TW201737664A - Accurate speed limiting method and apparatus for cluster - Google Patents

Abstract

Provided are an accurate speed limiting method and apparatus for a cluster, relating to the technical field of computers. The method of the present application comprises: receiving a data packet; determining whether the data packet is a data packet of a client responsible for being dealt with thereby; if the data packet is not a data packet of a client responsible for being dealt with thereby, forwarding the data packet to a service entity which is responsible for dealing with the client to which the data packet belongs; and if the data packet is a data packet of a client responsible for being dealt with thereby, performing speed limiting processing on the data packet based on identity information about the data packet. In the present invention, there is no need to separately arrange a flow control entity in a cluster to limit the speed of service entities in the whole cluster, so that the normal working of the whole cluster will not be affected due to a fault of the flow control entity, and the applicability is strong. In addition, it only relates to simple forwarding of a data packet between service entities, so that the complexity is low.

Description

Cluster precise speed limit method and device

The invention relates to the field of computer technology, in particular to a cluster precise speed limit method and a cluster precise speed limit device.

With the popularity of the Internet, the application environment of the network is also increasingly diversified, for example, by using a cluster composed of a group of service entities working together to provide services to multiple clients or multiple users. In such an application environment, in order to prevent a certain client from excessive traffic and affect other clients or based on the demand for broadband traffic purchased by a certain client, it is necessary to limit the rate of traffic for each client or user. Because the cluster contains multiple service entities, such as servers. Each service entity provides services at the same time, which in turn causes traffic of the same client to fall on multiple service entities in the cluster. In this way, if each service entity is speed-limiting separately, as the cluster size increases, the total speed limit bandwidth of each client is also expanded, so it is necessary to provide an accurate global speed limit scheme for the cluster.

In order to achieve the purpose of achieving accurate speed limit for clusters, there are currently three types of schemes:

The first category: the use of specialized flow control entities within the cluster, such as flow control servo , etc., used to control the speed limit of each service entity. The flow control entity is responsible for monitoring the traffic rate of each rate limiting unit on the serving entity and dynamically allocating the rate limiting bandwidth.

The second type: Each service entity in the cluster allocates the bandwidth purchased by the client or the user on average. If the cluster has N service entities and the user purchases the bandwidth of B, the rate limit of each service entity is B/N.

The third category: provides a special speed limit node composed of devices with speed limit function between the client and the cluster.

However, for the above three types of methods, there are different disadvantages:

For the first type of solution, you first need to provide a flow control entity in the cluster to control the rate limit. If the flow control entity fails, it will affect the normal operation of the cluster, and the applicability is not strong. Secondly, since the flow control entity needs to monitor the traffic rate of the service entity, it needs to communicate with the service entity to determine the speed limit that is sent to each service entity. The complexity is high.

For the second type of solution, it is difficult to ensure that the traffic of each client falls evenly to each service entity, and the operability is low. Secondly, if the traffic of the client is not uniform, then the traffic of some clients on a certain service entity is greater than the specific rate limit, so that the packet loss is caused, and the actual bandwidth of the user cannot reach the bandwidth of the purchase, and the accuracy is better. low.

For the third type of scheme, adding a dedicated speed limit node and increasing the cost is not applicable to small clusters.

In view of the above problems, embodiments of the present invention have been proposed in order to provide a gram. A cluster precise speed limit method and a corresponding cluster precision speed limit device that solve the above problems or at least partially solve the above problems.

In order to solve the above problem, the present invention discloses a method for accurately limiting the rate of a cluster, comprising: receiving a data packet; determining whether the data packet is a data packet of a client that is responsible for responding by itself; if the data packet is not handled by itself The data package of the client forwards the data package to a service entity responsible for responding to the client to which the data package belongs; if the data package is a data package of the client that is responsible for the response, the identity information based on the data package is , the speed limit processing of the data packet.

Preferably, the step of forwarding the data packet to a service entity responsible for responding to the client to which the data packet belongs includes: transmitting, according to the identity information of the data packet, the network packet The rule of the protocol encapsulates the protocol header; the data packet encapsulating the protocol header is forwarded through the switch to the service entity responsible for responding to the client to which the data packet belongs.

Preferably, the step of encapsulating the protocol header according to the identity information of the data packet in accordance with the rules of the network transmission protocol, including: based on the identity information of the data packet, in the data packet Encapsulate a layer of IP headers and UDP packets in addition to the rules of the network transport protocol. Header, or based on the identity information of the data packet, further encapsulates an IP packet header and a TCP packet header in addition to the data packet according to the rules of the network transmission protocol.

Preferably, based on the identity information of the data packet, the IP packet header and the UDP packet header are further encapsulated according to the rules of the network transmission protocol, or based on the identity information of the data packet, And the step of re-encapsulating an IP packet header and a TCP packet header according to the rules of the network transmission protocol, including: acquiring identity information corresponding to the data packet; and selecting the same five-element according to the identity information The quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transport protocol type; the destination IP address is an IP address corresponding to the service entity; based on the quintuple Re-encapsulating a layer of IP headers and UDP headers in accordance with the rules of the network transmission protocol in addition to the data packet; or, based on the quintuple, in accordance with the rules of the network transmission protocol, outside the data packet Encapsulate a layer of IP packet headers and TCP packet headers.

Preferably, when the identity information is an IP address, the step of acquiring the identity information corresponding to the data packet comprises: parsing an IP packet header of the data packet at a network layer to obtain an IP address.

Preferably, when the identity information is a user ID, the step of acquiring the identity information corresponding to the data packet comprises: temporarily storing the data packet in a network layer, and simultaneously Sending to the application layer; parsing the data area of the data package at the application layer to obtain the user ID of the data package.

Preferably, the step of selecting the same five-tuple according to the identity information includes: selecting, by the application layer, the same five-tuple according to the identity information; and selecting the same one according to the identity information. After the quintuple step, the method further includes: sending the quintuple obtained at the application layer to the network layer.

Preferably, the step of re-encapsulating an IP packet header and a UDP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple includes: The source port and the destination port are encapsulated into a UDP packet header other than the data packet; the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP outside the data packet. In the header of the message.

Preferably, the step of re-encapsulating an IP packet header and a TCP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple includes: The source port and the destination port are encapsulated into a TCP packet header other than the data packet; the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP outside the data packet. In the header of the message.

Preferably, the determining whether the data package is responsible for itself The step of the client's data package includes: determining whether the data package is a data package forwarded by the service entity or a data package sent by the client; if the data package is a data package forwarded by the service entity, confirming the The data package is a data package of the client that is responsible for the response; if the data package is a data package sent by the client, it is confirmed that the data package is not a data package of the client that is responsible for the response.

Preferably, the step of determining whether the data packet is a data packet forwarded by the service entity or a data packet sent by the client comprises: determining, according to any data packet, whether there is a network according to the data packet a protocol header of a rule of the transport protocol; if there is a protocol header encapsulated according to the rules of the network transport protocol outside the data packet, it is confirmed that the data packet is a data packet of the client that is responsible for the response; If there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is not a data packet of the client that is responsible for the response.

Preferably, the step of performing rate limiting processing on the data packet based on the identity information of the data packet includes: releasing a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; The identity information of the data packet; determining whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds a traffic threshold, discarding The data package.

Preferably, when the identity information is an IP address, the step of determining whether the traffic corresponding to the identity information reaches a threshold includes: searching for a user ID corresponding to the IP address; searching according to the user ID Corresponding traffic threshold; calculating whether the traffic corresponding to the IP address exceeds the traffic threshold; if the traffic corresponding to the IP address exceeds the traffic threshold, discarding the data packet.

Correspondingly, the present invention also discloses a cluster accurate speed limit device, comprising: a receiving module adapted to receive a data packet; and a determining module, configured to determine whether the data packet is a data packet of a client that is responsible for responding by itself; If the data package is not the data package of the client that is responsible for the response, the packet is entered into the forwarding module; if the data packet is the data packet of the client that is responsible for the response, the data entry is entered into the speed limit module; And forwarding the data packet to a service entity responsible for responding to the client to which the data packet belongs; the speed limit module is adapted to perform speed limit processing on the data packet based on the identity information of the data package.

Preferably, the forwarding module includes: a package sub-module adapted to encapsulate a protocol header according to a rule of a network transmission protocol in addition to the identity information of the data packet; Module, suitable for passing the package containing the protocol header The change is forwarded to the service entity responsible for responding to the client to which the data package belongs.

Preferably, the package sub-module includes: a first package sub-module adapted to encapsulate an IP packet in accordance with a rule of a network transmission protocol according to the identity information of the data packet. a header and a UDP packet header; or a second encapsulation submodule adapted to encapsulate an IP packet header and a TCP packet header in addition to the data packet according to the rules of the network transmission protocol based on the identity information of the data packet. .

Preferably, the first package sub-module or the second package sub-module includes: an identity information acquisition sub-module, configured to acquire identity information corresponding to the data packet; and a quintuple selection sub-module And selecting, according to the identity information, a same five-tuple; the five-tuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transmission protocol type; the destination IP address is An IP address corresponding to the service entity; the first packet header encapsulating submodule is adapted to encapsulate an IP packet header and a UDP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple Or, the second packet header encapsulation sub-module is adapted to further encapsulate an IP packet header and a TCP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple.

Preferably, when the identity information is an IP address, the identity information obtaining sub-module includes: a first identity information acquiring sub-module, configured to parse the resource at a network layer The IP packet header of the packet to obtain the IP address.

Preferably, when the identity information is a user ID, the identity information obtaining sub-module includes: an upward sending sub-module, configured to temporarily store the data packet in a network layer, and simultaneously Sending to the application layer; the second identity information obtaining submodule is adapted to parse the data area of the data packet at the application layer to obtain the user ID of the data packet.

Preferably, the quintuple sub-module includes: an application layer quintuple sub-module, which is adapted to select the same quintuple according to the identity information at the application layer; After the sub-module, the method further includes: a sending sub-module, configured to send the quintuple obtained at the application layer to the network layer; preferably, the first packet header sub-module includes: the first port a package submodule, configured to encapsulate a source port and a destination port in the quintuple into a UDP packet header outside the data packet; and an IP address encapsulation submodule adapted to use the quintuple The source IP address, the destination IP address, and the transport protocol type are encapsulated in an IP packet header other than the data packet.

Preferably, the second packet header sub-module includes: a second port encapsulation sub-module, configured to encapsulate the source port and the destination port in the quintuple into a TCP outside the data packet. In the header of the packet, the IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into the data packet. IP header in the header.

Preferably, the determining module comprises: a determining sub-module, configured to determine whether the data packet is a data packet forwarded by a service entity or a data packet sent by a client; if the data packet is a service entity The forwarded data package confirms that the data package is a data package of the client that is responsible for the response; if the data package is a data package sent by the client, it is confirmed that the data package is not the data of the client that is responsible for the response. package.

Preferably, the determining sub-module includes: a protocol header determining sub-module, and is adapted to determine, according to any data packet, whether there is a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet. If there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, the first confirmation submodule is entered; if there is no rule according to the network transmission protocol outside the data packet The encapsulated protocol header enters the second confirmation sub-module.

Preferably, the speed limit module comprises: a release submodule, adapted to release a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; and a data packet identity information acquisition submodule, Obtaining the identity information of the data packet; the traffic judgment sub-module is configured to determine whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds a traffic threshold, enter the discarding sub-module Discarding the sub-module, suitable for discarding the data package.

Preferably, when the identity information is an IP address, the traffic judgment sub-module includes: a user ID search sub-module, configured to search for a user ID corresponding to the IP address; and a traffic threshold search sub-module a group, configured to search for a corresponding traffic threshold according to the user ID; the first traffic judgment sub-module is configured to calculate whether the traffic corresponding to the IP address exceeds the traffic threshold; if the traffic corresponding to the IP address If the traffic threshold is exceeded, the discarding submodule is entered.

The embodiment of the present invention includes the following advantages: in the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the same cluster and is responsible for responding to the client of the data packet without increasing the complexity of the system. The service entity of the end ensures that the traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. In the first embodiment of the present invention, the embodiment of the present invention does not need to set a flow control entity in the cluster to limit the rate of the service entity in the entire cluster, and the entire cluster may not be affected by the fault of the flow control entity. The normal work, the applicability is strong. Moreover, there is also a large amount of communication between the flow control entity and the service entity to determine the speed limit for each service entity, and only the simple forwarding of the data packets between the service entities is low.

Secondly, in contrast to the second type of solution of the background art, the embodiment of the present invention is responsible for the data packet of the same client by the same service entity. The specific business logic processing determines whether to process it next or discard it. Therefore, the traffic of each client can be precisely controlled, and the operability is high.

The third embodiment of the present invention, the embodiment of the present invention improves the processing flow of the data packet under the original architecture of the cluster, and forwards the data packet of the same client received by each service entity to the same The service entity performs speed limit processing without increasing system complexity, and does not use additional hardware facilities, and does not increase hardware costs. Moreover, the embodiment of the present invention only utilizes the computing function of the cluster itself, that is, the speed limit processing of the traffic of the same client is implemented, and can be applied to a cluster of any size, and has wider applicability.

In summary, with respect to the background art, the embodiment of the present invention improves the applicability, operability, and accuracy of the cluster speed limit without increasing system complexity and cost.

110‧‧‧Steps

120‧‧‧Steps

130‧‧‧Steps

140‧‧‧Steps

210‧‧‧Steps

220‧‧‧Steps

230‧‧‧Steps

240‧‧‧ steps

250‧‧‧ steps

310‧‧‧Steps

320‧‧‧Steps

330‧‧‧Steps

340‧‧‧Steps

350‧‧‧Steps

360‧‧‧Steps

370‧‧‧Steps

380‧‧‧Steps

410‧‧‧Switch

420‧‧‧Service entity

421‧‧‧ receiving module

422‧‧‧Judgement module

423‧‧‧ Forwarding module

424‧‧‧Speed Limit Module

510‧‧‧Switch

520‧‧‧Service entity

521‧‧‧ receiving module

522‧‧‧Judgement module

523‧‧‧ Forwarding module

5231‧‧‧Package submodule

52311‧‧‧Second package submodule

5232‧‧‧ Forwarding submodule

524‧‧‧Speed Limit Module

610‧‧‧Switch

620‧‧‧Service entity

621‧‧‧ receiving module

622‧‧‧Judgement module

6221‧‧‧ judgment submodule

623‧‧‧ Forwarding module

6231‧‧‧Package submodule

62311‧‧‧First package submodule

6232‧‧‧ Forwarding submodule

624‧‧‧Speed Limit Module

6241‧‧‧Remove sub-module

6242‧‧‧ Packet Identity Information Acquisition Sub-module

6243‧‧‧Flow judgment sub-module

6244‧‧‧Discarding submodules

1 is a flow chart of steps of an embodiment of a cluster precise rate limiting method; FIG. 1 is a schematic diagram of an application scenario of the present invention; FIG. 2 is a flow chart of steps of another embodiment of the cluster precise rate limiting method of the present invention; 3 is a flow chart showing the steps of another embodiment of the cluster precise speed limit method of the present invention; FIG. 4 is a structure of an embodiment of the cluster precise speed limit device of the present invention; FIG. 5 is a block diagram showing another embodiment of a cluster precise speed limit device according to the present invention; and FIG. 6 is a block diagram showing another embodiment of the cluster precise speed limit device of the present invention.

The present invention will be further described in detail with reference to the drawings and specific embodiments.

One of the core concepts of the embodiments of the present invention is that the cluster precise rate limiting method and apparatus provided by the present invention can be forwarded by a packet of a client that is not responsible for itself, without increasing the complexity of the system. Giving the same cluster the service entity responsible for responding to the client to which the data packet belongs, thereby ensuring that the traffic of the same client falls on the same service entity, and then on the service entity, based on the identity information of the corresponding data packet, the data packet of the client Speed limit processing. Therefore, compared with the background art, the applicability, operability, and accuracy of the cluster speed limit are improved without increasing system complexity and cost.

Embodiment 1

Referring to FIG. 1 , a flow chart of steps of an embodiment of a cluster precise rate limiting method of the present invention is shown, which may specifically include the following steps:

Step 110: Receive a data package.

FIG. 1A is a schematic diagram of an application scenario of the present invention. It can be seen that there are four service entities in the cluster, and the service entity communicates with the outside through various switches, such as the client, and the data packets sent by the client first pass through the switch, and then redistributed by the switch to at least one service entity. deal with.

A cluster is a group of service entities that work together to provide a service platform that is more scalable and usable than a single service entity. It mainly includes a high availability cluster, a load balance cluster, and a high performance computing cluster. The present invention is mainly directed to a high availability cluster and a load balancing cluster. A service entity is a device that can provide certain services, such as a server. In the embodiment of the present invention, a data packet can be received and a speed limit operation can be performed.

In the Internet, the client interacts with the server by sending its request and other information to the server in the form of a packet. Moreover, in the present invention, since a plurality of service entities in the cluster can provide services at the same time, the data packets sent by the same client may fall on multiple service entities in the cluster.

Take the current Internet as an example, basically adopt the Internet Protocol such as TCP/IP protocol, then the TCP/IP protocol data packet is the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol communication transmission. The data unit in the network, also commonly referred to as the "package", in the process of network information transmission, a single message is divided into multiple data blocks, these data blocks are called data A package that contains address information for the sender and receiver. These packets are then transmitted along one or more networks along different paths and reassembled at the destination. In practical applications, the data package is mainly composed of two parts: the message header and the data.

In practical applications, the TCP/IP protocol is a protocol family, which includes TCP (Transmission Control Protocol), IP (Internet Protocol), and UDP (User Datagram Protocol). , ICMP (Internet Control Message Protocol), RIP (Routing Information Protocol), SMTP (Simple Mail Transfer Protocol), SNMP (Simple Network Manage Protocol) Management protocol), ARP (Address Resolution Protocol), FTP (File Transfer Protocol) and many other protocols. The TCP/IP protocol adopts a hierarchical structure, and its layered model and protocol are as follows (1) :

Different protocol layers have different names for data packets. They are called segments in the transport layer, datagrams in the network layer, and frames in the link layer.

The cluster precise speed limit method of the invention is for information transmission The data packet in the middle speed limit, so the first need to receive the data packet.

Step 120: Determine whether the data package is a data package of a client that is responsible for responding by itself; if the data package is not a data package of a client that is responsible for the response, proceed to step 130; if the data package is responsible for itself If the client's data package is processed, the process proceeds to step 140.

In the embodiment of the present invention, for each service entity in the cluster, the switch may determine, according to a certain algorithm, the clients that the service entities in the cluster are responsible for, that is, a service entity in the cluster may only be responsible for determining by the algorithm. In the embodiment of the present invention, the specific client may be referred to as a client responsible for responding to the data packet sent by the client.

Therefore, after receiving the data package of the client, it is necessary to further determine whether the data package is a data package of the client that is responsible for the response, and if the data package is not the data package of the client that is responsible for the response, the service entity is considered. Only rate the data packets sent by the client that is responsible for the response, so the data package needs to be forwarded to the service entity responsible for responding to the client of the data package; and if the data package is by itself The data package of the client responsible for the response can directly limit the speed of the data packet based on the identity information of the data package.

Step 130: Forward the data package to a service entity responsible for responding to the client to which the data package belongs.

As shown in the scenario diagram shown in FIG. 1A, after receiving the data packet sent by the client, the service entity may forward the received data packet that is not handled by itself to the client responsible for responding to the data packet. The service entity at the end. For example, if the service entity 1 receives a data packet, and the client to which the data packet belongs is handled by the service entity 3, after the service entity receives the data packet, the data packet is sent to the switch 1 again, and then Switch 1 then sends the packet to service entity 3.

In another preferred embodiment of the present invention, step 130 includes:

Sub-step 131, based on the identity information of the data packet, encapsulates the protocol header in addition to the data packet according to the rules of the network transmission protocol.

In the embodiment of the present invention, the protocol header may be encapsulated outside the data packet based on the identity information of the data packet, and the protocol header is encapsulated outside the data packet according to the rules of the network transmission protocol.

The identity information of the data packet may include a user ID, and/or an IP address of the client, etc.; a network protocol (Communications Protocol) generally refers to a network layer protocol and a transport layer protocol, for example, in Table (1) IP (Internet Protocol) protocol, TCP protocol, UDP protocol, etc. In practical applications, the TCP protocol and the UDP protocol use only one packet of the same packet.

The difference between the TCP protocol and the UDP protocol is mainly as follows: 1. The TCP protocol needs to connect between objects having a communication relationship, and the UDP protocol does not need to connect between objects having a communication relationship; 2. The transmission speed of the TCP protocol Slower, UDP protocol transmission speed is faster; 3, TCP protocol can guarantee data order, UDP protocol can not guarantee data order; 4, TCP protocol can guarantee data correctness, UDP protocol may Packet loss; 5, TCP protocol requires a lot of system resources, UDP protocol system resource requirements are small.

Therefore, it can be understood that the present invention encapsulates the protocol header in accordance with the rules of the network transmission protocol in addition to the data packet, and the protocol header can be encapsulated according to the rules of the IP protocol + TCP protocol or the IP protocol + UDP protocol.

In an actual application, when the present invention encapsulates the foregoing protocol header, the first data indicating the identity information of the client to which the data packet belongs is encapsulated in the protocol header. For the same client, the first data encapsulated in the protocol header of any of its packets is unique and can be distinguished from other clients.

Sub-step 132, forwarding the data package encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

In the embodiment of the present invention, the data packet sent by the same client needs to be merged into a preset service entity corresponding to the client, and then the speed limit is accurately performed. For the data package encapsulating the protocol header, According to the content of the protocol header, the data packet encapsulating the protocol header is forwarded by the switch to the service entity responsible for responding to the client to which the data packet belongs.

In practical applications, the HASH (hash/hash) policy of the switch can be used to accurately forward the data packet encapsulating the protocol header to the service entity responsible for the client to which the data packet belongs.

In practical applications, the cluster switch hashes the first data in the protocol header of the data packet, and then distributes the data packet to the corresponding service entity according to the hash result. Such as calculating the hash of the first data The value is then obtained by taking the hash value to the total number of service entities, and then sending the data packet to the service entity corresponding to the remainder according to the correspondence between the remainder and the service entity.

Step 140: Perform rate limiting processing on the data packet based on identity information of the data packet.

In practical applications, the cluster needs to provide services for multiple clients. In order to prevent the traffic of a certain client from being too large, affecting other clients or causing high bandwidth charges of the client, it is necessary to limit the speed of each client. In the embodiment of the present invention, after all the data packets of each client are merged into the service entity corresponding to the client, a service entity can be used to limit the speed of a certain client.

In an actual application, different traffic thresholds may be preset according to different clients, and then it is determined whether the traffic of each data packet received by the service entity exceeds the traffic threshold corresponding to the client, if a certain data If the traffic of the packet exceeds the traffic threshold corresponding to the client, the data packet may be discarded, and if the traffic of the data packet does not exceed the traffic threshold corresponding to the client, the data packet is retained.

In the embodiment of the present invention, by not adding the complexity of the system, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster responsible for responding to the client to which the data packet belongs, thereby ensuring the same The traffic of the client falls on the same service entity, and then the speed limit processing is performed on the data packet of the client based on the identity information of the corresponding data packet on the service entity. Therefore, the present invention has the following advantages: First, relative to the background art The first type of solution, the embodiment of the present invention does not By setting a flow control entity in a cluster to limit the rate of service entities in the entire cluster, it is not necessary to affect the normal operation of the entire cluster for the failure of the flow control entity, and the applicability is strong. Moreover, there is also a large amount of communication between the flow control entity and the service entity to determine the speed limit for each service entity, and only the simple forwarding of the data packets between the service entities is low.

Secondly, with respect to the second type of solution of the background technology, the embodiment of the present invention is responsible for performing specific business logic processing on the data packet of the same client by the same service entity, and determining whether to perform the next processing or discarding, so Precise control of traffic to each client, high operability.

The third embodiment of the present invention, the embodiment of the present invention improves the processing flow of the data packet under the original architecture of the cluster, and forwards the data packet of the same client received by each service entity to the same The service entity performs speed limit processing without increasing system complexity, and does not use additional hardware facilities, and does not increase hardware costs. Moreover, the embodiment of the present invention only utilizes the computing function of the cluster itself, that is, the speed limit processing of the traffic of the same client is implemented, and can be applied to a cluster of any size, and has wider applicability.

In summary, compared with the background technology, the three types of rate limiting schemes improve the applicability, operability, and accuracy of the cluster speed limit without increasing system complexity and cost.

Embodiment 2

Referring to FIG. 2, a flow chart of the steps of the embodiment of the cluster precise rate limiting method of the present invention is shown, which may specifically include the following steps:

Step 210: Receive a data packet.

Step 220: Determine whether the data package is a data package of a client that is responsible for the response; if the data package is not a data package of the client that is responsible for the response, proceed to step 230; if the data package is responsible for itself If the client's data package is processed, the process proceeds to step 250.

Step 230: Based on the identity information of the data packet, further encapsulate an IP packet header and a TCP packet header in addition to the data packet according to the rules of the network transmission protocol.

Based on the advantages of the foregoing TCP, in order to ensure the correctness of the data in the forwarding process, in the embodiment of the present invention, according to the identity information of the data packet, the network transmission protocol may be used in addition to the data packet. The rule further encapsulates an IP packet header and a TCP packet header. A TCP packet header is encapsulated according to the TCP protocol, and then an IP packet header is encapsulated according to the IP protocol.

Among them, TCP is a connection-oriented transport protocol, which needs to establish a connection relationship between a client and a service entity that need to communicate and between different service entities. TCP uses the "three-way handshake" method to establish a connection. The client and the service entity are used as an example. The specific steps are as follows: First handshake: When establishing a connection, the client sends a syn packet (syn=j) to the service entity and enters SYN_SEND. Status, waiting for the service entity to confirm; second handshake: the service entity receives the syn package and must confirm the customer's SYN (ack = j + 1), while also sending a SYN packet (syn = k), that is, SYN + ACK packet, the service entity enters the SYN_RECV state; the third handshake: the client receives the SYN+ of the service entity The ACK packet sends an acknowledgement packet ACK (ack=k+1) to the service entity. After the packet is sent, the client and the service entity enter the ESTABLISHED state and complete the three-way handshake.

After completing the three-way handshake, the client and the service entity can start transmitting data.

The data format of the TCP packet header is shown in Table (2):

The serial number: TCP serial number, that is, the serial number of the first byte of the data sent by this segment.

Confirmation number: The serial number of the first byte of the data that you want to receive next time.

Data Offset: Indicates the distance from the beginning of the data segment of the TCP segment to the TCP segment, which is actually the length of the TCP header. Note that the unit of data offset is not a byte but 32 bits, which is 4 bytes. The maximum length of the TVP header is (2^4-1)*4=60 bytes.

Retention: Reserved for future use, currently set to 0.

Code bit:

1. URG: Urgent bit. When URG=1, it indicates that the emergency pointer field is valid. The message should be transmitted as soon as possible. Instead of transmitting in the original queue order.

2. ACK: Acknowledge bit. The acknowledgment number field is valid when ACK=1, and ACK=0 indicates that the acknowledgment number is invalid.

3. PSH: Push Bit: Transfer to the other party according to the team, do not wait for the cache to fill up and then submit it to the upper layer, but submit it immediately.

4. RST: Reset bit. A serious error has occurred in the TCP connection and the connection must be released and re-established immediately. Also used to reject an illegal segment or refuse to open a connection.

5. SYN: Synchronization bit. Used to synchronize the sequence number when the connection is established. When SYN=1 and ACK=0, it indicates that this is a connection request segment. If the other party agrees to establish a connection, SYN=1 and ACK=1 should be used in the response segment. Therefore, when SYN=1, it indicates that this is a connection request or connection acceptance.

6. FIN: Termination bit. Used to release a connection. When FIN=1, it indicates that the data has been sent and the connection is required to be released.

Window: The receiving end informs itself of the receiving capability, that is, the size of the receiving window itself, and the sender will send the data according to this size.

Checksum: The scope of the inspection includes the header and the data. When calculating the checksum, a 12-byte pseudo header is added to the front of the TCP segment.

Urgent pointer: A valid field when the emergency pointer code bit is set. If valid, this value indicates the offset of the octet of the current serial number, which is the starting position of the first non-emergency data.

In another preferred embodiment of the present invention, step 230 includes: sub-step 231, acquiring identity information corresponding to the data packet; and sub-step 232, selecting the same five-tuple according to the identity information; The quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transport protocol type; the destination IP address is an IP address corresponding to the service entity; and sub-step 233, based on the quintuple In addition to the data packet, the IP packet header and the TCP packet header are further encapsulated according to the rules of the network transmission protocol.

To encapsulate an IP packet header and a TCP packet header in addition to the data packet, the transmission protocol type in the quintuple is TCP protocol at this time, that is, in addition to the data packet, an IP packet is encapsulated according to the rules of the TCP protocol. Header and TCP header. According to the IP packet header structure and the TCP packet header structure respectively shown in Table (2) and Table (4), in the actual application, the source IP address, the destination IP address, and the transmission protocol type in the quintuple are respectively The source address, the destination address, and the protocol in the IP packet header correspond to each other. The source port and the destination port in the quintuple group correspond to the source port number and the destination port number in the TCP packet header. The embodiments of the present invention are not limited to the content of the IP packet header and other parts of the TCP packet header.

In another preferred embodiment of the present invention, step 233 includes:

Sub-step 2331, the source port and the destination port in the quintuple Encapsulated into a TCP header other than the data packet.

Specifically, the source port and the destination port in the quintuple are respectively encapsulated into a source port number and a destination port number in a TCP packet header other than the data packet. For the data content of other parts in the TCP packet header, any type of information applicable to the TCP packet header may be used, which is not limited in this embodiment of the present invention.

Sub-step 2332, the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP packet header outside the data packet.

Step 240: Forward the data package encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

Step 250: Perform rate limiting processing on the data packet based on identity information of the data packet.

In the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster that is responsible for responding to the client to which the data packet belongs, so as to ensure that the complexity of the system is not increased. The traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. Compared with the existing three types of cluster speed limit schemes, the applicability, operability, and accuracy of the cluster speed limit are improved without increasing system complexity and cost.

In addition, in the embodiment of the present invention, an IP packet header and a TCP packet header are encapsulated by the data packet sent by the client, and then the encapsulated data packet is forwarded to the responsible packet. In the service entity of the client, the embodiment of the present invention needs to establish a connection between the entities, which can further ensure the accuracy of the data in the data packet, and accurately forward the data packet to the corresponding service entity. The accuracy of the cluster speed limit is further improved.

Embodiment 3

Referring to FIG. 3, a flow chart of the steps of another embodiment of the cluster precise rate limiting method of the present invention is shown, which may specifically include the following steps:

Step 310: Receive a data package.

Step 320: Determine whether the data packet is a data packet forwarded by the service entity or a data packet sent by the client; if the data packet is a data packet forwarded by the service entity, confirm that the data packet is not responsible for the data packet. The client's data package then proceeds to step 330; if the data package is a data package sent by the client, it is confirmed that the data package is the data package of the client that is responsible for the response, and then proceeds to step 350.

As can be seen from the first embodiment, in a practical application, if the data packet received by the service entity is a data packet of the client, the data packet is forwarded to a service entity responsible for responding to the client to which the data packet belongs, and Before forwarding, the service entity cannot confirm whether the client it receives is sending the data packet sent by the client responsible for the response. In addition, in general, only one forwarding process is required, that is, the data packet can be forwarded to a service entity responsible for responding to the client to which the data packet belongs.

In the embodiment of the present invention, if it is confirmed that a certain data packet is not a data packet of a client that is processed by a service entity that receives the data packet, it indicates The service entity needs to forward the received data packet to forward the data packet to the service entity responsible for responding to the client to which the data packet belongs.

In the embodiment of the present invention, if it is confirmed that a certain data packet is a data packet of a client that is handled by a service entity itself, it indicates that the service entity does not need to forward the data packet again.

Therefore, in the embodiment of the present invention, if the data packet received by the service entity is a data packet forwarded by the service entity, it may be confirmed that the data packet is a data packet of the client that is responsible for the response; and if the data received by the service entity is received, If the package is a data package sent by the client, the data package of the client that is not responsible for the response by the service entity may be defaulted first. This step is a preferred embodiment of step 120 in the first embodiment. It should be noted that, in the embodiment of the present invention, the data packet received by the service entity may be a data packet forwarded by itself.

For example, for the service entity A, the two data packets received are: data package a, data package b, wherein the data package a is forwarded by the service entity B, and the data package b is sent by the client C. After the above steps, it can be directly confirmed that the data package a is the data package of the client that the service entity A is responsible for, and the data package b is not the data package of the client that the service entity A is responsible for. Moreover, before the service entity A forwards the data packet b, it cannot confirm whether the client C to which the data package b belongs is the client responsible for the service entity A, and the service entity A and the service entity B may be the same. Service entity.

In another preferred embodiment of the present invention, step 320 includes:

Sub-step 321 , for any data packet, determining whether there is a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; if there is a rule encapsulation according to a network transmission protocol outside the data packet The protocol header confirms that the data packet is the data packet of the client that is responsible for the response, and then proceeds to step 350; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, then It is confirmed that the data package is not the data package of the client that is responsible for the response, and then proceeds to step 330.

According to the content of the first embodiment, in the embodiment of the present invention, if the service entity needs to forward the received data packet, the protocol header needs to be encapsulated according to the rules of the network transmission protocol before the data packet. If the service entity does not forward the received data packet, it does not need to encapsulate the protocol header in accordance with the rules of the network transmission protocol in addition to the data packet.

Therefore, in the embodiment of the present invention, for any data packet received by the service entity, it is determined whether there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet. If there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it indicates that the data packet received by the service entity is a data packet forwarded by the service entity, so that the data packet can be confirmed The data packet of the client that the service entity itself is responsible for; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it indicates that the data packet received by the service entity is sent by the client. The data package, so that it can be confirmed that the data package is not the data package of the client that is responsible for it.

Step 330, based on the identity information of the data packet, in the data The packet is further encapsulated with an IP packet header and a UDP packet header according to the rules of the network transmission protocol.

As described above, if the received data packet is to be forwarded, it is necessary to first encapsulate the protocol header according to the network transmission protocol rules based on the identity information of the data packet.

Among them, UDP is a connectionless datagram service. The source service entity does not need to establish a connection with the target service entity before transmitting the data. The data is sent to the destination service entity directly after the UDP header field such as the source and destination port numbers. At this time, the reliability of each data segment is guaranteed by the upper layer protocol. UDP is more efficient than TCP when the data is transmitted less and is smaller. Considering that the UDP protocol does not need to establish a connection between the service entities of the communication, in the embodiment of the present invention, based on the identity information of the data packet, an IP packet header is further encapsulated in the data packet according to the rules of the network transmission protocol. And UDP packet headers, thus avoiding the process of establishing a connection between service entities. In the embodiment of the present invention, the process of re-encapsulating an IP packet header and a UDP packet header according to the rules of the network transmission protocol outside the data packet does not affect the data packet itself.

In actual applications, the format of the IP packet header is shown in Table (3):

Among them, the Version field: 4 bits. The version number used to indicate the IP protocol implementation. Currently, it is generally IPv4, which is 0100.

Internet Header Length (IHL) field: 4 bits. It is a 32-bit number with a header, including options. Ordinary IP datagram (without any options), the value of this field is 5, which is 160 bits = 20 bytes. This field has a maximum value of 60 bytes.

Type of Service (TOS) field: 8 bits. The first 3 bits are the priority subfield (Precedence, which is now ignored). The 8th bit remains unused. Bits 4 through 7 represent delay, throughput, reliability, and cost, respectively. When they take a value of 1, they represent minimum latency, maximum throughput, maximum reliability, and minimum cost, respectively. Only one of these 4-bit service types can be set to 1. Can be all 0, if all 0, it means general service. The Service Type field declares how the datagram can be processed when it is transmitted by the network system. For example, the TELNET protocol may require minimal delay, the FTP protocol (data) may require maximum throughput, the SNMP protocol may require the highest reliability, and the NNTP (Network News Transfer Protocol) may require a minimum fee. The ICMP protocol may have no special requirements (all 4 bits are 0). In fact, most hosts ignore this field, but some dynamic routing protocols such as OSPF (Open Shortest Path First Protocol) and IS-IS (Intermediate System to Intermediate System Protocol) can make routing decisions based on the values of these fields.

Total length field: 16 bits. Indicates the length of the entire datagram in bytes. The maximum length is 65535 bytes.

Flag field: 16 bits. Used to uniquely identify each datagram sent by the host. Usually every time a message is sent, its value is incremented by 1.

Flag bit field: 3 bits. Mark whether a data report requires segmentation.

Segment offset field: 13 bits. If a datagram requires segmentation, this field indicates where the offset is from the beginning of the original datagram.

TTL: Time to Live field: 8 bits. Used to set the maximum number of routers that a datagram can pass. Set by the source host that sends the data, usually 32, 64, 128, and so on. Each time a router passes, its value is decremented by one until the datagram is discarded.

Protocol field: 8 bits. Indicates the upper layer protocol type encapsulated by the IP layer, such as ICMP (1), IGMP (2), TCP (6), UDP (17), and so on.

Head checksum field: 16 bits. The content is a checksum code calculated from the IP header. The calculation method is: binary inversion of each 16 bits in the header. (Unlike ICMP, IGMP, TCP, and UDP, IP does not check the data after the header).

Source IP address, target IP address field: each occupying 32 bits. It is used to indicate the source host address for sending IP data messages and the destination host address for receiving IP packets.

Optional field: 32 bits. Used to define some options: such as record path, timestamp, etc. These options are rarely used and are not supported by all hosts and routers. The length of the optional field must be an integer multiple of 32 bits. If it is insufficient, it must be padded with 0 to achieve this. Length requirements.

The format of the UDP header is shown in Table (4):

Among them, the source and destination port number fields: 16 bits. Used to identify the application process of the source and target.

Length: 16 bits, indicating the length of the UDP header and UDP data.

Checksum: 16 bits used to verify the UDP header and UDP data.

In another preferred embodiment of the present invention, step 330 includes:

Sub-step 331: Obtain identity information corresponding to the data packet.

As described in step 330, before encapsulating the data package, it is first necessary to obtain the identity information corresponding to the data package. Generally, the identity information corresponding to the data packet may be an IP address, such as an IP address of a client that sends the data packet, or a user ID, such as a user ID that sends the data packet. Of course, the user identity may also be other available information, which is not limited in this embodiment of the present invention.

In another preferred embodiment of the present invention, when the identity information is an IP address, the sub-step 351 includes:

Sub-step 3311, parsing the IP packet header of the data packet at the network layer to obtain an IP address.

If the identity information to be obtained is an IP address, for example, send the data The IP address of the client of the package. As shown in Table (1), the IP layer is supported at the network layer of the TCP/IP protocol. Therefore, in the embodiment of the present invention, the IP packet header of the data packet is parsed at the network layer, and the required IP address is obtained therefrom. . The IP packet header of the data packet is the IP packet header of the data packet itself, and is not related to the IP packet header encapsulated outside the data packet, but the IP packet header structure of the data packet itself is also shown in Table (3). The source address is the IP address to be obtained in the embodiment of the present invention. For a specific analysis process, any one of the available analytical methods in the prior art may be used, and the embodiment of the present invention is not limited.

In another preferred embodiment of the present invention, when the identity information is a user ID, the sub-step 331 includes:

Sub-step 3312, the data package is temporarily stored in the network layer, and the data packet is sent up to the application layer.

If the identity information to be obtained is the user ID, for example, the user ID of the data packet is sent, the information such as the user ID needs to be obtained at the application layer. Therefore, in the embodiment of the present invention, the data packet is temporarily stored in the network. In the memory of the road layer, the data packet is sent up to the application layer at the same time. In the embodiment of the present invention, the IP data packet of the network layer is uploaded to the transport layer, and after the transport layer parses the TCP packet header or the UDP packet header, the content of the data area is uploaded to the application layer. The application layer parses the content of the data area.

Sub-step 3313, parsing the data area of the data packet at the application layer to obtain the user ID of the data package.

In the actual application, information such as the user ID is stored in the data area of the data package, and after the data package is sent to the application layer, the application layer can be analyzed at the application layer. In the data area of the package, obtain the user ID of the package. For the specific parsing process, any available parsing method in the prior art may be used, and the embodiment of the present invention is not limited thereto.

Sub-step 332, selecting the same five-tuple according to the identity information; the five-tuple includes: a source IP address, a destination IP address, a source port, a destination port, a transmission protocol type, and the destination IP address. The IP address corresponding to the service entity.

In practical applications, the quintuple is able to distinguish between different communications and the corresponding communication is unique. Therefore, in the embodiment of the present invention, the same quintuple is selected according to the identity information, and the quintuple is used to completely distinguish the user terminals corresponding to different identity information.

In the embodiment of the present invention, the source IP address included in the quintuple refers to the IP address of the user end, the destination IP address is the IP address corresponding to the service entity, and the source port is the port through which the user terminal sends the data packet, and the destination port. The port that receives the packet for the service entity. The transport protocol type is the specific protocol type for sending the packet.

The source port can use the unique ID of the port of the client. In addition, because the IP address of the client is unique, the last 2 bytes of the client IP address can be used as the source port. Of course, other available methods can be used to identify the source port. The source port is not limited in this embodiment of the present invention. For the destination port, use a fixed port to uniquely tag the destination port for packets for the same cluster. In the embodiment of the present invention, the type of the transport protocol is related to the type of the header re-encapsulated outside the data packet, for example, if the transport protocol type For the UDP protocol, an IP packet header and a UDP packet header are encapsulated outside the data packet. If the transmission protocol type is TCP protocol, an IP packet header and a TCP packet header are encapsulated outside the data packet.

It should be noted that, in the embodiment of the present invention, a cluster consisting of a group of service entities working together is used, and in a practical application, the unified service address provided by the cluster service entity is a virtual IP address. Address, also known as the cluster VIP (Virtual IP) address, the client obtains the functions of each service entity in the cluster by accessing the cluster VIP address. Therefore, the destination IP address is the cluster VIP address, and the destination IP address in the quintuple is consistent for the service entity in the same cluster.

Sub-step 333, based on the quintuple, re-encapsulating an IP packet header and a UDP packet header in addition to the data packet according to the rules of the network transmission protocol.

To encapsulate an IP packet header and a UDP packet header in addition to the data packet, the transport protocol type in the quintuple is UDP protocol, that is, in addition to the data packet, the IP packet is encapsulated according to the UDP protocol. Header and UDP header. According to the IP packet header structure and the UDP packet header structure shown in Tables (3) and (4), in the actual application, the source IP address, the destination IP address, and the transport protocol type in the quintuple are respectively The source address, the destination address, and the protocol in the IP packet header correspond to each other. The source port and the destination port in the quintuple group correspond to the source port number and the destination port number in the UDP packet header. For the content of the IP packet header and other parts of the UDP packet header, the embodiment of the present invention is not limited.

In another preferred embodiment of the present invention, step 333 includes:

Sub-step A3331, the quintuple obtained at the application layer is sent to the network layer.

Since the operation of encapsulating the data packet needs to be performed at the network layer, in the embodiment of the present invention, the quintuple obtained at the application layer needs to be sent to the network layer. As described above, if the quintuple information is obtained according to the user ID information, it may be a quintuple obtained at the application layer. In this case, the quintuple obtained at the application layer needs to be sent to the network layer, and if it is based on the IP bit. The quintuple obtained at the address may be a quintuple obtained at the network layer, and the sending process of this step is not needed at this time. Of course, regardless of the type of user information obtained by the quintuple, as long as the obtained quintuple is not at the network layer, the acquired quintuple needs to be sent to the network layer.

Sub-step A3332, at the network layer, based on the quintuple, re-encapsulating an IP packet header and a UDP packet header in addition to the data packet according to the rules of the network transmission protocol.

In the embodiment of the present invention, specifically, the network layer is based on a quintuple, and a UDP packet header is further encapsulated according to the UDP protocol in the data packet, and then an IP packet header is encapsulated according to the UDP protocol.

Certainly, in the embodiment of the present invention, the IP layer header and the TCP packet header are further encapsulated according to the rules of the network transmission protocol in the network layer based on the quintuple according to the quintuple. similar.

In another preferred embodiment of the present invention, step 333 includes:

Sub-step B3331, the source port and the destination port in the quintuple are encapsulated into a UDP packet header other than the data packet.

Specifically, the source port and the destination port in the quintuple are respectively encapsulated into a source port number and a destination port number in a UDP packet header other than the data packet. For the data content of other parts in the UDP packet header, any type of data applicable to the UDP packet header may be used, which is not limited in this embodiment of the present invention.

Sub-step B3332, the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP packet header other than the data packet.

Specifically, the source IP address, the destination IP address, and the transport protocol type in the quintuple are respectively encapsulated into a source port number, a destination port number, and a protocol in an IP packet header other than the data packet. For the data of other parts in the IP packet header, the data can be applied to any of the IP packet headers, and the embodiment of the present invention is not limited.

In another preferred embodiment of the present invention, the sub-step 332 includes:

Sub-step 3321, the application layer selects the same five-tuple according to the identity information.

In practical applications, the information contained in the quintuple exists in the application layer, so the same quintuple can be selected at the application layer according to the identity information.

Then after sub-step 332, the method further includes:

Sub-step 334, the quintuple obtained at the application layer is sent to the network layer.

Because the specific process of encapsulating the data packet according to the quintuple is on the net. The layer is executed, so the quintuple obtained at the application layer needs to be sent to the network layer. This step is performed before sub-step 353.

Step 340: Forward the data package encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

Through the foregoing steps, in the embodiment of the present invention, the quintuple of the data packet for the same client is consistent, and because the IP address of the same client is unique, the IP addresses of different clients are different, so The quintuple of packets for different clients is inconsistent.

In the embodiment of the present invention, a service entity responsible for responding to different clients may be preset according to a quintuple. In practical applications, the switch's HASH policy can be used to ensure that the same 5-tuple data packet is sent to the service entity corresponding to the quintuple.

Step 350: Release the protocol header encapsulated according to the rules of the network transmission protocol outside the data packet.

In the embodiment of the present invention, the IP packet header and the UDP packet header encapsulated in the data packet are removed. Of course, if the protocol header encapsulated in the data packet is an IP packet header and a TCP packet header, the time is released. The protocol header encapsulated outside the data packet is an IP packet header and a TCP packet header.

In addition, in the embodiment of the present invention, any of the existing decapsulation methods may be used to release the protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, and the present invention is not limited thereto.

Step 360: Obtain identity information of the data package.

This step is similar to the foregoing sub-step 331 and will not be described again.

Step 370: Determine whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds the traffic threshold, proceed to step 380; and if the traffic corresponding to the identity information exceeds the traffic threshold, retain the The information package corresponding to the identity information.

The traffic threshold is not limited in this embodiment of the present invention. The traffic corresponding to the identity information refers to the traffic of the data packet corresponding to the identity information, that is, the traffic of the data packet of the client corresponding to the identity information. If the traffic corresponding to the identity information exceeds the traffic threshold, the data packet corresponding to the identity information is discarded. If the traffic corresponding to the identity information does not exceed the traffic threshold, the data packet corresponding to the identity information is retained.

For example, if user A purchases a bandwidth of 50 M/s, the traffic threshold is 50 M/s. After receiving the current data packet, the terminal device corresponding to the user A calculates whether the traffic speed of the user A is greater than 50 M/s according to the data packet received within 1 second before the current time. If it is greater than, the data is discarded. The package, if not greater, retains the package.

In another preferred embodiment of the present invention, when the identity information is an IP address, step 370 includes:

Sub-step 371, searching for a user ID corresponding to the IP address.

In a practical application, the traffic threshold is generally corresponding to the user ID. Therefore, in the embodiment of the present invention, the user ID corresponding to the IP address is searched according to the IP address. The corresponding relationship between the IP address and the user ID is preset, and may be pre-placed in a configuration file or stored in another manner, which is not limited in this embodiment of the present invention.

Sub-step 372, searching for a corresponding traffic threshold according to the user ID value.

The corresponding relationship between the user ID and the traffic threshold is preset, and may be stored in a configuration file in advance, or may be stored in other manners.

In addition, in the embodiment of the present invention, the correspondence between the user and the traffic threshold and the corresponding relationship between the IP address and the user ID may be stored in the same configuration file, or may be stored in different configuration files, or utilized. The storage method of the present invention is not limited to the different storage methods.

Sub-step 373: Calculate whether the traffic corresponding to the IP address exceeds the traffic threshold; if the traffic corresponding to the IP address exceeds the traffic threshold, proceed to step 3110.

At this time, the traffic corresponding to the IP address refers to the traffic of the data packet corresponding to the IP address, that is, the traffic of the data packet of the client corresponding to the IP address.

In step 380, the data packet is discarded.

If the traffic of the packet exceeds the corresponding traffic threshold, the packet is deleted from the client's traffic to ensure that the client's network speed is within the browsing threshold.

In the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster that is responsible for responding to the client to which the data packet belongs, so as to ensure that the complexity of the system is not increased. The traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. Compared with the existing three types of cluster speed limit schemes, the set is improved without increasing system complexity and cost. Group speed limit applicability, operability, and accuracy.

In addition, in the embodiment of the present invention, an IP packet header and a UDP packet header are encapsulated by the data packet sent by the client, which is received by the service entity, and then the encapsulated data packet is forwarded to the responsible packet. In the service entity of the client, the data packet can be forwarded to the corresponding service entity without establishing a connection, which further improves the applicability, operability and accuracy of the cluster speed limit. Moreover, for the data packet encapsulating the IP packet header and the TCP packet header, the connection between the received service entity and the forwarded service entity needs to be established before being forwarded between the two, so that in the second embodiment, The manner of encapsulating the IP packet header and the UDP packet header in the data packet is more adaptable, operability and efficiency in the manner of encapsulating the IP packet header and the TCP packet header in the data packet.

It should be noted that, for the method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the embodiments of the present invention are not limited by the described action sequence, because In accordance with embodiments of the invention, certain steps may be performed in other sequences or concurrently. In the following, those skilled in the art should also understand that the embodiments described in the specification are preferred embodiments, and the actions involved are not necessarily required by the embodiments of the present invention.

Embodiment 4

Referring to FIG. 4, there is shown a block diagram of an embodiment of a cluster precise speed limit device of the present invention, the cluster including at least one switch 410 and more Each of the service entities 420 may include a module: a receiving module 421 adapted to receive a data package.

The determining module 422 is adapted to determine whether the data package is a data package of a client that is responsible for the response. If the data package is not the data package of the client that is responsible for the response, the data is forwarded to the forwarding module 423; if the data package is the data package of the client that is responsible for the response, the data entry is entered into the speed limit module 424.

The forwarding module 423 is adapted to forward the data package to a service entity responsible for responding to the client to which the data package belongs.

In another preferred embodiment of the present invention, the forwarding module includes: a package sub-module adapted to be based on the identity information of the data packet, and in addition to the data packet, according to a network transmission protocol. The rule encapsulates the protocol header.

The forwarding submodule is adapted to forward the data packet encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs by using the switch.

The rate limiting module 424 is adapted to perform rate limiting processing on the data packet based on the identity information of the data packet.

In the embodiment of the present invention, by not adding the complexity of the system, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster responsible for responding to the client to which the data packet belongs, thereby ensuring the same The traffic of the client falls on the same service entity, and then the speed limit processing is performed on the data packet of the client based on the identity information of the corresponding data packet on the service entity. Therefore, the present invention has the following advantages: First, relative to the background art The first type of solution, the embodiment of the present invention does not By setting a flow control entity in a cluster to limit the rate of service entities in the entire cluster, it is not necessary to affect the normal operation of the entire cluster for the failure of the flow control entity, and the applicability is strong. Moreover, there is also a large amount of communication between the flow control entity and the service entity to determine the speed limit for each service entity, and only the simple forwarding of the data packets between the service entities is low.

Secondly, with respect to the second type of solution of the background technology, the embodiment of the present invention is responsible for performing specific business logic processing on the data packet of the same client by the same service entity, and determining whether to perform the next processing or discarding, so Precise control of traffic to each client, high operability.

The third embodiment of the present invention, the embodiment of the present invention improves the processing flow of the data packet under the original architecture of the cluster, and forwards the data packet of the same client received by each service entity to the same The service entity performs speed limit processing without increasing system complexity, and does not use additional hardware facilities, and does not increase hardware costs. Moreover, the embodiment of the present invention only utilizes the computing function of the cluster itself, that is, the speed limit processing of the traffic of the same client is implemented, and can be applied to a cluster of any size, and has wider applicability.

In summary, compared with the background technology, the three types of rate limiting schemes improve the applicability, operability, and accuracy of the cluster speed limit without increasing system complexity and cost.

Embodiment 5

Referring to FIG. 5, a block diagram of an embodiment of a cluster-precision speed limiter according to the present invention is shown. The cluster includes at least one switch 510 and a plurality of service entities 520. Each service entity may specifically include the following module: a receiving module. Group 521 is adapted to receive a data package.

The determining module 522 is adapted to determine whether the data package is a data package of a client that is responsible for the response; if the data package is not a data package of the client that is responsible for the response, the data packet is entered into the forwarding module 523; The data package is the data package of the client that is responsible for the response, and then enters the speed limit module 524.

The forwarding module 523 is adapted to forward the data packet to a service entity responsible for responding to the client to which the data packet belongs, and specifically includes: a package submodule 5231, adapted to be based on the identity information of the data package, in the data The packet header is encapsulated according to the rules of the network transmission protocol, and specifically includes: a second encapsulation submodule 52311, adapted to be based on the identity information of the data packet, in accordance with the network transmission protocol outside the data packet. The rules further encapsulate a layer of IP packet headers and TCP packet headers.

In another preferred embodiment of the present invention, the second package sub-module 52311 includes: an identity information acquisition sub-module, configured to acquire identity information corresponding to the data package.

The quintuple selection sub-module is adapted to select the same five-tuple according to the identity information; the quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transmission protocol type; The destination IP bit The address is the IP address corresponding to the service entity.

The second packet header encapsulating sub-module is adapted to further encapsulate an IP packet header and a TCP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple.

In another preferred embodiment of the present invention, the second packet header submodule includes: a second port encapsulation submodule, configured to encapsulate the source port and the destination port in the quintuple The TCP packet header outside the data packet.

The IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into an IP packet header outside the data packet.

The forwarding submodule 5232 is adapted to forward the data packet encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

The speed limit module 524 is adapted to perform rate limiting processing on the data packet based on the identity information of the data package.

In the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster that is responsible for responding to the client to which the data packet belongs, so as to ensure that the complexity of the system is not increased. The traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. Compared with the existing three types of cluster speed limit schemes, the applicability, operability, and accuracy of the cluster speed limit are improved without increasing system complexity and cost.

In addition, in the embodiment of the present invention, an IP packet header and a TCP packet header are encapsulated by the data packet sent by the client, and then the encapsulated data packet is forwarded to the responsible packet. In the service entity of the client, the embodiment of the present invention needs to establish a connection between the entities, which can further ensure the accuracy of the data in the data packet, and accurately forward the data packet to the corresponding service entity. The accuracy of the cluster speed limit is further improved.

Embodiment 6

Referring to FIG. 6, a block diagram of an embodiment of a cluster-precision speed limiter according to the present invention is shown. The cluster includes at least one switch 610 and a plurality of service entities 620. Each service entity may specifically include the following module: a receiving module. Group 621 is adapted to receive a data package.

The determining module 622 is adapted to determine whether the data package is a data package of a client that is responsible for the response; if the data package is not a data package of the client that is responsible for the response, the data packet is forwarded to the forwarding module 623; The data package is a data package of the client that is responsible for the response, and enters the speed limit module 624. Specifically, the determining submodule 6221 is adapted to determine whether the data packet is a data packet forwarded by the service entity or a data packet sent by the client; if the data packet is a data packet forwarded by the service entity, the confirmation The data package is a data package of the client that is responsible for the response, and then enters the speed limit module 624; if the data package is a data package sent by the client, it is confirmed that the data package is not the data of the client that is responsible for the response. Package, then enter Hair module 623.

In another preferred embodiment of the present invention, the determining sub-module 6221 includes: a protocol header determining sub-module, and is adapted to determine, according to any data packet, whether there is any transmission according to the network outside the data packet. The protocol header of the protocol of the protocol; if there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is a data packet of the client that is responsible for the response, and then enters the limit The speed module 624; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is not the data packet of the client that is responsible for the response, and then enters the forwarding module. 623.

The forwarding module 623 is adapted to forward the data package to a service entity responsible for responding to the client to which the data package belongs, and specifically includes: a package sub-module 6231, adapted to be based on identity information of the data package, in the data The packet header is encapsulated according to the rules of the network transmission protocol, and specifically includes: a first encapsulation submodule 62311, adapted to be based on the identity information of the data packet, in accordance with a network transmission protocol outside the data packet. The rules further encapsulate a layer of IP headers and UDP headers.

The forwarding sub-module 6232 is adapted to forward the data packet encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

In another preferred embodiment of the present invention, the first package sub-module 62311 includes: The identity information obtaining sub-module is adapted to obtain identity information corresponding to the data packet.

In another preferred embodiment of the present invention, when the identity information is an IP address, the identity information obtaining submodule includes: a first identity information acquiring submodule, which is adapted to be analyzed at a network layer. The IP packet header of the data packet to obtain the IP address.

When the identity information is a user ID, the identity information obtaining sub-module includes: an uplink sending sub-module, configured to temporarily store the data packet in a network layer, and send the data packet to an application layer .

The second identity information obtaining submodule is adapted to parse the data area of the data packet at the application layer to obtain a user ID of the data packet.

The quintuple selection sub-module is adapted to select the same five-tuple according to the identity information; the quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transmission protocol type; The destination IP address is an IP address corresponding to the service entity.

The first packet header encapsulating sub-module is adapted to further encapsulate an IP packet header and a UDP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple.

In another embodiment of the present invention, in another embodiment of the present invention, the quintuple submodule includes: an application layer quintuple submodule, which is adapted to be applied at an application layer according to the Identity information, choose the same five-tuple.

After the application layer quintuple selects the sub-module, it also includes: The sending submodule is adapted to send the quintuple obtained at the application layer to the network layer.

In another embodiment of the present invention, the first packet header submodule includes: a first port encapsulation submodule, adapted to be in the quintuple The source port and the destination port are encapsulated in a UDP packet header other than the data packet.

The IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into an IP packet header outside the data packet.

The rate limiting module 624 is adapted to perform rate limiting processing on the data packet based on identity information of the data packet. Specifically, the method includes: releasing the sub-module 6241, and is adapted to release a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet.

The packet identity information obtaining sub-module 6242 is adapted to obtain identity information of the data packet.

The traffic judging sub-module 6243 is adapted to determine whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds a traffic threshold, the discarding sub-module 6244 is entered.

In another preferred embodiment of the present invention, when the identity information is an IP address, the traffic judgment sub-module includes: a user ID search sub-module, and is adapted to search for the IP address corresponding to the IP address. User ID.

The traffic threshold search sub-module is adapted to search for a corresponding traffic threshold according to the user ID.

The first traffic judging sub-module is adapted to calculate whether the traffic corresponding to the IP address exceeds the traffic threshold. If the traffic corresponding to the IP address exceeds the traffic threshold, the discarding sub-module 6244 is entered.

The discarding sub-module 6244 is adapted to discard the data packet.

In the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster that is responsible for responding to the client to which the data packet belongs, so as to ensure that the complexity of the system is not increased. The traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. Compared with the existing three types of cluster speed limit schemes, the applicability, operability, and accuracy of the cluster speed limit are improved without increasing system complexity and cost.

In addition, in the embodiment of the present invention, an IP packet header and a UDP packet header are encapsulated by the data packet sent by the client, which is received by the service entity, and then the encapsulated data packet is forwarded to the responsible packet. In the service entity of the client, the data packet can be forwarded to the corresponding service entity without establishing a connection, which further improves the applicability, operability and accuracy of the cluster speed limit. Moreover, for the data packet encapsulating the IP packet header and the TCP packet header, the connection between the received service entity and the forwarded service entity needs to be established before being forwarded between the two, so that in the second embodiment, The manner of encapsulating the IP packet header and the UDP packet header in the data packet is more adaptable, operability and efficiency in the manner of encapsulating the IP packet header and the TCP packet header in the data packet.

For the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.

The various embodiments in the present specification are described in a progressive manner, and each embodiment focuses on differences from other embodiments, and the same similar parts between the various embodiments can be referred to each other.

Those skilled in the art will appreciate that embodiments of the embodiments of the invention may be provided as a method, apparatus, or computer program product. Thus, embodiments of the invention may take the form of a complete hardware embodiment, a full software embodiment, or an embodiment combining soft and hardware aspects. Moreover, embodiments of the present invention may employ computer program products implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable code. form.

In a typical configuration, the computer device includes one or more processors (CPUs), input/output interfaces, a network interface, and memory. The memory may include non-persistent storage in a computer readable medium, in the form of random access memory (RAM) and/or non-volatile memory, such as read only memory (ROM) or flash memory ( Flash RAM). Memory is an example of a computer readable medium. Computer readable media including both permanent and non-permanent, actionable and non-removable media can be stored by any method or technology. Information can be computer readable instructions, data structures, modules of programs, or other materials. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory. (RAM), read-only memory (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, read-only optical disk read-only memory (CD-ROM), digital A versatile disc (DVD) or other optical storage, cassette, magnetic tape storage or other magnetic storage device or any other non-transportable medium can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-persistent computer readable media, such as modulated data signals and carrier waves.

The embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of a method, a terminal device (system), and a computer program product according to an embodiment of the present invention. It will be understood that each flow and/or block of the flowcharts and/or block diagrams, and combinations of flow and/or blocks in the flowcharts and/or <RTIgt; These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing terminal device to generate a machine for executing instructions by a processor of a computer or other programmable data processing terminal device Means are provided for implementing the functions specified in one or more flows of the flowchart or in a block or blocks of the block diagram.

The computer program instructions can also be stored in a computer readable storage that can direct a computer or other programmable data processing terminal device to operate in a particular manner such that instructions stored in the computer readable storage produce an article of manufacture including the instruction device. The instruction means implements the functions specified in one or more flows of the flowchart or in a block or blocks of the flowchart.

These computer program instructions can also be loaded into a computer or other programmable data. Processing a terminal device such that a series of operational steps are performed on a computer or other programmable terminal device to produce computer-implemented processing such that instructions executed on a computer or other programmable terminal device are provided for implementation in a flow diagram or The steps of a plurality of processes and/or block diagrams of a function specified in one or more blocks.

While the preferred embodiment of the present invention has been described, those skilled in the art can make further changes and modifications to these embodiments once they are aware of the basic progressive concepts. Therefore, the scope of the appended claims is intended to be construed as a

Finally, it should also be noted that in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities. There is any such actual relationship or order between operations. Furthermore, the terms "comprises" or "comprising" or "comprising" or any other variations are intended to encompass a non-exclusive inclusion, such that a process, method, article, or terminal device that includes a plurality of elements includes not only those elements but also Other elements that are included, or include elements inherent to such a process, method, article, or terminal device. An element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article, or terminal device that comprises the element, without further limitation.

The above describes a cluster precise speed limit method and a cluster precise speed limit device provided by the present invention, and the specific application is applied in this paper. The principles and embodiments of the present invention are described by way of example, and the description of the above embodiments is only for helping to understand the method of the present invention and its core idea; and, at the same time, for those skilled in the art, according to the idea of the present invention, The scope of the present invention and the scope of the application are subject to change. In the above, the description should not be construed as limiting the invention.

Claims (26)

A cluster accurate rate limiting method includes: receiving a data packet; determining whether the data packet is a data packet of a client that is responsible for responding to the client; and if the data packet is not a data packet of a client that is responsible for the response, The data packet is forwarded to a service entity responsible for responding to the client to which the data packet belongs; if the data package is a data package of the client that is responsible for the response, the data packet is rate-limited based on the identity information of the data package. deal with. The method of claim 1, wherein the step of forwarding the data package to a service entity responsible for responding to a client to which the data package belongs includes: based on identity information of the data package, In addition to the data packet, the protocol header is encapsulated according to the rules of the network transmission protocol; the data packet encapsulating the protocol header is forwarded through the switch to the service entity responsible for responding to the client to which the data packet belongs. The method of claim 2, wherein the step of encapsulating the protocol header in accordance with the rules of the network transmission protocol in addition to the data packet based on the identity information of the data packet comprises: The identity information of the data packet, and further encapsulating an IP packet header and a UDP packet header according to the rules of the network transmission protocol outside the data packet, or based on the identity information of the data packet, outside the data packet The IP packet header and the TCP packet header are further encapsulated according to the rules of the network transmission protocol. The method of claim 3, wherein the packet is further encapsulated with an IP packet header and a UDP packet header according to the rules of the network transmission protocol, based on the identity information of the data packet. Or the step of re-encapsulating an IP packet header and a TCP packet header according to the rule of the network transmission protocol, according to the identity information of the data packet, including: acquiring identity information corresponding to the data packet; The identity information is selected from the same quintuple; the quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transport protocol type; and the destination IP address is a service entity corresponding to the service entity An IP address; based on the quintuple, re-encapsulating an IP packet header and a UDP packet header in addition to the data packet according to a rule of a network transmission protocol; or, based on the quintuple, the data packet In addition, an IP packet header and a TCP packet header are further encapsulated according to the rules of the network transmission protocol. The method of claim 4, wherein, when the identity information is an IP address, the step of acquiring identity information corresponding to the data packet comprises: parsing the data packet at a network layer IP packet header to obtain the IP address. The method of claim 4, wherein when the identity information is a user ID, the obtaining the data package The step of corresponding identity information includes: temporarily storing the data packet in a network layer, and sending the data packet to an application layer upward; and parsing the data area of the data packet at an application layer to obtain the data packet. User ID. The method of claim 6, wherein the step of selecting the same five-tuple according to the identity information comprises: selecting, by the application layer, the same five-tuple according to the identity information; After the step of selecting the same five-tuple according to the identity information, the method further includes: sending the quintuple obtained at the application layer to the network layer. The method of claim 4, wherein the step of re-encapsulating an IP packet header and a UDP packet header according to the rules of the network transmission protocol in the data packet based on the quintuple, The method includes: encapsulating a source port and a destination port in the quintuple into a UDP packet header outside the data packet; and using a source IP address, a destination IP address, and a transport protocol type in the quintuple Encapsulated into an IP packet header other than the data packet. The method of claim 4, wherein the step of re-encapsulating an IP packet header and a TCP packet header according to a rule of a network transmission protocol in the data packet based on the quintuple, The method includes: encapsulating a source port and a destination port in the quintuple into the data In the TCP packet header other than the packet; the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP packet header other than the data packet. The method of any one of claims 2 to 8, wherein the step of determining whether the data package is a data package of a client that is responsible for the response includes: determining that the data package is The data packet forwarded by the service entity is still a data packet sent by the client; if the data packet is a data packet forwarded by the service entity, it is confirmed that the data package is a data package of the client that is responsible for the response; if the data package It is a data package sent by the client, and it is confirmed that the data package is not a data package of the client that is responsible for the response. The method of claim 10, wherein the step of determining whether the data packet is a data packet forwarded by a service entity or a data packet sent by a client comprises: determining, in any data packet, Whether there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet; if there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is itself The data packet of the client responsible for the response; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is not a data packet of the client that is responsible for the response. According to the method of any one of claims 2 to 8, The step of performing rate limiting processing on the data packet based on the identity information of the data packet includes: releasing a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; acquiring the The identity information of the data packet; determining whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds a traffic threshold, discarding the data packet. The method of claim 12, wherein, when the identity information is an IP address, the step of determining whether the traffic corresponding to the identity information reaches a threshold comprises: searching for the IP address corresponding to the IP address User ID; searching for a corresponding traffic threshold according to the user ID; calculating whether the traffic corresponding to the IP address exceeds the traffic threshold; and if the traffic corresponding to the IP address exceeds the traffic threshold, discarding the Information package. A cluster accurate speed limiting device includes: a receiving module adapted to receive a data packet; and a determining module, configured to determine whether the data packet is a data packet of a client that is responsible for the response; if the data packet is not by itself The data packet of the client responsible for the response enters the forwarding module; if the data packet is the data packet of the client that is responsible for the response, the packet enters the speed limit module; the forwarding module is adapted to forward the data packet to Responsible for the response The service entity of the client to which the package belongs; the speed limit module is adapted to perform speed limit processing on the data packet based on the identity information of the data package. The device of claim 14, wherein the forwarding module comprises: a package sub-module adapted to transmit according to the identity information of the data packet according to the network packet The rule encapsulation protocol header of the protocol; the forwarding submodule is adapted to forward the data packet encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs. The device of claim 15, wherein the package sub-module comprises: a first package sub-module adapted to be based on the identity information of the data package, in accordance with the data package The rule of the road transport protocol further encapsulates an IP packet header and a UDP packet header; or the second encapsulation submodule is adapted to be based on the identity information of the data packet, and in accordance with the rules of the network transmission protocol outside the data packet Then encapsulate an IP packet header and a TCP packet header. The device of claim 16, wherein the first package sub-module or the second package sub-module comprises: an identity information acquisition sub-module, adapted to obtain the corresponding data packet Identity information; a quintuple selection sub-module adapted to select the same quintuple according to the identity information; the quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transmission Protocol type; the destination IP bit The address is an IP address corresponding to the service entity; the first packet header encapsulating submodule is adapted to encapsulate an IP packet header and UDP according to the rules of the network transmission protocol according to the quintuple according to the rules of the network transmission protocol. The packet header; or the second packet header sub-module is adapted to further encapsulate an IP packet header and a TCP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple. The device according to claim 14, wherein when the identity information is an IP address, the identity information obtaining submodule comprises: a first identity information acquiring submodule, adapted to be at a network layer Parsing the IP packet header of the data packet to obtain an IP address. The device of claim 14, wherein when the identity information is a user ID, the identity information obtaining submodule comprises: an upward sending submodule, and the file is temporarily stored in the network. The layer layer sends the data packet to the application layer at the same time. The second identity information obtaining sub-module is adapted to parse the data area of the data packet at the application layer to obtain the user ID of the data packet. The device of claim 19, wherein the quintuple sub-module comprises: an application layer quintuple sub-module, adapted to select the same one at the application layer according to the identity information. The quintuple; after the quintuple selects the sub-module, the method further includes: a sending sub-module adapted to send the quintuple obtained at the application layer to the network Road layer. The device according to claim 17, wherein the first packet header sub-module comprises: a first port encapsulation sub-module, adapted to source and destination ports in the quintuple Encapsulating into a UDP packet header outside the data packet; the IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into the data In the IP header other than the packet. The device of claim 17, wherein the second packet header submodule comprises: a second port encapsulation submodule, adapted to source and destination ports in the quintuple Encapsulating into a TCP packet header outside the data packet; the IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into the data In the IP header other than the packet. The device according to any one of claims 15 to 21, wherein the judging module comprises: a judging sub-module adapted to determine whether the data packet is a data packet forwarded by a service entity or a data package sent by the client; if the data package is a data package forwarded by the service entity, it is confirmed that the data package is a data package of the client that is responsible for the response; if the data package is a data package sent by the client , to confirm that the data package is not a data package of the client that is responsible for the response. The device according to claim 23, wherein The determining sub-module includes: a protocol header determining sub-module, configured to determine, according to any data packet, whether there is a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; If there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, the first confirmation submodule is entered; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet Then enter the second confirmation sub-module. The device of any one of the claims 15 to 21, wherein the speed limit module comprises: a release submodule adapted to release the package according to a rule of a network transmission protocol a protocol header; a packet identity information acquisition sub-module, configured to obtain identity information of the data packet; and a traffic judgment sub-module, configured to determine whether the traffic corresponding to the identity information exceeds a traffic threshold; if the identity If the traffic corresponding to the information exceeds the traffic threshold, the discarding sub-module is entered; the sub-module is discarded, and the data packet is discarded. The device according to claim 25, wherein, when the identity information is an IP address, the traffic judgment sub-module includes: a user ID search sub-module, adapted to search for the IP address Corresponding user ID; a traffic threshold search sub-module, configured to search for a corresponding traffic threshold according to the user ID; The first traffic judging sub-module is configured to calculate whether the traffic corresponding to the IP address exceeds the traffic threshold; if the traffic corresponding to the IP address exceeds the traffic threshold, enter the discarding sub-module.