CN116743614A - Method and device for realizing high reliability of NAT gateway of NFV - Google Patents
Method and device for realizing high reliability of NAT gateway of NFV Download PDFInfo
- Publication number
- CN116743614A CN116743614A CN202310239224.7A CN202310239224A CN116743614A CN 116743614 A CN116743614 A CN 116743614A CN 202310239224 A CN202310239224 A CN 202310239224A CN 116743614 A CN116743614 A CN 116743614A
- Authority
- CN
- China
- Prior art keywords
- nfv
- nat
- nat gateway
- network element
- members
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012544 monitoring process Methods 0.000 claims abstract description 20
- 238000001514 detection method Methods 0.000 claims description 36
- 230000001360 synchronised effect Effects 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 8
- 238000013519 translation Methods 0.000 claims description 7
- 101100218648 Toxoplasma gondii (strain ATCC 50611 / Me49) BFD1 gene Proteins 0.000 claims description 5
- 238000004590 computer program Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 239000004973 liquid crystal related substance Substances 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0896—Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
Abstract
The application provides a method for realizing high reliability of an NAT gateway of NFV, which comprises the following steps: establishing a NAT gateway group, wherein the NAT gateway group is provided with a plurality of different NFV computing nodes, each NFV computing node correspondingly distributes members of the gateway group, and the members are a plurality of virtual machines; monitoring the flow, CPU and memory of the virtual machine; and when the monitoring index exceeds a preset threshold, the NFV controller reminds the client of alarming, and a new gateway group member is dynamically added in the background to expand the NAT gateway group. The method provided by the application realizes the clustering of the NAT gateway, and simultaneously realizes the continuous dropping of the session when the NAT gateway is switched through synchronizing the session. And the link fast switching between the NAT gateway and the uplink switch is realized by fast detecting the state of the NAT gateway and combining BFD, so that the problem that the flow switching packet loss time is long after the NAT gateway goes out of the problem is solved.
Description
Technical Field
The application relates to the technical field of computers, in particular to a method and a device for realizing high reliability of an NAT gateway of NFV.
Background
NAT gateway (natgtateway) is a network cloud service supporting IP address translation that can provide network address translation (networkaddress translation) for computing instances within a virtual private cloud (VirtualPrivateCloud, VPC). Allowing multiple elastic cloud hosts to share and use elastic IP access Internet (SNAT) or allowing multiple elastic cloud hosts to provide internet services (DNAT) protects private network information from direct exposure to the public network. NAT gateway is an ingress and egress of public network traffic within the VPC.
In the related art, a session without synchronizing the NAT gateway may cause the NAT gateway to lose the session during handover, and the session needs to be re-established.
Disclosure of Invention
Aiming at the existing problems, the application provides a method and a device for realizing the high reliability of an NAT gateway of NFV, and the specific technical scheme is as follows:
in a first aspect of the present application, there is provided a coroutine-based event scheduling method, the method comprising: establishing a NAT gateway group, wherein the NAT gateway group is provided with a plurality of different NFV computing nodes, each NFV computing node is correspondingly distributed with members of the gateway group, and the members are a plurality of virtual machines; monitoring the flow, CPU, memory and the like of the virtual machine; and when the monitoring index exceeds a preset threshold, the NFV controller reminds the client of alarming, and a new gateway group member is dynamically added in the background to expand the NAT gateway group.
In some embodiments, the establishing a NAT gateway group, the NAT gateway group having a plurality of different NFV computing nodes, each NFV computing node corresponding to a member of the gateway group, the member being a plurality of virtual machines, includes: designating one member in the NAT gateway group as a leader, wherein members other than the leader are members; sending multicast synchronous session information with other members by the leader; the member synchronizes session information of the member with the leader through unicast.
In some embodiments, the method further comprises:
a different type of network element is created per computing node to perform a pull-up of the network element node.
In some embodiments, the NFV controller creates a different type of network element per computing node to perform a pull-up of the network element node, comprising: the NAT network element detects whether a detection message is received or not; if the NAT network element receives the detection message, a message is replied to inform the NFV controller that the working state is normal.
In some embodiments, the NFV controller creates a different type of network element per computing node to perform a pull-up of the network element node, further comprising: and if the NAT network element does not receive the detection message, the NFV controller actively carries out off-line destroying processing on the NAT network element.
In a second aspect, the present application proposes an apparatus for implementing high reliability of a NAT gateway of NFV, including: the system comprises a basic module, a plurality of virtual machines and a Network Address Translation (NAT) gateway group, wherein the basic module is used for establishing an NAT gateway group, the NAT gateway group is provided with a plurality of different NFV computing nodes, each NFV computing node is correspondingly distributed with members of the gateway group, and the members are a plurality of virtual machines; the monitoring module is used for monitoring the flow, the CPU, the memory and the like of the virtual machine; and the capacity expansion module is used for reminding the client of alarming when the monitoring index exceeds a preset threshold value, and dynamically adding new gateway group members in the background to expand the NAT gateway group.
In some embodiments, the base module further comprises: the designating module is used for designating one member in the NAT gateway group as a leader, and the other members are members; the synchronization module is used for sending multicast session information to synchronize session information with other members by the leader; and the unicast module is used for synchronizing session information of the unicast module with the leader member through unicast.
In some embodiments, the apparatus further comprises: and the loop back port and the physical leaf equipment interface start BFD detection, wherein the BFD detection is used for determining that a fault point exists between the intelligent network card and the NAT network element when the NAT network element fails and BFD1 detection of the uplink leaf switch to the intelligent network card is in a normal state.
In some embodiments, the apparatus further comprises: the detection module is used for determining whether the NAT network element receives a detection message or not; and the reply module is used for enabling the NAT network element to receive the detection message, and replying a message to inform the NFV controller that the working state of the NFV controller is normal.
In some embodiments, further comprising: and the starting module is used for creating different types of network elements according to each computing node to pull up the network element nodes.
In a third aspect of the embodiment of the present application, there is provided an electronic device, including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method steps set forth in the first aspect of the embodiments of the present application.
In a fourth aspect of the embodiment of the present application, there is provided a computer readable storage medium storing a computer program, where the computer program when executed by a processor implements the method steps set forth in the first aspect of the embodiment of the present application.
The application provides a method for realizing high reliability of an NAT gateway of NFV, which comprises the following steps: establishing a NAT gateway group, wherein the NAT gateway group is provided with a plurality of different NFV computing nodes, each NFV computing node is correspondingly distributed with members of the gateway group, and the members are a plurality of virtual machines; monitoring the flow, CPU, memory and the like of the virtual machine; and when the monitoring index exceeds a preset threshold, the NFV controller reminds the client of alarming, and a new gateway group member is dynamically added in the background to expand the NAT gateway group. The application provides a method for realizing the high reliability of the NAT gateway of NFV, which is used for realizing the clustering of the NAT gateway and realizing the continuous dropping of the session when the NAT gateway is switched through synchronizing the session. And the link fast switching between the NAT gateway and the uplink switch is realized by fast detecting the state of the NAT gateway and combining BFD, so that the problem that the flow switching packet loss time is long after the NAT gateway goes out of the problem is solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a schematic diagram of an electronic device in a hardware operating environment according to an embodiment of the present application;
fig. 2 is a flowchart of steps of a method for implementing high reliability of a NAT gateway for NFV according to an embodiment of the present application.
Detailed Description
In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of the application will be rendered by reference to the appended drawings and appended detailed description. It will be apparent that the described embodiments are some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
If session of the AT gateway is not synchronized, session loss is caused when the virtual network element performs active-standby switching, and the session needs to be re-established when the traffic is switched to the standby NAT gateway, so that a user can obviously perceive service interruption and re-establishment. Because the session quantity of the NAT gateway is more, the RBM technology is used on the traditional hardware equipment to realize the synchronization of session on the main equipment and the standby equipment, and the RBM technology is used for synchronizing depending on TCP, so that more synchronous messages on the main equipment and the standby equipment can be synchronized, a special synchronous line is generally used for synchronizing, the deployment requirement is very high, only 2 main equipment and standby equipment are generally supported, and the method is not suitable for the NFV network element scene of public cloud. Session sessions without synchronized NAT gateway can cause NAT gateway to lose session during handoff, and re-establish session.
Because the NAT gateway is deployed by using the NFV virtual machine, when the internal of the virtual machine fails, the physical network card on the server cannot be DOWN, and thus the connected switch cannot sense the failure of the NAT gateway at the first time, and the traffic originally sent to the NAT gateway is sent to the virtual machine with the failure through the original path, so the traffic is lost. Even if the virtual machine is found to be faulty on the NFV control platform to perform active switching, the connected switch will not switch the traffic to the standby NAT gateway until ARP is aged out, so that the packet loss time is over a few seconds. The NAT gateway does not have fast aware switching capability resulting in longer packet loss times.
Based on this, the present application proposes a method and apparatus for implementing high reliability of NFV NAT gateway, so as to improve the above-mentioned problems.
Some of the terms mentioned in the present application will be briefly described below.
Abbreviation and key term definitions
SDN (software defined network)
OVS (virtual switch)
NFV (network function virtualization)
NAT (network Address translation)
VXLAN (virtual XtensibleLAN, extensible virtual local area network)
SNAT: and converting the source address, and supporting a plurality of cloud hosts in the VPC to actively access the Internet through the same public network IP. The method can be used for constructing a VPC public network outlet, and users share and use the elastic IP to access the Internet so as to flexibly support a plurality of deployment modes. Through SNAT function of NAT gateway, resources without public network IP in VPC can access public network directly.
DNAT: and the destination address conversion is used for mapping the private network IP, the protocol and the port of the cloud host in the VPC into the public network IP, the protocol and the port, so that the service on the cloud host can be accessed by the external network user. The DNAT port-level forwarding function is provided, so that the service on the cloud can easily provide service for the Internet, and a large number of elastic public network IP is saved.
The scheme of the application is further described below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an electronic device in a hardware running environment according to an embodiment of the present application.
As shown in fig. 1, the electronic device may include: a processor 1001, such as a central processing unit (CentralProcessingUnit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The memory 1005 may be a high-speed random access memory (RandomAccessMemory, RAM) or a stable nonvolatile memory (Non-VolatileMemory, NVM), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Those skilled in the art will appreciate that the structure shown in fig. 1 is not limiting of the electronic device and may include more or fewer components than shown, or may combine certain components, or may be arranged in different components.
As shown in fig. 1, an operating system, a data storage module, a network communication module, a user interface module, and an electronic program may be included in the memory 1005 as one type of storage medium.
In the electronic device shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the electronic device of the present application may be provided in the electronic device, and the electronic device invokes, through the processor 1001, a method for implementing the high reliability of the NAT gateway of NFV stored in the memory 1005, and executes a method for implementing the high reliability of the NAT gateway of NFV provided by the embodiment of the present application.
Referring to fig. 2, based on the foregoing hardware running environment, an embodiment of the present application provides a method for implementing high reliability of a NAT gateway of NFV, which specifically includes the following steps:
s201: and establishing a NAT gateway group, wherein the NAT gateway group is provided with a plurality of different NFV computing nodes, each NFV computing node is correspondingly distributed with members of the gateway group, and the members are a plurality of virtual machines.
And designating to pull up a NAT gateway group on the NFV controller, wherein the members of the NAT gateway are distributed on different NFV computing nodes to provide an address together for the outside, so that traffic load can be shared on each member forming the NAT gateway group in an equivalent routing mode.
S202: and monitoring the flow, the CPU, the memory and the like of the virtual machine.
S203: and when the monitoring index exceeds a preset threshold, the NFV controller reminds the client of alarming, and a new gateway group member is dynamically added in the background to expand the NAT gateway group.
All the members in one NAT gateway group are dynamically pulled up and destroyed by the NFV controller, and the NFV controller monitors the flow, CPU, memory and other aspects of each virtual machine of the NAT gateway group. The system is responsible for counting all network element nodes and collecting and reporting the statistics to an operation and maintenance or product monitoring system, and is used for deploying sys-agents at the nodes such as the network element nodes and obtaining related statistics from ovs, dpos and lb, wherein the statistics comprise bbs, pps, cpu, subnet, connection number and other levels of messages, delay and packet loss statistics, meanwhile, statistics information of netprobe and DTC can be written into an ES, and after all statistics data are read from the ES, the vnet-controllers are responsible for giving the data to the operation and maintenance system for display through kafka.
If one index exceeds 80% of the specification, the NFV controller reminds the client of alarming, the client should purchase a new NAT network element node, and the background dynamically pulls up new gateway group members to expand the gateway group, thereby preferentially ensuring the flow stability of the client and prompting the client to purchase the new expanded network element node.
The member in NAT gateway group is appointed by NFV controller as a leader, other members are used as members. Multicast and other member synchronization session information is sent by the leader once every 60 seconds. Other members synchronize their session information with the leader through unicast. After all the information of the leader is received by the Member, the Member actively sends session information more than the leader locally to the leader. The session information is not actively sent among the members of the members, so that the number of messages for synchronizing the session information in the gateway group can be greatly reduced. When a failure of a leader is detected by the NFV controller, the NFV controller designates another member as a new leader to synchronize session information with other members. The message content format of the synchronization specific synchronization is as follows:
| Index | content | Updating a record point |
| 01 | 10 pieces of Session information | 001 |
The index is used as the sequence number of 10 session, the content is the session information of the specific session, and the updated record point is used as the record of session update. And when the Session is synchronized for the first time, transmitting the specific content of 10 pieces of Session information, and simultaneously recording an updated recording point to the opposite side. And only the index number and the previous updated record point need to be sent as long as the session content is unchanged. If the 10 Session contents change locally, the Session contents and the updated record point +1 which are specifically updated are sent when the Session contents are updated, so that the opposite party can update the corresponding Session information and record the new updated record point. Thus, the interaction quantity of the messages can be reduced.
In some embodiments, the establishing a NAT gateway group, the NAT gateway group having a plurality of different NFV computing nodes, each NFV computing node corresponding to a member of the gateway group, the member being a plurality of virtual machines, includes: designating one member in the NAT gateway group as a leader, wherein members other than the leader are members; sending multicast synchronous session information with other members by the leader; the member synchronizes session information of the member with the leader through unicast.
In some embodiments, the method further comprises:
a different type of network element is created per computing node to perform a pull-up of the network element node.
In some embodiments, the NFV controller creates a different type of network element per computing node to perform a pull-up of the network element node, comprising: the NAT network element detects whether a detection message is received or not; if the NAT network element receives the detection message, a message is replied to inform the NFV controller that the working state is normal.
The FV controller creates different types of network elements according to each computing node to pull up the network element node, and simultaneously sends a detection message to the following NAT network element every second to ensure the normal state of the network element, so that the virtual machine is prevented from entering a false dead state, and the NAT network element immediately replies a message to inform the NFV controller that the working state of the network element is normal once receiving the detection message. And once the detection reply message is not received, the NFV controller actively carries out off-line destroying treatment on the NAT network element. And a new NAT network element is pulled up on the new computing node to ensure the load of the service, so that the number of the clients to purchase is reached. Since the newly pulled NAT gateway does not have the previous service session, 10 is added to the cost value of the VTEP address of the newly pulled NAT gateway, the newly pulled NAT gateway is waited to join the service session before the NAT cluster is desynchronized, and after the service session is completed, the cost value of the VTEP address is restored to default, so that the traffic is shared to the newly pulled NAT gateway node.
In some embodiments, the NFV controller creates a different type of network element per computing node to perform a pull-up of the network element node, further comprising: and if the NAT network element does not receive the detection message, the NFV controller actively carries out off-line destroying processing on the NAT network element.
In a second aspect, the present application proposes an apparatus for implementing high reliability of a NAT gateway of NFV, including: the system comprises a basic module, a plurality of virtual machines and a Network Address Translation (NAT) gateway group, wherein the basic module is used for establishing an NAT gateway group, the NAT gateway group is provided with a plurality of different NFV computing nodes, each NFV computing node is correspondingly distributed with members of the gateway group, and the members are a plurality of virtual machines; the monitoring module is used for monitoring the flow, the CPU, the memory and the like of the virtual machine; and the capacity expansion module is used for reminding the client of alarming when the monitoring index exceeds a preset threshold value, and dynamically adding new gateway group members in the background to expand the NAT gateway group.
In some embodiments, the base module further comprises: the designating module is used for designating one member in the NAT gateway group as a leader, and the other members are members; the synchronization module is used for sending multicast session information to synchronize session information with other members by the leader; and the unicast module is used for synchronizing session information of the unicast module with the leader member through unicast.
Because the flow coming out of the NAT network element is the flow added with vxlan encapsulation, after the NAT network element fails, the network card of the server cannot be in a DOWN state, and the leaf physical equipment accessed in the uplink cannot sense the failure of the NAT network element through the state of the physical link, so that the flow cannot be quickly switched from the failed NAT network element to other network elements which normally work.
In some embodiments, the apparatus further comprises: and the loop back port and the physical leaf equipment interface start BFD detection, wherein the BFD detection is used for determining that a fault point exists between the intelligent network card and the NAT network element when the NAT network element fails and BFD1 detection of the uplink leaf switch to the intelligent network card is in a normal state.
In some embodiments, the apparatus further comprises: the detection module is used for determining whether the NAT network element receives a detection message or not; and the reply module is used for enabling the NAT network element to receive the detection message, and replying a message to inform the NFV controller that the working state of the NFV controller is normal.
A dedicated loopback port and physical leaf device interface on the NAT network element initiates BFD detection (BFD 2), which needs to be implemented on the leaf device to mount to the next hop of all vxlan associated with the NAT network element. And simultaneously, an interface and a Leaf switch are started on the intelligent network card (or the Linuxbridge) to establish BFD detection (BFD 1), and the BFD detection is mounted on a physical network port of the Leaf equipment connected with the server. Therefore, when the NAT network element fails, BFD2 detection from the NAT network element to an uplink leaf switch is suspended, and BFD1 detection from the uplink leaf switch to an intelligent network card (or a Linuxbridge) indicates that the failure point is from the intelligent network card to the NAT network element if the failure point is in a normal state, and the service of other network element nodes can not be influenced, so that the service on the NAT network element is only switched to other NAT network elements, and the specific operation is that the next hop of all vxlan which is mounted before and related to the NAT network element is removed on the switch, because the VTEP of the NAT network element is an equivalent route, the flow can be automatically cut to other NAT network elements. The uplink leaf switch can quickly sense the failure of the NAT network element, and can quickly switch the vxlan traffic pointing to the NAT network element to other NAT network elements. And the NFV controller newly pulls up a node for the NAT network element according to the content in the last step.
When BFD1 detects that the link from the switch to the intelligent network card is dropped, the uplink leaf switch immediately drops the port connected with the physical server, and thus the route is switched to other servers.
Through the steps, the elastic capacity expansion of the NAT gateway and the rapid detection state of the NAT gateway can be realized, the flow interruption time in the switching process can be ensured to be in the millisecond level, the session is ensured not to be lost, and the user can not sense the switching of the flow completely
In some embodiments, further comprising: and the starting module is used for creating different types of network elements according to each computing node to pull up the network element nodes.
Based on the same inventive concept, an embodiment of the present application further provides an electronic device, including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the aforementioned method.
Based on the same inventive concept, embodiments of the present application also provide a computer-readable storage medium storing a computer program, the computer program being executed by a processor to perform the aforementioned method.
Based on the same inventive concept, embodiments of the present application also provide a computer program product, which when being processed, implements the aforementioned method.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the application may take the form of a computer program product on one or more computer-usable vehicles having computer-usable program code embodied therein, including but not limited to disk storage, CD-ROM, optical storage, and the like.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create a system for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. "and/or" means either or both of which may be selected. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The foregoing has outlined rather broadly the more detailed description of the method and apparatus of the present application in order that the detailed description of the principles and embodiments of the application may be implemented in conjunction with the present application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
Claims (10)
1. A method for implementing high reliability of a NAT gateway for NFV, the method comprising the steps of:
establishing a NAT gateway group, wherein the NAT gateway group is provided with a plurality of different NFV computing nodes, each NFV computing node is correspondingly distributed with members of the gateway group, and the members are a plurality of virtual machines;
monitoring the flow, CPU and memory of the virtual machine;
and when the monitoring index exceeds a preset threshold, the NFV controller reminds the client of alarming, and a new gateway group member is dynamically added in the background to expand the NAT gateway group.
2. The method for implementing high reliability of NFV NAT gateway according to claim 1, wherein the establishing a NAT gateway group, the NAT gateway group having a plurality of different NFV computing nodes, each NFV computing node corresponding to a member of the gateway group, the member being a plurality of virtual machines, comprises:
designating one member in the NAT gateway group as a leader, wherein members other than the leader are members;
sending multicast synchronous session information with other members by the leader;
the member synchronizes session information of the member with the leader through unicast.
3. The method for achieving high reliability of a NAT gateway for NFV according to claim 2, further comprising:
a different type of network element is created per computing node to perform a pull-up of the network element node.
4. The method for implementing high reliability of NAT gateway for NFV according to claim 3, wherein the NFV controller creates different types of network elements per computing node to perform pull-up of the network element nodes, comprising:
the NAT network element detects whether a detection message is received or not;
if the NAT network element receives the detection message, a message is replied to inform the NFV controller that the working state is normal.
5. The method for implementing high reliability of NFV NAT gateway according to claim 4, wherein the NFV controller creates different types of network elements per computing node to perform pull-up of the network element nodes, further comprising:
and if the NAT network element does not receive the detection message, the NFV controller actively carries out off-line destroying processing on the NAT network element.
6. An apparatus for implementing high reliability of a NAT gateway for NFV, comprising:
the system comprises a basic module, a plurality of virtual machines and a Network Address Translation (NAT) gateway group, wherein the basic module is used for establishing an NAT gateway group, the NAT gateway group is provided with a plurality of different NFV computing nodes, each NFV computing node is correspondingly distributed with members of the gateway group, and the members are a plurality of virtual machines;
the monitoring module is used for monitoring the flow, the CPU and the memory of the virtual machine;
and the capacity expansion module is used for reminding the client of alarming when the monitoring index exceeds a preset threshold value, and dynamically adding new gateway group members in the background to expand the NAT gateway group.
7. The apparatus for achieving high reliability of NAT gateway for NFV according to claim 6, wherein the base module further comprises:
the designating module is used for designating one member in the NAT gateway group as a leader, and the other members are members;
the synchronization module is used for sending multicast session information to synchronize session information with other members by the leader;
and the unicast module is used for synchronizing session information of the unicast module with the leader member through unicast.
8. The apparatus for achieving high reliability of a NAT gateway for NFV according to claim 7, further comprising:
and the loop back port and the physical leaf equipment interface start BFD detection, wherein the BFD detection is used for determining that a fault point exists between the intelligent network card and the NAT network element when the NAT network element fails and BFD1 detection of the uplink leaf switch to the intelligent network card is in a normal state.
9. The apparatus for achieving high reliability of a NAT gateway for NFV according to claim 8, further comprising:
the detection module is used for determining whether the NAT network element receives a detection message or not;
and the reply module is used for enabling the NAT network element to receive the detection message, and replying a message to inform the NFV controller that the working state of the NFV controller is normal.
10. The apparatus for achieving high reliability of a NAT gateway for NFV according to claim 9, further comprising:
and the starting module is used for creating different types of network elements according to each computing node to pull up the network element nodes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310239224.7A CN116743614A (en) | 2023-03-08 | 2023-03-08 | Method and device for realizing high reliability of NAT gateway of NFV |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310239224.7A CN116743614A (en) | 2023-03-08 | 2023-03-08 | Method and device for realizing high reliability of NAT gateway of NFV |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116743614A true CN116743614A (en) | 2023-09-12 |
Family
ID=87903282
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310239224.7A Pending CN116743614A (en) | 2023-03-08 | 2023-03-08 | Method and device for realizing high reliability of NAT gateway of NFV |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116743614A (en) |
-
2023
- 2023-03-08 CN CN202310239224.7A patent/CN116743614A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110912780B (en) | High-availability cluster detection method, system and controlled terminal | |
| KR101523457B1 (en) | System and method for session restoration at geo-redundant gateways | |
| EP1697843B1 (en) | System and method for managing protocol network failures in a cluster system | |
| US10367680B2 (en) | Network relay apparatus, gateway redundancy system, program, and redundancy method | |
| US10560550B1 (en) | Automatic configuration of a replacement network device in a high-availability cluster | |
| US10917289B2 (en) | Handling network failures in networks with redundant servers | |
| CN106453120B (en) | A kind of dynamic cluster method and system | |
| CN109861867B (en) | MEC service processing method and device | |
| CN110971698A (en) | Data forwarding system, method and device | |
| EP2733907B1 (en) | Method, local gateway, and system for local voice survivability | |
| CN106878072B (en) | Message transmission method and device | |
| CN113328916B (en) | BFD detection mode switching method, device and equipment | |
| CN108540386B (en) | Method and device for preventing service flow interruption | |
| WO2020057445A1 (en) | Communication system, method, and device | |
| CN112367182B (en) | Configuration method and device of disaster recovery main and standby equipment | |
| CN113169895A (en) | N +1 redundancy for virtualization services with low latency failover | |
| CN111182022A (en) | Data transmission method and device, storage medium and electronic device | |
| CN104160667A (en) | Method, Device, and System for Dual-Uplink Tangent Ring Convergence | |
| CN112583708B (en) | Connection relation control method and device and electronic equipment | |
| CN111835684B (en) | Network isolation monitoring method and system for haproxy equipment | |
| CN114301842B (en) | Route searching method and device, storage medium, processor and network system | |
| CN116743614A (en) | Method and device for realizing high reliability of NAT gateway of NFV | |
| CN111835544B (en) | Monitoring method and system of virtual router based on user mode protocol stack | |
| CN112104531B (en) | Backup implementation method and device | |
| CN114301763A (en) | Distributed cluster fault processing method and system, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |