WO2014023003A1

WO2014023003A1 - Method, apparatus, and system for controlling data transmission

Info

Publication number: WO2014023003A1
Application number: PCT/CN2012/079887
Authority: WO
Inventors: 卢胜文
Original assignee: 华为技术有限公司
Priority date: 2012-08-09
Filing date: 2012-08-09
Publication date: 2014-02-13
Also published as: CN103201989B; CN103201989A

Abstract

Provided are a method, an apparatus, and a system for controlling data transmission, which can improve the access speed and reduce the burden of a load balancing processor. The method comprises: sending a first data packet from a client device to the load balancing processor; receiving control information sent by the load balancing processor, the control information being determined by the load balancing processor according to L3/4 information of the first data packet and/or L7 information of the first data packet, and comprising server information for indicating a target server of the first data packet; and after a second data packet is received, controlling transmission of the second data packet according to the control information. The load balancing processor determines control information according to the first data packet, and delivers the control information to a network card device; the network card device can transmit the second data packet according to the control information when receiving the second data packet, which reduces processing by the load balancing processor, thereby improving the access speed and reducing the burden of the load balancing processor.

Description

Method, device and system for controlling data transmission

The present invention relates to the field of communications and, more particularly, to a method, apparatus and system for controlling data transmission. Background technique

Currently, a set of servers can be grouped into a cluster of servers (also known as virtual server clusters) that provide scalable, highly available network services. Specifically, a group of servers are connected to each other through a high-speed local area network or a geographically distributed wide area network, and have a load balancer at their front end. The load balancer can seamlessly dispatch data packets from the client device to the real server. Thus, for the client device, the structure of the server cluster is transparent, and the client device accesses the network service provided by the server cluster just like access. A high-performance, highly available server. As a way for the load balancer to dispatch data packets to the real server (destination server), there are known data message based address information (L3/4 layer) and load balancing scheduling solution based on content request (L7 layer) distribution. .

The load balancer includes a gateway device for receiving data packets of the service, and a load balancing processor for performing load balancing on the data packet by executing various programs, in which, in order to schedule the data packet To the specified server, for each data message, the load balancing processor needs to parse its L3/4 layer information (for example, Internet Protocol (IP) address and port) or L7 layer information (Uniform Resource Locator). (URL, Uniform Resource Locator) address, such as, for example, for multiple data messages destined for the same destination server (for example, multiple data messages for the same communication connection), although the load scheduling results for each data message are the same (Send to the same destination server), the load balancing processor still needs to parse each data packet, increasing the load on the load balancing processor and affecting the access speed. Summary of the invention

Embodiments of the present invention provide a method, apparatus, and system for controlling data transmission, which can improve access speed and reduce the burden of a load balancing processor.

In a first aspect, a method for controlling data transmission is provided, the method comprising: transmitting a first data message from a client device to a load balancing processor; receiving a message sent by the load balancing processor Control information, where the control information is based on the first data packet by the load balancing processor

Determining L3/4 layer information and/or L7 layer information of the first data message, the control information includes server information indicating a destination server of the first data message; when receiving the second data message And controlling transmission of the second data packet according to the control information.

In a possible implementation, the server information is used to indicate an internal internet protocol IP address and an internal port of the destination server of the first data message.

With reference to the first aspect and the first possible implementation manner, in the second possible implementation manner, the server information is determined according to the L3/4 layer information of the first data packet, and the control information is Controlling the transmission of the second data packet, specifically: when the quintuple of the second data packet is the same as the quintuple of the first data packet, according to the server information, to the first datagram The destination server sends the second data packet, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number.

With reference to the first aspect, the first possible implementation manner, and the second possible implementation manner, in a third possible implementation manner, the server information is based on the L3/4 layer information of the first data packet and the L7 If the layer information is determined, or the server information is determined according to the L7 layer information of the first data packet, and the control information further includes an L7 layer resolution indication identifier, the second data packet is controlled according to the control information. The transmission is specifically: when the quintuple of the second data packet is the same as the quintuple of the first data packet, performing L7 layer information on the second data packet according to the L7 layer resolution indication identifier. Parsing, to obtain URL information of a Uniform Resource Locator URL address of the destination server for indicating the second data packet, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer a protocol number; if the URL information is not empty, sending the second data packet and the URL information to the load balancing processor, so that the load balancing processor according to the URL Determining the destination server of the second data packet, and sending the second data packet to the destination server of the second data packet; or if the URL information is empty, according to the server information, The destination server of the data packet sends the second data packet.

With reference to the first aspect, the first possible implementation manner, the second possible implementation manner, and the third possible implementation manner, in a fourth possible implementation manner, the server information includes a first control information entry, The first control information entry is used to indicate a correspondence between a quintu of the first data packet and an internal IP address and an internal port of the destination server of the first data packet.

With reference to the first aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, and the fourth possible implementation manner, in a fifth possible implementation manner, The method further includes: after receiving the first control information entry, starting a timer, and determining that the second data packet is not received before the timer expires; or determining that the client device and the first The communication connection established between the destination servers of the data message for transmitting the first data message ends; deleting the first control information entry.

Combining the first aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, and the fifth possible implementation manner, in the sixth possibility In an embodiment, the server information is further used to indicate an external IP address and an external port of the destination server of the first data packet, and the transmission of the second data packet is controlled according to the control information, specifically: The source IP address of the second data packet is the same as the internal IP address of the destination server, and the source port of the second data packet is the same as the internal port information of the destination server, and the destination IP address of the second data packet is The address is the same as the source IP address of the first data packet, and the destination port of the second data packet is the same as the source port of the first data packet, and the transport layer protocol number of the second data packet is When the transport layer protocol number of the first data packet is the same, sending the first to the client device according to the external IP address and the external port of the destination server of the first data packet. Two data messages.

Combining the first aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, the fifth possible implementation manner, and the sixth possible Embodiments, in a seventh possible implementation, the server information includes a second control information entry, where the second control information entry is used to indicate an internal IP address of the destination server of the first data packet, the first An internal port of the destination server of the data packet, a source IP address of the first data packet, a source port of the first data packet, and a transport layer protocol number of the first data packet and the first data packet Correspondence between the external IP address of the destination server and the external port.

Combining the first aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, the fifth possible implementation manner, and the sixth possible Embodiments and a seventh possible implementation manner. In an eighth possible implementation manner, the method further includes: after receiving the second control information entry, starting a timer, and determining, before the timer expires Receiving the second data message; or determining that the communication connection established between the client device and the destination server of the first data message for transmitting the first data message ends; deleting the second control Information item.

In a second aspect, an apparatus for controlling data transmission is provided, the apparatus comprising: a sending unit, configured to send a first data message from a client device to a load balancing processor; Receiving the control information sent by the load balancing processor, and transmitting the control information to the processing unit, where the control information is the L3/4 layer information and/or the first load of the first data message by the load balancing processor Determining, by the L7 layer information of a data packet, the control information includes server information for indicating a destination server of the first data packet, and configured to transmit the second data to the processing unit when receiving the second data packet a data message; a processing unit, configured to acquire the control information and the second data message from the receiving unit, and control, according to the control information, the sending unit to transmit the second data message.

With reference to the second aspect and the first possible implementation manner, in the second possible implementation manner, the server information is determined according to the L3/4 layer information of the first data packet, and the processing unit is specifically used to When the quintuple of the second data packet is the same as the quintuple of the first data packet, according to the server information, the sending unit is controlled to send the second data packet to the destination server of the first data packet. The quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number.

With reference to the second aspect, the first possible implementation manner, and the second possible implementation manner, in a third possible implementation manner, the server information is based on the L3/4 layer information of the first data packet and the L7 If the layer information is determined, or the server information is determined according to the L7 layer information of the first data packet, and the control information further includes an L7 layer resolution indication identifier, the processing unit is specifically configured to use the second data packet. When the quintuple is the same as the quintuple of the first data packet, the L7 layer information is parsed by the L7 layer to obtain the second data packet according to the L7 layer resolution indication identifier. URL information of the Uniform Resource Locator URL address of the destination server, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number; if the URL information is not empty, And controlling the sending unit to send the second data packet and the URL information to the load balancing processor, so that the load balancing processor determines the second number according to the URL information. And sending, by the destination server of the packet, the second data packet to the destination server of the second data packet; or, if the URL information is empty, controlling the sending unit to the first according to the server information The destination server of the data packet sends the second data packet.

With reference to the second aspect, the first possible implementation manner, the second possible implementation manner, and the third possible implementation manner, in a fourth possible implementation manner, the server information includes a first control information entry, The first control information entry is used to indicate a quintuple of the first data packet and the first Correspondence between the internal IP address of the destination server of a data packet and the internal port.

With reference to the second aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, and the fourth possible implementation manner, in the fifth possible implementation manner, the processing unit The method is further configured to: after determining that the receiving unit receives the first control information entry, start a timer, and determine that the second data packet is not received before the timer expires; or is used to determine the client device And ending the communication connection established between the destination server of the first data packet and transmitting the first data packet; and deleting the first control information entry.

Combining the second aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, and the fifth possible implementation manner, in the sixth possibility In an embodiment, the server information is further used to indicate an external IP address and an external port of the destination server of the first data packet, where the processing unit is specifically configured to use a source IP address of the second data packet and the destination The internal IP address of the server is the same, and the source port of the second data packet is the same as the source port of the destination data server, and the destination IP address of the second data packet is the same as the source IP address of the first data packet. And the destination port of the second data packet is the same as the source port of the first data packet, and the transport layer protocol number of the second data packet is the same as the transport layer protocol number of the first data packet. And sending, by the sending unit, the second data packet to the client device according to the external IP address and the external port of the destination server of the first data packet.

Combining the second aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, the fifth possible implementation manner, and the sixth possible Embodiments, in a seventh possible implementation, the server information includes a second control information entry, where the second control information entry is used to indicate an internal IP address of the destination server of the first data packet, the first An internal port of the destination server of the data packet, a source IP address of the first data packet, a source port of the first data packet, and a transport layer protocol number of the first data packet and the first data packet Correspondence between the external IP address of the destination server and the external port.

With reference to the second aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, the fifth possible implementation manner, the sixth possible Embodiments and a seventh possible implementation manner, in an eighth possible implementation, the processing unit is further configured to: after determining that the receiving unit receives the second control information entry, start a timer, and determine The second data packet is not received before the timer expires; or is used to determine a communication connection established between the client device and the destination server of the first data packet for transmitting the first data packet End; used to delete the second control information entry. The third aspect provides a system for controlling data transmission, where the system includes: a load balancing processing module, configured to acquire a first data packet from a network card module, and according to L3/4 layer information of the first data packet, And the L7 layer information of the first data packet, determining server information for indicating the destination server of the first data packet, sending control information including the server information to the network card module; and using a network card module for loading The equalization processing module sends the first data packet from the user equipment, and obtains the control information from the load balancing processing module. When the second data packet is received, the second data packet is controlled according to the control information. transmission.

With reference to the third aspect and the first possible implementation manner, in a second possible implementation manner, the server information is determined by the load balancing processing module according to the L3/4 layer information of the first data packet, The NIC module is configured to: when the quintuple of the second data packet is the same as the quintuple of the first data packet, send the second data to the destination server of the first data packet according to the server information The quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number.

With reference to the third aspect, the first possible implementation manner, and the second possible implementation manner, in a third possible implementation manner, the server information is that the load balancing processing module is based on the L3/ of the first data packet. Determined by the layer 4 information and the L7 layer information, or the server information is determined by the load balancing processing module according to the L7 layer information of the first data packet, and the control information further includes an L7 layer resolution indication identifier, and the network card module is Specifically, when the quintuple of the second data packet is the same as the quintuple of the first data packet, performing L7 layer information parsing on the second data packet according to the L7 layer parsing indication identifier, Obtaining URL information of a Uniform Resource Locator URL address of the destination server of the second data packet, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number; If the URL information is not empty, sending the second data packet and the URL information to the load balancing processor, so that the load balancing processor is configured according to a URL information, determining a destination server of the second data packet, and sending the second data packet to the destination server of the second data packet; or if the URL information is empty, according to the server information, The destination server of the data packet sends the second data packet.

With reference to the first aspect, the first possible implementation manner, the second possible implementation manner, and the third possible implementation manner, in the fourth possible implementation manner, the server information includes the first control The information entry, the first control information entry is used to indicate a correspondence between a quintu of the first data packet and an internal IP address and an internal port of the destination server of the first data packet.

With reference to the third aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, and the fourth possible implementation manner, in a fifth possible implementation manner, the network card module And the method is further configured to: after receiving the first control information entry, start a timer, and determine that the second data message is not received before the timer expires; or to determine the client device and the first The communication connection established between the destination server of the data packet for transmitting the first data packet ends; and the first control information entry is deleted.

Combining the third aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, and the fifth possible implementation manner, in the sixth possibility In an embodiment, the server information is further used to indicate an external IP address and an external port of the destination server of the first data packet, and the network card module is specifically configured to use the source IP address of the second data packet and the destination The internal IP address of the server is the same, and the source port of the second data packet is the same as the source port of the destination data server, and the destination IP address of the second data packet is the same as the source IP address of the first data packet. And the destination port of the second data packet is the same as the source port of the first data packet, and the transport layer protocol number of the second data packet is the same as the transport layer protocol number of the first data packet. Sending the second data>3⁄4 text according to the external IP address and the external port of the destination server of the first data message.

Combining the third aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, the fifth possible implementation manner, and the sixth possible Embodiments, in a seventh possible implementation, the server information includes a second control information entry, where the second control information entry is used to indicate an internal IP address of the destination server of the first data packet, the first An internal port of the destination server of the data packet, a source IP address of the first data packet, a source port of the first data packet, and a transport layer protocol number of the first data packet and the first data packet Correspondence between the external IP address of the destination server and the external port.

Combining the third aspect, the first possible implementation manner, the second possible implementation manner, the third possible implementation manner, the fourth possible implementation manner, the fifth possible implementation manner, and the sixth possible Embodiments and a seventh possible implementation manner, in an eighth possible implementation manner, the network card module is further configured to: after receiving the second control information entry, start a timer, and determine that the timer expires The second data message is not received before; or is used to determine a communication established between the client device and the destination server of the first data message for transmitting the first data message End of connection; used to delete the second control information entry.

The method, device, and system for controlling data transmission according to the embodiment of the present invention, the control information is determined by the load balancing processor according to the first data packet, and the control information is sent to the network card device, and the network card device receives the second datagram. The second data message can be transmitted according to the control information, thereby reducing the processing of the load balancing processor, thereby improving the access speed and reducing the load of the load balancing processor. DRAWINGS

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings to be used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only the present invention. For some embodiments, other drawings may be obtained from those of ordinary skill in the art without departing from the drawings.

1 is a schematic flow chart of a method of controlling data transmission according to an embodiment of the present invention. 2 is a schematic block diagram of an apparatus for controlling data transmission in accordance with an embodiment of the present invention.

3 is a schematic block diagram of a system for controlling data transmission in accordance with an embodiment of the present invention. detailed description

The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without making creative labor are within the scope of the present invention.

1 shows a schematic flow diagram of a method 100 of controlling data transmission in accordance with an embodiment of the present invention, as described from the perspective of a network card device. As shown in FIG. 1, the method 100 includes:

S110: Send a first data packet from the client device to the load balancing processor. S120. Receive control information sent by the load balancing processor, where the control information is that the load balancing processor is configured according to the first data packet. Determined by the L3/4 layer information and/or the L7 layer information of the first data message, the control information includes server information indicating a destination server of the first data message;

S130, when receiving the second data packet, controlling transmission of the second data packet according to the control information;

Specifically, in the embodiment of the present invention, the client device may be a computer, a smart phone, or the like. The communication device, when the user accesses the service through the client device, the client device sends a data message to a server (hereinafter, referred to as a destination server) that provides the service.

The server (including the destination server described above) may be, for example, a web server, an FTP server, an enterprise critical application server, and other mission-critical servers. In the embodiment of the present invention, the destination server and other servers form a server cluster to expand the bandwidth of the network device and the server, increase the throughput, strengthen the network data processing capability, and improve the flexibility and availability of the network. Within the server cluster, each server has a different IP address (internal IP address, which will be described later) and a port (internal port, which will be described later). Also, the server cluster has one or more unified external (e.g., client-facing devices) IP addresses (described later as external IP addresses) and ports (described later as external ports).

A load balancer (a gateway device including a data packet for receiving a service, and a load balancing processor for performing load balancing on the data packet by executing various programs) is disposed in the server cluster and the client device In the meantime, a large amount of concurrent access or data traffic can be shared to multiple servers for processing, reducing the time for the client device to wait for a response, and also sharing the operation of a single heavy load to multiple servers for parallel processing, each node After the device is processed, the results are summarized and returned to the client device, so that the system processing capability is greatly improved. Also, the externally facing IP address of the load balancer is the same as the externally facing IP address of the server cluster to which it is connected.

In the embodiment of the present invention, for example, load balancing can be implemented by a software load balancing solution, where one or more additional applications are installed on an operating system of one or more servers to implement load balancing. For example, domain name system load balancing (DNS), the processor of the server implements load balancing by executing the software, which is equivalent to a load balancing processor.

Moreover, in the embodiment of the present invention, the load balancer can also be directly installed between the server and the external network, independent of the operating system of the server.

In the embodiment of the present invention, as a load balancing manner of the load balancer, for example,: 1. Network Address Translation (NAT), that is, the load balancer rewrites data from the client device. The target address/source address of the packet is sent to each server according to a preset load balancing algorithm; and when the response data packet from the server passes through the load balancer, the load balancer rewrites The source address/destination address of the response data message is returned to the client to complete the entire load scheduling process. 2. Direct routing (DR, Direct Rout) load balancing, that is, the load balancer sends data packets to the server by rewriting the media access control layer (MAC, Media Access Control) address from the client device data message. And the server returns the response data packet directly to the client device according to the MAC address of the client device.

3. IP tunnel (TUN, TUNNEL) load balancing, that is, the load balancer forwards data packets from the client device to the server through the IP tunnel, and the server directly returns the response data packet to the client device.

In each of the load balancing methods enumerated above, the load balancer can map one external address to multiple internal addresses (corresponding to each server), and dynamically use one of the internal addresses for each communication connection to achieve load balancing. It should be understood that the above-described load balancing modes are merely illustrative, and the present invention is not limited thereto, and other methods for load balancing fall within the scope of protection of the present invention.

Therefore, when the user needs to access the service provided by the server cluster, the client device can send the first data packet of the service according to the externally unified IP address and port of the server cluster (that is, the external IP address and the external port). The first data message) first arrives at the load balancer (received by the network card device).

In S110, the network card device of the load balancer receives the first data packet, and the network card device can send the first data packet to a load balancing processor of the load balancer (hereinafter, for convenience of description, the cartridge The processor is used, so that the processor can determine the destination server of the data packet from the server cluster by using any of the foregoing load balancing algorithms.

In the embodiment of the present invention, the processor may perform load balancing according to different layers of the network (network seven layers), specifically, load balancing according to L3/4 layer information of the data packet (ie, as described below). Case 1), load balancing may also be performed according to the L7 layer of the data message, or the L3/4 layer information and the L7 layer information (i.e., Case 2 described below).

Wherein, in the embodiment of the present invention, the L3/4 layer may include an L3 layer, or an L4 layer, or an L3 layer and an L4 layer. The L3 layer information may include IP address information of a network layer in an Open System Interconnect (OSI) network model, and the L4 layer information may include a Transmission Layer Control Control Protocol/User Datagram Protocol (TCP) in the OSI network model. /UDP, Transfer Control Protocol/ User Datagram Protocol) Port information. Therefore, the L3/4 layer information may include an external IP address of the service server transmitting the service (in relation to the destination IP address of the data packet) Same), external port (same as the destination port of the data packet) and other information. The L7 layer information may include application layer information, specifically, a URL address carried in the data message.

Next, the case where the processor is used for load balancing based on the L3/4 layer information of the data message will be described first.

Situation 1

After receiving the first data packet sent by the network card device, the processor parses the L3/4 layer of the data packet, for example, performs a shallow packet inspection (SPI, Shallow Packet Inspection) on the data packet to obtain the data packet. The L3/4 layer information of the data packet (for example, the source IP address, the destination IP address, the source port, the destination port, and the like), in the embodiment of the present invention, the method for performing load balancing processing by the processor according to the L3/4 layer information It is the same as the prior art, and the description thereof is omitted here to avoid redundancy. In the embodiment of the present invention, the control information is a result of the load balancing process, and may be, for example, server information indicating a destination server. In addition, in the embodiment of the present invention, the processor may directly control, according to the result of the load balancing process, the sending device (for example, the network card device) to send the first data packet to correspond to the result of the load balancing process. The destination server. And send the server information to the NIC device.

Optionally, in the embodiment of the present invention, the server information may be used to indicate an internal internet protocol IP address and an internal port of the destination server of the first data message.

Specifically, the processor can send the internal IP address and the internal port of the destination server of the first data packet to the network card device.

In S120, the network card device can obtain an internal IP address and an internal port of the destination server from the processor. In addition, the network card device can receive the second data packet sent by the sending end. Here, the sending end can be the client device or the server, and the present invention is not specifically limited. For example, DR load balancing is adopted in the load balancer. Or IP TUN-type load balancing, the packet returned by the server (destination server) to the client device does not pass through the load balancer. Therefore, the sender of the second data packet is a client device; for example, in a load balancer. In the case of the NAT-type load balancing, the server that the server (the destination server) returns to the client device needs to pass the load balancer. Therefore, the sender of the second data packet can be the client device or the server (the destination server). ). Hereinafter, a case where the load balancer adopts NAT-type load balancing will be described as an example.

At S130, after receiving the second data packet, the network card device may control transmission of the second data packet according to the control information.

Optionally, in the embodiment of the present invention, the server information is based on the first data packet. If the L3/4 layer information is determined, then

The controlling the transmission of the second data packet according to the control information is specifically:

When the quintuple of the second data packet is the same as the quintuple of the first data packet, the second data packet is sent to the destination server of the first data packet according to the server information, where The quintuple is the source IP address, source port, destination IP address, destination port, and transport layer protocol number.

Specifically, on the one hand, when the sending end is a client device, if the destination IP address, source IP address, destination port, source port, and transport layer protocol number (TCP connection or UDP connection) of the second data packet are The destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number (TCP connection or UDP connection) of the first data packet are the same. The load balancing processor performs load balancing processing based on the L3/4 layer information. The processing of the second data packet is the L3/4 layer information (including the destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number of the second data packet) and the first data packet. The processing of the second data packet is the same as that of the destination server of the first data packet (ie, the second data packet and the first data packet belong to the client device and the destination server) The same communication connection between).

Therefore, the network card device can modify the destination IP address of the second data packet to the internal IP address of the destination server (of the first data packet), and modify the destination port of the second data packet to the An internal port of the destination server of the data packet to send the second data packet to the destination server (of the first data message).

The above is an example of determining whether the target server and the second data packet of the first data packet belong to the same communication connection between the client device and the destination server according to the quintuple of the data packet, but The present invention is not limited thereto. For example, if the load balancer is only connected to one server cluster, and the server cluster has only one unified external IP address, the destination IP address for the data packet arriving at the load balancer. It is the same as the destination port. Therefore, it can be determined only whether the source IP address, source port, and transport layer protocol number are the same. Hereinafter, the description of the same or similar cases will be omitted.

Optionally, in the embodiment of the present invention, the server information includes a first control information entry, where the first control information entry is used to indicate a quintuple of the first data packet and the first data packet. The correspondence between the internal IP address of the destination server and the internal port.

Specifically, after the processor performs load balancing processing (corresponding to DR-type load balancing or IP TUN-type load balancing) according to the L3/4 layer information of the first data packet, and determining the destination server, the processor may The control information table entry in the positive direction is generated only according to the L3/4 layer information of the first data packet. Here, the forward direction refers to the direction from the client device to the server. Specifically, the forward direction control information entry may include, for example, a source IP address of the first data packet, a source port, a destination IP address, a destination port, and Corresponding relationship between the transport layer protocol number of the first data packet (hereinafter, referred to as the first quintuple for convenience of explanation) and the destination server information (for example, including the IP address and port of the destination server), and thus, at S130, The NIC device may search according to the source IP address, the source port, the destination IP address, the destination port of the second data packet, and the transport layer protocol number of the second data packet (hereinafter, for convenience of description, the second quintuple) The control information entry may be determined when the second quintuple is the same as the first quintuple described in the control information entry, and the destination server information indicating the destination server of the second data packet is The server information corresponding to the first quintuple. Therefore, the network card device can modify the destination IP address of the second data packet to the IP address of the destination server (indicated by the control information corresponding to the first quintuple), and the purpose of the second data packet. The port is modified to be the port of the destination server (indicated by the control information corresponding to the first quintuple), and the second datagram can be sent to the destination server (indicated by the control information corresponding to the first quintuple) Text.

Optionally, in the embodiment of the present invention, the server information is further used to indicate an external IP address and an external port of the destination server of the first data packet,

The source IP address of the second data packet is the same as the internal IP address of the destination server, and the source port of the second data packet is the same as the internal port information of the destination server, and the destination of the second data packet is The IP address is the same as the source IP address of the first data packet, and the destination port of the second data packet is the same as the source port of the first data packet, and the transport layer protocol number of the second data packet is When the transport layer protocol number of the first data packet is the same, the sending unit controls the sending unit to send the second data packet to the client device according to the external IP address of the destination server of the first data packet and the external port.

Specifically, when the sending end is a server (corresponding to NAT-type load balancing), if the destination IP address of the second data packet is the same as the source IP address of the first data packet, the source IP address of the second data packet The address is the same as the internal IP address of the destination server determined by the processor after the first data is equalized. The destination port of the second data packet is the same as the source IP address of the first data packet, and the second data packet is the second data packet. The source port is the same as the internal port of the destination server determined by the processor after equalizing the first data, and the second data packet transport layer protocol number and the first data The transport layer protocol number of the packet is the same. The load balancing processor performs load balancing processing based on the L3/4 layer information, and determines that the second data packet is the response data generated by the destination server and corresponding to the first data packet. The message (ie, the second data message and the first data message belong to the same communication connection between the client device and the destination server).

Therefore, the network card device can modify the source IP address of the second data packet to be the external IP address of the destination server (same as the destination IP address of the first data packet), and the source port of the second data packet. The external port of the destination server is the same as the destination port of the first data packet, and the second data packet is sent to the client device that sends the first data packet.

The server information includes a second control information entry, where the second control information entry is used to indicate an internal IP address of the destination server of the first data packet, an internal port of the destination server of the first data packet, and the The source IP address of the data packet, the source port of the first data packet, and the correspondence between the transport layer protocol number of the first data packet and the external IP address and the external port of the destination server of the first data packet .

Specifically, after performing load balancing processing (NAT-type load balancing) according to the L3/4 layer information of the first data packet and determining the destination server, the processor may be configured according to the L3/4 layer information of the first data packet. Generate control information entries in both forward and reverse directions.

Here, the forward direction refers to the direction from the client device to the server. Specifically, the forward direction control information entry may include, for example, a source IP address of the first data packet, a source port, a destination IP address, a destination port, and The correspondence between the transport layer protocol number of the first data packet (hereinafter, for convenience of description, the first quintuple) and the destination server information (for example, including the IP address and port of the destination server), so that the network card device can According to the source IP address of the second data, the source port, the destination IP address, the destination port, and the transport layer protocol number of the second data packet (hereinafter, for convenience of description, the cartridge is called the second quintuple), The control information entry may be determined when the second quintuple is the same as the first quintuple described in the control information entry, and the destination server information indicating the destination server of the second data packet is The server information corresponding to the first quintuple. Therefore, the network card device can modify the destination IP address of the second data packet to the IP address of the destination server (indicated by the control information corresponding to the first quintuple), and the purpose of the second data packet. The port is modified to this (indicated by the control information corresponding to the first quintuple) The port of the server is capable of transmitting the second data message to the destination server (indicated by the control information corresponding to the first quintuple).

Here, the reverse direction refers to the direction from the server to the client device. Specifically, the reverse direction control information entry may include, for example, an internal IP address of the destination server, an internal port of the destination server, and a source of the first data packet. The IP address, the source port of the first data packet, and the transport layer protocol number of the first data packet (hereinafter, for convenience of description, the third quintuple) and the destination IP address of the first data packet (and purpose) The server has the same external IP address, and the destination port of the first data packet (same as the external port of the destination server), so that the network card device can use the source IP address, source port, and destination of the second data. The IP address, the destination port, and the transport layer protocol number of the second data packet (the second quintuple), and the control information entry, the third five recorded in the second quintuple and the control information entry. If the tuple is the same, the server that sends the second data packet is the first data packet corresponding to the first quintuple. The destination server. Therefore, the network card device can modify the source IP address of the second data packet to the destination IP address of the first data packet corresponding to the third quintuple indicated by the control information entry (with the external IP address of the destination server) The destination port of the second data packet is modified to be the destination port of the first data packet corresponding to the first quintuple (the same as the external port of the destination server) indicated by the control information entry. Therefore, the second data packet can be sent to the client device that sends the first data packet.

The above determines that the second data packet can be controlled according to the control information according to the source IP address, the source port, the destination IP address, the destination port, and the transport layer protocol number of the second data packet. It should be understood that the present invention is not limited thereto, and other methods for determining whether the second data message can be transmitted according to the control information (for example, determining that the first data message and the second data message belong to the same client) The method of the same communication connection between the device and the same server) falls within the scope of the present invention. Hereinafter, the description of the same or similar cases will be omitted.

Optionally, in the embodiment of the present invention, after receiving the control information entry, the method further includes:

After receiving the first control information entry, starting a timer, and determining that the second data message is not received before the timer expires; or

Determining that the communication connection established between the client device and the destination server of the first data packet for transmitting the first data packet ends; Delete the first control information entry.

And, the method further includes:

After receiving the second control information entry, starting a timer, and determining that the second data message is not received before the timer expires; or

Determining that the communication connection established between the client device and the destination server of the first data packet for transmitting the first data packet ends;

The second control information entry is deleted.

Specifically, after acquiring the control information entry (including the first control information entry and the second control information entry) from the processor, the network card device does not receive the message after a long time (for example, 30 minutes after the timer expires). The data packet that can be transmitted according to the control information included in the control information table (for example, the second data packet) can be considered as having ended the communication connection of the first data packet, so that the control information entry can be deleted ( The first control information table item and the second control information table item are included.

And after the network card device obtains the control information entry (including the first control information entry and the second control information entry) from the processor, after detecting the data packet indicating the end of the communication connection, the network data device can consider the first data packet. The associated communication connection has been completed, so that the control information entry (including the first control information entry and the second control information entry) can be deleted. Hereinafter, the description of the same or similar cases will be omitted.

The following describes the case where the processor performs load balancing according to the L7 layer information of the data packet, or the L3/4 layer information and the L7 layer information (case 2).

Situation 2

After receiving the first data packet sent by the network card device, the processor parses the L3/4 layer of the data packet, for example, performs a shallow packet inspection (SPI, Shallow Packet Inspection) on the data packet to obtain the data packet. L3/4 layer information of the data packet (for example, source IP address, destination IP address, source port, destination port, etc.), and by parsing the L7 layer of the data text, for example, deep-text detection of the data text (DPI, Deep Packet Inspection), thereby obtaining L7 layer information of the data packet (for example, the URL of the data packet, etc.).

In the embodiment of the present invention, there may be a case where the L7 layer information of the first data packet is empty (that is, there is no URL or the like). At this time, the processor performs load balancing processing only according to the L3/4 layer information, and the The method of performing load balancing processing based on the L3/4 layer information is the same as that of the prior art, and the description thereof is omitted here to avoid redundancy.

And, in the case where the L7 layer information of the first data message is not empty (ie, there is a URL or the like) The processor may perform load balancing processing according to the L7 layer information, and the method for performing load balancing processing according to the L7 layer information is the same as the prior art. Here, in order to avoid redundancy, the description thereof is omitted.

In the embodiment of the present invention, the control information, as a result of the load balancing process, may include, for example, server information indicating the destination server, and indicating that the network card device needs to indicate the subsequent data packet. In addition, in the embodiment of the present invention, the processor may directly control, according to the result of the load balancing process, the sending device (for example, the network card device) to send the first data packet to correspond to the result of the load balancing process. The destination server. And send this control information to the NIC device.

Optionally, in the embodiment of the present invention, the server information may be used to indicate an internal IP address and an internal port of the destination server.

In S120', the network card device can obtain the IP address, the port, and the L7 layer resolution indication identifier of the destination server from the processor. In addition, the network card device can receive the second data packet sent by the sending end. Here, the sending end can be the client device or the server, and the present invention is not particularly limited. For example, DR load balancing is adopted in the load balancer. Or IP TUN-type load balancing, the packet returned by the server (destination server) to the client device does not pass through the load balancer. Therefore, the sender of the second data packet is a client device; for example, in a load balancer. In the case of the NAT-type load balancing, the server that the server (the destination server) returns to the client device needs to pass the load balancer. Therefore, the sender of the second data packet can be the client device or the server (the destination server). ). Hereinafter, a case where the load balancer adopts NAT-type load balancing will be described as an example.

In S130', after receiving the second data packet, the network card device can control the transmission of the second data packet according to the control information.

Optionally, in the embodiment of the present invention, the server information is determined according to L3/4 layer information and L7 layer information of the first data packet, or

And the control information further includes an L7 layer resolution indication identifier, and the shell

When the quintuple of the second data packet is the same as the quintuple of the first data packet, according to the

The L7 layer parses the indication identifier, and performs L7 layer information parsing on the second data packet to obtain a URL information of a Uniform Resource Locator URL address of the destination server of the second data packet, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number;

If the URL information is not empty, sending the second data packet and the URL information to the load balancing processor, so that the load balancing processor determines the destination server of the second data packet according to the URL information, And sending the second data packet to the destination server of the second data packet; or

If the URL information is empty, the second data message is sent to the destination server of the first data message according to the server information.

Specifically, on the one hand, when the transmitting end is a client device, if the destination IP address, source IP address, destination port, source port, and transport layer protocol number (TCP connection or UDP connection) of the second data packet are The destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number (TCP connection or UDP connection) of the first data packet are the same. The load balancing processor performs load balancing processing based on the L3/4 layer information. The processing of the second data packet is the L3/4 layer information (including the destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number of the second data packet) and the first data packet. The processing of the second data packet is the same as that of the destination server of the first data packet (ie, the second data packet and the first data packet belong to the client device and the destination server) The same communication connection between).

Therefore, the NIC device can obtain the L7 layer information of the second data packet, that is, the URL address of the second data packet, according to the L7 layer resolution indication identifier. If the URL address of the second data packet is obtained, the second data packet and the URL address are sent to the processor, so that the processor does not need to perform L7 layer parsing on the second data packet, and can directly according to the URL. The address is subjected to load balancing processing. In the embodiment of the present invention, since the process of parsing the URL is performed by the network card device, that is, by hardware analysis, the parsing speed is improved and the processing is reduced compared with the manner of using the software to parse by the processor. The burden of the device. After the processor determines the destination server of the second data packet according to the URL (may be the same as the destination server of the first data packet, or may be different from the destination server of the first data packet), the processor may be configured by using a sending device (for example, , the gateway device), sending the second data packet.

In addition, if the URL address of the second data packet cannot be obtained (the L7 layer information of the second data packet is empty), the second data packet may be sent according to the server information, the process and the network. The process performed in the card device S130 is the same, and the description thereof is omitted here.

Specifically, after performing load balancing processing (corresponding to DR-type load balancing or IP TUN-type load balancing) according to the L3/4 layer information of the first data packet, and determining the destination server, the processor may be configured according to the first data packet. The L3/4 layer information only generates the control information entries in the above positive direction.

The source IP address of the second data packet is the same as the internal IP address of the destination server, and the source port of the second data packet is the same as the internal port information of the destination server, and the destination of the second data packet is The IP address is the same as the source IP address of the first data packet, and the destination port of the second data packet is the same as the source port of the first data packet, and the transport layer protocol number of the second data packet is When the transport layer protocol number of the first data packet is the same, the sending unit controls the sending unit to send the second data packet according to the external IP address of the destination server of the first data packet and the external port.

Specifically, when the sending end is a server (corresponding to NAT-type load balancing), if the destination IP address of the second data packet is the same as the source IP address of the first data packet, the source IP address of the second data packet The address is the same as the internal IP address of the destination server determined by the processor after the first data is equalized. The destination port of the second data packet is the same as the source IP address of the first data packet, and the second data packet is the second data packet. The source port is the same as the internal port of the destination server determined by the processor after the first data is equalized, and the transport layer protocol number of the second data packet is the same as the transport layer protocol number of the first data packet, The load balancing processor performs load balancing processing based on the L3/4 layer information, and determines that the second data packet is a response data packet corresponding to the first data packet generated by the destination server (that is, the second data packet) And the first data message belongs to the same communication connection between the client device and the destination server).

Therefore, the network card device can modify the source IP address of the second data packet to be the external IP address of the destination server (same as the destination IP address of the first data packet), and the source port of the second data packet. The external port of the destination server is the same as the destination port of the first data packet, and the second data packet is sent to the client device that sends the first data packet. Optionally, in the embodiment of the present invention, the server information includes a first control information entry, where the first control information entry is used to indicate a quintuple of the first data packet and the first data packet. The correspondence between the internal IP address of the destination server and the internal port.

The server information includes a second control information entry, where the second control information entry is used to indicate an internal IP address of the destination server of the first data packet, an internal port of the destination server of the first data packet, and the The source IP address of the data, the source port of the first data, and the correspondence between the transport layer protocol number of the first data packet and the external IP address and the external port of the destination server of the first data packet .

Specifically, after performing load balancing processing (NAT-type load balancing) according to the L3/4 layer information of the first data packet and determining the destination server, the processor may be configured according to the L3/4 layer information of the first data packet. The control information entry in the forward and reverse directions is generated.

Optionally, as described above, in the embodiment of the present invention, after receiving the control information entry, the method further includes:

Delete the first control information entry.

And, the method further includes:

The second control information entry is deleted.

It should be understood that in the foregoing embodiment, the embodiment in which the load balancer adopts NAT-type load balancing has been described, but the present invention is not limited thereto. For example, the load balancer may also adopt the DR-type load balancing or the IP TUN type. Load balancing. At this time, the packet returned by the server (destination server) to the client device does not pass through the load balancer. Therefore, the sender of the second data packet is the client device.

According to the method for controlling data transmission according to the embodiment of the present invention, the load balancing processor determines the control information according to the first data packet, and sends the control information to the network card device, where the network card device receives After the second data packet is sent to the second data packet, the second data packet can be directly sent to the destination server according to the control information, or the second data packet can be obtained in the second data packet. The URL information notifies the load balancing processor that the load balancing processor does not need to parse the second data packet, thereby reducing the processing of the load balancing processor, improving the access speed, and reducing the load of the load balancing processor.

Hereinabove, a method of controlling data transmission according to an embodiment of the present invention is described in detail with reference to FIG. 1, and an apparatus for controlling data transmission according to an embodiment of the present invention will be described in detail below with reference to FIG.

Figure 2 shows a schematic block diagram of an apparatus 200 for controlling data transmission in accordance with an embodiment of the present invention. As shown in Figure 2, the apparatus 200 includes:

The sending unit 210 is configured to send, to the load balancing processor, the first data packet from the client device.

The receiving unit 220 is configured to receive the control information sent by the load balancing processor, and transmit the control information to the processing unit 230, where the control information is the L3/4 layer of the first data packet by the load balancing processor. Determining information and/or L7 layer information of the first data message, the control information including server information indicating a destination server of the first data message;

For transmitting the second data message to the processing unit 230 when receiving the second data message; the processing unit 230 is configured to obtain the control information and the second data message from the receiving unit 220, and according to the Controlling information, controlling the sending unit to transmit the second data packet;

And configured to control the sending unit 210 to transmit the second data packet according to the control information.

Specifically, when the user needs to access the service provided by the server cluster, the client device may send the first datagram of the service according to the externally unified IP address and port of the server cluster (ie, the external IP address and the external port). Text (first data message), the data message first arrives at the load balancer (received by the network card device). The receiving unit 220 of the network card device can receive the first data packet, and the sending unit 210 of the network card device can send the first data packet to the load balancing processor of the load balancer (hereinafter, for convenience of description, the cartridge Referring to the processor, the processor can determine the destination server of the data packet from the server cluster by using any of the foregoing load balancing methods.

The processor can perform load balancing according to different layers of the network (network seven layers). Specifically, load balancing can be performed according to the L3/4 layer of the data packet, or load balancing can be performed according to the L7 layer of the data packet.

In the embodiment of the present invention, the L3/4 layer may include an L3 layer, or an L4 layer, or an L3 layer. And L4 layer. The L3 layer information may include IP address information of a network layer in the OSI network model, and the L4 layer information may include TCP/UDP port information in the OSI network model. Therefore, the L3/4 layer information may include information such as an IP address, a port, and the like of a service server that transmits the service. The L7 layer information may include application layer information, specifically, a URL address carried in the data message.

After receiving the first data packet sent by the network card device, the processor parses the L3/4 layer of the data packet, for example, performs SPI on the data packet to obtain L3/4 layer information of the data packet ( For example, the source IP address, the destination IP address, the source port, the destination port, and the like, in the embodiment of the present invention, the method for the processor to perform load balancing processing according to the L3/4 layer information is the same as the prior art, where , the description is omitted. In the embodiment of the present invention, as a result of the load balancing process, for example, the control information may be server information indicating a destination server. In addition, in the embodiment of the present invention, the processor may directly control, according to the result of the load balancing process, the sending device (for example, the network card device) to send the first data packet to correspond to the result of the load balancing process. The destination server. And send the server information to the network card device.

In the embodiment of the present invention, the server information is used to indicate an internal internet protocol IP address and an internal port of the destination server of the first data packet.

In addition, in the embodiment of the present invention, the server information is determined according to the L3/4 layer information of the first data packet.

The processing unit 230 is specifically configured to control, according to the server information, the purpose of the sending unit to the first data packet when the quintuple of the second data text is the same as the quintuple of the first data file The server sends the second data packet, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number.

Specifically, the processor can send the internal IP address and the internal port of the destination server to the network card device. Internal internal IP address and internal port. The receiving unit 220 of the network card device may receive the second data packet sent by the sending end. Here, the sending end may be the client device or the server, and the present invention is not particularly limited, for example, in a load balancer. When the DR-type load balancing or the IP TUN-type load balancing is used, the packet returned by the server (the destination server) to the client device does not pass through the load balancer. Therefore, the sender of the second data packet is the client device; for example, When the load balancer adopts NAT-type load balancing, the packet sent by the server (the destination server) to the client device needs to pass through the load balancer. Therefore, the sender of the second data packet can be a client device, or For the server (destination server). Hereinafter, a case where the load balancer adopts NAT type load balancing will be described as an example. The transmission of the second data message.

Specifically, on the one hand, if the destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number (TCP connection or UDP connection) of the second data packet and the destination IP address of the first data packet The address, the source IP address, the destination port, the source port, and the transport layer protocol number (TCP connection or UDP connection) are the same. The load balancing processor processes the load based on the L3/4 layer information. That is, the L3/4 layer information (including the destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number of the second data packet) is the same as that for the first data packet, and the first The destination server of the second data packet is the same as the destination server of the first data packet (ie, the second data packet and the first data packet belong to the same communication connection between the client device and the destination server).

Therefore, the processing unit 230 of the network card device can control the sending unit 210 to modify the destination IP address of the second data packet to the IP address of the destination server (of the first data packet), and the second data packet is The destination port is modified to be the port of the destination server (of the first data packet), and the second data packet can be sent to the destination server (of the first data packet).

Specifically, after performing load balancing processing (corresponding to DR-type load balancing or IP TUN-type load balancing) according to the L3/4 layer information of the first data packet, and determining the destination server, the processor may be configured according to the first data packet. The L3/4 layer information only generates the control information entries in the positive direction.

Here, the forward direction refers to the direction from the client device to the server. Specifically, the forward direction control information entry may include, for example, a source IP address of the first data packet, a source port, a destination IP address, a destination port, and The correspondence between the transport layer protocol number of the first data packet (hereinafter, referred to as the first quintuple for convenience of explanation) and the destination server information (for example, including the IP address and port of the destination server), thereby processing unit 230 The source layer address, the source port, the destination IP address, the destination port, and the transport layer protocol number of the second data packet may be used according to the second data packet. In the following, for convenience of description, the second quintuple is called, and the control information table item is found. When the second quintuple is the same as the first quintuple described in the control information table item, it may be determined that The destination server information indicating the destination server of the second data packet is server information corresponding to the first quintuple. Therefore, the processing unit 230 may modify the destination IP address of the second data packet to the IP address of the destination server (indicated by the control information corresponding to the first quintuple), and the purpose of the second data packet. The port is modified to be the port of the destination server (indicated by the control information corresponding to the first quintuple), and the second datagram can be sent to the destination server (indicated by the control information corresponding to the first quintuple) Text.

The processing unit is configured to: when the source IP address of the second data packet is the same as the internal IP address of the destination server, and the source port of the second data packet is the same as the internal port information of the destination server, and the The destination IP address of the second data packet is the same as the source IP address of the first data packet, and the destination port of the second data packet is the same as the source port of the first data packet, and the second data packet is the second data packet. When the transport layer protocol number is the same as the transport layer protocol number of the first data packet, the sending unit is controlled to send the first unit to the client device according to the external IP address and the external port of the destination server of the first data packet. Two data messages.

Therefore, the sending unit 220 may modify the source IP address of the second data packet to the external IP address of the destination server of the first data packet (same as the destination IP address of the first data packet), and the first The source port of the second data packet is modified to be the external port of the destination server of the first data packet (same as the destination port of the first data packet), so that the first datagram can be sent to The client device sends the second data packet.

And the server information includes a second control information entry, where the second control information entry is used to indicate an internal IP address of the destination server of the first data packet, an internal port of the destination server of the first data packet, a source IP address of the first data packet, a source port of the first data packet, and a transport layer protocol number of the first data packet, and an external IP address and an external port of the destination server of the first data packet Correspondence relationship.

Here, the forward direction refers to the direction from the client device to the server. Specifically, the forward direction control information entry may include, for example, a source IP address of the first data packet, a source port, a destination IP address, a destination port, and The correspondence between the transport layer protocol number of the first data packet (hereinafter, referred to as the first quintuple for convenience of explanation) and the destination server information (for example, including the IP address and port of the destination server), thereby processing unit 230 The source IP address, the source port, the destination IP address, the destination port, and the transport layer protocol number of the second data packet (hereinafter, referred to as the second quintuple for convenience of description) may be searched according to the source IP address, the source port, the destination IP address, the destination port, and the second data packet. The control information entry may be determined when the second quintuple is the same as the first quintuple described in the control information entry, and the destination server information indicating the destination server of the second data packet is The server information corresponding to the first quintuple. Therefore, the sending unit 210 may modify the destination IP address of the second data packet to the IP address of the destination server (indicated by the control information corresponding to the first quintuple), and the purpose of the second data packet. The port is modified to be the port of the destination server (indicated by the control information corresponding to the first quintuple), and the second datagram can be sent to the destination server (indicated by the control information corresponding to the first quintuple) Text.

Here, the reverse direction refers to the direction from the server to the client device. Specifically, the reverse direction control information entry may include, for example, an internal IP address of the destination server, an internal port of the destination server, and a source of the first data packet. The IP address, the source port of the first data packet, and the transport layer protocol number of the first data packet (hereinafter, for convenience of description, the third quintuple) and the destination IP address of the first data packet (and purpose) The external IP address of the server is the same), the destination of the first data packet Corresponding relationship between the port (same as the external port of the destination server), so that the processing unit 230 can use the source IP address, the source port, the destination IP address, the destination port, and the transport layer of the second data packet according to the second data The protocol number (the second quintuple) is used to find the control information entry. When the second quintuple is the same as the third quintuple described in the control information entry, the second quintuple can be determined to send the second The server of the data message is the destination server of the first data message corresponding to the first quintuple. Therefore, the sending unit 210 may modify the source IP address of the second data packet to the destination IP address of the first data packet corresponding to the third quintuple indicated by the control information entry (with the external IP address of the destination server) The destination port of the second data packet is modified to be the destination port of the first data packet corresponding to the first quintuple (the same as the external port of the destination server) indicated by the control information entry. Therefore, the second data message can be sent to the client device that sends the first data packet.

Optionally, in the embodiment of the present invention, the processing unit 230 is further configured to: after determining that the receiving unit 220 receives the first control information entry, start a timer, and determine that the timer is not received before the timer expires. The second data message; or

And determining to end a communication connection established between the client device and the destination server of the first data packet for transmitting the first data packet;

Used to delete the first control information entry.

And the processing unit 230 is further configured to: after determining that the receiving unit 220 receives the second control information entry, start a timer, and determine that the second data message is not received before the timer expires; or

Used to delete the second control information entry.

Specifically, after the processing unit 230 acquires the control information entry (including the first control information entry and the second control information entry) from the processor by the receiving unit 220, the processing unit 230 is for a long time (after the timer expires, for example, 30) If the data packet that can be transmitted according to the control information included in the control information table (for example, the second data packet) is not received, the communication connection to which the first data packet belongs may be considered to be deleted. Control information entry (including the first control information entry and the second control information entry).

And, after the processing unit 230 acquires the control information table item (including the first control information table item and the second control information table item) from the processor, the processing unit 230 detects that the communication connection is ended. After the data packet, the communication connection to which the first data packet belongs is considered to be ended, so that the control information entry (including the first control information entry and the second control information entry) can be deleted. Hereinafter, the description of the same or similar cases will be omitted.

The above determines that the second data packet can be controlled according to the control information according to the source IP address, the source port, the destination IP address, the destination port, and the transport layer protocol number of the second data packet. It should be understood that the present invention is not limited thereto, and other methods for determining whether the second data message can be transmitted according to the control information (for example, determining that the first data message and the second data message belong to the same client) The method of the same communication connection between the device and the same server) falls within the scope of the present invention.

Next, the processor is used for L7 layer information according to data packets, or L3/4 layer information and

The case where the L7 layer information performs load balancing will be described.

After receiving the first data packet sent by the sending unit 210 of the network card device, the processor parses the L3/4 layer of the data packet, for example, performs SPI on the data packet to obtain the L3/ of the data packet. Layer 4 information (for example, the source IP address, the destination IP address, the source port, the destination port, and so on), and the L7 layer of the data packet is parsed, for example, DPI is performed on the data packet to obtain the data packet. L7 layer information (for example, the URL of the data message, etc.).

Moreover, in a case where the L7 layer information of the first data packet is not empty (ie, there is a URL or the like), the processor may perform load balancing processing according to the L7 layer information, and the method for performing load balancing processing according to the L7 layer information It is the same as the prior art, and the description thereof is omitted here to avoid redundancy.

In the embodiment of the present invention, as a result of the load balancing process, for example, the control information may be server information indicating the destination server, and the network card device is required to send subsequent data packets (mainly the data packets sent by the client device to the server). The L7 layer resolution indication flag for L7 layer parsing. In addition, in the embodiment of the present invention, the processor may directly control, according to the result of the load balancing process, the sending device (for example, the network card device) to send the first data packet to correspond to the result of the load balancing process. The destination server. And send this control information to the NIC device.

In the embodiment of the present invention, the server information is used to indicate an internal address of the destination server and Internal port.

Specifically, the processor may send the internal IP address and the internal port of the destination server and the L7 layer resolution indication identifier to the network card device.

The sending unit 210 of the network card device may acquire, from the processor, an internal IP address, an internal port, and an L7 layer resolution indication identifier of the destination server within the server cluster.

The sending unit 210 of the network card device may receive the second data packet sent by the sending end. Here, the sending end may be the client device or the server, and the present invention is not particularly limited. For example, the DR is adopted in the load balancer. During load balancing or IP TUN load balancing, the packets returned by the server (destination server) to the client device do not pass through the load balancer. Therefore, the sender of the second data packet is the client device; for example, in load balancing. In the case of the NAT-type load balancing, the server that the server (the destination server) returns to the client device needs to pass the load balancer. Therefore, the sender of the second data packet can be a client device or a server. Destination server). Hereinafter, a case where the load balancer adopts NAT-type load balancing will be described as an example.

The processing unit 230 of the network card device determines whether the transmission of the second data message can be transmitted based on the server information acquired from the processor.

The server information is determined according to the L7 layer information of the first data packet.

The server information is used to indicate an internal internet protocol IP address and an internal port of the destination server of the first data packet, and the control information further includes an L7 layer resolution indication identifier,

The processing unit is configured to: when the quintuple of the second data packet is the same as the quintuple of the first data packet, perform L7 layer information on the second data packet according to the L7 layer resolution indication identifier Parsing, to obtain URL information of a Uniform Resource Locator URL address of the destination server for indicating the second data packet, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer Agreement number;

And if the sending information is sent to the load balancing processor to send the second data packet and the URL information, so that the load balancing processor determines the second data according to the URL information. a destination server of the packet, and sending the second data packet to the destination server of the second data packet; or

And if the URL information is empty, the sending unit is controlled to send the second data packet to the destination server of the first data packet according to the server information. Specifically, on the one hand, when the transmitting end is a client device, if the destination IP address, source IP address, destination port, source port, and transport layer protocol number (TCP connection or UDP connection) of the second data packet are The destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number (TCP connection or UDP connection) of the first data packet are the same. The processor performs load balancing processing based on the L3/4 layer information. The processing of the second data packet is the L3/4 layer information (including the destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number of the second data packet) and the processing basis for the first data packet. Similarly, the processing unit 230 may determine that the destination server of the second data packet is the same as the destination server of the first data packet (ie, the second data packet and the first data packet belong to the client device and the destination server. The same communication connection between).

Then, the processing unit 230 of the network card device can obtain the L7 layer information of the second data packet, that is, the URL address of the second data packet, according to the L7 layer resolution indication identifier.

If the processing unit 230 can obtain the URL address of the second data packet, the sending unit 210 sends the second data packet and the URL address to the processor, so that the processor does not need to perform L7 layer parsing on the second data packet. The load balancing process can be performed directly according to the URL address. In the embodiment of the present invention, since the process of parsing the URL is performed by the network card device, that is, by hardware analysis, the resolution speed is improved compared with the method of using the software to parse by the processor. And reduce the burden on the processor. After the processor determines the destination server of the second data packet according to the URL (may be the same as the destination server of the first data packet, or may be different from the destination server of the first data packet), the processor may be configured by using a sending device (for example, , the gateway device), sending the second data packet.

In addition, if the processing unit 230 is unable to obtain the URL address of the second data packet (the L7 layer information of the second data packet is empty), the control sending unit 210 may send the second data packet according to the server information.

Specifically, after the processor performs load balancing processing (corresponding to DR-type load balancing or IP TUN-type load balancing) according to the L7 layer information of the first data packet, and determining the destination server, the processor may be configured according to the L3 of the first data packet. /4 layer information, only the control information entries in the above positive direction are generated.

Optionally, in the embodiment of the present invention, the server information is further used to indicate an external IP address and an external port of the destination server of the first data packet, The processing unit 230 is specifically configured to: when the source IP address of the second data packet is the same as the internal IP address of the destination server, and the source port of the second data packet is the same as the internal port information of the destination server, and the The destination IP address of the second data packet is the same as the source IP address of the first data packet, and the destination port of the second data packet is the same as the source port of the first data packet, and the second data packet is When the transport layer protocol number of the text is the same as the transport layer protocol number of the first data packet, the sending unit is controlled to send the sending unit to the client device according to the external IP address and the external port of the destination server of the first data packet. Second data message.

Therefore, the sending unit 220 may modify the source IP address of the second data packet to the external IP address of the destination server of the first data packet (same as the destination IP address of the first data packet), and the first The source port of the second data packet is modified to be the external port of the destination server of the first data packet (same as the destination port of the first data packet), so that the client device (which sends the first data packet) can be Send the second data packet.

Specifically, the processor performs load balancing according to the L3/4 layer information of the first data packet. After the NAT server is determined and the destination server is determined, the control information entries in the forward and reverse directions can be generated according to the L3/4 layer information of the first data packet.

Optionally, as described above, in the embodiment of the present invention, the processing unit 230 is further configured to: after determining that the receiving unit 220 receives the first control information entry, start a timer, and determine that the timer expires The second data message has not been received before; or

Used to delete the first control information entry.

Used to delete the second control information entry.

It should be understood that in the foregoing embodiment, the embodiment in which the load balancer adopts NAT-type load balancing has been described, but the present invention is not limited thereto. For example, the load balancer may also adopt the DR-type load balancing or the IP TUN type. Load balancing. At this time, the packet returned by the server (destination server) to the client device does not pass through the load balancer. Therefore, the sender of the second data packet is the client device. The units in 200 and the other operations and/or functions described above are respectively implemented to implement the corresponding flow of method 100 in FIG.

The device for controlling data transmission according to the embodiment of the present invention determines the control information according to the first data packet by the load balancing processor, and sends the control information to the network card device, and the network card device receives the second data packet and determines that After the second data packet is transmitted according to the control information, the second data packet may be directly sent to the destination server according to the control information, or the URL information in the second data packet may be obtained and notified to the load balancing processor. The load balancing processor does not need to parse the second data packet, thereby reducing the processing of the load balancing processor, improving the access speed, and reducing the load of the load balancing processor.

Hereinabove, a method of controlling data transmission according to an embodiment of the present invention is described in detail with reference to FIG. 1, and a device for controlling data transmission according to an embodiment of the present invention is described in detail with reference to FIG. A system for controlling data transmission according to an embodiment of the present invention will be described in detail with reference to FIG.

FIG. 3 shows a schematic block diagram of a system 300 for controlling data transmission in accordance with an embodiment of the present invention. As shown in Figure 3, the system includes:

The load balancing processing module 310 is configured to obtain the first data packet from the network card module 320, and determine, according to the L3/4 layer information of the first data packet and/or the L7 layer information of the first data packet, Instructing server information of the destination server of the first data packet, and sending control information including the server information to the network card module;

The NIC module 320 is configured to send the first data packet from the user equipment to the load balancing processing module 310, and obtain the control information from the load balancing processing module 310. When receiving the second data packet, according to the control Information, controlling the transmission of the second data message.

Specifically, when the user needs to access the service provided by the server cluster, the client device may send the first datagram of the service according to the externally unified IP address and port of the server cluster (ie, the external IP address and the external port). Text (first data message), the data message first arrives at the load balancer (received by the network card device). The NIC module 320 can send the first data packet to the load balancing processing module 310 of the load balancer, so that the equalization processing module 310 can adopt a preset algorithm, and use any of the foregoing load balancing methods to obtain a slave server cluster. Determine the destination server for this data message.

In the embodiment of the present invention, the equalization processing module 310 can perform load balancing according to different layers of the network (network seven layers), specifically, load balancing according to the L3/4 layer of the data packet, or according to the datagram. The L7 layer of the text performs load balancing.

Wherein, in the embodiment of the present invention, the L3/4 layer may include an L3 layer, or an L4 layer, or an L3 layer and an L4 layer. The L3 layer information may include IP address information of the network layer in the OSI network model, and the L4 layer information may include TCP/UDP port information in the OSI network model. Therefore, the L3/4 layer information may include information such as an IP address, a port, and the like of a service server that transmits the service. The L7 layer information may include application layer information, specifically, a URL address carried in the data packet.

Next, the case where the equalization processing module 310 performs load balancing based on the L3/4 layer information of the data message will be described first.

After receiving the first data packet sent by the network card module 320, the equalization processing module 310 parses the L3/4 layer of the data packet, for example, performs SPI on the data packet to obtain the L3/4 of the data packet. In the embodiment of the present invention, the equalization processing module 310 performs load balancing processing according to the L3/4 layer information, in the layer information (for example, the source IP address, the destination IP address, the source port, the destination port, and the like). The method is the same as that of the prior art, and the description thereof is omitted here to avoid redundancy. In the embodiment of the present invention, as a result of the load balancing process, for example, the control information may be server information indicating a destination server. In addition, in the embodiment of the present invention, the equalization processing module 310 can directly control the sending device (for example, the network card module 320) to send the first data packet to the load balancing process according to the result of the load balancing process. The result corresponds to the destination server. And sending the server information to the network card module 320.

Optionally, in the embodiment of the present invention, the server information is determined by the load balancing processing module 310 according to the L3/4 layer information of the first data packet,

The NIC module 320 is configured to send the quintuple of the second data packet to the destination server of the first data packet according to the server information when the quintuple of the second data packet is the same as the quintuple of the first data packet. The second data packet, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number.

Specifically, the equalization processing module 310 can send the internal IP address and the internal port of the destination server in the server cluster to the network card module 320.

Thereafter, the network card module 320 can obtain the internal IP address and the internal port of the destination server within the server cluster from the equalization processing module 310.

Then, the network card module 320 can receive the second data packet sent by the sending end. Here, the sending end can be the client device or the server, and the invention is not particularly limited. For example, the DR is used in the load balancer. In load balancing or IP TUN load balancing, the packets returned by the server (destination server) to the client device do not pass through the load balancer. Therefore, the sender of the second data packet is the client device; for example, in load balancing. In the case of the NAT-type load balancing, the server that the server (the destination server) returns to the client device needs to pass the load balancer. Therefore, the sender of the second data packet can be a client device or a server. Destination server). Hereinafter, a case where the load balancer adopts NAT-type load balancing will be described as an example.

Thereafter, the network card module 320 controls the transmission of the second data message based on the server information acquired from the equalization processing module 310.

Specifically, on the one hand, when the transmitting end is a client device, if the destination IP address, source IP address, destination port, source port, and transport layer protocol number (TCP connection or UDP connection) of the second data packet are Destination IP address, source IP address, destination port, and source of the first data packet The port and the transport layer protocol number (TCP connection or UDP connection) are the same, because the load balancing processor performs load balancing processing based on the L3/4 layer information, and the processing basis of the second data packet is L3/4 layer information (including the first The destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number of the second data packet are the same as those for the first data packet, and the destination server of the second data packet can be determined. The destination server of the data packet is the same (that is, the second data packet and the first data packet belong to the same communication connection between the client device and the destination server).

Therefore, the network card module 320 can modify the destination IP address of the second data packet to the IP address of the destination server (of the first data packet), and modify the destination port of the second data packet to the a port of the destination server of the data packet, to send the second data packet to the destination server (of the first data message).

Specifically, the load balancing processing module 310 may perform load balancing processing (corresponding to DR-type load balancing or IP TUN-type load balancing) according to the L3/4 layer information of the first data packet, and determine the destination server, according to the first The L3/4 layer information of the data packet only generates the control information entry in the positive direction.

Here, the forward direction refers to the direction from the client device to the server. Specifically, the forward direction control information entry may include, for example, a source IP address of the first data packet, a source port, a destination IP address, a destination port, and The transport layer protocol number of the first data message (hereinafter, for convenience of description, the first quintuple) and the destination server information (for example, including the IP address and port of the destination server), so that the network card module 320 The source IP address, the source port, the destination IP address, the destination port, and the transport layer protocol number of the second data packet (hereinafter, referred to as the second quintuple for convenience of description) may be searched according to the source IP address, the source port, the destination IP address, the destination port, and the second data packet. The control information entry may be determined when the second quintuple is the same as the first quintuple described in the control information entry, and the destination server information indicating the destination server of the second data packet is The server information corresponding to the first quintuple. Therefore, the network card module 320 can modify the destination IP address of the second data packet to the IP address of the destination server (indicated by the control information corresponding to the first quintuple), and the second data packet is The destination port is modified to be the port of the destination server (indicated by the control information corresponding to the first quintuple), and can be directed to the control information corresponding to the first quintuple The destination server sends the second data packet.

The NIC module is specifically configured to: when the source IP address of the second data packet is the same as the internal IP address of the destination server, and the source port of the second data packet is the same as the internal port information of the destination server, and the The destination IP address of the second data packet is the same as the source IP address of the first data packet, and the destination port of the second data packet is the same as the source port of the first data packet, and the second data packet is the second data packet. When the transport layer protocol number is the same as the transport layer protocol number of the first data packet, the second data packet is sent according to the external IP address and the external port of the destination server of the first data packet.

Specifically, when the sending end is a server (corresponding to NAT-type load balancing), if the destination IP address of the second data packet is the same as the source IP address of the first data packet, the source IP address of the second data packet The address is the same as the internal IP address of the destination server determined by the processor after the first data is equalized. The destination port of the second data packet is the same as the source IP address of the first data packet, and the second data packet is the second data packet. The source port is the same as the internal port of the destination server determined by the processor after equalizing the first data, and the second data packet transport layer protocol number is the same as the transport layer protocol number of the first data packet, due to the load The equalization processor performs load balancing processing based on the L3/4 layer information, and determines that the second data packet is a response data packet corresponding to the first data packet generated by the destination server (ie, the second data packet is The first data packet belongs to the same communication connection between the client device and the destination server).

Therefore, the network card module 320 can modify the source IP address of the second data packet to the destination IP address of the external IP address of the destination server of the first data packet (same as the destination IP address of the first data packet), and Modifying the source port of the second data packet to the external port of the destination server of the first data packet (same as the destination port of the first data packet), so as to be able to send the first data packet The client device sends the second data packet.

And the server information includes a second control information entry, where the second control information entry is used to indicate an internal IP address of the destination server of the first data packet, an internal port of the destination server of the first data packet, The source IP address of the first data packet and the source end of the first data packet Correspondence between the port and the transport layer protocol number of the first data packet and the external IP address and the external port of the destination server of the first data packet.

Specifically, after the load balancing processing (NAT-type load balancing) is performed according to the L3/4 layer information of the first data packet, and the destination server is determined, the load balancing processing module 310 may be configured according to the L3/4 of the first data packet. Layer information, generating control information entries in both forward and reverse directions.

Here, the forward direction refers to the direction from the client device to the server. Specifically, the forward direction control information entry may include, for example, a source IP address of the first data packet, a source port, a destination IP address, a destination port, and The transport layer protocol number of the first data message (hereinafter, for convenience of description, the first quintuple) and the destination server information (for example, including the IP address and port of the destination server), so that the network card module 320 The source IP address, the source port, the destination IP address, the destination port, and the transport layer protocol number of the second data packet (hereinafter, referred to as the second quintuple for convenience of description) may be searched according to the source IP address, the source port, the destination IP address, the destination port, and the second data packet. The control information entry may be determined when the second quintuple is the same as the first quintuple described in the control information entry, and the destination server information indicating the destination server of the second data packet is The server information corresponding to the first quintuple. Therefore, the network card module 320 can modify the destination IP address of the second data packet to the IP address of the destination server (indicated by the control information corresponding to the first quintuple), and the second data packet is The destination port is modified to be the port of the destination server (indicated by the control information corresponding to the first quintuple), and the second server is capable of transmitting the second data to the destination server (indicated by the control information corresponding to the first quintuple) Message.

Here, the reverse direction refers to the direction from the server to the client device. Specifically, the reverse direction control information entry may include, for example, an internal IP address of the destination server, an internal port of the destination server, and a source of the first data packet. The IP address, the source port of the first data packet, and the transport layer protocol number of the first data packet (hereinafter, for convenience of description, the third quintuple) and the destination IP address of the first data packet (and purpose) The server has the same external IP address, and the destination port of the first data packet (same as the external port of the destination server), so that the network card module 320 can use the source IP address, source port, and destination of the second data. The IP address, the destination port, and the transport layer protocol number of the second data packet (the second quintuple), and the control information entry, the third five recorded in the second quintuple and the control information entry. If the tuple is the same, it may be determined that the server that sends the second data packet is the destination server of the first data packet corresponding to the first quintuple. Therefore, the network card module 320 can modify the source IP address of the second data packet to the destination IP address of the first data packet corresponding to the third quintuple indicated by the control information entry. An address (which is the same as the external IP address of the destination server), and the destination port of the second data packet is modified to be the destination port of the first data packet corresponding to the first quintuple indicated by the control information entry ( The same as the external port of the destination server, so that the second data packet can be sent to the client device that sends the first data packet. Hereinafter, the description of the same or similar cases will be omitted.

Optionally, in the embodiment of the present invention, the network card module 320 is further configured to: after receiving the first control information entry, start a timer, and determine that the second datagram is not received before the timer expires. Text; or

Used to delete the first control information entry.

And the NIC module 320 is further configured to: after receiving the second control information entry, start the timer, and determine that the second data packet is not received before the timer expires; or

Used to delete the second control information entry.

Specifically, after acquiring the control information entry (including the first control information entry and the second control information entry) from the load balancing processing module 310, the NIC module 320 is for a long time (after the timer expires, for example, 30 minutes) The data packet (for example, the second data packet) that can be transmitted according to the control information included in the control information table is not received, and the communication connection to which the first data packet belongs is considered to be ended, so that the control can be deleted. The information item (including the first control information item and the second control information item).

After the NIC module 320 obtains the control information entry (including the first control information entry and the second control information entry) from the load balancing processing module 310, after detecting the data packet indicating the end of the communication connection, the NIC module 320 may consider The communication connection to which the data packet belongs is ended, so that the control information entry (including the first control information entry and the second control information entry) can be deleted. Hereinafter, the description of the same or similar cases will be omitted.

The above determines that the second data packet can be controlled according to the control information according to the source IP address, the source port, the destination IP address, the destination port, and the transport layer protocol number of the second data packet. It should be understood that the present invention is not limited thereto, and other methods for determining whether the second data message can be transmitted according to the control information (for example, determining that the first data message and the second data message belong to the same client) The same communication connection between the device and the same server The method) falls within the scope of protection of the present invention.

In the following, the processor is configured to perform load balancing according to the L7 layer information of the data packet, or the L3/4 layer information and the L7 layer information.

After receiving the first data packet sent by the network card module 320, the load balancing processing module 310 parses the L3/4 layer of the data packet, for example, performs SPI on the data packet to obtain the L3/4 of the data packet. The layer information (for example, the source IP address, the destination IP address, the source port, the destination port, and the like), and the L7 layer of the data packet is parsed, for example, DPI is performed on the data packet, thereby acquiring the data packet. L7 layer information (for example, the URL of the data message, etc.).

In the embodiment of the present invention, the L7 layer information of the first data packet may be empty (that is, there is no URL or the like). At this time, the load balancing processing module 310 performs load balancing processing only according to the L3/4 layer information. The method of performing load balancing processing based on the L3/4 layer information is the same as that of the prior art. Here, in order to avoid redundancy, the description thereof will be omitted.

Moreover, in a case where the L7 layer information of the first data packet is not empty (that is, there is a URL or the like), the load balancing processing module 310 may perform load balancing processing according to the L7 layer information, and perform load balancing according to the L7 layer information. The method of processing is the same as that of the prior art, and the description thereof is omitted here to avoid redundancy.

In the embodiment of the present invention, the control information, as a result of the load balancing process, may include, for example, server information indicating the destination server, and indicating that the network card module 320 needs to send subsequent data packets (mainly data sent by the client device to the server). Message) The L7 layer resolution indication flag for L7 layer parsing. In addition, in the embodiment of the present invention, the load balancing processing module 310 can directly control the sending device (for example, the network card module 320) to send the first data packet to the load balancing processing according to the result of the load balancing processing. The result corresponds to the destination server. And sending the control information to the network card module 320.

Optionally, in the embodiment of the present invention, the server information is determined by the load balancing processing module according to the L3/4 layer information and the L7 layer information of the first data packet, or

The server information is determined by the load balancing processing module according to the L7 layer information of the first data packet, where the control information further includes an L7 layer resolution indication identifier,

The NIC module is specifically configured to: when the quintuple of the second data packet is the same as the quintuple of the first data packet, perform L7 layer signaling on the second data packet according to the L7 layer resolution indication identifier Parsing to obtain a uniform resource locator for indicating the destination server of the second data packet

URL information of the URL address, where the quintuple is a source IP address, a source port, a destination IP address, a destination port, and a transport layer protocol number;

Specifically, the load balancing processing module 310 can send the internal IP address and the internal port of the destination server in the server cluster to the network card module 320.

The NIC module 320 may obtain the internal IP address, the internal port, and the L7 layer resolution indication identifier of the destination server in the server cluster from the load balancing processing module 310, and the load balancing processing module 310 may be the IP address and port of the destination server. And the L7 layer resolution indication identifier.

The NIC module 320 can receive the second data packet sent by the sending end. Here, the sending end can be the client device or the server, and the present invention is not particularly limited. For example, the load balancer adopts DR load balancing or In the IP TUN load balancing mode, the server (destination server) returns the packet to the client device without passing through the load balancer. Therefore, the sender of the second data packet is the client device; for example, the NAT is used in the load balancer. In the load balancing mode, the packet sent by the server (destination server) to the client device needs to pass through the load balancer. Therefore, the sender of the second data packet may be a client device or a server (destination server). . Hereinafter, a case where the load balancer adopts NAT-type load balancing will be described as an example.

The network card module 320 transmits the transmission of the second data message based on the server information acquired from the load balancing processing module 310.

Specifically, on the one hand, when the sending end is a client device, if the destination IP address, source IP address, destination port, source port, and transport layer protocol number (TCP connection or UDP connection) of the second data packet are The destination IP address, the source IP address, the destination port, the source port, and the transport layer protocol number (TCP connection or UDP connection) of the first data packet are the same, because the load balancing processing module 310 performs load balancing processing based on the L3/4 layer information. For processing the second data packet, that is, L3/4 layer information (including the destination IP address, source IP address, and destination end of the second data packet) The port, the source port, and the transport layer protocol number are the same as the processing for the first data packet, and the network card module 320 can determine that the destination server of the second data packet is the same as the destination server of the first data packet (ie, The two data messages and the first data message belong to the same communication connection between the client device and the destination server.

Then, the NIC module 320 can obtain the L7 layer information of the second data packet, that is, the URL address of the second data packet, according to the L7 layer resolution indication identifier.

If the network card module 320 can obtain the URL address of the second data packet, the second data packet and the URL address are sent to the load balancing processing module 310, so that the load balancing processing module 310 does not need to perform the second data packet. In the L7 layer parsing, the load balancing process can be directly performed according to the URL address. In the embodiment of the present invention, the process of parsing the URL is performed by the network card module 320, that is, by hardware parsing, and by means of the software that is parsed by the load balancing processing module 310. In comparison, the resolution speed is increased and the burden on the load balancing processing module 310 is reduced. After the destination server of the second data packet is determined according to the URL (may be the same as the destination server of the first data packet, and may be different from the destination server of the first data packet), the load balancing processing module 310 may send The device (eg, the gateway device) sends the second data message. .

In addition, if the network card module 320 cannot obtain the URL address of the second data packet (the L7 layer information of the second data packet is empty), the second data packet may be sent according to the server information.

Specifically, the load balancing processing module 310 may perform load balancing processing (corresponding to DR-type load balancing or IP TUN-type load balancing) according to the L7 layer information of the first data packet, and determine the destination server, according to the first datagram. For the L3/4 layer information of the text, only the control information entries in the positive direction described above are generated.

The NIC module is specifically configured to: when the source IP address of the second data packet is the same as the internal IP address of the destination server, and the source port of the second data packet is the same as the internal port information of the destination server, and the The destination IP address of the second data packet is the same as the source IP address of the first data packet, and the destination port of the second data packet is the same as the source port of the first data packet, and the second data packet is the second data packet. When the transport layer protocol number is the same as the transport layer protocol number of the first data packet, And sending the second data packet according to the external IP address of the destination server of the first data packet and the external port.

Specifically, when the sending end is a server (corresponding to NAT-type load balancing), if the destination IP address of the second data packet is the same as the source IP address of the first data packet, the source IP address of the second data packet The address and load balancing processing module 310 determines that the internal IP address of the destination server is the same after the equalization processing of the first data, and the destination port of the second data packet is the same as the source IP address of the first data packet, and the second The source port of the data packet is the same as the internal port of the destination server determined by the load balancing processing module 310 after the equalization processing on the first data, and the second data packet transport layer protocol number and the transport layer of the first data packet. The protocol number is the same. The load balancing processing module 310 performs load balancing processing based on the L3/4 layer information, and determines that the second data packet is a response data packet corresponding to the first data packet generated by the destination server. The second data packet and the first data packet belong to the same communication connection between the client device and the destination server.

Specifically, after the load balancing processing (NAT-type load balancing) is performed according to the L3/4 layer information of the first data packet, and the destination server is determined, the load balancing processing module 310 may be configured according to the L3/4 of the first data packet. Layer information, generating control information entries in both the forward and reverse directions.

Optionally, as described above, in the embodiment of the present invention, the network card module 320 is further configured to: after receiving the first control information entry, start a timer, and determine that the timer is not received before the timer expires. To the second data message; or

Used to delete the first control information entry.

Used to delete the second control information entry.

It should be understood that in the foregoing embodiment, the embodiment in which the load balancer adopts NAT-type load balancing has been described, but the present invention is not limited thereto. For example, the load balancer may also adopt the DR-type load balancing or the IP TUN type. Load balancing. At this time, the packet returned by the server (destination server) to the client device does not pass through the load balancer. Therefore, the sender of the second data packet is the client device. The units in system 300 and the other operations and/or functions described above are respectively implemented to implement the corresponding processes of method 100 in FIG.

It should be understood that the term "and/or" in this context is merely an association describing the associated object, indicating that there may be three relationships, for example, A and / or B, which may represent: A exists separately, and A and B exist simultaneously There are three cases of B alone. In addition, the character "/" in this article generally indicates that the context object is an "or" relationship.

It should be understood that, in various embodiments of the present invention, the size of the sequence numbers of the above processes does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be taken to the embodiments of the present invention. The implementation process constitutes any limitation. Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.

It will be apparent to those skilled in the art that, for the convenience of the description and the cleaning process, the specific operation of the system, the device and the unit described above may be referred to the corresponding processes in the foregoing method embodiments, and details are not described herein again.

In the several embodiments provided herein, it should be understood that the disclosed systems, devices, and methods may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed. In addition, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical, mechanical or otherwise.

The units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.

In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

The functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present invention, which is essential to the prior art or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, including The instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. . The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

Rights request

1. A method of controlling data transmission, characterized in that the method includes:

Send the first data packet from the client device to the load balancing processor;

Receive control information sent by the load balancing processor, wherein the control information is the load balancing processor based on the L3/4 layer information of the first data packet and/or the first data packet. Determined by L7 layer information, the control information includes server information indicating the destination server of the first data message;

When the second data message is received, the transmission of the second data message is controlled according to the control information.

2. The method according to claim 1, wherein the server information is used to indicate the internal Internet Protocol IP address and internal port of the destination server of the first data message.

3. The method according to claim 2, characterized in that the server information is determined based on the L3/4 layer information of the first data message.

The control of the transmission of the second data message according to the control information is specifically: when the five-tuple of the second data message is the same as the five-tuple of the first data message, according to The server information sends the second data packet to the destination server of the first data packet, wherein the five-tuple is a source IP address, a source port, a destination IP address, a destination port and a transport layer protocol. Number.

4. The method according to claim 2, wherein the server information is determined based on the L3/4 layer information of the first data packet and the L7 layer information of the first data packet, or based on the The L7 layer information of the first data packet is determined,

And the control information also includes the L7 layer parsing indicator, Bei'J

The control of the transmission of the second data message according to the control information is specifically: when the five-tuple of the second data message is the same as the five-tuple of the first data message, according to The L7 layer parsing indication indicator performs L7 layer information parsing on the second data message to obtain the Uniform Resource Locator URL address used to indicate the destination server of the second data message.

URL information, wherein the five-tuple is the source IP address, source port, destination IP address, destination port and transport layer protocol number;

If the URL information is not empty, the second data packet and the URL information are sent to the load balancing processor, so that the load balancing processor determines the second data packet based on the URL information. the destination server of the data message, and to the destination server of the second data message Send the second data message;

If the URL information is empty, the second data packet is sent to the destination server of the first data packet according to the server information.

5. The method according to claim 3 or 4, characterized in that, the server information includes a first control information entry, and the first control information entry is used to indicate the five-element value of the first data message. The corresponding relationship between the group and the internal IP address and internal port of the destination server of the first data message.

6. The method according to claim 5, characterized in that, the method further includes: after receiving the first control information entry, starting a timer, and determining that the first control information entry is not received before the timer times out. the second data message; or

Determining that the communication connection established between the client device and the destination server of the first data message for transmitting the first data message ends;

Delete the first control information entry.

7. The method according to any one of claims 2 to 6, characterized in that the server information is also used to indicate the external IP address and external port of the destination server of the first data message, then

Controlling the transmission of the second data message based on the control information is specifically: when the source IP address of the second data message is the same as the internal IP address of the destination server, and the second The source port of the data packet is the same as the internal port information of the destination server, and the destination IP address of the second data packet is the same as the source IP address of the first data packet, and the second data packet When the destination port of the message is the same as the source port of the first data message, and the transport layer protocol number of the second data message is the same as the transport layer protocol number of the first data message, according to the third The external IP address and external port of the destination server of the data message are used to send the second data message to the client device.

8. The method according to claim 7, wherein the server information includes a second control information entry, and the second control information entry is used to indicate the internal content of the destination server of the first data message. IP address, the internal port of the destination server of the first data message, the source IP address of the first data message, the source port of the first data message, and the transport layer of the first data message Correspondence between the protocol number and the external IP address and external port of the destination server of the first data message.

9. The method according to claim 8, characterized in that, the method further includes: After receiving the second control information entry, start a timer, and determine that the second data message is not received before the timer times out; or

Delete the second control information entry.

10. A device for controlling data transmission, characterized in that the device includes:

A sending unit, configured to send the first data message from the client device to the load balancing processor; and according to the control of the processing unit, transmit the second data message;

A receiving unit configured to receive control information sent by the load balancing processor, wherein the control information is the L3/4 layer information of the load balancing processor according to the first data message and/or the third Determined by the L7 layer information of a data message, the control information includes server information used to indicate the destination server of the first data message; and used to receive the second data message; the processing unit, It is used to control the sending unit to transmit the second data message according to the control information when the receiving unit receives the second data message.

11. The device according to claim 10, wherein the server information is used to indicate the internal Internet Protocol IP address and internal port of the destination server of the first data message.

12. The device according to claim 11, wherein the server information is determined based on the L3/4 layer information of the first data message.

The processing unit is specifically configured to control the sending unit to the first data message according to the server information when the five-tuple of the second data message is the same as the five-tuple of the first data message. The destination server of the data message sends the second data message, wherein the five-tuple is a source IP address, a source port, a destination IP address, a destination port and a transport layer protocol number.

13. The device according to claim 11, wherein the server information is determined based on the L3/4 layer information and L7 layer information of the first data packet, or based on the first data packet. The L7 layer information is determined,

And the control information also includes the L7 layer parsing indicator, Bei'J

The processing unit is specifically configured to, when the quintuple of the second data packet is the same as the quintuple of the first data packet, process the second data packet according to the L7 layer parsing indicator. Perform L7 layer information parsing on the second data message to obtain URL information indicating the Uniform Resource Locator URL address of the destination server of the second data message, where the five-tuple is the source IP address, source port, and destination IP. Address, destination port and transport layer protocol number; Used to control the sending unit to send the second data message and the URL information to the load balancing processor if the URL information is not empty, so that the load balancing processor can process the data according to the URL. information, determine the destination server of the second data message, and send the second data message to the destination server of the second data message; or

It is used to control the sending unit to send the second data message to the destination server of the first data message according to the server information if the URL information is empty.

14. The device according to claim 12 or 13, characterized in that: the server information includes a first control information entry, and the first control information entry is used to indicate the five-element value of the first data message. The corresponding relationship between the group and the internal IP address and internal port of the destination server of the first data message.

15. The device according to claim 14, wherein the processing unit is further configured to start a timer after determining that the receiving unit receives the first control information entry, and determine that at the timing The second data message is not received before the controller times out; or

For determining that the communication connection established between the client device and the destination server of the first data message for transmitting the first data message ends;

Used to delete the first control information entry.

16. The device according to any one of claims 11 to 15, wherein the server information is also used to indicate the external IP address and external port of the destination server of the first data message, then

The processing unit is specifically configured to process when the source IP address of the second data message is the same as the internal IP address of the destination server, and the source port of the second data message is the same as the internal port information of the destination server. The same, and the destination IP address of the second data message is the same as the source IP address of the first data message, and the destination port of the second data message is the same as the source port of the first data message. are the same, and the transport layer protocol number of the second data message is the same as the transport layer protocol number of the first data message, according to the external IP address and external port of the destination server of the first data message, Control the sending unit to send the second data message to the client device.

17. The device according to claim 16, wherein the server information includes a second control information entry, and the second control information entry is used to indicate the internal contents of the destination server of the first data message. IP address, the internal port of the destination server of the first data message, the source IP address of the first data message, the source port of the first data message and the first data The corresponding relationship between the transport layer protocol number of the data message and the external IP address and external port of the destination server of the first data message.

18. The device according to claim 17, wherein the processing unit is further configured to start a timer after determining that the receiving unit receives the second control information entry, and determine that at the timing The second data message is not received before the controller times out; or

Used to delete the second control information entry.

19. A system for controlling data transmission, characterized in that the system includes:

The load balancing processing module is configured to obtain the first data packet from the network card module, and determine the data packet for the first data packet according to the L3/4 layer information of the first data packet and/or the L7 layer information of the first data packet. Indicate the server information of the destination server of the first data message, and send control information including the server information to the network card module;

The network card module is configured to send the first data packet from the user equipment to the load balancing processing module, and obtain the control information from the load balancing processing module. When receiving the second data packet, according to the Control information, controlling the transmission of the second data message.

20. The system according to claim 19, wherein the server information is used to indicate the internal Internet Protocol IP address and internal port of the destination server of the first data message.

21. The system according to claim 20, wherein the server information is determined by the load balancing processing module based on the L3/4 layer information of the first data message.

The network card module is specifically configured to send a message to the destination of the first data message according to the server information when the five-tuple of the second data message is the same as the five-tuple of the first data message. The server sends the second data message, wherein the five-tuple is a source IP address, a source port, a destination IP address, a destination port and a transport layer protocol number.

22. The system according to claim 20, wherein the server information is determined by the load balancing processing module based on the L3/4 layer information and L7 layer information of the first data message, or

The server information is determined by the load balancing processing module based on the L7 layer information of the first data message,

And the control information also includes the L7 layer parsing indicator, Bei'J

The network card module is specifically used to when the five-tuple of the second data message is the same as the first data When the quintuples of the messages are the same, perform L7 layer information parsing on the second data message according to the L7 layer parsing indication mark to obtain unified resources used to indicate the destination server of the second data message. URL information of the locator URL address, wherein the five-tuple is the source IP address, source port, destination IP address, destination port and transport layer protocol number;

If the URL information is not empty, the second data packet and the URL information are sent to the load balancing processor, so that the load balancing processor determines the second data packet based on the URL information. The destination server of the data message, and sends the second data message to the destination server of the second data message; or

23. The system according to claim 21 or 22, characterized in that: the server information includes a first control information entry, and the first control information entry is used to indicate the five-element value of the first data message. The corresponding relationship between the group and the internal IP address and internal port of the destination server of the first data message.

24. The system according to claim 23, wherein the network card module is further configured to start a timer after receiving the first control information entry, and determine that no entry is received before the timer times out. to the second data message; or

Used to delete the first control information entry.

25. The system according to any one of claims 20 to 24, wherein the server information is also used to indicate the external IP address and external port of the destination server of the first data message, then

The network card module is specifically used when the source IP address of the second data message is the same as the internal IP address of the destination server, and the source port of the second data message is the same as the internal port information of the destination server. The same, and the destination IP address of the second data message is the same as the source IP address of the first data message, and the destination port of the second data message is the same as the source port of the first data message. are the same, and the transport layer protocol number of the second data message is the same as the transport layer protocol number of the first data message, according to the external IP address and external port of the destination server of the first data message, Send the second data packet to the client device.

26. The system according to claim 25, characterized in that the server information includes The second control information entry is used to indicate the internal IP address of the destination server of the first data message, the internal port of the destination server of the first data message, the third The source IP address of a data message, the source port of the first data message, the transport layer protocol number of the first data message, and the external IP address and external port of the destination server of the first data message. corresponding relationship.

27. The system according to claim 26, wherein the network card module is further configured to start a timer after receiving the second control information entry, and determine that no entry is received before the timer times out. to the second data message; or

Used to delete the second control information entry.