CN116248590A - Data forwarding method, device, equipment and storage medium - Google Patents

Data forwarding method, device, equipment and storage medium Download PDF

Info

Publication number
CN116248590A
CN116248590A CN202211625711.9A CN202211625711A CN116248590A CN 116248590 A CN116248590 A CN 116248590A CN 202211625711 A CN202211625711 A CN 202211625711A CN 116248590 A CN116248590 A CN 116248590A
Authority
CN
China
Prior art keywords
target
data
address
snat
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211625711.9A
Other languages
Chinese (zh)
Other versions
CN116248590B (en
Inventor
李劭哲
马魁
陈晓明
林雪峰
刘勇
陈概华
王骏飞
兰飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Unicom Digital Technology Co Ltd
Unicom Cloud Data Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Unicom Digital Technology Co Ltd
Unicom Cloud Data Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd, Unicom Digital Technology Co Ltd, Unicom Cloud Data Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211625711.9A priority Critical patent/CN116248590B/en
Publication of CN116248590A publication Critical patent/CN116248590A/en
Application granted granted Critical
Publication of CN116248590B publication Critical patent/CN116248590B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/50Queue scheduling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a data forwarding method, a device, equipment and a storage medium, which relate to the technical field of communication and are used for improving the efficiency of forwarding data by a NAT gateway, and comprise the following steps: the NAT gateway obtains SNAT data and distributes a target Internet Protocol (IP) address and a target port for the SNAT data; determining a hash value of a five-tuple corresponding to the SNAT data; determining a target sending queue for forwarding SNAT data from a target indirect table based on the hash value, and determining whether an IP address corresponding to the target sending queue is consistent with a target IP address and a port corresponding to the target sending queue is consistent with a target port; and when the IP address corresponding to the target sending queue is consistent with the target IP address and the port corresponding to the target sending queue is consistent with the target port, forwarding SNAT data through the CPU core corresponding to the sending queue. The method and the device are applied to the scene that the NAT gateway forwards the data.

Description

Data forwarding method, device, equipment and storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a data forwarding method, apparatus, device, and storage medium.
Background
The network address translation (Network Address Translation, NAT) gateway is a gateway that translates intranet IP addresses and public network IP addresses in the virtual private cloud (Virtual Private Cloud, VPC), and is an implementation way to realize cloud resources without public network IP access to the internet in the VPC. The NAT gateway is at the boundary of the Internet and the VPC, is applicable to the inside of the private network, and partial resources share the public network outlet, so that bandwidth and flow resources can be saved.
In a multi-core central processing unit (Central Processing Unit/Processor, CPU), a network card multi-queue architecture server, a NAT gateway has multiple worker threads, each running on a separate CPU core to monopolize one of the receive queues (or transmit queues) in the network card. The main purpose of this architecture is to increase system throughput, enhance scalability, efficient non-associated session forwarding, resource independence.
In this case, if there are a large number of cross-thread processing tasks, the data forwarding performance is drastically degraded. Therefore, current NAT gateways are less efficient in forwarding data.
Disclosure of Invention
The application provides a data forwarding method, a device, equipment and a storage medium, which are used for improving the efficiency of NAT gateway data forwarding.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, a data forwarding method is provided, the method including: the network address translation NAT gateway obtains source address translation SNAT data and distributes a target Internet Protocol (IP) address and a target port for the SNAT data; determining a hash value of a quintuple corresponding to the SNAT data, wherein the quintuple comprises: source IP address, source port, destination IP address, destination port, protocol; determining a target sending queue for forwarding SNAT data from a target indirect table based on the hash value, and determining whether an IP address corresponding to the target sending queue is consistent with a target IP address and a port corresponding to the target sending queue is consistent with a target port; when the IP address corresponding to the target sending queue is consistent with the target IP address and the port corresponding to the target sending queue is consistent with the target port, forwarding SNAT data through a central processing unit CPU core corresponding to the sending queue, wherein the target indirection table is obtained based on a plurality of CPU cores corresponding to the NAT gateway.
In one possible implementation, determining the hash value of the five-tuple corresponding to the SNAT data includes: the NAT gateway analyzes the SNAT data based on the receiver extended RSS to acquire a source IP address, a source port, a destination IP address, a destination port and a protocol; and the NAT gateway processes the five-tuple corresponding to the SNAT data based on a preset hash function to obtain a hash value of the five-tuple corresponding to the SNAT data.
In one possible implementation, determining a target transmit queue to forward the SNAT data from the target indirection table based on the hash value includes: determining target data from the hash value, determining a transmitting queue for transmitting SNAT data from a target indirection table based on the target data, wherein the target data is the lowest N-bit data in the hash value, and N is a positive integer.
In one possible implementation, the method further includes: when the IP address corresponding to the target sending queue is inconsistent with the target IP address or the port corresponding to the target sending queue is inconsistent with the target port, re-executing the target operation; wherein the target operation comprises: the NAT gateway re-allocates a destination IP address and a destination port for SNAT data, and re-determines whether the IP address corresponding to the target sending queue is consistent with the re-allocated destination IP address, and whether the port corresponding to the target sending queue is consistent with the re-allocated destination port.
In a second aspect, there is provided a data forwarding apparatus including: the device comprises an acquisition unit, a processing unit and a forwarding unit; the acquisition unit is used for acquiring the SNAT data of the source address conversion by the NAT gateway of the network address conversion; a processing unit, configured to allocate a destination internet protocol IP address and a destination port to the SNAT data; the processing unit is further configured to determine a hash value of a quintuple corresponding to the snap data, where the quintuple includes: source IP address, source port, destination IP address, destination port, protocol; the processing unit is further used for determining a target sending queue for forwarding SNAT data from the target indirection table based on the hash value, and determining whether an IP address corresponding to the target sending queue is consistent with a target IP address and a port corresponding to the target sending queue is consistent with a target port; and the forwarding unit is used for forwarding SNAT data through a Central Processing Unit (CPU) core corresponding to the sending queue when the IP address corresponding to the target sending queue is consistent with the target IP address and the port corresponding to the target sending queue is consistent with the target port, and the target indirection table is obtained based on a plurality of CPU cores corresponding to the NAT gateway.
In one possible implementation manner, the processing unit is specifically configured to parse the acquired SNAT data based on the receiver extended RSS by using the NAT gateway to acquire a source IP address, a source port, a destination IP address, a destination port, and a protocol; the processing unit is specifically configured to process the five-tuple corresponding to the SNAT data based on a preset hash function by using the NAT gateway, so as to obtain a hash value of the five-tuple corresponding to the SNAT data.
In one possible implementation manner, the processing unit is specifically configured to determine target data from the hash value, determine a sending queue for forwarding the snap data from the target indirection table based on the target data, where the target data is lowest N bits of data in the hash value, and N is a positive integer.
In one possible implementation manner, the processing unit is further configured to re-execute the target operation when it is determined that the IP address corresponding to the target transmission queue is inconsistent with the destination IP address, or that the port corresponding to the target transmission queue is inconsistent with the destination port; wherein the target operation comprises: the NAT gateway re-allocates a destination IP address and a destination port for SNAT data, and re-determines whether the IP address corresponding to the target sending queue is consistent with the re-allocated destination IP address, and whether the port corresponding to the target sending queue is consistent with the re-allocated destination port.
In a third aspect, an electronic device, comprising: a processor and a memory; wherein the memory is configured to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the electronic device, cause the electronic device to perform a data forwarding method as in the first aspect.
In a fourth aspect, there is provided a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computer, cause the computer to perform a data forwarding method as in the first aspect.
The application provides a data forwarding method, a device, equipment and a storage medium, which are applied to a scene that NAT gateway forwards data. When the NAT gateway acquires SNAT data, a target Internet Protocol (IP) address and a target port are distributed for the SNAT data; and then determining the hash value of the five-tuple which corresponds to the SNAT data and comprises the source IP address, the source port, the destination IP address, the destination port and the protocol. Further, determining a target sending queue for forwarding SNAT data from a target indirect table based on the hash value, and determining whether an IP address corresponding to the target sending queue is consistent with a target IP address and a port corresponding to the target sending queue is consistent with a target port; and when the IP address corresponding to the target sending queue is consistent with the target IP address and the port corresponding to the target sending queue is consistent with the target port, forwarding SNAT data through the CPU core of the central processing unit corresponding to the sending queue. According to the SNAT data forwarding method and device, the target sending queue for forwarding the SNAT data is determined from the target indirection table through the hash value of the five-tuple corresponding to the SNAT data, whether the IP address corresponding to the target sending queue is consistent with the allocated target IP address or not is further judged, and whether the port corresponding to the target sending queue is consistent with the allocated target port or not is further judged, so that the efficiency of forwarding the data by the NAT gateway can be improved.
Drawings
Fig. 1 is a schematic structural diagram of a conventional data forwarding system according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a data forwarding system according to an embodiment of the present application;
fig. 3 is a schematic flow chart of a data forwarding method according to an embodiment of the present application;
fig. 4 is a schematic flow chart of a data forwarding method according to an embodiment of the present application;
fig. 5 is a schematic diagram of a data forwarding system according to an embodiment of the present application;
fig. 6 is a schematic flow chart III of a data forwarding method according to an embodiment of the present application;
fig. 7 is a schematic flow chart of a data forwarding method according to an embodiment of the present application;
fig. 8 is a flow chart diagram of a data forwarding method according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a data forwarding device according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
In the description of the present application, "/" means "or" unless otherwise indicated, for example, a/B may mean a or B. "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. Further, "at least one", "a plurality" means two or more. The terms "first," "second," and the like do not limit the number and order of execution, and the terms "first," "second," and the like do not necessarily differ.
The purpose of the NAT gateway is to enable the VPC internal host to share one or more public network IPs to access external networks (i.e. perform network source address translation (Source Network Address Translation, snap)), or the external network accesses the VPC internal host by accessing the NAT gateway (i.e. perform network destination address translation (Destination Network Address Translation, DNAT)). The network card queues, CPU cores and working threads of the single-arm NAT gateway are in one-to-one correspondence, the working threads of the double-arm NAT gateway correspond to specific CPU cores and respectively process one receiving queue of the network card 1 and one receiving queue of the network card 2. Taking a single-arm NAT gateway as an example, in the process of performing SNAT, there is a one-to-one correspondence relationship between an internal session and an external session, as shown in fig. 1, after the internal session quadruple SIP, DIP, sport, dport passes through the NAT gateway, SIP is changed to public IP, and sport is changed to a newly allocated port to form an external session quadruple. If the internal session is received by the network card receiving queue 1, the receiving queue is processed by the working thread where the CPU1 is located, but when the external session packet corresponding to the internal session returns to the NAT gateway, the external session packet is shunted to a certain receiving queue of the network card according to a receiver extension (RSS) shunting algorithm, and the queue is not necessarily the network card receiving queue 1, and may be the receiving queue 6, so that a cross-thread processing task is triggered, if a large number of cross-thread tasks occur, the NAT gateway of the multi-network card queue may access public resources, use locks, or thread scheduling, and a large number of cache failures (cache misses) occur, thereby reducing forwarding performance.
The method and the device aim to solve the problem that the forwarding performance of the NAT gateway is reduced due to the fact that internal session messages and external session messages of the NAT gateway are received by different receiving queues of the NAT gateway network card in the SNAT process, and therefore a cross-thread task is caused.
It should be noted that, the network card RSS may enable the data packets of the same quad (i.e. source IP, source port, destination IP, destination port) to be received by the same network card receiving queue, so that the data packets are processed by the working thread running on the same CPU core, thereby improving the forwarding efficiency of the working thread, and the RSS is divided into a symmetric hash algorithm and an asymmetric hash algorithm. The symmetric hashing algorithm ensures that both directions of a session are received by the same receive queue. The asymmetric hash algorithm cannot guarantee that both directions of a session will be received by the same receive queue. But the network card hardware RSS asymmetric hash algorithm can only solve the problem that the same four-element in-out flow is shunted to the same network card receiving queue.
The data forwarding method provided by the embodiment of the application can be applied to a data forwarding system. Fig. 2 shows a schematic diagram of a structure of the data forwarding system. As shown in fig. 2, the data forwarding system 20 includes: a network interface controller (network interface controller, NIC) 21 and a NAT gateway 22.
The data forwarding system 20 may be a network node, the network interface controller 21 is configured to transmit the to-be-forwarded SNAT data, and the NAT gateway 22 is configured to process the to-be-forwarded SNAT data and determine a transmit queue for forwarding the SNAT data.
A data forwarding method provided in an embodiment of the present application is described below with reference to the accompanying drawings.
As shown in fig. 3, a data forwarding method provided in an embodiment of the present application includes S201 to S204:
s201, the network address translation NAT gateway obtains source address translation SNAT data, and distributes a target Internet protocol IP address and a target port for the SNAT data.
Optionally, after receiving the SNAT data sent by the other network devices, the NAT gateway needs to allocate a destination IP address and a destination port to the SNAT data, so as to forward the SNAT data through the corresponding CPU core.
S202, determining a hash value of a five-tuple corresponding to SNAT data.
Wherein the five-tuple comprises: source IP address, source port, destination IP address, destination port, protocol.
Optionally, after the NAT gateway obtains the SNAT data, further determining information such as a source IP address, a source port, a destination IP address, a destination port, and a protocol corresponding to the SNAT data is needed, so that the source IP address, the source port, the destination IP address, the destination port, and the protocol are used as five-tuple corresponding to the SNAT data, and determining a hash value of the five-tuple corresponding to the SNAT data.
In one design, as shown in fig. 4, a method for forwarding data in the embodiment of the present application, the method in step S202 may specifically include S301 to S302:
s301, analyzing the SNAT data based on the receiver extended RSS by the NAT gateway to acquire a source IP address, a source port, a destination IP address, a destination port and a protocol.
Alternatively, as shown in fig. 5, the RSS checking method based on the NAT gateway is mainly an algorithm improvement based on the basic function of the NAT gateway. The main module is an RSS checking module, when SNAT internal messages (namely SNAT data) enter the NAT gateway, the NAT gateway distributes public network IP (namely a destination IP address) of external session and ports (namely a destination port) according to the internal session, the RSS checking module checks and calculates according to external session quintuple (namely a quintuple corresponding to SNAT data), and the fact that the external session and the internal session data messages are received by the same receiving queue of the network card is guaranteed in the maximum n times of retry checking and calculation, and if n times of retry are exceeded, the external session and the internal session data messages are not successfully executed according to the original flow.
It should be noted that RSS is a network card driving technology, which can enable the network packet receiving processing capacity across multiple processors in the multi-core system to be distributed with high efficiency. Since the processor hyper-threads of the same core share the same execution engine, this effect is different from processors with multiple physical cores. Thus, RSS cannot use a hyper-threaded processor. RSS is a shunting mechanism provided by the network card, and is used for shunting the message to different packet receiving queues, so as to improve the packet receiving performance.
Also, RSS, also known as multi-queue reception, distributes network reception processing among multiple hardware-based reception queues, allowing multiple CPUs to handle inbound network traffic. RSS can be used to alleviate receive interrupt processing bottlenecks caused by single CPU overload and reduce network latency. Its function is to issue a hash function with a predefined hash key on each incoming data packet. The hash function takes as keys the IP address, protocol (i.e. transmission control protocol (Transport Control Protocol, TCP) or user datagram protocol (User Data Protocol, UDP)) and port of the packet as five tuples and calculates the hash value.
S302, the NAT gateway processes the quintuple corresponding to the SNAT data based on a preset hash function to obtain a hash value of the quintuple corresponding to the SNAT data.
Optionally, the NAT gateway calculates a hash value corresponding to the snap data according to the five-tuple through a preset hash function.
S203, determining a target sending queue for forwarding SNAT data from the target indirect table based on the hash value, and determining whether an IP address corresponding to the target sending queue is consistent with a target IP address and a port corresponding to the target sending queue is consistent with a target port.
Optionally, an IP address and a port corresponding to each transmit queue need to be predetermined, and a target indirection table is constructed based on the IP address and the port corresponding to each transmit queue.
Optionally, after determining the hash value of the five-tuple corresponding to the SNAT data, a target transmit queue for forwarding the SNAT data may be further determined from the target indirection table based on the hash value.
Further, after determining the target sending queue for forwarding the SNAT data from the target indirect table based on the hash value, it is further required to determine whether the IP address corresponding to the target sending queue is consistent with the destination IP address, and whether the port corresponding to the target sending queue is consistent with the destination port, so as to determine whether the destination internet protocol IP address and the destination port are available for allocating the SNAT data.
Optionally, a target sending queue for forwarding the SNAT data is determined according to the value stored in the target indirection table, so that the SNAT data is forwarded through a central processing unit CPU core corresponding to the target sending queue.
It should be noted that, the key points of RSS are the selection of hash functions, the selection of hash masks, the selection of RSS keys, and the selection of hash types. A network interface controller (network interface controller, NIC) or its miniport driver uses an RSS hash function to calculate an RSS hash value; the lower order bits of the hash value and the hash mask value index target indirect table to determine which CPU core the data packet is allocated to, the target indirect table is generally written by a driver; the portion of the received network data that the designated NIC must use to calculate the RSS hash value is divided into ipv4, ipv6, tcp-ipv4, udp-ipv4, etc. NAT gateway mainly focuses on tcp-ipv, udp-ipv4; the RSS keys are used as hash factors of a hash function, hash values are calculated, and the RSS keys are divided into symmetrical RSS keys and asymmetrical RSS keys; the RSS hash type selection comprises the following steps: IP, TCP, UDP.
Optionally, the RSS checking method of the NAT gateway may specifically be: the implementation of the hash function is realized by using open source software dpdk RSS, which is also a hardware-only supported RSS hash function implementation method:
{
for(j=0;j<input_len;j++)
{
for(map=input_tuple[j];map;map&=(map-1))
{
i = rte_bsf32 (map);
ret^=((const u32*)rss_key)[j]<<(31-i)|
(u32)((u64_rss)(((const u32*)rss_key)[j+1])>>(i+1));
}
}
}
RSS key selection:
static u32rss_key_default_i40[]={0x6b793944,
0x23504cb5,0x5bea75b6,0x309f4f12,0x3dc0a2b8,
0x024ddcdf,0x339b8ca0,0x4c4af64a,0x34fac605,
0x55d85839,0x3a58997d,0x2ec938e1,0x66031581};
in one design, as shown in fig. 6, the method for determining, in step S203, a target sending queue for forwarding SNAT data from a target indirect table based on a hash value may specifically include step S401:
s401, determining target data from the hash value, and determining a sending queue for forwarding SNAT data from a target indirection table based on the target data.
The target data is the lowest N-bit data in the hash value, and N is a positive integer.
Optionally, a plurality of least significant bits of the hash value are used to index into a target indirection table, the values in the target indirection table being used to distribute the received data to the CPU. By taking the lower order bits of the hash value (i.e., the lowest N bits of data in the hash value) as an index to the target indirection table (redirection table, RETA), RETA is also known as a redirection direction table.
Wherein the least significant bit (least significant bit, LSB) refers to the 0 th (i.e., least significant) bit of a binary digit.
Specifically, the NAT gateway drives the hash function calculated by RSS to take the lower bits and divide the lower bits by the number of CPU cores, and the obtained value is passed through the target indirection table to obtain the corresponding transmit queue.
The driver generates a corresponding target indirection table according to the number of CPU cores when initializing the NAT gateway. And setting parameters such as RSS key, hash type, hash function and the like for the network card by the NAT gateway during initialization.
S204, when the IP address corresponding to the target sending queue is consistent with the target IP address and the port corresponding to the target sending queue is consistent with the target port, forwarding SNAT data through the CPU core of the central processing unit corresponding to the target sending queue.
The target indirect table is obtained based on a plurality of CPU cores corresponding to the NAT gateway.
Optionally, when it is determined that the IP address corresponding to the target transmission queue is consistent with the destination IP address and the port corresponding to the target transmission queue is consistent with the destination port, that is, it is determined that the destination internet protocol IP address and the destination port are allocated to the SNAT data, the SNAT data may be forwarded through the CPU core of the central processing unit corresponding to the transmission queue.
Illustratively, as shown in fig. 7, after receiving the SNAT data, the NAT gateway determines a hash value of a five-tuple corresponding to the SNAT data through a hash function, then determines a target send queue for forwarding the SNAT data from the target indirect table based on the index through a hash mask based on the hash value, and forwards the SNAT data through a CPU core corresponding to the target send queue.
In one design, as shown in fig. 8, in a data forwarding method provided in the embodiment of the present application, S501 may specifically further include:
s501, when the IP address corresponding to the target sending queue is determined to be inconsistent with the target IP address, or the port corresponding to the target sending queue is determined to be inconsistent with the target port, the target operation is re-executed.
Wherein the target operation comprises: the NAT gateway re-allocates a destination IP address and a destination port for SNAT data, and re-determines whether the IP address corresponding to the target sending queue is consistent with the re-allocated destination IP address, and whether the port corresponding to the target sending queue is consistent with the re-allocated destination port.
Optionally, after the internal session enters the NAT gateway, the gateway allocates a destination IP address and a destination port for the internal session, calculates a generated hash value of the external session through an RSS check function, divides the generated hash value by the number of bus threads (CPU cores or works) to obtain a value that is the ID of the current processing thread, and if yes, indicates that the RSS check is successful, and completes forwarding the snap data. If not, the SNAT data is re-allocated with the IP address and the port; and if the retry is failed for N times, the last allocated IP address and port are used for completing the forwarding of SNAT data.
The core of the application is that the software realizes the RSS hash function of the hardware, a target indirect table is generated through a working thread (CPU core), the same key is used by the RSS key used by the hardware and the software, the RSS checking calculation is carried out when the destination IP address and the destination port are distributed, and the NAT internal session data packet and the external session data packet are ensured to be received by the same receiving queue of the network card in N checking calculation. The algorithm is applied to the NAT gateway for carrying out the process of distributing public network IP and port to SNAT data, thereby effectively improving the forwarding efficiency of the NAT gateway.
The application provides a data forwarding method, when a NAT gateway obtains SNAT data, a target Internet Protocol (IP) address and a target port are distributed for the SNAT data; and then determining the hash value of the five-tuple which corresponds to the SNAT data and comprises the source IP address, the source port, the destination IP address, the destination port and the protocol. Further, determining a target sending queue for forwarding SNAT data from a target indirect table based on the hash value, and determining whether an IP address corresponding to the target sending queue is consistent with a target IP address and a port corresponding to the target sending queue is consistent with a target port; and when the IP address corresponding to the target sending queue is consistent with the target IP address and the port corresponding to the target sending queue is consistent with the target port, forwarding SNAT data through the CPU core of the central processing unit corresponding to the sending queue. According to the SNAT data forwarding method and device, the target sending queue for forwarding the SNAT data is determined from the target indirection table through the hash value of the five-tuple corresponding to the SNAT data, whether the IP address corresponding to the target sending queue is consistent with the allocated target IP address or not is further judged, and whether the port corresponding to the target sending queue is consistent with the allocated target port or not is further judged, so that the efficiency of forwarding the data by the NAT gateway can be improved.
The foregoing description of the solution provided in the embodiments of the present application has been mainly presented in terms of a method. To achieve the above functions, it includes corresponding hardware structures and/or software modules that perform the respective functions. Those of skill in the art will readily appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The embodiment of the present application may divide functional modules of a data forwarding device according to the above method examples, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules may be implemented in hardware or in software functional modules. Optionally, the division of the modules in the embodiments of the present application is schematic, which is merely a logic function division, and other division manners may be actually implemented.
Fig. 9 is a schematic structural diagram of a data forwarding device according to an embodiment of the present application. As shown in fig. 9, a data forwarding apparatus 40 is configured to improve efficiency of forwarding data by the NAT gateway, for example, to perform a data forwarding method shown in fig. 3. The data transfer device 40 includes: an acquisition unit 401, a processing unit 402, and a forwarding unit 403;
an obtaining unit 401, configured to obtain source address translation SNAT data by using a network address translation NAT gateway;
a processing unit 402, configured to allocate a destination internet protocol IP address and a destination port to the SNAT data;
the processing unit 402 is further configured to determine a hash value of a five-tuple corresponding to the snap data, where the five-tuple includes: source IP address, source port, destination IP address, destination port, protocol;
the processing unit 402 is further configured to determine, from the target indirect table, a target sending queue for forwarding the SNAT data based on the hash value, and determine whether an IP address corresponding to the target sending queue is consistent with a destination IP address, and whether a port corresponding to the target sending queue is consistent with a destination port;
and a forwarding unit 403, configured to forward, when it is determined that the IP address corresponding to the target sending queue is consistent with the destination IP address and the port corresponding to the target sending queue is consistent with the destination port, the SNAT data through the CPU core corresponding to the sending queue, where the target indirection table is obtained based on the multiple CPU cores corresponding to the NAT gateway.
In a possible implementation manner, in the data forwarding apparatus 40 provided in the embodiment of the present application, the processing unit 402 is specifically configured to parse the acquired SNAT data based on the receiver extended RSS by using the NAT gateway to obtain a source IP address, a source port, a destination IP address, a destination port, and a protocol;
the processing unit 402 is specifically configured to process the five-tuple corresponding to the SNAT data based on a preset hash function by using the NAT gateway, to obtain a hash value of the five-tuple corresponding to the SNAT data.
In a possible implementation manner, in the data forwarding apparatus 40 provided in the embodiment of the present application, the processing unit 402 is specifically configured to determine target data from the hash value, and determine, based on the target data, a sending queue for forwarding the snap data from the target indirection table, where the target data is N-bit data with the lowest hash value, and N is a positive integer.
In a possible implementation manner, in the data forwarding apparatus 40 provided in the embodiment of the present application, the processing unit 402 is further configured to re-execute the target operation when it is determined that the IP address corresponding to the target sending queue is inconsistent with the destination IP address, or that the port corresponding to the target sending queue is inconsistent with the destination port;
wherein the target operation comprises: the NAT gateway re-allocates a destination IP address and a destination port for SNAT data, and re-determines whether the IP address corresponding to the target sending queue is consistent with the re-allocated destination IP address, and whether the port corresponding to the target sending queue is consistent with the re-allocated destination port.
In the case of implementing the functions of the integrated modules in the form of hardware, the embodiments of the present application provide a possible structural schematic diagram of the electronic device involved in the above embodiments. As shown in fig. 10, an electronic device 60 is provided for improving the efficiency of NAT gateway data forwarding, such as for performing a data forwarding method as shown in fig. 3. The electronic device 60 comprises a processor 601, a memory 602 and a bus 603. The processor 601 and the memory 602 may be connected by a bus 603.
The processor 601 is a control center of the communication device, and may be one processor or a collective term of a plurality of processing elements. For example, the processor 601 may be a general-purpose central processing unit (central processing unit, CPU), or may be another general-purpose processor. Wherein the general purpose processor may be a microprocessor or any conventional processor or the like.
As one example, processor 601 may include one or more CPUs, such as CPU 0 and CPU1 shown in fig. 10.
The memory 602 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, or an electrically erasable programmable read-only memory (EEPROM), magnetic disk storage or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
As a possible implementation, the memory 602 may exist separately from the processor 601, and the memory 602 may be connected to the processor 601 through the bus 603 for storing instructions or program codes. The processor 601, when calling and executing instructions or program code stored in the memory 602, is capable of implementing a data forwarding method provided in an embodiment of the present application.
In another possible implementation, the memory 602 may also be integrated with the processor 601.
Bus 603 may be an industry standard architecture (Industry Standard Architecture, ISA) bus, a peripheral component interconnect (Peripheral Component Interconnect, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 10, but not only one bus or one type of bus.
It should be noted that the structure shown in fig. 10 does not constitute a limitation of the electronic device 60. The electronic device 60 may include more or fewer components than shown in fig. 10, or may combine certain components or a different arrangement of components.
As an example, in connection with fig. 9, the acquisition unit 401, the processing unit 402, and the forwarding unit 403 in the electronic device realize the same functions as those of the processor 601 in fig. 10.
Optionally, as shown in fig. 10, the electronic device 60 provided in the embodiment of the present application may further include a communication interface 604.
Communication interface 604 for connecting with other devices via a communication network. The communication network may be an ethernet, a radio access network, a wireless local area network (wireless local area networks, WLAN), etc. The communication interface 604 may include a receiving unit for receiving data and a transmitting unit for transmitting data.
In one design, the electronic device provided in the embodiments of the present application may further include a communication interface integrated into the processor.
From the above description of embodiments, it will be apparent to those skilled in the art that the foregoing functional unit divisions are merely illustrative for convenience and brevity of description. In practical applications, the above-mentioned function allocation may be performed by different functional units, i.e. the internal structure of the device is divided into different functional units, as needed, to perform all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
The embodiment of the application further provides a computer readable storage medium, in which instructions are stored, and when the computer executes the instructions, the computer executes each step in the method flow shown in the method embodiment.
Embodiments of the present application provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform a data forwarding method as in the method embodiments described above.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: electrical connections having one or more wires, portable computer diskette, hard disk. Random access Memory (Random Access Memory, RAM), read-Only Memory (ROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), registers, hard disk, optical fiber, portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium suitable for use by a person or persons of skill in the art.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (Application Specific Integrated Circuit, ASIC).
In the context of the present application, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the electronic device, the computer readable storage medium, and the computer program product in the embodiments of the present application may be applied to the above-mentioned method, the technical effects that can be obtained by the electronic device, the computer readable storage medium, and the computer program product may also refer to the above-mentioned method embodiments, and the embodiments of the present application are not repeated herein.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered in the protection scope of the present application.

Claims (10)

1. A method of forwarding data, the method comprising:
the network address translation NAT gateway obtains source address translation SNAT data and distributes a target Internet Protocol (IP) address and a target port for the SNAT data;
determining a hash value of a five-tuple corresponding to the SNAT data, wherein the five-tuple comprises: a source IP address, a source port, the destination IP address, the destination port and a protocol;
determining a target sending queue for forwarding the SNAT data from a target indirect table based on the hash value, and determining whether an IP address corresponding to the target sending queue is consistent with the target IP address and a port corresponding to the target sending queue is consistent with the target port;
and when the IP address corresponding to the target sending queue is determined to be consistent with the target IP address, and the port corresponding to the target sending queue is determined to be consistent with the target port, forwarding the SNAT data through a Central Processing Unit (CPU) core corresponding to the target sending queue, wherein the target indirection table is obtained based on a plurality of CPU cores corresponding to the NAT gateway.
2. The method of claim 1, wherein the determining the hash value of the five-tuple corresponding to the SNAT data comprises:
the NAT gateway analyzes the SNAT data based on the receiver extended RSS to acquire the source IP address, the source port, the destination IP address, the destination port and the protocol;
and the NAT gateway processes the five-tuple corresponding to the SNAT data based on a preset hash function to obtain a hash value of the five-tuple corresponding to the SNAT data.
3. The method of claim 1 or 2, wherein the determining a target transmit queue for forwarding the SNAT data from a target indirection table based on the hash value comprises:
determining target data from the hash value, and determining a transmitting queue for transmitting the SNAT data from the target indirect table based on the target data, wherein the target data is the lowest N-bit data in the hash value, and N is a positive integer.
4. The method according to claim 1 or 2, characterized in that the method further comprises:
when the IP address corresponding to the target sending queue is determined to be inconsistent with the target IP address or the port corresponding to the target sending queue is determined to be inconsistent with the target port, re-executing target operation;
wherein the target operation comprises: and the NAT gateway re-allocates a destination IP address and a destination port for the SNAT data, and re-determines whether the IP address corresponding to the target sending queue is consistent with the re-allocated destination IP address or not, and whether the port corresponding to the target sending queue is consistent with the re-allocated destination port or not.
5. A data forwarding device, characterized in that the data forwarding device comprises: the device comprises an acquisition unit, a processing unit and a forwarding unit;
the acquisition unit is used for acquiring the SNAT data of source address conversion by the NAT gateway of network address conversion;
the processing unit is used for distributing a destination Internet Protocol (IP) address and a destination port to the SNAT data;
the processing unit is further configured to determine a hash value of a five-tuple corresponding to the SNAT data, where the five-tuple includes: a source IP address, a source port, the destination IP address, the destination port and a protocol;
the processing unit is further configured to determine, from a target indirect table, a target sending queue for forwarding the SNAT data based on the hash value, and determine whether an IP address corresponding to the target sending queue is consistent with the destination IP address, and whether a port corresponding to the target sending queue is consistent with the destination port;
and the forwarding unit is configured to forward, when it is determined that the IP address corresponding to the target sending queue is consistent with the destination IP address and the port corresponding to the target sending queue is consistent with the destination port, the SNAT data through a central processing unit CPU core corresponding to the sending queue, where the target indirection table is obtained based on a plurality of CPU cores corresponding to the NAT gateway.
6. The data forwarding device of claim 5, wherein the processing unit is specifically configured to parse the SNAT data obtained based on receiver extended RSS by the NAT gateway to obtain the source IP address, the source port, the destination IP address, the destination port, and the protocol;
the processing unit is specifically configured to process the five-tuple corresponding to the SNAT data based on a preset hash function by using the NAT gateway, so as to obtain a hash value of the five-tuple corresponding to the SNAT data.
7. The data forwarding device according to claim 5 or 6, wherein the processing unit is specifically configured to determine target data from the hash value, and determine, based on the target data, a transmission queue for forwarding the SNAT data from the target indirection table, where the target data is lowest N-bit data in the hash value, and N is a positive integer.
8. The apparatus according to claim 5 or 6, wherein the processing unit is further configured to re-execute a target operation when it is determined that an IP address corresponding to the target transmission queue is inconsistent with the destination IP address or a port corresponding to the target transmission queue is inconsistent with the destination port;
wherein the target operation comprises: and the NAT gateway re-allocates a destination IP address and a destination port for the SNAT data, and re-determines whether the IP address corresponding to the target sending queue is consistent with the re-allocated destination IP address or not, and whether the port corresponding to the target sending queue is consistent with the re-allocated destination port or not.
9. An electronic device, comprising: a processor and a memory; wherein the memory is configured to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the electronic device, cause the electronic device to perform a data forwarding method as claimed in any of claims 1-4.
10. A computer readable storage medium storing one or more programs, wherein the one or more programs comprise instructions, which when executed by a computer, cause the computer to perform a data forwarding method according to any of claims 1-4.
CN202211625711.9A 2022-12-16 2022-12-16 Data forwarding method, device, equipment and storage medium Active CN116248590B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211625711.9A CN116248590B (en) 2022-12-16 2022-12-16 Data forwarding method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211625711.9A CN116248590B (en) 2022-12-16 2022-12-16 Data forwarding method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116248590A true CN116248590A (en) 2023-06-09
CN116248590B CN116248590B (en) 2024-05-10

Family

ID=86632098

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211625711.9A Active CN116248590B (en) 2022-12-16 2022-12-16 Data forwarding method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116248590B (en)

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101068212A (en) * 2007-06-11 2007-11-07 中兴通讯股份有限公司 Network address switching retransmitting device and method
CN101227398A (en) * 2008-01-31 2008-07-23 中兴通讯股份有限公司 Method and system for automatic adjusting application of network address conversion
JP2009159141A (en) * 2007-12-25 2009-07-16 Duaxes Corp Network address translator
CN101573994A (en) * 2006-10-23 2009-11-04 泰克迪亚科技公司 A roadside network unit using local peer groups as network groups
CN102763393A (en) * 2009-12-23 2012-10-31 思杰系统有限公司 Systems and methods for managing ports for rtsp across cores in a multi-core system
CN103269317A (en) * 2013-04-22 2013-08-28 北京百度网讯科技有限公司 Lock-free communication method and system based on SMP system
CA2842555A1 (en) * 2013-02-07 2014-08-07 The Royal Institution For The Advancement Of Learning/Mcgill University Methods and systems for network address lookup engines
CN104468412A (en) * 2014-12-04 2015-03-25 东软集团股份有限公司 RSS-based network session data packet distribution method and system
CN104518935A (en) * 2013-09-27 2015-04-15 华为技术有限公司 Method for realizing virtual network communication, device, and system
CN105871741A (en) * 2015-01-23 2016-08-17 阿里巴巴集团控股有限公司 Packet dispersion method and device
CN107347046A (en) * 2016-05-04 2017-11-14 北京化工大学 A kind of datagram header compression implementation method of cross-network segment
CN109067935A (en) * 2018-08-16 2018-12-21 深圳市风云实业有限公司 Packet message processing method and multi-core processor system
CN111447155A (en) * 2020-03-24 2020-07-24 广州市百果园信息技术有限公司 Data transmission method, device, equipment and storage medium
CN112087533A (en) * 2020-09-11 2020-12-15 北京青云科技股份有限公司 Message processing method, device, equipment and storage medium
CN113507532A (en) * 2021-08-24 2021-10-15 优刻得科技股份有限公司 Method for network address translation, corresponding server, storage medium and electronic device
CN114490039A (en) * 2021-12-30 2022-05-13 武汉思普崚技术有限公司 Network card flow secondary allocation method, system, equipment and medium for CPU load balance

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101573994A (en) * 2006-10-23 2009-11-04 泰克迪亚科技公司 A roadside network unit using local peer groups as network groups
CN101068212A (en) * 2007-06-11 2007-11-07 中兴通讯股份有限公司 Network address switching retransmitting device and method
JP2009159141A (en) * 2007-12-25 2009-07-16 Duaxes Corp Network address translator
CN101227398A (en) * 2008-01-31 2008-07-23 中兴通讯股份有限公司 Method and system for automatic adjusting application of network address conversion
CN102763393A (en) * 2009-12-23 2012-10-31 思杰系统有限公司 Systems and methods for managing ports for rtsp across cores in a multi-core system
CA2842555A1 (en) * 2013-02-07 2014-08-07 The Royal Institution For The Advancement Of Learning/Mcgill University Methods and systems for network address lookup engines
CN103269317A (en) * 2013-04-22 2013-08-28 北京百度网讯科技有限公司 Lock-free communication method and system based on SMP system
CN104518935A (en) * 2013-09-27 2015-04-15 华为技术有限公司 Method for realizing virtual network communication, device, and system
CN104468412A (en) * 2014-12-04 2015-03-25 东软集团股份有限公司 RSS-based network session data packet distribution method and system
CN105871741A (en) * 2015-01-23 2016-08-17 阿里巴巴集团控股有限公司 Packet dispersion method and device
CN107347046A (en) * 2016-05-04 2017-11-14 北京化工大学 A kind of datagram header compression implementation method of cross-network segment
CN109067935A (en) * 2018-08-16 2018-12-21 深圳市风云实业有限公司 Packet message processing method and multi-core processor system
CN111447155A (en) * 2020-03-24 2020-07-24 广州市百果园信息技术有限公司 Data transmission method, device, equipment and storage medium
CN112087533A (en) * 2020-09-11 2020-12-15 北京青云科技股份有限公司 Message processing method, device, equipment and storage medium
CN113507532A (en) * 2021-08-24 2021-10-15 优刻得科技股份有限公司 Method for network address translation, corresponding server, storage medium and electronic device
CN114490039A (en) * 2021-12-30 2022-05-13 武汉思普崚技术有限公司 Network card flow secondary allocation method, system, equipment and medium for CPU load balance

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
NIDHI VERMA: "Extending Port Forwarding Concept to IOT", 《2018 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATION CONTROL AND NETWORKING (ICACCCN)》, 1 July 2019 (2019-07-01) *
彭墨青;: "网络处理器技术比较研究", 福建电脑, no. 02, 1 February 2009 (2009-02-01) *
邹林志: "基于iptables防火墙的设计与实现", 《电脑迷》, 30 September 2018 (2018-09-30) *
陈沫: "基于网络处理器的NAT-PT转换网关的性能研究", 《系统仿真学报》, 30 June 2007 (2007-06-30) *

Also Published As

Publication number Publication date
CN116248590B (en) 2024-05-10

Similar Documents

Publication Publication Date Title
US11422839B2 (en) Network policy implementation with multiple interfaces
US10917351B2 (en) Reliable load-balancer using segment routing and real-time application monitoring
US20220214919A1 (en) System and method for facilitating efficient load balancing in a network interface controller (nic)
EP2928134B1 (en) High-performance, scalable and packet drop-free data center switch fabric
EP2928135B1 (en) Pcie-based host network accelerators (hnas) for data center overlay network
US20180234516A1 (en) Accelerated network packet processing
Rizzo Revisiting network I/O APIs: the netmap framework
US20070070901A1 (en) Method and system for quality of service and congestion management for converged network interface devices
EP2928132B1 (en) Flow-control within a high-performance, scalable and drop-free data center switch fabric
US11394804B2 (en) System and method for stateless distribution of bidirectional flows with network address translation
US20190042314A1 (en) Resource allocation
WO2020134153A1 (en) Distribution method, system and processing device
Rizzo Revisiting Network I/O APIs: The netmap Framework: It is possible to achieve huge performance improvements in the way packet processing is done on modern operating systems.
CN110602155A (en) Proxy server and method for processing data message thereof
KR100636280B1 (en) Apparatus and method for ip packet processing using network processor
KR20100032111A (en) Apparatus and method for processing fragmentation of ip packet in router for using network processor
CN110602262A (en) Router and method for processing data message thereof
CN116248590B (en) Data forwarding method, device, equipment and storage medium
WO2018057165A1 (en) Technologies for dynamically transitioning network traffic host buffer queues
WO2009093299A1 (en) Packet processing device and packet processing program
Yang et al. HEELS: A Host-Enabled eBPF-Based Load Balancing Scheme
CN116232992B (en) Data forwarding method, device, equipment and storage medium
US11271897B2 (en) Electronic apparatus for providing fast packet forwarding with reference to additional network address translation table
Zeng et al. Middlenet: A high-performance, lightweight, unified nfv and middlebox framework
US20230208913A1 (en) In-order streaming in-network computation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant