CN117955907B

CN117955907B - Message processing method, virtual switch, device and storage medium

Info

Publication number: CN117955907B
Application number: CN202410346111.1A
Authority: CN
Inventors: 董建军; 陈翔
Original assignee: Suzhou Metabrain Intelligent Technology Co Ltd
Current assignee: Suzhou Metabrain Intelligent Technology Co Ltd
Filing date: 2024-03-26
Publication date: 2024-06-04
Anticipated expiration: 2044-03-26

Abstract

The application relates to a message processing method, a virtual switch, a device and a storage medium. The application can search whether the flow table information corresponding to the target message exists in the hardware flow table of the network card component if the network card component supports the flow table hardware unloading, and searches whether the flow table information corresponding to the target message exists in the data path flow table of the kernel data path control module when the matching information corresponding to the target message does not exist in the hardware flow table, and searches the configuration characteristic information corresponding to the target message from the data link switch root flow table when the flow table information corresponding to the target message does not exist in the data path flow table, so as to generate a target forwarding rule table and send the target forwarding rule table to the network card component to execute the operation of forwarding the target message.

Description

Message processing method, virtual switch, device and storage medium

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method for processing a message, a virtual switch, a device, and a storage medium.

Background

OVS (Open VSwitch) is a virtual switch for use in constructing a virtual network. Virtual switching is the implementation of switching functions by software, also called software switches. Compared with the traditional physical switch, the virtual switch has low cost and flexible configuration, and hundreds of virtual switches can be configured on one physical device.

The virtual switch comprises a hardware cache, a kernel space and a user space, wherein a network card component is arranged in the hardware cache, the network card component comprises an intelligent network card (Smart NIC) which does not support unloading of a flow table and DPU card hardware (generally realized through an ASIC or an FPGA) which supports unloading of the flow table, a kernel data path control module is arranged in the kernel space, a database server and a core switch process module are arranged in the user space, and the network card component is connected to the core switch process module through the kernel data path control module. When the network card component is an intelligent network card supporting unloading of the flow table, when the network card component receives a message, inquiring whether flow table information corresponding to the target message exists in a hardware flow table in the network card component, if the flow table information corresponding to the target message does not exist in the network card component, inquiring the flow table information from the kernel data path control module through the network card component, if the flow table information corresponding to the matched message is unloaded to the network card component to forward the current message and the subsequent message, if the flow table information corresponding to the matched message is not matched, inquiring the flow table information from the core switch process module, if the flow table information corresponding to the matched message is fed back, inserting the corresponding forwarding rule into the kernel data path control module, and simultaneously executing the corresponding message according to the corresponding forwarding rule.

Therefore, when the network card component queries the flow table information from the kernel data path control module and the core switch process module, the flow table information in the kernel data path control module and the core switch process module is huge, and the flow table information process corresponding to the query message consumes a long time, so that the flow table query rate is slow.

Disclosure of Invention

Based on the method, the virtual switch, the device and the storage medium, the technical problem that when the network card component inquires flow table information from the kernel data path control module and the core switch process module, the flow table information in the kernel data path control module and the core switch process module is huge, the flow table information inquiring process corresponding to the message is long in time consumption, and the flow table inquiring speed is slow is solved.

In one aspect, a method for processing a message is provided, where the method includes:

responding to whether flow table information corresponding to a target message exists in a hardware flow table of a network card component when the network card component receives the target message;

Responding to the flow table information corresponding to the target message in the hardware flow table, and executing the operation of forwarding the target message according to the flow table information corresponding to the target message;

responding to the fact that no flow table information corresponding to the target message exists in the hardware flow table, and searching whether the flow table information corresponding to the target message exists in a data path flow table of a kernel data path control module;

responding to the flow table information corresponding to the target message in the data path flow table, and executing the operation of forwarding the target message according to the flow table information corresponding to the target message;

In response to the fact that no flow table information corresponding to the target message exists in the data path flow table, the target message is fed back to a core switch process module, and whether configuration feature information corresponding to the target message exists in a data link switch root flow table of the core switch process module or not is searched;

And generating a target forwarding rule table according to the configuration characteristic information corresponding to the target message in response to the configuration characteristic information corresponding to the target message in the root flow table of the data link switch, and issuing the target forwarding rule table to a hardware flow table of the network card component to execute the operation of forwarding the target message.

In one embodiment, the step of searching whether the flow table information corresponding to the target message exists in the data path flow table of the core data path control module in response to the fact that the flow table information corresponding to the target message does not exist in the hardware flow table includes:

In response to the fact that the flow table information corresponding to the target message does not exist in the hardware flow table, the target message is fed back to a kernel data path control module, and the kernel data path control module stores the data path flow table;

and the kernel data path control module searches whether flow table information corresponding to the target message exists in the data path flow table according to the feedback information.

In one embodiment, the feeding the target message back to the kernel data path control module includes:

feeding the target message back to a driving unit from the network card component;

and feeding the target message back to a kernel data path control module from the driving unit.

In one embodiment, the message processing method further includes:

Setting a shared memory area shared with the core switch process module in the network card component, and storing the hardware flow table in the shared memory area;

when the network card component receives a target message, searching the hardware flow table in the shared memory area, and searching whether flow table information corresponding to the target message exists in the hardware flow table;

If the flow table information corresponding to the target message is found in the hardware flow table, updating the forwarding message quantity statistical value and the forwarding byte statistical value of the target message corresponding to the hardware flow table, and taking the forwarding message quantity statistical value and the forwarding byte statistical value corresponding to the hardware flow table.

In one embodiment, the step of setting a shared memory area shared with the core switch process module in the network card component includes:

setting a memory database in the shared memory area, storing the hardware flow table and the message processing statistical table in the memory database, and storing the number statistical value of the forwarding messages and the byte number statistical value of the forwarding messages which are completed by the hardware flow table in the message processing statistical table.

In one embodiment, the step of searching whether the flow table information corresponding to the target message exists in the hardware flow table includes:

Extracting key value information contained in a target message when the network card component receives the target message, wherein the key value information comprises a source address, a destination address, a source port number, a destination port number and a protocol number quintuple;

and calculating a hash value according to the key value information, and inquiring whether flow table information corresponding to the target message exists in the hardware flow table according to the calculated hash value.

In one embodiment, the step of issuing the target forwarding rule table to the hardware flow table of the network card component includes:

storing a global hash index table in the shared memory area, setting a universal unique identification code for a storage address in the shared memory area, and setting the universal unique identification code as a linked list corresponding to the global hash index table;

Acquiring an index table entry corresponding to the hardware flow table from the global hash index table stored in the shared memory area;

carrying out hash value operation on the flow table information of the target forwarding rule table, and taking the obtained hash value as a target index;

determining a target linked list corresponding to the target forwarding rule table in linked lists corresponding to the global hash index table according to the index table entry and the target index;

traversing the target linked list by using the target index to obtain a target index item;

And determining a storage address corresponding to the flow table information of the target forwarding rule table in the shared memory area in a linked list corresponding to the global hash index table based on the target index item.

In one embodiment, the step of determining, in the linked list corresponding to the global hash index table, the target linked list corresponding to the target forwarding rule table according to the index table entry and the target index includes:

Determining a head pointer pointing to a private linked list head in the index table entry, and determining the target index corresponding to the flow table information of the target forwarding rule table;

Determining a target head pointer in the head pointers corresponding to the index table entries according to the target index;

And determining a private linked list corresponding to the private linked list head pointed by the target head pointer in the linked list corresponding to the global hash index table as a target linked list corresponding to the flow table information of the target forwarding rule table.

In one embodiment, the step of traversing the target linked list by using the target index to obtain the target index item includes:

Determining a preset traversal strategy, and updating the traversal strategy based on the target index to obtain a target traversal strategy;

traversing the target linked list containing index items according to the target traversing strategy, wherein the index items contain index keys and offset;

And selecting an index item to which the hit index key belongs according to the traversing result as the target index item.

In one embodiment, the message processing method further includes:

And inserting the target forwarding rule table into the data path flow table.

In one embodiment, the step of inserting the target forwarding rule table into the data path flow table includes:

Storing the data link switch root flow table in a core switch process module, wherein the core switch process module receives no flow table information corresponding to the target message in the data path flow table fed back by the core data path control module, and inquiring whether configuration characteristic information corresponding to the target message exists in the data link switch root flow table;

And responding to the configuration characteristic information corresponding to the target message in the root flow table of the data link switch, generating corresponding table items by the core switch process module, feeding the corresponding table items back to the core data path control module, and inserting the fed-back corresponding table items into the data path flow table.

In one embodiment, the step of inserting the fed-back corresponding entry into the data path flow table includes:

acquiring an index table entry corresponding to the data path flow table from a global hash index table stored in the core switch process module;

Carrying out hash value operation on the flow table information corresponding to the fed-back corresponding table item, and taking the obtained hash value as a target index;

determining a target linked list corresponding to the flow table information corresponding to the fed-back corresponding table item in a linked list corresponding to the global hash index table according to the index table entry and the target index;

And determining the storage address corresponding to the flow table information corresponding to the fed-back corresponding table item in the data path flow table in a linked list corresponding to the global hash index table based on the target index item.

In one embodiment, the message processing method further includes:

inquiring the statistics value of the number of the forwarding messages corresponding to the root flow table of the data link switch and the statistics value of the bytes of the forwarding messages;

Inquiring the statistics value of the number of the forwarding messages corresponding to the hardware flow table and the statistics value of the bytes of the forwarding messages;

comparing whether the statistic value of the number of the forwarding messages and the statistic value of the byte number of the forwarding messages corresponding to the root flow table of the data link switch are the same as the statistic value of the number of the forwarding messages and the statistic value of the byte number of the forwarding messages corresponding to the hardware flow table, and judging whether the root flow table of the data link switch needs to be aged or not.

In one embodiment, when determining whether the data link switch root flow table needs to be aged, the method includes:

traversing the statistic value of the number of the forwarding messages corresponding to each piece of flow table information in the root flow table of the data link switch at a first time period;

traversing information of each flow table in the hardware flow table, and inquiring the quantity of forwarding messages and the byte count statistic value of the forwarding messages corresponding to the hardware flow table in the shared memory area;

and judging whether the statistic value of the number of the forwarding messages corresponding to the root flow table of the data link switch is the same as the statistic value of the number of the forwarding messages corresponding to the hardware flow table or not by the piece of flow table information, if so, judging whether the statistic value of the number of the forwarding messages in the second time period is unchanged, and if so, deleting the statistic value of the number of the forwarding messages in the second time period, namely, deleting the information of the corresponding flow tables in the root flow table and the hardware flow table of the data link switch.

In one embodiment, when determining whether the root flow table of the data link switch needs to be aged, the method further includes:

setting a timer in the core switch process module, and setting a first time length and a second time length in the timer, wherein the second time length is longer than the first time length.

In one embodiment, there is also provided a virtual switch for performing the steps of the message processing method described in any one of the preceding claims.

In one embodiment, the virtual switch includes a hardware cache, a kernel space, a user space and an under-machine space, wherein a network card component is arranged in the hardware cache, a kernel data path control module is arranged in the kernel space, a database server and a core switch process module are arranged in the user space, and an actuator is arranged in the under-machine space; the network card component is connected with the core switch process module through the kernel data path control module, the database server is connected with the core switch process module, and the database server and the core switch process module are both connected with the executor; the network card component is used for storing a hardware flow table, the kernel data path control module is used for storing a data path flow table, the core switch process module is used for storing a data link switch root flow table, and the executor is used for inserting corresponding table items fed back by the kernel data path control module or the core switch process module into the data path flow table or the hardware flow table and feeding back the corresponding table items to the network card component.

In one embodiment, the network card component and the core switch process module are provided with a shared memory area, a memory database is set in the shared memory area, the hardware flow table and the message processing statistical table are stored in the memory database, the message processing statistical table stores the number statistical value of forwarding messages and the number statistical value of bytes of forwarding messages completed by the hardware flow table, a universal unique identification code is set in the shared memory area, and each universal unique identification code corresponds to each flow table of the hardware flow table and the data link switch root flow table.

In another aspect, a message processing apparatus is provided, where the apparatus includes:

The first flow table inquiring module is used for responding to the condition that when the network card component receives the target message, whether flow table information corresponding to the target message exists in a hardware flow table of the network card component or not is searched;

The second flow table query module is used for searching whether flow table information corresponding to the target message exists in a data path flow table of the kernel data path control module or not in response to the fact that the flow table information corresponding to the target message does not exist in the hardware flow table;

The third flow table query module is used for feeding back the target message to the core switch process module in response to the fact that no flow table information corresponding to the target message exists in the data path flow table, and searching whether configuration characteristic information corresponding to the target message exists in a data link switch root flow table of the core switch process module;

The message processing execution implementation module is used for responding to the flow table information corresponding to the target message in the hardware flow table, and executing the operation of forwarding the target message according to the flow table information corresponding to the target message; responding to the flow table information corresponding to the target message in the data path flow table, and executing the operation of forwarding the target message according to the flow table information corresponding to the target message; and generating a target forwarding rule table according to the configuration characteristic information corresponding to the target message in response to the configuration characteristic information corresponding to the target message in the root flow table of the data link switch, and issuing the target forwarding rule table to a hardware flow table of the network card component to execute the operation of forwarding the target message.

In yet another aspect, a computer readable storage medium is provided, having stored thereon a computer program which when executed by a processor performs the steps of:

According to the message processing method, the virtual switch, the device and the storage medium, if the network card component supports the flow table hardware unloading, whether the flow table information corresponding to the target message exists or not is firstly searched in the hardware flow table of the network card component, when the matching information corresponding to the target message does not exist in the hardware flow table, whether the flow table information corresponding to the target message exists or not is searched in the data path flow table of the kernel data path control module, when the flow table information corresponding to the target message does not exist in the data path flow table, the configuration characteristic information corresponding to the target message is searched in the data path switch root flow table, a target forwarding rule table is generated, and the forwarding operation of the target message is executed in the network card component.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a message handling roadmap when a prior art network card component is an intelligent network card that does not support a offload flow table;

FIG. 2 is a flow chart of a message processing method according to an embodiment of the application;

FIG. 3 is a logic diagram of a message processing method according to an embodiment of the present application;

FIG. 4 is a control route diagram for implementing a message processing method according to an embodiment of the present application;

FIG. 5 is a flowchart of a step of searching for presence or absence of flow table information corresponding to the target message in a data path flow table of a core data path control module in response to absence of flow table information corresponding to the target message in the hardware flow table in an embodiment of the present application;

FIG. 6 is a block diagram illustrating a message processing apparatus according to an embodiment of the present application;

fig. 7 is an internal structural view of a computer device according to an embodiment of the present application.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

As shown in fig. 1, the network card component is an intelligent network card supporting a offload flow table, such as DPU card hardware (ASIC or FPGA). The virtual switch comprises a hardware cache, a kernel space, a user space and an off-machine space, wherein a network card component is arranged in the hardware cache, the network card component comprises an intelligent network card (Smart NIC) which does not support unloading of a flow table and DPU card hardware (generally realized through an ASIC or an FPGA) which supports unloading of the flow table, a kernel data path control module is arranged in the kernel space, the user space comprises a database server and a core switch process module which are connected with each other, and the network card component is connected to the core switch process module through the kernel data path control module. An executor is arranged in the space under the machine and is connected with the database server and the core switch process module.

When the network card component is an intelligent network card supporting unloading flow tables, after the network card component receives a message, inquiring whether flow table information corresponding to the target message exists in a hardware flow table (also called a hardware flow table) in the network card component, if the flow table information corresponding to the target message does not exist in the network card component, inquiring the flow table information from the kernel data path control module through the network card component, unloading the corresponding information to the network card component to forward the current message and the subsequent message if the flow table information corresponding to the message is matched, inquiring the flow table information from the core switch process module if the flow table information corresponding to the message is not matched, and feeding back corresponding forwarding rules to be inserted into the kernel data path control module and executing the corresponding message through an executor according to the corresponding forwarding rules.

In connection with fig. 1, the main steps of the hardware offloading of the dpu flow table are as follows: the DPU receives the message, searches the flow table information corresponding to the message in the hardware flow table, and if the flow table information is not found, the message is sent to a Central Processing Unit (CPU) to a kernel data path control module to drive the kernel to check the message for relevant processing; searching flow table information corresponding to the message in a flow table in the kernel data path control module, and if the flow table information is not found, uploading the message to a user-state core switch process module (ovs-vswitchd);

The core switch process module inquires a root flow table of the data link switch, on one hand, executes flow table implementation to forward a message, and on the other hand, issues the flow table generated by inquiry to the kernel data path control module, and simultaneously unloads the flow table to DPU hardware; the kernel data path control module calls a driving interface to unload the flow table to DPU hardware.

In the application scenario of a large-scale data center, a large number of data streams may be concurrent, massive data are sent to a Central Processing Unit (CPU) for processing, and at this time, OVS is required to search and generate a stream table as soon as possible, and the stream table is unloaded to hardware as soon as possible. OVS is an abbreviation for Open vSwitch, which is a software-based virtualized ethernet switch. From the above description, it can be seen that the offloading of the flow table to the hardware needs to go through a relatively long pipeline path, and during this period, context switching such as user mode, kernel mode, etc., is relatively inefficient, and cannot meet the requirements.

When the method is implemented, the DPU card hardware counts the messages matching the forwarding rule (the flow table item), but does not judge whether the flow table item is aged or not in the hardware. To save resources, a certain flow entry needs to be aged out if it is not hit by a message within a certain time. Whether a flow entry ages is determined by the core switch process module of the OVS, which means that the core switch process module must periodically (500 ms by default) read the hit statistics count of the flow entry into the DPU card to determine whether the flow entry needs to age. The ageing time of the default flow table item of the OVS is 10 seconds, in order to ensure that the flow table item is not aged, the OVS needs to traverse all flow table items (default 20 times/10 seconds) in the system for a plurality of times within 10 seconds, and corresponding count values of the flow table items are read from each flow table item to the DPU card. In large data centers, the number of stream entries issued may be as many as millions, meaning that millions of stream entries must be traversed over a 500 millisecond period. The traversal is performed repeatedly, and huge burden is brought to an upper host Central Processing Unit (CPU) and a lower DPU card. OVSs frequently access DPU cards and require the DPU card hardware to give feedback in time, which can severely impact the performance of the DPU card.

The unloading of the flow table, the query of the flow table also needs to pass through a relatively long pipeline path, and the context switching of a user state, a kernel state and the like is also carried out during the process, so that the efficiency is also relatively low, and the performance requirement cannot be met.

Specifically, when the network card component is an intelligent network card supporting the unloading flow table, the process module of the core switch is required to inquire the matching information corresponding to the message and unload the forwarding rule into the network card component, the forwarding rule fed back by the process module of the core switch is used for directly forwarding the first message through the channel path set by the network card component, and the subsequent rest messages are forwarded by selecting the channel path based on the forwarding rule unloaded in the network card component. When the target message is searched for matching, firstly searching an (exact MATCH CACHE, EMC) table item of an accurate matching cache flow table in the network card component, directly executing a sending message if the matching is hit, feeding the target message back to a kernel data path control module through a driving unit if the matching is not found, and carrying out matching inquiry on the target message in a data path flow table (DATAPATH CLASSIFER, dpcls); if the searching data path flow table hits, inserting rules into the accurate matching cache flow table, executing the sending message, and if the searching data path flow table does not match, feeding back a target message to a core switch process module to search a data link switch root flow table (ofproto classifier, openflow); if the root flow table of the data link switch is found to be hit, the rule is inserted into the data path flow table and the precisely matched cache flow table, and the sending message is executed, meanwhile, the rule is unloaded to the network card component, and if the rule is not matched, the packet is lost or sent to the executor.

In the application scenario of a large data center, a large number of data streams may be concurrent, massive data is sent to a Central Processing Unit (CPU) for processing, and the number of generated stream entries may be as large as millions. It can be seen from the above description that, for the first packet, 3 flow tables such as the exact match buffer flow table, the data path flow table, the data link switch root flow table and the like need to be queried, if there are entries matching with the target packet in the data link switch root flow table, the matched entries need to be inserted into the data path flow table, and then the matched entries need to be inserted into the exact match buffer flow table through the driving unit, that is, a relatively long transmission path needs to be passed, the efficiency is relatively low, and the requirement cannot be met. In OVS implementations, the exact match cache flow table accommodates up to 8K entries, while the data path flow table may accommodate millions of flow tables, which is very costly to query by a Central Processing Unit (CPU).

In the application scenario of a large data center, strict requirements are also put on the rate of unloading hardware from a flow table, and in general, the unloading rate is required to exceed 10K/sec. In some extreme scenarios, streaming table offloading rates up to 100K/sec are even required. The lower the message lookup flow table rate, the higher the Central Processing Unit (CPU) occupancy, and the lower the flow table offload hardware rate.

In one embodiment, as shown in fig. 2, 3 and 4, a message processing method is provided, which includes the following steps:

Step S1, in response to receiving a target message at a network card component, searching whether flow table information corresponding to the target message exists in a hardware flow table of the network card component;

Step S2, responding to the flow table information corresponding to the target message in the hardware flow table, and executing the operation of forwarding the target message according to the flow table information corresponding to the target message;

Step S3, if no flow table information corresponding to the target message exists in the hardware flow table, searching whether the flow table information corresponding to the target message exists in a data path flow table of the kernel data path control module;

step S4, responding to the flow table information corresponding to the target message in the data path flow table, and executing the operation of forwarding the target message according to the flow table information corresponding to the target message;

Step S5, in response to the fact that the flow table information corresponding to the target message does not exist in the data path flow table, the target message is fed back to a core switch process module, and whether configuration feature information corresponding to the target message exists in a data link switch root flow table of the core switch process module is searched;

And step S6, in response to the configuration characteristic information corresponding to the target message in the root flow table of the data link switch, generating a target forwarding rule table according to the configuration characteristic information corresponding to the target message, and issuing the target forwarding rule table to a hardware flow table of the network card component to execute the operation of forwarding the target message.

If the network card component supports the unloading of the flow table hardware, firstly, searching whether the flow table information corresponding to the target message exists in the hardware flow table of the network card component, when the matching information corresponding to the target message does not exist in the hardware flow table, searching whether the flow table information corresponding to the target message exists in the data path flow table of the kernel data path control module, and when the flow table information corresponding to the target message does not exist in the data path flow table, generating a target forwarding rule table by inquiring configuration characteristic information corresponding to the target message from the data link switch root flow table, and sending the configuration characteristic information to the network card component to execute the operation of forwarding the target message, bypassing the kernel data path control module to perform the unloading of the flow table, thereby simplifying the quantity of the inquired flow table, shortening the transfer path length, improving the efficiency of processing the target message, saving the time of inquiring the matching information corresponding to the target message, and improving the flow table inquiring rate.

As shown in fig. 5, in this embodiment, in response to no flow table information corresponding to the target packet exists in the hardware flow table, the step of uploading the target packet to a Central Processing Unit (CPU), and feeding back the target packet to a kernel data path control module by a driver unit, and searching whether the flow table information corresponding to the target packet exists in a data path flow table of the kernel data path control module includes:

step S31, responding to the fact that no flow table information corresponding to the target message exists in the hardware flow table, feeding back the flow table information from the network card component to a kernel data path control module through a driving unit, wherein the kernel data path control module stores the data path flow table;

step S32, the kernel data path control module searches whether flow table information corresponding to the target message exists in the data path flow table according to feedback information.

In this embodiment, the feeding back the target packet to the kernel data path control module includes:

In one embodiment, the message processing method further includes:

The application can avoid the time of transmitting data or control signals from the core switch process module to the network card component by setting the shared memory area, and the shared memory area can realize the data sharing of the stored root flow table of the data link switch without transmitting corresponding table items. And setting a universal unique identification code corresponding to each flow table of the root flow table of the data link switch in the shared memory area, wherein the universal unique identification code is obtained through calculation by a hash algorithm.

In one embodiment, the message processing method further includes:

and responding to the flow table information corresponding to the target message in the data path flow table, and executing the operation of forwarding the target message according to the flow table information corresponding to the target message.

In this embodiment, the method for processing a packet further includes:

And inserting the target forwarding rule table into the data path flow table.

In this embodiment, when the flow table information corresponding to the target message exists in the root flow table of the data link switch, the corresponding table entry is fed back to update the data path flow table, so that the subsequent message is convenient to process through the data path flow table.

In this embodiment, the step of inserting the target forwarding rule table into the data path flow table includes:

In this embodiment, the step of inserting the fed-back corresponding entry into the data path flow table includes:

The storage mode of the data path flow table adopts the same storage mode as the hardware flow table, so that unified management is facilitated.

As shown in fig. 2, when implemented, the DPU card hardware counts the messages that match the forwarding rules (flow entries), but does not make a determination in the hardware as to whether the flow entries are aged. To save resources, a certain flow entry needs to be aged out if it is not hit by a message within a certain time. Whether a flow entry ages is determined by the core switch process module of the OVS, which means that the core switch process module must periodically (500 ms by default) read the hit statistics count of the flow entry into the DPU card to determine whether the flow entry needs to age. The ageing time of the default flow table item of the OVS is 10 seconds, in order to ensure that the flow table item is not aged, the OVS needs to traverse all flow table items (default 20 times/10 seconds) in the system for a plurality of times within 10 seconds, and corresponding count values of the flow table items are read from each flow table item to the DPU card. In large data centers, the number of stream entries issued may be as many as millions, meaning that millions of stream entries must be traversed over a 500 millisecond period. The traversal is performed repeatedly, and huge burden is brought to an upper host Central Processing Unit (CPU) and a lower DPU card. OVSs frequently access DPU cards and require the DPU card hardware to give feedback in time, which can severely impact the performance of the DPU card.

Therefore, in this embodiment, the method for processing a packet further includes:

In this embodiment, when determining whether the root flow table of the data link switch needs to be aged, the method includes:

In this embodiment, when determining whether the root flow table of the data link switch needs to be aged, the method further includes:

Preferably, the timer presets the first duration to be 500ms, and revalidator is called to judge whether the root flow table of the data link switch is aged or not every 500 ms.

Preferably, the preset second duration is 10 seconds, and if the number of forwarding messages corresponding to the flow table exceeds 10 seconds and the statistical value of the byte number for forwarding the target message do not change, the root flow table of the data link switch is indicated to be updated.

Before optimization, when the DPU card line speed is used for traffic, the situation that the flow table item fails to read the message matching count value often occurs. After optimization, the phenomenon of failure in reading the flow table statistics is avoided. After optimization, the flow table hardware offloading performance was improved by 30%. The application can obviously improve the performance of unloading and inquiring the flow meter hardware, thereby reducing the resource consumption of the DPU card, greatly improving the performance and stability of the DPU card and bringing better use experience to users.

In the message processing process, the hardware flow table is connected with the core switch process module based on the shared memory area, so that the flow table unloading through the kernel data path control module can be avoided, the flow table query through the kernel data path control module can be performed, and the performance of the flow table hardware unloading and query is effectively improved.

In the message processing method, if the network card component supports the unloading of the flow table hardware, firstly, searching whether the flow table information corresponding to the target message exists in the hardware flow table of the network card component, when the matching information corresponding to the target message does not exist in the hardware flow table, searching whether the flow table information corresponding to the target message exists in the data path flow table of the kernel data path control module, and when the flow table information corresponding to the target message does not exist in the data path flow table, searching the configuration characteristic information corresponding to the target message from the data link switch root flow table, generating a target forwarding rule table and sending the target forwarding rule table to the network card component to execute the operation of forwarding the target message, thereby simplifying the number of the searched flow tables, shortening the transmission path length, improving the efficiency of processing the target message, saving the time of searching the matching information corresponding to the target message and improving the flow table searching rate.

In conjunction with fig. 1 and fig. 4, in this embodiment, there is further provided a virtual switch, where the virtual switch is configured to perform the steps of the method for processing a packet as described in any one of the foregoing.

In this embodiment, the virtual switch includes a hardware cache, a kernel space, a user space, and an under-machine space, where a network card component is disposed in the hardware cache, a kernel data path control module is disposed in the kernel space, a database server and a core switch process module are disposed in the user space, and an actuator is disposed in the under-machine space; the network card component is connected with the core switch process module through the kernel data path control module, the database server is connected with the core switch process module, and the database server and the core switch process module are both connected with the executor; the network card component is used for storing a hardware flow table, the kernel data path control module is used for storing a data path flow table, the core switch process module is used for storing a data link switch root flow table, and the executor is used for inserting corresponding table items fed back by the kernel data path control module or the core switch process module into the data path flow table or the hardware flow table and feeding back the corresponding table items to the network card component.

In this embodiment, the network card component and the core switch process module are provided with a shared memory area, a memory database is set in the shared memory area, the hardware flow table and the packet processing statistical table are stored in the memory database, and the packet processing statistical table stores the number statistical value of forwarding packets and the number statistical value of bytes of forwarding packets completed by the hardware flow table.

Specifically, universal unique identification codes are set in the shared memory area, and each universal unique identification code corresponds to each flow table of the hardware flow table and the root flow table of the data link switch.

In one embodiment, as shown in fig. 6, there is provided a message processing apparatus 10, including: the system comprises a first flow table query module 1, a second flow table query module 2, a third flow table query module 3 and a message processing execution implementation module 4.

The first flow table inquiry module 1 is configured to, in response to receiving a target message by a network card component, search whether flow table information corresponding to the target message exists in a hardware flow table of the network card component.

The second flow table query module 2 is configured to send the target message to a Central Processing Unit (CPU) and feed back the target message to a core data path control module in response to the fact that no flow table information corresponding to the target message exists in the hardware flow table, and find whether flow table information corresponding to the target message exists in a data path flow table of the core data path control module.

And the third flow table query module 3 is configured to, in response to the fact that no flow table information corresponding to the target message exists in the data path flow table, feed back the target message to the core switch process module, and find whether configuration feature information corresponding to the target message exists in a data link switch root flow table of the core switch process module.

The message processing execution implementation module 4 is configured to respond to the existence of flow table information corresponding to the target message in the hardware flow table, and execute an operation of forwarding the target message according to the flow table information corresponding to the target message; responding to the flow table information corresponding to the target message in the data path flow table, and executing the operation of forwarding the target message according to the flow table information corresponding to the target message; and generating a target forwarding rule table according to the configuration characteristic information corresponding to the target message in response to the configuration characteristic information corresponding to the target message in the root flow table of the data link switch, and issuing the target forwarding rule table to a hardware flow table of the network card component to execute the operation of forwarding the target message.

In this embodiment, the step of searching whether the flow table information corresponding to the target packet exists in the hardware flow table of the network card component when the network card component receives the target packet includes:

Extracting key value information contained in a target message when the network card component receives the target message, wherein the key value information comprises a source address, a destination address, a source port number, a destination port number and a protocol number five-tuple;

In this embodiment, the step of sending the target message to a Central Processing Unit (CPU) and feeding the target message back to a core data path control module by a driving unit in response to the fact that no flow table information corresponding to the target message exists in the hardware flow table, and searching whether the flow table information corresponding to the target message exists in the data path flow table of the core data path control module includes:

Responding to the fact that no flow table information corresponding to the target message exists in the hardware flow table, feeding back the flow table information from the network card component to a kernel data path control module through a driving unit, and storing the data path flow table in the kernel data path control module;

In this embodiment, a shared memory area shared by the network card component and the core switch process module is set, and the hardware flow table is stored in the shared memory area; when the network card component receives a target message, searching the hardware flow table in the shared memory area, and searching whether flow table information corresponding to the target message exists in the hardware flow table; if the flow table information corresponding to the target message is found in the hardware flow table, updating the forwarding message quantity statistical value and the forwarding byte statistical value of the target message corresponding to the hardware flow table, and taking the forwarding message quantity statistical value and the forwarding byte statistical value corresponding to the hardware flow table.

As shown in fig. 6, in this embodiment, the message processing apparatus 10 further includes a feedback update module 5. The feedback updating module 5 is configured to search the flow table information corresponding to the target message in the hardware flow table, and update the statistics of the number of forwarding messages and the statistics of the number of bytes of forwarding the target message corresponding to the hardware flow table.

In one embodiment, the message processing method further includes:

As shown in fig. 6, in this embodiment, the feedback updating module 5 is configured to insert the target forwarding rule table into the data path flow table.

As shown in fig. 6, in this embodiment, the message processing apparatus 10 further includes a memory management module 6. The memory management module 6 is configured to set the network card component and the core switch process module to be provided with a shared memory area, set a memory database in the shared memory area, and store the hardware flow table and the packet processing statistical table in the memory database.

As shown in fig. 6, in this embodiment, the packet processing device 10 further includes a flow table aging management module 7. The flow table aging management module 7 is configured to query a statistics value of a number of forwarding messages corresponding to the root flow table of the data link switch, and a statistics value of a number of bytes of the forwarding messages;

In this embodiment, the flow table aging management module 7 is configured to, when determining whether the root flow table of the data link switch needs aging, include:

setting a timer in the core switch process module, and setting a first time length and a second time length in the timer, wherein the second time length is longer than the first time length;

In this embodiment, the message processing execution implementation module 4 is configured to: and in response to the existence of the flow table information corresponding to the target message in the root flow table of the data link switch, generating corresponding table entries and feeding the corresponding table entries back to an executor, wherein the executor inserts the corresponding table entries corresponding to the target message into a hardware flow table of the network card component, and the network card component executes the operation of forwarding the target message according to the hardware flow table.

In the above-mentioned message processing device, if the network card component supports the unloading of the flow table hardware, it first searches for whether there is the flow table information corresponding to the target message in the hardware flow table of the network card component, when there is no matching information corresponding to the target message in the hardware flow table, it then searches for whether there is the flow table information corresponding to the target message in the data path flow table of the kernel data path control module, when there is no flow table information corresponding to the target message in the data path flow table, it searches for the configuration feature information corresponding to the target message from the data link switch root flow table, generates the target forwarding rule table and sends it to the network card component to execute the operation of forwarding the target message, simplifying the number of the queried flow tables, shortening the transfer path length, improving the efficiency of processing the target message, saving the time of querying the matching information corresponding to the target message, and improving the flow table querying rate.

For specific limitations of the message processing apparatus, reference may be made to the above limitations of the message processing method, and no further description is given here. The modules in the message processing apparatus may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used to store the flow table hardware offload data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a message processing method.

It will be appreciated by those skilled in the art that the structure shown in FIG. 7 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In one embodiment, a computer device is provided comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of when executing the computer program:

In response to the fact that no flow table information corresponding to the target message exists in the hardware flow table, the target message is uploaded to a Central Processing Unit (CPU) and fed back to a kernel data path control module through a driving unit, and whether the flow table information corresponding to the target message exists in a data path flow table of the kernel data path control module is searched;

Specific limitations regarding implementation steps of the processor when executing the computer program may be found in the above limitations of the method for stream table hardware offloading, and will not be described in detail herein.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:

Specific limitations regarding implementation steps of the computer program when executed by the processor may be found in the limitations of the method of stream table hardware offloading above, and will not be described in detail herein.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims

1. A method for processing a message, comprising:

2. The method according to claim 1, wherein the step of searching for whether the flow table information corresponding to the target message exists in the data path flow table of the core data path control module in response to the flow table information corresponding to the target message not existing in the hardware flow table includes:

3. The method according to claim 2, wherein feeding back the target message to a core data path control module comprises:

4. The message processing method according to claim 1, wherein the message processing method further comprises:

5. The method according to claim 4, wherein the step of setting a shared memory area shared with the core switch process module in the network card unit includes:

6. The method for processing a message according to claim 4, wherein the step of searching the hardware flow table for the presence of flow table information corresponding to the target message includes:

7. The method according to claim 4, wherein the step of issuing the target forwarding rule table to the hardware flow table of the network card unit includes:

8. The method according to claim 7, wherein the step of determining the target linked list corresponding to the target forwarding rule table from the linked list corresponding to the global hash index table according to the index table entry and the target index includes:

9. The method for processing a message according to claim 7, wherein the step of traversing the target linked list using the target index to obtain the target index item comprises:

10. The message processing method according to claim 4, further comprising:

And inserting the target forwarding rule table into the data path flow table.

11. The method according to claim 10, wherein the step of inserting the target forwarding rule table into the data path flow table comprises:

12. The method for processing a message according to claim 11, wherein the step of inserting the fed-back corresponding entry into the data path flow table comprises:

13. The message processing method according to claim 4, further comprising:

14. The method for processing a packet according to claim 13, wherein when determining whether the root flow table of the data link switch needs to be aged, the method comprises:

15. The method for processing a message according to claim 14, further comprising, when determining whether the data link switch root flow table needs to be aged:

16. A virtual switch, characterized in that the virtual switch is adapted to perform the steps of the message processing method of any of claims 1 to 15.

17. The virtual switch of claim 16, wherein the virtual switch comprises a hardware cache, a kernel space, a user space and an under-machine space, wherein a network card component is arranged in the hardware cache, a kernel data path control module is arranged in the kernel space, a database server and a core switch process module are arranged in the user space, and an actuator is arranged in the under-machine space; the network card component is connected with the core switch process module through the kernel data path control module, the database server is connected with the core switch process module, and the database server and the core switch process module are both connected with the executor; the network card component is used for storing a hardware flow table, the kernel data path control module is used for storing a data path flow table, the core switch process module is used for storing a data link switch root flow table, and the executor is used for inserting corresponding table items fed back by the kernel data path control module or the core switch process module into the data path flow table or the hardware flow table and feeding back the corresponding table items to the network card component.

18. The virtual switch of claim 17, wherein the network card component and the core switch process module are provided with a shared memory area, a memory database is provided in the shared memory area, the hardware flow table and a message processing statistical table are stored in the memory database, the message processing statistical table stores a forwarding message number statistical value and a forwarding message byte number statistical value corresponding to the completion of the hardware flow table, and a universal unique identification code is provided in the shared memory area, each universal unique identification code corresponds to each flow table of the hardware flow table and the data link switch root flow table.

19. A message processing apparatus, the apparatus comprising:

20. A computer readable storage medium having stored thereon a computer program, which when executed by a processor performs the steps of the message processing method of any of claims 1 to 15.