CN109525684B - Message forwarding method and device - Google Patents
Message forwarding method and device Download PDFInfo
- Publication number
- CN109525684B CN109525684B CN201811513544.2A CN201811513544A CN109525684B CN 109525684 B CN109525684 B CN 109525684B CN 201811513544 A CN201811513544 A CN 201811513544A CN 109525684 B CN109525684 B CN 109525684B
- Authority
- CN
- China
- Prior art keywords
- address
- forwarding
- server
- socket connection
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a message forwarding method and a device, which are applied to a forwarding module in forwarding equipment, wherein the forwarding equipment comprises a plurality of forwarding modules, and the method comprises the following steps: receiving a request message sent by a client based on a first socket connection established with the client; determining a target IP address corresponding to a quintuple connected with the first socket from a preset IP address network segment; based on the target IP address and a preset forwarding strategy, performing network address conversion on the request message to convert a source IP address of the request message into the target IP address and convert a target IP address of the request message into an IP address of a service end to be accessed; and forwarding the converted request message to the server side based on the second socket connection established with the server side. According to the technical scheme, the number of socket connections allowed to be concurrent can be increased, and the resource utilization rate of the forwarding equipment is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for forwarding a packet.
Background
SLB (Server Load Balancing) is a network Load Balancing technology designed for cloud computing platforms. In practical application, the client may send the access request to the SLB device based on a VIP (Virtual IP Address) of the SLB device, and then the SLB device forwards the access request of the client to the server of the back end for corresponding service processing based on a certain forwarding policy. With the increasing of the service types, the service complexity is also increased, and the access requests sent by the client to the server are also increased gradually. In this case, how to increase the number of concurrent connections between the forwarding device and the server, thereby increasing the number of clients that can simultaneously process access requests, and improving the resource utilization rate of the forwarding device becomes a problem to be solved urgently.
Disclosure of Invention
In view of this, the present application provides a message forwarding method and apparatus. Specifically, the method is realized through the following technical scheme:
in a first aspect, the present application provides a packet forwarding method, where the method is applied to a forwarding module in a forwarding device, where the forwarding device includes multiple forwarding modules, and the method includes:
receiving a request message sent by a client based on a first socket connection established with the client;
determining a target IP address corresponding to a quintuple connected with the first socket from a preset IP address network segment;
based on the target IP address and a preset forwarding strategy, performing network address conversion on the request message to convert a source IP address of the request message into the target IP address and convert a target IP address of the request message into an IP address of a service end to be accessed;
and forwarding the converted request message to the server side based on the second socket connection established with the server side.
In a second aspect, the present application provides a packet forwarding apparatus, where the apparatus is applied to a forwarding module in a forwarding device, where the forwarding device includes multiple forwarding modules, and the apparatus includes:
the first receiving unit is used for receiving a request message sent by a client based on a first socket connection established with the client;
a determining unit, configured to determine, from a preset IP address network segment, a target IP address corresponding to a quintuple connected to the first socket;
a first conversion unit, configured to perform network address conversion on the request packet based on the target IP address and a preset forwarding policy, so as to convert a source IP address of the request packet into the target IP address, and convert a destination IP address of the request packet into an IP address of a service end to be accessed;
and the first forwarding unit is used for forwarding the converted request message to the server based on the second socket connection established with the server.
In a third aspect, the present application provides an electronic device, comprising: a processor and a machine-readable storage medium;
the machine-readable storage medium stores machine-executable instructions executable by the processor, which by the processor causes the method described above to be performed.
In a fourth aspect, the present application provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to perform the above-described method.
In the above technical solution, when receiving an access request sent by a client to a server, a forwarding module in a forwarding device may determine an IP address corresponding to the access request from a preset IP address network segment, and forward the access request to the server based on a socket connection including the IP address, a virtual IP address corresponding to the forwarding module, and corresponding source and destination ports in a five-tuple. In this way, since all forwarding modules in the forwarding device can communicate with the server based on one IP address network segment including multiple IP addresses, and do not need to communicate with the server based on the same IP address, the theoretical maximum value of the number of concurrent socket connections between all forwarding modules and all servers is 65535 × N (N is the number of IP addresses in the IP address network segment), that is, the number of socket connections allowed to be concurrent can be increased, and the resource utilization rate of the forwarding device is improved.
Drawings
FIG. 1 is a schematic diagram of a message forwarding system;
fig. 2 is a flowchart illustrating a message forwarding method according to an exemplary embodiment of the present application;
fig. 3 is a hardware structure diagram of a device where a message forwarding apparatus is located according to an exemplary embodiment of the present application;
fig. 4 is a block diagram of a message forwarding apparatus according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Referring to fig. 1, fig. 1 is a schematic diagram of a message forwarding system. As shown in fig. 1, in practical applications, since the server is usually deployed in a private network, the client is usually deployed in a public network, and direct communication between the client and the server is usually not allowed to be performed in order to ensure security of service data, a forwarding device may be generally deployed between the client and the server, so that the client can access the server through the forwarding device to obtain the service data in the server.
In order to handle access requests of multiple clients to a server at the same time, multiple forwarding modules may be created in a forwarding device. The forwarding module may be a virtual machine, or may be a process for executing a forwarding function, which is not limited in this application.
In the related art, a virtual IP address may be configured for each forwarding module in the forwarding device, the virtual IP addresses configured for different forwarding modules are usually different, and the client may communicate with the corresponding forwarding module based on a certain virtual IP address. On the other hand, the same IP address for communicating with the server may be configured for all forwarding modules, that is, each forwarding module may communicate with the server based on the IP address.
Specifically, taking the client 1 shown in fig. 1 as an example, the client 1 may establish a socket connection 11 with the forwarding module 1 in the forwarding device, so as to communicate with the forwarding module 1 through the socket connection 11. On the other hand, the forwarding module 1 may establish a socket connection 21 with the server 1 to communicate with the server 1 through the socket connection 21.
The forwarding module 1 may receive a request message sent when the client 1 accesses the server 1 based on the socket connection 11. The source IP address of the request message is the IP address of the client 1, and the destination IP address of the request message is the virtual IP address 1 corresponding to the forwarding module 1.
The forwarding module 1 may perform Network Address Translation (NAT) on the request message, so as to translate a source IP Address of the request message into an IP Address X used by the forwarding module 1 for communicating with the server, and translate a destination IP Address of the request message into an IP Address of the server 1. In addition, the forwarding module 1 may also perform corresponding conversion on the source port and the destination port of the request packet.
The forwarding module 1 may forward the converted request packet to the server 1 based on the socket connection 21, so that the client 1 may access the server 1.
It should be noted that the five-tuple (source IP address, destination IP address, source port, destination port, and transport layer protocol) of the socket connection 11 is the five-tuple of the request packet, and the forwarding module 1 cannot process the packet with the five-tuple different from the five-tuple of the socket connection 11 based on the socket connection 11. Similarly, the quintuple of the socket connection 21 is the quintuple of the converted request packet, that is, the forwarding module 1 cannot process a packet having a different quintuple from the quintuple of the socket connection 21 based on the socket connection 21.
That is, for a certain forwarding module, the forwarding module and the client with different IP addresses need to communicate through different socket connections, and the forwarding module and the server with different IP addresses need to communicate through different socket connections. Of course, the forwarding modules with different corresponding virtual IP addresses and the clients with the same IP address also need to communicate through different socket connections.
However, for one IP address, the theoretical maximum value for the number of socket connections that the IP address can carry at the same time is 65535. Since all forwarding modules in the forwarding device communicate with the server based on the same IP address, the theoretical maximum value of the number of concurrent socket connections between all forwarding modules and all servers is 65535, that is, there is an upper limit to the number of allowed concurrent socket connections.
In order to solve the above problem, the present application provides a method and an apparatus for forwarding a packet, so as to increase the number of socket connections allowed to be concurrent and improve the resource utilization rate of forwarding devices.
Referring to fig. 2, fig. 2 is a flowchart illustrating a message forwarding method according to an exemplary embodiment of the present application. The method can be applied to a forwarding module in the forwarding device shown in fig. 1, and comprises the following steps:
step 201: and receiving a request message sent by the client based on the first socket connection established with the client.
Step 202: and determining a target IP address corresponding to the quintuple connected with the first socket from a preset IP address network segment.
Step 203: and based on the target IP address and a preset forwarding strategy, performing network address conversion on the request message so as to convert the source IP address of the request message into the target IP address and convert the target IP address of the request message into the IP address of the service end to be accessed.
Step 204: and forwarding the converted request message to the server side based on the second socket connection established with the server side.
In this embodiment, an IP address network segment may be configured in advance, and each forwarding module in the forwarding device may select one IP address from the IP address network segment as an IP address for communicating with the service end, that is, the forwarding module may communicate with the service end based on the selected IP address.
The client may access the server through a forwarding module in the forwarding device.
Specifically, the client may send a request message for accessing the server. The source IP address of the request packet is the IP address of the client, and the destination IP address of the request packet is the virtual IP address corresponding to the forwarding module (i.e., the virtual IP address configured by the forwarding module).
The forwarding module may receive the request message based on the first socket connection established with the client.
After receiving the request packet, on one hand, the forwarding module may determine, based on a quintuple connected to the first socket, an IP address corresponding to the quintuple from a pre-configured IP address network segment, and determine the IP address as a target IP address.
In an embodiment shown, the forwarding module may determine a target IP address corresponding to the five-tuple connected to the first socket from a preset IP address network segment by using the following steps:
step 2021: and determining an address identifier corresponding to the quintuple connected with the first socket.
Step 2022: and determining a target IP address corresponding to the quintuple from a preset IP address network segment based on the address identifier.
After receiving the request packet, the forwarding module may determine an address identifier corresponding to a five-tuple connected to the first socket. The address identifiers correspond to the IP addresses in the pre-configured IP address network segments one to one, namely, one address identifier can uniquely represent one IP address in the IP address network segment.
The forwarding device may store a corresponding relationship between the address identifier and an IP address in a pre-configured IP address network segment.
After determining the address identifier corresponding to the quintuple connected to the first socket, the forwarding module may determine, based on the correspondence, the IP address corresponding to the address identifier, so that the IP address may be determined as the target IP address corresponding to the quintuple connected to the first socket.
Specifically, after receiving the request packet, the forwarding module may perform hash (hash) calculation on the five-tuple connected to the first socket to obtain a hash value of the five-tuple connected to the first socket.
Subsequently, the forwarding module may further perform data processing on the hash value of the five-tuple connected to the first socket to convert the hash value into a key value. It should be noted that the key value and the IP address in the pre-configured IP address network segment are in a one-to-one correspondence relationship, that is, one key value can uniquely represent an IP address in the IP address network segment.
The forwarding device can store the corresponding relation between the key value and the IP address in the pre-configured IP address network segment.
After the hash value of the five tuple connected to the first socket is obtained through calculation, the forwarding module may determine, based on the correspondence, an IP address corresponding to the key value, and determine the IP address as a target IP address corresponding to the five tuple connected to the first socket.
On the other hand, the forwarding module may determine a forwarding policy corresponding to the request packet based on the source IP address of the request packet and a pre-configured forwarding policy.
It should be noted that the forwarding policy may include an IP address of the service to be accessed, that is, the IP address of the service that processes the request packet may be determined from the forwarding policy corresponding to the source IP address of the request packet. On the other hand, the forwarding policy may be determined and stored by using an ARP (Address Resolution Protocol) learning method or the like, or may be determined and stored by using other methods, which is not limited in this application.
After determining the forwarding policy corresponding to the request packet, the forwarding module may perform network address translation on the request packet based on the target IP address and the forwarding policy, so as to translate the source IP address of the request packet into the target IP address, and translate the destination IP address of the request packet into the IP address of the service end to be accessed. In addition, the forwarding module can also perform corresponding conversion on the source port and the destination port of the request message.
In one illustrated embodiment, a forwarding module in a forwarding device may perform SLB functions.
In this case, the forwarding module may determine, based on the source IP address of the request packet and a pre-configured forwarding policy, a forwarding policy corresponding to the request packet, so as to determine an IP address of a server that the client may access. On the other hand, based on a pre-configured load balancing policy, one of the servers may be selected as the server to be accessed, and the destination IP address of the request packet may be converted into the IP address of the server to be accessed. The load balancing policy may be pre-configured by a user, for example: the server with the minimum current load can be selected from the servers, and the destination IP address of the request message is converted into the IP address of the server with the minimum current load.
Subsequently, the forwarding module may forward the converted request packet to the server based on the second socket connection established with the server to be accessed.
In practical applications, after receiving the converted request packet, the server may perform corresponding service processing based on the converted request packet, and construct a response packet based on the service data obtained through the processing. Subsequently, the server may return the response message to the client that sent the request message, so that the client may obtain the service data in the server.
It should be noted that, when the server constructs a response packet based on the processed service data, the server may construct a response packet whose source IP address is the IP address of the server and whose destination IP address is the source IP address of the converted request packet, and return the response packet.
The forwarding module may receive the response packet based on a second socket connection established with the server.
After receiving the response packet, the forwarding module may perform reverse network address translation on the response packet, that is, convert the source IP address of the response packet into the virtual IP address corresponding to the forwarding module, and convert the destination IP address of the response packet into the IP address of the client that sends the request packet. In addition, the forwarding module can also perform corresponding conversion on the source port and the destination port of the request message.
Subsequently, the forwarding module may forward the converted response packet to the client based on the first socket connection established with the client, so that the client may obtain the service data in the server.
In the above technical solution, when receiving an access request sent by a client to a server, a forwarding module in a forwarding device may determine an IP address corresponding to the access request from a preset IP address network segment, and forward the access request to the server based on a socket connection where a five-tuple includes the IP address, a virtual IP address corresponding to the forwarding module, and a corresponding source port and a destination port. In this way, since all forwarding modules in the forwarding device can communicate with the server based on one IP address network segment including multiple IP addresses, and do not need to communicate with the server based on the same IP address, the theoretical maximum value of the number of concurrent socket connections between all forwarding modules and all servers is 65535 × N (N is the number of IP addresses in the IP address network segment), that is, the number of socket connections allowed to be concurrent can be increased, and the resource utilization rate of the forwarding device is improved.
The above technical solution is exemplified below.
Taking the client 1 and the client 2 shown in fig. 1 as an example, the client 1 may establish a socket connection 11 with the forwarding module 1, so as to communicate with the forwarding module 1 through the socket connection 11; the client 2 can establish a socket connection 12 with the forwarding module 1 to communicate with the forwarding module 1 via the socket connection 12. Assuming that the five-tuple of socket connection 11 includes virtual IP address 1 (source IP address), IP address of client 1 (destination IP address), port 11 (source port), and port 21 (destination port), the five-tuple of socket connection 12 includes virtual IP address 1 (source IP address), IP address of client 2 (destination IP address), port 31 (source port), and port 22 (destination port).
On the other hand, an IP address network segment for communicating with the server may be configured for all forwarding modules in the forwarding device. Assume that the forwarding device stores the corresponding relationship between the address identifier shown in table 1 below and the IP address in the pre-configured IP address network segment:
| address identification | IP address in IP address network segment |
| Address identification 1 | IP address 1 |
| Address identification 2 | IP address 2 |
| …… | …… |
TABLE 1
In an example, the forwarding module 1 may receive a request message sent by the client 1 based on the socket connection 11. The source IP address of the request message is the IP address of the client 1, the destination IP address is the virtual IP address 1 corresponding to the forwarding module 1, the source port is the port 11 of the client, and the destination port is the port 21 of the forwarding module 1.
After receiving the request packet, on the one hand, the forwarding module 1 may determine an address identifier corresponding to a five-tuple of the socket connection 11 (i.e., the five-tuple of the request packet). Assuming that the address identifier corresponding to the five-tuple of the socket connection 11 is the address identifier 1, based on the correspondence shown in table 1 above, the IP address corresponding to the address identifier 1 may be determined to be the IP address 1, so that the IP address 1 may be determined to be the target IP address corresponding to the five-tuple of the socket connection 11.
On the other hand, the forwarding module 1 may determine a forwarding policy corresponding to the request packet based on the source IP address of the request packet (i.e., the IP address of the client 1) and a pre-configured forwarding policy. Assuming that the IP address of the service end to be accessed in the forwarding policy is the IP address of the service end 1, the forwarding module 1 may perform network address translation on the request packet to translate the source IP address of the request packet into the IP address 1, and translate the destination IP address of the request packet into the IP address of the service end 1.
In addition, the forwarding module 1 may also perform corresponding conversion on the source port and the destination port of the request packet based on the forwarding policy. Assume that the forwarding module 1 converts the source port of the request packet from the port 11 of the client 1 to the port 22 of the forwarding module 1, and converts the destination port of the request packet from the port 21 of the forwarding module 1 to the port 31 of the server 1.
The forwarding module 1 may establish a socket connection 21 with the server 1 to communicate with the server 1 through the socket connection 21. Assuming that the five-tuple of the socket connection 21 includes the IP address 1 (source IP address), the IP address (destination IP address) of the server 1, the port 22 (source port), and the port 31 (destination port), the forwarding module 1 may forward the converted request packet to the server 1 based on the socket connection 21.
After receiving the converted request message, the server 1 may perform corresponding service processing based on the converted request message, and construct a response message based on the service data obtained by the processing. The source IP address of the response packet is the IP address of the server 1, the destination IP address is the IP address 1, the source port is the port 31 of the server 1, and the destination port is the port 22 of the forwarding module 1.
The forwarding module 1 may receive the response message sent by the server 1 based on the socket connection 21.
After receiving the response packet, the forwarding module 1 may perform reverse network address translation on the response packet, that is, convert the source IP address of the response packet into the virtual IP address 1, and convert the destination IP address of the response packet into the IP address of the client 1. In addition, the forwarding module 1 may also convert the source port of the response packet from the port 31 of the server 1 to the port 21 of the forwarding module 1, and convert the destination port of the response packet from the port 22 of the forwarding module 1 to the port 11 of the client 1.
Subsequently, the forwarding module 1 may forward the converted response packet to the client 1 based on the socket connection 11, so that the client 1 may obtain the service data in the server 1.
In another example, the forwarding module 1 may receive a request message sent by the client 2 based on the socket connection 12. The source IP address of the request message is the IP address of the client 2, the destination IP address is the virtual IP address 1 corresponding to the forwarding module 1, the source port is the port 41 of the client, and the destination port is the port 23 of the forwarding module 1.
After receiving the request packet, on the one hand, the forwarding module 1 may determine an address identifier corresponding to a five-tuple of the socket connection 12 (i.e., the five-tuple of the request packet). Assuming that the address identifier corresponding to the five-tuple of the socket connection 12 is the address identifier 2, based on the correspondence shown in table 1 above, the IP address corresponding to the address identifier 2 may be determined to be the IP address 2, so that the IP address 2 may be determined to be the target IP address corresponding to the five-tuple of the socket connection 12.
On the other hand, the forwarding module 1 may determine a forwarding policy corresponding to the request packet based on the source IP address of the request packet (i.e., the IP address of the client 2) and a pre-configured forwarding policy. Assuming that the IP address of the service end to be accessed in the forwarding policy is the IP address of the service end 1, the forwarding module 1 may perform network address translation on the request packet to translate the source IP address of the request packet into the IP address 2, and translate the destination IP address of the request packet into the IP address of the service end 1.
In addition, the forwarding module 1 may also perform corresponding conversion on the source port and the destination port of the request packet based on the forwarding policy. Assume that the forwarding module 1 converts the source port of the request message from the port 41 of the client 1 to the port 24 of the forwarding module 1, and converts the destination port of the request message from the port 23 of the forwarding module 1 to the port 32 of the server 1.
The forwarding module 1 may establish a socket connection 22 with the server 1 to communicate with the server 1 through the socket connection 22. Assuming that the five-tuple of the socket connection 22 includes the IP address 2 (source IP address), the IP address (destination IP address) of the server 1, the port 24 (source port), and the port 32 (destination port), the forwarding module 1 may forward the converted request packet to the server 1 based on the socket connection 22.
After receiving the converted request message, the server 1 may perform corresponding service processing based on the converted request message, and construct a response message based on the service data obtained by the processing. The source IP address of the response packet is the IP address of the server 1, the destination IP address is the IP address 2, the source port is the port 32 of the server 1, and the destination port is the port 24 of the forwarding module 1.
The forwarding module 1 may receive the response message sent by the server 1 based on the socket connection 22.
After receiving the response packet, the forwarding module 1 may perform reverse network address translation on the response packet, that is, convert the source IP address of the response packet into the virtual IP address 1, and convert the destination IP address of the response packet into the IP address of the client 2. In addition, the forwarding module 1 may also convert the source port of the response packet from the port 32 of the server 1 to the port 23 of the forwarding module 1, and convert the destination port of the response packet from the port 24 of the forwarding module 1 to the port 41 of the client 2.
Subsequently, the forwarding module 1 may forward the converted response packet to the client 2 based on the socket connection 12, so that the client 2 may obtain the service data in the server 1.
Corresponding to the embodiment of the message forwarding method, the application also provides an embodiment of a message forwarding device.
The embodiment of the message forwarding device can be applied to forwarding equipment. The apparatus embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor of the device where the software implementation is located as a logical means. In terms of hardware, as shown in fig. 3, the present application is a hardware structure diagram of a forwarding device where a packet forwarding apparatus is located, and except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, the forwarding device where the apparatus is located in the embodiment may also include other hardware according to an actual function of forwarding the packet, which is not described again.
Referring to fig. 4, fig. 4 is a block diagram of a message forwarding apparatus according to an exemplary embodiment of the present application. The apparatus 400 may be applied to a forwarding module in the forwarding device shown in fig. 3, where the forwarding device includes a plurality of forwarding modules, and the apparatus 400 may include:
a first receiving unit 401, configured to receive a request packet sent by a client based on a first socket connection established with the client;
a determining unit 402, configured to determine, from a preset IP address network segment, a target IP address corresponding to a five-tuple connected to the first socket;
a first converting unit 403, configured to perform network address conversion on the request packet based on the target IP address and a preset forwarding policy, so as to convert a source IP address of the request packet into the target IP address, and convert a destination IP address of the request packet into an IP address of a service end to be accessed;
and a first forwarding unit 404, configured to forward the converted request packet to the server based on a second socket connection established with the server.
In an optional embodiment, the determining unit 402 may specifically be configured to:
determining an address identifier corresponding to a quintuple connected with the first socket;
and determining a target IP address corresponding to the quintuple from a preset IP address network segment based on the address identifier.
In an optional embodiment, the determining unit 402 may specifically be configured to:
and determining an address identifier corresponding to the quintuple of the first socket connection based on a calculation result obtained by performing hash calculation on the first socket connection.
In an optional embodiment, the first conversion unit 403 may specifically be configured to:
determining an IP address of a server to be accessed based on a preset load balancing strategy;
and converting the destination IP address of the request message into the IP address of the server.
In an optional embodiment, the apparatus 400 may further include:
a second receiving unit 405, configured to receive, based on the second socket connection, a response packet returned by the server;
a second converting unit 406, configured to perform reverse network address conversion on the response packet, so as to convert a source IP address of the response packet into a virtual IP address corresponding to the forwarding module, and convert a destination IP address of the response packet into an IP address of the client;
a second forwarding unit 407, configured to forward the converted response packet to the client based on the first socket connection.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiment, since it basically corresponds to the method embodiment, reference may be made to the partial description of the method embodiment for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
In an exemplary embodiment of the present application, there is provided an electronic device, which may include: a processor and a machine-readable storage medium;
by reading and executing machine-executable instructions stored by the memory corresponding to control logic for message forwarding, the processor is caused to:
receiving a request message sent by a client based on a first socket connection established with the client;
determining a target IP address corresponding to the quintuple connected with the first socket from a preset IP address network segment;
based on the target IP address and a preset forwarding strategy, performing network address conversion on the request message to convert a source IP address of the request message into the target IP address and convert a target IP address of the request message into an IP address of a service end to be accessed;
and forwarding the converted request message to the server side based on the second socket connection established with the server side.
In an alternative embodiment, the processor is caused to:
determining an address identifier corresponding to a quintuple connected with the first socket;
and determining a target IP address corresponding to the quintuple from a preset IP address network segment based on the address identifier.
In an alternative embodiment, the processor is caused to, by reading and executing machine-executable instructions stored by the memory corresponding to control logic for message forwarding:
and determining an address identifier corresponding to the quintuple of the first socket connection based on a calculation result obtained by performing hash calculation on the first socket connection.
In an alternative embodiment, the processor is caused to:
determining an IP address of a server to be accessed based on a preset load balancing strategy;
and converting the destination IP address of the request message into the IP address of the server.
In an alternative embodiment, the processor is further caused to:
receiving a response message returned by the server based on the second socket connection;
performing reverse network address conversion on the response message to convert a source IP address of the response message into a virtual IP address corresponding to the forwarding module and convert a destination IP address of the response message into an IP address of the client;
and forwarding the converted response message to the client based on the first socket connection.
In an exemplary embodiment of the present application, there is provided a machine-readable storage medium, for example: a memory including computer instructions executable by a processor of a message forwarding device to perform the above method, the method comprising:
receiving a request message sent by a client based on a first socket connection established with the client;
determining a target IP address corresponding to a quintuple connected with the first socket from a preset IP address network segment;
based on the target IP address and a preset forwarding strategy, performing network address conversion on the request message to convert a source IP address of the request message into the target IP address and convert a target IP address of the request message into an IP address of a service end to be accessed;
and forwarding the converted request message to the server side based on the second socket connection established with the server side.
In an optional embodiment, the determining, from a preset IP address network segment, a destination IP address corresponding to a five-tuple connected to the first socket may include:
determining an address identifier corresponding to a quintuple connected with the first socket;
and determining a target IP address corresponding to the quintuple from a preset IP address network segment based on the address identifier.
In an optional embodiment, the determining an address identifier corresponding to a five-tuple of the first socket connection may include:
and determining an address identifier corresponding to the quintuple of the first socket connection based on a calculation result obtained by performing hash calculation on the first socket connection.
In an optional embodiment, the converting the destination IP address of the request packet into the IP address of the service end to be accessed may include:
determining an IP address of a server to be accessed based on a preset load balancing strategy;
and converting the destination IP address of the request message into the IP address of the server.
In an optional embodiment, the method may further comprise:
receiving a response message returned by the server based on the second socket connection;
performing reverse network address conversion on the response message to convert a source IP address of the response message into a virtual IP address corresponding to the forwarding module and convert a destination IP address of the response message into an IP address of the client;
and forwarding the converted response message to the client based on the first socket connection.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. A message forwarding method is characterized in that the method is applied to a forwarding module in forwarding equipment, the forwarding equipment comprises a plurality of forwarding modules, the forwarding equipment stores the corresponding relation between an address identifier and an IP address in a preset IP address network segment, and the address identifier and the IP address are in one-to-one correspondence; the forwarding module is communicated with a server side based on the IP address network segment; the method comprises the following steps:
receiving a request message sent by a client based on a first socket connection established with the client;
determining an address identifier corresponding to a quintuple connected with the first socket; determining a target IP address corresponding to the quintuple connected with the first socket from the preset IP address network segment based on the address identifier;
based on the target IP address and a preset forwarding strategy, performing network address conversion on the request message so as to convert a source IP address of the request message into the target IP address and convert a target IP address of the request message into an IP address of a service end to be accessed;
and forwarding the converted request message to the server side based on the second socket connection established with the server side.
2. The method of claim 1, wherein the determining the address identifier corresponding to the five-tuple of the first socket connection comprises:
and determining an address identifier corresponding to the quintuple of the first socket connection based on a calculation result obtained by performing hash calculation on the first socket connection.
3. The method according to claim 1, wherein the converting the destination IP address of the request packet into the IP address of the service end to be accessed comprises:
determining an IP address of a server to be accessed based on a preset load balancing strategy;
and converting the destination IP address of the request message into the IP address of the server.
4. The method of claim 1, further comprising:
receiving a response message returned by the server based on the second socket connection;
performing reverse network address conversion on the response message to convert a source IP address of the response message into a virtual IP address corresponding to the forwarding module and convert a destination IP address of the response message into an IP address of the client;
and forwarding the converted response message to the client based on the first socket connection.
5. A message forwarding device is characterized in that the device is applied to a forwarding module in forwarding equipment, the forwarding equipment comprises a plurality of forwarding modules, the forwarding equipment stores the corresponding relation between an address identifier and an IP address in a preset IP address network segment, and the address identifier corresponds to the IP address one by one; the forwarding module is communicated with a server side based on the IP address network segment; the device comprises:
the first receiving unit is used for receiving a request message sent by a client based on a first socket connection established with the client;
the determining unit is used for determining an address identifier corresponding to the quintuple connected with the first socket; determining a target IP address corresponding to a quintuple connected with the first socket from the preset IP address network segment based on the address identifier;
a first conversion unit, configured to perform network address conversion on the request packet based on the target IP address and a preset forwarding policy, so as to convert a source IP address of the request packet into the target IP address, and convert a destination IP address of the request packet into an IP address of a service end to be accessed;
and the first forwarding unit is used for forwarding the converted request message to the server based on the second socket connection established with the server.
6. The apparatus according to claim 5, wherein the determining unit is specifically configured to:
and determining an address identifier corresponding to the quintuple of the first socket connection based on a calculation result obtained by performing hash calculation on the first socket connection.
7. The apparatus according to claim 5, wherein the first conversion unit is specifically configured to:
determining an IP address of a server to be accessed based on a preset load balancing strategy;
and converting the destination IP address of the request message into the IP address of the server.
8. The apparatus of claim 5, further comprising:
the second receiving unit is used for receiving a response message returned by the server based on the second socket connection;
a second conversion unit, configured to perform reverse network address conversion on the response packet, so as to convert a source IP address of the response packet into a virtual IP address corresponding to the forwarding module, and convert a destination IP address of the response packet into an IP address of the client;
and the second forwarding unit is used for forwarding the converted response message to the client based on the first socket connection.
9. An electronic device, characterized in that the electronic device comprises: a processor and a machine-readable storage medium;
the machine-readable storage medium stores machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to perform the method of any of claims 1 to 4.
10. A machine-readable storage medium having stored thereon machine-executable instructions which, when invoked and executed by a processor, cause the processor to perform the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811513544.2A CN109525684B (en) | 2018-12-11 | 2018-12-11 | Message forwarding method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811513544.2A CN109525684B (en) | 2018-12-11 | 2018-12-11 | Message forwarding method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109525684A CN109525684A (en) | 2019-03-26 |
| CN109525684B true CN109525684B (en) | 2022-09-30 |
Family
ID=65795999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811513544.2A Active CN109525684B (en) | 2018-12-11 | 2018-12-11 | Message forwarding method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109525684B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110868344B (en) * | 2019-10-17 | 2022-04-19 | 北京全路通信信号研究设计院集团有限公司 | Method, system, device and computer readable medium for simulating MVB |
| CN112929277B (en) * | 2019-12-06 | 2024-03-05 | 华为云计算技术有限公司 | Message processing method and device |
| CN112995349B (en) * | 2019-12-12 | 2023-07-04 | 中兴通讯股份有限公司 | Address management method, server, and computer-readable storage medium |
| CN111158864B (en) * | 2019-12-31 | 2023-05-30 | 奇安信科技集团股份有限公司 | Data processing method, device, system, medium, and program |
| CN112751786B (en) * | 2020-12-28 | 2023-06-16 | 长沙星融元数据技术有限公司 | SLB acceleration system, method, device, equipment and medium based on programmable switch |
| CN115767684B (en) * | 2022-11-09 | 2023-09-08 | 深圳金信诺高新技术股份有限公司 | Data transmission method, device, equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638407A (en) * | 2012-04-17 | 2012-08-15 | 北京星网锐捷网络技术有限公司 | Message forwarding method, device and network equipment |
| CN103384255A (en) * | 2011-12-31 | 2013-11-06 | 华为数字技术(成都)有限公司 | Load balancing method, server and system for virtual machine cluster |
| WO2017113300A1 (en) * | 2015-12-31 | 2017-07-06 | 华为技术有限公司 | Route determining method, network configuration method and related device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7408928B2 (en) * | 2001-12-21 | 2008-08-05 | Nortel Networks Limited | Methods and apparatus for setting up telephony connections between two address domains having overlapping address ranges |
| CN101060493B (en) * | 2007-05-14 | 2011-10-26 | 中兴通讯股份有限公司 | A method of private network user access the server in a private network through domain name |
| CN103701945B (en) * | 2013-12-16 | 2017-07-14 | 浙江宇视科技有限公司 | A kind of address conversion method and device |
| CN103825976B (en) * | 2014-03-04 | 2017-05-10 | 新华三技术有限公司 | NAT (network address translation) processing method and device in distributed system architecture |
| CN106899710B (en) * | 2017-04-26 | 2020-11-13 | 优刻得科技股份有限公司 | IP address conversion method, IP address conversion device and gateway system |
-
2018
- 2018-12-11 CN CN201811513544.2A patent/CN109525684B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103384255A (en) * | 2011-12-31 | 2013-11-06 | 华为数字技术(成都)有限公司 | Load balancing method, server and system for virtual machine cluster |
| CN102638407A (en) * | 2012-04-17 | 2012-08-15 | 北京星网锐捷网络技术有限公司 | Message forwarding method, device and network equipment |
| WO2017113300A1 (en) * | 2015-12-31 | 2017-07-06 | 华为技术有限公司 | Route determining method, network configuration method and related device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109525684A (en) | 2019-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525684B (en) | Message forwarding method and device | |
| CN108886540B (en) | Domain name resolution method, device and computer readable storage medium | |
| CN108449282B (en) | Load balancing method and device | |
| EP3402151B1 (en) | Server cluster-based message generation method and load balancer | |
| CN101257523B (en) | Method for supporting IP network interconnectivity between partitions in a virtualized environment | |
| US20140280775A1 (en) | Network Stack and Related Techniques | |
| US20130332584A1 (en) | Load balancing methods and devices | |
| US11570239B2 (en) | Distributed resilient load-balancing for multipath transport protocols | |
| EP2499787A2 (en) | Smart client routing | |
| CN110012118B (en) | Method and controller for providing Network Address Translation (NAT) service | |
| US10693785B2 (en) | Method and system for forwarding data, virtual load balancer, and readable storage medium | |
| CN109474713B (en) | Message forwarding method and device | |
| US8082333B2 (en) | DHCP proxy for static host | |
| US9055117B1 (en) | Distributed network address translation | |
| CN107547339B (en) | Method and device for feeding back MAC address of gateway media access control | |
| CN109413224B (en) | Message forwarding method and device | |
| CN107517129B (en) | Method and device for configuring uplink interface of equipment based on OpenStack | |
| US20170034048A1 (en) | Methods, systems, and computer readable media for peer aware load distribution | |
| US10855651B2 (en) | Method and device for efficiently using IPv4 public address | |
| CN109246024B (en) | Method, device, terminal equipment and storage medium for load sharing in networking | |
| CN114189492A (en) | Network card pressure testing method and system based on network address translation technology | |
| CN107547621B (en) | Message forwarding method and device | |
| US8972604B1 (en) | Network address retention and assignment | |
| US9929951B1 (en) | Techniques for using mappings to manage network traffic | |
| US9912757B2 (en) | Correlation identity generation method for cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |