CN116137585B - Message forwarding method, device, computer equipment and storage medium - Google Patents
Message forwarding method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN116137585B CN116137585B CN202310424904.6A CN202310424904A CN116137585B CN 116137585 B CN116137585 B CN 116137585B CN 202310424904 A CN202310424904 A CN 202310424904A CN 116137585 B CN116137585 B CN 116137585B
- Authority
- CN
- China
- Prior art keywords
- message
- header
- identifier
- tunnel
- encapsulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a message forwarding method, a message forwarding device, computer equipment and a storage medium, wherein the message forwarding method comprises the following steps: acquiring a first message sent by a user terminal; analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier; based on the first virtual network identifier and the first double-layer VLAN identifier, acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port; determining a first encapsulation message based on the first pre-encapsulation message information and the first message; NAT conversion is carried out on the first encapsulation message based on the public network IP address and the public network port so as to convert the source IP address of the first encapsulation message into the public network IP address and convert the source port into the public network port; and sending the first encapsulation message after NAT conversion to an external network server based on the second virtual network identifier. The method and the device can improve the forwarding speed of the message and reduce the forwarding cost of the message.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and apparatus for forwarding a message, a computer device, and a storage medium.
Background
The Virtual Switch (vSwitch) is also called a Virtual network Switch, and is a two-layer (and partial three-layer) network function of a physical Switch, which is implemented in a software manner, and compared with a traditional physical Switch, the Virtual Switch has the advantages of flexible configuration, strong expansibility, low cost and high performance. However, the existing virtual switch generally forwards the packet after receiving the packet by layer unpacking the packet, and the forwarding efficiency is low.
Disclosure of Invention
The embodiment of the application provides a message forwarding method, a message forwarding device, computer equipment and a storage medium, which can improve the forwarding speed of a message and reduce the forwarding cost of the message without unpacking the message layer by layer when forwarding the message.
In one aspect, the present application provides a message forwarding method, where the message forwarding method is applied to a message forwarding device, where the message forwarding device is connected to a user terminal and an external network server in a communication manner, and the message forwarding method includes:
acquiring a first message after tunnel encapsulation, which is sent by the user terminal, wherein the first message comprises a first outer layer tunnel head and a first inner layer head;
Analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;
acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier;
determining a first encapsulation message of the first message based on the first pre-encapsulation message information and the first message;
performing NAT conversion on the first encapsulation message based on the public network IP address and the public network port to convert a source IP address of the first encapsulation message into the public network IP address and convert a source port of the first encapsulation message into the public network port;
and sending the first encapsulation message after NAT conversion to the external network server based on the second virtual network identifier.
In some embodiments of the present application, the method for forwarding a packet further includes:
acquiring a second message after tunnel encapsulation, which is sent by the extranet server, wherein the second message comprises a second outer layer tunnel header and a second inner layer header;
analyzing the second outer layer tunnel header to obtain the second virtual network identifier, and analyzing the second inner layer header to obtain a second double-layer VLAN identifier;
Acquiring second pre-encapsulation message information, the first virtual network identifier, a private network IP address and a private network port based on the second virtual network identifier and the second double-layer VLAN identifier;
determining a second encapsulation message of the second message based on the second pre-encapsulation message information and the second message;
performing NAT conversion on the second encapsulation message based on the private network IP address and the private network port to convert a destination IP address of the second encapsulation message into the private network IP address and convert a destination port of the second encapsulation message into the private network port;
and sending the second encapsulation message after NAT conversion to the user terminal based on the first virtual network identifier.
In some embodiments of the present application, the obtaining the first pre-encapsulated packet information based on the first virtual network identifier and the first dual-layer VLAN identifier includes:
determining first account information based on the first virtual network identifier and the first double-layer VLAN identifier;
and acquiring first pre-packaged message information based on the first account information.
In some embodiments of the present application, the first packet further includes an IP header, a TCP header, and packet data, the first pre-encapsulated packet information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header, and determining, based on the first pre-encapsulated packet information and the first packet, a first encapsulated packet of the first packet includes:
Acquiring IP header, TCP header and message data from the first message;
and splicing the pre-packaged outer layer tunnel header, the pre-packaged inner layer header, the IP header, the TCP header and the message data to obtain a first packaged message of the first message.
In some embodiments of the present application, before the obtaining the first pre-encapsulated packet information based on the first virtual network identifier and the first dual-layer VLAN identifier, the method further includes:
acquiring the first outer layer tunnel head and the first inner layer head;
acquiring the first account information, wherein the first account information comprises a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information and a dialing identifier;
packaging the first outer layer tunnel head based on the WAN side tunnel identifier to obtain a pre-packaged outer layer tunnel head;
and packaging the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dialing identifier to obtain a pre-packaged inner layer header.
In some embodiments of the present application, when the first packet is a packet after VXLAN tunnel encapsulation, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header, and a VXLAN header, and the parsing the first outer layer tunnel header to obtain a first virtual network identifier includes:
Obtaining a VXLAN header from the first outer layer tunnel header;
analyzing the VXLAN header to obtain a first virtual network identifier;
when the first message is a message after SRv6 tunnel encapsulation, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, and a SRv header, and the parsing the first outer layer tunnel header to obtain a first virtual network identifier includes:
obtaining SRv heads from the first outer layer tunnel heads;
and analyzing the SRv header to obtain a first virtual network identifier.
In some embodiments of the present application, the first inner layer header includes an inner layer ETH header and an inner layer dual-layer VLAN header, and the parsing the first inner layer header to obtain a first dual-layer VLAN identifier includes:
acquiring an inner layer double-layer VLAN header from the first inner layer header;
and analyzing the inner layer double-layer VLAN header to obtain a first double-layer VLAN identifier.
On the other hand, the application provides a message forwarding device, where the message forwarding device is respectively in communication connection with a user terminal and an external network server, and the message forwarding device includes:
the message acquisition unit is used for acquiring a first message after tunnel encapsulation sent by the user terminal, wherein the first message comprises a first outer layer tunnel head and a first inner layer head;
The message analysis unit is used for analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;
the information acquisition unit is used for acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier;
the message packaging unit is used for determining a first packaging message of the first message based on the first pre-packaging message information and the first message;
the first conversion unit is used for performing NAT conversion on the first encapsulation message based on the public network IP address and the public network port so as to convert a source IP address of the first encapsulation message into the public network IP address and convert a source port of the first encapsulation message into the public network port;
and the first forwarding unit is used for sending the first encapsulation message after NAT conversion to the external network server based on the second virtual network identifier.
In some embodiments of the present application, when the first message is a VXLAN tunnel encapsulated message, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header, and a VXLAN header, and the message parsing unit is specifically configured to:
Obtaining a VXLAN header from the first outer layer tunnel header;
and analyzing the VXLAN header to obtain a first virtual network identifier.
In some embodiments of the present application, when the first packet is a packet encapsulated in a SRv6 tunnel, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, and a SRv header, and the packet parsing unit is specifically configured to:
obtaining SRv heads from the first outer layer tunnel heads;
and analyzing the SRv header to obtain a first virtual network identifier.
In some embodiments of the present application, the first inner layer header includes an inner layer ETH header and an inner layer dual-layer VLAN header, and the packet parsing unit is specifically further configured to:
acquiring an inner layer double-layer VLAN header from the first inner layer header;
and analyzing the inner layer double-layer VLAN header to obtain a first double-layer VLAN identifier.
In some embodiments of the present application, the information acquisition unit is specifically configured to:
determining first account information based on the first virtual network identifier and the first double-layer VLAN identifier;
and acquiring first pre-packaged message information based on the first account information.
In some embodiments of the present application, the first packet further includes an IP header, a TCP header, and packet data, the first pre-encapsulated packet information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header, and the packet encapsulation unit is specifically configured to:
Acquiring IP header, TCP header and message data from the first message;
and splicing the pre-packaged outer layer tunnel header, the pre-packaged inner layer header, the IP header, the TCP header and the message data to obtain a first packaged message of the first message.
In some embodiments of the present application, the packet forwarding device further includes:
the first acquisition unit is used for acquiring the first outer layer tunnel head and the first inner layer head;
the second obtaining unit is used for obtaining the first account information, wherein the first account information comprises a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information and a dialing identifier;
the first encapsulation unit is used for encapsulating the first outer layer tunnel head based on the WAN side tunnel identifier to obtain a pre-encapsulated outer layer tunnel head;
and the second encapsulation unit is used for encapsulating the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dialing identifier to obtain a pre-encapsulated inner layer header.
In some embodiments of the present application, the packet forwarding device further includes:
a third obtaining unit, configured to obtain a second packet after tunnel encapsulation sent by the external network server, where the second packet includes a second external layer tunnel header and a second internal layer header;
The information analysis unit is used for analyzing the second outer layer tunnel header to obtain the second virtual network identifier, and analyzing the second inner layer header to obtain a second double-layer VLAN identifier;
a fourth obtaining unit, configured to obtain second pre-encapsulated packet information, the first virtual network identifier, a private network IP address, and a private network port based on the second virtual network identifier and the second dual-layer VLAN identifier;
a message determining unit, configured to determine a second encapsulated message of the second message based on the second pre-encapsulated message information and the second message;
the second converting unit is configured to perform NAT conversion on the second encapsulated packet based on the private network IP address and the private network port, so as to convert a destination IP address of the second encapsulated packet into the private network IP address, and convert a destination port of the second encapsulated packet into the private network port;
and the second forwarding unit is used for sending the second encapsulation message after NAT conversion to the user terminal based on the first virtual network identifier.
In another aspect, the present application also provides a computer device, including:
one or more processors;
A memory; and
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the message forwarding method of any of the first aspects.
In a fourth aspect, the present application further provides a computer readable storage medium having stored thereon a computer program, the computer program being loaded by a processor to perform the steps of the method for forwarding a message according to any of the first aspects.
According to the method and the device, the first outer layer tunnel header and the first inner layer header of the first message are pre-packaged, after the first message is obtained, the first virtual network identifier and the first double-layer VLAN identifier are analyzed from the first message, the first pre-packaged message information is obtained based on the first virtual network identifier and the first double-layer VLAN identifier, the first packaged message of the first message can be directly determined based on the first pre-packaged message information, layer-by-layer unpacking of the message is not needed, the forwarding speed of the message is improved, and the forwarding cost of the message is reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a scenario of a packet forwarding system provided in an embodiment of the present application;
FIG. 2 is a flow chart of an embodiment of a message forwarding method provided in an embodiment of the present application;
fig. 3 is a message structure diagram of a VXLAN tunnel encapsulation message provided in an embodiment of the present application;
fig. 4 is a message structure diagram of a SRv tunnel encapsulation message provided in an embodiment of the present application;
fig. 5 is a flowchart of a specific embodiment of a packet forwarding method provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of an embodiment of a packet forwarding device provided in an embodiment of the present application;
FIG. 7 is a schematic diagram of one embodiment of a computer device provided in an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
In the description of the present application, it should be understood that the terms "center," "longitudinal," "transverse," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate an orientation or positional relationship based on that shown in the drawings, merely for convenience of description and to simplify the description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be configured and operated in a particular orientation, and thus should not be construed as limiting the present application. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, features defining "first", "second", "third" may include one or more of the stated features, either explicitly or implicitly. In the description of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
In this application, the term "exemplary" is used to mean "serving as an example, instance, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. The following description is presented to enable any person skilled in the art to make and use the application. In the following description, details are set forth for purposes of explanation. It will be apparent to one of ordinary skill in the art that the present application may be practiced without these specific details. In other instances, well-known structures and processes have not been shown in detail to avoid obscuring the description of the present application with unnecessary detail. Thus, the present application is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
It should be noted that, since the method in the embodiment of the present application is executed in a computer device, the processing object of each computer device exists in the form of data or information, for example, time, which is essentially time information, it can be understood that in the subsequent embodiment, if the size, the number, the position, etc. are all corresponding data exist, so that the computer device can process the data, which is not described herein in detail.
The embodiment of the application provides a message forwarding method, a message forwarding device, computer equipment and a storage medium, and the message forwarding method, the message forwarding device, the computer equipment and the storage medium are respectively described in detail below.
Referring to fig. 1, fig. 1 is a schematic view of a scenario of a packet forwarding system provided in an embodiment of the present application, where the packet forwarding system may include a computer device 100, a user terminal 200, and an external network server 300, and the computer device 100 is communicatively connected to the user terminal 200 and the external network server 300, respectively. The computer device 100 has integrated therein a message forwarding apparatus, such as the computer device in fig. 1.
In this embodiment, the computer device 100 is mainly configured to obtain a first packet after tunnel encapsulation sent by the user terminal, where the first packet includes a first outer layer tunnel header and a first inner layer header; analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier; acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier; determining a first encapsulation message of the first message based on the first pre-encapsulation message information and the first message; performing NAT conversion on the first encapsulation message based on the public network IP address and the public network port to convert a source IP address of the first encapsulation message into the public network IP address and convert a source port of the first encapsulation message into the public network port; and sending the first encapsulation message after NAT conversion to the external network server based on the second virtual network identifier.
In the embodiment of the present application, the computer device 100 may be an independent server, or may be a server network or a server cluster formed by servers, for example, the computer device 100 described in the embodiment of the present application includes, but is not limited to, a computer, a network host, a single network server, a plurality of network server sets, or a cloud server formed by a plurality of servers. Wherein the Cloud server is composed of a large number of computers or web servers based on Cloud Computing (Cloud Computing).
It is understood that the computer device 100 used in embodiments of the present application may be a device that includes both receive and transmit hardware, i.e., a device having receive and transmit hardware capable of performing bi-directional communications over a bi-directional communication link. Such a device may include: a cellular or other communication device having a single-line display or a multi-line display or a cellular or other communication device without a multi-line display. The computer device 100 may be a desktop terminal or a mobile terminal, and the computer device 100 may be one of a mobile phone, a tablet computer, a notebook computer, and the like.
Those skilled in the art will appreciate that the application environment shown in fig. 1 is merely an application scenario with the present application scenario, and is not limited to the application scenario with the present application scenario, and other application environments may further include more or fewer computer devices than those shown in fig. 1, for example, only 1 computer device is shown in fig. 1, and it is understood that the cluster resource scheduling system may further include one or more other services, which is not limited herein.
In this embodiment, the user terminal 200 is a terminal located in a private network (intranet), and the user terminal 200 may be a general purpose computer device or a special purpose computer device. In a specific implementation, the user terminal 200 may be a desktop, a portable computer, a network server, a palm computer (Personal Digital Assistant, PDA), a mobile phone, a tablet computer, a wireless terminal device, a communication device, an embedded device, etc., and the embodiment is not limited to the type of the user terminal 200.
In this embodiment of the present application, the external network server 300 is a server of an external network (public network), and the external network server 300 may be an independent server, or may be a server network or a server cluster formed by a plurality of servers, for example, the external network server 300 described in the embodiment of the present invention includes, but is not limited to, a computer, a network host, a single network server, a plurality of network server sets, or a cloud server formed by a plurality of servers. Wherein the Cloud server is composed of a large number of computers or web servers based on Cloud Computing (Cloud Computing).
The present application will be further described by the description of embodiments with reference to the accompanying drawings.
The present embodiment provides a message forwarding method, which is applied to a message forwarding device, where the message forwarding device is respectively connected with a user terminal and an external network server in a communication manner, as shown in fig. 2, and the method includes:
301. and acquiring a first message after tunnel encapsulation, which is sent by the user terminal, wherein the first message comprises a first outer layer tunnel head and a first inner layer head.
The first message is a message sent by the user terminal to the external network server, and is a message subjected to tunnel encapsulation by adopting the existing tunnel technology, and when the first message is a message subjected to VXLAN tunnel encapsulation, as shown in fig. 3, the structure of the first message sequentially comprises an external ETH header, an external VLAN header, an external IP header, a UDP header, a VXLAN header, an internal ETH header, an internal double-layer VLAN header, a PPPOE header, an internal IP header, a TCP header and message data from outside to inside; as shown in fig. 4, when the first packet is a packet encapsulated in a SRv tunnel, the structure of the first packet sequentially includes, from outside to inside, an outer layer ETH header, an outer layer VLAN header, a SRv header, an inner layer ETH header, an inner layer dual layer VLAN header, an inner layer IP header, a TCP header, and packet data.
When the first message is a message packaged by the VXLAN tunnel, the first outer layer tunnel header comprises an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header and a VXLAN header of the first message, and the first inner layer header comprises an inner layer ETH header, an inner layer double-layer VLAN header and a PPPOE header of the first message; when the first message is a message encapsulated by a SRv tunnel, the first outer layer tunnel header comprises an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header and a VXLAN header of the first message, and the first inner layer header comprises an inner layer ETH header and an inner layer double-layer VLAN header of the first message.
302. And analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier.
The first virtual network identifier is an identifier which is analyzed from the first outer layer tunnel header, the first double-layer VLAN identifier is an identifier which is analyzed from the inner layer double-layer VLAN header of the first inner layer header, and the first virtual network identifier and the first double-layer VLAN identifier can carry out unique identifier on the first message.
The first dual-layer VLAN identifier is a QinQ identifier, which is also called a packed VLAN or Double VLAN, and the standard comes from IEEE 802.1 ad, which encapsulates a private network VLANTag of a user in a public network VLAN Tag, so that a packet passes through a backbone network (public network) of an operator with the two-layer VLAN Tag.
The first virtual network identifier changes with different tunnel encapsulation scenes of the first message, for example, when the first message is a message after VXLAN tunnel encapsulation, the first virtual network identifier is a VNI, and the VNI (VxLAN Network Identifier ) is a virtual extensible local area network identifier (virtual network identifier) corresponding to the user side device; when the first message is a message encapsulated by a SRv6 tunnel, the first virtual network identifier is a DIP6 identifier.
303. And acquiring first pre-encapsulation message information, a second virtual network identifier, a public network IP address and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier.
The first pre-encapsulated message information comprises a first outer layer tunnel header after pre-encapsulation and a first inner layer header after pre-encapsulation, and the second virtual network identifier is a virtual network identifier for forwarding the first message. The public network IP address is the public network IP address allocated when the user terminal accesses the external network server, and the public network port is the public network port allocated when the user terminal accesses the external network server.
After the first virtual network identifier and the first dual-layer VLAN identifier are parsed from the first packet, the embodiment may acquire the first pre-encapsulated packet information, the second virtual network identifier, the public network IP address and the public network port based on the first virtual network identifier and the first dual-layer VLAN identifier, so as to forward the packet based on the first pre-encapsulated packet information, the second virtual network identifier, the public network IP address and the public network port in the subsequent steps.
304. And determining a first encapsulation message of the first message based on the first pre-encapsulation message information and the first message.
The first encapsulated message is an encapsulated first message, and because the first pre-encapsulated message information includes a pre-encapsulated first outer layer tunnel header and a pre-encapsulated first inner layer header, after the first pre-encapsulated message information is obtained, the embodiment can directly determine the encapsulated message of the first message based on the first pre-encapsulated message information, without unpacking the messages layer by layer, and the message forwarding speed is high.
305. And performing NAT conversion on the first encapsulation message based on the public network IP address and the public network port so as to convert the source IP address of the first encapsulation message into the public network IP address and convert the source port of the first encapsulation message into the public network port.
NAT can be classified into PAT (Port Address Translation, ported address translation) and NO-PAT (Not Port Address Translation, non-ported address translation). In the NO-PAT mode, one public network IP address can only be divided into one private network IP address at the same time for conversion; in the PAT mode, one public network IP address may be allocated to a plurality of private network IP addresses at the same time for sharing. NAT appearing in this application refers to PAT mode.
After determining the first encapsulated packet of the first packet, the embodiment performs NAT conversion on the first encapsulated packet based on the public network IP address and the public network port determined in step S303, converts the source IP address of the first encapsulated packet into a public network IP address, and converts the source port of the first encapsulated packet into a public network port.
306. And sending the first encapsulation message after NAT conversion to the external network server based on the second virtual network identifier.
After NAT conversion is carried out on the first encapsulation message, the NAT-converted first encapsulation message can be sent to an external network server based on the second virtual network identifier, and the message forwarding speed is high and the message forwarding cost is low because the message does not need to be unpacked layer by layer in the message forwarding process.
In a specific embodiment, the method for forwarding a message may further include the following steps 307 to 312, which are specifically as follows:
307. acquiring a second message after tunnel encapsulation, which is sent by the extranet server, wherein the second message comprises a second outer layer tunnel header and a second inner layer header;
308. analyzing the second outer layer tunnel header to obtain the second virtual network identifier, and analyzing the second inner layer header to obtain a second double-layer VLAN identifier;
309. acquiring second pre-encapsulation message information, the first virtual network identifier, a private network IP address and a private network port based on the second virtual network identifier and the second double-layer VLAN identifier;
310. determining a second encapsulation message of the second message based on the second pre-encapsulation message information and the second message;
311. performing NAT conversion on the second encapsulation message based on the private network IP address and the private network port to convert a destination IP address of the second encapsulation message into the private network IP address and convert a destination port of the second encapsulation message into the private network port;
312. and sending the second encapsulation message after NAT conversion to the user terminal based on the first virtual network identifier.
The second message is a message sent to the user terminal by the external network server, the second message is a message packaged by adopting the existing tunnel technology, and when the second message is a message packaged by the VXLAN tunnel, the structure of the second message sequentially comprises an outer layer ETH head, an outer layer VLAN head, an outer layer IP head, a UDP head, a VXLAN head, an inner layer ETH head, an inner layer double-layer VLAN head, a PPPOE head, an inner layer IP head, a TCP head and message data from outside to inside, similar to the first message; when the second message is a message encapsulated by a SRv6 tunnel, the structure of the second message sequentially comprises an outer layer ETH header, an outer layer VLAN header, a SRv header, an inner layer ETH header, an inner layer double-layer VLAN header, an inner layer IP header, a TCP header and message data from outside to inside.
When the second message is a message packaged by the VXLAN tunnel, the second outer layer tunnel header comprises an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header and a VXLAN header of the second message, and the second inner layer header comprises an inner layer ETH header, an inner layer double-layer VLAN header and a PPPOE header of the second message; when the second message is a message after SRv tunnel encapsulation, the second outer layer tunnel header comprises an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header and a VXLAN header of the second message, and the second inner layer header comprises an inner layer ETH header and an inner layer double layer VLAN header of the second message.
The second pre-encapsulated message information comprises a pre-encapsulated second outer layer tunnel header and a pre-encapsulated second inner layer header, and is similar to the step that the user terminal sends the first message to the outer network server, when the outer network server sends the second message to the user terminal, the message forwarding device obtains the second message after tunnel encapsulation sent by the outer network server, analyzes the second outer layer tunnel header of the second message to obtain a second virtual network identifier, analyzes the second inner layer header of the second message to obtain a second double-layer VLAN identifier, then obtains the second pre-encapsulated message information, the first virtual network identifier, the private network IP address and the private network port based on the second virtual network identifier and the second message, determines a second encapsulated message of the second message based on the second pre-encapsulated message information and the second message, then converts the IP address of the second encapsulated message into the private network IP address based on the second private network IP address and the private network port, converts the IP address of the second encapsulated message into the private network IP address based on the second private network port, and finally converts the second encapsulated IP address into the second virtual network identifier based on the second private network port and finally converts the second encapsulated IP address into the second virtual network identifier based on the first virtual network port.
The refining steps of steps 307 to 312 are the same as the refining steps of steps 301 to 306, and specific reference may be made to the refining steps of steps 301 to 306, which are not described herein.
In a specific embodiment, as shown in fig. 5, when the first packet is a packet after VXLAN tunneling encapsulation, the parsing the first outer layer tunnel header in step 302 to obtain a first virtual network identifier may include the following steps 401 to 402, which are specifically as follows:
401. obtaining a VXLAN header from the first outer layer tunnel header;
402. and analyzing the VXLAN header to obtain a first virtual network identifier.
When the first message is a message after the VXLAN tunnel encapsulation, the message structure of the first message is shown in fig. 3, where the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header, and a VXLAN header, and when the first outer layer tunnel header is parsed, the VXLAN header is first obtained from the first outer layer tunnel header, and then the VXLAN header is parsed, so as to obtain the first virtual network identifier.
In a specific embodiment, when the first packet is a packet encapsulated in a SRv6 tunnel, the parsing the first outer layer tunnel header in step 302 to obtain the first virtual network identifier may include the following steps 403 to 404, which are specifically as follows:
401. Obtaining SRv heads from the first outer layer tunnel heads;
402. and analyzing the SRv header to obtain a first virtual network identifier.
When the first message is a message after SRv tunnel encapsulation, the message structure of the first message is shown in fig. 4, and the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header and a SRv header, and when the first outer layer tunnel header is analyzed, the SRv header is first obtained from the first outer layer tunnel header, and then the SRv header is analyzed, so as to obtain the first virtual network identifier.
In a specific embodiment, the first inner layer header includes an inner layer ETH header and an inner layer dual-layer VLAN header, and referring to fig. 5, in step 302, the parsing the first inner layer header to obtain the first dual-layer VLAN identifier may include the following steps 405 to 406, which are specifically as follows:
405. acquiring an inner layer double-layer VLAN header from the first inner layer header;
406. and analyzing the inner layer double-layer VLAN header to obtain a first double-layer VLAN identifier.
As shown in fig. 3 and 4, the first inner header includes an inner ETH header and an inner dual layer VLAN header, and the first dual layer VLAN identifier is an identifier parsed from the inner dual layer VLAN header of the first inner header. Correspondingly, the step of analyzing the first inner layer header specifically includes: and acquiring an inner layer double-layer VLAN head from the first inner layer head, and analyzing the inner layer double-layer VLAN head to obtain a first double-layer VLAN identifier.
In a specific embodiment, the step 303 of obtaining the first pre-encapsulated packet information based on the first virtual network identifier and the first dual-layer VLAN identifier may include the following steps 407 to 408, which are specifically as follows:
407. determining first account information based on the first virtual network identifier and the first double-layer VLAN identifier;
408. and acquiring first pre-packaged message information based on the first account information.
Each virtual network identifier and each double-layer VLAN identifier have corresponding account information, the first account information is the account information corresponding to the first virtual network identifier and the first double-layer VLAN identifier, and the first pre-packaged message information corresponds to the first account information. When the first pre-packaged message information is obtained based on the first virtual network identifier and the first double-layer VLAN identifier, first, the first account information is determined based on the first virtual network identifier and the first double-layer VLAN identifier, and then the first pre-packaged message information is obtained based on the first account information.
In a specific embodiment, the first packet further includes an IP header, a TCP header, and packet data, where the first pre-encapsulated packet information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header, and referring to fig. 5, the determining, in step 304, the first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet may include the following steps 409 to 410, which are specifically as follows:
409. Acquiring IP header, TCP header and message data from the first message;
410. and splicing the pre-packaged outer layer tunnel header, the pre-packaged inner layer header, the IP header, the TCP header and the message data to obtain a first packaged message of the first message.
With continued reference to fig. 3 and 4, the first packet includes an IP header, a TCP header, and packet data in addition to the first outer layer tunnel header and the first inner layer header. The first pre-packaged message information comprises a pre-packaged outer layer tunnel head and a pre-packaged inner layer head, wherein the pre-packaged outer layer tunnel head is a pre-packaged first outer layer tunnel head, and the pre-packaged inner layer head is a pre-packaged first inner layer head.
When determining the first encapsulated message based on the first pre-encapsulated message information and the first message, the embodiment firstly obtains the IP header, the TCP header and the message data from the first message, and then splices the pre-encapsulated outer layer tunnel header, the pre-encapsulated inner layer header, the IP header, the TCP header and the message data, thereby obtaining the encapsulated first message, namely the first encapsulated message.
In a specific embodiment, before the step 303 of obtaining the first pre-encapsulated packet information based on the first virtual network identifier and the first dual-layer VLAN identifier, the method may include the following steps 411 to 414, which are specifically as follows:
411. Acquiring the first outer layer tunnel head and the first inner layer head;
412. acquiring the first account information, wherein the first account information comprises a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information and a dialing identifier;
413. packaging the first outer layer tunnel head based on the WAN side tunnel identifier to obtain a pre-packaged outer layer tunnel head;
414. and packaging the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dialing identifier to obtain a pre-packaged inner layer header.
Before the first pre-packaged message information is acquired, the first outer layer tunnel header and the first inner layer header need to be pre-packaged. As shown in table 1, pre-encapsulating the first outer layer tunnel header requires a WAN side tunnel identification (WAN side tunnel VNI), pre-encapsulating the first inner layer header requires a source MAC address (MAC address of the cpe device WAN side subinterface), a destination MAC address (WAN layer gateway MAC address obtained by pppore dialing), VLAN information, and a dialing identifier (dialing unique identifier pppore_sid obtained by pppore dialing).
TABLE 1 information required to encapsulate outer layer tunneling header and inner layer header
The first account information obtained in this embodiment includes a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information, and a dial-up identifier, and when the first outer layer tunnel header and the first inner layer header are encapsulated, the first outer layer tunnel header is encapsulated based on the WAN side tunnel identifier to obtain a pre-encapsulated outer layer tunnel header, and the first inner layer header is encapsulated based on the source MAC address, the first destination MAC address, the first VLAN information, and the dial-up identifier to obtain a pre-encapsulated inner layer header.
With continued reference to table 1, before the second pre-encapsulated packet information is acquired in step S309, second account information needs to be acquired, where the second account information includes a LAN side tunnel identifier, a source MAC address, a second destination MAC address (a MAC address of a terminal device under the account) and second VLAN information, and then the second outer layer tunnel header is encapsulated based on the LAN side tunnel identifier to obtain a pre-encapsulated second outer layer tunnel header, and meanwhile, the second inner layer header is encapsulated based on the source MAC address, the second destination MAC address and the second VLAN information to obtain a pre-encapsulated second inner layer header.
The inventor finds that in the IPv4/VXLAN tunnel scene, the message forwarding method in the embodiment of the application is used for forwarding the message from the user terminal to the external network server, and the encapsulation time which can be saved in the external layer tunnel head is as follows: (ETH header+2 layer VLAN header+ipv 4 header+udp header+vxlan header) =14+8+20+20+8+8=58 bytes of packet encapsulation time, the encapsulation time that can be saved for the inner layer header is: (ETH header+2 layer VLAN header+pppoe header) =14+8+8=30 bytes of packet encapsulation time. Assuming that the average length of the message is 300 bytes, the packet speed is lifted = (58+30)/(300= 29.33%).
In an IPv4/VXLAN tunnel scene, the message forwarding method of the embodiment of the application is used for forwarding the message from an external network server to the user terminal, and the encapsulation time which can be saved in the external layer tunnel head is as follows: (ETH header+2 layer VLAN header+ipv 4 header+udp header+vxlan header) =14+8+20+20+8+8=58 bytes of packet encapsulation time, the encapsulation time that can be saved for the inner layer header is: (ETH header+2 layer VLAN header) =14+8=22 bytes of packet encapsulation time. Assuming an average message length of 300 bytes, the packet speed is raised= (58+22)/(300=26.67%).
In an IPv6/VXLAN tunnel scene, the message forwarding method of the embodiment of the application is used for forwarding the message from the user terminal to the external network server, and the encapsulation time which can be saved in the external layer tunnel head is as follows: (ETH header+2 layer VLAN header+ipv 6 header+udp header+vxlan header) =14+8+40+20+8+8=78 bytes of packet encapsulation time, the encapsulation time that can be saved in the inner layer header is: (ETH header+2 layer VLAN header+pppoe header) =14+8+8=30 bytes of packet encapsulation time. Assuming that the average length of the message is 300 bytes, the packet speed is raised= (78+30)/(300=36%).
In an IPv6/VXLAN tunnel scene, the message forwarding method of the embodiment of the application is used for forwarding the message from an external network server to the user terminal, and the encapsulation time which can be saved in the external layer tunnel head is as follows: (ETH header+2 layer VLAN header+ipv 6 header+udp header+vxlan header) =14+8+40+20+8+8=78 bytes of packet encapsulation time, the encapsulation time that can be saved in the inner layer header is: (ETH header+2 layer VLAN header) =14+8=22 bytes of packet encapsulation time. Assuming that the average length of the message is 300 bytes, the packet speed is raised= (78+22)/(300=33.33%).
Under SRv tunnel scene, the encapsulation time that can be saved at the outer layer tunnel head is: message encapsulation time of (ETH header+2 layer VLAN header+ SRv6 header) =14+8+40=62 bytes, and encapsulation time that can be saved in the inner layer header is: (ETH header+2 layer VLAN header) =14+8=22 bytes of packet encapsulation time. Assuming that the average length of the message is 300 bytes, the packet speed is raised= (62+22)/(300=28%).
In order to better implement the message forwarding method in the embodiment of the present application, on the basis of the message forwarding method, a message forwarding device is further provided in the embodiment of the present application, as shown in fig. 6, where the message forwarding device 700 includes:
a packet obtaining unit 701, configured to obtain a first packet after tunneling encapsulation sent by the user terminal, where the first packet includes a first outer layer tunneling header and a first inner layer header;
a message parsing unit 702, configured to parse the first outer layer tunnel header to obtain a first virtual network identifier, and parse the first inner layer header to obtain a first dual-layer VLAN identifier;
an information obtaining unit 703, configured to obtain, based on the first virtual network identifier and the first dual-layer VLAN identifier, first pre-encapsulated packet information, a second virtual network identifier, a public network IP address, and a public network port;
a message encapsulation unit 704, configured to determine a first encapsulated message of the first message based on the first pre-encapsulated message information and the first message;
a first converting unit 705, configured to perform NAT conversion on the first encapsulated packet based on the public network IP address and the public network port, so as to convert a source IP address of the first encapsulated packet into the public network IP address, and convert a source port of the first encapsulated packet into the public network port;
And the first forwarding unit 706 is configured to send the NAT-translated first encapsulation packet to the external network server based on the second virtual network identifier.
In the embodiment of the application, the first outer layer tunnel header and the first inner layer header of the first message are pre-packaged, after the first message is acquired, the first virtual network identifier and the first double-layer VLAN identifier are analyzed from the first message, and then the first pre-packaged message information is acquired based on the first virtual network identifier and the first double-layer VLAN identifier, so that the first packaged message of the first message can be directly determined based on the first pre-packaged message information, the layer-by-layer unpacking package of the message is not needed, the forwarding speed of the message is improved, and the forwarding cost of the message is reduced.
In some embodiments of the present application, when the first message is a VXLAN tunnel encapsulated message, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header, and a VXLAN header, and the message parsing unit 702 is specifically configured to:
obtaining a VXLAN header from the first outer layer tunnel header;
and analyzing the VXLAN header to obtain a first virtual network identifier.
In some embodiments of the present application, when the first packet is a packet encapsulated in a SRv6 tunnel, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, and a SRv header, and the packet parsing unit 702 is specifically configured to:
Obtaining a VXLAN header from the first outer layer tunnel header;
and analyzing the VXLAN header to obtain a first virtual network identifier.
In some embodiments of the present application, when the first packet is a packet encapsulated in a SRv6 tunnel, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, and a SRv header, and the packet parsing unit 702 is specifically configured to:
obtaining SRv heads from the first outer layer tunnel heads;
and analyzing the SRv header to obtain a first virtual network identifier.
In some embodiments of the present application, the first inner layer header includes an inner layer ETH header and an inner layer dual-layer VLAN header, and the packet parsing unit 702 is specifically further configured to:
acquiring an inner layer double-layer VLAN header from the first inner layer header;
and analyzing the inner layer double-layer VLAN header to obtain a first double-layer VLAN identifier.
In some embodiments of the present application, the information acquisition unit 703 is specifically configured to:
determining first account information based on the first virtual network identifier and the first double-layer VLAN identifier;
and acquiring first pre-packaged message information based on the first account information.
In some embodiments of the present application, the first packet further includes an IP header, a TCP header, and packet data, the first pre-encapsulated packet information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header, and the packet encapsulating unit 704 is specifically configured to:
Acquiring IP header, TCP header and message data from the first message;
and splicing the pre-packaged outer layer tunnel header, the pre-packaged inner layer header, the IP header, the TCP header and the message data to obtain a first packaged message of the first message.
In some embodiments of the present application, the packet forwarding device 700 further includes:
the first acquisition unit is used for acquiring the first outer layer tunnel head and the first inner layer head;
the second obtaining unit is used for obtaining the first account information, wherein the first account information comprises a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information and a dialing identifier;
the first encapsulation unit is used for encapsulating the first outer layer tunnel head based on the WAN side tunnel identifier to obtain a pre-encapsulated outer layer tunnel head;
and the second encapsulation unit is used for encapsulating the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dialing identifier to obtain a pre-encapsulated inner layer header.
In some embodiments of the present application, the packet forwarding device 700 further includes:
a third obtaining unit, configured to obtain a second packet after tunnel encapsulation sent by the external network server, where the second packet includes a second external layer tunnel header and a second internal layer header;
The information analysis unit is used for analyzing the second outer layer tunnel header to obtain the second virtual network identifier, and analyzing the second inner layer header to obtain a second double-layer VLAN identifier;
a fourth obtaining unit, configured to obtain second pre-encapsulated packet information, the first virtual network identifier, a private network IP address, and a private network port based on the second virtual network identifier and the second dual-layer VLAN identifier;
a message determining unit, configured to determine a second encapsulated message of the second message based on the second pre-encapsulated message information and the second message;
the second converting unit is configured to perform NAT conversion on the second encapsulated packet based on the private network IP address and the private network port, so as to convert a destination IP address of the second encapsulated packet into the private network IP address, and convert a destination port of the second encapsulated packet into the private network port;
and the second forwarding unit is used for sending the second encapsulation message after NAT conversion to the user terminal based on the first virtual network identifier.
The embodiment of the application also provides a computer device, which integrates any one of the message forwarding devices provided by the embodiment of the application, and the computer device comprises:
One or more processors;
a memory; and
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to perform the steps of the message forwarding method described in any of the above-described message forwarding method embodiments.
The embodiment of the application also provides a computer device which integrates any one of the message forwarding devices provided by the embodiment of the application. As shown in fig. 7, a schematic structural diagram of a computer device according to an embodiment of the present application is shown, specifically:
the computer device may include one or more processing cores 'processors 801, one or more computer-readable storage media's memory 802, power supply 803, and input unit 804, among other components. Those skilled in the art will appreciate that the computer device structure shown in FIG. 7 is not limiting of the computer device and may include more or fewer components than shown, or may be combined with certain components, or a different arrangement of components. Wherein:
the processor 801 is a control center of the computer device, connects various parts of the entire computer device using various interfaces and lines, and performs various functions of the computer device and processes data by running or executing software programs and/or modules stored in the memory 802, and calling data stored in the memory 802, thereby performing overall monitoring of the computer device. Optionally, the processor 801 may include one or more processing cores; preferably, the processor 801 may integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., with a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 801.
The memory 802 may be used to store software programs and modules, and the processor 801 executes various functional applications and data processing by executing the software programs and modules stored in the memory 802. The memory 802 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data created according to the use of the computer device, etc. In addition, memory 802 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 802 may also include a memory controller to provide the processor 801 with access to the memory 802.
The computer device also includes a power supply 803 for powering the various components, preferably, the power supply 803 can be logically coupled to the processor 801 via a power management system such that functions such as managing charge, discharge, and power consumption can be performed by the power management system. The power supply 803 may also include one or more of any components, such as a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
The computer device may further comprise an input unit 804, which input unit 804 may be used for receiving input digital or character information and for generating keyboard, mouse, joystick, optical or trackball signal inputs in connection with user settings and function control.
Although not shown, the computer device may further include a display unit or the like, which is not described herein. In particular, in this embodiment, the processor 801 in the computer device loads executable files corresponding to the processes of one or more application programs into the memory 802 according to the following instructions, and the processor 801 executes the application programs stored in the memory 802, so as to implement various functions, as follows:
acquiring a first message after tunnel encapsulation, which is sent by the user terminal, wherein the first message comprises a first outer layer tunnel head and a first inner layer head;
analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;
acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier;
Determining a first encapsulation message of the first message based on the first pre-encapsulation message information and the first message;
performing NAT conversion on the first encapsulation message based on the public network IP address and the public network port to convert a source IP address of the first encapsulation message into the public network IP address and convert a source port of the first encapsulation message into the public network port;
and sending the first encapsulation message after NAT conversion to the external network server based on the second virtual network identifier.
Those of ordinary skill in the art will appreciate that all or a portion of the steps of the various methods of the above embodiments may be performed by instructions, or by instructions controlling associated hardware, which may be stored in a computer-readable storage medium and loaded and executed by a processor.
To this end, embodiments of the present application provide a computer readable storage medium, which may include: read Only Memory (ROM), random access Memory (RAM, random Access Memory), magnetic or optical disk, and the like. On which a computer program is stored, which is loaded by a processor to perform the steps of any of the message forwarding methods provided in the embodiments of the present application. For example, the loading of the computer program by the processor may perform the steps of:
Acquiring a first message after tunnel encapsulation, which is sent by the user terminal, wherein the first message comprises a first outer layer tunnel head and a first inner layer head;
analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;
acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier;
determining a first encapsulation message of the first message based on the first pre-encapsulation message information and the first message;
performing NAT conversion on the first encapsulation message based on the public network IP address and the public network port to convert a source IP address of the first encapsulation message into the public network IP address and convert a source port of the first encapsulation message into the public network port;
and sending the first encapsulation message after NAT conversion to the external network server based on the second virtual network identifier.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and the portions of one embodiment that are not described in detail in the foregoing embodiments may be referred to in the foregoing detailed description of other embodiments, which are not described herein again.
In the implementation, each unit or structure may be implemented as an independent entity, or may be implemented as the same entity or several entities in any combination, and the implementation of each unit or structure may be referred to the foregoing method embodiments and will not be repeated herein.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
The foregoing describes in detail a method, apparatus, computer device and storage medium for forwarding a message provided in the embodiments of the present application, and specific examples are applied to describe the principles and embodiments of the present application, where the descriptions of the foregoing embodiments are only used to help understand the method and core idea of the present application; meanwhile, those skilled in the art will have variations in the specific embodiments and application scope in light of the ideas of the present application, and the present description should not be construed as limiting the present application in view of the above.
Claims (7)
1. The message forwarding method is characterized in that the message forwarding method is applied to a message forwarding device, the message forwarding device is respectively in communication connection with a user terminal and an external network server, and the message forwarding method comprises the following steps:
Acquiring a first message after tunnel encapsulation, which is sent by the user terminal, wherein the first message comprises a first outer layer tunnel head and a first inner layer head; the first message is a message packaged by a VXLAN tunnel or a message packaged by a SRv6 tunnel;
analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;
acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier; the first pre-packaged message information comprises a pre-packaged outer layer tunnel head and a pre-packaged inner layer head, and the pre-packaged outer layer tunnel head is obtained by packaging the first outer layer tunnel head based on a WAN side tunnel identifier;
when the first message is a message encapsulated by a VXLAN tunnel, the pre-encapsulation inner layer header is obtained by encapsulating the first inner layer header based on a source MAC address, a first destination MAC address, first VLAN information and a dial identifier; when the first message is a message encapsulated by a SRv6 tunnel, the pre-encapsulation inner layer header encapsulates the first inner layer header based on a source MAC address, a first destination MAC address and first VLAN information to obtain the first inner layer header;
Determining a first encapsulation message of the first message based on the first pre-encapsulation message information and the first message;
performing NAT conversion on the first encapsulation message based on the public network IP address and the public network port to convert a source IP address of the first encapsulation message into the public network IP address and convert a source port of the first encapsulation message into the public network port;
sending the first encapsulation message after NAT conversion to the external network server based on the second virtual network identifier;
the obtaining the first pre-encapsulated message information based on the first virtual network identifier and the first dual-layer VLAN identifier includes:
determining first account information based on the first virtual network identifier and the first double-layer VLAN identifier;
acquiring first pre-packaged message information based on the first account information;
the first message further includes an IP header, a TCP header, and message data, the first pre-packaged message information includes a pre-packaged outer layer tunnel header and a pre-packaged inner layer header, and determining a first packaged message of the first message based on the first pre-packaged message information and the first message includes:
Acquiring IP header, TCP header and message data from the first message;
splicing the pre-packaged outer layer tunnel header, the pre-packaged inner layer header, the IP header, the TCP header and the message data to obtain a first packaged message of the first message;
before the first pre-packaged message information is obtained based on the first virtual network identifier and the first dual-layer VLAN identifier, the method further comprises:
acquiring the first outer layer tunnel head and the first inner layer head;
acquiring the first account information, wherein the first account information comprises a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information and a dialing identifier;
packaging the first outer layer tunnel head based on the WAN side tunnel identifier to obtain a pre-packaged outer layer tunnel head;
and packaging the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dialing identifier to obtain a pre-packaged inner layer header.
2. The message forwarding method of claim 1, wherein the message forwarding method further comprises:
acquiring a second message after tunnel encapsulation, which is sent by the extranet server, wherein the second message comprises a second outer layer tunnel header and a second inner layer header;
Analyzing the second outer layer tunnel header to obtain the second virtual network identifier, and analyzing the second inner layer header to obtain a second double-layer VLAN identifier;
acquiring second pre-encapsulation message information, the first virtual network identifier, a private network IP address and a private network port based on the second virtual network identifier and the second double-layer VLAN identifier;
determining a second encapsulation message of the second message based on the second pre-encapsulation message information and the second message;
performing NAT conversion on the second encapsulation message based on the private network IP address and the private network port to convert a destination IP address of the second encapsulation message into the private network IP address and convert a destination port of the second encapsulation message into the private network port;
and sending the second encapsulation message after NAT conversion to the user terminal based on the first virtual network identifier.
3. The method for forwarding a message according to claim 1, wherein when the first message is a message encapsulated by a VXLAN tunnel, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, an outer layer IP header, a UDP header, and a VXLAN header, and the parsing the first outer layer tunnel header to obtain a first virtual network identifier includes:
Obtaining a VXLAN header from the first outer layer tunnel header;
analyzing the VXLAN header to obtain a first virtual network identifier;
when the first message is a message after SRv6 tunnel encapsulation, the first outer layer tunnel header includes an outer layer ETH header, an outer layer VLAN header, and a SRv header, and the parsing the first outer layer tunnel header to obtain a first virtual network identifier includes:
obtaining SRv heads from the first outer layer tunnel heads;
and analyzing the SRv header to obtain a first virtual network identifier.
4. The method for forwarding a message according to claim 1, wherein the first inner layer header includes an inner layer ETH header and an inner layer dual-layer VLAN header, and the parsing the first inner layer header to obtain a first dual-layer VLAN identifier includes:
acquiring an inner layer double-layer VLAN header from the first inner layer header;
and analyzing the inner layer double-layer VLAN header to obtain a first double-layer VLAN identifier.
5. The message forwarding device is characterized in that the message forwarding device is respectively in communication connection with a user terminal and an external network server, and the message forwarding device comprises:
the message acquisition unit is used for acquiring a first message after tunnel encapsulation sent by the user terminal, wherein the first message comprises a first outer layer tunnel head and a first inner layer head; the first message is a message packaged by a VXLAN tunnel or a message packaged by a SRv6 tunnel;
The message analysis unit is used for analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;
the information acquisition unit is used for acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier; the first pre-packaged message information comprises a pre-packaged outer layer tunnel head and a pre-packaged inner layer head, and the pre-packaged outer layer tunnel head is obtained by packaging the first outer layer tunnel head based on a WAN side tunnel identifier;
when the first message is a message encapsulated by a VXLAN tunnel, the pre-encapsulation inner layer header is obtained by encapsulating the first inner layer header based on a source MAC address, a first destination MAC address, first VLAN information and a dial identifier; when the first message is a message encapsulated by a SRv6 tunnel, the pre-encapsulation inner layer header encapsulates the first inner layer header based on a source MAC address, a first destination MAC address and first VLAN information to obtain the first inner layer header;
the message packaging unit is used for determining a first packaging message of the first message based on the first pre-packaging message information and the first message;
The first conversion unit is used for performing NAT conversion on the first encapsulation message based on the public network IP address and the public network port so as to convert a source IP address of the first encapsulation message into the public network IP address and convert a source port of the first encapsulation message into the public network port;
the first forwarding unit is used for sending the first encapsulation message after NAT conversion to the external network server based on the second virtual network identifier;
the information acquisition unit is specifically configured to:
determining first account information based on the first virtual network identifier and the first double-layer VLAN identifier;
acquiring first pre-packaged message information based on the first account information;
the first message further comprises an IP header, a TCP header and message data, the first pre-packaged message information comprises a pre-packaged outer layer tunnel header and a pre-packaged inner layer header, and the message packaging unit is specifically used for:
acquiring IP header, TCP header and message data from the first message;
splicing the pre-packaged outer layer tunnel header, the pre-packaged inner layer header, the IP header, the TCP header and the message data to obtain a first packaged message of the first message;
The message forwarding device further comprises:
the first acquisition unit is used for acquiring the first outer layer tunnel head and the first inner layer head;
the second obtaining unit is used for obtaining the first account information, wherein the first account information comprises a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information and a dialing identifier;
the first encapsulation unit is used for encapsulating the first outer layer tunnel head based on the WAN side tunnel identifier to obtain a pre-encapsulated outer layer tunnel head;
and the second encapsulation unit is used for encapsulating the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dialing identifier to obtain a pre-encapsulated inner layer header.
6. A computer device, the computer device comprising:
one or more processors;
a memory; and
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the message forwarding method of any of claims 1 to 4.
7. A computer readable storage medium, having stored thereon a computer program, the computer program being loaded by a processor to perform the steps of the message forwarding method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310424904.6A CN116137585B (en) | 2023-04-20 | 2023-04-20 | Message forwarding method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310424904.6A CN116137585B (en) | 2023-04-20 | 2023-04-20 | Message forwarding method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116137585A CN116137585A (en) | 2023-05-19 |
| CN116137585B true CN116137585B (en) | 2023-07-18 |
Family
ID=86333669
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310424904.6A Active CN116137585B (en) | 2023-04-20 | 2023-04-20 | Message forwarding method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116137585B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112702252A (en) * | 2019-10-23 | 2021-04-23 | 华为技术有限公司 | Message processing method, system and related equipment |
| WO2022116848A1 (en) * | 2020-12-01 | 2022-06-09 | 武汉绿色网络信息服务有限责任公司 | Packet transmission method and apparatus, computer device, and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841023B (en) * | 2012-11-22 | 2017-03-08 | 华为技术有限公司 | The method and apparatus of data forwarding |
| WO2022033034A1 (en) * | 2020-08-14 | 2022-02-17 | 华为技术有限公司 | Oam detection method, device, and system |
| CN115208888B (en) * | 2022-09-13 | 2022-12-27 | 杭州优云科技有限公司 | Communication method and device for cloud instance to cross available areas and electronic equipment |
| CN115987915A (en) * | 2022-12-29 | 2023-04-18 | 武汉绿色网络信息服务有限责任公司 | Message forwarding method for virtual switch and related equipment |
-
2023
- 2023-04-20 CN CN202310424904.6A patent/CN116137585B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112702252A (en) * | 2019-10-23 | 2021-04-23 | 华为技术有限公司 | Message processing method, system and related equipment |
| WO2022116848A1 (en) * | 2020-12-01 | 2022-06-09 | 武汉绿色网络信息服务有限责任公司 | Packet transmission method and apparatus, computer device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116137585A (en) | 2023-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102570017B1 (en) | Session management method and device | |
| CN108293022B (en) | Method, device and system for transmitting message | |
| CN106656719B (en) | Inter-cloud communication method and related equipment, inter-cloud communication configuration method and related equipment | |
| US10831527B2 (en) | Providing link aggregation and high availability through network virtualization layer | |
| CN112702252A (en) | Message processing method, system and related equipment | |
| CN112968844B (en) | Method and device for sending fragment message | |
| CN112333298B (en) | Message transmission method and device, computer equipment and storage medium | |
| CN111131037A (en) | Data transmission method, device, medium and electronic equipment based on virtual gateway | |
| CN110912836B (en) | Method for forwarding data by forwarding device, control device, storage medium and system | |
| CN109862127B (en) | Message transmission method and related device | |
| US9307555B2 (en) | Method and system for mobile terminal to access the network through cell phone | |
| CN113132202B (en) | Message transmission method and related equipment | |
| US20220255772A1 (en) | Packet sending method, apparatus, and system | |
| CN112040030A (en) | Message transmission method and device, computer equipment and storage medium | |
| CN109936492B (en) | Method, device and system for transmitting message through tunnel | |
| WO2024067336A1 (en) | Packet processing method, programmable network card device, physical server, and storage medium | |
| CN107948077B (en) | Method and device for forwarding data message | |
| EP2890064A1 (en) | Packet forwarding method and system | |
| US11606258B2 (en) | Determining network topology based on packet traffic | |
| CN116137585B (en) | Message forwarding method, device, computer equipment and storage medium | |
| CN113630341B (en) | Data information processing method and server | |
| CN113923158A (en) | Message forwarding, routing sending and receiving method and device | |
| WO2023010730A1 (en) | Data packet parsing method and server | |
| CN112929277B (en) | Message processing method and device | |
| CN113497767A (en) | Method and device for transmitting data, computing equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |