenant, and addresses of VPC network segments supported by the first tenant and the second tenant are a first network segment address and a second network segment address, respectively. Then, when the load balancing server needs to check the health condition of the server of the first tenant, the address in the first network segment address is used as the source address of the probe message. Similarly, when the load balancing server needs to check the health condition of the server of the second tenant, the address in the second network segment address is used as the source address of the probe message. The number of the tenants included in the VPC is determined according to specific situations, and this is not limited in this embodiment.
Of course, each tenant of a plurality of tenants included in the VPC is configured with a security group rule on a corresponding switch, which allows an address of a VPC network segment supported by the tenant to access a server of the tenant. Illustratively, the first tenant may be configured with a security group rule in a corresponding switch, which allows the first network segment address to access the server of the first tenant, the second tenant may be configured with a security group rule in a corresponding switch, which allows the second network segment address to access the server of the second tenant, and so on.
In addition, for the health check of the servers of the same tenant, the multiple load balancing servers included in the load balancing server cluster use the same address as the source address of the probe packet. For example, for the health check of the server in the first tenant, each of the plurality of load balancing servers uses the same one of the first network segment addresses as the source address of the probe message.
Due to the health check of the servers of the same tenant, the load balancing servers included in the load balancing server cluster use the same address as the source address of the probe message. In order that the server of the tenant can accurately send the response message to the load balancing server sending the detection message after receiving the detection message, the source ports of the detection message sent by each load balancing server in the plurality of load balancing servers are different. In this way, the server of the tenant can correspondingly send the response message to different load balancing servers according to different source ports. The source port of the probe message used by each load balancing server is pre-configured. For example, the source port of the probe packet used by each load balancing server may be pre-configured by the cloud management platform of the VPC.
And in the second case, the source address of the first detection message is configured as a preset public network IP address.
In this case, even if the VPC includes a plurality of tenants, the plurality of load balancing servers included in the load balancing server cluster use the preset public network IP address as the source address of the probe message when sending the probe message to the servers of the plurality of tenants. That is, the source addresses of the probe messages sent by each of the load balancing servers included in the load balancing server cluster to the servers of the multiple tenants are the same.
Similarly, in order that the server of the tenant can accurately send the response message to the load balancing server sending the probe message after receiving the probe message, the source ports of the probe message sent by each load balancing server in the plurality of load balancing servers are different. In this way, the server of the tenant can correspondingly send the response message to different load balancing servers according to different source ports. The source port of the probe message used by each load balancing server is pre-configured. For example, the source port of the probe packet used by each load balancing server may be pre-configured by the cloud management platform of the VPC.
Of course, each tenant of the multiple tenants included in the VPC is configured with a security group rule on the corresponding switch, which allows the preset public network IP address to access the server of the tenant.
In summary, the embodiment of the application can use the same address to detect a plurality of servers, so that the occupation of the address is reduced, and the overhead of the address is saved.
The health check method of the load balancing system provided by the embodiment of the present application is introduced mainly from the perspective of server interaction of the load balancing server, the switch, and the tenant. It is to be understood that each device, such as a load balancing server, etc., includes a corresponding hardware structure and/or software module for performing each function in order to implement the corresponding function. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, the load balancing server and the like may be divided into functional modules according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.
In the case of dividing each function module corresponding to each function, fig. 3 shows a schematic logical structure diagram of a load balancing server provided in the embodiment of the present application, where the load balancing server may be the first load balancing server. The load balancing server 300 includes:
a sending unit 301, configured to send a first probe packet to a switch; the first detection message is used for detecting whether the first server normally operates or not; the switch is used for determining whether to forward the first detection message to the first server according to a configured security group rule; the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant.
In one possible implementation manner, the probe packet source address is one of addresses of VPC network segments supported by the first tenant, or a preset public network IP address.
In one possible implementation manner, the probe packet source address is one of addresses of VPC network segments supported by the first tenant, which are determined according to the indication of the first tenant; or, the source address of the probe message is a specific address in the addresses of the VPC network segment supported by the first tenant.
In one possible implementation, the servers in the load balancing cluster uniformly use the same address as the source address of the probe packet for probing whether the server of the first tenant is operating normally, where the same address is within the range of the probe packet source addresses included in the security group rule that allow access to the server of the first tenant.
In one possible implementation manner, when the source address of the probe packet is the preset public network IP address, the servers in the load balancing cluster uniformly use the preset public network IP address as the source address of the probe packet for detecting whether the server of the tenant in the VPC normally operates.
In one possible implementation, each server in the load balancing cluster uses a different source port as a source port of a probe packet for detecting whether a server of a tenant in the VPC is operating normally.
The beneficial effects of the foregoing embodiments may refer to the corresponding descriptions in the method embodiment described in fig. 2, and are not described herein again.
In the case of adopting to divide each functional module corresponding to each function, fig. 4 shows a schematic logical structure diagram of a switch provided in the embodiment of the present application, where the switch may be the switch described in the foregoing method embodiment. The switch 400 includes:
a receiving unit 401, configured to receive a first detection packet sent by a first load balancing server; the first detection message is used for detecting whether a first server normally operates or not, wherein the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the first load balancing server is a server in a load balancing cluster of the VPC;
a determining unit 402, configured to determine whether to forward the first probe packet to the first server according to a configured security group rule; wherein the security group rule is a rule configured according to an indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant.
A sending unit 403, configured to send the first probe packet to the first server if the source address of the first probe packet is within the range of the probe packet source addresses of the servers that are allowed to access the first tenant.
In the case of dividing each function module according to each function, fig. 5 shows a schematic logical structure diagram of a server provided in the embodiment of the present application, where the server may be the first server described in the foregoing method embodiment. The server 500 includes:
a receiving unit 501, configured to receive a first detection packet sent by an exchange; the first detection message is used for detecting whether the server normally operates or not; the switch is used for determining whether to forward the first detection message to the server according to the configured security group rule; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first detection message is sent to the switch by a first load balancing server, and the first load balancing server is a server in a load balancing cluster of the VPC;
a sending unit 502, configured to send a response packet to the first load balancing server according to the first detection packet when the server operates normally.
Fig. 6 is a schematic diagram of a hardware structure of a load balancing server provided in the embodiment of the present application. The load balancing server 600 includes: a processor 601, a memory 602, and a communication interface 603. The processor 601, the communication interface 603, and the memory 602 may be connected to each other or to each other through a bus 604.
Illustratively, the memory 602 is used for storing computer programs and data of the device 600, and the memory 602 may include, but is not limited to, Random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM), or portable read-only memory (CD-ROM), etc. The communication interface 603 is used to enable the device 600 to communicate, e.g., to receive or transmit data.
The processor 601 may illustratively be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, transistor logic, hardware components, or any combination thereof. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a digital signal processor, a combination of microprocessors, and the like. The processor 601 may be configured to read the program stored in the memory 602, and perform the operations performed by the load balancing server in fig. 2 and in possible embodiments.
Fig. 7 is a schematic diagram of a hardware structure of a switch provided in the embodiment of the present application. The switch 700 includes: a processor 701, a memory 702, and a communications interface 703. The processor 701, the communication interface 703 and the memory 702 may be connected to each other or to each other through a bus 704.
Illustratively, the memory 702 is used for storing computer programs and data of the device 700, and the memory 702 may include, but is not limited to, Random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM), or portable read-only memory (CD-ROM), among others. The communication interface 703 is used to enable the device 700 to communicate, such as to receive or transmit data.
The processor 701 may be, for example, a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, transistor logic, a hardware component, or any combination thereof. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a digital signal processor, a combination of microprocessors, and the like. The processor 701 may be configured to read the program stored in the memory 702 and execute the operations performed by the switch in fig. 2 and the possible embodiments.
Fig. 8 is a schematic diagram of a hardware structure of a server provided in the embodiment of the present application. The server 800 includes: a processor 801, a memory 802, and a communication interface 803. The processor 801, the communication interface 803, and the memory 802 may be connected to each other or to each other through a bus 804.
Illustratively, the memory 802 is used for storing computer programs and data of the device 800, and the memory 802 may include, but is not limited to, Random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM), or portable read-only memory (CD-ROM), etc. The communication interface 803 is used to enable the device 800 to communicate, such as to receive or transmit data.
The processor 801 may illustratively be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, transistor logic, a hardware component, or any combination thereof. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a digital signal processor, a combination of microprocessors, and the like. The processor 801 may be configured to read the program stored in the memory 802 to perform the operations of the first server in fig. 2 and the possible embodiments.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored, and the computer program is executed by a processor to implement the operations performed by the load balancing server in the method in fig. 2 and possible embodiments.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and the computer program is executed by a processor to implement the operations performed by the switch in the method in fig. 2 and the possible implementation manners.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored, and the computer program is executed by a processor to implement the operations performed by the first server in the method in fig. 2 and the possible implementation manners.
The embodiment of the present application further discloses a computer program, which when executed on a computer, will enable the computer to implement the operations performed by the load balancing server, the switch, or the first server in the method of fig. 2 and possible embodiments.
Embodiments of the present invention further provide a computer program product, and when the computer program product is read and executed by a computer, the operations performed by the load balancing server, the switch, or the first server in the method described in fig. 2 and the possible embodiments are implemented.
In summary, compared with the prior art that the detection message is determined to be forwarded to the server of the back-end tenant through the security group rule configured on the virtual switch by default, in the embodiment of the present application, the detection message is determined to be forwarded to the server of the back-end tenant through the security group rule configured on the virtual switch by the tenant, so that the tenant can completely control information traffic entering and exiting the back-end server, thereby reducing potential safety hazards and improving security. In addition, the embodiment of the application can use the same address to detect a plurality of servers, so that the occupation of the address is reduced, and the address overhead is saved.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (20)

1. A health check method of a load balancing system is applied to health check of the load balancing system in a Virtual Private Cloud (VPC), and comprises the following steps:
the first load balancing server sends a first detection message to the switch; the first detection message is used for detecting whether the first server normally operates or not; the switch is used for determining whether to forward the first detection message to the first server according to a configured security group rule; the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first load balancing server is a server in a load balancing cluster of the VPC.
2. The method of claim 1, wherein the probe message source address is one of addresses of VPC segments supported by the first tenant, or a preset public network IP address.
3. The method of claim 2, wherein the probe message source address is one of addresses of VPC network segments supported by the first tenant determined according to the indication of the first tenant; or, the source address of the probe message is a specific address in the addresses of the VPC network segment supported by the first tenant.
4. The method according to any of claims 1 to 3, wherein the servers in the load balancing cluster use the same address as the source address of the probe message for probing whether the first tenant's server is operating normally, the same address being within the range of probe message source addresses allowed to access the first tenant's server included in the security group rule.
5. The method according to claim 2, wherein, in the case that the probe packet source address is the preset public network IP address, the servers in the load balancing cluster uniformly use the preset public network IP address as the source address of the probe packet for probing whether the server of the tenant in the VPC is operating normally.
6. The method of any of claims 1 to 5, wherein each server in the load balancing cluster uses a different source port as a source port for probe messages that probe whether the tenant's server is functioning properly in the VPC.
7. A health check method of a load balancing system is applied to health check of the load balancing system in a Virtual Private Cloud (VPC), and comprises the following steps:
the switch receives a first detection message sent by a first load balancing server; the first detection message is used for detecting whether a first server normally operates or not, wherein the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the first load balancing server is a server in a load balancing cluster of the VPC;
the switch determines whether to forward the first detection message to the first server according to a configured security group rule; wherein the security group rule is a rule configured according to an indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant;
the switch sends the first probe message to the first server if the source address of the first probe message is within the range of probe message source addresses that allow access to the first tenant's server.
8. A health check method of a load balancing system is applied to health check of the load balancing system in a Virtual Private Cloud (VPC), and comprises the following steps:
the method comprises the steps that a first server receives a first detection message sent by a switch; the first detection message is used for detecting whether a first server normally operates or not, wherein the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the switch is used for determining whether to forward the first detection message to the first server according to a configured security group rule; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first detection message is sent to the switch by a first load balancing server, and the first load balancing server is a server in a load balancing cluster of the VPC;
and under the condition that the first server normally operates, the first server sends a response message to the first load balancing server according to the first detection message.
9. A load balancing server is characterized in that the load balancing server is a server in a load balancing cluster of a Virtual Private Cloud (VPC); the load balancing server includes:
a sending unit, configured to send a first probe packet to a switch; the first detection message is used for detecting whether the first server normally operates or not; the switch is used for determining whether to forward the first detection message to the first server according to a configured security group rule; the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant.
10. The load balancing server of claim 9, wherein the probe message source address is one of addresses of VPC network segments supported by the first tenant, or a preset public network IP address.
11. The load balancing server of claim 10, wherein the probe packet source address is one of addresses of VPC segments supported by the first tenant determined according to the indication of the first tenant; or, the source address of the probe message is a specific address in the addresses of the VPC network segment supported by the first tenant.
12. The load balancing server according to any one of claims 9 to 11, wherein the servers in the load balancing cluster uniformly use the same address as a source address of a probe packet for probing whether the server of the first tenant is operating normally, and the same address is within a range of probe packet source addresses included in the security group rule that allow access to the server of the first tenant.
13. The load balancing server according to claim 10, wherein, when the source address of the probe packet is the preset public network IP address, the servers in the load balancing cluster use the preset public network IP address as the source address of the probe packet for detecting whether the server of the tenant in the VPC is operating normally.
14. The load balancing server of any one of claims 9 to 13, wherein each server in the load balancing cluster uses a different source port as a source port for a probe packet for probing whether a server of a tenant in the VPC is operating normally.
15. A switch, wherein the switch is a switch in a Virtual Private Cloud (VPC), the switch comprising:
the receiving unit is used for receiving a first detection message sent by a first load balancing server; the first detection message is used for detecting whether a first server normally operates or not, wherein the first server is a server of a first tenant, and the first tenant is a tenant in the VPC; the first load balancing server is a server in a load balancing cluster of the VPC;
a determining unit, configured to determine whether to forward the first probe packet to the first server according to a configured security group rule; wherein the security group rule is a rule configured according to an indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant;
a sending unit, configured to send the first probe packet to the first server if the source address of the first probe packet is within the range of the probe packet source addresses of the servers that are allowed to access the first tenant.
16. A server, wherein the server is a server of a first tenant in a Virtual Private Cloud (VPC), and the server comprises:
the receiving unit is used for receiving a first detection message sent by the switch; the first detection message is used for detecting whether the server normally operates or not; the switch is used for determining whether to forward the first detection message to the server according to the configured security group rule; the security group rule is a rule configured according to the indication of the first tenant; the security group rule includes a probe message source address that allows access to a server of the first tenant; the first detection message is sent to the switch by a first load balancing server, and the first load balancing server is a server in a load balancing cluster of the VPC;
and the sending unit is used for sending a response message to the first load balancing server according to the first detection message under the condition that the server normally operates.
17. A load balancing server, comprising a processor, a memory, and a communication interface; the memory and the communication interface are coupled to the processor, the memory storing a computer program, the processor executing the computer program to implement the method of any of claims 1 to 6.
18. A switch, characterized in that the switch comprises a processor, a memory, and a communication interface; the memory and the communication interface are coupled to the processor, the memory storing a computer program, the processor executing the computer program to implement the method of claim 7.
19. A server, comprising a processor, a memory, and a communication interface; the memory and the communication interface are coupled to the processor, the memory storing a computer program, the processor executing the computer program to implement the method of claim 8.
20. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which is executed by a processor to implement the method of any one of claims 1 to 6 or 7 or 8.
CN201911341247.9A 2019-12-23 2019-12-23 Health check method of load balancing system and related equipment Active CN113098728B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911341247.9A CN113098728B (en) 2019-12-23 2019-12-23 Health check method of load balancing system and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911341247.9A CN113098728B (en) 2019-12-23 2019-12-23 Health check method of load balancing system and related equipment

Publications (2)

Publication Number Publication Date
CN113098728A true CN113098728A (en) 2021-07-09
CN113098728B CN113098728B (en) 2023-12-19

Family

ID=76663939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911341247.9A Active CN113098728B (en) 2019-12-23 2019-12-23 Health check method of load balancing system and related equipment

Country Status (1)

Country Link
CN (1) CN113098728B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935672A (en) * 2015-06-29 2015-09-23 杭州华三通信技术有限公司 High available realizing method and equipment of load balancing service
CN105208053A (en) * 2014-06-16 2015-12-30 中兴通讯股份有限公司 Method for realizing load balance, device and load balance service system
CN105391771A (en) * 2015-10-16 2016-03-09 张陵 Multi-tenant-oriented cloud network architecture
CN106209563A (en) * 2016-08-07 2016-12-07 付宏伟 A kind of cloud computing platform network virtualization implementation method and accordingly plug-in unit and agency
CN106797405A (en) * 2016-12-14 2017-05-31 华为技术有限公司 Distributed load equalizing system, health examination method and service node
CN106789542A (en) * 2017-03-03 2017-05-31 清华大学 A kind of implementation method of cloud data center security service chain
CN109451084A (en) * 2018-09-14 2019-03-08 华为技术有限公司 A kind of service access method and device
CN109831468A (en) * 2017-11-23 2019-05-31 北京金山云网络技术有限公司 Load-balancing method, device, electronic equipment and storage medium
CN110177028A (en) * 2019-05-30 2019-08-27 北京字节跳动网络技术有限公司 Distributed health examination method and device
CN110392108A (en) * 2019-07-23 2019-10-29 浪潮云信息技术有限公司 A kind of public cloud Network Load Balance system architecture and implementation method
CN110581855A (en) * 2019-09-12 2019-12-17 中国工商银行股份有限公司 Application control method and device, electronic equipment and computer readable storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105208053A (en) * 2014-06-16 2015-12-30 中兴通讯股份有限公司 Method for realizing load balance, device and load balance service system
CN104935672A (en) * 2015-06-29 2015-09-23 杭州华三通信技术有限公司 High available realizing method and equipment of load balancing service
CN105391771A (en) * 2015-10-16 2016-03-09 张陵 Multi-tenant-oriented cloud network architecture
CN106209563A (en) * 2016-08-07 2016-12-07 付宏伟 A kind of cloud computing platform network virtualization implementation method and accordingly plug-in unit and agency
CN106797405A (en) * 2016-12-14 2017-05-31 华为技术有限公司 Distributed load equalizing system, health examination method and service node
CN106789542A (en) * 2017-03-03 2017-05-31 清华大学 A kind of implementation method of cloud data center security service chain
CN109831468A (en) * 2017-11-23 2019-05-31 北京金山云网络技术有限公司 Load-balancing method, device, electronic equipment and storage medium
CN109451084A (en) * 2018-09-14 2019-03-08 华为技术有限公司 A kind of service access method and device
CN110177028A (en) * 2019-05-30 2019-08-27 北京字节跳动网络技术有限公司 Distributed health examination method and device
CN110392108A (en) * 2019-07-23 2019-10-29 浪潮云信息技术有限公司 A kind of public cloud Network Load Balance system architecture and implementation method
CN110581855A (en) * 2019-09-12 2019-12-17 中国工商银行股份有限公司 Application control method and device, electronic equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN113098728B (en) 2023-12-19

Similar Documents

Publication Publication Date Title
US10142226B1 (en) Direct network connectivity with scalable forwarding and routing fleets
US20220210035A1 (en) Systems and methods for performing end-to-end link-layer and ip-layer health checks between a host machine and a network virtualization device
US8850043B2 (en) Network security using trust validation
CN101102288B (en) A method and system for realizing large-scale instant message
US20040240440A1 (en) Virtual network addresses
US10439901B2 (en) Messaging queue spinning engine
CN109510878B (en) Long connection session keeping method and device
CN108933829A (en) A kind of load-balancing method and device
EP3319270B1 (en) Service registration method, usage method and relevant apparatus
CN112104754A (en) Network proxy method, system, device, equipment and storage medium
US20060114817A1 (en) Server, method for controlling data communication of server, computer product
US9438471B1 (en) Multi-blade network traffic management apparatus with improved failure handling and methods thereof
US10530634B1 (en) Two-channel-based high-availability
CN110535964B (en) Data processing method and device based on Paas connector
US20160212052A1 (en) Methods, systems, and computer readable media for balancing diameter message traffic received over long-lived diameter connections
CN112243036B (en) Data processing method and device for PaaS service, equipment and storage medium
CN112003794B (en) Floating IP current limiting method, system, terminal and storage medium
CN111818081A (en) Virtual encryption machine management method and device, computer equipment and storage medium
CN113098728B (en) Health check method of load balancing system and related equipment
CN113992685B (en) Service controller determining method, system and device
US20110075571A1 (en) Distributed virtual home agent for mobile internet protocol
CN112751717B (en) Service flow management system and method
CN114726796A (en) Flow control method, gateway and switch
CN104426704A (en) Integration network device and service integration method thereof
JPH1027146A (en) Communication processor and its method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220207

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Applicant after: Huawei Cloud Computing Technology Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Applicant before: HUAWEI TECHNOLOGIES Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant