CN118276970A

CN118276970A - Flow switching method and device, electronic equipment and storage medium

Info

Publication number: CN118276970A
Application number: CN202410232727.6A
Authority: CN
Inventors: 郑磊
Original assignee: Hangzhou DPTech Technologies Co Ltd
Current assignee: Hangzhou DPTech Technologies Co Ltd
Filing date: 2024-02-29
Publication date: 2024-07-02

Abstract

The specification provides a flow switching method, a flow switching device, an electronic device and a storage medium, which are applied to a flow switching application program for performing flow switching on first equipment and second equipment, wherein the first equipment and the second equipment adopt dual-machine deployment; the method comprises the following steps: after the first device is abnormal, the state of the first interface bound by the first device is updated from an enabling state to a disabling state, and the flow which needs to be accepted by the first device is switched to the second device; checking whether the configuration information related to the received flow of the first equipment is completely loaded; and in response to the complete loading of the configuration information related to the received traffic of the first device, updating the state of the first interface from the disabled state to the enabled state, and switching the traffic needed to be received by the first device back to the first device. According to the technical scheme, packet loss of the flow received again after abnormality of the equipment deployed by the double machines can be avoided, and therefore reliability of flow processing is guaranteed.

Description

Flow switching method and device, electronic equipment and storage medium

Technical Field

One or more embodiments of the present disclosure relate to the field of dual-engine deployment technologies, and in particular, to a method, an apparatus, an electronic device, and a storage medium for traffic switching.

Background

The dual-machine deployment refers to that two mutually independent devices are used for mutual backup in a system or an application program. The dual-machine deployment can be divided into a single-active link and a dual-active link according to the distribution condition of the flow in the two devices.

In some embodiments, when a deployment mode of a single active link is adopted, one device is a main device, and the other device is a standby device, once the main device fails or cannot work normally, the flow of the main device in downtime can be immediately cut to the standby device, the standby device automatically takes over the work of the main device, and after the main device is electrified, the flow is cut back to the main device, so that the reliability and the usability of the system can be ensured.

In other embodiments, the dual-machine deployment adopts a deployment mode of dual active links, namely, the control flows are loaded on two devices respectively, and after a first device fails, the flow which is originally required to be loaded by the first device is switched to a second device; when the first device is restored, the flow is split again between the two devices.

Disclosure of Invention

The application provides a flow switching method which is applied to a flow switching application program, wherein the flow switching application program is used for switching flow of first equipment and second equipment, and the first equipment and the second equipment are deployed by adopting a double machine; the method comprises the following steps:

after the first device is abnormal, the state of a first interface bound by the first device is updated from an enabling state to a disabling state, and the flow which needs to be accepted by the first device is switched to the second device;

checking whether the configuration information related to the received flow of the first equipment is completely loaded;

And in response to the complete loading of the configuration information related to the received traffic of the first equipment, updating the state of the first interface from the disabled state to the enabled state, and switching the traffic needed to be received by the first equipment back to the first equipment.

Optionally, checking whether all the configuration information related to the received traffic of the first device is loaded completely includes:

And in response to completion of recovery of the configuration information of the first interface, checking whether all the configuration information related to the received flow of the first equipment is loaded.

Optionally, the dual-machine deployment is a silent dual-machine, and the dual-machine deployment is configured to switch the traffic required to be received by the first device back to the first device, including:

responsive to the status of the first interface being updated to an enabled status, increasing a priority of the first device;

Comparing the increased priority of the first device with the priority of the second device;

and if the added priority of the first equipment is higher, switching the traffic which needs to be accepted by the first equipment back to the first equipment.

Optionally, the dual-engine deployment is dual-engine hot standby, and the flow needing to be accepted by the first device is switched back to the first device, including:

responsive to the state of the first interface being updated to an enabled state, performing active-standby state negotiation on the first device and the second device;

And if the negotiation determines that the first device is the master device, switching the traffic which needs to be accepted by the first device back to the first device.

Optionally, the dual-engine deployment is configured as a dual active link, and switches the traffic needed to be received by the first device back to the first device, including:

and switching the traffic required to be accepted by the first equipment back to the first equipment in response to the state of the first interface being updated to the enabled state.

Optionally, the first device is provided with a service board card, and the configuration information related to the received flow includes at least one of the following:

slot status information of the service card;

Two layers of forwarding table item configuration information;

Three layers of forwarding table item configuration information;

packet filtering configuration information;

Network address translation configuration information;

virtual private network configuration information;

Whether the rule is issued to the configuration information of the service board.

Optionally, the first device is equipped with a main control board card, and the method further includes:

initializing a main control board card of the first equipment;

And loading configuration information of the first interface and configuration information related to the accepted traffic for the first equipment.

The application also provides a flow switching device which is used for switching the flow of the first equipment and the second equipment, wherein the first equipment and the second equipment are deployed by adopting a double machine; the device comprises:

the first updating unit is used for updating the state of the first interface bound by the first equipment from an enabling state to a disabling state after the first equipment is abnormal, and switching the flow which needs to be accepted by the first equipment to the second equipment;

The verification unit is used for verifying whether the configuration information related to the received flow of the first equipment is completely loaded;

And the second updating unit is used for updating the state of the first interface from the disabled state to the enabled state and switching the traffic required to be accepted by the first equipment back to the first equipment in response to the complete loading of the configuration information related to the accepted traffic of the first equipment.

The application also provides electronic equipment, which comprises a communication interface, a processor, a memory and a bus, wherein the communication interface, the processor and the memory are mutually connected through the bus;

The memory stores machine readable instructions and the processor performs the method by invoking the machine readable instructions.

The present application also provides a machine-readable storage medium storing machine-readable instructions that, when invoked and executed by a processor, implement the above-described methods.

In the mode, under the scene that the first equipment and the second equipment adopt double-machine deployment, after the first equipment is abnormal, the enabling state of the first interface bound by the first equipment is updated to be the disabling state, and the flow to be accepted by the first equipment is cut to the second equipment; and then checking whether the configuration information related to the received traffic of the first equipment is completely loaded, updating the disabled state of the first interface into the enabled state in response to the completion of the complete loading of the configuration information related to the received traffic of the first equipment, and then switching the traffic required to be received by the first equipment back to the first equipment. Accordingly, in the scene of traffic cut-back after the first equipment of the dual-machine deployment is down, no matter whether the configuration information of the first interface is before the configuration information related to the received traffic of the first equipment is loaded, the working state of the first interface is configured into the starting state only when the configuration information related to the received traffic of the first equipment and the configuration information of the first interface are all loaded, namely, the first equipment is allowed to receive the traffic, so that the first equipment can normally process the received traffic, the packet loss of the traffic is avoided, and the reliability of traffic processing is ensured.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a block device architecture schematic diagram of a dual machine deployment shown in an exemplary embodiment;

FIG. 2 is a flow chart illustrating a flow switching method according to an exemplary embodiment;

FIG. 3 is a flow chart illustrating a flow back switching method in a silent dual mode according to an exemplary embodiment;

FIG. 4 is a hardware block diagram of an electronic device in which a flow switching device is located, according to an exemplary embodiment;

fig. 5 is a block diagram of a flow switching device according to an exemplary embodiment.

Detailed Description

In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.

It should be noted that: in other embodiments, the steps of the corresponding method are not necessarily performed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. Furthermore, individual steps described in this specification, in other embodiments, may be described as being split into multiple steps; while various steps described in this specification may be combined into a single step in other embodiments.

With the increasing demands of internet users for network resources, the functions of network devices are gradually diversified and networking is gradually complex, and various network traffic is spread over various industries and is relevant to the public. Because of the importance of network traffic, interruption of network traffic for a few seconds may cause significant security incidents, and in the face of network devices in important locations, such as public network outlets, switching cores, server outlets, etc., single point failure is an important link that must be considered in network deployment. In order to avoid flow interruption caused by equipment downtime, double-machine deployment can be adopted, and the double-machine deployment is the most extensive redundancy mechanism at present and can effectively solve single-point faults. The dual-machine deployment refers to that two mutually independent devices are used for mutual backup in a system or an application program. The dual-machine deployment can be divided into a single-active link and a dual-active link according to the distribution condition of the flow in the two devices.

In some embodiments, when a deployment mode of a single active link is adopted, one device is a main device, and the other device is a standby device, once the main device fails or cannot work normally, the flow of the main device in downtime can be immediately cut to the standby device, the standby device automatically takes over the work of the main device, and after the main device is electrified, the flow is cut back to the main device, so that the reliability and the usability of the system can be ensured. In other embodiments, the dual-machine deployment adopts a deployment mode of dual active links, namely, the control flows are loaded on two devices respectively, and after a first device fails, the flow which is originally required to be loaded by the first device is switched to a second device; when the first device is restored, the flow is split again between the two devices.

In the above embodiment, taking the device as a frame device as an example, the device needs to recover the interface board card of the device, and the device can normally process the received traffic only if the device is really recovered successfully after the service board card of the device is recovered.

However, in the related art, as soon as the configuration information of the device binding interface is loaded, the working state of the interface is updated from the disabled state to the enabled state, allowing the device to receive external traffic. However, at this time, since the interface board card of the device only needs to perform the initialization process for the exchange chip, and the service board card of the device needs to perform the initialization process for the related content of the service processing of the whole device, the loading speed of the interface board card is faster than that of the service board card, that is, the interface board card has been restored to a state capable of receiving traffic, and the service board card has not been restored to a state capable of processing traffic. In this case, if the interface board receives external traffic and forwards the traffic to the service board, the service board may not be ready to carry the traffic, resulting in traffic packet loss.

For example, referring to fig. 1, fig. 1 is a block device architecture diagram of a dual machine deployment, as shown in an exemplary embodiment. As shown in fig. 1, the first device 110 and the second device 120 are deployed in a dual machine; the first device 110 includes: a main control board 111, a service board 112 and an interface board 113. The main control board 111 configures a service processing policy and issues the service processing policy to the CPU of the service board 112, and the interface board 113 includes an external physical port for receiving external traffic. When the first device 110 receives the external flow, the flow is sent to the exchange chip of the interface board 113 through the external physical port of the interface board 113, and then the exchange chip of the interface board 113 sends the flow to the CPU of the service board 112 for service processing through the internal channel. Since the main control board 111 is responsible for frame device management, loading is required to be completed first, and the interface board 113 only needs to initialize for one exchange chip, the loading speed of the interface board 113 is also faster, and since the initialization content of the service board 112 is relatively more, the loading speed of the service board 112 is slower, so when the interface board 113 forwards traffic to the service board 112, the service board 112 may not be ready to bear the traffic, resulting in packet loss.

In view of this, the present disclosure aims to provide a technical solution for ensuring that a received traffic will not be lost after restarting a device under dual-device deployment.

When the method is realized, firstly, after the first equipment is abnormal, the enabling state of a first interface bound by the first equipment is updated to be the disabling state, and the flow which needs to be accepted by the first equipment is cut to the second equipment; further, whether the configuration information related to the received traffic of the first device is completely loaded is checked, and in response to the configuration information related to the received traffic of the first device being completely loaded, the disabled state of the first interface is updated to the enabled state, and then the traffic required to be received by the first device is switched back to the first device.

As shown in fig. 1, the first device 110 and the second device 120 employ a dual deployment. After the first device 110 fails and fails, the state of the first interface bound by the first device 110 is updated from the enabled state to the disabled state, and the traffic that needs to be accepted by the first device 110 is switched to the second device 120. Checking whether the configuration information, such as forwarding list configuration information, of the first device 110 related to the admission flow is completely loaded; in response to the configuration information of the first device 110 related to the accepted traffic being completely loaded, the state of the first interface bound by the first device 110 is updated from the disabled state to the enabled state, and the traffic needing to be accepted by the first device 110 is switched back to the first device 110.

Therefore, in the technical scheme of the specification, under the scene that the first equipment and the second equipment adopt double-machine deployment, after the first equipment is abnormal, the enabling state of the first interface bound by the first equipment is updated to be the disabling state, and the flow to be accepted by the first equipment is cut to the second equipment; and then checking whether the configuration information related to the received traffic of the first equipment is completely loaded, updating the disabled state of the first interface into the enabled state in response to the completion of the complete loading of the configuration information related to the received traffic of the first equipment, and then switching the traffic required to be received by the first equipment back to the first equipment. Accordingly, in the scene of traffic cut-back after the first equipment of the dual-machine deployment is down, no matter whether the configuration information of the first interface is before the configuration information related to the received traffic of the first equipment is loaded, the working state of the first interface is configured into the starting state only when the configuration information related to the received traffic of the first equipment and the configuration information of the first interface are all loaded, namely, the first equipment is allowed to receive the traffic, so that the first equipment can normally process the received traffic, the packet loss of the traffic is avoided, and the reliability of traffic processing is ensured.

The present application is described below with reference to specific embodiments and specific application scenarios.

Referring to fig. 2, fig. 2 is a flow chart illustrating a flow switching method according to an exemplary embodiment. The method may perform the steps of:

step 202: after the first device is abnormal, the state of the first interface bound by the first device is updated from the enabling state to the disabling state, and the flow which needs to be accepted by the first device is switched to the second device.

For example, as shown in fig. 1, the first device 110 and the second device 120 employ a dual deployment. After the first device 110 is damaged and cannot work normally, the state of the first interface bound by the first device 110 is updated from the enabled state to the disabled state, and the traffic to be accepted by the first device 110 is switched to the second device 120.

The first device may have various types of abnormality, such as power supply abnormality, network device hardware abnormality, system hang-up, etc. In order to realize dual-machine deployment, the two devices are usually connected through a network, for example, different types of network protocols such as ethernet, fibre channel and the like can be used to realize data transmission and communication. The first device abnormality detection mode may be configured with an automatic alarm system by monitoring a first device log. The type of the abnormality of the first device, the network connection mode for implementing the dual-machine deployment, and the mode for detecting the abnormality of the first device are not limited in this specification.

The interface to which the frame device is bound is typically referred to as a network interface, also referred to as a network port, to which the device is physically connected. These interfaces are located external to the frame device for communication and data exchange with an external network or other device. The interfaces of the frame device may be of various types, such as an ethernet interface, a fibre channel interface, a wireless interface, etc. The interfaces are carried by the interface cards, and different types of interface cards have different numbers of interfaces (for expanding the number of connections), such as a four-port interface card having four interfaces, each for network transmission. The specific role of the interface may be determined by upper layer planning, such as the interface being configured as a network interface, a storage interface, a video interface, a control interface, etc. In this specification, the interface is used for forwarding network traffic, the working state of the interface generally adopts up to represent the interface enabling state, down to represent the interface disabling state, and other forms may be included, for example, 1 represents the interface enabling state and 0 represents the interface disabling state. The present specification is not limited to the representation of the interface type and interface status of the frame device. In this specification, the receiving and switching of the traffic are controlled by controlling the working state of the interface, for example, when the equipment is down, the interface down cuts off the traffic, and after restarting, if up, the interface up, the upper protocol will control to cut back the traffic.

After detecting that the first device is abnormal, the flow switching application program triggers the switching logic to update the state of the first interface bound by the first device from the enabling state to the disabling state, and triggers the dual-machine deployment system to send a signal to the second device to inform the second device of the need of taking over the flow originally processed by the first device. Upon receipt of the notification by the second device, the second device begins processing traffic that was otherwise processed by the first device, which typically involves reconfiguring routing tables, updating policies, and the like.

Step 204: and checking whether the configuration information related to the receiving flow of the first equipment is completely loaded.

For example, as shown in fig. 1, it is checked whether the configuration information, such as forwarding list configuration information, etc., related to the admitted traffic of the first device 110 is all loaded.

After all the configuration information related to the received traffic is loaded, the frame device is generally considered to have the capacity of receiving the traffic and processing related services. The method for checking whether the configuration information related to the receiving flow is loaded can be that all the configuration information related to the receiving flow is arranged into a configuration information list, and each item of configuration information in the configuration information list is checked by checking a log file, using a command line check and the like to confirm whether each item of configuration information is completely loaded. The present specification is not limited to the manner of checking whether or not the configuration information related to the received traffic is loaded.

Step 206: and in response to the complete loading of the configuration information related to the received traffic of the first equipment, updating the state of the first interface from the disabled state to the enabled state, and switching the traffic needed to be received by the first equipment back to the first equipment.

For example, as shown in fig. 1, in response to the configuration information about the first device 110 and the accepted traffic being completely loaded, the state of the first interface bound by the first device 110 is updated from the disabled state to the enabled state, and the traffic that needs to be accepted by the first device 110 is switched back to the first device 110.

After detecting that the configuration information related to the received traffic is completely loaded by the first device, the traffic switching application program triggers the switching logic to update the state of the first interface bound by the first device from the disabled state to the enabled state so as to prepare for receiving the received and switched traffic. The above-mentioned process can be implemented by means of equipment management interface and command line, etc.. Then, the traffic switching application triggers the dual deployment system to send a signal to the second device informing it of the need to switch back to traffic originally handled by the first device. After receiving the notification, the second device may switch back the traffic originally processed by the first device, where the first device needs to load configuration information related to the switched back traffic, such as updating a routing table, firewall rules, and the like, to ensure that the switched back traffic is correctly processed.

In one embodiment, verifying whether the configuration information related to the received traffic of the first device is completely loaded includes: and in response to completion of recovery of the configuration information of the first interface, checking whether all the configuration information related to the received flow of the first equipment is loaded.

For example, as shown in fig. 1, in response to the restoration of the configuration information of the first interface bound by the first device 110 being completed, it is checked whether all the configuration information related to the accepted traffic of the first device 110 is loaded.

It should be noted that, if the verification that the configuration information related to the device and the connection flow is not completely loaded, the working state of the interface bound by the device needs to be set to the disabled state even if the configuration information of the interface bound by the device is recovered.

After the device is powered on again or network-surfing again, the configuration information related to the receiving flow and the configuration information of the interface are reloaded. Because configuration information associated with the admitted traffic generally requires more computation and processing, the configuration information of the interface is typically loaded faster than the configuration information associated with the admitted traffic. After the configuration information of the interface bound by the device is restored, checking whether the configuration information related to the receiving flow is completely loaded or not is finished, compared with a mode of directly and regularly monitoring whether the configuration information related to the receiving flow is completely loaded or not after the device is down, the method can save device resources and improve device performance. The configuration information of the interface generally includes an interface type (ethernet interface, wi-Fi interface, optical fiber interface, etc.), an IP address and a subnet mask of the interface, a transmission rate of the interface, an operation mode (full duplex, half duplex), etc., and the present specification does not limit the type of the configuration information of the interface.

In one embodiment shown, the dual-machine deployment is a silent dual-machine that switches traffic that needs to be accepted by the first device back to the first device, comprising: responsive to the status of the first interface being updated to an enabled status, increasing a priority of the first device; comparing the increased priority of the first device with the priority of the second device; and if the added priority of the first equipment is higher, switching the traffic which needs to be accepted by the first equipment back to the first equipment.

For example, as shown in fig. 1, the first device 110 and the second device 120 form a silent duplex, and in response to the status of the four interfaces A1/A2/A3/A4 bound by the first device 110 being updated to an enabled status, the original priority 200 of the first device 110 is increased to 240. Then, the increased priority 240 of the first device 110 is compared with the priority 235 of the second device, and because the priority of the first device 110 is higher, the first device 110 acts as a master, the second device 120 acts as a slave, and traffic that needs to be accepted by the first device 110 is switched back to the first device 110.

The silent dual-machine is a working mode of dual-machine deployment single-active link, and in the dual-machine deployment system, only one device works and the other device is in a silent state. Devices in a silent state can prevent a single point of failure and if an operating device fails, traffic can be quickly switched to a device in a silent state. The election of the silent dual machine to the main device and the standby device is usually carried out by comparing the priorities of the two devices, the two devices can regularly interact the priority information of the two devices, the device with high priority is used as the main device to bear traffic, and the device with low priority is used as the standby device to be in a silent state and wait to be awakened. The priority of the second device is preset, and in this scheme, the priority of the second device may be set according to the number of the first device binding interfaces. For example, the first device binds 4 interfaces, each interface has a priority of 10, if one interface is in an enabled state, the priority of the first device is increased by 10, and if one interface is in a disabled state, the priority of the first device is decreased by 10. If the first device has only 3 interfaces in the enabled state, the priority of the first device should not be increased over the second device, and if the first device has 4 interfaces in the enabled state, the priority of the first device should be increased over the second device.

In one embodiment shown, the dual deployment is dual hot standby, switching traffic that needs to be accepted by the first device back to the first device, comprising: responsive to the state of the first interface being updated to an enabled state, performing active-standby state negotiation on the first device and the second device; and if the negotiation determines that the first device is the master device, switching the traffic which needs to be accepted by the first device back to the first device.

For example, as shown in fig. 1, the first device 110 and the second device 120 form a dual hot standby, and in response to the state update of the first interface bound by the first device 110 being in an enabled state, the first device 110 and the second device 120 are subjected to a master-standby state negotiation, and if the negotiation results in the first device 110 being the master device, the traffic that needs to be accepted by the first device 110 is switched back to the first device 110.

The dual-machine hot standby mode is a working mode of dual-machine deployment of a single active link, a firewall is deployed for two devices respectively, and negotiation of the main and standby states of the two firewalls is completed through a Redundant Device Management Protocol (RDMP). After the primary firewall and the backup firewall are determined, the primary firewall forwards the service, the backup firewall is in a monitoring state, and the primary firewall sends state information and information to be backed up to the backup firewall at regular time. When the main firewall fails, the standby firewall can timely take over the service on the main firewall.

In one embodiment shown, the dual machine is deployed as a dual active link, switching traffic that needs to be accepted by the first device back to the first device, comprising: and switching the traffic required to be accepted by the first equipment back to the first equipment in response to the state of the first interface being updated to the enabled state.

For example, as shown in fig. 1, the first device 110 and the second device 120 form a dual hot standby, and traffic that needs to be accepted by the first device 110 is switched back to the first device 110 in response to the status of the first interface to which the first device 110 is bound being updated to an enabled state.

The dual active link mode realizes the flow and simultaneously walks two devices through network deployment. For example, the traffic is controlled to be loaded on two devices separately using an equivalent routing approach. In the dual-machine deployment dual-active link, the host is responsible for processing all front-end requests, and the standby machine is in a standby state and ready to take over the work of the host at any time. When the host fails or needs maintenance, the standby machine automatically takes over the work and becomes a new host. At this time, the original host becomes a standby, and waits for the next failover. And the two main and standby machines synchronize data through a bidirectional link, so that the consistency of the data is ensured. The double-active-link double-machine deployment ensures that the utilization rate of the equipment is higher, and the application range of deployment is more.

In one embodiment, the first device is provided with a service board card, and the configuration information related to the received traffic includes at least one of the following: slot status information of the service card 112; two layers of forwarding table item configuration information; three layers of forwarding table item configuration information; packet filtering configuration information; network address translation configuration information; virtual private network configuration information; whether the rule is issued to the configuration information of the service board.

For example, as shown in fig. 1, the configuration information related to the received traffic of the first device 110 includes slot status information of the service board 112; two layers of forwarding table item configuration information; three layers of forwarding table item configuration information; packet filtering configuration information; network address translation configuration information; virtual private network configuration information; whether the rule is issued to the configuration information of the service card 112.

The service cards have multiple types, each service card can process traffic related to the service, and the types of the service cards are not limited in this specification. The service cards are positioned in the frame type equipment slots, and different service cards correspond to different slots. The slot status information of the service board card includes, but is not limited to, slot number, board card model, on-line status, hardware status, connection status, etc. For frame equipment, the two-layer forwarding table entry and the three-layer forwarding table entry respectively have the function of correctly forwarding the data packet in the local area network and across the network, thereby realizing network communication and data transmission. Packet filtering configuration information of the frame device refers to a rule configuration for filtering and processing data packets. These rules may filter the data packet based on different conditions to decide whether to allow or reject the data packet through the device. Network address translation (Network Address Translation, NAT) is a technique in networks to translate private IP addresses to public IP addresses, which is used to address IPv4 address shortages and enhance network security. By correctly configuring NAT, communication between the internal private network and the public internet can be achieved and network security is enhanced. Virtual private networks (Virtual Private Network, VPN) are a technology for establishing secure connections over public networks, such as the internet, for purposes of remote access, secure communications between sites, and encrypted data transfer. By correctly configuring VPN, safe and private network communication can be realized, and confidentiality and integrity of data transmission are protected.

In one embodiment, the first device is mounted with a main control board card, and the method further includes: initializing a main control board card of the first equipment; and loading configuration information of the first interface and configuration information related to the accepted traffic for the first equipment.

For example, as shown in fig. 1, the main control board card of the first device 110 is initialized, and configuration information of the first interface bound to the first device 110 and configuration information related to the accepted traffic are loaded for the first device 110.

The initialization process of the device refers to a process of transferring the device from an initial state to an available state. Typically, the initialization process for a device includes several aspects, including device checking, system setup, firmware upgrades, network setup, service configuration, security setup, testing, and verification.

To assist those skilled in the art in better understanding the above embodiments, the above embodiments are described below with reference to fig. 3 by taking a silent dual mode in dual deployment as an example.

Referring to fig. 3, fig. 3 is a flow chart illustrating a flow back switching method in a silent dual mode according to an exemplary embodiment. As shown in fig. 3, after the first device is down, the first device is powered on again, the main control board card carried by the first device is initialized first, and after the initialization of the main control board card is completed, the interface configuration information and other configuration information related to the receiving flow are started and loaded. And then, detecting the restoration of the interface configuration information, and checking whether the configuration information related to the received flow of the first equipment is completely loaded. And if the configuration information related to the received traffic of the first device is completely loaded, updating the interface state bound with the first device, and updating the interface state from the disabled state to the enabled state. The priority of the first device with the updated interface state is correspondingly increased, and the first device with the increased priority becomes the master device in the silent dual-mode, so that the traffic required to be accepted by the first device is switched back to the first device.

Corresponding to the embodiment of the flow switching method, the present specification also provides an embodiment of a flow switching device.

Referring to fig. 4, fig. 4 is a hardware configuration diagram of an electronic device where a flow switching device is shown in an exemplary embodiment. At the hardware level, the device includes a processor 402, an internal bus 404, a network interface 406, a memory 408, and a non-volatile storage 410, although other hardware requirements are possible. One or more embodiments of the present description may be implemented in a software-based manner, such as by the processor 402 reading a corresponding computer program from the non-volatile memory 410 into the memory 408 and then running. Of course, in addition to software implementation, one or more embodiments of the present disclosure do not exclude other implementation manners, such as a logic device or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but may also be hardware or a logic device.

Referring to fig. 5, fig. 5 is a block diagram of a flow switching device according to an exemplary embodiment. The flow switching device can be applied to the electronic equipment shown in fig. 4 to realize the technical scheme of the specification. The device is used for carrying out flow switching on a first device and a second device, and the first device and the second device are deployed by adopting a double machine; the apparatus may include:

A first updating unit 502, configured to update, after an abnormality occurs in the first device, a state of a first interface bound by the first device from an enabled state to a disabled state, and switch traffic to be accepted by the first device to the second device;

a checking unit 504, configured to check whether all configuration information related to the received traffic is loaded on the first device;

And the second updating unit 506 is configured to update the state of the first interface from the disabled state to the enabled state in response to the configuration information related to the traffic received by the first device being completely loaded, and switch back the traffic to be received by the first device to the first device.

In this embodiment, the verification unit includes:

And the verification subunit is used for responding to the completion of the recovery of the configuration information of the first interface and verifying whether the configuration information of the first equipment and the receiving flow are completely loaded.

In this embodiment, the dual machine is deployed as a silent dual machine, and the second update unit includes:

an increasing subunit, configured to increase the priority of the first device in response to the status of the first interface being updated to an enabled status;

a comparing subunit configured to compare the increased priority of the first device with the priority of the second device;

And the first back-switching subunit is used for back-switching the traffic which needs to be accepted by the first equipment to the first equipment under the condition that the increased priority of the first equipment is higher.

In this embodiment, the dual-machine deployment is dual-machine hot standby, and the second update unit includes:

a negotiation subunit, configured to perform a master-slave state negotiation on the first device and the second device in response to the update of the state of the first interface to an enabled state;

And the second back-switching subunit is used for back-switching the traffic which needs to be accepted by the first equipment to the first equipment under the condition that the first equipment is determined to be the main equipment by negotiation.

In this embodiment, the dual machine is deployed as a dual active link, and the second update unit includes:

And the third switching sub-unit is used for switching the traffic needed to be accepted by the first equipment back to the first equipment in response to the state of the first interface being updated to the starting state.

In this embodiment, the first device is equipped with a service board card, and the configuration information related to the received traffic includes at least one of the following:

slot status information of the service card;

Two layers of forwarding table item configuration information;

Three layers of forwarding table item configuration information;

packet filtering configuration information;

Network address translation configuration information;

virtual private network configuration information;

In this embodiment, the first device is mounted with a main control board card, and the apparatus further includes:

The initialization unit is used for initializing the main control board card of the first equipment;

and the loading unit is used for loading the configuration information of the first interface and the configuration information related to the receiving flow for the first equipment.

The implementation process of the functions and roles of each unit in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be described herein again.

For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are illustrative only, in that the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present description. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.

In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, read only compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by the computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

The user information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of related data is required to comply with the relevant laws and regulations and standards of the relevant country and region, and is provided with corresponding operation entries for the user to select authorization or rejection.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The terminology used in the one or more embodiments of the specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the one or more embodiments of the specification. As used in this specification, one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination" depending on the context.

The foregoing description of the preferred embodiment(s) is (are) merely intended to illustrate the embodiment(s) of the present invention, and it is not intended to limit the embodiment(s) of the present invention to the particular embodiment(s) described.

Claims

1. The flow switching method is characterized by being applied to a flow switching application program, wherein the flow switching application program is used for switching the flow of first equipment and second equipment, and the first equipment and the second equipment are deployed by adopting a double machine; the method comprises the following steps:

2. The method of claim 1, wherein verifying whether configuration information associated with the first device and the received traffic is fully loaded comprises:

3. The method of claim 1, wherein the dual machine deployment is a silent dual machine that switches traffic that needs to be accepted by the first device back to the first device, comprising:

4. The method of claim 1, wherein the dual deployment is dual hot standby, switching traffic to be received by the first device back to the first device, comprising:

5. The method of claim 1, wherein the dual-chassis deployment is a dual-active link that switches traffic that needs to be accepted by the first device back to the first device, comprising:

6. The method of claim 1, wherein the first device is configured with a service card, and the configuration information related to the accepted traffic includes at least one of:

slot status information of the service card;

Two layers of forwarding table item configuration information;

Three layers of forwarding table item configuration information;

packet filtering configuration information;

Network address translation configuration information;

virtual private network configuration information;

7. The method of claim 1, wherein the first device is equipped with a main control board card, the method further comprising:

initializing a main control board card of the first equipment;

8. The flow switching device is characterized by being used for switching the flow of first equipment and second equipment, wherein the first equipment and the second equipment are deployed by adopting a double machine; the device comprises:

9. An electronic device comprises a communication interface, a processor, a memory and a bus, wherein the communication interface, the processor and the memory are connected with each other through the bus;

The memory stores machine readable instructions, the processor executing the method of any of claims 1 to 7 by invoking the machine readable instructions.

10. A machine-readable storage medium storing machine-readable instructions which, when invoked and executed by a processor, implement the method of any one of claims 1 to 7.