TW201737664A - Accurate speed limiting method and apparatus for cluster - Google Patents

Accurate speed limiting method and apparatus for cluster Download PDF

Info

Publication number
TW201737664A
TW201737664A TW106105141A TW106105141A TW201737664A TW 201737664 A TW201737664 A TW 201737664A TW 106105141 A TW106105141 A TW 106105141A TW 106105141 A TW106105141 A TW 106105141A TW 201737664 A TW201737664 A TW 201737664A
Authority
TW
Taiwan
Prior art keywords
data packet
packet
data
header
identity information
Prior art date
Application number
TW106105141A
Other languages
Chinese (zh)
Other versions
TWI721103B (en
Inventor
bang-jie Jiang
shun-min Zhu
Rong Wen
cheng-hao Sun
Original Assignee
Alibaba Group Services Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Services Ltd filed Critical Alibaba Group Services Ltd
Publication of TW201737664A publication Critical patent/TW201737664A/en
Application granted granted Critical
Publication of TWI721103B publication Critical patent/TWI721103B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1014Server selection for load balancing based on the content of a request
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are an accurate speed limiting method and apparatus for a cluster, relating to the technical field of computers. The method of the present application comprises: receiving a data packet; determining whether the data packet is a data packet of a client responsible for being dealt with thereby; if the data packet is not a data packet of a client responsible for being dealt with thereby, forwarding the data packet to a service entity which is responsible for dealing with the client to which the data packet belongs; and if the data packet is a data packet of a client responsible for being dealt with thereby, performing speed limiting processing on the data packet based on identity information about the data packet. In the present invention, there is no need to separately arrange a flow control entity in a cluster to limit the speed of service entities in the whole cluster, so that the normal working of the whole cluster will not be affected due to a fault of the flow control entity, and the applicability is strong. In addition, it only relates to simple forwarding of a data packet between service entities, so that the complexity is low.

Description

集群精確限速方法和裝置 Cluster precise speed limit method and device

本發明係有關電腦技術領域,尤其是一種集群精確限速方法和一種集群精確限速裝置。 The invention relates to the field of computer technology, in particular to a cluster precise speed limit method and a cluster precise speed limit device.

隨著網路的普及,網路的應用環境也越來越多樣化,例如利用由一組協同工作的服務實體構成的集群對多客戶端或者多用戶提供服務。在此類應用環境中,為了防止某一客戶端的流量過大而影響其它客戶端或者基於某一客戶端所購買的寬帶流量的需求,需要針對每個客戶端或者用戶的流量進行限速。由於集群中包含多個服務實體,例如伺服器等。每個服務實體都同時提供服務,進而會造成同一客戶端的流量會落到集群的多個服務實體上。這樣如果每個服務實體單獨限速,那麼隨著集群規模的擴大,每個客戶端總的限速帶寬也在擴大,因此需要提供一種精確的針對集群的全域的限速方案。 With the popularity of the Internet, the application environment of the network is also increasingly diversified, for example, by using a cluster composed of a group of service entities working together to provide services to multiple clients or multiple users. In such an application environment, in order to prevent a certain client from excessive traffic and affect other clients or based on the demand for broadband traffic purchased by a certain client, it is necessary to limit the rate of traffic for each client or user. Because the cluster contains multiple service entities, such as servers. Each service entity provides services at the same time, which in turn causes traffic of the same client to fall on multiple service entities in the cluster. In this way, if each service entity is speed-limiting separately, as the cluster size increases, the total speed limit bandwidth of each client is also expanded, so it is necessary to provide an accurate global speed limit scheme for the cluster.

為了實現達到針對集群的精確限速的目的,目前主要存在如下三類方案: In order to achieve the purpose of achieving accurate speed limit for clusters, there are currently three types of schemes:

第一類:集群內使用專門的流控實體,例如流控伺服 器等,用於控制每台服務實體的限速。流控實體負責監控服務實體上的每個限速單元的流量速率,並動態分配限速帶寬大小。 The first category: the use of specialized flow control entities within the cluster, such as flow control servo , etc., used to control the speed limit of each service entity. The flow control entity is responsible for monitoring the traffic rate of each rate limiting unit on the serving entity and dynamically allocating the rate limiting bandwidth.

第二類:集群內每個服務實體平均分配客戶端或者用戶購買的帶寬,假設集群有N台服務實體,用戶購買帶寬大小為B,那麼每台服務實體的限速大小就是B/N。 The second type: Each service entity in the cluster allocates the bandwidth purchased by the client or the user on average. If the cluster has N service entities and the user purchases the bandwidth of B, the rate limit of each service entity is B/N.

第三類:在客戶端和集群之間提供專門的由具有限速功能的裝置構成的限速結點。 The third category: provides a special speed limit node composed of devices with speed limit function between the client and the cluster.

但是對於上述的三類方法,均存在不同的缺點: However, for the above three types of methods, there are different disadvantages:

對於第一類方案,首先需要在集群內提供一個流控實體來控制限速,該流控實體如果故障,會影響集群的正常工作,適用性不強。其次,由於流控實體需要監控服務實體的流量速率,因此其需要與服務實體進行大量的通訊來決策給每個服務實體下發的限速大小,複雜度較高。 For the first type of solution, you first need to provide a flow control entity in the cluster to control the rate limit. If the flow control entity fails, it will affect the normal operation of the cluster, and the applicability is not strong. Secondly, since the flow control entity needs to monitor the traffic rate of the service entity, it needs to communicate with the service entity to determine the speed limit that is sent to each service entity. The complexity is high.

對於第二類方案,首先很難保證每個客戶端的流量均勻落到每個服務實體上,可操作性較低。其次如果客戶端的流量不均勻,那麼就會存在部分服務實體上針對某些客戶端的流量大於具體的限速值,從而丟包,造成用戶的實際帶寬達不到其購買的帶寬大小,精確性較低。 For the second type of solution, it is difficult to ensure that the traffic of each client falls evenly to each service entity, and the operability is low. Secondly, if the traffic of the client is not uniform, then the traffic of some clients on a certain service entity is greater than the specific rate limit, so that the packet loss is caused, and the actual bandwidth of the user cannot reach the bandwidth of the purchase, and the accuracy is better. low.

對於第三類方案,增加專門的限速結點,增加成本,對於小型集群不適用。 For the third type of scheme, adding a dedicated speed limit node and increasing the cost is not applicable to small clusters.

鑒於上述問題,提出了本發明實施例以便提供一種克 服上述問題或者至少部分地解決上述問題的一種集群精確限速方法和相應的一種集群精確限速裝置。 In view of the above problems, embodiments of the present invention have been proposed in order to provide a gram. A cluster precise speed limit method and a corresponding cluster precision speed limit device that solve the above problems or at least partially solve the above problems.

為了解決上述問題,本發明揭露了一種集群精確限速方法,包括:接收資料包;判斷所述資料包是否為由自身負責應對的客戶端的資料包;如果所述資料包不是由自身負責應對的客戶端的資料包,則將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體;如果所述資料包是由自身負責應對的客戶端的資料包,則基於所述資料包的身份資訊,對所述資料包進行限速處理。 In order to solve the above problem, the present invention discloses a method for accurately limiting the rate of a cluster, comprising: receiving a data packet; determining whether the data packet is a data packet of a client that is responsible for responding by itself; if the data packet is not handled by itself The data package of the client forwards the data package to a service entity responsible for responding to the client to which the data package belongs; if the data package is a data package of the client that is responsible for the response, the identity information based on the data package is , the speed limit processing of the data packet.

較佳地,所述將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體的步驟,包括:基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部;將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 Preferably, the step of forwarding the data packet to a service entity responsible for responding to the client to which the data packet belongs includes: transmitting, according to the identity information of the data packet, the network packet The rule of the protocol encapsulates the protocol header; the data packet encapsulating the protocol header is forwarded through the switch to the service entity responsible for responding to the client to which the data packet belongs.

較佳地,基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部的步驟,包括:基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文 頭,或者基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 Preferably, the step of encapsulating the protocol header according to the identity information of the data packet in accordance with the rules of the network transmission protocol, including: based on the identity information of the data packet, in the data packet Encapsulate a layer of IP headers and UDP packets in addition to the rules of the network transport protocol. Header, or based on the identity information of the data packet, further encapsulates an IP packet header and a TCP packet header in addition to the data packet according to the rules of the network transmission protocol.

較佳地,所述基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭,或者基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭的步驟,包括:獲取所述資料包對應的身份資訊;根據所述身份資訊,選擇同一個五元組;所述五元組包括:源IP位址,目的IP位址,源端口,目的端口,傳輸協議類型;所述目的IP位址為服務實體對應的IP位址;基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭;或者,基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 Preferably, based on the identity information of the data packet, the IP packet header and the UDP packet header are further encapsulated according to the rules of the network transmission protocol, or based on the identity information of the data packet, And the step of re-encapsulating an IP packet header and a TCP packet header according to the rules of the network transmission protocol, including: acquiring identity information corresponding to the data packet; and selecting the same five-element according to the identity information The quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transport protocol type; the destination IP address is an IP address corresponding to the service entity; based on the quintuple Re-encapsulating a layer of IP headers and UDP headers in accordance with the rules of the network transmission protocol in addition to the data packet; or, based on the quintuple, in accordance with the rules of the network transmission protocol, outside the data packet Encapsulate a layer of IP packet headers and TCP packet headers.

較佳地,當所述身份資訊為IP位址時,所述獲取所述資料包對應的身份資訊的步驟包括:在網路層解析所述資料包的IP報文頭,以獲取IP位址。 Preferably, when the identity information is an IP address, the step of acquiring the identity information corresponding to the data packet comprises: parsing an IP packet header of the data packet at a network layer to obtain an IP address.

較佳地,當所述身份資訊為用戶ID時,所述獲取所述資料包對應的身份資訊的步驟包括:將所述資料包暫存在網路層,同時將所述資料包向上 發送至應用層;在應用層解析所述資料包的資料區,以獲取所述資料包的用戶ID。 Preferably, when the identity information is a user ID, the step of acquiring the identity information corresponding to the data packet comprises: temporarily storing the data packet in a network layer, and simultaneously Sending to the application layer; parsing the data area of the data package at the application layer to obtain the user ID of the data package.

較佳地,所述根據所述身份資訊,選擇同一個五元組的步驟,包括:在應用層根據所述身份資訊,選擇同一個五元組;則在根據所述身份資訊,選擇同一個五元組的步驟之後,還包括:將在應用層獲得的五元組發送至網路層。 Preferably, the step of selecting the same five-tuple according to the identity information includes: selecting, by the application layer, the same five-tuple according to the identity information; and selecting the same one according to the identity information. After the quintuple step, the method further includes: sending the quintuple obtained at the application layer to the network layer.

較佳地,所述基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭的步驟,包括:將所述五元組中的源端口、目的端口封裝到所述資料包之外的UDP報文頭中;將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 Preferably, the step of re-encapsulating an IP packet header and a UDP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple includes: The source port and the destination port are encapsulated into a UDP packet header other than the data packet; the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP outside the data packet. In the header of the message.

較佳地,所述基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭的步驟,包括:將所述五元組中的源端口、目的端口封裝到所述資料包之外的TCP報文頭中;將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 Preferably, the step of re-encapsulating an IP packet header and a TCP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple includes: The source port and the destination port are encapsulated into a TCP packet header other than the data packet; the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP outside the data packet. In the header of the message.

較佳地,所述判斷所述資料包是否為由自身負責應對 的客戶端的資料包的步驟,包括:判斷所述資料包是由服務實體轉發的資料包還是由客戶端發送的資料包;如果所述資料包是由服務實體轉發的資料包,則確認所述資料包是自身負責應對的客戶端的資料包;如果所述資料包是由客戶端發送的資料包,則確認所述資料包不是由自身負責應對的客戶端的資料包。 Preferably, the determining whether the data package is responsible for itself The step of the client's data package includes: determining whether the data package is a data package forwarded by the service entity or a data package sent by the client; if the data package is a data package forwarded by the service entity, confirming the The data package is a data package of the client that is responsible for the response; if the data package is a data package sent by the client, it is confirmed that the data package is not a data package of the client that is responsible for the response.

較佳地,上述判斷所述資料包是由服務實體轉發的資料包還是由客戶端發送的資料包的步驟,包括:針對任一資料包,判斷在所述資料包之外是否存在按照網路傳輸協議的規則封裝的協議頭部;如果在所述資料包之外存在按照網路傳輸協議的規則封裝的協議頭部,則確認所述資料包是自身負責應對的客戶端的資料包;如果在所述資料包之外不存在按照網路傳輸協議的規則封裝的協議頭部,則確認所述資料包不是由自身負責應對的客戶端的資料包。 Preferably, the step of determining whether the data packet is a data packet forwarded by the service entity or a data packet sent by the client comprises: determining, according to any data packet, whether there is a network according to the data packet a protocol header of a rule of the transport protocol; if there is a protocol header encapsulated according to the rules of the network transport protocol outside the data packet, it is confirmed that the data packet is a data packet of the client that is responsible for the response; If there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is not a data packet of the client that is responsible for the response.

較佳地,所述基於所述資料包的身份資訊,對所述資料包進行限速處理的步驟,包括:解除所述資料包之外按照網路傳輸協議的規則封裝的協議頭部;獲取所述資料包的身份資訊;判斷所述身份資訊對應的流量是否超過到流量閾值;如果所述身份資訊對應的流量超過流量閾值,則丟棄 所述資料包。 Preferably, the step of performing rate limiting processing on the data packet based on the identity information of the data packet includes: releasing a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; The identity information of the data packet; determining whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds a traffic threshold, discarding The data package.

較佳地,當所述身份資訊為IP位址時,所述判斷所述身份資訊對應的流量是否達到閾值的步驟,包括:查找所述IP位址對應的用戶ID;根據所述用戶ID查找對應的流量閾值;計算所述IP位址對應的流量是否超過所述流量閾值;如果所述IP位址對應的流量超過所述流量閾值,則丟棄所述資料包。 Preferably, when the identity information is an IP address, the step of determining whether the traffic corresponding to the identity information reaches a threshold includes: searching for a user ID corresponding to the IP address; searching according to the user ID Corresponding traffic threshold; calculating whether the traffic corresponding to the IP address exceeds the traffic threshold; if the traffic corresponding to the IP address exceeds the traffic threshold, discarding the data packet.

相應地,本發明還揭露了一種集群精確限速裝置,包括:接收模組,適於接收資料包;判斷模組,適於判斷所述資料包是否為由自身負責應對的客戶端的資料包;如果所述資料包不是由自身負責應對的客戶端的資料包,則進入轉發模組;如果所述資料包是由自身負責應對的客戶端的資料包,則進入限速模組;轉發模組,適於將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體;限速模組,適於基於所述資料包的身份資訊,對所述資料包進行限速處理。 Correspondingly, the present invention also discloses a cluster accurate speed limit device, comprising: a receiving module adapted to receive a data packet; and a determining module, configured to determine whether the data packet is a data packet of a client that is responsible for responding by itself; If the data package is not the data package of the client that is responsible for the response, the packet is entered into the forwarding module; if the data packet is the data packet of the client that is responsible for the response, the data entry is entered into the speed limit module; And forwarding the data packet to a service entity responsible for responding to the client to which the data packet belongs; the speed limit module is adapted to perform speed limit processing on the data packet based on the identity information of the data package.

較佳地,所述轉發模組,包括:封裝子模組,適於基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部;轉發子模組,適於將封裝了協議頭部的資料包通過交 換機轉發給負責應對所述資料包所屬客戶端的服務實體。 Preferably, the forwarding module includes: a package sub-module adapted to encapsulate a protocol header according to a rule of a network transmission protocol in addition to the identity information of the data packet; Module, suitable for passing the package containing the protocol header The change is forwarded to the service entity responsible for responding to the client to which the data package belongs.

較佳地,所述封裝子模組,包括:第一封裝子模組,適於基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭;或者,第二封裝子模組,適於基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 Preferably, the package sub-module includes: a first package sub-module adapted to encapsulate an IP packet in accordance with a rule of a network transmission protocol according to the identity information of the data packet. a header and a UDP packet header; or a second encapsulation submodule adapted to encapsulate an IP packet header and a TCP packet header in addition to the data packet according to the rules of the network transmission protocol based on the identity information of the data packet. .

較佳地,所述第一封裝子模組,或者,第二封裝子模組,包括:身份資訊獲取子模組,適於獲取所述資料包對應的身份資訊;五元組選擇子模組,適於根據所述身份資訊,選擇同一個五元組;所述五元組包括:源IP位址,目的IP位址,源端口,目的端口,傳輸協議類型;所述目的IP位址為服務實體對應的IP位址;第一報文頭封裝子模組,適於基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭;或者,第二報文頭封裝子模組,適於基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 Preferably, the first package sub-module or the second package sub-module includes: an identity information acquisition sub-module, configured to acquire identity information corresponding to the data packet; and a quintuple selection sub-module And selecting, according to the identity information, a same five-tuple; the five-tuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transmission protocol type; the destination IP address is An IP address corresponding to the service entity; the first packet header encapsulating submodule is adapted to encapsulate an IP packet header and a UDP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple Or, the second packet header encapsulation sub-module is adapted to further encapsulate an IP packet header and a TCP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple.

較佳地,其中,當所述身份資訊為IP位址時,所述身份資訊獲取子模組包括:第一身份資訊獲取子模組,適於在網路層解析所述資 料包的IP報文頭,以獲取IP位址。 Preferably, when the identity information is an IP address, the identity information obtaining sub-module includes: a first identity information acquiring sub-module, configured to parse the resource at a network layer The IP packet header of the packet to obtain the IP address.

較佳地,當所述身份資訊為用戶ID時,所述身份資訊獲取子模組包括:向上發送子模組,適於將所述資料包暫存在網路層,同時將所述資料包向上發送至應用層;第二身份資訊獲取子模組,適於在應用層解析所述資料包的資料區,以獲取所述資料包的用戶ID。 Preferably, when the identity information is a user ID, the identity information obtaining sub-module includes: an upward sending sub-module, configured to temporarily store the data packet in a network layer, and simultaneously Sending to the application layer; the second identity information obtaining submodule is adapted to parse the data area of the data packet at the application layer to obtain the user ID of the data packet.

較佳地,所述五元組選擇子模組,包括:應用層五元組選擇子模組,適於在應用層根據所述身份資訊,選擇同一個五元組;則在五元組選擇子模組之後,還包括:發送子模組,適於將在應用層獲得的五元組發送至網路層;較佳地,所述第一報文頭封裝子模組,包括:第一端口封裝子模組,適於將所述五元組中的源端口、目的端口封裝到所述資料包之外的UDP報文頭中;IP位址封裝子模組,適於將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 Preferably, the quintuple sub-module includes: an application layer quintuple sub-module, which is adapted to select the same quintuple according to the identity information at the application layer; After the sub-module, the method further includes: a sending sub-module, configured to send the quintuple obtained at the application layer to the network layer; preferably, the first packet header sub-module includes: the first port a package submodule, configured to encapsulate a source port and a destination port in the quintuple into a UDP packet header outside the data packet; and an IP address encapsulation submodule adapted to use the quintuple The source IP address, the destination IP address, and the transport protocol type are encapsulated in an IP packet header other than the data packet.

較佳地,所述第二報文頭封裝子模組,包括:第二端口封裝子模組,適於將所述五元組中的源端口、目的端口封裝到所述資料包之外的TCP報文頭中;IP位址封裝子模組,適於將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外 的IP報文頭中。 Preferably, the second packet header sub-module includes: a second port encapsulation sub-module, configured to encapsulate the source port and the destination port in the quintuple into a TCP outside the data packet. In the header of the packet, the IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into the data packet. IP header in the header.

較佳地,所述判斷模組,包括:判斷子模組,適於判斷所述資料包是由服務實體轉發的資料包還是由客戶端發送的資料包;如果所述資料包是由服務實體轉發的資料包,則確認所述資料包是自身負責應對的客戶端的資料包;如果所述資料包是由客戶端發送的資料包,則確認所述資料包不是由自身負責應對的客戶端的資料包。 Preferably, the determining module comprises: a determining sub-module, configured to determine whether the data packet is a data packet forwarded by a service entity or a data packet sent by a client; if the data packet is a service entity The forwarded data package confirms that the data package is a data package of the client that is responsible for the response; if the data package is a data package sent by the client, it is confirmed that the data package is not the data of the client that is responsible for the response. package.

較佳地,所述判斷子模組,包括:協議頭部判斷子模組,適於針對任一資料包,判斷在所述資料包之外是否存在按照網路傳輸協議的規則封裝的協議頭部;如果在所述資料包之外存在按照網路傳輸協議的規則封裝的協議頭部,則進入第一確認子模組;如果在所述資料包之外不存在按照網路傳輸協議的規則封裝的協議頭部,則進入第二確認子模組。 Preferably, the determining sub-module includes: a protocol header determining sub-module, and is adapted to determine, according to any data packet, whether there is a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet. If there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, the first confirmation submodule is entered; if there is no rule according to the network transmission protocol outside the data packet The encapsulated protocol header enters the second confirmation sub-module.

較佳地,所述限速模組,包括:解除子模組,適於解除所述資料包之外按照網路傳輸協議的規則封裝的協議頭部;資料包身份資訊獲取子模組,適於獲取所述資料包的身份資訊;流量判斷子模組,適於判斷所述身份資訊對應的流量是否超過到流量閾值;如果所述身份資訊對應的流量超過流量閾值,則進入丟棄子模組;丟棄子模組,適於丟棄所述資料包。 Preferably, the speed limit module comprises: a release submodule, adapted to release a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; and a data packet identity information acquisition submodule, Obtaining the identity information of the data packet; the traffic judgment sub-module is configured to determine whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds a traffic threshold, enter the discarding sub-module Discarding the sub-module, suitable for discarding the data package.

較佳地,當所述身份資訊為IP位址時,所述流量判斷子模組,包括:用戶ID查找子模組,適於查找所述IP位址對應的用戶ID;流量閾值查找子模組,適於根據所述用戶ID查找對應的流量閾值;第一流量判斷子模組,適於計算所述IP位址對應的流量是否超過所述流量閾值;如果所述IP位址對應的流量超過所述流量閾值,則進入丟棄子模組。 Preferably, when the identity information is an IP address, the traffic judgment sub-module includes: a user ID search sub-module, configured to search for a user ID corresponding to the IP address; and a traffic threshold search sub-module a group, configured to search for a corresponding traffic threshold according to the user ID; the first traffic judgment sub-module is configured to calculate whether the traffic corresponding to the IP address exceeds the traffic threshold; if the traffic corresponding to the IP address If the traffic threshold is exceeded, the discarding submodule is entered.

本發明實施例包括以下優點:本發明實施例,可以在不需要增加系統複雜度的情況下,通過將不是由自身負責應對的客戶端的資料包,轉發給同一集群中負責應對該資料包所屬客戶端的服務實體,從而保證同一客戶端的流量落到同一台服務實體上,然後在該服務實體上,基於對應資料包的身份資訊,對該客戶端的資料包進行限速處理。首先,相對背景技術的第一類方案,本發明實施例不用單獨在集群內設置一個流控實體對整個集群內的服務實體進行限速,不會應為該流控實體的故障而影響整個集群的正常工作,適用性強。而且,也不存在流控實體與服務實體之間大量的通訊以決策給每個服務實體下發的限速大小,僅僅是服務實體之間的資料包的簡單轉發,複雜度低。 The embodiment of the present invention includes the following advantages: in the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the same cluster and is responsible for responding to the client of the data packet without increasing the complexity of the system. The service entity of the end ensures that the traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. In the first embodiment of the present invention, the embodiment of the present invention does not need to set a flow control entity in the cluster to limit the rate of the service entity in the entire cluster, and the entire cluster may not be affected by the fault of the flow control entity. The normal work, the applicability is strong. Moreover, there is also a large amount of communication between the flow control entity and the service entity to determine the speed limit for each service entity, and only the simple forwarding of the data packets between the service entities is low.

其次,相對背景技術的第二類方案,本發明實施例由於同一個客戶端的資料包由同一個服務實體負責對其進行 具體的業務邏輯處理,決定對其進行下一步處理還是丟棄,因此,可以精確控制每個客戶端的流量,可操作性高。 Secondly, in contrast to the second type of solution of the background art, the embodiment of the present invention is responsible for the data packet of the same client by the same service entity. The specific business logic processing determines whether to process it next or discard it. Therefore, the traffic of each client can be precisely controlled, and the operability is high.

再次,相對背景技術的第三類方案,本發明實施例在集群的原有架構下,對資料包的處理流程做了改進,將各個服務實體接收到的同一客戶端的資料包,轉發到了同一個服務實體進行限速處理,未增加系統複雜度,也沒有採用額外的硬體設施,沒有增加硬體成本。並且,本發明實施例僅利用集群自身的計算功能,即實現了對同一客戶端的流量的限速處理,可以適用於任意規模的集群,適用性更廣。 The third embodiment of the present invention, the embodiment of the present invention improves the processing flow of the data packet under the original architecture of the cluster, and forwards the data packet of the same client received by each service entity to the same The service entity performs speed limit processing without increasing system complexity, and does not use additional hardware facilities, and does not increase hardware costs. Moreover, the embodiment of the present invention only utilizes the computing function of the cluster itself, that is, the speed limit processing of the traffic of the same client is implemented, and can be applied to a cluster of any size, and has wider applicability.

總之,相對於背景技術,本發明實施例在不增加系統複雜度以及成本的同時,提高了集群限速的適用性、可操作性,以及精確性。 In summary, with respect to the background art, the embodiment of the present invention improves the applicability, operability, and accuracy of the cluster speed limit without increasing system complexity and cost.

110‧‧‧步驟 110‧‧‧Steps

120‧‧‧步驟 120‧‧‧Steps

130‧‧‧步驟 130‧‧‧Steps

140‧‧‧步驟 140‧‧‧Steps

210‧‧‧步驟 210‧‧‧Steps

220‧‧‧步驟 220‧‧‧Steps

230‧‧‧步驟 230‧‧‧Steps

240‧‧‧步驟 240‧‧‧ steps

250‧‧‧步驟 250‧‧‧ steps

310‧‧‧步驟 310‧‧‧Steps

320‧‧‧步驟 320‧‧‧Steps

330‧‧‧步驟 330‧‧‧Steps

340‧‧‧步驟 340‧‧‧Steps

350‧‧‧步驟 350‧‧‧Steps

360‧‧‧步驟 360‧‧‧Steps

370‧‧‧步驟 370‧‧‧Steps

380‧‧‧步驟 380‧‧‧Steps

410‧‧‧交換機 410‧‧‧Switch

420‧‧‧服務實體 420‧‧‧Service entity

421‧‧‧接收模組 421‧‧‧ receiving module

422‧‧‧判斷模組 422‧‧‧Judgement module

423‧‧‧轉發模組 423‧‧‧ Forwarding module

424‧‧‧限速模組 424‧‧‧Speed Limit Module

510‧‧‧交換機 510‧‧‧Switch

520‧‧‧服務實體 520‧‧‧Service entity

521‧‧‧接收模組 521‧‧‧ receiving module

522‧‧‧判斷模組 522‧‧‧Judgement module

523‧‧‧轉發模組 523‧‧‧ Forwarding module

5231‧‧‧封裝子模組 5231‧‧‧Package submodule

52311‧‧‧第二封裝子模組 52311‧‧‧Second package submodule

5232‧‧‧轉發子模組 5232‧‧‧ Forwarding submodule

524‧‧‧限速模組 524‧‧‧Speed Limit Module

610‧‧‧交換機 610‧‧‧Switch

620‧‧‧服務實體 620‧‧‧Service entity

621‧‧‧接收模組 621‧‧‧ receiving module

622‧‧‧判斷模組 622‧‧‧Judgement module

6221‧‧‧判斷子模組 6221‧‧‧ judgment submodule

623‧‧‧轉發模組 623‧‧‧ Forwarding module

6231‧‧‧封裝子模組 6231‧‧‧Package submodule

62311‧‧‧第一封裝子模組 62311‧‧‧First package submodule

6232‧‧‧轉發子模組 6232‧‧‧ Forwarding submodule

624‧‧‧限速模組 624‧‧‧Speed Limit Module

6241‧‧‧解除子模組 6241‧‧‧Remove sub-module

6242‧‧‧資料包身份資訊獲取子模組 6242‧‧‧ Packet Identity Information Acquisition Sub-module

6243‧‧‧流量判斷子模組 6243‧‧‧Flow judgment sub-module

6244‧‧‧丟棄子模組 6244‧‧‧Discarding submodules

圖1是本發明的一種集群精確限速方法實施例的步驟流程圖;圖1A是本發明的一個應用場景示意圖;圖2是本發明的另一種集群精確限速方法實施例的步驟流程圖;圖3是本發明的另一種集群精確限速方法實施例的步驟流程圖;圖4是本發明的一種集群精確限速裝置實施例的結構 方塊圖;圖5是本發明的另一種集群精確限速裝置實施例的結構方塊圖;圖6是本發明的另一種集群精確限速裝置實施例的結構方塊圖。 1 is a flow chart of steps of an embodiment of a cluster precise rate limiting method; FIG. 1 is a schematic diagram of an application scenario of the present invention; FIG. 2 is a flow chart of steps of another embodiment of the cluster precise rate limiting method of the present invention; 3 is a flow chart showing the steps of another embodiment of the cluster precise speed limit method of the present invention; FIG. 4 is a structure of an embodiment of the cluster precise speed limit device of the present invention; FIG. 5 is a block diagram showing another embodiment of a cluster precise speed limit device according to the present invention; and FIG. 6 is a block diagram showing another embodiment of the cluster precise speed limit device of the present invention.

為使本發明的上述目的、特徵和優點能夠更加明顯易懂,下面結合圖式和具體實施方式對本發明作進一步詳細的說明。 The present invention will be further described in detail with reference to the drawings and specific embodiments.

本發明實施例的核心構思之一在於,本發明提出的一種集群精確限速方法和裝置,可以在不需要增加系統複雜度的情況下,通過將不是由自身負責應對的客戶端的資料包,轉發給同一集群中負責應對該資料包所屬客戶端的服務實體,從而保證同一客戶端的流量落到同一台服務實體上,然後在該服務實體上,基於對應資料包的身份資訊,對該客戶端的資料包進行限速處理。從而相對於背景技術,在不增加系統複雜度以及成本的同時,提高了集群限速的適用性、可操作性,以及精確性。 One of the core concepts of the embodiments of the present invention is that the cluster precise rate limiting method and apparatus provided by the present invention can be forwarded by a packet of a client that is not responsible for itself, without increasing the complexity of the system. Giving the same cluster the service entity responsible for responding to the client to which the data packet belongs, thereby ensuring that the traffic of the same client falls on the same service entity, and then on the service entity, based on the identity information of the corresponding data packet, the data packet of the client Speed limit processing. Therefore, compared with the background art, the applicability, operability, and accuracy of the cluster speed limit are improved without increasing system complexity and cost.

實施例一 Embodiment 1

參照圖1,示出了本發明的一種集群精確限速方法實施例的步驟流程圖,具體可以包括如下步驟: Referring to FIG. 1 , a flow chart of steps of an embodiment of a cluster precise rate limiting method of the present invention is shown, which may specifically include the following steps:

步驟110,接收資料包。 Step 110: Receive a data package.

如圖1A為本發明的一個應用場景示意圖。可以看出,在集群內部存在4台服務實體,服務實體通過各個交換機與外部,例如客戶端,進行通訊,客戶端發送的資料包先經過交換機,然後由交換機再分發到至少一台服務實體上來處理。 FIG. 1A is a schematic diagram of an application scenario of the present invention. It can be seen that there are four service entities in the cluster, and the service entity communicates with the outside through various switches, such as the client, and the data packets sent by the client first pass through the switch, and then redistributed by the switch to at least one service entity. deal with.

其中,集群是指一組協同工作的服務實體,用以提供比單一服務實體更具擴展性與可用性的服務平臺。主要包括高可用集群(High Availability Cluster),負載均衡集群(Load Balance Cluster),科學計算集群(High Performance Computing Cluster),本發明主要針對高可用集群和負載均衡集群。服務實體是可以提供某些服務的裝置,例如伺服器等,在本發明實施例中可以接收資料包並進行限速操作。 A cluster is a group of service entities that work together to provide a service platform that is more scalable and usable than a single service entity. It mainly includes a high availability cluster, a load balance cluster, and a high performance computing cluster. The present invention is mainly directed to a high availability cluster and a load balancing cluster. A service entity is a device that can provide certain services, such as a server. In the embodiment of the present invention, a data packet can be received and a speed limit operation can be performed.

在網際網路中,客戶端與伺服器交互,是先將其請求等資訊以資料包的形式向伺服器發送。而且在本發明中,由於集群中包含多個服務實體可以同時提供服務,進而造成同一客戶端發送的資料包可能會落到集群中的多個服務實體上。 In the Internet, the client interacts with the server by sending its request and other information to the server in the form of a packet. Moreover, in the present invention, since a plurality of service entities in the cluster can provide services at the same time, the data packets sent by the same client may fall on multiple service entities in the cluster.

以現今的網際網路為例,基本上採用的TCP/IP協議等網際網路協議,那麼TCP/IP協議的資料包(Data Packet)是TCP/IP(Transmission Control Protocol/Internet Protocol)協議通訊傳輸中的資料單位,一般也稱為“包”(Packet),在網路資訊傳遞過程中,單個消息被劃分為多個資料塊,這些資料塊就稱為資料 包,它包含發送者和接收者的位址資訊。這些資料包然後沿著不同的路徑在一個或多個網路中傳輸,並且在目的地重新組合。在實際應用中,資料包主要由報文頭和資料兩部分組成。 Take the current Internet as an example, basically adopt the Internet Protocol such as TCP/IP protocol, then the TCP/IP protocol data packet is the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol communication transmission. The data unit in the network, also commonly referred to as the "package", in the process of network information transmission, a single message is divided into multiple data blocks, these data blocks are called data A package that contains address information for the sender and receiver. These packets are then transmitted along one or more networks along different paths and reassembled at the destination. In practical applications, the data package is mainly composed of two parts: the message header and the data.

在實際應用中,TCP/IP協議是一個協議族,其包括TCP((Transmission Control Protocol,傳輸控制協議)、IP(Internet Protocol,網間網協議)、UDP(User Datagram Protocol,用戶資料包協議)、ICMP(Internet Control Message Protocol,網際網路控制資訊協議)、RIP(Routing Information Protocol,路由資訊協議)、SMTP(Simple Mail Transfer Protocol,簡單郵件傳輸協議)、SNMP(Simple Network manage Protocol,簡單網路管理協議)、ARP(Address Resolution Protocol,位址解析協議)、FTP(File Transfer Protocol,文件傳輸協議)等許多協議。TCP/IP協議採用分層結構,其分層模型及協議如下表(1): In practical applications, the TCP/IP protocol is a protocol family, which includes TCP (Transmission Control Protocol), IP (Internet Protocol), and UDP (User Datagram Protocol). , ICMP (Internet Control Message Protocol), RIP (Routing Information Protocol), SMTP (Simple Mail Transfer Protocol), SNMP (Simple Network Manage Protocol) Management protocol), ARP (Address Resolution Protocol), FTP (File Transfer Protocol) and many other protocols. The TCP/IP protocol adopts a hierarchical structure, and its layered model and protocol are as follows (1) :

不同的協議層對資料包有不同的稱謂,在傳輸層叫做段(segment),在網路層叫做資料報(datagram),在鏈路層叫做幀(frame)。 Different protocol layers have different names for data packets. They are called segments in the transport layer, datagrams in the network layer, and frames in the link layer.

本發明的一種集群精確限速方法,就是針對資訊傳輸 中的資料包進行限速,所以首先需要接收資料包。 The cluster precise speed limit method of the invention is for information transmission The data packet in the middle speed limit, so the first need to receive the data packet.

步驟120,判斷所述資料包是否為由自身負責應對的客戶端的資料包;如果所述資料包不是由自身負責應對的客戶端的資料包,則進入步驟130;如果所述資料包是由自身負責應對的客戶端的資料包,則進入步驟140。 Step 120: Determine whether the data package is a data package of a client that is responsible for responding by itself; if the data package is not a data package of a client that is responsible for the response, proceed to step 130; if the data package is responsible for itself If the client's data package is processed, the process proceeds to step 140.

在本發明實施例中,對於集群中各服務實體,可以由交換機根據一定算法確定集群中各服務實體自身負責應對的客戶端,即集群中某一服務實體可以只對由該算法確定由自身負責應對的客戶端發送的資料包進行限速,在本發明實施例中,此特定的客戶端可以稱為資料包自身負責應對的客戶端。 In the embodiment of the present invention, for each service entity in the cluster, the switch may determine, according to a certain algorithm, the clients that the service entities in the cluster are responsible for, that is, a service entity in the cluster may only be responsible for determining by the algorithm. In the embodiment of the present invention, the specific client may be referred to as a client responsible for responding to the data packet sent by the client.

所以,在接收到客戶端的資料包後,需要進一步判斷所述資料包是否為由自身負責應對的客戶端的資料包,如果所述資料包不是由自身負責應對的客戶端的資料包,考慮到服務實體只對由自己負責應對的客戶端發送的資料包進行限速,所以此時需要將所述資料包轉發至負責應對所述資料包所述客戶端的服務實體;而如果所述資料包是由自身負責應對的客戶端的資料包,則可以直接基於所述資料包的身份資訊,對所述資料包進行限速處理。 Therefore, after receiving the data package of the client, it is necessary to further determine whether the data package is a data package of the client that is responsible for the response, and if the data package is not the data package of the client that is responsible for the response, the service entity is considered. Only rate the data packets sent by the client that is responsible for the response, so the data package needs to be forwarded to the service entity responsible for responding to the client of the data package; and if the data package is by itself The data package of the client responsible for the response can directly limit the speed of the data packet based on the identity information of the data package.

步驟130,將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體。 Step 130: Forward the data package to a service entity responsible for responding to the client to which the data package belongs.

如圖1A所示的場景圖示例,服務實體接收到客戶端發送的資料包後,可以經過交換機,將接收到的不是由自身負責應對的資料包轉發給負責應對所述資料包所屬客戶 端的服務實體。例如,服務實體1接收到一資料包,該資料包所屬的客戶端是由服務實體3負責應對的,則在服務實體接收到該資料包後,會將該資料包再次發送至交換機1,然後交換機1再將該資料包發送至服務實體3。 As shown in the scenario diagram shown in FIG. 1A, after receiving the data packet sent by the client, the service entity may forward the received data packet that is not handled by itself to the client responsible for responding to the data packet. The service entity at the end. For example, if the service entity 1 receives a data packet, and the client to which the data packet belongs is handled by the service entity 3, after the service entity receives the data packet, the data packet is sent to the switch 1 again, and then Switch 1 then sends the packet to service entity 3.

在本發明另一較佳的實施例中,步驟130包括: In another preferred embodiment of the present invention, step 130 includes:

子步驟131,基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部。 Sub-step 131, based on the identity information of the data packet, encapsulates the protocol header in addition to the data packet according to the rules of the network transmission protocol.

在本發明實施例中,可以基於資料包的身份資訊,在資料包之外封裝協議頭部,且該協議頭部是按照網路傳輸協議的規則封裝在資料包之外的。 In the embodiment of the present invention, the protocol header may be encapsulated outside the data packet based on the identity information of the data packet, and the protocol header is encapsulated outside the data packet according to the rules of the network transmission protocol.

其中,資料包的身份資訊可以包括用戶ID,及/或客戶端的IP位址等;網路傳輸協議(Communications Protocol)一般是指網路層協議和傳輸層協議,例如,表(1)中所示的IP(Internet Protocol,網路協議)協議、TCP協議、UDP協議等。實際應用中,TCP協議和UDP協議同一個資料包只會使用一種。 The identity information of the data packet may include a user ID, and/or an IP address of the client, etc.; a network protocol (Communications Protocol) generally refers to a network layer protocol and a transport layer protocol, for example, in Table (1) IP (Internet Protocol) protocol, TCP protocol, UDP protocol, etc. In practical applications, the TCP protocol and the UDP protocol use only one packet of the same packet.

其中TCP協議和UDP協議的區別主要為以下幾點:1、TCP協議需要存在通訊關係的對象之間進行連接,UDP協議不需要存在通訊關係的對象之間進行連接;2、TCP協議的傳輸速度較慢,UDP協議的傳輸速度較快;3、TCP協議可以保證資料順序,UDP協議不可以保證資料順序;4、TCP協議可以保證資料正確性,UDP協議則可能 丟包;5、TCP協議對系統資源要求多,UDP協議系統資源要求少。 The difference between the TCP protocol and the UDP protocol is mainly as follows: 1. The TCP protocol needs to connect between objects having a communication relationship, and the UDP protocol does not need to connect between objects having a communication relationship; 2. The transmission speed of the TCP protocol Slower, UDP protocol transmission speed is faster; 3, TCP protocol can guarantee data order, UDP protocol can not guarantee data order; 4, TCP protocol can guarantee data correctness, UDP protocol may Packet loss; 5, TCP protocol requires a lot of system resources, UDP protocol system resource requirements are small.

因此,可以理解,本發明在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部,可以按照IP協議+TCP協議或者IP協議+UDP協議的規則封裝協議頭部。 Therefore, it can be understood that the present invention encapsulates the protocol header in accordance with the rules of the network transmission protocol in addition to the data packet, and the protocol header can be encapsulated according to the rules of the IP protocol + TCP protocol or the IP protocol + UDP protocol.

在實際應用中,在本發明封裝上述協議頭部時,會在協議頭部中封裝指示資料包所屬客戶端的身份資訊等第一資料。對同一客戶端來說,在其任意資料包的協議頭部中封裝的上述第一資料是唯一的,可以跟其他客戶端區別開來。 In an actual application, when the present invention encapsulates the foregoing protocol header, the first data indicating the identity information of the client to which the data packet belongs is encapsulated in the protocol header. For the same client, the first data encapsulated in the protocol header of any of its packets is unique and can be distinguished from other clients.

子步驟132,將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 Sub-step 132, forwarding the data package encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

在本發明實施例中,需要將同一客戶端發送的資料包歸併到預設的與該客戶端對應的服務實體中,然後進行精確地限速,對於封裝了協議頭部的資料包,則可以根據協議頭部的內容,利用交換機,將封裝了協議頭部的資料包轉發給負責應對該資料包所屬客戶端的服務實體。 In the embodiment of the present invention, the data packet sent by the same client needs to be merged into a preset service entity corresponding to the client, and then the speed limit is accurately performed. For the data package encapsulating the protocol header, According to the content of the protocol header, the data packet encapsulating the protocol header is forwarded by the switch to the service entity responsible for responding to the client to which the data packet belongs.

在實際應用中,可以利用交換機的HASH(哈希/散列)策略,將封裝了協議頭部的資料包準確地轉發至負責對應該資料包所屬客戶端的服務實體。 In practical applications, the HASH (hash/hash) policy of the switch can be used to accurately forward the data packet encapsulating the protocol header to the service entity responsible for the client to which the data packet belongs.

在實際應用中,集群的交換機是對資料包的協議頭部中的上述第一資料進行哈希,然後根據哈希結果,將資料包分發至相應的服務實體中。比如計算第一資料的哈希 值,然後將該哈希值對服務實體的總個數取餘數,然後根據餘數與服務實體的對應關係,將該資料包發送至於該餘數對應的服務實體中。 In practical applications, the cluster switch hashes the first data in the protocol header of the data packet, and then distributes the data packet to the corresponding service entity according to the hash result. Such as calculating the hash of the first data The value is then obtained by taking the hash value to the total number of service entities, and then sending the data packet to the service entity corresponding to the remainder according to the correspondence between the remainder and the service entity.

步驟140,基於所述資料包的身份資訊,對所述資料包進行限速處理。 Step 140: Perform rate limiting processing on the data packet based on identity information of the data packet.

在實際應用中,集群需要對多個客戶端提供服務,為了防止某一客戶端的流量過大而影響其它客戶端或者是導致該客戶端的帶寬收費較高等原因,需要針對每個客戶端進行限速。在本發明實施例中,將各客戶端的資料包全部歸併到對該客戶端對應的服務實體後,即可以利用一個服務實體實現對某客戶端進行限速。 In practical applications, the cluster needs to provide services for multiple clients. In order to prevent the traffic of a certain client from being too large, affecting other clients or causing high bandwidth charges of the client, it is necessary to limit the speed of each client. In the embodiment of the present invention, after all the data packets of each client are merged into the service entity corresponding to the client, a service entity can be used to limit the speed of a certain client.

在實際應用中,可以首先根據不同的客戶端預置不同的流量閾值,然後判斷服務實體所對應接收的客戶端的各資料包的流量是否超出該客戶端對應的流量閾值的範圍,若某一資料包的流量超出該客戶端對應的流量閾值的範圍,則可以將該資料包丟棄,而若資料包的流量未超出該客戶端對應的流量閾值的範圍,則保留該資料包。 In an actual application, different traffic thresholds may be preset according to different clients, and then it is determined whether the traffic of each data packet received by the service entity exceeds the traffic threshold corresponding to the client, if a certain data If the traffic of the packet exceeds the traffic threshold corresponding to the client, the data packet may be discarded, and if the traffic of the data packet does not exceed the traffic threshold corresponding to the client, the data packet is retained.

在本發明實施例中,在不需要增加系統複雜度的情況下,通過將不是由自身負責應對的客戶端的資料包,轉發給同一集群中負責應對該資料包所屬客戶端的服務實體,從而保證同一客戶端的流量落到同一台服務實體上,然後在該服務實體上,基於對應資料包的身份資訊,對該客戶端的資料包進行限速處理,因此本發明具備以下優點:首先,相對背景技術的第一類方案,本發明實施例不 用單獨在集群內設置一個流控實體對整個集群內的服務實體進行限速,不會應為該流控實體的故障而影響整個集群的正常工作,適用性強。而且,也不存在流控實體與服務實體之間大量的通訊以決策給每個服務實體下發的限速大小,僅僅是服務實體之間的資料包的簡單轉發,複雜度低。 In the embodiment of the present invention, by not adding the complexity of the system, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster responsible for responding to the client to which the data packet belongs, thereby ensuring the same The traffic of the client falls on the same service entity, and then the speed limit processing is performed on the data packet of the client based on the identity information of the corresponding data packet on the service entity. Therefore, the present invention has the following advantages: First, relative to the background art The first type of solution, the embodiment of the present invention does not By setting a flow control entity in a cluster to limit the rate of service entities in the entire cluster, it is not necessary to affect the normal operation of the entire cluster for the failure of the flow control entity, and the applicability is strong. Moreover, there is also a large amount of communication between the flow control entity and the service entity to determine the speed limit for each service entity, and only the simple forwarding of the data packets between the service entities is low.

其次,相對背景技術的第二類方案,本發明實施例由於同一個客戶端的資料包由同一個服務實體負責對其進行具體的業務邏輯處理,決定對其進行下一步處理還是丟棄,因此,可以精確控制每個客戶端的流量,可操作性高。 Secondly, with respect to the second type of solution of the background technology, the embodiment of the present invention is responsible for performing specific business logic processing on the data packet of the same client by the same service entity, and determining whether to perform the next processing or discarding, so Precise control of traffic to each client, high operability.

再次,相對背景技術的第三類方案,本發明實施例在集群的原有架構下,對資料包的處理流程做了改進,將各個服務實體接收到的同一客戶端的資料包,轉發到了同一個服務實體進行限速處理,未增加系統複雜度,也沒有採用額外的硬體設施,沒有增加硬體成本。並且,本發明實施例僅利用集群自身的計算功能,即實現了對同一客戶端的流量的限速處理,可以適用於任意規模的集群,適用性更廣。 The third embodiment of the present invention, the embodiment of the present invention improves the processing flow of the data packet under the original architecture of the cluster, and forwards the data packet of the same client received by each service entity to the same The service entity performs speed limit processing without increasing system complexity, and does not use additional hardware facilities, and does not increase hardware costs. Moreover, the embodiment of the present invention only utilizes the computing function of the cluster itself, that is, the speed limit processing of the traffic of the same client is implemented, and can be applied to a cluster of any size, and has wider applicability.

總之,相對於背景技術的集群限速三類方案,在不增加系統複雜度以及成本的同時,提高了集群限速的適用性、可操作性,以及精確性。 In summary, compared with the background technology, the three types of rate limiting schemes improve the applicability, operability, and accuracy of the cluster speed limit without increasing system complexity and cost.

實施例二 Embodiment 2

參照圖2,示出了本發明的一種集群精確限速方法實施例的步驟流程圖,具體可以包括如下步驟: Referring to FIG. 2, a flow chart of the steps of the embodiment of the cluster precise rate limiting method of the present invention is shown, which may specifically include the following steps:

步驟210,接收資料包。 Step 210: Receive a data packet.

步驟220,判斷所述資料包是否為由自身負責應對的客戶端的資料包;如果所述資料包不是由自身負責應對的客戶端的資料包,則進入步驟230;如果所述資料包是由自身負責應對的客戶端的資料包,則進入步驟250。 Step 220: Determine whether the data package is a data package of a client that is responsible for the response; if the data package is not a data package of the client that is responsible for the response, proceed to step 230; if the data package is responsible for itself If the client's data package is processed, the process proceeds to step 250.

步驟230,基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 Step 230: Based on the identity information of the data packet, further encapsulate an IP packet header and a TCP packet header in addition to the data packet according to the rules of the network transmission protocol.

基於前述的TCP的優點,為了保證資料包在轉發過程中資料的正確性,在本發明實施例中,可以基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。按照TCP協議封裝一層TCP報文頭,再按照IP協議封裝一層IP報文頭。 Based on the advantages of the foregoing TCP, in order to ensure the correctness of the data in the forwarding process, in the embodiment of the present invention, according to the identity information of the data packet, the network transmission protocol may be used in addition to the data packet. The rule further encapsulates an IP packet header and a TCP packet header. A TCP packet header is encapsulated according to the TCP protocol, and then an IP packet header is encapsulated according to the IP protocol.

其中,TCP是面向連接的傳輸協議,需要在需要通訊的客戶端和服務實體之間以及不同的服務實體之間建立連接關係。TCP採用“三次握手”的方式建立連接,以客戶端和服務實體為例,具體步驟如下:第一次握手:建立連接時,客戶端發送syn包(syn=j)到服務實體,並進入SYN_SEND狀態,等待服務實體確認;第二次握手:服務實體收到syn包,必須確認客戶的 SYN(ack=j+1),同時自己也發送一個SYN包(syn=k),即SYN+ACK包,此時服務實體進入SYN_RECV狀態;第三次握手:客戶端收到服務實體的SYN+ACK包,向服務實體發送確認包ACK(ack=k+1),此包發送完畢,客戶端和服務實體進入ESTABLISHED狀態,完成三次握手。 Among them, TCP is a connection-oriented transport protocol, which needs to establish a connection relationship between a client and a service entity that need to communicate and between different service entities. TCP uses the "three-way handshake" method to establish a connection. The client and the service entity are used as an example. The specific steps are as follows: First handshake: When establishing a connection, the client sends a syn packet (syn=j) to the service entity and enters SYN_SEND. Status, waiting for the service entity to confirm; second handshake: the service entity receives the syn package and must confirm the customer's SYN (ack = j + 1), while also sending a SYN packet (syn = k), that is, SYN + ACK packet, the service entity enters the SYN_RECV state; the third handshake: the client receives the SYN+ of the service entity The ACK packet sends an acknowledgement packet ACK (ack=k+1) to the service entity. After the packet is sent, the client and the service entity enter the ESTABLISHED state and complete the three-way handshake.

完成三次握手後,客戶端與服務實體可以開始傳送資料。 After completing the three-way handshake, the client and the service entity can start transmitting data.

TCP報文頭的資料格式如表(2)所示: The data format of the TCP packet header is shown in Table (2):

其中,序列號:TCP序號,即本報文段所發送的資料的第一個字節的序號。 The serial number: TCP serial number, that is, the serial number of the first byte of the data sent by this segment.

確認號:即希望下次收到對方傳送的資料的第一個字節的序號。 Confirmation number: The serial number of the first byte of the data that you want to receive next time.

資料偏移:指出TCP報文段的資料起始處距離TCP報文段的距離,實際就是TCP頭部長度。注意,資料偏移的單位不是字節而是32bit,即4字節。TVP首部最大長度為(2^4-1)*4=60字節。 Data Offset: Indicates the distance from the beginning of the data segment of the TCP segment to the TCP segment, which is actually the length of the TCP header. Note that the unit of data offset is not a byte but 32 bits, which is 4 bytes. The maximum length of the TVP header is (2^4-1)*4=60 bytes.

保留:保留為今後使用,目前統一置為0. Retention: Reserved for future use, currently set to 0.

代碼位: Code bit:

1、URG:緊急比特。當URG=1時,表明緊急指針字段有效。該報文應儘快傳送。而不要按原來的隊列順序來傳送。 1. URG: Urgent bit. When URG=1, it indicates that the emergency pointer field is valid. The message should be transmitted as soon as possible. Instead of transmitting in the original queue order.

2、ACK:確認比特。當ACK=1時確認號字段才有效,ACK=0時,表明確認號無效。 2. ACK: Acknowledge bit. The acknowledgment number field is valid when ACK=1, and ACK=0 indicates that the acknowledgment number is invalid.

3、PSH:推送比特:按對隊傳輸到對方,不用待緩存填滿後再提交給上層,而是立即提交。 3. PSH: Push Bit: Transfer to the other party according to the team, do not wait for the cache to fill up and then submit it to the upper layer, but submit it immediately.

4、RST:複位比特。TCP連接中出現嚴重差錯,必須立即釋放並重新建立連接。也用於拒絕一個非法的報文段或拒絕打開一個連接。 4. RST: Reset bit. A serious error has occurred in the TCP connection and the connection must be released and re-established immediately. Also used to reject an illegal segment or refuse to open a connection.

5、SYN:同步比特。在連接建立時用來同步序號。當SYN=1而ACK=0時,表明這是一個連接請求報文段。對方若同意建立連接,則應在響應的報文段中使用SYN=1和ACK=1。因此,SYN=1時,就表明這是一個連接請求或連接接受。 5. SYN: Synchronization bit. Used to synchronize the sequence number when the connection is established. When SYN=1 and ACK=0, it indicates that this is a connection request segment. If the other party agrees to establish a connection, SYN=1 and ACK=1 should be used in the response segment. Therefore, when SYN=1, it indicates that this is a connection request or connection acceptance.

6、FIN:終止比特。用來釋放一個連接。當FIN=1時,表明資料發送完畢,要求釋放連接。 6. FIN: Termination bit. Used to release a connection. When FIN=1, it indicates that the data has been sent and the connection is required to be released.

窗口:接收端告知自己的接收能力,即自己接收窗口的大小,發送方將按這個大小發送資料。 Window: The receiving end informs itself of the receiving capability, that is, the size of the receiving window itself, and the sender will send the data according to this size.

校驗和:檢驗的範圍包括首部和資料這兩部分。在計算檢驗和時,要在TCP報文段的前面加上12字節的偽首部。 Checksum: The scope of the inspection includes the header and the data. When calculating the checksum, a 12-byte pseudo header is added to the front of the TCP segment.

緊急指針:當緊急指針代碼位被設置時為有效字段。如果有效,這個值指明了當前序列號的八位組的偏移值,即第一個非緊急資料的起始位置。 Urgent pointer: A valid field when the emergency pointer code bit is set. If valid, this value indicates the offset of the octet of the current serial number, which is the starting position of the first non-emergency data.

在本發明另一較佳的實施例中,步驟230,包括:子步驟231,獲取所述資料包對應的身份資訊;子步驟232,根據所述身份資訊,選擇同一個五元組;所述五元組包括:源IP位址,目的IP位址,源端口,目的端口,傳輸協議類型;所述目的IP位址為服務實體對應的IP位址;子步驟233,基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 In another preferred embodiment of the present invention, step 230 includes: sub-step 231, acquiring identity information corresponding to the data packet; and sub-step 232, selecting the same five-tuple according to the identity information; The quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transport protocol type; the destination IP address is an IP address corresponding to the service entity; and sub-step 233, based on the quintuple In addition to the data packet, the IP packet header and the TCP packet header are further encapsulated according to the rules of the network transmission protocol.

若要在資料包之外再封裝一層IP報文頭和TCP報文頭,則此時五元組中的傳輸協議類型為TCP協議,即在資料包之外是按照TCP協議的規則再封裝一層IP報文頭和TCP報文頭。根據表(2)和表(4)分別所示的IP報文頭結構和TCP報文頭結構可知,在實際應用中,五元組中的源IP位址、目的IP位址、傳輸協議類型分別與IP報文頭中的源位址、目的位址、協議一一對應,五元組中的源端口、目的端口分別與TCP報文頭中的源端口號、目的端口號一一對應。對於IP報文頭和TCP報文頭中其他部分的內容,本發明實施例也不加以限定。 To encapsulate an IP packet header and a TCP packet header in addition to the data packet, the transmission protocol type in the quintuple is TCP protocol at this time, that is, in addition to the data packet, an IP packet is encapsulated according to the rules of the TCP protocol. Header and TCP header. According to the IP packet header structure and the TCP packet header structure respectively shown in Table (2) and Table (4), in the actual application, the source IP address, the destination IP address, and the transmission protocol type in the quintuple are respectively The source address, the destination address, and the protocol in the IP packet header correspond to each other. The source port and the destination port in the quintuple group correspond to the source port number and the destination port number in the TCP packet header. The embodiments of the present invention are not limited to the content of the IP packet header and other parts of the TCP packet header.

在本發明另一較佳的實施例中,步驟233,包括: In another preferred embodiment of the present invention, step 233 includes:

子步驟2331,將所述五元組中的源端口、目的端口 封裝到所述資料包之外的TCP報文頭中。 Sub-step 2331, the source port and the destination port in the quintuple Encapsulated into a TCP header other than the data packet.

具體而言,是將五元組中的源端口、目的端口分別封裝到資料包之外的TCP報文頭中的源端口號、目的端口號中。對於TCP報文頭中的其他部分的資料內容,可以採用任意一種TCP報文頭適用的資料,對此本發明實施例不加以限定。 Specifically, the source port and the destination port in the quintuple are respectively encapsulated into a source port number and a destination port number in a TCP packet header other than the data packet. For the data content of other parts in the TCP packet header, any type of information applicable to the TCP packet header may be used, which is not limited in this embodiment of the present invention.

子步驟2332,將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 Sub-step 2332, the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP packet header outside the data packet.

步驟240,將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 Step 240: Forward the data package encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

步驟250,基於所述資料包的身份資訊,對所述資料包進行限速處理。 Step 250: Perform rate limiting processing on the data packet based on identity information of the data packet.

在本發明實施例中,同樣在不需要增加系統複雜度的情況下,通過將不是由自身負責應對的客戶端的資料包,轉發給同一集群中負責應對該資料包所屬客戶端的服務實體,從而保證同一客戶端的流量落到同一台服務實體上,然後在該服務實體上,基於對應資料包的身份資訊,對該客戶端的資料包進行限速處理。相對於現有的集群限速三類方案,在不增加系統複雜度以及成本的同時,提高了集群限速的適用性、可操作性,以及精確性。 In the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster that is responsible for responding to the client to which the data packet belongs, so as to ensure that the complexity of the system is not increased. The traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. Compared with the existing three types of cluster speed limit schemes, the applicability, operability, and accuracy of the cluster speed limit are improved without increasing system complexity and cost.

另外,在本發明實施例中,通過在服務實體接收到的由客戶端發送的資料包之外封裝一層IP報文頭和TCP報文頭,然後再將封裝後的資料包轉發至負責應對該資料包 所屬的客戶端的服務實體中,相對於UDP而言,本發明實施例需要在實體之間建立連接,可以進一步保證資料包中資料的準確性,將資料包準確地轉發至相應地服務實體中,進一步提高了集群限速的精確性。 In addition, in the embodiment of the present invention, an IP packet header and a TCP packet header are encapsulated by the data packet sent by the client, and then the encapsulated data packet is forwarded to the responsible packet. In the service entity of the client, the embodiment of the present invention needs to establish a connection between the entities, which can further ensure the accuracy of the data in the data packet, and accurately forward the data packet to the corresponding service entity. The accuracy of the cluster speed limit is further improved.

實施例三 Embodiment 3

參照圖3,示出了本發明的另一種集群精確限速方法實施例的步驟流程圖,具體可以包括如下步驟: Referring to FIG. 3, a flow chart of the steps of another embodiment of the cluster precise rate limiting method of the present invention is shown, which may specifically include the following steps:

步驟310,接收資料包。 Step 310: Receive a data package.

步驟320,判斷所述資料包是由服務實體轉發的資料包還是由客戶端發送的資料包;如果所述資料包是由服務實體轉發的資料包,則確認所述資料包不是由自身負責應對的客戶端的資料包,然後進入步驟330;如果所述資料包是由客戶端發送的資料包,則確認所述資料包是自身負責應對的客戶端的資料包,然後進入步驟350。 Step 320: Determine whether the data packet is a data packet forwarded by the service entity or a data packet sent by the client; if the data packet is a data packet forwarded by the service entity, confirm that the data packet is not responsible for the data packet. The client's data package then proceeds to step 330; if the data package is a data package sent by the client, it is confirmed that the data package is the data package of the client that is responsible for the response, and then proceeds to step 350.

由實施例一所述可知,在實際應用中,若服務實體接收到的資料包是由客戶端的資料包,則會將該資料包轉發至負責應對所述資料包所屬客戶端的服務實體,而且在轉發之前,服務實體並不能確認其所接收的客戶端發送的是資料包是否為自身負責應對的客戶端發送的資料包。另外,一般而言,只需一次轉發過程,即可以將該資料包轉發至負責應對所述資料包所屬客戶端的服務實體。 As can be seen from the first embodiment, in a practical application, if the data packet received by the service entity is a data packet of the client, the data packet is forwarded to a service entity responsible for responding to the client to which the data packet belongs, and Before forwarding, the service entity cannot confirm whether the client it receives is sending the data packet sent by the client responsible for the response. In addition, in general, only one forwarding process is required, that is, the data packet can be forwarded to a service entity responsible for responding to the client to which the data packet belongs.

在本發明實施例中,確認某一資料包不是由接收到該資料包的某服務實體自身應對的客戶端的資料包,則表明 該服務實體需要將接收到的該資料包進行轉發操作,以將該資料包轉發至負責應對該資料包所屬的客戶端的服務實體中。 In the embodiment of the present invention, if it is confirmed that a certain data packet is not a data packet of a client that is processed by a service entity that receives the data packet, it indicates The service entity needs to forward the received data packet to forward the data packet to the service entity responsible for responding to the client to which the data packet belongs.

在本發明實施例中,確認某一資料包是由某服務實體自身應對的客戶端的資料包,則表明該服務實體不需要將該資料包進行再次轉發操。 In the embodiment of the present invention, if it is confirmed that a certain data packet is a data packet of a client that is handled by a service entity itself, it indicates that the service entity does not need to forward the data packet again.

所以在本發明實施例中,若服務實體所接收的資料包是由服務實體轉發的資料包,則可以確認該資料包是由自身負責應對的客戶端的資料包;而若服務實體所接收的資料包是由客戶端發送的資料包,則可以先默認該資料包不是由該服務實體自身負責應對的客戶端的資料包。該步驟是實施例一中步驟120的較佳方案。需要說明的是,在本發明實施例中,服務實體所接收到的資料包可能是由其自身轉發的資料包。 Therefore, in the embodiment of the present invention, if the data packet received by the service entity is a data packet forwarded by the service entity, it may be confirmed that the data packet is a data packet of the client that is responsible for the response; and if the data received by the service entity is received, If the package is a data package sent by the client, the data package of the client that is not responsible for the response by the service entity may be defaulted first. This step is a preferred embodiment of step 120 in the first embodiment. It should be noted that, in the embodiment of the present invention, the data packet received by the service entity may be a data packet forwarded by itself.

例如,對於服務實體A,其接收到兩個資料包分別為:資料包a、資料包b,其中資料包a是由服務實體B轉發的,資料包b是由客戶端C發送的。則經過上述步驟,可以直接確認資料包a是由服務實體A負責應對的客戶端的資料包,資料包b則不是由服務實體A負責應對的客戶端的資料包。而且,在服務實體A對資料包b進行轉發之前,並不能確認資料包b所屬的客戶端C是否為服務實體A負責應對的客戶端,另外,其中的服務實體A和服務實體B可能為同一服務實體。 For example, for the service entity A, the two data packets received are: data package a, data package b, wherein the data package a is forwarded by the service entity B, and the data package b is sent by the client C. After the above steps, it can be directly confirmed that the data package a is the data package of the client that the service entity A is responsible for, and the data package b is not the data package of the client that the service entity A is responsible for. Moreover, before the service entity A forwards the data packet b, it cannot confirm whether the client C to which the data package b belongs is the client responsible for the service entity A, and the service entity A and the service entity B may be the same. Service entity.

在本發明另一較佳的實施例中,步驟320,包括: In another preferred embodiment of the present invention, step 320 includes:

子步驟321,針對任一資料包,判斷在所述資料包之外是否存在按照網路傳輸協議的規則封裝的協議頭部;如果在所述資料包之外存在按照網路傳輸協議的規則封裝的協議頭部,則確認所述資料包是自身負責應對的客戶端的資料包,然後進入步驟350;如果在所述資料包之外不存在按照網路傳輸協議的規則封裝的協議頭部,則確認所述資料包不是由自身負責應對的客戶端的資料包,然後進入步驟330。 Sub-step 321 , for any data packet, determining whether there is a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; if there is a rule encapsulation according to a network transmission protocol outside the data packet The protocol header confirms that the data packet is the data packet of the client that is responsible for the response, and then proceeds to step 350; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, then It is confirmed that the data package is not the data package of the client that is responsible for the response, and then proceeds to step 330.

根據實施例一所述的內容,在本發明實施例中,若服務實體要對所接收到的資料包進行轉發,則需要先在該資料包之外再按照網路傳輸協議的規則封裝協議頭部;若服務實體不對所接收到的資料包進行轉發,則不需要在該資料包之外再按照網路傳輸協議的規則封裝協議頭部。 According to the content of the first embodiment, in the embodiment of the present invention, if the service entity needs to forward the received data packet, the protocol header needs to be encapsulated according to the rules of the network transmission protocol before the data packet. If the service entity does not forward the received data packet, it does not need to encapsulate the protocol header in accordance with the rules of the network transmission protocol in addition to the data packet.

所以,在本發明實施例中,針對服務實體接收到的任一資料包,判斷在所述資料包之外是否存在按照網路傳輸協議的規則封裝的協議頭部。如果在所述資料包之外存在按照網路傳輸協議的規則封裝的協議頭部,則說明該服務實體接收到的該資料包是由服務實體轉發的資料包,從而可以確認該資料包是由該服務實體自身負責應對的客戶端的資料包;如果在資料包之外不存在按照網路傳輸協議的規則封裝的協議頭部,則說明該服務實體接收到的該資料包是由客戶端發送的資料包,從而可以確認該資料包不是由自身負責應對的客戶端的資料包。 Therefore, in the embodiment of the present invention, for any data packet received by the service entity, it is determined whether there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet. If there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it indicates that the data packet received by the service entity is a data packet forwarded by the service entity, so that the data packet can be confirmed The data packet of the client that the service entity itself is responsible for; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it indicates that the data packet received by the service entity is sent by the client. The data package, so that it can be confirmed that the data package is not the data package of the client that is responsible for it.

步驟330,基於所述資料包的身份資訊,在所述資料 包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭。 Step 330, based on the identity information of the data packet, in the data The packet is further encapsulated with an IP packet header and a UDP packet header according to the rules of the network transmission protocol.

如前述,若要對接收到的資料包進行轉發,則需要先基於所述資料包的身份資訊,在資料包之外按照網路傳輸協議的規則再封裝協議頭部。 As described above, if the received data packet is to be forwarded, it is necessary to first encapsulate the protocol header according to the network transmission protocol rules based on the identity information of the data packet.

其中,UDP是一種無連接的資料報服務。源服務實體在傳送資料前不需要和目標服務實體建立連接。資料被冠以源、目標端口號等UDP報頭字段後直接發往目的服務實體。這時,每個資料段的可靠性依靠上層協議來保證。在傳送資料較少、較小的情況下,UDP比TCP更加高效。考慮到UDP協議不需要在通訊的服務實體之間建立連接的特性,在本發明實施例中,基於資料包的身份資訊,在資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭,從而可以避免在各服務實體之間建立連接的過程。在本發明實施例中,在資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭的過程並不會影響到資料包本身。 Among them, UDP is a connectionless datagram service. The source service entity does not need to establish a connection with the target service entity before transmitting the data. The data is sent to the destination service entity directly after the UDP header field such as the source and destination port numbers. At this time, the reliability of each data segment is guaranteed by the upper layer protocol. UDP is more efficient than TCP when the data is transmitted less and is smaller. Considering that the UDP protocol does not need to establish a connection between the service entities of the communication, in the embodiment of the present invention, based on the identity information of the data packet, an IP packet header is further encapsulated in the data packet according to the rules of the network transmission protocol. And UDP packet headers, thus avoiding the process of establishing a connection between service entities. In the embodiment of the present invention, the process of re-encapsulating an IP packet header and a UDP packet header according to the rules of the network transmission protocol outside the data packet does not affect the data packet itself.

在實際應用中,IP報文頭格式如表(3)所示: In actual applications, the format of the IP packet header is shown in Table (3):

其中,版本(Version)字段:占4比特。用來表明IP協議實現的版本號,當前一般為IPv4,即0100。 Among them, the Version field: 4 bits. The version number used to indicate the IP protocol implementation. Currently, it is generally IPv4, which is 0100.

報頭長度(Internet Header Length,IHL)字段:占4比特。是頭部占32比特的數字,包括可選項。普通IP資料報(沒有任何選項),該字段的值是5,即160比特=20字節。此字段最大值為60字節。 Internet Header Length (IHL) field: 4 bits. It is a 32-bit number with a header, including options. Ordinary IP datagram (without any options), the value of this field is 5, which is 160 bits = 20 bytes. This field has a maximum value of 60 bytes.

服務類型(Type of Service,TOS)字段:占8比特。其中前3比特為優先權子字段(Precedence,現已被忽略)。第8比特保留未用。第4至第7比特分別代表延遲、吞吐量、可靠性和花費。當它們取值為1時分別代表要求最小時延、最大吞吐量、最高可靠性和最小費用。這4比特的服務類型中只能置其中1比特為1。可以全為0,若全為0則表示一般服務。服務類型字段聲明了資料報被網路系統傳輸時可以被怎樣處理。例如:TELNET協議可能要求有最小的延遲,FTP協議(資料)可能要求有最大吞吐量,SNMP協議可能要求有最高可靠性,NNTP(Network News Transfer Protocol,網路新聞傳輸協議)可能要求最小費用,而ICMP協議可能無特殊要求(4比特全為0)。實際上,大部分主機會忽略這個字段,但一些動態路由協議如OSPF(Open Shortest Path First Protocol)、IS-IS(Intermediate System to Intermediate System Protocol)可以根據這些字段的值進行路由決策。 Type of Service (TOS) field: 8 bits. The first 3 bits are the priority subfield (Precedence, which is now ignored). The 8th bit remains unused. Bits 4 through 7 represent delay, throughput, reliability, and cost, respectively. When they take a value of 1, they represent minimum latency, maximum throughput, maximum reliability, and minimum cost, respectively. Only one of these 4-bit service types can be set to 1. Can be all 0, if all 0, it means general service. The Service Type field declares how the datagram can be processed when it is transmitted by the network system. For example, the TELNET protocol may require minimal delay, the FTP protocol (data) may require maximum throughput, the SNMP protocol may require the highest reliability, and the NNTP (Network News Transfer Protocol) may require a minimum fee. The ICMP protocol may have no special requirements (all 4 bits are 0). In fact, most hosts ignore this field, but some dynamic routing protocols such as OSPF (Open Shortest Path First Protocol) and IS-IS (Intermediate System to Intermediate System Protocol) can make routing decisions based on the values of these fields.

總長度字段:占16比特。指明整個資料報的長度(以字節為單位)。最大長度為65535字節。 Total length field: 16 bits. Indicates the length of the entire datagram in bytes. The maximum length is 65535 bytes.

標誌字段:占16比特。用來唯一地標識主機發送的每一份資料報。通常每發一份報文,它的值會加1。 Flag field: 16 bits. Used to uniquely identify each datagram sent by the host. Usually every time a message is sent, its value is incremented by 1.

標誌位字段:占3比特。標誌一份資料報是否要求分段。 Flag bit field: 3 bits. Mark whether a data report requires segmentation.

段偏移字段:占13比特。如果一份資料報要求分段的話,此字段指明該段偏移距原始資料報開始的位置。 Segment offset field: 13 bits. If a datagram requires segmentation, this field indicates where the offset is from the beginning of the original datagram.

生存期(TTL:Time to Live)字段:占8比特。用來設置資料報最多可以經過的路由器數。由發送資料的源主機設置,通常為32、64、128等。每經過一個路由器,其值減1,直到0時該資料報被丟棄。 TTL: Time to Live field: 8 bits. Used to set the maximum number of routers that a datagram can pass. Set by the source host that sends the data, usually 32, 64, 128, and so on. Each time a router passes, its value is decremented by one until the datagram is discarded.

協議字段:占8比特。指明IP層所封裝的上層協議類型,如ICMP(1)、IGMP(2)、TCP(6)、UDP(17)等。 Protocol field: 8 bits. Indicates the upper layer protocol type encapsulated by the IP layer, such as ICMP (1), IGMP (2), TCP (6), UDP (17), and so on.

頭部校驗和字段:占16比特。內容是根據IP頭部計算得到的校驗和碼。計算方法是:對頭部中每個16比特進行二進制反碼求和。(和ICMP、IGMP、TCP、UDP不同,IP不對頭部後的資料進行校驗)。 Head checksum field: 16 bits. The content is a checksum code calculated from the IP header. The calculation method is: binary inversion of each 16 bits in the header. (Unlike ICMP, IGMP, TCP, and UDP, IP does not check the data after the header).

源IP位址、目標IP位址字段:各占32比特。用來標明發送IP資料報文的源主機位址和接收IP報文的目標主機位址。 Source IP address, target IP address field: each occupying 32 bits. It is used to indicate the source host address for sending IP data messages and the destination host address for receiving IP packets.

可選項字段:占32比特。用來定義一些任選項:如記錄路徑、時間戳等。這些選項很少被使用,同時並不是所有主機和路由器都支持這些選項。可選項字段的長度必須是32比特的整數倍,如果不足,必須填充0以達到此 長度要求。 Optional field: 32 bits. Used to define some options: such as record path, timestamp, etc. These options are rarely used and are not supported by all hosts and routers. The length of the optional field must be an integer multiple of 32 bits. If it is insufficient, it must be padded with 0 to achieve this. Length requirements.

UDP報頭文格式如表(4)所示: The format of the UDP header is shown in Table (4):

其中,源、目標端口號字段:占16比特。用來標識源端和目標端的應用進程。 Among them, the source and destination port number fields: 16 bits. Used to identify the application process of the source and target.

長度:占16比特,標明UDP報頭和UDP資料的長度。 Length: 16 bits, indicating the length of the UDP header and UDP data.

校驗和:占16比特,用來對UDP報頭和UDP資料進行校驗。 Checksum: 16 bits used to verify the UDP header and UDP data.

在本發明另一較佳的實施例中,步驟330包括: In another preferred embodiment of the present invention, step 330 includes:

子步驟331,獲取所述資料包對應的身份資訊。 Sub-step 331: Obtain identity information corresponding to the data packet.

如步驟330所述,在對資料包進行封裝之前,首先需要獲取資料包對應的身份資訊。一般而言,資料包對應的身份資訊可以為IP位址,如發送該資料包的客戶端的IP位址,也可以為用戶ID,如發送該資料包的用戶ID。當然,用戶身份也可以為其他可用的資訊,對此本發明實施例不加以限定。 As described in step 330, before encapsulating the data package, it is first necessary to obtain the identity information corresponding to the data package. Generally, the identity information corresponding to the data packet may be an IP address, such as an IP address of a client that sends the data packet, or a user ID, such as a user ID that sends the data packet. Of course, the user identity may also be other available information, which is not limited in this embodiment of the present invention.

在本發明另一較佳的實施例中,當所述身份資訊為IP位址時,子步驟351,包括: In another preferred embodiment of the present invention, when the identity information is an IP address, the sub-step 351 includes:

子步驟3311,在網路層解析所述資料包的IP報文頭,以獲取IP位址。 Sub-step 3311, parsing the IP packet header of the data packet at the network layer to obtain an IP address.

如果要獲取的身份資訊為IP位址,例如發送該資料 包的客戶端的IP位址。如表(1)所示,在TCP/IP協議的網路層支持IP協議,所以,在本發明實施例中,在網路層解析資料包的IP報文頭,從中獲取所需的IP位址。資料包的IP報文頭是資料包本身的IP報文頭,與在資料包之外再封裝的IP報文頭不相關,但是資料包本身的IP報文頭的結構也如表(3)所示,其中的源位址即為本發明實施例所要獲取的IP位址。對於具體的解析過程,可以採用現有技術中的任何一種可用的解析方法,對此本發明實施例不加以限定。 If the identity information to be obtained is an IP address, for example, send the data The IP address of the client of the package. As shown in Table (1), the IP layer is supported at the network layer of the TCP/IP protocol. Therefore, in the embodiment of the present invention, the IP packet header of the data packet is parsed at the network layer, and the required IP address is obtained therefrom. . The IP packet header of the data packet is the IP packet header of the data packet itself, and is not related to the IP packet header encapsulated outside the data packet, but the IP packet header structure of the data packet itself is also shown in Table (3). The source address is the IP address to be obtained in the embodiment of the present invention. For a specific analysis process, any one of the available analytical methods in the prior art may be used, and the embodiment of the present invention is not limited.

在本發明另一較佳的實施例中,當所述身份資訊為用戶ID時,子步驟331,包括: In another preferred embodiment of the present invention, when the identity information is a user ID, the sub-step 331 includes:

子步驟3312,將所述資料包暫存在網路層,同時將所述資料包向上發送至應用層。 Sub-step 3312, the data package is temporarily stored in the network layer, and the data packet is sent up to the application layer.

而如果要獲取的身份資訊為用戶ID時,例如發送該資料包的用戶ID,此時需要在應用層才可以獲取到用戶ID等資訊,所以在本發明實施例中會將資料包暫存在網路層的記憶體中,同時將資料包向上發送至應用層。在本發明實施例中網路層的IP資料包上傳至傳輸層,傳輸層解析TCP報文頭或者UDP報文頭後,將資料區的內容上傳至應用層。應用層對資料區的內容進行解析。 If the identity information to be obtained is the user ID, for example, the user ID of the data packet is sent, the information such as the user ID needs to be obtained at the application layer. Therefore, in the embodiment of the present invention, the data packet is temporarily stored in the network. In the memory of the road layer, the data packet is sent up to the application layer at the same time. In the embodiment of the present invention, the IP data packet of the network layer is uploaded to the transport layer, and after the transport layer parses the TCP packet header or the UDP packet header, the content of the data area is uploaded to the application layer. The application layer parses the content of the data area.

子步驟3313,在應用層解析所述資料包的資料區,以獲取所述資料包的用戶ID。 Sub-step 3313, parsing the data area of the data packet at the application layer to obtain the user ID of the data package.

在實際應用中,用戶ID等資訊被存放於資料包的資料區,將資料包發送至應用層後,則可以在應用層解析資 料包的資料區,獲取其中資料包的用戶ID。同樣對於具體的解析過程,可以採用現有技術中的任何一種可用的解析方法,對此本發明實施例也不加以限定。 In the actual application, information such as the user ID is stored in the data area of the data package, and after the data package is sent to the application layer, the application layer can be analyzed at the application layer. In the data area of the package, obtain the user ID of the package. For the specific parsing process, any available parsing method in the prior art may be used, and the embodiment of the present invention is not limited thereto.

子步驟332,根據所述身份資訊,選擇同一個五元組;所述五元組包括:源IP位址,目的IP位址,源端口,目的端口,傳輸協議類型;所述目的IP位址為服務實體對應的IP位址。 Sub-step 332, selecting the same five-tuple according to the identity information; the five-tuple includes: a source IP address, a destination IP address, a source port, a destination port, a transmission protocol type, and the destination IP address. The IP address corresponding to the service entity.

在實際應用中,五元組能夠區分不同的通訊,並且對應的通訊是唯一的。所以在本發明實施例中,會根據身份資訊,選擇同一個五元組與該身份資訊對應,則利用五元組,可以將不同的身份資訊對應的用戶終端完全區分開來。 In practical applications, the quintuple is able to distinguish between different communications and the corresponding communication is unique. Therefore, in the embodiment of the present invention, the same quintuple is selected according to the identity information, and the quintuple is used to completely distinguish the user terminals corresponding to different identity information.

在本發明實施例中,五元組包括的源IP位址是指用戶端的IP位址,目的IP位址為服務實體對應的IP位址,源端口為用戶終端發送資料包的端口,目的端口為服務實體接收資料包的端口,傳輸協議類型為發送資料包的具體的協議類型。 In the embodiment of the present invention, the source IP address included in the quintuple refers to the IP address of the user end, the destination IP address is the IP address corresponding to the service entity, and the source port is the port through which the user terminal sends the data packet, and the destination port. The port that receives the packet for the service entity. The transport protocol type is the specific protocol type for sending the packet.

源端口可以採用客戶端的端口的唯一標識ID,另外因為客戶端的IP位址唯一,可以使用客戶端IP位址的後2個字節作為源端口,當然也可以採用其他可利用的方式用以標識源端口,對此本發明實施例不加以限定。對於目的端口,使用固定的端口以唯一標記針對同一集群的資料包的目的端口。在本發明實施例中,傳輸協議類型和在資料包之外再封裝的頭部類型有關,例如,若傳輸協議類型 為UDP協議,則在資料包外再封裝一層IP報文頭和UDP報文頭;若傳輸協議類型為TCP協議,則在資料包外再封裝一層IP報文頭和TCP報文頭。 The source port can use the unique ID of the port of the client. In addition, because the IP address of the client is unique, the last 2 bytes of the client IP address can be used as the source port. Of course, other available methods can be used to identify the source port. The source port is not limited in this embodiment of the present invention. For the destination port, use a fixed port to uniquely tag the destination port for packets for the same cluster. In the embodiment of the present invention, the type of the transport protocol is related to the type of the header re-encapsulated outside the data packet, for example, if the transport protocol type For the UDP protocol, an IP packet header and a UDP packet header are encapsulated outside the data packet. If the transmission protocol type is TCP protocol, an IP packet header and a TCP packet header are encapsulated outside the data packet.

需要說明的是,在本發明實施例中,所針對的是由一組協同工作的服務實體組成的集群,而且在實際應用中,集群服務實體對外提供的統一的服務位址,是虛擬IP位址,也稱為集群VIP(Virtual IP,虛擬IP)位址,客戶端通過存取集群VIP位址獲取集群內部各服務實體的功能。所以上述的目的IP位址即為集群VIP位址,針對同一集群中的服務實體,五元組中的目的IP位址是一致的。 It should be noted that, in the embodiment of the present invention, a cluster consisting of a group of service entities working together is used, and in a practical application, the unified service address provided by the cluster service entity is a virtual IP address. Address, also known as the cluster VIP (Virtual IP) address, the client obtains the functions of each service entity in the cluster by accessing the cluster VIP address. Therefore, the destination IP address is the cluster VIP address, and the destination IP address in the quintuple is consistent for the service entity in the same cluster.

子步驟333,基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭。 Sub-step 333, based on the quintuple, re-encapsulating an IP packet header and a UDP packet header in addition to the data packet according to the rules of the network transmission protocol.

若要在資料包之外再封裝一層IP報文頭和UDP報文頭,則此時五元組中的傳輸協議類型為UDP協議,即在資料包之外是按照UDP協議的規則再封裝一層IP報文頭和UDP報文頭。根據表(3)和表(4)分別所示的IP報文頭結構和UDP報文頭結構可知,在實際應用中,五元組中的源IP位址、目的IP位址、傳輸協議類型分別與IP報文頭中的源位址、目的位址、協議一一對應,五元組中的源端口、目的端口分別與UDP報文頭中的源端口號、目的端口號一一對應。對於IP報文頭和UDP報文頭中其他部分的內容,本發明實施例不加以限定。 To encapsulate an IP packet header and a UDP packet header in addition to the data packet, the transport protocol type in the quintuple is UDP protocol, that is, in addition to the data packet, the IP packet is encapsulated according to the UDP protocol. Header and UDP header. According to the IP packet header structure and the UDP packet header structure shown in Tables (3) and (4), in the actual application, the source IP address, the destination IP address, and the transport protocol type in the quintuple are respectively The source address, the destination address, and the protocol in the IP packet header correspond to each other. The source port and the destination port in the quintuple group correspond to the source port number and the destination port number in the UDP packet header. For the content of the IP packet header and other parts of the UDP packet header, the embodiment of the present invention is not limited.

在本發明另一較佳的實施例中,步驟333包括: In another preferred embodiment of the present invention, step 333 includes:

子步驟A3331,將在應用層獲得的五元組發送至網路層。 Sub-step A3331, the quintuple obtained at the application layer is sent to the network layer.

由於對資料包進行封裝的操作需要在網路層進行,所以在本發明實施例中需要將在應用層獲得的五元組發送至網路層。如前述,若是根據用戶ID資訊獲取的五元組資訊,則可以是在應用層獲取的五元組,此時需要將在應用層獲得的五元組發送至網路層,而若是根據IP位址獲取的五元組,則可以是在網路層獲取的五元組,此時不需要本步驟的發送過程。當然,不管是根據何種類型的用戶資訊獲取的五元組,只要所獲得的五元組不在網路層,都需要將獲取的五元組發送至網路層。 Since the operation of encapsulating the data packet needs to be performed at the network layer, in the embodiment of the present invention, the quintuple obtained at the application layer needs to be sent to the network layer. As described above, if the quintuple information is obtained according to the user ID information, it may be a quintuple obtained at the application layer. In this case, the quintuple obtained at the application layer needs to be sent to the network layer, and if it is based on the IP bit. The quintuple obtained at the address may be a quintuple obtained at the network layer, and the sending process of this step is not needed at this time. Of course, regardless of the type of user information obtained by the quintuple, as long as the obtained quintuple is not at the network layer, the acquired quintuple needs to be sent to the network layer.

子步驟A3332,在網路層基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭。 Sub-step A3332, at the network layer, based on the quintuple, re-encapsulating an IP packet header and a UDP packet header in addition to the data packet according to the rules of the network transmission protocol.

在本發明實施例中,具體而言,是由網路層基於五元組,在資料包之外按照UDP協議的規則再封裝一層UDP報文頭,再按照UDP協議封裝一層IP報文頭。 In the embodiment of the present invention, specifically, the network layer is based on a quintuple, and a UDP packet header is further encapsulated according to the UDP protocol in the data packet, and then an IP packet header is encapsulated according to the UDP protocol.

當然,對於本發明實施例也可以在,在網路層基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭,其原理基本類似。 Certainly, in the embodiment of the present invention, the IP layer header and the TCP packet header are further encapsulated according to the rules of the network transmission protocol in the network layer based on the quintuple according to the quintuple. similar.

在本發明另一較佳的實施例中,步驟333包括: In another preferred embodiment of the present invention, step 333 includes:

子步驟B3331,將所述五元組中的源端口、目的端口封裝到所述資料包之外的UDP報文頭中。 Sub-step B3331, the source port and the destination port in the quintuple are encapsulated into a UDP packet header other than the data packet.

具體而言,是將五元組中的源端口、目的端口分別封裝到資料包之外的UDP報文頭中的源端口號、目的端口號中。對於UDP報文頭中的其他部分的資料內容,可以採用任意一種UDP報文頭適用的資料,對此本發明實施例不加以限定。 Specifically, the source port and the destination port in the quintuple are respectively encapsulated into a source port number and a destination port number in a UDP packet header other than the data packet. For the data content of other parts in the UDP packet header, any type of data applicable to the UDP packet header may be used, which is not limited in this embodiment of the present invention.

子步驟B3332,將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 Sub-step B3332, the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP packet header other than the data packet.

具體而言,是將五元組中的源IP位址、目的IP位址、傳輸協議類型分別封裝到資料包之外的IP報文頭中的源端口號、目的端口號、協議中。對於IP報文頭中的其他部分的資料,可以採用可任意一種IP報文頭可適用的資料,對此本發明實施例也不加以限定。 Specifically, the source IP address, the destination IP address, and the transport protocol type in the quintuple are respectively encapsulated into a source port number, a destination port number, and a protocol in an IP packet header other than the data packet. For the data of other parts in the IP packet header, the data can be applied to any of the IP packet headers, and the embodiment of the present invention is not limited.

在本發明的另一較佳的實施例中,所述子步驟332包括: In another preferred embodiment of the present invention, the sub-step 332 includes:

子步驟3321,在應用層根據所述身份資訊,選擇同一個五元組。 Sub-step 3321, the application layer selects the same five-tuple according to the identity information.

在實際應用中,五元組所包含的資訊存在於應用層中,所以可以在應用層根據所述身份資訊,選擇同一個五元組。 In practical applications, the information contained in the quintuple exists in the application layer, so the same quintuple can be selected at the application layer according to the identity information.

則在子步驟332之後,還包括: Then after sub-step 332, the method further includes:

子步驟334,將在應用層獲得的五元組發送至網路層。 Sub-step 334, the quintuple obtained at the application layer is sent to the network layer.

因為具體的根據五元組對資料包進行封裝的過程在網 路層執行,所以需要將在應用層獲得的五元組發送至網路層。本步驟在子步驟353之前執行。 Because the specific process of encapsulating the data packet according to the quintuple is on the net. The layer is executed, so the quintuple obtained at the application layer needs to be sent to the network layer. This step is performed before sub-step 353.

步驟340,將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 Step 340: Forward the data package encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

經過前述步驟可知,在本發明實施例中,針對同一客戶端的資料包的五元組是一致的,另外,因為同一客戶端的IP位址是唯一的,不同客戶端的IP位址是不同的,所以針對不同客戶端的資料包的五元組是不一致的。 Through the foregoing steps, in the embodiment of the present invention, the quintuple of the data packet for the same client is consistent, and because the IP address of the same client is unique, the IP addresses of different clients are different, so The quintuple of packets for different clients is inconsistent.

在本發明實施例中,可以根據五元組,預先設定負責應對不同客戶端的服務實體。在實際應用中,可以利用交換機的HASH策略保證將同一五元組的資料包發送到與該五元組對應的服務實體上。 In the embodiment of the present invention, a service entity responsible for responding to different clients may be preset according to a quintuple. In practical applications, the switch's HASH policy can be used to ensure that the same 5-tuple data packet is sent to the service entity corresponding to the quintuple.

步驟350,解除所述資料包之外按照網路傳輸協議的規則封裝的協議頭部。 Step 350: Release the protocol header encapsulated according to the rules of the network transmission protocol outside the data packet.

在本發明實施例中,即解除資料包之外封裝的IP報文頭和UDP報文頭,當然,若是在資料包之外封裝的協議頭部為IP報文頭和TCP報文頭,則此時是解除資料包之外封裝的協議頭部為IP報文頭和TCP報文頭。 In the embodiment of the present invention, the IP packet header and the UDP packet header encapsulated in the data packet are removed. Of course, if the protocol header encapsulated in the data packet is an IP packet header and a TCP packet header, the time is released. The protocol header encapsulated outside the data packet is an IP packet header and a TCP packet header.

另外,在本發明實施例中,可以採用現有的任何一種解封裝方法,解除資料包之外按照網路傳輸協議的規則封裝的協議頭部,對此本發明不加以限定。 In addition, in the embodiment of the present invention, any of the existing decapsulation methods may be used to release the protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, and the present invention is not limited thereto.

步驟360,獲取所述資料包的身份資訊。 Step 360: Obtain identity information of the data package.

該步驟與前述的子步驟331類似,在此不再贅述。 This step is similar to the foregoing sub-step 331 and will not be described again.

步驟370,判斷所述身份資訊對應的流量是否超過到流量閾值;如果所述身份資訊對應的流量超過流量閾值,則進入步驟380;而若所述身份資訊對應的流量超過流量閾值,則保留該身份資訊對應的資料包。 Step 370: Determine whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds the traffic threshold, proceed to step 380; and if the traffic corresponding to the identity information exceeds the traffic threshold, retain the The information package corresponding to the identity information.

其中的流量閾值是可以根據實際情況預先設置,對此本發明實施例不加以限定。身份資訊對應的流量是指該身份資訊對應的資料包的流量,也即身份資訊對應的客戶端的資料包的流量。若身份資訊對應的流量超過流量閾值,則將身份資訊對應的資料包丟棄,若身份資訊對應的流量未超過流量閾值,則保留身份資訊對應的資料包。 The traffic threshold is not limited in this embodiment of the present invention. The traffic corresponding to the identity information refers to the traffic of the data packet corresponding to the identity information, that is, the traffic of the data packet of the client corresponding to the identity information. If the traffic corresponding to the identity information exceeds the traffic threshold, the data packet corresponding to the identity information is discarded. If the traffic corresponding to the identity information does not exceed the traffic threshold, the data packet corresponding to the identity information is retained.

例如,若用戶A購買的帶寬是50M/s,即流量閾值為50M/s。在用戶A對應的終端設備收到當前資料包後,根據當前時刻到之前的1秒內收到的資料包記錄,計算該用戶A的流量速度是否大於50M/s,如果大於,則丟棄該資料包,如果不大於,則保留該資料包。 For example, if user A purchases a bandwidth of 50 M/s, the traffic threshold is 50 M/s. After receiving the current data packet, the terminal device corresponding to the user A calculates whether the traffic speed of the user A is greater than 50 M/s according to the data packet received within 1 second before the current time. If it is greater than, the data is discarded. The package, if not greater, retains the package.

在本發明另一較佳的實施例中,當所述身份資訊為IP位址時,步驟370包括: In another preferred embodiment of the present invention, when the identity information is an IP address, step 370 includes:

子步驟371,查找所述IP位址對應的用戶ID。 Sub-step 371, searching for a user ID corresponding to the IP address.

在實際應用中,流量閾值一般是和用戶ID對應的,所以在本發明實施例中,根據IP位址查找與之對應的用戶ID。其中,IP位址與用戶ID的對應關係是預置的,可以預先放置在一配置文件中,或者是通過其他方式儲存,對此本發明實施例不加以限定。 In a practical application, the traffic threshold is generally corresponding to the user ID. Therefore, in the embodiment of the present invention, the user ID corresponding to the IP address is searched according to the IP address. The corresponding relationship between the IP address and the user ID is preset, and may be pre-placed in a configuration file or stored in another manner, which is not limited in this embodiment of the present invention.

子步驟372,根據所述用戶ID查找對應的流量閾 值。 Sub-step 372, searching for a corresponding traffic threshold according to the user ID value.

用戶ID與流量閾值的對應關係是預置的,可以預先儲存於一配置文件中,或者是通過其他方式儲存,對此本發明實施例不加以限定。 The corresponding relationship between the user ID and the traffic threshold is preset, and may be stored in a configuration file in advance, or may be stored in other manners.

另外,在本發明實施例中,可以將用戶與流量閾值的對應關係和上述的IP位址與用戶ID的對應關係儲存於同一配置文件中,也可以儲存與不同的配置文件中,或者是利用不同的儲存方式,對此本發明實施例也不加以限制。 In addition, in the embodiment of the present invention, the correspondence between the user and the traffic threshold and the corresponding relationship between the IP address and the user ID may be stored in the same configuration file, or may be stored in different configuration files, or utilized. The storage method of the present invention is not limited to the different storage methods.

子步驟373,計算所述IP位址對應的流量是否超過所述流量閾值;如果所述IP位址對應的流量超過所述流量閾值,則進入步驟3110。 Sub-step 373: Calculate whether the traffic corresponding to the IP address exceeds the traffic threshold; if the traffic corresponding to the IP address exceeds the traffic threshold, proceed to step 3110.

此時,IP位址對應的流量是指IP位址對應的資料包的流量,也即IP位址對應的客戶端的資料包的流量。 At this time, the traffic corresponding to the IP address refers to the traffic of the data packet corresponding to the IP address, that is, the traffic of the data packet of the client corresponding to the IP address.

步驟380,丟棄所述資料包。 In step 380, the data packet is discarded.

若資料包的流量超過對應的流量閾值,則會將該資料包從客戶端的流量中刪除,以保證客戶端的網路速度在瀏覽閾值之內。 If the traffic of the packet exceeds the corresponding traffic threshold, the packet is deleted from the client's traffic to ensure that the client's network speed is within the browsing threshold.

在本發明實施例中,同樣在不需要增加系統複雜度的情況下,通過將不是由自身負責應對的客戶端的資料包,轉發給同一集群中負責應對該資料包所屬客戶端的服務實體,從而保證同一客戶端的流量落到同一台服務實體上,然後在該服務實體上,基於對應資料包的身份資訊,對該客戶端的資料包進行限速處理。相對於現有的集群限速三類方案,在不增加系統複雜度以及成本的同時,提高了集 群限速的適用性、可操作性,以及精確性。 In the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster that is responsible for responding to the client to which the data packet belongs, so as to ensure that the complexity of the system is not increased. The traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. Compared with the existing three types of cluster speed limit schemes, the set is improved without increasing system complexity and cost. Group speed limit applicability, operability, and accuracy.

另外,在本發明實施例中,通過在服務實體接收到的由客戶端發送的資料包之外封裝一層IP報文頭和UDP報文頭,然後再將封裝後的資料包轉發至負責應對該資料包所屬的客戶端的服務實體中,從而可以在不需要建立連接的情況下,將資料包轉發至相應地服務實體中,進一步提高了集群限速的適用性、可操作性以及精確性。而且對於封裝了IP報文頭和TCP報文頭的資料包,則需要先在接收的服務實體以及轉發的服務實體之間建立連接,才可以在其兩者之間轉發,所以相對於實施例二中在資料包外封裝IP報文頭和TCP報文頭的方式,本發明實施例所述的在資料包之外封裝IP報文頭和UDP報文頭的方式適應性、可操作性以及效率都更高。 In addition, in the embodiment of the present invention, an IP packet header and a UDP packet header are encapsulated by the data packet sent by the client, which is received by the service entity, and then the encapsulated data packet is forwarded to the responsible packet. In the service entity of the client, the data packet can be forwarded to the corresponding service entity without establishing a connection, which further improves the applicability, operability and accuracy of the cluster speed limit. Moreover, for the data packet encapsulating the IP packet header and the TCP packet header, the connection between the received service entity and the forwarded service entity needs to be established before being forwarded between the two, so that in the second embodiment, The manner of encapsulating the IP packet header and the UDP packet header in the data packet is more adaptable, operability and efficiency in the manner of encapsulating the IP packet header and the TCP packet header in the data packet.

需要說明的是,對於方法實施例,為了簡單描述,故將其都表述為一系列的動作組合,但是本領域技術人員應該知悉,本發明實施例並不受所描述的動作順序的限制,因為依據本發明實施例,某些步驟可以採用其他順序或者同時進行。其次,本領域技術人員也應該知悉,說明書中所描述的實施例均屬□較佳實施例,所涉及的動作並不一定是本發明實施例所必須的。 It should be noted that, for the method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the embodiments of the present invention are not limited by the described action sequence, because In accordance with embodiments of the invention, certain steps may be performed in other sequences or concurrently. In the following, those skilled in the art should also understand that the embodiments described in the specification are preferred embodiments, and the actions involved are not necessarily required by the embodiments of the present invention.

實施例四 Embodiment 4

參照圖4,示出了本發明的一種集群精確限速裝置實施例的結構方塊圖,該集群包括至少一個交換機410和多 個服務實體420,每個服務實體具體可以包括如下模組:接收模組421,適於接收資料包。 Referring to FIG. 4, there is shown a block diagram of an embodiment of a cluster precise speed limit device of the present invention, the cluster including at least one switch 410 and more Each of the service entities 420 may include a module: a receiving module 421 adapted to receive a data package.

判斷模組422,適於判斷所述資料包是否為由自身負責應對的客戶端的資料包。如果所述資料包不是由自身負責應對的客戶端的資料包,則進入轉發模組423;如果所述資料包是由自身負責應對的客戶端的資料包,則進入限速模組424。 The determining module 422 is adapted to determine whether the data package is a data package of a client that is responsible for the response. If the data package is not the data package of the client that is responsible for the response, the data is forwarded to the forwarding module 423; if the data package is the data package of the client that is responsible for the response, the data entry is entered into the speed limit module 424.

轉發模組423,適於將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體。 The forwarding module 423 is adapted to forward the data package to a service entity responsible for responding to the client to which the data package belongs.

在本發明另一較佳的實施例中,所述轉發模組,包括:封裝子模組,適於基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部。 In another preferred embodiment of the present invention, the forwarding module includes: a package sub-module adapted to be based on the identity information of the data packet, and in addition to the data packet, according to a network transmission protocol. The rule encapsulates the protocol header.

轉發子模組,適於將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 The forwarding submodule is adapted to forward the data packet encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs by using the switch.

限速模組424,適於基於所述資料包的身份資訊,對所述資料包進行限速處理。 The rate limiting module 424 is adapted to perform rate limiting processing on the data packet based on the identity information of the data packet.

在本發明實施例中,在不需要增加系統複雜度的情況下,通過將不是由自身負責應對的客戶端的資料包,轉發給同一集群中負責應對該資料包所屬客戶端的服務實體,從而保證同一客戶端的流量落到同一台服務實體上,然後在該服務實體上,基於對應資料包的身份資訊,對該客戶端的資料包進行限速處理,因此本發明具備以下優點:首先,相對背景技術的第一類方案,本發明實施例不 用單獨在集群內設置一個流控實體對整個集群內的服務實體進行限速,不會應為該流控實體的故障而影響整個集群的正常工作,適用性強。而且,也不存在流控實體與服務實體之間大量的通訊以決策給每個服務實體下發的限速大小,僅僅是服務實體之間的資料包的簡單轉發,複雜度低。 In the embodiment of the present invention, by not adding the complexity of the system, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster responsible for responding to the client to which the data packet belongs, thereby ensuring the same The traffic of the client falls on the same service entity, and then the speed limit processing is performed on the data packet of the client based on the identity information of the corresponding data packet on the service entity. Therefore, the present invention has the following advantages: First, relative to the background art The first type of solution, the embodiment of the present invention does not By setting a flow control entity in a cluster to limit the rate of service entities in the entire cluster, it is not necessary to affect the normal operation of the entire cluster for the failure of the flow control entity, and the applicability is strong. Moreover, there is also a large amount of communication between the flow control entity and the service entity to determine the speed limit for each service entity, and only the simple forwarding of the data packets between the service entities is low.

其次,相對背景技術的第二類方案,本發明實施例由於同一個客戶端的資料包由同一個服務實體負責對其進行具體的業務邏輯處理,決定對其進行下一步處理還是丟棄,因此,可以精確控制每個客戶端的流量,可操作性高。 Secondly, with respect to the second type of solution of the background technology, the embodiment of the present invention is responsible for performing specific business logic processing on the data packet of the same client by the same service entity, and determining whether to perform the next processing or discarding, so Precise control of traffic to each client, high operability.

再次,相對背景技術的第三類方案,本發明實施例在集群的原有架構下,對資料包的處理流程做了改進,將各個服務實體接收到的同一客戶端的資料包,轉發到了同一個服務實體進行限速處理,未增加系統複雜度,也沒有採用額外的硬體設施,沒有增加硬體成本。並且,本發明實施例僅利用集群自身的計算功能,即實現了對同一客戶端的流量的限速處理,可以適用於任意規模的集群,適用性更廣。 The third embodiment of the present invention, the embodiment of the present invention improves the processing flow of the data packet under the original architecture of the cluster, and forwards the data packet of the same client received by each service entity to the same The service entity performs speed limit processing without increasing system complexity, and does not use additional hardware facilities, and does not increase hardware costs. Moreover, the embodiment of the present invention only utilizes the computing function of the cluster itself, that is, the speed limit processing of the traffic of the same client is implemented, and can be applied to a cluster of any size, and has wider applicability.

總之,相對於背景技術的集群限速三類方案,在不增加系統複雜度以及成本的同時,提高了集群限速的適用性、可操作性,以及精確性。 In summary, compared with the background technology, the three types of rate limiting schemes improve the applicability, operability, and accuracy of the cluster speed limit without increasing system complexity and cost.

實施例五 Embodiment 5

參照圖5,示出了本發明的一種集群精確限速裝置實施例的結構方塊圖,該集群包括至少一個交換機510和多個服務實體520,每個服務實體具體可以包括如下模組:接收模組521,適於接收資料包。 Referring to FIG. 5, a block diagram of an embodiment of a cluster-precision speed limiter according to the present invention is shown. The cluster includes at least one switch 510 and a plurality of service entities 520. Each service entity may specifically include the following module: a receiving module. Group 521 is adapted to receive a data package.

判斷模組522,適於判斷所述資料包是否為由自身負責應對的客戶端的資料包;如果所述資料包不是由自身負責應對的客戶端的資料包,則進入轉發模組523;如果所述資料包是由自身負責應對的客戶端的資料包,則進入限速模組524。 The determining module 522 is adapted to determine whether the data package is a data package of a client that is responsible for the response; if the data package is not a data package of the client that is responsible for the response, the data packet is entered into the forwarding module 523; The data package is the data package of the client that is responsible for the response, and then enters the speed limit module 524.

轉發模組523,適於將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體,具體包括:封裝子模組5231,適於基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部,具體包括:第二封裝子模組52311,適於基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 The forwarding module 523 is adapted to forward the data packet to a service entity responsible for responding to the client to which the data packet belongs, and specifically includes: a package submodule 5231, adapted to be based on the identity information of the data package, in the data The packet header is encapsulated according to the rules of the network transmission protocol, and specifically includes: a second encapsulation submodule 52311, adapted to be based on the identity information of the data packet, in accordance with the network transmission protocol outside the data packet. The rules further encapsulate a layer of IP packet headers and TCP packet headers.

在本發明另一較佳的實施例中,第二封裝子模組52311,包括:身份資訊獲取子模組,適於獲取所述資料包對應的身份資訊。 In another preferred embodiment of the present invention, the second package sub-module 52311 includes: an identity information acquisition sub-module, configured to acquire identity information corresponding to the data package.

五元組選擇子模組,適於根據所述身份資訊,選擇同一個五元組;所述五元組包括:源IP位址,目的IP位址,源端口,目的端口,傳輸協議類型;所述目的IP位 址為服務實體對應的IP位址。 The quintuple selection sub-module is adapted to select the same five-tuple according to the identity information; the quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transmission protocol type; The destination IP bit The address is the IP address corresponding to the service entity.

第二報文頭封裝子模組,適於基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 The second packet header encapsulating sub-module is adapted to further encapsulate an IP packet header and a TCP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple.

在本發明另一較佳的實施例中,所述第二報文頭封裝子模組,包括:第二端口封裝子模組,適於將所述五元組中的源端口、目的端口封裝到所述資料包之外的TCP報文頭中。 In another preferred embodiment of the present invention, the second packet header submodule includes: a second port encapsulation submodule, configured to encapsulate the source port and the destination port in the quintuple The TCP packet header outside the data packet.

IP位址封裝子模組,適於將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 The IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into an IP packet header outside the data packet.

轉發子模組5232,適於將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 The forwarding submodule 5232 is adapted to forward the data packet encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

限速模組524,適於基於所述資料包的身份資訊,對所述資料包進行限速處理。 The speed limit module 524 is adapted to perform rate limiting processing on the data packet based on the identity information of the data package.

在本發明實施例中,同樣在不需要增加系統複雜度的情況下,通過將不是由自身負責應對的客戶端的資料包,轉發給同一集群中負責應對該資料包所屬客戶端的服務實體,從而保證同一客戶端的流量落到同一台服務實體上,然後在該服務實體上,基於對應資料包的身份資訊,對該客戶端的資料包進行限速處理。相對於現有的集群限速三類方案,在不增加系統複雜度以及成本的同時,提高了集群限速的適用性、可操作性,以及精確性。 In the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster that is responsible for responding to the client to which the data packet belongs, so as to ensure that the complexity of the system is not increased. The traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. Compared with the existing three types of cluster speed limit schemes, the applicability, operability, and accuracy of the cluster speed limit are improved without increasing system complexity and cost.

另外,在本發明實施例中,通過在服務實體接收到的由客戶端發送的資料包之外封裝一層IP報文頭和TCP報文頭,然後再將封裝後的資料包轉發至負責應對該資料包所屬的客戶端的服務實體中,相對於UDP而言,本發明實施例需要在實體之間建立連接,可以進一步保證資料包中資料的準確性,將資料包準確地轉發至相應地服務實體中,進一步提高了集群限速的精確性。 In addition, in the embodiment of the present invention, an IP packet header and a TCP packet header are encapsulated by the data packet sent by the client, and then the encapsulated data packet is forwarded to the responsible packet. In the service entity of the client, the embodiment of the present invention needs to establish a connection between the entities, which can further ensure the accuracy of the data in the data packet, and accurately forward the data packet to the corresponding service entity. The accuracy of the cluster speed limit is further improved.

實施例六 Embodiment 6

參照圖6,示出了本發明的一種集群精確限速裝置實施例的結構方塊圖,該集群包括至少一個交換機610和多個服務實體620,每個服務實體具體可以包括如下模組:接收模組621,適於接收資料包。 Referring to FIG. 6, a block diagram of an embodiment of a cluster-precision speed limiter according to the present invention is shown. The cluster includes at least one switch 610 and a plurality of service entities 620. Each service entity may specifically include the following module: a receiving module. Group 621 is adapted to receive a data package.

判斷模組622,適於判斷所述資料包是否為由自身負責應對的客戶端的資料包;如果所述資料包不是由自身負責應對的客戶端的資料包,則進入轉發模組623;如果所述資料包是由自身負責應對的客戶端的資料包,則進入限速模組624。具體包括:判斷子模組6221,適於判斷所述資料包是由服務實體轉發的資料包還是由客戶端發送的資料包;如果所述資料包是由服務實體轉發的資料包,則確認所述資料包是自身負責應對的客戶端的資料包,然後進入限速模組624;如果所述資料包是由客戶端發送的資料包,則確認所述資料包不是由自身負責應對的客戶端的資料包,然後進入轉 發模組623。 The determining module 622 is adapted to determine whether the data package is a data package of a client that is responsible for the response; if the data package is not a data package of the client that is responsible for the response, the data packet is forwarded to the forwarding module 623; The data package is a data package of the client that is responsible for the response, and enters the speed limit module 624. Specifically, the determining submodule 6221 is adapted to determine whether the data packet is a data packet forwarded by the service entity or a data packet sent by the client; if the data packet is a data packet forwarded by the service entity, the confirmation The data package is a data package of the client that is responsible for the response, and then enters the speed limit module 624; if the data package is a data package sent by the client, it is confirmed that the data package is not the data of the client that is responsible for the response. Package, then enter Hair module 623.

在本發明另一較佳的實施例中,判斷子模組6221,包括:協議頭部判斷子模組,適於針對任一資料包,判斷在所述資料包之外是否存在按照網路傳輸協議的規則封裝的協議頭部;如果在所述資料包之外存在按照網路傳輸協議的規則封裝的協議頭部,則確認所述資料包是自身負責應對的客戶端的資料包,然後進入限速模組624;如果在所述資料包之外不存在按照網路傳輸協議的規則封裝的協議頭部,則確認所述資料包不是由自身負責應對的客戶端的資料包,然後進入轉發模組623。 In another preferred embodiment of the present invention, the determining sub-module 6221 includes: a protocol header determining sub-module, and is adapted to determine, according to any data packet, whether there is any transmission according to the network outside the data packet. The protocol header of the protocol of the protocol; if there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is a data packet of the client that is responsible for the response, and then enters the limit The speed module 624; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is not the data packet of the client that is responsible for the response, and then enters the forwarding module. 623.

轉發模組623,適於將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體,具體包括:封裝子模組6231,適於基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部,具體包括:第一封裝子模組62311,適於基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭。 The forwarding module 623 is adapted to forward the data package to a service entity responsible for responding to the client to which the data package belongs, and specifically includes: a package sub-module 6231, adapted to be based on identity information of the data package, in the data The packet header is encapsulated according to the rules of the network transmission protocol, and specifically includes: a first encapsulation submodule 62311, adapted to be based on the identity information of the data packet, in accordance with a network transmission protocol outside the data packet. The rules further encapsulate a layer of IP headers and UDP headers.

轉發子模組6232,適於將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 The forwarding sub-module 6232 is adapted to forward the data packet encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs.

在本發明另一較佳的實施例中,第一封裝子模組62311,包括: 身份資訊獲取子模組,適於獲取所述資料包對應的身份資訊。 In another preferred embodiment of the present invention, the first package sub-module 62311 includes: The identity information obtaining sub-module is adapted to obtain identity information corresponding to the data packet.

在本發明另一較佳的實施例中,當所述身份資訊為IP位址時,所述身份資訊獲取子模組包括:第一身份資訊獲取子模組,適於在網路層解析所述資料包的IP報文頭,以獲取IP位址。 In another preferred embodiment of the present invention, when the identity information is an IP address, the identity information obtaining submodule includes: a first identity information acquiring submodule, which is adapted to be analyzed at a network layer. The IP packet header of the data packet to obtain the IP address.

當所述身份資訊為用戶ID時,所述身份資訊獲取子模組包括:向上發送子模組,適於將所述資料包暫存在網路層,同時將所述資料包向上發送至應用層。 When the identity information is a user ID, the identity information obtaining sub-module includes: an uplink sending sub-module, configured to temporarily store the data packet in a network layer, and send the data packet to an application layer .

第二身份資訊獲取子模組,適於在應用層解析所述資料包的資料區,以獲取所述資料包的用戶ID。 The second identity information obtaining submodule is adapted to parse the data area of the data packet at the application layer to obtain a user ID of the data packet.

五元組選擇子模組,適於根據所述身份資訊,選擇同一個五元組;所述五元組包括:源IP位址,目的IP位址,源端口,目的端口,傳輸協議類型;所述目的IP位址為服務實體對應的IP位址。 The quintuple selection sub-module is adapted to select the same five-tuple according to the identity information; the quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transmission protocol type; The destination IP address is an IP address corresponding to the service entity.

第一報文頭封裝子模組,適於基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭。 The first packet header encapsulating sub-module is adapted to further encapsulate an IP packet header and a UDP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple.

在本發明另一個在本發明另一較佳的實施例中實施例中,所述五元組選擇子模組,包括:應用層五元組選擇子模組,適於在應用層根據所述身份資訊,選擇同一個五元組。 In another embodiment of the present invention, in another embodiment of the present invention, the quintuple submodule includes: an application layer quintuple submodule, which is adapted to be applied at an application layer according to the Identity information, choose the same five-tuple.

則在應用層五元組選擇子模組之後,還包括: 發送子模組,適於將在應用層獲得的五元組發送至網路層。 After the application layer quintuple selects the sub-module, it also includes: The sending submodule is adapted to send the quintuple obtained at the application layer to the network layer.

在本發明另一個在本發明另一較佳的實施例中實施例中,所述第一報文頭封裝子模組,包括:第一端口封裝子模組,適於將所述五元組中的源端口、目的端口封裝到所述資料包之外的UDP報文頭中。 In another embodiment of the present invention, the first packet header submodule includes: a first port encapsulation submodule, adapted to be in the quintuple The source port and the destination port are encapsulated in a UDP packet header other than the data packet.

IP位址封裝子模組,適於將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 The IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into an IP packet header outside the data packet.

限速模組624,適於基於所述資料包的身份資訊,對所述資料包進行限速處理。具體包括:解除子模組6241,適於解除所述資料包之外按照網路傳輸協議的規則封裝的協議頭部。 The rate limiting module 624 is adapted to perform rate limiting processing on the data packet based on identity information of the data packet. Specifically, the method includes: releasing the sub-module 6241, and is adapted to release a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet.

資料包身份資訊獲取子模組6242,適於獲取所述資料包的身份資訊。 The packet identity information obtaining sub-module 6242 is adapted to obtain identity information of the data packet.

流量判斷子模組6243,適於判斷所述身份資訊對應的流量是否超過到流量閾值;如果所述身份資訊對應的流量超過流量閾值,則進入丟棄子模組6244。 The traffic judging sub-module 6243 is adapted to determine whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds a traffic threshold, the discarding sub-module 6244 is entered.

在本發明另一較佳的實施例中,當所述身份資訊為IP位址時,所述流量判斷子模組,包括:用戶ID查找子模組,適於查找所述IP位址對應的用戶ID。 In another preferred embodiment of the present invention, when the identity information is an IP address, the traffic judgment sub-module includes: a user ID search sub-module, and is adapted to search for the IP address corresponding to the IP address. User ID.

流量閾值查找子模組,適於根據所述用戶ID查找對應的流量閾值。 The traffic threshold search sub-module is adapted to search for a corresponding traffic threshold according to the user ID.

第一流量判斷子模組,適於計算所述IP位址對應的流量是否超過所述流量閾值。如果所述IP位址對應的流量超過所述流量閾值,則進入丟棄子模組6244。 The first traffic judging sub-module is adapted to calculate whether the traffic corresponding to the IP address exceeds the traffic threshold. If the traffic corresponding to the IP address exceeds the traffic threshold, the discarding sub-module 6244 is entered.

丟棄子模組6244,適於丟棄所述資料包。 The discarding sub-module 6244 is adapted to discard the data packet.

在本發明實施例中,同樣在不需要增加系統複雜度的情況下,通過將不是由自身負責應對的客戶端的資料包,轉發給同一集群中負責應對該資料包所屬客戶端的服務實體,從而保證同一客戶端的流量落到同一台服務實體上,然後在該服務實體上,基於對應資料包的身份資訊,對該客戶端的資料包進行限速處理。相對於現有的集群限速三類方案,在不增加系統複雜度以及成本的同時,提高了集群限速的適用性、可操作性,以及精確性。 In the embodiment of the present invention, the data packet of the client that is not responsible for the response is forwarded to the service entity in the same cluster that is responsible for responding to the client to which the data packet belongs, so as to ensure that the complexity of the system is not increased. The traffic of the same client falls on the same service entity, and then the data packet of the client is subjected to rate limiting processing based on the identity information of the corresponding data packet. Compared with the existing three types of cluster speed limit schemes, the applicability, operability, and accuracy of the cluster speed limit are improved without increasing system complexity and cost.

另外,在本發明實施例中,通過在服務實體接收到的由客戶端發送的資料包之外封裝一層IP報文頭和UDP報文頭,然後再將封裝後的資料包轉發至負責應對該資料包所屬的客戶端的服務實體中,從而可以在不需要建立連接的情況下,將資料包轉發至相應地服務實體中,進一步提高了集群限速的適用性、可操作性以及精確性。而且對於封裝了IP報文頭和TCP報文頭的資料包,則需要先在接收的服務實體以及轉發的服務實體之間建立連接,才可以在其兩者之間轉發,所以相對於實施例二中在資料包外封裝IP報文頭和TCP報文頭的方式,本發明實施例所述的在資料包之外封裝IP報文頭和UDP報文頭的方式適應性、可操作性以及效率都更高。 In addition, in the embodiment of the present invention, an IP packet header and a UDP packet header are encapsulated by the data packet sent by the client, which is received by the service entity, and then the encapsulated data packet is forwarded to the responsible packet. In the service entity of the client, the data packet can be forwarded to the corresponding service entity without establishing a connection, which further improves the applicability, operability and accuracy of the cluster speed limit. Moreover, for the data packet encapsulating the IP packet header and the TCP packet header, the connection between the received service entity and the forwarded service entity needs to be established before being forwarded between the two, so that in the second embodiment, The manner of encapsulating the IP packet header and the UDP packet header in the data packet is more adaptable, operability and efficiency in the manner of encapsulating the IP packet header and the TCP packet header in the data packet.

對於裝置實施例而言,由於其與方法實施例基本相似,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。 For the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.

本說明書中的各個實施例均採用遞進的方式描述,每個實施例重點說明的都是與其他實施例的不同之處,各個實施例之間相同相似的部分互相參見即可。 The various embodiments in the present specification are described in a progressive manner, and each embodiment focuses on differences from other embodiments, and the same similar parts between the various embodiments can be referred to each other.

本領域內的技術人員應明白,本發明實施例的實施例可提供為方法、裝置、或電腦程式產品。因此,本發明實施例可採用完全硬體實施例、完全軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本發明實施例可採用在一個或多個其中包含有電腦可用程式代碼的電腦可用儲存媒介(包括但不限於磁盤儲存器、CD-ROM、光學儲存器等)上實施的電腦程式產品的形式。 Those skilled in the art will appreciate that embodiments of the embodiments of the invention may be provided as a method, apparatus, or computer program product. Thus, embodiments of the invention may take the form of a complete hardware embodiment, a full software embodiment, or an embodiment combining soft and hardware aspects. Moreover, embodiments of the present invention may employ computer program products implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable code. form.

在一個典型的配置中,所述電腦設備包括一個或多個處理器(CPU)、輸入/輸出介面、網路介面和記憶體。記憶體可能包括電腦可讀媒介中的非永久性儲存器,隨機存取儲存器(RAM)及/或非易失性記憶體等形式,如只讀儲存器(ROM)或快閃記憶體(flash RAM)。記憶體是電腦可讀媒介的示例。電腦可讀媒介包括永久性和非永久性、可行動和非可行動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、資料結構、程式的模組或其他資料。電腦的儲存媒介的例子包括,但不限於相變記憶體(PRAM)、靜態隨機存取儲存器(SRAM)、動態隨機存取儲存器(DRAM)、其他類型的隨機存取儲存器 (RAM)、只讀儲存器(ROM)、電可抹除可編程只讀儲存器(EEPROM)、快閃記憶體或其他記憶體技術、只讀光碟只讀儲存器(CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、卡式磁帶,磁帶磁磁盤儲存或其他磁性儲存設備或任何其他非傳輸媒介,可用於儲存可以被計算設備存取的資訊。按照本文中的界定,電腦可讀媒介不包括非持續性的電腦可讀媒體(transitory media),如調變的資料信號和載波。 In a typical configuration, the computer device includes one or more processors (CPUs), input/output interfaces, a network interface, and memory. The memory may include non-persistent storage in a computer readable medium, in the form of random access memory (RAM) and/or non-volatile memory, such as read only memory (ROM) or flash memory ( Flash RAM). Memory is an example of a computer readable medium. Computer readable media including both permanent and non-permanent, actionable and non-removable media can be stored by any method or technology. Information can be computer readable instructions, data structures, modules of programs, or other materials. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory. (RAM), read-only memory (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, read-only optical disk read-only memory (CD-ROM), digital A versatile disc (DVD) or other optical storage, cassette, magnetic tape storage or other magnetic storage device or any other non-transportable medium can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-persistent computer readable media, such as modulated data signals and carrier waves.

本發明實施例是參照根據本發明實施例的方法、終端設備(系統)、和電腦程式產品的流程圖及/或方塊圖來描述的。應理解可由電腦程式指令實現流程圖及/或方塊圖中的每一流程及/或方塊、以及流程圖及/或方塊圖中的流程及/或方塊的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可編程資料處理終端設備的處理器以產生一個機器,使得通過電腦或其他可編程資料處理終端設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程及/或方塊圖一個方塊或多個方塊中指定的功能的裝置。 The embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of a method, a terminal device (system), and a computer program product according to an embodiment of the present invention. It will be understood that each flow and/or block of the flowcharts and/or block diagrams, and combinations of flow and/or blocks in the flowcharts and/or <RTIgt; These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing terminal device to generate a machine for executing instructions by a processor of a computer or other programmable data processing terminal device Means are provided for implementing the functions specified in one or more flows of the flowchart or in a block or blocks of the block diagram.

這些電腦程式指令也可儲存在能引導電腦或其他可編程資料處理終端設備以特定方式工作的電腦可讀儲存器中,使得儲存在該電腦可讀儲存器中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程及/或方塊圖一個方塊或多個方塊中指定的功能。 The computer program instructions can also be stored in a computer readable storage that can direct a computer or other programmable data processing terminal device to operate in a particular manner such that instructions stored in the computer readable storage produce an article of manufacture including the instruction device. The instruction means implements the functions specified in one or more flows of the flowchart or in a block or blocks of the flowchart.

這些電腦程式指令也可裝載到電腦或其他可編程資料 處理終端設備上,使得在電腦或其他可編程終端設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可編程終端設備上執行的指令提供用於實現在流程圖一個流程或多個流程及/或方塊圖一個方塊或多個方塊中指定的功能的步驟。 These computer program instructions can also be loaded into a computer or other programmable data. Processing a terminal device such that a series of operational steps are performed on a computer or other programmable terminal device to produce computer-implemented processing such that instructions executed on a computer or other programmable terminal device are provided for implementation in a flow diagram or The steps of a plurality of processes and/or block diagrams of a function specified in one or more blocks.

儘管已描述了本發明實施例的較佳實施例,但本領域內的技術人員一旦得知了基本進步性概念,則可對這些實施例做出另外的變更和修改。所以,所附申請專利範圍意欲解釋為包括較佳實施例以及落入本發明實施例範圍的所有變更和修改。 While the preferred embodiment of the present invention has been described, those skilled in the art can make further changes and modifications to these embodiments once they are aware of the basic progressive concepts. Therefore, the scope of the appended claims is intended to be construed as a

最後,還需要說明的是,在本文中,諸如第一和第二等之類的關係術語僅僅用來將一個實體或者操作與另一個實體或操作區分開來,而不一定要求或者暗示這些實體或操作之間存在任何這種實際的關係或者順序。而且,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、物品或者終端設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、物品或者終端設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個......”限定的要素,並不排除在包括所述要素的過程、方法、物品或者終端設備中還存在另外的相同要素。 Finally, it should also be noted that in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities. There is any such actual relationship or order between operations. Furthermore, the terms "comprises" or "comprising" or "comprising" or any other variations are intended to encompass a non-exclusive inclusion, such that a process, method, article, or terminal device that includes a plurality of elements includes not only those elements but also Other elements that are included, or include elements inherent to such a process, method, article, or terminal device. An element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article, or terminal device that comprises the element, without further limitation.

以上對本發明所提供的一種集群精確限速方法和一種集群精確限速裝置,進行了詳細介紹,本文中應用了具體 個例對本發明的原理及實施方式進行了闡述,以上實施例的說明只是用於幫助理解本發明的方法及其核心思想;同時,對於本領域的一般技術人員,依據本發明的思想,在具體實施方式及應用範圍上均會有改變之處,綜上所述,本說明書內容不應理解為對本發明的限制。 The above describes a cluster precise speed limit method and a cluster precise speed limit device provided by the present invention, and the specific application is applied in this paper. The principles and embodiments of the present invention are described by way of example, and the description of the above embodiments is only for helping to understand the method of the present invention and its core idea; and, at the same time, for those skilled in the art, according to the idea of the present invention, The scope of the present invention and the scope of the application are subject to change. In the above, the description should not be construed as limiting the invention.

Claims (26)

一種集群精確限速方法,包括:接收資料包;判斷所述資料包是否為由自身負責應對的客戶端的資料包;如果所述資料包不是由自身負責應對的客戶端的資料包,則將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體;如果所述資料包是由自身負責應對的客戶端的資料包,則基於所述資料包的身份資訊,對所述資料包進行限速處理。 A cluster accurate rate limiting method includes: receiving a data packet; determining whether the data packet is a data packet of a client that is responsible for responding to the client; and if the data packet is not a data packet of a client that is responsible for the response, The data packet is forwarded to a service entity responsible for responding to the client to which the data packet belongs; if the data package is a data package of the client that is responsible for the response, the data packet is rate-limited based on the identity information of the data package. deal with. 根據申請專利範圍第1項所述的方法,其中,所述將所述資料包轉發給負責應對所述資料包所屬客戶端的服務實體的步驟,包括:基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部;將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 The method of claim 1, wherein the step of forwarding the data package to a service entity responsible for responding to a client to which the data package belongs includes: based on identity information of the data package, In addition to the data packet, the protocol header is encapsulated according to the rules of the network transmission protocol; the data packet encapsulating the protocol header is forwarded through the switch to the service entity responsible for responding to the client to which the data packet belongs. 根據申請專利範圍第2項所述的方法,其中,基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部的步驟,包括:基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭,或者基於所述資料包的身份資訊,在所述資料包之外 按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 The method of claim 2, wherein the step of encapsulating the protocol header in accordance with the rules of the network transmission protocol in addition to the data packet based on the identity information of the data packet comprises: The identity information of the data packet, and further encapsulating an IP packet header and a UDP packet header according to the rules of the network transmission protocol outside the data packet, or based on the identity information of the data packet, outside the data packet The IP packet header and the TCP packet header are further encapsulated according to the rules of the network transmission protocol. 根據申請專利範圍第3項所述的方法,其中,所述基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭,或者基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭的步驟,包括:獲取所述資料包對應的身份資訊;根據所述身份資訊,選擇同一個五元組;所述五元組包括:源IP位址,目的IP位址,源端口,目的端口,傳輸協議類型;所述目的IP位址為服務實體對應的IP位址;基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭;或者,基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 The method of claim 3, wherein the packet is further encapsulated with an IP packet header and a UDP packet header according to the rules of the network transmission protocol, based on the identity information of the data packet. Or the step of re-encapsulating an IP packet header and a TCP packet header according to the rule of the network transmission protocol, according to the identity information of the data packet, including: acquiring identity information corresponding to the data packet; The identity information is selected from the same quintuple; the quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transport protocol type; and the destination IP address is a service entity corresponding to the service entity An IP address; based on the quintuple, re-encapsulating an IP packet header and a UDP packet header in addition to the data packet according to a rule of a network transmission protocol; or, based on the quintuple, the data packet In addition, an IP packet header and a TCP packet header are further encapsulated according to the rules of the network transmission protocol. 根據申請專利範圍第4項所述的方法,其中,當所述身份資訊為IP位址時,所述獲取所述資料包對應的身份資訊的步驟包括:在網路層解析所述資料包的IP報文頭,以獲取IP位址。 The method of claim 4, wherein, when the identity information is an IP address, the step of acquiring identity information corresponding to the data packet comprises: parsing the data packet at a network layer IP packet header to obtain the IP address. 根據申請專利範圍第4項所述的方法,其中,當所述身份資訊為用戶ID時,所述獲取所述資料包 對應的身份資訊的步驟包括:將所述資料包暫存在網路層,同時將所述資料包向上發送至應用層;在應用層解析所述資料包的資料區,以獲取所述資料包的用戶ID。 The method of claim 4, wherein when the identity information is a user ID, the obtaining the data package The step of corresponding identity information includes: temporarily storing the data packet in a network layer, and sending the data packet to an application layer upward; and parsing the data area of the data packet at an application layer to obtain the data packet. User ID. 根據申請專利範圍第6項所述的方法,其中,所述根據所述身份資訊,選擇同一個五元組的步驟,包括:在應用層根據所述身份資訊,選擇同一個五元組;則在根據所述身份資訊,選擇同一個五元組的步驟之後,還包括:將在應用層獲得的五元組發送至網路層。 The method of claim 6, wherein the step of selecting the same five-tuple according to the identity information comprises: selecting, by the application layer, the same five-tuple according to the identity information; After the step of selecting the same five-tuple according to the identity information, the method further includes: sending the quintuple obtained at the application layer to the network layer. 根據申請專利範圍第4項所述的方法,其中,所述基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭的步驟,包括:將所述五元組中的源端口、目的端口封裝到所述資料包之外的UDP報文頭中;將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 The method of claim 4, wherein the step of re-encapsulating an IP packet header and a UDP packet header according to the rules of the network transmission protocol in the data packet based on the quintuple, The method includes: encapsulating a source port and a destination port in the quintuple into a UDP packet header outside the data packet; and using a source IP address, a destination IP address, and a transport protocol type in the quintuple Encapsulated into an IP packet header other than the data packet. 根據申請專利範圍第4項所述的方法,其中,所述基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭的步驟,包括:將所述五元組中的源端口、目的端口封裝到所述資料 包之外的TCP報文頭中;將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 The method of claim 4, wherein the step of re-encapsulating an IP packet header and a TCP packet header according to a rule of a network transmission protocol in the data packet based on the quintuple, The method includes: encapsulating a source port and a destination port in the quintuple into the data In the TCP packet header other than the packet; the source IP address, the destination IP address, and the transport protocol type in the quintuple are encapsulated into an IP packet header other than the data packet. 根據申請專利範圍第2至8項中任一項所述的方法,其中,所述判斷所述資料包是否為由自身負責應對的客戶端的資料包的步驟,包括:判斷所述資料包是由服務實體轉發的資料包還是由客戶端發送的資料包;如果所述資料包是由服務實體轉發的資料包,則確認所述資料包是自身負責應對的客戶端的資料包;如果所述資料包是由客戶端發送的資料包,則確認所述資料包不是由自身負責應對的客戶端的資料包。 The method of any one of claims 2 to 8, wherein the step of determining whether the data package is a data package of a client that is responsible for the response includes: determining that the data package is The data packet forwarded by the service entity is still a data packet sent by the client; if the data packet is a data packet forwarded by the service entity, it is confirmed that the data package is a data package of the client that is responsible for the response; if the data package It is a data package sent by the client, and it is confirmed that the data package is not a data package of the client that is responsible for the response. 根據申請專利範圍第10項所述的方法,其中,上述判斷所述資料包是由服務實體轉發的資料包還是由客戶端發送的資料包的步驟,包括:針對任一資料包,判斷在所述資料包之外是否存在按照網路傳輸協議的規則封裝的協議頭部;如果在所述資料包之外存在按照網路傳輸協議的規則封裝的協議頭部,則確認所述資料包是自身負責應對的客戶端的資料包;如果在所述資料包之外不存在按照網路傳輸協議的規則封裝的協議頭部,則確認所述資料包不是由自身負責應對的客戶端的資料包。 The method of claim 10, wherein the step of determining whether the data packet is a data packet forwarded by a service entity or a data packet sent by a client comprises: determining, in any data packet, Whether there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet; if there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is itself The data packet of the client responsible for the response; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, it is confirmed that the data packet is not a data packet of the client that is responsible for the response. 根據申請專利範圍第2至8項中任一項的方法, 其中,所述基於所述資料包的身份資訊,對所述資料包進行限速處理的步驟,包括:解除所述資料包之外按照網路傳輸協議的規則封裝的協議頭部;獲取所述資料包的身份資訊;判斷所述身份資訊對應的流量是否超過到流量閾值;如果所述身份資訊對應的流量超過流量閾值,則丟棄所述資料包。 According to the method of any one of claims 2 to 8, The step of performing rate limiting processing on the data packet based on the identity information of the data packet includes: releasing a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; acquiring the The identity information of the data packet; determining whether the traffic corresponding to the identity information exceeds a traffic threshold; if the traffic corresponding to the identity information exceeds a traffic threshold, discarding the data packet. 根據申請專利範圍第12項所述的方法,其中,當所述身份資訊為IP位址時,所述判斷所述身份資訊對應的流量是否達到閾值的步驟,包括:查找所述IP位址對應的用戶ID;根據所述用戶ID查找對應的流量閾值;計算所述IP位址對應的流量是否超過所述流量閾值;如果所述IP位址對應的流量超過所述流量閾值,則丟棄所述資料包。 The method of claim 12, wherein, when the identity information is an IP address, the step of determining whether the traffic corresponding to the identity information reaches a threshold comprises: searching for the IP address corresponding to the IP address User ID; searching for a corresponding traffic threshold according to the user ID; calculating whether the traffic corresponding to the IP address exceeds the traffic threshold; and if the traffic corresponding to the IP address exceeds the traffic threshold, discarding the Information package. 一種集群精確限速裝置,包括:接收模組,適於接收資料包;判斷模組,適於判斷所述資料包是否為由自身負責應對的客戶端的資料包;如果所述資料包不是由自身負責應對的客戶端的資料包,則進入轉發模組;如果所述資料包是由自身負責應對的客戶端的資料包,則進入限速模組;轉發模組,適於將所述資料包轉發給負責應對所述資 料包所屬客戶端的服務實體;限速模組,適於基於所述資料包的身份資訊,對所述資料包進行限速處理。 A cluster accurate speed limiting device includes: a receiving module adapted to receive a data packet; and a determining module, configured to determine whether the data packet is a data packet of a client that is responsible for the response; if the data packet is not by itself The data packet of the client responsible for the response enters the forwarding module; if the data packet is the data packet of the client that is responsible for the response, the packet enters the speed limit module; the forwarding module is adapted to forward the data packet to Responsible for the response The service entity of the client to which the package belongs; the speed limit module is adapted to perform speed limit processing on the data packet based on the identity information of the data package. 根據申請專利範圍第14項所述的裝置,其中,所述轉發模組,包括:封裝子模組,適於基於所述資料包的身份資訊,在所述資料包之外再按照網路傳輸協議的規則封裝協議頭部;轉發子模組,適於將封裝了協議頭部的資料包通過交換機轉發給負責應對所述資料包所屬客戶端的服務實體。 The device of claim 14, wherein the forwarding module comprises: a package sub-module adapted to transmit according to the identity information of the data packet according to the network packet The rule encapsulation protocol header of the protocol; the forwarding submodule is adapted to forward the data packet encapsulating the protocol header to the service entity responsible for responding to the client to which the data packet belongs. 根據申請專利範圍第15項所述的裝置,其中,所述封裝子模組,包括:第一封裝子模組,適於基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭;或者,第二封裝子模組,適於基於所述資料包的身份資訊,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 The device of claim 15, wherein the package sub-module comprises: a first package sub-module adapted to be based on the identity information of the data package, in accordance with the data package The rule of the road transport protocol further encapsulates an IP packet header and a UDP packet header; or the second encapsulation submodule is adapted to be based on the identity information of the data packet, and in accordance with the rules of the network transmission protocol outside the data packet Then encapsulate an IP packet header and a TCP packet header. 根據申請專利範圍第16項所述的裝置,其中,所述第一封裝子模組,或者,第二封裝子模組,包括:身份資訊獲取子模組,適於獲取所述資料包對應的身份資訊;五元組選擇子模組,適於根據所述身份資訊,選擇同一個五元組;所述五元組包括:源IP位址,目的IP位址,源端口,目的端口,傳輸協議類型;所述目的IP位 址為服務實體對應的IP位址;第一報文頭封裝子模組,適於基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和UDP報文頭;或者,第二報文頭封裝子模組,適於基於所述五元組,在所述資料包之外按照網路傳輸協議的規則再封裝一層IP報文頭和TCP報文頭。 The device of claim 16, wherein the first package sub-module or the second package sub-module comprises: an identity information acquisition sub-module, adapted to obtain the corresponding data packet Identity information; a quintuple selection sub-module adapted to select the same quintuple according to the identity information; the quintuple includes: a source IP address, a destination IP address, a source port, a destination port, and a transmission Protocol type; the destination IP bit The address is an IP address corresponding to the service entity; the first packet header encapsulating submodule is adapted to encapsulate an IP packet header and UDP according to the rules of the network transmission protocol according to the quintuple according to the rules of the network transmission protocol. The packet header; or the second packet header sub-module is adapted to further encapsulate an IP packet header and a TCP packet header according to the rules of the network transmission protocol according to the quintuple according to the quintuple. 根據申請專利範圍第14項所述的裝置,其中,當所述身份資訊為IP位址時,所述身份資訊獲取子模組包括:第一身份資訊獲取子模組,適於在網路層解析所述資料包的IP報文頭,以獲取IP位址。 The device according to claim 14, wherein when the identity information is an IP address, the identity information obtaining submodule comprises: a first identity information acquiring submodule, adapted to be at a network layer Parsing the IP packet header of the data packet to obtain an IP address. 根據申請專利範圍第14項所述的裝置,其中,當所述身份資訊為用戶ID時,所述身份資訊獲取子模組包括:向上發送子模組,適於將所述資料包暫存在網路層,同時將所述資料包向上發送至應用層;第二身份資訊獲取子模組,適於在應用層解析所述資料包的資料區,以獲取所述資料包的用戶ID。 The device of claim 14, wherein when the identity information is a user ID, the identity information obtaining submodule comprises: an upward sending submodule, and the file is temporarily stored in the network. The layer layer sends the data packet to the application layer at the same time. The second identity information obtaining sub-module is adapted to parse the data area of the data packet at the application layer to obtain the user ID of the data packet. 根據申請專利範圍第19項所述的裝置,其中,所述五元組選擇子模組,包括:應用層五元組選擇子模組,適於在應用層根據所述身份資訊,選擇同一個五元組;則在五元組選擇子模組之後,還包括:發送子模組,適於將在應用層獲得的五元組發送至網 路層。 The device of claim 19, wherein the quintuple sub-module comprises: an application layer quintuple sub-module, adapted to select the same one at the application layer according to the identity information. The quintuple; after the quintuple selects the sub-module, the method further includes: a sending sub-module adapted to send the quintuple obtained at the application layer to the network Road layer. 根據申請專利範圍第17項所述的裝置,其中,所述第一報文頭封裝子模組,包括:第一端口封裝子模組,適於將所述五元組中的源端口、目的端口封裝到所述資料包之外的UDP報文頭中;IP位址封裝子模組,適於將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 The device according to claim 17, wherein the first packet header sub-module comprises: a first port encapsulation sub-module, adapted to source and destination ports in the quintuple Encapsulating into a UDP packet header outside the data packet; the IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into the data In the IP header other than the packet. 根據申請專利範圍第17項所述的裝置,其中,所述第二報文頭封裝子模組,包括:第二端口封裝子模組,適於將所述五元組中的源端口、目的端口封裝到所述資料包之外的TCP報文頭中;IP位址封裝子模組,適於將所述五元組中的源IP位址、目的IP位址和傳輸協議類型封裝到所述資料包之外的IP報文頭中。 The device of claim 17, wherein the second packet header submodule comprises: a second port encapsulation submodule, adapted to source and destination ports in the quintuple Encapsulating into a TCP packet header outside the data packet; the IP address encapsulating submodule is adapted to encapsulate the source IP address, the destination IP address, and the transport protocol type in the quintuple into the data In the IP header other than the packet. 根據申請專利範圍第15至21項中任一項所述的裝置,其中,所述判斷模組,包括:判斷子模組,適於判斷所述資料包是由服務實體轉發的資料包還是由客戶端發送的資料包;如果所述資料包是由服務實體轉發的資料包,則確認所述資料包是自身負責應對的客戶端的資料包;如果所述資料包是由客戶端發送的資料包,則確認所述資料包不是由自身負責應對的客戶端的資料包。 The device according to any one of claims 15 to 21, wherein the judging module comprises: a judging sub-module adapted to determine whether the data packet is a data packet forwarded by a service entity or a data package sent by the client; if the data package is a data package forwarded by the service entity, it is confirmed that the data package is a data package of the client that is responsible for the response; if the data package is a data package sent by the client , to confirm that the data package is not a data package of the client that is responsible for the response. 根據申請專利範圍第23項所述的裝置,其中, 所述判斷子模組,包括:協議頭部判斷子模組,適於針對任一資料包,判斷在所述資料包之外是否存在按照網路傳輸協議的規則封裝的協議頭部;如果在所述資料包之外存在按照網路傳輸協議的規則封裝的協議頭部,則進入第一確認子模組;如果在所述資料包之外不存在按照網路傳輸協議的規則封裝的協議頭部,則進入第二確認子模組。 The device according to claim 23, wherein The determining sub-module includes: a protocol header determining sub-module, configured to determine, according to any data packet, whether there is a protocol header encapsulated according to a rule of a network transmission protocol outside the data packet; If there is a protocol header encapsulated according to the rules of the network transmission protocol outside the data packet, the first confirmation submodule is entered; if there is no protocol header encapsulated according to the rules of the network transmission protocol outside the data packet Then enter the second confirmation sub-module. 根據申請專利範圍第15至21項中任一項的裝置,其中,所述限速模組,包括:解除子模組,適於解除所述資料包之外按照網路傳輸協議的規則封裝的協議頭部;資料包身份資訊獲取子模組,適於獲取所述資料包的身份資訊;流量判斷子模組,適於判斷所述身份資訊對應的流量是否超過到流量閾值;如果所述身份資訊對應的流量超過流量閾值,則進入丟棄子模組;丟棄子模組,適於丟棄所述資料包。 The device of any one of the claims 15 to 21, wherein the speed limit module comprises: a release submodule adapted to release the package according to a rule of a network transmission protocol a protocol header; a packet identity information acquisition sub-module, configured to obtain identity information of the data packet; and a traffic judgment sub-module, configured to determine whether the traffic corresponding to the identity information exceeds a traffic threshold; if the identity If the traffic corresponding to the information exceeds the traffic threshold, the discarding sub-module is entered; the sub-module is discarded, and the data packet is discarded. 根據申請專利範圍第25項所述的裝置,其中,當所述身份資訊為IP位址時,所述流量判斷子模組,包括:用戶ID查找子模組,適於查找所述IP位址對應的用戶ID;流量閾值查找子模組,適於根據所述用戶ID查找對應的流量閾值; 第一流量判斷子模組,適於計算所述IP位址對應的流量是否超過所述流量閾值;如果所述IP位址對應的流量超過所述流量閾值,則進入丟棄子模組。 The device according to claim 25, wherein, when the identity information is an IP address, the traffic judgment sub-module includes: a user ID search sub-module, adapted to search for the IP address Corresponding user ID; a traffic threshold search sub-module, configured to search for a corresponding traffic threshold according to the user ID; The first traffic judging sub-module is configured to calculate whether the traffic corresponding to the IP address exceeds the traffic threshold; if the traffic corresponding to the IP address exceeds the traffic threshold, enter the discarding sub-module.
TW106105141A 2016-03-25 2017-02-16 Cluster accurate speed limiting method and device TWI721103B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610179863.9 2016-03-25
CN201610179863.9A CN107231269B (en) 2016-03-25 2016-03-25 Accurate cluster speed limiting method and device

Publications (2)

Publication Number Publication Date
TW201737664A true TW201737664A (en) 2017-10-16
TWI721103B TWI721103B (en) 2021-03-11

Family

ID=59899247

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106105141A TWI721103B (en) 2016-03-25 2017-02-16 Cluster accurate speed limiting method and device

Country Status (3)

Country Link
CN (1) CN107231269B (en)
TW (1) TWI721103B (en)
WO (1) WO2017162117A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174482B (en) * 2019-05-21 2023-06-02 超聚变数字技术有限公司 Message distribution method and device of network equipment
CN115211089B (en) * 2020-06-04 2023-09-19 深圳市欢太科技有限公司 Speed-limiting bandwidth adjusting method and device
CN112039796B (en) * 2020-08-28 2023-04-18 北京字节跳动网络技术有限公司 Data packet transmission method and device, storage medium and electronic equipment
CN114301960B (en) * 2021-12-15 2024-03-15 山石网科通信技术股份有限公司 Processing method and device for cluster asymmetric traffic, electronic equipment and storage medium
CN114338543B (en) * 2022-03-14 2022-06-21 北京指掌易科技有限公司 Network access speed limiting method, device, equipment and storage medium
CN117255058B (en) * 2023-11-17 2024-02-23 深圳万物安全科技有限公司 Network speed limiting method, terminal equipment and storage medium

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938502B (en) * 2009-07-14 2013-03-27 北京邮电大学 Server cluster system and load balancing method
CN102385804A (en) * 2010-08-30 2012-03-21 谈宇清 Intelligent traffic system and navigation method thereof
CN102025640A (en) * 2010-12-24 2011-04-20 北京星网锐捷网络技术有限公司 Flow control method, device and network device
US9866475B2 (en) * 2012-06-15 2018-01-09 Citrix Systems, Inc. Systems and methods for forwarding traffic in a cluster network
US20150236959A1 (en) * 2012-07-23 2015-08-20 F5 Networks, Inc. Autonomously adaptive flow acceleration based on load feedback
CN102882799B (en) * 2012-09-13 2017-09-01 曙光信息产业(北京)有限公司 The controllable clustered deploy(ment) configuration System and method for of flow
WO2015042773A1 (en) * 2013-09-24 2015-04-02 华为技术有限公司 Access point configuration method and controller
CN103581036B (en) * 2013-10-31 2017-05-24 华为技术有限公司 Method, device and system for controlling virtual machine network flow
CN105227488B (en) * 2015-08-25 2018-05-08 上海交通大学 A kind of network flow group scheduling method for distributed computer platforms

Also Published As

Publication number Publication date
CN107231269B (en) 2020-04-07
TWI721103B (en) 2021-03-11
WO2017162117A1 (en) 2017-09-28
CN107231269A (en) 2017-10-03

Similar Documents

Publication Publication Date Title
TWI721103B (en) Cluster accurate speed limiting method and device
CN111654447B (en) Message transmission method and device
US10574763B2 (en) Session-identifer based TWAMP data session provisioning in computer networks
US11979322B2 (en) Method and apparatus for providing service for traffic flow
CN113326228B (en) Message forwarding method, device and equipment based on remote direct data storage
WO2021073565A1 (en) Service providing method and system
WO2019134383A1 (en) Method for controlling network congestion, access device, and computer readable storage medium
US11314417B2 (en) Methods and systems for NVMe target load balancing based on real time metrics
CN113228571B (en) Method and apparatus for network optimization for accessing cloud services from a premise network
US10009282B2 (en) Self-protecting computer network router with queue resource manager
US11632443B2 (en) Providing multiple TCP connections between a client and server
US10701189B2 (en) Data transmission method and apparatus
WO2020249128A1 (en) Service routing method and apparatus
WO2022001287A1 (en) Message processing method and device
US10374944B2 (en) Quality of service for data transmission
WO2023040782A1 (en) Message processing method and system, and device and storage medium
US11606273B1 (en) Monitoring server performance using server processing time
US10917502B2 (en) Method for using metadata in internet protocol packets
WO2023174170A1 (en) Packet processing method and apparatus, and packet checking method and apparatus
Shah Comparing TCP-IPv4/TCP-IPv6 Network Performance
CN113691410B (en) Network performance data acquisition method, device and server
WO2023005723A1 (en) Packet transmission method and communication apparatus
WO2023244872A2 (en) A transport protocol for in-network computing in support of rpc-based applications
CN117857469A (en) Data packet transmission method, device, server and storage medium
EP3525412A1 (en) Improved connectionless data transport protocol