WO2018227519A1 - System, method and apparatus for implementing network interconnection - Google Patents

System, method and apparatus for implementing network interconnection Download PDF

Info

Publication number
WO2018227519A1
WO2018227519A1 PCT/CN2017/088553 CN2017088553W WO2018227519A1 WO 2018227519 A1 WO2018227519 A1 WO 2018227519A1 CN 2017088553 W CN2017088553 W CN 2017088553W WO 2018227519 A1 WO2018227519 A1 WO 2018227519A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
address
data packet
proxy server
quintuple
Prior art date
Application number
PCT/CN2017/088553
Other languages
French (fr)
Chinese (zh)
Inventor
唐全德
Original Assignee
唐全德
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 唐全德 filed Critical 唐全德
Priority to PCT/CN2017/088553 priority Critical patent/WO2018227519A1/en
Priority to CN201780000451.7A priority patent/CN107278360B/en
Publication of WO2018227519A1 publication Critical patent/WO2018227519A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/106Mapping addresses of different types across networks, e.g. mapping telephone numbers to data network addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a system, method, and apparatus for implementing network interconnection.
  • VPN virtual private networks
  • the dedicated lines mainly include Digital Data Network (DDN) and Synchronous Digital Hierarchy (SDH).
  • DDN Digital Data Network
  • SDH Synchronous Digital Hierarchy
  • the advantages are mainly due to high transmission quality, short delay and high speed.
  • VPN is mainly used to set up communication lines on the public network (Internet, referred to as public network) or on the special line. It does not need to invest a lot of manpower and material resources to install and maintain WAN equipment and remote access equipment, which can save construction costs, so it is widely used in enterprises. .
  • the tunnel mode which mainly encrypts and transmits the data packet by encapsulating a layer of the packet as the tunnel header in the outer layer of the original data packet sent by the sender.
  • the disadvantages of this tunnel mode are mainly as follows: Since the maximum transmission unit (MTU) agreed by the WAN is 1500, if the packet length of the inner layer packet is already the maximum MTU length, then the encapsulation continues and the tunnel header is added. The fragmentation of the data packet may be caused.
  • the receiving end needs to perform packet reassembly, which greatly reduces the transmission performance of the data packet.
  • the manner of encapsulating the original data packet to increase the tunnel header increases the length of the data packet, resulting in lower bandwidth utilization during transmission. Therefore, the use of VPN to achieve data center cross-WAN interconnection has the problems of poor transmission performance and low bandwidth utilization.
  • the embodiments of the present invention provide a system, a method, and a device for implementing network interconnection, which are used to solve the problem of poor transmission performance and low bandwidth utilization in a scheme of data center cross-WAN interconnection in the prior art.
  • the system for implementing the network interconnection includes: a first server and a first proxy server both deployed in the first data center, and a second server and a second proxy server both deployed in the second data center; among them,
  • a first server configured to send a data packet to the second server, where the packet header includes a five-tuple
  • a first proxy server configured to receive a data packet sent by the first server that is forwarded by the route to the second server; modify a source address in the quintuple of the data packet to an address and a destination address of the first proxy server, and modify The address of the second proxy server; sending the modified data packet to the second proxy server;
  • a second proxy server configured to restore the quintuple of the modified data packet to a quintuple before modification; and send the restored data packet to the second server;
  • a second server configured to receive and respond to the restored data packet.
  • a further embodiment of the present application provides a method for implementing network interconnection, including:
  • the route forwarding is sent to the second data center a data packet of the second server, the packet header of the data packet includes a five-tuple;
  • modifying the source address in the quintuple of the data packet to the address of the first proxy server, and modifying the destination address to the address of the second proxy server includes:
  • the destination address in the quintuple of the data packet sent by the first server to the second server is modified to be the source address in the first receiving session information, and the source address is modified to the destination address in the first receiving session information.
  • the first sending session information and the first receiving session information are generated according to the following manner:
  • Generating first receiving session information including an address whose source address is the address of the second proxy server and an address of the first proxy server;
  • the data packet sent by the first server that is firstly received by the route forwarding to the second server is a data packet for requesting to establish a Transmission Control Protocol (TCP) connection
  • the data packet is The method further includes: before the source address in the quintuple is modified to the address of the first proxy server, and the destination address is modified to the address of the second proxy server, the method further includes:
  • a five-tuple of the header of the data packet for requesting establishment of a TCP connection before the modification is stored in the data packet.
  • the method further includes:
  • the method further includes:
  • the source address modification in the quintuple of the UDP protocol-based data packet sent by the first server to the second server is received and cached.
  • the address and destination address of the first proxy server are modified to the address of the second proxy server.
  • a further embodiment of the present application provides a method for implementing network interconnection, including:
  • the quintuple in the data packet modified by the first proxy server is restored to the quintuple before the modification, including:
  • Second receiving session information including an address whose source address is the first proxy server and whose destination address is the address of the second proxy server;
  • the destination address in the quintuple of the modified data packet is modified to the source address in the second sending session information, and the source address is modified to the destination address in the second sending session information.
  • the data packet forwarded by the first proxy server is a data packet for requesting to establish a TCP connection
  • the data packet forwarded by the first proxy server further includes the modification by the first proxy server.
  • the second sending session information and the second receiving session information are generated according to the following manner:
  • Second sending session information including an address whose active address is the second server and an address whose destination address is the first server;
  • Second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
  • the method further includes:
  • a session request data packet for requesting to create a session; wherein the session request data packet includes two types of five-tuples, and the first one is sent to the second server for the first time.
  • the quintuple in the server's data packet the second is the quintuple with the source address being the first proxy server, the destination address being the second proxy server, and the transport layer protocol being the specified transport protocol;
  • the second sending session information and the second receiving session information are generated according to the following manner:
  • the second quintuple generating second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
  • a further embodiment of the present application provides an apparatus for implementing network interconnection, including:
  • a receiving module configured to receive a data packet sent by the first server deployed in the first data center and sent to the second server deployed in the second data center, where the packet header includes a quintuple;
  • a processing module configured to modify a source address in the quintuple of the data packet to an address of the first proxy server, and modify the destination address to an address of the second proxy server;
  • a sending module configured to send the modified data packet to a second proxy server deployed in the second data center.
  • a further embodiment of the present application provides an apparatus for implementing network interconnection, including:
  • a receiving module configured to receive a data packet sent by the first server that is forwarded by the first proxy server to the second server, where the source address in the quintuple of the packet header of the data packet is modified by the first proxy server to The address and destination address of the first proxy server are modified by the first proxy server to the address of the second proxy server;
  • a processing module configured to restore the quintuple in the data packet modified by the first proxy server to the quintuple before modification
  • a sending module configured to send the restored data packet to the second server, so that the second server responds to the restored data packet; wherein the first proxy server and the first server are deployed in the first data center The second server is deployed in the second data center.
  • a further embodiment of the present application provides a computer device, the computer device comprising a processor, the processor is configured to perform the steps of the method for implementing network interconnection in any of the embodiments of the present application when executing the computer program instructions stored in the memory.
  • a further embodiment of the present application provides a computer readable storage medium having stored thereon computer program instructions that, when executed by a processor, implement the steps of any method of implementing network interconnection in an embodiment of the present application.
  • a further embodiment of the present application provides a computer device, the computer device comprising a processor, the processor is configured to perform the steps of the method for implementing network interconnection in any of the embodiments of the present application when executing the computer program instructions stored in the memory.
  • a further embodiment of the present application provides a computer readable storage medium having stored thereon computer program instructions that, when executed by a processor, implement the steps of any method of implementing network interconnection in an embodiment of the present application.
  • a data packet that is communicated between a first server deployed in a first data center and a second server deployed in a second data center can implement cross-data center based on a multi-level proxy manner.
  • the first proxy server deployed in the first data center and the second proxy server deployed in the second data center may modify or restore the header quintuple of the data packet to be forwarded to support the cross data center.
  • Transfer. Compared with the prior art, only the address of the packet quintuple of the data packet is modified in the embodiment of the present application, and the modified data packet does not reach the maximum MTU length.
  • FIG. 1 is a schematic diagram of networking of a system for implementing network interconnection according to Embodiment 1 of the present application;
  • FIG. 2 is a flowchart of a method for implementing network interconnection according to Embodiment 2 of the present application
  • FIG. 3 is a schematic diagram of a scenario for implementing data center cross-region interconnection according to Embodiment 2 of the present application;
  • FIG. 7 is a schematic structural diagram of an apparatus for implementing network interconnection according to Embodiment 3 of the present application.
  • FIG. 8 is a schematic structural diagram of an apparatus for implementing network interconnection according to Embodiment 4 of the present application.
  • FIG. 9 is a schematic structural diagram of a computing device according to Embodiment 5 of the present application.
  • FIG. 10 is a schematic structural diagram of a computing device according to Embodiment 7 of the present application.
  • the present application provides a system, method and device for implementing network interconnection.
  • the technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the drawings in the embodiments of the present application. It is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
  • FIG. 1 is a schematic diagram of networking of a system for implementing network interconnection according to Embodiment 1 of the present application.
  • the system includes a first server and a first proxy server both deployed in the first data center, a second server and a second proxy server both deployed in the second data center.
  • the first server is configured to send a data packet to the second server.
  • the data packet sent by the first server to the second server may be a data packet based on the TCP protocol, or may be a data packet based on the UDP protocol.
  • the TCP protocol is a connection-oriented protocol, so the first server may first send a data packet for requesting to establish a TCP connection to the second server, and after determining that the TCP connection is successfully established, send the carrying to the second server based on the established TCP connection.
  • a data packet having user data information; the UDP protocol is a non-connection-oriented protocol, so the UDP protocol-based data packet sent by the first server to the second server can be directly a data packet carrying user data information.
  • the packet header sent by the first server to the second server includes a five-tuple, where the source IP address is the IP address of the first server, the source port is the port of the first server, and the destination IP address is the first
  • the IP address and destination port of the second server are the ports of the second server, and the transport layer protocol is TCP protocol or UDP protocol.
  • the IP addresses of the first server and the second server are all addresses under the network segment where the corresponding data center is located, that is, the intranet address under the corresponding data center.
  • a first proxy server configured to receive a data packet sent by the first server that is forwarded by the route to the second server; modify the source address in the quintuple of the data packet to be changed to the address and destination address of the first proxy server Second agent service The address of the server and send the modified packet to the second proxy server.
  • the first proxy server may be deployed at the egress gateway of the first data center
  • the second proxy server may be deployed at the egress gateway of the second data center.
  • the address of the first proxy server and the second proxy server modified may be preset by a transmission manner of the data packet between the first proxy server and the second proxy server in an actual application.
  • the first proxy server may send the received data packet to the second proxy server via the public network.
  • the addresses of the first proxy server and the second proxy server correspond to the IP address of the public network.
  • the first proxy server may also send the received data packet to the second proxy server via the leased line.
  • the addresses of the first proxy server and the second proxy server may also correspond to the IP address in the dedicated line.
  • the IP address and port number of the server or the proxy server are collectively referred to as an address. Therefore, the modification and restoration of the address in the present application is actually the modification and restoration of the IP address and the port number.
  • the source address in the quintuple of the data packet is modified to the address of the first proxy server, and the destination address is modified to the address of the second proxy server, that is, the source IP in the quintuple of the data packet.
  • the address is modified to the IP address of the first proxy server, the source port number is modified to the port number of the first proxy server, the destination IP address is modified to the IP address of the second proxy server, and the destination port number is modified to the port number of the second proxy server.
  • a second proxy server after receiving the modified data packet sent by the first proxy server, restoring the modified quintuple of the modified data packet to the quintuple before the modification, and the restored data packet Send to the second server.
  • the second proxy server may restore the quintuple of the modified data packet to obtain a quintuple of the data packet sent by the original first server to the second server, for the first server and the second server,
  • the information in the packet has not changed to achieve the effect of transparent forwarding.
  • a second server configured to receive and respond to the restored data packet.
  • the data packet that is communicated between the first server deployed in the first data center and the second server deployed in the second data center can be transmitted across the data center based on a multi-level proxy.
  • the first proxy server deployed in the first data center and the second proxy server deployed in the second data center may modify or restore the header quintuple of the data packet to be forwarded to support the cross data center. Transfer.
  • only the address of the packet quintuple of the data packet is modified in the embodiment of the present application, and the modified data packet does not reach the maximum MTU length.
  • the first proxy server may modify the packet quintuple of the data packet according to the pre-generated first sending session information and the first receiving session information.
  • the first sending session information is used to identify the session information of the data packet sent by the first server via the first proxy server, that is, the session information indicating the outbound direction of the first data center
  • the first receiving session information is used to identify the first
  • the session information of the data packet received by the server via the first proxy server that is, the session information characterizing the inbound direction for the first data center.
  • the second proxy server may also restore the modified quintuple information according to the pre-generated second sending information and the second receiving session information.
  • the second sending session information is used to identify the session information of the data packet sent by the second server via the second proxy server, that is, the session information indicating the outbound direction of the second data center
  • the second receiving session information is used to identify the The session information of the data packet received by the second server via the second proxy server, that is, the session information characterizing the inbound direction for the second data center.
  • the session information may include a source address and a destination address of the transmitted or received data packet, where the source address includes a source IP address and a source port number, and the destination address includes a destination IP address and a destination port number, of course, the foregoing
  • the session information may further include a transport layer protocol, and the transport layer protocol for the outbound session information is consistent with the transport layer protocol of the quintuple in the original data packet sent by the first server or the second server, and is in the inbound direction.
  • the transport layer protocol in the session information is not necessarily consistent with the transport layer protocol of the quintuple in the original data packet, and may also be the protocol used in the transmission process of the data packet between the proxy servers.
  • the specific implementation manner of the first proxy server modifying the packet header quintuple of the data packet is as follows:
  • the source address included in the first receiving session information is an address and a destination address of the second proxy server Is the address of the first proxy server;
  • the destination address in the quintuple of the data packet sent by the first server to the second server is modified to be the source address in the first receiving session information, and the source address is modified to the destination address in the first receiving session information.
  • the second receiving session information including the address whose source address is the first proxy server and the destination address is the address of the second proxy server;
  • the destination address in the quintuple of the modified data packet is modified to the source address in the second sending session information, and the source address is modified to the destination address in the second sending session information.
  • the first proxy server may not be modified for the transport layer protocol in the quintuple of the data packet.
  • it may be modified according to actual requirements to be able to implement the data packet in the first proxy server and the first
  • the transport layer protocol transmitted between the two proxy servers such as the HTTP protocol, is not limited in this application.
  • the first proxy server modifies the transport layer protocol of the data packet in the process of forwarding the data packet to the second proxy server, the transmission process of the data packet between the first proxy server and the second proxy server
  • the adjustment may be based on the modified protocol, and is not limited to the transmission process described in the following embodiments of the present application.
  • the second proxy server needs to restore the data packet quintuple according to the transport layer protocol in the second receiving session information, in addition to restoring the address in the data packet quintuple.
  • Transport layer protocol is not be modified for the transport layer protocol in the quintuple of the data packet.
  • the specific implementation manner of the first proxy server generating the first sending session information and the first receiving information includes:
  • Generating first receiving session information including an address whose active address is the second proxy server and whose destination address is the address of the first proxy server;
  • the data packet sent by the first server received by the first proxy server to the second server for the first time may have two cases, one is a data packet for requesting to establish a TCP connection, and the other is a UDP-based protocol. Packet. And, the process of generating the first sending session information and the first receiving information by the first proxy server is applicable to both cases.
  • the first proxy server needs to perform other processing procedures in addition to the processing of generating the first sending session information and the first receiving session information.
  • the manner in which the second proxy server generates the second sending session information and the second receiving session information in the two cases is different, specifically:
  • Case 1 The first packet received by the first proxy server is a packet for requesting establishment of a TCP connection.
  • the first proxy server is also used to:
  • the first proxy server since the TCP connection-based session has not been established between the first server, the first proxy server, the second proxy server, and the second server, the first proxy server will modify the five packets before the packet.
  • the tuple that is, the original quintuple information of the data packet, is stored in the data packet to inform the second proxy server of the quintuple information before the modification of the data packet.
  • the quintuple of the data packet before the modification may be stored in a data area of the data packet for storing user data information, and the quintuple of the modified data packet may be placed in addition to the packet header of the data packet. Stored in this data area.
  • the second proxy server is also used to:
  • Second sending session information including an address whose active address is the second server and whose destination address is the address of the first server;
  • Second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
  • the data packet sent by the first server that is firstly received by the first proxy server to the second server is a UDP protocol-based data packet.
  • the first proxy server is also used to:
  • the source address modification in the quintuple of the UDP protocol-based data packet sent by the first server to the second server is received and cached.
  • the address and destination address of the first proxy server are modified to the address of the second proxy server.
  • the session request data packet includes two types of five-tuples, the first type is a quintuple in a data packet sent by the first server that is first received to the second server, and the second type is a source address being the first agent.
  • the server and destination address are the second proxy server, and the transport layer protocol is a quintuple of the specified transport protocol.
  • the two quintuples may be located in a data area of the session request data packet for storing user data information, or may store the first quintuple in the session.
  • the data area of the request packet, the second five-tuple is stored in the header of the session request packet.
  • the second proxy server is also used to:
  • the second quintuple generating second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
  • the embodiment of the present application further provides a preferred embodiment, that after the first proxy server receives the data packet sent by the first server that is forwarded by the route to the second server for requesting to establish a TCP connection, the first proxy server may further A server feeds back a data packet for replying to the TCP connection establishment request;
  • the first proxy server may send a data packet for requesting to establish a TCP connection to the second proxy server, requesting to establish a TCP connection with the second proxy server and the second server, and locally and the first server Establish a TCP connection to cache all packets sent by the first server based on the TCP connection.
  • the first server does not need to wait for the data packet forwarded by the second server via the multi-level proxy for replying to the TCP connection establishment request, and can also determine the TCP connection success locally in advance, and then the data required in the session based on the TCP connection.
  • the packet is first sent to the first proxy server and cached by the first proxy server, and then the subsequent first proxy server can directly cache the data packet after responding to the TCP connection establishment request by the second server.
  • the data packet is forwarded to the second server via the second proxy server, thereby effectively shortening the setup time of the TCP connection, and improving the forwarding efficiency of the data packet in the session process based on the TCP connection, and better satisfying the transmission acceleration in the network interconnection. demand.
  • the second embodiment of the present application provides a method for implementing network interconnection.
  • FIG. 2 For details, refer to the method flowchart shown in FIG. 2:
  • Step 201 The first proxy server receives the data packet sent by the first server deployed in the first data center to the second server deployed in the second data center, and the packet header of the data packet includes a quintuple.
  • Step 202 The first proxy server modifies the source address in the quintuple of the data packet to the address of the first proxy server, and the destination address is modified to the address of the second proxy server.
  • Step 203 The first proxy server sends the modified data packet to a second proxy server deployed in the second data center.
  • Step 204 The second proxy server restores the quintuple in the data packet modified by the first proxy server to the quintuple before modification.
  • Step 205 Send the restored data packet to the second server, so that the second server responds to the restored data packet.
  • the first proxy server in step 201 receives the data packet sent to the second server via the forwarded first server for the first time, before performing step 202, the first sending session information and the first Receive session information:
  • Generating first receiving session information including an address whose source address is the address of the second proxy server and an address of the first proxy server;
  • the TCP for requesting to establish the TCP may be used before the modification.
  • the five-tuple of the header of the connected packet is stored in the packet.
  • the data packet for replying to the TCP connection establishment request may be fed back to the first server, and the data packet carrying the user data information sent by the first server to the first server may be received and cached, and received After the second server forwarded by the second proxy server responds to the data packet for replying to the TCP connection establishment request, the cached data packet carrying the user data information is sent to the second server via the second proxy server.
  • the first proxy server may create a session with the second proxy server before performing step 202, if the data packet sent by the first server that is received by the first route to the second server is a UDP protocol-based data packet.
  • the UDP protocol-based data packet sent by the received first server to the second server is cached locally, and a session request packet for requesting the second proxy server to create a session is generated and sent to the first If the second proxy server receives the session response packet sent by the second proxy server to indicate that the session is successfully created, it is determined that the session is successfully created, and then step 202 is performed.
  • the quintuple of the data packet may be modified according to the first generated session information and the first received session information, which specifically includes:
  • the destination address in the quintuple of the data packet sent by the first server to the second server is modified to be the source address in the first receiving session information, and the source address is modified to the destination address in the first receiving session information.
  • the second proxy server may further establish second sending session information and second receiving session information based on the received quintuple carried in the data packet forwarded by the first proxy server.
  • the data packet forwarded by the first proxy server is a data packet for requesting to establish a TCP connection
  • the data packet forwarded by the first proxy server further includes data modified by the first proxy server.
  • the quintuple of the packet, and then the second proxy server may generate the address including the address of the second server and the address of the first server according to the quintuple of the data packet before modification by the first proxy server. Transmitting the session information; generating, according to the modified five-tuple in the header of the data packet forwarded by the first proxy server, the second address including the address of the first proxy server and the address of the second proxy server Receiving session information; establishing an association relationship between the second sending session information and the second receiving session information.
  • the method also include:
  • a session request data packet for requesting to create a session; wherein the session request data packet includes two types of five-tuples, and the first one is sent to the second server for the first time.
  • the quintuple in the server's data packet the second is the quintuple with the source address being the first proxy server, the destination address being the second proxy server, and the transport layer protocol being the specified transport protocol;
  • the second sending session information and the second receiving session information are generated according to the following manner:
  • the second quintuple generating second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
  • the quintuple in the data packet modified by the first proxy server may be restored to the quintuple before modification according to the pre-generated second sending session information and the second receiving session information, specifically include:
  • Second receiving session information including an address whose source address is the first proxy server and whose destination address is the address of the second proxy server;
  • the destination address in the quintuple of the modified data packet is modified to the source address in the second sending session information, and the source address is modified to the destination address in the second sending session information.
  • the data center A and the data center B deployed in different areas are taken as an example to describe the method for implementing network interconnection between two data centers, in combination with the content described in the first embodiment and the second embodiment.
  • FIG. 3 a schematic diagram of a scenario for interconnecting data centers across regions is implemented.
  • the network segment corresponding to data center A is NET_A
  • the network segment corresponding to data center B is NET_B
  • proxy server C and proxy server D are deployed at the egress gateways of data center A and data center B, respectively, and data center A routes NET_B.
  • the data center B points the route of the NET_A to the internal network IP address IP_D of the local proxy server D.
  • the public network IP addresses of the two proxy servers are EIP_C and EIP_D, respectively.
  • the internal network IP address of server E is IP_E
  • the internal network IP address of server F of data center B is IP_F.
  • the process of implementing network interconnection between the two data centers is introduced for the data packets of the TCP protocol and the data packets of the UDP protocol, respectively.
  • Step 401 The server E sends a synchronous packet (SYN packet) for requesting to establish a TCP connection to the server F, wherein the header of the SYN packet includes a five-tuple (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP).
  • SYN packet a synchronous packet
  • Step 402 The proxy server C receives the SYN packet sent by the server E to the F, and searches for the route according to the destination IP address IP_F, matches the NET_B network segment corresponding to the data center B, and finds the egress gateway deployed in the data center B. Proxy server D.
  • the server E of the data center A since the server E of the data center A has directed the route of the NET_B network segment to the local proxy server C, the SYN packet sent by the server E to the server F deployed on the NET_B network segment can be routed to the local proxy service. C.
  • Step 403 The proxy server C generates the first sending session information S1 according to the packet header 5-tuple of the received SYN packet, where the source IP address of the first sending session information S1 is IP_E, the destination IP address is IP_F, and the source port number is PORT_E, the destination port number is PORT_F, and the transport layer protocol is PROTO_TCP.
  • the first receiving session information S2 is generated according to the IP address of the remote proxy server D that is found as EIP_D, the remote proxy port PORT_D, and the local IP address EIP_C and the local proxy port PORT_C.
  • the IP address is EIP_D
  • the destination IP address is EIP_C
  • the source port number is PORT_D
  • the destination port number is PORT_C
  • the transport layer protocol is PROTO_TCP
  • the session information S1 and S2 are associated.
  • Step 404 The proxy server C finds the first sending session information S1 according to the packet header quintuple of the SYN packet, and then, according to the first receiving session information S2 associated with S1, the original packet header quintuple of the SYN packet (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) is modified to (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP), and the original packet header quintuple (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) is saved in the SYN packet, and the modified SYN is modified.
  • the package is sent to the proxy server D.
  • the packet header of the SYN packet is modified in the present application, and the original quintuple quintuple is added to the data packet. Since the packet length occupied by the quintuple information is small, The modification of the data packet in the present application does not cause the modified data packet to reach the maximum MTU length, thereby effectively avoiding fragmentation and reassembly of the data packet.
  • the proxy server C after receiving the SYN packet for the first time, saves the original packet quintuple in the data area of the data packet, so that the peer proxy server D generates corresponding session information.
  • the proxy server C may modify only the packet header of the data packet, and does not perform the action of saving the original packet header quintuple in the data packet.
  • the proxy server C may perform the encryption processing on the original packet quintuple stored in the SYN packet.
  • the specific encryption process may refer to the existing process, which is not limited in this application.
  • Step 405 After receiving the SYN packet forwarded by the proxy server C, the proxy server D establishes the second sending session information S3 according to the original packet quintuple in the SYN packet, where the source IP address is IP_F and the destination IP address is IP_E.
  • the source port number is PORT_F
  • the destination port number is PORT_E
  • the transport layer protocol is PROTO_TCP.
  • the second receiving session information S4 is established, wherein the source IP address in S4 is EIP_C, the destination IP address is EIP_D, the source port number is PORT_C, the destination port number is PORT_D, and the transport layer protocol is PROTO_TCP; and establishes an association relationship between session information S3, S4.
  • the data packet may be decrypted first, and the legality and integrity of the data packet may be verified.
  • the specific decryption and verification process may refer to the existing process. This is not limited.
  • Step 406 The proxy server D finds the second receiving information S4 according to the SYN packet header quintuple, and further sets the packet header quintuple of the SYN packet according to the second sending session information S3 associated with S4 (EIP_C, EIP_D, PORT_C , PORT_D, PROTO_TCP) is modified to (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) and forwarded to server F via routing.
  • EIP_C, EIP_D, PORT_C , PORT_D, PROTO_TCP is modified to (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) and forwarded to server F via routing.
  • Step 407 The server F listens to and receives the SYN packet on the port PORT_F based on the TCP protocol, and after processing the SYN packet, sends a SYN-ACK packet for replying to the TCP connection establishment request, where the header of the SYN-ACK packet includes five
  • the tuple is (IP_F, IP_E, PORT_F, PORT_E, PROTO_TCP).
  • Step 408 The proxy server D receives the route-forwarded SYN-ACK packet according to the packet header of the SYN-ACK packet.
  • the quintuple finds the second sending session information S3, and determines the associated second receiving session information S4 according to S3, and modifies the packet header quintuple (IP_F, IP_E, PORT_F, PORT_E, PROTO_TCP) of the SYN-ACK packet to (EIP_D).
  • EIP_C, PORT_D, PORT_C, PROTO_TCP and forward the modified SYN-ACK packet to the proxy server C.
  • Step 409 After receiving the SYN-ACK packet, the proxy server C searches for the first receiving session information S2 according to the packet header quintuple of the SYN-ACK packet, and determines the associated first sending session information S1 according to S2, and sets the SYN-ACK.
  • the packet's packet header quintuple (EIP_D, EIP_C, PORT_D, PORT_C, PROTO_TCP) is modified to (IP_F, IP_E, PORT_F, PORT_E, PROTO_TCP) and forwarded to server E.
  • Step 410 The server E receives the SYN-ACK packet returned by the server F, and returns a LAST-ACK packet indicating that the TCP connection is successfully established to the server F.
  • Step 504 in the figure is a simplified process. Specifically, the forwarding process of the LAST-ACK packet can be forwarded by referring to the forwarding process of the above SYN packet (proxy server C ⁇ proxy server D ⁇ server E), and when the server F receives the server E. After the LAST-ACK packet, it is determined that the TCP connection with the server E is successfully established. Subsequently, the two servers can perform bidirectional transmission of the data packet based on the established TCP connection.
  • the proxy server can also work in the working mode of the full proxy, wherein the working process of the full proxy works with respect to the establishment of the TCP connection in the working mode of the incomplete proxy has the following points: different:
  • the proxy server C can immediately feed back to the server E a SYN-ACK packet for replying to the TCP connection establishment request, in the proxy server.
  • D returns to the SYN-ACK packet sent by the server F, and further receives the LAST-ACK packet sent by the server E for routing forwarding and the subsequent ACK packet, and then temporarily caches until the proxy server is received.
  • D returns the SYN-ACK packet sent by server F. It is determined that the TCP connection between the local proxy server C and the server E is successfully established. This process can be done in parallel with steps 402 through 408.
  • the proxy server C forwards the LAST-ACK packet sent by the cached server E for indicating the successful establishment of the TCP connection and the subsequent ACK packet to be forwarded via the proxy server D.
  • server F For the specific forwarding process, refer to the above process.
  • the server F After the server F receives the LAST-ACK packet sent by the server E, it determines that the TCP connection with the server E is successfully established. Subsequently, the two servers can perform bidirectional transmission of the data packet based on the established TCP connection.
  • the process of data transmission based on the TCP connection between the server E of the data center A and the server F of the data center B is as follows:
  • Step 501 The server E sends a data packet carrying the user data information to the server F based on the TCP connection, where the packet header of the data packet is (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP).
  • Step 502 The proxy server C receives the route-transferred data packet sent by the server E to the F, searches for the pre-generated first transmission session information S1 according to the packet header quintuple of the data packet, and determines the first associated association according to S1. Receiving session information S2, modifying the packet header quintuple (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) of the data packet to (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP), and forwarding the modified packet to the proxy Server D.
  • IP_E IP_F
  • PORT_E PORT_E
  • PROTO_TCP PROTO_TCP
  • the proxy server C completes the TCP establishment process with the server E locally, the cached server E is cached.
  • the data packet sent to the server F based on the TCP connection can directly modify the cached data packet and forward it to the proxy server D.
  • Step 503 After receiving the data packet forwarded by the proxy server C, the proxy server D searches for the pre-generated second receiving session information S4 according to the packet header quintuple (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP) of the data packet. And determining the associated second receiving session information S3 according to S4, modifying the packet header quintuple (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP) of the data packet to (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP), and modifying The subsequent packet is forwarded to server F.
  • the packet header quintuple EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP
  • Step 504 The server F receives and responds to the data packet sent by the server E based on the TCP connection.
  • Step 504 in the figure is a simplified process. Specifically, the process of forwarding the data packet of the server F by the proxy server D, C to the server E of the data center A may refer to the forwarding process of the data packet, and will not be described again. .
  • the server E of the data center A and the server F of the data center can perform bidirectional transmission of the data packets based on the established TCP connection until the established TCP connection times out, or the TCP connection is actively disconnected by the server E or F.
  • the server E of the data center A performs the data transmission process based on the UDP protocol through the proxy servers C and D and the server F of the data center B.
  • the specific process is as follows:
  • Step 601 The server E sends a data packet (referred to as a UDP packet) based on the UDP protocol to the server F, where the header of the UDP packet is (IP_E, IP_F, PORT_E, PORT_F, PROTO_UDP).
  • a data packet referred to as a UDP packet
  • the header of the UDP packet is (IP_E, IP_F, PORT_E, PORT_F, PROTO_UDP).
  • Step 602 The proxy server C receives the UDP packet sent by the server E to the F, and searches for the route according to the destination IP address IP_F, matches the NET_B network segment corresponding to the data center B, and finds that it is deployed at the data center B exit gateway. Proxy server D.
  • Step 603 The proxy server C generates the first sending session information S1 according to the packet header 5 tuple of the received UDP packet, where the content included in the session information is as described in the foregoing embodiment, and is not described herein;
  • the remote proxy IP address is EIP_D
  • the remote proxy port is PORT_D
  • the first receiving session information S2 is generated according to the known local IP address EIP_C and the local proxy port PORT_C, and An association relationship is established between the session information S1 and S2.
  • Step 604 The proxy server C caches the UDP packet sent by the server E, and generates a session request data packet for requesting the proxy server D to create a session, and sends the session request data packet to the remote proxy server D.
  • the session request packet includes two types of five-tuples, the first being the original packet header quintuple of the UDP packet (IP_E, IP_F, PORT_E, PORT_F, PROTO_UDP), and the second being constructed by the proxy server C.
  • the quintuple of the packet (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_UDP), these two quintuple can be saved in the data area of the packet according to the protocol convention format.
  • the header of the session request packet can be encapsulated according to a determined transport layer protocol capable of realizing data transmission between the proxy server C and the proxy server E.
  • the proxy server C may cache the data packet related to the UDP session sent by the received routed forwarding server E before receiving the response data packet returned by the proxy server D for indicating successful session establishment. local.
  • the proxy server C can encrypt the two quintuples stored in the data area of the data packet.
  • the specific encryption process can refer to the existing process, which is not limited in this application.
  • a packet containing the quintuple constructed by the proxy server C and the header quintuple of the original UDP packet is regenerated, since the packet contains only two quintuples,
  • the length of the message occupied by the quintuple information is very small, so the processing of the data packet in this application does not make the processed data packet reach the maximum.
  • Large MTU length which effectively avoids fragmentation and reassembly of data packets.
  • the proxy server D can generate session information to implement forwarding of the data packet between the proxy servers C and D.
  • Step 605 After receiving the UDP packet forwarded by the proxy server C, the proxy server D generates the second sending session information S3 according to the original packet quintuple in the UDP packet.
  • the second receiving session information S4 is generated based on the quintuple of the data packet constructed by the proxy server C, and the relationship between the session information S3, S4 is established.
  • Step 606 The proxy server D sends a session response data packet indicating that the session creation is successful to the proxy server C.
  • Step 607 After receiving the response packet sent by the proxy server D, the proxy server C determines that the UDP session initiated for the server E has been successfully established in the proxy server D.
  • Step 608 The proxy server C forwards the UDP packet sent by the locally cached server E to the F to the proxy server D.
  • the first sending session information S1 is searched, and then the first receiving session information S2 associated with S1 is determined, and the packet header quintuple of the UDP packet (IP_E, IP_F, PORT_E, PORT_F, UDP) is modified to (EIP_C, EIP_D, PORT_C, PORT_D, UDP), and the modified UDP packet is sent to the proxy server D.
  • the information stored in the data area in the UDP packet can be encrypted and compressed.
  • the existing process and details are not described herein again.
  • Step 609 After receiving the UDP packet forwarded by the proxy server C, the proxy server D searches for the second receiving session information S4 according to the packet header quintuple of the UDP packet, and determines the associated second receiving session information S3 according to S4, and sets the UDP packet.
  • the header quintuple (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_UDP) is modified to (IP_E, IP_F, PORT_E, PORT_F, PROTO_UDP), and the modified UDP packet is forwarded to the server F.
  • the data packet may be decrypted first, the validity and completeness of the data packet are verified, and the data information in the data packet is decompressed.
  • the process of decoding and decompression can refer to the existing process, which is not limited in this application.
  • Step 610 The server F receives and responds to the UDP packet sent by the server E.
  • the step 610 shown in the figure is a simplified process.
  • the data packet responded by the server F can also be sent to the server E via the proxy server D and the proxy server C.
  • the forwarding process in the proxy server is similar to the above process. I will not repeat them one by one.
  • the data packets exchanged between the server E and the server F can be forwarded through the proxy servers C and D until the UDP session established between the proxy server C and the proxy server D is timed out.
  • the server E and the server F are only taken as an example.
  • multiple data packets sent by multiple servers in the data center A can simultaneously support forwarding to the corresponding server in the data center B via the proxy servers C and D.
  • the proxy server C is configured to modify the intranet addresses in the plurality of data packet quintuples sent by the multiple servers to the public network address corresponding to the proxy server D.
  • the proxy server D is configured to generate based on the pre-generation
  • the session information restores the received plurality of data packet quintuaries to forward the received plurality of data packets to the corresponding servers in the data center B.
  • a proxy server may be deployed at an edge access point corresponding to two data centers in the public network, for example, in a public network corresponding data center.
  • A's edge access point deploys proxy server M
  • corresponding to data center B's edge access point deploys proxy server N
  • proxy server M corresponding to data center B
  • data The data packet sent by the server of the center A to the server of the data center B can be forwarded to the server corresponding to the data center B via the agent C ⁇ agent M ⁇ agent N ⁇ agent D, and the forwarding process in the multi-level proxy server can be Refer to the above process, and will not be described here.
  • the embodiment of the present application further provides a device for implementing network interconnection corresponding to a method for implementing network interconnection, and the method for solving the problem by the device and the method for implementing network interconnection in the embodiment of the present application
  • the implementation of the device can be referred to the implementation of the method, and the repeated description will not be repeated.
  • FIG. 7 is a schematic structural diagram of an apparatus for implementing network interconnection according to Embodiment 3 of the present application, including:
  • the receiving module 71 is configured to receive a data packet that is sent by the first server deployed in the first data center to the second server that is deployed in the second data center, and the packet header of the data packet includes a five-tuple.
  • the processing module 72 is configured to modify a source address in the quintuple of the data packet to an address of the first proxy server, and modify the destination address to an address of the second proxy server;
  • the sending module 73 is configured to send the modified data packet to a second proxy server deployed in the second data center.
  • FIG. 8 is a schematic structural diagram of an apparatus for implementing network interconnection according to Embodiment 4 of the present application, including:
  • the receiving module 81 is configured to receive a data packet sent by the first server that is forwarded by the first proxy server to the second server, where the source address in the quintuple of the packet header of the data packet is modified by the first proxy server The address and destination address of the first proxy server are modified by the first proxy server to the address of the second proxy server;
  • the processing module 82 is configured to restore the quintuple in the data packet modified by the first proxy server to the quintuple before modification;
  • a sending module 83 configured to send the restored data packet to the second server, so that the second server responds to the restored data packet, where the first proxy server and the first server are deployed in the first data Center, the second server is deployed in the second data center.
  • the fifth embodiment of the present application further provides a computing device, which may be a desktop computer, a portable computer, a smart phone, a tablet computer, a personal digital assistant (PDA), or the like.
  • the computing device may include a central processing unit (CPU) 901, a memory 902, an input device 903, an output device 904, etc.
  • the input device may include a keyboard, a mouse, a touch screen, etc.
  • the output device may include Display devices, such as liquid crystal displays (LCDs), cathode ray tubes (CRTs), and the like.
  • LCDs liquid crystal displays
  • CRTs cathode ray tubes
  • the memory can include read only memory (ROM) and random access memory (RAM) and provides the processor with program instructions and data stored in the memory.
  • ROM read only memory
  • RAM random access memory
  • the memory may be used to store program instructions for implementing a method of network interconnection.
  • the processor is configured to execute the program instructions stored by the processor, and the processor is configured to execute according to the obtained program instructions: receiving the data packet transmitted by the first server deployed in the first data center and being sent to the second server deployed in the second data center
  • the packet header of the data packet includes a quintuple; the source address in the quintuple of the data packet is modified to the address of the first proxy server, and the destination address is modified to the address of the second proxy server; the modified data is to be modified.
  • the package is sent to the second server by the second service
  • the device responds to the restored data packet.
  • the sixth embodiment of the present application provides a computer storage medium for storing computer program instructions used by the computing device in the above fifth embodiment, which includes a program for executing the above method for implementing network interconnection.
  • the computer storage medium can be any available media or data storage device accessible by a computer, including but not limited to magnetic storage (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (eg, CD, DVD, BD, HVD, etc.), and semiconductor memories (for example, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state hard disk (SSD)).
  • magnetic storage eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.
  • optical storage eg, CD, DVD, BD, HVD, etc.
  • semiconductor memories for example, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state hard disk (SSD)).
  • the seventh embodiment of the present application further provides a computing device, which may be a desktop computer, a portable computer, a smart phone, a tablet computer, a personal digital assistant (PDA), or the like.
  • the computing device may include a central processing unit (CPU) 1001, a memory 1002, an input device 1003, an output device 1004, etc.
  • the input device may include a keyboard, a mouse, a touch screen, etc.
  • the output device may include Display devices, such as liquid crystal displays (LCDs), cathode ray tubes (CRTs), and the like.
  • LCDs liquid crystal displays
  • CRTs cathode ray tubes
  • the memory can include read only memory (ROM) and random access memory (RAM) and provides the processor with program instructions and data stored in the memory.
  • ROM read only memory
  • RAM random access memory
  • the memory may be used to store program instructions for implementing a method of network interconnection.
  • the processor is configured to execute, according to the obtained program instruction, the processor, by the processor, to receive the data packet sent by the first server forwarded by the first proxy server to the second server; wherein the packet header of the data packet is five
  • the source address in the tuple is modified by the first proxy server to be the address of the first proxy server, and the destination address is modified by the first proxy server to the address of the second proxy server; the content to be modified by the first proxy server
  • the quintuple in the data packet is restored to the quintuple before modification; the restored data packet is sent to the second server, so that the second server responds to the restored data packet; wherein the first proxy server and The first server is deployed in a first data center, and the second server is deployed in a second data center.
  • Embodiment 8 of the present application provides a computer storage medium for storing computer program instructions for use in the computing device of the above-described Embodiment 7, which includes a program for executing the above-described method for implementing network interconnection.
  • the computer storage medium can be any available media or data storage device accessible by a computer, including but not limited to magnetic storage (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (eg, CD, DVD, BD, HVD, etc.), and semiconductor memories (for example, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state hard disk (SSD)).
  • magnetic storage eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.
  • optical storage eg, CD, DVD, BD, HVD, etc.
  • semiconductor memories for example, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state hard disk (SSD)).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to the technical field of communications, and particularly, to a system, method and apparatus for implementing network interconnection, for use in resolving the problems in the prior art of poor transmission performance and low bandwidth utilization rate in the cross-wide area network interconnection of data centers. The method provided in an embodiment of the present application comprises: receiving a data packet, which is forwarded by a router and transmitted by a first server deployed in a first data center to a second server deployed in a second data center, a header of the data packet comprising a quintuple; modifying a source address of the quintuple of the data packet into an address of a first proxy server, and modifying a destination address of the quintuple of the data packet into an address of a second proxy server; and sending the modified data packet to the second proxy server deployed in the second data center, so that the second proxy server recovers the quintuple of the modified data packet into the quintuple before the modification and sends the recovered data packet to the second server, and the second server responds to the recovered data packet.

Description

一种实现网络互连的系统、方法及装置System, method and device for realizing network interconnection 技术领域Technical field
本申请涉及通信技术领域,尤其涉及一种实现网络互连的系统、方法及装置。The present application relates to the field of communications technologies, and in particular, to a system, method, and apparatus for implementing network interconnection.
背景技术Background technique
随着分布式网络建设越来越多,各企业和公司总部之间的网络建设日益完善,绝大多数企业更倾向于建设集中的数据中心,而各个数据中心之间跨广域网(Wide Area Network,WAN)互联也面临着很多问题。With the construction of distributed networks more and more, the network construction between enterprises and corporate headquarters is becoming more and more perfect. Most enterprises prefer to build centralized data centers, and each data center is across the wide area network (Wide Area Network, WAN) interconnection also faces many problems.
目前,较为普及的跨广域网互联方式主要有专线和虚拟专用网(Virtual Private Network,VPN)两种。专线主要有数字数据网(Digital Data Network,DDN)、同步数字体系(Synchronous Digital Hierarchy,SDH)等,其优势主要表现在传输质量高、时延短、速率高。但由于大规模跨区域组建专线的建设成本相对较高,故对于企业来说并不适用。VPN主要是在公共网络(Internet,简称公网)或者专线上组建通讯线路,不必投入大量的人力和物力去安装和维护WAN设备和远程访问设备,可节省建设成本,故在企业中应用较为广泛。其中,实现VPN的最关键部分在于隧道模式,其主要通过在发送端发送的原数据包的外层再封装一层报文作为隧道包头,来对数据包进行加密传输。这种隧道模式的弊端主要体现在:由于广域网约定的最大传输单元(Maximum Transmission Unit,MTU)为1500,若内层数据包的报文长度已经为最大MTU长度,那么继续进行封装,增加隧道包头可能导致数据包的分片,相应地,接收端还需进行报文重组,这大大降低了数据包的传输性能。并且,这种对原数据包进行封装增加隧道包头的方式,增加了数据包的长度,导致传输时的带宽利用率较低。因此,采用VPN来实现数据中心的跨广域网互联存在着传输性能较差、带宽利用率低的问题。At present, the more popular cross-WAN interconnection methods are mainly private lines and virtual private networks (VPNs). The dedicated lines mainly include Digital Data Network (DDN) and Synchronous Digital Hierarchy (SDH). The advantages are mainly due to high transmission quality, short delay and high speed. However, due to the relatively high construction cost of large-scale cross-regional construction lines, it is not applicable to enterprises. VPN is mainly used to set up communication lines on the public network (Internet, referred to as public network) or on the special line. It does not need to invest a lot of manpower and material resources to install and maintain WAN equipment and remote access equipment, which can save construction costs, so it is widely used in enterprises. . Among them, the most important part of implementing the VPN is the tunnel mode, which mainly encrypts and transmits the data packet by encapsulating a layer of the packet as the tunnel header in the outer layer of the original data packet sent by the sender. The disadvantages of this tunnel mode are mainly as follows: Since the maximum transmission unit (MTU) agreed by the WAN is 1500, if the packet length of the inner layer packet is already the maximum MTU length, then the encapsulation continues and the tunnel header is added. The fragmentation of the data packet may be caused. Correspondingly, the receiving end needs to perform packet reassembly, which greatly reduces the transmission performance of the data packet. Moreover, the manner of encapsulating the original data packet to increase the tunnel header increases the length of the data packet, resulting in lower bandwidth utilization during transmission. Therefore, the use of VPN to achieve data center cross-WAN interconnection has the problems of poor transmission performance and low bandwidth utilization.
综上,目前需要一个新的方案来克服上述问题以实现数据中心的跨广域网互联。In summary, a new solution is needed to overcome the above problems to achieve data center cross-WAN interconnection.
发明内容Summary of the invention
本申请实施例提供一种实现网络互连的系统、方法及装置,用以解决现有技术中数据中心的跨广域网互联的方案中存在传输性能较差、带宽利用率低的问题。The embodiments of the present invention provide a system, a method, and a device for implementing network interconnection, which are used to solve the problem of poor transmission performance and low bandwidth utilization in a scheme of data center cross-WAN interconnection in the prior art.
本申请实施例提供的一种实现网络互联的系统,包括:均部署于第一数据中心的第一服务器和第一代理服务器、均部署于第二数据中心的第二服务器和第二代理服务器;其中,The system for implementing the network interconnection provided by the embodiment of the present application includes: a first server and a first proxy server both deployed in the first data center, and a second server and a second proxy server both deployed in the second data center; among them,
第一服务器,用于向第二服务器发送数据包,所述数据包的包头包含五元组;a first server, configured to send a data packet to the second server, where the packet header includes a five-tuple;
第一代理服务器,用于接收经路由转发的第一服务器发送给第二服务器的数据包;将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址;将修改后的数据包发送给第二代理服务器;a first proxy server, configured to receive a data packet sent by the first server that is forwarded by the route to the second server; modify a source address in the quintuple of the data packet to an address and a destination address of the first proxy server, and modify The address of the second proxy server; sending the modified data packet to the second proxy server;
第二代理服务器,用于将所述修改后的数据包的五元组还原为修改前的五元组;将还原后的数据包发送给第二服务器;a second proxy server, configured to restore the quintuple of the modified data packet to a quintuple before modification; and send the restored data packet to the second server;
第二服务器,用于接收并响应所述还原后的数据包。a second server, configured to receive and respond to the restored data packet.
本申请又一实施例提供一种实现网络互连的方法,包括:A further embodiment of the present application provides a method for implementing network interconnection, including:
接收经路由转发的部署于第一数据中心的第一服务器发送给部署于第二数据中心的 第二服务器的数据包,所述数据包的包头包含五元组;Receiving, by the first server deployed in the first data center, the route forwarding is sent to the second data center a data packet of the second server, the packet header of the data packet includes a five-tuple;
将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址;Modifying the source address in the quintuple of the data packet to the address of the first proxy server, and modifying the destination address to the address of the second proxy server;
将修改后的数据包发送给部署于所述第二数据中心的第二代理服务器,以便所述第二代理服务器将所述修改后的数据包的五元组还原为修改前的五元组并将还原后的数据包发送给第二服务器,由第二服务器响应所述还原后的数据包。Sending the modified data packet to a second proxy server deployed in the second data center, so that the second proxy server restores the quintuple of the modified data packet to the quintuple before modification The restored data packet is sent to the second server, and the second server responds to the restored data packet.
可选地,将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址,包括:Optionally, modifying the source address in the quintuple of the data packet to the address of the first proxy server, and modifying the destination address to the address of the second proxy server, includes:
根据接收的经路由转发的第一服务器发送给第二服务器的数据包的五元组,查找包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;And searching, according to the received quintuple of the data packet sent by the first server that is forwarded by the route to the second server, the first sending session information that includes the address of the first server and the address of the second server;
根据预置的会话信息之间的关联关系,确定与所述第一发送会话信息相关联的第一接收会话信息;其中,第一接收会话信息中包含的源地址为第二代理服务器的地址、目的地址为第一代理服务器的地址;Determining, according to the association relationship between the preset session information, the first receiving session information associated with the first sending session information, where the source address included in the first receiving session information is an address of the second proxy server, The destination address is the address of the first proxy server;
将所述第一服务器发送给第二服务器的数据包的五元组中的目的地址修改为第一接收会话信息中的源地址、源地址修改为第一接收会话信息中的目的地址。The destination address in the quintuple of the data packet sent by the first server to the second server is modified to be the source address in the first receiving session information, and the source address is modified to the destination address in the first receiving session information.
可选地,根据以下方式生成第一发送会话信息和第一接收会话信息:Optionally, the first sending session information and the first receiving session information are generated according to the following manner:
若首次接收经路由转发的第一服务器发送给第二服务器的数据包,则根据接收的数据包的五元组,生成包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;并,If the data packet sent by the first server that is forwarded by the route to the second server is received for the first time, according to the quintuple of the received data packet, an address including the address of the first server and the address of the second server is generated. First send session information; and,
根据接收的数据包的五元组中的目的地址,确定与所述目的地址相匹配的网段对应的服务器为第二代理服务器;Determining, according to the destination address in the quintuple of the received data packet, a server corresponding to the network segment that matches the destination address as a second proxy server;
生成包含有源地址为所述第二代理服务器的地址、目的地址为第一代理服务器的地址的第一接收会话信息;并,Generating first receiving session information including an address whose source address is the address of the second proxy server and an address of the first proxy server; and
将第一发送会话信息与第一接收会话信息之间建立关联关系。Establishing an association relationship between the first sending session information and the first receiving session information.
可选地,若首次接收的经路由转发的第一服务器发送给第二服务器的数据包为用于请求建立传输控制协议(Transmission Control Protocol,TCP)连接的数据包,则在将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址之前,所述方法还包括:Optionally, if the data packet sent by the first server that is firstly received by the route forwarding to the second server is a data packet for requesting to establish a Transmission Control Protocol (TCP) connection, the data packet is The method further includes: before the source address in the quintuple is modified to the address of the first proxy server, and the destination address is modified to the address of the second proxy server, the method further includes:
将修改前的所述用于请求建立TCP连接的数据包的包头的五元组存储在该数据包中。A five-tuple of the header of the data packet for requesting establishment of a TCP connection before the modification is stored in the data packet.
可选地,在接收到经路由转发的第一服务器发送给第二服务器的用于请求建立TCP连接的数据包之后,所述方法还包括:Optionally, after receiving the data packet sent by the first server that is forwarded by the route to the second server for requesting to establish a TCP connection, the method further includes:
向所述第一服务器反馈一个用于回复TCP连接建立请求的数据包;Returning, to the first server, a data packet for replying to the TCP connection establishment request;
接收并缓存第一服务器发送给第一服务器的携带有用户数据信息的数据包;Receiving and buffering a data packet carrying the user data information sent by the first server to the first server;
在接收到由第二代理服务器转发的第二服务器响应的用于回复TCP连接建立请求的数据包之后,将缓存的携带有用户数据信息的数据包经由第二代理服务器发送给所述第二服务器。After receiving the data packet for replying to the TCP connection establishment request that is forwarded by the second server forwarded by the second proxy server, sending the buffered data packet carrying the user data information to the second server via the second proxy server .
可选地,若首次接收的经路由转发的第一服务器发送给第二服务器的数据包为基于用户数据报协议(User Data Protocol,UDP)的数据包,则在将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址之前,所述方法还包括: Optionally, if the data packet sent by the first server that is received by the first route to the second server is a User Data Protocol (UDP)-based data packet, the five-way packet is used. Before the source address in the group is modified to the address of the first proxy server and the destination address is modified to the address of the second proxy server, the method further includes:
接收并缓存第一服务器发送给第二服务器的基于UDP协议的数据包;并,Receiving and buffering a UDP protocol-based data packet sent by the first server to the second server; and,
生成一个用于请求第二代理服务器创建会话的会话请求数据包并发送给第二代理服务器;Generating a session request packet for requesting the second proxy server to create a session and sending it to the second proxy server;
在接收到第二代理服务器发送的用于指示会话创建成功的会话响应数据包之后,将接收并缓存第一服务器发送给第二服务器的基于UDP协议的数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址。After receiving the session response data packet sent by the second proxy server indicating that the session is successfully created, the source address modification in the quintuple of the UDP protocol-based data packet sent by the first server to the second server is received and cached. The address and destination address of the first proxy server are modified to the address of the second proxy server.
本申请又一实施例提供了一种实现网络互连的方法,包括:A further embodiment of the present application provides a method for implementing network interconnection, including:
接收由第一代理服务器转发的第一服务器发送给第二服务器的数据包;其中,所述数据包的包头的五元组中的源地址被所述第一代理服务器修改为第一代理服务器的地址、目的地址被所述第一代理服务器修改为第二代理服务器的地址;Receiving, by the first server forwarded by the first proxy server, a data packet sent by the first server to the second server; wherein, the source address in the quintuple of the packet header of the data packet is modified by the first proxy server to be the first proxy server The address and the destination address are modified by the first proxy server to be the address of the second proxy server;
将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组;Reverting the quintuple in the data packet modified by the first proxy server to the quintuple before modification;
将还原后的数据包发送给第二服务器,以便第二服务器响应所述还原后的数据包;其中,所述第一代理服务器和所述第一服务器部署于第一数据中心,所述第二服务器部署于第二数据中心。Sending the restored data packet to the second server, so that the second server responds to the restored data packet; wherein the first proxy server and the first server are deployed in the first data center, and the second The server is deployed in the second data center.
可选地,将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组,包括:Optionally, the quintuple in the data packet modified by the first proxy server is restored to the quintuple before the modification, including:
根据由所述第一代理服务器修改后的数据包中的五元组,查找包含源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;Searching, according to the quintuple in the data packet modified by the first proxy server, second receiving session information including an address whose source address is the first proxy server and whose destination address is the address of the second proxy server;
根据预置的会话信息之间的关联关系,确定与所述第二接收会话信息相关联的第二发送会话信息;其中,所述第二发送会话信息中包含的源地址为第二服务器的地址、目的地址为第一服务器的地址;Determining, according to an association relationship between the preset session information, second sending session information associated with the second receiving session information, where the source address included in the second sending session information is an address of the second server The destination address is the address of the first server;
将修改后的数据包的五元组中的目的地址修改为第二发送会话信息中的源地址、源地址修改为第二发送会话信息中的目的地址。The destination address in the quintuple of the modified data packet is modified to the source address in the second sending session information, and the source address is modified to the destination address in the second sending session information.
可选地,若接收由第一代理服务器转发的数据包为用于请求建立TCP连接的数据包,则所述由第一代理服务器转发的数据包中还包括由所述第一代理服务器修改前的数据包的五元组;Optionally, if the data packet forwarded by the first proxy server is a data packet for requesting to establish a TCP connection, the data packet forwarded by the first proxy server further includes the modification by the first proxy server. The quintuple of the data packet;
根据以下方式生成第二发送会话信息和第二接收会话信息:The second sending session information and the second receiving session information are generated according to the following manner:
根据由所述第一代理服务器修改前的数据包的五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;Generating, according to the quintuple of the data packet before the modification by the first proxy server, second sending session information including an address whose active address is the second server and an address whose destination address is the first server;
根据由第一代理服务器转发的数据包中修改后的五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;Generating, according to the modified five-tuple in the data packet forwarded by the first proxy server, second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
可选地,若接收由第一代理服务器转发的数据包为基于UDP协议的数据包,则在将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组之前,所述方法还包括:Optionally, if the data packet forwarded by the first proxy server is a UDP protocol-based data packet, the quintuple in the data packet modified by the first proxy server is restored to the quintuple before modification. Previously, the method further includes:
接收所述第一代理服务器发送的用于请求创建会话的会话请求数据包;其中,所述会话请求数据包中包括两种五元组,第一种为首次接收的第一服务器发送给第二服务器的数据包中的五元组,第二种为源地址为第一代理服务器、目的地址为第二代理服务器、传输层协议为指定传输协议的五元组;Receiving, by the first proxy server, a session request data packet for requesting to create a session; wherein the session request data packet includes two types of five-tuples, and the first one is sent to the second server for the first time. The quintuple in the server's data packet, the second is the quintuple with the source address being the first proxy server, the destination address being the second proxy server, and the transport layer protocol being the specified transport protocol;
根据以下方式生成第二发送会话信息和第二接收会话信息: The second sending session information and the second receiving session information are generated according to the following manner:
根据所述第一种五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;以及,And generating second sending session information including an address whose active address is the second server and the destination address is the address of the first server according to the first five-tuple; and
根据所述第二种五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;并,According to the second quintuple, generating second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server; and
将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
本申请又一实施例提供一种实现网络互连的装置,包括:A further embodiment of the present application provides an apparatus for implementing network interconnection, including:
接收模块,用于接收经路由转发的部署于第一数据中心的第一服务器发送给部署于第二数据中心的第二服务器的数据包,所述数据包的包头包含五元组;a receiving module, configured to receive a data packet sent by the first server deployed in the first data center and sent to the second server deployed in the second data center, where the packet header includes a quintuple;
处理模块,用于将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址;a processing module, configured to modify a source address in the quintuple of the data packet to an address of the first proxy server, and modify the destination address to an address of the second proxy server;
发送模块,用于将修改后的数据包发送给部署于所述第二数据中心的第二代理服务器。And a sending module, configured to send the modified data packet to a second proxy server deployed in the second data center.
本申请又一实施例提供一种实现网络互连的装置,包括:A further embodiment of the present application provides an apparatus for implementing network interconnection, including:
接收模块,用于接收由第一代理服务器转发的第一服务器发送给第二服务器的数据包;其中,所述数据包的包头的五元组中的源地址被所述第一代理服务器修改为第一代理服务器的地址、目的地址被所述第一代理服务器修改为第二代理服务器的地址;a receiving module, configured to receive a data packet sent by the first server that is forwarded by the first proxy server to the second server, where the source address in the quintuple of the packet header of the data packet is modified by the first proxy server to The address and destination address of the first proxy server are modified by the first proxy server to the address of the second proxy server;
处理模块,用于将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组;a processing module, configured to restore the quintuple in the data packet modified by the first proxy server to the quintuple before modification;
发送模块,用于将还原后的数据包发送给第二服务器,以便第二服务器响应所述还原后的数据包;其中,所述第一代理服务器和所述第一服务器部署于第一数据中心,所述第二服务器部署于第二数据中心。a sending module, configured to send the restored data packet to the second server, so that the second server responds to the restored data packet; wherein the first proxy server and the first server are deployed in the first data center The second server is deployed in the second data center.
本申请又一实施例提供一种计算机装置,所述计算机装置包括处理器,所述处理器用于执行存储器中存储的计算机程序指令时实现本申请实施例任一实现网络互连的方法的步骤。A further embodiment of the present application provides a computer device, the computer device comprising a processor, the processor is configured to perform the steps of the method for implementing network interconnection in any of the embodiments of the present application when executing the computer program instructions stored in the memory.
本申请又一实施例提供一种计算机可读存储介质,其上存储有计算机程序指令,所述计算机程序指令被处理器执行时实现本申请实施例任一实现网络互连的方法的步骤。A further embodiment of the present application provides a computer readable storage medium having stored thereon computer program instructions that, when executed by a processor, implement the steps of any method of implementing network interconnection in an embodiment of the present application.
本申请又一实施例提供一种计算机装置,所述计算机装置包括处理器,所述处理器用于执行存储器中存储的计算机程序指令时实现本申请实施例任一实现网络互连的方法的步骤。A further embodiment of the present application provides a computer device, the computer device comprising a processor, the processor is configured to perform the steps of the method for implementing network interconnection in any of the embodiments of the present application when executing the computer program instructions stored in the memory.
本申请又一实施例提供一种计算机可读存储介质,其上存储有计算机程序指令,所述计算机程序指令被处理器执行时实现本申请实施例任一实现网络互连的方法的步骤。A further embodiment of the present application provides a computer readable storage medium having stored thereon computer program instructions that, when executed by a processor, implement the steps of any method of implementing network interconnection in an embodiment of the present application.
本申请实施例的有益效果如下:部署于第一数据中心的第一服务器和部署于第二数据中心的第二服务器之间进行通信的数据包,可基于多级代理的方式来实现跨数据中心的传输。其中,部署于第一数据中心的第一代理服务器和部署于第二数据中心的第二代理服务器,可以对需要转发的数据包的包头五元组进行修改或还原,使其能够支持跨数据中心进行传输。相比现有技术,本申请实施例中仅对数据包的包头五元组的地址进行修改,并不会使修改后的数据包达到最大MTU长度,相比现有技术中的隧道模式,能够有效避免数据包的分片和重组,从而改善了数据中心之间跨广域网的数据传输性能,提高了带宽利用率。The beneficial effects of the embodiment of the present application are as follows: a data packet that is communicated between a first server deployed in a first data center and a second server deployed in a second data center can implement cross-data center based on a multi-level proxy manner. Transmission. The first proxy server deployed in the first data center and the second proxy server deployed in the second data center may modify or restore the header quintuple of the data packet to be forwarded to support the cross data center. Transfer. Compared with the prior art, only the address of the packet quintuple of the data packet is modified in the embodiment of the present application, and the modified data packet does not reach the maximum MTU length. Compared with the tunnel mode in the prior art, Effectively avoid fragmentation and reassembly of data packets, thereby improving data transmission performance between data centers across the WAN and improving bandwidth utilization.
附图说明 DRAWINGS
图1为本申请实施例一提供的实现网络互连的系统的组网示意图;FIG. 1 is a schematic diagram of networking of a system for implementing network interconnection according to Embodiment 1 of the present application;
图2为本申请实施例二提供的实现网络互连的方法流程图;2 is a flowchart of a method for implementing network interconnection according to Embodiment 2 of the present application;
图3为本申请实施例二提供的实现数据中心跨区域互联的场景示意图;3 is a schematic diagram of a scenario for implementing data center cross-region interconnection according to Embodiment 2 of the present application;
图4为本申请实施例二提供的服务器E通过代理服务器C和D同服务器F建立TCP连接的过程;4 is a process of establishing a TCP connection between the server E and the server F through the proxy servers C and D according to the second embodiment of the present application;
图5为本申请实施例二提供的服务器E与服务器F基于TCP连接进行数据传输过程;5 is a data transmission process performed by the server E and the server F according to the TCP connection according to the second embodiment of the present application;
图6为本申请实施例二提供的服务器E通过代理服务器C和D同服务器进行基于UDP协议的数据传输过程;6 is a data transmission process performed by the server E according to the second embodiment of the present application by using the proxy server C and D and the server according to the UDP protocol;
图7为本申请实施例三提供的实现网络互连的装置的结构示意图;FIG. 7 is a schematic structural diagram of an apparatus for implementing network interconnection according to Embodiment 3 of the present application;
图8为本申请实施例四提供的实现网络互连的装置的结构示意图;FIG. 8 is a schematic structural diagram of an apparatus for implementing network interconnection according to Embodiment 4 of the present application;
图9为本申请实施例五提供的计算设备的结构示意图;9 is a schematic structural diagram of a computing device according to Embodiment 5 of the present application;
图10为本申请实施例七提供的计算设备的结构示意图。FIG. 10 is a schematic structural diagram of a computing device according to Embodiment 7 of the present application.
具体实施方式detailed description
为解决现有技术中数据中心的跨广域网互联的方案中存在传输性能较差、带宽利用率低的问题,本申请提供一种实现网络互连的系统、方法及装置。下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,并不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。To solve the problem of poor transmission performance and low bandwidth utilization in the solution of the data center across the WAN in the prior art, the present application provides a system, method and device for implementing network interconnection. The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the drawings in the embodiments of the present application. It is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
下面将通过具体实施例对本申请的方案进行详细描述,当然,本申请并不限于以下实施例。The solution of the present application will be described in detail below through specific embodiments. Of course, the application is not limited to the following embodiments.
实施例一Embodiment 1
参照图1,为本申请实施例一提供的实现网络互连的系统的组网示意图。该系统中包括均部署于第一数据中心的第一服务器和第一代理服务器、均部署于第二数据中心的第二服务器和第二代理服务器。1 is a schematic diagram of networking of a system for implementing network interconnection according to Embodiment 1 of the present application. The system includes a first server and a first proxy server both deployed in the first data center, a second server and a second proxy server both deployed in the second data center.
第一服务器,用于向第二服务器发送数据包。The first server is configured to send a data packet to the second server.
其中,第一服务器向第二服务器发送的数据包,可以是基于TCP协议的数据包,也可以是基于UDP协议的数据包。其中,TCP协议为面向连接的协议,故第一服务器可以首先向第二服务器发送用于请求建立TCP连接的数据包,在确定TCP连接建立成功之后,基于建立的TCP连接向第二服务器发送携带有用户数据信息的数据包;UDP协议为面向非连接的协议,故第一服务器发送给第二服务器的基于UDP协议的数据包可直接为携带有用户数据信息的数据包。The data packet sent by the first server to the second server may be a data packet based on the TCP protocol, or may be a data packet based on the UDP protocol. The TCP protocol is a connection-oriented protocol, so the first server may first send a data packet for requesting to establish a TCP connection to the second server, and after determining that the TCP connection is successfully established, send the carrying to the second server based on the established TCP connection. A data packet having user data information; the UDP protocol is a non-connection-oriented protocol, so the UDP protocol-based data packet sent by the first server to the second server can be directly a data packet carrying user data information.
具体地,第一服务器发送给第二服务器的数据包包头包含五元组,该五元组中源IP地址为第一服务器的IP地址、源端口为第一服务器的端口、目的IP地址为第二服务器的IP地址、目的端口为第二服务器的端口,传输层协议为TCP协议或UDP协议。并且,所述第一服务器和第二服务器的IP地址均为所对应的数据中心所在网段下的地址,即为所对应的数据中心下的内网地址。Specifically, the packet header sent by the first server to the second server includes a five-tuple, where the source IP address is the IP address of the first server, the source port is the port of the first server, and the destination IP address is the first The IP address and destination port of the second server are the ports of the second server, and the transport layer protocol is TCP protocol or UDP protocol. The IP addresses of the first server and the second server are all addresses under the network segment where the corresponding data center is located, that is, the intranet address under the corresponding data center.
第一代理服务器,用于接收经路由转发的第一服务器发送给第二服务器的数据包;将该数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服 务器的地址,并将修改后的数据包发送给第二代理服务器。a first proxy server, configured to receive a data packet sent by the first server that is forwarded by the route to the second server; modify the source address in the quintuple of the data packet to be changed to the address and destination address of the first proxy server Second agent service The address of the server and send the modified packet to the second proxy server.
这里,第一代理服务器可以部署在第一数据中心的出口网关处,第二代理服务器可以部署在第二数据中心的出口网关处。Here, the first proxy server may be deployed at the egress gateway of the first data center, and the second proxy server may be deployed at the egress gateway of the second data center.
其中,修改为的第一代理服务器和第二代理服务器的地址可由实际应用中该数据包在第一代理服务器和第二代理服务器之间的传输方式来预先设置。其中,第一代理服务器可以经由公网将接收的数据包发送给第二代理服务器,那么,上述第一代理服务器和第二代理服务器的地址对应为公网的IP地址。第一代理服务器还可以经由专线将接收的数据包发送给第二代理服务器,那么,上述第一代理服务器和第二代理服务器的地址还可对应为专线中的IP地址。The address of the first proxy server and the second proxy server modified may be preset by a transmission manner of the data packet between the first proxy server and the second proxy server in an actual application. The first proxy server may send the received data packet to the second proxy server via the public network. Then, the addresses of the first proxy server and the second proxy server correspond to the IP address of the public network. The first proxy server may also send the received data packet to the second proxy server via the leased line. Then, the addresses of the first proxy server and the second proxy server may also correspond to the IP address in the dedicated line.
本申请实施例中为便于阐述,将服务器或代理服务器的IP地址和端口号统称为地址,故本申请中对地址的修改和还原,实际是对IP地址以及端口号的修改和还原。那么,所述将该数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址,即为将该数据包的五元组中的源IP地址修改为第一代理服务器的IP地址、源端口号修改为第一代理服务器的端口号、目的IP地址修改为第二代理服务器的IP地址、目的端口号修改为第二代理服务器的端口号。In the embodiment of the present application, for convenience of description, the IP address and port number of the server or the proxy server are collectively referred to as an address. Therefore, the modification and restoration of the address in the present application is actually the modification and restoration of the IP address and the port number. Then, the source address in the quintuple of the data packet is modified to the address of the first proxy server, and the destination address is modified to the address of the second proxy server, that is, the source IP in the quintuple of the data packet. The address is modified to the IP address of the first proxy server, the source port number is modified to the port number of the first proxy server, the destination IP address is modified to the IP address of the second proxy server, and the destination port number is modified to the port number of the second proxy server.
第二代理服务器,用于在接收到由第一代理服务器发送的修改后的数据包之后,将修改后的数据包的五元组还原为修改前的五元组,并将还原后的数据包发送给第二服务器。a second proxy server, after receiving the modified data packet sent by the first proxy server, restoring the modified quintuple of the modified data packet to the quintuple before the modification, and the restored data packet Send to the second server.
这里,第二代理服务器可对修改后的数据包的五元组进行还原,得到原第一服务器发送给第二服务器的数据包的五元组,对于第一服务器和第二服务器来说,该数据包中的信息并未改变,以达到透明转发的效果。Here, the second proxy server may restore the quintuple of the modified data packet to obtain a quintuple of the data packet sent by the original first server to the second server, for the first server and the second server, The information in the packet has not changed to achieve the effect of transparent forwarding.
第二服务器,用于接收并响应所述还原后的数据包。a second server, configured to receive and respond to the restored data packet.
由此可见,部署于第一数据中心的第一服务器和部署于第二数据中心的第二服务器之间进行通信的数据包,可基于多级代理的方式来实现跨数据中心的传输。其中,部署于第一数据中心的第一代理服务器和部署于第二数据中心的第二代理服务器,可以对需要转发的数据包的包头五元组进行修改或还原,使其能够支持跨数据中心进行传输。相比现有技术,本申请实施例中仅对数据包的包头五元组的地址进行修改,并不会使修改后的数据包达到最大MTU长度,相比现有技术中的隧道模式,能够有效避免数据包的分片和重组,从而改善了数据中心之间跨广域网的数据传输性能,提高了带宽利用率。。It can be seen that the data packet that is communicated between the first server deployed in the first data center and the second server deployed in the second data center can be transmitted across the data center based on a multi-level proxy. The first proxy server deployed in the first data center and the second proxy server deployed in the second data center may modify or restore the header quintuple of the data packet to be forwarded to support the cross data center. Transfer. Compared with the prior art, only the address of the packet quintuple of the data packet is modified in the embodiment of the present application, and the modified data packet does not reach the maximum MTU length. Compared with the tunnel mode in the prior art, Effectively avoid fragmentation and reassembly of data packets, thereby improving data transmission performance between data centers across the WAN and improving bandwidth utilization. .
下面,结合具体实施方式详细说明下第一代理服务器以及第二代理服务器在转发数据包时的处理过程。Hereinafter, the processing procedure when the first proxy server and the second proxy server forward the data packet will be described in detail in conjunction with specific embodiments.
具体地,第一代理服务器可根据预先生成的第一发送会话信息和第一接收会话信息,来对数据包的包头五元组进行修改。其中,第一发送会话信息用于标识第一服务器经由第一代理服务器发送出去的数据包的会话信息,即表征针对第一数据中心的出方向的会话信息,第一接收会话信息用于标识第一服务器经由第一代理服务器接收到的数据包的会话信息,即表征针对第一数据中心的入方向的会话信息。相应地,第二代理服务器也可根据预先生成的第二发送信息和第二接收会话信息,来对修改后的五元组信息进行还原。其中,第二发送会话信息用于标识第二服务器经由第二代理服务器发送出去的数据包的会话信息,即表征针对第二数据中心的出方向的会话信息,第二接收会话信息用于标识第二服务器经由第二代理服务器接收到的数据包的会话信息,即表征针对第二数据中心的入方向的会话信息。 Specifically, the first proxy server may modify the packet quintuple of the data packet according to the pre-generated first sending session information and the first receiving session information. The first sending session information is used to identify the session information of the data packet sent by the first server via the first proxy server, that is, the session information indicating the outbound direction of the first data center, and the first receiving session information is used to identify the first The session information of the data packet received by the server via the first proxy server, that is, the session information characterizing the inbound direction for the first data center. Correspondingly, the second proxy server may also restore the modified quintuple information according to the pre-generated second sending information and the second receiving session information. The second sending session information is used to identify the session information of the data packet sent by the second server via the second proxy server, that is, the session information indicating the outbound direction of the second data center, and the second receiving session information is used to identify the The session information of the data packet received by the second server via the second proxy server, that is, the session information characterizing the inbound direction for the second data center.
这里,所述的会话信息中可包含发送的或接收的数据包的源地址和目的地址其中,源地址包括源IP地址以及源端口号,目的地址包括目的IP地址和目的端口号,当然,上述会话信息中还可包含有传输层协议,对于出方向的会话信息的传输层协议与第一服务器或第二服务器发送的原数据包中五元组的传输层协议相一致,而对于入方向的会话信息中的传输层协议,不一定与原数据包中五元组的传输层协议相一致,还可以为数据包在代理服务器之间的传输过程中所采用的协议。Here, the session information may include a source address and a destination address of the transmitted or received data packet, where the source address includes a source IP address and a source port number, and the destination address includes a destination IP address and a destination port number, of course, the foregoing The session information may further include a transport layer protocol, and the transport layer protocol for the outbound session information is consistent with the transport layer protocol of the quintuple in the original data packet sent by the first server or the second server, and is in the inbound direction. The transport layer protocol in the session information is not necessarily consistent with the transport layer protocol of the quintuple in the original data packet, and may also be the protocol used in the transmission process of the data packet between the proxy servers.
其中,第一代理服务器修改数据包的包头五元组的具体实施方式如下:The specific implementation manner of the first proxy server modifying the packet header quintuple of the data packet is as follows:
根据接收的经路由转发的第一服务器发送给第二服务器的数据包的五元组,查找包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;And searching, according to the received quintuple of the data packet sent by the first server that is forwarded by the route to the second server, the first sending session information that includes the address of the first server and the address of the second server;
根据预置的会话信息之间的关联关系,确定与第一发送会话信息相关联的第一接收会话信息;其中,第一接收会话信息中包含的源地址为第二代理服务器的地址、目的地址为第一代理服务器的地址;Determining, according to the association relationship between the preset session information, the first receiving session information associated with the first sending session information; wherein the source address included in the first receiving session information is an address and a destination address of the second proxy server Is the address of the first proxy server;
将所述第一服务器发送给第二服务器的数据包的五元组中的目的地址修改为第一接收会话信息中的源地址、源地址修改为第一接收会话信息中的目的地址。The destination address in the quintuple of the data packet sent by the first server to the second server is modified to be the source address in the first receiving session information, and the source address is modified to the destination address in the first receiving session information.
其中,第二代理服务器将修改后的数据包的五元组还原为修改前的五元组的具体实施方式如下:The specific implementation manner in which the second proxy server restores the modified quintuple of the modified data packet to the quintuple before modification is as follows:
根据接收的由第一代理服务器转发的修改后的数据包的五元组,查找包含源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;And searching, according to the received quintuple of the modified data packet forwarded by the first proxy server, the second receiving session information including the address whose source address is the first proxy server and the destination address is the address of the second proxy server;
根据预置的会话信息之间的关联关系,确定与所述第二接收会话信息相关联的第二发送会话信息;其中,所述第二发送会话信息中包含的源地址为第二服务器的地址、目的地址为第一服务器的地址;Determining, according to an association relationship between the preset session information, second sending session information associated with the second receiving session information, where the source address included in the second sending session information is an address of the second server The destination address is the address of the first server;
将所述修改后的数据包的五元组中的目的地址修改为第二发送会话信息中的源地址,源地址修改为第二发送会话信息中的目的地址。The destination address in the quintuple of the modified data packet is modified to the source address in the second sending session information, and the source address is modified to the destination address in the second sending session information.
具体实施时,对于该数据包的五元组中的传输层协议,第一代理服务器可以不作修改,当然,也可以根据实际需求,修改为任一能够实现该数据包在第一代理服务器和第二代理服务器之间传输的传输层协议,如HTTP协议等,本申请对此不作限定。,若第一代理服务器在将该数据包转发给第二代理服务器的过程中,修改了该数据包的传输层协议,那么该数据包在第一代理服务器和第二代理服务器之间的传输过程,可基于修改后的协议进行调整,并不限定于本申请后文实施例中记载的传输过程。相应地,第二代理服务器在接收到该数据包之后,除还原该数据包五元组中的地址之外,还需根据第二接收会话信息中的传输层协议还原该数据包五元组中的传输层协议。In the specific implementation, the first proxy server may not be modified for the transport layer protocol in the quintuple of the data packet. Of course, it may be modified according to actual requirements to be able to implement the data packet in the first proxy server and the first The transport layer protocol transmitted between the two proxy servers, such as the HTTP protocol, is not limited in this application. And if the first proxy server modifies the transport layer protocol of the data packet in the process of forwarding the data packet to the second proxy server, the transmission process of the data packet between the first proxy server and the second proxy server The adjustment may be based on the modified protocol, and is not limited to the transmission process described in the following embodiments of the present application. Correspondingly, after receiving the data packet, the second proxy server needs to restore the data packet quintuple according to the transport layer protocol in the second receiving session information, in addition to restoring the address in the data packet quintuple. Transport layer protocol.
进一步地,对第一代理服务器和第二代理服务器生成会话信息的过程进行说明:Further, a process of generating session information by the first proxy server and the second proxy server is described:
其中,第一代理服务器生成第一发送会话信息和第一接收信息的具体实施方式包括:The specific implementation manner of the first proxy server generating the first sending session information and the first receiving information includes:
若首次接收经路由转发的第一服务器发送给第二服务器的数据包,则根据接收的数据包的五元组,生成包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;并,If the data packet sent by the first server that is forwarded by the route to the second server is received for the first time, according to the quintuple of the received data packet, an address including the address of the first server and the address of the second server is generated. First send session information; and,
根据接收的数据包的五元组中的目的地址,确定与目的地址相匹配的网段对应的服务器为第二代理服务器;Determining, according to the destination address in the quintuple of the received data packet, a server corresponding to the network segment matching the destination address as the second proxy server;
生成包含有源地址为第二代理服务器的地址、目的地址为第一代理服务器的地址的第一接收会话信息;并, Generating first receiving session information including an address whose active address is the second proxy server and whose destination address is the address of the first proxy server; and
将第一发送会话信息与第一接收会话信息之间建立关联关系。Establishing an association relationship between the first sending session information and the first receiving session information.
其中,第一代理服务器首次接收的经路由转发的第一服务器发送给第二服务器的数据包可以有两种情况,一种为用于请求建立TCP连接的数据包,另一种为基于UDP协议的数据包。并且,上述第一代理服务器生成第一发送会话信息和第一接收信息的过程对于这两种情况来说均适用。The data packet sent by the first server received by the first proxy server to the second server for the first time may have two cases, one is a data packet for requesting to establish a TCP connection, and the other is a UDP-based protocol. Packet. And, the process of generating the first sending session information and the first receiving information by the first proxy server is applicable to both cases.
需要注意的是,针对上述两种情况,第一代理服务器除执行上述生成第一发送会话信息和第一接收会话信息的处理过程以外,还需执行其它处理过程。相应地,第二代理服务器在这两种情况下生成第二发送会话信息和第二接收会话信息的方式也不同,具体为:It should be noted that, in the above two cases, the first proxy server needs to perform other processing procedures in addition to the processing of generating the first sending session information and the first receiving session information. Correspondingly, the manner in which the second proxy server generates the second sending session information and the second receiving session information in the two cases is different, specifically:
(1)第一种情况:第一代理服务器首次接收的该数据包为用于请求建立TCP连接的数据包。(1) Case 1: The first packet received by the first proxy server is a packet for requesting establishment of a TCP connection.
第一代理服务器还用于:The first proxy server is also used to:
在将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址之前,将修改前的数据包的五元组保存在该数据包中。Saving the quintuple of the modified data packet in the data packet before modifying the source address in the quintuple of the data packet to the address of the first proxy server and modifying the destination address to the address of the second proxy server in.
在这种情况下,由于在第一服务器、第一代理服务器、第二代理服务器以及第二服务器之间还未建立起基于TCP连接的会话,故第一代理服务器将修改前的数据包的五元组,也就是该数据包的原五元组信息保存在该数据包中,以便告知第二代理服务器该数据包的修改前的五元组信息。In this case, since the TCP connection-based session has not been established between the first server, the first proxy server, the second proxy server, and the second server, the first proxy server will modify the five packets before the packet. The tuple, that is, the original quintuple information of the data packet, is stored in the data packet to inform the second proxy server of the quintuple information before the modification of the data packet.
具体地,该修改前的数据包的五元组可存放在数据包中用于存放用户数据信息的数据区域,而修改后的数据包的五元组除放置在数据包的包头以外,还可存放在该数据区域中。Specifically, the quintuple of the data packet before the modification may be stored in a data area of the data packet for storing user data information, and the quintuple of the modified data packet may be placed in addition to the packet header of the data packet. Stored in this data area.
相应地,第二代理服务器还用于:Accordingly, the second proxy server is also used to:
根据接收的数据包中保存的修改前的五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;Generating, according to the modified quintuple stored in the received data packet, second sending session information including an address whose active address is the second server and whose destination address is the address of the first server;
根据接收到的数据包中修改后的五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;Generating, according to the modified five-tuple in the received data packet, second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
(2)第二种情况:第一代理服务器首次接收的经路由转发的第一服务器发送给第二服务器的数据包为基于UDP协议的数据包。(2) The second case: the data packet sent by the first server that is firstly received by the first proxy server to the second server is a UDP protocol-based data packet.
第一代理服务器还用于:The first proxy server is also used to:
在将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址之前,接收并缓存第一服务器发送给第二服务器的基于UDP协议的数据包;并,Receiving and buffering the UDP protocol sent by the first server to the second server before modifying the source address in the quintuple of the data packet to the address of the first proxy server and modifying the destination address to the address of the second proxy server Packet; and,
生成一个用于请求第二代理服务器创建会话的会话请求数据包并发送给第二代理服务器;Generating a session request packet for requesting the second proxy server to create a session and sending it to the second proxy server;
在接收到第二代理服务器发送的用于指示会话创建成功的会话响应数据包之后,将接收并缓存第一服务器发送给第二服务器的基于UDP协议的数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址。After receiving the session response data packet sent by the second proxy server indicating that the session is successfully created, the source address modification in the quintuple of the UDP protocol-based data packet sent by the first server to the second server is received and cached. The address and destination address of the first proxy server are modified to the address of the second proxy server.
其中,所述会话请求数据包中包括两种五元组,第一种为首次接收的第一服务器发送给第二服务器的数据包中的五元组,第二种为源地址为第一代理服务器、目的地址为第二代理服务器、传输层协议为指定传输协议的五元组。其中,所述两种五元组可位于所述会话请求数据包的用于存放用户数据信息的数据区域,也可将第一种五元组存放在所述会话 请求包的数据区域,第二种五元组存放在所述会话请求包的包头。The session request data packet includes two types of five-tuples, the first type is a quintuple in a data packet sent by the first server that is first received to the second server, and the second type is a source address being the first agent. The server and destination address are the second proxy server, and the transport layer protocol is a quintuple of the specified transport protocol. The two quintuples may be located in a data area of the session request data packet for storing user data information, or may store the first quintuple in the session. The data area of the request packet, the second five-tuple is stored in the header of the session request packet.
相应地,第二代理服务器还用于:Accordingly, the second proxy server is also used to:
根据所述第一种五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;以及,And generating second sending session information including an address whose active address is the second server and the destination address is the address of the first server according to the first five-tuple; and
根据所述第二种五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;并,According to the second quintuple, generating second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server; and
将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
此外,本申请实施例还提供一种优选实施方式,即第一代理服务器在接收到经路由转发的第一服务器发送给第二服务器的用于请求建立TCP连接的数据包之后,还可以向第一服务器反馈一个用于回复TCP连接建立请求的数据包;In addition, the embodiment of the present application further provides a preferred embodiment, that after the first proxy server receives the data packet sent by the first server that is forwarded by the route to the second server for requesting to establish a TCP connection, the first proxy server may further A server feeds back a data packet for replying to the TCP connection establishment request;
接收并缓存第一服务器发送给第一服务器的携带有用户数据信息的数据包;Receiving and buffering a data packet carrying the user data information sent by the first server to the first server;
在接收到由第二代理服务器转发的第二服务器响应的用于回复TCP连接建立请求的数据包之后,将缓存的携带有用户数据信息的数据包经由第二代理服务器发送给所述第二服务器。After receiving the data packet for replying to the TCP connection establishment request that is forwarded by the second server forwarded by the second proxy server, sending the buffered data packet carrying the user data information to the second server via the second proxy server .
基于上述优选实施方式,第一代理服务器可以将用于请求建立TCP连接的数据包发送给第二代理服务器,请求与第二代理服务器以及第二服务器建立TCP连接的同时,在本地与第一服务器建立TCP连接,进而缓存第一服务器基于TCP连接发送的所有数据包。这样,第一服务器无需等待第二服务器经由多级代理转发过来的用于回复TCP连接建立请求的数据包,也可以提前在本地确定TCP连接成功,进而将基于TCP连接的会话中所需的数据包先发送至第一代理服务器,由第一代理服务器进行缓存,那么后续第一代理服务器在接收到第二服务器响应的用于回复TCP连接建立请求的数据包之后,就可以直接将本地缓存的数据包经由第二代理服务器转发给第二服务器,从而能够有效缩短TCP连接的建立时间,并且提高了基于TCP连接的会话过程中数据包的转发效率,更好地满足了网络互联中的传输加速需求。Based on the above preferred embodiment, the first proxy server may send a data packet for requesting to establish a TCP connection to the second proxy server, requesting to establish a TCP connection with the second proxy server and the second server, and locally and the first server Establish a TCP connection to cache all packets sent by the first server based on the TCP connection. In this way, the first server does not need to wait for the data packet forwarded by the second server via the multi-level proxy for replying to the TCP connection establishment request, and can also determine the TCP connection success locally in advance, and then the data required in the session based on the TCP connection. The packet is first sent to the first proxy server and cached by the first proxy server, and then the subsequent first proxy server can directly cache the data packet after responding to the TCP connection establishment request by the second server. The data packet is forwarded to the second server via the second proxy server, thereby effectively shortening the setup time of the TCP connection, and improving the forwarding efficiency of the data packet in the session process based on the TCP connection, and better satisfying the transmission acceleration in the network interconnection. demand.
实施例二Embodiment 2
结合上述实施例一中所述的实现网络互连的系统,本申请实施例二提供了一种实现网络互连的方法,具体可参照图2所示的方法流程图:With reference to the method for implementing network interconnection described in the foregoing first embodiment, the second embodiment of the present application provides a method for implementing network interconnection. For details, refer to the method flowchart shown in FIG. 2:
步骤201:第一代理服务器接收经路由转发的部署于第一数据中心的第一服务器发送给部署于第二数据中心的第二服务器的数据包,所述数据包的包头包含五元组。Step 201: The first proxy server receives the data packet sent by the first server deployed in the first data center to the second server deployed in the second data center, and the packet header of the data packet includes a quintuple.
步骤202:第一代理服务器将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址。Step 202: The first proxy server modifies the source address in the quintuple of the data packet to the address of the first proxy server, and the destination address is modified to the address of the second proxy server.
步骤203:第一代理服务器将修改后的数据包发送给部署于所述第二数据中心的第二代理服务器。Step 203: The first proxy server sends the modified data packet to a second proxy server deployed in the second data center.
步骤204:第二代理服务器将由第一代理服务器修改后的数据包中的五元组还原为修改前的五元组。Step 204: The second proxy server restores the quintuple in the data packet modified by the first proxy server to the quintuple before modification.
步骤205:将还原后的数据包发送给第二服务器,以便第二服务器响应所述还原后的数据包。Step 205: Send the restored data packet to the second server, so that the second server responds to the restored data packet.
在具体实施中,若步骤201中第一代理服务器为首次接收经由转发的第一服务器发送给第二服务器的数据包,则在执行步骤202之前,可根据以下方式生成第一发送会话信息和第一接收会话信息: In a specific implementation, if the first proxy server in step 201 receives the data packet sent to the second server via the forwarded first server for the first time, before performing step 202, the first sending session information and the first Receive session information:
根据接收的数据包的五元组,生成包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;并,Generating, according to the quintuple of the received data packet, first sending session information including an address whose active address is the first server and an address whose destination address is the second server; and
根据接收的数据包的五元组中的目的地址,确定与所述目的地址相匹配的网段对应的服务器为第二代理服务器;Determining, according to the destination address in the quintuple of the received data packet, a server corresponding to the network segment that matches the destination address as a second proxy server;
生成包含有源地址为所述第二代理服务器的地址、目的地址为第一代理服务器的地址的第一接收会话信息;并,Generating first receiving session information including an address whose source address is the address of the second proxy server and an address of the first proxy server; and
将第一发送会话信息与第一接收会话信息之间建立关联关系。Establishing an association relationship between the first sending session information and the first receiving session information.
其中,若首次接收的经路由转发的第一服务器发送给第二服务器的数据包为用于请求建立TCP连接的数据包,则在执行步骤202之前,还可以将修改前的用于请求建立TCP连接的数据包的包头的五元组存储在该数据包中。If the data packet sent by the first server that is received by the first route to the second server is the data packet for requesting to establish a TCP connection, before the step 202 is performed, the TCP for requesting to establish the TCP may be used before the modification. The five-tuple of the header of the connected packet is stored in the packet.
并且,还可以向所述第一服务器反馈一个用于回复TCP连接建立请求的数据包,进而可以接收并缓存第一服务器发送给第一服务器的携带有用户数据信息的数据包,并在接收到由第二代理服务器转发的第二服务器响应的用于回复TCP连接建立请求的数据包之后,将缓存的携带有用户数据信息的数据包经由第二代理服务器发送给所述第二服务器。And, the data packet for replying to the TCP connection establishment request may be fed back to the first server, and the data packet carrying the user data information sent by the first server to the first server may be received and cached, and received After the second server forwarded by the second proxy server responds to the data packet for replying to the TCP connection establishment request, the cached data packet carrying the user data information is sent to the second server via the second proxy server.
其中,若首次接收的经路由转发的第一服务器发送给第二服务器的数据包为基于UDP协议的数据包,则在执行步骤202之前,第一代理服务器可与第二代理服务器之间创建会话,在会话创建之前,先将接收的第一服务器发送给第二服务器的基于UDP协议的数据包缓存在本地,并生成一个用于请求第二代理服务器创建会话的会话请求数据包并发送给第二代理服务器,若后续接收到第二代理服务器发送的用于指示会话创建成功的会话响应数据包,则确定会话创建成功,进而执行步骤202。The first proxy server may create a session with the second proxy server before performing step 202, if the data packet sent by the first server that is received by the first route to the second server is a UDP protocol-based data packet. Before the session is created, the UDP protocol-based data packet sent by the received first server to the second server is cached locally, and a session request packet for requesting the second proxy server to create a session is generated and sent to the first If the second proxy server receives the session response packet sent by the second proxy server to indicate that the session is successfully created, it is determined that the session is successfully created, and then step 202 is performed.
进一步地,步骤202中可根据预先生成的第一发送会话信息和第一接收会话信息来修改数据包的五元组,具体包括:Further, in step 202, the quintuple of the data packet may be modified according to the first generated session information and the first received session information, which specifically includes:
根据接收的经路由转发的第一服务器发送给第二服务器的数据包的五元组,查找包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;And searching, according to the received quintuple of the data packet sent by the first server that is forwarded by the route to the second server, the first sending session information that includes the address of the first server and the address of the second server;
根据预置的会话信息之间的关联关系,确定与所述第一发送会话信息相关联的第一接收会话信息;其中,第一接收会话信息中包含的源地址为第二代理服务器的地址、目的地址为第一代理服务器的地址;Determining, according to the association relationship between the preset session information, the first receiving session information associated with the first sending session information, where the source address included in the first receiving session information is an address of the second proxy server, The destination address is the address of the first proxy server;
将所述第一服务器发送给第二服务器的数据包的五元组中的目的地址修改为第一接收会话信息中的源地址、源地址修改为第一接收会话信息中的目的地址。The destination address in the quintuple of the data packet sent by the first server to the second server is modified to be the source address in the first receiving session information, and the source address is modified to the destination address in the first receiving session information.
进一步地,第二代理服务器在执行步骤203之前,还可以基于接收的由第一代理服务器转发的数据包中携带的五元组,建立第二发送会话信息和第二接收会话信息。Further, before performing step 203, the second proxy server may further establish second sending session information and second receiving session information based on the received quintuple carried in the data packet forwarded by the first proxy server.
其中,若接收由第一代理服务器转发的数据包为用于请求建立TCP连接的数据包,则所述由第一代理服务器转发的数据包中还包括由所述第一代理服务器修改前的数据包的五元组,进而第二代理服务器可以根据由第一代理服务器修改前的数据包的五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;根据由第一代理服务器转发的数据包的包头中修改后的五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;将第二发送会话信息与第二接收会话信息之间建立关联关系。If the data packet forwarded by the first proxy server is a data packet for requesting to establish a TCP connection, the data packet forwarded by the first proxy server further includes data modified by the first proxy server. The quintuple of the packet, and then the second proxy server, may generate the address including the address of the second server and the address of the first server according to the quintuple of the data packet before modification by the first proxy server. Transmitting the session information; generating, according to the modified five-tuple in the header of the data packet forwarded by the first proxy server, the second address including the address of the first proxy server and the address of the second proxy server Receiving session information; establishing an association relationship between the second sending session information and the second receiving session information.
其中,若接收由第一代理服务器转发的数据包为基于UDP协议的数据包,则在将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组之前,所述方法还 包括:If the data packet forwarded by the first proxy server is a UDP protocol-based data packet, before the quintuple in the data packet modified by the first proxy server is restored to the quintuple before the modification, The method also include:
接收所述第一代理服务器发送的用于请求创建会话的会话请求数据包;其中,所述会话请求数据包中包括两种五元组,第一种为首次接收的第一服务器发送给第二服务器的数据包中的五元组,第二种为源地址为第一代理服务器、目的地址为第二代理服务器、传输层协议为指定传输协议的五元组;Receiving, by the first proxy server, a session request data packet for requesting to create a session; wherein the session request data packet includes two types of five-tuples, and the first one is sent to the second server for the first time. The quintuple in the server's data packet, the second is the quintuple with the source address being the first proxy server, the destination address being the second proxy server, and the transport layer protocol being the specified transport protocol;
根据以下方式生成第二发送会话信息和第二接收会话信息:The second sending session information and the second receiving session information are generated according to the following manner:
根据所述第一种五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;以及,And generating second sending session information including an address whose active address is the second server and the destination address is the address of the first server according to the first five-tuple; and
根据所述第二种五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;并,According to the second quintuple, generating second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server; and
将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
进一步地,步骤203中可根据预先生成的第二发送会话信息和第二接收会话信息,将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组,具体包括:Further, in step 203, the quintuple in the data packet modified by the first proxy server may be restored to the quintuple before modification according to the pre-generated second sending session information and the second receiving session information, specifically include:
根据由所述第一代理服务器修改后的数据包中的五元组,查找包含源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;Searching, according to the quintuple in the data packet modified by the first proxy server, second receiving session information including an address whose source address is the first proxy server and whose destination address is the address of the second proxy server;
根据预置的会话信息之间的关联关系,确定与所述第二接收会话信息相关联的第二发送会话信息;其中,所述第二发送会话信息中包含的源地址为第二服务器的地址、目的地址为第一服务器的地址;Determining, according to an association relationship between the preset session information, second sending session information associated with the second receiving session information, where the source address included in the second sending session information is an address of the second server The destination address is the address of the first server;
将修改后的数据包的五元组中的目的地址修改为第二发送会话信息中的源地址、源地址修改为第二发送会话信息中的目的地址。The destination address in the quintuple of the modified data packet is modified to the source address in the second sending session information, and the source address is modified to the destination address in the second sending session information.
下面,结合上述实施例一和实施例二记载的内容,以部署于不同区域的数据中心A和数据中心B为例,对两个数据中心实现网络互联的方法进行举例说明。In the following, the data center A and the data center B deployed in different areas are taken as an example to describe the method for implementing network interconnection between two data centers, in combination with the content described in the first embodiment and the second embodiment.
首先,参照图3,为实现数据中心跨区域互联的场景示意图。假设数据中心A对应的网段为NET_A,数据中心B对应的网段为NET_B;代理服务器C和代理服务器D分别部署在数据中心A和数据中心B的出口网关处,数据中心A将NET_B的路由指向本地代理服务器C的内网IP地址IP_C,数据中心B将NET_A的路由指向本地代理服务器D的内网IP地址IP_D,两台代理服务器的公网IP地址分别为EIP_C、EIP_D,数据中心A的服务器E的内网IP地址为IP_E,数据中心B的服务器F的内网IP地址为IP_F。First, referring to FIG. 3, a schematic diagram of a scenario for interconnecting data centers across regions is implemented. Assume that the network segment corresponding to data center A is NET_A, and the network segment corresponding to data center B is NET_B; proxy server C and proxy server D are deployed at the egress gateways of data center A and data center B, respectively, and data center A routes NET_B. Point to the internal network IP address IP_C of the local proxy server C. The data center B points the route of the NET_A to the internal network IP address IP_D of the local proxy server D. The public network IP addresses of the two proxy servers are EIP_C and EIP_D, respectively. The internal network IP address of server E is IP_E, and the internal network IP address of server F of data center B is IP_F.
具体地,分别针对TCP协议的数据包以及UDP协议的数据包,对两数据中心之间实现网络互联的过程进行介绍。Specifically, the process of implementing network interconnection between the two data centers is introduced for the data packets of the TCP protocol and the data packets of the UDP protocol, respectively.
(1)针对TCP协议的IP数据包(1) IP packet for TCP protocol
首先,参照图4,为数据中心A的服务器E通过代理服务器C和D,同数据中心B的服务器F建立TCP连接的过程,具体流程如下:First, referring to FIG. 4, a process of establishing a TCP connection between the server E of the data center A and the server F of the data center B through the proxy servers C and D, the specific process is as follows:
步骤401:服务器E向服务器F发送一个用于请求建立TCP连接的synchronous包(SYN包),其中,该SYN包的包头包含有五元组(IP_E,IP_F,PORT_E,PORT_F,PROTO_TCP)。Step 401: The server E sends a synchronous packet (SYN packet) for requesting to establish a TCP connection to the server F, wherein the header of the SYN packet includes a five-tuple (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP).
步骤402:代理服务器C接收路由转发的由服务器E发送给F的SYN包,根据目的IP地址IP_F查找路由,匹配到数据中心B对应的NET_B网段,进而查找到部署于数据中心B的出口网关处的代理服务器D。Step 402: The proxy server C receives the SYN packet sent by the server E to the F, and searches for the route according to the destination IP address IP_F, matches the NET_B network segment corresponding to the data center B, and finds the egress gateway deployed in the data center B. Proxy server D.
这里,由于数据中心A的服务器E已将NET_B网段的路由指向了本地代理服务器C,故服务器E发送给部署于NET_B网段的服务器F的SYN包可经路由转发给本地代理服务 器C。Here, since the server E of the data center A has directed the route of the NET_B network segment to the local proxy server C, the SYN packet sent by the server E to the server F deployed on the NET_B network segment can be routed to the local proxy service. C.
步骤403:代理服务器C根据接收到的SYN包的包头5元组生成第一发送会话信息S1,其中,第一发送会话信息S1中源IP地址为IP_E,目的IP地址为IP_F,源端口号为PORT_E,目的端口号为PORT_F,传输层协议为PROTO_TCP。Step 403: The proxy server C generates the first sending session information S1 according to the packet header 5-tuple of the received SYN packet, where the source IP address of the first sending session information S1 is IP_E, the destination IP address is IP_F, and the source port number is PORT_E, the destination port number is PORT_F, and the transport layer protocol is PROTO_TCP.
根据查找到的远端代理服务器D的IP地址为EIP_D,远端代理端口PORT_D,以及本地IP地址EIP_C和本地代理端口PORT_C,生成第一接收会话信息S2,其中,第一接收会话信息S2中源IP地址为EIP_D,目的IP地址为EIP_C,源端口号为PORT_D,目的端口号为PORT_C,传输层协议PROTO_TCP),并将会话信息S1,S2之间建立关联关系。The first receiving session information S2 is generated according to the IP address of the remote proxy server D that is found as EIP_D, the remote proxy port PORT_D, and the local IP address EIP_C and the local proxy port PORT_C. The IP address is EIP_D, the destination IP address is EIP_C, the source port number is PORT_D, the destination port number is PORT_C, the transport layer protocol is PROTO_TCP, and the session information S1 and S2 are associated.
步骤404:代理服务器C根据SYN包的包头五元组,查找到第一发送会话信息S1,进而根据与S1相关联的第一接收会话信息S2,将SYN包的原包头五元组(IP_E,IP_F,PORT_E,PORT_F,PROTO_TCP)修改为(EIP_C,EIP_D,PORT_C,PORT_D,PROTO_TCP),将原包头五元组(IP_E,IP_F,PORT_E,PORT_F,PROTO_TCP)保存在SYN包中,将修改后的SYN包发给代理服务器D。Step 404: The proxy server C finds the first sending session information S1 according to the packet header quintuple of the SYN packet, and then, according to the first receiving session information S2 associated with S1, the original packet header quintuple of the SYN packet (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) is modified to (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP), and the original packet header quintuple (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) is saved in the SYN packet, and the modified SYN is modified. The package is sent to the proxy server D.
这里,由于SYN包的报文长度很小,故本申请中通过修改SYN包的包头,并将原包头五元组添加至数据包中,由于五元组信息占用的报文长度很小,故本申请中对数据包的修改方式并不会使修改后的数据包达到最大MTU长度,有效避免了数据包的分片和重组。Here, since the packet length of the SYN packet is small, the packet header of the SYN packet is modified in the present application, and the original quintuple quintuple is added to the data packet. Since the packet length occupied by the quintuple information is small, The modification of the data packet in the present application does not cause the modified data packet to reach the maximum MTU length, thereby effectively avoiding fragmentation and reassembly of the data packet.
需要注意的是,代理服务器C在首次接收到SYN包之后,将原包头五元组保存在数据包的数据区域,以便对端代理服务器D生成对应的会话信息。后续TCP连接建立成功之后,代理服务器C在转发服务器E基于TCP连接发送的数据包时,代理服务器C可以仅修改数据包的包头,不执行将原包头五元组保存在数据包中的动作。具体TCP连接建立成功之后的数据传输过程,将在后文中详细介绍。It should be noted that after receiving the SYN packet for the first time, the proxy server C saves the original packet quintuple in the data area of the data packet, so that the peer proxy server D generates corresponding session information. After the subsequent TCP connection is successfully established, when the proxy server C forwards the data packet sent by the server E based on the TCP connection, the proxy server C may modify only the packet header of the data packet, and does not perform the action of saving the original packet header quintuple in the data packet. The data transmission process after the successful establishment of a specific TCP connection will be described in detail later.
在具体实施中,代理服务器C可以将保存在SYN包中的原包头五元组进行加密处理,具体加密过程可参照现有流程,本申请对此不作限定。In the specific implementation, the proxy server C may perform the encryption processing on the original packet quintuple stored in the SYN packet. The specific encryption process may refer to the existing process, which is not limited in this application.
步骤405:代理服务器D接收到代理服务器C转发的SYN包后,根据SYN包中原包头五元组,建立第二发送会话信息S3,其中,S3中源IP地址为IP_F,目的IP地址为IP_E,源端口号为PORT_F,目的端口号为PORT_E,传输层协议为PROTO_TCP;Step 405: After receiving the SYN packet forwarded by the proxy server C, the proxy server D establishes the second sending session information S3 according to the original packet quintuple in the SYN packet, where the source IP address is IP_F and the destination IP address is IP_E. The source port number is PORT_F, the destination port number is PORT_E, and the transport layer protocol is PROTO_TCP.
根据SYN包中修改后的五元组,建立第二接收会话信息S4,其中S4中源IP地址为EIP_C,目的IP地址为EIP_D,源端口号为PORT_C,目的端口号为PORT_D,传输层协议为PROTO_TCP;并将会话信息S3、S4之间建立关联关系。According to the modified quintuple in the SYN packet, the second receiving session information S4 is established, wherein the source IP address in S4 is EIP_C, the destination IP address is EIP_D, the source port number is PORT_C, the destination port number is PORT_D, and the transport layer protocol is PROTO_TCP; and establishes an association relationship between session information S3, S4.
这里,若SYN包经过加密处理,则在接收到SYN包之后,可以首先对数据包进行解密处理,并验证数据包的合法性与完整性,具体解密与验证过程可参照现有流程,本申请对此不作限定。Here, if the SYN packet is encrypted, after receiving the SYN packet, the data packet may be decrypted first, and the legality and integrity of the data packet may be verified. The specific decryption and verification process may refer to the existing process. This is not limited.
步骤406:代理服务器D根据SYN包包头五元组,查找到第二接收信息S4,进而根据与S4相关联的第二发送会话信息S3,将SYN包的包头五元组(EIP_C,EIP_D,PORT_C,PORT_D,PROTO_TCP)修改为(IP_E,IP_F,PORT_E,PORT_F,PROTO_TCP),并经路由转发给服务器F。Step 406: The proxy server D finds the second receiving information S4 according to the SYN packet header quintuple, and further sets the packet header quintuple of the SYN packet according to the second sending session information S3 associated with S4 (EIP_C, EIP_D, PORT_C , PORT_D, PROTO_TCP) is modified to (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) and forwarded to server F via routing.
步骤407:服务器F在基于TCP协议的端口PORT_F监听并接收SYN包,对SYN包进行处理之后,发送用于回复TCP连接建立请求的SYN-ACK包,其中,SYN-ACK包的包头包含的五元组为(IP_F,IP_E,PORT_F,PORT_E,PROTO_TCP)。Step 407: The server F listens to and receives the SYN packet on the port PORT_F based on the TCP protocol, and after processing the SYN packet, sends a SYN-ACK packet for replying to the TCP connection establishment request, where the header of the SYN-ACK packet includes five The tuple is (IP_F, IP_E, PORT_F, PORT_E, PROTO_TCP).
步骤408:代理服务器D接收经路由转发的SYN-ACK包,根据SYN-ACK包的包头 五元组,查找第二发送会话信息S3,并根据S3确定关联的第二接收会话信息S4,将SYN-ACK包的包头五元组(IP_F,IP_E,PORT_F,PORT_E,PROTO_TCP)修改为(EIP_D,EIP_C,PORT_D,PORT_C,PROTO_TCP),并将修改后的SYN-ACK包转发给代理服务器C。Step 408: The proxy server D receives the route-forwarded SYN-ACK packet according to the packet header of the SYN-ACK packet. The quintuple finds the second sending session information S3, and determines the associated second receiving session information S4 according to S3, and modifies the packet header quintuple (IP_F, IP_E, PORT_F, PORT_E, PROTO_TCP) of the SYN-ACK packet to (EIP_D). , EIP_C, PORT_D, PORT_C, PROTO_TCP), and forward the modified SYN-ACK packet to the proxy server C.
步骤409:代理服务器C接收到SYN-ACK包后,根据SYN-ACK包的包头五元组,查找第一接收会话信息S2,并根据S2确定关联的第一发送会话信息S1,将SYN-ACK包的包头五元组(EIP_D,EIP_C,PORT_D,PORT_C,PROTO_TCP)修改为(IP_F,IP_E,PORT_F,PORT_E,PROTO_TCP),并转发给服务器E。Step 409: After receiving the SYN-ACK packet, the proxy server C searches for the first receiving session information S2 according to the packet header quintuple of the SYN-ACK packet, and determines the associated first sending session information S1 according to S2, and sets the SYN-ACK. The packet's packet header quintuple (EIP_D, EIP_C, PORT_D, PORT_C, PROTO_TCP) is modified to (IP_F, IP_E, PORT_F, PORT_E, PROTO_TCP) and forwarded to server E.
步骤410:服务器E接收服务器F返回的SYN-ACK包,进而向服务器F返回用于指示TCP连接建立成功的LAST-ACK包。Step 410: The server E receives the SYN-ACK packet returned by the server F, and returns a LAST-ACK packet indicating that the TCP connection is successfully established to the server F.
图中步骤504为简化流程,具体地,LAST-ACK包的转发流程可参照上述SYN包的转发流程(代理服务器C→代理服务器D→服务器E)进行转发,当服务器F接收到服务器E发送的LAST-ACK包后,确定与服务器E的TCP连接成功建立,后续,两服务器之间可基于建立的TCP连接,进行数据包的双向传输。Step 504 in the figure is a simplified process. Specifically, the forwarding process of the LAST-ACK packet can be forwarded by referring to the forwarding process of the above SYN packet (proxy server C → proxy server D → server E), and when the server F receives the server E. After the LAST-ACK packet, it is determined that the TCP connection with the server E is successfully established. Subsequently, the two servers can perform bidirectional transmission of the data packet based on the established TCP connection.
需要注意的是,这里步骤401至步骤410中TCP连接建立的过程是代理服务器C工作在不完全代理的工作模式下进行的。It should be noted that the process of establishing the TCP connection in steps 401 to 410 here is performed by the proxy server C in the working mode of the incomplete proxy.
较佳的,本申请实施例中,代理服务器还可以工作在完全代理的工作模式下,其中,完全代理的工作模式下相对于不完全代理的工作模式下的TCP连接的建立过程有以下几点不同:Preferably, in the embodiment of the present application, the proxy server can also work in the working mode of the full proxy, wherein the working process of the full proxy works with respect to the establishment of the TCP connection in the working mode of the incomplete proxy has the following points: different:
一是,在执行完步骤401之后,代理服务器C在接收到用于请求建立TCP连接的SYN包之后,可以立即向服务器E反馈一个用于回复TCP连接建立请求的SYN-ACK包,在代理服务器D返回服务器F发送的SYN-ACK包之前,进一步若接收到路由转发的服务器E发送的用于指示TCP连接建立成功的LAST-ACK包以及后续的ACK包,则暂时缓存,直到接收到代理服务器D返回服务器F发送的SYN-ACK包。确定本地代理服务器C与服务器E之间的TCP连接建立成功。这一过程可与步骤402~步骤408并行完成。First, after performing step 401, after receiving the SYN packet for requesting to establish a TCP connection, the proxy server C can immediately feed back to the server E a SYN-ACK packet for replying to the TCP connection establishment request, in the proxy server. D returns to the SYN-ACK packet sent by the server F, and further receives the LAST-ACK packet sent by the server E for routing forwarding and the subsequent ACK packet, and then temporarily caches until the proxy server is received. D returns the SYN-ACK packet sent by server F. It is determined that the TCP connection between the local proxy server C and the server E is successfully established. This process can be done in parallel with steps 402 through 408.
二是,在执行完步骤408之后(不执行步骤409~410),代理服务器C将缓存的服务器E发送的用于指示TCP连接建立成功的LAST-ACK包以及后续的ACK包经由代理服务器D转发给服务器F。具体转发过程可参照上述流程。Second, after performing step 408 (steps 409-410 are not performed), the proxy server C forwards the LAST-ACK packet sent by the cached server E for indicating the successful establishment of the TCP connection and the subsequent ACK packet to be forwarded via the proxy server D. Give server F. For the specific forwarding process, refer to the above process.
当服务器F接收到服务器E发送的LAST-ACK包后,确定与服务器E的TCP连接成功建立,后续,两服务器之间可基于建立的TCP连接,进行数据包的双向传输。After the server F receives the LAST-ACK packet sent by the server E, it determines that the TCP connection with the server E is successfully established. Subsequently, the two servers can perform bidirectional transmission of the data packet based on the established TCP connection.
进一步地,参照图5,为数据中心A的服务器E与数据中心B的服务器F基于TCP连接进行数据传输的过程,具体流程如下:Further, referring to FIG. 5, the process of data transmission based on the TCP connection between the server E of the data center A and the server F of the data center B is as follows:
步骤501:服务器E基于TCP连接向服务器F发送一个携带有用户数据信息的数据包,其中,该数据包的包头为(IP_E,IP_F,PORT_E,PORT_F,PROTO_TCP)。Step 501: The server E sends a data packet carrying the user data information to the server F based on the TCP connection, where the packet header of the data packet is (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP).
步骤502:代理服务器C接收路由转发的由服务器E发送给F的该数据包,根据该数据包的包头五元组,查找预先生成的第一发送会话信息S1,并根据S1确定关联的第一接收会话信息S2,将该数据包的包头五元组(IP_E,IP_F,PORT_E,PORT_F,PROTO_TCP)修改为(EIP_C,EIP_D,PORT_C,PORT_D,PROTO_TCP),并将修改后的该数据包转发给代理服务器D。Step 502: The proxy server C receives the route-transferred data packet sent by the server E to the F, searches for the pre-generated first transmission session information S1 according to the packet header quintuple of the data packet, and determines the first associated association according to S1. Receiving session information S2, modifying the packet header quintuple (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP) of the data packet to (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP), and forwarding the modified packet to the proxy Server D.
具体地,若代理服务器C在本地与服务器E完成TCP建立过程后,已缓存服务器E 基于TCP连接发送给服务器F的该数据包,则可以直接将缓存的该数据包进行上述修改并转发给代理服务器D。Specifically, if the proxy server C completes the TCP establishment process with the server E locally, the cached server E is cached. The data packet sent to the server F based on the TCP connection can directly modify the cached data packet and forward it to the proxy server D.
步骤503:代理服务器D接收到代理服务器C转发的该数据包后,根据该数据包的包头五元组(EIP_C,EIP_D,PORT_C,PORT_D,PROTO_TCP),查找预先生成的第二接收会话信息S4,并根据S4确定关联的第二接收会话信息S3,将该数据包的包头五元组(EIP_C,EIP_D,PORT_C,PORT_D,PROTO_TCP)修改为(IP_E,IP_F,PORT_E,PORT_F,PROTO_TCP),并将修改后的该数据包转发给服务器F。Step 503: After receiving the data packet forwarded by the proxy server C, the proxy server D searches for the pre-generated second receiving session information S4 according to the packet header quintuple (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP) of the data packet. And determining the associated second receiving session information S3 according to S4, modifying the packet header quintuple (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_TCP) of the data packet to (IP_E, IP_F, PORT_E, PORT_F, PROTO_TCP), and modifying The subsequent packet is forwarded to server F.
步骤504:服务器F接收并响应服务器E基于TCP连接发来的数据包。Step 504: The server F receives and responds to the data packet sent by the server E based on the TCP connection.
其中,图中步骤504为简化流程,具体地,服务器F响应的数据包由经由代理服务器D、C转发至数据中心A的服务器E的过程可参照上述数据包的转发流程,不再一一赘述。Step 504 in the figure is a simplified process. Specifically, the process of forwarding the data packet of the server F by the proxy server D, C to the server E of the data center A may refer to the forwarding process of the data packet, and will not be described again. .
基于上述过程,数据中心A的服务器E与数据中心的服务器F可基于建立的TCP连接进行数据包的双向传输,直至建立的TCP连接超时,或者TCP连接被服务器E或F主动断开。Based on the above process, the server E of the data center A and the server F of the data center can perform bidirectional transmission of the data packets based on the established TCP connection until the established TCP connection times out, or the TCP connection is actively disconnected by the server E or F.
(2)针对UDP协议的IP数据包(2) IP packet for UDP protocol
首先,参照图6,为数据中心A的服务器E通过代理服务器C和D,同数据中心B的服务器F进行基于UDP协议的数据传输过程,具体流程如下:First, referring to FIG. 6, the server E of the data center A performs the data transmission process based on the UDP protocol through the proxy servers C and D and the server F of the data center B. The specific process is as follows:
步骤601:服务器E向服务器F发送一个基于UDP协议的数据包(简称UDP包),其中,该UDP包的包头为(IP_E,IP_F,PORT_E,PORT_F,PROTO_UDP)。Step 601: The server E sends a data packet (referred to as a UDP packet) based on the UDP protocol to the server F, where the header of the UDP packet is (IP_E, IP_F, PORT_E, PORT_F, PROTO_UDP).
步骤602:代理服务器C接收路由转发的由服务器E发送给F的UDP包,根据目的IP地址IP_F查找路由,匹配到数据中心B对应的NET_B网段,进而查找到部署于数据中心B出口网关处的代理服务器D。Step 602: The proxy server C receives the UDP packet sent by the server E to the F, and searches for the route according to the destination IP address IP_F, matches the NET_B network segment corresponding to the data center B, and finds that it is deployed at the data center B exit gateway. Proxy server D.
步骤603:代理服务器C根据接收到的UDP包的包头5元组生成第一发送会话信息S1,其中,会话信息中包含的内容如上一实施例所述,这里不在赘述;Step 603: The proxy server C generates the first sending session information S1 according to the packet header 5 tuple of the received UDP packet, where the content included in the session information is as described in the foregoing embodiment, and is not described herein;
根据查找到的远端代理服务器D,确定远端代理IP地址为EIP_D,远端代理端口为PORT_D,进而根据已知的本地IP地址EIP_C以及本地代理端口PORT_C,生成第一接收会话信息S2,并将会话信息S1,S2之间建立关联关系。According to the found remote proxy server D, it is determined that the remote proxy IP address is EIP_D, and the remote proxy port is PORT_D, and then the first receiving session information S2 is generated according to the known local IP address EIP_C and the local proxy port PORT_C, and An association relationship is established between the session information S1 and S2.
步骤604:代理服务器C缓存服务器E发送的UDP包,并生成一个用于请求代理服务器D创建会话的会话请求数据包,将该会话请求数据包发送给远端代理服务器D。Step 604: The proxy server C caches the UDP packet sent by the server E, and generates a session request data packet for requesting the proxy server D to create a session, and sends the session request data packet to the remote proxy server D.
其中,该会话请求数据包中包含有两种五元组,第一种为UDP包的原包头五元组(IP_E,IP_F,PORT_E,PORT_F,PROTO_UDP),第二种为由代理服务器C构造的数据包的五元组(EIP_C,EIP_D,PORT_C,PORT_D,PROTO_UDP),这两个五元组可按照协议约定格式保存在数据包的数据区域中。并且,该会话请求数据包的包头可按照确定的能够实现代理服务器C和代理服务器E之间的数据传输的传输层协议进行封装。The session request packet includes two types of five-tuples, the first being the original packet header quintuple of the UDP packet (IP_E, IP_F, PORT_E, PORT_F, PROTO_UDP), and the second being constructed by the proxy server C. The quintuple of the packet (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_UDP), these two quintuple can be saved in the data area of the packet according to the protocol convention format. Moreover, the header of the session request packet can be encapsulated according to a determined transport layer protocol capable of realizing data transmission between the proxy server C and the proxy server E.
在具体实施中,代理服务器C在接收到代理服务器D返回的用于指示会话建立成功的应答数据包之前,可以将接收的经路由转发的服务器E发送的与该UDP会话相关的数据包缓存在本地。并且,代理服务器C可以将保存在数据包的数据区域的两个五元组进行加密处理,具体加密过程可参照现有流程,本申请对此不作限定。In a specific implementation, the proxy server C may cache the data packet related to the UDP session sent by the received routed forwarding server E before receiving the response data packet returned by the proxy server D for indicating successful session establishment. local. In addition, the proxy server C can encrypt the two quintuples stored in the data area of the data packet. The specific encryption process can refer to the existing process, which is not limited in this application.
这里,通过将原UDP包保存在本地,重新生成一个包含有由代理服务器C构造的五元组以及原UDP包的包头五元组的数据包,由于该数据包仅包含两个五元组,五元组信息占用的报文长度很小,故本申请中对数据包的处理方式并不会使处理后的数据包达到最 大MTU长度,从而有效避免了数据包的分片和重组。并且,通过生成的数据包中的两个五元组,代理服务器D可以生成会话信息,以实现数据包在代理服务器C和D之间的转发。Here, by saving the original UDP packet locally, a packet containing the quintuple constructed by the proxy server C and the header quintuple of the original UDP packet is regenerated, since the packet contains only two quintuples, The length of the message occupied by the quintuple information is very small, so the processing of the data packet in this application does not make the processed data packet reach the maximum. Large MTU length, which effectively avoids fragmentation and reassembly of data packets. And, through the two five-tuples in the generated data packet, the proxy server D can generate session information to implement forwarding of the data packet between the proxy servers C and D.
步骤605:代理服务器D接收到代理服务器C转发的UDP包后,根据UDP包中原包头五元组,生成第二发送会话信息S3;Step 605: After receiving the UDP packet forwarded by the proxy server C, the proxy server D generates the second sending session information S3 according to the original packet quintuple in the UDP packet.
根据由代理服务器C构造的数据包的五元组,生成第二接收会话信息S4,并将会话信息S3、S4之间建立关联关系。The second receiving session information S4 is generated based on the quintuple of the data packet constructed by the proxy server C, and the relationship between the session information S3, S4 is established.
步骤606:代理服务器D发送用于指示会话创建成功的会话响应数据包给代理服务器C。Step 606: The proxy server D sends a session response data packet indicating that the session creation is successful to the proxy server C.
步骤607:代理服务器C接收到代理服务器D发送的应答数据包后,确定针对服务器E发起的UDP会话已在代理服务器D中成功建立。Step 607: After receiving the response packet sent by the proxy server D, the proxy server C determines that the UDP session initiated for the server E has been successfully established in the proxy server D.
步骤608:代理服务器C将本地缓存的服务器E发送给F的UDP包转发给代理服务器D。Step 608: The proxy server C forwards the UDP packet sent by the locally cached server E to the F to the proxy server D.
具体地,首先根据UDP包的包头五元组,查找第一发送会话信息S1,进而确定与S1相关联的第一接收会话信息S2,将UDP包的包头五元组(IP_E,IP_F,PORT_E,PORT_F,UDP)修改为(EIP_C,EIP_D,PORT_C,PORT_D,UDP),并将修改后的UDP包发送给代理服务器D。Specifically, first, according to the packet header quintuple of the UDP packet, the first sending session information S1 is searched, and then the first receiving session information S2 associated with S1 is determined, and the packet header quintuple of the UDP packet (IP_E, IP_F, PORT_E, PORT_F, UDP) is modified to (EIP_C, EIP_D, PORT_C, PORT_D, UDP), and the modified UDP packet is sent to the proxy server D.
这里,还可以对UDP包中的数据区域存储的信息进行加密和压缩,具体可参照现有流程,这里不再一一赘述。Here, the information stored in the data area in the UDP packet can be encrypted and compressed. For details, refer to the existing process, and details are not described herein again.
步骤609:代理服务器D收到代理服务器C转发的UDP包后,根据UDP包的包头五元组,查找第二接收会话信息S4,并根据S4确定关联的第二接收会话信息S3,将UDP包的包头五元组(EIP_C,EIP_D,PORT_C,PORT_D,PROTO_UDP)修改为(IP_E,IP_F,PORT_E,PORT_F,PROTO_UDP),并将修改后的UDP包转发给服务器F。Step 609: After receiving the UDP packet forwarded by the proxy server C, the proxy server D searches for the second receiving session information S4 according to the packet header quintuple of the UDP packet, and determines the associated second receiving session information S3 according to S4, and sets the UDP packet. The header quintuple (EIP_C, EIP_D, PORT_C, PORT_D, PROTO_UDP) is modified to (IP_E, IP_F, PORT_E, PORT_F, PROTO_UDP), and the modified UDP packet is forwarded to the server F.
这里,若UDP包经过加密以及压缩处理,则在接收到UDP包之后,可以首先对数据包进行解密,验证数据包的合法性与完成性,并将数据包中的数据信息进行解压缩,具体解码与解压缩的过程可参照现有流程,本申请对此不作限定。Here, if the UDP packet is encrypted and compressed, after receiving the UDP packet, the data packet may be decrypted first, the validity and completeness of the data packet are verified, and the data information in the data packet is decompressed. The process of decoding and decompression can refer to the existing process, which is not limited in this application.
步骤610:服务器F接收并响应服务器E发来的UDP包。Step 610: The server F receives and responds to the UDP packet sent by the server E.
这里,图中所示的步骤610为简化流程,具体地,服务器F响应的数据包也可经由代理服务器D、代理服务器C发送给服务器E,具体在代理服务器中的转发流程与上述流程类似,不再一一赘述。后续,服务器E与服务器F之间交互的数据包,均可经由代理服务器C、D进行转发,直到代理服务器C和代理服务器D之间建立的UDP会话超时释放。Here, the step 610 shown in the figure is a simplified process. Specifically, the data packet responded by the server F can also be sent to the server E via the proxy server D and the proxy server C. The forwarding process in the proxy server is similar to the above process. I will not repeat them one by one. Subsequently, the data packets exchanged between the server E and the server F can be forwarded through the proxy servers C and D until the UDP session established between the proxy server C and the proxy server D is timed out.
此外,本实施例中服务器E和服务器F仅作为举例,具体实施时,数据中心A中多台服务器发送的多个数据包可同时支持经由代理服务器C和D转发至数据中心B中对应的服务器中,其中,代理服务器C用于将多台服务器发送的多个数据包五元组中的内网地址均修改为代理服务器D对应的公网地址,相应地,代理服务器D用于基于预先生成的会话信息将接收的多个数据包五元组进行还原,以便将接收的多个数据包转发给数据中心B中对应的服务器中。具体转发流程可参照上述流程,这里不再赘述。In addition, in this embodiment, the server E and the server F are only taken as an example. In specific implementation, multiple data packets sent by multiple servers in the data center A can simultaneously support forwarding to the corresponding server in the data center B via the proxy servers C and D. The proxy server C is configured to modify the intranet addresses in the plurality of data packet quintuples sent by the multiple servers to the public network address corresponding to the proxy server D. Accordingly, the proxy server D is configured to generate based on the pre-generation The session information restores the received plurality of data packet quintuaries to forward the received plurality of data packets to the corresponding servers in the data center B. For the specific forwarding process, refer to the above process, and details are not described herein.
此外,在实际应用中,除在数据中心的边缘处部署代理服务器之外,还可在公网中对应两个数据中心的边缘接入点处部署代理服务器,比如,在公网中对应数据中心A的边缘接入点部署代理服务器M,对应数据中心B的边缘接入点部署代理服务器N,那么,数据 中心A的服务器发送给数据中心B的服务器的数据包,可经由代理C→代理M→代理N→代理D,转发至数据中心B对应的服务器中,具体在多级代理服务器中的转发流程可参照上述流程,这里不再赘述。In addition, in practical applications, in addition to deploying a proxy server at the edge of the data center, a proxy server may be deployed at an edge access point corresponding to two data centers in the public network, for example, in a public network corresponding data center. A's edge access point deploys proxy server M, corresponding to data center B's edge access point deploys proxy server N, then, data The data packet sent by the server of the center A to the server of the data center B can be forwarded to the server corresponding to the data center B via the agent C→agent M→agent N→agent D, and the forwarding process in the multi-level proxy server can be Refer to the above process, and will not be described here.
基于同一申请构思,本申请实施例中还提供了一种与实现网络互连的方法对应的实现网络互连的装置,由于该装置解决问题的原理与本申请实施例中实现网络互连的方法相似,因此该装置的实施可以参见方法的实施,重复之处不再赘述。Based on the same application concept, the embodiment of the present application further provides a device for implementing network interconnection corresponding to a method for implementing network interconnection, and the method for solving the problem by the device and the method for implementing network interconnection in the embodiment of the present application Similarly, the implementation of the device can be referred to the implementation of the method, and the repeated description will not be repeated.
实施例三Embodiment 3
如图7所示,为本申请实施例三提供的实现网络互连的装置的结构示意图,包括:FIG. 7 is a schematic structural diagram of an apparatus for implementing network interconnection according to Embodiment 3 of the present application, including:
接收模块71,用于接收经路由转发的部署于第一数据中心的第一服务器发送给部署于第二数据中心的第二服务器的数据包,所述数据包的包头包含五元组;The receiving module 71 is configured to receive a data packet that is sent by the first server deployed in the first data center to the second server that is deployed in the second data center, and the packet header of the data packet includes a five-tuple.
处理模块72,用于将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址;The processing module 72 is configured to modify a source address in the quintuple of the data packet to an address of the first proxy server, and modify the destination address to an address of the second proxy server;
发送模块73,用于将修改后的数据包发送给部署于所述第二数据中心的第二代理服务器。The sending module 73 is configured to send the modified data packet to a second proxy server deployed in the second data center.
实施例四Embodiment 4
如图8所示,为本申请实施例四提供的实现网络互连的装置的结构示意图,包括:FIG. 8 is a schematic structural diagram of an apparatus for implementing network interconnection according to Embodiment 4 of the present application, including:
接收模块81,用于接收由第一代理服务器转发的第一服务器发送给第二服务器的数据包;其中,所述数据包的包头的五元组中的源地址被所述第一代理服务器修改为第一代理服务器的地址、目的地址被所述第一代理服务器修改为第二代理服务器的地址;The receiving module 81 is configured to receive a data packet sent by the first server that is forwarded by the first proxy server to the second server, where the source address in the quintuple of the packet header of the data packet is modified by the first proxy server The address and destination address of the first proxy server are modified by the first proxy server to the address of the second proxy server;
处理模块82,用于将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组;The processing module 82 is configured to restore the quintuple in the data packet modified by the first proxy server to the quintuple before modification;
发送模块83,用于将还原后的数据包发送给第二服务器,以便第二服务器响应所述还原后的数据包;其中,所述第一代理服务器和所述第一服务器部署于第一数据中心,所述第二服务器部署于第二数据中心。a sending module 83, configured to send the restored data packet to the second server, so that the second server responds to the restored data packet, where the first proxy server and the first server are deployed in the first data Center, the second server is deployed in the second data center.
实施例五Embodiment 5
本申请实施例五还提供了一种计算设备,该计算设备具体可以为桌面计算机、便携式计算机、智能手机、平板电脑、个人数字助理(Personal Digital Assistant,PDA)等。如图9所示,该计算设备可以包括中央处理器(Center Processing Unit,CPU)901、存储器902、输入设备903,输出设备904等,输入设备可以包括键盘、鼠标、触摸屏等,输出设备可以包括显示设备,如液晶显示器(Liquid Crystal Display,LCD)、阴极射线管(Cathode Ray Tube,CRT)等。The fifth embodiment of the present application further provides a computing device, which may be a desktop computer, a portable computer, a smart phone, a tablet computer, a personal digital assistant (PDA), or the like. As shown in FIG. 9, the computing device may include a central processing unit (CPU) 901, a memory 902, an input device 903, an output device 904, etc., and the input device may include a keyboard, a mouse, a touch screen, etc., and the output device may include Display devices, such as liquid crystal displays (LCDs), cathode ray tubes (CRTs), and the like.
存储器可以包括只读存储器(ROM)和随机存取存储器(RAM),并向处理器提供存储器中存储的程序指令和数据。在本申请实施例中,存储器可以用于存储实现网络互连的方法的程序指令。The memory can include read only memory (ROM) and random access memory (RAM) and provides the processor with program instructions and data stored in the memory. In an embodiment of the present application, the memory may be used to store program instructions for implementing a method of network interconnection.
处理器通过调用存储器存储的程序指令,处理器用于按照获得的程序指令执行:接收经路由转发的部署于第一数据中心的第一服务器发送给部署于第二数据中心的第二服务器的数据包,所述数据包的包头包含五元组;将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址;将修改后的数据包发送给部署于所述第二数据中心的第二代理服务器,以便所述第二代理服务器将所述修改后的数据包的五元组还原为修改前的五元组并将还原后的数据包发送给第二服务器,由第二服务 器响应所述还原后的数据包。The processor is configured to execute the program instructions stored by the processor, and the processor is configured to execute according to the obtained program instructions: receiving the data packet transmitted by the first server deployed in the first data center and being sent to the second server deployed in the second data center The packet header of the data packet includes a quintuple; the source address in the quintuple of the data packet is modified to the address of the first proxy server, and the destination address is modified to the address of the second proxy server; the modified data is to be modified. Sending the packet to a second proxy server deployed in the second data center, so that the second proxy server restores the quintuple of the modified data packet to the quintuple before modification and the restored data The package is sent to the second server by the second service The device responds to the restored data packet.
实施例六Embodiment 6
本申请实施例六提供了一种计算机存储介质,用于储存为上述实施例五中的计算设备所用的计算机程序指令,其包含用于执行上述实现网络互连的方法的程序。The sixth embodiment of the present application provides a computer storage medium for storing computer program instructions used by the computing device in the above fifth embodiment, which includes a program for executing the above method for implementing network interconnection.
所述计算机存储介质可以是计算机能够存取的任何可用介质或数据存储设备,包括但不限于磁性存储器(例如软盘、硬盘、磁带、磁光盘(MO)等)、光学存储器(例如CD、DVD、BD、HVD等)、以及半导体存储器(例如ROM、EPROM、EEPROM、非易失性存储器(NAND FLASH)、固态硬盘(SSD))等。The computer storage medium can be any available media or data storage device accessible by a computer, including but not limited to magnetic storage (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (eg, CD, DVD, BD, HVD, etc.), and semiconductor memories (for example, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state hard disk (SSD)).
实施例七Example 7
本申请实施例七还提供了一种计算设备,该计算设备具体可以为桌面计算机、便携式计算机、智能手机、平板电脑、个人数字助理(Personal Digital Assistant,PDA)等。如图10所示,该计算设备可以包括中央处理器(Center Processing Unit,CPU)1001、存储器1002、输入设备1003,输出设备1004等,输入设备可以包括键盘、鼠标、触摸屏等,输出设备可以包括显示设备,如液晶显示器(Liquid Crystal Display,LCD)、阴极射线管(Cathode Ray Tube,CRT)等。The seventh embodiment of the present application further provides a computing device, which may be a desktop computer, a portable computer, a smart phone, a tablet computer, a personal digital assistant (PDA), or the like. As shown in FIG. 10, the computing device may include a central processing unit (CPU) 1001, a memory 1002, an input device 1003, an output device 1004, etc., and the input device may include a keyboard, a mouse, a touch screen, etc., and the output device may include Display devices, such as liquid crystal displays (LCDs), cathode ray tubes (CRTs), and the like.
存储器可以包括只读存储器(ROM)和随机存取存储器(RAM),并向处理器提供存储器中存储的程序指令和数据。在本申请实施例中,存储器可以用于存储实现网络互连的方法的程序指令。The memory can include read only memory (ROM) and random access memory (RAM) and provides the processor with program instructions and data stored in the memory. In an embodiment of the present application, the memory may be used to store program instructions for implementing a method of network interconnection.
处理器通过调用存储器存储的程序指令,处理器用于按照获得的程序指令执行:接收由第一代理服务器转发的第一服务器发送给第二服务器的数据包;其中,所述数据包的包头的五元组中的源地址被所述第一代理服务器修改为第一代理服务器的地址、目的地址被所述第一代理服务器修改为第二代理服务器的地址;将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组;将还原后的数据包发送给第二服务器,以便第二服务器响应所述还原后的数据包;其中,所述第一代理服务器和所述第一服务器部署于第一数据中心,所述第二服务器部署于第二数据中心。The processor is configured to execute, according to the obtained program instruction, the processor, by the processor, to receive the data packet sent by the first server forwarded by the first proxy server to the second server; wherein the packet header of the data packet is five The source address in the tuple is modified by the first proxy server to be the address of the first proxy server, and the destination address is modified by the first proxy server to the address of the second proxy server; the content to be modified by the first proxy server The quintuple in the data packet is restored to the quintuple before modification; the restored data packet is sent to the second server, so that the second server responds to the restored data packet; wherein the first proxy server and The first server is deployed in a first data center, and the second server is deployed in a second data center.
实施例八Example eight
本申请实施例八提供了一种计算机存储介质,用于储存为上述实施例七中的计算设备所用的计算机程序指令,其包含用于执行上述实现网络互连的方法的程序。Embodiment 8 of the present application provides a computer storage medium for storing computer program instructions for use in the computing device of the above-described Embodiment 7, which includes a program for executing the above-described method for implementing network interconnection.
所述计算机存储介质可以是计算机能够存取的任何可用介质或数据存储设备,包括但不限于磁性存储器(例如软盘、硬盘、磁带、磁光盘(MO)等)、光学存储器(例如CD、DVD、BD、HVD等)、以及半导体存储器(例如ROM、EPROM、EEPROM、非易失性存储器(NAND FLASH)、固态硬盘(SSD))等。The computer storage medium can be any available media or data storage device accessible by a computer, including but not limited to magnetic storage (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (eg, CD, DVD, BD, HVD, etc.), and semiconductor memories (for example, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state hard disk (SSD)).
最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。 Finally, it should be noted that the above embodiments are only used to explain the technical solutions of the present application, and are not limited thereto; although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that they can still The technical solutions described in the foregoing embodiments are modified, or the equivalents of the technical features are replaced by the equivalents. The modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (24)

  1. 一种实现网络互联的系统,其特征在于,该系统包括:均部署于第一数据中心的第一服务器和第一代理服务器、均部署于第二数据中心的第二服务器和第二代理服务器;其中,A system for implementing network interconnection, comprising: a first server and a first proxy server both deployed in a first data center; a second server and a second proxy server both deployed in a second data center; among them,
    第一服务器,用于向第二服务器发送数据包,所述数据包的包头包含五元组;a first server, configured to send a data packet to the second server, where the packet header includes a five-tuple;
    第一代理服务器,用于接收经路由转发的第一服务器发送给第二服务器的数据包;将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址;将修改后的数据包发送给第二代理服务器;a first proxy server, configured to receive a data packet sent by the first server that is forwarded by the route to the second server; modify a source address in the quintuple of the data packet to an address and a destination address of the first proxy server, and modify The address of the second proxy server; sending the modified data packet to the second proxy server;
    第二代理服务器,用于将所述修改后的数据包的五元组还原为修改前的五元组;将还原后的数据包发送给第二服务器;a second proxy server, configured to restore the quintuple of the modified data packet to a quintuple before modification; and send the restored data packet to the second server;
    第二服务器,用于接收并响应所述还原后的数据包。a second server, configured to receive and respond to the restored data packet.
  2. 如权利要求1所述的系统,其特征在于,所述第一代理服务器具体用于:The system of claim 1 wherein said first proxy server is specifically configured to:
    根据接收的经路由转发的第一服务器发送给第二服务器的数据包的五元组,查找包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;And searching, according to the received quintuple of the data packet sent by the first server that is forwarded by the route to the second server, the first sending session information that includes the address of the first server and the address of the second server;
    根据预置的会话信息之间的关联关系,确定与所述第一发送会话信息相关联的第一接收会话信息;其中,第一接收会话信息中包含的源地址为第二代理服务器的地址、目的地址为第一代理服务器的地址;Determining, according to the association relationship between the preset session information, the first receiving session information associated with the first sending session information, where the source address included in the first receiving session information is an address of the second proxy server, The destination address is the address of the first proxy server;
    将所述第一服务器发送给第二服务器的数据包的五元组中的目的地址修改为第一接收会话信息中的源地址、源地址修改为第一接收会话信息中的目的地址。The destination address in the quintuple of the data packet sent by the first server to the second server is modified to be the source address in the first receiving session information, and the source address is modified to the destination address in the first receiving session information.
  3. 如权利要求1所述的系统,其特征在于,所述第二代理服务器具体用于:The system of claim 1 wherein said second proxy server is specifically configured to:
    根据接收的由第一代理服务器转发的修改后的数据包的五元组,查找包含源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;And searching, according to the received quintuple of the modified data packet forwarded by the first proxy server, the second receiving session information including the address whose source address is the first proxy server and the destination address is the address of the second proxy server;
    根据预置的会话信息之间的关联关系,确定与所述第二接收会话信息相关联的第二发送会话信息;其中,所述第二发送会话信息中包含的源地址为第二服务器的地址、目的地址为第一服务器的地址;Determining, according to an association relationship between the preset session information, second sending session information associated with the second receiving session information, where the source address included in the second sending session information is an address of the second server The destination address is the address of the first server;
    将所述修改后的数据包的五元组中的目的地址修改为第二发送会话信息中的源地址,源地址修改为第二发送会话信息中的目的地址。The destination address in the quintuple of the modified data packet is modified to the source address in the second sending session information, and the source address is modified to the destination address in the second sending session information.
  4. 如权利要求2所述的系统,其特征在于,所述第一代理服务器还用于:The system of claim 2 wherein said first proxy server is further configured to:
    若首次接收经路由转发的第一服务器发送给第二服务器的数据包,则根据接收的数据包的五元组,生成包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;并,If the data packet sent by the first server that is forwarded by the route to the second server is received for the first time, according to the quintuple of the received data packet, an address including the address of the first server and the address of the second server is generated. First send session information; and,
    根据接收的数据包的五元组中的目的地址,确定与所述目的地址相匹配的网段对应的服务器为第二代理服务器;Determining, according to the destination address in the quintuple of the received data packet, a server corresponding to the network segment that matches the destination address as a second proxy server;
    生成包含有源地址为所述第二代理服务器的地址、目的地址为第一代理服务器的地址的第一接收会话信息;并,Generating first receiving session information including an address whose source address is the address of the second proxy server and an address of the first proxy server; and
    将第一发送会话信息与第一接收会话信息之间建立关联关系。Establishing an association relationship between the first sending session information and the first receiving session information.
  5. 如权利要求4所述的系统,其特征在于,若所述第一代理服务器首次接收的经路由转发的第一服务器发送给第二服务器的数据包为用于请求建立传输控制协议TCP连接的数据包,则所述第一代理服务器还用于: The system according to claim 4, wherein the data packet sent by the first server that is first received by the first proxy server to the second server is used to request data for establishing a transmission control protocol TCP connection. Package, the first proxy server is also used to:
    在将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址之前,将修改前的数据包的五元组存储在所述数据包中;Before modifying the source address in the quintuple of the data packet to the address of the first proxy server and modifying the destination address to the address of the second proxy server, storing the quintuple of the modified data packet in the data in the bag;
    所述第二代理服务器还用于:The second proxy server is further configured to:
    根据接收的数据包中存储的修改前的五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;Generating, according to the modified quintuple stored in the received data packet, second sending session information including an address whose active address is the second server and whose destination address is the address of the first server;
    根据接收到的数据包中修改后的五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;Generating, according to the modified five-tuple in the received data packet, second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
    将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
  6. 如权利要求5所述的系统,其特征在于,所述第一代理服务器还用于:The system of claim 5 wherein said first proxy server is further configured to:
    在接收到经路由转发的第一服务器发送给第二服务器的用于请求建立TCP连接的数据包之后,向所述第一服务器反馈一个用于回复TCP连接建立请求的数据包;Receiving, after receiving the data packet sent by the first server that is forwarded by the route to the second server for requesting to establish a TCP connection, feeding back a data packet for replying to the TCP connection establishment request to the first server;
    接收并缓存第一服务器发送给第一服务器的携带有用户数据信息的数据包;Receiving and buffering a data packet carrying the user data information sent by the first server to the first server;
    在接收到由第二代理服务器转发的第二服务器响应的用于回复TCP连接建立请求的数据包之后,将缓存的携带有用户数据信息的数据包经由第二代理服务器发送给所述第二服务器。After receiving the data packet for replying to the TCP connection establishment request that is forwarded by the second server forwarded by the second proxy server, sending the buffered data packet carrying the user data information to the second server via the second proxy server .
  7. 如权利要求4所述的系统,其特征在于,若所述第一代理服务器首次接收的经路由转发的第一服务器发送给第二服务器的数据包为基于用户数据报协议UDP协议的数据包,则所述第一代理服务器还用于:The system according to claim 4, wherein if the data packet sent by the first server that is first received by the first proxy server to the second server is a data packet based on the User Datagram Protocol (UDP) protocol, Then the first proxy server is further used to:
    在将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址之前,接收并缓存第一服务器发送给第二服务器的基于UDP协议的数据包;并,Receiving and buffering the UDP protocol sent by the first server to the second server before modifying the source address in the quintuple of the data packet to the address of the first proxy server and modifying the destination address to the address of the second proxy server Packet; and,
    生成一个用于请求第二代理服务器创建会话的会话请求数据包并发送给第二代理服务器;Generating a session request packet for requesting the second proxy server to create a session and sending it to the second proxy server;
    在接收到第二代理服务器发送的用于指示会话创建成功的会话响应数据包之后,所述第一代理服务器具体用于:After receiving the session response data packet sent by the second proxy server to indicate that the session creation is successful, the first proxy server is specifically configured to:
    将接收并缓存第一服务器发送给第二服务器的基于UDP协议的数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址。The source address in the quintuple of the UDP protocol-based data packet received and buffered by the first server and sent to the second server is modified to be the address of the first proxy server, and the destination address is modified to the address of the second proxy server.
  8. 如权利要求7所述的系统,其特征在于,所述会话请求数据包中包括两种五元组,第一种为首次接收的第一服务器发送给第二服务器的数据包中的五元组,第二种为源地址为第一代理服务器、目的地址为第二代理服务器、传输层协议为指定传输协议的五元组;The system according to claim 7, wherein said session request data packet includes two five-tuples, and the first one is a five-tuple in a data packet sent by the first server that is first received to the second server. The second type is a quintuple whose source address is the first proxy server, the destination address is the second proxy server, and the transport layer protocol is the specified transport protocol;
    所述第二代理服务器还用于:The second proxy server is further configured to:
    根据所述第一种五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;以及,And generating second sending session information including an address whose active address is the second server and the destination address is the address of the first server according to the first five-tuple; and
    根据所述第二种五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;并,According to the second quintuple, generating second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server; and
    将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
  9. 一种实现网络互连的方法,其特征在于,所述方法包括:A method for implementing network interconnection, characterized in that the method comprises:
    接收经路由转发的部署于第一数据中心的第一服务器发送给部署于第二数据中心的第二服务器的数据包,所述数据包的包头包含五元组;Receiving, by the first server deployed in the first data center, the data packet sent to the second server deployed in the second data center, the packet header of the data packet includes a quintuple;
    将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第 二代理服务器的地址;Modifying the source address in the quintuple of the data packet to the address of the first proxy server, and modifying the destination address to The address of the second proxy server;
    将修改后的数据包发送给部署于所述第二数据中心的第二代理服务器,以便所述第二代理服务器将所述修改后的数据包的五元组还原为修改前的五元组并将还原后的数据包发送给第二服务器,由第二服务器响应所述还原后的数据包。Sending the modified data packet to a second proxy server deployed in the second data center, so that the second proxy server restores the quintuple of the modified data packet to the quintuple before modification The restored data packet is sent to the second server, and the second server responds to the restored data packet.
  10. 如权利要求9所述的方法,其特征在于,将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址,包括:The method of claim 9, wherein modifying the source address in the quintuple of the data packet to the address of the first proxy server and modifying the destination address to the address of the second proxy server comprises:
    根据接收的经路由转发的第一服务器发送给第二服务器的数据包的五元组,查找包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;And searching, according to the received quintuple of the data packet sent by the first server that is forwarded by the route to the second server, the first sending session information that includes the address of the first server and the address of the second server;
    根据预置的会话信息之间的关联关系,确定与所述第一发送会话信息相关联的第一接收会话信息;其中,第一接收会话信息中包含的源地址为第二代理服务器的地址、目的地址为第一代理服务器的地址;Determining, according to the association relationship between the preset session information, the first receiving session information associated with the first sending session information, where the source address included in the first receiving session information is an address of the second proxy server, The destination address is the address of the first proxy server;
    将所述第一服务器发送给第二服务器的数据包的五元组中的目的地址修改为第一接收会话信息中的源地址、源地址修改为第一接收会话信息中的目的地址。The destination address in the quintuple of the data packet sent by the first server to the second server is modified to be the source address in the first receiving session information, and the source address is modified to the destination address in the first receiving session information.
  11. 如权利要求10所述的方法,其特征在于,根据以下方式生成第一发送会话信息和第一接收会话信息:The method of claim 10, wherein the first transmission session information and the first reception session information are generated according to the following manner:
    若首次接收经路由转发的第一服务器发送给第二服务器的数据包,则根据接收的数据包的五元组,生成包含有源地址为第一服务器的地址、目的地址为第二服务器的地址的第一发送会话信息;并,If the data packet sent by the first server that is forwarded by the route to the second server is received for the first time, according to the quintuple of the received data packet, an address including the address of the first server and the address of the second server is generated. First send session information; and,
    根据接收的数据包的五元组中的目的地址,确定与所述目的地址相匹配的网段对应的服务器为第二代理服务器;Determining, according to the destination address in the quintuple of the received data packet, a server corresponding to the network segment that matches the destination address as a second proxy server;
    生成包含有源地址为所述第二代理服务器的地址、目的地址为第一代理服务器的地址的第一接收会话信息;并,Generating first receiving session information including an address whose source address is the address of the second proxy server and an address of the first proxy server; and
    将第一发送会话信息与第一接收会话信息之间建立关联关系。Establishing an association relationship between the first sending session information and the first receiving session information.
  12. 如权利要求11所述的方法,其特征在于,若首次接收的经路由转发的第一服务器发送给第二服务器的数据包为用于请求建立传输控制协议TCP连接的数据包,则在将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址之前,所述方法还包括:The method according to claim 11, wherein if the first received data packet sent by the first server that is forwarded by the route to the second server is a data packet for requesting to establish a TCP connection of the Transmission Control Protocol, The method further includes: before the source address in the quintuple of the data packet is modified to the address of the first proxy server, and the destination address is modified to the address of the second proxy server, the method further includes:
    将修改前的所述用于请求建立TCP连接的数据包的包头的五元组存储在该数据包中。A five-tuple of the header of the data packet for requesting establishment of a TCP connection before the modification is stored in the data packet.
  13. 如权利要求12所述的方法,其特征在于,在接收到经路由转发的第一服务器发送给第二服务器的用于请求建立TCP连接的数据包之后,所述方法还包括:The method of claim 12, after receiving the data packet for requesting to establish a TCP connection sent by the first server that is forwarded by the route to the second server, the method further includes:
    向所述第一服务器反馈一个用于回复TCP连接建立请求的数据包;Returning, to the first server, a data packet for replying to the TCP connection establishment request;
    接收并缓存第一服务器发送给第一服务器的携带有用户数据信息的数据包;Receiving and buffering a data packet carrying the user data information sent by the first server to the first server;
    在接收到由第二代理服务器转发的第二服务器响应的用于回复TCP连接建立请求的数据包之后,将缓存的携带有用户数据信息的数据包经由第二代理服务器发送给所述第二服务器。After receiving the data packet for replying to the TCP connection establishment request that is forwarded by the second server forwarded by the second proxy server, sending the buffered data packet carrying the user data information to the second server via the second proxy server .
  14. 如权利要求11所述的方法,其特征在于,若首次接收的经路由转发的第一服务器发送给第二服务器的数据包为基于用户数据报协议UDP协议的数据包,则在将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址之前,所述方法还包括:The method according to claim 11, wherein if the data packet sent by the first server that is received by the first route to the second server is a data packet based on the User Datagram Protocol (UDP) protocol, the data is Before the source address in the quintuple of the packet is modified to the address of the first proxy server and the destination address is modified to the address of the second proxy server, the method further includes:
    接收并缓存第一服务器发送给第二服务器的基于UDP协议的数据包;并, Receiving and buffering a UDP protocol-based data packet sent by the first server to the second server; and,
    生成一个用于请求第二代理服务器创建会话的会话请求数据包并发送给第二代理服务器;Generating a session request packet for requesting the second proxy server to create a session and sending it to the second proxy server;
    在接收到第二代理服务器发送的用于指示会话创建成功的会话响应数据包之后,将接收并缓存第一服务器发送给第二服务器的基于UDP协议的数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址。After receiving the session response data packet sent by the second proxy server indicating that the session is successfully created, the source address modification in the quintuple of the UDP protocol-based data packet sent by the first server to the second server is received and cached. The address and destination address of the first proxy server are modified to the address of the second proxy server.
  15. 一种实现网络互连的方法,其特征在于,所述方法包括:A method for implementing network interconnection, characterized in that the method comprises:
    接收由第一代理服务器转发的第一服务器发送给第二服务器的数据包;其中,所述数据包的包头的五元组中的源地址被所述第一代理服务器修改为第一代理服务器的地址、目的地址被所述第一代理服务器修改为第二代理服务器的地址;Receiving, by the first server forwarded by the first proxy server, a data packet sent by the first server to the second server; wherein, the source address in the quintuple of the packet header of the data packet is modified by the first proxy server to be the first proxy server The address and the destination address are modified by the first proxy server to be the address of the second proxy server;
    将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组;Reverting the quintuple in the data packet modified by the first proxy server to the quintuple before modification;
    将还原后的数据包发送给第二服务器,以便第二服务器响应所述还原后的数据包;其中,所述第一代理服务器和所述第一服务器部署于第一数据中心,所述第二服务器部署于第二数据中心。Sending the restored data packet to the second server, so that the second server responds to the restored data packet; wherein the first proxy server and the first server are deployed in the first data center, and the second The server is deployed in the second data center.
  16. 如权利要求15所述的方法,其特征在于,将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组,包括:The method according to claim 15, wherein the quintuple in the data packet modified by the first proxy server is restored to the quintuple before modification, including:
    根据由所述第一代理服务器修改后的数据包中的五元组,查找包含源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;Searching, according to the quintuple in the data packet modified by the first proxy server, second receiving session information including an address whose source address is the first proxy server and whose destination address is the address of the second proxy server;
    根据预置的会话信息之间的关联关系,确定与所述第二接收会话信息相关联的第二发送会话信息;其中,所述第二发送会话信息中包含的源地址为第二服务器的地址、目的地址为第一服务器的地址;Determining, according to an association relationship between the preset session information, second sending session information associated with the second receiving session information, where the source address included in the second sending session information is an address of the second server The destination address is the address of the first server;
    将修改后的数据包的五元组中的目的地址修改为第二发送会话信息中的源地址、源地址修改为第二发送会话信息中的目的地址。The destination address in the quintuple of the modified data packet is modified to the source address in the second sending session information, and the source address is modified to the destination address in the second sending session information.
  17. 如权利要求15所述的方法,其特征在于,若接收由第一代理服务器转发的数据包为用于请求建立传输控制协议TCP连接的数据包,则所述由第一代理服务器转发的数据包中还包括由所述第一代理服务器修改前的数据包的五元组;The method according to claim 15, wherein if the data packet forwarded by the first proxy server is a data packet for requesting establishment of a Transmission Control Protocol TCP connection, the data packet forwarded by the first proxy server Also included in the quintuple of the data packet before being modified by the first proxy server;
    根据以下方式生成第二发送会话信息和第二接收会话信息:The second sending session information and the second receiving session information are generated according to the following manner:
    根据由所述第一代理服务器修改前的数据包的五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服务器的地址的第二发送会话信息;Generating, according to the quintuple of the data packet before the modification by the first proxy server, second sending session information including an address whose active address is the second server and an address whose destination address is the first server;
    根据由第一代理服务器转发的数据包的包头中修改后的五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;Generating, according to the modified five-tuple in the header of the data packet forwarded by the first proxy server, second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server;
    将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
  18. 如权利要求15所述的方法,其特征在于,若接收由第一代理服务器转发的数据包为基于用户数据报协议UDP协议的数据包,则在将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组之前,所述方法还包括:The method according to claim 15, wherein if the data packet forwarded by the first proxy server is a data packet based on the User Datagram Protocol UDP protocol, the data packet to be modified by the first proxy server Before the quintuple in the middle is restored to the quintuple before the modification, the method further includes:
    接收所述第一代理服务器发送的用于请求创建会话的会话请求数据包;其中,所述会话请求数据包中包括两种五元组,第一种为首次接收的第一服务器发送给第二服务器的数据包中的五元组,第二种为源地址为第一代理服务器、目的地址为第二代理服务器、传输层协议为指定传输协议的五元组;Receiving, by the first proxy server, a session request data packet for requesting to create a session; wherein the session request data packet includes two types of five-tuples, and the first one is sent to the second server for the first time. The quintuple in the server's data packet, the second is the quintuple with the source address being the first proxy server, the destination address being the second proxy server, and the transport layer protocol being the specified transport protocol;
    根据以下方式生成第二发送会话信息和第二接收会话信息:The second sending session information and the second receiving session information are generated according to the following manner:
    根据所述第一种五元组,生成包含有源地址为第二服务器的地址、目的地址为第一服 务器的地址的第二发送会话信息;以及,According to the first type of quintuple, generating an address including the active address as the second server, and the destination address is the first service The second sending session information of the server's address; and,
    根据所述第二种五元组,生成包含有源地址为第一代理服务器的地址、目的地址为第二代理服务器的地址的第二接收会话信息;并,According to the second quintuple, generating second receiving session information including an address whose active address is the first proxy server and whose destination address is the address of the second proxy server; and
    将第二发送会话信息与第二接收会话信息之间建立关联关系。Establishing an association relationship between the second sending session information and the second receiving session information.
  19. 一种实现网络互连的装置,其特征在于,所述装置包括:An apparatus for implementing network interconnection, characterized in that the apparatus comprises:
    接收模块,用于接收经路由转发的部署于第一数据中心的第一服务器发送给部署于第二数据中心的第二服务器的数据包,所述数据包的包头包含五元组;a receiving module, configured to receive a data packet sent by the first server deployed in the first data center and sent to the second server deployed in the second data center, where the packet header includes a quintuple;
    处理模块,用于将所述数据包的五元组中的源地址修改为第一代理服务器的地址、目的地址修改为第二代理服务器的地址;a processing module, configured to modify a source address in the quintuple of the data packet to an address of the first proxy server, and modify the destination address to an address of the second proxy server;
    发送模块,用于将修改后的数据包发送给部署于所述第二数据中心的第二代理服务器。And a sending module, configured to send the modified data packet to a second proxy server deployed in the second data center.
  20. 一种实现网络互连的装置,其特征在于,所述装置包括:An apparatus for implementing network interconnection, characterized in that the apparatus comprises:
    接收模块,用于接收由第一代理服务器转发的第一服务器发送给第二服务器的数据包;其中,所述数据包的包头的五元组中的源地址被所述第一代理服务器修改为第一代理服务器的地址、目的地址被所述第一代理服务器修改为第二代理服务器的地址;a receiving module, configured to receive a data packet sent by the first server that is forwarded by the first proxy server to the second server, where the source address in the quintuple of the packet header of the data packet is modified by the first proxy server to The address and destination address of the first proxy server are modified by the first proxy server to the address of the second proxy server;
    处理模块,用于将由所述第一代理服务器修改后的数据包中的五元组还原为修改前的五元组;a processing module, configured to restore the quintuple in the data packet modified by the first proxy server to the quintuple before modification;
    发送模块,用于将还原后的数据包发送给第二服务器,以便第二服务器响应所述还原后的数据包;其中,所述第一代理服务器和所述第一服务器部署于第一数据中心,所述第二服务器部署于第二数据中心。a sending module, configured to send the restored data packet to the second server, so that the second server responds to the restored data packet; wherein the first proxy server and the first server are deployed in the first data center The second server is deployed in the second data center.
  21. 一种计算机装置,其特征在于,所述计算机装置包括处理器,所述处理器用于执行存储器中存储的计算机程序指令时实现如权利要求9-14中任意一项所述方法的步骤。A computer apparatus, comprising: a processor, the processor for performing the steps of the method of any one of claims 9-14 when executing computer program instructions stored in a memory.
  22. 一种计算机可读存储介质,其上存储有计算机程序指令,其特征在于:所述计算机程序指令被处理器执行时实现如权利要求9-14中任意一项所述方法的步骤。A computer readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement the steps of the method of any of claims 9-14.
  23. 一种计算机装置,其特征在于,所述计算机装置包括处理器,所述处理器用于执行存储器中存储的计算机程序指令时实现如权利要求15-18中任意一项所述方法的步骤。A computer apparatus, comprising: a processor, the processor for performing the steps of the method of any one of claims 15-18 when executing computer program instructions stored in a memory.
  24. 一种计算机可读存储介质,其上存储有计算机程序指令,其特征在于:所述计算机程序指令被处理器执行时实现如权利要求15-18中任意一项所述方法的步骤。 A computer readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement the steps of the method of any of claims 15-18.
PCT/CN2017/088553 2017-06-16 2017-06-16 System, method and apparatus for implementing network interconnection WO2018227519A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/088553 WO2018227519A1 (en) 2017-06-16 2017-06-16 System, method and apparatus for implementing network interconnection
CN201780000451.7A CN107278360B (en) 2017-06-16 2017-06-16 System, method and device for realizing network interconnection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/088553 WO2018227519A1 (en) 2017-06-16 2017-06-16 System, method and apparatus for implementing network interconnection

Publications (1)

Publication Number Publication Date
WO2018227519A1 true WO2018227519A1 (en) 2018-12-20

Family

ID=60076512

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/088553 WO2018227519A1 (en) 2017-06-16 2017-06-16 System, method and apparatus for implementing network interconnection

Country Status (2)

Country Link
CN (1) CN107278360B (en)
WO (1) WO2018227519A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113315748A (en) * 2021-03-18 2021-08-27 阿里巴巴新加坡控股有限公司 Communication method and device
CN113890789A (en) * 2021-09-29 2022-01-04 华云数据控股集团有限公司 UDP tunnel traffic shunting method and traffic forwarding method suitable for data center
CN114726930A (en) * 2022-03-30 2022-07-08 深信服科技股份有限公司 Data packet tracking method, system, device and readable storage medium
CN114866316A (en) * 2022-04-29 2022-08-05 中国科学院信息工程研究所 Security protection method, device, equipment, storage medium and program product
CN115412465A (en) * 2022-07-11 2022-11-29 中国人民解放军国防科技大学 Method and system for generating distributed real network traffic data set based on client

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600326B (en) * 2018-03-29 2021-06-25 创新先进技术有限公司 Communication method, device and equipment
CN109981427B (en) * 2019-03-29 2021-03-16 烽火通信科技股份有限公司 Multi-service access network method and system
CN110120895B (en) * 2019-04-11 2023-01-17 北京字节跳动网络技术有限公司 Method, device, medium and electronic equipment for testing communication of mobile terminal
CN111182022B (en) * 2019-10-31 2023-08-29 腾讯云计算(北京)有限责任公司 Data transmission method and device, storage medium and electronic device
CN110971698B (en) * 2019-12-09 2022-04-22 北京奇艺世纪科技有限公司 Data forwarding system, method and device
CN111526223B (en) * 2020-04-23 2023-11-07 腾讯科技(深圳)有限公司 Management method of edge service server, service data processing method and device
CN112019559A (en) * 2020-09-04 2020-12-01 北京六间房科技有限公司 Data transmission system
CN113364691B (en) * 2021-05-31 2022-11-29 广州趣丸网络科技有限公司 Data interaction system, method, equipment and storage medium
CN115022325A (en) * 2022-06-07 2022-09-06 深圳市和讯华谷信息技术有限公司 Kafka inter-cluster data transmission method and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2461524A1 (en) * 2009-08-17 2012-06-06 Chengdu Huawei Symantec Technologies Co., Ltd Network proxy implementation method and apparatus
CN103209175A (en) * 2013-03-13 2013-07-17 深圳市同洲电子股份有限公司 Method and device for building data transmission connection
CN103428095A (en) * 2013-08-26 2013-12-04 深信服网络科技(深圳)有限公司 Proxy server and proxy method thereof
CN104852988A (en) * 2015-05-29 2015-08-19 杭州华三通信技术有限公司 A message forwarding method and device
CN106375493A (en) * 2016-10-10 2017-02-01 腾讯科技(深圳)有限公司 Cross-network communication method and proxy servers

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2461524A1 (en) * 2009-08-17 2012-06-06 Chengdu Huawei Symantec Technologies Co., Ltd Network proxy implementation method and apparatus
CN103209175A (en) * 2013-03-13 2013-07-17 深圳市同洲电子股份有限公司 Method and device for building data transmission connection
CN103428095A (en) * 2013-08-26 2013-12-04 深信服网络科技(深圳)有限公司 Proxy server and proxy method thereof
CN104852988A (en) * 2015-05-29 2015-08-19 杭州华三通信技术有限公司 A message forwarding method and device
CN106375493A (en) * 2016-10-10 2017-02-01 腾讯科技(深圳)有限公司 Cross-network communication method and proxy servers

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113315748A (en) * 2021-03-18 2021-08-27 阿里巴巴新加坡控股有限公司 Communication method and device
CN113890789A (en) * 2021-09-29 2022-01-04 华云数据控股集团有限公司 UDP tunnel traffic shunting method and traffic forwarding method suitable for data center
CN114726930A (en) * 2022-03-30 2022-07-08 深信服科技股份有限公司 Data packet tracking method, system, device and readable storage medium
CN114866316A (en) * 2022-04-29 2022-08-05 中国科学院信息工程研究所 Security protection method, device, equipment, storage medium and program product
CN115412465A (en) * 2022-07-11 2022-11-29 中国人民解放军国防科技大学 Method and system for generating distributed real network traffic data set based on client
CN115412465B (en) * 2022-07-11 2023-06-20 中国人民解放军国防科技大学 Method and system for generating distributed real network flow data set based on client

Also Published As

Publication number Publication date
CN107278360A (en) 2017-10-20
CN107278360B (en) 2020-07-14

Similar Documents

Publication Publication Date Title
WO2018227519A1 (en) System, method and apparatus for implementing network interconnection
US9667601B2 (en) Proxy SSL handoff via mid-stream renegotiation
US9467290B2 (en) Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols
JP2019528604A (en) System and method for virtual multipath data transport
US10038693B2 (en) Facilitating secure network traffic by an application delivery controller
US9350711B2 (en) Data transmission method, system, and apparatus
US7716731B2 (en) Method for dynamically tunneling over an unreliable protocol or a reliable protocol, based on network conditions
US11882199B2 (en) Virtual private network (VPN) whose traffic is intelligently routed
US20190297161A1 (en) Traffic forwarding and disambiguation by using local proxies and addresses
JP2018139448A5 (en)
CA2718274C (en) System and method for creating a transparent data tunnel
US11888818B2 (en) Multi-access interface for internet protocol security
CN112260926B (en) Data transmission system, method, device, equipment and storage medium of virtual private network
US20190190891A1 (en) Secure communication protocol processing
US20230319148A1 (en) Minimizing connection delay for a data session
WO2011055271A1 (en) Stateless transmission control protocol rendezvous solution for border gateway function
CN114679265B (en) Flow acquisition method, device, electronic equipment and storage medium
CN118301218A (en) Communication method and device
CN116032689A (en) Message transmission method based on tunnel and client gateway equipment
CN116094746A (en) Security gateway system for aggregating all Internet of things equipment in multiple operators
Chu et al. Benchmarking openVPN bundle with private encryption algorithm
JP2002077150A (en) Method for forming encrypted packet in cipher communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17913493

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17913493

Country of ref document: EP

Kind code of ref document: A1