CN117938800A

CN117938800A - Method, device and computer program product for rapidly switching IP addresses

Info

Publication number: CN117938800A
Application number: CN202410264061.2A
Authority: CN
Inventors: 沈俊
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2024-03-07
Filing date: 2024-03-07
Publication date: 2024-04-26

Abstract

The application discloses a method, a device and a computer program product for rapidly switching IP addresses. Wherein the method comprises the following steps: receiving an access request of a target terminal to an IP address forwarded by upper equipment, and determining a first server corresponding to the IP address; and under the condition that the first server is abnormal, calling a preset address resolution protocol table to determine at least one second server sharing the same virtual MAC address with the first server, and forwarding an access request to any one second target server in the at least one second server, wherein the mapping relation between the IP addresses of a plurality of servers which are in a main-standby relation with each other and the same virtual MAC address is recorded in the address resolution protocol table. The application solves the technical problem that the high availability of the IP address is reduced by shortening the ARP aging update time to switch the IP address in the related technology.

Description

Method, device and computer program product for rapidly switching IP addresses

Technical Field

The present application relates to the field of cloud computing application technologies, and in particular, to a method and apparatus for rapidly switching IP addresses, and a computer program product.

Background

With the rapid development of cloud computing, there is an increasing demand for cloud computing to be highly available. The traditional high availability of the service IP address can cause the change of the MAC address of the service IP due to the switching of the IP address, and after the switching of the IP address, the service IP address can be bound to a new MAC address, so that the ARP (Address Resolution Protocol ) table entries originally recorded by the distributed virtual switch in the cloud resource layer and the network equipment in the network layer are inconsistent with the ARP representation of the association relation between the switched IP address and the MAC address. Further, when the service IP address is accessed externally, the ARP entry update is not triggered, which may result in that the correct server cannot be addressed.

At present, related technicians mostly solve the above problem by shortening the ARP aging update time, but the shorter ARP aging update time tends to increase the burden of the network device, and at the same time, the method cannot achieve high availability of the service IP address.

In view of the above problems, no effective solution has been proposed at present.

Disclosure of Invention

The embodiment of the application provides a method, a device and a computer program product for rapidly switching IP addresses, which at least solve the technical problem that the high availability of the IP addresses is reduced due to the fact that the related technology switches the IP addresses by shortening ARP aging update time.

According to an aspect of the embodiment of the present application, there is provided a fast switching method of IP addresses, including: receiving an access request of a target terminal to an IP address forwarded by upper equipment, and determining a first server corresponding to the IP address; and under the condition that the first server is abnormal, calling a preset address resolution protocol table to determine at least one second server sharing the same virtual MAC address with the first server, and forwarding an access request to any one second target server in the at least one second server, wherein the mapping relation between the IP addresses of a plurality of servers which are in a main-standby relation with each other and the same virtual MAC address is recorded in the address resolution protocol table.

Optionally, the configuration process of the address resolution protocol table includes: calling a preset configuration command to set MAC addresses corresponding to IP addresses of a plurality of servers to be the same virtual MAC address, wherein the plurality of servers with the same virtual MAC address are in a master-slave relationship; and summarizing the mapping relation between the IP addresses and the virtual MAC addresses of the servers to obtain an address resolution protocol.

Optionally, invoking a preset configuration command to set MAC addresses corresponding to the IP addresses of the plurality of servers to the same virtual MAC address includes: and calling a configuration command to modify kernel parameters of the plurality of servers, and setting MAC addresses corresponding to the IP addresses of the plurality of servers to be the same virtual MAC address, wherein the kernel parameters comprise at least one of the following: KEEPALIVED main configuration file, SELinux parameters, firewall parameters and Linux bottom layer parameters.

Optionally, the modifying the kernel parameters of the plurality of servers by calling a preset configuration command to set the MAC addresses corresponding to the IP addresses of the plurality of servers to the same virtual MAC address includes: for each server, invoking a first command to set a use_ vmac parameter within a KEEPALIVED master profile of the server to a virtual MAC address; and calling a second command to modify a SELinux parameter of the server, wherein the SELinux parameter comprises at least one of the following: policy and rights; invoking a third command to modify firewall parameters of the server; and calling a fourth command to modify the Linux bottom layer parameters of the server.

Optionally, the third command includes: the method comprises the steps of a first subcommand, a second subcommand and a third subcommand, wherein the step of calling the third subcommand to modify firewall parameters of a server comprises the following steps: invoking a first subcommand to add the high-availability service into firewall parameters of the server, and setting the access flow corresponding to the high-availability service as a permanent release; calling a second subcommand to add the VRRP protocol into firewall parameters of the server, and setting access flow corresponding to the VRRP protocol as permanent release; and calling a third subcommand to restart firewall parameters of the server.

Optionally, the fourth command includes: the fourth subcommand, the fifth subcommand, the sixth subcommand, and the seventh subcommand, the Linux underlying parameters comprising at least one of: loopback interface, an arp_ignore parameter, an arp_announce parameter, and an arp_filter parameter, wherein invoking the fourth command to modify the Linux bottom layer parameter of the server includes: calling a fourth subcommand to configure a virtual IP address for a Loopback interface of the server; invoking a fifth subcommand to set the Arp_ignore parameter of the server to 1; invoking a sixth subcommand to set the Arp_Annunce parameter of the server to 1; the seventh subcommand is invoked to set the Arp_Filter parameter of the server to 0.

Optionally, forwarding the access request to any one of the at least one second target servers includes: determining a second target server with the response rate higher than a preset threshold value from at least one second server according to the server state parameters, and forwarding the access request to the second target server, wherein the server state parameters comprise at least one of the following: load parameters, network parameters, memory parameters, storage parameters.

According to another aspect of the embodiment of the present application, there is also provided a fast switching device for IP addresses, including: the receiving module is used for receiving the access request of the target terminal to the IP address forwarded by the upper-layer equipment and determining a first server corresponding to the IP address; and the switching module is used for calling a preset address resolution protocol table to determine at least one second server sharing the same virtual MAC address with the first server under the condition that the first server is abnormal, and forwarding an access request to any one of the at least one second target servers, wherein the mapping relation between the IP addresses of the servers which are in a main-standby relation with each other and the same virtual MAC address is recorded in the address resolution protocol table.

According to another aspect of the embodiments of the present application, there is also provided a computer program product comprising a stored computer program, wherein the computer program, when executed by a processor, implements the above-mentioned method of fast switching of IP addresses.

According to another aspect of the embodiment of the present application, there is also provided an electronic device including: the system comprises a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the rapid switching method of the IP address through the computer program.

In the embodiment of the application, an access request of a target terminal to an IP address forwarded by upper equipment is received, and a first server corresponding to the IP address is determined; and under the condition that the first server is abnormal, calling a preset address resolution protocol table to determine at least one second server sharing the same virtual MAC address with the first server, and forwarding an access request to any one second target server in the at least one second server, wherein the mapping relation between the IP addresses of a plurality of servers which are in a main-standby relation with each other and the same virtual MAC address is recorded in the address resolution protocol table.

In the technical scheme, the plurality of servers are ensured to have the same MAC address by configuring the virtual MAC address, so that zero delay switching between the main server and the standby server can be realized when the IP address is switched in a cloud computing scene, service incapability of network equipment of a network layer/cloud resource layer due to MAC address change and long aging period is avoided, the fixation of the MAC address is realized, the verification safety of a system is improved, and the technical problem that the high availability of the IP address is reduced due to the fact that the IP address is switched by shortening ARP aging update time in the related art is solved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

fig. 1 is a schematic diagram of an alternative IP address switching system according to an embodiment of the present application;

Fig. 2 is a flow chart of an alternative IP address handoff method according to an embodiment of the present application;

Fig. 3 is a schematic structural diagram of an alternative IP address switching apparatus according to an embodiment of the present application.

Detailed Description

In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

In addition, the related information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or institution, before acquiring the relevant information, the system needs to send an acquisition request to the user or institution through the interface, and acquire the relevant information after receiving the consent information fed back by the user or institution.

In order to better understand the embodiments of the present application, technical terms related to the embodiments of the present application are explained as follows:

ARP (Address Resolution Protocol ) is a TCP/IP protocol that obtains a physical address from an IP address. Generally, when a host sends a message, all hosts on a broadcast channel local area network are requested by an ARP containing a target IP address, and a return message is received, so that the physical address of the target is determined; after receiving the return message, storing the IP address and the physical address into the local ARP cache for a certain time, and directly inquiring the ARP cache when the next request is made so as to save resources. Therefore, the ARP entry includes a mapping relationship between the IP address and the corresponding MAC address, so that the IP address can be correctly converted into a physical address during transmission of the data packet, and generally, the ARP entry is usually stored in a cache of a computer or a router, so as to be quickly searched and used.

VLAN (Virtual Local Area Network) is a physical network based virtual network technology, the identifier of which is a VLAN ID, by which different virtual networks are distinguished. The VLAN IDs do not correspond to IP addresses, but rather the isolation and communication of the virtual network is accomplished through switches or routers.

VXLAN (Virtual Extensible LAN) is a virtual network technology based on IP networks, the identifier of which is VNI (VXLAN Network Identifier), and different virtual networks are distinguished by VNI. VXLAN uses UDP encapsulation to enable communication between virtual networks, thus requiring the use of IP addresses and ports to transport data.

SDN (Software-Defined Networking) is a network architecture based on a control plane and a data plane separation, where the control plane manages network traffic through an SDN controller and the data plane is responsible for the actual data transmission. SDN may support a variety of network technologies and thus the manner in which its IP address is used depends on the particular network implementation.

KEEPALIVED is specifically configured to monitor a state of each service node in the cluster system, and if a node in the cluster system fails, keep alive can automatically detect the failure, and automatically remove the failed service node from the cluster system, so as to keep the service node running normally.

VRRP (Virtual Router Redundancy Protocol) is a network protocol for providing network device redundancy and failover. It allows multiple routers to share the same virtual IP address, with one router elected as the master router and the other routers in standby. If the primary router fails, the backup router will take over the virtual IP address, thereby ensuring the continuity and reliability of the network.

Hypervisor is a virtualization software that allows multiple virtual machines to run on a single physical server. It can partition and allocate the computing resources of the physical servers to different virtual machines, enabling them to independently run different operating systems and applications. Hypervisor is commonly used in data centers and cloud computing environments to increase server utilization and flexibility.

Example 1

According to an embodiment of the present application, a method embodiment of a method for fast switching an IP address is provided, where the method embodiment provided by the embodiment of the present application may be executed in an IP address switching system shown in fig. 1. Fig. 1 is a schematic diagram of an alternative IP address switching system according to an embodiment of the present application. As shown in fig. 1, the system includes: a network layer, a cloud resource layer, a system layer, wherein,

The network layer includes a plurality of network devices (network device 1, network device 2, network device 3 …), and the network device may receive an access request of the target device to the IP address, and forward an access flow corresponding to the access request to a broadcast domain such as a corresponding VLAN/VXLAN according to a corresponding flow label in multiple manners such as VLAN/VXLAN/SDN; in the corresponding broadcast domain, searching a two-layer channel of the MAC address according to the IP address of the two-layer channel and an ARP table entry corresponding to the MAC address of the two-layer channel, and sending the access flow of the access request to a corresponding distributed virtual machine in the cloud resource layer through the intra-cloud network;

The cloud resource layer comprises a plurality of distributed virtual switches and hypervisors, and the distributed virtual switches can forward the access traffic corresponding to the access request to a corresponding broadcast domain such as VLAN/VXLAN according to the corresponding traffic label after receiving the access traffic, and send the access traffic of the access request to a corresponding server in the system layer according to the ARP table entry corresponding to the IP address and the MAC address of the distributed virtual switches in the corresponding broadcast domain;

The system layer includes a plurality of servers (server 1, server 2, server 3 …), and the server can implement zero delay of IP address switching in a cloud computing scenario by executing the method for rapidly switching IP addresses according to the embodiment of the present application. Therefore, when the service IP address is switched/changed in a high availability mode, the problem that the access traffic is erroneously led to the original fault server and the service IP is not available is avoided because the system layer does not send updated ARP (address resolution protocol) list items to be synchronized to the cloud resource layer and the network layer at the upper layer, and the cloud resource layer and the network layer still bind the service IP address with the MAC address of the fault server in the ARP list items.

The following describes in detail a fast handoff method of an IP address implemented on a system layer. It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.

Fig. 2 is a flow chart of an alternative method for fast switching between IP addresses according to an embodiment of the present application, as shown in fig. 2, the method at least includes steps S202 to S204, where:

Step S202, an access request of a target terminal to an IP address forwarded by upper equipment is received, and a first server corresponding to the IP address is determined.

In the solution provided in step S202, the upper layer device may be understood as a network device/distributed virtual switch in the network layer/cloud resource layer. Therefore, when the system layer receives the access request of the target object to the IP address, which is sequentially forwarded by the network layer and the cloud resource layer, each server in the system layer has a unique IP address for identification and positioning, so that the first server to be accessed can be determined according to the IP address. The format of the IP address may be an IPv4 format or an IPv6 format.

Step S204, when the first server is abnormal, calling a preset address resolution protocol table to determine at least one second server sharing the same virtual MAC address with the first server, and forwarding the access request to any one of the at least one second server.

In the technical solution provided in step S204, the system layer may determine whether the first server is abnormal, and if the first server is abnormal, in order to ensure that the service is available, in the embodiment of the present application, one or more second servers sharing the same virtual MAC address with the first server may be determined by using the address resolution protocol table, and the access request may be forwarded to any one of the at least one second target servers. The address resolution protocol table in the system layer records the mapping relation between the IP addresses of a plurality of servers which are in active-standby relation and the same virtual MAC address.

Since the address resolution protocol table refers to a table for storing a correspondence between MAC addresses and IP addresses of network devices, the configuration process of the IP address resolution table in the system layer includes:

Step S1, calling preset configuration commands to set MAC addresses corresponding to IP addresses of a plurality of servers as the same virtual MAC address;

And S2, summarizing the mapping relation between the IP addresses and the virtual MAC addresses of the servers to obtain an address resolution protocol.

Alternatively, the step S1 may be implemented as follows: and calling a configuration command to modify kernel parameters of the plurality of servers so as to set MAC addresses corresponding to the IP addresses of the plurality of servers to the same virtual MAC address, wherein the kernel parameters comprise at least one of the following: KEEPALIVED main configuration file, SELinux parameters, firewall parameters and Linux bottom layer parameters.

Thus, for each server, the system layer may set its virtual MAC address by a configuration comprising:

(1) And calling a first command to set a use_ vmac parameter in a KEEPALIVED main configuration file of the server as a virtual MAC address, so that each server has the same virtual MAC address, and the servers with the same virtual MAC address are in a main-standby relationship.

(2) And calling a second command to modify a parameter SELinux parameter of the server, wherein the SELinux parameter comprises at least one of the following: policy, rights.

Wherein SELinux is a Mandatory Access Control (MAC) system provided in Linux kernel version 2.6, and SELinux incorporates multi-level security or an optional multi-class policy in a type mandatory server and employs a role-based access control concept. In general, due to strict access control of SELinux, some application programs cannot operate normally or cannot interact with other system components correctly, so that the system fails or is unstable, and even crashes. Therefore, when SELinux is turned on, SELinux parameters need to be reasonably configured to ensure stability and reliability of the system.

(3) And calling a third command to modify firewall parameters of the server.

Optionally, the step of modifying the firewall includes: invoking a first subcommand to add the high-availability service into firewall parameters of the server, and setting the access flow corresponding to the high-availability service as a permanent release; calling a second subcommand to add the VRRP protocol into firewall parameters of the server, and setting access flow corresponding to the VRRP protocol as permanent release; invoking a third subcommand to restart the firewall of the server.

Specifically, the modification process of the firewall parameter may include the following steps:

Invoking a first subcommand, namely [ root@server to ] # firewall-cmd-add-service=high-availability-agent, adding the high-availability service into firewall parameters of a server, and setting access flow corresponding to the high-availability service as a permanent release;

Invoking a second subcommand, namely [ root@server to ] # firewall-cmd-add-protocol= VRRP-agent, adding the VRRP protocol into firewall parameters of the server, and setting access flow corresponding to the VRRP protocol as permanent release;

invoking a third subcommand, such as [ root@serverb- ] # firewall-cmd-reload, and restarting the firewall parameters of the server;

Finally, the KEEPALIVED associated ports are released to verify the firewall configuration status.

It should be noted that, the execution sequence of the first subcommand and the second subcommand is not specifically limited, and the first subcommand may be executed first and then the second subcommand may be executed; the second subcommand may be executed first and then the first subcommand may be executed. The above description of the execution sequence of the first sub-command and the second sub-command is merely an example of the present application.

(4) And calling a fourth command to modify the Linux bottom layer parameters of the server.

Optionally, the Linux underlying parameters include at least one of: loopback interface, the arp_ignore parameter, the arp_announce parameter, the arp_filter parameter, and therefore, the step of modifying the Linux underlying parameter includes:

calling a fourth subcommand to configure a virtual IP address for a Loopback interface of the server;

invoking a fifth subcommand to set the Arp_ignore parameter of the server to 1;

Invoking a sixth subcommand to set the Arp_Annunce parameter of the server to 1;

the seventh subcommand is invoked to set the Arp_Filter parameter of the server to 0.

Generally, the service module of keepalive defaults to DR (Direct Route) mode, and the DR mode may forward the data packet from the MAC address of the original server to REAL SERVER (i.e., the server hosting the service) by modifying the destination MAC address of the data packet. Thus, in this mode, virtual IP (VIP) addresses are configured on the Loopback interface of REAL SERVER by an ifconfig command or an IP command, and the arp_ignore, the arp_announce, the arp_filter are configured. Wherein the configuration of the Arp_ignore, arp_Annunce, arp_Filter is 0 or 1, and the functions realized by configuring different values are also different, wherein:

Setting Arp_ignore to 1, which means that the Linux system only responds to ARP requests sent to the local IP address, but not to ARP requests sent to other IP addresses, thereby preventing ARP spoofing attack; setting Arp_ignore to 0 indicates that the Linux system will accept all received ARP requests, i.e., the system will respond regardless of the network interface from which the request originated. Wherein the fifth subcommand configuring the arp_ignore may include, but is not limited to: sysctl command (Arp_ignore parameter can be set temporarily using sysctl command), modify profile (modify profile to set Arp_ignore parameter permanently), use echo command (Arp_ignore parameter can be set temporarily using echo command), etc.

Setting Arp_Annunce to 1, which means that the host will inform other hosts of its own IP address and MAC address; setting Arp_Annunce to 0 indicates that the host will not actively send its own IP address and MAC address to other hosts. The sixth subcommand of the configuration of the Arp_Annunce may include, but is not limited to: the command sysctl-wnet. Ipv4.Conf. All. Arm_annunce is used to set the Arp_annunce, the command echo >/proc/sys/net/ip 4/conf/all/arp_annunce is used to set the Arp_annunce, the command Arp-s pub is used to temporarily set the Arp_annunce, the edit/etc/sysctl. Conf file is edited (i.e., net. Ipv4.Conf. All. Arp_annunce is added at the end of the file, then command sysctl-p/etc/sysctl. Conf is executed to permanently set the Arp_annunce), etc.

Setting the Arp_Filter to 1, which means that an ARP filter is started, the filter can verify whether the IP address and the MAC address in the received ARP request and response packet are matched, and ARP spoofing attack is prevented; setting the arp_filter to 0 indicates that the Arp filter is disabled and no verification is performed, possibly resulting in an increased risk of Arp spoofing attacks. The seventh subcommand of configuring the arp_filter may include, but is not limited to: sysctl command (Arp_Filter parameter may be set temporarily using sysctl command), modify configuration file (modify/proc/sys/net/ipv 4/conf/all/arp_Filter file to set the Arp_Filter parameter permanently), use echo command (Arp_Filter parameter is set temporarily using echo command), etc.

For example, in the embodiment of the present application, the configuration of the arp_ignore may be implemented by a command:

net.ipv4.conf.all.arp_ignore＝1；

configuration of the Arp_Annunce is achieved by the following commands:

net.ipv4.conf.all.arp_announce＝1；

Configuration of the Arp_Filter is achieved by the following commands:

net.ipv4.conf.ens33.arp_filter＝1；

net.ipv4.conf.all.arp_filter＝0.

It should be noted that, in the embodiment of the present application, the modification sequence of each kernel parameter is not specifically limited, and may be modified according to the sequence of KEEPALIVED main configuration file, SELinux parameter, firewall parameter, linux bottom layer parameter, or may be modified according to the sequence of KEEPALIVED main configuration file, SELinux parameter, linux bottom layer parameter, and firewall parameter, where the modification sequence listed in the embodiment of the present application is only illustrated as an example.

Further, the system layer determines at least one second server sharing the same virtual MAC address with the first server through the address resolution protocol table configured by the above scheme, and may forward the access request to the second server. In order to ensure the response speed of the system in the embodiment of the present application, a second target server with a response speed higher than a preset threshold may be determined from at least one second server according to server state parameters, where the server state parameters include, but are not limited to: load parameters, network parameters, memory parameters, storage parameters and the like, and further, the access request is determined to be forwarded to the second target server with higher response rate, so that server resources can be utilized more effectively, meanwhile, the access request is forwarded to the second target server with higher processing, the stability and reliability of the system can be further improved, and user experience is improved.

Based on the schemes defined in the above steps S202 to S204, it can be known that, in an embodiment, each high availability server generates a virtual instance interface through software, and the virtual instance interfaces of each server share the same virtual MAC address to form a master-slave relationship. That is, the plurality of servers in the system layer share the same virtual MAC address, and the servers having the same virtual MAC address are in a master-slave relationship. Therefore, when the IP address is switched, the access request can be directly forwarded to other servers with the same virtual MAC address as the server with the original IP address, so that millisecond switching is realized, the purpose of seamless connection service is achieved, and the technical problem that the high availability of the IP address is reduced due to the fact that the switching of the IP address is carried out by shortening ARP aging update time in the related technology is solved.

Example 2

Based on embodiment 1 of the present application, there is also provided an embodiment of an IP address fast switching apparatus, which executes the above-mentioned IP address fast switching method of the above-mentioned embodiment when running. Fig. 3 is a schematic structural diagram of an optional IP address fast switching device according to an embodiment of the present application, where, as shown in fig. 3, the IP address fast switching device includes at least a receiving module 31 and a switching module 33, where:

and the receiving module 31 is configured to receive an access request of the target terminal to the IP address, which is forwarded by the upper device, and determine a first server corresponding to the IP address.

And the switching module 33 is configured to invoke a preset address resolution protocol table to determine at least one second server sharing the same virtual MAC address with the first server, and forward the access request to any one of the at least one second target servers when the first server is abnormal, where a mapping relationship between IP addresses of multiple servers that are in a master-slave relationship with each other and the same virtual MAC address is recorded in the address resolution protocol table.

the first step: calling a preset configuration command to set MAC addresses corresponding to the IP addresses of a plurality of servers to be the same virtual MAC address;

And a second step of: and summarizing the mapping relation between the IP addresses and the virtual MAC addresses of the servers to obtain an address resolution protocol.

Alternatively, the first step may be implemented as follows: and calling a configuration command to modify kernel parameters of the plurality of servers so as to set MAC addresses corresponding to the IP addresses of the plurality of servers to the same virtual MAC address, wherein the kernel parameters comprise at least one of the following: KEEPALIVED main configuration file, SELinux parameters, firewall parameters and Linux bottom layer parameters.

(3) And calling a third command to modify firewall parameters of the server.

invoking a fifth subcommand to set the Arp_ignore parameter of the server to 1;

Generally, the service module of keepalive defaults to DR (Direct Route) mode, and the DR mode may forward the data packet from the MAC address of the original server to REAL SERVER (i.e., the server hosting the service) by modifying the destination MAC address of the data packet. Thus, in this mode, virtual IP (VIP) addresses are configured on the Loopback interface of REAL SERVER by an ifconfig command or an IP command, and the arp_ignore, the arp_announce, the arp_filter are configured.

Further, in the switching module 33, at least one second server sharing the same virtual MAC address with the first server is determined through the address resolution protocol table configured by the above scheme, and the access request may be forwarded to any one second server, where in order to ensure the response speed of the system, in the embodiment of the present application, a server state parameter may determine, from at least one second server, a second target server with a response speed higher than a preset threshold, where the server state parameter includes but is not limited to: the load parameter, the network parameter, the memory parameter, the storage parameter and the like determine to forward the access request to the second target server with higher response rate, so that server resources can be more effectively utilized, and meanwhile, the access request is forwarded to the second target server with higher processing rate, so that the stability and reliability of the system can be further improved, and the user experience is improved.

Note that each module in the above-described IP address fast switching device may be a program module (for example, a set of program instructions for implementing a specific function), or may be a hardware module, and for the latter, it may be represented by the following form, but is not limited thereto: the expression forms of the modules are all a processor, or the functions of the modules are realized by one processor.

Example 3

According to an embodiment of the present application, there is also provided a computer program product comprising a stored computer program, wherein the computer program, when executed by a processor, implements the fast switching method of IP addresses in embodiment 1.

Optionally, the computer program execution implements the steps of:

Step S202, receiving an access request of a target terminal to an IP address forwarded by upper equipment, and determining a first server corresponding to the IP address;

Step S204, when the first server is abnormal, a preset address resolution protocol table is called to determine at least one second server sharing the same virtual MAC address with the first server, and an access request is forwarded to any one of the at least one second target servers, wherein the mapping relation between the IP addresses of the servers which are in a main-standby relation with each other and the same virtual MAC address is recorded in the address resolution protocol table.

According to an embodiment of the present application, there is also provided a processor for running a program, wherein the program executes the method for rapidly switching IP addresses in embodiment 1.

Optionally, the program execution realizes the following steps:

According to an embodiment of the present application, there is also provided an electronic device, where the electronic device includes one or more processors; and a memory for storing one or more programs, which when executed by the one or more processors, cause the one or more processors to implement a method for running the programs, wherein the programs are configured to perform the method for fast switching of IP addresses in embodiment 1 described above when run.

Optionally, the processor is configured to implement the following steps by computer program execution:

The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.

In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of units may be a logic function division, and there may be another division manner in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be essentially or a part contributing to the related art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.

Claims

1. A method for fast switching of IP addresses, comprising:

Receiving an access request of a target terminal to an IP address forwarded by upper equipment, and determining a first server corresponding to the IP address;

And under the condition that the first server is abnormal, calling a preset address resolution protocol table to determine at least one second server sharing the same virtual MAC address with the first server, and forwarding the access request to any one second target server in the at least one second server, wherein the mapping relation between the IP addresses of a plurality of servers which are in a master-slave relation with each other and the same virtual MAC address is recorded in the address resolution protocol table.

2. The method of claim 1, wherein the address resolution protocol table configuration process comprises:

Calling a preset configuration command to set MAC addresses corresponding to IP addresses of a plurality of servers to be the same virtual MAC address, wherein the plurality of servers with the same virtual MAC address are in a master-slave relationship;

and summarizing the mapping relation between the IP addresses and the virtual MAC addresses of the servers to obtain the address resolution protocol.

3. The method of claim 1, wherein invoking the preset configuration command to set MAC addresses corresponding to the IP addresses of the plurality of servers to the same virtual MAC address comprises:

And calling the configuration command to modify kernel parameters of the plurality of servers so as to set MAC addresses corresponding to the IP addresses of the plurality of servers to the same virtual MAC address, wherein the kernel parameters comprise at least one of the following: KEEPALIVED main configuration file, SELinux parameters, firewall parameters and Linux bottom layer parameters.

4. The method of claim 3, wherein invoking a preset configuration command to modify kernel parameters of a plurality of servers to set MAC addresses corresponding to IP addresses of the plurality of servers to a same virtual MAC address comprises:

For each of the servers, invoking a first command to set a use_ vmac parameter within a KEEPALIVED master profile of the server to the virtual MAC address;

And calling a second command to modify a SELinux parameter of the server, wherein the SELinux parameter comprises at least one of the following: policy and rights;

invoking a third command to modify firewall parameters of the server;

and calling a fourth command to modify the Linux bottom layer parameters of the server.

5. The method of claim 4, wherein the third command comprises: the method comprises the steps of a first subcommand, a second subcommand and a third subcommand, wherein the step of calling the third subcommand to modify firewall parameters of the server comprises the following steps:

invoking the first subcommand to add the high-availability service into the firewall parameters of the server, and setting the access flow corresponding to the high-availability service as a permanent release;

Calling the second subcommand to add the VRRP protocol into the firewall parameters of the server, and setting the access flow corresponding to the VRRP protocol as permanent release;

and calling the third sub command to restart the firewall parameters of the server.

6. The method of claim 4, wherein the fourth command comprises: a fourth subcommand, a fifth subcommand, a sixth subcommand, and a seventh subcommand, the Linux under-layer parameters comprising at least one of: loopback an interface, an arp_ignore parameter, an arp_announce parameter, and an arp_filter parameter, wherein invoking a fourth command to modify the Linux bottom layer parameter of the server includes:

invoking the fourth subcommand to configure a virtual IP address for a Loopback interface of the server;

Invoking the fifth subcommand to set the Arp_ignore parameter of the server to 1;

invoking the sixth subcommand to set the Arp_Annunce parameter of the server to 1;

And calling the seventh subcommand to set the Arp_Filter parameter of the server to 0.

7. The method of claim 1, wherein forwarding the access request to any one of the at least one second server comprises:

Determining the second target server with the response rate higher than a preset threshold value from the at least one second server according to server state parameters, and forwarding the access request to the second target server, wherein the server state parameters comprise at least one of the following: load parameters, network parameters, memory parameters, storage parameters.

8. A fast switching device for IP addresses, comprising:

the receiving module is used for receiving an access request of the target terminal to the IP address forwarded by the upper-layer equipment and determining a first server corresponding to the IP address;

And the switching module is used for calling a preset address resolution protocol table to determine at least one second server sharing the same virtual MAC address with the first server under the condition that the first server is abnormal, and forwarding the access request to any one second target server in the at least one second server, wherein the mapping relation between the IP addresses of a plurality of servers which are in a main-standby relation with each other and the same virtual MAC address is recorded in the address resolution protocol table.

9. A computer program product, comprising: computer program, wherein the computer program, when executed by a processor, implements the method of fast switching of IP addresses of any of claims 1 to 7.

10. An electronic device, comprising: a memory and a processor for running a program stored in the memory, wherein the program runs to perform the fast switching method of IP addresses according to any one of claims 1 to 7.