CN116032689A - Message transmission method based on tunnel and client gateway equipment - Google Patents

Message transmission method based on tunnel and client gateway equipment Download PDF

Info

Publication number
CN116032689A
CN116032689A CN202211416945.2A CN202211416945A CN116032689A CN 116032689 A CN116032689 A CN 116032689A CN 202211416945 A CN202211416945 A CN 202211416945A CN 116032689 A CN116032689 A CN 116032689A
Authority
CN
China
Prior art keywords
data
tunnel
sent
gateway
hash value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211416945.2A
Other languages
Chinese (zh)
Inventor
范维庭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Armyfly Technology Co Ltd
Original Assignee
Beijing Armyfly Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Armyfly Technology Co Ltd filed Critical Beijing Armyfly Technology Co Ltd
Priority to CN202211416945.2A priority Critical patent/CN116032689A/en
Publication of CN116032689A publication Critical patent/CN116032689A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a message transmission method based on a tunnel and client gateway equipment, wherein the method is applied to a client gateway and comprises the following steps: receiving data to be transmitted; selecting one tunnel connection as a transmission channel, wherein a plurality of tunnel connections are provided, the tunnel connections are created between a client gateway and a server gateway in advance, and processes corresponding to each tunnel connection run on different CPU cores of the client gateway and the server gateway; and transmitting the data to be transmitted to a peer gateway by using the transmission channel. The scheme of the invention can fully utilize the multi-core performance of the CPU and improve the data transmission efficiency.

Description

Message transmission method based on tunnel and client gateway equipment
Technical Field
The present invention relates to the field of ethernet communications technologies, and in particular, to a tunnel-based packet transmission method and a client gateway device.
Background
The functions of the virtual tunnel are: and establishing a private network on the public network for encrypted communication. There are wide applications in enterprise networks. The tunnel gateway realizes remote access through encryption of the data packet and conversion of the destination address of the data packet. The tunnel may be implemented in a variety of ways, such as by a server, hardware, software, etc.
Since the tunnel is implemented through one TCP or UDP, one thread or process is required to implement reading and writing by default, and one thread or process cannot utilize the multi-core function of the CPU. If a connection is read and written by multiple threads, the lock is required to guarantee mutual exclusion, and the performance cannot be guaranteed.
Therefore, how to perform the multi-core performance of the CPU when implementing the tunnel function is a technical problem that needs to be solved in the industry.
Disclosure of Invention
The embodiment of the invention provides a message transmission method based on a tunnel and client gateway equipment, which can fully utilize the multi-core performance of a CPU and improve the data transmission efficiency.
Therefore, the invention provides the following technical scheme:
the embodiment of the invention provides a message transmission method based on a tunnel, which is characterized by being applied to a client gateway, and comprising the following steps:
receiving data to be transmitted;
selecting one tunnel connection as a transmission channel, wherein a plurality of tunnel connections are provided, the tunnel connections are created between a client gateway and a server gateway in advance, and processes corresponding to each tunnel connection run on different CPU cores of the client gateway and the server gateway;
and transmitting the data to be transmitted to a server gateway by utilizing the transmission channel.
Optionally, the selecting one tunnel connection as the transmission channel includes:
presetting a corresponding relation between tunnel connection and a Hash value;
calculating a Hash value corresponding to the data to be sent;
and selecting a tunnel connection as a transmission tunnel according to the Hash value corresponding to the data to be transmitted and the corresponding relation.
Optionally, the data to be sent is TCP data; the calculating the Hash value corresponding to the data to be sent includes:
acquiring an IP address and a TCP port of the data to be sent; and calculating a Hash value corresponding to the data to be sent according to the IP address and the TCP port.
Optionally, the data to be sent is non-TCP data;
the calculating the Hash value corresponding to the data to be sent includes:
acquiring the IP address of the data to be sent;
and calculating a Hash value corresponding to the data to be sent according to the IP address.
Optionally, the method further comprises:
a plurality of tunnel connections are established between the client gateway and the server gateway using a virtual network card TUN device or TAP device.
The invention also provides a client gateway device, which is characterized in that the gateway device comprises:
the receiving module is used for receiving the data to be transmitted;
the system comprises a tunnel selection module, a control module and a control module, wherein the tunnel selection module is used for selecting one tunnel connection as a transmission channel, a plurality of tunnel connections are provided, the tunnel connections are created between a client gateway and a server gateway in advance, and a process corresponding to each tunnel connection runs on different CPU cores of the client gateway and the server gateway;
and the sending module is used for transmitting the data to be sent to a server gateway by utilizing the transmission channel.
Optionally, the client gateway device further includes:
the configuration module is used for presetting the corresponding relation between the tunnel connection and the Hash value;
the tunnel selection module includes:
the calculating unit is used for calculating a Hash value corresponding to the data to be sent;
and the selection unit is used for selecting one tunnel connection as a transmission tunnel according to the Hash value corresponding to the data to be transmitted and the corresponding relation.
Optionally, the data to be sent is TCP data;
the computing unit is specifically configured to obtain an IP address and a TCP port of the data to be sent, and compute a Hash value corresponding to the data to be sent according to the IP address and the TCP port.
Optionally, the data to be sent is non-TCP data;
the computing unit is specifically configured to obtain an IP address of the data to be sent, and compute a Hash value corresponding to the data to be sent according to the IP address.
Optionally, the method further comprises:
the tunnel establishment module is specifically configured to establish a plurality of tunnel connections between the client gateway and the server gateway by using the virtual network card TUN device or the TAP device.
According to the tunnel-based message transmission method and the client gateway device provided by the embodiment of the invention, the multi-core performance of the CPU is fully utilized, a plurality of tunnel connections are established on the gateway in advance, processes corresponding to the tunnel connections are established, different processes run on different CPU cores, after receiving data to be transmitted, one tunnel connection is selected as a transmission channel, and the data to be transmitted is transmitted to the server gateway by utilizing the transmission channel, so that the multi-core performance of the CPU is fully utilized, and the data transmission efficiency is effectively improved.
Further, the data from the same connection is distributed to the same tunnel for transmission through the hash algorithm, so that the data from the same connection cannot generate disorder phenomenon when being transmitted through the tunnel, and the reliability of data transmission is ensured.
Drawings
FIG. 1 is a flow chart of a tunnel-based message transmission method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a tunnel-based message transmission process implemented by TUN equipment in an embodiment of the present invention;
fig. 3 is a schematic diagram of an encapsulation and decapsulation structure of an IP packet in a tunnel-based IP packet transmission according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a gateway device according to an embodiment of the present invention.
Detailed Description
In order to make the solution of the embodiment of the present invention better understood by those skilled in the art, the embodiment of the present invention is further described in detail below with reference to the accompanying drawings and embodiments.
Fig. 1 is a flowchart of a tunnel-based message transmission method according to an embodiment of the present invention.
The method is applied to the client gateway and comprises the following steps:
step 101, data to be transmitted is received.
The data to be sent is user data from a client, and a source address (i.e., a source user IP address) and a destination address (i.e., a destination user IP address) are included in the data to be sent.
In the embodiment of the present invention, the format of the user data is not limited, and may be various formats of data that can be transmitted by using the corresponding tunnel connection.
The client refers to a client connected to the client gateway, and it should be noted that there may be one or more clients connected to the client gateway, where the connection between the client gateway and different clients is different, and user data from different clients may also be referred to as data from different connections.
Step 102, selecting one tunnel connection as a transmission channel, wherein a plurality of tunnel connections are provided, the tunnel connections are created between a client gateway and a server gateway in advance, and processes corresponding to each tunnel connection run on different CPU cores of the client gateway and the server gateway.
The tunnel connection may be, but is not limited to, a TCP (Transmission Control Protocol ) connection, a UDP (User Datagram Protocol, user datagram protocol) connection, a RAW (i.e., RAW socket) connection, etc. Moreover, the protocols adopted by the plurality of tunnels may be the same or different, and the embodiment of the present invention is not limited.
In addition, the method for establishing the tunnel connection based on various different protocols is not limited in the embodiment of the present invention, and any method capable of implementing the tunnel connection may be adopted, which will not be described in detail.
And step 103, transmitting the data to be transmitted to a server gateway by using the transmission channel.
The tunnels described in the embodiments of the present invention may be established based on the same protocol or may be established based on different protocols. When the data to be sent is transmitted by using the tunnel, the data to be sent is required to be packaged according to the protocol requirement based on the selected tunnel, and the data to be sent is packaged into a tunnel message.
For example, if the selected tunnel is a TCP tunnel, the data to be sent needs to be added with a TCP message header to generate a TCP message. The TCP header includes a source port address (i.e., the MAC address of the client gateway) and a destination port address (i.e., the MAC address of the server gateway).
For another example, if the selected tunnel is a UDP tunnel, a UDP header needs to be added to the data to be sent to generate a UDP packet. The TCP header includes a source port address (i.e., the MAC address of the client gateway) and a destination port address (i.e., the MAC address of the server gateway).
For another example, if the selected tunnel is a RAW tunnel, the data to be sent needs to be encapsulated into DATAGRRAM-socket (user datagram socket) or STREAM-socket (data STREAM socket) and transmitted to the server gateway.
In a computer network, the TUN device and TAP device are virtual network devices in the operating system kernel, which are all implemented in software and provide the software running on the operating system with exactly the same functionality as the hardware network devices. The TAP is equivalent to an ethernet device that operates on layer two data packets, such as ethernet data frames. TUN emulates a network layer device and operates on third layer packets such as IP (Internet Protocol ) packets. Wherein the TUN device is a three-layer device, the type of data packet processed is IP data packet, without MAC (Media Access Control Address ) address; while the TAP device is a two-layer device and the type of packet handled is an ethernet packet with a MAC address.
In embodiments of the present invention, for each application process running on a different CPU core, a tunnel connection may be established between the client gateway and the server gateway using the TUN device or TAP device and client data may be transmitted over the tunnel connection. The tunnel established by the TUN device or the TAP device may be a tunnel such as TCP, UDP, RAW, and the specific manner of establishing the tunnel connection may be the prior art, which will not be described herein. Taking TUN equipment as an example, a procedure for implementing tunnel-based message transmission by using TUN equipment will be briefly described.
As shown in fig. 2, an application process 211 on the client gateway 201 sends an IP data packet received from the client to the TUN device 212, the TUN device 212 pushes the IP data packet to a VPN (virtual private networks, virtual private network) server (i.e., VPN program with a left port 28001) 213 in a character driven manner, and the VPN server 213 encapsulates the IP data packet to obtain a tunnel packet, and then sends the tunnel packet to the server gateway 202 through the tunnel 20 via the ethernet port Eth 0.
The VPN server 221 (i.e., VPN program with right port 38001) on the server gateway 202 receives the tunnel packet transmitted in the tunnel 20 through the ethernet port Eth0, decapsulates the tunnel packet to obtain the original IP data packet of the client, pushes the original IP data packet to the TUN device 222 in a character driving manner, and the TUN device 222 sends the original IP data packet to the application process 223 through the operating system protocol stack and the socket interface. The application process 223 sends the IP data packet according to the destination address of the IP data packet.
The structure for encapsulating and decapsulating the IP packets in the tunnel-based IP packet transmission is shown in fig. 3.
The source IP address of the IP data packet to be sent, which is received by the gateway device, is: 172.16.0.1, the destination IP address is: 172.16.0.2;
when tunnel packaging is carried out on the IP data packet, firstly, a TCP/UDP packet head is added to the IP data packet to obtain a TCP message, wherein the source port of the TCP message is 28001, and the destination port is 38001; and then adding an outer layer IP packet header to the TCP message, wherein the source IP address of the outer layer IP packet header is IP1, and the destination IP address is IP2.
And finally obtaining the encapsulated tunnel message through the encapsulation process.
Correspondingly, after the server receives the tunnel message, the original IP data packet is obtained through decapsulation.
Further, in order to ensure that no disorder phenomenon occurs when multiple tunnels transmit the messages of the same connection, in step 103, after receiving the data sent by the client (i.e., the data to be sent), the client gateway may select a tunnel connection for the data to be sent as a transmission channel through a Hash algorithm.
Specifically, the correspondence between tunnel connection and Hash value may be preset. When tunnel connection is selected for the data to be sent, calculating a Hash value corresponding to the data to be sent, and selecting one tunnel connection as a transmission tunnel according to the Hash value corresponding to the data to be sent and the corresponding relation.
Further, it is contemplated that the data to be sent may be from different network ports of the same client, or may be one or more network ports from different clients, and the data from different clients may be TCP data or non-TCP data. For this reason, when calculating the Hash value corresponding to the data to be transmitted, it may be decided based on which information the corresponding Hash value is calculated according to the type of the data to be transmitted. Such as:
if the data to be sent is TCP data, an IP address and a TCP port of the data to be sent can be obtained, and then a Hash value corresponding to the data to be sent is calculated according to the IP address;
if the data to be sent is non-TCP data, the IP address of the data to be sent is obtained, and the Hash value corresponding to the data to be sent is calculated according to the IP address.
In this way, a unique Hash value can be obtained for each connection, from which the tunnel connection for the data to be sent is determined. When the subsequent data from the same connection needs to be sent, the same Hash value can be obtained through calculation according to the corresponding information, so that the data from the same port of the same client is transmitted in the same tunnel, and no disorder phenomenon is generated.
According to the tunnel-based message transmission method provided by the embodiment of the invention, the multi-core performance of the CPU is fully utilized, a plurality of tunnel connections are established on the gateway, processes corresponding to the tunnel connections are established, different processes run on different CPU cores, and after receiving data to be transmitted, one tunnel connection is selected as a transmission channel to transmit the data to be transmitted, so that the message transmission efficiency can be effectively improved.
Further, messages from the same connection are distributed to the same tunnel for transmission through a hash algorithm, so that disorder phenomenon can not occur when multiple tunnels transmit the messages of the same connection, and the reliability of message transmission is ensured.
Correspondingly, the embodiment of the invention also provides a client gateway device, as shown in fig. 4, which is a schematic structural diagram of the client gateway device.
The gateway device 400 includes the following modules:
a receiving module 401, configured to receive data to be sent;
the tunnel selection module 402 is configured to select one tunnel connection as a transmission channel, where the tunnel connection has multiple tunnel connections, where multiple tunnel connections are created in advance between the client gateway and the server gateway, and processes corresponding to each tunnel connection run on different CPU cores of the client gateway and the server gateway, for example, multiple tunnel connections may be established on the gateway using a virtual network card TUN device or TAP device.
And the sending module 403 is configured to transmit the data to be sent to a server gateway by using the transmission channel.
In one non-limiting embodiment, the gateway device may further comprise: and a configuration module (not shown) for presetting the corresponding relation between the tunnel connection and the Hash value.
Accordingly, the tunnel selection module 403 may include: the computing unit is used for computing a Hash value corresponding to the data to be sent; the selecting unit is configured to select a tunnel connection as a transmission tunnel according to the Hash value corresponding to the data to be sent and the correspondence.
In a specific application, the calculating unit may decide which information to calculate the corresponding Hash value based on according to the type of the data to be sent. Such as: when the data to be sent is TCP data, the computing unit may obtain an IP address and a TCP port of the data to be sent, and calculate a Hash value corresponding to the data to be sent according to the IP address and the TCP port; and under the condition that the data to be sent is non-TCP data, the computing unit can acquire the IP address of the data to be sent, and calculate the Hash value corresponding to the data to be sent according to the IP address. Therefore, the data from the same port of the same client can be transmitted in the same tunnel, and no disorder phenomenon can be generated.
In practical application, the tunnel may be pre-established by a corresponding tunnel establishment module, and the tunnel may have multiple types, which is not limited to the embodiment of the present invention.
In one non-limiting embodiment, the tunnel establishment module may establish a plurality of tunnel connections between the client gateway and the server gateway using a virtual network card TUN device or a TAP device. Of course, the tunnel establishment module may also establish the corresponding tunnel in other manners, which is not limited to the embodiment of the present invention.
The gateway equipment provided by the embodiment of the invention can fully utilize the multi-core performance of the CPU, establish a plurality of tunnel connections on the gateway, and establish processes corresponding to the tunnel connections, and different processes run on different CPU cores, so that message transmission based on the plurality of tunnels is realized, and the message transmission efficiency is improved. And the messages from the same connection are distributed to the same tunnel for transmission through the hash algorithm, so that disorder phenomenon can not occur when the messages of the same connection are transmitted through multiple tunnels, and the reliability of the message transmission is ensured.
It is noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of the present invention and in the foregoing figures, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. Moreover, the system embodiments described above are illustrative only, and the modules and units illustrated as separate components may or may not be physically separate, i.e., may reside on one network element, or may be distributed across multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
While the embodiments of the present invention have been described in detail, the detailed description of the invention is provided herein, and the description of the embodiments is merely an example of some, but not all, of the methods and apparatus of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention, and the present description should not be construed as limiting the present invention. It is therefore contemplated that any modifications, equivalents, improvements or modifications falling within the spirit and principles of the invention will fall within the scope of the invention.

Claims (10)

1. The tunnel-based message transmission method is characterized by being applied to a client gateway, and comprises the following steps:
receiving data to be transmitted;
selecting one tunnel connection as a transmission channel, wherein a plurality of tunnel connections are provided, the tunnel connections are created between a client gateway and a server gateway in advance, and processes corresponding to each tunnel connection run on different CPU cores of the client gateway and the server gateway;
and transmitting the data to be transmitted to a server gateway by utilizing the transmission channel.
2. The method of claim 1, wherein selecting one tunnel connection as a transmission channel comprises:
presetting a corresponding relation between tunnel connection and a Hash value;
calculating a Hash value corresponding to the data to be sent;
and selecting a tunnel connection as a transmission tunnel according to the Hash value corresponding to the data to be transmitted and the corresponding relation.
3. The method according to claim 2, wherein the data to be transmitted is TCP data; the calculating the Hash value corresponding to the data to be sent includes:
acquiring an IP address and a TCP port of the data to be sent; and calculating a Hash value corresponding to the data to be sent according to the IP address and the TCP port.
4. The method of claim 2, wherein the data to be sent is non-TCP data;
the calculating the Hash value corresponding to the data to be sent includes:
acquiring the IP address of the data to be sent;
and calculating a Hash value corresponding to the data to be sent according to the IP address.
5. The method according to claim 1, wherein the method further comprises:
a plurality of tunnel connections are established between the client gateway and the server gateway using a virtual network card TUN device or TAP device.
6. A client gateway device, the gateway device comprising:
the receiving module is used for receiving the data to be transmitted;
the system comprises a tunnel selection module, a control module and a control module, wherein the tunnel selection module is used for selecting one tunnel connection as a transmission channel, a plurality of tunnel connections are provided, the tunnel connections are created between a client gateway and a server gateway in advance, and a process corresponding to each tunnel connection runs on different CPU cores of the client gateway and the server gateway;
and the sending module is used for transmitting the data to be sent to a server gateway by utilizing the transmission channel.
7. The client gateway device of claim 6, wherein the client gateway device further comprises:
the configuration module is used for presetting the corresponding relation between the tunnel connection and the Hash value;
the tunnel selection module includes:
the calculating unit is used for calculating a Hash value corresponding to the data to be sent;
and the selection unit is used for selecting one tunnel connection as a transmission tunnel according to the Hash value corresponding to the data to be transmitted and the corresponding relation.
8. The client gateway device of claim 7, wherein the data to be sent is TCP data;
the computing unit is specifically configured to obtain an IP address and a TCP port of the data to be sent, and compute a Hash value corresponding to the data to be sent according to the IP address and the TCP port.
9. The client gateway device of claim 7, wherein the data to be sent is non-TCP data;
the computing unit is specifically configured to obtain an IP address of the data to be sent, and compute a Hash value corresponding to the data to be sent according to the IP address.
10. The client gateway device of any of claims 6 to 9, further comprising:
the tunnel establishment module is specifically configured to establish a plurality of tunnel connections between the client gateway and the server gateway by using the virtual network card TUN device or the TAP device.
CN202211416945.2A 2022-11-14 2022-11-14 Message transmission method based on tunnel and client gateway equipment Pending CN116032689A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211416945.2A CN116032689A (en) 2022-11-14 2022-11-14 Message transmission method based on tunnel and client gateway equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211416945.2A CN116032689A (en) 2022-11-14 2022-11-14 Message transmission method based on tunnel and client gateway equipment

Publications (1)

Publication Number Publication Date
CN116032689A true CN116032689A (en) 2023-04-28

Family

ID=86074836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211416945.2A Pending CN116032689A (en) 2022-11-14 2022-11-14 Message transmission method based on tunnel and client gateway equipment

Country Status (1)

Country Link
CN (1) CN116032689A (en)

Similar Documents

Publication Publication Date Title
US8250643B2 (en) Communication device, communication system, communication method, and program
US8396954B2 (en) Routing and service performance management in an application acceleration environment
CN107995052B (en) Method and apparatus for common control protocol for wired and wireless nodes
WO2018175140A1 (en) Hardware-accelerated secure communication management
US10911413B2 (en) Encapsulating and tunneling WebRTC traffic
US8605730B2 (en) System and method for multimedia communication across disparate networks
US11924248B2 (en) Secure communications using secure sessions
CN110875799A (en) Transmission control method and device
CN112333210B (en) Method and equipment for realizing data communication function of video network
US20160269285A1 (en) Concealed datagram-based tunnel for real-time communications
CN111343083B (en) Instant messaging method, instant messaging device, electronic equipment and readable storage medium
CN108924157B (en) Message forwarding method and device based on IPSec VPN
US11522979B2 (en) Transmission control protocol (TCP) acknowledgement (ACK) packet suppression
CN108064441B (en) Method and system for accelerating network transmission optimization
US20090073980A1 (en) Information processing system, information processing apparatus and information processing method
CN113794715B (en) Virtual point-to-point network data transmitting method and system
US10334086B2 (en) Header redundancy removal for tunneled media traffic
CN116032689A (en) Message transmission method based on tunnel and client gateway equipment
US9614816B2 (en) Dynamic encryption for tunneled real-time communications
CN114338116B (en) Encryption transmission method and device and SD-WAN network system
US11924182B2 (en) ISO layer-two connectivity using ISO layer-three tunneling
CN114205185B (en) Proxy method and device for control message
US11956145B1 (en) Method and apparatus to recover flow using an error message in a tunnel-less SDWAN
CN115134806B (en) IPSec security reinforcement transmission method, CPE and network transmission system
WO2024041064A1 (en) Quic packet transmission method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination