WO2017161938A1 - Packet transmission method and device - Google Patents

Packet transmission method and device Download PDF

Info

Publication number
WO2017161938A1
WO2017161938A1 PCT/CN2016/111933 CN2016111933W WO2017161938A1 WO 2017161938 A1 WO2017161938 A1 WO 2017161938A1 CN 2016111933 W CN2016111933 W CN 2016111933W WO 2017161938 A1 WO2017161938 A1 WO 2017161938A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
sub
aggregation
address
radius
Prior art date
Application number
PCT/CN2016/111933
Other languages
French (fr)
Chinese (zh)
Inventor
周栋臣
滕新东
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2017161938A1 publication Critical patent/WO2017161938A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/24Multipath
    • H04L45/245Link aggregation, e.g. trunking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a message transmission method and apparatus.
  • NFV Network Function Virtualization
  • the VNF Virtual Network Function
  • the VNF runs on the NFV system in the form of software.
  • the VNF is provided with a virtual machine (VM).
  • VM virtual machine
  • Each VM can be thought of as a separate network functional entity that can be restarted independently and has its own root access, users, Internet Protocol (IP) addresses, memory, procedures, files, applications, system libraries, and Configuration files, etc.
  • IP Internet Protocol
  • multiple VMs are deployed in the VNF.
  • multiple VMs deployed in the VNF form a VNF pool to implement load sharing and improve network reliability.
  • each of the multiple VMs establishes a communication link with the server, such as a Transmission Control Protocol (TCP) connection, and performs packet transmission. If the number of VMs is large, excessive communication links are created between the VNF Pool and the server, which consumes more memory resources of the server.
  • TCP Transmission Control Protocol
  • the embodiment of the invention provides a message transmission method and device to reduce VNF Pool and server The number of communication links created between them saves the memory resources of the server.
  • a packet transmission method in which a convergence agent receives a first packet from each of at least two VMs in a VNF Pool, and converts the first packet to obtain a first packet
  • the second packet the source IP address of the second packet is an IP address of the aggregation proxy
  • the destination IP address of the second packet is an IP address of the server
  • the convergence proxy passes the second packet
  • the aggregation link between the aggregation agent and the server is sent to the server, so that the VNF pool externally presents the aggregation link.
  • the server does not perceive the VNF pool as a whole and does not have multiple VMs under the VNF Pool.
  • the number of the aggregation links is less than the number of the sub-links, which saves the number of communication links under the server, so as to save server memory resources.
  • the aggregation proxy may be load balancing (LB), and the LB may be built-in or externally placed in the VNF Pool.
  • the LB built in the VNF Pool or the LB externally placed in the VNF Pool may be determined according to the VNF Pool of the VM that establishes the sub-link with the aggregation proxy, if the VM that establishes the sub-link with the aggregation proxy belongs to a different one.
  • the VNF Pool can be aggregated by using an external LB. If the VM that establishes a sub-link with the aggregation proxy belongs to a VNF Pool, the built-in LB can be used for aggregation.
  • the number of the aggregation links in the embodiment of the present invention may be established according to the number of the sub-links. If the number of sub-links is small, the transmission can be completed through one aggregation link, and only one aggregation link can be established. If the number of sub-links is too large and the load of the aggregation link is too heavy through an aggregation link, at least two aggregation links can be created.
  • the sub-link in the embodiment of the present invention refers to a link established between each VM in the VNF Pool and the aggregation proxy, and the at least two VMs are connected to the aggregation proxy through at least two sub-links, and The at least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet.
  • the source IP address of the first packet is the IP address of the VM, and the source port of the first packet is the port of the VM.
  • the destination IP address of the first packet is the IP address of the aggregation proxy, and the destination port of the first packet.
  • the IP address of the aggregation agent refers to a link established between each VM in the VNF Pool and the aggregation proxy, and the at least two VMs are connected to the aggregation proxy through at least two sub-links, and The at least two VMs are in one-to-one correspondence with the at least two sub-links
  • the aggregation link refers to a link between the aggregation proxy and the server, and the aggregation proxy and the server are connected by an aggregation link, and the aggregation link is used to transmit the second report.
  • the source IP address of the first packet is replaced by the IP address of the aggregation proxy, and the source IP address of the second packet is obtained, and the IP address of the server is used to replace the first packet.
  • the second packet includes a source IP address and a destination IP address
  • the second packet may further include a source port and a destination port, where the source port of the first packet may be replaced by the port of the aggregation proxy.
  • the source port of the second packet is obtained, that is, the source port of the second packet is the port of the aggregation proxy.
  • the destination port of the second packet is replaced by the port of the server, and the destination port of the second packet is the port of the server.
  • the content included in the second packet in the embodiment of the present invention may be specifically determined according to the tuple information used in the second packet, where the tuple information refers to, for example, a five-tuple or a seven-tuple group.
  • the information of the IP quintuple is preferably included in the second packet of the present invention, including the source port, the source IP address, the destination port, and the destination IP address. And the adopted agreement.
  • the second packet may include different content according to different transmission protocols.
  • the sub-link is a sub-TCP connection
  • the aggregation link is a converged TCP connection.
  • the second packet further includes a sequence number, where the sequence number of the second packet is a sequence number allocated by the aggregation proxy according to the aggregate TCP connection.
  • the sequence number assigned by the aggregation link can be replaced by the sequence number assigned by the sub-link, and the sequence number of the second packet is obtained.
  • the aggregation proxy may send the second report to the server through the convergence TCP connection according to the source IP address, the source port, the destination IP address, the destination port, and the sequence number of the second packet included in the second packet.
  • the packets in the sub-TCP connection are aggregated and sent to the server in the aggregate TCP connection.
  • the convergence proxy may also receive the second response packet of the second packet by the server through the convergence TCP connection.
  • the second response message includes the confirmation serial number of the second message, and the confirmation sequence of the second message The number is the sum of the sequence number of the second packet and the data length of the second packet; the aggregation agent searches for the pre-save according to the confirmation serial number of the second packet included in the second response packet. a relationship list, where the sequence number of the second packet and the data length of the second packet are determined, where the pre-saved relationship list includes the sequence number of the second packet and the data of the second packet.
  • the aggregation proxy according to the determined sequence number of the second packet and the data length of the second packet, Determining a sub-TCP connection for transmitting the first packet in the relationship list; the aggregation proxy obtaining a first response packet of the first packet according to the second response packet, the first response packet
  • the source IP address is the IP address of the aggregation proxy
  • the destination IP address of the first response packet is the IP address of the VM to which the determined sub-TCP connection is connected
  • the first response packet includes The confirmation serial number of the first message, the confirmation sequence of the first message
  • the column number is the sum of the sequence number of the first packet and the data length of the first packet; the aggregation proxy is connected to the determined sub-TCP connection by using the determined sub-TCP connection.
  • the VM forwards the first response packet to implement receiving and forwarding the response packet.
  • the convergence TCP connection is a newly established TCP connection when the aggregation agent receives the first packet transmitted by the first sub-TCP connection in the VNF Pool, and receives the first transmission of the subsequent sub-TCP connection.
  • the establishment of a converged TCP connection is not triggered.
  • the embodiment of the present invention implements the aggregation of the packets in the sub-TCP connection of each VM to a converged TCP connection by the aggregation proxy to transmit and receive the packets, thereby saving the TCP link on the server side.
  • the number to save server memory resources.
  • the sub-link is a remote user dial-up authentication system RADIUS sub-session
  • the aggregation link is a RADIUS convergence session
  • the second packet further includes a matching identifier, where the The matching identifier of the second packet is a matching identifier allocated by the aggregation proxy according to the RADIUS aggregation session.
  • the matching identifier of the RADIUS sub-session is replaced by the matching identifier re-assigned by the RADIUS aggregation session, and the matching identifier of the second packet is obtained, that is, the matching identifier of the second packet is based on the RADIUS aggregation session.
  • the allocation of information such as the IP address and port can avoid duplication of matching identifiers assigned with the RADIUS sub-session.
  • the aggregation proxy may send the second to the server through the RADIUS aggregation session according to the source IP address, the source port, the destination IP address, the destination port, and the matching identifier of the second packet included in the second packet.
  • the packet is sent to the server in the RADIUS sub-session.
  • the convergence proxy may also receive the second response packet of the second packet by the server through the RADIUS convergence session.
  • the second response packet includes a matching identifier of the second packet.
  • the aggregation proxy searches for the pre-created proxy table according to the matching identifier of the second packet included in the second response packet, and determines the RADIUS sub-session.
  • the proxy table stores a matching identifier of the second packet, and a matching of the first packet An identifier and a correspondence between the RADIUS sub-sessions that transmit the first packet;
  • the aggregation proxy obtains the first response packet of the first packet according to the second response packet, where the first The source IP address of the response packet is the IP address of the aggregation proxy, and the destination IP address of the first response packet is the IP address of the VM to which the determined RADIUS subsession is connected; Determining the number The matching identifier of a packet and the RADIUS sub-session transmitting the first packet forward the first response packet to the VM connected to the determined RADIUS sub-session.
  • the RADIUS aggregation session is an established RADIUS session between the aggregation proxy and the server, and the RADIUS convergence session can be obtained by directly modifying the established RADIUS session.
  • the embodiment of the present invention implements the aggregation of the packets in the RADIUS sub-sessions of different VMs into the RADIUS aggregation session through the aggregation proxy to send and receive the packets, which can save the number of RADIUS sessions on the server side. In order to save server memory resources.
  • the aggregation agent releases the aggregation link in case the acknowledgment that the sub-link is released, to further save resources.
  • a message transmission apparatus in a second aspect, is provided, and the apparatus for implementing message transmission has a corresponding function for implementing the message transmission method according to the first aspect.
  • the functions may be implemented by hardware or by corresponding software implemented by hardware.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the message transmission device includes a receiving unit and a processing unit, and the receiving unit is configured to receive a first message from each of at least two VMs in the VNF Pool, where the at least two VMs pass The at least two sub-links are connected to the packet transmission device, and the at least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet.
  • the processing unit is configured to obtain a second packet according to the first packet, where the second packet includes a source IP address and a destination IP address, and a source IP address of the second packet is the packet The IP address of the transmission device, and the destination IP address of the second packet is the IP address of the server.
  • the sending unit is configured to send the second packet obtained by the processing unit by using an aggregation link established between the packet transmission device and the server, where the number of the aggregation links is smaller than The number of sub-links is reduced to save the number of communication links under the server, thereby saving server memory resources.
  • a convergence agent comprising a processor and a memory, wherein the memory stores a computer readable program, and the processor implements the first aspect by running a program in the memory Message transmission method.
  • a computer storage medium for storing the above-mentioned computer software instructions for implementing a message transmission device or a convergence agent, comprising a program for performing the message transmission method according to the above first aspect.
  • FIG. 1 is a network architecture diagram of a packet transmission method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of implementing a message transmission method according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a process of message transmission according to an embodiment of the present disclosure.
  • FIG. 4 is a schematic diagram of an implementation process of packet transmission performed by an LB built in a VNF Pool according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram showing an implementation process of message transmission by an LB placed in a VNF Pool according to an embodiment of the present invention. intention;
  • FIG. 6 is a schematic diagram of a process of transmitting a packet by using a TCP protocol according to an embodiment of the present invention
  • FIG. 7 is a schematic diagram of a process for transmitting a packet by using a RADIUS aggregation session according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a message transmission apparatus according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of a convergence agent according to an embodiment of the present invention.
  • each of the multiple VMs deployed in the VNF Pool establishes a communication link with the server and performs information interaction through the established communication link.
  • a communication link 1 is established between the VM1 and the server, and information is exchanged through the communication link 1.
  • the communication link 2 is established between the VM2 and the server, and information is exchanged through the communication link 2, and the VM3 and the server are established.
  • Communication link 3 and information exchange via communication link 3.
  • multiple VMs (such as VM1, VM2, and VM3) deployed in the VNF Pool may start and interact with the server at the same time. In this case, the server needs to connect multiple communication links (for example) Communication link 1, communication link 2 and communication link 3) will consume more server memory resources.
  • the network system architecture shown in FIG. 1 further includes load balancing (LB), and the LB mainly performs load sharing between VMs according to the load sharing policy, and VM1, VM2, and The packets exchanged between the VM3 and the server are transparently transmitted.
  • the LB is built in the VNF Pool as an example, but is not limited thereto.
  • the LB may be built in or external to the VNF Pool.
  • each VM involved in FIG. 1 is only for illustrative purposes, and is not limited thereto.
  • the VM may include a VM control unit (sControl) having a control function, and may also include VM forwarding unit (sForward) with forwarding function, the combination of each VM control unit and forwarding unit can be regarded as an independent network function entity, Figure 1 Not shown.
  • sControl VM control unit
  • sForward VM forwarding unit
  • the memory resources of the server are consumed, and packets from multiple VMs in the VNF Pool can be aggregated and interacted with the server to save the server. Memory resources.
  • a packet of a plurality of VMs in the VNF Pool is aggregated and interacted with the server, and the aggregation proxy is implemented, and a communication link is established between the VM and the aggregation proxy, and the VM and the sub-link are connected.
  • the VM sends the message sent to the server to the aggregation agent first through the communication link established between it and the aggregation agent.
  • a communication link between the aggregation agent and the server is smaller than a communication link between the VM and the aggregation agent.
  • the aggregation agent aggregates the received message and sends it to the server through the communication link established between the server and the server. .
  • the VNF pool is configured to externally present the aggregation link.
  • the server does not know that there are multiple VMs in the VNF pool.
  • the virtual VMs in a VNF pool are actually virtualized into one pool, and the number of the aggregation links is smaller than the number of the aggregation links.
  • the number of the sub-links saves the number of communication links under the server, so as to save server memory resources.
  • the link established between the VM and the aggregation proxy is referred to as a sub-link, and the packet transmitted by the sub-link is referred to as a first packet.
  • the link established between the aggregation proxy and the server is called an aggregation link, and the packet transmitted by the aggregation link is called a second packet.
  • FIG. 2 is a flowchart of an implementation of a packet transmission method according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a packet transmission process according to an embodiment of the present invention.
  • Each VM in the VNF Pool establishes a sub-link with the aggregation agent.
  • the VNF Pool includes VM1, VM2, and VM3, and VM1, VM2, and VM3 respectively establish sub-links with the aggregation agent, and are established.
  • the sub-links are sub-link 1, sub-link 2, and sub-link 3, respectively.
  • the aggregation proxy can establish an aggregation link when receiving the packet transmitted through the first sub-link, and does not trigger the establishment of the aggregation link when receiving the packet transmitted through the subsequent sub-link.
  • the trigger is triggered. Establish an aggregation link.
  • the number of the aggregation links established between the aggregation proxy and the server in the embodiment of the present invention may be determined according to the number of sub-links established between the VM and the aggregation proxy. If the number of the sub-links is small, the aggregation link may be adopted. Once the transfer is complete, only one aggregation link can be established. If the number of sub-links is too large and the load of the aggregation link is too heavy through an aggregation link, at least two aggregation links can be created. In the following embodiments of the present invention, the aggregation link is taken as an example, but is not limited thereto.
  • FIG. 3 illustrates an example of including an aggregation link.
  • Each VM of the multiple VMs in the VNF Pool respectively transmits a first packet by using a sub-link, and the aggregation proxy receives the first packet from each VM of the multiple VMs in the VNF Pool.
  • the first message from VM1 is transmitted through sub-link 1
  • the first message from VM2 is transmitted through sub-link 2
  • the first message from VM3 is transmitted through sub-link 3.
  • S104 The convergence agent obtains the second packet according to the first packet.
  • the second packet is obtained according to the first packet, and is usually obtained by modifying the header of the first packet, for example, the following manner may be adopted: Obtaining, by the proxy, the packet header information of the first packet, where the packet header information includes the tuple information of the first packet in the sub-link, where the tuple information may be an N-tuple Information, where N is greater than or equal to 3, for example, more specific N-tuple information is triplet information or quintuple information or quaternary information.
  • the information of the IP quintuple is included in the first packet, that is, the source port, the source IP address, the destination port, and the destination.
  • the IP and the adopted protocol are described as examples, but are not limited.
  • the aggregation agent replaces the tuple information of the first packet according to the tuple information of the second packet, obtains the packet header information of the second packet, and then obtains the second report by combining the payload of the first packet. Text.
  • the tuple information of the second packet in the embodiment of the present invention includes a source IP address and a destination IP address, and may further include a source port and a destination port, where the source port of the first packet may be replaced by the port of the aggregation proxy.
  • the source port of the second packet is obtained, that is, the source port of the second packet is the port of the aggregation proxy.
  • the port, that is, the destination port of the second packet is a port of the server.
  • the specific content of the second packet in the embodiment of the present invention may be determined according to the tuple information used by the second packet, where the tuple information may be N-tuple information, where N is greater than or equal to 3, for example, more specific.
  • the N-tuple information is triad information or quintuple information or quaternary group information.
  • the information of the IP quintuple is preferably included in the second packet of the present invention, including the source port, the source IP address, the destination port, and the destination IP address. And the adopted agreement.
  • the convergence agent sends the second packet by using an aggregation link established between the proxy and the server.
  • the aggregation agent may add the first packet transmitted through the sub-link 1, the sub-link 2, and the sub-link 3 to the aggregation link according to the receiving sequence of the first packet, and implement the external server and the VNF.
  • a small number of communication links are maintained between the pools, and fewer ports (sockets) are used for message transmission.
  • VM1, VM2, and VM3 respectively send the first packet to the aggregation proxy by using socket1, socket2, and socket3, and the aggregation proxy receives the first packet and obtains the second packet, and sends the second packet to the server through socket4. Second message.
  • the aggregation proxy may be a component that is deployed in the network architecture shown in FIG. 1 or may be a component that is integrated in the LB, which is not limited in the embodiment of the present invention.
  • the aggregation proxy if it is a component integrated in the LB, it can be understood as a function of adding an aggregation proxy to an existing LB with a load sharing function. .
  • the embodiment of the present invention is described below by taking the aggregation agent as a component integrated in the LB, that is, the aggregation proxy is an LB that adds a new aggregation proxy function.
  • the LB that adds the aggregation proxy function in the embodiment of the present invention may be built in or external to the VNF Pool. Specifically, the LB built in the VNF Pool or the LB externally placed in the VNF Pool can be used. It is determined according to the VNF Pool to which the VM that establishes the sub-link with the aggregation agent belongs. In a possible implementation, if the VMs that establish the sub-links with the aggregation proxy belong to different VNF Pools, the external LBs may be used for aggregation. In another possible implementation manner, if the VM that establishes the sub-link with the aggregation agent belongs to a VNF Pool, the built-in LB can be used for aggregation. It can be understood that, in the case that the VMs that establish the sub-links of the aggregation agent belong to the same VNF pool, the LBs may be used for aggregation, which is not limited in the embodiment of the present invention.
  • FIG 4 is a schematic diagram of an implementation process of an LB that is built in a VNF Pool to send packets through an aggregation link.
  • VM1, VM2, and VM3 form a VNF Pool
  • a sub-link 1 is established between VM1 and LB
  • a sub-link 2 is established between VM2 and LB
  • a sub-link 3 is established between VM3 and LB.
  • An aggregation link is established between the LB and the server. The number of aggregation links is shown in Figure 4, but it is not limited.
  • the VM1 sends the first packet to the LB through the sub-link 1, the VM2 sends the first packet to the LB through the sub-link 2, and the VM3 sends the first packet to the LB through the sub-link 3, where VM1, VM2 and VM3 send The source IP address of the first packet is different, and the destination IP address is the same as the IP address of the LB.
  • the LB After receiving the first packet sent by VM1, VM2, and VM3, the LB replaces the source IP address of the first packet with the IP address of the LB, and replaces the destination IP address of the first packet with the IP address of the server, thereby obtaining the second packet.
  • the packet wherein the source IP address of the second packet is an IP address of the aggregation proxy, and the destination IP address of the second packet is an IP address of the server.
  • the LB sends the second packet through an aggregation link established between the LB and the server.
  • FIG. 5 is a schematic diagram of an implementation process of sending an LB through a convergence link to an LB that is externally placed in the VNF Pool.
  • VM1 and VM2 form a VNF Pool
  • VM3 and VM4 form a VNF Pool.
  • the form of the VM in each VNF Pool is not limited.
  • VM1 and VM2 are mutually standby, and VM3 and VM4 are mutually active as an example.
  • One of VM1 and VM2 establishes sub-link 1 with LB at the same time.
  • One of VM3 and VM4 establishes sub-link 2 with LB at the same time.
  • VM1 and LB establish sub-link 1, VM3 and LB.
  • the sublink 2 is established as an example for description.
  • An aggregation link is established between the LB that is externally placed in the VNF Pool and the server.
  • the first packet is sent through the sub-link, and the LB processes the first packet to obtain the second packet, and passes through the convergence chain.
  • the process of sending the second packet is different from the implementation process in FIG. 4, except that the VM belongs to a different VNF Pool, and the LB with the aggregation function is externally placed in the VNF Pool, and other similarities are not described herein.
  • the schematic diagram of the packet sending process shown in FIG. 4 and FIG. 5 shows that, in the embodiment of the present invention, multiple VMs that send the first packet may belong to the same VNF Pool, or may belong to different VNF Pools.
  • the content of the second packet is different according to the adopted transmission protocol.
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • the second packet is used.
  • the serial number can also be included.
  • UDP User Datagram Protocol
  • the second packet may further include a matching identifier.
  • the TCP protocol is taken as an example.
  • the sub-link established between the VM and the LB can be called a sub-TCP connection.
  • the aggregation link established between the LB and the server can be called Converged TCP connections.
  • FIG. 6 is a schematic diagram of a process for transmitting a message using the TCP protocol according to an embodiment of the present invention.
  • VM1, VM2, and VM3 in the VNF Pool establish a sub-TCP connection with the LB, respectively.
  • the sub-TCP connection established by VM1 and LB is TCP1, and TCP1 is used to transmit the first message from VM1.
  • the sub-TCP connection established by VM2 and LB is TCP2, and TCP2 is used to transmit the first message from VM2.
  • the sub-TCP connection established by VM3 and LB is TCP3, and TCP3 is used to transmit the first packet from VM3.
  • each sub-TCP connection must assign a sequence number to each transmitted message, in other words.
  • the first packet further includes a sequence number, and the sequence number is in one-to-one correspondence with the sub-TCP connection, for example, the sequence number of the first packet transmitted by the TCP1 is seq1n, and the first packet transmitted by the TCP2 The sequence number is seq2n, and the sequence number of the first message transmitted through TCP3 is seq3n.
  • the first packet sent by VM1, VM2, and VM3 in the embodiment of the present invention includes an IP quintuple (source IP, source port, destination IP, destination port, and transport protocol), and includes a sequence number as an example.
  • IP quintuple source IP, source port, destination IP, destination port, and transport protocol
  • sequence number as an example.
  • the correspondence between the IP quintuple, the serial number, and the sub-TCP connection is as shown in Table 1.
  • the LB receives the first packet sent by VM1, VM2, and VM3, and obtains the second packet according to the first packet.
  • the content included in the second packet in the embodiment of the present invention may be obtained according to the content included in the first packet.
  • the first packet includes an IP quintuple and a sequence number
  • the second packet also includes an IP quintuple and a sequence number, except that the IP packet included in the second packet is five yuan.
  • the group and serial number are different from the IP quintuple and serial number included in the first message.
  • the IP quintuple of the second packet is obtained by replacing the IP quintuple of the first packet according to the convergence TCP connection, for example, replacing the source IP address of the first packet transmitted through TCP1, TCP2, and TCP3 by using the IP address of the LB.
  • the address is the source IP address of the second packet, that is, the source IP address of the second packet is the IP address of the LB.
  • the destination IP address of the second packet is obtained by using the IP address of the server to replace the destination IP address of the first packet transmitted by TCP1, TCP2, and TCP3.
  • the destination IP address of the second packet is the IP address of the server.
  • the source port of the first packet is replaced by the port of the LB, and the source port of the second packet is the port of the LB.
  • the destination port of the second packet is obtained by using the port of the server to replace the destination port of the first packet transmitted by TCP1, TCP2, and TCP3, that is, the destination port of the second packet is the port of the server.
  • TCP4 uses the same transmission protocol as TCP1, TCP2, and TCP3, that is, the transmission protocol of the second packet is TCP.
  • the sequence number of the second packet is obtained by replacing the sequence number of the first packet with the sequence number assigned by the convergence TCP connection.
  • the second packet transmitted by the TCP4 in the embodiment of the present invention can be understood as a packet obtained by replacing the IP quintuple included in the packet header information of the first packet transmitted by the TCP1, the TCP2, and the TCP3. Therefore, the sequence numbers assigned by the TCP4 for the first message transmitted by TCP1, TCP2, and TCP3 when the sequence number is assigned are seq4n, seq4n+length1, and seq4n+length1+length2, respectively. among them, Length1 is the length of the first packet transmitted by TCP1, and length2 is the length of the first packet transmitted by TCP2.
  • the sequence number of the second packet is obtained, that is, the sequence number of the second packet obtained according to the first packet transmitted by the TCP1 is seq4n, and is transmitted according to the TCP2.
  • the sequence number of the second packet obtained by the first packet is seq4n+length1
  • the sequence number of the second packet obtained according to the first packet transmitted by TCP3 is seq4n+length1+length2.
  • the LB after receiving the first packet sent by VM1, VM2, and VM3, the LB can process the first packet according to the foregoing conversion manner to obtain the second packet, and then obtain the second TCP connection. TCP4) sends the second message to the server.
  • the LB may also receive the response packet of the second packet, and obtain the first response packet according to the second packet.
  • the response packet of the packet forwards the response packet of the first packet to VM1, VM2, and VM3.
  • the response packet of the second packet is referred to as a second response packet
  • the response packet of the first packet is referred to as a first response packet.
  • the message sent by the sender can use the serial number to confirm whether the peer receives the message.
  • the sequence number of the message is placed in the message to be acknowledged.
  • the retransmission timer is started at the same time. If the response packet of the packet is received, the sequence number is confirmed, and the confirmation sequence number is used to determine that the packet has been received. If it is determined that the packet has been received, the packet is received from the queue.
  • the serial number can also be used. Ensure that all transmitted messages can be reassembled in the normal order.
  • the LB aggregates the first packet transmitted by the TCP1, the TCP2, and the TCP3 to the TCP4, and sends the sequence number of the second packet allocated by the TCP4 to the to-be-confirmed queue of the TCP4.
  • the second response packet of the second packet includes an acknowledgement sequence number of the second packet, where the acknowledgement sequence number of the second packet is usually the sum of the sequence number of the second packet and the data length of the second packet.
  • the LB can determine the sequence number of the second packet and the data length of the second packet by using the confirmation sequence number of the second packet, and further determine the sub-TCP connection for transmitting the first packet, and determine the The sub-TCP connection of a packet forwards the response packet of the first packet to the corresponding VM.
  • the LB may pre-store the sequence number of the second packet, the data length of the second packet, and the correspondence between the sub-TCP connections (TCP1, TCP2, and TCP3) for transmitting the first packet, for example, Table 3 Shown.
  • the LB After receiving the second response packet, the LB searches for the pre-stored relationship list according to the confirmation sequence number of the second packet included in the second response packet, and determines the sequence number of the second packet and the second packet. a sequence number of the second packet equal to the acknowledgement sequence number of the second packet and a data length of the second packet, and then according to the sequence number of the second packet and the second report The data length of the text, and the sequence number of the second packet, the data length of the second packet, and the correspondence between the sub-TCP connections transmitting the first packet determine the sub-TCP connection for transmitting the first packet.
  • the aggregation proxy After determining the sub-TCP connection of the first packet to be transmitted in the embodiment of the present invention, the aggregation proxy obtains the first response packet of the first packet, where the source IP address of the first response packet is the convergence. Agent An IP address, the destination IP address of the first response packet is an IP address of the VM to which the determined sub-TCP connection is connected, and the first response packet includes an acknowledgement sequence number of the first packet, where the The confirmation sequence number of a message is usually the sum of the sequence number of the first message and the data length of the first message.
  • the aggregation proxy forwards the first response packet to the VM connected to the determined sub-TCP connection by using the determined sub-TCP connection.
  • the VM may determine, according to the acknowledgement sequence number of the first packet included in the first response packet, the first packet that is sent by the first response packet.
  • the aggregation proxy can replace the IP quintuple of the second response packet and the second quintuple of the second response packet by determining the IP quintuple of the first packet transmitted by the sub-TCP connection and the acknowledgment sequence number of the first packet.
  • the serial number of the packet, and the IP quintuple of the first response packet of the first packet and the sequence number can replace the IP quintuple of the second response packet and the second quintuple of the second response packet by determining the IP quintuple of the first packet transmitted by the sub-TCP connection and the acknowledgment sequence number of the first packet.
  • IP quintuple of the second response message and the sequence number of the second message in the embodiment of the present invention may be as shown in Table 4 below.
  • the IP quintuple of the first response message and the sequence number of the first packet in the embodiment of the present invention may be as shown in Table 5 below.
  • length1 in Table 5 of the embodiment of the present invention is the data length of the first packet sent by VM1
  • length2 is the data length of the first packet sent by VM2
  • length3 is the data length of the first packet sent by VM3.
  • the embodiment of the present invention implements the LB to aggregate the packets transmitted through the sub-TCP connection to a converged TCP connection for sending and receiving packets, thereby saving the number of TCP connections on the server side, thereby saving the server.
  • the newly created converged TCP connection may also be released.
  • the LB transmits the packet to a converged TCP connection, so the VNF Pool presents a converged connection, so if the number of VMs in the VNF Pool increases or decreases, the LB will not be affected.
  • the number of converged TCP connections with the server that is, the server does not perceive the number of VMs in the VNF Pool as a whole, and realizes that the VMs in the VNF Pool are truly virtualized into one pool, forming a clouded resource pool. And can make the VM free from geographical restrictions.
  • the Remote Authentication Dial In User Service is a widely used method for transmitting data by UDP. Therefore, the RADIUS session is used as an example for the process of transmitting packets by using the UDP protocol in the embodiment of the present invention.
  • the sub-link established between the VM and the LB is a RADIUS sub-session
  • the aggregation link established between the LB and the server is a RADIUS aggregation session.
  • the first packet transmitted by the RADIUS sub-session can be converted into a second packet, and then transmitted through a RADIUS aggregation session.
  • the RADIUS1, RADIUS2, and RADIUS3 can be transmitted in Figure 7.
  • the LB does not need to add an aggregation link. You can modify the packet in the established RADIUS session.
  • the matching identifier (Identifier) is used to match the request message and the response message, and the matching identifier is generally a sequentially increasing number, so in order to avoid the matching identifier and the VM in the aggregation link.
  • the matching identifiers in the sub-links are repeated.
  • each of the VM sub-links may be assigned a new matching identifier in the aggregation link.
  • FIG. 7 is a schematic diagram of a process of transmitting a message through a RADIUS session according to an embodiment of the present invention.
  • VM1, VM2, and VM3 in the VNF Pool establish a RADIUS subsession with the LB, respectively.
  • the RADIUS sub-session established by VM1 and LB is RADIUS1, and RADIUS1 is used to transmit the first packet from VM1.
  • the RADIUS sub-session established by VM2 and LB is RADIUS2, and RADIUS2 is used to transmit the first packet from VM2.
  • the RADIUS sub-session established by VM3 and LB is RADIUS3, and RADIUS3 is used to transmit the first packet from VM3.
  • RADIUS1, RADIUS2, and RADIUS3 assign the matching identifier of the first packet to the first packet they transmit.
  • the first packet sent by VM1, VM2, and VM3 includes an IP quintuple as an example, and the IP quintuple, the matching identifier, and the RADIUS subsession included in the first packet are used as an example. The correspondence between them is shown in Table 6.
  • the LB replaces RADIUS1 with the IP quintuple of the second packet transmitted by RADIUS4.
  • the IP quintuple of the first packet transmitted by RADIUS2 and RADIUS3 uses RADIUS4 to replace the matching identifier of the first packet with the matching identifier of the second packet.
  • the second packet is obtained.
  • the correspondence between IP quintuple, matching identifier, and RADIUS subsession is shown in Table 7:
  • the LB sends the second packet through a RADIUS aggregation session established between the LB and the server according to the IP quintuple of the second packet and the matching identifier.
  • the LB may also receive the response packet of the second packet, and obtain the first response packet according to the second packet.
  • the response packet of the packet forwards the response packet of the first packet to VM1, VM2, and VM3.
  • the LB may pre-create a proxy table, where the proxy table stores a matching identifier of the second packet, a matching identifier of the first packet, and a RADIUS for transmitting the first packet.
  • the proxy table stores a matching identifier of the second packet, a matching identifier of the first packet, and a RADIUS for transmitting the first packet.
  • the correspondence between sub-sessions After the LB receives the second response packet of the second packet through the RADIUS convergence session, the LB may be based on the second response because the second response packet includes a matching identifier of the second packet.
  • the matching identifier of the second packet included in the packet searches for the pre-created proxy table, and obtains a matching identifier of the first packet allocated by the RADIUS sub-session and a RADIUS sub-session for transmitting the first packet.
  • the aggregation proxy obtains the first response packet of the first packet, where the source IP address of the first response packet is an IP address of the aggregation proxy, and the first response packet is The destination IP address is the determined IP address of the VM to which the RADIUS sub-session is connected; the aggregation proxy determines the matching identifier according to the obtained first packet and the RADIUS sub-session for transmitting the first packet.
  • the VM connected to the RADIUS sub-session forwards the first response packet.
  • the first response packet may be replaced by the IP quintuple of the first packet and the matching identifier of the first packet transmitted by the RADIUS sub-session, and the IP quintuple of the second response packet and the matching identifier are replaced. get.
  • IP quintuple and the matching identifier of the first response message in the embodiment of the present invention may be as shown in Table 9 below:
  • the LB can process the RADIUS sub-sessions of multiple VMs through a queue or a caching mechanism, if the VM If the number of RADIUS sub-sessions exceeds 256, it can be used by releasing the completed RADIUS sub-session, or by waiting for an extra matching identifier.
  • the foregoing embodiment of the present invention implements the LB to aggregate the packets transmitted by the RADIUS sub-sessions of multiple VMs in the VNF Pool to the RADIUS aggregation session for sending and receiving, which can save the number of RADIUS sessions on the server side. In order to save server memory resources.
  • FIG. 8 is a schematic structural diagram of a packet transmission apparatus 100 according to an embodiment of the present invention.
  • a packet transmission apparatus 100 according to an embodiment of the present invention includes a receiving unit 101, a processing unit 102, and a sending unit 103, where
  • the receiving unit 101 is configured to receive a first packet from each of at least two VMs in the VNF Pool, where the at least two VMs are connected to the packet transmission device by using at least two sub-links, and The at least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet.
  • the processing unit 102 is configured to obtain a second packet according to the first packet, where the second packet includes a source Internet Protocol IP address and a destination IP address, and a source IP address of the second packet is The IP address of the message transmission device 100, and the destination IP address of the second message is the IP address of the server.
  • the sending unit 103 is configured to send the second packet obtained by the processing unit 102 by using an aggregation link established between the packet transmission device 100 and the server, where the convergence link is The number is less than the number of the sub-links.
  • the second packet further includes a source port and a destination port, where the source port of the second packet is a port of the packet transmission device 100, and a destination port of the second packet The port for the server.
  • the sub-link is a sub-transmission control protocol TCP connection
  • the aggregation link is a converged TCP connection
  • the second packet further includes a sequence number; wherein the second report
  • the serial number of the text is the serial number assigned by the processing unit 102 according to the aggregate TCP connection.
  • the receiving unit 101 is further configured to: send, by the sending unit 103, the first obtained by the processing unit 102 by using a convergence TCP connection established between the packet transmission device 100 and the server. Receiving, by the convergence TCP connection, the second response message that is sent by the server to the second packet by using the convergence TCP connection, where the second response packet includes a confirmation sequence number, where the confirmation sequence number is The sum of the sequence number of the second message and the data length of the second message.
  • the processing unit 102 is further configured to: search for a pre-saved relationship list according to the confirmation sequence number included in the second response message, and determine a sequence number of the second packet and data of the second packet. a length, according to the determined sequence number of the second packet and the data length of the second packet, determining, in the relationship list, a sub-TCP connection for transmitting the first packet, where the pre-save is performed
  • the relationship list includes a sequence number of the second packet, a data length of the second packet, and a correspondence between sub-TCP connections for transmitting the first packet.
  • Obtaining a first response packet of the first packet according to the second response packet where a source IP address of the first response packet is an IP address of the packet transmission apparatus 100, and the first response The destination IP address of the packet is the IP address of the VM connected to the determined sub-TCP connection, and the first response packet includes the confirmation sequence number of the first packet, and the confirmation sequence number of the first packet is The sum of the sequence number of the first message and the data length of the first message.
  • the sending unit 103 is further configured to: forward, by using the determined sub-TCP connection by the processing unit 102, the first response packet to the VM connected to the determined sub-TCP connection.
  • the aggregation link is a newly established TCP link when the processing unit 102 receives the packet of the first VM sub-link in the VNF Pool.
  • the sub-link is a remote user dial-up authentication system RADIUS sub-session
  • the aggregation link is a RADIUS convergence session
  • the second packet further includes a matching identifier;
  • the matching identifier of the second packet is a matching identifier allocated by the processing unit 102 according to the RADIUS convergence session.
  • the sending unit 103 sends the second packet obtained by the processing unit 102 by using a RADIUS convergence session established between the packet transmission device 100 and the server, Receiving, by the RADIUS aggregation session, the server response to the first And a second response message of the second message, where the second response message includes a matching identifier of the second message.
  • the processing unit 102 is further configured to: search a pre-created proxy table according to a matching identifier of the second packet included in the second response packet, and determine a matching identifier of the first packet allocated by the RADIUS sub-session. And a RADIUS sub-session for transmitting the first packet, where the proxy table stores a matching identifier of the second packet, a matching identifier of the first packet, and a RADIUS that transmits the first packet. The correspondence between sub-sessions.
  • the destination IP address is the IP address of the VM to which the determined RADIUS subsession is connected;
  • the sending unit 103 is further configured to: connect to the determined RADIUS sub-session according to the determined matching identifier of the first packet and a RADIUS sub-session that transmits the first packet The VM forwards the first response message.
  • the RADIUS convergence session is an established RADIUS session between the packet transmission device 100 and the server.
  • the number of the aggregation links is established by the processing unit 102 according to the number of the sub-links.
  • the message transmission device 100 is a load sharing LB built in or external to the VNF Pool.
  • the processing unit 102 is further configured to: when the acknowledgment that the VM sub-links are released, release the aggregation link.
  • the message transmission device 100 aggregates the received packets from the VNF Pool that are transmitted through the multiple sub-links to the aggregation link, so that the VNF Pool presents the aggregation link and the number of the aggregation links.
  • the number of sub-links is less than the number of sub-links.
  • the server treats the entire VNF pool as a whole. The server does not know that there are multiple VMs in the VNF Pool.
  • the virtual VMs in a VNF Pool can be virtualized into one pool, saving the number of communication links under the server. To achieve the purpose of saving resources.
  • the foregoing message transmission apparatus 100 of the embodiment of the present invention may be a convergence agent.
  • 9 is a schematic structural diagram of a convergence proxy 200 according to an embodiment of the present invention.
  • the convergence proxy 200 adopts a general computer system structure, including a bus, a processor 201, a memory 202, and a communication interface 203, to implement the solution of the present invention.
  • the program code is stored in memory 202 and is controlled by processor 201 for execution.
  • the bus can include a path to transfer information between various components of the computer.
  • the processor 201 can be a general purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present invention.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • One or more memories included in the computer system which may be read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM) Or other types of dynamic storage devices that can store information and instructions, or disk storage. These memories are connected to the processor via a bus.
  • the communication interface 203 can use devices such as any transceiver to communicate with other devices or communication networks, such as Ethernet, Radio Access Network (RAN), Wireless Local Area Network (WLAN), and the like.
  • devices such as any transceiver to communicate with other devices or communication networks, such as Ethernet, Radio Access Network (RAN), Wireless Local Area Network (WLAN), and the like.
  • RAN Radio Access Network
  • WLAN Wireless Local Area Network
  • a memory 202 such as a RAM, holds an operating system and a program for executing the inventive arrangements.
  • the operating system is a program that controls the running of other programs and manages system resources.
  • the program stored in the memory 202 is used by the instruction processor 201 to perform the message transmission method according to the foregoing embodiment of the present invention, comprising: receiving a first message from each of at least two VMs in the VNF Pool, the at least Two VMs are connected to the aggregation proxy through at least two sub-links, and the at least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet; Obtaining a second packet according to the first packet, where the second packet includes a source Internet protocol IP address and a destination IP address, and a source IP address of the second packet is an IP address of the aggregation proxy.
  • the destination IP address of the second packet is the IP address of the server; the second packet is sent by the aggregation link established between the server and the server, where the number of the aggregation links is smaller than the sub-chain The number of roads achieves the goal of saving server memory resources.
  • convergence agent 200 of this embodiment can be used to implement the foregoing method embodiments.
  • the embodiment of the present invention further provides a computer storage medium for storing the computer software instructions used in the message transmission apparatus described in FIG. 8 or FIG. 9, which includes a program for executing the foregoing method embodiments.
  • a computer storage medium for storing the computer software instructions used in the message transmission apparatus described in FIG. 8 or FIG. 9, which includes a program for executing the foregoing method embodiments.
  • a plurality means two or more.
  • the character "/" generally indicates that the contextual object is an "or" relationship.

Abstract

Disclosed are a packet transmission method and device. The method comprises: an aggregation agent receives a first packet of each of at least two virtual machines (VMs) from a virtualized network function (VNF) pool; the aggregation agent obtains a second packet according to the first packet, the second packet comprising a source Internet Protocol (IP) address and a destination IP address, the source IP address of the second packet being the IP address of the aggregation agent, the destination IP address of the second packet being the IP address of a server; the aggregation agent sends the second packet by means of aggregation links established between the aggregation agent and the server, the number of the aggregation links being less than that of sublinks. Therefore, the number of communication links established between a VNF pool and the server can be reduced, thereby saving the memory resource of the server.

Description

一种报文传输方法及装置Message transmission method and device
本申请要求于2016年03月22日提交中国专利局、申请号为201610165510.3、发明名称为“一种报文传输方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims the priority of the Chinese Patent Application, filed on March 22, 2016, the application Serial No. in.
技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种报文传输方法及装置。The present invention relates to the field of communications technologies, and in particular, to a message transmission method and apparatus.
背景技术Background technique
NFV(Network Function Virtualization,网络功能虚拟化)技术通过基于行业标准的x86服务器、存储设备和交换设备,来取代通信网络中的专用网元设备,能够为运营商节省投资成本,并能帮助运营商获得更多、更灵活的网络能力,故NFV技术应用越来越广泛。NFV (Network Function Virtualization) technology replaces dedicated network element devices in communication networks with industry-standard x86 servers, storage devices, and switching devices, saving operators investment costs and helping operators With more and more flexible network capabilities, NFV technology is becoming more widely used.
VNF(Virtualized Network Function,虚拟网络功能)以软件的形式运行在NFV系统上,VNF中设置有虚拟机(Virtual Machine,VM)。每个VM可以看作一个独立的网络功能实体,可独立进行重启并拥有自己的root访问权限、用户、互联网协议(Internet Protocol,IP)地址、内存、过程、文件、应用程序、系统函数库以及配置文件等。The VNF (Virtual Network Function) runs on the NFV system in the form of software. The VNF is provided with a virtual machine (VM). Each VM can be thought of as a separate network functional entity that can be restarted independently and has its own root access, users, Internet Protocol (IP) addresses, memory, procedures, files, applications, system libraries, and Configuration files, etc.
为了提升网络性能,VNF中部署有多个VM。在网络功能虚拟化中,部署在VNF中的多个VM组成一个VNF池(VNF Pool),以实现负载分担,提高网络的可靠性。In order to improve network performance, multiple VMs are deployed in the VNF. In the network function virtualization, multiple VMs deployed in the VNF form a VNF pool to implement load sharing and improve network reliability.
在VNF Pool中,若启动多个VM,则多个VM中的每个VM与服务器之间建立一条通信链路,例如传输控制协议(Transmission Control Protocol,TCP)连接,并进行报文传输,若VM数量较多,则会在VNF Pool与服务器之间创建过多的通信链路,耗费服务器较多的内存资源。In the VNF Pool, if multiple VMs are started, each of the multiple VMs establishes a communication link with the server, such as a Transmission Control Protocol (TCP) connection, and performs packet transmission. If the number of VMs is large, excessive communication links are created between the VNF Pool and the server, which consumes more memory resources of the server.
发明内容Summary of the invention
本发明实施例提供一种报文传输方法及装置,以减少VNF Pool与服务器 之间创建的通信链路数目,节约服务器的内存资源。The embodiment of the invention provides a message transmission method and device to reduce VNF Pool and server The number of communication links created between them saves the memory resources of the server.
第一方面,提供一种报文传输方法,在该方法中,汇聚代理接收来自VNF Pool中至少两个VM中每个VM的第一报文,并对所述第一报文进行转换得到第二报文,所述第二报文的源IP地址为所述汇聚代理的IP地址,所述第二报文的目的IP地址为服务器的IP地址,然后汇聚代理将所述第二报文通过汇聚代理与服务器之间的汇聚链路向服务器发送,使得VNF Pool对外呈现汇聚链路,服务器将整个VNF Pool作为整体并不感知VNF Pool下存在多个VM,实现将一个VNF Pool中不同VM真正虚拟成一个Pool,并且所述汇聚链路的数目小于所述子链路的数目,节省了服务器下的通信链路数目,以达到节省服务器内存资源的目的。In a first aspect, a packet transmission method is provided, in which a convergence agent receives a first packet from each of at least two VMs in a VNF Pool, and converts the first packet to obtain a first packet The second packet, the source IP address of the second packet is an IP address of the aggregation proxy, the destination IP address of the second packet is an IP address of the server, and then the convergence proxy passes the second packet The aggregation link between the aggregation agent and the server is sent to the server, so that the VNF pool externally presents the aggregation link. The server does not perceive the VNF pool as a whole and does not have multiple VMs under the VNF Pool. The number of the aggregation links is less than the number of the sub-links, which saves the number of communication links under the server, so as to save server memory resources.
本发明实施例中,汇聚代理可以是负载分担(Load Balance,LB),该LB可以是内置或外置于VNF Pool。具体采用内置于VNF Pool中的LB还是采用外置于VNF Pool中的LB,可依据与汇聚代理建立子链路的VM所属VNF Pool来确定,若与汇聚代理建立子链路的VM属于不同的VNF Pool,则可采用外置的LB进行汇聚,若与汇聚代理建立子链路的VM属于一个VNF Pool,则可采用内置的LB进行汇聚,当然并不引以为限。In the embodiment of the present invention, the aggregation proxy may be load balancing (LB), and the LB may be built-in or externally placed in the VNF Pool. Specifically, the LB built in the VNF Pool or the LB externally placed in the VNF Pool may be determined according to the VNF Pool of the VM that establishes the sub-link with the aggregation proxy, if the VM that establishes the sub-link with the aggregation proxy belongs to a different one. The VNF Pool can be aggregated by using an external LB. If the VM that establishes a sub-link with the aggregation proxy belongs to a VNF Pool, the built-in LB can be used for aggregation.
本发明实施例中所述汇聚链路的数量可依据所述子链路的数量进行建立。若子链路数量较少,通过一条汇聚链路即可完成传输,则可仅建立一条汇聚链路。若子链路数量庞大,通过一条汇聚链路造成该条汇聚链路的负载过重,则可创建至少两条汇聚链路。The number of the aggregation links in the embodiment of the present invention may be established according to the number of the sub-links. If the number of sub-links is small, the transmission can be completed through one aggregation link, and only one aggregation link can be established. If the number of sub-links is too large and the load of the aggregation link is too heavy through an aggregation link, at least two aggregation links can be created.
本发明实施例中所述子链路是指VNF Pool中各VM与所述汇聚代理之间建立的链路,所述至少两个VM通过至少两个子链路与所述汇聚代理连接,且所述至少两个VM与所述至少两个子链路一一对应,所述子链路用于传输所述第一报文。所述第一报文的源IP地址为VM的IP地址,第一报文的源端口为VM的端口,第一报文的目的IP地址为汇聚代理的IP地址,第一报文的目的端口为汇聚代理的IP地址。 The sub-link in the embodiment of the present invention refers to a link established between each VM in the VNF Pool and the aggregation proxy, and the at least two VMs are connected to the aggregation proxy through at least two sub-links, and The at least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet. The source IP address of the first packet is the IP address of the VM, and the source port of the first packet is the port of the VM. The destination IP address of the first packet is the IP address of the aggregation proxy, and the destination port of the first packet. The IP address of the aggregation agent.
本发明实施例中,所述汇聚链路是指所述汇聚代理与服务器之间的链路,所述汇聚代理与服务器之间通过汇聚链路连接,所述汇聚链路用于传输第二报文,报文的传送方向为从汇聚代理到服务器,故可利用汇聚代理的IP地址替换第一报文的源IP地址,得到第二报文的源IP地址,利用服务器的IP地址替换第一报文的目的IP地址,得到第二报文的目的IP地址。In the embodiment of the present invention, the aggregation link refers to a link between the aggregation proxy and the server, and the aggregation proxy and the server are connected by an aggregation link, and the aggregation link is used to transmit the second report. For example, the source IP address of the first packet is replaced by the IP address of the aggregation proxy, and the source IP address of the second packet is obtained, and the IP address of the server is used to replace the first packet. The destination IP address of the packet, and the destination IP address of the second packet.
本发明实施例中,所述第二报文包括源IP地址和目的IP地址,第二报文还可包括源端口和目的端口,其中,可利用汇聚代理的端口替换第一报文的源端口,得到第二报文的源端口,即所述第二报文的源端口为所述汇聚代理的端口。利用服务器的端口替换第一报文的目的端口,得到第二报文的目的端口,即所述第二报文的目的端口为所述服务器的端口。In the embodiment of the present invention, the second packet includes a source IP address and a destination IP address, and the second packet may further include a source port and a destination port, where the source port of the first packet may be replaced by the port of the aggregation proxy. The source port of the second packet is obtained, that is, the source port of the second packet is the port of the aggregation proxy. The destination port of the second packet is replaced by the port of the server, and the destination port of the second packet is the port of the server.
本发明实施例中第二报文包括的内容具体可根据第二报文所采用的元组信息来确定,所述元组信息是指例如五元组或七元组等。通常通过IP五元组可标识出报文组成的一个数据流,故本发明实施例中第二报文中优选包括IP五元组的信息,即包括源端口、源IP、目的端口、目的IP和采用的协议。The content included in the second packet in the embodiment of the present invention may be specifically determined according to the tuple information used in the second packet, where the tuple information refers to, for example, a five-tuple or a seven-tuple group. The information of the IP quintuple is preferably included in the second packet of the present invention, including the source port, the source IP address, the destination port, and the destination IP address. And the adopted agreement.
本发明实施例中第二报文可根据不同的传输协议,包含不同的内容。In the embodiment of the present invention, the second packet may include different content according to different transmission protocols.
一种可能的设计中,所述子链路为子TCP连接,所述汇聚链路为汇聚TCP连接。所述第二报文中还包括序列号,其中,所述第二报文的序列号是所述汇聚代理依据所述汇聚TCP连接分配的序列号。本发明实施例中可利用汇聚链路分配的序列号,替换子链路分配的序列号,得到第二报文的序列号。In a possible design, the sub-link is a sub-TCP connection, and the aggregation link is a converged TCP connection. The second packet further includes a sequence number, where the sequence number of the second packet is a sequence number allocated by the aggregation proxy according to the aggregate TCP connection. In the embodiment of the present invention, the sequence number assigned by the aggregation link can be replaced by the sequence number assigned by the sub-link, and the sequence number of the second packet is obtained.
本发明实施例中汇聚代理可按照第二报文中包括的源IP地址、源端口、目的IP地址、目的端口和第二报文的序列号,通过汇聚TCP连接向服务器发送所述第二报文,实现所述子TCP连接中的报文汇聚到汇聚TCP连接中向服务器发送。In the embodiment of the present invention, the aggregation proxy may send the second report to the server through the convergence TCP connection according to the source IP address, the source port, the destination IP address, the destination port, and the sequence number of the second packet included in the second packet. For example, the packets in the sub-TCP connection are aggregated and sent to the server in the aggregate TCP connection.
本发明实施例中汇聚代理通过汇聚TCP连接向服务器发送第二报文后,还可通过所述汇聚TCP连接,接收所述服务器响应所述第二报文的第二回应报文,所述第二回应报文中包括第二报文的确认序列号,所述第二报文的确认序列 号为所述第二报文的序列号和所述第二报文的数据长度之和;所述汇聚代理依据所述第二回应报文中包括的第二报文的确认序列号查找预先保存的关系列表,确定所述第二报文的序列号和所述第二报文的数据长度,所述预先保存的关系列表中包括所述第二报文的序列号、第二报文的数据长度以及传输第一报文的子TCP连接之间的对应关系;所述汇聚代理依据所述确定出的所述第二报文的序列号和所述第二报文的数据长度,在所述关系列表中确定出传输所述第一报文的子TCP连接;所述汇聚代理根据所述第二回应报文获得所述第一报文的第一回应报文,所述第一回应报文的源IP地址为所述汇聚代理的IP地址,所述第一回应报文的目的IP地址为所述确定出的子TCP连接所连接的VM的IP地址,所述第一回应报文中包括第一报文的确认序列号,所述第一报文的确认序列号为所述第一报文的序列号和所述第一报文的数据长度之和;所述汇聚代理通过所述确定出的子TCP连接,向所述确定出的子TCP连接所连接的VM转发所述第一回应报文,实现回应报文的接收转发。In the embodiment of the present invention, after the second aggregation packet is sent to the server by the convergence TCP connection, the convergence proxy may also receive the second response packet of the second packet by the server through the convergence TCP connection. The second response message includes the confirmation serial number of the second message, and the confirmation sequence of the second message The number is the sum of the sequence number of the second packet and the data length of the second packet; the aggregation agent searches for the pre-save according to the confirmation serial number of the second packet included in the second response packet. a relationship list, where the sequence number of the second packet and the data length of the second packet are determined, where the pre-saved relationship list includes the sequence number of the second packet and the data of the second packet. a length and a correspondence between the sub-TCP connections for transmitting the first packet; the aggregation proxy according to the determined sequence number of the second packet and the data length of the second packet, Determining a sub-TCP connection for transmitting the first packet in the relationship list; the aggregation proxy obtaining a first response packet of the first packet according to the second response packet, the first response packet The source IP address is the IP address of the aggregation proxy, and the destination IP address of the first response packet is the IP address of the VM to which the determined sub-TCP connection is connected, and the first response packet includes The confirmation serial number of the first message, the confirmation sequence of the first message The column number is the sum of the sequence number of the first packet and the data length of the first packet; the aggregation proxy is connected to the determined sub-TCP connection by using the determined sub-TCP connection. The VM forwards the first response packet to implement receiving and forwarding the response packet.
可选的,所述汇聚TCP连接是所述汇聚代理接收到所述VNF Pool中通过首个子TCP连接传输的第一报文时新建的TCP连接,而在接收到后续子TCP连接传输的第一报文时,不触发建立汇聚TCP连接。Optionally, the convergence TCP connection is a newly established TCP connection when the aggregation agent receives the first packet transmitted by the first sub-TCP connection in the VNF Pool, and receives the first transmission of the subsequent sub-TCP connection. When a packet is received, the establishment of a converged TCP connection is not triggered.
本发明实施例通过上述可能的实现方式,实现了通过汇聚代理将各VM的子TCP连接中的报文汇聚到一个汇聚TCP连接中进行报文的发送和接收,能够节省服务器侧的TCP链路数目,以达到节省服务器内存资源的目的。Through the above-mentioned possible implementation manners, the embodiment of the present invention implements the aggregation of the packets in the sub-TCP connection of each VM to a converged TCP connection by the aggregation proxy to transmit and receive the packets, thereby saving the TCP link on the server side. The number to save server memory resources.
另一种可能的设计中,所述子链路为远程用户拨号认证系统RADIUS子会话,所述汇聚链路为RADIUS汇聚会话;所述第二报文中还包括匹配标识符,其中,所述第二报文的匹配标识符是所述汇聚代理依据所述RADIUS汇聚会话分配的匹配标识符。本发明实施例中可利用RADIUS汇聚会话重新分配的匹配标识符替换RADIUS子会话分配的匹配标识符,得到第二报文的匹配标识符,即第二报文的匹配标识符是依据RADIUS汇聚会话的IP地址、端口等信息进行分配的,能够避免与RADIUS子会话分配的匹配标识符重复。 In another possible design, the sub-link is a remote user dial-up authentication system RADIUS sub-session, the aggregation link is a RADIUS convergence session, and the second packet further includes a matching identifier, where the The matching identifier of the second packet is a matching identifier allocated by the aggregation proxy according to the RADIUS aggregation session. In the embodiment of the present invention, the matching identifier of the RADIUS sub-session is replaced by the matching identifier re-assigned by the RADIUS aggregation session, and the matching identifier of the second packet is obtained, that is, the matching identifier of the second packet is based on the RADIUS aggregation session. The allocation of information such as the IP address and port can avoid duplication of matching identifiers assigned with the RADIUS sub-session.
本发明实施例中汇聚代理可按照第二报文中包括的源IP地址、源端口、目的IP地址、目的端口和第二报文的匹配标识符,通过RADIUS汇聚会话向服务器发送所述第二报文,实现所述RADIUS子会话中的报文汇聚到RADIUS汇聚会话中向服务器发送。In the embodiment of the present invention, the aggregation proxy may send the second to the server through the RADIUS aggregation session according to the source IP address, the source port, the destination IP address, the destination port, and the matching identifier of the second packet included in the second packet. The packet is sent to the server in the RADIUS sub-session.
本发明实施例中汇聚代理通过RADIUS汇聚会话向服务器发送第二报文后,还可通过所述RADIUS汇聚会话,接收所述服务器响应所述第二报文的第二回应报文,所述第二回应报文中包含有第二报文的匹配标识符;所述汇聚代理依据所述第二回应报文中包含的第二报文的匹配标识符查找预先创建的代理表,确定RADIUS子会话分配的所述第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,所述代理表中保存所述第二报文的匹配标识符、所述第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话之间的对应关系;所述汇聚代理根据所述第二回应报文获得所述第一报文的第一回应报文,所述第一回应报文的源IP地址为所述汇聚代理的IP地址,所述第一回应报文的目的IP地址为所述确定出的RADIUS子会话所连接的VM的IP地址;所述汇聚代理依据所述确定出的第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,向所述确定出的RADIUS子会话所连接的VM转发所述第一回应报文。In the embodiment of the present invention, after the second aggregation packet is sent to the server by the RADIUS aggregation session, the convergence proxy may also receive the second response packet of the second packet by the server through the RADIUS convergence session. The second response packet includes a matching identifier of the second packet. The aggregation proxy searches for the pre-created proxy table according to the matching identifier of the second packet included in the second response packet, and determines the RADIUS sub-session. a matching identifier of the first packet and a RADIUS sub-session for transmitting the first packet, where the proxy table stores a matching identifier of the second packet, and a matching of the first packet An identifier and a correspondence between the RADIUS sub-sessions that transmit the first packet; the aggregation proxy obtains the first response packet of the first packet according to the second response packet, where the first The source IP address of the response packet is the IP address of the aggregation proxy, and the destination IP address of the first response packet is the IP address of the VM to which the determined RADIUS subsession is connected; Determining the number The matching identifier of a packet and the RADIUS sub-session transmitting the first packet forward the first response packet to the VM connected to the determined RADIUS sub-session.
可选的,所述RADIUS汇聚会话为所述汇聚代理与服务器之间已建立的RADIUS会话,即可通过直接修改已建立的RADIUS会话得到所述RADIUS汇聚会话。Optionally, the RADIUS aggregation session is an established RADIUS session between the aggregation proxy and the server, and the RADIUS convergence session can be obtained by directly modifying the established RADIUS session.
本发明实施例通过上述可能的实现方式,实现了通过汇聚代理将不同VM的RADIUS子会话中的报文汇聚到RADIUS汇聚会话中进行报文的发送和接收,能够节省服务器侧的RADIUS会话数目,以达到节省服务器内存资源的目的。Through the above-mentioned possible implementation manners, the embodiment of the present invention implements the aggregation of the packets in the RADIUS sub-sessions of different VMs into the RADIUS aggregation session through the aggregation proxy to send and receive the packets, which can save the number of RADIUS sessions on the server side. In order to save server memory resources.
再一种可能的设计中,所述汇聚代理在确认所述子链路被释放的情况下,释放所述汇聚链路,以进一步节省资源。 In a further possible design, the aggregation agent releases the aggregation link in case the acknowledgment that the sub-link is released, to further save resources.
第二方面,提供一种报文传输装置,该实现报文传输的装置,具有实现上述第一方面涉及的实现报文传输方法的相应功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。例如,所述报文传输装置,包括接收单元和处理单元,所述接收单元,用于接收来自VNF Pool中至少两个VM中的每个VM的第一报文,所述至少两个VM通过至少两个子链路与所述报文传输装置连接,且所述至少两个VM与所述至少两个子链路一一对应,所述子链路用于传输所述第一报文。所述处理单元,用于根据所述第一报文获得第二报文,所述第二报文包括源IP地址和目的IP地址,所述第二报文的源IP地址为所述报文传输装置的IP地址,所述第二报文的目的IP地址为服务器的IP地址。所述发送单元,用于通过所述报文传输装置与所述服务器之间建立的汇聚链路发送所述处理单元获得的所述第二报文,其中,所述汇聚链路的数目小于所述子链路的数目,以节省服务器下的通信链路数目,达到节省服务器内存资源的目的。In a second aspect, a message transmission apparatus is provided, and the apparatus for implementing message transmission has a corresponding function for implementing the message transmission method according to the first aspect. The functions may be implemented by hardware or by corresponding software implemented by hardware. The hardware or software includes one or more modules corresponding to the functions described above. For example, the message transmission device includes a receiving unit and a processing unit, and the receiving unit is configured to receive a first message from each of at least two VMs in the VNF Pool, where the at least two VMs pass The at least two sub-links are connected to the packet transmission device, and the at least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet. The processing unit is configured to obtain a second packet according to the first packet, where the second packet includes a source IP address and a destination IP address, and a source IP address of the second packet is the packet The IP address of the transmission device, and the destination IP address of the second packet is the IP address of the server. The sending unit is configured to send the second packet obtained by the processing unit by using an aggregation link established between the packet transmission device and the server, where the number of the aggregation links is smaller than The number of sub-links is reduced to save the number of communication links under the server, thereby saving server memory resources.
第三方面,提供一种汇聚代理,该汇聚代理包括处理器和存储器,其中,所述存储器中存有计算机可读程序,所述处理器通过运行所述存储器中的程序,实现第一方面涉及的报文传输方法。In a third aspect, a convergence agent is provided, the aggregation agent comprising a processor and a memory, wherein the memory stores a computer readable program, and the processor implements the first aspect by running a program in the memory Message transmission method.
第四方面,提供一种计算机存储介质,用于储存上述实现报文传输装置或汇聚代理所用的计算机软件指令,其包含用于执行上述第一方面涉及的报文传输方法所涉及的程序。In a fourth aspect, a computer storage medium is provided for storing the above-mentioned computer software instructions for implementing a message transmission device or a convergence agent, comprising a program for performing the message transmission method according to the above first aspect.
附图说明DRAWINGS
图1为本发明实施例提供的报文传输方法可应用的网络架构图;FIG. 1 is a network architecture diagram of a packet transmission method according to an embodiment of the present invention;
图2为本发明实施例提供的报文传输方法实现流程图;2 is a flowchart of implementing a message transmission method according to an embodiment of the present invention;
图3为本发明实施例提供的报文传输的过程示意图;FIG. 3 is a schematic diagram of a process of message transmission according to an embodiment of the present disclosure;
图4为本发明实施例内置于VNF Pool中的LB进行报文传输的实现过程示意图;4 is a schematic diagram of an implementation process of packet transmission performed by an LB built in a VNF Pool according to an embodiment of the present invention;
图5为本发明实施例外置于VNF Pool中的LB进行报文传输的实现过程示 意图;FIG. 5 is a schematic diagram showing an implementation process of message transmission by an LB placed in a VNF Pool according to an embodiment of the present invention; intention;
图6为本发明实施例中采用TCP协议进行报文传输的过程示意图;6 is a schematic diagram of a process of transmitting a packet by using a TCP protocol according to an embodiment of the present invention;
图7为本发明实施例中采用RADIUS汇聚会话进行报文传输的过程示意图;FIG. 7 is a schematic diagram of a process for transmitting a packet by using a RADIUS aggregation session according to an embodiment of the present invention;
图8为本发明实施例提供的报文传输装置的结构示意图;FIG. 8 is a schematic structural diagram of a message transmission apparatus according to an embodiment of the present disclosure;
图9为本发明实施例提供的汇聚代理的结构示意图。FIG. 9 is a schematic structural diagram of a convergence agent according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行详细地描述。The technical solutions in the embodiments of the present invention are described in detail below with reference to the accompanying drawings in the embodiments of the present invention.
本发明实施例提供的报文传输方法可应用于图1所示的网络架构。图1中,VNF Pool中部署的多个VM中的每个VM都与服务器之间建立有通信链路,并通过建立的通信链路进行信息交互。例如VM1与服务器之间建立有通信链路1并通过通信链路1进行信息交互,VM2与服务器之间建立有通信链路2并通过通信链路2进行信息交互,VM3与服务器之间建立有通信链路3并通过通信链路3进行信息交互。在网络功能虚拟化中,VNF Pool中部署的多个VM(例如VM1、VM2和VM3)可能会同时启动并与服务器之间进行交互,此时服务器需要对下连的多条通信链路(例如通信链路1、通信链路2和通信链路3)进行处理,将会耗费较多的服务器内存资源。The message transmission method provided by the embodiment of the present invention can be applied to the network architecture shown in FIG. 1. In Figure 1, each of the multiple VMs deployed in the VNF Pool establishes a communication link with the server and performs information interaction through the established communication link. For example, a communication link 1 is established between the VM1 and the server, and information is exchanged through the communication link 1. The communication link 2 is established between the VM2 and the server, and information is exchanged through the communication link 2, and the VM3 and the server are established. Communication link 3 and information exchange via communication link 3. In network function virtualization, multiple VMs (such as VM1, VM2, and VM3) deployed in the VNF Pool may start and interact with the server at the same time. In this case, the server needs to connect multiple communication links (for example) Communication link 1, communication link 2 and communication link 3) will consume more server memory resources.
需要说明的是,本发明实施例中图1所示的网络系统架构中还包括有负载分担(Load Balance,LB),该LB主要根据负载分担策略做VM间的负载分担,对VM1、VM2和VM3与服务器之间交互的报文进行透传。图1所示的网络架构中,是以LB内置于VNF Pool为例进行示意说明的,但并不引以为限,该LB可以是内置或外置于所述VNF Pool中。It should be noted that, in the embodiment of the present invention, the network system architecture shown in FIG. 1 further includes load balancing (LB), and the LB mainly performs load sharing between VMs according to the load sharing policy, and VM1, VM2, and The packets exchanged between the VM3 and the server are transparently transmitted. In the network architecture shown in FIG. 1 , the LB is built in the VNF Pool as an example, but is not limited thereto. The LB may be built in or external to the VNF Pool.
进一步需要说明的是,图1所示中涉及的各VM的结构仅是进行示意性说明,并不引以为限,例如VM中可以包括具有控制功能的VM控制单元(sControl),也可以包括具有转发功能的VM转发单元(sForward),每个VM控制单元和转发单元的组合可以看作是一个独立的网络功能实体,图1中 并未进行示意。It should be further noted that the structure of each VM involved in FIG. 1 is only for illustrative purposes, and is not limited thereto. For example, the VM may include a VM control unit (sControl) having a control function, and may also include VM forwarding unit (sForward) with forwarding function, the combination of each VM control unit and forwarding unit can be regarded as an independent network function entity, Figure 1 Not shown.
本发明实施例中为避免VM与服务器进行交互过程中建立过多的通信链路,耗费服务器的内存资源,可将来自VNF Pool中多个VM的报文汇聚后与服务器进行交互,以节省服务器的内存资源。In the embodiment of the present invention, in order to avoid excessive communication links between the VM and the server, the memory resources of the server are consumed, and packets from multiple VMs in the VNF Pool can be aggregated and interacted with the server to save the server. Memory resources.
本发明实施例中为实现将VNF Pool中多个VM的报文汇聚后与服务器进行交互,可通过部署汇聚代理实现,VM与汇聚代理之间建立通信链路,VM与所述子链路一一对应。VM通过其与汇聚代理之间建立的通信链路将发送给服务器的报文先发送给汇聚代理。汇聚代理与服务器之间建立数量小于VM与汇聚代理之间建立通信链路的通信链路,汇聚代理对接收到的报文进行汇聚处理后通过其与服务器之间建立的通信链路发送给服务器。使得VNF Pool对外呈现汇聚链路,服务器将整个VNF Pool作为整体并不感知VNF Pool下存在多个VM,实现将一个VNF Pool中不同VM真正虚拟成一个Pool,并且所述汇聚链路的数目小于所述子链路的数目,节省了服务器下的通信链路数目,以达到节省服务器内存资源的目的。In the embodiment of the present invention, a packet of a plurality of VMs in the VNF Pool is aggregated and interacted with the server, and the aggregation proxy is implemented, and a communication link is established between the VM and the aggregation proxy, and the VM and the sub-link are connected. A correspondence. The VM sends the message sent to the server to the aggregation agent first through the communication link established between it and the aggregation agent. A communication link between the aggregation agent and the server is smaller than a communication link between the VM and the aggregation agent. The aggregation agent aggregates the received message and sends it to the server through the communication link established between the server and the server. . The VNF pool is configured to externally present the aggregation link. The server does not know that there are multiple VMs in the VNF pool. The virtual VMs in a VNF pool are actually virtualized into one pool, and the number of the aggregation links is smaller than the number of the aggregation links. The number of the sub-links saves the number of communication links under the server, so as to save server memory resources.
本发明实施例中,以下为描述方便可将VM与汇聚代理之间建立的链路称为子链路,所述子链路传输的报文称为第一报文。将汇聚代理与服务器之间建立的链路称为汇聚链路,所述汇聚链路传输的报文称为第二报文。In the embodiment of the present invention, the link established between the VM and the aggregation proxy is referred to as a sub-link, and the packet transmitted by the sub-link is referred to as a first packet. The link established between the aggregation proxy and the server is called an aggregation link, and the packet transmitted by the aggregation link is called a second packet.
图2所示为本发明实施例提供的报文传输方法的实现流程图,图3所示为本发明实施例提供的报文传输过程示意图。FIG. 2 is a flowchart of an implementation of a packet transmission method according to an embodiment of the present invention, and FIG. 3 is a schematic diagram of a packet transmission process according to an embodiment of the present invention.
S101:VNF Pool中的每个VM与汇聚代理建立子链路,如图3所示,VNF Pool中包括有VM1、VM2和VM3,VM1、VM2和VM3分别与汇聚代理建立子链路,建立的子链路分别为子链路1、子链路2和子链路3。S101: Each VM in the VNF Pool establishes a sub-link with the aggregation agent. As shown in FIG. 3, the VNF Pool includes VM1, VM2, and VM3, and VM1, VM2, and VM3 respectively establish sub-links with the aggregation agent, and are established. The sub-links are sub-link 1, sub-link 2, and sub-link 3, respectively.
S102:汇聚代理与服务器之间新建一个汇聚链路,如图3所示。S102: Create a new aggregation link between the aggregation proxy and the server, as shown in Figure 3.
本发明实施例中,汇聚代理可在接收到通过首个子链路传输的报文时,建立汇聚链路,而在接收到通过后续子链路传输的报文时,不触发建立汇聚链路。例如,本发明实施例中可在VM1请求与汇聚代理建立子链路1时,触发 建立汇聚链路。In the embodiment of the present invention, the aggregation proxy can establish an aggregation link when receiving the packet transmitted through the first sub-link, and does not trigger the establishment of the aggregation link when receiving the packet transmitted through the subsequent sub-link. For example, in the embodiment of the present invention, when the VM1 requests to establish the sub-link 1 with the aggregation proxy, the trigger is triggered. Establish an aggregation link.
本发明实施例中汇聚代理与服务器之间建立的汇聚链路的数目可依据VM与汇聚代理之间建立的子链路的数目来确定,若子链路数量较少,通过一条汇聚链路即可完成传输,则可仅建立一条汇聚链路。若子链路数量庞大,通过一条汇聚链路造成该条汇聚链路的负载过重,则可创建至少两条汇聚链路。本发明实施例中以下以汇聚链路为一条进行举例说明,但并不引以为限。图3中以包括一条汇聚链路为例进行说明。The number of the aggregation links established between the aggregation proxy and the server in the embodiment of the present invention may be determined according to the number of sub-links established between the VM and the aggregation proxy. If the number of the sub-links is small, the aggregation link may be adopted. Once the transfer is complete, only one aggregation link can be established. If the number of sub-links is too large and the load of the aggregation link is too heavy through an aggregation link, at least two aggregation links can be created. In the following embodiments of the present invention, the aggregation link is taken as an example, but is not limited thereto. FIG. 3 illustrates an example of including an aggregation link.
S103:VNF Pool中多个VM中的每个VM分别通过子链路传输第一报文,汇聚代理接收来自VNF Pool中多个VM中每个VM的第一报文。例如图3中通过子链路1传输来自VM1的第一报文,通过子链路2传输来自VM2的第一报文,通过子链路3传输来自VM3第一报文。S103: Each VM of the multiple VMs in the VNF Pool respectively transmits a first packet by using a sub-link, and the aggregation proxy receives the first packet from each VM of the multiple VMs in the VNF Pool. For example, in FIG. 3, the first message from VM1 is transmitted through sub-link 1, the first message from VM2 is transmitted through sub-link 2, and the first message from VM3 is transmitted through sub-link 3.
S104:汇聚代理依据所述第一报文得到第二报文。S104: The convergence agent obtains the second packet according to the first packet.
本发明实施例中所述第二报文是依据所述第一报文所得到的,通常是将所述第一报文的报文头进行修改后得到,例如可采用如下方式:所述汇聚代理获取所述第一报文的报文头信息,所述报文头信息中包括所述子链路中传输所述第一报文的元组信息,所述元组信息可以是N元组信息,其中N大于等于3,例如,更具体的N元组信息是三元组信息或者五元组信息或者七元组信息等。通常通过IP五元组可标识出报文组成的一个数据流,故本发明实施例中以下以第一报文中包括IP五元组的信息,即包括源端口、源IP、目的端口、目的IP和采用的协议为例进行说明,但并不引以为限。所述汇聚代理依据第二报文的元组信息替换所述第一报文的元组信息,得到所述第二报文的报文头信息,然后结合第一报文的载荷得到第二报文。In the embodiment of the present invention, the second packet is obtained according to the first packet, and is usually obtained by modifying the header of the first packet, for example, the following manner may be adopted: Obtaining, by the proxy, the packet header information of the first packet, where the packet header information includes the tuple information of the first packet in the sub-link, where the tuple information may be an N-tuple Information, where N is greater than or equal to 3, for example, more specific N-tuple information is triplet information or quintuple information or quaternary information. The information of the IP quintuple is included in the first packet, that is, the source port, the source IP address, the destination port, and the destination. The IP and the adopted protocol are described as examples, but are not limited. The aggregation agent replaces the tuple information of the first packet according to the tuple information of the second packet, obtains the packet header information of the second packet, and then obtains the second report by combining the payload of the first packet. Text.
本发明实施例中所述第二报文的元组信息中包括源IP地址和目的IP地址,还可包括源端口和目的端口,其中,可利用汇聚代理的端口替换第一报文的源端口,得到第二报文的源端口,即所述第二报文的源端口为所述汇聚代理的端口。利用服务器的端口替换第一报文的目的端口,得到第二报文的目的 端口,即所述第二报文的目的端口为所述服务器的端口。The tuple information of the second packet in the embodiment of the present invention includes a source IP address and a destination IP address, and may further include a source port and a destination port, where the source port of the first packet may be replaced by the port of the aggregation proxy. The source port of the second packet is obtained, that is, the source port of the second packet is the port of the aggregation proxy. Replace the destination port of the first packet with the port of the server to obtain the destination of the second packet. The port, that is, the destination port of the second packet is a port of the server.
本发明实施例中第二报文包括的具体内容可根据第二报文所采用的元组信息来确定,所述元组信息可以是N元组信息,其中N大于等于3,例如,更具体的N元组信息是三元组信息或者五元组信息或者七元组信息等。通常通过IP五元组可标识出报文组成的一个数据流,故本发明实施例中第二报文中优选包括IP五元组的信息,即包括源端口、源IP、目的端口、目的IP和采用的协议。本发明实施例以下以第二报文的元组信息包括IP五元组为例进行说明,但并不引以为限。The specific content of the second packet in the embodiment of the present invention may be determined according to the tuple information used by the second packet, where the tuple information may be N-tuple information, where N is greater than or equal to 3, for example, more specific. The N-tuple information is triad information or quintuple information or quaternary group information. The information of the IP quintuple is preferably included in the second packet of the present invention, including the source port, the source IP address, the destination port, and the destination IP address. And the adopted agreement. The following describes the tuple information of the second packet, including the IP quintuple, as an example, but is not limited thereto.
S105:汇聚代理通过其与服务器之间建立的汇聚链路发送所述第二报文。S105: The convergence agent sends the second packet by using an aggregation link established between the proxy and the server.
本发明实施例中汇聚代理可按照第一报文的接收顺序,将通过子链路1、子链路2和子链路3传输的第一报文加入到汇聚链路中,实现外部服务器与VNF Pool之间维护数量较少的通信链路,并使用较少的端口(socket)进行报文的传输。例如图3所示实现过程中,VM1、VM2和VM3分别用socket1、socket2和socket3向汇聚代理发送第一报文,汇聚代理接收到第一报文后得到第二报文,通过socket4向服务器发送第二报文。In the embodiment of the present invention, the aggregation agent may add the first packet transmitted through the sub-link 1, the sub-link 2, and the sub-link 3 to the aggregation link according to the receiving sequence of the first packet, and implement the external server and the VNF. A small number of communication links are maintained between the pools, and fewer ports (sockets) are used for message transmission. For example, in the implementation process shown in FIG. 3, VM1, VM2, and VM3 respectively send the first packet to the aggregation proxy by using socket1, socket2, and socket3, and the aggregation proxy receives the first packet and obtains the second packet, and sends the second packet to the server through socket4. Second message.
本发明实施例以下将结合实际应用对上述实施例涉及的报文传输方法进行说明。Embodiments of the Present Invention The message transmission method according to the above embodiment will be described below in conjunction with practical applications.
本发明实施例中,所述汇聚代理可以是部署在图1所示网络架构中独立存在的部件,也可以是集成在所述LB内部的部件,本发明实施例不做限定。本发明实施例中若所述汇聚代理为集成在所述LB内部的部件,即可以理解为是在现有具有负载分担功能的LB上新增汇聚代理的功能,此种情况可无需新增设备。In the embodiment of the present invention, the aggregation proxy may be a component that is deployed in the network architecture shown in FIG. 1 or may be a component that is integrated in the LB, which is not limited in the embodiment of the present invention. In the embodiment of the present invention, if the aggregation proxy is a component integrated in the LB, it can be understood as a function of adding an aggregation proxy to an existing LB with a load sharing function. .
本发明实施例以下以所述汇聚代理为集成在所述LB内部的部件为例进行说明,即所述汇聚代理为新增汇聚代理功能的LB。The embodiment of the present invention is described below by taking the aggregation agent as a component integrated in the LB, that is, the aggregation proxy is an LB that adds a new aggregation proxy function.
本发明实施例中新增汇聚代理功能的LB可以内置或外置于所述VNF Pool中。具体采用内置于VNF Pool中的LB还是采用外置于VNF Pool中的LB,可依 据与汇聚代理建立子链路的VM所属VNF Pool来确定。在一种可能的实现方式中,与汇聚代理建立子链路的VM属于不同的VNF Pool,则可采用外置的LB进行汇聚。在另一种可能的实现方式中,与汇聚代理建立子链路的VM属于一个VNF Pool,则可采用内置的LB进行汇聚。可以理解的是,与汇聚代理建立子链路的VM属于同一个VNF Pool的情况下,也可采用外置的LB进行汇聚,本发明实施例不做限定。The LB that adds the aggregation proxy function in the embodiment of the present invention may be built in or external to the VNF Pool. Specifically, the LB built in the VNF Pool or the LB externally placed in the VNF Pool can be used. It is determined according to the VNF Pool to which the VM that establishes the sub-link with the aggregation agent belongs. In a possible implementation, if the VMs that establish the sub-links with the aggregation proxy belong to different VNF Pools, the external LBs may be used for aggregation. In another possible implementation manner, if the VM that establishes the sub-link with the aggregation agent belongs to a VNF Pool, the built-in LB can be used for aggregation. It can be understood that, in the case that the VMs that establish the sub-links of the aggregation agent belong to the same VNF pool, the LBs may be used for aggregation, which is not limited in the embodiment of the present invention.
图4所示为内置于VNF Pool中的LB通过汇聚链路发送报文的实现过程示意图。图4中,VM1、VM2和VM3形成一个VNF Pool,VM1与LB之间建立有子链路1,VM2与LB之间建立有子链路2,VM3与LB之间建立有子链路3,LB与服务器之间建立有汇聚链路(图4中以汇聚链路的数量为一条进行示意说明,但并不引以为限)。VM1通过子链路1向LB发送第一报文,VM2通过子链路2向LB发送第一报文,VM3通过子链路3向LB发送第一报文,其中,VM1、VM2和VM3发送的第一报文的源IP地址不同,目的IP地址相同都为LB的IP地址。LB接收到VM1、VM2和VM3发送的第一报文后,利用LB的IP地址替换第一报文的源IP地址,利用服务器的IP地址替换第一报文的目的IP地址,从而获得第二报文,其中,所述第二报文的的源IP地址为所述汇聚代理的IP地址,所述第二报文的目的IP地址为服务器的IP地址。LB通过其与服务器之间建立的汇聚链路发送所述第二报文。Figure 4 is a schematic diagram of an implementation process of an LB that is built in a VNF Pool to send packets through an aggregation link. In Figure 4, VM1, VM2, and VM3 form a VNF Pool, a sub-link 1 is established between VM1 and LB, a sub-link 2 is established between VM2 and LB, and a sub-link 3 is established between VM3 and LB. An aggregation link is established between the LB and the server. The number of aggregation links is shown in Figure 4, but it is not limited. The VM1 sends the first packet to the LB through the sub-link 1, the VM2 sends the first packet to the LB through the sub-link 2, and the VM3 sends the first packet to the LB through the sub-link 3, where VM1, VM2 and VM3 send The source IP address of the first packet is different, and the destination IP address is the same as the IP address of the LB. After receiving the first packet sent by VM1, VM2, and VM3, the LB replaces the source IP address of the first packet with the IP address of the LB, and replaces the destination IP address of the first packet with the IP address of the server, thereby obtaining the second packet. The packet, wherein the source IP address of the second packet is an IP address of the aggregation proxy, and the destination IP address of the second packet is an IP address of the server. The LB sends the second packet through an aggregation link established between the LB and the server.
图5所示为外置于VNF Pool中的LB通过汇聚链路发送报文的实现过程示意图。图5中,VM1和VM2形成一个VNF Pool,VM3和VM4形成一个VNF Pool。本发明实施例中不限定每个VNF Pool中的VM的形式,本发明实施例中以VM1和VM2互为主备,VM3和VM4互为主备为例进行举例说明。VM1和VM2同一时间内中有一个与LB建立子链路1,VM3和VM4同一时间内中有一个与LB建立子链路2,图5中以VM1与LB建立子链路1,VM3与LB建立子链路2为例进行说明。外置于VNF Pool的LB与服务器之间建立有汇聚链路。图5中通过子链路发送第一报文,LB对第一报文进行处理得到第二报文,以及通过汇聚链 路发送第二报文的过程与图4中的实现过程相比,不同之处仅在于VM属于不同VNF Pool,具有汇聚功能的LB外置于VNF Pool,其它类似,故在此不再赘述。Figure 5 is a schematic diagram of an implementation process of sending an LB through a convergence link to an LB that is externally placed in the VNF Pool. In Figure 5, VM1 and VM2 form a VNF Pool, and VM3 and VM4 form a VNF Pool. In the embodiment of the present invention, the form of the VM in each VNF Pool is not limited. In the embodiment of the present invention, VM1 and VM2 are mutually standby, and VM3 and VM4 are mutually active as an example. One of VM1 and VM2 establishes sub-link 1 with LB at the same time. One of VM3 and VM4 establishes sub-link 2 with LB at the same time. In Figure 5, VM1 and LB establish sub-link 1, VM3 and LB. The sublink 2 is established as an example for description. An aggregation link is established between the LB that is externally placed in the VNF Pool and the server. In Figure 5, the first packet is sent through the sub-link, and the LB processes the first packet to obtain the second packet, and passes through the convergence chain. The process of sending the second packet is different from the implementation process in FIG. 4, except that the VM belongs to a different VNF Pool, and the LB with the aggregation function is externally placed in the VNF Pool, and other similarities are not described herein.
通过图4和图5所示的报文发送过程实施示意图可知,本发明实施例中发送第一报文的多个VM可属于同一个VNF Pool,也可属于不同的VNF Pool。The schematic diagram of the packet sending process shown in FIG. 4 and FIG. 5 shows that, in the embodiment of the present invention, multiple VMs that send the first packet may belong to the same VNF Pool, or may belong to different VNF Pools.
本发明实施例中进行报文传输时根据采用的传输协议不同,第二报文所包含的内容也会不同,例如若采用传输控制协议(Transmission Control Protocol,TCP),则所述第二报文中还可包括序列号。若采用用户数据包协议(User Datagram Protocol,UDP),则所述第二报文中还可包括匹配标识符、本发明实施例以下将分别针对上述两种协议进行举例说明。In the embodiment of the present invention, when the packet is transmitted, the content of the second packet is different according to the adopted transmission protocol. For example, if the Transmission Control Protocol (TCP) is used, the second packet is used. The serial number can also be included. If the User Datagram Protocol (UDP) is used, the second packet may further include a matching identifier. The following embodiments of the present invention are respectively exemplified for the foregoing two protocols.
首先,以采用TCP协议为例进行说明,采用TCP协议进行报文传输时,VM与LB之间建立的子链路可称为子TCP连接,LB与服务器之间建立的汇聚链路可称为汇聚TCP连接。First, the TCP protocol is taken as an example. When the TCP protocol is used for message transmission, the sub-link established between the VM and the LB can be called a sub-TCP connection. The aggregation link established between the LB and the server can be called Converged TCP connections.
图6所示为本发明实施例中采用TCP协议进行报文传输的过程示意图。图6中,VNF Pool中的VM1、VM2和VM3分别与LB建立子TCP连接。VM1与LB建立的子TCP连接为TCP1,TCP1用于传输来自VM1的第一报文。VM2与LB建立的子TCP连接为TCP2,TCP2用于传输来自VM2的第一报文。VM3与LB建立的子TCP连接为TCP3,TCP3用于传输来自VM3的第一报文。采用TCP协议进行报文传输时,为保证传送报文的顺序以及保证所有传输的报文可按照正常顺序进行重组,则每个子TCP连接都要为每次发送的报文分配一个序列号,换言之,所述第一报文中还包括有序列号,且所述序列号与子TCP连接一一对应,例如通过TCP1传输的第一报文的序列号为seq1n,通过TCP2传输的第一报文的序列号为seq2n,通过TCP3传输的第一报文的序列号为seq3n。FIG. 6 is a schematic diagram of a process for transmitting a message using the TCP protocol according to an embodiment of the present invention. In Figure 6, VM1, VM2, and VM3 in the VNF Pool establish a sub-TCP connection with the LB, respectively. The sub-TCP connection established by VM1 and LB is TCP1, and TCP1 is used to transmit the first message from VM1. The sub-TCP connection established by VM2 and LB is TCP2, and TCP2 is used to transmit the first message from VM2. The sub-TCP connection established by VM3 and LB is TCP3, and TCP3 is used to transmit the first packet from VM3. When the TCP protocol is used for message transmission, in order to ensure the sequence of transmitting messages and to ensure that all transmitted messages can be reassembled in the normal order, each sub-TCP connection must assign a sequence number to each transmitted message, in other words. The first packet further includes a sequence number, and the sequence number is in one-to-one correspondence with the sub-TCP connection, for example, the sequence number of the first packet transmitted by the TCP1 is seq1n, and the first packet transmitted by the TCP2 The sequence number is seq2n, and the sequence number of the first message transmitted through TCP3 is seq3n.
本发明实施例中以VM1、VM2和VM3发送的第一报文中包括有IP五元组(源IP、源端口、目的IP、目的端口和传输协议),还包括有序列号为例进行说明,则IP五元组、序列号以及子TCP连接之间的对应关系如表1所示。 The first packet sent by VM1, VM2, and VM3 in the embodiment of the present invention includes an IP quintuple (source IP, source port, destination IP, destination port, and transport protocol), and includes a sequence number as an example. The correspondence between the IP quintuple, the serial number, and the sub-TCP connection is as shown in Table 1.
表1Table 1
Figure PCTCN2016111933-appb-000001
Figure PCTCN2016111933-appb-000001
本发明实施例中LB接收VM1、VM2和VM3发送的第一报文,依据该第一报文获得第二报文。本发明实施例中所述第二报文包括的内容可依据第一报文包括的内容得到。例如第一报文包括IP五元组和序列号,则所述第二报文中也包括有IP五元组和序列号,不同之处在于,所述第二报文中包括的IP五元组和序列号是不同于第一报文中包括的IP五元组和序列号的。第二报文的IP五元组是LB依据汇聚TCP连接替换第一报文的IP五元组得到,例如,利用LB的IP地址替换通过TCP1、TCP2和TCP3传输的第一报文的源IP地址,得到第二报文的源IP地址,即第二报文的源IP地址为LB的IP地址。利用服务器的IP地址替换通过TCP1、TCP2和TCP3传输的第一报文的目的IP地址,得到第二报文的目的IP地址,即第二报文的目的IP地址为服务器的IP地址。利用LB的端口替换通过TCP1、TCP2和TCP3传输的第一报文的源端口,得到第二报文的源端口,即第二报文的源端口为LB的端口。利用服务器的端口替换通过TCP1、TCP2和TCP3传输的第一报文的目的端口,得到第二报文的目的端口,即第二报文的目的端口为服务器的端口。TCP4与TCP1、TCP2和TCP3采用的传输协议相同,即第二报文的传输协议为TCP。In the embodiment of the present invention, the LB receives the first packet sent by VM1, VM2, and VM3, and obtains the second packet according to the first packet. The content included in the second packet in the embodiment of the present invention may be obtained according to the content included in the first packet. For example, the first packet includes an IP quintuple and a sequence number, and the second packet also includes an IP quintuple and a sequence number, except that the IP packet included in the second packet is five yuan. The group and serial number are different from the IP quintuple and serial number included in the first message. The IP quintuple of the second packet is obtained by replacing the IP quintuple of the first packet according to the convergence TCP connection, for example, replacing the source IP address of the first packet transmitted through TCP1, TCP2, and TCP3 by using the IP address of the LB. The address is the source IP address of the second packet, that is, the source IP address of the second packet is the IP address of the LB. The destination IP address of the second packet is obtained by using the IP address of the server to replace the destination IP address of the first packet transmitted by TCP1, TCP2, and TCP3. The destination IP address of the second packet is the IP address of the server. The source port of the first packet is replaced by the port of the LB, and the source port of the second packet is the port of the LB. The destination port of the second packet is obtained by using the port of the server to replace the destination port of the first packet transmitted by TCP1, TCP2, and TCP3, that is, the destination port of the second packet is the port of the server. TCP4 uses the same transmission protocol as TCP1, TCP2, and TCP3, that is, the transmission protocol of the second packet is TCP.
第二报文的序列号是LB依据汇聚TCP连接分配的序列号替换第一报文的序列号得到的。本发明实施例中TCP4传输的第二报文可以理解为是顺序接收到TCP1、TCP2和TCP3传输的第一报文的报文头信息中包括的IP五元组被替换后得到的报文,故TCP4进行序列号分配时为TCP1、TCP2和TCP3传输的第一报文分配的序列号分别为seq4n,seq4n+length1和seq4n+length1+length2。其中, length1为TCP1传输的第一报文的长度,length2为TCP2传输的第一报文的长度。利用TCP4分配的序列号替换第一报文的序列号后,可得到第二报文的序列号,即依据TCP1传输的第一报文得到的第二报文的序列号为seq4n,依据TCP2传输的第一报文得到的第二报文的序列号为seq4n+length1,依据TCP3传输的第一报文得到的第二报文的序列号为seq4n+length1+length2。The sequence number of the second packet is obtained by replacing the sequence number of the first packet with the sequence number assigned by the convergence TCP connection. The second packet transmitted by the TCP4 in the embodiment of the present invention can be understood as a packet obtained by replacing the IP quintuple included in the packet header information of the first packet transmitted by the TCP1, the TCP2, and the TCP3. Therefore, the sequence numbers assigned by the TCP4 for the first message transmitted by TCP1, TCP2, and TCP3 when the sequence number is assigned are seq4n, seq4n+length1, and seq4n+length1+length2, respectively. among them, Length1 is the length of the first packet transmitted by TCP1, and length2 is the length of the first packet transmitted by TCP2. After the sequence number of the first packet is replaced by the sequence number assigned by the TCP4, the sequence number of the second packet is obtained, that is, the sequence number of the second packet obtained according to the first packet transmitted by the TCP1 is seq4n, and is transmitted according to the TCP2. The sequence number of the second packet obtained by the first packet is seq4n+length1, and the sequence number of the second packet obtained according to the first packet transmitted by TCP3 is seq4n+length1+length2.
第二报文的IP五元组以及序列号之间的对应关系如表2所示。The correspondence between the IP quintuple of the second packet and the serial number is shown in Table 2.
表2Table 2
Figure PCTCN2016111933-appb-000002
Figure PCTCN2016111933-appb-000002
本发明实施例中LB接收到来自VM1、VM2和VM3发送的第一报文后,按照上述转换方式对第一报文进行处理后可得到第二报文,然后即可通过汇聚TCP连接(即TCP4)向服务器发送所述第二报文。In the embodiment of the present invention, after receiving the first packet sent by VM1, VM2, and VM3, the LB can process the first packet according to the foregoing conversion manner to obtain the second packet, and then obtain the second TCP connection. TCP4) sends the second message to the server.
本发明实施例中LB通过汇聚TCP连接向服务器发送第二报文后,还可接收服务器响应所述第二报文的回应报文,并依据所述第二报文的回应报文得到第一报文的回应报文,将所述第一报文的回应报文转发给VM1、VM2和VM3。本发明实施例以下为描述方便,将第二报文的回应报文称为第二回应报文,将第一报文的回应报文称为第一回应报文。In the embodiment of the present invention, after the LB sends the second packet to the server through the convergence TCP connection, the LB may also receive the response packet of the second packet, and obtain the first response packet according to the second packet. The response packet of the packet forwards the response packet of the first packet to VM1, VM2, and VM3. The following is a description of the present invention. The response packet of the second packet is referred to as a second response packet, and the response packet of the first packet is referred to as a first response packet.
具体的,采用TCP传输协议进行报文传输时,发送端发送的报文可以用序列号来确认对端是否收到,发送端发送报文时,会把这个报文的序列号放入待确认队列中,同时启动重传计时器,如果收到了该报文的回应报文确认序列号,通过该确认序列号来确定报文已收到,若确定该报文已收到则将此包从待确认队列中删除,采用TCP传输协议进行报文传输时,也可通过序列号来 保证所有传输的报文可以按照正常的顺序进行重组。Specifically, when the TCP transmission protocol is used for message transmission, the message sent by the sender can use the serial number to confirm whether the peer receives the message. When the sender sends the message, the sequence number of the message is placed in the message to be acknowledged. In the queue, the retransmission timer is started at the same time. If the response packet of the packet is received, the sequence number is confirmed, and the confirmation sequence number is used to determine that the packet has been received. If it is determined that the packet has been received, the packet is received from the queue. When the queue to be confirmed is deleted, when the TCP transmission protocol is used for message transmission, the serial number can also be used. Ensure that all transmitted messages can be reassembled in the normal order.
本发明实施例中LB将通过TCP1、TCP2和TCP3传输的第一报文汇聚到TCP4发送给服务器之后,可将TCP4分配的第二报文的序列号加入到TCP4的待确认队列中,并保存第二报文的序列号、第二报文的数据长度以及传输第一报文的子TCP连接(TCP1、TCP2和TCP3)之间的对应关系。第二报文的第二回应报文中包括第二报文的确认序列号,该第二报文的确认序列号通常为第二报文的序列号与第二报文的数据长度之和,故LB可通过第二报文的确认序列号,确定出第二报文的序列号与第二报文的数据长度,进而确定出传输第一报文的子TCP连接,并通过确定出的第一报文的子TCP连接将第一报文的回应报文转发给相应的VM。In the embodiment of the present invention, the LB aggregates the first packet transmitted by the TCP1, the TCP2, and the TCP3 to the TCP4, and sends the sequence number of the second packet allocated by the TCP4 to the to-be-confirmed queue of the TCP4. The serial number of the second message, the data length of the second message, and the correspondence between the sub-TCP connections (TCP1, TCP2, and TCP3) for transmitting the first message. The second response packet of the second packet includes an acknowledgement sequence number of the second packet, where the acknowledgement sequence number of the second packet is usually the sum of the sequence number of the second packet and the data length of the second packet. Therefore, the LB can determine the sequence number of the second packet and the data length of the second packet by using the confirmation sequence number of the second packet, and further determine the sub-TCP connection for transmitting the first packet, and determine the The sub-TCP connection of a packet forwards the response packet of the first packet to the corresponding VM.
本发明实施例中LB可预先保存第二报文的序列号、第二报文的数据长度以及传输第一报文的子TCP连接(TCP1、TCP2和TCP3)之间的对应关系,例如表3所示。In the embodiment of the present invention, the LB may pre-store the sequence number of the second packet, the data length of the second packet, and the correspondence between the sub-TCP connections (TCP1, TCP2, and TCP3) for transmitting the first packet, for example, Table 3 Shown.
表3table 3
第二报文的序列号Serial number of the second message 第二报文的数据长度Data length of the second message 子TCP连接Sub-TCP connection
seq4nSeq4n length1Length1 TCP1TCP1
seq4n+length1Seq4n+length1 length2Length2 TCP2TCP2
seq4n+length1+length2Seq4n+length1+length2 Length3Length3 TCP3TCP3
LB接收到第二回应报文后,依据第二回应报文中包括的第二报文的确认序列号,查找预先保存的关系列表,确定出第二报文的序列号和第二报文的数据长度之和与所述第二报文的确认序列号相等的第二报文的序列号和第二报文的数据长度,然后依据所述第二报文的序列号和所述第二报文的数据长度,以及第二报文的序列号、第二报文的数据长度以及传输第一报文的子TCP连接之间的对应关系,确定出传输第一报文的子TCP连接。After receiving the second response packet, the LB searches for the pre-stored relationship list according to the confirmation sequence number of the second packet included in the second response packet, and determines the sequence number of the second packet and the second packet. a sequence number of the second packet equal to the acknowledgement sequence number of the second packet and a data length of the second packet, and then according to the sequence number of the second packet and the second report The data length of the text, and the sequence number of the second packet, the data length of the second packet, and the correspondence between the sub-TCP connections transmitting the first packet determine the sub-TCP connection for transmitting the first packet.
本发明实施例中确定出传输的第一报文的子TCP连接之后,所述汇聚代理获得第一报文的第一回应报文,所述第一回应报文的源IP地址为所述汇聚代理 的IP地址,所述第一回应报文的目的IP地址为确定出的子TCP连接所连接的VM的IP地址;所述第一回应报文中包括第一报文的确认序列号,该第一报文的确认序列号通常为第一报文的序列号与第一报文的数据长度之和。所述汇聚代理通过所述确定出的子TCP连接,向所述确定出的子TCP连接所连接的VM转发所述第一回应报文。VM接收到所述第一回应报文后,依据所述第一回应报文中包括的第一报文的确认序列号,可确定出所述第一回应报文所回应的第一报文。After determining the sub-TCP connection of the first packet to be transmitted in the embodiment of the present invention, the aggregation proxy obtains the first response packet of the first packet, where the source IP address of the first response packet is the convergence. Agent An IP address, the destination IP address of the first response packet is an IP address of the VM to which the determined sub-TCP connection is connected, and the first response packet includes an acknowledgement sequence number of the first packet, where the The confirmation sequence number of a message is usually the sum of the sequence number of the first message and the data length of the first message. The aggregation proxy forwards the first response packet to the VM connected to the determined sub-TCP connection by using the determined sub-TCP connection. After receiving the first response packet, the VM may determine, according to the acknowledgement sequence number of the first packet included in the first response packet, the first packet that is sent by the first response packet.
本发明实施例中汇聚代理可通过确定出的子TCP连接传输的第一报文的IP五元组以及第一报文的确认序列号,替换第二回应报文的IP五元组以及第二报文的序列号,得到第一报文的第一回应报文的IP五元组以及序列号。In the embodiment of the present invention, the aggregation proxy can replace the IP quintuple of the second response packet and the second quintuple of the second response packet by determining the IP quintuple of the first packet transmitted by the sub-TCP connection and the acknowledgment sequence number of the first packet. The serial number of the packet, and the IP quintuple of the first response packet of the first packet and the sequence number.
本发明实施例中第二回应报文的IP五元组以及第二报文的序列号可如下表4所示。The IP quintuple of the second response message and the sequence number of the second message in the embodiment of the present invention may be as shown in Table 4 below.
表4Table 4
Figure PCTCN2016111933-appb-000003
Figure PCTCN2016111933-appb-000003
本发明实施例中第一回应报文的IP五元组以及第一报文的序列号可如下表5所示。The IP quintuple of the first response message and the sequence number of the first packet in the embodiment of the present invention may be as shown in Table 5 below.
表5table 5
Figure PCTCN2016111933-appb-000004
Figure PCTCN2016111933-appb-000004
Figure PCTCN2016111933-appb-000005
Figure PCTCN2016111933-appb-000005
需要说明的是,本发明实施例表5中length1为VM1发送的第一报文的数据长度,length2为VM2发送的第一报文的数据长度,length3为VM3发送的第一报文的数据长度。It should be noted that length1 in Table 5 of the embodiment of the present invention is the data length of the first packet sent by VM1, length2 is the data length of the first packet sent by VM2, and length3 is the data length of the first packet sent by VM3. .
本发明实施例通过上述实现方式,实现了通过LB将通过子TCP连接传输的报文汇聚到一个汇聚TCP连接中进行报文的发送和接收,能够节省服务器侧的TCP连接数目,以达到节省服务器内存资源的目的。The embodiment of the present invention implements the LB to aggregate the packets transmitted through the sub-TCP connection to a converged TCP connection for sending and receiving packets, thereby saving the number of TCP connections on the server side, thereby saving the server. The purpose of memory resources.
可选的,本发明实施例中若VNF Pool中的所有子TCP连接被释放,为进一步节省资源,可将新建的汇聚TCP连接也释放。Optionally, in the embodiment of the present invention, if all the sub-TCP connections in the VNF Pool are released, to further save resources, the newly created converged TCP connection may also be released.
可选的,本发明实施例中LB通过到一个汇聚TCP连接进行报文的传输,故VNF Pool对外呈现一个汇聚连接,故若在该VNF Pool内的VM数量增加或减少,都不会影响LB与服务器之间的汇聚TCP连接的数目,即服务器将整个VNF Pool作为整体并不感知到VNF Pool中的VM的数量,实现将VNF Pool中不同VM真正虚拟成一个Pool,形成云化的资源池,并可使VM不受地域的限制。Optionally, in the embodiment of the present invention, the LB transmits the packet to a converged TCP connection, so the VNF Pool presents a converged connection, so if the number of VMs in the VNF Pool increases or decreases, the LB will not be affected. The number of converged TCP connections with the server, that is, the server does not perceive the number of VMs in the VNF Pool as a whole, and realizes that the VMs in the VNF Pool are truly virtualized into one pool, forming a clouded resource pool. And can make the VM free from geographical restrictions.
远程用户拨号认证系统(Remote Authentication Dial In User Service,RADIUS),是目前广泛应用的一种采用UDP传输数据的方式。故本发明实施例中对于采用UDP协议进行报文传输的过程以RADIUS会话为例进行说明。本发明实施例以下以VM与LB之间建立的子链路为RADIUS子会话,LB与服务器之间建立的汇聚链路为RADIUS汇聚会话为例进行说明。The Remote Authentication Dial In User Service (RADIUS) is a widely used method for transmitting data by UDP. Therefore, the RADIUS session is used as an example for the process of transmitting packets by using the UDP protocol in the embodiment of the present invention. In the embodiment of the present invention, the sub-link established between the VM and the LB is a RADIUS sub-session, and the aggregation link established between the LB and the server is a RADIUS aggregation session.
采用RADIUS会话进行报文传输的实现过程与采用TCP传输协议进行报 文传输的实现过程类似,对于相同之处在此不再赘述,以下仅就不同之处进行说明。The implementation process of packet transmission using RADIUS session and reporting by TCP transmission protocol The implementation process of the text transmission is similar, and the similarities are not described here. The following only explains the differences.
通过RADIUS会话进行报文传输时,可将RADIUS子会话传输的第一报文转换为第二报文,然后通过RADIUS汇聚会话进行传输,例如图7中可将RADIUS1、RADIUS2和RADIUS3中传输的第一报文转换为第二报文后,通过一个RADIUS4进行传输。不同于TCP传输协议,采用RADIUS会话进行报文传输时,LB不用新增汇聚链路,可以通过在已建立的RADIUS会话中修改报文实现。When a packet is transmitted through a RADIUS session, the first packet transmitted by the RADIUS sub-session can be converted into a second packet, and then transmitted through a RADIUS aggregation session. For example, the RADIUS1, RADIUS2, and RADIUS3 can be transmitted in Figure 7. After a message is converted into a second packet, it is transmitted through a RADIUS4. Different from the TCP transmission protocol, when a RADIUS session is used for packet transmission, the LB does not need to add an aggregation link. You can modify the packet in the established RADIUS session.
RDIUS会话中的报文中通过匹配标识符(Identifier),来匹配请求报文和回应报文,而匹配标识符一般是顺序递增的数字,故为了避免汇聚链路中的匹配标识符与各VM子链路中的匹配标识符重复,本发明实施例中可在汇聚链路中为各VM子链路分配新的匹配标识符。In the message in the RDIUS session, the matching identifier (Identifier) is used to match the request message and the response message, and the matching identifier is generally a sequentially increasing number, so in order to avoid the matching identifier and the VM in the aggregation link. The matching identifiers in the sub-links are repeated. In the embodiment of the present invention, each of the VM sub-links may be assigned a new matching identifier in the aggregation link.
图7所示为本发明实施例中通过RADIUS会话进行报文传输的过程示意图。图7中,VNF Pool中的VM1、VM2和VM3分别与LB建立RADIUS子会话。VM1与LB建立的RADIUS子会话为RADIUS1,RADIUS1用于传输来自VM1的第一报文。VM2与LB建立的RADIUS子会话为RADIUS2,RADIUS2用于传输来自VM2的第一报文。VM3与LB建立的RADIUS子会话为RADIUS3,RADIUS3用于传输来自VM3的第一报文。RADIUS1、RADIUS2和RADIUS3会分别为其所传输的第一报文分配第一报文的匹配标识符。FIG. 7 is a schematic diagram of a process of transmitting a message through a RADIUS session according to an embodiment of the present invention. In Figure 7, VM1, VM2, and VM3 in the VNF Pool establish a RADIUS subsession with the LB, respectively. The RADIUS sub-session established by VM1 and LB is RADIUS1, and RADIUS1 is used to transmit the first packet from VM1. The RADIUS sub-session established by VM2 and LB is RADIUS2, and RADIUS2 is used to transmit the first packet from VM2. The RADIUS sub-session established by VM3 and LB is RADIUS3, and RADIUS3 is used to transmit the first packet from VM3. RADIUS1, RADIUS2, and RADIUS3 assign the matching identifier of the first packet to the first packet they transmit.
本发明实施例中仍以VM1、VM2和VM3发送的第一报文中包括有IP五元组为例进行说明,则第一报文中包括的IP五元组、匹配标识符以及RADIUS子会话之间的对应关系如表6所示。In the embodiment of the present invention, the first packet sent by VM1, VM2, and VM3 includes an IP quintuple as an example, and the IP quintuple, the matching identifier, and the RADIUS subsession included in the first packet are used as an example. The correspondence between them is shown in Table 6.
表6Table 6
Figure PCTCN2016111933-appb-000006
Figure PCTCN2016111933-appb-000006
Figure PCTCN2016111933-appb-000007
Figure PCTCN2016111933-appb-000007
所述LB使用RADIUS4传输的第二报文的IP五元组替换RADIUS1、The LB replaces RADIUS1 with the IP quintuple of the second packet transmitted by RADIUS4.
RADIUS2和RADIUS3传输的第一报文的IP五元组,使用RADIUS4为分配的第二报文的匹配标识符替换第一报文的匹配标识符,可得到第二报文,第二报文的IP五元组、匹配标识符以及RADIUS子会话之间的对应关系如表7所示:The IP quintuple of the first packet transmitted by RADIUS2 and RADIUS3 uses RADIUS4 to replace the matching identifier of the first packet with the matching identifier of the second packet. The second packet is obtained. The correspondence between IP quintuple, matching identifier, and RADIUS subsession is shown in Table 7:
表7Table 7
Figure PCTCN2016111933-appb-000008
Figure PCTCN2016111933-appb-000008
LB按照第二报文的IP五元组以及匹配标识符,通过LB与服务器之间建立的RADIUS汇聚会话发送所述第二报文。The LB sends the second packet through a RADIUS aggregation session established between the LB and the server according to the IP quintuple of the second packet and the matching identifier.
本发明实施例中LB通过RADIUS汇聚会话向服务器发送第二报文后,还可接收服务器响应所述第二报文的回应报文,并依据所述第二报文的回应报文得到第一报文的回应报文,将所述第一报文的回应报文转发给VM1、VM2和VM3。In the embodiment of the present invention, after the LB sends the second packet to the server through the RADIUS aggregation session, the LB may also receive the response packet of the second packet, and obtain the first response packet according to the second packet. The response packet of the packet forwards the response packet of the first packet to VM1, VM2, and VM3.
本发明实施例中,所述LB可预先创建代理表,所述代理表中保存所述第二报文的匹配标识符、第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话之间的对应关系。所述LB通过RADIUS汇聚会话接收到第二报文的第二回应报文后,由于该第二回应报文中包括第二报文的匹配标识符,故所述LB可以依据所述第二回应报文中包含的第二报文的匹配标识符查找预先创建的代理表,得到RADIUS子会话分配的第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话。所述汇聚代理获得第一报文的第一回应报文,所述第一回应报文的源IP地址为所述汇聚代理的IP地址,所述第一回应报文的 目的IP地址为确定出的RADIUS子会话所连接的VM的IP地址;所述汇聚代理依据得到的第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,向确定出的RADIUS子会话所连接的VM转发所述第一回应报文。In the embodiment of the present invention, the LB may pre-create a proxy table, where the proxy table stores a matching identifier of the second packet, a matching identifier of the first packet, and a RADIUS for transmitting the first packet. The correspondence between sub-sessions. After the LB receives the second response packet of the second packet through the RADIUS convergence session, the LB may be based on the second response because the second response packet includes a matching identifier of the second packet. The matching identifier of the second packet included in the packet searches for the pre-created proxy table, and obtains a matching identifier of the first packet allocated by the RADIUS sub-session and a RADIUS sub-session for transmitting the first packet. The aggregation proxy obtains the first response packet of the first packet, where the source IP address of the first response packet is an IP address of the aggregation proxy, and the first response packet is The destination IP address is the determined IP address of the VM to which the RADIUS sub-session is connected; the aggregation proxy determines the matching identifier according to the obtained first packet and the RADIUS sub-session for transmitting the first packet. The VM connected to the RADIUS sub-session forwards the first response packet.
本发明实施例中第一回应报文可通过确定出的RADIUS子会话传输的第一报文的IP五元组以及匹配标识符,替换第二回应报文的IP五元组以及匹配标识符而得到。In the embodiment of the present invention, the first response packet may be replaced by the IP quintuple of the first packet and the matching identifier of the first packet transmitted by the RADIUS sub-session, and the IP quintuple of the second response packet and the matching identifier are replaced. get.
本发明实施例中第二回应报文中的IP五元组以及匹配标识符的对应关系如下表8所示:The correspondence between the IP quintuple and the matching identifier in the second response packet in the embodiment of the present invention is as follows:
表8Table 8
Figure PCTCN2016111933-appb-000009
Figure PCTCN2016111933-appb-000009
本发明实施例中第一回应报文的IP五元组以及匹配标识符可如下表9所示:The IP quintuple and the matching identifier of the first response message in the embodiment of the present invention may be as shown in Table 9 below:
表9Table 9
Figure PCTCN2016111933-appb-000010
Figure PCTCN2016111933-appb-000010
可以理解的是,RADIUS中的匹配标识符的数量小于256,故在具体实施时,LB可通过队列或缓存机制处理多个VM的RADIUS子会话,若VM的 RADIUS子会话的数目超过256,则可通过释放已完成的RADIUS子会话,或者还可以等待有多余的匹配标识符时再使用。It can be understood that the number of matching identifiers in the RADIUS is less than 256. Therefore, in a specific implementation, the LB can process the RADIUS sub-sessions of multiple VMs through a queue or a caching mechanism, if the VM If the number of RADIUS sub-sessions exceeds 256, it can be used by releasing the completed RADIUS sub-session, or by waiting for an extra matching identifier.
本发明实施例通过上述可能的实现方式,实现了通过LB将VNF Pool中多个VM的RADIUS子会话传输的报文汇聚到RADIUS汇聚会话中进行发送和接收,能够节省服务器侧的RADIUS会话数目,以达到节省服务器内存资源的目的。The foregoing embodiment of the present invention implements the LB to aggregate the packets transmitted by the RADIUS sub-sessions of multiple VMs in the VNF Pool to the RADIUS aggregation session for sending and receiving, which can save the number of RADIUS sessions on the server side. In order to save server memory resources.
基于上述实施例提供的报文传输方法,本发明实施例还提供一种报文传输装置100。图8为本发明实施例提供的报文传输装置100的结构示意图,如图8所示,本发明实施例提供的报文传输装置100包括接收单元101、处理单元102和发送单元103,其中,Based on the message transmission method provided by the foregoing embodiment, the embodiment of the present invention further provides a message transmission apparatus 100. FIG. 8 is a schematic structural diagram of a packet transmission apparatus 100 according to an embodiment of the present invention. As shown in FIG. 8, a packet transmission apparatus 100 according to an embodiment of the present invention includes a receiving unit 101, a processing unit 102, and a sending unit 103, where
所述接收单元101,用于接收来自VNF Pool中至少两个VM中的每个VM的第一报文,所述至少两个VM通过至少两个子链路与所述报文传输装置连接,且所述至少两个VM与所述至少两个子链路一一对应,所述子链路用于传输所述第一报文。The receiving unit 101 is configured to receive a first packet from each of at least two VMs in the VNF Pool, where the at least two VMs are connected to the packet transmission device by using at least two sub-links, and The at least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet.
所述处理单元102,用于根据所述第一报文获得第二报文,所述第二报文包括源互联网协议IP地址和目的IP地址,所述第二报文的源IP地址为所述报文传输装置100的IP地址,所述第二报文的目的IP地址为服务器的IP地址。The processing unit 102 is configured to obtain a second packet according to the first packet, where the second packet includes a source Internet Protocol IP address and a destination IP address, and a source IP address of the second packet is The IP address of the message transmission device 100, and the destination IP address of the second message is the IP address of the server.
所述发送单元103,用于通过所述报文传输装置100与所述服务器之间建立的汇聚链路发送所述处理单元102获得的所述第二报文,其中,所述汇聚链路的数目小于所述子链路的数目。The sending unit 103 is configured to send the second packet obtained by the processing unit 102 by using an aggregation link established between the packet transmission device 100 and the server, where the convergence link is The number is less than the number of the sub-links.
可选的,所述第二报文中还包括源端口和目的端口;其中,所述第二报文的源端口为所述报文传输装置100的端口,所述第二报文的目的端口为所述服务器的端口。Optionally, the second packet further includes a source port and a destination port, where the source port of the second packet is a port of the packet transmission device 100, and a destination port of the second packet The port for the server.
一种可能的实现方式中,所述子链路为子传输控制协议TCP连接,所述汇聚链路为汇聚TCP连接;所述第二报文中还包括序列号;其中,所述第二报文的序列号是所述处理单元102依据所述汇聚TCP连接分配的序列号。 In a possible implementation, the sub-link is a sub-transmission control protocol TCP connection, the aggregation link is a converged TCP connection, and the second packet further includes a sequence number; wherein the second report The serial number of the text is the serial number assigned by the processing unit 102 according to the aggregate TCP connection.
可选的,所述接收单元101,还用于:在所述发送单元103通过所述报文传输装置100与所述服务器之间建立的汇聚TCP连接发送所述处理单元102获得的所述第二报文之后,通过所述汇聚TCP连接接收所述服务器响应所述第二报文的第二回应报文,所述第二回应报文中包括确认序列号,所述确认序列号为所述第二报文的序列号和所述第二报文的数据长度之和。Optionally, the receiving unit 101 is further configured to: send, by the sending unit 103, the first obtained by the processing unit 102 by using a convergence TCP connection established between the packet transmission device 100 and the server. Receiving, by the convergence TCP connection, the second response message that is sent by the server to the second packet by using the convergence TCP connection, where the second response packet includes a confirmation sequence number, where the confirmation sequence number is The sum of the sequence number of the second message and the data length of the second message.
所述处理单元102,还用于:依据所述第二回应报文中包括的确认序列号查找预先保存的关系列表,确定所述第二报文的序列号和所述第二报文的数据长度,依据所述确定出的所述第二报文的序列号和所述第二报文的数据长度,在所述关系列表中确定出传输第一报文的子TCP连接,所述预先保存的关系列表中包括所述第二报文的序列号、所述第二报文的数据长度以及传输所述第一报文的子TCP连接之间的对应关系。根据所述第二回应报文获得所述第一报文的第一回应报文,所述第一回应报文的源IP地址为所述报文传输装置100的IP地址,所述第一回应报文的目的IP地址为确定出的子TCP连接所连接的VM的IP地址,所述第一回应报文中包括第一报文的确认序列号,所述第一报文的确认序列号为所述第一报文的序列号和所述第一报文的数据长度之和。The processing unit 102 is further configured to: search for a pre-saved relationship list according to the confirmation sequence number included in the second response message, and determine a sequence number of the second packet and data of the second packet. a length, according to the determined sequence number of the second packet and the data length of the second packet, determining, in the relationship list, a sub-TCP connection for transmitting the first packet, where the pre-save is performed The relationship list includes a sequence number of the second packet, a data length of the second packet, and a correspondence between sub-TCP connections for transmitting the first packet. Obtaining a first response packet of the first packet according to the second response packet, where a source IP address of the first response packet is an IP address of the packet transmission apparatus 100, and the first response The destination IP address of the packet is the IP address of the VM connected to the determined sub-TCP connection, and the first response packet includes the confirmation sequence number of the first packet, and the confirmation sequence number of the first packet is The sum of the sequence number of the first message and the data length of the first message.
所述发送单元103,还用于:通过所述处理单元102所述确定出的子TCP连接,向所述确定出的子TCP连接所连接的VM转发所述第一回应报文。The sending unit 103 is further configured to: forward, by using the determined sub-TCP connection by the processing unit 102, the first response packet to the VM connected to the determined sub-TCP connection.
可选的,所述汇聚链路是所述处理单元102在所述接收单元101接收到所述VNF Pool中首个VM子链路的报文时新建的TCP链路。Optionally, the aggregation link is a newly established TCP link when the processing unit 102 receives the packet of the first VM sub-link in the VNF Pool.
另一种可能的实现方式中,所述子链路为远程用户拨号认证系统RADIUS子会话,所述汇聚链路为RADIUS汇聚会话;所述第二报文中还包括匹配标识符;其中,所述第二报文的匹配标识符是所述处理单元102依据所述RADIUS汇聚会话分配的匹配标识符。In another possible implementation manner, the sub-link is a remote user dial-up authentication system RADIUS sub-session, the aggregation link is a RADIUS convergence session, and the second packet further includes a matching identifier; The matching identifier of the second packet is a matching identifier allocated by the processing unit 102 according to the RADIUS convergence session.
另一种可能的实现方式中,在所述发送单元103通过所述报文传输装置100与所述服务器之间建立的RADIUS汇聚会话发送所述处理单元102获得的所述第二报文之后,通过所述RADIUS汇聚会话,接收所述服务器响应所述第 二报文的第二回应报文,所述第二回应报文中包含有第二报文的匹配标识符。In another possible implementation manner, after the sending unit 103 sends the second packet obtained by the processing unit 102 by using a RADIUS convergence session established between the packet transmission device 100 and the server, Receiving, by the RADIUS aggregation session, the server response to the first And a second response message of the second message, where the second response message includes a matching identifier of the second message.
所述处理单元102,还用于:依据所述第二回应报文中包含的第二报文的匹配标识符查找预先创建的代理表,确定RADIUS子会话分配的第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,所述代理表中保存所述第二报文的匹配标识符、所述第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话之间的对应关系。根据所述第二回应报文获得第一报文的第一回应报文,所述第一回应报文的源IP地址为所述报文传输装置100的IP地址,所述第一回应报文的目的IP地址为确定出的RADIUS子会话所连接的VM的IP地址;The processing unit 102 is further configured to: search a pre-created proxy table according to a matching identifier of the second packet included in the second response packet, and determine a matching identifier of the first packet allocated by the RADIUS sub-session. And a RADIUS sub-session for transmitting the first packet, where the proxy table stores a matching identifier of the second packet, a matching identifier of the first packet, and a RADIUS that transmits the first packet. The correspondence between sub-sessions. Obtaining a first response packet of the first packet according to the second response packet, where a source IP address of the first response packet is an IP address of the packet transmission device 100, and the first response packet The destination IP address is the IP address of the VM to which the determined RADIUS subsession is connected;
所述发送单元103,还用于:依据所述确定出的所述第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,向所述确定出的RADIUS子会话所连接的VM转发所述第一回应报文。The sending unit 103 is further configured to: connect to the determined RADIUS sub-session according to the determined matching identifier of the first packet and a RADIUS sub-session that transmits the first packet The VM forwards the first response message.
可选的,所述RADIUS汇聚会话为所述报文传输装置100与服务器之间已建立的RADIUS会话。Optionally, the RADIUS convergence session is an established RADIUS session between the packet transmission device 100 and the server.
可选的,所述汇聚链路的数量为所述处理单元102依据所述子链路的数量进行建立的。Optionally, the number of the aggregation links is established by the processing unit 102 according to the number of the sub-links.
可选的,所述报文传输装置100为内置或外置于所述VNF Pool中的负载分担LB。Optionally, the message transmission device 100 is a load sharing LB built in or external to the VNF Pool.
可选的,所述处理单元102,还用于:在确认所述各VM子链路被释放的情况下,释放所述汇聚链路。Optionally, the processing unit 102 is further configured to: when the acknowledgment that the VM sub-links are released, release the aggregation link.
本发明实施例中,报文传输装置100将接收到的来自VNF Pool中通过多个子链路传输的报文汇聚到汇聚链路中进行传输,使得VNF Pool对外呈现汇聚链路,汇聚链路数量少于子链路的数量,服务器将整个VNF Pool作为整体,服务器并不感知VNF Pool下存在多个VM,实现将一个VNF Pool中不同VM真正虚拟成一个Pool,节省服务器下的通信链路数目,以达到节省资源的目的。In the embodiment of the present invention, the message transmission device 100 aggregates the received packets from the VNF Pool that are transmitted through the multiple sub-links to the aggregation link, so that the VNF Pool presents the aggregation link and the number of the aggregation links. The number of sub-links is less than the number of sub-links. The server treats the entire VNF pool as a whole. The server does not know that there are multiple VMs in the VNF Pool. The virtual VMs in a VNF Pool can be virtualized into one pool, saving the number of communication links under the server. To achieve the purpose of saving resources.
在具体实施时,本发明实施例上述报文传输装置100可以为汇聚代理,图 9所示为本发明实施例提供的汇聚代理200的结构示意图,如图9所述汇聚代理200采用通用计算机系统结构,包括总线,处理器201,存储器202和通信接口203,执行本发明方案的程序代码保存在存储器202中,并由处理器201来控制执行。In a specific implementation, the foregoing message transmission apparatus 100 of the embodiment of the present invention may be a convergence agent. 9 is a schematic structural diagram of a convergence proxy 200 according to an embodiment of the present invention. As shown in FIG. 9, the convergence proxy 200 adopts a general computer system structure, including a bus, a processor 201, a memory 202, and a communication interface 203, to implement the solution of the present invention. The program code is stored in memory 202 and is controlled by processor 201 for execution.
总线可包括一通路,在计算机各个部件之间传送信息。The bus can include a path to transfer information between various components of the computer.
处理器201可以是一个通用中央处理器(CPU),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),或一个或多个用于控制本发明方案程序执行的集成电路。计算机系统中包括的一个或多个存储器,可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是磁盘存储器。这些存储器通过总线与处理器相连接。The processor 201 can be a general purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present invention. One or more memories included in the computer system, which may be read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM) Or other types of dynamic storage devices that can store information and instructions, or disk storage. These memories are connected to the processor via a bus.
通信接口203,可以使用任何收发器一类的装置,以便与其他设备或通信网络通信,如以太网,无线接入网(RAN),无线局域网(WLAN)等。The communication interface 203 can use devices such as any transceiver to communicate with other devices or communication networks, such as Ethernet, Radio Access Network (RAN), Wireless Local Area Network (WLAN), and the like.
存储器202,如RAM,保存有操作系统和执行本发明方案的程序。操作系统是用于控制其他程序运行,管理系统资源的程序。A memory 202, such as a RAM, holds an operating system and a program for executing the inventive arrangements. The operating system is a program that controls the running of other programs and manages system resources.
存储器202中存储的程序用于指令处理器201执行本发明上述实施例涉及的报文传输方法,包括:接收来自VNF Pool中至少两个VM中的每个VM的第一报文,所述至少两个VM通过至少两个子链路与所述汇聚代理连接,且所述至少两个VM与所述至少两个子链路一一对应,所述子链路用于传输所述第一报文;根据所述第一报文获得第二报文,所述第二报文包括源互联网协议IP地址和目的IP地址,所述第二报文的源IP地址为所述汇聚代理的IP地址,所述第二报文的目的IP地址为服务器的IP地址;通过其与所述服务器之间建立的汇聚链路发送所述第二报文,其中,所述汇聚链路的数目小于所述子链路的数目,达到节省服务器内存资源的目的。The program stored in the memory 202 is used by the instruction processor 201 to perform the message transmission method according to the foregoing embodiment of the present invention, comprising: receiving a first message from each of at least two VMs in the VNF Pool, the at least Two VMs are connected to the aggregation proxy through at least two sub-links, and the at least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet; Obtaining a second packet according to the first packet, where the second packet includes a source Internet protocol IP address and a destination IP address, and a source IP address of the second packet is an IP address of the aggregation proxy. The destination IP address of the second packet is the IP address of the server; the second packet is sent by the aggregation link established between the server and the server, where the number of the aggregation links is smaller than the sub-chain The number of roads achieves the goal of saving server memory resources.
可以理解的是,本实施例的汇聚代理200可用于实现上述方法实施例中涉 及的所有功能,其具体实现过程可以参照上述方法实施例的相关描述,此处不再赘述。It can be understood that the convergence agent 200 of this embodiment can be used to implement the foregoing method embodiments. For the specific implementation process, reference may be made to the related description of the foregoing method embodiments, and details are not described herein again.
本发明实施例还提供了一种计算机存储介质,用于储存上述图8或图9所述的报文传输装置所用的计算机软件指令,其包含用于执行上述方法实施例所涉及的程序。通过执行存储的程序,可以实现将接收到的VNF Pool中各VM子链路中的报文汇聚到一个汇聚链路中进行传输。The embodiment of the present invention further provides a computer storage medium for storing the computer software instructions used in the message transmission apparatus described in FIG. 8 or FIG. 9, which includes a program for executing the foregoing method embodiments. By executing the stored procedure, the packets in the VM sub-links in the received VNF Pool are aggregated into one aggregation link for transmission.
需要说明的是,本发明实施例中,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。It should be noted that, in the embodiment of the present invention, “a plurality” means two or more. "and/or", describing the association relationship of the associated objects, indicating that there may be three relationships, for example, A and/or B, which may indicate that there are three cases where A exists separately, A and B exist at the same time, and B exists separately. The character "/" generally indicates that the contextual object is an "or" relationship.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (22)

  1. 一种报文传输方法,其特征在于,包括:A message transmission method, comprising:
    汇聚代理接收来自虚拟网络功能池VNF Pool中至少两个虚拟机VM中的每个VM的第一报文,所述至少两个VM通过至少两个子链路与所述汇聚代理连接,且所述至少两个VM与所述至少两个子链路一一对应,所述子链路用于传输所述第一报文;The aggregation agent receives a first message from each of the at least two virtual machine VMs in the virtual network function pool VNF Pool, the at least two VMs being connected to the aggregation agent through at least two sub-links, and the At least two VMs are in one-to-one correspondence with the at least two sub-links, and the sub-links are used to transmit the first packet;
    所述汇聚代理根据所述第一报文获得第二报文,所述第二报文包括源互联网协议IP地址和目的IP地址,所述第二报文的源IP地址为所述汇聚代理的IP地址,所述第二报文的目的IP地址为服务器的IP地址;The aggregation agent obtains a second packet according to the first packet, where the second packet includes a source Internet protocol IP address and a destination IP address, and a source IP address of the second packet is the aggregation proxy. An IP address, where the destination IP address of the second packet is an IP address of the server;
    所述汇聚代理通过其与所述服务器之间建立的汇聚链路发送所述第二报文,其中,所述汇聚链路的数目小于所述子链路的数目。The aggregation agent sends the second packet by using an aggregation link established between the aggregation agent and the server, where the number of the aggregation links is smaller than the number of the sub-links.
  2. 如权利要求1所述的方法,其特征在于,所述第二报文中还包括源端口和目的端口;The method according to claim 1, wherein the second packet further includes a source port and a destination port;
    其中,所述第二报文的源端口为所述汇聚代理的端口,所述第二报文的目的端口为所述服务器的端口。The source port of the second packet is a port of the aggregation proxy, and the destination port of the second packet is a port of the server.
  3. 如权利要求1或2所述的方法,其特征在于,所述子链路为子传输控制协议TCP连接,所述汇聚链路为汇聚TCP连接;The method according to claim 1 or 2, wherein the sub-link is a sub-transmission control protocol TCP connection, and the aggregation link is a converged TCP connection;
    所述第二报文中还包括序列号;The second message further includes a serial number;
    其中,所述第二报文的序列号是所述汇聚代理依据所述汇聚TCP连接分配的序列号。The sequence number of the second packet is a sequence number allocated by the aggregation proxy according to the convergence TCP connection.
  4. 如权利要求3所述的方法,其特征在于,所述汇聚代理通过其与所述服务器之间建立的汇聚TCP连接发送所述第二报文之后,所述方法还包括:The method of claim 3, wherein the method further comprises: after the second agent sends the second message through the aggregated TCP connection established between the server and the server, the method further comprising:
    所述汇聚代理通过所述汇聚TCP连接,接收所述服务器响应所述第二报文的第二回应报文,所述第二回应报文中包括第二报文的确认序列号,所述第二报文的确认序列号为所述第二报文的序列号和所述第二报文的数据长度之和; The aggregation proxy receives the second response packet of the second packet in response to the second TCP packet, and the second response packet includes a confirmation sequence number of the second packet. The confirmation sequence number of the second message is the sum of the sequence number of the second message and the data length of the second message;
    所述汇聚代理依据所述第二回应报文中包括的第二报文的确认序列号查找预先保存的关系列表,确定所述第二报文的序列号和所述第二报文的数据长度,所述预先保存的关系列表中包括所述第二报文的序列号、所述第二报文的数据长度以及传输所述第一报文的子TCP连接之间的对应关系;The aggregation agent searches the pre-stored relationship list according to the confirmation sequence number of the second packet included in the second response packet, and determines the sequence number of the second packet and the data length of the second packet. The pre-stored relationship list includes a sequence number of the second packet, a data length of the second packet, and a correspondence between sub-TCP connections for transmitting the first packet.
    所述汇聚代理依据所述确定出的所述第二报文的序列号和所述第二报文的数据长度,在所述关系列表中确定出传输所述第一报文的子TCP连接;The aggregation agent determines, according to the determined sequence number of the second packet and the data length of the second packet, a sub-TCP connection for transmitting the first packet in the relationship list;
    所述汇聚代理根据所述第二回应报文获得所述第一报文的第一回应报文,所述第一回应报文的源IP地址为所述汇聚代理的IP地址,所述第一回应报文的目的IP地址为所述确定出的子TCP连接所连接的VM的IP地址,所述第一回应报文中包括第一报文的确认序列号,所述第一报文的确认序列号为所述第一报文的序列号和所述第一报文的数据长度之和;The aggregation proxy obtains the first response packet of the first packet according to the second response packet, where the source IP address of the first response packet is an IP address of the aggregation proxy, and the first The destination IP address of the response packet is the IP address of the VM connected to the determined sub-TCP connection, and the first response packet includes an acknowledgement sequence number of the first packet, and the acknowledgement of the first packet The serial number is a sum of a sequence number of the first packet and a data length of the first packet;
    所述汇聚代理通过所述确定出的子TCP连接,向所述确定出的子TCP连接所连接的VM转发所述第一回应报文。The aggregation proxy forwards the first response packet to the VM connected to the determined sub-TCP connection by using the determined sub-TCP connection.
  5. 如权利要求3或4所述的方法,其特征在于,所述汇聚TCP连接是所述汇聚代理接收到所述VNF Pool中首个子TCP连接传输的第一报文时新建的TCP连接。The method according to claim 3 or 4, wherein the converged TCP connection is a newly established TCP connection when the aggregation agent receives the first packet transmitted by the first sub-TCP connection in the VNF Pool.
  6. 如权利要求1或2所述的方法,其特征在于,所述子链路为远程用户拨号认证系统RADIUS子会话,所述汇聚链路为RADIUS汇聚会话;The method according to claim 1 or 2, wherein the sub-link is a remote user dial-up authentication system RADIUS sub-session, and the aggregation link is a RADIUS convergence session;
    所述第二报文中还包括匹配标识符;The second message further includes a matching identifier;
    其中,所述第二报文的匹配标识符是所述汇聚代理依据所述RADIUS汇聚会话分配的匹配标识符。The matching identifier of the second packet is a matching identifier allocated by the aggregation proxy according to the RADIUS convergence session.
  7. 如权利要求6所述的方法,其特征在于,所述汇聚代理通过其与所述服务器之间建立的RADIUS汇聚会话发送所述第二报文之后,所述方法还包括:The method of claim 6, wherein the method further comprises: after the convening agent sends the second packet through a RADIUS aggregation session established between the server and the server, the method further comprising:
    所述汇聚代理通过所述RADIUS汇聚会话,接收所述服务器响应所述第二报文的第二回应报文,所述第二回应报文中包含有第二报文的匹配标识符;The aggregation proxy receives, by the RADIUS aggregation session, a second response packet that is sent by the server to the second packet, where the second response packet includes a matching identifier of the second packet.
    所述汇聚代理依据所述第二回应报文中包含的第二报文的匹配标识符查 找预先创建的代理表,确定RADIUS子会话分配的所述第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,所述代理表中保存所述第二报文的匹配标识符、所述第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话之间的对应关系;The aggregation agent checks the matching identifier of the second packet included in the second response packet. Finding a pre-created proxy table, determining a matching identifier of the first packet allocated by the RADIUS sub-session, and a RADIUS sub-session transmitting the first packet, where the proxy table saves the matching of the second packet An identifier, a matching identifier of the first packet, and a correspondence between RADIUS sub-sessions transmitting the first packet;
    所述汇聚代理根据所述第二回应报文获得所述第一报文的第一回应报文,所述第一回应报文的源IP地址为所述汇聚代理的IP地址,所述第一回应报文的目的IP地址为所述确定出的RADIUS子会话所连接的VM的IP地址;The aggregation proxy obtains the first response packet of the first packet according to the second response packet, where the source IP address of the first response packet is an IP address of the aggregation proxy, and the first The destination IP address of the response packet is the IP address of the VM to which the determined RADIUS subsession is connected;
    所述汇聚代理依据所述确定出的第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,向所述确定出的RADIUS子会话所连接的VM转发所述第一回应报文。The aggregation agent forwards the first response to the VM connected to the determined RADIUS sub-session according to the determined matching identifier of the first packet and the RADIUS sub-session transmitting the first packet. Message.
  8. 如权利要求6或7所述的方法,其特征在于,所述RADIUS汇聚会话为所述汇聚代理与服务器之间已建立的RADIUS会话。The method according to claim 6 or 7, wherein the RADIUS aggregation session is an established RADIUS session between the aggregation proxy and the server.
  9. 如权利要求1至8任一项所述的方法,其特征在于,所述汇聚链路的数量为依据所述子链路的数量进行建立的。The method according to any one of claims 1 to 8, wherein the number of the aggregation links is established according to the number of the sub-links.
  10. 如权利要求1至9任一项所述的方法,其特征在于,所述汇聚代理为内置或外置于所述VNF Pool中的负载分担LB。The method according to any one of claims 1 to 9, wherein the aggregation agent is a load sharing LB built in or external to the VNF Pool.
  11. 如权利要求1至10任一项所述的方法,其特征在于,所述方法还包括:The method of any of claims 1 to 10, further comprising:
    所述汇聚代理在确认所述各子链路被释放的情况下,释放所述汇聚链路。The aggregation agent releases the aggregation link in case the acknowledgment that the sub-links are released.
  12. 一种报文传输装置,其特征在于,包括:A message transmission device, comprising:
    接收单元,用于接收来自虚拟网络功能池VNF Pool中至少两个虚拟机VM中的每个VM的第一报文,所述至少两个VM通过至少两个子链路与所述报文传输装置连接,且所述至少两个VM与所述至少两个子链路一一对应,所述子链路用于传输所述第一报文;a receiving unit, configured to receive a first packet from each of at least two virtual machine VMs in a virtual network function pool VNF Pool, the at least two VMs passing through at least two sub-links and the message transmission device Connecting, and the at least two VMs are in one-to-one correspondence with the at least two sub-links, where the sub-link is used to transmit the first packet;
    处理单元,用于根据所述第一报文获得第二报文,所述第二报文包括源互联网协议IP地址和目的IP地址,所述第二报文的源IP地址为所述报文传输装置的IP地址,所述第二报文的目的IP地址为服务器的IP地址; a processing unit, configured to obtain a second packet according to the first packet, where the second packet includes a source Internet Protocol IP address and a destination IP address, and a source IP address of the second packet is the packet The IP address of the transmission device, and the destination IP address of the second packet is an IP address of the server;
    发送单元,用于通过所述报文传输装置与所述服务器之间建立的汇聚链路发送所述处理单元获得的所述第二报文,其中,所述汇聚链路的数目小于所述子链路的数目。a sending unit, configured to send the second packet obtained by the processing unit by using an aggregation link established between the packet transmission device and the server, where the number of the aggregation links is smaller than the sub- The number of links.
  13. 如权利要求12所述的装置,其特征在于,所述第二报文中还包括源端口和目的端口;The device according to claim 12, wherein the second packet further includes a source port and a destination port;
    其中,所述第二报文的源端口为所述报文传输装置的端口,所述第二报文的目的端口为所述服务器的端口。The source port of the second packet is a port of the packet transmission device, and the destination port of the second packet is a port of the server.
  14. 如权利要求12或13所述的装置,其特征在于,所述子链路为子传输控制协议TCP连接,所述汇聚链路为汇聚TCP连接;The device according to claim 12 or 13, wherein the sub-link is a sub-transmission control protocol TCP connection, and the aggregation link is a converged TCP connection;
    所述第二报文中还包括序列号;The second message further includes a serial number;
    其中,所述第二报文的序列号是所述处理单元依据所述汇聚TCP连接分配的序列号。The sequence number of the second packet is a sequence number allocated by the processing unit according to the convergence TCP connection.
  15. 如权利要求14所述的装置,其特征在于,所述接收单元,还用于:The device according to claim 14, wherein the receiving unit is further configured to:
    在所述发送单元通过所述报文传输装置与所述服务器之间建立的汇聚TCP连接发送所述处理单元获得的所述第二报文之后,通过所述汇聚TCP连接接收所述服务器响应所述第二报文的第二回应报文,所述第二回应报文中包括第二报文的确认序列号,所述第二报文的确认序列号为所述第二报文的序列号和所述第二报文的数据长度之和;After the sending unit sends the second packet obtained by the processing unit by using the convergence TCP connection established between the packet transmission device and the server, receiving the server response by using the convergence TCP connection. a second response packet of the second packet, where the second response packet includes an acknowledgement sequence number of the second packet, and the acknowledgement sequence number of the second packet is a sequence number of the second packet And a sum of data lengths of the second message;
    所述处理单元,还用于:The processing unit is further configured to:
    依据所述第二回应报文中包括的第二报文的确认序列号查找预先保存的关系列表,确定所述第二报文的序列号和所述第二报文的数据长度,依据所述确定出的所述第二报文的序列号和所述第二报文的数据长度,在所述关系列表中确定出传输所述第一报文的子TCP连接,所述预先保存的关系列表中包括所述第二报文的序列号、所述第二报文的数据长度以及传输所述第一报文的子TCP连接之间的对应关系;Determining, according to the confirmation sequence number of the second packet included in the second response packet, a pre-stored relationship list, determining a sequence number of the second packet and a data length of the second packet, according to the Determining a sequence number of the second packet and a data length of the second packet, determining, in the relationship list, a sub-TCP connection for transmitting the first packet, the pre-saved relationship list And including a sequence number of the second packet, a data length of the second packet, and a correspondence between sub-TCP connections for transmitting the first packet;
    根据所述第二回应报文获得所述第一报文的第一回应报文,所述第一回 应报文的源IP地址为所述报文传输装置的IP地址,所述第一回应报文的目的IP地址为所述确定出的子TCP连接所连接的VM的IP地址,所述第一回应报文中包括第一报文的确认序列号,所述第一报文的确认序列号为所述第一报文的序列号和所述第一报文的数据长度之和;Obtaining a first response packet of the first packet according to the second response packet, where the first The source IP address of the packet is the IP address of the packet transmission device, and the destination IP address of the first response packet is the IP address of the VM to which the determined sub-TCP connection is connected, the first The response packet includes an acknowledgement sequence number of the first packet, where the acknowledgement sequence number of the first packet is a sum of a sequence number of the first packet and a data length of the first packet;
    所述发送单元,还用于:The sending unit is further configured to:
    通过所述处理单元确定出的子TCP连接,向所述确定出的子TCP连接所连接的VM转发所述第一回应报文。And the first response packet is forwarded to the VM connected to the determined sub-TCP connection by using the sub-TCP connection determined by the processing unit.
  16. 如权利要求14或15所述的装置,其特征在于,所述汇聚链路是所述处理单元在所述接收单元接收到所述VNF Pool中首个VM子链路的报文时新建的TCP链路。The device according to claim 14 or 15, wherein the aggregation link is a newly created TCP when the processing unit receives the message of the first VM sub-link in the VNF Pool by the receiving unit. link.
  17. 如权利要求12或13所述的装置,其特征在于,所述子链路为远程用户拨号认证系统RADIUS子会话,所述汇聚链路为RADIUS汇聚会话;The device according to claim 12 or 13, wherein the sub-link is a remote user dial-up authentication system RADIUS sub-session, and the aggregation link is a RADIUS convergence session;
    所述第二报文中还包括匹配标识符;The second message further includes a matching identifier;
    其中,所述第二报文的匹配标识符是所述处理单元依据所述RADIUS汇聚会话分配的匹配标识符。The matching identifier of the second packet is a matching identifier allocated by the processing unit according to the RADIUS aggregation session.
  18. 如权利要求17所述的装置,其特征在于,所述接收单元,还用于:The device according to claim 17, wherein the receiving unit is further configured to:
    在所述发送单元通过所述报文传输装置与所述服务器之间建立的RADIUS汇聚会话发送所述处理单元获得的所述第二报文之后,通过所述RADIUS汇聚会话,接收所述服务器响应所述第二报文的第二回应报文,所述第二回应报文中包含有第二报文的匹配标识符;After the sending unit sends the second packet obtained by the processing unit by using a RADIUS aggregation session established between the packet transmission device and the server, receiving the server response through the RADIUS convergence session. a second response packet of the second packet, where the second response packet includes a matching identifier of the second packet;
    所述处理单元,还用于:The processing unit is further configured to:
    依据所述第二回应报文中包含的第二报文的匹配标识符查找预先创建的代理表,确定RADIUS子会话分配的所述第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,所述代理表中保存所述第二报文的匹配标识符、所述第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话之间的对应关系; Searching a pre-created proxy table according to the matching identifier of the second packet included in the second response packet, determining a matching identifier of the first packet allocated by the RADIUS sub-session, and transmitting the first packet a RADIUS sub-session, the proxy table storing a matching identifier of the second packet, a matching identifier of the first packet, and a correspondence between RADIUS sub-sessions transmitting the first packet;
    根据所述第二回应报文获得所述第一报文的第一回应报文,所述第一回应报文的源IP地址为所述报文传输装置的IP地址,所述第一回应报文的目的IP地址为所述确定出的RADIUS子会话所连接的VM的IP地址;And obtaining, by using the second response packet, the first response packet of the first packet, where a source IP address of the first response packet is an IP address of the packet transmission device, and the first response packet The destination IP address of the text is the IP address of the VM to which the determined RADIUS subsession is connected;
    所述发送单元,还用于:The sending unit is further configured to:
    依据所述确定出的第一报文的匹配标识符以及传输所述第一报文的RADIUS子会话,向所述确定出的RADIUS子会话所连接的VM转发所述第一回应报文。Determining, according to the determined matching identifier of the first packet and the RADIUS sub-session transmitting the first packet, the first response packet to the VM connected to the determined RADIUS sub-session.
  19. 如权利要求17或18所述的装置,其特征在于,所述RADIUS汇聚会话为所述报文传输装置与服务器之间已建立的RADIUS会话。The device according to claim 17 or 18, wherein the RADIUS aggregation session is an established RADIUS session between the message transmission device and the server.
  20. 如权利要求12至19任一项所述的装置,其特征在于,所述汇聚链路的数量为所述处理单元依据所述子链路的数量进行建立的。The apparatus according to any one of claims 12 to 19, wherein the number of the aggregation links is established by the processing unit according to the number of the sub-links.
  21. 如权利要求12至20任一项所述的装置,其特征在于,所述报文传输装置为内置或外置于所述VNF Pool中的负载分担LB。The device according to any one of claims 12 to 20, wherein the message transmission device is a load sharing LB built in or external to the VNF Pool.
  22. 如权利要求12至21任一项所述的装置,其特征在于,所述处理单元,还用于:The device according to any one of claims 12 to 21, wherein the processing unit is further configured to:
    在确认所述各VM子链路被释放的情况下,释放所述汇聚链路。 The aggregation link is released in the case of confirming that each VM sub-link is released.
PCT/CN2016/111933 2016-03-22 2016-12-24 Packet transmission method and device WO2017161938A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610165510.3A CN105847142B (en) 2016-03-22 2016-03-22 A kind of message transmitting method and device
CN201610165510.3 2016-03-22

Publications (1)

Publication Number Publication Date
WO2017161938A1 true WO2017161938A1 (en) 2017-09-28

Family

ID=56587761

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/111933 WO2017161938A1 (en) 2016-03-22 2016-12-24 Packet transmission method and device

Country Status (2)

Country Link
CN (1) CN105847142B (en)
WO (1) WO2017161938A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019149287A1 (en) * 2018-02-02 2019-08-08 中兴通讯股份有限公司 Method and apparatus for detecting link packet loss, storage medium, and processor
CN112165447A (en) * 2020-08-21 2021-01-01 杭州安恒信息技术股份有限公司 WAF equipment-based network security monitoring method, system and electronic device

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105847142B (en) * 2016-03-22 2019-03-01 华为技术有限公司 A kind of message transmitting method and device
CN107733801B (en) * 2016-08-11 2021-01-29 华为技术有限公司 Method and equipment for receiving and sending message
CN107864101A (en) * 2017-12-26 2018-03-30 杭州迪普科技股份有限公司 Load-balancing method and device
CN112667359B (en) * 2020-12-30 2024-01-30 深圳市科思科技股份有限公司 Data transparent transmission method, electronic equipment and storage medium
CN113852445B (en) * 2021-08-27 2023-06-16 山东云海国创云计算装备产业创新中心有限公司 Method, system, equipment and storage medium for improving data transmission reliability

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030140124A1 (en) * 2001-03-07 2003-07-24 Alacritech, Inc. TCP offload device that load balances and fails-over between aggregated ports having different MAC addresses
CN101848199A (en) * 2009-03-26 2010-09-29 华为技术有限公司 Method for implementing layering virtual link, system and transmission equipment thereof
CN103023827A (en) * 2012-11-23 2013-04-03 杭州华三通信技术有限公司 Data forwarding method for virtualized data centre and realization equipment of data forwarding method
WO2015094043A1 (en) * 2013-12-18 2015-06-25 Telefonaktiebolaget L M Ericsson (Publ) Multipath tcp subflow establishing on single ip connection
CN104852988A (en) * 2015-05-29 2015-08-19 杭州华三通信技术有限公司 A message forwarding method and device
CN105847142A (en) * 2016-03-22 2016-08-10 华为技术有限公司 Message transmission method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10664297B2 (en) * 2014-02-24 2020-05-26 Hewlett Packard Enterprise Development Lp Activating pre-created VNFCs when a monitored performance level of a VNF exceeds a maximum value attainable by the combined VNFCs that form a VNF
CN104734931B (en) * 2015-03-31 2018-06-05 华为技术有限公司 Link establishing method and device between a kind of virtual network function
CN105119736B (en) * 2015-07-15 2019-01-18 华为技术有限公司 The method and apparatus of data inspection in network function virtualization architecture

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030140124A1 (en) * 2001-03-07 2003-07-24 Alacritech, Inc. TCP offload device that load balances and fails-over between aggregated ports having different MAC addresses
CN101848199A (en) * 2009-03-26 2010-09-29 华为技术有限公司 Method for implementing layering virtual link, system and transmission equipment thereof
CN103023827A (en) * 2012-11-23 2013-04-03 杭州华三通信技术有限公司 Data forwarding method for virtualized data centre and realization equipment of data forwarding method
WO2015094043A1 (en) * 2013-12-18 2015-06-25 Telefonaktiebolaget L M Ericsson (Publ) Multipath tcp subflow establishing on single ip connection
CN104852988A (en) * 2015-05-29 2015-08-19 杭州华三通信技术有限公司 A message forwarding method and device
CN105847142A (en) * 2016-03-22 2016-08-10 华为技术有限公司 Message transmission method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
N.ZONG ET AL.: "Virtualized Network Function (VNF) Pool Problem Statement", IETF NETWORK WORK GROUP INTERNET DRAFT, vol. 1, 1 July 2014 (2014-07-01) *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019149287A1 (en) * 2018-02-02 2019-08-08 中兴通讯股份有限公司 Method and apparatus for detecting link packet loss, storage medium, and processor
CN112165447A (en) * 2020-08-21 2021-01-01 杭州安恒信息技术股份有限公司 WAF equipment-based network security monitoring method, system and electronic device
CN112165447B (en) * 2020-08-21 2023-12-19 杭州安恒信息技术股份有限公司 WAF equipment-based network security monitoring method, system and electronic device

Also Published As

Publication number Publication date
CN105847142A (en) 2016-08-10
CN105847142B (en) 2019-03-01

Similar Documents

Publication Publication Date Title
WO2017161938A1 (en) Packet transmission method and device
JP7281531B2 (en) Multi-cloud connectivity using SRv6 and BGP
US11218537B2 (en) Load balancing in distributed computing systems
US11122116B2 (en) Load balancing system, method, and apparatus
US10582022B2 (en) Adaptive session reliability over multiple transports
WO2016155300A1 (en) Remote control system and remote control method for wireless terminal device
WO2017137008A1 (en) Virtual network apparatus, and related method
US20070297334A1 (en) Method and system for network protocol offloading
US20140297872A1 (en) Virtual machine and application movement over a wide area network
US20060045098A1 (en) System for port mapping in a network
US10154004B2 (en) DHCP communications configuration system
EP2788883B1 (en) Tcp connection relocation
US11419171B2 (en) Method for establishing subflow of multipath connection, apparatus, and system
CN112631788B (en) Data transmission method and data transmission server
US7275106B1 (en) Sustaining TCP connections
WO2013121487A1 (en) Information processing apparatus, information processing method and program
US10298694B1 (en) Flow timeout control within a network
CN112929264B (en) Service flow transmission method, system and network equipment
US11870855B2 (en) Proxyless protocol
US11363653B2 (en) Ad hoc service switch-based control of ad hoc networking
JP6279970B2 (en) Processor, communication apparatus, communication system, communication method, and computer program
WO2023056873A1 (en) Data request method, communication apparatus, and communication system
WO2021134860A1 (en) Load balancing method, device and system
WO2022135207A1 (en) Method, apparatus and system for capability negotiation, and storage medium

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16895282

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16895282

Country of ref document: EP

Kind code of ref document: A1