CN116938829A

CN116938829A - Data forwarding method and related equipment

Info

Publication number: CN116938829A
Application number: CN202210356338.5A
Authority: CN
Inventors: 王少岩; 郜忠华; 阮涵
Original assignee: Huawei Cloud Computing Technologies Co Ltd
Current assignee: Huawei Cloud Computing Technologies Co Ltd
Priority date: 2022-04-06
Filing date: 2022-04-06
Publication date: 2023-10-24
Also published as: WO2023193432A1

Abstract

The application provides a data forwarding method, which is executed by a computing device with a network card, wherein the computing device deploys an instance of a virtual gateway, and the method comprises the following steps: the network card receives a forwarding table of a data stream provided by the virtual gateway, determines a forwarding path of an Nth data packet in the data stream by using the forwarding table, and forwards the Nth data packet based on the forwarding path of the Nth data packet. According to the method, the computing resources consumed by the virtual gateway are unloaded to the network card, so that the CPU resource consumption of the gateway service is reduced, the power consumption of the whole gateway service is reduced, the cost of the gateway service is greatly reduced, and the service requirement is met. In addition, the method forwards through the network card hardware, and does not need to forward through gateway software, so that the forwarding performance is improved.

Description

Data forwarding method and related equipment

Technical Field

The present application relates to the field of computer networks, and in particular, to a data forwarding method, a computing device, a network card, a computer readable storage medium, and a computer program product.

Background

To meet the diversity demands of users on the network, virtualized networks have evolved. Virtualized networks refer to networks constructed by network virtualization techniques, also known as virtual networks. Where network virtualization is the conversion of a hardware-based network into a software-based network. Network virtualization allows network functions, hardware resources, and software resources to be delivered independently of hardware. For example, network virtualization may be used to consolidate many physical networks or to further subdivide one physical network. In this way, the flexibility and reliability of the service provider for providing the service are improved.

Various instances of virtual gateways may be deployed in a virtualized network to meet the needs of different services. For example, an instance of an elastic load balancing (Elastic Load Balancing, ELB) gateway may be deployed in a virtualized network to enable extending application system out-of-service capabilities through traffic distribution and eliminating single point of failure to promote application system availability. For another example, an instance of a network address translation (Network Address Translation, NAT) gateway, such as a public network NAT gateway, may be deployed in the virtualized network to translate private internet protocol (Internet Protocol, IP) addresses to public network IP addresses and securely access the public network or provide services to the outside through the public network IP addresses.

The services provided by the virtual gateways described above may typically be carried through a gateway cluster. The gateway cluster may deploy software of corresponding functions to provide corresponding gateway services. To meet the large bandwidth and high rate forwarding requirements of the network, software often uses a Polling (Polling) mechanism when implemented such that the central processor (central processing unit, CPU) is in full operation. Therefore, the gateway service has larger power consumption and higher cost.

Disclosure of Invention

The application provides a data forwarding method, which reduces the CPU resource consumption of gateway service by unloading the computing resource consumed by a virtual gateway to a network card, thereby reducing the power consumption of the whole gateway service, greatly reducing the cost of the gateway service and meeting the service requirement. In addition, the method forwards through the network card hardware, and does not need to forward through gateway software, so that the forwarding performance is improved. The application also provides a computing device, a network card, a computer readable storage medium and a computer program product corresponding to the data forwarding method.

In a first aspect, the present application provides a data forwarding method. The method is applied to a computing device with a network card, wherein the computing device deploys an instance of the virtual gateway. Specifically, the network card receives a forwarding table of a data stream provided by the virtual gateway, then uses the forwarding table to determine a forwarding path of an nth data packet in the data stream, wherein N is greater than 1, and then forwards the nth data packet based on the forwarding path of the nth data packet.

In the method, the virtual gateway unloads the consumed computing resources to the network card, so that the CPU resource consumption of the gateway service is reduced, the power consumption of the whole gateway service is reduced, the cost of the gateway service is greatly reduced, and the service requirement is met. In addition, the method forwards through the network card hardware, and does not need to forward through gateway software, so that the forwarding performance is improved.

In some possible implementations, the virtual gateway determines the forwarding path based on a first packet in the data flow. Therefore, the subsequent data packets in the data stream can be directly forwarded by the network card based on the forwarding path, so that the forwarding efficiency is improved, and the forwarding cost is reduced.

In some possible implementations, the network card may process the nth data packet and forward the processed nth data packet. Therefore, the network card replaces the virtual gateway to realize corresponding gateway service, and the service requirement is met. And the network card does not need to report the data packet to the virtual gateway, and after being processed by the virtual gateway, the data packet after being processed is sent to the network card and then is forwarded by the network card, so that the forwarding path is shortened and the forwarding cost is reduced.

In some possible implementations, the network card may modify the source address of the nth data packet, thereby implementing network address translation to meet the requirement of accessing the network through the public network IP. The network card can update the destination address of the nth data packet according to the destination address of the forwarding path, in particular the modified destination address in the forwarding path, thereby meeting the load balancing requirement.

In the method, the network card can realize the functions of the virtual gateway such as the network address conversion gateway or the elastic load balancing gateway according to the forwarding table, thereby meeting the service requirement, and the processing through the network card has higher processing efficiency.

In some possible implementations, the network card may receive, through an offload channel, a forwarding table of the data flow provided by the virtual gateway. The unloading channel is a channel special for unloading computing resources to the network card. The network card receives the forwarding table of the data flow provided by the virtual gateway through the unloading channel, so that data isolation can be realized, and the safety is ensured.

In some possible implementations, the network card deletes the forwarding table of the data stream. For example, after the data stream is forwarded, the forwarding table of the data stream is deleted, so that the storage space of the network card is saved, and the storage overhead of the network card is reduced.

In some possible implementations, the virtual gateway may instruct the network card to delete the forwarding table of the data flow. For example, the virtual gateway may lower a delete instruction, instructing the network card to delete the forwarding table of the data stream. Therefore, the network card can respond to the deleting instruction to delete the forwarding table of the data stream, thereby saving the storage space of the network card and reducing the storage overhead of the network card.

In some possible implementations, the forwarding table includes a source address, a destination address, and a next hop address. Therefore, the network card can match the meta information of the data packet, such as the source address, the destination address and the table entry in the forwarding table, and when the meta information of the data packet hits in the forwarding table, the network card can forward according to the next hop address in the table entry in the forwarding table. Thus, the forwarding path is shortened, and the forwarding efficiency is improved.

Further, the forwarding table may further include a source port number and a destination port number. Correspondingly, the network card can match the meta information of the data packet, such as the source address, the destination address, the source port number, the destination port number and the table entry in the forwarding table, so as to determine the next-hop address, and the network card can forward according to the next-hop address. Thus, the forwarding path is shortened, and the forwarding efficiency is improved.

In some possible implementations, the network card queries the forwarding table according to meta information of the nth data packet to obtain a forwarding path of the nth data packet in the data stream. The forwarding path is a fast path, and the network card forwards data according to the fast path, so that the forwarding efficiency is improved.

In a second aspect, the present application provides a computing device. The computing device has a network card, and the computing device deploys an instance of the virtual gateway. The network card is used for receiving a forwarding table of a data stream provided by the virtual gateway, determining a forwarding path of an Nth data packet in the data stream by using the forwarding table, and forwarding the Nth data packet based on the forwarding path of the Nth data packet, wherein N is larger than 1.

In some possible implementations, the virtual gateway is further configured to:

the forwarding path is determined based on a first data packet in the data stream.

In some possible implementations, the network card is specifically configured to:

and processing the Nth data packet and forwarding the processed Nth data packet.

modifying the source address of the nth packet; or alternatively, the process may be performed,

and updating the destination address of the Nth data packet according to the destination address of the forwarding path.

and the network card receives a forwarding table of the data stream provided by the virtual gateway through an unloading channel.

In some possible implementations, the network card is further configured to:

And deleting the forwarding table of the data flow.

In some possible implementations, the virtual gateway is further configured to:

and indicating the network card to delete the forwarding table of the data stream.

In some possible implementations, the forwarding table includes a source address, a destination address, and a next hop address.

and inquiring the forwarding table according to the meta information of the Nth data packet to obtain a forwarding path of the Nth data packet in the data stream.

In a third aspect, the present application provides a network card. The network card may be an intelligent network card. The network card includes at least one processor and at least one memory. The at least one processor and the at least one memory are in communication with each other. The at least one processor is configured to execute instructions stored in the at least one memory to cause the network card to perform steps performed by the network card as in the first aspect or in a data forwarding method in any implementation of the first aspect.

In a fourth aspect, the present application provides a computer readable storage medium having stored therein instructions for instructing a computing device to execute the data forwarding method according to the first aspect or any implementation manner of the first aspect.

In a fifth aspect, the present application provides a computer program product comprising instructions which, when run on a computing device or cluster of computing devices, cause the computing device to perform the data forwarding method of any implementation of the first aspect or the first aspect described above.

Further combinations of the present application may be made to provide further implementations based on the implementations provided in the above aspects.

Drawings

In order to more clearly illustrate the technical method of the embodiments of the present application, the drawings used in the embodiments will be briefly described below.

Fig. 1 is a system architecture diagram of a data forwarding system according to an embodiment of the present application;

fig. 2 is a system architecture diagram of another data forwarding system according to an embodiment of the present application;

fig. 3 is an interaction flow chart of a data forwarding method according to an embodiment of the present application;

fig. 4 is an interaction flow chart of a data forwarding method according to an embodiment of the present application;

fig. 5 is a schematic flow chart of a data forwarding method according to an embodiment of the present application;

fig. 6 is a hardware configuration diagram of a network card according to an embodiment of the present application.

Detailed Description

The terms "first", "second" in embodiments of the application are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature.

Some technical terms related to the embodiments of the present application will be described first.

Virtualized networks refer to networks constructed by network virtualization techniques, also known as virtual networks. Where network virtualization is the conversion of a hardware-based network into a software-based network. Network virtualization allows network functions, hardware resources, and software resources to be delivered independently of hardware. For example, network virtualization may be used to consolidate many physical networks or to further subdivide one physical network. In this way, the flexibility and reliability of the service provider for providing the service are improved.

A gateway (gateway), also known as an intersystem connector, a protocol converter, is typically a device that implements network interconnections above the network layer. The virtual gateway may be a gateway in a virtualized network. Virtual gateways can generally be used for network interconnections where two higher layer protocols are different. The functions of the virtual gateway described above may be implemented by gateway software. Specifically, at least one gateway software may be deployed in the computer cluster, so as to provide a corresponding gateway service and implement a corresponding gateway function. The computer cluster in which the gateway software described above is deployed is also referred to as a gateway cluster. Various virtual gateways, such as ELB gateways and NAT gateways, can be deployed in a gateway cluster of a virtualized network to meet the requirements of different services.

Gateway software deployed in a gateway cluster typically employs a polling (polling) mechanism to meet the large bandwidth and high rate forwarding requirements of the network. Polling is specifically a way for the CPU to decide how to provide services to the peripheral devices, also known as "Programmed I/O". Specifically, the CPU issues a query at regular time, sequentially queries whether each peripheral device needs its service, gives the service if it needs, and then queries the next peripheral device after the service is finished, and then repeats.

However, the above solution makes the CPU in a complete operation state, which results in greater power consumption and higher cost of the gateway service.

In view of this, the embodiment of the application provides a data forwarding method. The method may be performed by a computing device. The computing device has a network card, and further, the computing device deploys an instance of a virtual gateway, such as an instance of an ELB gateway or an instance of a NAT gateway.

Specifically, the network card receives a forwarding table of a data flow provided by a virtual gateway (for example, the virtual gateway on one or more nodes in a gateway cluster), determines a forwarding path of an nth data packet in the data flow by using the forwarding table, wherein N is greater than 1, and then forwards the nth data packet based on the forwarding path of the nth data packet.

According to the method, the computing resources consumed by the virtual gateway are unloaded to the network card, so that the CPU resource consumption of the gateway service is reduced, the power consumption of the whole gateway service is reduced, the cost of the gateway service is greatly reduced, and the service requirement is met. In addition, the method forwards through the network card hardware, and does not need to forward through gateway software, so that the forwarding performance is improved.

The virtual gateway of the embodiment of the application can be deployed in a physical resource pool or a virtual resource pool. The physical resource pool is a resource pool formed by a physical machine (such as a computing device of a physical server and the like), and the virtual resource pool is a resource pool which is formed by virtualizing the physical machine and can be scheduled according to the need. When the virtual gateway is deployed in the physical resource pool, the instance of the virtual gateway directly runs in the physical machine. When the virtual gateway is deployed in the virtual resource pool, an instance of the virtual gateway runs in a virtual machine on the physical machine.

In order to make the technical solution of the present application clearer and easier to understand, a computing device according to an embodiment of the present application is described below with reference to the accompanying drawings.

Referring to the architecture diagram of computing device 10 shown in fig. 1, computing device 10 has an instance of virtual gateway 100 deployed therein, computing device 10 further comprising network card 200. In the example of fig. 1, an instance of the virtual gateway 100 is deployed in a physical resource pool, and the instance of the virtual gateway 100 is specifically formed by deploying gateway software such as ELB APP or NAT APP directly on a physical machine in the physical resource pool.

In this embodiment, the virtual gateway 100 and the network card 200 may cooperatively complete forwarding of the data stream. Specifically, the virtual gateway 100 may receive a first packet of the data flow from the network card 200, determine a forwarding path of the packet, and forward the first packet according to the forwarding path. In addition, the network card 200 receives a forwarding table of the data flow provided by the virtual gateway 100, where the forwarding table includes forwarding paths of data packets in the data flow. The network card 200 receives the nth packet of the data stream, where N is greater than 1, and then may directly determine a forwarding path of the nth packet in the data stream using the forwarding table, and forward the nth packet based on the forwarding path of the nth packet.

The nth packet of the data flow is directly forwarded through the hardware of the network card 200, and is not required to be forwarded through the virtual gateway 100 software, so that the forwarding efficiency is high, and therefore, the path of the network card 200 for forwarding the packet is also called a fast path. Correspondingly, the path through which the virtual gateway 100 forwards the data packet is also referred to as a slow path. Therefore, the forwarding efficiency can be accelerated as much as possible, and the forwarding performance is improved.

Fig. 1 illustrates one architecture of a computing device 10. Embodiments of the present application also provide another architecture for computing device 10. Under this architecture, instances of virtual gateway 100 are deployed in a virtual resource pool, implementing data forwarding by cooperating with network card 200. Another architecture of computing device 10 is described below.

Referring to the architecture diagram of the computing device 10 shown in fig. 2, the computing device 10 includes a virtual resource pool, specifically a uniformly schedulable resource pool formed by virtualizing physical resources such as CPUs. One or more virtual machines may be included in the virtual resource pool. FIG. 2 illustrates that computing device 10 includes multiple virtual machines. Instances of virtual gateway 100 may be deployed on virtual machines of computing device 10. For example, ELB gateway software, i.e., ELB APP, may be run on one virtual machine of computing device 10 to deploy instances of ELB gateways, and NAT gateway software, i.e., NAT APP, may be run on another virtual machine to deploy instances of NAT gateways. Thus, the virtual gateway 100 with different functions can be isolated, and the security is ensured. In the example of fig. 2, computing device 10 has a network card 200. The network card 200 receives the forwarding table of the data stream provided by the virtual gateway 100, then the network card 200 uses the forwarding table to determine the forwarding path of the nth data packet in the data stream, and then the network card 200 forwards the nth data packet based on the forwarding path of the nth data packet.

The specific implementation of forwarding a data stream by the computing device 10 shown in fig. 2 may be described with reference to fig. 1, and will not be described herein.

Having described the architecture of computing device 10, a data forwarding method according to an embodiment of the present application is described below with reference to the accompanying drawings.

Referring to the flow chart of the data forwarding method shown in fig. 3, the method is performed by the computing device 10, the computing device 10 deploys an instance of the virtual gateway 100, and the computing device 10 includes a network card 200, the method comprising:

s302: the virtual gateway 100 receives the first packet of the data stream from the network card 200.

In particular, a data flow is an abstraction of data that has some common feature or attribute over the same network for the same period of time. For example, packets accessing the same address for the same period of time may be considered a data stream. The data stream may include a plurality of data packets, and the plurality of data packets included in the data stream may be request data packets from the terminal or response data packets from the server at the back end. For example, in the context of accessing a web page, the data stream may include a plurality of hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP) request packets generated by the terminal in response to a user-triggered web page browsing operation, or a plurality of response packets generated by the server in response to a user's request. The response data packet may carry text or image, audio, video and other multimedia information.

In some embodiments, the network card 200 receives packets of the data stream in sequence and provides the first packet of the data stream to the virtual gateway 100. For example, the network card 200 may sequentially receive the request packet sent by the terminal and report the first request packet to the virtual gateway 100, so that the virtual gateway 100 determines a forwarding path and forwards the request packet. For another example, the network card 200 may sequentially receive the response data packet sent by the server and report the first response data packet to the virtual gateway 100, so that the virtual gateway 100 determines a forwarding path and forwards the response data packet.

The data packet is not limited to the request data packet or the response data packet between the terminal and the server, but may be an instant communication data packet transmitted between the terminal and the terminal, or a service data packet transmitted between the server and the server.

S304: virtual gateway 100 determines a forwarding path based on the first packet in the data flow.

S306: the virtual gateway 100 forwards the first packet according to the forwarding path.

Specifically, the virtual gateway 100 may determine the forwarding path of the previous first packet by using the CPU polling method, and then forward the first packet of the data flow according to the forwarding path. It should be noted that, the virtual gateway 100 may be a gateway with a specific function, for example, the virtual gateway 100 may be an ELB gateway, or a NAT gateway, and the virtual gateway may further process a first packet of the data flow, and then forward the processed first packet according to the forwarding path.

In some possible implementations, the virtual gateway 100 is an ELB gateway, and the virtual gateway 100 may determine a load balancing server from a plurality of load balancing servers, then modify the destination address of the first data packet to be the IP address of the load balancing server, and determine a forwarding path to the load balancing server, and forward the modified first data packet according to the forwarding path.

In other possible implementations, the virtual gateway is a NAT gateway, the virtual gateway 100 may modify the source address of the first packet, for example, modify the source address of the first packet to be a public IP address, and the virtual gateway 100 may determine a forwarding path for the first packet and forward the modified first packet according to the forwarding path.

S308: the virtual gateway 100 provides the forwarding table of the data stream to the network card 200.

Each virtual gateway 100 has respective processing logic. For example, the ELB gateway may select a backend server for forwarding according to the accessed virtual network address (virtual Internet Protocol, VIP) and according to a configured load balancing algorithm. The virtual gateway 100 may generate a Forwarding Table (Forwarding Table) for the data flow based on the processing logic described above.

The processing logic of the data stream may include match logic. Further, the processing logic of the data stream may also include an action (action) indication. I.e. the processing logic of the data stream may comprise matching logic and an action indication. Wherein the processing logic of the data stream may be represented by a forwarding table.

The forwarding table includes a source address, a destination address and a next hop address, and further, the forwarding table may further include a source port number and a destination port number, where the source address, the destination address, the source port number or the destination port number may be used to match meta information of the data packet (such as a tuple including the source address and the destination address of the data packet), so as to determine the next hop address of the data packet. Further, the forwarding table may further include an action instruction for the data packet, so as to process the data packet according to the action instruction, and forward the processed data packet.

The forwarding table may be further abstracted into a flow table (flow table). The flow table is an abstraction of the data forwarding function of the network device. In the traditional network device, the data forwarding of the switch and the router needs to rely on a two-layer medium access control (Media Access Control, MAC) address forwarding table or a three-layer IP address routing table stored in the device, and the flow table used in the application also integrates network configuration information of each layer in the network, so that richer rules can be used when the data forwarding is performed.

Specifically, the flow table is a set of policy entries for the data flow, and is responsible for searching and forwarding the data packet. The flow table includes a series of flow entries. The flow table entry includes a source address, a destination address, and a next hop address. In some embodiments, the flow entry may also include a source port number and a destination port number, so that exact matching may be achieved. Note that, when the network card 200 supports large-scale fuzzy matching with masks, the flow entry may not include the source port number and the destination port number. Therefore, the method can avoid expanding into an accurate flow table, greatly reduce the number of the flow tables of the routing service, and support a larger service scale.

In some embodiments, the flow table entry may include a header field and an action table. The header fields and action tables are described in detail below.

The header field includes a source address (e.g., source IP) and a destination address (e.g., destination IP). Further, the source address may also include a source MAC address. The destination address may also include a destination MAC address. In addition, the header field may also include a source port number and a destination port number. The header field includes the identification of the link layer, network layer or transport layer, and based on the identification, the fast matching of the data packet can be realized.

The action table is used to indicate how to process the matched data packet after it is received. Each flow entry may correspond to zero to multiple actions. If no forwarding actions are defined, packets matching the flow entry header fields will be discarded by default. In addition, when multiple actions are included in the same flow entry, the multiple actions may have different priorities.

The actions of the flow table entry can be divided into two categories, the requisite actions and the optional actions. Among the requisite actions include forwarding to a physical port or reserved port (e.g., ALL, CONTROLLER, TABLE, IN _ PORT, ANY, LOCAL, NORMAL, FLOOD), dropping. Optional actions include forwarding to virtual ports, queuing, or modification. Queuing refers to forwarding a data packet to a forwarding sequence corresponding to an output port, so as to provide support for quality of service (quality of service, QOS). The modification may include modifying a source MAC address, modifying a destination MAC address, modifying a source IP address, modifying a destination IP address, or modifying an IP ToS bit.

In some possible implementations, multiple instances of virtual gateway 100 may be deployed in computing device 10, and accordingly, network card 200 in computing device 10 may maintain a flow table for each virtual gateway 100 separately to store processing logic for the data flows for the different virtual gateways 100 separately.

S310: the network card 200 receives the nth packet of the data stream.

Specifically, the network card 200 may continue to receive the nth request packet of the data stream sent by the terminal after receiving the first packet of the data stream, or continue to receive the nth response packet of the data stream sent by the server, where N is greater than 1.

Similar to S302, the nth packet is not limited to the request packet or the response packet between the terminal and the server, but may be an instant communication packet transmitted between the terminal and the terminal, or a service packet transmitted between the server and the server.

S312: the network card 200 queries the forwarding table according to the meta information of the nth data packet, and obtains a forwarding path of the nth data packet in the data stream.

The meta information is metadata of the data packet, and the metadata is data describing the data. In this embodiment, the meta information of the data packet may include one or more of a source address and a destination address of the data packet. Further, the source information of the data packet may further include one or more of a source port number and a destination port number of the data packet.

Specifically, the network card 200 may query a forwarding table or a flow table carrying processing logic according to meta information of an nth data packet, and when the meta information hits in the forwarding table or the flow table, that is, when the meta information matches an entry in the forwarding table or a flow entry in the flow table, the network card 200 may determine a forwarding path of the nth data packet according to the entry in the forwarding table or the entry in the flow table. For example, the network card 200 may obtain the forwarding path of the nth packet according to the action table of the flow entry. The forwarding path may include a next hop address of the data packet.

S314: the network card 200 forwards the nth packet based on the forwarding path of the nth packet.

For the nth data packet, the network card 200 can directly use the forwarding path of the nth data packet in the data stream determined from the forwarding table to forward the nth data packet, without reporting to the virtual gateway 100 for forwarding, thereby realizing forwarding of the data packet in a hardware mode and improving forwarding performance.

When the processing logic further includes an action instruction, the network card 200 may further execute a corresponding action on the nth data packet according to the action instruction before forwarding the nth data packet according to the forwarding path of the nth data packet. For example, for a packet requiring load balancing, the action indication may be to modify the destination address according to the forwarding path, such as modifying the destination IP, and the network card 200 may modify the destination IP of the nth packet according to the action indication, and then forward the modified nth packet according to the forwarding path. For another example, for a packet requiring network address translation, the action indication may be to modify a source address, such as to modify a source IP, and the network card 200 may modify the source IP of the nth packet according to the action indication, and then forward the modified packet according to the forwarding path.

In this embodiment, the nth packet in the data stream may be transmitted to the network card 200 by the source node (e.g., a terminal), and then forwarded to the destination node (e.g., a server) according to the forwarding path after the network card 200 directly determines the forwarding path by querying the forwarding table. Because the forwarding process does not pass through the virtual gateway 100, the turnaround time of the nth packet in the data stream in the network can be reduced, and the forwarding performance can be improved.

In some possible implementations, the virtual gateway 100 may further issue a delete instruction, thereby instructing the network card 200 to delete the forwarding table of the data stream. The network card 200 may delete the forwarding table of the data stream in response to a deletion instruction issued by the virtual gateway 100. When the forwarding table is abstracted into a flow table, the flow table entry of the flow table may further include a counter, and the counter may count data packets in the data flow. The network card 200 may acquire a counter after receiving the deletion instruction, and when the count of the data packet in the counter indicates the last data packet of the data packet as a data stream, the network card 200 may delete the forwarding table after forwarding the data packet.

Based on the above description, the embodiment of the application provides a data forwarding method. In the method, the virtual gateway 100 can provide the forwarding table of the data flow for the network card 200, the network card 200 can determine the forwarding path of the Nth data packet in the data flow by using the forwarding table, and forward the Nth data packet according to the forwarding path, so that the calculation resources consumed by the virtual gateway 100 are unloaded to the network card 200, the CPU resource consumption of gateway service is reduced, the power consumption of the whole gateway service is reduced, the cost of the gateway service is greatly reduced, and the service requirement is met. In addition, the method forwards through the network card hardware, and does not need to forward through gateway software, so that the forwarding performance is improved.

The embodiment shown in fig. 3 illustrates the forwarding of multiple data packets in a data stream by the same computing device 10, and in some possible implementations, multiple data packets in a data stream may also be forwarded by different computing devices 10. For example, as traffic scales up, packets in a data stream may be migrated from one computing device 10 to another computing device 10. For ease of description, embodiments of the present application refer to computing device 10 before migration as a first computing device and computing device 10 after migration as a second computing device.

Referring to the flow chart of the data forwarding method shown in fig. 4, the method includes:

and S402, the first computing device forwards the data packets to be processed in the data stream and the forwarding table of the data stream to the second computing device.

The data packet to be processed may be an nth data packet in the data stream, where N is greater than 1. For example, 10 data packets may be included in the data stream, and the first computing device may forward the remaining 6 th to 10 th data packets to the second computing device after processing the first 5 data packets in the data stream, and processing may continue by the second computing device.

The first computing device may also forward a forwarding table of the data stream to the second computing device in order to facilitate continued processing by the second computing device. In this way, the second computing device can directly process the data packet to be processed in the data stream according to the forwarding table of the data stream, without reporting the data packet from the network card 200 of the second computing device to the virtual gateway 100, thereby improving the processing efficiency of the data stream.

S404: the network card 200 of the second computing device determines the forwarding path of the data packet to be processed using the forwarding table of the data flow.

Specifically, the second computing device may query a forwarding table of the data flow according to meta information of the data packet to be processed, and obtain a forwarding path of the data packet to be processed in the data flow. The meta information of the data packet may include a source address and a destination address of the data packet, and further, the meta information of the data packet may further include a source port number and a destination port number. The second computing device may determine, from the forwarding table, an entry matching the meta information according to the meta information, thereby obtaining a forwarding path of the data packet to be processed. The forwarding path includes the next hop address of the data packet to be processed.

S406: the network card 200 of the second computing device processes the data packet to be processed.

The forwarding table may further include an action instruction, and the second computing device may process the data packet to be processed according to the action instruction. For example, the network card 200 of the second computing device may modify the source address of the data packet to be processed, and obtain the modified data packet, so as to implement NAT. For another example, the network card 200 of the second computing device may modify the destination point of the data packet to be processed according to the destination address in the forwarding table, specifically the modified destination address, so as to obtain the processed data packet, so as to implement load balancing.

It should be noted that, S406 is an optional step, and the data forwarding method according to the embodiment of the present application may not be executed in S406. For example, when the virtual gateway 100 of the second computing device is used to route a data packet to be processed in the data stream, S406 may not be executed, and the data packet may be directly forwarded.

S408: the network card 200 of the second computing device forwards the processed data packet based on the forwarding path.

In particular, the forwarding path may include a next hop address of the data packet to be processed. The network card 200 of the second computing device may forward the processed data packet to a device corresponding to the next hop address according to the next hop address of the data packet to be processed in the forwarding path. It should be noted that, when the second computing device does not execute S406, the network card 200 of the second computing device may forward the data packet to be processed in the data stream based on the forwarding path.

The flow of the data forwarding method according to the embodiment of the present application is described above. In order to facilitate understanding of the technical scheme of the present application, the following is an example description in connection with an application scenario of a virtual resource pool.

Referring to the flow chart of the data forwarding method shown in fig. 5, the method specifically includes the following steps:

First, responding to a request of purchasing gateway service by a user, and creating a virtual machine with corresponding specification by a service management platform according to the request of the user.

Specifically, the request for purchasing the gateway service carries the specification of the gateway service that the user requests to purchase. The specification may include the architecture, frequency, and memory size of the CPU. The request of the gateway service may further include a type of the gateway service, for example, ELB or NAT. The service management platform may select a node matching the above specification according to a request of a user, create a virtual machine, and deploy corresponding gateway software in the virtual machine, thereby implementing the function of the virtual gateway 100.

It should be noted that the service management platform may also create a virtual switch (vswitch) to implement the exchange of data packets between the gateway and the network card.

In this embodiment, the virtual gateway 100 deployed in the virtual machine may issue an operator instruction to the network card through the offload engine, and the network card 200 may create a flow table corresponding to the virtual gateway 100. The network card 200 creates a flow table for the same virtual gateway 100. The flow table is specifically an initialized flow table.

In the second step, when a data packet (for example, the first packet of the data stream) arrives at the virtual gateway 100, the virtual gateway 100 may process the data packet according to the corresponding processing logic, and forward the processed data packet, and the virtual gateway 100 may also issue the processing logic to the network card 200 through the gateway offload channel.

As shown in fig. 5, the first packet of the data stream may be forwarded through the virtual gateway 100, the virtual switch, and the network card 200. Specifically, after the first packet of the data flow reaches the network card 200, the network card 200 transmits the first packet of the data flow to the virtual switch through a data channel between the network card 200 and the virtual switch, and then the virtual switch reports the first packet of the data flow to the virtual gateway 100, and the virtual gateway 100 can determine a forwarding path through CPU polling and forward the first packet of the data flow according to the forwarding path. When forwarding the first packet of the data stream, the first packet is generally sent to the virtual switch based on the channel between the virtual gateway 100 and the virtual switch, and then sent to the network card 200 by the virtual switch through the channel between the virtual switch and the network card 200, and the network card 200 forwards the first packet to the next hop.

The virtual gateway 100 may learn the processing logic from the forwarding process of the first packet of the data stream and issue the processing logic to the network card 200, so that the network card 200 may update the flow table according to the processing logic. The network card 200 may update a gateway flow table (a flow table for implementing gateway services) according to processing logic.

In the present embodiment, the gateway offload channel is a channel between the virtual gateway 100 and the network card 200 for offloading computing resources of the virtual gateway 100. The virtual gateway 100 and the network card 200 have physical functions (physical function, pf), each of which can be extended by virtual functions (vf), wherein each vf is typically attached to a pf. The gateway offload channel in this embodiment may be a channel formed based on the vf of the virtual gateway 100 and the vf of the network card 200. In other possible implementations of the embodiment of the present application, the gateway offload channel may also multiplex other existing channels, which is not limited in this embodiment.

It should be noted that, since the virtual gateway 100 is disposed in the virtual machine, the virtual gateway 100 may also learn a downstream (RX) flow table and an upstream (TX) flow table, and send the RX flow table and the TX flow table to the network card 200 through the virtual machine unloading channel. In this way, the network card 200 can process the data packet according to the RX flow table and the TX flow table, so as to reduce the overhead between the network card 200 and the virtual switch.

Third, when the subsequent data packet (such as the non-first packet of the data stream) arrives at the network card 200, the network card 200 queries the stream table, modifies the data packet according to the Action in the stream table, and directly sends the modified data packet from the network card 200 after the modification is completed.

As shown in fig. 5, when a non-first packet of a data stream arrives at the network card 200, the network card 200 does not need to report the data packet, but directly queries a stream table, for example, a RX stream table/TX stream table, and a gateway stream table of the corresponding virtual gateway 100 according to meta information of the data packet, so as to obtain processing logic. When the processing logic includes an Action (Action) indication, the network card 200 may modify the data packet according to the Action and directly send the modified data packet to the outside.

Fourth step: in response to a request of deleting the purchased gateway service from the user, the virtual gateway 100 in the virtual machine issues a deletion instruction to the network card 200 through the offload engine, and the network card 200 deletes the operator and the flow table according to the deletion instruction.

Specifically, when the network card 200 receives the deletion instruction, it may determine whether the currently processed data packet is the last data packet according to the counter in the flow table entry, if so, after all the data packets of the data flow are forwarded, deleting the corresponding operator and the flow table.

It should be noted that, the network card 200 may identify the last data packet through the counter, and delete the corresponding operator and the flow table after the last data packet finishes forwarding, which is only one implementation manner of deleting the operator and the flow table according to the deletion instruction, and in other possible implementation manners of the embodiment of the present application, the network card 200 may set the expected transmission completion time, and delete the corresponding operator and the flow table after the expected transmission completion time arrives.

Based on the above description, the embodiment of the application provides a data forwarding method. On one hand, the method realizes that part of computing resources consumed by the virtual gateway 100 are unloaded to the network card 200 by learning processing logic from some data packets of the data stream, such as a first packet, and transmitting the processing logic to the network card 200, saves CPU (Central processing Unit) resource occupation and power consumption of gateway services, and achieves the performance exceeding the gateway software transmission through network card hardware transmission. On the other hand, since the network card 200 has higher single-stream forwarding capability, the problem that the CPU single-core capability is limited, so that the large image stream (continuous stream of transmitting a large amount of data, such as data stream generated by data migration, performed through the network link) cannot be handled can be solved. In addition, in the method, the non-first packet message can be directly forwarded by the network card 200 without software processing, thereby greatly reducing the overhead of a virtualization layer.

Based on the data forwarding method provided by the embodiment of the present application, the embodiment of the present application further provides a computing device 10 as described above. The computing device 10 provided by embodiments of the present application will be described below with reference to the accompanying drawings.

Referring to the schematic structural diagram of the computing device 10 shown in fig. 1 or fig. 2, the computing device 10 includes a virtual gateway 100 and a network card 200;

a virtual gateway 100, configured to provide a forwarding table of a data stream to the network card 200;

the network card 200 is configured to determine a forwarding path of an nth data packet in a data stream using a forwarding table, and forward the nth data packet based on the forwarding path of the nth data packet.

In some possible implementations, the virtual gateway 100 is further configured to:

In some possible implementations, the network card 200 is specifically configured to:

In some possible implementations, the network card 200 is further configured to:

and deleting the forwarding table of the data flow.

The computing device 10 according to the embodiment of the present application may correspond to performing the method described in the embodiment of the present application, and the above and other operations and/or functions of each component of the computing device 10 (such as the virtual gateway 100 or the network card 200) are respectively for implementing the corresponding flow of each method in the embodiment shown in fig. 3 and fig. 4, and are not described herein for brevity.

The embodiment of the application also provides a network card 200. The network card 200 may be an intelligent network card for processing data packets in a data stream based on processing logic provided by the virtual gateway 100. The network card 200 may be used to perform the method steps performed by the network card 200 in the computing device 10 shown in fig. 1 or 2.

Fig. 6 provides a schematic diagram of the structure of the network card 200, and as shown in fig. 6, the network card 200 includes a bus 601, a processor 602, a communication interface 603, and a memory 604. The processor 602, the memory 604 and the communication interface 603 communicate with each other via a bus 601.

The bus 601 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, or the like. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 6, but not only one bus or one type of bus.

The processor 602 may be any one or more of a central processing unit (central processing unit, CPU), a graphics processor (graphics processing unit, GPU), a Microprocessor (MP), or a digital signal processor (digital signal processor, DSP).

The communication interface 603 is used for communication with the outside. For example, the communication interface 603 is configured to receive a forwarding table of a data flow provided by the virtual gateway 100, or forward an nth data packet based on a forwarding path of the nth data packet, or the like.

The memory 604 may include volatile memory (RAM), such as random access memory (random access memory). The memory 604 may also include a non-volatile memory (ROM), such as a read-only memory (ROM), a flash memory, a Hard Disk Drive (HDD), or a solid state drive (solid state drive, SSD).

The memory 604 stores computer readable instructions that are executed by the processor 602 to cause the network card 200 to perform the steps of the data forwarding method described above (or to implement the functions of the network card 200 described above) performed by the network card 200.

The embodiment of the application also provides a computer readable storage medium. The computer readable storage medium may be any available medium that can be stored by a computing device or a data storage device such as a data center containing one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), etc. The computer-readable storage medium includes instructions that instruct the computing device 10 to perform the data forwarding method described above.

The embodiment of the application also provides a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on computing device 10, produces, in whole or in part, a flow or function in accordance with embodiments of the present application. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computing device, or data center to another website, computing device, or data center by a wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer program product may be a software installation package that can be downloaded and executed on a computing device in the event that any of the aforementioned data forwarding methods are desired.

The descriptions of the processes or structures corresponding to the drawings have emphasis, and the descriptions of other processes or structures may be referred to for the parts of a certain process or structure that are not described in detail.

Claims

1. A data forwarding method, characterized by being applied to a computing device with a network card, the computing device deploying an instance of the virtual gateway; the method comprises the following steps:

the network card receives a forwarding table of the data stream provided by the virtual gateway;

the network card uses the forwarding table to determine a forwarding path of an Nth data packet in the data stream, wherein N is greater than 1;

the network card forwards the Nth data packet based on the forwarding path of the Nth data packet.

2. The method according to claim 1, characterized in that the method comprises:

the virtual gateway determines the forwarding path based on a first data packet in the data flow.

3. The method according to claim 1 or 2, wherein said forwarding said nth data packet comprises:

4. A method according to claim 3, wherein said processing said nth packet comprises:

5. The method according to any one of claims 1 to 4, wherein the network card receiving a forwarding table of a data flow provided by the virtual gateway comprises:

6. The method according to any one of claims 1 to 5, further comprising:

and deleting the forwarding table of the data stream by the network card.

7. The method of claim 6, wherein the method further comprises:

and the virtual gateway instructs the network card to delete the forwarding table of the data stream.

8. The method according to any of claims 1 to 7, wherein the forwarding table comprises a source address, a destination address and a next hop address.

9. The method according to any one of claims 1 to 8, wherein the network card determining a forwarding path of an nth data packet in the data flow using the forwarding table, comprising:

and the network card queries the forwarding table according to the meta information of the Nth data packet to obtain a forwarding path of the Nth data packet in the data stream.

10. A computing device, wherein the computing device has a network card, the computing device deploying an instance of the virtual gateway; the network card is configured to receive a forwarding table of a data flow provided by the virtual gateway, determine a forwarding path of an nth data packet in the data flow by using the forwarding table, and forward the nth data packet based on the forwarding path of the nth data packet, where N is greater than 1.

11. A network card, wherein the network card has a processor and a memory;

the processor executes the computer program of the memory to cause the network card to perform the method of any one of claims 1 to 9.

12. A computer-readable storage medium comprising computer-readable instructions; the computer readable instructions are for implementing the method of any one of claims 1 to 9.

13. A computer program product comprising computer readable instructions; the computer readable instructions are for implementing the method of any one of claims 1 to 9.