WO2023193432A1 - Data forwarding method and related device - Google Patents

Data forwarding method and related device Download PDF

Info

Publication number
WO2023193432A1
WO2023193432A1 PCT/CN2022/130454 CN2022130454W WO2023193432A1 WO 2023193432 A1 WO2023193432 A1 WO 2023193432A1 CN 2022130454 W CN2022130454 W CN 2022130454W WO 2023193432 A1 WO2023193432 A1 WO 2023193432A1
Authority
WO
WIPO (PCT)
Prior art keywords
network card
forwarding
data packet
data
gateway
Prior art date
Application number
PCT/CN2022/130454
Other languages
French (fr)
Chinese (zh)
Inventor
王少岩
郜忠华
阮涵
Original Assignee
华为云计算技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为云计算技术有限公司 filed Critical 华为云计算技术有限公司
Publication of WO2023193432A1 publication Critical patent/WO2023193432A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/33Flow control; Congestion control using forward notification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • H04L49/252Store and forward routing

Definitions

  • the present application relates to the field of computer network technology, and in particular to a data forwarding method, computing device, network card, computer-readable storage medium, and computer program product.
  • Virtualized network refers to a network built through network virtualization technology, also called a virtual network.
  • network virtualization is to transform a hardware-based network into a software-based network.
  • Network virtualization allows network functions, hardware resources, and software resources to be delivered independent of hardware.
  • network virtualization can be used to consolidate many physical networks, or to further subdivide a physical network. In this way, the flexibility and reliability of services provided by service providers can be improved.
  • Various virtual gateway instances can be deployed in a virtualized network to meet the needs of different services.
  • instances of Elastic Load Balancing (ELB) gateways can be deployed in the virtualized network to expand the external service capabilities of the application system through traffic distribution and eliminate single points of failure to improve the availability of the application system.
  • ELB Elastic Load Balancing
  • an instance of a Network Address Translation (NAT) gateway can be deployed in a virtualized network, such as an instance of a public network NAT gateway, thereby converting a private Internet Protocol (IP) address to a public network address.
  • IP Internet Protocol
  • Network IP address and use the public network IP address to securely access the public network or provide external services.
  • the services provided by the above virtual gateway can usually be carried through a gateway cluster.
  • the gateway cluster can deploy software with corresponding functions to provide corresponding gateway services.
  • software In order to meet the large bandwidth and high-rate forwarding requirements of the network, software often uses a polling mechanism when implemented to keep the central processing unit (CPU) in full operation. This makes the gateway service consume a lot of power and the cost is relatively high.
  • This application provides a data forwarding method that reduces the CPU resource consumption of the gateway service by offloading the computing resources consumed by the virtual gateway to the network card, thereby reducing the power consumption of the entire gateway service and significantly reducing the cost of the gateway service. Meet business needs. Moreover, this method forwards data through network card hardware instead of through gateway software, which improves forwarding performance. This application also provides computing equipment, network cards, computer-readable storage media and computer program products corresponding to the above data forwarding method.
  • this application provides a data forwarding method.
  • the method is applied to a computing device having a network card that deploys an instance of the virtual gateway.
  • the network card receives the forwarding table of the data flow provided by the virtual gateway, and then uses the forwarding table to determine the forwarding path of the Nth data packet in the data flow, where N is greater than 1, and then the network card determines the forwarding path based on the Nth data packet in the data flow.
  • a forwarding path for N data packets forwarding the Nth data packet.
  • the virtual gateway offloads the consumed computing resources to the network card, reducing the CPU resource consumption of the gateway service, thereby reducing the power consumption of the entire gateway service, greatly reducing the cost of the gateway service, and meeting business needs.
  • this method forwards data through network card hardware instead of through gateway software, which improves forwarding performance.
  • the virtual gateway determines the forwarding path based on the first data packet in the data flow. In this way, subsequent data packets in the data flow can be forwarded directly by the network card based on the forwarding path, thus improving the forwarding efficiency and reducing the forwarding overhead.
  • the network card may process the Nth data packet and forward the processed Nth data packet.
  • the network card replaces the virtual gateway to implement corresponding gateway services to meet business needs.
  • the network card does not need to report the data packets to the virtual gateway.
  • the processed data packets are sent to the network card and then forwarded by the network card, thus shortening the forwarding path and reducing forwarding overhead.
  • the network card can modify the source address of the Nth data packet to implement network address translation to meet the need to access the network through the public IP.
  • the network card may also update the destination address of the Nth data packet according to the destination address of the forwarding path, specifically the modified destination address in the forwarding path, so as to meet the load balancing requirements.
  • the network card can implement the function of a virtual gateway such as a network address translation gateway or an elastic load balancing gateway based on the forwarding table, thereby meeting business needs, and processing through the network card has high processing efficiency.
  • a virtual gateway such as a network address translation gateway or an elastic load balancing gateway based on the forwarding table
  • the network card may receive the forwarding table of the data flow provided by the virtual gateway through an offload channel.
  • the offload channel is a channel dedicated to offloading computing resources to the network card.
  • the network card receives the forwarding table of the data flow provided by the virtual gateway through the offload channel, which can achieve data isolation and ensure security.
  • the network card deletes the forwarding table of the data flow.
  • the network card can delete the forwarding table of the data flow after the data flow is forwarded, thereby saving the storage space of the network card and reducing the storage overhead of the network card.
  • the virtual gateway may instruct the network card to delete the forwarding table of the data flow.
  • a virtual gateway can issue a delete command to instruct the network card to delete the forwarding table of the data flow.
  • the network card can delete the forwarding table of the data flow in response to the deletion instruction, thereby saving the storage space of the network card and reducing the storage overhead of the network card.
  • the forwarding table includes a source address, a destination address, and a next hop address.
  • the network card can match the meta information of the data packet, such as the source address and destination address of the data packet, with the entries in the forwarding table.
  • the network card can match it according to the entries in the forwarding table. The next hop address in the forwarding address. In this way, the forwarding path is shortened and the forwarding efficiency is improved.
  • the forwarding table may also include a source port number and a destination port number.
  • the network card can match the meta-information of the data packet, such as the source address, destination address, source port number, destination port number of the data packet, with the entries in the forwarding table to determine the next hop address.
  • the network card can then determine the next hop address as follows: One hop address for forwarding. In this way, the forwarding path is shortened and the forwarding efficiency is improved.
  • the network card queries the forwarding table according to the meta-information of the Nth data packet to obtain the forwarding path of the Nth data packet in the data flow.
  • This forwarding path is a fast path, and the network card forwards data according to this fast path, which improves forwarding efficiency.
  • the present application provides a computing device.
  • the computing device has a network card, and the computing device deploys an instance of the virtual gateway.
  • the network card is used to receive the forwarding table of the data flow provided by the virtual gateway, use the forwarding table to determine the forwarding path of the Nth data packet in the data flow, and forward based on the forwarding path of the Nth data packet. For the Nth data packet, N is greater than 1.
  • virtual gateways are also used to:
  • the forwarding path is determined based on the first data packet in the data flow.
  • the network card is specifically used for:
  • the network card is specifically used for:
  • the destination address of the Nth data packet is updated according to the destination address of the forwarding path.
  • the network card is specifically used for:
  • the network card receives the forwarding table of the data flow provided by the virtual gateway through an offload channel.
  • the network card is also used for:
  • the virtual gateway is also used to:
  • the forwarding table includes a source address, a destination address, and a next hop address.
  • the network card is specifically used for:
  • this application provides a network card.
  • the network card may be a smart network card.
  • the network card includes at least one processor and at least one memory.
  • the at least one processor and the at least one memory communicate with each other.
  • the at least one processor is configured to execute instructions stored in the at least one memory, so that the network card performs steps performed by the network card in the data forwarding method in the first aspect or any implementation of the first aspect.
  • the present application provides a computer-readable storage medium in which instructions are stored, and the instructions instruct the computing device to execute the above-mentioned first aspect or any implementation of the first aspect. data forwarding method.
  • the present application provides a computer program product containing instructions that, when run on a computing device or a cluster of computing devices, causes the computing device to execute the above-mentioned first aspect or any implementation of the first aspect. data forwarding method.
  • Figure 1 is a system architecture diagram of a data forwarding system provided by an embodiment of the present application
  • Figure 2 is a system architecture diagram of another data forwarding system provided by an embodiment of the present application.
  • Figure 3 is an interactive flow chart of a data forwarding method provided by an embodiment of the present application.
  • Figure 4 is an interactive flow chart of a data forwarding method provided by an embodiment of the present application.
  • Figure 5 is a schematic flow chart of a data forwarding method provided by an embodiment of the present application.
  • Figure 6 is a hardware structure diagram of a network card provided by an embodiment of the present application.
  • first and second in the embodiments of this application are only used for descriptive purposes and cannot be understood as indicating or implying relative importance or implicitly indicating the number of indicated technical features. Therefore, features defined as “first” and “second” may explicitly or implicitly include one or more of these features.
  • Virtualized network refers to a network built through network virtualization technology, also called a virtual network.
  • network virtualization is to transform a hardware-based network into a software-based network.
  • Network virtualization allows network functions, hardware resources, and software resources to be delivered independent of hardware.
  • network virtualization can be used to consolidate many physical networks, or to further subdivide a physical network. In this way, the flexibility and reliability of services provided by service providers can be improved.
  • Gateway also known as Internet connector and protocol converter
  • a virtual gateway can be a gateway in a virtualized network.
  • Virtual gateways can generally be used to interconnect two networks with different high-level protocols.
  • the functions of the above virtual gateway can be realized through gateway software.
  • at least one gateway software can be deployed in the computer cluster to provide corresponding gateway services and implement corresponding gateway functions.
  • the computer cluster where the above gateway software is deployed is also called a gateway cluster.
  • Various virtual gateways such as ELB gateways and NAT gateways, can be deployed in the gateway cluster of a virtualized network to meet the needs of different services.
  • Gateway software deployed in a gateway cluster usually uses a polling mechanism to meet the network's large bandwidth and high-rate forwarding requirements. Polling is specifically a way for the CPU to decide how to provide peripheral device services, also known as "Programmed I/O". Specifically, the CPU issues queries regularly, asking each peripheral device in sequence whether it needs its service. If it needs the service, it will provide the service. After the service is completed, it will ask the next peripheral device, and then the cycle will continue.
  • Polling is specifically a way for the CPU to decide how to provide peripheral device services, also known as "Programmed I/O”. Specifically, the CPU issues queries regularly, asking each peripheral device in sequence whether it needs its service. If it needs the service, it will provide the service. After the service is completed, it will ask the next peripheral device, and then the cycle will continue.
  • embodiments of the present application provide a data forwarding method.
  • the method can be performed by a computing device.
  • the computing device has a network card.
  • the computing device deploys an instance of a virtual gateway, such as an instance of an ELB gateway or an instance of a NAT gateway.
  • the network card receives the forwarding table of the data flow provided by the virtual gateway (for example, a virtual gateway on one or more nodes in the gateway cluster), and uses the forwarding table to determine the forwarding path of the Nth data packet in the data flow, where, N is greater than 1, and then the network card forwards the Nth data packet based on the forwarding path of the Nth data packet.
  • the virtual gateway for example, a virtual gateway on one or more nodes in the gateway cluster
  • This method reduces the CPU resource consumption of the gateway service by offloading the computing resources consumed by the virtual gateway to the network card, thereby reducing the power consumption of the entire gateway service, greatly reducing the cost of the gateway service, and meeting business needs. Moreover, this method forwards data through network card hardware instead of through gateway software, which improves forwarding performance.
  • the virtual gateway in the embodiment of this application can be deployed in a physical resource pool or a virtual resource pool.
  • the physical resource pool refers to the resource pool formed by physical machines (such as physical servers and other computing devices), and the virtual resource pool refers to the resource pool formed after virtualizing the physical machine and can be scheduled on demand.
  • the virtual gateway is deployed in a physical resource pool, the instance of the virtual gateway runs directly on the physical machine.
  • the instance of the virtual gateway runs in a virtual machine on a physical machine.
  • an instance of the virtual gateway 100 is deployed in the computing device 10 , and the computing device 10 also includes a network card 200 .
  • an instance of the virtual gateway 100 is deployed in a physical resource pool.
  • the instance of the virtual gateway 100 is specifically formed by directly deploying gateway software such as ELB APP or NAT APP on a physical machine in the physical resource pool.
  • the virtual gateway 100 and the network card 200 can cooperate to complete the forwarding of the data flow.
  • the virtual gateway 100 can receive the first data packet of the data flow from the network card 200, determine the forwarding path of the data packet, and forward the first data packet according to the forwarding path.
  • the network card 200 receives the forwarding table of the data flow provided by the virtual gateway 100, and the forwarding table includes the forwarding path of the data packets in the data flow.
  • the network card 200 receives the Nth data packet of the data flow, N is greater than 1, and then can directly use the forwarding table to determine the forwarding path of the Nth data packet in the data flow, and forward the Nth data based on the forwarding path of the Nth data packet. Bag.
  • the Nth data packet of the data flow is directly forwarded through the network card 200 hardware without the need to be forwarded through the virtual gateway 100 software, which has high forwarding efficiency. Therefore, the path through which the network card 200 forwards the data packet is also called a fast path. Correspondingly, the path along which the virtual gateway 100 forwards data packets is also called a slow path. In this way, the forwarding efficiency can be accelerated as much as possible and the forwarding performance can be improved.
  • Figure 1 illustrates an architecture of computing device 10.
  • the embodiment of the present application also provides another architecture of the computing device 10. Under this architecture, instances of the virtual gateway 100 are deployed in the virtual resource pool, and realize data forwarding by cooperating with the network card 200. Another architecture of the computing device 10 is introduced below.
  • the computing device 10 includes a virtual resource pool.
  • the virtual resource pool is specifically a uniformly scheduleable resource pool formed by virtualizing physical resources such as a CPU.
  • a virtual resource pool can contain one or more virtual machines.
  • FIG. 2 illustrates that the computing device 10 includes multiple virtual machines.
  • An instance of virtual gateway 100 may be deployed on a virtual machine of computing device 10 .
  • one virtual machine of the computing device 10 can run the ELB gateway software, ie, ELB APP, to deploy an instance of the ELB gateway, and another virtual machine can run the NAT gateway software, ie, NAT APP, to deploy an instance of the NAT gateway.
  • ELB gateway software ie, ELB APP
  • NAT gateway software ie, NAT APP
  • computing device 10 has network card 200 .
  • the network card 200 receives the forwarding table of the data flow provided by the virtual gateway 100, and then uses the forwarding table to determine the forwarding path of the Nth data packet in the above data flow. Then the network card 200 forwards the Nth data packet based on the forwarding path of the Nth data packet. data packets.
  • the method is executed by the computing device 10.
  • the computing device 10 deploys an instance of the virtual gateway 100, and the computing device 10 includes a network card 200.
  • the method includes:
  • the virtual gateway 100 receives the first data packet of the data flow from the network card 200.
  • data flow is an abstraction of data that passes through the same network in the same time period and has certain common characteristics or attributes.
  • data packets accessing the same address during the same time period can be regarded as one data flow.
  • the data stream may include multiple data packets, and the multiple data packets included in the data stream may be request data packets from the terminal, or response data packets from the back-end server.
  • the data flow may include multiple Hyper Text Transfer Protocol (HTTP) request packets generated by the terminal in response to the web browsing operation triggered by the user, or the server may respond to the user's request Multiple response packets generated.
  • HTTP Hyper Text Transfer Protocol
  • the response data packet can carry multimedia information such as text or images, audio, and video.
  • the network card 200 receives the data packets of the data flow sequentially and provides the first data packet of the data flow to the virtual gateway 100 .
  • the network card 200 may receive the request data packets sent by the terminal in sequence, and report the first request data packet to the virtual gateway 100, so that the virtual gateway 100 determines the forwarding path and forwards the request data packet.
  • the network card 200 may receive the response data packets sent by the server in sequence, and report the first response data packet to the virtual gateway 100, so that the virtual gateway 100 determines the forwarding path and forwards the response data packet.
  • data packets are not limited to request data packets or response data packets between terminals and servers, but can also be instant messaging data packets transmitted between terminals and terminals, or business data transmitted between servers. Bag.
  • the virtual gateway 100 determines the forwarding path based on the first data packet in the data flow.
  • S306 The virtual gateway 100 forwards the first data packet according to the forwarding path.
  • the virtual gateway 100 can determine the forwarding path of the first data packet by CPU polling, and then forward the first data packet of the data flow according to the forwarding path. It should be noted that the virtual gateway 100 can be a gateway with specific functions. For example, the virtual gateway 100 can be an ELB gateway or a NAT gateway. The virtual gateway can also process the first data packet of the data flow, and then process it according to the The forwarding path forwards the first packet after processing.
  • the virtual gateway 100 is an ELB gateway.
  • the virtual gateway 100 can determine a load balancing server from multiple load balancing servers, and then modify the destination address of the first data packet to the IP address of the load balancing server. , and determine the forwarding path to the load balancing server, and forward the modified first data packet according to the forwarding path.
  • the virtual gateway is a NAT gateway, and the virtual gateway 100 can modify the source address of the first data packet.
  • the source address of the first data packet can be modified to a public IP address.
  • the virtual gateway 100 It is also possible to determine the forwarding path of the first data packet and then forward the modified first data packet along that forwarding path.
  • the virtual gateway 100 provides the forwarding table of the data flow to the network card 200.
  • Each virtual gateway 100 has its own processing logic.
  • the ELB gateway can select a backend server for forwarding based on the accessed virtual network address (virtual Internet Protocol, VIP) and the configured load balancing algorithm.
  • the virtual gateway 100 can generate a forwarding table (Forwarding Table) of the data flow based on the above processing logic.
  • the processing logic of the data stream may include matching logic. Furthermore, the processing logic of the data flow may also include action instructions. That is, the processing logic of the data flow may include matching logic and action instructions. Among them, the processing logic of the data flow can be expressed through the forwarding table.
  • the forwarding table includes the source address, destination address and next hop address. Furthermore, the forwarding table may also include the source port number and the destination port number. The above source address, destination address, source port number or destination port number can be used for and The meta-information of the data packet (such as a tuple including the source address and destination address of the data packet) is matched to determine the next hop address of the data packet. Further, the forwarding table may also include an action instruction for the data packet, so that the data packet is processed according to the action instruction and the processed data packet is forwarded.
  • the forwarding table can be further abstracted into a flow table.
  • the so-called flow table is an abstraction of the data forwarding function of network equipment.
  • data forwarding by switches and routers relies on the Layer 2 Media Access Control (MAC) address forwarding table or Layer 3 IP address routing table saved in the device.
  • MAC Layer 2 Media Access Control
  • the flow table used in this application is also In this way, the flow table integrates network configuration information at all levels in the network, so that richer rules can be used when forwarding data.
  • the flow table is a collection of policy entries for data flows and is responsible for the search and forwarding of data packets.
  • the flow table includes a series of flow entries.
  • Flow table entries include source address, destination address and next hop address.
  • the flow entry may also include a source port number and a destination port number, so that accurate matching can be achieved. It should be noted that when the network card 200 supports large-scale masked fuzzy matching, the flow table entry may not include the above-mentioned source port number and destination port number. This can avoid expanding into precise flow tables, greatly reduce the number of flow tables for routing services, and support larger business scale.
  • the flow entry may include a header field and an action table.
  • the header fields and action tables are introduced in detail below.
  • the header field includes the source address (such as source IP) and destination address (such as destination IP). Further, the source address may also include a source MAC address. The destination address may also include the destination MAC address. In addition, the packet header field can also include the source port number and destination port number.
  • the header field includes the identifier of the link layer, network layer or transport layer. Based on the above identifiers, fast matching of data packets can be achieved.
  • the action table is used to indicate how to handle matching packets after they are received.
  • Each flow entry can correspond to zero to multiple actions. If no forwarding action is defined, packets matching the header field of the flow entry will be discarded by default. In addition, when the same flow entry includes multiple actions, the multiple actions can have different priorities.
  • the actions of flow table items can be divided into two categories: required actions and optional actions.
  • necessary actions include forwarding to a physical port or a reserved port (such as ALL, CONTROLLER, TABLE, IN_PORT, ANY, LOCAL, NORMAL, FLOOD) and discarding.
  • Optional actions include forward to virtual port, queue, or modify.
  • queuing refers to forwarding data packets to the forwarding sequence corresponding to an egress port to facilitate the provision of quality of service (QOS) support.
  • Modifications can include modifying the source MAC address, modifying the destination MAC address, modifying the source IP address, modifying the destination IP address, or modifying the IP ToS bit.
  • multiple instances of virtual gateways 100 can be deployed in the computing device 10.
  • the network card 200 in the computing device 10 can maintain a flow table for each virtual gateway 100 to store different virtual gateways 100 respectively.
  • the processing logic of the gateway 100 for the data flow can be implemented using any suitable technique.
  • S310 The network card 200 receives the Nth data packet of the data stream.
  • the network card 200 can continue to receive the Nth request data packet of the data stream sent by the terminal, or continue to receive the Nth response data packet of the data stream sent by the server.
  • N is greater than 1.
  • Nth data packet is not limited to the request data packet or response data packet between the terminal and the server. It can also be an instant messaging data packet transmitted between the terminal and the terminal, or between the server and the server. Business data package.
  • the network card 200 queries the forwarding table according to the meta information of the Nth data packet, and obtains the forwarding path of the Nth data packet in the data flow.
  • Metainformation refers to the metadata of the data packet, and metadata is the data that describes the data.
  • the metainformation of the data packet may include one or more of the source address and destination address of the data packet.
  • the source information of the data packet may also include one or more of the source port number and destination port number of the data packet.
  • the network card 200 can query the forwarding table or flow table carrying the processing logic according to the meta-information of the Nth data packet.
  • the meta-information hits the forwarding table or flow table, that is, the meta-information is consistent with the data in the forwarding table.
  • the network card 200 can determine the forwarding path of the Nth data packet based on the entry in the forwarding table or the entry in the flow table. For example, the network card 200 can obtain the forwarding path of the Nth data packet according to the action table of the flow entry.
  • the forwarding path may include the next hop address of the packet.
  • S314 The network card 200 forwards the Nth data packet based on the forwarding path of the Nth data packet.
  • the network card 200 can directly use the forwarding path of the Nth data packet in the data flow determined from the forwarding table to forward the Nth data packet without reporting it to the virtual gateway 100 for forwarding, realizing the hardware-based Data packets are forwarded in this way, which improves the forwarding performance.
  • the network card 200 may also, before forwarding the Nth data packet according to the forwarding path of the Nth data packet, process the Nth data according to the action instruction.
  • the package performs the corresponding action.
  • the action instruction can be to modify the destination address according to the forwarding path, such as modifying the destination IP.
  • the network card 200 can modify the destination IP of the Nth data packet according to the action instruction, and then forward the modified packet according to the forwarding path.
  • Nth data packet For another example, for data packets that require network address translation, the action instruction may be to modify the source address, such as modifying the source IP.
  • the network card 200 may modify the source IP of the Nth data packet according to the action instruction, and then forward the modified data according to the forwarding path. Bag.
  • the Nth data packet in the data flow can first be transmitted from the source node (for example, a terminal) to the network card 200, and then the network card 200 directly determines the forwarding path by querying the forwarding table, and then forwards it to the destination according to the forwarding path.
  • Node e.g. server
  • the turnaround time of the Nth data packet in the data flow in the network can be reduced and the forwarding performance can be improved.
  • the virtual gateway 100 can also issue a deletion instruction to instruct the network card 200 to delete the forwarding table of the data flow.
  • the network card 200 may delete the forwarding table of the data flow in response to the deletion instruction issued by the virtual gateway 100 .
  • the flow table items can also include counters, and the counters can count data packets in the data flow.
  • the network card 200 can obtain the counter after receiving the delete instruction. When the count of data packets in the counter indicates that the data packet is the last data packet of the data flow, the network card 200 can delete the forwarding table after forwarding the data packet.
  • embodiments of the present application provide a data forwarding method.
  • the virtual gateway 100 can provide the forwarding table of the data flow to the network card 200, and the network card 200 can use the forwarding table to determine the forwarding path of the Nth data packet in the data flow, and forward the Nth data packet according to the forwarding path, so
  • the computing resources consumed by the virtual gateway 100 are offloaded to the network card 200, which reduces the CPU resource consumption of the gateway service, thereby reducing the power consumption of the entire gateway service, greatly reducing the cost of the gateway service, and meeting business needs.
  • this method forwards data through network card hardware instead of through gateway software, which improves forwarding performance.
  • FIG. 3 illustrates that multiple data packets in the data flow are forwarded by the same computing device 10.
  • multiple data packets in the data flow can also be forwarded by different computing devices 10.
  • data packets in the data flow can be migrated from one computing device 10 to another computing device 10 .
  • the computing device 10 before migration is called the first computing device
  • the computing device 10 after migration is called the second computing device.
  • the method includes:
  • the first computing device forwards the data packets to be processed in the data flow and the forwarding table of the data flow to the second computing device.
  • the data packet to be processed may be the Nth data packet in the data flow, and N is greater than 1.
  • the data stream may include 10 data packets
  • the first computing device may, after processing the first 5 data packets in the data stream, forward the remaining 6 to 10 data packets to the second computing device, and the second computing device may The computing device continues processing.
  • the first computing device may also forward the forwarding table of the data flow to the second computing device.
  • the second computing device can directly process the data packets to be processed in the data flow according to the forwarding table of the data flow, without having to report the data packets from the network card 200 of the second computing device to the virtual gateway 100, thereby improving the efficiency of the data flow. processing efficiency.
  • the network card 200 of the second computing device uses the forwarding table of the data flow to determine the forwarding path of the above-mentioned data packet to be processed.
  • the second computing device can query the forwarding table of the data flow according to the meta-information of the data packet to be processed, and obtain the forwarding path of the data packet to be processed in the data flow.
  • the meta-information of the data packet may include the source address and destination address of the data packet.
  • the meta-information of the data packet may also include the source port number and the destination port number.
  • the second computing device can determine the entry matching the meta-information from the forwarding table based on the above-mentioned meta-information, thereby obtaining the forwarding path of the data packet to be processed.
  • the forwarding path includes the next hop address of the pending packet.
  • S406 The network card 200 of the second computing device processes the data packet to be processed.
  • the forwarding table may also include an action indication, and the second computing device may process the data packet to be processed according to the action indication.
  • the network card 200 of the second computing device can modify the source address of the data packet to be processed to obtain the modified data packet to implement NAT.
  • the network card 200 of the second computing device can modify the destination point of the data packet to be processed according to the destination address in the forwarding table, specifically the modified destination address, and obtain the processed data packet to achieve load balancing.
  • S406 is an optional step, and the above S406 may not be executed when performing the data forwarding method in the embodiment of the present application.
  • S406 may not be executed, but the data packets may be forwarded directly.
  • S408 The network card 200 of the second computing device forwards the processed data packet based on the forwarding path.
  • the forwarding path may include the next hop address of the data packet to be processed.
  • the network card 200 of the second computing device may forward the processed data packet to the device corresponding to the next hop address according to the next hop address of the data packet to be processed in the forwarding path. It should be noted that when the second computing device does not perform the above S406, the network card 200 of the second computing device may forward the data packets to be processed in the data flow based on the forwarding path.
  • the method specifically includes the following steps:
  • the service management platform in response to the user's request to purchase the gateway service, creates a virtual machine with corresponding specifications based on the user's request.
  • the request to purchase the gateway service carries the specifications of the gateway service that the user requests to purchase.
  • the specifications can include the CPU's architecture, frequency, and memory size.
  • the request for the gateway service may also include the type of the gateway service, such as ELB or NAT.
  • the service management platform can select nodes that match the above specifications according to the user's request, create a virtual machine, and deploy corresponding gateway software in the virtual machine, thereby realizing the functions of the virtual gateway 100 .
  • the service management platform can also create a virtual switch (vswitch) to realize the exchange of data packets between the gateway and the network card.
  • vswitch virtual switch
  • the virtual gateway 100 deployed in the virtual machine can issue operator instructions to the network card through the offload engine, and the network card 200 can create a flow table corresponding to the virtual gateway 100.
  • the network card 200 creates a flow table.
  • the flow table is specifically an initialized flow table.
  • the virtual gateway 100 can process the data packet according to the corresponding processing logic and forward the processed data packet.
  • the processing logic can also be delivered to the network card 200 through the gateway offload channel.
  • the first packet of the data flow can be forwarded through the virtual gateway 100, the virtual switch, and the network card 200. Specifically, after the first packet of the data flow reaches the network card 200, the network card 200 transmits the first packet of the data flow to the virtual switch through the data channel between the network card 200 and the virtual switch, and then the virtual switch reports the first packet of the data flow to the virtual switch.
  • the gateway 100 and the virtual gateway 100 can determine the forwarding path through CPU polling, and forward the first packet of the data flow according to the forwarding path.
  • forwarding the first packet of the data flow it is usually first delivered to the virtual switch based on the channel between the virtual gateway 100 and the virtual switch, and then the virtual switch passes it through the channel between the virtual switch and the network card 200. It is sent to the network card 200, and the network card 200 forwards the first packet to the next hop.
  • the virtual gateway 100 can learn the processing logic from the forwarding process of the first packet of the data flow, and deliver the processing logic to the network card 200, so that the network card 200 can update the flow table according to the processing logic.
  • the network card 200 can update the gateway flow table (the flow table used to implement gateway services) according to the processing logic.
  • the gateway offload channel is a channel between the virtual gateway 100 and the network card 200 for offloading the computing resources of the virtual gateway 100 .
  • the virtual gateway 100 and the network card 200 have physical functions (physical functions, pf), and each physical function can be extended to a virtual function (virtual function, vf). Each vf is usually attached to a pf.
  • the gateway offloading channel in this embodiment may be a channel formed based on the vf of the virtual gateway 100 and the vf of the network card 200. In other possible implementations of the embodiment of this application, the gateway offloading channel can also reuse other existing channels, which is not limited in this embodiment.
  • the virtual gateway 100 can also learn the downstream (receive, RX) flow table and the upstream (transmit, TX) flow table, and pass the RX flow table and TX flow table through the virtual machine.
  • the machine offload channel is delivered to the network card 200.
  • the network card 200 can process the data packet according to the RX flow table and the TX flow table, thereby reducing the overhead between the network card 200 and the virtual switch.
  • the network card 200 queries the flow table and modifies the data packet according to the Action in the flow table. After the modification is completed, the network card 200 directly Send the modified data packet.
  • the network card 200 when the non-first packet of the data flow reaches the network card 200, the network card 200 does not need to report the data packet, but directly queries the flow table based on the meta-information of the data packet, for example, querying the RX flow table/TX flow table , and the gateway flow table of the corresponding virtual gateway 100 to obtain the processing logic.
  • the processing logic includes an action (Action) instruction
  • the network card 200 can modify the data packet according to the Action and directly send the modified data packet outward.
  • Step 4 In response to the user's request to delete the purchased gateway service, the virtual gateway 100 in the virtual machine issues a deletion instruction to the network card 200 through the offloading engine, and the network card 200 deletes the operator and flow table according to the deletion instruction.
  • the network card 200 when the network card 200 receives the delete instruction, it can determine whether the currently processed data packet is the last data packet according to the counter in the flow table entry. If so, after all the data packets of the data flow are forwarded, the corresponding calculated data packet is deleted. sub and flow tables.
  • the network card 200 can identify the last data packet through the counter, and after the last data packet is forwarded, deleting the corresponding operator and flow table is only an implementation method of deleting the operator and flow table according to the deletion instruction. , In other possible implementations of the embodiment of this application, the network card 200 can also set the expected transmission completion time, and delete the corresponding operator and flow table after the expected transmission completion time arrives.
  • embodiments of the present application provide a data forwarding method.
  • this method learns processing logic from some data packets of the data flow, such as the first packet, and delivers the processing logic to the network card 200, thereby offloading part of the computing resources consumed by the virtual gateway 100 to the network card 200, saving the cost of gateway services.
  • CPU resource occupation and power consumption, through network card hardware forwarding, can achieve performance that exceeds gateway software forwarding.
  • the network card 200 since the network card 200 has a higher single-stream forwarding capability, it can solve the problem of limited CPU single-core capabilities, resulting in the inability to cope with elephant flows (continuous flows that transmit large amounts of data through network links, such as those generated by data migration). data flow) problem.
  • non-first packets can be forwarded directly by the network card 200 without software processing, which greatly reduces the overhead of the virtualization layer.
  • the embodiment of the present application also provides a computing device 10 as described above.
  • the computing device 10 provided by the embodiment of the present application will be introduced below with reference to the accompanying drawings.
  • the computing device 10 includes a virtual gateway 100 and a network card 200;
  • the virtual gateway 100 is used to provide a forwarding table of data flows to the network card 200;
  • the network card 200 is configured to use the forwarding table to determine the forwarding path of the Nth data packet in the data flow, and forward the Nth data packet based on the forwarding path of the Nth data packet.
  • the virtual gateway 100 is also used for:
  • the forwarding path is determined based on the first data packet in the data flow.
  • the network card 200 is specifically used for:
  • the network card 200 is specifically used for:
  • the destination address of the Nth data packet is updated according to the destination address of the forwarding path.
  • the network card 200 is specifically used for:
  • the network card receives the forwarding table of the data flow provided by the virtual gateway through an offload channel.
  • the network card 200 is also used for:
  • the virtual gateway 100 is also used to:
  • the forwarding table includes a source address, a destination address, and a next hop address.
  • the network card 200 is specifically used for:
  • the computing device 10 may correspond to performing the method described in the embodiment of the present application, and the above and other operations and/or functions of various components of the computing device 10 (such as the virtual gateway 100 or the network card 200) are respectively for The corresponding processes for implementing each method in the embodiments shown in Figures 3 and 4 will not be described again for the sake of simplicity.
  • An embodiment of the present application also provides a network card 200.
  • the network card 200 may be a smart network card, and is used to process data packets in the data flow based on the processing logic provided by the virtual gateway 100 .
  • the network card 200 may be used to perform the method steps performed by the network card 200 in the computing device 10 as shown in FIG. 1 or 2 .
  • Figure 6 provides a schematic structural diagram of a network card 200.
  • the network card 200 includes a bus 601, a processor 602, a communication interface 603 and a memory 604.
  • the processor 602, the memory 604 and the communication interface 603 communicate through the bus 601.
  • the bus 601 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc.
  • PCI peripheral component interconnect
  • EISA extended industry standard architecture
  • the bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one thick line is used in Figure 6, but it does not mean that there is only one bus or one type of bus.
  • the processor 602 can be a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor (MP) or a digital signal processor (DSP). any one or more of them.
  • CPU central processing unit
  • GPU graphics processing unit
  • MP microprocessor
  • DSP digital signal processor
  • the communication interface 603 is used for communicating with the outside.
  • the communication interface 603 is used to receive the forwarding table of the data flow provided by the virtual gateway 100, or forward the Nth data packet based on the forwarding path of the Nth data packet, and so on.
  • Memory 604 may include volatile memory, such as random access memory (RAM). Memory 604 may also include non-volatile memory (non-volatile memory), such as read-only memory (ROM), flash memory, hard disk drive (HDD) or solid state drive (solid state drive) , SSD).
  • RAM random access memory
  • ROM read-only memory
  • HDD hard disk drive
  • SSD solid state drive
  • Computer readable instructions are stored in the memory 604, and the processor 602 executes the computer readable instructions, so that the network card 200 performs the steps performed by the network card 200 in the aforementioned data forwarding method (or implements the functions of the aforementioned network card 200).
  • An embodiment of the present application also provides a computer-readable storage medium.
  • the computer-readable storage medium may be any available medium that a computing device can store or a data storage device such as a data center that contains one or more available media.
  • the available media may be magnetic media (eg, floppy disk, hard disk, tape), optical media (eg, DVD), or semiconductor media (eg, solid state drive), etc.
  • the computer-readable storage medium includes instructions that instruct the computing device 10 to perform the above-described data forwarding method.
  • An embodiment of the present application also provides a computer program product.
  • the computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on the computing device 10, the processes or functions described in accordance with the embodiments of the present application are generated in whole or in part.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another, e.g., the computer instructions may be transmitted from a website, computing device, or data center to Transmission to another website site, computing device or data center by wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) means.
  • the computer program product may be a software installation package. If it is necessary to use any of the foregoing data forwarding methods, the computer program product may be downloaded and executed on the computing device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present application provides a data forwarding method, which is executed by a computing device having a network card. The computing device deploys instances of a virtual gateway. The method comprises: a network card receives a forwarding table of a data flow provided by a virtual gateway, determines a forwarding path for an N-th data packet in the data flow by using the forwarding table, and forwards the N-th data packet on the basis of the forwarding path of the N-th data packet. According to the method, the CPU resource consumption of a gateway service is reduced by offloading computing resources consumed by the virtual gateway to the network card, so that the power consumption of the entire gateway service is reduced, the cost of gateway service is greatly reduced, and the service requirements are met. Moreover, according to the method, forwarding can be performed by means of network card hardware instead of gateway software, thereby improving the forwarding performance.

Description

一种数据转发方法及相关设备A data forwarding method and related equipment
本申请要求于2022年04月06日提交中国国家知识产权局、申请号为202210356338.5、发明名称为“一种数据转发方法及相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to the Chinese patent application submitted to the State Intellectual Property Office of China on April 6, 2022, with application number 202210356338.5 and the invention title "A data forwarding method and related equipment", the entire content of which is incorporated by reference. in this application.
技术领域Technical field
本申请涉及计算机网络技术领域,尤其涉及一种数据转发方法、计算设备、网卡以及计算机可读存储介质、计算机程序产品。The present application relates to the field of computer network technology, and in particular to a data forwarding method, computing device, network card, computer-readable storage medium, and computer program product.
背景技术Background technique
为了满足用户对网络的多样性需求,虚拟化网络应运而生。虚拟化网络是指通过网络虚拟化技术构建的网络,也称作虚拟网络。其中,网络虚拟化是将基于硬件的网络转变为基于软件的网络。网络虚拟化允许独立于硬件来交付网络功能、硬件资源和软件资源。例如,网络虚拟化可以用于合并许多物理网络,或者将一个物理网络进一步细分。如此,服务提供商提供服务的灵活性、可靠性能够得到提升。In order to meet users' diverse needs for networks, virtualized networks emerged as the times require. Virtualized network refers to a network built through network virtualization technology, also called a virtual network. Among them, network virtualization is to transform a hardware-based network into a software-based network. Network virtualization allows network functions, hardware resources, and software resources to be delivered independent of hardware. For example, network virtualization can be used to consolidate many physical networks, or to further subdivide a physical network. In this way, the flexibility and reliability of services provided by service providers can be improved.
虚拟化网络中可以部署各种各样的虚拟网关的实例,以满足不同业务的需求。例如,虚拟化网络中可以部署弹性负载均衡(Elastic Load Balancing,ELB)网关的实例,从而实现通过流量分发扩展应用系统对外的服务能力,以及消除单点故障提升应用系统的可用性。又例如,虚拟化网络中可以部署网络地址转换(Network Address Translation,NAT)网关的实例,例如是公网NAT网关的实例,从而将私网网际互连协议(Internet Protocol,IP)地址转换为公网IP地址,并通过公网IP地址,安全访问公网或者对外提供服务。Various virtual gateway instances can be deployed in a virtualized network to meet the needs of different services. For example, instances of Elastic Load Balancing (ELB) gateways can be deployed in the virtualized network to expand the external service capabilities of the application system through traffic distribution and eliminate single points of failure to improve the availability of the application system. For another example, an instance of a Network Address Translation (NAT) gateway can be deployed in a virtualized network, such as an instance of a public network NAT gateway, thereby converting a private Internet Protocol (IP) address to a public network address. Network IP address, and use the public network IP address to securely access the public network or provide external services.
上述虚拟网关所提供的服务通常可以通过网关集群承载。网关集群可以部署相应功能的软件,从而提供相应的网关服务。为了满足网络的大带宽和高速率转发要求,软件在实现的时候往往使用轮询(Polling)机制,使得中央处理器(central processing unit,CPU)处于完全运转状态。如此使得网关服务的功耗较大,成本比较高昂。The services provided by the above virtual gateway can usually be carried through a gateway cluster. The gateway cluster can deploy software with corresponding functions to provide corresponding gateway services. In order to meet the large bandwidth and high-rate forwarding requirements of the network, software often uses a polling mechanism when implemented to keep the central processing unit (CPU) in full operation. This makes the gateway service consume a lot of power and the cost is relatively high.
发明内容Contents of the invention
本申请提供了一种数据转发方法,该方法通过将虚拟网关消耗的计算资源卸载到网卡,减少了网关服务的CPU资源消耗,从而降低整个网关服务的功耗,大幅度降低网关服务的成本,满足了业务的需求。而且,该方法通过网卡硬件进行转发,而不必再经过网关软件进行转发,提升了转发性能。本申请还提供了与上述数据转发方法对应的计算设备、网卡、计算机可读存储介质以及计算机程序产品。This application provides a data forwarding method that reduces the CPU resource consumption of the gateway service by offloading the computing resources consumed by the virtual gateway to the network card, thereby reducing the power consumption of the entire gateway service and significantly reducing the cost of the gateway service. Meet business needs. Moreover, this method forwards data through network card hardware instead of through gateway software, which improves forwarding performance. This application also provides computing equipment, network cards, computer-readable storage media and computer program products corresponding to the above data forwarding method.
第一方面,本申请提供了一种数据转发方法。该方法应用于具有网卡的计算设备,所述计算设备部署所述虚拟网关的实例。具体地,网卡接收所述虚拟网关提供的数据流的转发表,然后使用所述转发表确定所述数据流中第N个数据包的转发路径,其中,N大于1,然后网卡基于所述第N个数据包的转发路径,转发所述第N个数据包。In the first aspect, this application provides a data forwarding method. The method is applied to a computing device having a network card that deploys an instance of the virtual gateway. Specifically, the network card receives the forwarding table of the data flow provided by the virtual gateway, and then uses the forwarding table to determine the forwarding path of the Nth data packet in the data flow, where N is greater than 1, and then the network card determines the forwarding path based on the Nth data packet in the data flow. A forwarding path for N data packets, forwarding the Nth data packet.
在该方法中,虚拟网关将消耗的计算资源卸载到网卡,减少了网关服务的CPU资源消 耗,从而降低整个网关服务的功耗,大幅度降低网关服务的成本,满足了业务的需求。而且,该方法通过网卡硬件进行转发,而不必再经过网关软件进行转发,提升了转发性能。In this method, the virtual gateway offloads the consumed computing resources to the network card, reducing the CPU resource consumption of the gateway service, thereby reducing the power consumption of the entire gateway service, greatly reducing the cost of the gateway service, and meeting business needs. Moreover, this method forwards data through network card hardware instead of through gateway software, which improves forwarding performance.
在一些可能的实现方式中,所述虚拟网关基于所述数据流中的第一个数据包确定所述转发路径。如此,数据流中后续的数据包可以由网卡直接基于该转发路径进行转发,由此提升了转发效率,降低了转发开销。In some possible implementations, the virtual gateway determines the forwarding path based on the first data packet in the data flow. In this way, subsequent data packets in the data flow can be forwarded directly by the network card based on the forwarding path, thus improving the forwarding efficiency and reducing the forwarding overhead.
在一些可能的实现方式中,网卡可以对所述第N个数据包做处理,转发处理后的所述第N个数据包。由此,网卡代替虚拟网关实现相应的网关服务,满足业务需求。并且,网卡无需将数据包上报至虚拟网关,由虚拟网关处理后,将处理后的数据包发送至网卡,再由网卡转发,从而缩短了转发路径,降低了转发开销。In some possible implementations, the network card may process the Nth data packet and forward the processed Nth data packet. As a result, the network card replaces the virtual gateway to implement corresponding gateway services to meet business needs. Moreover, the network card does not need to report the data packets to the virtual gateway. After being processed by the virtual gateway, the processed data packets are sent to the network card and then forwarded by the network card, thus shortening the forwarding path and reducing forwarding overhead.
在一些可能的实现方式中,网卡可以修改所述第N个数据包的源地址,从而实现网络地址转换,以满足通过公网IP访问网络的需求。网卡也可以按照所述转发路径的目的地址,具体是转发路径中修改后的目的地址,更新所述第N个数据包的目的地址,从而满足负载均衡的需求。In some possible implementations, the network card can modify the source address of the Nth data packet to implement network address translation to meet the need to access the network through the public IP. The network card may also update the destination address of the Nth data packet according to the destination address of the forwarding path, specifically the modified destination address in the forwarding path, so as to meet the load balancing requirements.
在该方法中,网卡可以根据转发表实现虚拟网关如网络地址转换网关的功能或者弹性负载均衡网关的功能,由此满足了业务需求,而且通过网卡进行处理具有较高的处理效率。In this method, the network card can implement the function of a virtual gateway such as a network address translation gateway or an elastic load balancing gateway based on the forwarding table, thereby meeting business needs, and processing through the network card has high processing efficiency.
在一些可能的实现方式中,所述网卡可以通过卸载通道接收所述虚拟网关提供的数据流的转发表。其中,卸载通道是专用于卸载计算资源至网卡的通道。网卡通过卸载通道接收虚拟网关提供的数据流的转发表,可以实现数据隔离,保障安全性。In some possible implementations, the network card may receive the forwarding table of the data flow provided by the virtual gateway through an offload channel. Among them, the offload channel is a channel dedicated to offloading computing resources to the network card. The network card receives the forwarding table of the data flow provided by the virtual gateway through the offload channel, which can achieve data isolation and ensure security.
在一些可能的实现方式中,所述网卡删除所述数据流的转发表。例如网卡可以是在数据流转发完毕之后,删除上述数据流的转发表,从而节省网卡的存储空间,降低网卡的存储开销。In some possible implementations, the network card deletes the forwarding table of the data flow. For example, the network card can delete the forwarding table of the data flow after the data flow is forwarded, thereby saving the storage space of the network card and reducing the storage overhead of the network card.
在一些可能的实现方式中,所述虚拟网关可以指示所述网卡删除所述数据流的转发表。例如,虚拟网关可以下方删除指令,从而指示网卡删除数据流的转发表。如此,网卡可以响应于删除指令,删除数据流的转发表,从而节省网卡的存储空间,降低网卡的存储开销。In some possible implementations, the virtual gateway may instruct the network card to delete the forwarding table of the data flow. For example, a virtual gateway can issue a delete command to instruct the network card to delete the forwarding table of the data flow. In this way, the network card can delete the forwarding table of the data flow in response to the deletion instruction, thereby saving the storage space of the network card and reducing the storage overhead of the network card.
在一些可能的实现方式中,所述转发表包括源地址、目的地址和下一跳地址。如此,网卡可以将数据包的元信息如数据包的源地址、目的地址和转发表中的表项进行匹配,当数据包的元信息在转发表中命中时,网卡可以按照转发表的表项中的下一跳地址进行转发。如此,缩短了转发路径,提高了转发效率。In some possible implementations, the forwarding table includes a source address, a destination address, and a next hop address. In this way, the network card can match the meta information of the data packet, such as the source address and destination address of the data packet, with the entries in the forwarding table. When the meta information of the data packet hits the forwarding table, the network card can match it according to the entries in the forwarding table. The next hop address in the forwarding address. In this way, the forwarding path is shortened and the forwarding efficiency is improved.
进一步地,转发表还可以包括源端口号、目的端口号。相应地,网卡可以将数据包的元信息如数据包的源地址、目的地址、源端口号、目的端口号和转发表中的表项进行匹配,从而确定下一跳地址,进而网卡可以按照下一跳地址进行转发。如此,缩短了转发路径,提高了转发效率。Further, the forwarding table may also include a source port number and a destination port number. Correspondingly, the network card can match the meta-information of the data packet, such as the source address, destination address, source port number, destination port number of the data packet, with the entries in the forwarding table to determine the next hop address. The network card can then determine the next hop address as follows: One hop address for forwarding. In this way, the forwarding path is shortened and the forwarding efficiency is improved.
在一些可能的实现方式中,所述网卡根据所述第N个数据包的元信息查询所述转发表,获得所述数据流中第N个数据包的转发路径。该转发路径为快路径,网卡按照该快路径进行数据转发,提高了转发效率。In some possible implementations, the network card queries the forwarding table according to the meta-information of the Nth data packet to obtain the forwarding path of the Nth data packet in the data flow. This forwarding path is a fast path, and the network card forwards data according to this fast path, which improves forwarding efficiency.
第二方面,本申请提供了一种计算设备。所述计算设备具有网卡,所述计算设备部署所述虚拟网关的实例。所述网卡用于接收所述虚拟网关提供的数据流的转发表,使用所述转发表确定所述数据流中第N个数据包的转发路径,基于所述第N个数据包的转发路径转 发所述第N个数据包,所述N大于1。In a second aspect, the present application provides a computing device. The computing device has a network card, and the computing device deploys an instance of the virtual gateway. The network card is used to receive the forwarding table of the data flow provided by the virtual gateway, use the forwarding table to determine the forwarding path of the Nth data packet in the data flow, and forward based on the forwarding path of the Nth data packet. For the Nth data packet, N is greater than 1.
在一些可能的实现方式中,虚拟网关还用于:In some possible implementations, virtual gateways are also used to:
基于所述数据流中的第一个数据包确定所述转发路径。The forwarding path is determined based on the first data packet in the data flow.
在一些可能的实现方式中,所述网卡具体用于:In some possible implementations, the network card is specifically used for:
对所述第N个数据包做处理,转发处理后的所述第N个数据包。Process the Nth data packet and forward the processed Nth data packet.
在一些可能的实现方式中,所述网卡具体用于:In some possible implementations, the network card is specifically used for:
修改所述第N个数据包的源地址;或者,Modify the source address of the Nth data packet; or,
按照所述转发路径的目的地址,更新所述第N个数据包的目的地址。The destination address of the Nth data packet is updated according to the destination address of the forwarding path.
在一些可能的实现方式中,所述网卡具体用于:In some possible implementations, the network card is specifically used for:
所述网卡通过卸载通道接收所述虚拟网关提供的数据流的转发表。The network card receives the forwarding table of the data flow provided by the virtual gateway through an offload channel.
在一些可能的实现方式中,所述网卡还用于:In some possible implementations, the network card is also used for:
删除所述数据流的转发表。Delete the forwarding table for the data flow.
在一些可能的实现方式中,所述虚拟网关还用于:In some possible implementations, the virtual gateway is also used to:
指示所述网卡删除所述数据流的转发表。Instruct the network card to delete the forwarding table of the data flow.
在一些可能的实现方式中,所述转发表包括源地址、目的地址和下一跳地址。In some possible implementations, the forwarding table includes a source address, a destination address, and a next hop address.
在一些可能的实现方式中,所述网卡具体用于:In some possible implementations, the network card is specifically used for:
根据所述第N个数据包的元信息查询所述转发表,获得所述数据流中第N个数据包的转发路径。Query the forwarding table according to the meta-information of the Nth data packet to obtain the forwarding path of the Nth data packet in the data flow.
第三方面,本申请提供一种网卡。所述网卡可以为智能网卡。所述网卡包括至少一个处理器和至少一个存储器。所述至少一个处理器、所述至少一个存储器进行相互的通信。所述至少一个处理器用于执行所述至少一个存储器中存储的指令,以使得网卡执行如第一方面或第一方面的任一种实现方式中的数据转发方法中由网卡执行的步骤。In a third aspect, this application provides a network card. The network card may be a smart network card. The network card includes at least one processor and at least one memory. The at least one processor and the at least one memory communicate with each other. The at least one processor is configured to execute instructions stored in the at least one memory, so that the network card performs steps performed by the network card in the data forwarding method in the first aspect or any implementation of the first aspect.
第四方面,本申请提供一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,所述指令指示计算设备执行上述第一方面或第一方面的任一种实现方式所述的数据转发方法。In a fourth aspect, the present application provides a computer-readable storage medium in which instructions are stored, and the instructions instruct the computing device to execute the above-mentioned first aspect or any implementation of the first aspect. data forwarding method.
第五方面,本申请提供了一种包含指令的计算机程序产品,当其在计算设备或计算设备集群上运行时,使得计算设备执行上述第一方面或第一方面的任一种实现方式所述的数据转发方法。In a fifth aspect, the present application provides a computer program product containing instructions that, when run on a computing device or a cluster of computing devices, causes the computing device to execute the above-mentioned first aspect or any implementation of the first aspect. data forwarding method.
本申请在上述各方面提供的实现方式的基础上,还可以进行进一步组合以提供更多实现方式。Based on the implementation methods provided in the above aspects, this application can also be further combined to provide more implementation methods.
附图说明Description of the drawings
为了更清楚地说明本申请实施例的技术方法,下面将对实施例中所需使用的附图作以简单地介绍。In order to explain the technical methods of the embodiments of the present application more clearly, the drawings required to be used in the embodiments will be briefly introduced below.
图1为本申请实施例提供的一种数据转发系统的系统架构图;Figure 1 is a system architecture diagram of a data forwarding system provided by an embodiment of the present application;
图2为本申请实施例提供的另一种数据转发系统的系统架构图;Figure 2 is a system architecture diagram of another data forwarding system provided by an embodiment of the present application;
图3为本申请实施例提供的一种数据转发方法的交互流程图;Figure 3 is an interactive flow chart of a data forwarding method provided by an embodiment of the present application;
图4为本申请实施例提供的一种数据转发方法的交互流程图;Figure 4 is an interactive flow chart of a data forwarding method provided by an embodiment of the present application;
图5为本申请实施例提供的一种数据转发方法的流程示意图;Figure 5 is a schematic flow chart of a data forwarding method provided by an embodiment of the present application;
图6为本申请实施例提供的一种网卡的硬件结构图。Figure 6 is a hardware structure diagram of a network card provided by an embodiment of the present application.
具体实施方式Detailed ways
本申请实施例中的术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征。The terms "first" and "second" in the embodiments of this application are only used for descriptive purposes and cannot be understood as indicating or implying relative importance or implicitly indicating the number of indicated technical features. Therefore, features defined as "first" and "second" may explicitly or implicitly include one or more of these features.
首先对本申请实施例中所涉及到的一些技术术语进行介绍。First, some technical terms involved in the embodiments of this application are introduced.
虚拟化网络是指通过网络虚拟化技术构建的网络,也称作虚拟网络。其中,网络虚拟化是将基于硬件的网络转变为基于软件的网络。网络虚拟化允许独立于硬件来交付网络功能、硬件资源和软件资源。例如,网络虚拟化可以用于合并许多物理网络,或者将一个物理网络进一步细分。如此,服务提供商提供服务的灵活性、可靠性能够得到提升。Virtualized network refers to a network built through network virtualization technology, also called a virtual network. Among them, network virtualization is to transform a hardware-based network into a software-based network. Network virtualization allows network functions, hardware resources, and software resources to be delivered independent of hardware. For example, network virtualization can be used to consolidate many physical networks, or to further subdivide a physical network. In this way, the flexibility and reliability of services provided by service providers can be improved.
网关(gateway),又称网间连接器、协议转换器,通常是在网络层以上实现网络互连的设备。虚拟网关可以是虚拟化网络中的网关。虚拟网关一般可以用于两个高层协议不同的网络互连。上述虚拟网关的功能可以通过网关软件实现。具体地,计算机集群中可以部署至少一种网关软件,从而提供相应的网关服务,实现相应的网关功能。部署上述网关软件的计算机集群也称作网关集群。虚拟化网络的网关集群中可以部署各种各样的虚拟网关,例如ELB网关、NAT网关,以满足不同业务的需求。Gateway, also known as Internet connector and protocol converter, is usually a device that implements network interconnection above the network layer. A virtual gateway can be a gateway in a virtualized network. Virtual gateways can generally be used to interconnect two networks with different high-level protocols. The functions of the above virtual gateway can be realized through gateway software. Specifically, at least one gateway software can be deployed in the computer cluster to provide corresponding gateway services and implement corresponding gateway functions. The computer cluster where the above gateway software is deployed is also called a gateway cluster. Various virtual gateways, such as ELB gateways and NAT gateways, can be deployed in the gateway cluster of a virtualized network to meet the needs of different services.
网关集群中部署的网关软件通常采用轮询(polling)机制,满足网络的大带宽和高速率转发要求。轮询具体是一种CPU决策如何提供周边设备服务的方式,又称“程控输入输出”(Programmed I/O)。具体地,CPU定时发出询问,依序询问每一个周边设备是否需要其服务,若需要即给予服务,服务结束后再询问下一个周边设备,接着不断周而复始。Gateway software deployed in a gateway cluster usually uses a polling mechanism to meet the network's large bandwidth and high-rate forwarding requirements. Polling is specifically a way for the CPU to decide how to provide peripheral device services, also known as "Programmed I/O". Specifically, the CPU issues queries regularly, asking each peripheral device in sequence whether it needs its service. If it needs the service, it will provide the service. After the service is completed, it will ask the next peripheral device, and then the cycle will continue.
然而,上述方案使得CPU处于完全运转状态,进而导致网关服务的功耗较大,成本比较高昂。However, the above solution keeps the CPU in a fully operational state, which in turn results in high power consumption and high cost for the gateway service.
有鉴于此,本申请实施例提供了一种数据转发方法。该方法可以由计算设备执行。计算设备具有网卡,此外,计算设备部署虚拟网关的实例,如ELB网关的实例或者NAT网关的实例。In view of this, embodiments of the present application provide a data forwarding method. The method can be performed by a computing device. The computing device has a network card. In addition, the computing device deploys an instance of a virtual gateway, such as an instance of an ELB gateway or an instance of a NAT gateway.
具体地,网卡接收虚拟网关(例如是网关集群中的一个或多个节点上的虚拟网关)提供的数据流的转发表,使用转发表确定数据流中第N个数据包的转发路径,其中,N大于1,然后网卡基于第N个数据包的转发路径,转发第N个数据包。Specifically, the network card receives the forwarding table of the data flow provided by the virtual gateway (for example, a virtual gateway on one or more nodes in the gateway cluster), and uses the forwarding table to determine the forwarding path of the Nth data packet in the data flow, where, N is greater than 1, and then the network card forwards the Nth data packet based on the forwarding path of the Nth data packet.
该方法通过将虚拟网关消耗的计算资源卸载到网卡,减少了网关服务的CPU资源消耗,从而降低整个网关服务的功耗,大幅度降低网关服务的成本,满足了业务的需求。而且,该方法通过网卡硬件进行转发,而不必再经过网关软件进行转发,提升了转发性能。This method reduces the CPU resource consumption of the gateway service by offloading the computing resources consumed by the virtual gateway to the network card, thereby reducing the power consumption of the entire gateway service, greatly reducing the cost of the gateway service, and meeting business needs. Moreover, this method forwards data through network card hardware instead of through gateway software, which improves forwarding performance.
本申请实施例的虚拟网关可以部署在物理资源池,也可以部署在虚拟资源池。物理资源池是指物理机(如物理服务器等计算设备)形成的资源池,虚拟资源池是指对物理机进行虚拟化后形成的可按需调度的资源池。虚拟网关部署在物理资源池时,虚拟网关的实例直接运行在物理机中。虚拟网关部署在虚拟资源池时,虚拟网关的实例运行在物理机上的虚拟机中。The virtual gateway in the embodiment of this application can be deployed in a physical resource pool or a virtual resource pool. The physical resource pool refers to the resource pool formed by physical machines (such as physical servers and other computing devices), and the virtual resource pool refers to the resource pool formed after virtualizing the physical machine and can be scheduled on demand. When the virtual gateway is deployed in a physical resource pool, the instance of the virtual gateway runs directly on the physical machine. When a virtual gateway is deployed in a virtual resource pool, the instance of the virtual gateway runs in a virtual machine on a physical machine.
为了使得本申请的技术方案更加清楚、易于理解,下面结合附图对本申请实施例的计算设备进行介绍。In order to make the technical solution of the present application clearer and easier to understand, the computing device of the embodiment of the present application is introduced below with reference to the accompanying drawings.
参见图1所示的计算设备10的架构示意图,该计算设备10中部署有虚拟网关100的实例,计算设备10还包括网卡200。在图1的示例中,虚拟网关100的实例部署在物理资源池中,该虚拟网关100的实例具体是将网关软件如ELB APP或者NAT APP直接部署在物理资源池中的物理机上形成。Referring to the schematic architectural diagram of the computing device 10 shown in FIG. 1 , an instance of the virtual gateway 100 is deployed in the computing device 10 , and the computing device 10 also includes a network card 200 . In the example of Figure 1, an instance of the virtual gateway 100 is deployed in a physical resource pool. The instance of the virtual gateway 100 is specifically formed by directly deploying gateway software such as ELB APP or NAT APP on a physical machine in the physical resource pool.
在本实施例中,虚拟网关100和网卡200可以协同完成数据流的转发。具体地,虚拟网关100可以从网卡200接收数据流的第一个数据包,确定该数据包的转发路径,按照该转发路径转发第一个数据包。此外,网卡200接收虚拟网关100提供的数据流的转发表,该转发表包括数据流中数据包的转发路径。网卡200接收数据流的第N个数据包,N大于1,然后可以直接使用转发表确定数据流中第N个数据包的转发路径,基于第N个数据包的转发路径,转发第N个数据包。In this embodiment, the virtual gateway 100 and the network card 200 can cooperate to complete the forwarding of the data flow. Specifically, the virtual gateway 100 can receive the first data packet of the data flow from the network card 200, determine the forwarding path of the data packet, and forward the first data packet according to the forwarding path. In addition, the network card 200 receives the forwarding table of the data flow provided by the virtual gateway 100, and the forwarding table includes the forwarding path of the data packets in the data flow. The network card 200 receives the Nth data packet of the data flow, N is greater than 1, and then can directly use the forwarding table to determine the forwarding path of the Nth data packet in the data flow, and forward the Nth data based on the forwarding path of the Nth data packet. Bag.
其中,数据流的第N个数据包直接通过网卡200硬件转发,无需通过虚拟网关100软件转发,具有较高的转发效率,因此,网卡200转发数据包的路径也称作快路径。相对应地,虚拟网关100转发数据包的路径也称作慢路径。如此,可以尽可能地加快转发效率,提升转发性能。Among them, the Nth data packet of the data flow is directly forwarded through the network card 200 hardware without the need to be forwarded through the virtual gateway 100 software, which has high forwarding efficiency. Therefore, the path through which the network card 200 forwards the data packet is also called a fast path. Correspondingly, the path along which the virtual gateway 100 forwards data packets is also called a slow path. In this way, the forwarding efficiency can be accelerated as much as possible and the forwarding performance can be improved.
图1对计算设备10的一种架构进行了介绍。本申请实施例还提供了计算设备10的另一种架构。在该架构下,虚拟网关100的实例部署在虚拟资源池中,通过与网卡200协同实现数据转发。下面对计算设备10的另一种架构进行介绍。Figure 1 illustrates an architecture of computing device 10. The embodiment of the present application also provides another architecture of the computing device 10. Under this architecture, instances of the virtual gateway 100 are deployed in the virtual resource pool, and realize data forwarding by cooperating with the network card 200. Another architecture of the computing device 10 is introduced below.
参见图2所示的计算设备10的架构示意图,该计算设备10包括虚拟资源池,虚拟资源池具体是物理资源如CPU等进行虚拟化形成的可统一调度的资源池。虚拟资源池中可以包括一个或多个虚拟机。图2以计算设备10包括多个虚拟机进行示例说明。计算设备10的虚拟机上可以部署虚拟网关100的实例。例如,计算设备10的一个虚拟机上可以运行ELB网关软件,即ELB APP,从而部署ELB网关的实例,另一个虚拟机上可以运行NAT网关软件,即NAT APP,从而部署NAT网关的实例。如此可以实现不同功能的虚拟网关100的隔离,保障安全性。在图2的示例中,计算设备10具有网卡200。网卡200接收虚拟网关100提供的数据流的转发表,然后网卡200使用转发表确定上述数据流中第N个数据包的转发路径,接着网卡200基于第N个数据包的转发路径,转发第N个数据包。Referring to the schematic architectural diagram of the computing device 10 shown in FIG. 2 , the computing device 10 includes a virtual resource pool. The virtual resource pool is specifically a uniformly scheduleable resource pool formed by virtualizing physical resources such as a CPU. A virtual resource pool can contain one or more virtual machines. FIG. 2 illustrates that the computing device 10 includes multiple virtual machines. An instance of virtual gateway 100 may be deployed on a virtual machine of computing device 10 . For example, one virtual machine of the computing device 10 can run the ELB gateway software, ie, ELB APP, to deploy an instance of the ELB gateway, and another virtual machine can run the NAT gateway software, ie, NAT APP, to deploy an instance of the NAT gateway. In this way, virtual gateways 100 with different functions can be isolated to ensure security. In the example of FIG. 2 , computing device 10 has network card 200 . The network card 200 receives the forwarding table of the data flow provided by the virtual gateway 100, and then uses the forwarding table to determine the forwarding path of the Nth data packet in the above data flow. Then the network card 200 forwards the Nth data packet based on the forwarding path of the Nth data packet. data packets.
图2所示的计算设备10转发数据流的具体实现可以参见图1相关内容描述,在此不再赘述。For the specific implementation of forwarding the data stream by the computing device 10 shown in Figure 2, please refer to the relevant description of Figure 1, and will not be described again here.
以上对计算设备10的架构进行了介绍,接下来,结合附图对本申请实施例的数据转发方法进行介绍。The architecture of the computing device 10 has been introduced above. Next, the data forwarding method of the embodiment of the present application will be introduced with reference to the drawings.
参见图3所示的数据转发方法的流程图,该方法由计算设备10执行,计算设备10部署虚拟网关100的实例,且计算设备10包括网卡200,该方法包括:Referring to the flow chart of the data forwarding method shown in Figure 3, the method is executed by the computing device 10. The computing device 10 deploys an instance of the virtual gateway 100, and the computing device 10 includes a network card 200. The method includes:
S302:虚拟网关100从网卡200接收数据流的第一个数据包。S302: The virtual gateway 100 receives the first data packet of the data flow from the network card 200.
具体地,数据流是对同一时间段,经过同一网络中具有某种共同特征或属性的数据的抽象。例如,同一时间段访问同一地址的数据包可以视为一个数据流。数据流可以包括多 个数据包,数据流包括的多个数据包可以是来自终端的请求数据包,或者是来自后端的服务器的响应数据包。例如,在访问网页的场景中,数据流可以包括终端响应于用户触发的网页浏览操作产生的多个超文本传输协议(Hyper Text Transfer Protocol,HTTP)请求数据包,或者是服务器响应于用户的请求产生的多个响应数据包。其中,响应数据包可以携带文本或图像、音频、视频等多媒体信息。Specifically, data flow is an abstraction of data that passes through the same network in the same time period and has certain common characteristics or attributes. For example, data packets accessing the same address during the same time period can be regarded as one data flow. The data stream may include multiple data packets, and the multiple data packets included in the data stream may be request data packets from the terminal, or response data packets from the back-end server. For example, in the scenario of accessing a web page, the data flow may include multiple Hyper Text Transfer Protocol (HTTP) request packets generated by the terminal in response to the web browsing operation triggered by the user, or the server may respond to the user's request Multiple response packets generated. Among them, the response data packet can carry multimedia information such as text or images, audio, and video.
在一些实施例中,网卡200依次接收数据流的数据包,并将数据流的第一个数据包提供给虚拟网关100。例如,网卡200可以依次接收终端发送的请求数据包,并将第一个请求数据包上报给虚拟网关100,以便由虚拟网关100确定转发路径并转发该请求数据包。又例如,网卡200可以依次接收服务器发送的响应数据包,并将第一个响应数据包上报给虚拟网关100,以便由虚拟网关100确定转发路径并转发该响应数据包。In some embodiments, the network card 200 receives the data packets of the data flow sequentially and provides the first data packet of the data flow to the virtual gateway 100 . For example, the network card 200 may receive the request data packets sent by the terminal in sequence, and report the first request data packet to the virtual gateway 100, so that the virtual gateway 100 determines the forwarding path and forwards the request data packet. For another example, the network card 200 may receive the response data packets sent by the server in sequence, and report the first response data packet to the virtual gateway 100, so that the virtual gateway 100 determines the forwarding path and forwards the response data packet.
需要说明的是,上述数据包不局限于终端和服务器之间的请求数据包或响应数据包,也可以是终端和终端之间传输的即时通信数据包,或者服务器和服务器之间传输的业务数据包。It should be noted that the above data packets are not limited to request data packets or response data packets between terminals and servers, but can also be instant messaging data packets transmitted between terminals and terminals, or business data transmitted between servers. Bag.
S304:虚拟网关100基于数据流中的第一个数据包确定转发路径。S304: The virtual gateway 100 determines the forwarding path based on the first data packet in the data flow.
S306:虚拟网关100按照该转发路径转发第一个数据包。S306: The virtual gateway 100 forwards the first data packet according to the forwarding path.
具体地,虚拟网关100可以通过CPU轮询的方式,确定上述前第一个数据包的转发路径,然后按照该转发路径转发数据流的第一个数据包。需要说明的是,虚拟网关100可以是具有特定功能的网关,例如虚拟网关100可以是ELB网关,或者是NAT网关,该虚拟网关还可以对数据流的第一个数据包进行处理,然后按照该转发路径转发处理后的第一个数据包。Specifically, the virtual gateway 100 can determine the forwarding path of the first data packet by CPU polling, and then forward the first data packet of the data flow according to the forwarding path. It should be noted that the virtual gateway 100 can be a gateway with specific functions. For example, the virtual gateway 100 can be an ELB gateway or a NAT gateway. The virtual gateway can also process the first data packet of the data flow, and then process it according to the The forwarding path forwards the first packet after processing.
在一些可能的实现方式中,虚拟网关100为ELB网关,虚拟网关100可以从多个负载均衡服务器中确定一个负载均衡服务器,然后修改第一个数据包的目的地址为该负载均衡服务器的IP地址,并确定到该负载均衡服务器的转发路径,按照该转发路径转发修改后的第一个数据包。In some possible implementations, the virtual gateway 100 is an ELB gateway. The virtual gateway 100 can determine a load balancing server from multiple load balancing servers, and then modify the destination address of the first data packet to the IP address of the load balancing server. , and determine the forwarding path to the load balancing server, and forward the modified first data packet according to the forwarding path.
在另一些可能的实现方式中,虚拟网关为NAT网关,虚拟网关100可以修改第一个数据包的源地址,例如可以将第一个数据包的源地址修改为公网IP地址,虚拟网关100还可以确定第一个数据包的转发路径,然后按照该转发路径转发修改后的第一个数据包。In other possible implementations, the virtual gateway is a NAT gateway, and the virtual gateway 100 can modify the source address of the first data packet. For example, the source address of the first data packet can be modified to a public IP address. The virtual gateway 100 It is also possible to determine the forwarding path of the first data packet and then forward the modified first data packet along that forwarding path.
S308:虚拟网关100向网卡200提供所述数据流的转发表。S308: The virtual gateway 100 provides the forwarding table of the data flow to the network card 200.
每个虚拟网关100具有各自的处理逻辑。例如,ELB网关可以根据访问的虚拟网络地址(virtual Internet Protocol,VIP),根据配置的负载均衡算法,选择一个后端的服务器进行转发。虚拟网关100可以基于上述处理逻辑,生成数据流的转发表(Forwarding Table)。Each virtual gateway 100 has its own processing logic. For example, the ELB gateway can select a backend server for forwarding based on the accessed virtual network address (virtual Internet Protocol, VIP) and the configured load balancing algorithm. The virtual gateway 100 can generate a forwarding table (Forwarding Table) of the data flow based on the above processing logic.
数据流的处理逻辑可以包括匹配(match)逻辑。进一步地,数据流的处理逻辑还可以包括动作(action)指示。也即数据流的处理逻辑可以包括匹配逻辑和动作指示。其中,数据流的处理逻辑可以通过转发表表示。The processing logic of the data stream may include matching logic. Furthermore, the processing logic of the data flow may also include action instructions. That is, the processing logic of the data flow may include matching logic and action instructions. Among them, the processing logic of the data flow can be expressed through the forwarding table.
转发表中包括源地址、目的地址和下一跳地址,进一步地,转发表中还可以包括源端口号和目的端口号,上述源地址、目的地址、源端口号或目的端口号可以用于和数据包的元信息(如包括数据包的源地址、目的地址在内的多元组)匹配,从而确定数据包的下一跳地址。进一步地,转发表中还可以包括对数据包的动作指示,以便按照该动作指示对数 据包进行处理,并转发处理后的数据包。The forwarding table includes the source address, destination address and next hop address. Furthermore, the forwarding table may also include the source port number and the destination port number. The above source address, destination address, source port number or destination port number can be used for and The meta-information of the data packet (such as a tuple including the source address and destination address of the data packet) is matched to determine the next hop address of the data packet. Further, the forwarding table may also include an action instruction for the data packet, so that the data packet is processed according to the action instruction and the processed data packet is forwarded.
其中,转发表可以进一步抽象为流表(flow table)。所谓流表,是对网络设备的数据转发功能的一种抽象。在传统网络设备中,交换机和路由器的数据转发需要依赖设备中保存的二层介质访问控制(Media Access Control,MAC)地址转发表或者三层IP地址路由表,而本申请中使用的流表也是如此,流表中整合了网络中各个层次的网络配置信息,从而在进行数据转发时可以使用更丰富的规则。Among them, the forwarding table can be further abstracted into a flow table. The so-called flow table is an abstraction of the data forwarding function of network equipment. In traditional network equipment, data forwarding by switches and routers relies on the Layer 2 Media Access Control (MAC) address forwarding table or Layer 3 IP address routing table saved in the device. The flow table used in this application is also In this way, the flow table integrates network configuration information at all levels in the network, so that richer rules can be used when forwarding data.
具体地,流表是针对数据流的策略表项的集合,负责数据包的查找和转发。流表包括一系列的流表项(flow entries)。流表项包括源地址、目的地址和下一跳地址。在一些实施例中,流表项还可以包括源端口号和目的端口号,如此可以实现精确匹配。需要说明的是,网卡200支持大规模的带掩码的模糊匹配时,流表项也可以不包括上述源端口号、目的端口号。如此可以避免展开成精确流表,极大地降低路由类业务的流表数量,可以支持更大的业务规模。Specifically, the flow table is a collection of policy entries for data flows and is responsible for the search and forwarding of data packets. The flow table includes a series of flow entries. Flow table entries include source address, destination address and next hop address. In some embodiments, the flow entry may also include a source port number and a destination port number, so that accurate matching can be achieved. It should be noted that when the network card 200 supports large-scale masked fuzzy matching, the flow table entry may not include the above-mentioned source port number and destination port number. This can avoid expanding into precise flow tables, greatly reduce the number of flow tables for routing services, and support larger business scale.
在一些实施例中,流表项可以包括包头域和动作表。下面对包头域和动作表进行详细介绍。In some embodiments, the flow entry may include a header field and an action table. The header fields and action tables are introduced in detail below.
包头域中包括源地址(如源IP)和目的地址(如目的IP)。进一步地,源地址还可以包括源MAC地址。目的地址还可以包括目的MAC地址。此外,包头域中还可以包括源端口号和目的端口号。包头域中包括链路层、网络层或传输层的标识,基于上述标识可以实现数据包的快速匹配。The header field includes the source address (such as source IP) and destination address (such as destination IP). Further, the source address may also include a source MAC address. The destination address may also include the destination MAC address. In addition, the packet header field can also include the source port number and destination port number. The header field includes the identifier of the link layer, network layer or transport layer. Based on the above identifiers, fast matching of data packets can be achieved.
动作表用于指示在收到匹配的数据包后,如何对其进行处理。每个流表项可以对应零到多个动作。如果没有定义转发动作,那么与流表项包头域匹配的数据包将默认丢弃。此外,同一流表项中包括多个动作时,多个动作可以具有不同的优先级。The action table is used to indicate how to handle matching packets after they are received. Each flow entry can correspond to zero to multiple actions. If no forwarding action is defined, packets matching the header field of the flow entry will be discarded by default. In addition, when the same flow entry includes multiple actions, the multiple actions can have different priorities.
流表项的动作可以分为必备动作和可选动作两类。其中,必备动作包括转发至物理端口或者保留端口(如ALL,CONTROLLER,TABLE,IN_PORT,ANY,LOCAL,NORMAL,FLOOD)、丢弃。可选动作包括转发至虚拟端口、排队或修改。其中,排队是指将数据包转发到某个出端口对应的转发序列当中,便于提供服务质量(quality of service,QOS)支持。修改可以包括修改源MAC地址、修改目的MAC地址、修改源IP地址、修改目的IP地址或修改IP ToS位。The actions of flow table items can be divided into two categories: required actions and optional actions. Among them, necessary actions include forwarding to a physical port or a reserved port (such as ALL, CONTROLLER, TABLE, IN_PORT, ANY, LOCAL, NORMAL, FLOOD) and discarding. Optional actions include forward to virtual port, queue, or modify. Among them, queuing refers to forwarding data packets to the forwarding sequence corresponding to an egress port to facilitate the provision of quality of service (QOS) support. Modifications can include modifying the source MAC address, modifying the destination MAC address, modifying the source IP address, modifying the destination IP address, or modifying the IP ToS bit.
在一些可能的实现方式中,计算设备10中可以部署多个虚拟网关100的实例,相应地,计算设备10中的网卡200可以针对每种虚拟网关100,分别维护一张流表,以分别存储不同虚拟网关100对数据流的处理逻辑。In some possible implementations, multiple instances of virtual gateways 100 can be deployed in the computing device 10. Correspondingly, the network card 200 in the computing device 10 can maintain a flow table for each virtual gateway 100 to store different virtual gateways 100 respectively. The processing logic of the gateway 100 for the data flow.
S310:网卡200接收数据流的第N个数据包。S310: The network card 200 receives the Nth data packet of the data stream.
具体地,网卡200可以在接收数据流的第一个数据包之后,继续接收终端发送的数据流的第N个请求数据包,或者是继续接收服务器发送的数据流的第N个响应数据包,其中,N大于1。Specifically, after receiving the first data packet of the data stream, the network card 200 can continue to receive the Nth request data packet of the data stream sent by the terminal, or continue to receive the Nth response data packet of the data stream sent by the server. Among them, N is greater than 1.
与S302类似,上述第N个数据包不局限于终端和服务器之间的请求数据包或响应数据包,也可以是终端和终端之间传输的即时通信数据包,或者服务器和服务器之间传输的业务数据包。Similar to S302, the above-mentioned Nth data packet is not limited to the request data packet or response data packet between the terminal and the server. It can also be an instant messaging data packet transmitted between the terminal and the terminal, or between the server and the server. Business data package.
S312:网卡200根据第N个数据包的元信息查询所述转发表,获得数据流中第N个数 据包的转发路径。S312: The network card 200 queries the forwarding table according to the meta information of the Nth data packet, and obtains the forwarding path of the Nth data packet in the data flow.
元信息是指数据包的元数据,元数据为描述数据的数据。在本实施例中,数据包的元信息可以包括数据包的源地址、目的地址中的一种或多种。进一步地,数据包的源信息还可以包括数据包的源端口号、目的端口号中的一种或多种。Metainformation refers to the metadata of the data packet, and metadata is the data that describes the data. In this embodiment, the metainformation of the data packet may include one or more of the source address and destination address of the data packet. Further, the source information of the data packet may also include one or more of the source port number and destination port number of the data packet.
具体地,网卡200可以根据第N个数据包的元信息查询承载有处理逻辑的转发表或者流表,当该元信息在转发表或流表中命中时,也即该元信息与转发表中的表项或者流表中的流表项匹配时,网卡200可以根据转发表中的表项或者流表中的表项,确定第N个数据包的转发路径。例如,网卡200可以根据流表项的动作表获得第N个数据包的转发路径。该转发路径可以包括数据包的下一跳地址。Specifically, the network card 200 can query the forwarding table or flow table carrying the processing logic according to the meta-information of the Nth data packet. When the meta-information hits the forwarding table or flow table, that is, the meta-information is consistent with the data in the forwarding table. When the entry in the forwarding table or the flow entry in the flow table matches, the network card 200 can determine the forwarding path of the Nth data packet based on the entry in the forwarding table or the entry in the flow table. For example, the network card 200 can obtain the forwarding path of the Nth data packet according to the action table of the flow entry. The forwarding path may include the next hop address of the packet.
S314:网卡200基于第N个数据包的转发路径,转发第N个数据包。S314: The network card 200 forwards the Nth data packet based on the forwarding path of the Nth data packet.
针对第N个数据包,网卡200可以直接使用从转发表确定的数据流中第N个数据包的转发路径,转发该第N个数据包,而无需上报虚拟网关100进行转发,实现了通过硬件方式进行数据包的转发,提高了转发性能。For the Nth data packet, the network card 200 can directly use the forwarding path of the Nth data packet in the data flow determined from the forwarding table to forward the Nth data packet without reporting it to the virtual gateway 100 for forwarding, realizing the hardware-based Data packets are forwarded in this way, which improves the forwarding performance.
其中,处理逻辑还包括动作指示时,网卡200还可以在根据所述第N个数据包的转发路径,转发所述第N个数据包之前,根据所述动作指示,对所述第N个数据包执行相应的动作。例如,针对需要负载均衡的数据包,动作指示可以是按照转发路径修改目的地址,如修改目的IP,网卡200可以根据动作指示修改第N个数据包的目的IP,然后按照转发路径转发修改后的第N个数据包。又例如,针对需要网络地址转换的数据包,动作指示可以是修改源地址,如修改源IP,网卡200可以根据动作指示修改第N个数据包的源IP,然后按照转发路径转发修改后的数据包。Wherein, when the processing logic also includes an action instruction, the network card 200 may also, before forwarding the Nth data packet according to the forwarding path of the Nth data packet, process the Nth data according to the action instruction. The package performs the corresponding action. For example, for data packets that require load balancing, the action instruction can be to modify the destination address according to the forwarding path, such as modifying the destination IP. The network card 200 can modify the destination IP of the Nth data packet according to the action instruction, and then forward the modified packet according to the forwarding path. Nth data packet. For another example, for data packets that require network address translation, the action instruction may be to modify the source address, such as modifying the source IP. The network card 200 may modify the source IP of the Nth data packet according to the action instruction, and then forward the modified data according to the forwarding path. Bag.
在本实施例中,数据流中第N个数据包可以先由源节点(例如为终端)传输至网卡200,然后再由网卡200直接通过查询转发表确定转发路径后,按照转发路径转发至目的节点(例如为服务器)。由于上述转发过程不经过虚拟网关100,可以减少数据流中第N个数据包在网络中的周转时间,提高转发性能。In this embodiment, the Nth data packet in the data flow can first be transmitted from the source node (for example, a terminal) to the network card 200, and then the network card 200 directly determines the forwarding path by querying the forwarding table, and then forwards it to the destination according to the forwarding path. Node (e.g. server). Since the above forwarding process does not go through the virtual gateway 100, the turnaround time of the Nth data packet in the data flow in the network can be reduced and the forwarding performance can be improved.
在一些可能的实现方式中,虚拟网关100还可以下发删除指令,从而指示网卡200删除数据流的转发表。网卡200可以响应于所述虚拟网关100下发的删除指令,删除所述数据流的转发表。其中,转发表抽象为流表时,流表的流表项中还可以包括计数器,计数器可以对数据流中的数据包进行计数。网卡200可以在接收到删除指令后,获取计数器,当计数器中对数据包的计数表征该数据包为数据流的最后一个数据包时,网卡200可以在转发该数据包后,删除转发表。In some possible implementations, the virtual gateway 100 can also issue a deletion instruction to instruct the network card 200 to delete the forwarding table of the data flow. The network card 200 may delete the forwarding table of the data flow in response to the deletion instruction issued by the virtual gateway 100 . When the forwarding table is abstracted into a flow table, the flow table items can also include counters, and the counters can count data packets in the data flow. The network card 200 can obtain the counter after receiving the delete instruction. When the count of data packets in the counter indicates that the data packet is the last data packet of the data flow, the network card 200 can delete the forwarding table after forwarding the data packet.
基于上述内容描述,本申请实施例提供了一种数据转发方法。该方法中,虚拟网关100可以向网卡200提供数据流的转发表,网卡200可以使用转发表确定数据流中第N个数据包的转发路径,并按照该转发路径转发第N个数据包,如此实现将虚拟网关100消耗的计算资源卸载到网卡200,减少了网关服务的CPU资源消耗,从而降低整个网关服务的功耗,大幅度降低网关服务的成本,满足了业务的需求。而且,该方法通过网卡硬件进行转发,而不必再经过网关软件进行转发,提升了转发性能。Based on the above description, embodiments of the present application provide a data forwarding method. In this method, the virtual gateway 100 can provide the forwarding table of the data flow to the network card 200, and the network card 200 can use the forwarding table to determine the forwarding path of the Nth data packet in the data flow, and forward the Nth data packet according to the forwarding path, so The computing resources consumed by the virtual gateway 100 are offloaded to the network card 200, which reduces the CPU resource consumption of the gateway service, thereby reducing the power consumption of the entire gateway service, greatly reducing the cost of the gateway service, and meeting business needs. Moreover, this method forwards data through network card hardware instead of through gateway software, which improves forwarding performance.
图3所示实施例以数据流中的多个数据包由同一计算设备10进行转发示例说明,在一 些可能的实现方式中,数据流中的多个数据包还可以由不同计算设备10进行转发。例如,业务规模扩大时,数据流中的数据包可以由一个计算设备10迁移至另一个计算设备10。为了便于描述,本申请实施例将迁移前的计算设备10称作第一计算设备,迁移后的计算设备10称作第二计算设备。The embodiment shown in FIG. 3 illustrates that multiple data packets in the data flow are forwarded by the same computing device 10. In some possible implementations, multiple data packets in the data flow can also be forwarded by different computing devices 10. . For example, when the business scale expands, data packets in the data flow can be migrated from one computing device 10 to another computing device 10 . For convenience of description, in this embodiment of the present application, the computing device 10 before migration is called the first computing device, and the computing device 10 after migration is called the second computing device.
参见图4所示的数据转发方法的流程图,该方法包括:Referring to the flow chart of the data forwarding method shown in Figure 4, the method includes:
S402:第一计算设备将数据流中待处理的数据包以及数据流的转发表转发至第二计算设备。S402: The first computing device forwards the data packets to be processed in the data flow and the forwarding table of the data flow to the second computing device.
其中,待处理的数据包可以是数据流中第N个数据包,N大于1。例如,数据流中可以包括10个数据包,第一计算设备可以在处理数据流中的前5个数据包后,将剩余的第6至10个数据包转发至第二计算设备,由第二计算设备继续进行处理。The data packet to be processed may be the Nth data packet in the data flow, and N is greater than 1. For example, the data stream may include 10 data packets, and the first computing device may, after processing the first 5 data packets in the data stream, forward the remaining 6 to 10 data packets to the second computing device, and the second computing device may The computing device continues processing.
为了便于第二计算设备继续进行处理,第一计算设备还可以将数据流的转发表转发至第二计算设备。如此,第二计算设备可以直接根据数据流的转发表对数据流中待处理的数据包进行处理,而不必将数据包由该第二计算设备的网卡200上报至虚拟网关100,提高数据流的处理效率。In order to facilitate the second computing device to continue processing, the first computing device may also forward the forwarding table of the data flow to the second computing device. In this way, the second computing device can directly process the data packets to be processed in the data flow according to the forwarding table of the data flow, without having to report the data packets from the network card 200 of the second computing device to the virtual gateway 100, thereby improving the efficiency of the data flow. processing efficiency.
S404:第二计算设备的网卡200使用数据流的转发表,确定上述待处理的数据包的转发路径。S404: The network card 200 of the second computing device uses the forwarding table of the data flow to determine the forwarding path of the above-mentioned data packet to be processed.
具体地,第二计算设备可以根据待处理的数据包的元信息,查询数据流的转发表,获得数据流中待处理的数据包的转发路径。其中,数据包的元信息可以包括数据包的源地址和目的地址,进一步地,数据包的元信息还可以包括源端口号、目的端口号。第二计算设备可以根据上述元信息,从转发表中确定与该元信息匹配的表项,从而获得待处理的数据包的转发路径。该转发路径包括待处理的数据包的下一跳地址。Specifically, the second computing device can query the forwarding table of the data flow according to the meta-information of the data packet to be processed, and obtain the forwarding path of the data packet to be processed in the data flow. The meta-information of the data packet may include the source address and destination address of the data packet. Furthermore, the meta-information of the data packet may also include the source port number and the destination port number. The second computing device can determine the entry matching the meta-information from the forwarding table based on the above-mentioned meta-information, thereby obtaining the forwarding path of the data packet to be processed. The forwarding path includes the next hop address of the pending packet.
S406:第二计算设备的网卡200对待处理的数据包进行处理。S406: The network card 200 of the second computing device processes the data packet to be processed.
其中,转发表中还可以包括动作指示,第二计算设备可以根据该动作指示对待处理的数据包进行处理。例如,第二计算设备的网卡200可以修改待处理的数据包的源地址,得到修改后的数据包,以实现NAT。又例如,第二计算设备的网卡200可以根据转发表中的目的地址,具体是修改后的目的地址,修改待处理数据包的目的地点,得到处理后的数据包,以实现负载均衡。The forwarding table may also include an action indication, and the second computing device may process the data packet to be processed according to the action indication. For example, the network card 200 of the second computing device can modify the source address of the data packet to be processed to obtain the modified data packet to implement NAT. For another example, the network card 200 of the second computing device can modify the destination point of the data packet to be processed according to the destination address in the forwarding table, specifically the modified destination address, and obtain the processed data packet to achieve load balancing.
需要说明的是,上述S406为可选步骤,执行本申请实施例的数据转发方法也可以不执行上述S406。例如,第二计算设备的虚拟网关100用于路由数据流中待处理的数据包时,也可以不执行S406,而是直接转发数据包。It should be noted that the above S406 is an optional step, and the above S406 may not be executed when performing the data forwarding method in the embodiment of the present application. For example, when the virtual gateway 100 of the second computing device is used to route data packets to be processed in the data flow, S406 may not be executed, but the data packets may be forwarded directly.
S408:第二计算设备的网卡200基于转发路径,转发处理后的数据包。S408: The network card 200 of the second computing device forwards the processed data packet based on the forwarding path.
具体地,转发路径可以包括待处理的数据包的下一跳地址。第二计算设备的网卡200可以根据转发路径中待处理的数据包的下一跳地址,将处理后的数据包转发至该下一跳地址对应的设备。需要说明的是,当第二计算设备不执行上述S406时,第二计算设备的网卡200可以基于转发路径,转发数据流中待处理的数据包。Specifically, the forwarding path may include the next hop address of the data packet to be processed. The network card 200 of the second computing device may forward the processed data packet to the device corresponding to the next hop address according to the next hop address of the data packet to be processed in the forwarding path. It should be noted that when the second computing device does not perform the above S406, the network card 200 of the second computing device may forward the data packets to be processed in the data flow based on the forwarding path.
上文对本申请实施例的数据转发方法的流程进行了介绍。为了便于理解本申请的技术方案,下面结合虚拟资源池的应用场景进行示例说明。The process of the data forwarding method in the embodiment of the present application is introduced above. In order to facilitate understanding of the technical solution of this application, an example is provided below in conjunction with the application scenario of the virtual resource pool.
参见图5所示的数据转发方法的流程示意图,该方法具体包括如下步骤:Referring to the schematic flow chart of the data forwarding method shown in Figure 5, the method specifically includes the following steps:
第一步,响应于用户购买网关服务的请求,服务管理平台根据用户的请求,创建对应规格的虚拟机。In the first step, in response to the user's request to purchase the gateway service, the service management platform creates a virtual machine with corresponding specifications based on the user's request.
具体地,购买网关服务的请求中携带有用户请求购买的网关服务的规格。该规格可以包括CPU的架构、频率以及内存的大小。其中,网关服务的请求中还可以包括网关服务的类型,例如是ELB或者NAT等等。服务管理平台可以根据用户的请求,选择与上述规格相匹配的节点,创建虚拟机,并在虚拟机中部署相应的网关软件,从而实现虚拟网关100的功能。Specifically, the request to purchase the gateway service carries the specifications of the gateway service that the user requests to purchase. The specifications can include the CPU's architecture, frequency, and memory size. The request for the gateway service may also include the type of the gateway service, such as ELB or NAT. The service management platform can select nodes that match the above specifications according to the user's request, create a virtual machine, and deploy corresponding gateway software in the virtual machine, thereby realizing the functions of the virtual gateway 100 .
需要说明的是,服务管理平台还可以创建虚拟交换机(virtual switch,vswitch),以实现数据包在网关和网卡之间的交换。It should be noted that the service management platform can also create a virtual switch (vswitch) to realize the exchange of data packets between the gateway and the network card.
在该实施例中,虚拟机中部署的虚拟网关100可以通过卸载引擎下发算子指令给网卡,网卡200可以创建与该虚拟网关100对应的流表。针对同一种虚拟网关100,网卡200创建一张流表。该流表具体为初始化的流表。In this embodiment, the virtual gateway 100 deployed in the virtual machine can issue operator instructions to the network card through the offload engine, and the network card 200 can create a flow table corresponding to the virtual gateway 100. For the same virtual gateway 100, the network card 200 creates a flow table. The flow table is specifically an initialized flow table.
第二步,当有数据包(例如是数据流的首包)到达虚拟网关100时,虚拟网关100可以根据对应的处理逻辑,对数据包进行处理,并转发处理后的数据包,虚拟网关100还可以通过网关卸载通道将处理逻辑下发到网卡200。In the second step, when a data packet (for example, the first packet of the data flow) arrives at the virtual gateway 100, the virtual gateway 100 can process the data packet according to the corresponding processing logic and forward the processed data packet. The virtual gateway 100 The processing logic can also be delivered to the network card 200 through the gateway offload channel.
如图5所示,数据流的首包可以经过虚拟网关100、虚拟交换机、网卡200进行转发。具体地,数据流的首包到达网卡200后,网卡200通过网卡200与虚拟交换机之间的数据通道将数据流的首包传输至虚拟交换机,然后由虚拟交换机将数据流的首包上报至虚拟网关100,虚拟网关100可以通过CPU轮询确定转发路径,根据转发路径转发数据流的首包。其中,转发该数据流的首包时,通常是基于虚拟网关100和虚拟交换机之间的通道先下发至虚拟交换机,然后再由虚拟交换机通过该虚拟交换机与网卡200之间的通道,将其发送至网卡200,网卡200将首包转发到下一跳。As shown in Figure 5, the first packet of the data flow can be forwarded through the virtual gateway 100, the virtual switch, and the network card 200. Specifically, after the first packet of the data flow reaches the network card 200, the network card 200 transmits the first packet of the data flow to the virtual switch through the data channel between the network card 200 and the virtual switch, and then the virtual switch reports the first packet of the data flow to the virtual switch. The gateway 100 and the virtual gateway 100 can determine the forwarding path through CPU polling, and forward the first packet of the data flow according to the forwarding path. When forwarding the first packet of the data flow, it is usually first delivered to the virtual switch based on the channel between the virtual gateway 100 and the virtual switch, and then the virtual switch passes it through the channel between the virtual switch and the network card 200. It is sent to the network card 200, and the network card 200 forwards the first packet to the next hop.
虚拟网关100可以从对数据流的首包的转发过程,学习处理逻辑,并向网卡200下发该处理逻辑,如此网卡200可以根据处理逻辑,更新流表。其中,网卡200可以根据处理逻辑更新网关流表(用于实现网关服务的流表)。The virtual gateway 100 can learn the processing logic from the forwarding process of the first packet of the data flow, and deliver the processing logic to the network card 200, so that the network card 200 can update the flow table according to the processing logic. Among them, the network card 200 can update the gateway flow table (the flow table used to implement gateway services) according to the processing logic.
在本实施例中,网关卸载通道为虚拟网关100和网卡200之间的、用于卸载虚拟网关100的计算资源的通道。虚拟网关100和网卡200具有物理功能(physical function,pf),每个物理功能可以扩展出虚拟功能(virtual function,vf),其中,每个vf通常是附属于一个pf。本实施例中的网关卸载通道可以是基于虚拟网关100的vf和网卡200的vf形成的通道。在本申请实施例其他可能的实现方式中,网关卸载通道也可以复用其他已有的通道,本实施例对此不作限制。In this embodiment, the gateway offload channel is a channel between the virtual gateway 100 and the network card 200 for offloading the computing resources of the virtual gateway 100 . The virtual gateway 100 and the network card 200 have physical functions (physical functions, pf), and each physical function can be extended to a virtual function (virtual function, vf). Each vf is usually attached to a pf. The gateway offloading channel in this embodiment may be a channel formed based on the vf of the virtual gateway 100 and the vf of the network card 200. In other possible implementations of the embodiment of this application, the gateway offloading channel can also reuse other existing channels, which is not limited in this embodiment.
需要说明的是,由于虚拟网关100部署在虚拟机中,虚拟网关100还可以学习下行(receive,RX)流表和上行(Transmit,TX)流表,并将RX流表和TX流表通过虚机卸载通道下发至网卡200。如此,网卡200可以根据该RX流表和TX流表对数据包进行处理,减少网卡200和虚拟交换机之间的开销。It should be noted that since the virtual gateway 100 is deployed in a virtual machine, the virtual gateway 100 can also learn the downstream (receive, RX) flow table and the upstream (transmit, TX) flow table, and pass the RX flow table and TX flow table through the virtual machine. The machine offload channel is delivered to the network card 200. In this way, the network card 200 can process the data packet according to the RX flow table and the TX flow table, thereby reducing the overhead between the network card 200 and the virtual switch.
第三步,当后续的数据包(如数据流的非首包)到达网卡200时,网卡200查询流表,并根据流表中的Action对数据包进行修改,修改完成之后,直接从网卡200将修改后的数 据包发送出去。In the third step, when subsequent data packets (such as the non-first packet of the data flow) arrive at the network card 200, the network card 200 queries the flow table and modifies the data packet according to the Action in the flow table. After the modification is completed, the network card 200 directly Send the modified data packet.
如图5所示,数据流的非首包在到达网卡200时,网卡200无需上报该数据包,而是直接根据该数据包的元信息查询流表,例如是查询RX流表/TX流表,以及相应虚拟网关100的网关流表,获得处理逻辑。该处理逻辑包括动作(Action)指示时,网卡200可以根据该Action对数据包进行修改,并直接向外发送修改后的数据包。As shown in Figure 5, when the non-first packet of the data flow reaches the network card 200, the network card 200 does not need to report the data packet, but directly queries the flow table based on the meta-information of the data packet, for example, querying the RX flow table/TX flow table , and the gateway flow table of the corresponding virtual gateway 100 to obtain the processing logic. When the processing logic includes an action (Action) instruction, the network card 200 can modify the data packet according to the Action and directly send the modified data packet outward.
第四步:响应于用户删除购买的网关服务的请求,虚拟机中的虚拟网关100通过卸载引擎下发删除指令给网卡200,网卡200根据删除指令删除算子和流表。Step 4: In response to the user's request to delete the purchased gateway service, the virtual gateway 100 in the virtual machine issues a deletion instruction to the network card 200 through the offloading engine, and the network card 200 deletes the operator and flow table according to the deletion instruction.
具体地,网卡200接收到删除指令时,可以根据流表项中的计数器确定当前处理的数据包是否为最后一个数据包,若是,则在数据流的数据包全部转发完成后,删除对应的算子和流表。Specifically, when the network card 200 receives the delete instruction, it can determine whether the currently processed data packet is the last data packet according to the counter in the flow table entry. If so, after all the data packets of the data flow are forwarded, the corresponding calculated data packet is deleted. sub and flow tables.
需要说明的是,网卡200可以通过计数器识别最后一个数据包,并在最后一个数据包完成转发后,删除对应的算子和流表仅仅是根据删除指令删除算子和流表的一种实现方式,在本申请实施例其他可能的实现方式中,网卡200也可以设置预期发送完成时间,并在预期发送完成时间到达后,删除对应的算子和流表。It should be noted that the network card 200 can identify the last data packet through the counter, and after the last data packet is forwarded, deleting the corresponding operator and flow table is only an implementation method of deleting the operator and flow table according to the deletion instruction. , In other possible implementations of the embodiment of this application, the network card 200 can also set the expected transmission completion time, and delete the corresponding operator and flow table after the expected transmission completion time arrives.
基于上述内容描述,本申请实施例提供了一种数据转发方法。一方面,该方法通过从数据流的一些数据包如首包中学习处理逻辑,并将处理逻辑下发至网卡200,实现将虚拟网关100消耗的部分计算资源卸载至网卡200,节省网关服务的CPU资源占用和功耗,通过网卡硬件转发达到超过网关软件转发的性能。另一方面,由于网卡200具有更高的单流转发能力,能够解决CPU单核能力有限,导致无法应对大象流(通过网络链路进行的、传输大量数据的连续流,例如数据迁移产生的数据流)的问题。此外,在该方法中,非首包报文可以直接由网卡200进行转发,无需软件处理,极大地减少了虚拟化层的开销。Based on the above description, embodiments of the present application provide a data forwarding method. On the one hand, this method learns processing logic from some data packets of the data flow, such as the first packet, and delivers the processing logic to the network card 200, thereby offloading part of the computing resources consumed by the virtual gateway 100 to the network card 200, saving the cost of gateway services. CPU resource occupation and power consumption, through network card hardware forwarding, can achieve performance that exceeds gateway software forwarding. On the other hand, since the network card 200 has a higher single-stream forwarding capability, it can solve the problem of limited CPU single-core capabilities, resulting in the inability to cope with elephant flows (continuous flows that transmit large amounts of data through network links, such as those generated by data migration). data flow) problem. In addition, in this method, non-first packets can be forwarded directly by the network card 200 without software processing, which greatly reduces the overhead of the virtualization layer.
基于本申请实施例提供的数据转发方法,本申请实施例还提供了一种如前述的计算设备10。下面将结合附图对本申请实施例提供的计算设备10进行介绍。Based on the data forwarding method provided by the embodiment of the present application, the embodiment of the present application also provides a computing device 10 as described above. The computing device 10 provided by the embodiment of the present application will be introduced below with reference to the accompanying drawings.
参见图1或图2所示的计算设备10的结构示意图,该计算设备10包括虚拟网关100和网卡200;Referring to the schematic structural diagram of the computing device 10 shown in Figure 1 or Figure 2, the computing device 10 includes a virtual gateway 100 and a network card 200;
虚拟网关100,用于向网卡200提供数据流的转发表;The virtual gateway 100 is used to provide a forwarding table of data flows to the network card 200;
网卡200,用于使用转发表确定数据流中第N个数据包的转发路径,基于所述第N个数据包的转发路径,转发所述第N个数据包。The network card 200 is configured to use the forwarding table to determine the forwarding path of the Nth data packet in the data flow, and forward the Nth data packet based on the forwarding path of the Nth data packet.
在一些可能的实现方式中,虚拟网关100还用于:In some possible implementations, the virtual gateway 100 is also used for:
基于所述数据流中的第一个数据包确定所述转发路径。The forwarding path is determined based on the first data packet in the data flow.
在一些可能的实现方式中,所述网卡200具体用于:In some possible implementations, the network card 200 is specifically used for:
对所述第N个数据包做处理,转发处理后的所述第N个数据包。Process the Nth data packet and forward the processed Nth data packet.
在一些可能的实现方式中,所述网卡200具体用于:In some possible implementations, the network card 200 is specifically used for:
修改所述第N个数据包的源地址;或者,Modify the source address of the Nth data packet; or,
按照所述转发路径的目的地址,更新所述第N个数据包的目的地址。The destination address of the Nth data packet is updated according to the destination address of the forwarding path.
在一些可能的实现方式中,所述网卡200具体用于:In some possible implementations, the network card 200 is specifically used for:
所述网卡通过卸载通道接收所述虚拟网关提供的数据流的转发表。The network card receives the forwarding table of the data flow provided by the virtual gateway through an offload channel.
在一些可能的实现方式中,所述网卡200还用于:In some possible implementations, the network card 200 is also used for:
删除所述数据流的转发表。Delete the forwarding table for the data flow.
在一些可能的实现方式中,所述虚拟网关100还用于:In some possible implementations, the virtual gateway 100 is also used to:
指示所述网卡删除所述数据流的转发表。Instruct the network card to delete the forwarding table of the data flow.
在一些可能的实现方式中,所述转发表包括源地址、目的地址和下一跳地址。In some possible implementations, the forwarding table includes a source address, a destination address, and a next hop address.
在一些可能的实现方式中,所述网卡200具体用于:In some possible implementations, the network card 200 is specifically used for:
根据所述第N个数据包的元信息查询所述转发表,获得所述数据流中第N个数据包的转发路径。Query the forwarding table according to the meta-information of the Nth data packet to obtain the forwarding path of the Nth data packet in the data flow.
根据本申请实施例的计算设备10可对应于执行本申请实施例中描述的方法,并且计算设备10的各个组成部分(如虚拟网关100或网卡200)的上述和其它操作和/或功能分别为了实现图3、图4所示实施例中的各个方法的相应流程,为了简洁,在此不再赘述。The computing device 10 according to the embodiment of the present application may correspond to performing the method described in the embodiment of the present application, and the above and other operations and/or functions of various components of the computing device 10 (such as the virtual gateway 100 or the network card 200) are respectively for The corresponding processes for implementing each method in the embodiments shown in Figures 3 and 4 will not be described again for the sake of simplicity.
本申请实施例还提供一种网卡200。该网卡200可以是智能网卡,用于基于虚拟网关100提供的处理逻辑,处理数据流中的数据包。该网卡200可以用于执行如图1或2所示的计算设备10中由网卡200执行的方法步骤。An embodiment of the present application also provides a network card 200. The network card 200 may be a smart network card, and is used to process data packets in the data flow based on the processing logic provided by the virtual gateway 100 . The network card 200 may be used to perform the method steps performed by the network card 200 in the computing device 10 as shown in FIG. 1 or 2 .
图6提供了一种网卡200的结构示意图,如图6所示,网卡200包括总线601、处理器602、通信接口603和存储器604。处理器602、存储器604和通信接口603之间通过总线601通信。Figure 6 provides a schematic structural diagram of a network card 200. As shown in Figure 6, the network card 200 includes a bus 601, a processor 602, a communication interface 603 and a memory 604. The processor 602, the memory 604 and the communication interface 603 communicate through the bus 601.
总线601可以是外设部件互连标准(peripheral component interconnect,PCI)总线或扩展工业标准结构(extended industry standard architecture,EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图6中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The bus 601 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc. The bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one thick line is used in Figure 6, but it does not mean that there is only one bus or one type of bus.
处理器602可以为中央处理器(central processing unit,CPU)、图形处理器(graphics processing unit,GPU)、微处理器(micro processor,MP)或者数字信号处理器(digital signal processor,DSP)等处理器中的任意一种或多种。The processor 602 can be a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor (MP) or a digital signal processor (DSP). any one or more of them.
通信接口603用于与外部通信。例如,通信接口603用于接收虚拟网关100提供的数据流的转发表,或者基于第N个数据包的转发路径,转发第N个数据包等等。The communication interface 603 is used for communicating with the outside. For example, the communication interface 603 is used to receive the forwarding table of the data flow provided by the virtual gateway 100, or forward the Nth data packet based on the forwarding path of the Nth data packet, and so on.
存储器604可以包括易失性存储器(volatile memory),例如随机存取存储器(random access memory,RAM)。存储器604还可以包括非易失性存储器(non-volatile memory),例如只读存储器(read-only memory,ROM),快闪存储器,硬盘驱动器(hard disk drive,HDD)或固态驱动器(solid state drive,SSD)。Memory 604 may include volatile memory, such as random access memory (RAM). Memory 604 may also include non-volatile memory (non-volatile memory), such as read-only memory (ROM), flash memory, hard disk drive (HDD) or solid state drive (solid state drive) , SSD).
存储器604中存储有计算机可读指令,处理器602执行该计算机可读指令,以使得网卡200执行前述数据转发方法中由网卡200执行的步骤(或实现前述网卡200的功能)。Computer readable instructions are stored in the memory 604, and the processor 602 executes the computer readable instructions, so that the network card 200 performs the steps performed by the network card 200 in the aforementioned data forwarding method (or implements the functions of the aforementioned network card 200).
本申请实施例还提供了一种计算机可读存储介质。所述计算机可读存储介质可以是计算设备能够存储的任何可用介质或者是包含一个或多个可用介质的数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘)等。该计算机可读存储介质包括指令,所述指令指示计算设备10执行上述数据转发方法。An embodiment of the present application also provides a computer-readable storage medium. The computer-readable storage medium may be any available medium that a computing device can store or a data storage device such as a data center that contains one or more available media. The available media may be magnetic media (eg, floppy disk, hard disk, tape), optical media (eg, DVD), or semiconductor media (eg, solid state drive), etc. The computer-readable storage medium includes instructions that instruct the computing device 10 to perform the above-described data forwarding method.
本申请实施例还提供了一种计算机程序产品。所述计算机程序产品包括一个或多个计算机指令。在计算设备10上加载和执行所述计算机指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算设备或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算设备或数据中心进行传输。所述计算机程序产品可以为一个软件安装包,在需要使用前述数据转发方法的任一方法的情况下,可以下载该计算机程序产品并在计算设备上执行该计算机程序产品。An embodiment of the present application also provides a computer program product. The computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on the computing device 10, the processes or functions described in accordance with the embodiments of the present application are generated in whole or in part. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, e.g., the computer instructions may be transmitted from a website, computing device, or data center to Transmission to another website site, computing device or data center by wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) means. The computer program product may be a software installation package. If it is necessary to use any of the foregoing data forwarding methods, the computer program product may be downloaded and executed on the computing device.
上述各个附图对应的流程或结构的描述各有侧重,某个流程或结构中没有详述的部分,可以参见其他流程或结构的相关描述。The descriptions of the processes or structures corresponding to each of the above drawings have different emphasis. For parts that are not described in detail in a certain process or structure, please refer to the relevant descriptions of other processes or structures.

Claims (13)

  1. 一种数据转发方法,其特征在于,应用于具有网卡的计算设备,所述计算设备部署所述虚拟网关的实例;所述方法包括:A data forwarding method, characterized in that it is applied to a computing device with a network card, and the computing device deploys an instance of the virtual gateway; the method includes:
    所述网卡接收所述虚拟网关提供的数据流的转发表;The network card receives the forwarding table of the data flow provided by the virtual gateway;
    所述网卡使用所述转发表确定所述数据流中第N个数据包的转发路径,所述N大于1;The network card uses the forwarding table to determine the forwarding path of the Nth data packet in the data flow, where N is greater than 1;
    所述网卡基于所述第N个数据包的转发路径,转发所述第N个数据包。The network card forwards the Nth data packet based on the forwarding path of the Nth data packet.
  2. 根据权利要求1所述的方法,其特征在于,所述方法包括:The method according to claim 1, characterized in that the method includes:
    所述虚拟网关基于所述数据流中的第一个数据包确定所述转发路径。The virtual gateway determines the forwarding path based on the first data packet in the data flow.
  3. 根据权利要求1或者2所述的方法,其特征在于,所述转发所述第N个数据包,包括:The method according to claim 1 or 2, characterized in that forwarding the Nth data packet includes:
    对所述第N个数据包做处理,转发处理后的所述第N个数据包。Process the Nth data packet and forward the processed Nth data packet.
  4. 根据权利要求3所述的方法,其特征在于,所述对所述第N个数据包做处理,包括:The method according to claim 3, characterized in that the processing of the Nth data packet includes:
    修改所述第N个数据包的源地址;或者,Modify the source address of the Nth data packet; or,
    按照所述转发路径的目的地址,更新所述第N个数据包的目的地址。The destination address of the Nth data packet is updated according to the destination address of the forwarding path.
  5. 根据权利要求1至4任一项所述的方法,其特征在于,所述网卡接收所述虚拟网关提供的数据流的转发表,包括:The method according to any one of claims 1 to 4, characterized in that the network card receives the forwarding table of the data flow provided by the virtual gateway, including:
    所述网卡通过卸载通道接收所述虚拟网关提供的数据流的转发表。The network card receives the forwarding table of the data flow provided by the virtual gateway through an offload channel.
  6. 根据权利要求1至5任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 5, characterized in that the method further includes:
    所述网卡删除所述数据流的转发表。The network card deletes the forwarding table of the data flow.
  7. 根据权利要求6所述的方法,其特征在于,所述方法还包括:The method of claim 6, further comprising:
    所述虚拟网关指示所述网卡删除所述数据流的转发表。The virtual gateway instructs the network card to delete the forwarding table of the data flow.
  8. 根据权利要求1至7任一项所述的方法,其特征在于,所述转发表包括源地址、目的地址和下一跳地址。The method according to any one of claims 1 to 7, characterized in that the forwarding table includes a source address, a destination address and a next hop address.
  9. 根据权利要求1至8任一项所述的方法,其特征在于,所述网卡使用所述转发表确定所述数据流中第N个数据包的转发路径,包括:The method according to any one of claims 1 to 8, characterized in that the network card uses the forwarding table to determine the forwarding path of the Nth data packet in the data flow, including:
    所述网卡根据所述第N个数据包的元信息查询所述转发表,获得所述数据流中第N个数据包的转发路径。The network card queries the forwarding table according to the meta-information of the Nth data packet to obtain the forwarding path of the Nth data packet in the data flow.
  10. 一种计算设备,其特征在于,所述计算设备具有网卡,所述计算设备部署所述虚拟网关的实例;所述网卡,用于接收所述虚拟网关提供的数据流的转发表,使用所述转发表确定所述数据流中第N个数据包的转发路径,基于所述第N个数据包的转发路径转发所述第N个数据包,所述N大于1。A computing device, characterized in that the computing device has a network card, the computing device deploys an instance of the virtual gateway; the network card is used to receive a forwarding table of a data flow provided by the virtual gateway, using the The forwarding table determines the forwarding path of the Nth data packet in the data flow, and forwards the Nth data packet based on the forwarding path of the Nth data packet, where N is greater than 1.
  11. 一种网卡,其特征在于,所述网卡具有处理器和存储器;A network card, characterized in that the network card has a processor and a memory;
    所述处理器执行所述存储器的计算机程序,使得所述网卡执行权利要求1至9任一项所述的方法。The processor executes the computer program of the memory, so that the network card executes the method described in any one of claims 1 to 9.
  12. 一种计算机可读存储介质,其特征在于,包括计算机可读指令;所述计算机可读指令用于实现权利要求1至9中任一项所述的方法。A computer-readable storage medium, characterized by comprising computer-readable instructions; the computer-readable instructions are used to implement the method described in any one of claims 1 to 9.
  13. 一种计算机程序产品,其特征在于,包括计算机可读指令;所述计算机可读指令用于实现权利要求1至9中任一项所述的方法。A computer program product, characterized by comprising computer readable instructions; the computer readable instructions are used to implement the method according to any one of claims 1 to 9.
PCT/CN2022/130454 2022-04-06 2022-11-08 Data forwarding method and related device WO2023193432A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210356338.5 2022-04-06
CN202210356338.5A CN116938829A (en) 2022-04-06 2022-04-06 Data forwarding method and related equipment

Publications (1)

Publication Number Publication Date
WO2023193432A1 true WO2023193432A1 (en) 2023-10-12

Family

ID=88244016

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/130454 WO2023193432A1 (en) 2022-04-06 2022-11-08 Data forwarding method and related device

Country Status (2)

Country Link
CN (1) CN116938829A (en)
WO (1) WO2023193432A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118282946B (en) * 2024-06-03 2024-08-23 珠海星云智联科技有限公司 L2 forwarding table, L2 message forwarding method, computer equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016188240A1 (en) * 2016-01-07 2016-12-01 中兴通讯股份有限公司 Method and device for configuring multiple network cards
CN110830594A (en) * 2019-12-06 2020-02-21 广州微算互联信息技术有限公司 Method, system, device and storage medium for expanding IP address of cloud mobile phone
CN113098774A (en) * 2021-03-25 2021-07-09 北京金山云网络技术有限公司 Message forwarding method and device
CN113285892A (en) * 2020-02-20 2021-08-20 华为技术有限公司 Message processing system, message processing method, machine-readable storage medium, and program product
CN114257545A (en) * 2021-12-09 2022-03-29 北京奇艺世纪科技有限公司 Message forwarding method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016188240A1 (en) * 2016-01-07 2016-12-01 中兴通讯股份有限公司 Method and device for configuring multiple network cards
CN110830594A (en) * 2019-12-06 2020-02-21 广州微算互联信息技术有限公司 Method, system, device and storage medium for expanding IP address of cloud mobile phone
CN113285892A (en) * 2020-02-20 2021-08-20 华为技术有限公司 Message processing system, message processing method, machine-readable storage medium, and program product
CN113098774A (en) * 2021-03-25 2021-07-09 北京金山云网络技术有限公司 Message forwarding method and device
CN114257545A (en) * 2021-12-09 2022-03-29 北京奇艺世纪科技有限公司 Message forwarding method and device

Also Published As

Publication number Publication date
CN116938829A (en) 2023-10-24

Similar Documents

Publication Publication Date Title
US8913613B2 (en) Method and system for classification and management of inter-blade network traffic in a blade server
US11522734B2 (en) Method for controlling a remote service access path and relevant device
US9647954B2 (en) Method and system for optimizing a network by independently scaling control segments and data flow
US5918021A (en) System and method for dynamic distribution of data packets through multiple channels
WO2020151030A1 (en) Method and apparatus for processing data message
US20120207156A1 (en) Method and system for routing network traffic for a blade server
Wang et al. Implementation of multipath network virtualization with SDN and NFV
WO2021135468A1 (en) Segment identifier determining method and device
WO2021043216A1 (en) Segment routing method and apparatus
US9014219B2 (en) Link aggregation (LAG) information exchange protocol
JP2005316629A (en) Network protocol processing device
US20210051211A1 (en) Method and system for image pulling
WO2022148363A1 (en) Data transmission method and data transmission server
WO2021098425A1 (en) Qos policy method, device, and computing device for service configuration
WO2023193432A1 (en) Data forwarding method and related device
CN113965521B (en) Data packet transmission method, server and storage medium
CN113726636B (en) Data forwarding method and system of software forwarding device and electronic device
Jain et al. Evolving to 6G: Improving the Cellular Core to lower control and data plane latency
CN109120556B (en) A kind of method and system of cloud host access object storage server
WO2021210666A1 (en) User data processing device, network interface, method, and computer-readable medium
WO2023186109A1 (en) Node access method and data transmission system
US8832266B2 (en) System and method for aggregating bandwidth of multiple active physical interfaces on application layer
JP2012124871A (en) Congestion control program, information processing apparatus, and congestion control method
WO2023143579A1 (en) Flow table entry control method and apparatus
JP6677052B2 (en) Communication management device, communication management method and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22936360

Country of ref document: EP

Kind code of ref document: A1