CN110061921A - A kind of cloud platform packet delivery method and system - Google Patents
A kind of cloud platform packet delivery method and system Download PDFInfo
- Publication number
- CN110061921A CN110061921A CN201910308684.4A CN201910308684A CN110061921A CN 110061921 A CN110061921 A CN 110061921A CN 201910308684 A CN201910308684 A CN 201910308684A CN 110061921 A CN110061921 A CN 110061921A
- Authority
- CN
- China
- Prior art keywords
- value pair
- key
- container
- packet
- pair container
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the present invention provides a kind of cloud platform packet delivery method and system, it include: to be handled according to interface key-value pair container data packet, target packet to be distributed is obtained, the interface key-value pair container is obtained by the MAC Address and IP address of virtual machine;The target packet is matched according to path key-value pair container, and according to matching result, the corresponding distribution of the path key-value pair container is executed to the target packet and is operated.The embodiment of the present invention carries out tactful configuration by the way that the MAC Address of the virtual machine in cloud platform and IP address are associated as a resource group ID, by resource group, improves the accuracy of strategy matching and the distribution efficiency of data packet.
Description
Technical field
The present invention relates to technical field of data processing more particularly to a kind of cloud platform packet delivery method and system.
Background technique
With the rapid development of cloud computing and Internet of Things, in order to meet network user's difference demand for services, packet classification is had become
For the bases for realizing the different services such as firewall package filtering, the routing based on strategy, Virtual Private Network and flow counting.
Existing most of packet classification methods are based on software realization, these softwares do not catch up with network performance hair increasingly
The needs of exhibition, including OpenvSwitch and NetFilter, the matching and plan all carried out just for the content information for wrapping itself
Slightly, this results in preferably being combined together when its use is in cloud platform environment, often result in matching it is inaccurate with
Strategy fails and the low equal a series of problems of distribution performance.
Therefore, a kind of cloud platform packet delivery method and system are needed now to solve the above problems.
Summary of the invention
In view of the problems of the existing technology, the embodiment of the present invention provides a kind of cloud platform packet delivery method and is
System.
In a first aspect, the embodiment of the present invention provides cloud platform packet delivery method, comprising:
Data packet is handled according to interface key-value pair container, obtains target packet to be distributed, the interface key
Value obtains container by the MAC Address and IP address of virtual machine;
The target packet is matched according to path key-value pair container, and according to matching result, to the target
Data packet executes the corresponding distribution operation of the path key-value pair container.
Second aspect, the embodiment of the invention provides a kind of cloud platform packet delivery systems, comprising:
Processing module obtains target data to be distributed for handling according to interface key-value pair container data packet
Packet, the interface key-value pair container are obtained by the MAC Address and IP address of virtual machine;
Distribution module is tied for being matched according to path key-value pair container to the target packet, and according to matching
Fruit executes the corresponding distribution of the path key-value pair container to the target packet and operates.
The third aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory
Computer program that is upper and can running on a processor, is realized when the processor executes described program as first aspect provides
Method the step of.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating
Machine program is realized as provided by first aspect when the computer program is executed by processor the step of method.
A kind of cloud platform packet delivery method and system provided in an embodiment of the present invention, by will be virtual in cloud platform
The MAC Address and IP address of machine are associated as a resource group ID, carry out tactful configuration by resource group, improve strategy matching
The distribution efficiency of accuracy and data packet.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram of cloud platform packet delivery method provided in an embodiment of the present invention;
Fig. 2 is that the strategy of fast path key-value pair container provided in an embodiment of the present invention searches flow diagram;
Fig. 3 is that the strategy of the key-value pair container of path for the first time provided in an embodiment of the present invention searches flow diagram;
Fig. 4 is the structural schematic diagram of cloud platform packet delivery system provided in an embodiment of the present invention;
Fig. 5 is electronic devices structure schematic diagram provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Available data packet distribution method for data packet information carry out strategy search and matching, not with cloud platform information
It is docked.When needing to acquire all virtual machines in an elastic private clound (Elastic Private Cloud, abbreviation EPC)
Flow when, can only be by configuring the modes such as IP address section, however, virtual machine IP address may be the same in different EPC
Or same network segment, it will causing the flow of acquisition has redundancy.
Fig. 1 is the flow diagram of cloud platform packet delivery method provided in an embodiment of the present invention, as shown in Figure 1, this
Inventive embodiments provide a kind of cloud platform packet delivery method, comprising:
Step 101, data packet is handled according to interface key-value pair container, obtains target packet to be distributed, institute
Interface key-value pair container is stated to obtain by the MAC Address and IP address of virtual machine.
It in embodiments of the present invention,, will be all virtual when target is all virtual machines in EPC in conjunction with cloud platform information
The address MAC-IP of machine generates different key assignments to as a resource group ID, and according to packet delivery strategy matching condition
To container (Map).Firstly, according to the source resource group ID (SrcGroupIds), the purpose resource group ID that get
(DstGroupIds), source port (SrcPorts) and destination port (DstPorts) create corresponding key (Key), then basis
These Key generate interface key-value pair container, and in embodiments of the present invention, interface key-value pair container carries out collected data packet
Corresponding key assignments mapping, obtains target packet to be distributed, so that guaranteeing the homologous chummage of target packet.In addition,
In the embodiment of the present invention, the corresponding cloud platform information of target packet and resource group information are obtained, subsequent strategy matching is used for
With the various Map of generation.
Step 102, the target packet is matched according to path key-value pair container, and according to matching result, it is right
The target packet executes the corresponding distribution operation of the path key-value pair container.
In embodiments of the present invention, path key-value pair container include fast path key-value pair container (FastPathMap) and
Path key-value pair container (FirstPathMap) for the first time, to carry out two different accessed paths to target packet.Wherein,
FirstPathMap carries out full dose lookup to target packet, and FastPathMap carries out the fast quick checking of strategy to target packet
It looks for.In embodiments of the present invention, target packet is looked by FastPathMap first when being distributed strategy lookup
It looks for, when not finding corresponding strategy, is then searched by FirstPathMap.It should be noted that of the invention real
It applies in example, after FirstPathMap completes lookup, FastPathMap is sent by lookup result, thus right
FastPathMap is updated, specifically, according to source IP address and purpose IP address respectively in IP address mask key-value pair container
(IpNetmaskMap) corresponding mask (Mask) is got in, to obtain source mask IP (SrcMaskedIp) and purpose is covered
Code IP (DstMaskedIp), then establishes first order Map for SrcMaskedIp and DstMaskedIp as Key, by first
The corresponding value (Value) of KEY in Map is used as second level Map, then corresponding in cloud platform information according to target packet
SrcEpcId+DstEpcIds+SrcPorts+DstPorts or SrcEpcId+DstEpcIds+ virtual LAN (Vlan) generates
The corresponding Key of second level Map, to complete the update of FastPathMap.
Specifically, an embodiment is illustrated through the invention, firstly, grab data packet from network interface card, by data packet into
Row parsing, to obtain packet header information, wherein packet header can be divided into multi-layer protocol, example by network protocol
Such as, two layers of Ethernet protocol, three layers of IP agreement and four layers of Transmission Control Protocol etc.;Then, it is got from Map according to header packet information pair
The strategy answered, it should be noted that in embodiments of the present invention, each data packet is subjected to a strategy matching, thus real
Existing fine-grained policy matching;Finally, being executed instruction according to the strategy that matching obtains is corresponding, data packet is distributed, at this
Inventive embodiments, strategy is corresponding to be executed instruction including flow counting, data stream statistics and safety analysis etc..
A kind of cloud platform packet delivery method provided in an embodiment of the present invention, by by the virtual machine in cloud platform
MAC Address and IP address are associated as a resource group ID, carry out tactful configuration by resource group, improve the accurate of strategy matching
The distribution efficiency of degree and data packet.
It is on the basis of the above embodiments, described that the target packet is matched according to path key-value pair container,
And according to matching result, the corresponding distribution of the path key-value pair container is executed to the target packet and is operated, comprising:
The target packet is matched according to fast path key-value pair container, if successful match, to the mesh
It marks data packet and executes the corresponding distribution operation of the fast path key-value pair container.
Fig. 2 is that the strategy of fast path key-value pair container provided in an embodiment of the present invention searches flow diagram, such as Fig. 2 institute
Show, in embodiments of the present invention, the specific steps are as follows:
Step 201, according to the IP address in target packet, corresponding Mask is inquired in IPMaskMap, is obtained
SrcMaskIp and DstMaskIp;
Step 202, it is inquired and is obtained in the first order of FastPathMap according to SrcMaskIp and DstMaskIp
MacEpcMap and VlanPolicyMap;
Step 203, inquiry obtains the address Mac of target packet in MacEpcMap;
Step 204, according to the address Mac of target packet, Vlan is judged whether there is, if so, step 205 is executed, if not having
Have, thens follow the steps 206;
Step 205, a series of Vlan tactful (Policy) is generated using SrcEpcId+DstEpcId+Vlan to inquire
Key;
Step 206, a series of PortPolicy is generated using SrcEpcId+DstEpcId+SrcPort+DstPort to look into
Ask Key;
Step 207, the Key generated according to step 205 and step 206, is inquired in corresponding Map, be will acquire
Query result merges, and corresponding distribution is operated and is returned, to be distributed to target packet.
Through the above steps, each target packet is distributed by FastPathMap, it should be noted that
FastPathMap is multistage a Map, corresponding Map are as follows:
map[SrcMaskedIp+DstMaskedIp]VlanAndPort;
Wherein, include following series Map in VlanAndPort:
map[SrcEpcId+DstEpcId+vlan]action;
[proto]map[SrcEpcId+DstEpcId+SrcPort+DstPort]action;
map[mac]epcId;
Specifically, the distribution procedure of FastPathMap is illustrated in one embodiment through the invention, firstly,
Obtain target packet to be distributed, the corresponding information of target packet are as follows: under Transmission Control Protocol, from mac1:ip1:port1 to
mac2:ip2:port2;Then, port and the association of corresponding resource group and target packet are obtained from interface key-value pair container
Field is discussed, and is inquired in interest key-value pair container (InterestMaps), if result is false, corresponding field is
0, inquiry obtains source resource group 10, and purpose resource group is 20, source port 0, destination port port2, agreement 0;Further according to
The inquiry in IpNetmaskMap obtains corresponding Mask to ip1 and ip2 respectively, and calculating acquires SrcMaskedIp,
DstMaskedIp;Then it further according to SrcMaskedIp and DstMaskedIp, inquires and obtains in the first order of FastPathMap
VlanAndPort, and according to mac1 and mac2, it inquires in map [mac] epcId of VlanAndPort, obtains respectively
SrcEpcId=1 and DstEpcId=2;Existed according to Protocol+SrcPort+DstPort+SrcEpcId+DstEpcId
[proto] map [SrcEpcId+DstEpcId+SrcPort+DstPort] action of VlanAndPort is inquired, and is obtained
[0]map[1+2+0+port1]action1;The action that finally will acquire is returned, to be distributed to target packet.
The embodiment of the present invention improves strategy by FastPathMap and searches rate, so that target packet all exists
FastPath layers complete strategy acquisition, and by docking cloud platform, obtain target packet cloud platform information and
Corresponding resource group ID, thus matching error caused by the case where carrying out strategy matching, avoiding IP identical because of different EPC.
It is on the basis of the above embodiments, described that the target packet is matched according to path key-value pair container,
And according to matching result, the corresponding distribution of the path key-value pair container is executed to the target packet and is operated, further includes:
The target packet is matched according to fast path key-value pair container, it, will be described if matching is unsuccessful
Target packet is sent to path key-value pair container for the first time and is matched, to execute the path for the first time to the target packet
The corresponding distribution operation of key-value pair container;
It wherein, will be corresponding after matching in the target packet after the key-value pair container of path for the first time completes matching
Policy Result be sent to the fast path key-value pair container, with for the fast path key-value pair container carry out more
Newly.
Fig. 3 is that the strategy of the key-value pair container of path for the first time provided in an embodiment of the present invention searches flow diagram, such as Fig. 3 institute
Show, in embodiments of the present invention, the specific steps are as follows:
Step 301, corresponding cloud platform data and resource group information are obtained according to the header packet information of target packet;
Step 302, judge whether cloud platform data and resource group information contain Vlan, if so, step 303 is executed, if not having
Have, thens follow the steps 304;
Step 303, a series of VlanPolicy is generated using SrcGroupIds+DstGroupIds+Vlan to inquire
Key;
Step 304, it is generated using SrcGroupIds+DstGroupIds+SrcPorts+DstPorts a series of
PortPolicy inquires Key;
Step 305, the Key generated according to step 304 and step 305, inquires plan in corresponding Maps [Protocol]
Slightly;
Step 306, the strategy that will acquire is inserted into corresponding FastPolicyMap;
Step 307, the strategy that will acquire merges, and corresponding distribution is operated and is returned, to target packet
It is distributed.
Through the above steps, target packet is distributed by FirstPathMap, it should be noted that
FirstPathMap includes:
[proto]map[SrcGroupId+DstGroupId+SrcPort+DstPort]action;
map[SrcGroupId+DstGroupId+vlan]action;
Specifically, the distribution procedure of FirstPathMap is illustrated in one embodiment through the invention, firstly,
Target packet is obtained, the corresponding information of target packet are as follows: under Transmission Control Protocol, from mac1:ip1:port1 to mac2:ip2:
port2;Then, corresponding interface is obtained by interface key-value pair container according to mac1+ip1 and mac2+ip2 respectively
(interface) 1 and interface2;According to the port of interface1 and interface2 corresponding resource group and target packet
And protocol fields, it is inquired in InterestMaps, if result is false, corresponding field 0 inquires and obtains source money
Source group 10, purpose resource group are 20, source port 0, destination port port2, agreement 0;By FirstPathMap to looking into
It askes result to be matched, is expressed as [0] map [10+20+0+port2] action1, to get matching result, and will correspond to
Distribution operate return, to be distributed to target packet;Finally, matching result is added in FastPathMap.
The embodiment of the present invention passes through inquire FirstPathMap according to the change of virtual machine configuration information in cloud platform
Strategy is inserted into FastPolicyMap, timely adjustresources group and strategy configuration, while passing through two different accessed paths,
Realize the accurate matching of packet delivery and strategy.
On the basis of the above embodiments, it is described according to fast path key-value pair container to the target packet carry out
Match, if matching is unsuccessful, sends path key-value pair container for the first time for the target packet and match, to the mesh
It marks data packet and executes the corresponding distribution operation of the path key-value pair container for the first time, comprising:
It is searched according to field of the interest key-value pair container to the target packet, is obtained according to lookup result judgement
Know, if the field of the target packet is not found in the interest key-value pair container, according to the money of the data packet
Source group ID generates corresponding key, for being updated to the key-value pair container of path for the first time, the target packet to be sent out
It is sent to the updated key-value pair container of path for the first time to be matched, to execute updated path for the first time to the target packet
The corresponding distribution operation of key-value pair container.
In embodiments of the present invention, interest key-value pair container (InterestMaps) carries out initialization process to strategy, and
GroupIds, Protocol and Ports field in recording strategy, wherein in InterestMaps, including 3 Map, point
Not are as follows:
map[GroupId]bool;
map[Protocol]bool;
map[Port]bool。
Before target packet is inquired in FirstPathMap, corresponding field is first passed through in InterestMaps
It is inquired, if not finding corresponding field in InterestMaps, 0 (matching full acquisition strategies) is set to, then in conjunction with cloud
Platform finds the GroupIds of the target packet, a series of Keys for searching FirstPathMap is generated, to be used for
FirstPathMap is updated.
On the basis of the above embodiments, data packet to be distributed is obtained according to interface key-value pair container described, it is described
Interface key-value pair container is obtained by the MAC Address and IP address of virtual machine, the method also includes:
Packet delivery strategy matching condition is obtained, the packet delivery policy condition includes source resource group ID, purpose
Resource group ID, IP agreement, virtual LAN, source port and destination port;
According to the packet delivery policy condition, corresponding key-value pair container is generated.
In embodiments of the present invention, first under policy send out after, according in strategy SrcGroupIds,
DstGroupIds, SrcPorts, DstPorts generate a series of corresponding Key, then pass through the protocol field of strategy
It is stored to carry out a point table, to generate corresponding Map.
On the basis of the above embodiments, the key-value pair container include interface key-value pair container, interest key-value pair container,
IP address mask key-value pair container, for the first time path key-value pair container and fast path key-value pair container.
On the basis of the above embodiments, described according to the packet delivery policy condition, generate corresponding key-value pair
Container, comprising:
Cloud platform information and resource group information are handled by hash algorithm, obtain the interface key-value pair container,
The cloud platform information includes the MAC Address and IP address of virtual machine;
According to the source resource group ID of packet delivery policy condition, purpose resource group ID, IP agreement, virtual LAN, source
Port and destination port generate corresponding key, for obtaining path key-value pair container for the first time;
According to the IP mask pair of cloud platform information and resource group information, the IP address mask key-value pair container is generated, and
Fast path key-value pair container is got according to the IP address mask key-value pair container.
Fig. 4 is the structural schematic diagram of cloud platform packet capture dissemination system provided in an embodiment of the present invention, such as Fig. 4 institute
Show, the embodiment of the invention provides a kind of cloud platform packet capture dissemination systems, comprising: processing module 401 and distribution module
402, wherein processing module 401 obtains number of targets to be distributed for handling according to interface key-value pair container data packet
According to packet, the interface key-value pair container is obtained by the MAC Address and IP address of virtual machine;Distribution module 402 is used for according to road
Diameter key-value pair container matches the target packet, and according to matching result, to described in target packet execution
The corresponding distribution operation of path key-value pair container.
A kind of cloud platform packet delivery system provided in an embodiment of the present invention, by by the virtual machine in cloud platform
MAC Address and IP address are associated as a resource group ID, carry out tactful configuration by resource group, improve the accurate of strategy matching
The distribution efficiency of degree and data packet.
On the basis of the above embodiments, the distribution module 402 includes: fast path Dispatching Unit, for according to fast
Fast path key-value pair container matches the target packet, if successful match, executes institute to the target packet
State the corresponding distribution operation of fast path key-value pair container.
On the basis of the above embodiments, the distribution module 402 further include: path Dispatching Unit and fast path for the first time
Updating unit, wherein path Dispatching Unit in the target packet in fast path key-value pair container for matching for the first time
When failure, path key-value pair container for the first time is sent by the target packet and is matched, to hold to the target packet
The corresponding distribution operation of the row path key-value pair container for the first time;Fast path updating unit in the target packet for existing
After the key-value pair container of path for the first time completes matching, the fast path key assignments is sent by Policy Result corresponding after matching
To container, for being updated to the fast path key-value pair container.
On the basis of the above embodiments, the Dispatching Unit of path for the first time includes: routing update subelement for the first time, is used for
It is searched, is known according to lookup result judgement, if in institute according to field of the interest key-value pair container to the target packet
The field for not finding the target packet in interest key-value pair container is stated, then is generated according to the resource group ID of the data packet
Corresponding key, to be used to be updated the key-value pair container of path for the first time, after sending update for the target packet
The key-value pair container of path for the first time matched, to execute the updated key-value pair container of path for the first time to the target packet
Corresponding distribution operation.
On the basis of the above embodiments, the system also includes: strategy obtains module and key-value pair container generation module,
Wherein, strategy obtains module for obtaining packet delivery strategy matching condition, and the packet delivery policy condition includes source
Resource group ID, purpose resource group ID, IP agreement, virtual LAN, source port and destination port;Key-value pair container generation module is used
According to the packet delivery policy condition, corresponding key-value pair container is generated, the key-value pair container includes interface key assignments
To container, interest key-value pair container, IP address mask key-value pair container, for the first time path key-value pair container and fast path key-value pair
Container.
On the basis of the above embodiments, key-value pair generation module includes: interface key-value pair container generation unit, for the first time road
Diameter key-value pair container generation unit and fast path key-value pair container generation unit, wherein interface key-value pair container generation unit
For handling by hash algorithm cloud platform information and resource group information, the interface key-value pair container is obtained, it is described
Cloud platform information includes the MAC Address and IP address of virtual machine;Path key-value pair container generation unit is used for according to data for the first time
Source resource group ID, purpose resource group ID, IP agreement, virtual LAN, source port and the destination port of packet distribution policy condition are raw
At corresponding key, for obtaining path key-value pair container for the first time;Fast path key-value pair container generation unit is used for according to cloud
The IP mask pair of platform information and resource group information generates the IP address mask key-value pair container, and according to the IP address
Mask key-value pair container gets fast path key-value pair container.
System provided in an embodiment of the present invention is for executing above-mentioned each method embodiment, detailed process and detailed content
Above-described embodiment is please referred to, details are not described herein again.
Fig. 5 is electronic devices structure schematic diagram provided in an embodiment of the present invention, as shown in figure 5, the electronic equipment can wrap
It includes: processor (Processor) 501, communication interface (Communications Interface) 502, memory (Memory)
503 and communication bus 504, wherein processor 501, communication interface 502, memory 503 are completed mutually by communication bus 504
Between communication.Processor 501 can call the logical order in memory 503, to execute following method: according to interface key-value pair
Container handles data packet, obtains target packet to be distributed, the MAC that the interface key-value pair container passes through virtual machine
Address and IP address obtain;The target packet is matched according to path key-value pair container, and according to matching result, it is right
The target packet executes the corresponding distribution operation of the path key-value pair container.
In addition, the logical order in above-mentioned memory 503 can be realized by way of SFU software functional unit and conduct
Independent product when selling or using, can store in a computer readable storage medium.Based on this understanding, originally
Substantially the part of the part that contributes to existing technology or the technical solution can be in other words for the technical solution of invention
The form of software product embodies, which is stored in a storage medium, including some instructions to
So that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation of the present invention
The all or part of the steps of example the method.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. it is various
It can store the medium of program code.
The embodiment of the present invention discloses a kind of computer program product, and the computer program product is non-transient including being stored in
Computer program on computer readable storage medium, the computer program include program instruction, when described program instructs quilt
When computer executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, according to interface key assignments
Container handles data packet, obtains target packet to be distributed, the interface key-value pair container passes through virtual machine
MAC Address and IP address obtain;The target packet is matched according to path key-value pair container, and is tied according to matching
Fruit executes the corresponding distribution of the path key-value pair container to the target packet and operates.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
The instruction of matter storage server, the computer instruction make computer execute cloud platform packet capture provided by above-described embodiment point
Forwarding method, for example, data packet is handled according to interface key-value pair container, obtains target packet to be distributed, institute
Interface key-value pair container is stated to obtain by the MAC Address and IP address of virtual machine;According to path key-value pair container to the target
Data packet is matched, and according to matching result, executes described corresponding point of path key-value pair container to the target packet
Hair operation.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of cloud platform packet delivery method characterized by comprising
Data packet is handled according to interface key-value pair container, obtains target packet to be distributed, the interface key-value pair
Container is obtained by the MAC Address and IP address of virtual machine;
The target packet is matched according to path key-value pair container, and according to matching result, to the target data
Packet executes the corresponding distribution operation of the path key-value pair container.
2. cloud platform packet delivery method according to claim 1, which is characterized in that described to be held according to path key-value pair
Device matches the target packet, and according to matching result, executes the path key-value pair to the target packet
The corresponding distribution operation of container, comprising:
The target packet is matched according to fast path key-value pair container, if successful match, to the number of targets
The corresponding distribution operation of the fast path key-value pair container is executed according to packet.
3. cloud platform packet delivery method according to claim 2, which is characterized in that described to be held according to path key-value pair
Device matches the target packet, and according to matching result, executes the path key-value pair to the target packet
The corresponding distribution operation of container, further includes:
The target packet is matched according to fast path key-value pair container, if matching is unsuccessful, by the target
Data packet is sent to path key-value pair container for the first time and is matched, to execute the path key assignments for the first time to the target packet
Distribution operation corresponding to container;
Wherein, in the target packet after the key-value pair container of path for the first time completes matching, by plan corresponding after matching
Slightly result is sent to the fast path key-value pair container, for being updated to the fast path key-value pair container.
4. cloud platform packet delivery method according to claim 3, which is characterized in that described according to fast path key assignments
Container matches the target packet, if matching is unsuccessful, sends path for the first time for the target packet
Key-value pair container is matched, and is grasped with executing the corresponding distribution of the path key-value pair container for the first time to the target packet
Make, comprising:
It is searched according to field of the interest key-value pair container to the target packet, is known according to lookup result judgement, if
The field of the target packet is not found in the interest key-value pair container, then according to the resource group ID of the data packet
Corresponding key is generated, to send the target packet to more for being updated to the key-value pair container of path for the first time
The key-value pair container of path for the first time after new is matched, to execute updated path key-value pair for the first time to the target packet
The corresponding distribution operation of container.
5. cloud platform packet delivery method according to claim 1, which is characterized in that described according to interface key-value pair
Container obtains data packet to be distributed, and the interface key-value pair container is obtained by the MAC Address and IP address of virtual machine, institute
State method further include:
Packet delivery strategy matching condition is obtained, the packet delivery policy condition includes source resource group ID, purpose resource
Group ID, IP agreement, virtual LAN, source port and destination port;
According to the packet delivery policy condition, corresponding key-value pair container is generated.
6. cloud platform packet delivery method according to claim 5, which is characterized in that the key-value pair container includes connecing
Mouth key-value pair container, interest key-value pair container, IP address mask key-value pair container, for the first time path key-value pair container and fast path
Key-value pair container.
7. cloud platform packet delivery method according to claim 6, which is characterized in that described according to the data packet point
Policy condition is sent out, corresponding key-value pair container is generated, comprising:
Cloud platform information and resource group information are handled by hash algorithm, obtain the interface key-value pair container, it is described
Cloud platform information includes the MAC Address and IP address of virtual machine;
According to the source resource group ID of packet delivery policy condition, purpose resource group ID, IP agreement, virtual LAN, source port
Corresponding key is generated with destination port, for obtaining path key-value pair container for the first time;
According to the IP mask pair of cloud platform information and resource group information, the IP address mask key-value pair container is generated, and according to
The IP address mask key-value pair container gets fast path key-value pair container.
8. a kind of cloud platform packet delivery system characterized by comprising
Processing module obtains target packet to be distributed, institute for handling according to interface key-value pair container data packet
Interface key-value pair container is stated to obtain by the MAC Address and IP address of virtual machine;
Distribution module, it is right for being matched according to path key-value pair container to the target packet, and according to matching result
The target packet executes the corresponding distribution operation of the path key-value pair container.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor is realized when executing described program such as any one of claim 1 to 7 the method
Step.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer
It is realized when program is executed by processor such as the step of any one of claim 1 to 7 the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910308684.4A CN110061921B (en) | 2019-04-17 | 2019-04-17 | Cloud platform data packet distribution method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910308684.4A CN110061921B (en) | 2019-04-17 | 2019-04-17 | Cloud platform data packet distribution method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110061921A true CN110061921A (en) | 2019-07-26 |
CN110061921B CN110061921B (en) | 2021-07-06 |
Family
ID=67317805
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910308684.4A Active CN110061921B (en) | 2019-04-17 | 2019-04-17 | Cloud platform data packet distribution method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110061921B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110719345A (en) * | 2019-10-25 | 2020-01-21 | 苏州浪潮智能科技有限公司 | Virtual machine MAC address generation method, system, equipment and computer medium |
CN111181861A (en) * | 2020-01-13 | 2020-05-19 | 山东汇贸电子口岸有限公司 | Policy routing implementation method and device |
CN114615022A (en) * | 2022-02-17 | 2022-06-10 | 奇安信科技集团股份有限公司 | Cloud internal flow traction method and device |
CN116032929A (en) * | 2023-03-30 | 2023-04-28 | 阿里巴巴(中国)有限公司 | Data processing system, method and equipment |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080040351A1 (en) * | 2006-08-10 | 2008-02-14 | Samsung Electronics Co., Ltd. | Method and apparatus for managing content using remote user interface |
CN104346401A (en) * | 2013-08-08 | 2015-02-11 | 中国电信股份有限公司 | Method and device for message forwarding between components in cloud management platform |
CN105282141A (en) * | 2015-09-08 | 2016-01-27 | 北京元心科技有限公司 | Method for detecting security of wireless network accessed by intelligent terminal and intelligent terminal |
CN105791402A (en) * | 2016-03-02 | 2016-07-20 | 付宏伟 | Network virtualization realization method of cloud computing platform and corresponding plug-in and agent |
CN106161277A (en) * | 2016-06-29 | 2016-11-23 | 合肥民众亿兴软件开发有限公司 | A kind of parallel network flow sorting technique based on body |
CN106209563A (en) * | 2016-08-07 | 2016-12-07 | 付宏伟 | A kind of cloud computing platform network virtualization implementation method and accordingly plug-in unit and agency |
CN106506240A (en) * | 2016-12-09 | 2017-03-15 | 上海斐讯数据通信技术有限公司 | A kind of method of cloud terminal batch configuration and cloud terminal management system |
CN106911779A (en) * | 2017-02-27 | 2017-06-30 | 郑州云海信息技术有限公司 | A kind of cloud platform virtual machine obtains IP method and devices |
CN107391502A (en) * | 2016-05-16 | 2017-11-24 | 阿里巴巴集团控股有限公司 | The data query method, apparatus and index structuring method of time interval, device |
CN107547242A (en) * | 2017-05-24 | 2018-01-05 | 新华三技术有限公司 | The acquisition methods and device of VM configuration informations |
CN107612843A (en) * | 2017-09-27 | 2018-01-19 | 国云科技股份有限公司 | A kind of method for preventing cloud platform IP and MAC from forging |
CN109039687A (en) * | 2017-06-12 | 2018-12-18 | 北京信威通信技术股份有限公司 | Load-balancing method, device, system, equipment and the storage medium of request |
CN109240796A (en) * | 2018-08-10 | 2019-01-18 | 新华三云计算技术有限公司 | Virtual machine information acquisition methods and device |
-
2019
- 2019-04-17 CN CN201910308684.4A patent/CN110061921B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080040351A1 (en) * | 2006-08-10 | 2008-02-14 | Samsung Electronics Co., Ltd. | Method and apparatus for managing content using remote user interface |
CN104346401A (en) * | 2013-08-08 | 2015-02-11 | 中国电信股份有限公司 | Method and device for message forwarding between components in cloud management platform |
CN105282141A (en) * | 2015-09-08 | 2016-01-27 | 北京元心科技有限公司 | Method for detecting security of wireless network accessed by intelligent terminal and intelligent terminal |
CN105791402A (en) * | 2016-03-02 | 2016-07-20 | 付宏伟 | Network virtualization realization method of cloud computing platform and corresponding plug-in and agent |
CN107391502A (en) * | 2016-05-16 | 2017-11-24 | 阿里巴巴集团控股有限公司 | The data query method, apparatus and index structuring method of time interval, device |
CN106161277A (en) * | 2016-06-29 | 2016-11-23 | 合肥民众亿兴软件开发有限公司 | A kind of parallel network flow sorting technique based on body |
CN106209563A (en) * | 2016-08-07 | 2016-12-07 | 付宏伟 | A kind of cloud computing platform network virtualization implementation method and accordingly plug-in unit and agency |
CN106506240A (en) * | 2016-12-09 | 2017-03-15 | 上海斐讯数据通信技术有限公司 | A kind of method of cloud terminal batch configuration and cloud terminal management system |
CN106911779A (en) * | 2017-02-27 | 2017-06-30 | 郑州云海信息技术有限公司 | A kind of cloud platform virtual machine obtains IP method and devices |
CN107547242A (en) * | 2017-05-24 | 2018-01-05 | 新华三技术有限公司 | The acquisition methods and device of VM configuration informations |
CN109039687A (en) * | 2017-06-12 | 2018-12-18 | 北京信威通信技术股份有限公司 | Load-balancing method, device, system, equipment and the storage medium of request |
CN107612843A (en) * | 2017-09-27 | 2018-01-19 | 国云科技股份有限公司 | A kind of method for preventing cloud platform IP and MAC from forging |
CN109240796A (en) * | 2018-08-10 | 2019-01-18 | 新华三云计算技术有限公司 | Virtual machine information acquisition methods and device |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110719345A (en) * | 2019-10-25 | 2020-01-21 | 苏州浪潮智能科技有限公司 | Virtual machine MAC address generation method, system, equipment and computer medium |
CN111181861A (en) * | 2020-01-13 | 2020-05-19 | 山东汇贸电子口岸有限公司 | Policy routing implementation method and device |
CN114615022A (en) * | 2022-02-17 | 2022-06-10 | 奇安信科技集团股份有限公司 | Cloud internal flow traction method and device |
CN116032929A (en) * | 2023-03-30 | 2023-04-28 | 阿里巴巴(中国)有限公司 | Data processing system, method and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN110061921B (en) | 2021-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110061921A (en) | A kind of cloud platform packet delivery method and system | |
US10411966B2 (en) | Host network analyzer | |
KR101969194B1 (en) | Offloading packet processing for networking device virtualization | |
CN109952746A (en) | Physics and virtual network function are integrated in business chain network environment | |
CN103595648B (en) | Method and system for balancing load at receiving side of server | |
US20180069833A1 (en) | Regional firewall clustering in a networked computing environment | |
US9871720B1 (en) | Using packet duplication with encapsulation in a packet-switched network to increase reliability | |
CN106254256B (en) | Data message forwarding method and equipment based on three layers of VXLAN gateway | |
US11343187B2 (en) | Quantitative exact match distance in network flows | |
CN109547580A (en) | A kind of method and apparatus handling data message | |
CN109804607A (en) | The system and method statelessly handled in fault-tolerant micro services environment | |
US9270636B2 (en) | Neighbor lookup operations in a network node | |
CN104769912A (en) | Method and device for data flow processing | |
CN104734955A (en) | Network function virtualization implementation method, wide-band network gateway and control device | |
CN104811382A (en) | Data packet processing method and device | |
US20230024408A1 (en) | Efficient flow management utilizing control packets | |
CN105939284A (en) | Message control strategy matching method and device | |
CN113630301B (en) | Data transmission method, device and equipment based on intelligent decision and storage medium | |
US20220174081A1 (en) | Monitoring of abnormal host | |
Bansal et al. | Disaggregating stateful network functions | |
US8539547B2 (en) | Policy selector representation for fast retrieval | |
US10341292B2 (en) | Increased port address space | |
US20140068088A1 (en) | Systems and methods for processing media access control (mac) addresses | |
EP3610615B1 (en) | Packet batch processing with graph-path based pre-classification | |
CN113746950A (en) | Method, system, computer device and storage medium for pre-detecting IP address conflict |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |