CN116980476A - Communication method and related product - Google Patents

Communication method and related product Download PDF

Info

Publication number
CN116980476A
CN116980476A CN202210423516.1A CN202210423516A CN116980476A CN 116980476 A CN116980476 A CN 116980476A CN 202210423516 A CN202210423516 A CN 202210423516A CN 116980476 A CN116980476 A CN 116980476A
Authority
CN
China
Prior art keywords
service
network agent
virtual channel
channel
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210423516.1A
Other languages
Chinese (zh)
Inventor
张伟
张永明
黄毽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Cloud Computing Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Cloud Computing Technologies Co Ltd filed Critical Huawei Cloud Computing Technologies Co Ltd
Priority to CN202210423516.1A priority Critical patent/CN116980476A/en
Priority to PCT/CN2023/079651 priority patent/WO2023202241A1/en
Publication of CN116980476A publication Critical patent/CN116980476A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/561Adding application-functional data or data for application control, e.g. adding metadata

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Library & Information Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides a communication method and related products, the method comprises the following steps: the method comprises the steps that a first network proxy establishes a first virtual channel on a communication channel between the first network proxy and a second network proxy, wherein the first network proxy is responsible for accessing a first service, the second network proxy is responsible for accessing a second service, the first virtual channel is used for transmitting a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, and the identifier of the current first virtual channel is a first identifier. The first network agent then changes the identity of the first virtual channel from the first identity to a second identity, wherein the second identity has a length that is less than the length of the first identity. Therefore, more business data can be carried in the communication message transmitted through the first virtual channel, so that the communication efficiency between the first service and the second service can be improved.

Description

Communication method and related product
Technical Field
The application relates to the technical field of cloud computing, in particular to a communication method and related products.
Background
In a cloud computing scenario, the scale of an application is continuously growing, one application often consists of a plurality of application services, and the plurality of application services are called by a service mesh technology (service mesh). Based on the service grid technology, communication needs to be realized between the application service of the client and the application service of the server through the client proxy and the server proxy, which increases the communication time delay between the application service of the client and the application service of the server.
In order to reduce the communication delay between the two, the main modes currently adopted are as follows: (1) a new application layer protocol is used between the client agent and the server agent, for example: the second edition of hypertext transfer protocol (hypertext transfer protocol, http 2), low-delay internet connection (quick user datagram protocol internet connection) protocol based on user datagram protocol and proxy protocol (proxy protocol) are used for proxy default application layer protocol, namely application layer protocol negotiated by application service of client and application service of server, so that the number of times of establishing transmission control protocol (transmission control protocol, TCP) connection between the application service of client and the application service of server is reduced, and communication delay between the client and the application service of server is reduced. (2) The kernel protocol connection multiplexing (kernel connection multiplexer, KCM) protocol is used to increase the rate at which the application service of the client and the application service of the server send and receive TCP messages, thereby reducing the communication latency between the two. However, both of the above methods have a problem of limited range of use.
Therefore, how to improve the communication efficiency between application services remains an urgent problem to be solved.
Disclosure of Invention
The application provides a communication method and related products, which can improve the communication efficiency between services.
In a first aspect, the present application provides a method of communication, the method comprising: the first network agent establishes a first virtual channel on a communication channel between the first network agent and the second network agent, wherein the first network agent is responsible for accessing a first service, the second network agent is responsible for accessing a second service, the first virtual channel is used for transmitting a communication message between the first service and the second service, and the communication message carries an identifier of the first virtual channel, and the identifier of the current first virtual channel is a first identifier. The first network agent then changes the identity of the first virtual channel from the first identity to a second identity, wherein the second identity has a length that is less than the length of the first identity. Therefore, more business data can be carried in the communication message transmitted through the first virtual channel, so that the communication efficiency between the first service and the second service can be improved.
In a possible implementation manner of the first aspect, the second identifier is an identifier of a second virtual channel on the communication channel.
In a possible implementation manner of the first aspect, the first network agent changes the identity of the first virtual channel from the first identity to the second identity when one or more of the following conditions are met: the priority of the service data transmitted on the first virtual channel is higher than the priority of the service data transmitted on the second virtual channel, and the efficiency of the service data transmission on the first virtual channel is lower than the efficiency of the service data transmission on the second virtual channel. Therefore, the service on the second virtual channel can be ensured not to be greatly influenced after the identifier of the first virtual channel is changed from the first identifier to the second identifier.
In a possible implementation manner of the first aspect, the second network agent stores a first mapping relationship between an identifier of the first virtual channel and an identifier of the second service, where the first mapping relationship is used to instruct the second network agent to forward traffic data from the first virtual channel to the second service. Therefore, after the second network agent receives the communication message from the first virtual channel, the service data in the message can be determined to be forwarded to the second service based on the identification of the first virtual channel in the message, that is, the second network agent can forward the service data in the message to the second service without analyzing the service data in the message, so that the sending efficiency of the service data is improved, and the communication efficiency between the first service and the second service is improved.
In a possible implementation manner of the first aspect, the first network agent stores a second mapping relationship between the identifier of the first virtual channel and the identifier of the first service, where the second mapping relationship is used to instruct the first network agent to forward the traffic data from the first virtual channel to the first service. The first network agent changes the identifier of the first virtual channel from the first identifier to the second identifier, including: the first network agent changes the identity of the first virtual channel in the second mapping relationship from the first identity to the second identity. Therefore, after the first network agent receives the communication message from the first virtual channel, the service data in the message can be determined to be forwarded to the first service based on the identification of the first virtual channel in the message, that is, the first network agent can forward the service data in the message to the first service without analyzing the service data in the message, so that the sending efficiency of the service data is improved, and the communication efficiency between the first service and the second service is improved.
In a possible implementation manner of the first aspect, the modifying, by the first network agent, the identifier of the first virtual channel in the second mapping relationship from the first identifier to the second identifier includes: the first network agent sends an identification change request to the second network agent, wherein the identification change request is used for instructing the second network agent to change the identification of the first virtual channel in the first mapping relation from the first identification to the second identification. The first network agent then changes the identity carried in the communication message sent to the second network agent via the first virtual channel from the first identity to the second identity. The first network agent then receives an identity change response returned by the second network agent and changes an identity for forwarding traffic data from the first virtual channel to the first service from the first identity to the second identity based on the identity change response. In this manner, the identity of the first virtual channel may be altered without affecting the use of the first virtual channel to transmit communication messages.
In a possible implementation manner of the first aspect, the communication channel is a TCP channel, and the method further includes, before the first network agent establishes the first virtual channel on the communication channel with the second network agent: the first network agent sends a TCP connect message to the second network agent to establish the communication channel.
In another possible implementation manner of the first aspect, the communication channel is a TCP channel, and the method further includes, before the first network agent establishes the first virtual channel on the communication channel with the second network agent: the first network agent establishes the communication channel based on the TCP connection message sent by the second network agent. In this way, it is possible to realize that a service (first service) in the public network accesses a service (second service) in the private network.
In a possible implementation manner of the first aspect, the establishing, by the first network agent, a first virtual channel on a communication channel with a second network agent includes: and responding to the message sent by the first service, and establishing a first virtual channel by the first network proxy, wherein the message sent by the first service does not bear the service data sent by the first service to the second service. As such, the first service and the second service may communicate using an application layer protocol, such as MySQL, which requires the first service (client) to be pushed by the second service (server) to send traffic data to it.
In a possible implementation manner of the first aspect, the establishing, by the first network agent, a first virtual channel on a communication channel with a second network agent includes: the first network agent sends a virtual connection message to the second network agent through the communication channel, wherein the virtual connection message comprises an identifier of the first virtual channel and an identifier of the second service, and the virtual connection message is used for indicating the second network agent to establish the communication channel with the second service. Thus, when the first virtual channel is established, the second network agent is automatically triggered to establish a communication channel with the second service.
In a second aspect, the present application provides a method of communication applied to a container system comprising a first container, a second container, and a first network proxy and a second network proxy as described in any of the foregoing first aspects and implementations of the first aspect. Wherein the first container runs a first service; the second container running a second service; the method comprises the steps that a first network proxy establishes a first virtual channel on a communication channel between the first network proxy and a second network proxy, wherein the first network proxy is responsible for accessing a first service, the second network proxy is responsible for accessing a second service, the first virtual channel is used for transmitting a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, and the identifier of the current first virtual channel is a first identifier; the first network agent changes the identity of the first virtual channel from a first identity to a second identity, wherein the length of the second identity is less than the length of the first identity. Therefore, more business data can be carried in the communication message transmitted through the first virtual channel, so that the communication efficiency between the first service and the second service can be improved.
In a possible implementation manner of the second aspect, the communication channel is a TCP channel, and before the first network agent establishes the first virtual channel on the communication channel with the second network agent, the method further includes: the first network agent sends a TCP connect message to the second network agent to establish the communication channel.
In a possible implementation manner of the second aspect, the communication channel is a TCP channel, and before the first network agent establishes the first virtual channel on the communication channel with the second network agent, the method further includes: the second network agent sends TCP connection information to the first network agent to establish the communication channel.
In a possible implementation manner of the second aspect, the establishing, by the first network agent, a first virtual channel on a communication channel with the second network agent includes: and responding to the message sent by the first service, and establishing a first virtual channel by the first network proxy, wherein the message sent by the first service does not bear the service data sent by the first service to the second service. As such, the first service and the second service may communicate using an application layer protocol, such as MySQL, which requires the first service (client) to be pushed by the second service (server) to send traffic data to it.
In a third aspect, the present application provides a first network proxy, where the first network proxy includes a service access module, a channel establishment module, and an identifier modification module. The service access module is used for being responsible for the access of the first service; the channel establishing module is used for establishing a first virtual channel on a communication channel between the first network agent and the second network agent, wherein the second network agent is responsible for accessing the second service, the first virtual channel is used for transmitting a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, and the identifier of the current first virtual channel is a first identifier; the identifier changing module is used for changing the identifier of the first virtual channel from the first identifier to a second identifier, wherein the length of the second identifier is smaller than that of the first identifier.
In a fourth aspect, the present application provides a container system comprising a first container, a second container, and a first network agent and a second network agent as described in the first aspect and any implementation of the first aspect. Wherein the first container is for running a first service; the second container is used for running a second service; the second network agent is used for being responsible for accessing a second service; the first network agent is used for being responsible for accessing the first service, and establishing a first virtual channel on a communication channel between the first network agent and the second network agent, wherein the first virtual channel is used for transmitting a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, the identifier of the first virtual channel is a first identifier currently, and the identifier of the first virtual channel is changed from the first identifier to a second identifier, and the length of the second identifier is smaller than that of the first identifier.
In a fifth aspect, the present application provides a computing device comprising a processor and a memory, the processor executing computer program code in the memory to implement some or all of the methods described in the foregoing first aspect and any implementation of the first aspect.
In a sixth aspect, the present application provides a computer readable storage medium storing computer program code which, when executed by a computing device, performs part or all of the method described in any one of the implementations of the first aspect and the first aspect.
Drawings
FIG. 1 is a schematic diagram of an adjusting system according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a distributed storage system according to an embodiment of the present application;
FIG. 3 is a schematic view of a container system according to an embodiment of the present application;
FIG. 4 is a schematic view of another container system according to an embodiment of the present application;
FIG. 5 is a schematic view of yet another container system provided in accordance with an embodiment of the present application;
FIG. 6 is a schematic diagram of a Kubernetes container system according to an embodiment of the present application;
fig. 7 is a flowchart of a method for establishing a communication channel according to an embodiment of the present application;
Fig. 8 is a schematic flow chart of a communication method according to an embodiment of the present application;
FIG. 9 is a flow chart of another communication method according to an embodiment of the present application;
FIG. 10 is a flowchart illustrating a method for modifying an identifier of a first virtual channel according to an embodiment of the present application;
FIG. 11 is a schematic flow chart of communication before and after a change of the identifier of the first virtual channel according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a message transmitted based on a first virtual channel according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of a first network proxy according to an embodiment of the present application;
FIG. 14 is a schematic diagram of a computing device provided by an embodiment of the present application;
FIG. 15 is a schematic diagram of a computing device system according to an embodiment of the present application.
Detailed Description
In order to facilitate understanding of the technical solution provided by the present application, explanation of related terms is first performed before specific description.
An Application (APP) is a collection of computer programs written for a specific application purpose of a user, and specifically may be application software formed by a single application program or a collection of multiple application programs, for example, an application program such as an editor, or application software such as an e-commerce system, an enterprise management system, or the like.
The container technology is a kernel virtualization technology, can provide lightweight virtualization, and is convenient for isolating processes and resources. With the rapid development of container technology, the method has become a development trend that the running environment of the application is isolated by taking a container (container) as a unit, the configuration information of the application and the running environment are packaged and packaged together, and then the configuration information and the running environment are arranged and managed through a container cluster scheduling technology (such as Kubernetes), so that the method can promote the deployment and life cycle management of the large-scale application, and the iterative development and online efficiency of the application to a new height. Thus, more and more users choose to deploy their own business in the form of an application on the cloud.
With the increasing size of applications, an application often needs to be split into multiple application services, where multiple application services are deployed on multiple containers, and where multiple application services work cooperatively to implement functions that the application has. Application services in the present application refer to services related to applications and are understood to be software systems for performing one or more specific business functions. In one implementation, the application may be split into several application services using a micro-service architecture (e.g., spring Cloud, dubbo). It should be noted that, an application service obtained by splitting a micro service architecture is also called as a micro service (microservice), and each micro service is decoupled from each other and can be replaced, upgraded and scaled independently. Therefore, the micro-service architecture is not only beneficial to a developer to update and maintain the application, but also other micro-services can still work continuously when a single micro-service fails, so that the stability of the application is improved.
As the size of the plurality of application services that make up an application grows, so does the complexity of the calls between these application services. Thus, service grid technology has emerged, which is based on application network technology over a conventional internet protocol (internet protocol, IP) network, by assigning agents (also called side processes (sidecar)) to application services, so that non-functional service governance logic in the application services is stripped from business processes into side processes, thereby providing connection, security, flow control, gray scale distribution and observation capabilities between application services in a non-intrusive manner, and achieving business weight and service governance infrastructure. Istio is one implementation of the service grid technology, and communication between application services is achieved by using envoy as the sidecar of the application services. Because envoy supports hot restart, dynamic configuration and plug-in structure, and also has perfect service management, flow control and observability, istio is commonly adopted between application services to realize service management.
In one possible implementation, as shown in fig. 1, for an application, the application is split into a plurality of micro services using a micro service architecture, the plurality of micro services are deployed on a plurality of containers, the plurality of containers are managed and orchestrated using Kubernetes, and service governance between the plurality of micro services is implemented using Istio. Considering the advantages of the micro-service architecture, the container technology, the container cluster scheduling technology and the service grid technology, the method can not only simplify the deployment difficulty, maintenance and expansion difficulty of the application, but also improve the stability, reliability and availability of the application, and provide higher-quality service for users. In addition, resources on the physical host can be utilized more efficiently. Thus, many users currently choose to deploy applications on the cloud in the manner described above.
It should be appreciated that there may be a need for communication between applications, as well as between application services, and the present application refers to communication between applications and communication between application services collectively as communication between services. Currently, commonly adopted application layer protocols between services include HTTP1 and a relational database management system (MySQL), and commonly adopted transport layer protocols include TCP. For containerized applications that employ service grid technology to enable communications, from a data plane perspective, communications between the two also need to be via downstream agents and upstream agents. Wherein the downstream agent is an agent of a party sending the request (i.e., client) for being responsible for communication of the client; an upstream proxy is a proxy of the party receiving the request, i.e. the server, for communication with the server. It is noted that the "downstream agent" and the "upstream agent" may have different names, e.g., different standards, different versions of the same standard, different vendors, different application scenarios may have different designations of "downstream agent" and "upstream agent", e.g., the term "downstream agent" may sometimes be referred to as "client agent" and "upstream agent" may sometimes be referred to as "server agent".
As shown in fig. 2, to implement service communication between a client and a server, a TCP channel between the client and the server needs to be established first, where the TCP channel between the client and the server includes three segments: the TCP path between the client and the downstream agent, the TCP path between the downstream agent and the upstream agent, and the TCP path between the upstream agent and the server result in lengthy connection establishment times between the client and the server. In addition, one TCP channel can only process one service request at the same time, and after one service request is completed, the TCP channel for transmitting the service request needs to be disconnected, and when communication between the client and the server is frequent, the communication delay between the client and the server is gradually increased, so that a large number of service requests fail due to response timeout. This can have a significant impact on applications with high latency requirements (e.g., financial services, e-commerce services). In view of this problem, although two modes (see the background technology for specific use) are often adopted in the prior art, the communication delay between the client and the server can be reduced to a certain extent, but the application range of the two modes is very limited. For example, HTTP2 and proxy protocols mentioned in the manner (1) do not support an application layer protocol that the server actively pushes data to the client after the communication channel is established, such as proxy MySQL, nor do they support the establishment of a reverse connection (i.e., a connection initiated by the server to the client). As another example, with mode (2) a modification to the kernel protocol stack is required and the client needs to use a new socket interface to establish a connection with the server, which results in that mode is not highly versatile.
In view of the above problems, the present application provides a proxy protocol including: in response to a message sent by a client (which may or may not carry traffic data that the client wants to send to a server), the downstream agent establishes a virtual channel over the communication channel with the upstream agent, wherein the virtual channel is used to transmit the communication message between the client and the server. After the virtual channel is established, the downstream agent stores the mapping relation between the identifier of the virtual channel and the identifier of the client, and the upstream agent stores the mapping relation between the identifier of the virtual channel and the identifier of the server. Thus, when the downstream agent receives service data (such as HTTP1 message and MySQL message) that the client wants to send to the server, the downstream agent can use the identifier of the virtual channel to encapsulate the service data based on the locally stored mapping relationship, and then send the encapsulated service data to the upstream agent through the virtual channel. Correspondingly, the upstream proxy can also use the identifier of the virtual channel to decapsulate the encapsulated service data based on the mapping relation stored locally, and forward the service data obtained by decapsulation to the server. Similarly, when the proxy receives service data (e.g., HTTP1 message, mySQL message) that the server wants to return to the client, the upstream proxy and the downstream proxy may send the service data from the server to the client based on the mapping relationship stored in each.
In addition, the proxy protocol supports: (1) the communication channel between the downstream agent and the upstream agent may be a TCP channel, and the TCP channel may be a forward TCP channel or a reverse TCP channel. The forward TCP channel is a TCP channel established by the downstream agent sending TCP connection messages to the upstream agent, and the reverse TCP channel is a TCP channel established by the upstream agent sending TCP connection messages to the downstream agent. (2) Multiple communication channels can be established between the downstream agent and the upstream agent, and virtual channels can be flexibly established on any one of the communication channels. (3) Multiple virtual channels can be established on the communication channel between the downstream agent and the upstream agent, and the identity of the virtual channels can be changed.
The above proxy protocol may be applied to a container system where an application is deployed. Fig. 3 schematically illustrates a structural diagram of a container system, and as shown in fig. 3, the container system 100 includes a control node 110 and a plurality of computing nodes 120. The various portions of the container system 100 are briefly described below.
The control node 110 may be a physical host or a Virtual Machine (VM). The control node 110 is used to manage and control the scheduling of resources and the execution of tasks in the container system 100, e.g., to manage resources (including computing resources, storage resources, and network resources) on multiple computing nodes 120; as another example, applications may be distributed to the appropriate computing nodes 120 for execution based on the use of resources on each computing node 120.
Similar to control node 110, computing node 120 may also be a physical host, or a VM. The compute node 120 includes one or more container groups 121, where the container groups 121 are the smallest deployment units in the container system 100, each container group 121 has a corresponding internet protocol (internet protocol, IP) address, and each container group 121 includes one or more containers 1211, where each container 1211 may have one or more services running thereon, where the services may be applications or application services (e.g., micro services) that make up the applications. The computing node 120 further comprises a network proxy 122, where the network proxy 122 is configured to be responsible for access to services in the node (hereinafter, such a network proxy is simply referred to as a node proxy) for access to services in the computing node, for example, forwarding external service requests onto corresponding containers, and forwarding local service responses. In one possible implementation, the network proxy 122 may be deployed on the compute node 120 in the form of a container, or may be deployed on the compute node 120 in the form of a device. When the network agent 122 is deployed on the computing node 120 in a device form, the network agent 122 may be a software system, a hardware device, or a combination of the software system and the hardware device.
It should be understood that fig. 3 illustrates only one exemplary configuration of a container system, and that other configurations of the container system are possible in practice, such as the container system 200 illustrated in fig. 4 and the container system 300 illustrated in fig. 5. In contrast to the container system 100 shown in fig. 3, in the container system 200 shown in fig. 4, each container group 221 in the plurality of computing nodes 220 includes, in addition to one or more containers 2211, a network agent 2212, where the network agent 2212 is configured to be responsible for access to services in the present container group (hereinafter, such a network agent for being responsible for access to services in the container group is simply referred to as a container group agent). In contrast to the container system 100 shown in fig. 3, in the container system 300 shown in fig. 5, a portion of the network agents in computing nodes 320 are node agents, i.e., network agents 322, and a portion of the network agents in computing nodes 320 are container group agents, i.e., network agents 3212. It should be noted that, other parts of the container system 200 shown in fig. 4 and the container system 300 shown in fig. 5, for example, the functions of the control node 210, the computing node 220, the container group 221, the container 2211, and the control node 310, the computing node 320, the container group 321, and the container 3211 are similar to those of the control node 110, the computing node 120, the container group 121, and the container 1211 in the container system 100 shown in fig. 3, and for simplicity, the description of the above similar parts will not be repeated in the embodiments of the present application.
Containers in container systems related to embodiments of the present application (including container system 100, container system 200, and container system 300) may be organized using a variety of tools such as Kubernetes, docker swarm, docker composition, or apache meso.
Illustratively, where containers in the container system are organized using Kubernetes, as shown in fig. 6, taking the container system 100 as an example, the control node 110 is also referred to as a master node, the compute node 120 is also referred to as a node, and the group of containers 121 in the compute node 120 is referred to herein as a Pod. In addition, the control node 110 may include one or more of the following components: an application programming interface service component (application programming interface server, API server) 111, a control management component (controller manager) 112, a scheduling component (scheduler) 113, and a storage component (ETCD) 114 by which scheduling of resources and execution of tasks in the container system 100 are managed and controlled. The application programming interface service component 111 is configured to receive external requests, serve as a transfer station for other components to communicate with each other, and write various received information into the storage component 114; the control management component 112 is configured to perform cluster-level operations, such as, for example, viewing configuration information of the computing node 120, handling failures of the computing node 120, managing containers 1211 on the computing node 120, and the like; the scheduling component 113 is responsible for scheduling applications, e.g., scheduling containers with applications deployed to run on the appropriate computing node 120; the storage component 114 is used to store all information on the container system 100, such as information written by the application programming interface service component 111. A Kubelet component 123 and a container run (container runtime) component 124 may also be included on the compute node 120. The Kubelet component 123 is mainly responsible for interacting with the container running component 124 and the application programming interface service component 111 in the control node 110, so as to manage the container 1211 on the node, for example, distribute the task issued to the node by the control node 110 to the container, or report the use condition of the resource on the node to the control node 110 periodically. The container running component 124 is used to download images while the container 1211 is running, as well as to control the running of the container 1211.
It should be appreciated that fig. 6 is merely an exemplary illustration, and that in actual practice, container system 200 and container system 300 may be arranged using Kubernetes. In addition, the container system according to the embodiment of the present application may also use other tools for container arrangement, and the embodiment of the present application is not limited thereto, but for the sake of simplicity, will not be described herein.
From the foregoing, it will be appreciated that services may be run on containers in a container system (including the container systems shown in fig. 3-6), with the need for communication between different services. When the communication between the services needs to be realized by the cross-network proxy, the proxy protocol provided by the application can reduce the communication delay, thereby improving the communication efficiency between the services. Taking the communication between the first service and the second service running on the container system as an example, how the proxy protocol provided by the present application enables communication between the first service and the second service is described in detail below with reference to fig. 7-12.
First, the first service and the second service may be applications, or may be application services constituting the applications. For example, the first service and the second service may be different applications, or different application services constituting the same application, or application services constituting different applications; for another example, the first service is an application, the second service is an application service constituting another application, or the second service is an application, and the first service is an application service constituting another application. Moreover, the network proxy responsible for the access of the first service is different from the network proxy responsible for the access of the second service.
The container system includes two types of container groups: a first class of container group having containers running a first service, and a second class of container group having containers running a second service. Wherein the first class of containers may include one or more containers running a first service and the second class of containers may also include one or more containers running a second service.
Alternatively, the number of the first type container group and the second type container group may be one or more. The one or more first type container groups described above may be located on one or more computing nodes in the container system, and the one or more second type container groups may also be located on one or more computing nodes in the container system. Moreover, the first class container group and the second class container group may be located on the same computing node or may be located on different computing nodes. It is noted that when the first type of container group and the second type of container group are located on the same computing node, the network agent responsible for access to the first service may be located within the first type of container group and the network agent responsible for access to the second service may be located within the second type of container group. In this way, it can be ensured that the network proxy responsible for the access of the first service is different from the network proxy responsible for the access of the second service.
It should be further noted that, the above container system may be any one of the container systems shown in fig. 3 to 6, in other words, the first container group and the computing node where the first container group is located, the second container group and the computing node where the second container group is located, the container running the first service and the container running the second service, the network proxy responsible for the access of the first service, and the network proxy responsible for the access of the second service may be the computing node, the container group, the container, and the network proxy in the corresponding container system.
Assume that a first service wants to send traffic data D to a second service 1 At this time, the first service may serve as a client, and the second service may serve as a server. The communication process between the first service and the second service can be divided into the following two phases.
Establishment of a communication channel between a first phase, a first service and a second service (as shown in fig. 7)
S101: the first service establishes a first communication channel with the first network proxy.
Wherein the first service is run on a container in a first group of containers, the first group of containers belonging to the first class of container groups. The first network agent (i.e., the downstream agent in the foregoing) is configured to be responsible for access to the first service, and the first network agent may be a container group agent (e.g., network agent 2212) or a node agent (e.g., network agent 122).
In some embodiments, the first communication channel is a TCP channel, and then the first service establishes the first communication channel with the first network proxy, comprising: the first service sends a request for establishing the first communication channel to the first network proxy, the first network proxy returns a response for confirming the establishment of the first communication channel to the first service after receiving the request, the first service sends a message for confirming the establishment of the first communication channel to the first network proxy again after receiving the response, and the establishment of the first communication channel between the first container group and the first network proxy is completed after the three-way handshake.
S102: the first service sends a first message to the first network proxy over the first communication channel.
Wherein the first message is used to instruct the first network proxy to establish a communication channel with the second service, the first message includes at least one of a service name of the second service, an IP address of the second service, and a port (port a) of the second service, and port a is a port on the second container group for receiving and transmitting a message related to the second service.
Alternatively, the first message may carry service data D 1 The service data D may not be carried 1 . Wherein the service data D 1 Refers to a message generated based on an application layer protocol between a first service and a second service, traffic data D, since the first service and the second service can communicate using a variety of application layer protocols, such as HTTP1 and MySQL 1 May be an HTTP1 message, or a MySQL message, etc. When the first message does not carry service data D 1 When the first message may be a connection type message, i.e. a message for establishing a communication channel, such as a TCP three-way handshake message.
S103: the first network agent determines a second network agent based on the first message.
Specifically, after the first network agent receives the first message, a second service is determined based on the first message, then a second container group is determined based on the second service, and then a second network agent (i.e., the upstream agent in the foregoing) is determined based on the second container group. The second container group belongs to a second type of container group, that is, the second container group includes a container running a second service, and the second network agent is used for taking charge of accessing the service (including the second service) in the second container group, and the second network agent may be a container group agent (such as network agent 2212) or a node agent (such as network agent 122).
Further, considering that the second service may run on a plurality of second class container groups, the first network agent determines the second container group based on the second service, comprising: the first network agent determines a plurality of second class container groups based on the second service and then uses a load balancing algorithm to determine a second container group from the plurality of second class container groups. The load balancing algorithm may include a polling algorithm, a random algorithm, a minimum connection algorithm, and the like, which are not limited in the embodiment of the present application.
It should be noted that, since the first message may carry the service data D 1 The service data D may not be carried 1 Compared with the first message which does not bear the service data D 1 When the first message carries service data D 1 When the first network proxy needs to perform more processing on the first message (i.e. application layer protocol on the traffic data D in the first message 1 Decapsulation) may determine the second network agent.
S104: the first network agent determines whether a second communication channel with the second network agent has been established. If the second communication channel is not established, S105-S110 are performed; if the second communication channel is established, S106-S110 are performed.
Wherein the second communication channel may be a TCP channel. When the second communication channel is a TCP channel, the second communication channel may be a forward TCP channel or a reverse TCP channel. The forward TCP channel is a TCP channel established by the first network agent sending a TCP connection message to the second network agent, and the specific establishment procedure is referred to S105; the reverse TCP tunnel refers to a TCP tunnel established by the second network agent sending a TCP connect message to the first network agent, and the specific establishment procedure is described below.
When the second communication channel is a reverse TCP channel, the second communication channel is already established before the first network agent performs S104. Specifically, the second network proxy sends a request for establishing the second communication channel to the first network proxy. And after the first network agent receives the request, returning a response for confirming establishment of the second communication channel to the second network agent. And after the second network agent receives the response, the second network agent sends a message for confirming the establishment of the second communication channel to the first network agent again, so that the establishment of the second communication channel is completed. In addition, after the second communication channel is established, the first network agent also stores a mapping relationship between the identity of the second network agent and the identity of the second communication channel. The identification of the second network agent may be information that the control node (such as the control node 110, the control node 210, and the control node 310) in the first network agent or the container system assigns an ID, a number, or the like for the second network agent, which can be used to identify the second network agent, or the identification of the second network agent may be flexibly set based on the type of the second network agent, for example, when the second network agent is a container group agent, the identification of the second network agent may be an IP address of the second container group; when the second network agent is a node agent, the identification of the second network agent may be an IP address of the computing node where the second network agent is located. The identification of the second communication channel may be an ID, a number, etc. assigned to the second communication channel by the first network proxy or the control node in the container system, which can be used to identify the second communication channel.
In some embodiments, the first network agent determining whether a second communication channel with the second network agent has been established includes: when the first network agent stores a mapping relation between the identification of the second network agent and the identification of the second communication channel, the first network agent determines that the second communication channel is established; when the first network agent does not store the mapping relationship between the identification of the second network agent and the identification of the second communication channel, the first network agent determines that the second communication channel is not established.
Alternatively, the first service may be a service running in a public network and the second service may be a service running in a private network, such as a virtual private cloud (virtual private cloud, VPC). Then, when the second communication channel may be a reverse TCP channel, it means that the proxy provided by the present application supports access to services running in the public network and services running in the private network. It is noted that the following may occur in practical applications: the IP addresses of the plurality of private networks are the same as the IP addresses of the private networks running the second service, so the identification of the second network agent may include the identification of the private network and the IP address of the private network.
S105: the first network agent establishes a second communication channel with the second network agent.
Specifically, the first network proxy sends a request for establishing the second communication channel to the second network proxy. And after the second network agent receives the request, a response for confirming that the second communication channel is established is returned to the first network agent. And after the first network agent receives the response, the first network agent sends a message for confirming the establishment of the second communication channel to the second network agent again, so that the establishment of the second communication channel is completed.
Optionally, in order to improve the security of the communication between the first service and the second service, after the second communication channel is established successfully (the second communication channel here includes a forward TCP channel and a reverse TCP channel), the first network agent may also establish a secure channel on the second communication channel, for example, a secure socket layer (secure socket layer, SSL) connection, a transport layer security protocol (transport layer security, TLS) connection. Taking SSL channels as an example, the first network proxy may establish a secure channel over the second communication channel by: firstly, a first network agent sends a request (such as a client hello message) for establishing a security channel to a second network agent through a second communication channel, and after receiving the request, the second network agent returns a corresponding response message (such as a server hello message) to the first network agent through the second communication channel, wherein the response message comprises a public key in a key pair generated by the second network agent. And then, the first network agent generates a session key, encrypts the session key by using the public key, and sends the encrypted session key to the second network agent through the second communication channel. And after receiving the encrypted session key, the second network agent decrypts the encrypted session key by using a private key to obtain the session key. Then, the first network agent and the second network agent can encrypt the data to be transmitted by using the session key, thereby completing the establishment of the SSL channel. It should be understood that, in practical applications, the security channel may be established on the first communication channel in the foregoing and the third communication channel in the following, and the specific establishment process may refer to the process of establishing the security channel on the second communication channel, which is not described herein for simplicity.
Optionally, after the second communication channel is established, the first network proxy further stores a mapping relationship between the identity of the second network proxy and the identity of the second communication channel.
S106: the first network proxy configures the second communication channel as a proxy channel.
In some embodiments, the first network proxy configures the second communication channel as a proxy channel comprising: the first network proxy sends a first negotiation request to the second network proxy through a second communication channel, wherein the first negotiation request is used for negotiating with the second network proxy to configure the second communication channel as a proxy channel, the proxy channel refers to a channel for transmitting messages based on a proxy protocol, and the proxy channel supports multiplexing, that is, communication messages between at least two services (including the first service and the second service) can be transmitted on the proxy channel. After receiving the first negotiation request, the second network proxy configures the second communication channel as a proxy channel based on the first negotiation request, and returns a first negotiation response to the first network proxy to inform the first network proxy to confirm that the second communication channel is configured as a proxy channel.
The first negotiation request and the first negotiation response each include a negotiation identifier, where the negotiation identifier is used to indicate whether the message is used to negotiate whether a certain communication channel is configured as a proxy channel, and the negotiation identifier may be a magic word (magic number) or a verifier, etc.
Optionally, the first negotiation request further comprises an identification of the second communication channel. Here, the identification of the second communication channel may be the IP address of the first network agent, in addition to the ID and number assigned to the second communication channel by the first network agent or the control node in the container system mentioned in S104. It should be noted that, when the identifier of the second communication channel is the IP address of the first network proxy, after the second network proxy receives the first negotiation request, the first network proxy is determined based on the identifier of the second communication channel, then the second communication channel is determined based on the first network proxy, and then, whether the first network proxy wants to negotiate with the second network proxy to configure the second communication channel as a proxy channel is obtained by combining the negotiation identifier in the first negotiation request.
Optionally, the first negotiation request further comprises a connection timeout time, wherein the connection timeout time is used to inform the second network agent: after sending the first negotiation request, the first network agent expects to receive the time when the second network agent returns a heartbeat message, wherein the heartbeat message is used for indicating that the second communication channel is in a normal connection state. In some embodiments, the first network agent may disconnect the second communication channel if the first network agent does not receive a heartbeat message returned by the second network agent within the connection timeout period. It should be appreciated that since the second communication channel may be a reverse TCP channel, when the connection timeout is calculated from the time when the first network agent issues the first negotiation request, it is ensured that the second communication channel may still maintain a normal connection state in the case where it is not used for a long time after the establishment. In addition, regarding the above heartbeat message, the embodiment of the present application further proposes: the first network agent and the second network agent adopt a mode of 'drum beating flower' to mutually send heartbeat messages, namely, the heartbeat messages are not fixedly sent by one party, but are received by the other party, and the two parties alternately send and receive.
Optionally, the first negotiation response further comprises information, e.g. a character preset by the user, which can be used to indicate that the second network proxy agrees to configure the second communication channel as a proxy channel.
Optionally, since the second communication channel may also be established on the second communication channel, the first network proxy may also configure the second communication channel as a proxy channel through the secure channel. Specifically, still taking the example that the secure channel is an SSL channel: based on the application layer protocol negotiation (application layer protocol negotiation, ALPN) protocol, the request (e.g., client hello message) for establishing a secure channel sent by the first network agent to the second network agent may include an identification of one or more protocols supported by the first network agent, where the identification of one or more protocols includes an identification of the agent protocol. In response to the request for establishing the secure channel, the second network agent selects a protocol (including a proxy protocol) supported by itself from the one or more protocols, and returns the identity of the proxy protocol to the first network agent through a corresponding response message (e.g., a server hello message). Thus, after the SSL path is established, the first network proxy may send a first negotiation request to the second network proxy through the SSL path, and the second network proxy may also return a first negotiation response to the first network proxy through the SSL path, thereby configuring the second communication path as a proxy path.
It should be noted that the above procedure describes a procedure of configuring the second communication channel as a proxy channel establishment in case the second network proxy supports the proxy protocol. However, in practical applications, there may be a case where the second network proxy does not support the proxy protocol, and for this purpose, the embodiment of the present application proposes: when the second network proxy does not support the proxy protocol, the first network proxy may disconnect the second communication channel or continue to communicate between the first service and the second service using other methods, such as any of the methods mentioned in the prior art.
Further, the first network agent may determine that the second network agent does not support the agent protocol by any of: (1) After the first network agent sends the first negotiation request, the first negotiation response returned by the second network agent is not received or is not received within the expected time. (2) After the first network agent sends the request (including the negotiation identifier) for establishing the secure channel, the response message returned by the second network agent does not include the negotiation identifier.
In other embodiments, the first network proxy configures the second communication channel as a proxy channel comprising: the first network proxy receives a second negotiation request sent by the second network proxy through the second communication channel, after the first network proxy receives the second negotiation request, the second communication channel is configured as a proxy channel based on the second negotiation request, and a second negotiation response is returned to the second network proxy, so that the second communication channel is configured as a proxy channel. The second negotiation request is similar to the first negotiation request, and is used for negotiating with the first network proxy to configure the second communication channel as a proxy channel, and the second negotiation request includes the negotiation identifier, and may further include the identifier of the second communication channel and the connection timeout time. It should be noted that, the identification of the second communication channel in the second negotiation request may be the ID and the number allocated to the second communication channel by the first network agent or the control node in the container system in S104, and may also be the IP address of the second network agent. The second negotiation response is similar to the first negotiation response and is used to inform the second network agent to confirm that the second communication channel is configured as a proxy channel, and the second negotiation response includes the negotiation identification, and may further include information that can be used to indicate that the first network agent agrees to configure the second communication channel as a proxy channel.
S107: the first network agent stores a mapping between the identity of the second network agent and the identity of the agent channel.
The identification of the agent channel may be an ID, a number, or other information that can be used to identify the agent channel, where the ID, the number, etc. are allocated to the agent channel by the control node in the first network agent or the container system.
Optionally, the identifier of the proxy channel and the identifier of the second communication channel may be the same identifier or different identifiers. It should be noted that, the purpose of the first network agent storing the mapping relationship between the identifier of the second network agent and the identifier of the agent channel is: the second communication channel may be determined to have been configured as a proxy channel upon subsequent communications, and the first network proxy stores a mapping between the identity of the second network proxy and the identity of the second communication channel for the purpose of: the second communication channel may be determined to be established at a subsequent communication. Therefore, when the identifier of the proxy channel and the identifier of the second communication channel are the same identifier, in order to simultaneously satisfy the above two purposes, the embodiment of the present application proposes: the first network proxy may store the mapping between the second network proxy and the identity of the second communication channel (i.e., the identity of the proxy channel) after the second communication channel is configured as the proxy channel.
S108: the first network agent establishes a first virtual channel on the second communication channel and stores a mapping relationship between the identity of the first virtual channel and the identity of the first service.
Wherein the first virtual channel is used to transmit communication messages between the first service and the second service. The identification of the first virtual channel may be an ID, a number, etc. assigned to the first virtual channel by the first network agent or the control node in the container system, which can be used to identify the first virtual channel. It should be understood that, as known from S105 above, the proxy channel may support multiplexing, that is, the second communication channel may carry multiple virtual channels, each of which may be used to transmit communication messages between two services. Therefore, in a specific implementation, the identification of the first virtual channel may be mainly used to identify the first virtual channel in the multiple virtual channels, that is, the identification of the first virtual channel may be kept unique in the identifications of the multiple virtual channels.
In the embodiment of the present application, the first network agent or the control node may use a plurality of rules to allocate identifiers for virtual channels (including the first virtual channel) on the second communication channel, and the following list several possible allocation rules:
(1) And generating a plurality of different random numbers, and respectively distributing the plurality of different random numbers to different virtual channels as identifications thereof.
(2) Each virtual channel is respectively assigned with a number as its identification in order from small to large or from large to small. For example, assuming that the first network agent sequentially establishes virtual channel 1, virtual channels 2, …, and virtual channel n (where n is an integer greater than 1) on the second communication channel, the identifiers allocated by the first network agent to the n virtual channels may be sequentially 1, 2, …, and n-1; or m, m-1, …, m-n+2 (where m is an integer greater than or equal to n).
(3) The identity assigned to the virtual channel includes two fields: a first field which is a field indicating the length of the identifier, and a second field which is a field in which a number (or ID) is set within a range satisfying the length requirement.
Illustratively, the identification of the virtual channel has 3 formats: (1) an identification having a length of 4 bits (bit), an identification having a length of 8 bits (2), and an identification having a length of 16 bits (3). In one possible implementation, the first field in the above 3 formats of identifier may be set based on whether the length of the identifier is greater than 4 bits and less than 16 bits, for example, when the length of the identifier is less than or equal to 4 bits, it is denoted as "0", when the length of the identifier is greater than 4 bits, it is denoted as "1", when the length of the identifier is less than 16 bits, it is denoted as "0", and when the length of the identifier is greater than or equal to 16 bits, it is denoted as "1". Then, as shown in table 1, for an identification of length 4 bits, the first field is "0", taking 1 bit; for an identification of length 8 bits, the first field is "01", occupying 2 bits; for an identification of length 16 bits, the first field is "11", occupying 2 bits. Further, for an identification of length 4 bits, the second field may occupy 3 bits, which represents a range of 0-7; for an identification of length 8 bits, the second field occupies 6 bits, which represents a range of 0-63; for an identification of length 16 bits, the second field takes 14 bits, which represents a range of 0-16383. Further, 8 virtual channels may be identified using format (1), 64 virtual channels may be identified using format (2), 16384 virtual channels may be identified using format (3), i.e., 8+64+16384= 16456 virtual channels may be identified using the above 3 formats in total.
TABLE 1
It will be appreciated that the first field in the 3 formats of identification described above may also be provided in other forms, for example using other identifiers (e.g. numbers, characters) to indicate that the length of the identification is 4 bits, 8 bits and 16 bits. In addition, the first field in the identifier may set the 3 formats, and may also be flexibly set based on the number of virtual channels that may be carried on the second communication channel, the size of the data to be transmitted, the communication quality, and other practical situations, for example, set to identifiers of other lengths, or set to identifiers of more lengths.
It should also be understood that in practical applications, the length of the virtual identifier is generally preset, so when the identifier is allocated to the virtual channel in the mode (1) or the mode (2), the identifiers of different virtual channels have the same length. Then, compared to the modes (1) and (2), the mode (3) can improve the transmission efficiency of the service data by allocating the identifier to the virtual channel, for the following reasons: by way of example, assuming that the length of the identifier allocated to the virtual channel in the manner (2) is set to 16 bits, when the identifier is allocated to the virtual channel 8 in the order from small to large as mentioned in the manner (2), the identifier of the virtual channel 8 is 0000000000000111, and when the identifier is allocated to the virtual channel 8 in the manner (3), the identifier of the virtual channel 8 is 0111; the identifier of the virtual channel 72 is 0000000001001000 when the identifiers are assigned to the virtual channels 72 in the order from small to large as mentioned in the manner (2), and the identifier of the virtual channel 72 is 10111111 when the identifiers are assigned to the virtual channels 72 in the manner (3). It will be readily appreciated that the identification assigned to the virtual channel in way (3) may take up fewer bytes. As can be seen from fig. 8 to fig. 9, the message transmitted through the virtual channel needs to carry the identifier of the virtual channel, so that when the number of bytes occupied by the identifier of the virtual channel is smaller, the message can carry more service data, thereby improving the transmission efficiency of the service data.
The identification of the first service may be an ID, a number, etc. assigned to the first service by the first network proxy or a control node in the container system, which is capable of identifying the first service. Alternatively, the identifier of the first service may be flexibly set based on the type of the first network agent, for example, when the first network agent is a container group agent, the identifier of the first service may be a service name of the first service, an ID, a number, etc. allocated to the first service by the first container group; when the first network proxy is a node proxy, the identification of the first service may include at least one of an IP address of the first container group, a port of the first service (port B), where port B is a port on the first container group for transceiving messages related to the first service. Alternatively, the identification of the first service may be information that can identify the first communication channel, such as an ID, a number, or the like, allocated to the first communication channel by the first network agent or the control node in the container system.
In some embodiments, the first network proxy establishes a first virtual channel over the second communication channel, comprising: the first network agent sends a virtual connection message to the second network agent. The virtual connection message includes an identification of the first virtual channel, so that when the second network agent receives the virtual connection message, it can be determined that the first virtual channel is established on the second communication channel based on the virtual connection message.
The virtual connect message also includes an identification of the second service. Wherein, similar to the identification of the first service: the identification of the second service may be an ID, a number, or the like assigned to the second service by the first network proxy or the control node in the container system, which is capable of identifying the second service. The identification of the second service may also be flexibly set based on the type of the second network agent, for example, when the second network agent is a container group agent, the identification of the second service may be a service name of the second service, an ID, a number, etc. assigned to the second service by the second container group; when the second network proxy is a node proxy, the identification of the second service may include at least one of an IP address, port a of the second container group. The identification of the second service may also be information that the control node in the first network proxy or the container system allocates an ID, a number, or the like for a third communication channel in the following, which can identify the third communication channel.
It should be noted that, in the embodiment of the present application, the execution sequence of the two steps of establishing the first virtual channel on the second communication channel by the first network proxy and storing the mapping relationship between the identifier of the first virtual channel and the identifier of the first service is not limited, that is, the two steps may be executed simultaneously or sequentially.
S109: the second network agent stores a mapping between the identity of the first virtual channel and the identity of the second service based on the virtual connection message.
Specifically, after receiving the virtual connection message, the second network agent acquires the identifier of the first virtual channel and the identifier of the second service based on the virtual connection message, and then stores the mapping relationship between the identifier of the first virtual channel and the identifier of the second service.
S110: the second network proxy establishes a third communication channel with the second service based on the virtual connection message.
Specifically, after receiving the virtual connection message, the second network agent obtains the identifier of the second service based on the virtual connection message, and then establishes a third communication channel with the second service based on the identifier of the second service. The process of establishing the third communication channel between the second network agent and the second service is similar to the process of establishing the first communication channel between the first service and the first network agent in S101, and is obtained through three-way handshake, so for simplicity, this process will not be described herein.
Through the above S101-S110, the establishment of the communication channel (including the first communication channel, the first virtual channel, and the third communication channel) between the first service and the second service is completed, followed by the second stage.
The second stage, the first service and the second service communicate based on the established communication channel
Among them, since application layer protocols adopted by the first service and the second service are various, communication between the first service and the second service is classified into the following two cases.
Case 1, the first service actively sends traffic data to the second service, i.e. the first service and the second service communicate using an application layer protocol such as HTTP 1. Then the communication procedure of the first service and the second service can be seen in fig. 8.
S201: the first service sends a second message to the first network proxy over the first communication channel.
Wherein the second message comprises traffic data D that the first service wants to send to the second service 1 . It should be noted that, when the first message in S102 carries the service data D 1 In this case, the second message and the first message may be the same message.
S202: the first network agent generates a data transfer message R based on the second message 1 And transmits the data transmission message R through the first virtual channel 1 To a second network generationAnd (5) managing.
Specifically, the first network proxy determines that the traffic data D in the second message needs to be processed by parsing the message 1 To the second service to determine a second set of containers running the second service and a second network proxy responsible for access to traffic in the second set of containers. Then, the first network proxy determines that the second communication channel is established and the second communication channel is a proxy channel based on a mapping relationship between the locally stored identity of the second network proxy and the identity of the second communication channel and a mapping relationship between the identity of the second network proxy and the identity of the proxy channel. The first network proxy then obtains the identity of the first virtual channel based on the second message from the first service and a mapping between the locally stored identity of the first virtual channel and the identity of the first service. Then, the first network agent performs the service data D based on the identification of the first virtual channel 1 Encapsulation is carried out to obtain a data transmission message R 1 And transmits the data transmission message R through the first virtual channel 1 To the second network proxy. Wherein the data transmission message R 1 Except that the identity of the first virtual channel and the traffic data D may be included 1 May also include business data D 1 Is a length of (c).
S203: the second network agent is based on the data transfer message R 1 Service data D 1 And forwarding to the second service through the third communication channel.
Specifically, the second network agent receives the data transfer message R 1 Based on the data transmission message R 1 Acquiring the identification of the first virtual channel and service data D 1 Then based on the mapping relation between the locally stored identification of the first virtual channel and the identification of the second service, the service data D is processed 1 And transmitting the message to the second service through a third communication channel.
Optionally, the second service receives the service data D sent by the first service 1 After that, in response to the service data D 1 The second service may also return traffic data D to the first service 2 Wherein, with business data D 1 Similarly, business data D 2 Is based onAnd a message generated by an application layer protocol between the first service and the second service. Thus, the communication between the first service and the second service may also include S204-S206 described below.
S204: the second service is based on business data D 2 A third message is generated and sent to the second network proxy via the third communication channel. Wherein the third message comprises the service data D 2
S205: the second network agent generates a data transfer message R based on the third message 2 And transmits the data transmission message R through the first virtual channel 2 To the first network proxy.
Specifically, the second network proxy determines that the traffic data D in the message needs to be processed by parsing the third message 2 A response is sent to the first service that the message is a second message, thereby obtaining an identification of the first virtual channel. The second network agent then identifies the traffic data D based on the identification of the first virtual channel 2 Encapsulation is carried out to obtain a data transmission message R 2 And transmits the data transmission message R through the first virtual channel 2 To the first network proxy. Wherein the data transmission message R 2 Except that the identity of the first virtual channel and the traffic data D may be included 2 May also include business data D 2 Is a length of (c).
S206: the first network agent is based on a data transfer message R 2 Service data D 2 And forwarding to the first service through the first communication channel.
Specifically, the first network agent receives the data transfer message R 2 Based on the data transmission message R 2 Acquiring the identification of the first virtual channel and service data D 2 Then based on the mapping relation between the locally stored identification of the first virtual channel and the identification of the first service, the service data D is processed 2 And forwarding to the first service through the first communication channel.
In case 2, the second service pushes the first service to send service data to it (the first service sends service data to the second service after the second service sends a message to the first service), i.e. the first service and the second service communicate using an application layer protocol such as MySQL. Then the communication procedure of the first service and the second service can be seen in fig. 9.
S301: the second service sends a fourth message to the second network proxy via the third communication channel.
Wherein the fourth message comprises indication data for indicating the first service to send traffic data to the second service. The indicating data refers to a message (here may be a MySQL message) generated based on an application layer protocol between the first service and the second service.
S302: the second network agent generates a data transfer message R based on the fourth message 3 And transmits the data transmission message R through the first virtual channel 3 To the first network proxy.
Wherein the data transmission message R 3 The method comprises the identification of the first virtual channel and the indication data.
S303: the first network agent is based on a data transfer message R 3 And forwarding the indication data to the first service through the first communication channel.
After the first service receives the indication data, the service data D is sent to the second service 1 The specific process can be seen in the above-mentioned steps S201-S203, and the description thereof will not be repeated here. In addition, similarly to case 1, the second service receives the service data D 1 After that, in response to the service data D 1 The second service may also return traffic data D to the first service 2 The specific process can be seen in the above-mentioned steps S204-S206, and the description thereof will not be repeated here. It should also be appreciated that the above procedure (S301-S303) of transmitting indication data with respect to the second service to the first service and the above procedure of transmitting traffic data D with respect to the second service to the first service 2 The procedure (S204-S206) is similar, and thus, this procedure will not be described here for the sake of brevity.
The points to be noted are: (1) as can be seen from the above S202, S205 and S302, the messages transmitted between the first network agent and the second network agent (including the data transmission message R 1 Data transfer message R 2 Data transfer message R 3 ) All to be transmitted using the identity of the first virtual channelData (including service data D 1 Service data D 1 And indicating data), the encapsulation process is transparent to the application layer protocol, i.e. the data to be transmitted will not be perceived as encapsulated by the proxy protocol, so that the application layer protocol will not be affected by the use of the proxy protocol. (2) As can be seen from S203, when the second network agent receives the data transmission message R sent from the first network agent 1 Thereafter, since the second network proxy supports proxy protocols, the second network proxy can use the identity of the first virtual channel to transmit the message R to the data 1 Decapsulation, thereby obtaining traffic data D 1 . In addition, the second network agent may further store the service data D based on a mapping relationship between the locally stored identity of the first virtual channel and the identity of the second service 1 Forwarding to the second service, in which process the second network proxy does not need to use the application layer protocol for the traffic data D 1 The service data D can be directly subjected to decapsulation 1 Forwarding to a second service, thus enhancing traffic data D 1 Is provided. Similarly, in the above-described S206 and S303, since the proxy protocol is also used, the service data D is also improved 1 And indicating the transmission efficiency of the data.
As can be seen from fig. 7-9, when the first network proxy and the second network proxy transmit service data based on the proxy protocol, the first virtual channel identifier needs to be used to encapsulate the service data, and the encapsulated service data needs to be carried on a transport layer message, where the transport layer message refers to a message transmitted on the second communication channel, for example, when the second communication channel is a TCP channel, the transport layer message may be a TCP message. For the transport layer message, the more bytes occupied by the identifier of the first virtual channel, the fewer bytes occupied by the service data, in other words, the fewer bytes occupied by the identifier of the first virtual channel, the more service data can be carried on the transport layer message. Therefore, the embodiment of the application proposes: if the identity of the current first virtual channel (hereinafter identity F 1 ) When the communication requirements between the first service and the second service cannot be met,the first network agent slave the identification of the first virtual channel to the identification F 1 Change to sign F 2 . Wherein, sign F 2 Is less than the length of the sign F 1 Is a length of (c).
In some embodiments, the identification of the first virtual channel fails to satisfy the communication requirement between the first service and the second service when one or more of the following conditions are satisfied: (1) the priority of the service data transmitted on the first virtual channel is higher than a first threshold; (2) the efficiency of transmitting traffic data over the first virtual channel is below the second threshold. The first threshold may be a priority preset by the user, or may be dynamically adjusted by the first network proxy based on the priority of the service data transmitted by each virtual channel on the second communication channel and the actual service requirement; the second threshold may be preset by the user, or may be obtained by dynamically adjusting the first network agent based on the efficiency of transmitting the service data through each virtual channel and the actual service requirement.
In one possible implementation, as shown in fig. 10, the first network proxy slave identifies the identity of the first virtual channel from the identity F 1 Change to sign F 2 Comprising the following steps:
s401: first network proxy determines identity F 2
In some embodiments, identity F 2 Is the identity of the second virtual channel on the second communication channel, then the first network agent determines identity F 2 Comprising: the first network agent determines a plurality of virtual channels established on the second communication channel, wherein the plurality of virtual channels includes a first virtual channel and a second virtual channel. Then, the first network agent determines at least one of a priority of traffic data transmitted on each of the plurality of virtual channels and an efficiency of transmitting traffic data per virtual channel, wherein the efficiency of transmitting traffic data by the virtual channel refers to a duty ratio of traffic data in a message transmitted through the channel per unit time. The first network agent then determines a second virtual based on at least one of the priority of the traffic data transmitted on each virtual channel and the efficiency of the transmission of the traffic data by each virtual channelFitting a channel to determine identity F 2 The second virtual channel is used for transmitting service data in other service communication, and the second virtual channel meets one or more of the following conditions: the priority of the service data transmitted on the second virtual channel is lower than the priority of the service data transmitted on the first virtual channel, and the efficiency of the service data transmission on the second virtual channel is lower than the efficiency of the service data transmission on the first virtual channel.
Further, the first network agent may determine the efficiency of each virtual channel to transmit data by: the first network agent determines the rate at which each virtual channel transmits the message, the size of the message, and the size of the service data carried in the message, so as to calculate the efficiency of transmitting the service data by each virtual channel.
In other embodiments, the first network agent is provided with a set of backup identities, for example, if the allocation rule (3) in S108 is used to allocate an identity to a virtual channel on the second communication channel, then a part of the identity (e.g. a 4-bit identity) with a shorter length may be added to the set of backup identities. The identifiers in the standby identifier set can be used for being allocated to the virtual channel needing to change the identifier, and the identifier F 2 Any of the alternate identification sets may be used.
S402: the first network agent sends a first identity change request to the second network agent over the second communication channel.
Wherein the first identifier change request includes an identifier F 1 And sign F 2
Optionally, the first network agent may send the first identifier change request to the second network agent through the first virtual channel, and may also send the first identifier change request to the second network agent through the second virtual channel.
S403: the first network agent transmits the identification of the first virtual channel of the sending direction to the second network agent from the identification F 1 Change to sign F 2
As can be seen from the foregoing, the identification of the first virtual channel in the first network agent includes the following two functions: (1) when the first network agent sends a message through the first virtual channel, the identification of the first virtual channel is required to be used for packaging service data to be transmitted; (2) when the first network agent receives a message from the first virtual channel, the identity of the first virtual channel needs to be used to forward traffic data in the message to the first service. The identification of the first virtual channel in the sending direction refers to the identification used for implementing the function (1), that is, the identification of the first virtual channel in the sending direction needs to be carried in the message sent by the first network agent to the second network agent through the first virtual channel.
In some embodiments, the first network agent stores a mapping between the identity of the first virtual channel and the identity of the first service, the first network agent implementing the above-described function (1) based on the mapping, so that the first network agent transmits the identity of the first virtual channel in the direction of transmission from the identity F 1 Change to sign F 2 Comprising: the first network agent sends the mapping relation of the sending direction to the identifier F 1 The mapping relation between the first service identifier and the first service identifier is changed into an identifier F 2 Mapping relation with the identity of the first service. The mapping relation of the transmission direction is a mapping relation for realizing the function (1).
S404: the second network agent changes the identity of the first virtual channel from identity F based on the first identity change request 1 Change to sign F 2
In some embodiments, the second network proxy stores a mapping between the identity of the first virtual channel and the identity of the second service, and the identity of the current first virtual channel is identity F 1 Thus, the second network agent changes the identity of the first virtual channel from identity F based on the first identity change request 1 Change to sign F 2 Comprising: the second network agent changes the request to identify F based on the first identification 1 The mapping relation between the second service identifier and the second service identifier is changed into an identifier F 2 Mapping relation with the identity of the second service.
S405: the second network agent sends a first identity change response to the first network agent over the first virtual channel.
Wherein,,the first identity change response includes identity F 1 And sign F 2
S406: the first network agent changes the identity of the first virtual channel of the receiving direction from the identity F based on the first identity change response 1 Change to sign F 2
The identification of the first virtual channel in the receiving direction refers to the identification for implementing the function (2), that is, the identification for forwarding the service data from the first virtual channel to the first service.
In some embodiments, the first network agent may implement not only the above-mentioned function (1) but also the above-mentioned function (2) based on a mapping relationship between the identification of the first virtual channel and the identification of the first service, so that the first network agent changes the identification of the first virtual channel in the receiving direction from the identification F 1 Change to sign F 2 Comprising: the first network agent transfers the mapping relation of the receiving direction from the identifier F 1 The mapping relation between the first service identifier and the first service identifier is changed into an identifier F 2 Mapping relation with the identity of the first service. The mapping relation of the reception direction is a mapping relation for realizing the function (2).
It will be appreciated that at identifier F 2 In the case of the identity of the second virtual channel, the identity of the first virtual channel is identified from the identity F 1 Change to sign F 2 Thereafter, in order to avoid communication anomalies, the identity of the second virtual channel also needs to be altered. Alternatively, the identity of the second virtual channel may be selected from the identity F 2 Change to sign F 1 Can also be from the mark F 2 Change to sign F 3 Wherein, sign F 3 Is the identity of the first network agent or control node in the container system newly assigned to the second virtual channel. The modification process of the identifier of the second virtual channel is similar to that of the identifier of the first virtual channel described above, and thus will not be described again.
It should be noted that, during the modification of the identities of the first virtual channel and the second virtual channel, the two should be performed synchronously so as not to affect the transmission of the messages by the first virtual channel and the second virtual channel. For example, when the first network agent sends an identification change request to the second network agent, the first network agent also sends a second identification change request to the second network agent for instructing the second network agent to change the identification of the second virtual channel; for another example, the first network agent may also alter the identity of the second virtual channel in the direction of reception when altering the identity of the first virtual channel in the direction of reception.
Optionally, when the identity of the second virtual channel is identified from the identity F 2 Change to sign F 1 When the first virtual channel identifier and the second virtual channel identifier are exchanged. Thus, to save communication resources, the first identity change request may be configured to instruct the second network proxy to exchange the identity F 1 And sign F 2 (i.e. the identity of the first virtual channel is identified from the identity F 1 Change to sign F 2 And slave identification F of the second virtual channel 2 Change to sign F 1 ) Is a command of (a). At this point, the first network agent may not need to send a second identity change request to the second network agent. However, considering that the following cases 1-3 may occur in the actual application, the second network agent should also return the first identifier change response and the second identifier change response to the first network agent through the first virtual channel and the second virtual channel, respectively.
It can be seen that when the mark F 2 When the identifier is the identifier of the second virtual channel, the method for changing the identifier of the first virtual channel does not interrupt the process of transmitting the message by the first virtual channel and the second virtual channel, in other words, the method can change the identifier of the first virtual channel on the basis that the message transmission by the first virtual channel and the second virtual channel is not affected. To identify F by exchange 1 And sign F 2 By way of example, the identity of the first virtual channel is altered, as shown in fig. 11, assuming that the second virtual channel is used to transmit communication messages between the third service and the second service:
(1) Before the first network agent sends a first identity change request to the second network agent, the identity of the first virtual channel is identity F 1 The identity of the second virtual channel is identity F 2 Thus, the first netBoth the network proxy and the second network proxy will use the identity F 1 To process traffic data to be transmitted via the first virtual channel, using the identification F 2 To process traffic data that needs to be transmitted via the second virtual channel. Specifically, the identifier F is carried in a message sent by the first network agent (second network agent) to the second network agent (first network agent) through the first virtual channel 1 The method comprises the steps of carrying out a first treatment on the surface of the The first network agent (second network agent) receives the message from the first virtual channel, uses the identity F 1 To forward the traffic data in the message to the first service (second service); the message sent by the first network agent (second network agent) to the second network agent (first network agent) through the second virtual channel carries the identifier F 2 The method comprises the steps of carrying out a first treatment on the surface of the The first network agent (second network agent) will use the identity F when it receives the message from the second virtual channel 2 To forward the traffic data in the message to the third service (fourth service).
(2) After the first network agent sends the first identifier change request to the second network agent, as can be seen from S403, the first network agent will send the identifier of the first virtual channel in the sending direction from the identifier F 1 Change to sign F 2 And the identification of the second virtual channel of the sending direction is determined from the identification F 2 Change to sign F 1 Therefore, the message sent by the first network proxy to the second network proxy through the first virtual channel carries the identifier F 1 Carried in the message sent to the second network proxy via the second virtual channel is an identification F 2 . As can be seen from S404, after receiving the first identifier change request, the second network agent will change the identifier of the first virtual channel from the identifier F based on the first identifier change request 1 Change to sign F 2 And slave identification F of the second virtual channel 2 Change to sign F 1 Thus, in a subsequent process, the second network agent will use the identity F when it receives a message from the first virtual channel 2 To forward the traffic data in the message to the second service, the second network proxy will use the identity F when receiving the message from the second virtual channel 1 To connect the business in the messageThe data is forwarded to the fourth service.
(3) After the second network agent returns the first identity change response and the second identity change response to the first network agent, since the second network agent has already moved the identity of the first virtual channel from identity F 1 Change to sign F 2 And slave identification F of the second virtual channel 2 Change to sign F 1 Therefore, in the subsequent process, the identifier F is carried in the message sent by the second network proxy to the first network proxy through the first virtual channel 2 Carried in the message sent to the first network proxy via the second virtual channel is an identification F 1 . As can be seen from S406, after receiving the first identifier change response, the first network agent will change the identifier of the first virtual channel in the receiving direction from the identifier F based on the first identifier change response 1 Change to sign F 2 After the first network agent receives the second identifier change response, the first network agent will follow the identifier of the second virtual channel in the receiving direction from the identifier F based on the second identifier change response 2 Change to sign F 1 . Thus, in the subsequent process, when the first network agent receives a message from the first virtual channel, the identifier F is used 2 To forward the traffic data in the message to the first service, the first network proxy will use the identity F when receiving the message from the second virtual channel 1 To forward the traffic data in the message to the third service.
In the embodiment of the application, besides the improvement of the transmission efficiency of the service data by changing the identification of the first virtual channel, the method can be realized in the following manner:
Considering that a plurality of communication channels (including the second communication channel) can be established between the first network agent and the second network agent, a virtual channel can be established on each communication channel, and the process can be see S106-S108. Thus, the first network agent may select a communication channel having the least number of carried virtual channels from the plurality of communication channels, and then establish the first virtual channel on the communication channel. In this way, the first network agent or the control node of the container system can assign a shorter length identifier to the first virtual channel.
In a specific implementation, the first network agent may determine the size of the service data to be transmitted before creating the first virtual channel. When the service data to be transmitted is large, the first network agent may select the communication channel with the least number of carried virtual channels and then establish the first virtual channel on the channel, or the first network agent may establish a new communication channel connected to the second network agent and then establish the first virtual channel on the new channel.
Fig. 7-10 above describe the communication process between the first service and the second service under the condition that the first virtual channel is normal. However, in practical applications, there may be a case where the first virtual channel is disconnected, where the case where the first virtual channel is disconnected includes one or two of the following: the first service disconnects a first communication channel with the first network agent and the second service disconnects a third communication channel with the second network agent. The disconnection process of communication between the first service and the second service in one or both of the above cases is described below, respectively.
Case 1, first communication channel between first service disconnect and first network proxy
The first service sends a notification message to the first network proxy to disconnect the first communication channel. After receiving the notification message for disconnecting the first communication channel, the first network agent sends a first disconnection message to the second network agent, where the first disconnection message is used to indicate that the first network agent sets the first virtual channel to a semi-closed state locally, and the semi-closed state includes that the first network agent can receive a specified message (such as a second disconnection message hereinafter) from the first virtual channel, but cannot receive a data transmission message (such as a data transmission message R) from the first virtual channel 2 And data transfer message R 3 ). After receiving the first disconnection message, the second network proxy returns a second disconnection message to the first network proxy, and deletes the mapping relationship between the identifier of the first virtual channel and the identifier of the second service, where the second disconnection message is used to represent the current second networkThe agent locally sets the first virtual channel to a fully closed state, which includes the second network agent not receiving all messages from the first virtual channel. And after the first network proxy receives the second disconnection message, deleting the mapping relation between the identification of the first virtual channel and the identification of the first service, and disconnecting the first virtual channel. In this way, the identity of the first virtual channel is released, which the first network agent can assign to other virtual channels.
Optionally, if the first network agent receives the notification message for disconnecting the first communication channel, the first network agent also receives a data transmission message (e.g., data transmission message R 2 And data transfer message R 3 ) The first network agent discards the data transfer message.
Alternatively, if case 1 occurs before the identity of the first virtual channel is changed, i.e., the first network agent receives the notification message that disconnects the first communication channel before the first network agent sends the first identity change request to the second network agent (i.e., S402), the first network agent may not send the first identity change request to the second network agent.
Alternatively, if case 1 occurs during the process of changing the identity of the first virtual channel, the identity of the first virtual channel is determined from the identity F 1 Change to sign F 2 Thereafter, the first virtual channel is disconnected again, i.e. the occurrence of case 1 does not interrupt the process of modifying the identity of the first virtual channel. Specifically: when the first network agent receives the notification message (where the message carries the identifier F) 1 ) After the first network agent sends the first identifier change request to the second network agent, the second network agent receives the first identifier change request first and then receives the first disconnect message for the second network agent. Therefore, the second network agent will execute the above steps S404-S405 first, and then execute: returning a second disconnect message (where the message carries an identification F) to the first network proxy 2 ) And delete flag F 2 Mapping relation with the identity of the second service. Accordingly, it isThe first network agent may execute S406 first, and execute after receiving the second disconnect message: delete flag F 2 And disconnecting the first virtual channel.
Case 2, third communication channel between second service disconnect and second network proxy
The second service sends a notification message to the second network proxy to disconnect the third communication channel. And after receiving the notification message for disconnecting the third communication channel, the second network proxy sends a second disconnection message to the first network proxy, and deletes the mapping relation between the identification of the first virtual channel and the identification of the second service. And after the first network proxy receives the second disconnection message, deleting the mapping relation between the identification of the first virtual channel and the identification of the first service, and disconnecting the first virtual channel.
Optionally, if the second network agent receives the notification message for disconnecting the third communication channel, the second network agent also receives a data transmission message (such as data transmission message R 1 ) The second network agent discards the data transfer message.
Alternatively, if case 2 occurs during the process of modifying the identity of the first virtual channel, in particular:
(1) When the second network agent receives the notification message for disconnecting the third communication channel, the first network agent sends the first identifier change request to the second network agent (S402), and before the second network agent receives the first identifier change request, that is, the second network agent receives the notification message for disconnecting the third communication channel first, and then receives the first identifier change request. Thus, the second network agent will first perform a second disconnect message (where the message carries the identification F) 1 ) Re-executing the delete flag F 1 Mapping relation with the identity of the second service. Accordingly, the first network agent will first execute the above-mentioned S401-S403; after receiving the second disconnect message, performing: deleting identity of first virtual channel of receiving direction (i.e. identity F 1 ) Mapping relationship with the identity of the first service, deleting the identity of the first virtual channel in the sending direction (i.e. identity F 2 ) And disconnecting the first virtual channel.
(2) When the second network agent receives the notification message for disconnecting the third communication channel, the second network agent receives the first identifier change request before the second network agent receives the first identifier change request, that is, the second network agent receives the notification message for disconnecting the third communication channel. Thus, the second network agent will first perform the above-described S404-S405 and then send a second disconnect message (where the message carries the identification F) to the first network agent 2 ). Accordingly, the first network agent receives the first identifier change response and then receives the second disconnect message, so the first network agent performs S406 first and then performs: delete flag F 2 And disconnecting the first virtual channel.
Case 3: the first network agent receives a notification message sent by the first service to disconnect the first communication channel, and at the same time, the second network agent receives a notification message sent by the second service to disconnect the third communication channel.
The first service sends a notification message to the first network proxy to disconnect the first communication channel. And after receiving the notification message for disconnecting the first communication channel, the first network agent sends a first disconnection message to the second network agent, and discards the data transmission message sent by the second network agent through the first virtual channel.
The second service sends a notification message to the second network proxy to disconnect the third communication channel. After receiving the notification message for disconnecting the third communication channel, the second network proxy sends a second disconnection message to the first network proxy, and deletes the identifier F 1 And discarding all messages (including the first disconnect message) sent by the first network proxy through the first virtual channel.
After the first network agent receives the second disconnect message,delete flag F 1 And the mapping relation between the first virtual channel and the identification of the first service is disconnected.
Alternatively, if case 3 occurs before changing the identity of the first virtual channel, the first network agent may not send the first identity change request to the second network agent.
Alternatively, if the case 3 occurs in the process of changing the identifier of the first virtual channel, the disconnection process of the first virtual channel and the process of changing the identifier of the first virtual channel are identical to the implementation ideas of the case 1 and the case 2 when they occur in the process of changing the identifier of the first virtual channel, and thus, the description will not be repeated here for the sake of simplicity.
It should be noted that the disconnection of the first virtual channel (including any of the above cases) does not affect the modification of the identification of the second virtual channel. The reason is as follows: so long as the second network agent can receive the second identity change request sent by the first network agent (or can instruct the second network agent to exchange the identity F) 1 And sign F 2 A first identifier change request of (2) indicating that the first network agent has changed the identifier of the second virtual channel of the transmission direction, and the second network agent may change the identifier of the second virtual channel to identifier F 1 . Since the second virtual channel is in a normal connection state, the second network agent may send a second identifier change response to the first network agent through the second virtual channel, and then the first network agent may change the identifier of the second virtual channel in the receiving direction. In this way, the modification of the identity of the second virtual channel may be completed.
As can be seen from the above-mentioned fig. 7 to 11, the messages transmitted through the first virtual channel are various, and may specifically include the heartbeat message in S106, the virtual connection message in S108, and the data transmission message R in S202 1 Data transfer message R in S205 2 Data transfer message R in S302 3 The first identity change request in S402, the first identity change response in S405, the first disconnect message and the second disconnect message described above. To distinguish such information, embodiments of the present application provide for transmitting based on a first virtual channelAn operation type field is set in the incoming message, which field may be set to different values for distinguishing between different operations performed on the first virtual channel.
For example, as shown in fig. 12, the operation type field may include a plurality of parts. Wherein the first field can be used for dividing the messages transmitted based on the first virtual channel into two types, namely a virtual connection message and a data transmission message R 1 Data transfer message R 2 Data transfer message R 3 A first disconnect message and a second disconnect message, the first fields of such messages being 0; the other is a heartbeat message, a first identity change request, and a first identity change response, with the first field of such messages being 1.
For messages with the first fields being 0, a third field may be used to distinguish, in particular: the third field being 0 indicates that the message is a message for establishing a virtual channel, i.e., the virtual connection message described above; the third field is 1 to indicate that the message is a message for transmitting service data, i.e. the above-mentioned data transmission message R 1 Data transfer message R 2 Data transfer message R 3 The method comprises the steps of carrying out a first treatment on the surface of the The third field is 2 indicating that the message is a message for disconnecting the virtual channel, i.e. the first disconnect message and the second disconnect message described above. In addition, the first disconnect message and the second disconnect message may be distinguished by a fourth field, where a fourth field of 0 indicates that the message is the first disconnect message and a fourth field of 1 indicates that the message is the second disconnect message.
For messages with a first field of 1, the second field may be used to distinguish, in particular: the second field being 0 indicates that the message is a request for changing the identity of the virtual channel, i.e. the first identity changing request described above; the second field being 1 indicates that the message is a response to the first identity change request, i.e., the first identity change response described above; the second field being 2 indicates that the message is the heartbeat message described above.
It should be understood that fig. 12 only illustrates an exemplary message structure, and in practical applications, various types of messages transmitted based on the first virtual channel may be differentiated by using other formats, which is not limited to the embodiment of the present application.
The proxy protocol provided by the present application is described in detail above through a communication procedure between the first service and the second service, and the above proxy protocol is further described below in terms of the structures of the first network proxy and the second network proxy supporting the proxy protocol in conjunction with fig. 13 to 15.
Fig. 13 illustrates an exemplary architecture diagram of a first network agent that may be the method embodiment described above (i.e., the first network agent of fig. 7-12). As shown in fig. 13, the first network proxy 400 includes a service access module 410, a channel establishment module 420, an identification modification module 430, and a data storage module 440. The service access module 410, the channel establishment module 420, the identification modification module 430 and the data storage module 440 cooperate to implement the steps performed by the first network agent in the above-described method embodiment. Specifically, the service access module 410 is configured to be responsible for accessing the first service, and includes the step of receiving the first message in the S102, the step of receiving the second message in the S201, the step of S202, the step of S206, the step of S303, and the step of receiving a notification message from the first service that disconnects the first virtual channel; the channel establishment module 420 is configured to perform the steps related to establishing the first communication channel in the above S101, the steps related to establishing the first virtual channel in the above S103-S106, the steps related to establishing the first virtual channel in the above S108, and the related steps of sending a first disconnect message to the second network agent and receiving a second disconnect message from the second network agent; the identifier modification module 430 is configured to execute the above-mentioned S401-S403 and the above-mentioned S406; the storage module 440 is configured to perform the steps of storing the mapping relationship between the identifier of the first virtual channel and the identifier of the first service in S107 and S108, and deleting the mapping relationship between the identifier of the first virtual channel and the identifier of the first service if the first virtual channel is disconnected.
It should be understood that the schematic structure shown in fig. 13 is merely an exemplary structure dividing manner for dividing the first network agent according to functions, and the embodiment of the present application is not limited to a specific dividing manner of the structure of the first network agent. It should also be understood that each module inside the first network agent may be a software module, or may be a hardware module, or may be a part of a software module and a part of a hardware module.
Fig. 14 illustrates a schematic architecture of a computing device on which the first network proxy 400 may be deployed, which may be a computing device in a cloud environment (e.g., a server), or a computing device in an edge environment, or a terminal computing device. As shown in fig. 14, the computing device 500 includes a memory 510, a processor 520, a communication interface 530, and a bus 540, wherein the memory 510, the processor 520, and the communication interface 530 implement communication connection therebetween through the bus 540.
The memory 510 may include a Read Only Memory (ROM), a static storage device, a dynamic storage device, or a random access memory (random access memory, RAM), a hard disk, or the like. The memory 510 may store program codes, for example, program codes in the service access module 410, program codes in the channel setup module 420, program codes in the identification modification module 430, program codes in the data storage module 440, and the like. When the program code stored in the memory 510 is executed by the processor 520, the processor 520 and the communication interface 530 are configured to execute some or all of the methods executed by the first network agent 400 (including the steps executed by the first network agent in the above-described S101-S108, S201-S202, S206, S303, and the steps executed by the first network agent when the first virtual channel is disconnected). Memory 510 may also store data such as: intermediate or result data generated by processor 520 during execution, e.g. identification of the first virtual channel, data transfer message R 1 Etc.
The processor 520 may employ a central processing unit (central processing unit, CPU), application specific integrated circuit (application specific integrated circuit, ASIC), graphics processor (graphics processing unit, GPU), or one or more integrated circuits.
Processor 520 may also be an integrated circuit chip with signal processing capabilities. In implementation, the functions of the first network proxy 400 may be performed by integrated logic circuitry in hardware or instructions in software in the processor 520. The processor 520 may also be a general purpose processor, a data signal processor (digital signal process, DSP), a field programmable gate array (field programmable gate array, FPGA) or other programmable logic device, discrete gate or transistor logic devices, discrete hardware components, and may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. The method disclosed in the embodiment of the application can be directly embodied as a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in the memory 510, and the processor 520 reads the information in the memory 510, and in combination with its hardware, performs part or all of the functions of the first network proxy 400.
Communication interface 530 enables communication between computing device 500 and other devices or communication networks using a transceiver module such as, but not limited to, a transceiver. Illustratively, a message (e.g., a first message) is received from a first service via the communication interface 530 and a message (e.g., a data transfer message R) is sent to a second network proxy 1 )。
Bus 540 may include a path to transfer information between various components in computing device 500 (e.g., memory 510, processor 520, and communication interface 530).
Fig. 15 illustrates a schematic architecture of a computing device system that includes multiple computing devices, where the first network proxy 400 may be distributed across the multiple computing devices. As shown in fig. 15, computing device system 600 includes a plurality of computing devices 700, each computing device 700 including a memory 710, a processor 720, a communication interface 730, and a bus 740, wherein memory 710, processor 720, communication interface 730 implement a communication connection between each other via bus 740.
The memory 710 may include ROM, RAM, static storage devices, dynamic storage devices, hard disks (e.g., SSD, HDD), etc. The memory 710 may store program codes, for example, a portion of program codes in the service access module 410, a portion of program codes in the channel setup module 420, a portion of program codes in the identification modification module 430, a portion of program codes in the data storage module 440, and the like. When the program code stored in the memory 710 is executed by the processor 720, the processor 720 and the communication interface 730 are configured to execute part of the method executed by the first network agent 400 (including the steps executed by the first network agent in the above-described S101-S108, S201-S202, S206, S303, and the steps executed by the first network agent when the first virtual channel is disconnected). Memory 710 may also store data such as: intermediate or result data generated by processor 720 during execution, e.g. identification of the first virtual channel, data transfer message R 1 Etc.
Processor 720 may employ CPU, GPU, ASIC or one or more integrated circuits. Processor 720 may also be an integrated circuit chip with signal processing capabilities. In implementation, some of the functions of the first network proxy 400 may be performed by instructions in the form of integrated logic circuits or software in hardware in the processor 720. Processor 720 may also be a DSP, FPGA, general purpose processor, other programmable logic device, discrete gate or transistor logic device, discrete hardware components, and may implement or perform some of the methods, steps, and logic blocks disclosed in embodiments of the present application. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware decoding processor or in a combination of hardware and software modules in the decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in the memory 710, and the processor 720 reads the information in the memory 710 and performs part of the functions of the first network proxy 400 in combination with its hardware.
Communication interface 730 enables communication between computing device 700 and other computing devices or communication networks using transceiver modules such as, but not limited to, transceivers. For example, receiving a message (e.g., a first message) from a first service via communication interface 730, or sending a message (e.g., data transfer message R) to a second network agent 1 )。
Bus 740 may include a path for transferring information between various components in computing device 700 (e.g., memory 710, processor 720, and communication interface 730).
Communication paths are established between the plurality of computing devices 700 through a communication network to implement the functions of the first network proxy 400. Any computing device may be a computing device in a cloud environment (e.g., a server), or a computing device in an edge environment, or a terminal computing device.
In the embodiment of the present application, the structure of the second network proxy may be the same as the structure of the first network proxy shown in fig. 13 to 15, or may be a modified structure based on the structural design of the first network proxy, so that the embodiment of the present application will not be described in detail with respect to the structure of the second network proxy.
The descriptions of the processes corresponding to the drawings have emphasis, and the related descriptions of other processes can be referred to for parts of a certain process, which are not described in detail.
In the above embodiments, it may be implemented in whole or in part by software, hardware, or a combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product providing the first network proxy 400 or the container system (including the container system shown in fig. 3-6) includes one or more computer program codes, respectively, executed by the first network proxy 400 and one or more computer program codes executed by the container system. When the computer program code is loaded into and executed on a computer, the processes or functions described in accordance with embodiments of the present application are all or partially produced.
The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer program code may be stored in or transmitted from one computer readable storage medium to another, for example, a website, computer, server, or data center via a wired (e.g., coaxial cable, fiber optic, twisted pair, or wireless (e.g., infrared, wireless, microwave), etc.). The computer readable storage medium stores computer program code that provides for execution by the first network proxy 400 or container system (including the container systems shown in fig. 3-6). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more media integrated servers, data centers, and the like. The above-mentioned usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., an optical disk), or a semiconductor medium (e.g., a Solid State Disk (SSD)).

Claims (18)

1. A method of communication, comprising:
a first network agent establishes a first virtual channel on a communication channel between the first network agent and a second network agent, wherein the first network agent is responsible for accessing a first service, the second network agent is responsible for accessing a second service, the first virtual channel is used for transmitting a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, and the identifier of the first virtual channel is a first identifier at present;
the first network agent changes the identity of the first virtual channel from the first identity to a second identity, wherein the length of the second identity is less than the length of the first identity.
2. The method of claim 1, wherein the second identification is an identification of a second virtual channel on the communication channel.
3. The method of claim 2, wherein the first network agent changes the identity of the first virtual channel from the first identity to a second identity when one or more of the following conditions are met:
the priority of the service data transmitted on the first virtual channel is higher than the priority of the service data transmitted on the second virtual channel, and the efficiency of the service data transmission on the first virtual channel is lower than the efficiency of the service data transmission on the second virtual channel.
4. A method according to any of claims 1-3, wherein the second network proxy stores a first mapping between the identity of the first virtual channel and the identity of the second service, wherein the first mapping is used to instruct the second network proxy to forward traffic data from the first virtual channel to the second service.
5. The method of claim 4, wherein the first network agent stores a second mapping between the identity of the first virtual channel and the identity of the first service, wherein the second mapping is used to instruct the first network agent to forward the traffic data from the first virtual channel to the first service;
the first network agent changing the identity of the first virtual channel from the first identity to a second identity, comprising:
the first network agent changes the identification of the first virtual channel in the second mapping relationship from the first identification to the second identification.
6. The method of claim 5, wherein the first network agent changing the identity of the first virtual channel in the second mapping from the first identity to the second identity comprises:
The first network agent sends an identification change request to the second network agent, wherein the identification change request is used for indicating the second network agent to change the identification of the first virtual channel in the first mapping relation from the first identification to the second identification;
the first network agent changes the identifier carried in the communication message sent to the second network agent through the first virtual channel from the first identifier to the second identifier;
the first network agent receives an identification change response returned by the second network agent, and changes an identification for forwarding traffic data from the first virtual channel to the first service from the first identification to the second identification based on the identification change response.
7. The method of any of claims 1-6, wherein the communication channel is a transmission control protocol, TCP, channel, and wherein the first network agent establishes a first virtual channel over the communication channel with the second network agent, the method further comprising:
the first network agent sends a TCP connect message to the second network agent to establish the communication channel.
8. The method of any of claims 1-6, wherein the communication channel is a TCP channel, and wherein the first network agent establishes the first virtual channel over the communication channel with the second network agent, the method further comprising:
the first network agent establishes the communication channel based on the TCP connection message sent by the second network agent.
9. The method of any of claims 1-8, wherein the first network agent establishes a first virtual channel over a communication channel with a second network agent, comprising:
and responding to the message sent by the first service, the first network proxy establishes the first virtual channel, wherein the message sent by the first service does not bear the service data sent by the first service to the second service.
10. The method of any of claims 1-9, wherein the first network agent establishes a first virtual channel over a communication channel with a second network agent, comprising:
the first network agent sends a virtual connection message to the second network agent through the communication channel, wherein the virtual connection message comprises an identifier of the first virtual channel and an identifier of the second service, and the virtual connection message is used for indicating the second network agent to establish the communication channel with the second service.
11. A communication method, characterized by being applied to a container system, said system comprising a first container, a second container, and a first network agent and a second network agent according to any of the preceding claims 1-10, wherein,
the first container runs a first service;
the second container running a second service;
the first network agent establishes a first virtual channel on a communication channel between the first network agent and the second network agent, wherein the first network agent is responsible for accessing the first service, the second network agent is responsible for accessing the second service, the first virtual channel is used for transmitting a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, and the identifier of the first virtual channel is a first identifier at present;
the first network agent changes the identity of the first virtual channel from the first identity to a second identity, wherein the length of the second identity is less than the length of the first identity.
12. The method of claim 11, wherein the communication channel is a transmission control protocol, TCP, channel, and wherein the first network agent establishes a first virtual channel over the communication channel with the second network agent, the method further comprising:
The first network agent sends a TCP connect message to the second network agent to establish the communication channel.
13. The method of claim 11, wherein the communication channel is a TCP channel, and wherein the first network agent establishes a first virtual channel over the communication channel with the second network agent, the method further comprising:
and the second network agent sends a TCP connection message to the first network agent to establish the communication channel.
14. The method of any of claims 11-13, wherein the first network agent establishes a first virtual channel over a communication channel with a second network agent, comprising:
and responding to the message sent by the first service, the first network proxy establishes the first virtual channel, wherein the message sent by the first service does not bear the service data sent by the first service to the second service.
15. A first network proxy comprising:
the business access module is used for being responsible for the access of the first service;
the system comprises a channel establishing module, a first network agent and a second network agent, wherein the channel establishing module is used for establishing a first virtual channel on a communication channel between the second network agent and the second network agent, the second network agent is responsible for accessing a second service, the first virtual channel is used for transmitting a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, and the identifier of the first virtual channel is a first identifier at present;
The identifier changing module is used for changing the identifier of the first virtual channel from the first identifier to a second identifier, wherein the length of the second identifier is smaller than that of the first identifier.
16. A container system comprising a first container, a second container, and a first network agent and a second network agent according to any one of the preceding claims 1-10, wherein,
the first container is used for running a first service;
the second container is used for running a second service;
the second network agent is configured to be responsible for access to the second service;
the first network proxy is configured to take charge of access of the first service, and establish a first virtual channel on a communication channel between the first network proxy and the second network proxy, where the first virtual channel is configured to transmit a communication message between the first service and the second service, the communication message carries an identifier of the first virtual channel, the identifier of the first virtual channel is a first identifier currently, and the identifier of the first virtual channel is changed from the first identifier to a second identifier, where a length of the second identifier is smaller than a length of the first identifier.
17. A computing device comprising a processor and a memory, the processor executing computer program code in the memory to implement the method of any of the preceding claims 1-10.
18. A computer readable storage medium, characterized in that a computer program code is stored which, when executed by a computing device, performs the method of any of the preceding claims 1-10.
CN202210423516.1A 2022-04-21 2022-04-21 Communication method and related product Pending CN116980476A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210423516.1A CN116980476A (en) 2022-04-21 2022-04-21 Communication method and related product
PCT/CN2023/079651 WO2023202241A1 (en) 2022-04-21 2023-03-03 Communication method and related product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210423516.1A CN116980476A (en) 2022-04-21 2022-04-21 Communication method and related product

Publications (1)

Publication Number Publication Date
CN116980476A true CN116980476A (en) 2023-10-31

Family

ID=88419038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210423516.1A Pending CN116980476A (en) 2022-04-21 2022-04-21 Communication method and related product

Country Status (2)

Country Link
CN (1) CN116980476A (en)
WO (1) WO2023202241A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070239922A1 (en) * 2005-12-09 2007-10-11 Horigan John W Technique for link reconfiguration
CN104539531B (en) * 2014-12-25 2019-08-02 网宿科技股份有限公司 Data transmission method and device
US11489779B2 (en) * 2019-05-20 2022-11-01 Citrix Systems, Inc. Systems and methods for managing streams of packets via intermediary devices
CN114077502A (en) * 2020-08-14 2022-02-22 华为技术有限公司 Method for establishing data transmission channel, terminal system and storage medium

Also Published As

Publication number Publication date
WO2023202241A1 (en) 2023-10-26

Similar Documents

Publication Publication Date Title
EP3843440B1 (en) Network slice selection method and device
WO2023000935A1 (en) Data processing method, network element device, and readable storage medium
US12052175B2 (en) Controlling a destination of network traffic
WO2019137516A1 (en) Network slice deployment method and apparatus
US11425606B1 (en) Direct MVNO RAN resource management system
CN112889245B (en) Network system and architecture with multiple load balancers and network access controller
WO2023000940A1 (en) Data processing method and apparatus, and network element device, storage medium and program product
CN112968965B (en) Metadata service method, server and storage medium for NFV network node
US20190037028A1 (en) Distributed gateways with centralized data center for high throughput satellite (hts) spot beam network
CN110784434A (en) Communication method and device
US10257080B1 (en) Hardware resource allocation for equal-cost multi-path groups
US11985065B2 (en) Enabling isolated virtual network configuration options for network function accelerators
CN113765801B (en) Message processing method and device applied to data center, electronic equipment and medium
CN117041147B (en) Intelligent network card equipment, host equipment, method and system
WO2024078050A1 (en) Method and apparatus for performing data transmission
WO2020187124A1 (en) Data processing method and device
JP2024108163A (en) Cross card link aggregation method of data processor virtual port, device and medium
CN116980476A (en) Communication method and related product
US20210281656A1 (en) Applying application-based policy rules using a programmable application cache
CN115914389B (en) Cloud service control system, method, device, electronic equipment and storage medium
US20230134319A1 (en) Distributed ledger control over wireless network slices
WO2019052363A1 (en) Method and apparatus for modifying network slice instance
WO2023026443A1 (en) Information processing system, information processing method, and information processing program
CN111953804B (en) Network data transmission method, device, medium and electronic equipment
US20230409363A1 (en) Radio-based application processing server with network function accelerator at virtualization management offloading card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication