CN113709016B - Communication system, communication method, communication apparatus, communication device, and storage medium - Google Patents

Communication system, communication method, communication apparatus, communication device, and storage medium Download PDF

Info

Publication number
CN113709016B
CN113709016B CN202010430596.4A CN202010430596A CN113709016B CN 113709016 B CN113709016 B CN 113709016B CN 202010430596 A CN202010430596 A CN 202010430596A CN 113709016 B CN113709016 B CN 113709016B
Authority
CN
China
Prior art keywords
virtual switch
data message
virtual
access request
request information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010430596.4A
Other languages
Chinese (zh)
Other versions
CN113709016A (en
Inventor
柳佳佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN202010430596.4A priority Critical patent/CN113709016B/en
Publication of CN113709016A publication Critical patent/CN113709016A/en
Application granted granted Critical
Publication of CN113709016B publication Critical patent/CN113709016B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing

Abstract

The embodiment of the invention provides a communication system, a communication method, a communication device, communication equipment and a storage medium. The first VPC comprises an SLB and a first virtual switch, and the second VPC comprises a plurality of RSs and a second virtual switch. And the SLB receives access request information which is triggered by a user and corresponds to the second VPC, determines a target RS from the multiple RSs, encapsulates the access request information into a first data message, and sends the first data message to the first virtual switch. The first virtual switch determines not to perform additional encapsulation on the first data packet and directly sends the first data packet to the second virtual switch. And the second virtual switch de-encapsulates the first data message to send the access request information to the target RS according to the network address of the target RS. Thus, access of the SLB in the first VPC to the RS in the second VPC is achieved.

Description

Communication system, communication method, communication apparatus, communication device, and storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a communication system, a communication method, a communication apparatus, a communication device, and a storage medium.
Background
A Virtual Private Cloud (VPC) is a Virtual Private network created by a service provider at a Cloud end, and can plan an address space, set a routing table, and create different Cloud product instances, such as resources of a Virtual switch, a Virtual router, a Service Load Balancer (SLB), a Server (also commonly referred to as a Cloud Server, a Server instance, or a Real Server (RS)), and the like, in the VPC created by the service provider.
The SLB is a load balancing service for performing traffic distribution on multiple RSs, and is inherited from a Virtual Server (Linux Virtual Server, abbreviated as LVS). The principle of operation of SLB is simply: the SLB may provide an IP address corresponding to a plurality of RSs created by a certain service provider to the outside, which may be referred to as a virtual IP address, the terminal internet user may trigger an access request for the virtual IP address, and after the SLB intercepts the access request, the SLB determines a target RS from the plurality of RSs according to a certain load balancing algorithm used, and finally allocates the access request of the user to the target RS for response. Since the services provided by the multiple RSs are the same, the content of the obtained response is the same regardless of which RS the user finally accesses.
In one case, the SLB would be located in one VPC, and the RSs created by the service provider that can be scheduled by the SLB are in another VPC.
VPCs are usually implemented based on mainstream tunneling technologies, such as a Virtual Extensible LAN (VxLAN), and different VPCs have different network identifications (which may also be referred to as tunnel numbers). Two-layer logic isolation is performed between different VPCs, namely, the different VPCs are isolated and cannot communicate with each other. For example, assume that VPC1 has a network identification of 123456, where there is network element a with an IP address of 10.1.1.1; assuming that VPC2 has a network identification of 223456, where there is network element B with an IP address of 10.1.1.2, even though network element a and network element B are in the same network segment, they cannot communicate with each other since they belong to different VPCs. It can be seen that in the case where an SLB is located in one VPC and the corresponding RSs are in another VPC, the SLB will not be able to access the RSs in the other VPC.
Disclosure of Invention
Embodiments of the present invention provide a communication system, a communication method, an apparatus, a device, and a storage medium, which can implement communication between an SLB in one VPC and an RS in another VPC.
In a first aspect, an embodiment of the present invention provides a communication method, which is applied to a first virtual switch in a first virtual private cloud, where the first virtual private cloud includes a service load balancer, and the method includes:
receiving a first data message sent by the service load balancer, wherein the first data message comprises a network identifier corresponding to a second virtual private cloud and a network address of a target server; the second virtual private cloud comprises a plurality of servers and a second virtual switch, and after receiving access request information corresponding to the second virtual private cloud and triggered by a user, the service load balancer determines the target server from the plurality of servers and packages the access request information into the first data message;
determining not to package the first data message, sending the first data message to the second virtual switch, so that the second virtual switch obtains the network address of the target server and the access request information by decapsulating the first data message, and sends the access request information to the target server.
In a second aspect, an embodiment of the present invention provides a communication apparatus, applied to a first virtual switch in a first virtual private cloud, where the first virtual private cloud includes a service load balancer, and the apparatus includes:
a receiving module, configured to receive a first data packet sent by the service load balancer, where the first data packet includes a network identifier corresponding to a second virtual private cloud and a network address of a target server; the second virtual private cloud comprises a plurality of servers and a second virtual switch, and after receiving access request information corresponding to the second virtual private cloud and triggered by a user, the service load balancer determines the target server from the plurality of servers and packages the access request information into the first data message;
and the sending module is used for determining that the first data message is not packaged, sending the first data message to the second virtual switch, so that the second virtual switch obtains the network address of the target server and the access request information by decapsulating the first data message, and sending the access request information to the target server.
In a third aspect, an embodiment of the present invention provides an electronic device, including: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to implement at least the communication method as described in the first aspect.
In a fourth aspect, an embodiment of the present invention provides a non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to implement at least the communication method according to the first aspect.
In a fifth aspect, an embodiment of the present invention provides a communication method, which is applied to a service load balancer in a first virtual private cloud, where the first virtual private cloud includes a first virtual switch, and the method includes:
receiving access request information which is triggered by a user and corresponds to a second virtual private cloud, wherein the second virtual private cloud comprises a plurality of servers and a second virtual switch;
determining a target server from the plurality of servers;
packaging the access request information into a first data message, wherein the first data message comprises a network identifier corresponding to the second virtual private cloud and a network address of the target server;
sending the first data message to the first virtual switch, so that the first virtual switch determines not to package the first data message, and sends the first data message to the second virtual switch;
the second virtual switch decapsulates the first data packet to obtain a network address of the target server and the access request information, and sends the access request information to the target server.
In a sixth aspect, an embodiment of the present invention provides a communication apparatus, which is applied to a service load balancer in a first virtual private cloud, where the first virtual private cloud includes a first virtual switch, and the apparatus includes:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving access request information which is triggered by a user and corresponds to a second virtual private cloud, and the second virtual private cloud comprises a plurality of servers and a second virtual switch;
the processing module is used for determining a target server from the plurality of servers; packaging the access request information into a first data message, wherein the first data message comprises a network identifier corresponding to the second virtual private cloud and a network address of the target server;
a sending module, configured to send the first data packet to the first virtual switch, so that the first virtual switch determines not to package the first data packet, and sends the first data packet to the second virtual switch; the second virtual switch decapsulates the first data packet to obtain a network address of the target server and the access request information, and sends the access request information to the target server.
In a seventh aspect, an embodiment of the present invention provides an electronic device, including: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the communication method of the fifth aspect.
In an eighth aspect, the present invention provides a non-transitory machine-readable storage medium, on which an executable code is stored, and when the executable code is executed by a processor of an electronic device, the processor is caused to execute the communication method according to the fifth aspect.
In a ninth aspect, an embodiment of the present invention provides a communication system, where the system includes:
a first virtual private cloud and a second virtual private cloud;
the first virtual private cloud comprises a service load balancer and a first virtual switch, and the second virtual private cloud comprises a plurality of servers and a second virtual switch;
the service load balancer is used for receiving access request information which is triggered by a user and corresponds to the second virtual private cloud, determining a target server from the servers, packaging the access request information into a first data message, and sending the first data message to the first virtual switch, wherein the first data message comprises a network identifier corresponding to the second virtual private cloud and a network address of the target server;
the first virtual switch is configured to determine not to perform encapsulation processing on the first data packet, and send the first data packet to the second virtual switch;
the second virtual switch is configured to decapsulate the first data packet to obtain a network address of the target server and the access request information, and send the access request information to the target server.
In the embodiment of the present invention, it is assumed that the SLB is located in the VPC1 and the RSs are located in the VPC2, and in order to enable the SLB in the VPC1 to communicate with the RSs in the VPC2, when the SLB receives access request information corresponding to the VPC2 triggered by a user, the SLB determines a target RS from the RSs based on a load balancing algorithm used, and generates a data packet corresponding to the access request information, that is, encapsulates the access request information into the data packet. Wherein, the data message includes the network identifier of the VPC2 to be accessed by the user and the network address, such as the IP address, of the target RS. The SLB sends the data message to a first virtual switch co-located within VPC1, the first virtual switch configured to: and when the data message from the SLB is received, the data message is sent to a second virtual switch in the VPC2 according to the network identification of the VPC2, and the data message is not encapsulated (such as encapsulation of VxLAN) in the sending process. Therefore, after the second virtual switch receives the data message, the second virtual switch decapsulates the data message to find that the network identifier of the VPC carried in the data message is the same as the network identifier of the VPC1 in which the second virtual switch is located, and finally sends the parsed access request information to the target server according to the parsed network address of the target server, and the target server performs response processing on the access request information.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic diagram of an operating principle of a communication system provided in a conventional scheme;
fig. 2a is a schematic diagram illustrating an operating principle of a communication system according to an embodiment of the present invention;
fig. 2b is a schematic diagram illustrating an operating principle of a communication system according to an embodiment of the present invention;
fig. 3a is a schematic diagram illustrating an operation principle of a communication system according to an embodiment of the present invention;
fig. 3b is a schematic diagram illustrating an operating principle of a communication system according to an embodiment of the present invention;
fig. 4 is a flowchart of a communication method according to an embodiment of the present invention;
fig. 5 is a flowchart of a communication method according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a communication device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device corresponding to the communication apparatus provided in the embodiment shown in fig. 6;
fig. 8 is a schematic structural diagram of a communication device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an electronic device corresponding to the communication apparatus provided in the embodiment shown in fig. 8.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well.
The words "if", as used herein may be interpreted as "at \8230; \8230whenor" when 8230; \8230when or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrase "if determined" or "if detected (a stated condition or event)" may be interpreted as "upon determining" or "in response to determining" or "upon detecting (a stated condition or event)" or "in response to detecting (a stated condition or event)", depending on the context.
In addition, the sequence of steps in the embodiments of the methods described below is merely an example, and is not strictly limited.
Fig. 1 is a schematic diagram of an operating principle of a communication system provided in a conventional scheme, and as shown in fig. 1, it is assumed that the communication system includes two VPCs, respectively denoted as VPC1 and VPC2, created by VxLAN technology. Suppose that VPC1 corresponds to a network identification of 223456 and VPC2 corresponds to a network identification of 123456. An SLB and a virtual switch 1 are created in VPC1, and three RSs, RS1, RS2, and RS3, and a virtual switch 2 are created in VPC2. It is understood that the three RSs correspond to the same service provider, i.e., the three RSs provide indiscriminate services to terminal internet users (hereinafter, simply referred to as users).
In the embodiment of the present invention, VPC1 and VPC2 may both be constructed based on a Network Function Virtualization (NFV) technology. In this case, the network elements in both VPCs may be implemented as a kind of virtual machine.
Assume that the external virtual IP addresses and ports provided by the SLB and corresponding to the three RSs are: 47.100.100.100:8080. suppose RS1 is in the address space of VPC2 with IP address 10.1.1.11, rs2 with IP address 10.1.1.12, rs3 with IP address 10.1.1.13.
In addition, it is assumed that the physical host corresponding to VPC1 is physical server 1 shown in fig. 1 and has an IP address of 11.1.1.30, and the physical host corresponding to VPC2 is physical server 2 shown in the figure and has an IP address of 11.1.1.21.
Based on the above hypothetical situation, when the user is based on 47.100.100.100:8080 when the access request information is triggered to the SLB, as shown in fig. 1, it is assumed that the SLB generates a data message a corresponding to the access request information. Structurally, a data packet includes two major parts, namely a header (also referred to as a header) and a data field (also referred to as a body), and for convenience of description, only the part of the header of the data packet a is illustrated in fig. 1.
In the data message a, the source IP address of the outermost encapsulation is 100.65.100.1, and the destination IP address is 11.1.1.21, which is the IP address of the physical server 2. Wherein 100.65.100.1 is a local address (or local-address). VxLAN-id:123456, indicating that VPC2, identified by network identification 123456, needs to be accessed. The source IP address of the innermost encapsulation is 100.65.100.1, and the destination IP address is 10.1.1.13 of the IP address of the RS. That is, the SLB determines that the RS3 currently needs to provide service to the user based on the access request information triggered by the user according to the load balancing algorithm used.
After receiving the data message a, the virtual switch 1 learns from 11.1.1.21 that the data message a needs to be sent to the virtual switch 2 created in the physical server 2. According to the traditional protocol requirements of the VxLAN, in the process of sending the data message A to the virtual switch 2, the virtual switch 1 needs to perform VxLAN packaging on the data message A to obtain a data message B, and then sends the data message B to the virtual switch 2. Specifically, the following two rows of encapsulation information illustrated in fig. 1 are added in front of the head of the data message a to implement VxLAN encapsulation on the data message a, so as to obtain a data message B:11.1.1.30- >11.1.1.21, vxLAN-id:223456. Wherein, the outermost layer encapsulates the source IP address-11.1.1.30 and the destination IP address 11.1.1.21, and 11.1.1.30 are the IP addresses of the physical server 1 where the virtual switch 1 and the SLB are located. 223456 represents network identification of VPC1 to which the virtual switch 1 and SLB belong, and reflects that the data message is sent by VPC1 with the visited network identification of 223456.
And after receiving the data message B, the virtual switch 2 decapsulates the data message B. In the process of decapsulating the data message B, the virtual switch 2 decapsulates another network identifier different from the network identifier of the VPC2 to which the virtual switch belongs: 223456, due to this property of isolation between different VPCs, virtual switch 2 will discard data packet B, since RS3, which is the destination RS, does not belong to VPC1 identified by 223456. Thus, in the above scenario, the user will not be able to access the multiple RSs in VPC2 via the SLB in VPC1.
Fig. 1 only illustrates a forward access process, and a reverse response process is similar to the forward access process, and similarly, when the virtual switch 1 receives a data packet sent by the virtual switch 2, the virtual switch decapsulates the data packet to find a network identifier of another VPC different from the VPC to which the virtual switch belongs, so as to discard the received data packet.
Based on this, in order to enable the SLB in VPC1 and the RSs in VPC2 to communicate with each other, the embodiment of the present invention provides the following solution: in the forward transmission process, the virtual switch 1 does not package the VxLAN (virtual local area network) of the data message but transmits the data message to the virtual switch B in the process of sending the data message from the SLB to the virtual switch 2; in the reverse transmission process, the virtual switch 1 does not decapsulate the data message (i.e., does not strip the VxLAN encapsulation) but passes through to the SLB in the process of sending the data message received from the virtual switch 2 to the SLB.
The communication procedure based on the above-mentioned solution is exemplarily described below in connection with fig. 2a and 2 b. In fig. 2a and 2b, the composition of the communication system illustrated in fig. 1 is still used as an example for illustration.
Fig. 2a illustrates a forward transmission process, as shown in fig. 2a, after the virtual switch 1 receives the data packet a sent by the SLB, it is determined that the data packet a is not encapsulated, but the data packet a is sent to the virtual switch 2 in a "transparent transmission" manner. The transparent transmission means that the virtual switch 1 does not perform VxLAN encapsulation on the data message a. However, in practical applications, it is not limited that the virtual switch 1 sends the data packet a to the virtual switch 2 as it is, as shown in fig. 2a, the virtual switch 1 may modify a source network address (for example, an IP address mentioned herein) of an outermost layer in the data packet a to a network address of the physical server 1 where it is located: 11.1.1.30. the main purpose of this modification is to let the virtual switch 2 know to which network address the data packet should be fed back during the reverse direction transmission. Assuming that the data packet modified by the network address is referred to as a data packet a ', the virtual switch 1 sends the data packet a' to the virtual switch 2. And after receiving the data message A ', the virtual switch 2 decapsulates the data message A'. Because the network identifier 123456 of the VPC carried in the data packet a 'is the network identifier of the VPC2 to which the virtual switch 2 belongs, the virtual switch 2 successfully decapsulates the data packet a' to analyze the network address of the target RS — RS3 contained in the data packet a and the access request information contained in the data field, and the virtual switch 2 sends the access request information to the RS3 according to the network address of the RS3.
Fig. 2b illustrates a reverse transmission process, and as shown in fig. 2b, it is assumed that the RS3 performs response processing on the access request information triggered by the user to obtain access response information, and sends the access response information to the virtual switch 2. The virtual switch 2 further encapsulates the access response information into a data message C, and sends the data message C to the virtual switch 1. Wherein, the source network address encapsulated in the outermost layer in the data message C is 11.1.1.21, which is the network address of the physical server 2, and the destination network address is 11.1.1.30, which is the network address of the physical server 1. Network identification 123456 of VPC2 included in data message C. The source network address encapsulated in the innermost layer in the data message C is 10.1.1.13-the network address of RS3, and the destination network address is 100.65.100.1-local-address.
After receiving the data message C, the virtual switch 1 determines not to decapsulate the data message C, but directly transparently transmits the data message C to the SLB. Similar to the forward transmission process, in practical applications, the transparent transmission also does not limit that the virtual switch 1 must send the data message C to the SLB as it is, as shown in fig. 2b, and the virtual switch 1 may modify the destination network address of the outermost layer in the data message C to be local-address-100.65.100.1. Assuming that the data packet modified by the network address is referred to as a data packet C ', the virtual switch 1 sends the data packet C' to the SLB. And after receiving the data message C ', the SLB decapsulates the data message C ' to analyze the access response information from the data message C ', and then sends the access response information to the user.
As can be seen from the schematic diagrams of fig. 2a and 2b, by changing the forwarding logic of the virtual switch 1 in the same VPC as the SLB, the SLB can communicate with multiple RSs in another VPC. The forwarding logic of the modified virtual switch 1 is, in summary: in the forward transmission process, vxLAN encapsulation is not added to the data message received from the SLB; in the reverse transmission process, the data message received from the virtual switch 2 is not de-encapsulated, i.e. the VxLAN encapsulation is not stripped.
To implement the forwarding logic described above, optionally, as shown in fig. 3a and 3b, it can be implemented according to the following manner:
a port for communicating with the SLB in the virtual switch 1 is configured with a preset flag in advance. In fig. 3a and 3b, the port is identified as: vport. It will be appreciated that the port is a virtual port. In fact, a plurality of virtual ports may be provided in the virtual switch 1, different virtual ports having different roles, and the virtual port vport illustrated in fig. 3a and 3b is a port for communicating with the SLB.
In practical application, a service provider may create the VPC1 through a set management and control platform, and when creating the VPC1, the virtual switch 1 is created by default, at this time, the management and control platform may be configured to trigger a configuration instruction to the virtual switch 1 by default, where the configuration instruction is an instruction for controlling the virtual switch 1 to configure a preset identifier for the port vport.
The preset mark can be a preset string of character strings, and the preset mark has the following functions: the method is used for representing that the data message transmitted through the port vport needs to be transmitted in a transparent transmission mode, and the data message transmitted through the port vport is divided into two types: one is a data message sent by the SLB, and the other is a data message sent to the SLB.
Based on this, as shown in fig. 3a, in the forward transmission process, the data packet a sent by the SLB is sent to the virtual switch 1 through the port vport, and since the data packet a is received by the virtual switch 1 through the port vport, the virtual switch 1 knows that the data packet a needs to be forwarded based on the preset flag, that is, the data packet a is directly sent to the virtual switch 2 according to the network address of the physical server 2 carried in the data packet a, without performing additional encapsulation processing on the data packet a.
As described above, in practical application, the virtual switch 1 modifies the outermost source network address of the data packet a to obtain a data packet a ', and sends the data packet a' to the virtual switch 2.
In practical application, after receiving the data packet a through the port vport, the virtual switch 1 may establish a Session of transparent transmission type (Session), or called a Session of direct transmission type, and send the data packet a' to the virtual switch 2 based on the Session.
As shown in fig. 3b, in the reverse transmission process, after receiving the data packet C sent by the virtual switch 2, the virtual switch 1 determines that the data packet C needs to be sent to the SLB, and sends the data packet C to the SLB through the port vport. Since the data packet C needs to be sent through the port vport, the virtual switch 1 knows that the decapsulation processing on the data packet C is not needed based on the preset flag, that is, the data packet C is directly sent to the SLB.
As described above, in practical application, the virtual switch 1 modifies the destination network address of the outermost layer of the data packet C to obtain a data packet C ', and sends the data packet C' to the SLB through the port vport.
In practical applications, after receiving the data packet C sent by the virtual switch 2, the virtual switch 1 may match the previously established direct connection type session, so as to send the data packet C' to the SLB based on the session.
In addition to setting a preset flag on the port vport of the virtual switch 1, so that the virtual switch 1 executes the forwarding logic based on the preset flag, optionally, the forwarding logic may also be implemented by changing the data packet encapsulation processing procedures of the SLB and the virtual switch 2. For example, a data packet a generated by the SLB may carry specific identification information, and the identification information may be used to identify that the data packet a is sent by the SLB, so that the virtual switch 1 determines that VxLAN encapsulation does not need to be added to the data packet a based on the identification information. When the virtual switch 2 generates the data packet C, the data packet C and the specific identification information are also sent to the virtual switch 1, and the identification information can be used to identify that the data packet C needs to be sent to the SLB, so that the virtual switch 1 determines that the data packet C does not need to be decapsulated based on the identification information.
Fig. 4 is a flowchart of a communication method provided in an embodiment of the present invention, where the communication method can be executed by the virtual switch 1 in the VPC1 illustrated in the foregoing embodiment, and as described above, the VPC further includes an SLB. As shown in fig. 4, the method includes the steps of:
401. the virtual switch 1 receives a first data message sent by the SLB, wherein the first data message comprises a network identifier corresponding to the VPC2 and a network address of a target RS; VPC2 comprises a plurality of RSs and a virtual switch 2, after receiving access request information corresponding to VPC2 triggered by a user, an SLB determines a target RS from the RSs and encapsulates the access request information into a first data message.
402. The virtual switch 1 determines not to encapsulate the first data packet, and sends the first data packet to the virtual switch 2, so that the virtual switch 2 obtains the network address and the access request information of the target RS by decapsulating the first data packet, and sends the access request information to the target RS.
For the detailed implementation process of the communication method provided in this embodiment, reference may be made to the description in the other embodiments, which is not repeated herein.
Fig. 5 is a flowchart of a communication method provided in an embodiment of the present invention, where the communication method can be executed by the SLB in the VPC1 illustrated in the foregoing embodiment, and as described above, the VPC1 further includes a virtual switch 1 therein. As shown in fig. 5, the method includes the steps of:
501. the SLB receives access request information which is triggered by a user and corresponds to the VPC2, and the VPC2 second virtual private cloud comprises a plurality of RSs and a virtual switch 2.
502. And the SLB determines a target RS from the multiple RSs, and encapsulates the access request information into a first data message, wherein the first data message comprises the network identifier corresponding to the VPC2 and the network address of the target RS.
503. The SLB sends the first data message to the virtual switch 1, so that the virtual switch 1 determines not to package the first data message, sends the first data message to the virtual switch 2, and the virtual switch 2 obtains the network address and the access request information of the target RS by de-packaging the first data message and sends the access request information to the target server RS.
For the detailed implementation process of the communication method provided in this embodiment, reference may be made to the description in the other embodiments, which is not repeated herein.
Finally, it should be noted that, in the above embodiments, the communication process between different service instances in two VPCs (the SLB and the RS are two different service instances) is described by taking a load balancing scenario as an example. In fact, the above communication scheme is not limited to this scenario. In summary, VPC1 includes a first server and a first virtual switch, VPC2 includes at least a second server and a second virtual switch, and the communication process between the first server and the second server can adopt the communication scheme described above.
The communication device of one or more embodiments of the present invention will be described in detail below. Those skilled in the art will appreciate that these communication devices may each be configured using commercially available hardware components through the steps taught by the present solution.
Fig. 6 is a schematic structural diagram of a communication device according to an embodiment of the present invention, where the communication device may be located in the virtual switch 1 in the foregoing. As shown in fig. 6, the apparatus includes: a receiving module 11 and a sending module 12.
A receiving module 11, configured to receive a first data packet sent by the service load balancer, where the first data packet includes a network identifier corresponding to a second virtual private cloud and a network address of a target server; the second virtual private cloud comprises a plurality of servers and a second virtual switch, and after receiving access request information corresponding to the second virtual private cloud and triggered by a user, the service load balancer determines the target server from the plurality of servers and packages the access request information into the first data message.
A sending module 12, configured to determine not to encapsulate the first data packet, send the first data packet to the second virtual switch, so that the second virtual switch obtains the network address of the target server and the access request information by decapsulating the first data packet, and sends the access request information to the target server.
Optionally, the apparatus further comprises: and the configuration module is used for configuring a port, which is used for communicating with the service load balancer, in the first virtual switch with a preset mark. Based on this, optionally, the sending module 12 may specifically be configured to: and determining not to package the first data message received through the port according to the preset mark, and sending the first data message to the second virtual switch.
Optionally, the sending module 12 may specifically be configured to: and modifying the source network address of the outermost layer in the first data message into the network address of the first physical host, and sending the modified first data message to the second virtual switch.
Optionally, the receiving module 11 may further be configured to: and receiving a second data message sent by the second virtual switch, wherein the second virtual switch packages the access response information into the second data message after receiving the access response information corresponding to the access request information sent by the target server. The sending module 12 may be further configured to: and determining not to de-encapsulate the second data message, and sending the second data message to the service load balancer, so that the service load balancer de-encapsulates the second data message to obtain the access response information.
Based on the configuration result of the preset flag, optionally, in the process of sending the second data packet to the service load balancer, the sending module 12 may specifically be configured to: and determining not to de-encapsulate the second data message according to the preset mark, and sending the second data message to the service load balancer through the port.
The apparatus shown in fig. 6 may perform the communication method provided in the foregoing embodiments shown in fig. 1 to fig. 4, and for details of the performing process and the technical effect, reference is made to the description in the foregoing embodiments, and details are not repeated here.
In one possible design, the structure of the communication apparatus shown in fig. 6 may be implemented as an electronic device, such as the physical server 1 in the foregoing. As shown in fig. 7, the electronic device may include: a first processor 21, a first memory 22, a first communication interface 23. Wherein the first memory 22 has stored thereon executable code which, when executed by the first processor 21, makes the first processor 21 at least to implement the communication method as provided in the embodiments illustrated in the aforementioned fig. 1 to 4.
In addition, an embodiment of the present invention provides a non-transitory machine-readable storage medium having stored thereon executable code, which, when executed by a processor of an electronic device, causes the processor to implement at least the communication method provided in the foregoing embodiments shown in fig. 1 to 4.
Fig. 8 is a schematic structural diagram of a communication device according to an embodiment of the present invention, where the communication device may be located in the SLB in the foregoing. As shown in fig. 8, the apparatus includes: a receiving module 31, a processing module 32, and a transmitting module 33.
The receiving module 31 is configured to receive access request information, which is triggered by a user and corresponds to a second virtual private cloud, where the second virtual private cloud includes a plurality of servers and a second virtual switch.
A processing module 32, configured to determine a target server from the plurality of servers; and packaging the access request information into a first data message, wherein the first data message comprises a network identifier corresponding to the second virtual private cloud and a network address of the target server.
A sending module 33, configured to determine not to perform encapsulation processing on the first data packet, and send the first data packet to the first virtual switch, so that the first virtual switch sends the first data packet to the second virtual switch; the second virtual switch decapsulates the first data packet to obtain a network address of the target server and the access request information, and sends the access request information to the target server.
Optionally, the receiving module 31 may be further configured to: receiving a second data message sent by the first virtual switch, wherein after receiving access response information corresponding to the access request information sent by the target server, the second virtual switch encapsulates the access response information into the second data message and sends the second data message to the first virtual switch; wherein the first virtual switch determines not to decapsulate the second data packet. The processing module 32 may also be configured to: and decapsulating the second data packet to obtain the access response information.
The apparatus shown in fig. 8 may perform the communication method provided in the foregoing embodiment shown in fig. 5, and the detailed implementation process and technical effect refer to the description in the foregoing embodiment, which is not described herein again.
In one possible design, the structure of the communication apparatus shown in fig. 8 may be implemented as an electronic device, such as the SLB in the foregoing. As shown in fig. 9, the electronic device may include: a second processor 41, a second memory 42, a second communication interface 43. Wherein the second memory 42 has stored thereon executable code which, when executed by the second processor 41, makes the second processor 41 at least operable to implement the communication method as provided in the embodiment illustrated in fig. 5 and described above.
In addition, an embodiment of the present invention provides a non-transitory machine-readable storage medium, on which executable code is stored, and when the executable code is executed by a processor of an electronic device, the processor is enabled to implement at least the communication method provided in the embodiment shown in fig. 5.
The above-described apparatus embodiments are merely illustrative, wherein the elements described as separate components may or may not be physically separate. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by adding a necessary general hardware platform, and of course, can also be implemented by a combination of hardware and software. With this understanding in mind, the above-described aspects and portions of the present technology which contribute substantially or in part to the prior art may be embodied in the form of a computer program product, which may be embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including without limitation disk storage, CD-ROM, optical storage, and the like.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (18)

1. A communication system, comprising:
a first virtual private cloud and a second virtual private cloud;
the first virtual private cloud comprises a service load balancer and a first virtual switch, and the second virtual private cloud comprises a plurality of servers and a second virtual switch;
the service load balancer is used for receiving access request information which is triggered by a user and corresponds to the second virtual private cloud, determining a target server from the servers, packaging the access request information into a first data message, and sending the first data message to the first virtual switch, wherein the first data message comprises a network identifier corresponding to the second virtual private cloud and a network address of the target server;
the first virtual switch is configured to determine that the first data packet is not to be encapsulated, and send the first data packet to the second virtual switch;
the second virtual switch is configured to decapsulate the first data packet to obtain a network address of the target server and the access request information, and send the access request information to the target server.
2. The system of claim 1, wherein a port of the first virtual switch used to communicate with the service load balancer is configured with a preset flag;
the service load balancer is specifically configured to: sending the first data message to the first virtual switch through the port;
the first virtual switch is specifically configured to: and determining not to package the first data message according to the preset mark, and sending the first data message to the second virtual switch.
3. The system of claim 1, wherein the service load balancer and the first virtual switch are located in a first physical host, and the plurality of servers and the second virtual switch are located in a second physical host;
the first virtual switch is specifically configured to: and modifying the source network address of the outermost layer in the first data message into the network address of the first physical host, and sending the modified first data message to the second virtual switch.
4. The system of claim 1, wherein the second virtual switch is further configured to: receiving access response information corresponding to the access request information and sent by the target server, packaging the access response information into a second data message, and sending the second data message to the first virtual switch, wherein the second data message comprises a network identifier corresponding to the second virtual private cloud;
the first virtual switch is further to: determining not to de-encapsulate the second data message, and sending the second data message to the service load balancer;
the service load balancer is further configured to: and decapsulating the second data packet to obtain the access response information.
5. The system of claim 4, wherein a port of the first virtual switch used to communicate with the service load balancer is configured with a preset flag;
the first virtual switch is specifically configured to: and determining not to de-encapsulate the second data message according to the preset mark, and sending the second data message to the service load balancer through the port.
6. A communication method is applied to a first virtual switch in a first virtual private cloud, and a service load balancer is included in the first virtual private cloud, and the method comprises the following steps:
receiving a first data message sent by the service load balancer, wherein the first data message comprises a network identifier corresponding to a second virtual private cloud and a network address of a target server; the second virtual private cloud comprises a plurality of servers and a second virtual switch, and after receiving access request information corresponding to the second virtual private cloud and triggered by a user, the service load balancer determines the target server from the plurality of servers and packages the access request information into the first data message;
determining not to package the first data message, sending the first data message to the second virtual switch, so that the second virtual switch obtains the network address of the target server and the access request information by decapsulating the first data message, and sending the access request information to the target server.
7. The method of claim 6, further comprising:
configuring a port used for communicating with the service load balancer in the first virtual switch with a preset mark;
the sending the first data packet to the second virtual switch includes:
and determining not to package the first data message received through the port according to the preset mark, and sending the first data message to the second virtual switch.
8. The method of claim 6, wherein the service load balancer and the first virtual switch are located in a first physical host, and wherein sending the first data packet to the second virtual switch comprises:
and modifying the source network address of the outermost layer in the first data message into the network address of the first physical host, and sending the modified first data message to the second virtual switch.
9. The method of claim 6, further comprising:
receiving a second data message sent by the second virtual switch, wherein the second virtual switch packages access response information into the second data message after receiving the access response information corresponding to the access request information sent by the target server;
and determining not to de-encapsulate the second data message, and sending the second data message to the service load balancer, so that the service load balancer de-encapsulates the second data message to obtain the access response information.
10. The method of claim 9, further comprising:
configuring a port used for communicating with the service load balancer in the first virtual switch with a preset mark;
the sending the second data message to the service load balancer includes:
and determining not to de-encapsulate the second data message according to the preset mark, and sending the second data message to the service load balancer through the port.
11. A communication apparatus, applied to a first virtual switch in a first virtual private cloud, wherein a service load balancer is included in the first virtual private cloud, the apparatus comprising:
a receiving module, configured to receive a first data packet sent by the service load balancer, where the first data packet includes a network identifier corresponding to a second virtual private cloud and a network address of a target server; the second virtual private cloud comprises a plurality of servers and a second virtual switch, and after receiving access request information corresponding to the second virtual private cloud and triggered by a user, the service load balancer determines the target server from the plurality of servers and packages the access request information into the first data message;
and the sending module is used for determining that the first data message is not packaged, sending the first data message to the second virtual switch, so that the second virtual switch obtains the network address of the target server and the access request information by decapsulating the first data message, and sending the access request information to the target server.
12. An electronic device, comprising: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to carry out the communication method of any one of claims 6 to 10.
13. A non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the communication method of any one of claims 6 to 10.
14. A communication method is applied to a service load balancer in a first virtual private cloud, wherein a first virtual switch is included in the first virtual private cloud, and the method comprises the following steps:
receiving access request information which is triggered by a user and corresponds to a second virtual private cloud, wherein the second virtual private cloud comprises a plurality of servers and a second virtual switch;
determining a target server from the plurality of servers;
packaging the access request information into a first data message, wherein the first data message comprises a network identifier corresponding to the second virtual private cloud and a network address of the target server;
sending the first data message to the first virtual switch, so that the first virtual switch determines not to package the first data message, and sends the first data message to the second virtual switch;
the second virtual switch obtains the network address of the target server and the access request information by decapsulating the first data packet, and sends the access request information to the target server.
15. The method of claim 14, further comprising:
receiving a second data message sent by the first virtual switch, wherein after receiving access response information corresponding to the access request information sent by the target server, the second virtual switch encapsulates the access response information into the second data message and sends the second data message to the first virtual switch; wherein the first virtual switch determines not to decapsulate the second data packet;
and decapsulating the second data packet to obtain the access response information.
16. A communication apparatus, applied to a service load balancer in a first virtual private cloud including a first virtual switch, the apparatus comprising:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving access request information which is triggered by a user and corresponds to a second virtual private cloud, and the second virtual private cloud comprises a plurality of servers and a second virtual switch;
the processing module is used for determining a target server from the plurality of servers; packaging the access request information into a first data message, wherein the first data message comprises a network identifier corresponding to the second virtual private cloud and a network address of the target server;
a sending module, configured to send the first data packet to the first virtual switch, so that the first virtual switch determines not to package the first data packet, and sends the first data packet to the second virtual switch; the second virtual switch decapsulates the first data packet to obtain a network address of the target server and the access request information, and sends the access request information to the target server.
17. An electronic device, comprising: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to carry out the communication method of claim 14 or 15.
18. A non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the communication method of claim 14 or 15.
CN202010430596.4A 2020-05-20 2020-05-20 Communication system, communication method, communication apparatus, communication device, and storage medium Active CN113709016B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010430596.4A CN113709016B (en) 2020-05-20 2020-05-20 Communication system, communication method, communication apparatus, communication device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010430596.4A CN113709016B (en) 2020-05-20 2020-05-20 Communication system, communication method, communication apparatus, communication device, and storage medium

Publications (2)

Publication Number Publication Date
CN113709016A CN113709016A (en) 2021-11-26
CN113709016B true CN113709016B (en) 2023-04-07

Family

ID=78645565

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010430596.4A Active CN113709016B (en) 2020-05-20 2020-05-20 Communication system, communication method, communication apparatus, communication device, and storage medium

Country Status (1)

Country Link
CN (1) CN113709016B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114598700B (en) * 2022-01-25 2024-03-29 阿里巴巴(中国)有限公司 Communication method and communication system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533063A (en) * 2013-10-18 2014-01-22 北京华胜天成科技股份有限公司 Method and device capable of realizing dynamic expansion of WEB (World Wide Web) application resource

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101827039B (en) * 2010-06-04 2013-03-20 杭州华三通信技术有限公司 Method and equipment for load sharing
US20160065479A1 (en) * 2014-08-26 2016-03-03 rift.IO, Inc. Distributed input/output architecture for network functions virtualization
JP6505172B2 (en) * 2016-08-25 2019-04-24 エヌエイチエヌ エンターテインメント コーポレーションNHN Entertainment Corporation Method and system for handling load balancing utilizing virtual switches in a virtual network environment
CN106789667B (en) * 2016-11-21 2021-01-01 华为技术有限公司 Data forwarding method, related equipment and system
CN110708393B (en) * 2019-10-21 2023-11-21 北京百度网讯科技有限公司 Method, device and system for transmitting data

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533063A (en) * 2013-10-18 2014-01-22 北京华胜天成科技股份有限公司 Method and device capable of realizing dynamic expansion of WEB (World Wide Web) application resource

Also Published As

Publication number Publication date
CN113709016A (en) 2021-11-26

Similar Documents

Publication Publication Date Title
US11671367B1 (en) Methods and apparatus for improving load balancing in overlay networks
US10862732B2 (en) Enhanced network virtualization using metadata in encapsulation header
US11088872B2 (en) Servicing packets in a virtual network and a software-defined network (SDN)
US10541836B2 (en) Virtual gateways and implicit routing in distributed overlay virtual environments
US10778532B2 (en) Overlay network movement operations
US10237230B2 (en) Method and system for inspecting network traffic between end points of a zone
US9325524B2 (en) Overlay network capable of supporting storage area network (SAN) traffic
TWI504193B (en) Method and system for offloading tunnel packet processing in cloud computing
WO2021135471A1 (en) Data transmission method and apparatus, network card and storage medium
CN110999265B (en) Managing network connectivity between cloud computing service endpoints and virtual machines
US20150358232A1 (en) Packet Forwarding Method and VXLAN Gateway
US20160366046A1 (en) Support for high availability of service appliances in a software-defined network (sdn) service chaining infrastructure
CN113326228B (en) Message forwarding method, device and equipment based on remote direct data storage
CN110311860B (en) Multilink load balancing method and device under VXLAN
WO2015113410A1 (en) Data packet processing method and apparatus
CN112671628A (en) Business service providing method and system
US11470071B2 (en) Authentication for logical overlay network traffic
US20220239629A1 (en) Business service providing method and system, and remote acceleration gateway
CN113709016B (en) Communication system, communication method, communication apparatus, communication device, and storage medium
CN115913819A (en) Communication method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant