WO2022001287A1 - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
WO2022001287A1
WO2022001287A1 PCT/CN2021/087107 CN2021087107W WO2022001287A1 WO 2022001287 A1 WO2022001287 A1 WO 2022001287A1 CN 2021087107 W CN2021087107 W CN 2021087107W WO 2022001287 A1 WO2022001287 A1 WO 2022001287A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
network device
hash value
tunnel
message
Prior art date
Application number
PCT/CN2021/087107
Other languages
French (fr)
Chinese (zh)
Inventor
王辉登
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN202011041940.7A external-priority patent/CN113965518A/en
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022001287A1 publication Critical patent/WO2022001287A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present application relates to the field of communication technologies, and in particular, to a method and device for processing messages.
  • load balancing is usually performed in a uniform hash method. That is, the hash value of each packet to be forwarded is calculated, and different packets to be forwarded are mapped to the outgoing interface of the network device based on the hash value. on the processing unit of a network device.
  • the current hash makes it impossible for network devices to process the packets to be forwarded in a balanced manner, resulting in low resource utilization.
  • the embodiments of the present application provide a packet processing method and device, so as to improve load balancing efficiency.
  • an embodiment of the present application provides a method for processing a message.
  • the first network device when a first network device determines that a preset condition is met, the first network device can obtain a message feature of the first message
  • the hash value of the information is generated, and a second packet including the hash value and content related to the first packet is generated according to the first packet, so that the first network device can use the second packet carrying the hash value.
  • the message is sent to the second network device.
  • the hash value is carried in the Sending the to-be-sent packet to other network devices can ensure that other network devices can achieve a better load balancing effect based on the hash value; moreover, when one network device performs a hash calculation, subsequent network devices will be loaded from the network device when there is a load balancing requirement.
  • high-quality load balancing can be performed, which saves the computing resources of each network device, improves the forwarding efficiency of the message, and thus improves the forwarding performance of the network device.
  • the preset condition may be that the length of the first packet is greater than a maximum transmission unit (English: maximum transmission unit, MTU for short) of the first network device. Then, the content related to the first packet includes fragmented packets of the first packet.
  • a maximum transmission unit English: maximum transmission unit, MTU for short
  • the header of the second packet may be used to carry the hash value.
  • the second packet may also include an IP extension header, and the Option field in the IP extension header may be used to carry the hash value.
  • the IP extension header of the second packet includes a Reserved field, where the Reserved field is used to carry the hash value.
  • each fragmented packet includes a hash value that preserves the diversity of packet characteristics, which can make the load in the network more balanced; moreover, it can also ensure that the same packet
  • the fragmented packets of the text are distributed to the same link or the same processing unit when hashing is performed uniformly, so as to realize the orderly forwarding of the fragmented packets.
  • the preset condition may also be that the first network device is the head end point of the first tunnel. Then, the content related to the first packet includes the entire content of the first packet.
  • the second packet may further include the first tunnel header.
  • the first tunnel is a GRE tunnel
  • the second packet is a packet obtained by encapsulating a first generic routing encapsulation (English: generic routing encapsulation, GRE for short) header on the first packet.
  • the GRE header is the first tunnel header in the second packet; if the first tunnel is an Internet protocol security (English: internet protocol security, IPSec for short) tunnel, then the second packet is the first packet encapsulated on the first packet.
  • the first IPSec header is the first tunnel header in the second packet.
  • the hash value may be carried in the first tunnel header.
  • the first tunnel header includes a Reserved field, which is used to carry the hash value.
  • the first tunnel may be a virtual private network (English: virtual private network, VPN for short) tunnel.
  • the types of VPN tunnels include but are not limited to GRE tunnels, IPSec tunnels, Virtual Extensible Local Area Network (English: Virtual Extensible Local Area Network, referred to as: VXLAN) tunnels, Layer 2 Tunneling Protocol (English: Layer 2 Tunneling Protocol, referred to as: L2TP) tunnels, Layer 3 Tunneling Protocol (English: Layer 3 Tunneling Protocol Version 3, referred to as: L2TPv3) tunnel, Multi-Protocol Label Switch (English: Multi-Protocol Label Switch, referred to as: MPLS) tunnel, IPv6 Over IPv4 tunnel, IPv4 Over IPv6 tunnel, etc.
  • each packet in the encapsulation tunnel scenario includes a hash value that preserves the diversity of packet characteristics, which provides convenience for subsequent load balancing when each network device forwards the second packet, and, Since the hash value of the first packet reflects the diversity of the inner layer features of the first packet, the load balancing effect in the network is guaranteed.
  • an embodiment of the present application further provides a method for processing a packet.
  • the second network device receives a second packet sent by the first network device, the second packet includes a hash value and content related to the first packet (that is, all or part of the content of the first packet), the hash value is calculated by the first network device or other network devices based on the packet feature information of the first packet; In this way, the second network device can process the second packet based on the hash value.
  • the process may include: the second network device processes the second packet based on the hash value. Assigned to a first processing unit of the second network device, the first processing unit corresponding to the hash value.
  • the processing unit may be, for example, a central processing unit (English: Central Processing Unit, referred to as: CPU), a network processor (English: Network Processor, referred to as: NP) or a forwarding chip and other units with processing and forwarding functions.
  • the second network device processes the second packet based on the hash value, and may also include: the first The second network device forwards the second packet from the first interface of the second network device based on the hash value, where the first interface corresponds to the hash value.
  • the method may further include that the second network device encapsulates the second tunnel header on the second packet, and carries the hash value Process at the second tunnel head.
  • the method in this embodiment of the present application may further include: the second network device determines that the second network device is the head end point of the second tunnel, then, obtaining the hash value from the second packet; then, second The network device encapsulates the second tunnel header corresponding to the second tunnel for the second message, and obtains a third message, where the second tunnel header of the third message includes a hash value; thus, the second network device can The three packets are sent to the third network device, so that the third network device processes the third packet based on the hash value. In this way, the hash value is always included in each tunnel header of the packet. No matter which tunnel end point is reached first, the current tunnel header of the packet can be guaranteed to carry the hash value, so as to achieve better load balancing. The effect is guaranteed.
  • the method may further include that the second network device responds to the second packet The process of fragmenting and carrying the hash value in the fragmented packet of the second packet.
  • the embodiment of the present application may further include: the second network device determines that the length of the second packet is greater than the MTU of the second network device, and then processes the second packet into at least two fragmented packets; then, The second network device adds a hash value to each fragmented packet to obtain at least two third packets; thus, the second network device sends at least two of the third packets to the third network device, and the second network device sends at least two of the third packets to the third network device.
  • the three network devices may process at least two of the third packets based on the hash value.
  • each fragmented packet carries the hash value corresponding to the packet feature information of the packet before the fragmentation, so that each fragmented packet includes a hash value that preserves the diversity of packet characteristics, which can It makes the load in the network more balanced; moreover, it can also ensure that the fragmented packets of the same packet are shared on the same link or the same processing unit when hashing is performed evenly, so as to realize the order of the fragmented packets. Forward.
  • an embodiment of the present application provides a first network device, including a transceiver unit and a processing unit.
  • the transceiving unit is configured to perform the transceiving operation in the method provided in the first aspect or any possible implementation manner of the first aspect;
  • the processing unit is configured to perform the foregoing first aspect or any possible implementation manner of the first aspect Other operations in the provided method other than the transceiving operation. For example: when the first network device executes the method of the first aspect, the transceiver unit is configured to send a second packet to the second network device; the processing unit is configured to generate a second packet according to the first packet Second message.
  • an embodiment of the present application further provides a second network device, where the second network device includes a transceiver unit and a processing unit.
  • the transceiving unit is configured to perform the transceiving operation in the method provided in the second aspect or any possible implementation manner of the second aspect;
  • the processing unit is configured to perform the foregoing second aspect or any possible implementation manner of the second aspect Other operations in the provided method other than the transceiving operation.
  • the transceiver unit is configured to receive the second packet sent by the first network device; the processing unit is configured to, according to the hash value, Process the second packet.
  • an embodiment of the present application further provides a first network device, where the first network device includes a memory and a processor.
  • the memory includes a computer program or an instruction; a processor in communication with the memory is used to execute the computer program or instruction, so that the first network device is used to execute the above first aspect or any possible implementation of the first aspect method provided.
  • the first network device may also not include a memory, and the processor obtains computer programs or instructions from an external memory or cloud storage, and executes the computer programs or instructions to enable the first network device to use The method provided for performing the above first aspect or any possible implementation manner of the first aspect.
  • an embodiment of the present application further provides a second network device, where the second network device includes a memory and a processor.
  • the memory includes a computer program or an instruction; a processor in communication with the memory is used to execute the computer program or instruction, so that the second network device is used to execute the above second aspect or any possible implementation of the second aspect method provided.
  • the second network device may also not include a memory, and the processor obtains computer programs or instructions from an external memory or cloud storage, and executes the computer programs or instructions to enable the second network device to use The method provided for performing the above second aspect or any possible implementation manner of the second aspect.
  • an embodiment of the present application further provides a computer-readable storage medium, where a computer program or instruction is stored in the computer-readable storage medium, and when it runs on a computer, the computer enables the computer to perform the above first aspect , any possible implementation manner of the first aspect, the second aspect, or a method provided by any possible implementation manner of the second aspect.
  • the embodiments of the present application also provide a computer program product, including a computer program or computer-readable instructions, when the computer program or the computer-readable instructions are run on a computer, the computer is made to execute the aforementioned first aspect, A method provided by any possible implementation manner of the first aspect, the second aspect, or any possible implementation manner of the second aspect.
  • an embodiment of the present application further provides a communication system, where the communication system includes the first network device provided in the third aspect or the fourth aspect, and/or the fifth aspect or the sixth aspect. the second network device.
  • FIG. 1 is a schematic diagram of a network system framework involved in an application scenario in an embodiment of the present application
  • FIG. 2 is a signaling flowchart of a method 100 for processing a packet in an embodiment of the present application
  • 3a is a schematic diagram of a format of a fragmented packet in a packet fragmentation scenario according to an embodiment of the present application
  • FIG. 3b is a schematic diagram of the format of another fragmented packet in a packet fragmentation scenario according to an embodiment of the present application
  • 4a is a schematic diagram of a format of a second packet in an encapsulation tunnel scenario in an embodiment of the present application
  • 4b is a schematic diagram of another format of a second packet in an encapsulation tunnel scenario according to an embodiment of the present application.
  • 4c is a schematic diagram of another format of a second packet in an encapsulation tunnel scenario according to an embodiment of the present application.
  • FIG. 4d is a schematic diagram of another format of a second packet in an encapsulation tunnel scenario according to an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a first network device 500 in an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a second network device 600 in an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a first network device 700 in an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a second network device 800 in an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a first network device 900 in an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a second network device 1000 in an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of a communication system 1100 according to an embodiment of the present application.
  • Load balancing of forwarding packets in the network is an important means to realize the rational use of resources and ensure that there is no congestion.
  • load balancing is usually performed in a hash uniform manner, that is, based on the hash values of the packets to be forwarded, the packets to be forwarded are evenly distributed to multiple outgoing interfaces of the network device or multiple processing units of the network device. .
  • each network device after each network device receives a message, it first obtains message feature information from the message (for example, the quintuple of the message: source Internet Protocol (English: Internet Protocol, referred to as: IP) address, destination IP address, source port number, destination port number and protocol number), and then perform hash calculation on the packet feature information to obtain the hash value corresponding to the packet; thus, if the network device includes multiple processing units, then the The packet is sent to the target processing unit corresponding to the hash value among the multiple processing units; if it is determined based on the forwarding table that the next hop information of the packet indicates that there are multiple outgoing interfaces, then the packet is sent from the multiple The target outgoing interface corresponding to the hash value among the outgoing interfaces is forwarded to another network device.
  • message feature information for example, the quintuple of the message: source Internet Protocol (English: Internet Protocol, referred to as: IP) address, destination IP address, source port number, destination port number and protocol number
  • the load balance in the network depends on the diversity of the packet feature information on which the hash calculation is based.
  • the obtained packet feature information is often not comprehensive enough, and it is impossible or difficult to preserve the diversity of the packet, resulting in a relatively single hash value obtained after hashing the packet feature information. It is not dispersed enough to effectively achieve load balancing in the network. For example, some processing units in a network device are congested and some processing units are idle. For example, some interfaces of a network device are congested and some interfaces are idle, which greatly reduces network performance. resource utilization in .
  • a packet is divided into multiple fragmented packets, since only one fragmented packet includes transmission control protocol (English: transmission control protocol, referred to as: TCP) or user data message protocol (English: user datagram protocol, referred to as: UDP) information, and other fragmented packets do not include TCP or UDP information.
  • transmission control protocol English: transmission control protocol, referred to as: TCP
  • user data message protocol English: user datagram protocol, referred to as: UDP
  • other fragmented packets do not include TCP or UDP information.
  • the source IP address, destination IP address and protocol number included in each fragmented packet are used as the packet feature information, and the hash calculation is performed to obtain the same load balancing operation.
  • hash calculation based on triples loses the diversity of packets to a certain extent.
  • the five-tuple ie, source IP address, destination IP address, source port number, destination port number and protocol number
  • the same hash value will be obtained.
  • all the fragmented packets corresponding to the multiple packets will be allocated to the same processing unit and the same outbound interface in each network device, which affects the effect of load balancing.
  • the packet to be forwarded has been encapsulated with the packet header corresponding to the VPN tunnel.
  • the network device receives the packet including the packet header corresponding to the VPN tunnel, it cannot
  • the quintuple also known as the inner quintuple
  • the quintuple also known as the outer quintuple
  • quintuple to hash uniformly.
  • the network device can obtain the quintuple of the packet based on the GRE header of the packet, and Based on the quintuple, the hash is uniform, but the diversity of the inner quintuple is lost, and the load balancing effect is poor; in another case, the network device can also read the inner quintuple of the packet, based on the The inner layer quintuple is hashed evenly.
  • GRE general routing encapsulation
  • the inner layer quintuple of the packet it is necessary to calculate the length of the GRE header, and accurately strip the GRE header based on the length of the GRE header to obtain the inner layer packet, which is a complicated and time-consuming process.
  • IPSec Internet protocol security
  • the network device cannot obtain it and hash it evenly based on the inner quintuple, which makes the load balancing effect poor.
  • the inner quintuple of the packet to be forwarded is more difficult to obtain or even impossible to obtain. Therefore, for multiple packets encapsulated in the same VPN tunnel, the same hash value will be obtained, so that the multiple packets will be allocated to the same processing unit in each network device that the VPN tunnel passes through. and the same outgoing interface, the feature diversity of the inner layer of the packet (that is, the part before the VPN tunnel is not encapsulated) is lost, which affects the effect of load balancing.
  • each network device that forwards the packet needs to perform a hash calculation after receiving the packet, which affects the forwarding rate of the packet, thereby reducing the forwarding performance of the network device.
  • an embodiment of the present application provides a packet processing method.
  • a network device obtains packet feature information of the packet (for example, the content of the packet).
  • Layer 5-tuple perform hash calculation based on the feature information of the message, obtain the hash value corresponding to the message, and compare the hash value with the content related to the message (such as the entire content of the message or the In this way, the network device that receives the packet can perform load balancing operations on the packet based on the hash value in the received content, because the hash value is based on the It is obtained by calculating the inner layer packet characteristics of the message, which reflects the diversity of the message, ensures the uniform distribution of the hash value to a certain extent, and achieves a better load balancing effect; moreover, when a network device performs a hash calculation, Subsequent network devices can read the hash value from the packet for load balancing when there is a load balancing
  • the scenario includes network devices 101 to 104, wherein the network device 101 includes a processing unit 11, a processing unit 12, an interface A1, an interface A2 and an interface A3, and the network device 102 includes processing Unit 21, interface B1 and interface B2, network device 103 includes processing unit 31, interface C1 and interface C2, network device 104 includes processing unit 41, processing unit 42, processing unit 43, processing unit 44, interface D1, interface D2 and interface D3.
  • the processing unit 11 of the network device 101 receives the packet 1 and the packet 2 through the interface A1, it determines that the network device 101 is the head end of the tunnel 1, and the network device 101's
  • the processing unit (such as the processor 11 and/or the processor 12) calculates the hash value 1 corresponding to the packet 1, and encapsulates the GRE header 1 for the packet 1 to obtain the packet 1', and the GRE header 1 carries the hash value 1; Calculate the hash value 2 corresponding to the packet 2, and encapsulate the GRE header 2 for the packet 2 to obtain the packet 2', and the GRE header 2 carries the hash value 2.
  • the network device 101 determines that the outgoing interface of the packet 1 is the interface A2 according to the hash value 1, and then forwards the packet 1' from the interface A2 to the network device 102, which is received by the interface B1 of the network device 102 and sent to the network through the interface B2.
  • device 104 similarly, network device 101 determines that the outgoing interface of packet 2 is interface A3 according to hash value 2, and then forwards packet 2' from interface A3 to network device 103, where it is received by interface C1 of network device 103 and sent to the network device 103. Sent to network device 104 through interface C2.
  • the interface D1 of the network device 104 when the interface D1 of the network device 104 receives the packet 1, it can determine to allocate the packet 1 to the processing unit 41 according to the hash value 1 of the packet 1, and the processing unit 41 determines that the outgoing interface of the packet 1' is an interface D2, thereby forwarding the packet 1 from the interface D2 to the subsequent network device; when the interface D1 of the network device 104 receives the packet 2', it can determine to assign the packet 2' to the processing unit 43 according to the hash value 2, and process the packet 2'.
  • the unit 43 determines that the outgoing interfaces of the packet 2' are the interface D2 and the interface D3.
  • the processing unit 43 continues to determine the outgoing interface that actually forwards the packet 2 as the interface D3 according to the hash value 2, so as to send the packet 2' from the interface to the interface D3.
  • D3 is forwarded to subsequent network devices. In this way, effective load balancing in the network can be achieved, forwarding efficiency can be improved, and network forwarding performance can be improved.
  • one or more of the processing units 11, 12, 21, 31, 41, 42, 43, and 44 may be a central processing unit (English: Central Processing Unit, referred to as: CPU), a network processor ( English: Network Processor, abbreviation: NP) or forwarding chip and other units with processing and forwarding functions, the specific form is not limited.
  • CPU Central Processing Unit
  • NP Network Processor
  • the hash value 1 may be carried in other parts of the packet 1', such as the IP extension header of the packet.
  • a network device refers to a device with a forwarding function, which may specifically include, but is not limited to, a switch, a router, or a firewall.
  • FIG. 2 is a signaling flowchart of a packet processing method 100 in an embodiment of the present application.
  • the method 100 can be applied to the scenario of packet fragmentation, to perform the packet fragmentation operation of the first network device and any network device (referred to as the second network device) after the first network device. The interaction between them introduces the embodiments of the present application; in another case, the method 100 can also be applied to a tunnel encapsulation scenario, where the head point (also referred to as the first network device) of the first tunnel and the first tunnel. The interaction between any one network device (referred to as a second network device) other than the first network device introduces the embodiments of the present application.
  • the method 100 may include, for example, the following S101 to S104:
  • the first network device when a preset condition is met, the first network device generates a second packet according to the first packet, the second packet includes a hash value and content related to the first packet, and the hash value is based on The packet feature information of the first packet is calculated.
  • the message feature information of the first message refers to the information in the first message that can reflect the diversity of the inner layer information of the first message, and ensures the distribution of hash values obtained by performing hash calculation based on the feature information of the message. more uniform, so as to achieve better load balancing effect.
  • the packet feature information of the first packet may be an inner layer quintuple of the first packet, that is, the source IP address, destination IP address, source port number, destination port number, and protocol number of the first packet.
  • the first network device may acquire the packet feature information of the first packet by reading the IP header of the first packet.
  • the preset condition is an indication condition that the network device needs to calculate the hash value corresponding to the packet.
  • Each network device in the network is configured with the preset condition.
  • the method 100 is executed to perform load balancing; if the preset condition is not met, the load balancing is performed. condition, the packet is forwarded normally.
  • the preset conditions are different according to different scenarios.
  • the preset condition may be: the length of the first packet is greater than the maximum transmission unit (English: maximum transmission unit, MTU for short) of the first network device.
  • MTU maximum transmission unit
  • Each network device in the network is configured with the MTU of the interface, which is used to limit the maximum data length sent by the interface.
  • After receiving a packet it is judged whether the total length of the packet is greater than the MTU. If the total length of the packet is greater than the MTU, Then, fragment the packet and ensure that the length of each fragmented packet after fragmentation is less than the MTU, and forward each fragmented packet; if the total length of the packet is not greater than the MTU, there is no need for the packet. Fragmentation can directly forward the packet.
  • the MTU on the first network device is 1500 bytes and the first network device receives the first packet
  • the first A network device does not process the first packet, but simply forwards it
  • the length of the first packet is 4678 bytes, since 4678 bytes is greater than 1500 bytes
  • the first network device forwards the first packet.
  • Fragmentation for example, at least 4 fragmented packets can be obtained: fragmented packet 1, fragmented packet 2, fragmented packet 3, and fragmented packet 4.
  • the length of each fragmented packet is less than 1500 words. Festival.
  • S101 may specifically include: S11, when the first network device determines that the first packet needs to be fragmented, obtain packet feature information of the first packet; S12, the first network device calculates based on the packet feature information the hash value corresponding to the first packet; S13, the first network device processes the first packet into at least two fragmented packets; S14, the first network device adds a hash to each fragmented packet value, obtain at least two second packets.
  • the second packet also includes content corresponding to a fragmented packet of the first packet (that is, the content related to the first packet referred to in S101).
  • the first network device may perform a hash calculation on the packet feature information of the first packet according to a preset hash algorithm to obtain a hash value.
  • the preset hash algorithm may be, for example, an XOR algorithm or a cyclic redundancy check (English: cyclic redundancy check, CRC for short) 16 or CRC32. Since the hash value carried in the second packet and used to guide subsequent load balancing, the number of bits of the hash value needs to match the number of interfaces of the network device. For example, if the network device has 8 interfaces, then the hash value The value can be a 3-bit long binary number.
  • the network device may preset the preset length of the hash value, and then, S12 may include, for example: the first network device uses a preset hash algorithm to perform hash calculation on the packet feature information to obtain an initial hash value;
  • the initial hash value obtains a target hash value with a preset length, and the target hash value is the hash value carried in the second message in the embodiment of the present application.
  • the network device may intercept the preset length in the initial hash value, and use the intercepted bit value as the target hash value; in another case, the first network device may also interpret the initial hash value. Perform modulo (such as XOR) processing to obtain a target hash value with a preset length.
  • modulo such as XOR
  • the hash value may be carried in the IP extension header of each fragmented packet.
  • the IP extension header may include a copy flag (C), a type (Class) field, and an option (English: Option) field.
  • the hash value can be carried in the Option field in the IP extension header of the fragmented packet.
  • the value of the unoccupied Option field can be newly defined and carried in the value (English: Value) field corresponding to the Option field. the hash value.
  • the unoccupied values of the Option field include 25, 26, and 31.
  • the hash value calculated by the first network device based on the packet feature information of the first packet is a, and the value of 26, which is an unoccupied Option field, is used to carry the hash value a.
  • the first network device may divide the first packet into N (N is an integer greater than 1) fragmented packets, as shown in Figure 3a, each fragmented packet may include: an IP header, an IP extension header, and a net header.
  • the IP extension header in the fragmentation scenario may include: a next extension header (English: Next Header) field, a reserved (English: Reserved) field, and a fragmentation offset (English: Fragment Offset) field, reserved (Res) field and M flag bit and identification (English: Identification) field.
  • a next extension header English: Next Header
  • a reserved English: Reserved
  • a fragmentation offset English: Fragment Offset
  • Reserved reserved
  • M flag bit and identification English: Identification
  • the length of the first Reserved field is an 8-bit field, which is currently unused and can be used to carry a hash value.
  • the hash value calculated by the first network device based on the packet feature information of the first packet is a
  • the Reserved field is used to carry the hash value a.
  • the first network device may divide the first packet into N (N is an integer greater than 1) fragmented packets, as shown in Figure 3b, each fragmented packet may include: an IP header, an IP extension header, and a net Payload (English: payload), in the IP extension header, the first Reserved field is equal to the hash value a.
  • the hash value corresponding to the first packet may also be carried in each fragmented packet in other ways.
  • the diversity of packet characteristics is preserved, which can make Load balancing in the network; moreover, it can also ensure that the fragmented packets of the same packet are shared on the same link or the same processing unit when hashing is performed evenly, so as to realize the orderly forwarding of the fragmented packets.
  • the preset condition may be: the first network device is the head end point of the first tunnel.
  • the first tunnel is not encapsulated. If the first network device checks the forwarding table and determines that the next hop information of the forwarding table entry corresponding to the first packet indicates that the outbound interface type is the first tunnel, then , the first network device can determine that it is the head end of the first tunnel, and the first packet is transmitted from the first network device through the first tunnel. At this time, the first packet is encapsulated with the first tunnel corresponding to the first tunnel.
  • the encapsulated packet is forwarded; if the first network device checks the forwarding table and determines that the next hop information of the forwarding table entry corresponding to the first packet indicates that the outbound interface type is not the first tunnel, then the first network The device may determine that it is not the head-end point of the first tunnel, and in this case, it can directly forward the first packet without encapsulating the first tunnel for the first packet. For example, assuming that the next hop information of the forwarding entry corresponding to the first packet on the first network device indicates that the outbound interface type is a GRE tunnel, after the first packet reaches the first network device, the first network device is the first network device.
  • the packet encapsulates a GRE header; for another example, assuming that the next hop information of the forwarding entry corresponding to the first packet on the first network device indicates that the outbound interface type is an IPSec tunnel, then, after the first packet reaches the first network device,
  • the first network device encapsulates an IPSec header for the first packet, and the IPSec header may specifically be an authentication header (English: Authentication Header, abbreviated: AH) or an encapsulating security payload (English: Encapsulating Security Payload, abbreviated: ESP).
  • S101 may specifically include: S21, when the first network device determines that it is the head end point of the first tunnel, the first network device determines whether the first packet includes a hash value, and if so, executes S24 , otherwise perform S22; S22, the first network device obtains the message feature information of the first message; S23, the first network device calculates the hash value corresponding to the first message based on the message feature information; S24, the first The network device generates a second packet based on the first packet and the hash value, where the second packet includes the hash value. In this case, in addition to the hash value, the second packet also includes the entire content of the first packet (that is, the content related to the first packet referred to in S101).
  • the first packet may already include a hash that reflects the feature diversity of the first packet.
  • the first network device determines that it is the head end point of the first tunnel, it can directly obtain the hash value from the first packet, and generate the second packet based on S24. If the first packet does not carry the hash value, then the hash value can be obtained by calculation based on S22 to S23, and for the specific process, please refer to the above-mentioned description of S12.
  • the process of generating the second packet by the first network device in S24 includes: the first network device encapsulates the first tunnel header corresponding to the first tunnel for the first packet, and obtains a second packet, the first The packet header in the second packet includes the hash value.
  • the packet header of the second packet carrying the hash value may be the first tunnel header.
  • the hash value may be carried in the Reserved field of the first tunnel header, or the hash value may be carried in the flag bit (English: Flags) of the first tunnel header, or the hash value may also be carried in the first tunnel header.
  • An extension field in an optional (English: Optional) field of a tunnel header carries the hash value.
  • the first tunnel may be the first VPN tunnel, for example, the first GRE tunnel or the first IPSec tunnel.
  • the first tunnel header is a GRE header.
  • the format of the second packet is shown in Figure 4a or Figure 4b, and includes: an outer IP header, a GRE header, an inner IP header, and a payload.
  • the first tunnel header is an IPSec header.
  • the format of the second packet is shown in FIG. 4c or FIG. 4d , and the hash value a of the first packet may be carried in the Reserved field of the IPSec header in the second packet.
  • the second packet corresponds to the tunnel mode of IPSec, and the second packet includes: an outer IP header, an IPSec header, an inner IP header, and a payload.
  • the second packet corresponds to the transmission mode of IPSec, and the second packet includes: an inner IP header, an IPSec header, and a payload.
  • the IPSec header in FIG. 4c and FIG. 4d may be AH or ESP, which is not specifically limited in this embodiment of the present application.
  • the first tunnel when the first network device encapsulates the first VPN header for the first packet, it also needs to encapsulate the outer IP header in the outer layer of the first VPN header.
  • the hash value can also be carried in the outer IP header, that is, the second packet carrying the hash value.
  • the header can also be an outer IP header. The specific carrying manner is not limited in this embodiment.
  • the types of VPN tunnels include but are not limited to GRE tunnels, IPSec tunnels, virtual extensible local area network (English: virtual extensible local area network, VXLAN for short) tunnels, layer 2 tunneling protocol (English: layer 2 tunneling protocol, Abbreviation: L2TP) tunnel, Layer 3 tunneling protocol version 3 (English: layer 3 tunneling protocol version 3, Abbreviation: L2TPv3) tunnel, Multi-protocol label switching (English: multi-protocol label switch, Abbreviation: MPLS) tunnel, IPv6 Over IPv4 tunnel, IPv4 Over IPv6 tunnel, etc.
  • the specific operations of the above S101 may be completed in a processing unit in the first network device.
  • the preset conditions in S101 include, but are not limited to, the descriptions in the above two possible implementation manners. For example, if the first packet is an IP packet that does not need to be fragmented or encapsulated a tunnel, then it can also be considered that the first packet meets the preset conditions, and the hash value corresponding to the first packet is carried in the IP The second packet is obtained from the IP extension header of the packet. Therefore, in the process of forwarding the second packet, each network device only needs to read the hash value in the IP extension header of the second packet.
  • the load balancing of the second packet does not require each network device to perform hash calculation to obtain the hash value corresponding to the first packet, which saves the time of packet forwarding, and can effectively improve the load balance on the basis of ensuring load balance. Efficiency of text forwarding.
  • the first network device carries the hash value corresponding to the first packet in a position in the newly generated second packet that is easy to read, which provides convenience for load balancing when each subsequent network device forwards the second packet. Moreover, since the hash value of the first packet reflects the diversity of the inner layer features of the first packet, the load balancing effect in the network is guaranteed.
  • the first network device sends the second packet to the second network device.
  • the second network device receives the second packet sent by the first network device.
  • the first network device may also perform load balancing based on the hash value in the second packet. For example: when the first network device determines that there are multiple outgoing interfaces based on the forwarding entry corresponding to the second packet, at this time, the first network device determines one outgoing interface from the multiple outgoing interfaces based on the hash value, so that the The second packet is forwarded from the determined outbound interface.
  • load balancing based on the hash value in the second packet. For example: when the first network device determines that there are multiple outgoing interfaces based on the forwarding entry corresponding to the second packet, at this time, the first network device determines one outgoing interface from the multiple outgoing interfaces based on the hash value, so that the The second packet is forwarded from the determined outbound interface.
  • the method 100 may further include: S31, the first The network device determines that it is the head end point of the second tunnel, then obtains the hash value from the second packet; S34, the first network device encapsulates the second tunnel header corresponding to the second tunnel for the second packet, and obtains the updated The updated second packet includes the hash value, for example, the second tunnel header includes the hash value.
  • the method 100 may further include: S41, the first network device determines that it is the head end of the second tunnel, then the first network device based on the packet The characteristic information calculates the hash value corresponding to the first packet; S42, the first network device encapsulates the second tunnel header for the first packet to obtain a third packet, and the third packet includes the hash value; at this time , S101 may include, for example: the first network device determines that it is the head end point of the first tunnel, then the first network device obtains the hash value from the third packet, so that the first network device encapsulates the third packet for the third packet.
  • a tunnel header is obtained, and a second packet is obtained, where the second packet includes a hash value, for example, the second tunnel header and the first tunnel header include hash values.
  • the encapsulation sequence of the multiple layers of tunnels is not specifically limited, and the encapsulation sequence does not affect the effect of subsequent load balancing.
  • the second packet sent by the first network device to the second network device is the updated second packet, that is, the packet transmitted from the outgoing interface after the first network device has completed the final processing. Arts.
  • the second network device processes the second packet based on the hash value in the second packet.
  • the second packet is forwarded from the first network device to the second network device, and the second network device may be directly connected to the first network device, or may be indirectly connected through other network devices.
  • the second network device may include multiple processing units. Then, after receiving the second packet, the second network device may Based on the hash value carried in the second packet, a processing unit corresponding to the second packet is determined, and the second packet is allocated to the processing unit for processing.
  • the second network device may directly determine the processing unit for processing the second packet based on the hash value. For example: assign the second packet to the processing unit with the same number and hash value. Assuming that the second network device includes 8 processing units, numbered 0 to 7, then, when the hash value in the second packet is 0, the second network device allocates the second packet to processing unit 0; When the hash value in the second packet is 1, the second network device allocates the second packet to the processing unit 1 .
  • the corresponding relationship between the hash value and the processing unit may be preset in the second network device to determine the processing unit that processes the second packet.
  • the second network device may preset the corresponding relationship according to the capability of each processing unit. Assuming that the second network device includes two processing units, and the capability of processing unit 0 is stronger than that of processing unit 1, then the preset correspondence relationship of the second network device includes: correspondence relationship 1 "Hash values 0 to 5 correspond to processing Unit 0", corresponding relationship 2 "Hash values 6 and 7 correspond to processing unit 1", in this way, when the hash value in the second packet is any one of 0 to 5, the second network device according to the corresponding relationship 1 and Hash value, it is determined that the second packet needs to be allocated to processing unit 0; when the hash value in the second packet is 6 or 7, the second network device determines according to the corresponding relationship 2 and the hash value.
  • the second message is assigned to the processing unit 1 .
  • the multiple processing units often process in parallel, and after the processing is completed, multiple packets are sent from the second network device uniformly, thereby improving parallel forwarding efficiency.
  • the distribution of hash values used to guide the selection of processing units is not uniform. For example, for a flow that loses some packet characteristics, the five-tuple is different but the hash calculated based on the three-tuple is used. When the values are equal, the problem of uneven distribution of hash values will occur, which is likely to cause one or some of the multiple processing units to be heavily loaded, and other processing units to be lightly loaded, resulting in different processing speeds of each processing unit.
  • the parallel forwarding efficiency becomes slower, thus affecting or losing the advantages of multi-processing units.
  • the message to be forwarded can be based on the evenly distributed hash value.
  • the values are relatively evenly distributed to each processing unit in the network device, so that the efficient parallel forwarding function of multiple processing units can be fully and effectively utilized to achieve efficient forwarding.
  • the processing unit in the second network device that receives the second packet determines that there are multiple outgoing interfaces according to the forwarding entry corresponding to the second packet, at this time, the second network device Based on the hash value, one outgoing interface is determined from the multiple outgoing interfaces, so that the second packet is forwarded from the determined outgoing interface.
  • the second network device may directly determine the outbound interface for forwarding the second packet based on the hash value. For example, assign the second packet to the outbound interface with the same number and hash value. Assuming that the second network device includes 8 outgoing interfaces, numbered 0 to 7, then when the hash value in the second packet is 0, the second network device forwards the second packet from the given interface 0 outgoing the second network device; when the hash value in the second packet is 1, the second network device forwards the second packet from the outgoing interface 1 to the second network device.
  • the correspondence between the hash value and the outgoing interface may be preset in the second network device to determine the outgoing interface for forwarding the second packet.
  • the second network device may preset a corresponding relationship according to parameters such as the bandwidth of each outgoing interface.
  • the preset correspondence relationship of the second network device includes: correspondence relationship 1 "Hash values 0-5 correspond to interface 0" , corresponding relationship 2 "hash values 6 and 7 correspond to interface 1", in this way, when the hash value in the second packet is any one of 0 to 5, the second network device according to the corresponding relationship 1 and the hash value, It is determined that the second packet needs to be forwarded from interface 0 to the second network device; when the hash value in the second packet is 6 or 7, the second network device determines, according to the corresponding relationship 2 and the hash value, that it needs to The second packet is forwarded from the interface 1 to the second network device.
  • the second network device can obtain the hash value from the second packet, and encapsulate the third tunnel header for the second packet to obtain the first Four packets, wherein the hash value is included in the third tunnel header of the fourth packet.
  • the second network device may determine to forward the fourth packet to the outgoing interface of the second network device based on the hash value in the third tunnel header. interface; and, after the second network device sends the fourth packet to the third network device, the hash value in the fourth packet can also be used by the third network device to select the processing unit and the outgoing interface to achieve corresponding load balancing.
  • the first tunnel can be a GRE tunnel
  • the third tunnel can be an IPSec tunnel.
  • the fourth packet can be considered to encapsulate an IPSec Over GRE tunnel; another example: the first tunnel can be an IPSec tunnel, and the third tunnel can be If it is a GRE tunnel, then the fourth packet can be considered to be encapsulated with a GRE Over IPSec tunnel; for another example, if the first tunnel and the second tunnel are both GRE tunnels, then the fourth packet can be considered to be encapsulated with a GRE Over IPSec tunnel. GRE tunnel.
  • S104 may forward the second packet to the subsequent network device of the first tunnel based on the hash value in the second packet. If the second network device is the terminal point of the first tunnel, after determining the outbound interface, the second network device can strip the first tunnel header to obtain a fifth packet, and send the fifth packet from the determined outbound interface. The interface is transferred out.
  • the second network device may directly continue forwarding the fifth packet in the network without processing the fifth packet.
  • the subsequent nodes can obtain the inner packet feature information of the fifth packet. Therefore, the direct forwarding of the fifth packet does not affect subsequent nodes.
  • the second network device may carry the hash value in the IP extension header of the fifth packet, generate the sixth packet, and continue to forward the sixth packet in the network.
  • the subsequent network device does not need to obtain the packet feature information of the fifth packet, nor does it need to calculate the hash calculation, which saves the computing resources of each network device. It also greatly improves the packet forwarding efficiency.
  • the network device that receives the message to be forwarded determines that the preset conditions are not met and does not carry the hash value, then the message feature information of the message can be obtained, and the hash value can be calculated based on the message feature information. Hash value, and load balancing based on the calculated hash value.
  • the network device when it is determined that the preset conditions are met, the network device obtains the packet feature information of the packet, performs hash calculation based on the packet feature information, and obtains the hash value corresponding to the packet.
  • the hash value is carried in the packet for subsequent forwarding, so that the network device that receives the packet can perform load balancing operations on the packet based on the hash value carried in the packet.
  • the hash value is calculated based on the inner quintuple of the message, it reflects the diversity of the message, ensures the even distribution of the hash value to a certain extent, and achieves a better load balancing effect; moreover, only A network device is required to perform a hash calculation, and subsequent network devices only need to read the hash value from the message when there is a load balancing requirement, which saves the computing resources of each network device and improves the forwarding efficiency of the message. Therefore, the forwarding performance of the network device can be improved.
  • an embodiment of the present application further provides a first network device 500, as shown in FIG. 5 .
  • the first network device 500 includes a processing unit 501 and a sending unit 502 .
  • the processing unit 501 is configured to perform the processing operation performed by the first network device in the embodiment shown in FIG. 2 ;
  • the sending unit 502 is configured to perform the sending operation performed by the first network device in the embodiment shown in FIG. 2 .
  • the processing unit 501 may perform the operation in the embodiment in FIG. 2 : when the preset condition is satisfied, the second packet is generated according to the first packet.
  • the sending unit 502 may perform the operation in the embodiment in FIG. 2: send the second packet to the second network device.
  • an embodiment of the present application further provides a second network device 600, as shown in FIG. 6 .
  • the second network device 600 includes a receiving unit 601 and a processing unit 602 .
  • the receiving unit 601 is configured to perform the receiving operation performed by the second network device in the above-mentioned embodiment shown in FIG. 2 ;
  • the processing unit 602 is configured to perform the processing operation performed by the second network device in the above-mentioned embodiment shown in FIG. 2 .
  • the receiving unit 601 may perform the operation in the embodiment in FIG. 2: receive the second packet sent by the first network device;
  • the processing unit 602 may perform the operation in the embodiment in FIG. 2: based on the hash in the second packet
  • the value is the value, and the second packet is processed.
  • an embodiment of the present application further provides a first network device 700, as shown in FIG. 7 .
  • the first network device 700 includes a second communication interface 702 and a processor 703 .
  • the second communication interface 702 is configured to perform the sending operation performed by the first network device in the aforementioned embodiment shown in FIG. 2 ;
  • the processor 703 is configured to perform the operations performed by the first network device in the aforementioned embodiment shown in FIG. 2 except for the receiving operation and the sending operation. operations other than operations.
  • the processor 703 may perform the operations in the embodiment in FIG. 2 : when the preset condition is satisfied, the second packet is generated according to the first packet.
  • the first network device 700 may further include a first communication interface 701, and the first communication interface 701 is configured to perform the aforementioned receiving operation performed by the first network device in the embodiment shown in FIG. 2, such as receiving a first message Arts.
  • an embodiment of the present application further provides a second network device 800, as shown in FIG. 8 .
  • the second network device 800 includes a first communication interface 801 and a processor 803 .
  • the first communication interface 801 is configured to perform the receiving operation performed by the second network device in the foregoing embodiment shown in FIG. 2 ;
  • the processor 803 is configured to perform the receiving operation performed by the second network device in the foregoing embodiment shown in FIG. 2 . and operations other than send operations.
  • the processor 803 may perform the operation in the embodiment in FIG. 2 : process the second packet according to the hash value in the second packet.
  • the second network device 800 may further include a second communication interface 802, where the second communication interface 802 is configured to perform the sending operation performed by the second network device in the foregoing embodiment shown in FIG. 2 .
  • an embodiment of the present application further provides a first network device 900, as shown in FIG. 9 .
  • the first network device 900 includes a memory 901 and a processor 902 in communication with the memory 901 .
  • the memory 901 includes computer-readable instructions; the processor 902 is configured to execute the computer-readable instructions, so that the first network device 900 executes the method performed by the first network device in the above embodiment shown in FIG. 2 .
  • an embodiment of the present application further provides a second network device 1000, as shown in FIG. 10 .
  • the second network device 1000 includes a memory 1001 and a processor 1002 in communication with the memory 1001 .
  • the memory 1001 includes computer-readable instructions; the processor 1002 is configured to execute the computer-readable instructions, so that the second network device 1000 executes the method performed by the second network device in the above embodiment shown in FIG. 2 .
  • the processor may be a central processing unit (English: central processing unit, abbreviation: CPU), a network processor (English: network processor, abbreviation: NP), or a combination of CPU and NP.
  • the processor may also be an application-specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), a programmable logic device (English: programmable logic device, abbreviation: PLD) or a combination thereof.
  • the above-mentioned PLD can be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), field programmable logic gate array (English: field-programmable gate array, abbreviation: FPGA), general array logic (English: generic array logic, abbreviation: GAL) or any combination thereof.
  • the processor may refer to one processor, or may include multiple processors.
  • the memory may include volatile memory (English: volatile memory), such as random-access memory (English: random-access memory, abbreviation: RAM); the memory may also include non-volatile memory (English: non-volatile memory), For example, read-only memory (English: read-only memory, abbreviation: ROM), flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or solid-state hard disk (English: solid-state drive, Abbreviation: SSD); the memory may also comprise a combination of the above-mentioned kinds of memory.
  • the memory may refer to one memory, or may include multiple memories.
  • a computer program or instruction is stored in the memory, and the computer program or instruction includes a plurality of software modules, such as a sending module, a processing module and a receiving module.
  • the processor can perform corresponding operations according to the instructions of each software module.
  • the operation performed by a software module actually refers to the operation performed by the processor according to the instruction of the software module.
  • the processor executes the computer program or instruction in the memory, it can execute all operations that can be performed by each network node in the packet processing method according to the instructions of the computer program or instruction.
  • the second communication interface 702 of the first network device 700 can be specifically used as the sending unit 502 in the first network device 500 to implement data communication between the first network device and the second network device;
  • the first communication interface 701 of a network device 700 may specifically be used as a receiving unit in the first network device 500, for example, may be used to receive a first packet sent by an upstream network device.
  • the first communication interface 801 of the second network device 800 can be specifically used as the receiving unit 601 in the second network device 600 to implement data communication between the first network device and the second network device; the second network device 800
  • the second communication interface 802 can be specifically used as a sending unit in the second network device 600 to implement data communication between the second network device and the downstream network device.
  • an embodiment of the present application further provides a communication system 1100, as shown in FIG. 11 .
  • the communication system 1100 includes a first network device 1101 and a second network device 1102, wherein the first network device 1101 may specifically be the first network device 500, the first network device 700 or the first network device 900, the second network device 1102 may specifically be the above-mentioned second network device 600 , second network device 800 or second network device 1000 .
  • an embodiment of the present application also provides a computer-readable storage medium, where a computer program or instruction is stored in the computer-readable storage medium, and when it runs on a computer, the computer is made to execute the implementation shown in FIG. 2 above. the method described in the example.
  • embodiments of the present application also provide a computer program product, including a computer program or a computer-readable instruction, when the computer program or the computer-readable instruction is run on a computer, the computer is made to execute the foregoing embodiment shown in FIG. 2 . the method described in .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed in embodiments of the present application are a message processing method and device. When a first network device determines that a preset condition is satisfied, according to a first message, a second message comprising a hash value and content related to the first message is generated, the hash value being obtained after hash calculation according to message feature information of the first message, and the first network device sends the second message to a second network device. In this way, because the hash value is obtained on the basis of an inner layer message feature of the message, the diversity of the message is presented, and to a certain extent, the uniform distribution of hash values is ensured. Therefore, carrying the hash value in the message to be sent and sending to another network device can ensure that the another network device implements a load balancing effect on the basis of the hash value.

Description

一种报文处理的方法及设备Method and device for processing message
本申请要求于2020年07月03日提交的申请号为202010631135.3、发明名称为“处理数据的方法、设备和网络系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中;并且,本申请还要求于2020年09月28提交中国国家知识产权局、申请号为202011041940.7、申请名称为“一种报文处理的方法及设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202010631135.3 and the invention titled "Method, Device and Network System for Processing Data" filed on July 3, 2020, the entire contents of which are incorporated into this application by reference; In addition, this application also claims the priority of the Chinese patent application submitted to the State Intellectual Property Office of China on September 28, 2020, the application number is 202011041940.7, and the application name is "a method and apparatus for message processing", the entire content of which is approved by Reference is incorporated in this application.
技术领域technical field
本申请涉及通信技术领域,特别是涉及一种报文处理的方法及设备。The present application relates to the field of communication technologies, and in particular, to a method and device for processing messages.
背景技术Background technique
在网络中,通过网络设备之间报文的转发,为用户提供相应的业务服务。网络设备转发报文时,通常采用哈希均匀的方式进行负载均衡,即,计算每个待转发报文的哈希值,基于哈希值将不同的待转发报文对应到网络设备的出接口上或网络设备的处理单元上。In the network, through the forwarding of packets between network devices, users are provided with corresponding business services. When a network device forwards packets, load balancing is usually performed in a uniform hash method. That is, the hash value of each packet to be forwarded is calculated, and different packets to be forwarded are mapped to the outgoing interface of the network device based on the hash value. on the processing unit of a network device.
但是,由于目前的哈希在某些场景下使得网络设备无法均衡的处理待转发报文,资源利用率低。However, in some scenarios, the current hash makes it impossible for network devices to process the packets to be forwarded in a balanced manner, resulting in low resource utilization.
发明内容SUMMARY OF THE INVENTION
基于此,本申请实施例提供了一种报文处理的方法及设备,以改善负载均衡效率。Based on this, the embodiments of the present application provide a packet processing method and device, so as to improve load balancing efficiency.
第一方面,本申请实施例提供了一种处理报文的方法,该方法中,当第一网络设备确定满足预设条件时,该第一网络设备即可获取第一报文的报文特征信息的哈希值,并根据第一报文生成包括该哈希值和与第一报文相关的内容的第二报文,从而,第一网络设备能够将该携带哈希值的第二报文发送给第二网络设备。这样,由于该哈希值是基于报文的内层报文特征计算得到的,体现了报文的多样性,一定程度上确保了哈希值的均匀分布,所以,将该哈希值携带在待发送报文中发送给其他网络设备,能够确保其他网络设备基于该哈希值实现较好的负载均衡效果;而且,一个网络设备进行一次哈希计算,后续网络设备在存在负载均衡需求时从报文中直接读取哈希值即可进行高质量的负载均衡,节约了各网络设备的计算资源,提高了报文的转发效率,从而能够提高网络设备的转发性能。In a first aspect, an embodiment of the present application provides a method for processing a message. In the method, when a first network device determines that a preset condition is met, the first network device can obtain a message feature of the first message The hash value of the information is generated, and a second packet including the hash value and content related to the first packet is generated according to the first packet, so that the first network device can use the second packet carrying the hash value. The message is sent to the second network device. In this way, since the hash value is calculated based on the inner packet characteristics of the packet, it reflects the diversity of the packet and ensures the uniform distribution of the hash value to a certain extent. Therefore, the hash value is carried in the Sending the to-be-sent packet to other network devices can ensure that other network devices can achieve a better load balancing effect based on the hash value; moreover, when one network device performs a hash calculation, subsequent network devices will be loaded from the network device when there is a load balancing requirement. By directly reading the hash value in the message, high-quality load balancing can be performed, which saves the computing resources of each network device, improves the forwarding efficiency of the message, and thus improves the forwarding performance of the network device.
在一些实现方式中,预设条件可以为第一报文的长度大于第一网络设备的最大传输单元(英文:maximum transmission unit,简称:MTU)。那么,与第一报文相关的内容,包括所述第一报文的分片报文。In some implementation manners, the preset condition may be that the length of the first packet is greater than a maximum transmission unit (English: maximum transmission unit, MTU for short) of the first network device. Then, the content related to the first packet includes fragmented packets of the first packet.
作为一个示例,该第二报文的头部可以用于承载该哈希值。As an example, the header of the second packet may be used to carry the hash value.
作为另一个示例,该第二报文也可以包括IP扩展头,IP扩展头中的选项Option字段可以用于承载该哈希值。例如,第二报文的IP扩展头包括预留Reserved字段,该Reserved字段被用于承载该哈希值。As another example, the second packet may also include an IP extension header, and the Option field in the IP extension header may be used to carry the hash value. For example, the IP extension header of the second packet includes a Reserved field, where the Reserved field is used to carry the hash value.
这样,在报文分片的场景下的每个分片报文中均包括了保留报文特征的多样性的哈希值,能够使得网络中的负载更加均衡;而且,还可以确保同一个报文的分片报文在进行哈希均匀时被分担到相同的链路或相同的处理单元上,实现分片报文的有序转发。In this way, in the scenario of packet fragmentation, each fragmented packet includes a hash value that preserves the diversity of packet characteristics, which can make the load in the network more balanced; moreover, it can also ensure that the same packet The fragmented packets of the text are distributed to the same link or the same processing unit when hashing is performed uniformly, so as to realize the orderly forwarding of the fragmented packets.
在另一些实现方式中,预设条件也可以为第一网络设备为第一隧道的头端点。那么,与第一报文相关的内容,包括所述第一报文的全部内容。In other implementation manners, the preset condition may also be that the first network device is the head end point of the first tunnel. Then, the content related to the first packet includes the entire content of the first packet.
作为一个示例,该第二报文还可以包括第一隧道头。例如,如果第一隧道为GRE隧道,那么,第二报文为第一报文上封装第一通用路由封装协议(英文:generic routing encapsulation,简称:GRE)头后获得的报文,该第一GRE头即第二报文中的第一隧道头;如果第一隧道为互联网安全协议(英文:internet protocol security,简称:IPSec)隧道,那么,第二报文为第一报文上封装第一IPSec头后获得的报文,该第一IPSec头即第二报文中的第一隧道头。As an example, the second packet may further include the first tunnel header. For example, if the first tunnel is a GRE tunnel, then the second packet is a packet obtained by encapsulating a first generic routing encapsulation (English: generic routing encapsulation, GRE for short) header on the first packet. The GRE header is the first tunnel header in the second packet; if the first tunnel is an Internet protocol security (English: internet protocol security, IPSec for short) tunnel, then the second packet is the first packet encapsulated on the first packet. In the packet obtained after the IPSec header, the first IPSec header is the first tunnel header in the second packet.
作为一个示例,该第一隧道头中可以携带该哈希值。例如,第一隧道头包括预留Reserved字段,该Reserved字段被用于承载所述哈希值。As an example, the hash value may be carried in the first tunnel header. For example, the first tunnel header includes a Reserved field, which is used to carry the hash value.
具体而言,该第一隧道可以为虚拟专用网(英文:virtual private network,简称:VPN)隧道。VPN隧道的类型包括但不限于GRE隧道、IPSec隧道、虚拟扩展局域网(英文:Virtual Extensible Local Area Network,简称:VXLAN)隧道、二层隧道协议(英文:Layer 2 Tunneling Protocol,简称:L2TP)隧道、三层隧道协议(英文:Layer 3 Tunneling Protocol Version 3,简称:L2TPv3)隧道、多协议标签交换(英文:Multi-Protocol Label Switch,简称:MPLS)隧道、IPv6 Over IPv4隧道、IPv4 Over IPv6隧道等。Specifically, the first tunnel may be a virtual private network (English: virtual private network, VPN for short) tunnel. The types of VPN tunnels include but are not limited to GRE tunnels, IPSec tunnels, Virtual Extensible Local Area Network (English: Virtual Extensible Local Area Network, referred to as: VXLAN) tunnels, Layer 2 Tunneling Protocol (English: Layer 2 Tunneling Protocol, referred to as: L2TP) tunnels, Layer 3 Tunneling Protocol (English: Layer 3 Tunneling Protocol Version 3, referred to as: L2TPv3) tunnel, Multi-Protocol Label Switch (English: Multi-Protocol Label Switch, referred to as: MPLS) tunnel, IPv6 Over IPv4 tunnel, IPv4 Over IPv6 tunnel, etc.
这样,在封装隧道的场景下的每个报文中均包括了保留报文特征的多样性的哈希值,为后续各个网络设备转发该第二报文时的负载均衡提供了方便,而且,由于第一报文的哈希值体现了第一报文内层特征的多样性,为网络中的负载均衡效果提供了保障。In this way, each packet in the encapsulation tunnel scenario includes a hash value that preserves the diversity of packet characteristics, which provides convenience for subsequent load balancing when each network device forwards the second packet, and, Since the hash value of the first packet reflects the diversity of the inner layer features of the first packet, the load balancing effect in the network is guaranteed.
第二方面,本申请实施例还提供了一种处理报文的方法,该方法中,当第二网络设备接收到第一网络设备发送的第二报文,该第二报文中包括哈希值和与第一报文有关的内容(即第一报文的全部或部分内容),该哈希值为第一网络设备或者其他网络设备基于第一报文的报文特征信息计算得到的;这样,第二网络设备即可基于该哈希值,对第二报文进行处理。In a second aspect, an embodiment of the present application further provides a method for processing a packet. In the method, when the second network device receives a second packet sent by the first network device, the second packet includes a hash value and content related to the first packet (that is, all or part of the content of the first packet), the hash value is calculated by the first network device or other network devices based on the packet feature information of the first packet; In this way, the second network device can process the second packet based on the hash value.
作为一个示例,如果第二网络设备中包括多个处理单元,该第二网络设备基于哈希值对第二报文进行处理,可以包括:第二网络设备基于哈希值,将第二报文分配到第二网络设备的第一处理单元,该第一处理单元与哈希值对应。其中,处理单元例如可以是中央处理器(英文:Central Processing Unit,简称:CPU)、网络处理器(英文:Network Processor,简称:NP)或转发芯片等具有处理和转发功能的单元。As an example, if the second network device includes multiple processing units, and the second network device processes the second packet based on the hash value, the process may include: the second network device processes the second packet based on the hash value. Assigned to a first processing unit of the second network device, the first processing unit corresponding to the hash value. Wherein, the processing unit may be, for example, a central processing unit (English: Central Processing Unit, referred to as: CPU), a network processor (English: Network Processor, referred to as: NP) or a forwarding chip and other units with processing and forwarding functions.
作为另一个示例,如果第二网络设备确定对第二报文进行转发的出接口包括至少两个,此时,第二网络设备基于哈希值对第二报文进行处理,也可以包括:第二网络设备基于哈希值,将第二报文从第二网络设备的第一接口转发,该第一接口与哈希值对应。As another example, if the second network device determines that there are at least two outgoing interfaces for forwarding the second packet, at this time, the second network device processes the second packet based on the hash value, and may also include: the first The second network device forwards the second packet from the first interface of the second network device based on the hash value, where the first interface corresponds to the hash value.
在一些可能的实现方式中,如果第二网络设备为第二隧道的头端点,则,该方法还可以包括第二网络设备在第二报文上封装第二隧道头,并将哈希值携带在第二隧道头的过程。具体而言,本申请实施例的方法还可以包括:第二网络设备确定第二网络设备为第二隧道的头端点,则,从第二报文中获取所述哈希值;接着,第二网络设备为第二报文封装第二隧道对应的第二隧道头,获得第三报文,该第三报文的第二隧道头中包括哈希值;从而,第二网络设备即可将第三报文发送给第三网络设备,使得第三网络设备基于哈希值对第三报文进行处理。这样,始终保持报文的每个隧道头中包括哈希值,无论先到达哪层隧道的 终端点,均可以确保该报文当前的隧道头中携带哈希值,为实现更好的负载均衡效果提供了保障。In some possible implementations, if the second network device is the head end of the second tunnel, the method may further include that the second network device encapsulates the second tunnel header on the second packet, and carries the hash value Process at the second tunnel head. Specifically, the method in this embodiment of the present application may further include: the second network device determines that the second network device is the head end point of the second tunnel, then, obtaining the hash value from the second packet; then, second The network device encapsulates the second tunnel header corresponding to the second tunnel for the second message, and obtains a third message, where the second tunnel header of the third message includes a hash value; thus, the second network device can The three packets are sent to the third network device, so that the third network device processes the third packet based on the hash value. In this way, the hash value is always included in each tunnel header of the packet. No matter which tunnel end point is reached first, the current tunnel header of the packet can be guaranteed to carry the hash value, so as to achieve better load balancing. The effect is guaranteed.
在另一些可能的实现方式中,如果第二网络设备确定分片后的第二报文的长度大于该第二网络设备的MTU,则,该方法还可以包括第二网络设备对第二报文进行分片,并将哈希值携带在第二报文的分片报文中的过程。具体而言,本申请实施例还可以包括:第二网络设备确定第二报文的长度大于第二网络设备的MTU,则,将第二报文处理为至少2个分片报文;接着,第二网络设备在每个分片报文中添加哈希值,获得至少2个第三报文;从而,第二网络设备将至少2个所述第三报文发送给第三网络设备,第三网络设备即可基于哈希值对至少2个所述第三报文进行处理。这样,各个分片报文中均携带分片之前报文的报文特征信息对应的哈希值,使得每个分片报文中均包括了保留报文特征的多样性的哈希值,能够使得网络中的负载更加均衡;而且,还可以确保同一个报文的分片报文在进行哈希均匀时被分担到相同的链路或相同的处理单元上,实现分片报文的有序转发。In some other possible implementation manners, if the second network device determines that the length of the fragmented second packet is greater than the MTU of the second network device, the method may further include that the second network device responds to the second packet The process of fragmenting and carrying the hash value in the fragmented packet of the second packet. Specifically, the embodiment of the present application may further include: the second network device determines that the length of the second packet is greater than the MTU of the second network device, and then processes the second packet into at least two fragmented packets; then, The second network device adds a hash value to each fragmented packet to obtain at least two third packets; thus, the second network device sends at least two of the third packets to the third network device, and the second network device sends at least two of the third packets to the third network device. The three network devices may process at least two of the third packets based on the hash value. In this way, each fragmented packet carries the hash value corresponding to the packet feature information of the packet before the fragmentation, so that each fragmented packet includes a hash value that preserves the diversity of packet characteristics, which can It makes the load in the network more balanced; moreover, it can also ensure that the fragmented packets of the same packet are shared on the same link or the same processing unit when hashing is performed evenly, so as to realize the order of the fragmented packets. Forward.
第三方面,本申请实施例提供了一种第一网络设备,包括收发单元和处理单元。其中,收发单元用于执行上述第一方面或第一方面任意一种可能的实现方式提供的方法中的收发操作;处理单元用于执行上述第一方面或第一方面任意一种可能的实现方式提供的方法中除了收发操作以外的其他操作。例如:当所述第一网络设备执行所述第一方面所述的方法时,所述收发单元用于向第二网络设备发送第二报文;所述处理单元用于根据第一报文生成第二报文。In a third aspect, an embodiment of the present application provides a first network device, including a transceiver unit and a processing unit. The transceiving unit is configured to perform the transceiving operation in the method provided in the first aspect or any possible implementation manner of the first aspect; the processing unit is configured to perform the foregoing first aspect or any possible implementation manner of the first aspect Other operations in the provided method other than the transceiving operation. For example: when the first network device executes the method of the first aspect, the transceiver unit is configured to send a second packet to the second network device; the processing unit is configured to generate a second packet according to the first packet Second message.
第四方面,本申请实施例还提供了第二网络设备,该第二网络设备包括收发单元和处理单元。其中,收发单元用于执行上述第二方面或第二方面任意一种可能的实现方式提供的方法中的收发操作;处理单元用于执行上述第二方面或第二方面任意一种可能的实现方式提供的方法中除了收发操作以外的其他操作。例如:当所述第二网络设备执行所述第二方面所述的方法时,所述收发单元用于接收第一网络设备发送的第二报文;所述处理单元用于根据哈希值,对第二报文进行处理。In a fourth aspect, an embodiment of the present application further provides a second network device, where the second network device includes a transceiver unit and a processing unit. The transceiving unit is configured to perform the transceiving operation in the method provided in the second aspect or any possible implementation manner of the second aspect; the processing unit is configured to perform the foregoing second aspect or any possible implementation manner of the second aspect Other operations in the provided method other than the transceiving operation. For example: when the second network device executes the method of the second aspect, the transceiver unit is configured to receive the second packet sent by the first network device; the processing unit is configured to, according to the hash value, Process the second packet.
第五方面,本申请实施例还提供了一种第一网络设备,该第一网络设备包括存储器和处理器。其中,该存储器包括计算机程序或指令;与该存储器通信的处理器用于执行所述计算机程序或指令,使得所述第一网络设备用于执行以上第一方面或第一方面任意一种可能的实现方式提供的方法。In a fifth aspect, an embodiment of the present application further provides a first network device, where the first network device includes a memory and a processor. Wherein, the memory includes a computer program or an instruction; a processor in communication with the memory is used to execute the computer program or instruction, so that the first network device is used to execute the above first aspect or any possible implementation of the first aspect method provided.
在一些实施例中,第一网络设备也可以不包含存储器,而由所述处理器从外部存储器或云端存储器获取计算机程序或指令,并执行该计算机程序或指令以使得所述第一网络设备用于执行以上第一方面或第一方面任意一种可能的实现方式提供的方法。In some embodiments, the first network device may also not include a memory, and the processor obtains computer programs or instructions from an external memory or cloud storage, and executes the computer programs or instructions to enable the first network device to use The method provided for performing the above first aspect or any possible implementation manner of the first aspect.
第六方面,本申请实施例还提供了一种第二网络设备,该第二网络设备包括存储器和处理器。其中,该存储器包括计算机程序或指令;与该存储器通信的处理器用于执行所述计算机程序或指令,使得所述第二网络设备用于执行以上第二方面或第二方面任意一种可能的实现方式提供的方法。In a sixth aspect, an embodiment of the present application further provides a second network device, where the second network device includes a memory and a processor. Wherein, the memory includes a computer program or an instruction; a processor in communication with the memory is used to execute the computer program or instruction, so that the second network device is used to execute the above second aspect or any possible implementation of the second aspect method provided.
在一些实施例中,第二网络设备也可以不包含存储器,而由所述处理器从外部存储器或云端存储器获取计算机程序或指令,并执行该计算机程序或指令以使得所述第二网络设 备用于执行以上第二方面或第二方面任意一种可能的实现方式提供的方法。In some embodiments, the second network device may also not include a memory, and the processor obtains computer programs or instructions from an external memory or cloud storage, and executes the computer programs or instructions to enable the second network device to use The method provided for performing the above second aspect or any possible implementation manner of the second aspect.
第七方面,本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有计算机程序或指令,当其在计算机上运行时,使得所述计算机执行以上第一方面、第一方面任意一种可能的实现方式、第二方面或第二方面任意一种可能的实现方式提供的方法。In a seventh aspect, an embodiment of the present application further provides a computer-readable storage medium, where a computer program or instruction is stored in the computer-readable storage medium, and when it runs on a computer, the computer enables the computer to perform the above first aspect , any possible implementation manner of the first aspect, the second aspect, or a method provided by any possible implementation manner of the second aspect.
第八方面,本申请实施例还提供了计算机程序产品,包括计算机程序或计算机可读指令,当所述计算机程序或所述计算机可读指令在计算机上运行时,使得计算机执行前述第一方面、第一方面任意一种可能的实现方式、第二方面或第二方面任意一种可能的实现方式提供的方法。In an eighth aspect, the embodiments of the present application also provide a computer program product, including a computer program or computer-readable instructions, when the computer program or the computer-readable instructions are run on a computer, the computer is made to execute the aforementioned first aspect, A method provided by any possible implementation manner of the first aspect, the second aspect, or any possible implementation manner of the second aspect.
第九方面,本申请实施例还提供了一种通信系统,该通信系统包括第三方面或第四方面提供的所述的第一网络设备,和/或,第五方面或第六方面提供的第二网络设备。In a ninth aspect, an embodiment of the present application further provides a communication system, where the communication system includes the first network device provided in the third aspect or the fourth aspect, and/or the fifth aspect or the sixth aspect. the second network device.
附图说明Description of drawings
图1为本申请实施例中一应用场景所涉及的网络系统框架示意图;1 is a schematic diagram of a network system framework involved in an application scenario in an embodiment of the present application;
图2为本申请实施例中一种报文处理的方法100的信令流程图;FIG. 2 is a signaling flowchart of a method 100 for processing a packet in an embodiment of the present application;
图3a为本申请实施例中报文分片场景下一种分片报文的格式示意图;3a is a schematic diagram of a format of a fragmented packet in a packet fragmentation scenario according to an embodiment of the present application;
图3b为本申请实施例中报文分片场景下另一种分片报文的格式示意图;FIG. 3b is a schematic diagram of the format of another fragmented packet in a packet fragmentation scenario according to an embodiment of the present application;
图4a为本申请实施例中封装隧道场景下一种第二报文的格式示意图;4a is a schematic diagram of a format of a second packet in an encapsulation tunnel scenario in an embodiment of the present application;
图4b为本申请实施例中封装隧道场景下另一种第二报文的格式示意图;4b is a schematic diagram of another format of a second packet in an encapsulation tunnel scenario according to an embodiment of the present application;
图4c为本申请实施例中封装隧道场景下又一种第二报文的格式示意图;4c is a schematic diagram of another format of a second packet in an encapsulation tunnel scenario according to an embodiment of the present application;
图4d为本申请实施例中封装隧道场景下再一种第二报文的格式示意图;FIG. 4d is a schematic diagram of another format of a second packet in an encapsulation tunnel scenario according to an embodiment of the present application;
图5为本申请实施例中一种第一网络设备500的结构示意图;FIG. 5 is a schematic structural diagram of a first network device 500 in an embodiment of the present application;
图6为本申请实施例中一种第二网络设备600的结构示意图;FIG. 6 is a schematic structural diagram of a second network device 600 in an embodiment of the present application;
图7为本申请实施例中一种第一网络设备700的结构示意图;FIG. 7 is a schematic structural diagram of a first network device 700 in an embodiment of the present application;
图8为本申请实施例中一种第二网络设备800的结构示意图;FIG. 8 is a schematic structural diagram of a second network device 800 in an embodiment of the present application;
图9为本申请实施例中一种第一网络设备900的结构示意图;FIG. 9 is a schematic structural diagram of a first network device 900 in an embodiment of the present application;
图10为本申请实施例中一种第二网络设备1000的结构示意图;FIG. 10 is a schematic structural diagram of a second network device 1000 in an embodiment of the present application;
图11为本申请实施例中一种通信系统1100的结构示意图。FIG. 11 is a schematic structural diagram of a communication system 1100 according to an embodiment of the present application.
具体实施方式detailed description
网络中对转发报文进行负载均衡,是实现资源的合理利用,确保不出现拥塞的重要手段。目前,通常采用哈希均匀的方式进行负载均衡,即,基于待转发报文的哈希值将待转发报文均衡的分配到网络设备的多个出接口上或网络设备的多个处理单元上。具体实现时,每个网络设备接收报文后,先从该报文中获取报文特征信息(例如报文的五元组:源互联网协议(英文:Internet Protocol,简称:IP)地址、目的IP地址、源端口号、目的端口号和协议号),再对报文特征信息进行哈希计算,获得该报文对应的哈希值;从而,如果该网络设备包括多个处理单元,则,将该报文发送到多个处理单元中与该哈希值对应的目标处理单元;如果基于转发表确定该报文的下一跳信息中指示有多个出接口,则,将该报文从多个出接口中与该哈希值对应的目标出接口转发到另一个网络设备。Load balancing of forwarding packets in the network is an important means to realize the rational use of resources and ensure that there is no congestion. At present, load balancing is usually performed in a hash uniform manner, that is, based on the hash values of the packets to be forwarded, the packets to be forwarded are evenly distributed to multiple outgoing interfaces of the network device or multiple processing units of the network device. . In specific implementation, after each network device receives a message, it first obtains message feature information from the message (for example, the quintuple of the message: source Internet Protocol (English: Internet Protocol, referred to as: IP) address, destination IP address, source port number, destination port number and protocol number), and then perform hash calculation on the packet feature information to obtain the hash value corresponding to the packet; thus, if the network device includes multiple processing units, then the The packet is sent to the target processing unit corresponding to the hash value among the multiple processing units; if it is determined based on the forwarding table that the next hop information of the packet indicates that there are multiple outgoing interfaces, then the packet is sent from the multiple The target outgoing interface corresponding to the hash value among the outgoing interfaces is forwarded to another network device.
哈希均匀方式中,是否能够有效的保证网络中的负载均衡,取决于进行哈希计算所依据的报文特征信息的多样性。但是,目前的哈希均匀方式中,获取的报文特征信息往往不够全面、无法或不容易保留报文的多样性,导致对报文特征信息进行哈希计算后获得的哈希值较为单一、不够分散,从而无法有效的实现网络中的负载均衡,例如,网络设备中一部分处理单元拥塞而另一部分处理单元较为空闲,又例如,网络设备的一部分接口拥塞而另一部分接口较为空闲,大大降低网络中的资源利用率。In the uniform hash method, whether the load balance in the network can be effectively guaranteed depends on the diversity of the packet feature information on which the hash calculation is based. However, in the current uniform hashing method, the obtained packet feature information is often not comprehensive enough, and it is impossible or difficult to preserve the diversity of the packet, resulting in a relatively single hash value obtained after hashing the packet feature information. It is not dispersed enough to effectively achieve load balancing in the network. For example, some processing units in a network device are congested and some processing units are idle. For example, some interfaces of a network device are congested and some interfaces are idle, which greatly reduces network performance. resource utilization in .
举例来说,对于报文分片的场景,将一个报文分为多个分片报文,由于只有一个分片报文包括传输控制协议(英文:transmission control protocol,简称:TCP)或用户数据报协议(英文:user datagram protocol,简称:UDP)信息,而其他分片报文均不包括TCP或UDP信息。为了确保一个报文的多个分片报文进行相同的负载均衡操作,采用各个分片报文都包括的源IP地址、目的IP地址和协议号作为报文特征信息,进行哈希计算得到相同的哈希值,从而确保该报文的所有分片报文基于相同的哈希值被分配到网络设备的相同处理单元或出接口上。但是,基于三元组进行哈希计算,一定程度上丢失了报文的多样性,例如:五元组(即源IP地址、目的IP地址、源端口号、目的端口号和协议号)不同但三元组(即源IP地址、目的IP地址和协议号)相同的多个报文,通过分片并对分片报文的三元组进行哈希计算,会获得同一个哈希值,从而,该多个报文对应的所有分片报文在各个网络设备内均会被分配到同一个处理单元以及同一个出接口,影响负载均衡的效果。For example, for the scenario of packet fragmentation, a packet is divided into multiple fragmented packets, since only one fragmented packet includes transmission control protocol (English: transmission control protocol, referred to as: TCP) or user data message protocol (English: user datagram protocol, referred to as: UDP) information, and other fragmented packets do not include TCP or UDP information. In order to ensure that the same load balancing operation is performed on multiple fragmented packets of a packet, the source IP address, destination IP address and protocol number included in each fragmented packet are used as the packet feature information, and the hash calculation is performed to obtain the same load balancing operation. This ensures that all fragmented packets of the packet are allocated to the same processing unit or outgoing interface of the network device based on the same hash value. However, hash calculation based on triples loses the diversity of packets to a certain extent. For example, the five-tuple (ie, source IP address, destination IP address, source port number, destination port number and protocol number) are different but For multiple packets with the same triple (ie source IP address, destination IP address and protocol number), by fragmenting and hashing the triples of the fragmented packets, the same hash value will be obtained. , all the fragmented packets corresponding to the multiple packets will be allocated to the same processing unit and the same outbound interface in each network device, which affects the effect of load balancing.
对于虚拟专用网(英文:virtual private network,简称:VPN)场景,待转发的报文已经封装了VPN隧道对应的报文头,网络设备接收到包括VPN隧道对应报文头的报文时,无法获取到报文未封装VPN隧道之前的五元组(也称为内层五元组),只能基于该报文封装的VPN隧道对应报文头中体现的五元组(也称为外层五元组)进行哈希均匀。例如:待转发报文封装了通用路由封装协议(英文:generic routing encapsulation,简称:GRE)隧道时,一种情况下,网络设备可以基于报文的GRE头获得该报文的五元组,并基于该五元组进行哈希均匀,但是丢失了内层五元组的多样性,负载均衡效果较差;另一种情况下,网络设备也可以读取报文的内层五元组,基于内层五元组进行哈希均匀,但是,读取报文的内层五元组需要计算GRE头的长度,并基于GRE头的长度准确剥离GRE头获得内层报文,过程复杂且耗时。又例如:待转发报文封装了互联网安全协议(英文:internet protocol security,简称:IPSec)隧道时,内层报文经过加密处理,内层五元组未被以明文的形式携带在报文的外层IPSec头中,导致网络设备无法获取并基于内层五元组进行哈希均匀,使得负载均衡效果较差。而且,对于很多封装了多层VPN隧道的场景,待转发的报文的内层五元组更加难获取甚至无法获取。因此,对于封装了同一个VPN隧道的多个报文,会获得同一个哈希值,从而,该多个报文在该VPN隧道所经过的各个网络设备内均会被分配到同一个处理单元以及同一个出接口,丢失了报文内层(即未封装VPN隧道之前的部分)的特征多样性,影响负载均衡的效果。In the virtual private network (English: virtual private network, referred to as: VPN) scenario, the packet to be forwarded has been encapsulated with the packet header corresponding to the VPN tunnel. When the network device receives the packet including the packet header corresponding to the VPN tunnel, it cannot The quintuple (also known as the inner quintuple) before the VPN tunnel is not encapsulated in the packet can only be obtained based on the quintuple (also known as the outer quintuple) reflected in the packet header corresponding to the VPN tunnel encapsulated in the packet. quintuple) to hash uniformly. For example, when the packet to be forwarded is encapsulated with a general routing encapsulation (English: generic routing encapsulation, referred to as: GRE) tunnel, in one case, the network device can obtain the quintuple of the packet based on the GRE header of the packet, and Based on the quintuple, the hash is uniform, but the diversity of the inner quintuple is lost, and the load balancing effect is poor; in another case, the network device can also read the inner quintuple of the packet, based on the The inner layer quintuple is hashed evenly. However, to read the inner layer quintuple of the packet, it is necessary to calculate the length of the GRE header, and accurately strip the GRE header based on the length of the GRE header to obtain the inner layer packet, which is a complicated and time-consuming process. . Another example: when the packet to be forwarded is encapsulated with an Internet protocol security (English: internet protocol security, referred to as: IPSec) tunnel, the inner packet is encrypted, and the inner quintuple is not carried in plaintext in the packet. In the outer IPSec header, the network device cannot obtain it and hash it evenly based on the inner quintuple, which makes the load balancing effect poor. Moreover, for many scenarios where multiple layers of VPN tunnels are encapsulated, the inner quintuple of the packet to be forwarded is more difficult to obtain or even impossible to obtain. Therefore, for multiple packets encapsulated in the same VPN tunnel, the same hash value will be obtained, so that the multiple packets will be allocated to the same processing unit in each network device that the VPN tunnel passes through. and the same outgoing interface, the feature diversity of the inner layer of the packet (that is, the part before the VPN tunnel is not encapsulated) is lost, which affects the effect of load balancing.
而且,上述哈希均匀方式中,需要每个对报文进行转发的网络设备在接收到报文后,都进行一次哈希计算,影响报文的转发速率,从而降低了网络设备的转发性能。Moreover, in the above-mentioned uniform hashing method, each network device that forwards the packet needs to perform a hash calculation after receiving the packet, which affects the forwarding rate of the packet, thereby reducing the forwarding performance of the network device.
基于此,本申请实施例提供了一种报文处理的方法,在报文即将进入隧道时或者报文 即将进行分片时,网络设备获取该报文的报文特征信息(例如报文的内层五元组),基于该报文特征信息进行哈希计算,获得该报文对应的哈希值,并将该哈希值和该报文相关的内容(如该报文的全部内容或者该报文的部分内容)一起进行转发,这样,接收到该报文的网络设备即可基于所接收到的内容中的哈希值对该报文进行负载均衡操作,由于该哈希值是基于报文的内层报文特征计算得到的,体现了报文的多样性,一定程度上确保了哈希值的均匀分布,实现较好的负载均衡效果;而且,一个网络设备进行一次哈希计算,后续网络设备在存在负载均衡需求时从报文中读取哈希值即可用于负载均衡,节约了各网络设备的计算资源,提高了报文的转发效率,从而能够提高网络设备的转发性能。Based on this, an embodiment of the present application provides a packet processing method. When a packet is about to enter a tunnel or is about to be fragmented, a network device obtains packet feature information of the packet (for example, the content of the packet). Layer 5-tuple), perform hash calculation based on the feature information of the message, obtain the hash value corresponding to the message, and compare the hash value with the content related to the message (such as the entire content of the message or the In this way, the network device that receives the packet can perform load balancing operations on the packet based on the hash value in the received content, because the hash value is based on the It is obtained by calculating the inner layer packet characteristics of the message, which reflects the diversity of the message, ensures the uniform distribution of the hash value to a certain extent, and achieves a better load balancing effect; moreover, when a network device performs a hash calculation, Subsequent network devices can read the hash value from the packet for load balancing when there is a load balancing requirement, which saves the computing resources of each network device, improves packet forwarding efficiency, and improves the forwarding performance of the network device.
以图1所示的场景为例,该场景中包括网络设备101~网络设备104,其中,网络设备101包括处理单元11、处理单元12、接口A1、接口A2和接口A3,网络设备102包括处理单元21、接口B1和接口B2、网络设备103包括处理单元31、接口C1和接口C2,网络设备104包括处理单元41、处理单元42、处理单元43、处理单元44、接口D1、接口D2和接口D3。假设网络设备101为GRE隧道1的头端点,当网络设备101的处理单元11经接口A1接收到报文1和报文2时,确定该网络设备101为隧道1的头端点,网络设备101的处理单元(比如处理器11和/或处理器12)计算报文1对应的哈希值1,并为报文1封装GRE头1得到报文1’,GRE头1中携带哈希值1;计算报文2对应的哈希值2,并为报文2封装GRE头2得到报文2’,GRE头2中携带哈希值2。网络设备101根据哈希值1,确定报文1的出接口为接口A2,则将报文1’从接口A2转发到网络设备102,由网络设备102的接口B1接收并通过接口B2发送给网络设备104;同理,网络设备101根据哈希值2,确定报文2的出接口为接口A3,则将报文2’从接口A3转发到网络设备103,由网络设备103的接口C1接收并通过接口C2发送给网络设备104。接着,网络设备104的接口D1接收到报文1时,可以根据报文1的哈希值1,确定将报文1分配给处理单元41,处理单元41确定报文1’的出接口为接口D2,从而将报文1从接口D2转发到后续网络设备;网络设备104的接口D1接收到报文2’时,可以根据哈希值2,确定将报文2’分配给处理单元43,处理单元43确定报文2’的出接口为接口D2和接口D3,此时,处理单元43继续根据哈希值2确定真实转发报文2的出接口为接口D3,从而将报文2’从接口D3转发到后续网络设备。这样,可以实现网络中有效的负载均衡,提高转发效率,改善网络转发性能。Taking the scenario shown in FIG. 1 as an example, the scenario includes network devices 101 to 104, wherein the network device 101 includes a processing unit 11, a processing unit 12, an interface A1, an interface A2 and an interface A3, and the network device 102 includes processing Unit 21, interface B1 and interface B2, network device 103 includes processing unit 31, interface C1 and interface C2, network device 104 includes processing unit 41, processing unit 42, processing unit 43, processing unit 44, interface D1, interface D2 and interface D3. Assuming that the network device 101 is the head end of the GRE tunnel 1, when the processing unit 11 of the network device 101 receives the packet 1 and the packet 2 through the interface A1, it determines that the network device 101 is the head end of the tunnel 1, and the network device 101's The processing unit (such as the processor 11 and/or the processor 12) calculates the hash value 1 corresponding to the packet 1, and encapsulates the GRE header 1 for the packet 1 to obtain the packet 1', and the GRE header 1 carries the hash value 1; Calculate the hash value 2 corresponding to the packet 2, and encapsulate the GRE header 2 for the packet 2 to obtain the packet 2', and the GRE header 2 carries the hash value 2. The network device 101 determines that the outgoing interface of the packet 1 is the interface A2 according to the hash value 1, and then forwards the packet 1' from the interface A2 to the network device 102, which is received by the interface B1 of the network device 102 and sent to the network through the interface B2. device 104; similarly, network device 101 determines that the outgoing interface of packet 2 is interface A3 according to hash value 2, and then forwards packet 2' from interface A3 to network device 103, where it is received by interface C1 of network device 103 and sent to the network device 103. Sent to network device 104 through interface C2. Next, when the interface D1 of the network device 104 receives the packet 1, it can determine to allocate the packet 1 to the processing unit 41 according to the hash value 1 of the packet 1, and the processing unit 41 determines that the outgoing interface of the packet 1' is an interface D2, thereby forwarding the packet 1 from the interface D2 to the subsequent network device; when the interface D1 of the network device 104 receives the packet 2', it can determine to assign the packet 2' to the processing unit 43 according to the hash value 2, and process the packet 2'. The unit 43 determines that the outgoing interfaces of the packet 2' are the interface D2 and the interface D3. At this time, the processing unit 43 continues to determine the outgoing interface that actually forwards the packet 2 as the interface D3 according to the hash value 2, so as to send the packet 2' from the interface to the interface D3. D3 is forwarded to subsequent network devices. In this way, effective load balancing in the network can be achieved, forwarding efficiency can be improved, and network forwarding performance can be improved.
在一些实施例中,处理单元11、12、21、31、41、42、43、44中的一个或多个可以是中央处理器(英文:Central Processing Unit,简称:CPU)、网络处理器(英文:Network Processor,简称:NP)或转发芯片等具有处理和转发功能的单元,具体形式不作限定。In some embodiments, one or more of the processing units 11, 12, 21, 31, 41, 42, 43, and 44 may be a central processing unit (English: Central Processing Unit, referred to as: CPU), a network processor ( English: Network Processor, abbreviation: NP) or forwarding chip and other units with processing and forwarding functions, the specific form is not limited.
在一些实施例中,哈希值1可以携带在报文1’的其他部分,比如报文的IP扩展头中。In some embodiments, the hash value 1 may be carried in other parts of the packet 1', such as the IP extension header of the packet.
本申请实施例中,网络设备和节点在本申请中指代相同的含义,可以相互替换使用。本申请实施例中,网络设备是指具有转发功能的设备,具体可以包括但不限于交换机、路由器或防火墙等。In the embodiments of this application, the network device and the node refer to the same meaning in this application, and can be used interchangeably. In this embodiment of the present application, a network device refers to a device with a forwarding function, which may specifically include, but is not limited to, a switch, a router, or a firewall.
下面结合附图,通过实施例来详细说明本申请实施例中一种报文处理的方法的具体实 现方式。A specific implementation manner of a packet processing method in an embodiment of the present application will be described in detail below with reference to the accompanying drawings.
图2为本申请实施例中一种报文处理的方法100的信令流程图。一种情况下,该方法100可以应用于报文分片的场景,以执行报文分片操作的第一网络设备和该第一网络设备之后的任意一个网络设备(称为第二网络设备)之间的交互介绍本申请实施例;另一种情况下,该方法100也可以应用于隧道封装的场景,以第一隧道的头端点(也称为第一网络设备)和该第一隧道中除第一网络设备之外的任意一个网络设备(称为第二网络设备)之间的交互介绍本申请实施例。具体实现时,参见图2,该方法100例如可以包括下述S101~S104:FIG. 2 is a signaling flowchart of a packet processing method 100 in an embodiment of the present application. In one case, the method 100 can be applied to the scenario of packet fragmentation, to perform the packet fragmentation operation of the first network device and any network device (referred to as the second network device) after the first network device. The interaction between them introduces the embodiments of the present application; in another case, the method 100 can also be applied to a tunnel encapsulation scenario, where the head point (also referred to as the first network device) of the first tunnel and the first tunnel The interaction between any one network device (referred to as a second network device) other than the first network device introduces the embodiments of the present application. During specific implementation, referring to FIG. 2 , the method 100 may include, for example, the following S101 to S104:
S101,当满足预设条件,则,第一网络设备根据第一报文生成第二报文,第二报文中包括哈希值和与第一报文相关的内容,该哈希值为基于第一报文的报文特征信息计算得到的。S101, when a preset condition is met, the first network device generates a second packet according to the first packet, the second packet includes a hash value and content related to the first packet, and the hash value is based on The packet feature information of the first packet is calculated.
其中,第一报文的报文特征信息,是指第一报文中能够体现第一报文内层信息多样性的信息,确保基于该报文特征信息进行哈希计算得到的哈希值分布较为均匀,从而实现更好的负载均衡效果。例如,第一报文的报文特征信息可以是第一报文的内层五元组,即,第一报文的源IP地址、目的IP地址、源端口号、目的端口号和协议号。第一网络设备可以通过读取第一报文的IP头,从中获取到第一报文的报文特征信息。The message feature information of the first message refers to the information in the first message that can reflect the diversity of the inner layer information of the first message, and ensures the distribution of hash values obtained by performing hash calculation based on the feature information of the message. more uniform, so as to achieve better load balancing effect. For example, the packet feature information of the first packet may be an inner layer quintuple of the first packet, that is, the source IP address, destination IP address, source port number, destination port number, and protocol number of the first packet. The first network device may acquire the packet feature information of the first packet by reading the IP header of the first packet.
其中,预设条件,是网络设备需要计算报文对应哈希值的指示条件。网络中的各网络设备均配置有该预设条件,当接收到报文时,对是否满足预设条件进行判断,如果满足预设条件,则执行该方法100进行负载均衡;如果不满足预设条件,则正常转发该报文。根据不同的场景,该预设条件不同。The preset condition is an indication condition that the network device needs to calculate the hash value corresponding to the packet. Each network device in the network is configured with the preset condition. When receiving the message, it is judged whether the preset condition is met. If the preset condition is met, the method 100 is executed to perform load balancing; if the preset condition is not met, the load balancing is performed. condition, the packet is forwarded normally. The preset conditions are different according to different scenarios.
在一些可能的实现方式中,对于报文分片的场景,预设条件可以是:第一报文的长度大于第一网络设备的最大传输单元(英文:maximum transmission unit,简称:MTU)。网络中各网络设备均配置有接口的MTU,用于限制接口发送的最大数据长度,当接收到报文后,判断该报文的总长度是否大于MTU,如果该报文的总长度大于MTU,则对报文进行分片并确保分片后的各分片报文的长度均小于MTU,对各分片报文进行转发;如果该报文的总长度不大于MTU,则无需对该报文进行分片即可直接转发该报文。例如,假设第一网络设备上的MTU为1500字节,第一网络设备接收到第一报文,如果第一报文的长度为1457字节,由于1457字节小于1500字节,所以,第一网络设备不对第一报文进行处理,直接进行转发即可;如果第一报文的长度为4678字节,由于4678字节大于1500字节,所以,第一网络设备将第一报文进行分片,例如可以得到至少4个分片报文:分片报文1、分片报文2、分片报文3和分片报文4,每个分片报文的长度均小于1500字节。In some possible implementation manners, for the scenario of packet fragmentation, the preset condition may be: the length of the first packet is greater than the maximum transmission unit (English: maximum transmission unit, MTU for short) of the first network device. Each network device in the network is configured with the MTU of the interface, which is used to limit the maximum data length sent by the interface. After receiving a packet, it is judged whether the total length of the packet is greater than the MTU. If the total length of the packet is greater than the MTU, Then, fragment the packet and ensure that the length of each fragmented packet after fragmentation is less than the MTU, and forward each fragmented packet; if the total length of the packet is not greater than the MTU, there is no need for the packet. Fragmentation can directly forward the packet. For example, assuming that the MTU on the first network device is 1500 bytes and the first network device receives the first packet, if the length of the first packet is 1457 bytes, since 1457 bytes is less than 1500 bytes, the first A network device does not process the first packet, but simply forwards it; if the length of the first packet is 4678 bytes, since 4678 bytes is greater than 1500 bytes, the first network device forwards the first packet. Fragmentation, for example, at least 4 fragmented packets can be obtained: fragmented packet 1, fragmented packet 2, fragmented packet 3, and fragmented packet 4. The length of each fragmented packet is less than 1500 words. Festival.
具体实现时,S101具体可以包括:S11,第一网络设备确定该第一报文需要分片时,获取第一报文的报文特征信息;S12,第一网络设备基于该报文特征信息计算该第一报文对应的哈希值;S13,第一网络设备将第一报文处理为至少2个分片报文;S14,第一网络设备在在每个分片报文中添加哈希值,获得至少2个第二报文。该情况下,第二报文中除了包括哈希值,还包括第一报文的一个分片报文对应的内容(即S101中所称的第一报文相 关的内容)。When specifically implemented, S101 may specifically include: S11, when the first network device determines that the first packet needs to be fragmented, obtain packet feature information of the first packet; S12, the first network device calculates based on the packet feature information the hash value corresponding to the first packet; S13, the first network device processes the first packet into at least two fragmented packets; S14, the first network device adds a hash to each fragmented packet value, obtain at least two second packets. In this case, in addition to the hash value, the second packet also includes content corresponding to a fragmented packet of the first packet (that is, the content related to the first packet referred to in S101).
对于S12,第一网络设备可以根据预设的哈希算法,对第一报文的报文特征信息进行哈希计算,获得哈希值。预设的哈希算法例如可以是:异或算法或循环冗余码校验(英文:cyclic redundancy check,简称:CRC)16或CRC32等。由于携带在第二报文中且用于指导后续负载均衡的哈希值,该哈希值的位数需要和网络设备的接口数量匹配,例如:网络设备有8个接口,那么,该哈希值可以是一个3比特长的二进制数。所以,网络设备可以预设哈希值的预设长度,那么,S12例如可以包括:第一网络设备对报文特征信息采用预设的哈希算法进行哈希计算,得到初始哈希值;基于初始哈希值获得预设长度的目标哈希值,该目标哈希值即为本申请实施例中携带在第二报文中的哈希值。一种情况下,网络设备可以截取初始哈希值中的预设长度,将所截取的比特位的值作为目标哈希值;另一种情况下,第一网络设备也可以对初始哈希值进行取模(如异或)处理,得到预设长度的目标哈希值。For S12, the first network device may perform a hash calculation on the packet feature information of the first packet according to a preset hash algorithm to obtain a hash value. The preset hash algorithm may be, for example, an XOR algorithm or a cyclic redundancy check (English: cyclic redundancy check, CRC for short) 16 or CRC32. Since the hash value carried in the second packet and used to guide subsequent load balancing, the number of bits of the hash value needs to match the number of interfaces of the network device. For example, if the network device has 8 interfaces, then the hash value The value can be a 3-bit long binary number. Therefore, the network device may preset the preset length of the hash value, and then, S12 may include, for example: the first network device uses a preset hash algorithm to perform hash calculation on the packet feature information to obtain an initial hash value; The initial hash value obtains a target hash value with a preset length, and the target hash value is the hash value carried in the second message in the embodiment of the present application. In one case, the network device may intercept the preset length in the initial hash value, and use the intercepted bit value as the target hash value; in another case, the first network device may also interpret the initial hash value. Perform modulo (such as XOR) processing to obtain a target hash value with a preset length.
第一报文分片得到多个分片报文后,可以在各分片报文的IP扩展头中携带该哈希值。After the first packet is fragmented to obtain multiple fragmented packets, the hash value may be carried in the IP extension header of each fragmented packet.
作为一个示例,对于IP报文,IP扩展头中可以包括拷贝标志位(C)、类型(Class)字段和选项(英文:Option)字段。哈希值可以携带在分片报文的IP扩展头中的Option字段中,例如:可以新定义未被占用的Option字段的取值,在该Option字段对应的值(英文:Value)字段中携带该哈希值。其中,Option字段未被占用的取值包括25、26和31。As an example, for an IP packet, the IP extension header may include a copy flag (C), a type (Class) field, and an option (English: Option) field. The hash value can be carried in the Option field in the IP extension header of the fragmented packet. For example, the value of the unoccupied Option field can be newly defined and carried in the value (English: Value) field corresponding to the Option field. the hash value. The unoccupied values of the Option field include 25, 26, and 31.
例如:假设第一报文满足预设条件,第一网络设备基于第一报文的报文特征信息计算出的哈希值为a,使用Option字段未被占用的取值26承载哈希值a。第一网络设备可以将第一报文划分为N(N为大于1的整数)个分片报文,如图3a所示,每个分片报文可以包括:IP头、IP扩展头和净载荷(英文:payload),IP扩展头中,C=1,指示该IP扩展头为分片报文拷贝扩展头;Class字段=0,指示控制;Option字段=26,指示对应的Value字段承载哈希值;长度(英文:Length)字段的取值用于指示该Option字段对应内容的长度;Value字段=哈希值a。For example: assuming that the first packet satisfies the preset conditions, the hash value calculated by the first network device based on the packet feature information of the first packet is a, and the value of 26, which is an unoccupied Option field, is used to carry the hash value a. . The first network device may divide the first packet into N (N is an integer greater than 1) fragmented packets, as shown in Figure 3a, each fragmented packet may include: an IP header, an IP extension header, and a net header. Payload (English: payload), in the IP extension header, C=1, indicating that the IP extension header is a fragmented packet copy extension header; Class field=0, indicating control; Option field=26, indicating that the corresponding Value field carries Value; the value of the Length (English: Length) field is used to indicate the length of the content corresponding to the Option field; Value field = hash value a.
作为另一个示例,对于IPv6报文,分片场景中的IP扩展头中可以包括:下一个扩展头(英文:Next Header)字段、预留(英文:Reserved)字段、分片偏置(英文:Fragment Offset)字段、预留(Res)字段和M标志位和标识(英文:Identification)字段。其中,第一个Reserved字段的长度为8位字段,目前未被占用,可以用于携带哈希值。As another example, for an IPv6 packet, the IP extension header in the fragmentation scenario may include: a next extension header (English: Next Header) field, a reserved (English: Reserved) field, and a fragmentation offset (English: Fragment Offset) field, reserved (Res) field and M flag bit and identification (English: Identification) field. Among them, the length of the first Reserved field is an 8-bit field, which is currently unused and can be used to carry a hash value.
例如:假设第一报文为IPv6报文且满足预设条件,第一网络设备基于第一报文的报文特征信息计算出的哈希值为a,使用Reserved字段承载哈希值a。第一网络设备可以将第一报文划分为N(N为大于1的整数)个分片报文,如图3b所示,每个分片报文可以包括:IP头、IP扩展头和净载荷(英文:payload),IP扩展头中,第一个Reserved字段等于哈希值a。For example, assuming that the first packet is an IPv6 packet and satisfies a preset condition, the hash value calculated by the first network device based on the packet feature information of the first packet is a, and the Reserved field is used to carry the hash value a. The first network device may divide the first packet into N (N is an integer greater than 1) fragmented packets, as shown in Figure 3b, each fragmented packet may include: an IP header, an IP extension header, and a net Payload (English: payload), in the IP extension header, the first Reserved field is equal to the hash value a.
在一些实施例中,也可以通过其他方式在各个分片报文中携带第一报文对应的哈希值,这样,在报文分片的场景下保留了报文特征的多样性,能够使得网络中的负载均衡;而且,还可以确保同一个报文的分片报文在进行哈希均匀时被分担到相同的链路或相同的处理单元上,实现分片报文的有序转发。In some embodiments, the hash value corresponding to the first packet may also be carried in each fragmented packet in other ways. In this way, in the scenario of packet fragmentation, the diversity of packet characteristics is preserved, which can make Load balancing in the network; moreover, it can also ensure that the fragmented packets of the same packet are shared on the same link or the same processing unit when hashing is performed evenly, so as to realize the orderly forwarding of the fragmented packets.
在另一些可能的实现方式中,对于隧道封装的场景,预设条件可以是:第一网络设备为第一隧道的头端点。第一报文到达第一网络设备时未封装第一隧道,如果第一网络设备查看转发表,确定第一报文对应的转发表项的下一跳信息指示出接口类型为第一隧道,则,第一网络设备可以确定自身为第一隧道的头端点,第一报文从该第一网络设备开始通过第一隧道传输,此时,对第一报文封装第一隧道对应的第一隧道头后,对封装后的报文进行转发;如果第一网络设备查看转发表,确定第一报文对应的转发表项的下一跳信息指示出接口类型不是第一隧道,则,第一网络设备可以确定自身不是第一隧道的头端点,此时,无需为第一报文封装第一隧道即可直接对第一报文进行转发。例如,假设第一网络设备上第一报文对应的转发表项的下一跳信息指示出接口类型为GRE隧道,则,第一报文到达第一网络设备后,第一网络设备为第一报文封装GRE头;又例如,假设第一网络设备上第一报文对应的转发表项的下一跳信息指示出接口类型为IPSec隧道,则,第一报文到达第一网络设备后,第一网络设备为第一报文封装IPSec头,IPSec头具体可以是认证头(英文:Authentication Header,简称:AH)或封装安全载荷(英文:Encapsulating Security Payload,简称:ESP)。In some other possible implementation manners, for the scenario of tunnel encapsulation, the preset condition may be: the first network device is the head end point of the first tunnel. When the first packet arrives at the first network device, the first tunnel is not encapsulated. If the first network device checks the forwarding table and determines that the next hop information of the forwarding table entry corresponding to the first packet indicates that the outbound interface type is the first tunnel, then , the first network device can determine that it is the head end of the first tunnel, and the first packet is transmitted from the first network device through the first tunnel. At this time, the first packet is encapsulated with the first tunnel corresponding to the first tunnel. After the header, the encapsulated packet is forwarded; if the first network device checks the forwarding table and determines that the next hop information of the forwarding table entry corresponding to the first packet indicates that the outbound interface type is not the first tunnel, then the first network The device may determine that it is not the head-end point of the first tunnel, and in this case, it can directly forward the first packet without encapsulating the first tunnel for the first packet. For example, assuming that the next hop information of the forwarding entry corresponding to the first packet on the first network device indicates that the outbound interface type is a GRE tunnel, after the first packet reaches the first network device, the first network device is the first network device. The packet encapsulates a GRE header; for another example, assuming that the next hop information of the forwarding entry corresponding to the first packet on the first network device indicates that the outbound interface type is an IPSec tunnel, then, after the first packet reaches the first network device, The first network device encapsulates an IPSec header for the first packet, and the IPSec header may specifically be an authentication header (English: Authentication Header, abbreviated: AH) or an encapsulating security payload (English: Encapsulating Security Payload, abbreviated: ESP).
在一些实施例中,S101具体可以包括:S21,第一网络设备确定自身为第一隧道的头端点时,第一网络设备判断第一报文中是否包括哈希值,如果包括,则执行S24,否则执行S22;S22,第一网络设备获取第一报文的报文特征信息;S23,第一网络设备基于该报文特征信息计算该第一报文对应的哈希值;S24,第一网络设备基于第一报文和哈希值,生成第二报文,该第二报文中包括哈希值。该情况下,第二报文中除了包括哈希值,还包括第一报文的全部内容(即S101中所称的第一报文相关的内容)。In some embodiments, S101 may specifically include: S21, when the first network device determines that it is the head end point of the first tunnel, the first network device determines whether the first packet includes a hash value, and if so, executes S24 , otherwise perform S22; S22, the first network device obtains the message feature information of the first message; S23, the first network device calculates the hash value corresponding to the first message based on the message feature information; S24, the first The network device generates a second packet based on the first packet and the hash value, where the second packet includes the hash value. In this case, in addition to the hash value, the second packet also includes the entire content of the first packet (that is, the content related to the first packet referred to in S101).
如果第一报文到达第一网络设备之前,已经被进行过报文分片或者已经封装了其他的隧道,则,该第一报文中可能已经包括了体现第一报文特征多样性的哈希值,此时,为了节约计算资源,第一网络设备确定自己为第一隧道的头端点时,可以直接从第一报文中获取哈希值,并基于S24生成第二报文。如果第一报文不携带哈希值,那么,即可基于S22~S23计算得到哈希值,具体过程可以参见上述对于S12的相关说明。If the first packet has been fragmented or encapsulated with other tunnels before reaching the first network device, the first packet may already include a hash that reflects the feature diversity of the first packet. At this time, in order to save computing resources, when the first network device determines that it is the head end point of the first tunnel, it can directly obtain the hash value from the first packet, and generate the second packet based on S24. If the first packet does not carry the hash value, then the hash value can be obtained by calculation based on S22 to S23, and for the specific process, please refer to the above-mentioned description of S12.
在一些实施例中,S24中第一网络设备生成第二报文的过程,包括:第一网络设备为第一报文封装第一隧道对应的第一隧道头,获得第二报文,该第二报文中的报文头中包括哈希值。In some embodiments, the process of generating the second packet by the first network device in S24 includes: the first network device encapsulates the first tunnel header corresponding to the first tunnel for the first packet, and obtains a second packet, the first The packet header in the second packet includes the hash value.
作为一个示例,携带哈希值的第二报文的报文头可以是第一隧道头。例如:可以在第一隧道头的预留Reserved字段中携带该哈希值,或者,也可以在第一隧道头的标志位(英文:Flags)携带该哈希值,又或者,还可以在第一隧道头的可选(英文:Optional)字段中的扩展字段携带该哈希值。As an example, the packet header of the second packet carrying the hash value may be the first tunnel header. For example, the hash value may be carried in the Reserved field of the first tunnel header, or the hash value may be carried in the flag bit (English: Flags) of the first tunnel header, or the hash value may also be carried in the first tunnel header. An extension field in an optional (English: Optional) field of a tunnel header carries the hash value.
其中,第一隧道可以是第一VPN隧道,例如可以是第一GRE隧道或第一IPSec隧道。The first tunnel may be the first VPN tunnel, for example, the first GRE tunnel or the first IPSec tunnel.
例如:假设第一隧道为GRE隧道,那么,第一隧道头即为GRE头。第二报文的格式如图4a或图4b所示,包括:外层IP头、GRE头、内层IP头和payload。参见图4a所示,第一报文的哈希值a可以携带在第二报文的Flags中,即,Flags=哈希值a。参见图4b所示,第一报文的哈希值a也可以携带在第二报文的Optional的扩展字段中,通过Flags的值 指示携带哈希值a的位置,即,Flags=Optional的位置,Optional字段=哈希值a。For example, assuming that the first tunnel is a GRE tunnel, then the first tunnel header is a GRE header. The format of the second packet is shown in Figure 4a or Figure 4b, and includes: an outer IP header, a GRE header, an inner IP header, and a payload. Referring to Fig. 4a, the hash value a of the first packet may be carried in the Flags of the second packet, that is, Flags=hash value a. Referring to Fig. 4b, the hash value a of the first packet can also be carried in the Optional extension field of the second packet, and the value of Flags indicates the position where the hash value a is carried, that is, the position of Flags=Optional , Optional field = hash value a.
又例如:假设第一隧道为IPSec隧道,那么,第一隧道头即为IPSec头。第二报文的格式如图4c或图4d所示,第一报文的哈希值a可以携带在第二报文中IPSec头的Reserved字段。如图4c所示,该第二报文对应IPSec的隧道模式,第二报文包括:外层IP头、IPSec头、内层IP头和payload。如图4d所示,该第二报文对应IPSec的传输模式,第二报文包括:内层IP头、IPSec头和payload。需要说明的是,图4c和图4d中的IPSec头可以是AH,也可以是ESP,在本申请实施例中不作具体限定。For another example, assuming that the first tunnel is an IPSec tunnel, then the first tunnel header is an IPSec header. The format of the second packet is shown in FIG. 4c or FIG. 4d , and the hash value a of the first packet may be carried in the Reserved field of the IPSec header in the second packet. As shown in Figure 4c, the second packet corresponds to the tunnel mode of IPSec, and the second packet includes: an outer IP header, an IPSec header, an inner IP header, and a payload. As shown in FIG. 4d , the second packet corresponds to the transmission mode of IPSec, and the second packet includes: an inner IP header, an IPSec header, and a payload. It should be noted that, the IPSec header in FIG. 4c and FIG. 4d may be AH or ESP, which is not specifically limited in this embodiment of the present application.
作为另一个示例,如果第一隧道为隧道模式,那么,第一网络设备在为第一报文封装第一VPN头时,还需要在第一VPN头的外层封装外层IP头。为了能够在报文转发过程中让后续网络设备方便的读取到该哈希值,也可以将哈希值携带在该外层IP头中,即,携带哈希值的第二报文的报文头也可以是外层IP头。具体携带方式在本实施例中不作限定。As another example, if the first tunnel is in the tunnel mode, when the first network device encapsulates the first VPN header for the first packet, it also needs to encapsulate the outer IP header in the outer layer of the first VPN header. In order to allow subsequent network devices to easily read the hash value during the packet forwarding process, the hash value can also be carried in the outer IP header, that is, the second packet carrying the hash value. The header can also be an outer IP header. The specific carrying manner is not limited in this embodiment.
在一些实施例中,VPN隧道的类型包括但不限于GRE隧道、IPSec隧道、虚拟扩展局域网(英文:virtual extensible local area network,简称:VXLAN)隧道、二层隧道协议(英文:layer 2 tunneling protocol,简称:L2TP)隧道、三层隧道协议(英文:layer 3 tunneling protocol version 3,简称:L2TPv3)隧道、多协议标签交换(英文:multi-protocol label switch,简称:MPLS)隧道、IPv6 Over IPv4隧道、IPv4 Over IPv6隧道等。具体生成第二报文的实现方式可以参见上述以GRE隧道、IPSec隧道为例的相关描述,在此不再一一赘述。In some embodiments, the types of VPN tunnels include but are not limited to GRE tunnels, IPSec tunnels, virtual extensible local area network (English: virtual extensible local area network, VXLAN for short) tunnels, layer 2 tunneling protocol (English: layer 2 tunneling protocol, Abbreviation: L2TP) tunnel, Layer 3 tunneling protocol version 3 (English: layer 3 tunneling protocol version 3, Abbreviation: L2TPv3) tunnel, Multi-protocol label switching (English: multi-protocol label switch, Abbreviation: MPLS) tunnel, IPv6 Over IPv4 tunnel, IPv4 Over IPv6 tunnel, etc. For a specific implementation manner of generating the second packet, reference may be made to the above-mentioned related descriptions taking the GRE tunnel and the IPSec tunnel as examples, and details are not repeated here.
上述S101的具体操作可以在第一网络设备中的处理单元中完成。The specific operations of the above S101 may be completed in a processing unit in the first network device.
在一些实施例中,S101中的预设条件包括但不限于上述两种可能的实现方式中的描述。例如:第一报文为无需进行分片也无需封装隧道的IP报文,那么,也可以认为该第一报文符合预设条件,将该第一报文对应的哈希值携带在该IP报文的IP扩展头中,得到第二报文,从而,在转发该第二报文的过程中,各网络设备仅需要读取该第二报文的IP扩展头中的哈希值即可对第二报文进行负载均衡,无需每个网络设备进行哈希计算得到第一报文对应的哈希值,节约了报文转发的时间,在确保负载的均衡的基础上能够有效的提高报文转发的效率。In some embodiments, the preset conditions in S101 include, but are not limited to, the descriptions in the above two possible implementation manners. For example, if the first packet is an IP packet that does not need to be fragmented or encapsulated a tunnel, then it can also be considered that the first packet meets the preset conditions, and the hash value corresponding to the first packet is carried in the IP The second packet is obtained from the IP extension header of the packet. Therefore, in the process of forwarding the second packet, each network device only needs to read the hash value in the IP extension header of the second packet. The load balancing of the second packet does not require each network device to perform hash calculation to obtain the hash value corresponding to the first packet, which saves the time of packet forwarding, and can effectively improve the load balance on the basis of ensuring load balance. Efficiency of text forwarding.
可见,第一网络设备将第一报文对应的哈希值携带在新生成的第二报文中方便读取的位置,为后续各个网络设备转发该第二报文时的负载均衡提供了方便,而且,由于第一报文的哈希值体现了第一报文内层特征的多样性,为网络中的负载均衡效果提供了保障。It can be seen that the first network device carries the hash value corresponding to the first packet in a position in the newly generated second packet that is easy to read, which provides convenience for load balancing when each subsequent network device forwards the second packet. Moreover, since the hash value of the first packet reflects the diversity of the inner layer features of the first packet, the load balancing effect in the network is guaranteed.
S102,第一网络设备将第二报文发送给第二网络设备。S102, the first network device sends the second packet to the second network device.
S103,第二网络设备接收第一网络设备发送的第二报文。S103, the second network device receives the second packet sent by the first network device.
在一些实施例中,第一网络设备也可以基于第二报文中的哈希值进行负载均衡。例如:当第一网络设备基于第二报文对应的转发表项,确定存在多个出接口,此时,第一网络设备基于哈希值,从多个出接口中确定一个出接口,从而将第二报文从所确定的出接口转出。具体过程参见下述S104的相关说明。In some embodiments, the first network device may also perform load balancing based on the hash value in the second packet. For example: when the first network device determines that there are multiple outgoing interfaces based on the forwarding entry corresponding to the second packet, at this time, the first network device determines one outgoing interface from the multiple outgoing interfaces based on the hash value, so that the The second packet is forwarded from the determined outbound interface. For the specific process, refer to the relevant description of the following S104.
对于在第一网络设备处封装多层隧道的情况,如果先按照上述S101为第一报文封装了第一隧道头,得到第二报文,那么,该方法100还可以包括:S31,第一网络设备确定 自身为第二隧道的头端点,则,从第二报文中获取哈希值;S34,第一网络设备为第二报文封装第二隧道对应的第二隧道头,获得更新后的第二报文,该更新后的第二报文中包括哈希值,例如:第二隧道头中包括哈希值。如果先为第一报文封装第二隧道头,即,该方法100在S101之前还可以包括:S41,第一网络设备确定自身为第二隧道的头端点,则,第一网络设备基于报文特征信息计算该第一报文对应的哈希值;S42,第一网络设备为第一报文封装第二隧道头,得到第三报文,该第三报文中包括哈希值;此时,S101例如可以包括:第一网络设备确定自身为第一隧道的头端点,则,第一网络设备从第三报文中获取哈希值,从而,第一网络设备为第三报文封装第一隧道头,得到第二报文,该第二报文中包括哈希值,例如:第二隧道头和第一隧道头中包括哈希值。需要说明的是,同一个网络设备上同时封装多层隧道,多层隧道的封装顺序不作具体限定,且封装顺序也不影响后续负载均衡的效果。In the case of encapsulating a multi-layer tunnel at the first network device, if the first tunnel header is encapsulated for the first packet according to the above S101, and the second packet is obtained, then the method 100 may further include: S31, the first The network device determines that it is the head end point of the second tunnel, then obtains the hash value from the second packet; S34, the first network device encapsulates the second tunnel header corresponding to the second tunnel for the second packet, and obtains the updated The updated second packet includes the hash value, for example, the second tunnel header includes the hash value. If the second tunnel header is first encapsulated for the first packet, that is, before S101, the method 100 may further include: S41, the first network device determines that it is the head end of the second tunnel, then the first network device based on the packet The characteristic information calculates the hash value corresponding to the first packet; S42, the first network device encapsulates the second tunnel header for the first packet to obtain a third packet, and the third packet includes the hash value; at this time , S101 may include, for example: the first network device determines that it is the head end point of the first tunnel, then the first network device obtains the hash value from the third packet, so that the first network device encapsulates the third packet for the third packet. A tunnel header is obtained, and a second packet is obtained, where the second packet includes a hash value, for example, the second tunnel header and the first tunnel header include hash values. It should be noted that, multiple layers of tunnels are encapsulated on the same network device at the same time, the encapsulation sequence of the multiple layers of tunnels is not specifically limited, and the encapsulation sequence does not affect the effect of subsequent load balancing.
该封装多层隧道的场景中,第一网络设备发送给第二网络设备的第二报文为更新后的第二报文,也即第一网络设备最后处理完成后从出接口传输出的报文。In the scenario of encapsulating a multi-layer tunnel, the second packet sent by the first network device to the second network device is the updated second packet, that is, the packet transmitted from the outgoing interface after the first network device has completed the final processing. Arts.
需要说明的是,无论是否经过隧道的叠加,只要发送给第二网络设备的第二报文的报文头中包括了能够体现第一报文的内层特征的哈希值,均不影响后续负载均衡效果。It should be noted that, regardless of whether the tunnel is superimposed or not, as long as the header of the second packet sent to the second network device includes a hash value that can reflect the inner layer characteristics of the first packet, it will not affect subsequent packets. Load balancing effect.
S104,第二网络设备基于第二报文中的哈希值,对第二报文进行处理。S104, the second network device processes the second packet based on the hash value in the second packet.
第二报文从第一网络设备转发到第二网络设备,该第二网络设备可以和第一网络设备直接相连,也可以是经过其他网络设备间接连接。The second packet is forwarded from the first network device to the second network device, and the second network device may be directly connected to the first network device, or may be indirectly connected through other network devices.
在一些可能的实现方式中,第二网络设备为了增强转发等方面的性能,该第二网络设备内可能中包括多个处理单元,那么,第二网络设备在接收到第二报文后,可以基于第二报文中携带的哈希值,确定该第二报文对应的处理单元,并将第二报文分配到该处理单元进行处理。In some possible implementations, in order to enhance the performance of forwarding and other aspects, the second network device may include multiple processing units. Then, after receiving the second packet, the second network device may Based on the hash value carried in the second packet, a processing unit corresponding to the second packet is determined, and the second packet is allocated to the processing unit for processing.
作为一个示例,第二网络设备可以直接基于哈希值确定处理第二报文的处理单元。例如:将第二报文分配到编号和哈希值相等的处理单元上。假设第二网络设备中包括8个处理单元,编号为0~7,那么,当第二报文中的哈希值为0时,第二网络设备将该第二报文分配给处理单元0;当第二报文中的哈希值为1时,第二网络设备将该第二报文分配给处理单元1。As an example, the second network device may directly determine the processing unit for processing the second packet based on the hash value. For example: assign the second packet to the processing unit with the same number and hash value. Assuming that the second network device includes 8 processing units, numbered 0 to 7, then, when the hash value in the second packet is 0, the second network device allocates the second packet to processing unit 0; When the hash value in the second packet is 1, the second network device allocates the second packet to the processing unit 1 .
作为又一个示例,第二网络设备内可以预设哈希值和处理单元的对应关系,确定处理第二报文的处理单元。例如:第二网络设备可以按照各处理单元的能力预设对应关系。假设第二网络设备中包括2个处理单元,处理单元0的能力强于处理单元1的能力,那么,第二网络设备预设的对应关系包括:对应关系1“哈希值0~5对应处理单元0”,对应关系2“哈希值6和7对应处理单元1”,这样,当第二报文中的哈希值为0~5中任意一个时,第二网络设备根据对应关系1和哈希值,确定需要将该第二报文分配给处理单元0;当第二报文中的哈希值为6或7时,第二网络设备根据对应关系2和哈希值,确定需要将该第二报文分配给处理单元1。As another example, the corresponding relationship between the hash value and the processing unit may be preset in the second network device to determine the processing unit that processes the second packet. For example, the second network device may preset the corresponding relationship according to the capability of each processing unit. Assuming that the second network device includes two processing units, and the capability of processing unit 0 is stronger than that of processing unit 1, then the preset correspondence relationship of the second network device includes: correspondence relationship 1 "Hash values 0 to 5 correspond to processing Unit 0", corresponding relationship 2 "Hash values 6 and 7 correspond to processing unit 1", in this way, when the hash value in the second packet is any one of 0 to 5, the second network device according to the corresponding relationship 1 and Hash value, it is determined that the second packet needs to be allocated to processing unit 0; when the hash value in the second packet is 6 or 7, the second network device determines according to the corresponding relationship 2 and the hash value. The second message is assigned to the processing unit 1 .
在一些场景中,对于包括多个处理单元的第二网络设备,多个处理单元往往并行处理,处理完成之后统一从该第二网络设备将多个报文发出,从而提高并行转发效率。但 是,如果哈希均匀的效果不好,用于指导选择处理单元的哈希值分布不均匀,例如对于丢失了部分报文特征的流,五元组不同但基于三元组计算所得的哈希值相等时,会出现哈希值分布不均匀的问题,很可能导致该多个处理单元中某个或某些处理单元负载较重,其他处理单元负载很轻,使得各处理单元处理速度不一,并行转发效率变慢,从而影响或丧失了多处理单元的优势。但是,基于本申请实施例提供的方法,由于能够体现报文内层特征的哈希值被携带在报文中转发给多处理单元的网络设备,使得待转发报文可以基于分布均匀的哈希值被相对均衡的分配到网络设备内各个处理单元,从而能够充分有效的利用多个处理单元高效的并行转发功能,实现高效的转发。In some scenarios, for a second network device including multiple processing units, the multiple processing units often process in parallel, and after the processing is completed, multiple packets are sent from the second network device uniformly, thereby improving parallel forwarding efficiency. However, if the effect of uniform hashing is not good, the distribution of hash values used to guide the selection of processing units is not uniform. For example, for a flow that loses some packet characteristics, the five-tuple is different but the hash calculated based on the three-tuple is used. When the values are equal, the problem of uneven distribution of hash values will occur, which is likely to cause one or some of the multiple processing units to be heavily loaded, and other processing units to be lightly loaded, resulting in different processing speeds of each processing unit. , the parallel forwarding efficiency becomes slower, thus affecting or losing the advantages of multi-processing units. However, based on the method provided by the embodiment of the present application, since the hash value that can reflect the inner layer characteristics of the message is carried in the message and forwarded to the network device of the multi-processing unit, the message to be forwarded can be based on the evenly distributed hash value. The values are relatively evenly distributed to each processing unit in the network device, so that the efficient parallel forwarding function of multiple processing units can be fully and effectively utilized to achieve efficient forwarding.
在另一些可能的实现方式中,如果第二网络设备中接收到第二报文的处理单元,根据第二报文对应的转发表项,确定有多个出接口,此时,第二网络设备基于哈希值,从多个出接口中确定一个出接口,从而将第二报文从所确定的出接口转出。In some other possible implementation manners, if the processing unit in the second network device that receives the second packet determines that there are multiple outgoing interfaces according to the forwarding entry corresponding to the second packet, at this time, the second network device Based on the hash value, one outgoing interface is determined from the multiple outgoing interfaces, so that the second packet is forwarded from the determined outgoing interface.
作为一个示例,第二网络设备可以直接基于哈希值确定用于转发第二报文的出接口。例如:将第二报文分配到编号和哈希值相等的出接口上。假设第二网络设备中包括8个出接口,编号为0~7,那么,当第二报文中的哈希值为0时,第二网络设备将该第二报文从给出接口0转发出第二网络设备;当第二报文中的哈希值为1时,第二网络设备将该第二报文从出接口1转发出第二网络设备。As an example, the second network device may directly determine the outbound interface for forwarding the second packet based on the hash value. For example, assign the second packet to the outbound interface with the same number and hash value. Assuming that the second network device includes 8 outgoing interfaces, numbered 0 to 7, then when the hash value in the second packet is 0, the second network device forwards the second packet from the given interface 0 outgoing the second network device; when the hash value in the second packet is 1, the second network device forwards the second packet from the outgoing interface 1 to the second network device.
作为又一个示例,第二网络设备内可以预设哈希值和出接口的对应关系,确定转发第二报文的出接口。例如:第二网络设备可以按照各出接口的带宽等参数预设对应关系。假设第二网络设备中包括2个接口,接口0的带宽是接口1带宽的3倍,那么,第二网络设备预设的对应关系包括:对应关系1“哈希值0~5对应接口0”,对应关系2“哈希值6和7对应接口1”,这样,当第二报文中的哈希值为0~5中任意一个时,第二网络设备根据对应关系1和哈希值,确定需要将该第二报文从接口0转发出第二网络设备;当第二报文中的哈希值为6或7时,第二网络设备根据对应关系2和哈希值,确定需要将该第二报文从接口1转发出第二网络设备。As another example, the correspondence between the hash value and the outgoing interface may be preset in the second network device to determine the outgoing interface for forwarding the second packet. For example, the second network device may preset a corresponding relationship according to parameters such as the bandwidth of each outgoing interface. Assuming that the second network device includes two interfaces, and the bandwidth of interface 0 is three times that of interface 1, then the preset correspondence relationship of the second network device includes: correspondence relationship 1 "Hash values 0-5 correspond to interface 0" , corresponding relationship 2 "hash values 6 and 7 correspond to interface 1", in this way, when the hash value in the second packet is any one of 0 to 5, the second network device according to the corresponding relationship 1 and the hash value, It is determined that the second packet needs to be forwarded from interface 0 to the second network device; when the hash value in the second packet is 6 or 7, the second network device determines, according to the corresponding relationship 2 and the hash value, that it needs to The second packet is forwarded from the interface 1 to the second network device.
如果第二网络设备确定自身为第三隧道的头端点,则,该第二网络设备可以从第二报文中获取哈希值,并为所述第二报文封装第三隧道头,获得第四报文,其中,第四报文的第三隧道头中包括该哈希值。此时,如果第二网络设备确定第四报文有多个出接口,该第二网络设备可以基于第三隧道头中的哈希值,确定将第四报文转发出第二网络设备的出接口;而且,第二网络设备将该第四报文发送给第三网络设备后,该第四报文中的哈希值也可以被第三网络设备用于选择处理单元以及出接口,实现对应的负载均衡。例如:第一隧道可以是GRE隧道,第三隧道可以是IPSec隧道,那么,该第四报文上可以认为封装了IPSec Over GRE隧道;又例如:第一隧道可以是IPSec隧道,第三隧道可以是GRE隧道,那么,该第四报文上可以认为封装了GRE Over IPSec隧道;再例如:第一隧道和第二隧道均为GRE隧道,那么,该第四报文上可以认为封装了GRE Over GRE隧道。If the second network device determines that it is the head end point of the third tunnel, the second network device can obtain the hash value from the second packet, and encapsulate the third tunnel header for the second packet to obtain the first Four packets, wherein the hash value is included in the third tunnel header of the fourth packet. At this time, if the second network device determines that the fourth packet has multiple outgoing interfaces, the second network device may determine to forward the fourth packet to the outgoing interface of the second network device based on the hash value in the third tunnel header. interface; and, after the second network device sends the fourth packet to the third network device, the hash value in the fourth packet can also be used by the third network device to select the processing unit and the outgoing interface to achieve corresponding load balancing. For example, the first tunnel can be a GRE tunnel, and the third tunnel can be an IPSec tunnel. Then, the fourth packet can be considered to encapsulate an IPSec Over GRE tunnel; another example: the first tunnel can be an IPSec tunnel, and the third tunnel can be If it is a GRE tunnel, then the fourth packet can be considered to be encapsulated with a GRE Over IPSec tunnel; for another example, if the first tunnel and the second tunnel are both GRE tunnels, then the fourth packet can be considered to be encapsulated with a GRE Over IPSec tunnel. GRE tunnel.
如果第二网络设备不是第一隧道的终端点,则,S104即可基于第二报文中的哈希值,将第二报文转发至该第一隧道的后续网络设备上。如果第二网络设备是第一隧道的终端点,则,第二网络设备确定好出接口后,即可剥掉第一隧道头,得到第五报文,将第五报 文从所确定的出接口转出。If the second network device is not the terminal point of the first tunnel, then S104 may forward the second packet to the subsequent network device of the first tunnel based on the hash value in the second packet. If the second network device is the terminal point of the first tunnel, after determining the outbound interface, the second network device can strip the first tunnel header to obtain a fifth packet, and send the fifth packet from the determined outbound interface. The interface is transferred out.
对于第二网络设备是第一隧道的终端点的情况,一种情况下,第二网络设备可以不对第五报文进行处理就直接在网络中继续转发。该情况下,如果第五报文中不包括其他的隧道头,那么,后续节点能够获取到该第五报文的内层报文特征信息,所以,直接转发第五报文也不影响后续各个节点基于哈希均匀的方式对报文进行负载均衡的效果。另一种情况下,第二网络设备可以将哈希值携带在第五报文的IP扩展头中,生成第六报文,并将第六报文在网络中继续转发。该情况下,不仅能够确保后续转发过程中的负载均衡效果,而且,后续网络设备无需再获取第五报文的报文特征信息,也无需计算哈希计算,节省了各网络设备的计算资源,也大大的提高了报文的转发效率。In the case where the second network device is the termination point of the first tunnel, in one case, the second network device may directly continue forwarding the fifth packet in the network without processing the fifth packet. In this case, if the fifth packet does not include other tunnel headers, the subsequent nodes can obtain the inner packet feature information of the fifth packet. Therefore, the direct forwarding of the fifth packet does not affect subsequent nodes. The effect of node load balancing on packets based on the hash uniformity. In another case, the second network device may carry the hash value in the IP extension header of the fifth packet, generate the sixth packet, and continue to forward the sixth packet in the network. In this case, not only the load balancing effect in the subsequent forwarding process can be ensured, but also the subsequent network device does not need to obtain the packet feature information of the fifth packet, nor does it need to calculate the hash calculation, which saves the computing resources of each network device. It also greatly improves the packet forwarding efficiency.
在一些实施例中,如果接收到待转发报文的网络设备确定不满足预设条件,也没有携带哈希值,那么,可以获取该报文的报文特征信息,基于报文特征信息计算哈希值,并基于计算得到的哈希值进行负载均衡。In some embodiments, if the network device that receives the message to be forwarded determines that the preset conditions are not met and does not carry the hash value, then the message feature information of the message can be obtained, and the hash value can be calculated based on the message feature information. Hash value, and load balancing based on the calculated hash value.
可见,通过本申请实施例提供的方法100,在确定满足预设条件时,网络设备获取该报文的报文特征信息,基于该报文特征信息进行哈希计算,获得该报文对应的哈希值,并将该哈希值携带在报文中进行后续的转发,这样,接收到该报文的网络设备即可基于该报文中携带的哈希值对该报文进行负载均衡操作,由于该哈希值是基于报文的内层五元组计算得到的,体现了报文的多样性,一定程度上确保了哈希值的均匀分布,实现较好的负载均衡效果;而且,只需要一个网络设备进行一次哈希计算,后续网络设备只需要在存在负载均衡需求时从报文中读取哈希值即可,节约了各网络设备的计算资源,提高了报文的转发效率,从而能够提高网络设备的转发性能。It can be seen that, with the method 100 provided in this embodiment of the present application, when it is determined that the preset conditions are met, the network device obtains the packet feature information of the packet, performs hash calculation based on the packet feature information, and obtains the hash value corresponding to the packet. The hash value is carried in the packet for subsequent forwarding, so that the network device that receives the packet can perform load balancing operations on the packet based on the hash value carried in the packet. Since the hash value is calculated based on the inner quintuple of the message, it reflects the diversity of the message, ensures the even distribution of the hash value to a certain extent, and achieves a better load balancing effect; moreover, only A network device is required to perform a hash calculation, and subsequent network devices only need to read the hash value from the message when there is a load balancing requirement, which saves the computing resources of each network device and improves the forwarding efficiency of the message. Therefore, the forwarding performance of the network device can be improved.
此外,本申请实施例还提供了一种第一网络设备500,参见图5所示。该第一网络设备500包括处理单元501和发送单元502。其中,处理单元501用于执行上述图2所示实施例中第一网络设备执行的处理操作;发送单元502用于执行上述图2所示实施例中第一网络设备执行的发送操作。例如:处理单元501可以执行图2中实施例中的操作:当满足预设条件,则,根据第一报文生成第二报文。例如:发送单元502可以执行图2中实施例中的操作:向第二网络设备发送第二报文。In addition, an embodiment of the present application further provides a first network device 500, as shown in FIG. 5 . The first network device 500 includes a processing unit 501 and a sending unit 502 . The processing unit 501 is configured to perform the processing operation performed by the first network device in the embodiment shown in FIG. 2 ; the sending unit 502 is configured to perform the sending operation performed by the first network device in the embodiment shown in FIG. 2 . For example, the processing unit 501 may perform the operation in the embodiment in FIG. 2 : when the preset condition is satisfied, the second packet is generated according to the first packet. For example, the sending unit 502 may perform the operation in the embodiment in FIG. 2: send the second packet to the second network device.
此外,本申请实施例还提供了一种第二网络设备600,参见图6所示。该第二网络设备600包括接收单元601和处理单元602。其中,接收单元601用于执行上述图2所示实施例中第二网络设备执行的接收操作;处理单元602用于执行上述图2所示实施例中第二网络设备执行的处理操作。例如:接收单元601可以执行图2中实施例中的操作:接收第一网络设备发送的第二报文;处理单元602可以执行图2中实施例中的操作:基于第二报文中的哈希值,对第二报文进行处理。In addition, an embodiment of the present application further provides a second network device 600, as shown in FIG. 6 . The second network device 600 includes a receiving unit 601 and a processing unit 602 . The receiving unit 601 is configured to perform the receiving operation performed by the second network device in the above-mentioned embodiment shown in FIG. 2 ; the processing unit 602 is configured to perform the processing operation performed by the second network device in the above-mentioned embodiment shown in FIG. 2 . For example, the receiving unit 601 may perform the operation in the embodiment in FIG. 2: receive the second packet sent by the first network device; the processing unit 602 may perform the operation in the embodiment in FIG. 2: based on the hash in the second packet The value is the value, and the second packet is processed.
此外,本申请实施例还提供了一种第一网络设备700,参见图7所示。该第一网络设备700包括第二通信接口702和处理器703。第二通信接口702用于执行前述图2所示实施例中第一网络设备执行的发送操作;处理器703用于执行上述图2所示实施例中第一网络设备执行的除了接收操作和发送操作之外的其他操作。例如:处理器703可以执行图2 中实施例中的操作:当满足预设条件,则根据第一报文生成第二报文。该第一网络设备700还可以包括第一通信接口701,该第一通信接口701用于执行前述用于执行上述图2所示实施例中第一网络设备执行的接收操作,例如接收第一报文。In addition, an embodiment of the present application further provides a first network device 700, as shown in FIG. 7 . The first network device 700 includes a second communication interface 702 and a processor 703 . The second communication interface 702 is configured to perform the sending operation performed by the first network device in the aforementioned embodiment shown in FIG. 2 ; the processor 703 is configured to perform the operations performed by the first network device in the aforementioned embodiment shown in FIG. 2 except for the receiving operation and the sending operation. operations other than operations. For example, the processor 703 may perform the operations in the embodiment in FIG. 2 : when the preset condition is satisfied, the second packet is generated according to the first packet. The first network device 700 may further include a first communication interface 701, and the first communication interface 701 is configured to perform the aforementioned receiving operation performed by the first network device in the embodiment shown in FIG. 2, such as receiving a first message Arts.
此外,本申请实施例还提供了一种第二网络设备800,参见图8所示。该第二网络设备800包括第一通信接口801和处理器803。其中,第一通信接口801用于执行前述图2所示实施例中第二网络设备执行的接收操作;处理器803用于执行上述图2所示实施例中第二网络设备执行的除了接收操作和发送操作以外的其他操作。例如:处理器803可以执行图2中实施例中的操作:根据第二报文中的哈希值,对第二报文进行处理。该第二网络设备800还可以包括第二通信接口802,该第二通信接口802用于执行前述图2所示实施例中第二网络设备执行的发送操作。In addition, an embodiment of the present application further provides a second network device 800, as shown in FIG. 8 . The second network device 800 includes a first communication interface 801 and a processor 803 . The first communication interface 801 is configured to perform the receiving operation performed by the second network device in the foregoing embodiment shown in FIG. 2 ; the processor 803 is configured to perform the receiving operation performed by the second network device in the foregoing embodiment shown in FIG. 2 . and operations other than send operations. For example, the processor 803 may perform the operation in the embodiment in FIG. 2 : process the second packet according to the hash value in the second packet. The second network device 800 may further include a second communication interface 802, where the second communication interface 802 is configured to perform the sending operation performed by the second network device in the foregoing embodiment shown in FIG. 2 .
此外,本申请实施例还提供了一种第一网络设备900,参见图9所示。该第一网络设备900包括存储器901和与存储器901通信的处理器902。其中,存储器901包括计算机可读指令;处理器902用于执行所述计算机可读指令,使得该第一网络设备900执行以上图2所示实施例中第一网络设备执行的方法。In addition, an embodiment of the present application further provides a first network device 900, as shown in FIG. 9 . The first network device 900 includes a memory 901 and a processor 902 in communication with the memory 901 . The memory 901 includes computer-readable instructions; the processor 902 is configured to execute the computer-readable instructions, so that the first network device 900 executes the method performed by the first network device in the above embodiment shown in FIG. 2 .
此外,本申请实施例还提供了一种第二网络设备1000,参见图10所示。该第二网络设备1000包括存储器1001和与存储器1001通信的处理器1002。其中,存储器1001包括计算机可读指令;处理器1002用于执行所述计算机可读指令,使得该第二网络设备1000执行以上图2所示实施例中第二网络设备执行的方法。In addition, an embodiment of the present application further provides a second network device 1000, as shown in FIG. 10 . The second network device 1000 includes a memory 1001 and a processor 1002 in communication with the memory 1001 . The memory 1001 includes computer-readable instructions; the processor 1002 is configured to execute the computer-readable instructions, so that the second network device 1000 executes the method performed by the second network device in the above embodiment shown in FIG. 2 .
上述实施例中,处理器可以是中央处理器(英文:central processing unit,缩写:CPU),网络处理器(英文:network processor,缩写:NP)或者CPU和NP的组合。处理器还可以是专用集成电路(英文:application-specific integrated circuit,缩写:ASIC),可编程逻辑器件(英文:programmable logic device,缩写:PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(英文:complex programmable logic device,缩写:CPLD),现场可编程逻辑门阵列(英文:field-programmable gate array,缩写:FPGA),通用阵列逻辑(英文:generic array logic,缩写:GAL)或其任意组合。处理器可以是指一个处理器,也可以包括多个处理器。存储器可以包括易失性存储器(英文:volatile memory),例如随机存取存储器(英文:random-access memory,缩写:RAM);存储器也可以包括非易失性存储器(英文:non-volatile memory),例如只读存储器(英文:read-only memory,缩写:ROM),快闪存储器(英文:flash memory),硬盘(英文:hard disk drive,缩写:HDD)或固态硬盘(英文:solid-state drive,缩写:SSD);存储器还可以包括上述种类的存储器的组合。存储器可以是指一个存储器,也可以包括多个存储器。在一个具体实施方式中,存储器中存储有计算机程序或指令,所述计算机程序或指令包括多个软件模块,例如发送模块,处理模块和接收模块。处理器执行各个软件模块后可以按照各个软件模块的指示进行相应的操作。在本实施例中,一个软件模块所执行的操作实际上是指处理器根据所述软件模块的指示而执行的操作。处理器执行存储器中的计算机程序或指令后,可以按照所述计算机程序或指令的指示,执行报文处理方法中的各网络节点可以执行的全部操作。In the above embodiment, the processor may be a central processing unit (English: central processing unit, abbreviation: CPU), a network processor (English: network processor, abbreviation: NP), or a combination of CPU and NP. The processor may also be an application-specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), a programmable logic device (English: programmable logic device, abbreviation: PLD) or a combination thereof. The above-mentioned PLD can be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), field programmable logic gate array (English: field-programmable gate array, abbreviation: FPGA), general array logic (English: generic array logic, abbreviation: GAL) or any combination thereof. The processor may refer to one processor, or may include multiple processors. The memory may include volatile memory (English: volatile memory), such as random-access memory (English: random-access memory, abbreviation: RAM); the memory may also include non-volatile memory (English: non-volatile memory), For example, read-only memory (English: read-only memory, abbreviation: ROM), flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or solid-state hard disk (English: solid-state drive, Abbreviation: SSD); the memory may also comprise a combination of the above-mentioned kinds of memory. The memory may refer to one memory, or may include multiple memories. In a specific embodiment, a computer program or instruction is stored in the memory, and the computer program or instruction includes a plurality of software modules, such as a sending module, a processing module and a receiving module. After executing each software module, the processor can perform corresponding operations according to the instructions of each software module. In this embodiment, the operation performed by a software module actually refers to the operation performed by the processor according to the instruction of the software module. After the processor executes the computer program or instruction in the memory, it can execute all operations that can be performed by each network node in the packet processing method according to the instructions of the computer program or instruction.
上述实施例中,第一网络设备700的第二通信接口702,具体可以被用作第一网络设备500中的发送单元502,实现第一网络设备到第二网络设备之间的数据通信;第一网络设备700的第一通信接口701,具体可以被用作第一网络设备500中的接收单元,例如可以用于接收由上游网络设备发送的第一报文。同理,第二网络设备800的第一通信接口801,具体可以被用作第二网络设备600中的接收单元601,实现第一网络设备到第二网络设备的数据通信;第二网络设备800的第二通信接口802,具体可以被用作第二网络设备600中的发送单元,实现第二网络设备到下游网络设备的数据通信。In the above embodiment, the second communication interface 702 of the first network device 700 can be specifically used as the sending unit 502 in the first network device 500 to implement data communication between the first network device and the second network device; The first communication interface 701 of a network device 700 may specifically be used as a receiving unit in the first network device 500, for example, may be used to receive a first packet sent by an upstream network device. Similarly, the first communication interface 801 of the second network device 800 can be specifically used as the receiving unit 601 in the second network device 600 to implement data communication between the first network device and the second network device; the second network device 800 The second communication interface 802 can be specifically used as a sending unit in the second network device 600 to implement data communication between the second network device and the downstream network device.
此外,本申请实施例还提供了一种通信系统1100,参见图11所示。该通信系统1100包括第一网络设备1101以及第二网络设备1102,其中,第一网络设备1101具体可以是上述第一网络设备500、第一网络设备700或第一网络设备900,第二网络设备1102具体可以是上述第二网络设备600、第二网络设备800或第二网络设备1000。In addition, an embodiment of the present application further provides a communication system 1100, as shown in FIG. 11 . The communication system 1100 includes a first network device 1101 and a second network device 1102, wherein the first network device 1101 may specifically be the first network device 500, the first network device 700 or the first network device 900, the second network device 1102 may specifically be the above-mentioned second network device 600 , second network device 800 or second network device 1000 .
此外,本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有计算机程序或指令,当其在计算机上运行时,使得所述计算机执行以上图2所示实施例中的所述方法。In addition, an embodiment of the present application also provides a computer-readable storage medium, where a computer program or instruction is stored in the computer-readable storage medium, and when it runs on a computer, the computer is made to execute the implementation shown in FIG. 2 above. the method described in the example.
此外,本申请实施例还提供了计算机程序产品,包括计算机程序或计算机可读指令,当所述计算机程序或所述计算机可读指令在计算机上运行时,使得计算机执行前述图2所示实施例中的所述方法。In addition, the embodiments of the present application also provide a computer program product, including a computer program or a computer-readable instruction, when the computer program or the computer-readable instruction is run on a computer, the computer is made to execute the foregoing embodiment shown in FIG. 2 . the method described in .
申请实施例中提到的“第一报文”、“第一隧道”等名称中的“第一”只是用来做名字标识,并不代表顺序上的第一。该规则同样适用于“第二”等。The "first" in the names such as "first packet" and "first tunnel" mentioned in the application embodiments is only used for name identification, and does not represent the first in order. The same rule applies to "second" etc.
通过以上的实施方式的描述可知,本领域的技术人员可以清楚地了解到上述实施例方法中的全部或部分步骤可借助软件加通用硬件平台的方式来实现。基于这样的理解,本申请的技术方案可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如只读存储器(英文:read-only memory,ROM)/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者诸如路由器等网络通信设备)执行本申请各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that all or part of the steps in the methods of the above embodiments can be implemented by means of software plus a general hardware platform. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product, and the computer software product can be stored in a storage medium, such as read-only memory (English: read-only memory, ROM)/RAM, magnetic disk, An optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network communication device such as a router) to execute the methods described in various embodiments or some parts of the embodiments of the present application.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例和设备实施例而言,由于其基本相似于方法实施例,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。以上所描述的设备及系统实施例仅仅是示意性的,其中作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理模块,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiments and device embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts. The device and system embodiments described above are only illustrative, wherein the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.
以上所述仅是本申请的优选实施方式,并非用于限定本申请的保护范围。应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本申请的保护范围。The above descriptions are only preferred embodiments of the present application, and are not intended to limit the protection scope of the present application. It should be pointed out that for those of ordinary skill in the art, without departing from the present application, several improvements and modifications can also be made, and these improvements and modifications should also be regarded as the protection scope of the present application.

Claims (20)

  1. 一种处理报文的方法,其特征在于,包括:A method for processing a message, comprising:
    当满足预设条件时,第一网络设备根据第一报文生成第二报文,所述第二报文包括哈希值和与所述第一报文相关的内容,所述哈希值为基于所述第一报文的报文特征信息进行哈希计算得到的;When a preset condition is met, the first network device generates a second packet according to the first packet, where the second packet includes a hash value and content related to the first packet, and the hash value is Obtained by performing hash calculation based on the message feature information of the first message;
    所述第一网络设备将所述第二报文发送给第二网络设备。The first network device sends the second packet to the second network device.
  2. 根据权利要求1所述的方法,其特征在于,所述预设条件为所述第一报文的长度大于所述第一网络设备的最大传输单元MTU。The method according to claim 1, wherein the preset condition is that the length of the first packet is greater than the maximum transmission unit MTU of the first network device.
  3. 根据权利要求2所述的方法,其特征在于,所述与所述第一报文相关的内容,包括所述第一报文的分片报文。The method according to claim 2, wherein the content related to the first packet includes a fragmented packet of the first packet.
  4. 根据权利要求3所述的方法,其特征在于,所述第二报文的头部包括所述哈希值。The method according to claim 3, wherein the header of the second packet includes the hash value.
  5. 根据权利要求3所述的方法,其特征在于,所述第二报文包括IP扩展头,所述IP扩展头中的选项Option字段包括所述哈希值。The method according to claim 3, wherein the second packet includes an IP extension header, and an Option field in the IP extension header includes the hash value.
  6. 根据权利要求5所述的方法,其特征在于,所述第二报文的IP扩展头包括预留Reserved字段,所述Reserved字段包括所述哈希值。The method according to claim 5, wherein the IP extension header of the second packet includes a reserved Reserved field, and the Reserved field includes the hash value.
  7. 根据权利要求1所述的方法,其特征在于,所述预设条件为所述第一网络设备为第一隧道的头端点。The method according to claim 1, wherein the preset condition is that the first network device is the head point of the first tunnel.
  8. 根据权利要求7所述的方法,其特征在于,所述第二报文还包括第一隧道头。The method according to claim 7, wherein the second packet further includes a first tunnel header.
  9. 根据权利要求8所述的方法,其特征在于,所述第一隧道头包括所述哈希值。9. The method of claim 8, wherein the first tunnel header includes the hash value.
  10. 根据权利要求9所述的方法,其特征在于,所述第一隧道头包括预留Reserved字段,所述Reserved字段包括所述哈希值。The method according to claim 9, wherein the first tunnel header includes a Reserved Reserved field, and the Reserved field includes the hash value.
  11. 根据权利要求7-10中任一所述的方法,其特征在于,所述第一隧道为虚拟专用网VPN隧道。The method according to any one of claims 7-10, wherein the first tunnel is a virtual private network VPN tunnel.
  12. 一种处理报文的方法,其特征在于,包括:A method for processing a message, comprising:
    第二网络设备接收第一网络设备发送的第二报文,所述第二报文包括哈希值和与第一报文有关的内容,所述哈希值为基于所述第一报文的报文特征信息计算得到的;The second network device receives a second packet sent by the first network device, where the second packet includes a hash value and content related to the first packet, and the hash value is based on the first packet Packet feature information is calculated;
    所述第二网络设备基于所述哈希值,对所述第二报文进行处理。The second network device processes the second packet based on the hash value.
  13. 根据权利要求12所述的方法,其特征在于,所述第二网络设备基于所述哈希值,对所述第二报文进行处理,包括:The method according to claim 12, wherein, the second network device processing the second packet based on the hash value, comprising:
    所述第二网络设备基于所述哈希值,将所述第二报文分配到所述第二网络设备的第一处理单元,所述第一处理单元与所述哈希值对应。The second network device allocates the second packet to a first processing unit of the second network device based on the hash value, where the first processing unit corresponds to the hash value.
  14. 根据权利要求12或13所述的方法,其特征在于,所述第二网络设备基于所述哈希值,对所述第二报文进行处理,包括:The method according to claim 12 or 13, wherein, the second network device processing the second packet based on the hash value, comprising:
    所述第二网络设备基于所述哈希值,将所述第二报文从所述第二网络设备的第一接口转发,所述第一接口与所述哈希值对应。The second network device forwards the second packet from a first interface of the second network device based on the hash value, where the first interface corresponds to the hash value.
  15. 根据权利要求12-14任一项所述的方法,其特征在于,还包括:The method according to any one of claims 12-14, further comprising:
    所述第二网络设备确定所述第二网络设备为第二隧道的头端点,则,从所述第二报文 中获取所述哈希值;The second network device determines that the second network device is the head point of the second tunnel, then, obtains the hash value from the second message;
    所述第二网络设备为所述第二报文封装所述第二隧道对应的第二隧道头,获得第三报文,所述第三报文的所述第二隧道头中包括所述哈希值;The second network device encapsulates the second tunnel header corresponding to the second tunnel for the second packet, and obtains a third packet, where the second tunnel header of the third packet includes the hash. Greek value;
    所述第二网络设备将所述第三报文发送给第三网络设备,以便所述第三网络设备基于所述哈希值对所述第三报文进行处理。The second network device sends the third packet to a third network device, so that the third network device processes the third packet based on the hash value.
  16. 根据权利要求12-14任一项所述的方法,其特征在于,还包括:The method according to any one of claims 12-14, further comprising:
    所述第二网络设备确定所述第二报文的长度大于所述第二网络设备的最大传输单元MTU,则,将所述第二报文处理为至少2个分片报文;The second network device determines that the length of the second packet is greater than the maximum transmission unit MTU of the second network device, and then processes the second packet into at least two fragmented packets;
    所述第二网络设备在每个分片报文中添加所述哈希值,获得至少2个第三报文;The second network device adds the hash value to each fragmented packet to obtain at least two third packets;
    所述第二网络设备将至少2个所述第三报文发送给第三网络设备,以便所述第三网络设备基于所述哈希值对至少2个所述第三报文进行处理。The second network device sends at least two of the third packets to a third network device, so that the third network device processes at least two of the third packets based on the hash value.
  17. 一种网络设备,其特征在于,包括:A network device, characterized in that it includes:
    存储器,所述存储器包括计算机可读程序或指令;memory comprising computer readable programs or instructions;
    与所述存储器通信的处理器,所述处理器用于执行所述计算机可读程序或指令,使得所述网络设备执行权利要求1-11任一项所述的方法。A processor in communication with the memory for executing the computer-readable program or instructions to cause the network device to perform the method of any one of claims 1-11.
  18. 一种网络设备,其特征在于,包括:A network device, characterized in that it includes:
    存储器,所述存储器包括计算机可读程序或指令;memory comprising computer readable programs or instructions;
    与所述存储器通信的处理器,所述处理器用于执行所述计算机可读程序或指令,使得所述网络设备执行权利要求12-16任一项所述的方法。A processor in communication with the memory for executing the computer-readable program or instructions to cause the network device to perform the method of any one of claims 12-16.
  19. 一种通信系统,其特征在于,所述通信系统包括权利要求17所述的网络设备和/或权利要求18所述的网络设备。A communication system, characterized in that, the communication system comprises the network device of claim 17 and/or the network device of claim 18 .
  20. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有程序代码或指令,当其在计算机上运行时,使得所述计算机执行以上权利要求1-11任一项所述的方法或者权利要求12-16任一项所述的方法。A computer-readable storage medium, characterized in that, program codes or instructions are stored in the computer-readable storage medium, which, when run on a computer, cause the computer to execute the above-mentioned claims 1-11. the method described or the method described in any one of claims 12-16.
PCT/CN2021/087107 2020-07-03 2021-04-14 Message processing method and device WO2022001287A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN202010631135 2020-07-03
CN202010631135.3 2020-07-03
CN202011041940.7 2020-09-28
CN202011041940.7A CN113965518A (en) 2020-07-03 2020-09-28 Message processing method and device

Publications (1)

Publication Number Publication Date
WO2022001287A1 true WO2022001287A1 (en) 2022-01-06

Family

ID=79315101

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/087107 WO2022001287A1 (en) 2020-07-03 2021-04-14 Message processing method and device

Country Status (1)

Country Link
WO (1) WO2022001287A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116996446A (en) * 2023-07-26 2023-11-03 中科驭数(北京)科技有限公司 Hash load balancing method, device, equipment and medium
CN117596211A (en) * 2024-01-18 2024-02-23 湖北省楚天云有限公司 IP (Internet protocol) fragmentation multi-core load balancing device and method
CN117812166A (en) * 2024-03-01 2024-04-02 广州市仪美医用家具科技股份有限公司 UDP-based data transmission method, system, equipment and storage medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868631A (en) * 2012-09-28 2013-01-09 华为技术有限公司 Load sharing method and device
CN104283785A (en) * 2014-10-29 2015-01-14 杭州华三通信技术有限公司 Method and device for processing flow table rapidly
CN104468391A (en) * 2014-12-16 2015-03-25 盛科网络(苏州)有限公司 Method and system for achieving load balance according to user information of tunnel message
CN107181662A (en) * 2017-05-18 2017-09-19 迈普通信技术股份有限公司 A kind of method and system of VXLAN tunnel load balancings
US9923798B1 (en) * 2012-06-28 2018-03-20 Juniper Networks, Inc. Dynamic load balancing of network traffic on a multi-path label switched path using resource reservation protocol with traffic engineering
WO2018104769A1 (en) * 2016-12-09 2018-06-14 Nokia Technologies Oy Method and apparatus for load balancing ip address selection in a network environment
CN108418765A (en) * 2018-04-08 2018-08-17 盛科网络(苏州)有限公司 Remote flow monitors the chip implementing method and device of load balancing
CN109302354A (en) * 2018-10-26 2019-02-01 盛科网络(苏州)有限公司 A kind of chip implementing method and device of UDP encapsulation GRE message
CN109861924A (en) * 2017-11-30 2019-06-07 中兴通讯股份有限公司 The transmission of message, processing method and processing device, PE node, node
CN110581812A (en) * 2018-06-08 2019-12-17 北京京东尚科信息技术有限公司 Data message processing method and device
CN110601990A (en) * 2019-10-30 2019-12-20 杭州迪普科技股份有限公司 Message distribution method and device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9923798B1 (en) * 2012-06-28 2018-03-20 Juniper Networks, Inc. Dynamic load balancing of network traffic on a multi-path label switched path using resource reservation protocol with traffic engineering
CN102868631A (en) * 2012-09-28 2013-01-09 华为技术有限公司 Load sharing method and device
CN104283785A (en) * 2014-10-29 2015-01-14 杭州华三通信技术有限公司 Method and device for processing flow table rapidly
CN104468391A (en) * 2014-12-16 2015-03-25 盛科网络(苏州)有限公司 Method and system for achieving load balance according to user information of tunnel message
WO2018104769A1 (en) * 2016-12-09 2018-06-14 Nokia Technologies Oy Method and apparatus for load balancing ip address selection in a network environment
CN107181662A (en) * 2017-05-18 2017-09-19 迈普通信技术股份有限公司 A kind of method and system of VXLAN tunnel load balancings
CN109861924A (en) * 2017-11-30 2019-06-07 中兴通讯股份有限公司 The transmission of message, processing method and processing device, PE node, node
CN108418765A (en) * 2018-04-08 2018-08-17 盛科网络(苏州)有限公司 Remote flow monitors the chip implementing method and device of load balancing
CN110581812A (en) * 2018-06-08 2019-12-17 北京京东尚科信息技术有限公司 Data message processing method and device
CN109302354A (en) * 2018-10-26 2019-02-01 盛科网络(苏州)有限公司 A kind of chip implementing method and device of UDP encapsulation GRE message
CN110601990A (en) * 2019-10-30 2019-12-20 杭州迪普科技股份有限公司 Message distribution method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116996446A (en) * 2023-07-26 2023-11-03 中科驭数(北京)科技有限公司 Hash load balancing method, device, equipment and medium
CN117596211A (en) * 2024-01-18 2024-02-23 湖北省楚天云有限公司 IP (Internet protocol) fragmentation multi-core load balancing device and method
CN117596211B (en) * 2024-01-18 2024-04-05 湖北省楚天云有限公司 IP (Internet protocol) fragmentation multi-core load balancing device and method
CN117812166A (en) * 2024-03-01 2024-04-02 广州市仪美医用家具科技股份有限公司 UDP-based data transmission method, system, equipment and storage medium

Similar Documents

Publication Publication Date Title
US11792046B2 (en) Method for generating forwarding information, controller, and service forwarding entity
WO2022001287A1 (en) Message processing method and device
US10694005B2 (en) Hardware-based packet forwarding for the transport layer
US10749794B2 (en) Enhanced error signaling and error handling in a network environment with segment routing
WO2017215392A1 (en) Network congestion control method, device, and system
US9923835B1 (en) Computing path maximum transmission unit size
US7835285B2 (en) Quality of service, policy enhanced hierarchical disruption tolerant networking system and method
US10601610B2 (en) Tunnel-level fragmentation and reassembly based on tunnel context
WO2021037216A1 (en) Message transmission method and device, and computer storage medium
US11695858B2 (en) Packet fragmentation control
US11108699B2 (en) Method, apparatus, and system for implementing rate adjustment at transmit end
JP7228030B2 (en) Package transmission method, package reception method and network device
WO2021082879A1 (en) Method for transmitting multicast message, and related apparatus
JP7154315B2 (en) Method and device for managing virtual private networks
TWI721103B (en) Cluster accurate speed limiting method and device
WO2019170083A1 (en) Message processing method, controller, and forwarding device
WO2014149888A1 (en) Universal labels in internetworking
CN113965518A (en) Message processing method and device
WO2019062252A1 (en) Method, apparatus, and storage medium for determining quality of service
CN113055268A (en) Method, device, equipment and medium for tunnel traffic load balancing
WO2024041064A1 (en) Quic packet transmission method and related device
WO2023279990A1 (en) Packet transmission method, apparatus and system, network device, and storage medium
WO2024066555A1 (en) Data communication method, switch chip, communication node, and communication network
WO2024027419A1 (en) Packet sending method, apparatus and system
CN117041156A (en) Communication method and device

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21834090

Country of ref document: EP

Kind code of ref document: A1