CN115955502A - Host network communication data transmission method and device - Google Patents
Host network communication data transmission method and device Download PDFInfo
- Publication number
- CN115955502A CN115955502A CN202211680578.7A CN202211680578A CN115955502A CN 115955502 A CN115955502 A CN 115955502A CN 202211680578 A CN202211680578 A CN 202211680578A CN 115955502 A CN115955502 A CN 115955502A
- Authority
- CN
- China
- Prior art keywords
- communication
- node
- network
- communication data
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a method and a device for transmitting host network communication data, wherein a preset data transmission channel is pre-established, (used for carrying out host network communication data interaction between a cloud node and an edge node), and the method comprises the following steps: the method comprises the steps of obtaining first communication data of a first communication assembly in a cloud end node, wherein the first communication assembly is used for realizing transmission of host network communication data in the cloud end node; when the first communication assembly and the second communication assembly meet preset communication conditions, first communication data are sent to a gateway node; the gateway node is used for determining second communication data based on the first communication data and sending the second communication data to the second communication assembly through a preset data transmission channel. The method and the device solve the problem that the network cannot be communicated between the host network pod in the cloud end node and the host network pod in the edge end node in the related technology.
Description
Technical Field
The present application relates to the field of network communications technologies, and in particular, to a method and an apparatus for transmitting data in host network communications.
Background
In order to improve the processing rate of the service, the application service is deployed in the pod of the edge node where the user is located through a container arrangement system (kubernets, k8 s), but in an edge computing scenario, a native k8s system does not support cross-domain communication, so that a cloud-edge data plane network is not connected.
In the related art, in order to solve the problem that a cloud-edge data plane network cannot be connected in an edge computing scene, a Fabedge is provided, which is an open-source security edge network solution based on k8s, supports cloud-edge and edge cooperation, and solves the problems of complex configuration management, network isolation, lack of topology sensing routing and the like. By selecting a node with a public network address at the cloud end as a cloud gateway and combining with an IPSec security encryption technology, cloud side communication traffic is encrypted and forwarded, and the problem that a cloud side network is not communicated in an edge computing scene is solved. However, fabedge only addresses container network communication of the cloud edge K8S cluster. However, as shown in fig. 1, the host network pod in the cloud node and the host network pod in the edge node still have the problem that the host networks are not connected.
Disclosure of Invention
The application provides a host network communication data transmission method and device, which are used for solving the problem that host networks are not communicated between a host network pod in a cloud node and a host network pod in an edge node under an edge scene.
A first aspect of the present application provides a host network communication data transmission method, which pre-establishes a preset data transmission channel, where the preset data transmission channel is used for performing interaction of host network communication data between a cloud node and an edge node, and the method includes:
obtaining first communication data of a first communication component in the cloud node, wherein the first communication component is used for realizing transmission of host network communication data in the cloud node;
determining whether the first communication component and a second communication component of the edge nodes meet the preset communication condition;
when the first communication assembly and the second communication assembly meet preset communication conditions, the first communication data are sent to a gateway node; the gateway node is configured to determine second communication data based on the first communication data, and send the second communication data to the second communication component through the preset data transmission channel.
A second aspect of the present application provides a host network communication data transmission apparatus, comprising:
the system comprises a first processing module, a second processing module and a third processing module, wherein the first processing module is used for establishing a preset data transmission channel in advance, and the preset data transmission channel is used for carrying out interaction of host network communication data between a cloud end node and an edge end node;
the second processing module is used for obtaining first communication data of a first communication component in a cloud node, and the first communication component is used for realizing transmission of host network communication data in the cloud node;
a third processing module, configured to determine whether the first communication component and a second communication component in the edge node satisfy the preset communication condition;
the fourth processing module is used for sending the first communication data to a gateway node when the first communication component and the second communication component meet preset communication conditions; the gateway node is configured to determine second communication data based on the first communication data, and send the second communication data to the second communication component through a preset data transmission channel.
A third aspect of the present application provides an electronic device comprising: a processor; and a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the host network communication data transfer method as described above.
A fourth aspect of the present application provides a non-transitory machine-readable storage medium having stored thereon executable code that, when executed by a processor of an electronic device, causes the processor to perform a host network communication data transmission method as described above.
The technical scheme provided by the application can comprise the following beneficial effects:
according to the technical scheme, a preset data transmission channel is established in advance and used for interaction of host network communication data between a cloud node and a side node, and the method comprises the following steps: the method comprises the steps of obtaining first communication data of a first communication assembly in a cloud end node, wherein the first communication assembly is used for realizing transmission of host network communication data in the cloud end node; determining whether the first communication assembly and a second communication assembly in the edge node meet a preset communication condition; when the first communication assembly and the second communication assembly meet preset communication conditions, first communication data are sent to a gateway node; the gateway node is used for determining second communication data based on the first communication data and sending the second communication data to the second communication assembly through a preset data transmission channel. Therefore, the first communication component in the cloud end node can send the first communication data to the gateway node, and then the gateway node sends the first communication data to the second communication component in the edge end node through the preset data transmission channel, so that transmission between the first communication component in the cloud end node and the second communication component in the edge end node is realized, and the problem that a host network pod in the cloud end node and a host network pod in the edge end node are not communicated with each other in the related technology is solved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The foregoing and other objects, features and advantages of the application will be apparent from the following more particular descriptions of exemplary embodiments of the application, as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts throughout the exemplary embodiments of the application.
Fig. 1 is a schematic diagram illustrating data transmission between a cloud gateway node and an edge node according to the related art;
FIG. 2 is a flow chart illustrating a method for host network communication data transmission according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating data transmission between a cloud gateway node and an edge node according to an embodiment of the present application;
FIG. 4 is a flow chart illustrating another method for host network communication data transmission according to an embodiment of the present application;
fig. 5 is a schematic flowchart illustrating a process of determining whether a first communication component and a second communication component satisfy a preset communication condition according to an embodiment of the present application;
fig. 6 is a schematic diagram illustrating data transmission between a cloud gateway node and an edge node according to an embodiment of the present application;
FIG. 7 is a block diagram of a host network communication data transfer device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device shown in an embodiment of the present application.
Detailed Description
Preferred embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present application are shown in the drawings, it should be understood that the present application may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms "first," "second," "third," etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "a plurality" means two or more unless specifically limited otherwise.
In the related technology, a cloud node is a center of cloud computing, and an edge node is an edge side of the cloud computing; the cloud end node can control the edge end node; as shown in fig. 1, a k8s cluster may be divided into a cloud and an edge, where an upper side in the figure is the cloud, a lower side in the figure is the edge, the cloud may include a plurality of cloud nodes, and the edge may include a plurality of edge nodes; the cloud end node and the side end node both comprise a host Network pod and a Container Network pod, and the Container Network pod can correspond to a Container Network Interface (CNI) which concerns the Network connection of the Container and distributes Network resources for the Container. However, since the cloud end node and the edge end node are both in the intranet, the networks of the host network pod of the cloud end node and the host network pod of the edge end node cannot be connected.
The technical solutions of the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 2 is a flowchart illustrating a host network communication data transmission method according to an embodiment of the present application. As shown in fig. 2, the present application provides a host network communication data transmission method, which pre-establishes a preset data transmission channel, where the preset data transmission channel is used for performing interaction of host network communication data between a cloud node and an edge node, and the method specifically includes the following steps:
s201: the method comprises the steps of obtaining first communication data of a first communication assembly in a cloud node, wherein the first communication assembly is used for achieving transmission of host network communication data in the cloud node.
In the normal business process, the applications deployed on the pod in k8s are all called services, and each business may correspond to one or more services, that is, each business may be executed by one or more pods. Since the service is deployed in the host network pod of the edge node in k8s, when executing a certain service, the host network pod of the edge node needs to acquire data required by the service from the cloud node, and at this time, the host network pod of the edge node needs to perform host network communication data interaction with the host network pod of the cloud node.
In a practical implementation manner, when it is determined that a certain service needs to be executed by the second communication component, the service and data required by the service may be determined as first communication data; alternatively, after receiving a data acquisition request for a certain service sent by the second communication component, the first communication component may process the data acquisition request, so that the first communication component acquires data required by the service based on the data acquisition request, and determines the acquired data as the first communication data. It should be noted that the first communication data may be host network communication data actively sent by the first communication component to the second communication component, or may also be host network communication data passively sent to the second communication component, and the step of determining the first communication data is described in this embodiment by taking the above two manners as examples, and the embodiment of this application does not limit the determination manner of the first communication data.
S202: it is determined whether the first communication component and a second communication component in the edge node satisfy a preset communication condition.
In the embodiment of the application, the preset communication condition is used for determining whether the first communication assembly and the second communication assembly can perform interaction of host computer network communication data through a preset data transmission channel; the preset communication condition may be preset, and may be set according to a network address and a network port of the first preset component and a network address and a network port of the second preset component, and may also be set according to other data, which is not limited in this embodiment of the present application.
S203: and when the first communication component and the second communication component meet the preset communication condition, sending the first communication data to the gateway node.
The gateway node is used for determining second communication data based on the first communication data and sending the second communication data to a second communication component in the side end node through a preset data transmission channel.
In an embodiment of the present application, a method for establishing a preset data transmission channel includes: acquiring first network information provided by a user, and issuing the first network information to the edge node through a K8S cluster channel; after the edge node receives the first network information, a preset data transmission channel is established between the edge node and the cloud end node according to the first network information.
It should be noted that the preset data transmission channel is used for performing host network communication data interaction between the cloud end node and the edge end node, that is, host network communication data interaction between the first communication component in the cloud end node and the second communication component in the edge end node can be realized through the preset data transmission channel; the preset data transmission channel is a data transmission channel between the gateway node and the edge node, and the preset data transmission channel is used for transmitting host network communication data between the first communication component and the second communication component which meet preset communication conditions.
It should be noted that the preset data transmission channel is different from a data transmission channel in the prior art in which the cloud end node issues the control data to the edge end node, and is also different from a data transmission channel for data transmission between the cloud end nodes; in a practical implementation manner, the predetermined data transmission channel may be an Internet Protocol Security (IPSEC) tunnel. The gateway node is a node selected from a plurality of cloud nodes included in the cloud and is used for forwarding host network communication data transmitted between the first communication component and the second communication component so as to realize host network communication data interaction between the first communication component and the second communication component.
In the embodiment of the application, under the condition that the first communication component and the second communication component are determined to meet the preset communication condition, the first communication data is sent to the gateway node, that is, not all data can carry out host network communication data interaction through the gateway node and the preset data transmission channel, and only under the condition that the first communication component and the second communication component meet the preset communication condition, host network communication data interaction between the first communication component and the second communication component can be carried out through the gateway node and the preset data transmission channel; wherein, it can be determined by the routing rule in fig. 3 that the first communication component and the second communication component satisfy the preset communication condition.
In a specific feasible implementation manner, as the cloud end node and the gateway node are in the same network, the cloud end node and the gateway node can use a data transmission channel of an existing cloud end intranet to perform interaction of first communication data; in this case, the first communication component of the cloud node may send the first communication data to the gateway node through the cloud intranet, the gateway node sends the first communication data to the second communication component of the edge node through the specially set preset data transmission channel, and at this time, the interaction of the host network communication data is performed between the first communication component of the cloud node and the second communication component of the edge node through the cloud intranet between the cloud node and the gateway node and the specially set preset data transmission channel for transmitting the communication data across the network between the gateway node and the edge node; the data transmission channel of the cloud intranet may be a Virtual eXtensible Local Area Network (VXLAN) tunnel. As shown in fig. 3, the cloud node and the gateway node are in the same network, and may send the first communication data to the gateway node through the VXLAN tunnel, and the gateway node and the edge node are in different networks, and may send the first communication data to the second communication component of the edge node through the specially configured IPSEC tunnel, so as to implement the interaction of the host network communication data between the first communication component of the cloud node and the second communication component of the edge node.
Although the cloud end node in the K8s can issue the configuration data to the edge end node, the data interaction between the cloud end node and the edge end node, that is, the data interaction between the two nodes, cannot achieve the data interaction between the host network pod in the cloud end node and the host network pod in the edge end node, and the cloud end node and the edge end node belong to cross-network communication. In the embodiment of the application, when the host network pod in the cloud node and the host network pod in the edge node satisfy the preset communication condition, the host network pod in the cloud node may first send the first communication data to the gateway node, and then the gateway node sends the first communication data to the host network pod in the edge node through the specially-set preset data transmission channel, so that transmission of the host network communication data between the host network pod in the cloud node and the host network pod in the edge node is achieved.
According to the host network communication data transmission method provided by the embodiment of the application, the first communication component in the cloud node can firstly send the first communication data to the gateway node, and then the gateway node sends the first communication data to the second communication component in the edge node through the specially-arranged preset data transmission channel, so that the transmission of host network communication data between the first communication component in the cloud node and the second communication component in the edge node is realized, and the problem that the host network pod in the cloud node and the host network pod in the edge node are not communicated with each other in the related art is solved.
Based on the foregoing embodiments, an embodiment of the present application provides a host network communication data transmission method, which is shown in fig. 4 and includes the following steps:
s401: the initial communication data of the first communication assembly in the cloud node are determined by the cloud node.
In this application embodiment, the communication component of the cloud node and the communication component of the edge node may perform interaction of host network communication data, that is, the communication component of the cloud node may send host network communication data to the communication component of the edge node, and the communication component of the edge node may also send host network communication data to the communication component of the cloud node.
In this embodiment, the initial communication data is data required by the current service, that is, data for communication between the gateway node host network and the edge node host network. In a specific feasible implementation manner, the initial communication data of the first communication component may be acquired from a database corresponding to the cloud end node according to the service identifier of the current service.
S402: the cloud end node performs first packaging on a first target address in the initial communication data based on the network information corresponding to the network node point to obtain first communication data.
In an embodiment of the present application, the network information may include a network address and a network port. The network information corresponding to the gateway node may be used to determine a gateway node, and the network information corresponding to the gateway node may include an Internet Protocol (IP) address interconnected between networks of the gateway node. The first communication data is service data obtained by encapsulating the initial communication data based on the network information corresponding to the gateway node point, and only the public network address is exposed to the outside, so that the safety of the service data is ensured. The initial communication data are [ gateway node host IP, edge node host IP ], the first target address is a receiving address, and since the first communication data of the first communication component in the cloud node can be transmitted to the second communication component of the edge node only through the gateway node, the receiving address in the initial service data needs to be encapsulated based on the network information corresponding to the gateway node to obtain the first communication data, so that the first communication data are sent to the gateway node.
In a specific feasible implementation manner, an address conversion rule can be adopted, and a first target address in the initial communication data is encapsulated based on network information corresponding to the gateway node point to obtain first communication data; the Address Translation rule may be a Network Address Translation (NAT) rule. Specifically, an NAT rule may be adopted, and the sending address and the receiving address in the initial communication data are encapsulated based on the host IP of the cloud node and the host IP of the gateway node to obtain the first communication data, that is, the sending address is the host IP of the cloud node at this time, and the receiving address is the host IP of the gateway node at this time, that is, the sender of the first communication data is the cloud node at this time, and the receiver is the gateway node, so as to send the first communication data of the first communication component to the gateway node. It should be noted that the cloud node sets the next-hop gateway as the network information of the gateway node through the NAT rule, so as to transmit the first communication data to the gateway node, and further transmit the first communication data to the second communication component of the edge node through the gateway node.
It should be noted that the initial communication data may include network information of the first communication component and network information of the second communication component, the first destination address in the initial communication data is first encapsulated based on the network information corresponding to the gateway node, the first communication data may be sent to the gateway node, the gateway node may also know that the first communication data is to be sent to the second communication component of the edge node, and security of the service data, the network information of the first communication component, and the network information of the second communication component may also be ensured.
S403: the cloud node determines first network information corresponding to the first communication assembly and second network information corresponding to the second communication assembly.
The first network information is used for determining the first communication component, and the second network information is used for determining the second communication component.
In an embodiment of the application, the first communication component is a sender and the second communication component is a receiver. The first network information is network information of the first communication component, that is, network information of a sender, that is, a source address; the first network information is used to determine the first communication component, that is, the first communication component can be found through the first network information; the first network information may include a first network address and a first network port; the first network address may be an IP address of the first communication component and the first network port may be a host network pod segment of the first communication component. The second network information is the network information of the second communication component, that is, the network information of the receiver, that is, the destination address; the second network information is used for determining a second service component, that is, a second communication component can be found through the second network information; the second network information may include a second network address and a second network port; the second network address may be an IP address of the second communication component and the second network port may be a host network pod segment of the second communication component. In a particularly feasible implementation, the network information of the first communication component (i.e. the first network information) and the network information of the second communication component (i.e. the second network information) may be determined directly; alternatively, the first network information and the second network information may be determined from the initial communication data.
S404: the cloud node determines whether the first communication assembly and the second communication assembly meet preset communication conditions or not based on the first network information and the second network information.
In this embodiment, whether the first communication component and the second communication component satisfy the preset communication condition may be determined based on the network information of the first communication component and the network information of the second communication component, that is, whether the first communication component and the second communication component are capable of performing interaction of host network communication data through the gateway node and the preset data transmission channel may be determined based on the network information of the first communication component and the network information of the second communication component.
Wherein, S404 can be implemented by the following steps:
s404a: yun Duanjie matches the first network address and the second network address with the first routing table.
In an embodiment of the present application, the first routing table is used to determine whether a network address of the first communication component is capable of interacting with a network address of the second communication component for host network communication data. And matching the first network address and the second network address with the first routing table, namely matching the source address and the destination address with the first routing table. In a specific feasible implementation manner, the network address of the communication component of the cloud node and the network address of the communication component of the edge node, which are capable of performing host network communication data interaction, may be stored in the first routing table in advance, so that after the first network address and the second network address are determined, the first network address and the second network address may be matched with the first routing table to determine whether host network communication data interaction can be performed between the first communication component and the second communication component.
S404b: and under the condition of successful matching with the first routing table, the cloud end node matches the first network port and the second network port with the second routing table.
The first network information comprises a first network address and a first network port, and the second network information comprises a second network address and a second network port.
In the embodiment of the present application, the second routing table is used for performing filtering again according to the network port; since the source address and the destination address of the configuration data issued by the cloud node to the edge node may be the same as the first network address and the second network address, it is not desirable to pass the gateway node and the preset data transmission channel through the configuration data, and therefore, the configuration data needs to be filtered again according to the network port. One network address can correspond to a plurality of network ports, but the network ports can be more accurately positioned to the communication components, so that the communication components which can carry out host network communication data transmission through the gateway node and the preset data transmission channel can be more accurately determined by filtering again according to the network ports.
S404c: and under the condition that the first communication component and the second communication component are successfully matched with the second routing table, the cloud end node determines that the first communication component and the second communication component meet preset communication conditions.
In the embodiment of the present application, successful matching with the second routing table indicates that matching of the first routing table and the second routing table has already been passed at this time, and in this case, it is determined that the first communication component and the second communication component satisfy the target communication condition.
In the embodiment of the present application, both the first routing table and the second routing table may be set in the routing rule shown in fig. 3. Specifically, after first communication data of a first communication component is determined, the first communication data may be judged through a first routing table, a destination address corresponding to the first communication data is matched with the first routing table, the IPSEC module may be entered after successful matching, that is, matching is continued according to a second routing table, a source address and a destination address corresponding to the first communication data are matched with the second routing table, after successful matching, a first network port of a sender and a second network port of a receiver corresponding to the first communication data are matched with the second routing table, and after successful matching, the first communication component and the second communication component are determined to meet a preset communication condition; if the data is not matched at any time, the data cannot be transmitted through the gateway node and the preset data transmission channel for host network communication data transmission.
405: under the condition that the first communication assembly and the second communication assembly meet the preset communication conditions, the cloud end node sends first communication data to the gateway node.
The gateway node is used for determining second communication data based on the first communication data and sending the second communication data to a second communication component in the side end node through a preset data transmission channel; the preset data transmission channel is used for realizing host computer network communication data interaction between the first communication component and the second communication component.
In this embodiment of the present application, when it is determined that the first communication component and the second communication component satisfy the preset communication condition, the first communication data after encapsulation is sent, that is, the first communication data encapsulates the initial communication data according to the IP address of the gateway node.
406: the gateway node receives first communication data of a first communication assembly in the cloud node, wherein the first communication data are sent by the cloud node.
In the embodiment of the present application, the first communication data obtained by encapsulating the destination address of the initial communication data according to the IP address of the gateway node is received at this time.
407: and the gateway node de-encapsulates the first communication data to obtain initial communication data of the first communication assembly in the cloud node.
In this embodiment of the application, since the first communication data is data obtained by encapsulating the destination address of the initial communication data according to the IP address of the gateway node, the first communication data needs to be decapsulated to obtain the initial communication data, and the initial source address and the initial destination address are exposed. In a specific feasible implementation manner, the first communication data may be decapsulated by using an Xfrm rule to obtain the initial communication data.
408: and the gateway node performs second encapsulation on a second target address in the initial communication data based on the network information of the gateway node to obtain second communication data.
In this embodiment, the second communication data is data obtained by performing second encapsulation on the second destination address in the initial communication data based on the network information of the gateway node. The second destination address is a send address. The second encapsulation is performed on the sending address in the initial communication data based on the network information of the gateway node, so that when the gateway node sends the service data to the second communication component of the edge node, the sending address is modified into the network information of the gateway node, and therefore it is convenient to know from which the communication data comes, which nodes pass through in the middle and which the communication data is to be transmitted.
In a specific feasible implementation manner, an address conversion rule may be adopted, and second encapsulation is performed on a second target address in the initial communication data based on network information corresponding to the gateway node point, so as to obtain second communication data. Specifically, the NAT rule may be adopted, and the second communication data is obtained by encapsulating the sending address and the receiving address in the initial communication data based on the IP address of the gateway node and the IP address of the edge node, that is, the sending address is the host IP of the gateway node at this time, and the receiving address is the host IP of the edge node at this time, that is, the sender of the second communication data is the gateway node at this time, and the receiver is the second communication component of the edge node at this time, so that the second communication data is sent to the second communication component of the edge node through the gateway node.
In other embodiments of the present application, xfrm rule matching may be performed by the IPSEC module of the gateway node, and after matching is successful, the Xfrm rule is encapsulated by the IPSEC tunnel into second communication data.
409: and the gateway node sends the second communication data to a second communication component in the side node through a preset data transmission channel.
The preset data transmission channel is used for interacting host network communication data between the cloud end node and the side end node.
In the embodiment of the application, second communication data obtained by performing second encapsulation on a second target address in the initial communication data based on network information corresponding to the gateway node point is received at this time; after receiving the second communication data, xfrm rule matching can be carried out through the IPSEC module, and after the matching is successful, the second communication data is unpacked to expose an initial source address and a destination address [ a gateway node host IP, a side node host IP ]; when the second communication assembly of the edge node replies the data, the reply data can be sent to the first communication assembly of the cloud end node according to the original path.
In a specific and feasible implementation manner, the intranet IPs and the pod network segments of all the nodes in the cloud can be added into the IPSEC module of the gateway node for encapsulation configuration, the intranet IPs and the pod network segments of all the nodes in the edge can be added into the IPSEC module of the gateway node for encapsulation configuration, so that the gateway node can also match the initial original address and the destination address according to the IPSEC module before sending the second communication data, and after the matching is successful, the second communication data is sent to the second communication component of the edge node through a preset data transmission channel to ensure the security of the service data.
It should be noted that when the first communication component of the cloud node sends the first communication data to the gateway node, the receiving address of the initial communication data is first encapsulated based on the network information of the gateway node, and when the gateway node sends the second communication data to the second communication component of the edge node, the sending address of the initial communication data is second encapsulated based on the network information of the gateway node, so that cloud edge network intercommunication and symmetric receiving and sending packet paths can be realized, and operation and maintenance personnel can conveniently research and analyze the transmission condition of the communication data.
In the embodiment of the present application, the rule configurations of the cloud node, the gateway node, and the edge node may be as shown in the above table: dst is a destination address, src is a source address and Gw is a gateway node; the method comprises the steps that a destination address can be known to be an edge node (edge _ node _ ip) through a routing rule of a cloud node, a next hop gateway is a gateway node, communication data are sent from a flannel.1 network port of the gateway node, and the communication data need to be encapsulated through an address MASQUERADE (MASQ) rule of an NAT rule under the condition that a first communication component and a second communication component meet preset communication conditions, so that the safety of service data is protected; the Xfrm rule of the gateway node is used for de-encapsulating the received communication data to expose a source address and a destination address before encapsulation; and the gateway node modifies the source address of the de-encapsulated communication data by adopting an MASQ rule and then sends the modified communication data to a second communication component of the edge node.
As shown in fig. 6, when the first communication component of the cloud node sends the initial communication data to the second communication component of the edge node, the routing rule may be matched first, the initial communication data is sent to the next-hop gateway node fl.1 through the fl.1 gateway, then source address conversion is performed, the first communication data is obtained by encapsulating through the fl, and the first communication data is sent to the gateway node through the Vxlan tunnel; after receiving the first communication data, the gateway node performs decapsulation through the flannel to obtain initial communication data, then performs routing forwarding, the initial communication data passes through the IPsec module, and after matching with the Xfrm rule is successful, the initial communication data is encapsulated by the IPSEC tunnel to obtain second communication data, and then the second communication data is forwarded to the edge node; after the border node receives the second communication data, after the second communication data passes through the IPsec module and is successfully matched with the Xfrm rule, the second communication data is unpacked to expose the initial source address, the initial destination address and the initial communication data; when the second communication assembly of the edge node replies the data, the original path can be adopted to send the reply data to the first communication assembly of the cloud node.
The host network communication data transmission method provided by the embodiment of the application realizes safe cloud-side interconnection through the IPSEC tunnel, realizes networking drainage by combining routing and NAT technologies, and achieves the aim of full intercommunication of cloud-side networks; the rule configuration corresponding to the preset communication condition can be deployed in a plug-in mode, the system configuration of k8s is not modified, zero modification and zero intrusion to k8s are realized, the purpose of separating a control plane from a data plane is also realized, namely, only the service data of the data plane can be transmitted through a gateway node and a preset data transmission channel, and the data of the control plane is transmitted through an original one-way channel; the gateway node can also be in a master-slave mode, and the control node detects the state of the master gateway node and performs abnormal switching; and the cloud non-cluster nodes are switched without sensing through the VIP technology.
It should be noted that, for the descriptions of the same steps and the same contents in this embodiment as those in other embodiments, reference may be made to the descriptions in other embodiments, which are not described herein again.
According to the host network communication data transmission method provided by the embodiment of the application, the first communication component in the cloud node can firstly send the first communication data to the gateway node, and then the gateway node sends the first communication data to the second communication component in the edge node through the preset data transmission channel, so that transmission between the first communication component in the cloud node and the second communication component in the edge node is realized, and the problem that a host network pod in the cloud node and a host network pod in the edge node are not communicated with each other in the related technology is solved.
Corresponding to the embodiment of the application function implementation method, the application also provides a data transmission device, electronic equipment and a corresponding embodiment.
Fig. 7 is a schematic structural diagram of a host network communication data transmission apparatus according to an embodiment of the present application.
Referring to fig. 7, an embodiment of the present application provides a host network communication data transmission apparatus, which specifically includes:
the first processing module 701 is configured to pre-establish a preset data transmission channel, where the preset data transmission channel is used for performing interaction of host network communication data between a cloud node and an edge node;
a second processing module 702, configured to obtain first communication data of a first communication component in a cloud node, where the first communication component is used to implement transmission of host network communication data in the cloud node;
a third processing module 703, configured to determine whether the first communication component and a second communication component in the edge node satisfy the preset communication condition;
a fourth processing module 704, configured to send the first communication data to a gateway node when the first communication component and the second communication component meet a preset communication condition; the gateway node is configured to determine second communication data based on the first communication data, and send the second communication data to the second communication component through a preset data transmission channel.
Further, the first processing module 701 is specifically configured to:
acquiring first network information provided by a user, and issuing the first network information to the edge node through a K8S cluster channel;
and after receiving the first network information, the edge node establishes the preset data transmission channel between the edge node and the cloud node according to the first network information.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 8 is a schematic structural diagram of an electronic device shown in an embodiment of the present application.
Referring to fig. 8, an electronic device 800 includes a memory 810 and a processor 820.
The Processor 820 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 810 may include various types of storage units, such as system memory, read Only Memory (ROM), and permanent storage. Wherein the ROM may store static data or instructions for the processor 820 or other modules of the computer. The persistent storage device may be a read-write storage device. The persistent storage may be a non-volatile storage device that does not lose stored instructions and data even after the computer is powered off. In some embodiments, the persistent storage device employs a mass storage device (e.g., magnetic or optical disk, flash memory) as the persistent storage device. In other embodiments, the permanent storage may be a removable storage device (e.g., floppy disk, optical drive). The system memory may be a read-write memory device or a volatile read-write memory device, such as a dynamic random access memory. The system memory may store instructions and data that some or all of the processors require at runtime. In addition, the memory 810 may include any combination of computer-readable storage media, including various types of semiconductor memory chips (DRAM, SRAM, SDRAM, flash memory, programmable read-only memory), magnetic and/or optical disks, may also be employed. In some embodiments, memory 810 may include a removable storage device that is readable and/or writable, such as a Compact Disc (CD), a read-only digital versatile disc (e.g., DVD-ROM, dual layer DVD-ROM), a read-only Blu-ray disc, an ultra-density optical disc, a flash memory card (e.g., SD card, min SD card, micro-SD card, etc.), a magnetic floppy disc, or the like. Computer-readable storage media do not contain carrier waves or transitory electronic signals transmitted by wireless or wired means.
The memory 810 has stored thereon executable code that, when processed by the processor 820, may cause the processor 820 to perform some or all of the methods described above.
The aspects of the present application have been described in detail hereinabove with reference to the accompanying drawings. In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments. Those skilled in the art should also appreciate that the acts and modules referred to in the specification are not necessarily required in the present application. In addition, it can be understood that the steps in the method of the embodiment of the present application may be sequentially adjusted, combined, and deleted according to actual needs, and the modules in the device of the embodiment of the present application may be combined, divided, and deleted according to actual needs.
Furthermore, the method according to the present application may also be implemented as a computer program or computer program product comprising computer program code instructions for performing some or all of the steps of the above-described method of the present application.
Alternatively, the present application may also be embodied as a non-transitory machine-readable storage medium (or computer-readable storage medium, or machine-readable storage medium) having stored thereon executable code (or a computer program, or computer instruction code) which, when executed by a processor of an electronic device (or electronic device, server, etc.), causes the processor to perform part or all of the various steps of the above-described method according to the present application.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the applications disclosed herein may be implemented as electronic hardware, computer software, or combinations of both.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and methods according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Having described embodiments of the present application, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (10)
1. A host network communication data transmission method, wherein a preset data transmission channel is pre-established, the preset data transmission channel being used for host network communication data interaction between a cloud node and an edge node, the method comprising:
obtaining first communication data of a first communication component in the cloud node, wherein the first communication component is used for realizing transmission of host network communication data in the cloud node;
determining whether the first communication component and a second communication component in the edge node satisfy the preset communication condition;
when the first communication assembly and the second communication assembly meet preset communication conditions, the first communication data are sent to a gateway node; the gateway node is configured to determine second communication data based on the first communication data, and send the second communication data to the second communication component through the preset data transmission channel.
2. The method according to claim 1, wherein the method for establishing the predetermined data transmission channel comprises:
acquiring first network information provided by a user, and issuing the first network information to the edge node through a K8S cluster channel;
and after receiving the first network information, the edge node establishes the preset data transmission channel between the edge node and the cloud node according to the first network information.
3. The method according to claim 2, wherein the determining whether the first communication component and the second communication component satisfy the preset communication condition specifically includes:
determining the first network information corresponding to the first communication component and the second network information corresponding to the second communication component; wherein the first network information is used to determine the first communication component and the second network information is used to determine the second communication component;
determining whether the first communication component and the second communication component satisfy the preset communication condition based on the first network information and the second network information.
4. The method of claim 3, wherein the determining whether the first communication component and the second communication component satisfy the preset communication condition based on the first network information and the second network information comprises:
acquiring a first network address and a first network port in the first network information;
acquiring a second network address and a second network port in the second network information;
matching the first network address and the second network address with a first routing table;
matching the first network port and the second network port with a second routing table under the condition of successful matching with the first routing table;
and under the condition that the matching with the second routing table is successful, determining that the first communication component and the second communication component meet the preset communication condition.
5. The method of claim 1, wherein obtaining first communication data of a first communication component in a cloud node comprises:
determining initial communication data of a first communication component in the cloud node;
and packaging the first target address in the initial communication data based on the network information corresponding to the network joint point to obtain the first communication data.
6. The method of claim 1, wherein determining second communication data based on the first communication data comprises:
decapsulating the first communication data to obtain initial service data of a first communication component in the cloud node;
and packaging a second target address in the initial communication data based on the network information corresponding to the network joint point to obtain the second communication data.
7. A host network communication data transmission apparatus, comprising:
the system comprises a first processing module, a second processing module and a third processing module, wherein the first processing module is used for establishing a preset data transmission channel in advance, and the preset data transmission channel is used for carrying out interaction of host network communication data between a cloud end node and an edge end node;
the second processing module is used for obtaining first communication data of a first communication component in a cloud node, and the first communication component is used for realizing transmission of host network communication data in the cloud node;
a third processing module, configured to determine whether the first communication component and a second communication component in the edge node satisfy the preset communication condition;
the fourth processing module is used for sending the first communication data to a gateway node when the first communication component and the second communication component meet preset communication conditions; the gateway node is configured to determine second communication data based on the first communication data, and send the second communication data to the second communication component through a preset data transmission channel.
8. The apparatus of claim 7, wherein the first processing module is specifically configured to:
acquiring first network information provided by a user, and issuing the first network information to the edge node through a K8S cluster channel;
and after receiving the first network information, the edge node establishes the preset data transmission channel between the edge node and the cloud node according to the first network information.
9. An electronic device, comprising: a processor; and a memory having executable code stored thereon that, when executed by the processor, causes the processor to perform the host network communication data transfer method of any of claims 1-6.
10. A non-transitory machine-readable storage medium having stored thereon executable code that, when executed by a processor of an electronic device, causes the processor to perform the host network communication data transmission method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211680578.7A CN115955502A (en) | 2022-12-27 | 2022-12-27 | Host network communication data transmission method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211680578.7A CN115955502A (en) | 2022-12-27 | 2022-12-27 | Host network communication data transmission method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115955502A true CN115955502A (en) | 2023-04-11 |
Family
ID=87285664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211680578.7A Pending CN115955502A (en) | 2022-12-27 | 2022-12-27 | Host network communication data transmission method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115955502A (en) |
-
2022
- 2022-12-27 CN CN202211680578.7A patent/CN115955502A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11818040B2 (en) | Systems and methods for a VLAN switching and routing service | |
| US20210168114A1 (en) | Techniques for managing software defined networking controller in-band communications in a data center network | |
| CN110999265B (en) | Managing network connectivity between cloud computing service endpoints and virtual machines | |
| WO2021135471A1 (en) | Data transmission method and apparatus, network card and storage medium | |
| US9414136B2 (en) | Methods and apparatus to route fibre channel frames using reduced forwarding state on an FCoE-to-FC gateway | |
| CN113411243B (en) | Data transmission method and device | |
| US10148458B2 (en) | Method to support multi-protocol for virtualization | |
| US10020954B2 (en) | Generic packet encapsulation for virtual networking | |
| CN107645433B (en) | Message forwarding method and device | |
| CN112511444A (en) | Multicast traffic transmission method, device, communication node and storage medium | |
| EP2893676A1 (en) | Packet forwarding | |
| CN106878134B (en) | Data center intercommunication method and device | |
| CN107659484B (en) | Method, device and system for accessing VXLAN network from VLAN network | |
| CN107547340B (en) | Message forwarding method and device | |
| US9608902B2 (en) | Communication mechanism in a network of nodes with multiple interfaces | |
| CN112449751B (en) | Data transmission method, switch and station | |
| US11296979B2 (en) | Method and system for symmetric integrated routing and bridging | |
| WO2020108531A1 (en) | Packet forwarding | |
| WO2016180020A1 (en) | Message processing method, device and system | |
| US20230030403A1 (en) | Secure frame encryption as a service | |
| CN114640554A (en) | Multi-tenant communication isolation method and hybrid networking method | |
| CN111130978B (en) | Network traffic forwarding method and device, electronic equipment and machine-readable storage medium | |
| WO2022142905A1 (en) | Packet forwarding method and apparatus, and network system | |
| CN115955502A (en) | Host network communication data transmission method and device | |
| CN110572326A (en) | Method, device, network equipment and system for establishing forwarding path |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |