CN107483538B - Method and device for processing access request packet on node of micro-service cluster - Google Patents

Method and device for processing access request packet on node of micro-service cluster Download PDF

Info

Publication number
CN107483538B
CN107483538B CN201710547119.4A CN201710547119A CN107483538B CN 107483538 B CN107483538 B CN 107483538B CN 201710547119 A CN201710547119 A CN 201710547119A CN 107483538 B CN107483538 B CN 107483538B
Authority
CN
China
Prior art keywords
service port
access request
request packet
port identifier
target service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710547119.4A
Other languages
Chinese (zh)
Other versions
CN107483538A (en
Inventor
张海龙
吴连朋
夏章抓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Hisense Media Network Technology Co Ltd
Original Assignee
Qingdao Hisense Media Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Hisense Media Network Technology Co Ltd filed Critical Qingdao Hisense Media Network Technology Co Ltd
Priority to CN201710547119.4A priority Critical patent/CN107483538B/en
Publication of CN107483538A publication Critical patent/CN107483538A/en
Application granted granted Critical
Publication of CN107483538B publication Critical patent/CN107483538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content

Abstract

The embodiment of the invention relates to the technical field of communication, in particular to a method and a device for processing an access request packet on a node of a micro-service cluster, which are used for improving the access performance of services in the micro-service cluster under the condition of not increasing hardware cost. In the embodiment of the invention, an access request packet sent by an intranet client is received, and the intranet client is the same as a subnet mask of a node; determining a target service port identifier according to the virtual service port identifier carried in the access request packet, and updating the virtual service port identifier carried in the access request packet by using the target service port identifier; and sending the updated access request packet to the target service port identified by the target service port identification. Therefore, the embodiment of the invention does not need the cluster entrance agent to forward the access request packet of the intranet client, thereby improving the access performance of the service in the micro-service cluster under the condition of not increasing the hardware cost.

Description

Method and device for processing access request packet on node of micro-service cluster
Technical Field
The embodiment of the invention relates to the technical field of cloud computing, in particular to a method and a device for processing an access request packet on a node of a micro-service cluster.
Background
In the process of migrating a traditional service application to a cloud computing micro-service cluster, because a production environment has already deployed a lot of service applications, it is difficult to migrate the whole production environment into the cloud computing micro-service cluster at a time, and a part of the service applications cannot be migrated into the cluster due to self reasons and exist outside the cluster. Because the internal and external networks of the microservice cluster are isolated from each other for the security of the microservice cluster, clients outside the microservice cluster cannot directly access the service in the cluster. The client outside the microservice cluster comprises an intranet client and an extranet client; the extranet client refers to a client which is not in the same network with the micro-service cluster and is outside the cluster; an intranet client refers to a client that is clustered with the microservice within one network and outside the cluster.
In the prior art, when a client outside a micro-service cluster accesses a service in the cluster, both an intranet client and an extranet client serve as a cluster entry proxy through open source proxy software such as Nginx, HAProxy and the like, that is, the cluster entry proxy needs to forward all requests sent by the intranet client and the extranet client, and this mode of forwarding in a centralized manner through the cluster entry proxy is easily a system bottleneck, for example, the cluster entry proxy has too high load, which causes the system performance of the whole product to be reduced, and affects the access of the service in the whole micro-service cluster. In order to solve the system bottleneck, redundancy deployment needs to be performed on the cluster entry agent in the prior art, and a layer of load balancing equipment is added in front of the cluster entry agent, so that the network complexity and the hardware cost are increased.
Therefore, a method for processing an access request packet at a node of a micro service cluster is needed to improve the access performance of a service in the micro service cluster without increasing the hardware cost.
Disclosure of Invention
The embodiment of the invention provides a method and a device for processing an access request packet on a node of a micro-service cluster, which can improve the access performance of services in the micro-service cluster under the condition of not increasing the hardware cost.
The embodiment of the invention provides a method for processing an access request packet on a node of a micro-service cluster, which comprises the following steps: receiving an access request packet sent by an intranet client, wherein the intranet client is the same as the subnet mask of the node; determining a target service port identifier according to the virtual service port identifier carried in the access request packet, and updating the virtual service port identifier carried in the access request packet by using the target service port identifier; and sending the updated access request packet to the target service port identified by the target service port identification.
The embodiment of the invention provides a device for processing an access request packet on a node of a micro-service cluster, which comprises a forwarding module; the forwarding module includes: the receiving unit is used for receiving an access request packet sent by the intranet client; the intranet client is the same as the subnet mask of the node; the processing unit is used for determining a target service port identifier according to the virtual service port identifier carried in the access request packet and updating the virtual service port identifier carried in the access request packet by using the target service port identifier; and the sending unit is used for sending the updated access request packet to the target service port identified by the target service port identification.
In the embodiment of the invention, as the access request packet sent by the intranet client is received, the subnet mask of the intranet client is the same as that of the node; determining a target service port identifier according to the virtual service port identifier carried in the access request packet, and updating the virtual service port identifier carried in the access request packet by using the target service port identifier; and sending the updated access request packet to the target service port identified by the target service port identification. The method provided by the embodiment of the invention does not receive the access request packet of the intranet client through the cluster entrance agent in the prior art, so that the load of forwarding the access request by the cluster entrance agent can be reduced. Thus, the access performance of the service in the micro-service cluster can be improved under the condition of not increasing the hardware cost.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that are required to be used in the description of the embodiments will be briefly described below.
Fig. 1 is a schematic diagram of a system architecture for accessing a service in a microservice cluster according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for processing an access request packet at a node of a micro service cluster according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating another method for processing an access request packet at a first node of a microservice cluster according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus for processing an access request packet on a node of a microservice cluster according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments.
Fig. 1 is a schematic diagram illustrating a system architecture for accessing a service in a microservice cluster, to which an embodiment of the present invention is applicable.
The system architecture for accessing the service in the micro-service cluster in the embodiment of the invention comprises the micro-service cluster, an internal network client and an external network client, wherein the micro-service cluster comprises at least one node for processing an access request packet outside the cluster. As shown in fig. 1, the micro-service intra-cluster service access system architecture 100 includes: registry 110, cluster entry agent 120, node 130, node 140, node 150 in the microservice cluster, intranet client 160 outside the microservice cluster, and extranet client 170. Wherein, the node 130 includes a server instance 131, a forwarding module 132 and an access-end bridge 133; node 140 includes server instance 141, forwarding module 142, and access-side bridge 143; node 150 includes server instance 151, forwarding module 152, and access-side bridge 153.
In the embodiment of the invention, the nodes in the micro service cluster are in the same subnet, the subnet in which the nodes in the micro service cluster are positioned is called an internal network, and all subnets except the subnet in which the nodes are positioned are called external networks. The registry 110, cluster entry agent 120, node 130, node 140, node 150 in the microservice cluster, and intranet client 160 outside the microservice cluster are in the intranet, and extranet client 170 is in the extranet. Since the extranet and intranet are separated, extranet clients 170 on the extranet need to access the server instances in the microservice cluster through the cluster portal agent 120, and intranet clients outside the microservice cluster on the intranet cannot directly access the server instances in the microservice cluster.
In the micro-service intra-cluster service access system architecture 100, the connection relationship of each network device is as follows: registry 110 connects node 130, node 140, and node 150. Optionally, in one aspect, registry 110 connects server instance 131 in node 130, server instance 141 in node 140, and server instance 151 in node 150. The registry 110 maintains a server instance list and a node list corresponding to each server instance by receiving a registration request and a heartbeat request initiated by the server instance 131, the server instance 141 and the server instance 151, and allocates a virtual service port to the server instance running on each node; one virtual service port corresponds to M server instances, where M is a natural number. Each node comprises at least one real service port; a real service port is connected with N server instances, wherein N is a natural number. On the other hand, the registry 110 connects the access bridge 133 in the node 130, the access bridge 143 in the node 140, and the access bridge 153 in the node 150. The access-side bridge 133, the access-side bridge 143, and the access-side bridge 153 periodically obtain the virtual service port identifier corresponding to each server instance and the real service port identifier corresponding to each server instance from the registry, and for each node among the node 130, the node 140, and the node 150, the access-side bridge on the node updates the first mapping relationship between the real service port identifier and the virtual service port identifier on the node in real time according to the obtained mapping relationship between the virtual service port identifier and the server instance and the mapping relationship between the real service port identifier and the server instance.
The cluster entry proxy 120, on the one hand, connects to the extranet client 170 in the extranet, and receives the second access request packet sent by the extranet client 170. On the other hand, cluster entry agent 120 connects node 130, node 140, and node 150 within the microservice cluster. Optionally, cluster portal agent 120 connects server instance 131 in node 130, server instance 141 in node 140, and server instance 151 in node 150, respectively. The cluster entry agent 120 forwards the received second access request packet to the server instance within the microservice cluster for processing by the server instance.
Intranet client 160 connects node 130, node 140, and node 150; optionally, intranet client 160 is connected to forwarding module 132 in node 130, forwarding module 142 in node 140, and forwarding module 152 in node 150, respectively. The intranet client 160 sends the first access request packet to the forwarding module on each node, and for each node in the nodes 130, 140 and 150, after receiving the access request, the forwarding module on the node sends the access request to the server instance on the node, and the access request is processed by the server instance.
Fig. 2 is a schematic flowchart illustrating a method for processing an access request packet at a node of a microservice cluster according to an embodiment of the present invention.
Based on the system architecture shown in fig. 1, as shown in fig. 2, a method for processing an access request packet on a node of a microservice cluster according to an embodiment of the present invention includes the following steps:
step 201: receiving an access request packet sent by an intranet client; the intranet client is the same as the subnet mask of the node;
step 202: determining a target service port identifier according to the virtual service port identifier carried in the access request packet, and updating the virtual service port identifier carried in the access request packet by using the target service port identifier;
step 203: and sending the updated access request packet to the target service port identified by the target service port identification.
In the embodiment of the invention, the nodes in the micro service cluster are in the same subnet, the subnet in which the nodes in the micro service cluster are positioned is called an internal network, and all subnets except the subnet in which the nodes are positioned are called external networks. In step 201, the intranet client is a client in the same subnet as the node.
In step 202, there are various ways to update the virtual service port identifier carried in the access request packet. An optional updating method provided in the embodiments of the present invention is to delete a virtual service port identifier in an access request packet, and then add a target service port identifier. The embodiment of the invention also provides an optional updating mode, which is to directly replace the virtual service port identifier with the target service port at the position of the virtual service port identifier.
In the embodiment of the invention, as the access request packet sent by the intranet client is received, the subnet masks of the intranet client and the nodes are the same; determining a target service port identifier according to the virtual service port identifier carried in the access request packet, and updating the virtual service port identifier carried in the access request packet by using the target service port identifier; and sending the updated access request packet to the target service port identified by the target service port identification. The method provided by the embodiment of the invention does not receive the access request packet of the intranet client through the cluster entrance agent in the prior art, so that the load of forwarding the access request by the cluster entrance agent can be reduced. Thus, the access performance of the service in the micro-service cluster can be improved under the condition of not increasing the hardware cost.
In the embodiment of the invention, the nodes in the micro-service cluster process the access request packet sent by the intranet client and also process the access request packet sent by the extranet client. And the external network client is a client which is not in the same subnet as the node. In order to distinguish the access request packets sent by the intranet client and the extranet client, in the embodiment of the present invention, the access request packet sent by the intranet client is referred to as a first access request packet, and the access request packet sent by the extranet client is referred to as a second access request packet. The "first" and "second" are only used to distinguish the access request packets sent by the two types of clients, and are not limited in number.
In a specific embodiment, the extranet client forwards the second access request packet to the node in the micro service cluster through the cluster entry proxy, and a method for processing the second access request packet by the node in the micro service cluster is the same as that in the prior art, and is not described herein again. The following mainly describes how the nodes in the microservice cluster process the first access request packet sent by the intranet client.
In an optional implementation manner, the updating, by the target service port identifier, the virtual service port identifier carried in the first access request packet includes: after receiving a first access request packet transmitted by a transport layer protocol, searching the position of a virtual service port identifier in the first access request packet; and after the virtual service port identification is deleted at the position, adding a target service port identification. Therefore, the embodiment of the present invention provides a specific manner for the target service port identifier in the updated first access request packet, which is convenient for the forwarding module to process the updated first access request according to the updated first access request.
Optionally, for any one of the at least one node included in the micro service cluster, a forwarding module and a real service port are included on each node. One optional implementation is: the forwarding module may be a kernel-integrated IP packet filtering system (Iptables), and the scheme utilizes its forwarding function to process the first access request packet sent by the intranet client.
After receiving the first access request packet, the forwarding module (Iptables) processes the first access request packet according to the first mapping relationship stored in the forwarding module, for example, determines to which real service port the first access request is sent. The first mapping relation comprises a mapping relation of the virtual service port identification and the real service port identification.
In an optional implementation manner, determining a target service port identifier according to a virtual service port identifier carried in a first access request packet includes: matching the virtual service port identifier carried in the first access request packet with the virtual service port identifier contained in the first mapping relation; and when the virtual service port identifier carried in the first access request packet is successfully matched with the virtual service port identifier contained in the first mapping relation, jumping from the virtual service port identifier contained in the first mapping relation to a target service port identifier mapped with the virtual service port identifier. That is, the target service port identifier is the real service port mapped with the virtual service port identifier carried in the first access request packet in the first mapping relationship. And then, the forwarding module sends the updated first access request packet to a target service port identified by a target service port identification mapped by the virtual service port identification.
Those skilled in the art should understand that the cluster entry proxy in the prior art employs Nginx, HAProxy, etc., which mainly work on the network layer 7, and after receiving a data packet, the data packet needs to go through a load balancer, layer 4 processing, layer 7 processing, and then reaches a backend server. Therefore, the packet forwarding and processing efficiency in the prior art is low, and the requirements on resources such as a CPU, a memory, and an IO are high. In the embodiment of the invention, the first access request packet of the intranet client is directly forwarded by using the kernel module Iptables/Netfilter, the processing of any load balancer is not needed, and the number of processing links for direct forwarding is less, so that the embodiment of the invention has higher forwarding efficiency than the prior art in which the cluster entry agent is adopted to forward the first access request packet.
In a specific embodiment, the node includes at least one real service port, and each real service port has a preset identifier. After determining the target service port from the first mapping relationship, the forwarding module sends the updated first access request packet to the target service port identified by the target service port identifier, where an optional implementation manner is as follows: and the forwarding module sends the updated first access request packet to each real service port included on the node. Then, matching the preset identification of each real service port receiving the updated first access request packet with a target service port in the first access request packet, if the matching fails, the real service port is not the target service port, and discarding the updated first access request packet by the real service port; if the matching is successful, the real service port is the target service port, and the real service port continues to process the updated first access request. In an optional embodiment, the target service port receives the updated first access request packet; and when the target service port identifier carried in the updated first access request packet is successfully matched with the preset identifier of the target service port, sending the request data in the updated first access request packet to a server instance with the same subnet mask as the target service port, wherein the subnet mask of the server instance is different from that of the node.
In the embodiment of the invention, the micro service cluster further comprises at least one server instance which is the same as the subnet mask of the target service port. That is, sending the request data in the updated first access request packet to the server instance with the same subnet mask as the target service port includes at least the following two cases.
In the first case, there is only one server instance with the same subnet mask as the target service port, for example, the target service port identifier in the updated first access request packet is 32, and if one server instance with the same subnet mask as the target service port identifier of the target service port identifier 32 is server instance 3, the target service port receives the updated first access request packet with the target service port identifier of 32, and then sends the request data in the updated first access request packet to server instance 3.
In the second case, there are multiple server instances with the same subnet mask as the target service port, for example, the target service port identifier 51 in the updated first access request packet is, for example, if there are three server instances with the same subnet mask as the target service port identifier 51, the three server instances are: server instance 4, server instance 5, and server instance 6. When receiving the updated first access request packet including the target service port identifier 51, the target service port sends the updated first request to one of the server instance 4, the server instance 5, and the server instance 6, which is the same as the subnet mask of the target service port identifier 51. One optional transmission mode is: the target service port can send the request data in the updated first access request packet to the three server instances with the same subnet mask of the target service port according to a fixed sequence. For example, the target service port sends the request data in the first updated access request packet received to the server instance 4, sends the request data in the second updated first access request packet received to the server instance 5, sends the request data in the third updated first access request packet received to the server instance 6, and sends the request data in the fourth updated first access request packet received to the server instance 4, and so on.
In an alternative embodiment, the microservice cluster further comprises a registry, and each server instance in the microservice cluster automatically sends a registration request to the registry after being started. After the server instance is registered, a heartbeat request is sent to the registry periodically to inform the registry that the server instance is online (alive). The registration center maintains a node list, a server instance list and the like by receiving a registration request and a heartbeat request initiated by a server instance, and allocates a virtual service port for the server instance.
For example, in the first period, the micro service cluster includes 3 nodes, which are node a, node B, and node C, respectively. The node A comprises a server instance 1, a server instance 2 and a server instance 3, the node B comprises a server instance 4, the node C comprises a server instance 5 and a server instance 6, and the micro-service cluster comprises 6 server instances. In the actual operation process of the system, for example, in a second period, the registration center may not receive the heartbeat request of the server instance 2 of the node a for more than a preset time period, and the server instance 2 of the node a may fail, at which time the server instance 2 in the server instance list maintained by the registration center needs to be removed. It is also possible that the registry receives a registration request from the server instance 7 in the node B, indicating that the node B has added a server instance 7, and that the server instance 7 needs to be added to the server instance list maintained by the registry.
In the embodiment of the invention, after the registration center receives the registration message including the server instance in the micro-service cluster, the following information is dynamically updated in the registration center: and each node in the micro service cluster comprises a server instance list and a second mapping relation of the server instance and the virtual end service port identification.
Optionally, each node in the micro-service cluster further comprises an access-side bridge. In an alternative embodiment, the access-side bridge is an application that can implement the first mapping on the update forwarding module (Iptables). The method for accessing the service in the micro-service cluster provided by the embodiment of the invention further comprises the following steps: periodically receiving a second mapping relation updated in the registry; and updating the first mapping relation according to the updated second mapping relation. Therefore, the access end bridge deployed on each node can acquire the updated second mapping relationship from the registration center in time, and further update the first mapping relationship stored on the Iptables in time, so that the situation that a server instance corresponding to a correct target service port cannot be found to process a first access request packet sent by the intranet client due to dynamic changes (such as capacity reduction, capacity expansion, hanging-off and the like) of a server instance list in the micro-service cluster can be avoided.
For example, taking the micro service cluster including the node a as an example, the node a includes 5 real service ports, and the real service ports are respectively identified as a, b, c, d, and e. In the first cycle, node a includes server instance 1, server instance 2, and server instance 3. The registry allocates 20 identifiers of the virtual service ports to the server instances 1 and 2 and allocates 22 identifiers of the virtual service ports to the server instance 3. The first mapping relationship of the first cycle forwarding module is as follows: the virtual port identity 20 maps to the real service port a and the virtual port identity 22 maps to the real service port c. Processing the first access request packet according to the first mapping relationship stored by the forwarding module in the first cycle includes: and updating the virtual service port identifier 20 carried in the first access request packet into the real service port a.
In the second period, the node a expands a server instance 4, connects to the real service port id d, and the registry allocates a virtual service port id 31 to the server instance 4. In the second period, the access end bridge on the node a updates the first mapping relationship stored in the forwarding module, and adds the mapping relationship between the virtual service port identifier 31 and the real service port identifier d in the first mapping relationship. The updated first mapping relationship is: the virtual port id 20 maps to the real service port a, the virtual port id 22 maps to the real service port c, and the virtual service port id 31 maps to the real service port id d.
If the first mapping relationship on the second period node a is not updated, the following problems may occur: for example, the forwarding module receives a first access request packet carrying a virtual service port identifier 31 in the second cycle, but does not find a target service port, so that the node a cannot process the first access request packet. The scheme provided by the embodiment of the invention updates the first mapping relation in the second period, so that the problem that the first access request packet with the virtual service port identifier of 31 cannot be processed in time when being received can be avoided.
In order to more clearly describe the above method flow, the following examples are provided in the embodiments of the present invention.
Fig. 3 is a schematic flowchart illustrating another method for processing an access request packet at a first node of a micro service cluster according to an embodiment of the present invention, where the first node includes an access bridge, a target service port, a forwarding module, and the like based on the system architecture illustrated in fig. 1. As shown in fig. 3, another method for processing an access request packet at a first node of a microservice cluster according to an embodiment of the present invention includes the following steps:
step 301: the access end bridge periodically acquires a second mapping relation from the registration center;
step 302: the access end bridge compares whether the second mapping relation obtained in the current period is the same as the second mapping relation obtained in the previous period or not; if yes, go to step 303; if not, go to step 304;
step 303: the access end bridge does not update the first mapping relation stored in the forwarding module; thereafter, step 305 is performed;
step 304: the access end bridge updates the first mapping relation on the forwarding module according to the second mapping relation obtained in the current period; thereafter, step 305 is performed;
step 305: the forwarding module receives a first access request packet sent by an intranet client in the current period; the intranet client is the same as the subnet mask of the node;
step 306: the forwarding module matches the virtual service port identifier carried in the first access request packet with the virtual service port identifier contained in the first mapping relation; the first mapping relation comprises a mapping relation of virtual service port identification and real service port identification;
step 307: whether the virtual service port identification carried in the first access request packet is successfully matched with the virtual service port identification contained in the first mapping relation or not; if yes, go to step 308; if not, go to step 309;
step 308: jumping from the virtual service port identifier contained in the first mapping relation to a target service port identifier mapped with the virtual service port identifier; thereafter, step 310 is performed;
step 309: discarding the first access request packet; then, finishing;
step 310: the forwarding module sends the updated first access request packet to the target service port identified by the target service port identification;
step 311: the target service port receives the updated first access request packet;
step 312: the target service port determines that the target service port identification carried in the updated first access request packet is successfully matched with the preset identification of the target service port; if yes, go to step 313; if not, go to step 314;
step 313: the target service port sends the request data in the updated first access request packet to the server instance with the same subnet mask as the target service port; the subnet mask of the server instance is different from that of the node;
step 314: discarding the updated first access request packet; and then, the process is ended.
After step 314, if the intranet client does not receive the processing data of the first access request packet within the preset time length, the first access request packet is sent to the second node, the process of processing the first access request packet by the second node is the same as the process of processing the first node, and the second node is any node except the first node in the micro service cluster.
After the first node receives a first access request packet sent by an intranet client and a second access request packet sent by an extranet client, the main processing flow comprises the following two aspects: on one hand, the first node receives a first access request packet sent by the intranet client, processes the first access request packet through a server instance with the same subnet mask as the target service port to obtain first processing data, and then sends the first processing data to a forwarding module on the node and sends the first processing data to the intranet client through the forwarding module. On the other hand, after receiving the second access request packet forwarded by the cluster entry agent, the server instance on the first node processes the second access request packet to obtain second processing data, and then sends the second processing data to the cluster entry agent and the extranet client through the cluster entry agent.
On one hand, in the embodiment of the invention, because the nodes in the micro-service cluster receive the first access request packet sent by the intranet client, unlike the prior art that the access request packet of the intranet client is received by the cluster entry proxy, the load of forwarding the access request by the cluster entry proxy can be reduced; on the other hand, because the nodes in the microservice cluster process the first access request packet to obtain first processing data and send the first processing data to the intranet client, the processing data is not forwarded to the intranet client through the cluster entry proxy in the prior art, and thus the load of forwarding the processing data by the cluster entry proxy can be reduced; therefore, the embodiment of the invention does not need the cluster entrance agent to forward the first access request packet of the intranet client, and can improve the access performance of the service in the micro-service cluster under the condition of not increasing the hardware cost.
Based on the foregoing embodiments and the same concept, fig. 4 is a schematic structural diagram of an apparatus for processing an access request packet according to an embodiment of the present application.
As shown in fig. 4, the apparatus 400 may also be a chip or a circuit, such as a chip or a circuit that can be disposed on a node of a microservice cluster. The apparatus 400 may correspond to a node in the method described above, and may also correspond to any of 130, 140, and 150 in fig. 1 described above. The apparatus 400 may implement the steps performed by the terminal device in any one or any number of corresponding methods shown in fig. 2 above. The apparatus 400 may include a forwarding module 410. Wherein the forwarding module 410 comprises a receiving unit 411, a processing unit 412 and a sending unit 413. Optionally, the apparatus 400 may further include a target service port 520 and an access bridge 530.
The receiving unit is used for receiving an access request packet sent by the intranet client; the intranet client is the same as the subnet mask of the node; the processing unit is used for determining a target service port identifier according to the virtual service port identifier carried in the access request packet and updating the virtual service port identifier carried in the access request packet by using the target service port identifier; and the sending unit is used for sending the updated access request packet to the target service port identified by the target service port identification.
In the embodiment of the invention, as the access request packet sent by the intranet client is received, the subnet mask of the intranet client is the same as that of the node; determining a target service port identifier according to the virtual service port identifier carried in the access request packet, and updating the virtual service port identifier carried in the access request packet by using the target service port identifier; and sending the updated access request packet to the target service port identified by the target service port identification. The method provided by the embodiment of the invention does not receive the access request packet of the intranet client through the cluster entrance agent in the prior art, so that the load of forwarding the access request by the cluster entrance agent can be reduced. Thus, the access performance of the service in the micro-service cluster can be improved under the condition of not increasing the hardware cost.
Optionally, the processing unit is configured to match a virtual service port identifier carried in the access request packet with a virtual service port identifier included in a first mapping relationship; the first mapping relation comprises a mapping relation of virtual service port identification and real service port identification; and when the virtual service port identifier carried in the access request packet is successfully matched with the virtual service port identifier contained in the first mapping relation, jumping from the virtual service port identifier contained in the first mapping relation to a target service port identifier mapped with the virtual service port identifier.
Optionally, the node further includes a target service port, configured to receive the updated access request packet; and when the target service port identifier carried in the updated access request packet is successfully matched with the preset identifier of the target service port, sending request data in the updated access request packet to a server with the same subnet mask as the target service port, wherein the subnet mask of the server is different from that of the node.
Optionally, the processing unit is configured to search, after receiving the access request packet transmitted by using a transport layer protocol, a location of a virtual service port identifier from the access request packet; and after the virtual service port identification is deleted at the position, adding a target service port identification.
Optionally, the access-end bridge is configured to periodically receive a second mapping relationship updated in the registry; updating the first mapping relation according to the updated second mapping relation; the second mapping relationship comprises a mapping relationship between the virtual service port identification and the server instance.
For the concepts, explanations, details and other steps related to the technical solutions provided in the embodiments of the present application related to the apparatus, reference is made to the descriptions of the foregoing methods or other embodiments, which are not repeated herein.
It should be understood that the above division of the units is only a division of logical functions, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware or any combination thereof, and when the implementation is realized by a software program, all or part of the implementation may be realized in the form of a computer program product. The computer program product includes one or more instructions. The procedures or functions according to the embodiments of the invention are brought about in whole or in part when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The instructions may be stored in or transmitted from one computer storage medium to another, for example, instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. A computer storage medium may be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more available media. The usable medium may be a magnetic medium (e.g., a flexible Disk, a hard Disk, a magnetic tape, a magneto-optical Disk (MO), etc.), an optical medium (e.g., a CD, a DVD, a BD, an HVD, etc.), or a semiconductor medium (e.g., a ROM, an EPROM, an EEPROM, a nonvolatile memory (NAND FLASH), a Solid State Disk (SSD)), etc.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit and scope of the application. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present application and their equivalents, the present application is also intended to encompass such modifications and variations.

Claims (10)

1. A method of processing an access request packet at a node of a microservice cluster, comprising:
receiving a first access request packet sent by an intranet client through a forwarding module, and receiving a second access request packet from a cluster entry agent, wherein the second access request packet is sent to the cluster entry agent by an extranet client, the intranet client and the node have the same subnet mask, and the extranet client and the node have different subnet masks; the forwarding module is an IP information packet filtering system integrated with a kernel;
determining a target service port identifier according to the virtual service port identifier carried in the first access request packet and a first mapping relation, and updating the virtual service port identifier carried in the first access request packet by using the target service port identifier; the first mapping relation comprises a mapping relation of virtual service port identification and real service port identification; the first mapping relation is updated to the forwarding module through the access end bridge;
and sending the updated first access request packet to the target service port identified by the target service port identification.
2. The method of claim 1, wherein the determining a target service port identifier according to the virtual service port identifier carried in the first access request packet comprises:
matching the virtual service port identifier carried in the first access request packet with the virtual service port identifier contained in the first mapping relation; the first mapping relation comprises a mapping relation of virtual service port identification and real service port identification;
and when the virtual service port identifier carried in the first access request packet is successfully matched with the virtual service port identifier contained in the first mapping relation, jumping from the virtual service port identifier contained in the first mapping relation to a target service port identifier mapped with the virtual service port identifier.
3. The method of any of claims 1-2, wherein after sending the first access request packet obtained after updating the target service port identifier to the target service port identified by the target service port identifier, further comprising:
the target service port receives the updated first access request packet;
and when the target service port identifier carried in the updated first access request packet is successfully matched with the preset identifier of the target service port, sending the request data in the updated first access request packet to a server instance with the same subnet mask as the target service port, wherein the subnet mask of the server instance is different from that of the node.
4. The method of claim 3, wherein said updating the virtual service port identification carried in the first access request packet with the target service port identification comprises:
after receiving the first access request packet transmitted by a transport layer protocol, searching the position of a virtual service port identifier in the first access request packet;
and after the virtual service port identification is deleted at the position, adding a target service port identification.
5. The method of claim 2 or 4, wherein the method further comprises:
periodically receiving a second mapping relation updated in the registry;
updating the first mapping relation according to the updated second mapping relation; the second mapping relationship comprises a mapping relationship between the virtual service port identification and the server instance.
6. An apparatus for processing an access request packet at a node of a microservice cluster, comprising a forwarding module; the forwarding module includes:
the system comprises a receiving unit, a cluster entry agent and a service processing unit, wherein the receiving unit is used for receiving a first access request packet sent by an intranet client and receiving a second access request packet from the cluster entry agent, and the second access request packet is sent to the cluster entry agent for the extranet client; the subnet masks of the internal network client and the nodes are the same, and the subnet masks of the external network client and the nodes are different; the forwarding module is an IP information packet filtering system integrated with a kernel;
a processing unit, configured to determine a target service port identifier according to the virtual service port identifier carried in the first access request packet and a first mapping relationship, and update the virtual service port identifier carried in the first access request packet with the target service port identifier; the first mapping relation comprises a mapping relation of virtual service port identification and real service port identification; the first mapping relation is updated to the forwarding module through the access end bridge;
and the sending unit is used for sending the updated first access request packet to the target service port identified by the target service port identification.
7. The apparatus as recited in claim 6, said processing unit to:
matching the virtual service port identifier carried in the first access request packet with the virtual service port identifier contained in the first mapping relation; the first mapping relation comprises a mapping relation of virtual service port identification and real service port identification;
and when the virtual service port identifier carried in the first access request packet is successfully matched with the virtual service port identifier contained in the first mapping relation, jumping from the virtual service port identifier contained in the first mapping relation to a target service port identifier mapped with the virtual service port identifier.
8. The apparatus of any of claims 6-7, wherein the node further comprises a target service port to:
receiving the updated first access request packet;
and when the target service port identifier carried in the updated first access request packet is successfully matched with the preset identifier of the target service port, sending request data in the updated first access request packet to a server with the same subnet mask as the target service port, wherein the subnet mask of the server is different from that of the node.
9. The apparatus as recited in claim 8, said processing unit to:
after receiving the first access request packet transmitted by a transport layer protocol, searching the position of a virtual service port identifier from the first access request packet;
and after the virtual service port identification is deleted at the position, adding a target service port identification.
10. The apparatus of claim 7 or 9, wherein the node further comprises an access-end bridge to:
periodically receiving a second mapping relation updated in the registry;
updating the first mapping relation according to the updated second mapping relation; the second mapping relationship comprises a mapping relationship between the virtual service port identification and the server instance.
CN201710547119.4A 2017-07-06 2017-07-06 Method and device for processing access request packet on node of micro-service cluster Active CN107483538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710547119.4A CN107483538B (en) 2017-07-06 2017-07-06 Method and device for processing access request packet on node of micro-service cluster

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710547119.4A CN107483538B (en) 2017-07-06 2017-07-06 Method and device for processing access request packet on node of micro-service cluster

Publications (2)

Publication Number Publication Date
CN107483538A CN107483538A (en) 2017-12-15
CN107483538B true CN107483538B (en) 2021-01-01

Family

ID=60595673

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710547119.4A Active CN107483538B (en) 2017-07-06 2017-07-06 Method and device for processing access request packet on node of micro-service cluster

Country Status (1)

Country Link
CN (1) CN107483538B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712464A (en) * 2018-04-13 2018-10-26 中国科学院信息工程研究所 A kind of implementation method towards cluster micro services High Availabitity
CN108833462A (en) * 2018-04-13 2018-11-16 中国科学院信息工程研究所 A kind of system and method found from registration service towards micro services
CN108664343B (en) * 2018-05-09 2022-08-23 顺丰科技有限公司 State calling method and device for micro-service
CN110880091A (en) * 2018-09-05 2020-03-13 易保网络技术(上海)有限公司 Micro-service flow processing method and device
CN109302469A (en) * 2018-09-26 2019-02-01 平安科技(深圳)有限公司 Micro services management method, device, computer equipment and storage medium
CN111431956B (en) * 2019-01-10 2022-07-05 阿里巴巴集团控股有限公司 Cross-network service access method, device, system and storage medium
CN112055039B (en) * 2019-06-06 2022-07-26 阿里巴巴集团控股有限公司 Data access method, device and system and computing equipment
US11082526B2 (en) 2019-08-19 2021-08-03 International Business Machines Corporation Optimizing large parameter passing in a service mesh
CN113472823B (en) * 2020-03-30 2023-06-27 深圳Tcl数字技术有限公司 Server access method and device, intelligent terminal and storage medium
CN112615849B (en) * 2020-12-15 2022-04-26 平安科技(深圳)有限公司 Micro-service access method, device, equipment and storage medium
CN113806104A (en) * 2021-08-02 2021-12-17 北京房江湖科技有限公司 Interface access request processing method, API gateway, server and system
CN113590236B (en) * 2021-08-03 2023-10-31 聚好看科技股份有限公司 Server and microservice declarative interface timeout configuration method
CN114465895A (en) * 2022-03-03 2022-05-10 上海微盟企业发展有限公司 Request distribution method, device, equipment and storage medium based on micro service

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011140028A1 (en) * 2010-05-03 2011-11-10 Brocade Communications Systems, Inc. Virtual cluster switching
CN102420867A (en) * 2011-12-01 2012-04-18 浪潮电子信息产业股份有限公司 Cluster storage entry resolution method based on real-time load balancing mechanism
CN102469110A (en) * 2010-11-01 2012-05-23 英业达股份有限公司 Load balancing method applied to cluster system
CN103051529A (en) * 2012-12-20 2013-04-17 华为技术有限公司 Method and device for processing messages
CN104579973A (en) * 2014-12-24 2015-04-29 北京华为数字技术有限公司 Message forwarding method and device of virtual cluster
CN105721566A (en) * 2016-01-29 2016-06-29 华为技术有限公司 Method for redirecting port, server and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8995287B2 (en) * 2011-12-09 2015-03-31 Brocade Communication Systems, Inc. AMPP active profile presentation

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011140028A1 (en) * 2010-05-03 2011-11-10 Brocade Communications Systems, Inc. Virtual cluster switching
CN102986172A (en) * 2010-05-03 2013-03-20 博科通讯***有限公司 Virtual cluster switching
CN102469110A (en) * 2010-11-01 2012-05-23 英业达股份有限公司 Load balancing method applied to cluster system
CN102420867A (en) * 2011-12-01 2012-04-18 浪潮电子信息产业股份有限公司 Cluster storage entry resolution method based on real-time load balancing mechanism
CN103051529A (en) * 2012-12-20 2013-04-17 华为技术有限公司 Method and device for processing messages
CN104579973A (en) * 2014-12-24 2015-04-29 北京华为数字技术有限公司 Message forwarding method and device of virtual cluster
CN105721566A (en) * 2016-01-29 2016-06-29 华为技术有限公司 Method for redirecting port, server and system

Also Published As

Publication number Publication date
CN107483538A (en) 2017-12-15

Similar Documents

Publication Publication Date Title
CN107483538B (en) Method and device for processing access request packet on node of micro-service cluster
US10824454B2 (en) 5G dynamic slice and network identity instantiation, termination, and access management system and method
EP3353952B1 (en) Managing groups of servers
CN113261240A (en) Multi-tenant isolation using programmable clients
CN114025021B (en) Communication method, system, medium and electronic equipment crossing Kubernetes cluster
CN106991008B (en) Resource lock management method, related equipment and system
CN109155939B (en) Load migration method, device and system
WO2018118265A1 (en) Technologies for management of lookup tables
JP2012533129A (en) High performance automated management method and system for virtual networks
WO2019029310A1 (en) Network management method and system
TW201541919A (en) Scalable address resolution
US10382924B2 (en) M2M node management method and apparatus, and computer storage medium
EP3780885A1 (en) Method, apparatus and system for establishing subflows of multipath connection
WO2021139304A1 (en) Method and device for multi-cloud interconnection
US10764234B2 (en) Method and system for host discovery and tracking in a network using associations between hosts and tunnel end points
US10454884B2 (en) Terminal and multicast address distribution server
US11108854B2 (en) Peer-to-peer network for internet of things resource allocation operation
US20160191368A1 (en) Information processing device, method, and medium
CN108494748B (en) Communication method, device and storage medium
KR101984846B1 (en) Communication method and apparatus providing mobility of objects
CN108574587B (en) Capacity updating method and device for distributed equipment
CN114650281B (en) File downloading method, device, equipment and storage medium based on complex network
CN114153607A (en) Cross-node edge computing load balancing method, device and readable storage medium
US20200341968A1 (en) Differential Update of Local Cache from Central Database
WO2021087865A1 (en) Addressing method, addressing system and addressing apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant