CN110061921A - A kind of cloud platform packet delivery method and system - Google Patents

A kind of cloud platform packet delivery method and system Download PDF

Info

Publication number
CN110061921A
CN110061921A CN201910308684.4A CN201910308684A CN110061921A CN 110061921 A CN110061921 A CN 110061921A CN 201910308684 A CN201910308684 A CN 201910308684A CN 110061921 A CN110061921 A CN 110061921A
Authority
CN
China
Prior art keywords
value pair
key
container
packet
pair container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910308684.4A
Other languages
Chinese (zh)
Other versions
CN110061921B (en
Inventor
苑超
王凯
向阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING YUNSHAN NETWORKS TECHNOLOGY Co Ltd
Original Assignee
BEIJING YUNSHAN NETWORKS TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING YUNSHAN NETWORKS TECHNOLOGY Co Ltd filed Critical BEIJING YUNSHAN NETWORKS TECHNOLOGY Co Ltd
Priority to CN201910308684.4A priority Critical patent/CN110061921B/en
Publication of CN110061921A publication Critical patent/CN110061921A/en
Application granted granted Critical
Publication of CN110061921B publication Critical patent/CN110061921B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/354Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present invention provides a kind of cloud platform packet delivery method and system, it include: to be handled according to interface key-value pair container data packet, target packet to be distributed is obtained, the interface key-value pair container is obtained by the MAC Address and IP address of virtual machine;The target packet is matched according to path key-value pair container, and according to matching result, the corresponding distribution of the path key-value pair container is executed to the target packet and is operated.The embodiment of the present invention carries out tactful configuration by the way that the MAC Address of the virtual machine in cloud platform and IP address are associated as a resource group ID, by resource group, improves the accuracy of strategy matching and the distribution efficiency of data packet.

Description

A kind of cloud platform packet delivery method and system
Technical field
The present invention relates to technical field of data processing more particularly to a kind of cloud platform packet delivery method and system.
Background technique
With the rapid development of cloud computing and Internet of Things, in order to meet network user's difference demand for services, packet classification is had become For the bases for realizing the different services such as firewall package filtering, the routing based on strategy, Virtual Private Network and flow counting.
Existing most of packet classification methods are based on software realization, these softwares do not catch up with network performance hair increasingly The needs of exhibition, including OpenvSwitch and NetFilter, the matching and plan all carried out just for the content information for wrapping itself Slightly, this results in preferably being combined together when its use is in cloud platform environment, often result in matching it is inaccurate with Strategy fails and the low equal a series of problems of distribution performance.
Therefore, a kind of cloud platform packet delivery method and system are needed now to solve the above problems.
Summary of the invention
In view of the problems of the existing technology, the embodiment of the present invention provides a kind of cloud platform packet delivery method and is System.
In a first aspect, the embodiment of the present invention provides cloud platform packet delivery method, comprising:
Data packet is handled according to interface key-value pair container, obtains target packet to be distributed, the interface key Value obtains container by the MAC Address and IP address of virtual machine;
The target packet is matched according to path key-value pair container, and according to matching result, to the target Data packet executes the corresponding distribution operation of the path key-value pair container.
Second aspect, the embodiment of the invention provides a kind of cloud platform packet delivery systems, comprising:
Processing module obtains target data to be distributed for handling according to interface key-value pair container data packet Packet, the interface key-value pair container are obtained by the MAC Address and IP address of virtual machine;
Distribution module is tied for being matched according to path key-value pair container to the target packet, and according to matching Fruit executes the corresponding distribution of the path key-value pair container to the target packet and operates.
The third aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory Computer program that is upper and can running on a processor, is realized when the processor executes described program as first aspect provides Method the step of.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating Machine program is realized as provided by first aspect when the computer program is executed by processor the step of method.
A kind of cloud platform packet delivery method and system provided in an embodiment of the present invention, by will be virtual in cloud platform The MAC Address and IP address of machine are associated as a resource group ID, carry out tactful configuration by resource group, improve strategy matching The distribution efficiency of accuracy and data packet.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram of cloud platform packet delivery method provided in an embodiment of the present invention;
Fig. 2 is that the strategy of fast path key-value pair container provided in an embodiment of the present invention searches flow diagram;
Fig. 3 is that the strategy of the key-value pair container of path for the first time provided in an embodiment of the present invention searches flow diagram;
Fig. 4 is the structural schematic diagram of cloud platform packet delivery system provided in an embodiment of the present invention;
Fig. 5 is electronic devices structure schematic diagram provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Available data packet distribution method for data packet information carry out strategy search and matching, not with cloud platform information It is docked.When needing to acquire all virtual machines in an elastic private clound (Elastic Private Cloud, abbreviation EPC) Flow when, can only be by configuring the modes such as IP address section, however, virtual machine IP address may be the same in different EPC Or same network segment, it will causing the flow of acquisition has redundancy.
Fig. 1 is the flow diagram of cloud platform packet delivery method provided in an embodiment of the present invention, as shown in Figure 1, this Inventive embodiments provide a kind of cloud platform packet delivery method, comprising:
Step 101, data packet is handled according to interface key-value pair container, obtains target packet to be distributed, institute Interface key-value pair container is stated to obtain by the MAC Address and IP address of virtual machine.
It in embodiments of the present invention,, will be all virtual when target is all virtual machines in EPC in conjunction with cloud platform information The address MAC-IP of machine generates different key assignments to as a resource group ID, and according to packet delivery strategy matching condition To container (Map).Firstly, according to the source resource group ID (SrcGroupIds), the purpose resource group ID that get (DstGroupIds), source port (SrcPorts) and destination port (DstPorts) create corresponding key (Key), then basis These Key generate interface key-value pair container, and in embodiments of the present invention, interface key-value pair container carries out collected data packet Corresponding key assignments mapping, obtains target packet to be distributed, so that guaranteeing the homologous chummage of target packet.In addition, In the embodiment of the present invention, the corresponding cloud platform information of target packet and resource group information are obtained, subsequent strategy matching is used for With the various Map of generation.
Step 102, the target packet is matched according to path key-value pair container, and according to matching result, it is right The target packet executes the corresponding distribution operation of the path key-value pair container.
In embodiments of the present invention, path key-value pair container include fast path key-value pair container (FastPathMap) and Path key-value pair container (FirstPathMap) for the first time, to carry out two different accessed paths to target packet.Wherein, FirstPathMap carries out full dose lookup to target packet, and FastPathMap carries out the fast quick checking of strategy to target packet It looks for.In embodiments of the present invention, target packet is looked by FastPathMap first when being distributed strategy lookup It looks for, when not finding corresponding strategy, is then searched by FirstPathMap.It should be noted that of the invention real It applies in example, after FirstPathMap completes lookup, FastPathMap is sent by lookup result, thus right FastPathMap is updated, specifically, according to source IP address and purpose IP address respectively in IP address mask key-value pair container (IpNetmaskMap) corresponding mask (Mask) is got in, to obtain source mask IP (SrcMaskedIp) and purpose is covered Code IP (DstMaskedIp), then establishes first order Map for SrcMaskedIp and DstMaskedIp as Key, by first The corresponding value (Value) of KEY in Map is used as second level Map, then corresponding in cloud platform information according to target packet SrcEpcId+DstEpcIds+SrcPorts+DstPorts or SrcEpcId+DstEpcIds+ virtual LAN (Vlan) generates The corresponding Key of second level Map, to complete the update of FastPathMap.
Specifically, an embodiment is illustrated through the invention, firstly, grab data packet from network interface card, by data packet into Row parsing, to obtain packet header information, wherein packet header can be divided into multi-layer protocol, example by network protocol Such as, two layers of Ethernet protocol, three layers of IP agreement and four layers of Transmission Control Protocol etc.;Then, it is got from Map according to header packet information pair The strategy answered, it should be noted that in embodiments of the present invention, each data packet is subjected to a strategy matching, thus real Existing fine-grained policy matching;Finally, being executed instruction according to the strategy that matching obtains is corresponding, data packet is distributed, at this Inventive embodiments, strategy is corresponding to be executed instruction including flow counting, data stream statistics and safety analysis etc..
A kind of cloud platform packet delivery method provided in an embodiment of the present invention, by by the virtual machine in cloud platform MAC Address and IP address are associated as a resource group ID, carry out tactful configuration by resource group, improve the accurate of strategy matching The distribution efficiency of degree and data packet.
It is on the basis of the above embodiments, described that the target packet is matched according to path key-value pair container, And according to matching result, the corresponding distribution of the path key-value pair container is executed to the target packet and is operated, comprising:
The target packet is matched according to fast path key-value pair container, if successful match, to the mesh It marks data packet and executes the corresponding distribution operation of the fast path key-value pair container.
Fig. 2 is that the strategy of fast path key-value pair container provided in an embodiment of the present invention searches flow diagram, such as Fig. 2 institute Show, in embodiments of the present invention, the specific steps are as follows:
Step 201, according to the IP address in target packet, corresponding Mask is inquired in IPMaskMap, is obtained SrcMaskIp and DstMaskIp;
Step 202, it is inquired and is obtained in the first order of FastPathMap according to SrcMaskIp and DstMaskIp MacEpcMap and VlanPolicyMap;
Step 203, inquiry obtains the address Mac of target packet in MacEpcMap;
Step 204, according to the address Mac of target packet, Vlan is judged whether there is, if so, step 205 is executed, if not having Have, thens follow the steps 206;
Step 205, a series of Vlan tactful (Policy) is generated using SrcEpcId+DstEpcId+Vlan to inquire Key;
Step 206, a series of PortPolicy is generated using SrcEpcId+DstEpcId+SrcPort+DstPort to look into Ask Key;
Step 207, the Key generated according to step 205 and step 206, is inquired in corresponding Map, be will acquire Query result merges, and corresponding distribution is operated and is returned, to be distributed to target packet.
Through the above steps, each target packet is distributed by FastPathMap, it should be noted that FastPathMap is multistage a Map, corresponding Map are as follows:
map[SrcMaskedIp+DstMaskedIp]VlanAndPort;
Wherein, include following series Map in VlanAndPort:
map[SrcEpcId+DstEpcId+vlan]action;
[proto]map[SrcEpcId+DstEpcId+SrcPort+DstPort]action;
map[mac]epcId;
Specifically, the distribution procedure of FastPathMap is illustrated in one embodiment through the invention, firstly, Obtain target packet to be distributed, the corresponding information of target packet are as follows: under Transmission Control Protocol, from mac1:ip1:port1 to mac2:ip2:port2;Then, port and the association of corresponding resource group and target packet are obtained from interface key-value pair container Field is discussed, and is inquired in interest key-value pair container (InterestMaps), if result is false, corresponding field is 0, inquiry obtains source resource group 10, and purpose resource group is 20, source port 0, destination port port2, agreement 0;Further according to The inquiry in IpNetmaskMap obtains corresponding Mask to ip1 and ip2 respectively, and calculating acquires SrcMaskedIp, DstMaskedIp;Then it further according to SrcMaskedIp and DstMaskedIp, inquires and obtains in the first order of FastPathMap VlanAndPort, and according to mac1 and mac2, it inquires in map [mac] epcId of VlanAndPort, obtains respectively SrcEpcId=1 and DstEpcId=2;Existed according to Protocol+SrcPort+DstPort+SrcEpcId+DstEpcId [proto] map [SrcEpcId+DstEpcId+SrcPort+DstPort] action of VlanAndPort is inquired, and is obtained [0]map[1+2+0+port1]action1;The action that finally will acquire is returned, to be distributed to target packet.
The embodiment of the present invention improves strategy by FastPathMap and searches rate, so that target packet all exists FastPath layers complete strategy acquisition, and by docking cloud platform, obtain target packet cloud platform information and Corresponding resource group ID, thus matching error caused by the case where carrying out strategy matching, avoiding IP identical because of different EPC.
It is on the basis of the above embodiments, described that the target packet is matched according to path key-value pair container, And according to matching result, the corresponding distribution of the path key-value pair container is executed to the target packet and is operated, further includes:
The target packet is matched according to fast path key-value pair container, it, will be described if matching is unsuccessful Target packet is sent to path key-value pair container for the first time and is matched, to execute the path for the first time to the target packet The corresponding distribution operation of key-value pair container;
It wherein, will be corresponding after matching in the target packet after the key-value pair container of path for the first time completes matching Policy Result be sent to the fast path key-value pair container, with for the fast path key-value pair container carry out more Newly.
Fig. 3 is that the strategy of the key-value pair container of path for the first time provided in an embodiment of the present invention searches flow diagram, such as Fig. 3 institute Show, in embodiments of the present invention, the specific steps are as follows:
Step 301, corresponding cloud platform data and resource group information are obtained according to the header packet information of target packet;
Step 302, judge whether cloud platform data and resource group information contain Vlan, if so, step 303 is executed, if not having Have, thens follow the steps 304;
Step 303, a series of VlanPolicy is generated using SrcGroupIds+DstGroupIds+Vlan to inquire Key;
Step 304, it is generated using SrcGroupIds+DstGroupIds+SrcPorts+DstPorts a series of PortPolicy inquires Key;
Step 305, the Key generated according to step 304 and step 305, inquires plan in corresponding Maps [Protocol] Slightly;
Step 306, the strategy that will acquire is inserted into corresponding FastPolicyMap;
Step 307, the strategy that will acquire merges, and corresponding distribution is operated and is returned, to target packet It is distributed.
Through the above steps, target packet is distributed by FirstPathMap, it should be noted that FirstPathMap includes:
[proto]map[SrcGroupId+DstGroupId+SrcPort+DstPort]action;
map[SrcGroupId+DstGroupId+vlan]action;
Specifically, the distribution procedure of FirstPathMap is illustrated in one embodiment through the invention, firstly, Target packet is obtained, the corresponding information of target packet are as follows: under Transmission Control Protocol, from mac1:ip1:port1 to mac2:ip2: port2;Then, corresponding interface is obtained by interface key-value pair container according to mac1+ip1 and mac2+ip2 respectively (interface) 1 and interface2;According to the port of interface1 and interface2 corresponding resource group and target packet And protocol fields, it is inquired in InterestMaps, if result is false, corresponding field 0 inquires and obtains source money Source group 10, purpose resource group are 20, source port 0, destination port port2, agreement 0;By FirstPathMap to looking into It askes result to be matched, is expressed as [0] map [10+20+0+port2] action1, to get matching result, and will correspond to Distribution operate return, to be distributed to target packet;Finally, matching result is added in FastPathMap.
The embodiment of the present invention passes through inquire FirstPathMap according to the change of virtual machine configuration information in cloud platform Strategy is inserted into FastPolicyMap, timely adjustresources group and strategy configuration, while passing through two different accessed paths, Realize the accurate matching of packet delivery and strategy.
On the basis of the above embodiments, it is described according to fast path key-value pair container to the target packet carry out Match, if matching is unsuccessful, sends path key-value pair container for the first time for the target packet and match, to the mesh It marks data packet and executes the corresponding distribution operation of the path key-value pair container for the first time, comprising:
It is searched according to field of the interest key-value pair container to the target packet, is obtained according to lookup result judgement Know, if the field of the target packet is not found in the interest key-value pair container, according to the money of the data packet Source group ID generates corresponding key, for being updated to the key-value pair container of path for the first time, the target packet to be sent out It is sent to the updated key-value pair container of path for the first time to be matched, to execute updated path for the first time to the target packet The corresponding distribution operation of key-value pair container.
In embodiments of the present invention, interest key-value pair container (InterestMaps) carries out initialization process to strategy, and GroupIds, Protocol and Ports field in recording strategy, wherein in InterestMaps, including 3 Map, point Not are as follows:
map[GroupId]bool;
map[Protocol]bool;
map[Port]bool。
Before target packet is inquired in FirstPathMap, corresponding field is first passed through in InterestMaps It is inquired, if not finding corresponding field in InterestMaps, 0 (matching full acquisition strategies) is set to, then in conjunction with cloud Platform finds the GroupIds of the target packet, a series of Keys for searching FirstPathMap is generated, to be used for FirstPathMap is updated.
On the basis of the above embodiments, data packet to be distributed is obtained according to interface key-value pair container described, it is described Interface key-value pair container is obtained by the MAC Address and IP address of virtual machine, the method also includes:
Packet delivery strategy matching condition is obtained, the packet delivery policy condition includes source resource group ID, purpose Resource group ID, IP agreement, virtual LAN, source port and destination port;
According to the packet delivery policy condition, corresponding key-value pair container is generated.
In embodiments of the present invention, first under policy send out after, according in strategy SrcGroupIds, DstGroupIds, SrcPorts, DstPorts generate a series of corresponding Key, then pass through the protocol field of strategy It is stored to carry out a point table, to generate corresponding Map.
On the basis of the above embodiments, the key-value pair container include interface key-value pair container, interest key-value pair container, IP address mask key-value pair container, for the first time path key-value pair container and fast path key-value pair container.
On the basis of the above embodiments, described according to the packet delivery policy condition, generate corresponding key-value pair Container, comprising:
Cloud platform information and resource group information are handled by hash algorithm, obtain the interface key-value pair container, The cloud platform information includes the MAC Address and IP address of virtual machine;
According to the source resource group ID of packet delivery policy condition, purpose resource group ID, IP agreement, virtual LAN, source Port and destination port generate corresponding key, for obtaining path key-value pair container for the first time;
According to the IP mask pair of cloud platform information and resource group information, the IP address mask key-value pair container is generated, and Fast path key-value pair container is got according to the IP address mask key-value pair container.
Fig. 4 is the structural schematic diagram of cloud platform packet capture dissemination system provided in an embodiment of the present invention, such as Fig. 4 institute Show, the embodiment of the invention provides a kind of cloud platform packet capture dissemination systems, comprising: processing module 401 and distribution module 402, wherein processing module 401 obtains number of targets to be distributed for handling according to interface key-value pair container data packet According to packet, the interface key-value pair container is obtained by the MAC Address and IP address of virtual machine;Distribution module 402 is used for according to road Diameter key-value pair container matches the target packet, and according to matching result, to described in target packet execution The corresponding distribution operation of path key-value pair container.
A kind of cloud platform packet delivery system provided in an embodiment of the present invention, by by the virtual machine in cloud platform MAC Address and IP address are associated as a resource group ID, carry out tactful configuration by resource group, improve the accurate of strategy matching The distribution efficiency of degree and data packet.
On the basis of the above embodiments, the distribution module 402 includes: fast path Dispatching Unit, for according to fast Fast path key-value pair container matches the target packet, if successful match, executes institute to the target packet State the corresponding distribution operation of fast path key-value pair container.
On the basis of the above embodiments, the distribution module 402 further include: path Dispatching Unit and fast path for the first time Updating unit, wherein path Dispatching Unit in the target packet in fast path key-value pair container for matching for the first time When failure, path key-value pair container for the first time is sent by the target packet and is matched, to hold to the target packet The corresponding distribution operation of the row path key-value pair container for the first time;Fast path updating unit in the target packet for existing After the key-value pair container of path for the first time completes matching, the fast path key assignments is sent by Policy Result corresponding after matching To container, for being updated to the fast path key-value pair container.
On the basis of the above embodiments, the Dispatching Unit of path for the first time includes: routing update subelement for the first time, is used for It is searched, is known according to lookup result judgement, if in institute according to field of the interest key-value pair container to the target packet The field for not finding the target packet in interest key-value pair container is stated, then is generated according to the resource group ID of the data packet Corresponding key, to be used to be updated the key-value pair container of path for the first time, after sending update for the target packet The key-value pair container of path for the first time matched, to execute the updated key-value pair container of path for the first time to the target packet Corresponding distribution operation.
On the basis of the above embodiments, the system also includes: strategy obtains module and key-value pair container generation module, Wherein, strategy obtains module for obtaining packet delivery strategy matching condition, and the packet delivery policy condition includes source Resource group ID, purpose resource group ID, IP agreement, virtual LAN, source port and destination port;Key-value pair container generation module is used According to the packet delivery policy condition, corresponding key-value pair container is generated, the key-value pair container includes interface key assignments To container, interest key-value pair container, IP address mask key-value pair container, for the first time path key-value pair container and fast path key-value pair Container.
On the basis of the above embodiments, key-value pair generation module includes: interface key-value pair container generation unit, for the first time road Diameter key-value pair container generation unit and fast path key-value pair container generation unit, wherein interface key-value pair container generation unit For handling by hash algorithm cloud platform information and resource group information, the interface key-value pair container is obtained, it is described Cloud platform information includes the MAC Address and IP address of virtual machine;Path key-value pair container generation unit is used for according to data for the first time Source resource group ID, purpose resource group ID, IP agreement, virtual LAN, source port and the destination port of packet distribution policy condition are raw At corresponding key, for obtaining path key-value pair container for the first time;Fast path key-value pair container generation unit is used for according to cloud The IP mask pair of platform information and resource group information generates the IP address mask key-value pair container, and according to the IP address Mask key-value pair container gets fast path key-value pair container.
System provided in an embodiment of the present invention is for executing above-mentioned each method embodiment, detailed process and detailed content Above-described embodiment is please referred to, details are not described herein again.
Fig. 5 is electronic devices structure schematic diagram provided in an embodiment of the present invention, as shown in figure 5, the electronic equipment can wrap It includes: processor (Processor) 501, communication interface (Communications Interface) 502, memory (Memory) 503 and communication bus 504, wherein processor 501, communication interface 502, memory 503 are completed mutually by communication bus 504 Between communication.Processor 501 can call the logical order in memory 503, to execute following method: according to interface key-value pair Container handles data packet, obtains target packet to be distributed, the MAC that the interface key-value pair container passes through virtual machine Address and IP address obtain;The target packet is matched according to path key-value pair container, and according to matching result, it is right The target packet executes the corresponding distribution operation of the path key-value pair container.
In addition, the logical order in above-mentioned memory 503 can be realized by way of SFU software functional unit and conduct Independent product when selling or using, can store in a computer readable storage medium.Based on this understanding, originally Substantially the part of the part that contributes to existing technology or the technical solution can be in other words for the technical solution of invention The form of software product embodies, which is stored in a storage medium, including some instructions to So that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation of the present invention The all or part of the steps of example the method.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. it is various It can store the medium of program code.
The embodiment of the present invention discloses a kind of computer program product, and the computer program product is non-transient including being stored in Computer program on computer readable storage medium, the computer program include program instruction, when described program instructs quilt When computer executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, according to interface key assignments Container handles data packet, obtains target packet to be distributed, the interface key-value pair container passes through virtual machine MAC Address and IP address obtain;The target packet is matched according to path key-value pair container, and is tied according to matching Fruit executes the corresponding distribution of the path key-value pair container to the target packet and operates.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium The instruction of matter storage server, the computer instruction make computer execute cloud platform packet capture provided by above-described embodiment point Forwarding method, for example, data packet is handled according to interface key-value pair container, obtains target packet to be distributed, institute Interface key-value pair container is stated to obtain by the MAC Address and IP address of virtual machine;According to path key-value pair container to the target Data packet is matched, and according to matching result, executes described corresponding point of path key-value pair container to the target packet Hair operation.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (10)

1. a kind of cloud platform packet delivery method characterized by comprising
Data packet is handled according to interface key-value pair container, obtains target packet to be distributed, the interface key-value pair Container is obtained by the MAC Address and IP address of virtual machine;
The target packet is matched according to path key-value pair container, and according to matching result, to the target data Packet executes the corresponding distribution operation of the path key-value pair container.
2. cloud platform packet delivery method according to claim 1, which is characterized in that described to be held according to path key-value pair Device matches the target packet, and according to matching result, executes the path key-value pair to the target packet The corresponding distribution operation of container, comprising:
The target packet is matched according to fast path key-value pair container, if successful match, to the number of targets The corresponding distribution operation of the fast path key-value pair container is executed according to packet.
3. cloud platform packet delivery method according to claim 2, which is characterized in that described to be held according to path key-value pair Device matches the target packet, and according to matching result, executes the path key-value pair to the target packet The corresponding distribution operation of container, further includes:
The target packet is matched according to fast path key-value pair container, if matching is unsuccessful, by the target Data packet is sent to path key-value pair container for the first time and is matched, to execute the path key assignments for the first time to the target packet Distribution operation corresponding to container;
Wherein, in the target packet after the key-value pair container of path for the first time completes matching, by plan corresponding after matching Slightly result is sent to the fast path key-value pair container, for being updated to the fast path key-value pair container.
4. cloud platform packet delivery method according to claim 3, which is characterized in that described according to fast path key assignments Container matches the target packet, if matching is unsuccessful, sends path for the first time for the target packet Key-value pair container is matched, and is grasped with executing the corresponding distribution of the path key-value pair container for the first time to the target packet Make, comprising:
It is searched according to field of the interest key-value pair container to the target packet, is known according to lookup result judgement, if The field of the target packet is not found in the interest key-value pair container, then according to the resource group ID of the data packet Corresponding key is generated, to send the target packet to more for being updated to the key-value pair container of path for the first time The key-value pair container of path for the first time after new is matched, to execute updated path key-value pair for the first time to the target packet The corresponding distribution operation of container.
5. cloud platform packet delivery method according to claim 1, which is characterized in that described according to interface key-value pair Container obtains data packet to be distributed, and the interface key-value pair container is obtained by the MAC Address and IP address of virtual machine, institute State method further include:
Packet delivery strategy matching condition is obtained, the packet delivery policy condition includes source resource group ID, purpose resource Group ID, IP agreement, virtual LAN, source port and destination port;
According to the packet delivery policy condition, corresponding key-value pair container is generated.
6. cloud platform packet delivery method according to claim 5, which is characterized in that the key-value pair container includes connecing Mouth key-value pair container, interest key-value pair container, IP address mask key-value pair container, for the first time path key-value pair container and fast path Key-value pair container.
7. cloud platform packet delivery method according to claim 6, which is characterized in that described according to the data packet point Policy condition is sent out, corresponding key-value pair container is generated, comprising:
Cloud platform information and resource group information are handled by hash algorithm, obtain the interface key-value pair container, it is described Cloud platform information includes the MAC Address and IP address of virtual machine;
According to the source resource group ID of packet delivery policy condition, purpose resource group ID, IP agreement, virtual LAN, source port Corresponding key is generated with destination port, for obtaining path key-value pair container for the first time;
According to the IP mask pair of cloud platform information and resource group information, the IP address mask key-value pair container is generated, and according to The IP address mask key-value pair container gets fast path key-value pair container.
8. a kind of cloud platform packet delivery system characterized by comprising
Processing module obtains target packet to be distributed, institute for handling according to interface key-value pair container data packet Interface key-value pair container is stated to obtain by the MAC Address and IP address of virtual machine;
Distribution module, it is right for being matched according to path key-value pair container to the target packet, and according to matching result The target packet executes the corresponding distribution operation of the path key-value pair container.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that the processor is realized when executing described program such as any one of claim 1 to 7 the method Step.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer It is realized when program is executed by processor such as the step of any one of claim 1 to 7 the method.
CN201910308684.4A 2019-04-17 2019-04-17 Cloud platform data packet distribution method and system Active CN110061921B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910308684.4A CN110061921B (en) 2019-04-17 2019-04-17 Cloud platform data packet distribution method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910308684.4A CN110061921B (en) 2019-04-17 2019-04-17 Cloud platform data packet distribution method and system

Publications (2)

Publication Number Publication Date
CN110061921A true CN110061921A (en) 2019-07-26
CN110061921B CN110061921B (en) 2021-07-06

Family

ID=67317805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910308684.4A Active CN110061921B (en) 2019-04-17 2019-04-17 Cloud platform data packet distribution method and system

Country Status (1)

Country Link
CN (1) CN110061921B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719345A (en) * 2019-10-25 2020-01-21 苏州浪潮智能科技有限公司 Virtual machine MAC address generation method, system, equipment and computer medium
CN111181861A (en) * 2020-01-13 2020-05-19 山东汇贸电子口岸有限公司 Policy routing implementation method and device
CN114615022A (en) * 2022-02-17 2022-06-10 奇安信科技集团股份有限公司 Cloud internal flow traction method and device
CN116032929A (en) * 2023-03-30 2023-04-28 阿里巴巴(中国)有限公司 Data processing system, method and equipment

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080040351A1 (en) * 2006-08-10 2008-02-14 Samsung Electronics Co., Ltd. Method and apparatus for managing content using remote user interface
CN104346401A (en) * 2013-08-08 2015-02-11 中国电信股份有限公司 Method and device for message forwarding between components in cloud management platform
CN105282141A (en) * 2015-09-08 2016-01-27 北京元心科技有限公司 Method for detecting security of wireless network accessed by intelligent terminal and intelligent terminal
CN105791402A (en) * 2016-03-02 2016-07-20 付宏伟 Network virtualization realization method of cloud computing platform and corresponding plug-in and agent
CN106161277A (en) * 2016-06-29 2016-11-23 合肥民众亿兴软件开发有限公司 A kind of parallel network flow sorting technique based on body
CN106209563A (en) * 2016-08-07 2016-12-07 付宏伟 A kind of cloud computing platform network virtualization implementation method and accordingly plug-in unit and agency
CN106506240A (en) * 2016-12-09 2017-03-15 上海斐讯数据通信技术有限公司 A kind of method of cloud terminal batch configuration and cloud terminal management system
CN106911779A (en) * 2017-02-27 2017-06-30 郑州云海信息技术有限公司 A kind of cloud platform virtual machine obtains IP method and devices
CN107391502A (en) * 2016-05-16 2017-11-24 阿里巴巴集团控股有限公司 The data query method, apparatus and index structuring method of time interval, device
CN107547242A (en) * 2017-05-24 2018-01-05 新华三技术有限公司 The acquisition methods and device of VM configuration informations
CN107612843A (en) * 2017-09-27 2018-01-19 国云科技股份有限公司 A kind of method for preventing cloud platform IP and MAC from forging
CN109039687A (en) * 2017-06-12 2018-12-18 北京信威通信技术股份有限公司 Load-balancing method, device, system, equipment and the storage medium of request
CN109240796A (en) * 2018-08-10 2019-01-18 新华三云计算技术有限公司 Virtual machine information acquisition methods and device

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080040351A1 (en) * 2006-08-10 2008-02-14 Samsung Electronics Co., Ltd. Method and apparatus for managing content using remote user interface
CN104346401A (en) * 2013-08-08 2015-02-11 中国电信股份有限公司 Method and device for message forwarding between components in cloud management platform
CN105282141A (en) * 2015-09-08 2016-01-27 北京元心科技有限公司 Method for detecting security of wireless network accessed by intelligent terminal and intelligent terminal
CN105791402A (en) * 2016-03-02 2016-07-20 付宏伟 Network virtualization realization method of cloud computing platform and corresponding plug-in and agent
CN107391502A (en) * 2016-05-16 2017-11-24 阿里巴巴集团控股有限公司 The data query method, apparatus and index structuring method of time interval, device
CN106161277A (en) * 2016-06-29 2016-11-23 合肥民众亿兴软件开发有限公司 A kind of parallel network flow sorting technique based on body
CN106209563A (en) * 2016-08-07 2016-12-07 付宏伟 A kind of cloud computing platform network virtualization implementation method and accordingly plug-in unit and agency
CN106506240A (en) * 2016-12-09 2017-03-15 上海斐讯数据通信技术有限公司 A kind of method of cloud terminal batch configuration and cloud terminal management system
CN106911779A (en) * 2017-02-27 2017-06-30 郑州云海信息技术有限公司 A kind of cloud platform virtual machine obtains IP method and devices
CN107547242A (en) * 2017-05-24 2018-01-05 新华三技术有限公司 The acquisition methods and device of VM configuration informations
CN109039687A (en) * 2017-06-12 2018-12-18 北京信威通信技术股份有限公司 Load-balancing method, device, system, equipment and the storage medium of request
CN107612843A (en) * 2017-09-27 2018-01-19 国云科技股份有限公司 A kind of method for preventing cloud platform IP and MAC from forging
CN109240796A (en) * 2018-08-10 2019-01-18 新华三云计算技术有限公司 Virtual machine information acquisition methods and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719345A (en) * 2019-10-25 2020-01-21 苏州浪潮智能科技有限公司 Virtual machine MAC address generation method, system, equipment and computer medium
CN111181861A (en) * 2020-01-13 2020-05-19 山东汇贸电子口岸有限公司 Policy routing implementation method and device
CN114615022A (en) * 2022-02-17 2022-06-10 奇安信科技集团股份有限公司 Cloud internal flow traction method and device
CN116032929A (en) * 2023-03-30 2023-04-28 阿里巴巴(中国)有限公司 Data processing system, method and equipment

Also Published As

Publication number Publication date
CN110061921B (en) 2021-07-06

Similar Documents

Publication Publication Date Title
CN110061921A (en) A kind of cloud platform packet delivery method and system
US10411966B2 (en) Host network analyzer
KR101969194B1 (en) Offloading packet processing for networking device virtualization
CN109952746A (en) Physics and virtual network function are integrated in business chain network environment
CN103595648B (en) Method and system for balancing load at receiving side of server
US20180069833A1 (en) Regional firewall clustering in a networked computing environment
US9871720B1 (en) Using packet duplication with encapsulation in a packet-switched network to increase reliability
CN106254256B (en) Data message forwarding method and equipment based on three layers of VXLAN gateway
US11343187B2 (en) Quantitative exact match distance in network flows
CN109547580A (en) A kind of method and apparatus handling data message
CN109804607A (en) The system and method statelessly handled in fault-tolerant micro services environment
US9270636B2 (en) Neighbor lookup operations in a network node
CN104769912A (en) Method and device for data flow processing
CN104734955A (en) Network function virtualization implementation method, wide-band network gateway and control device
CN104811382A (en) Data packet processing method and device
US20230024408A1 (en) Efficient flow management utilizing control packets
CN105939284A (en) Message control strategy matching method and device
CN113630301B (en) Data transmission method, device and equipment based on intelligent decision and storage medium
US20220174081A1 (en) Monitoring of abnormal host
Bansal et al. Disaggregating stateful network functions
US8539547B2 (en) Policy selector representation for fast retrieval
US10341292B2 (en) Increased port address space
US20140068088A1 (en) Systems and methods for processing media access control (mac) addresses
EP3610615B1 (en) Packet batch processing with graph-path based pre-classification
CN113746950A (en) Method, system, computer device and storage medium for pre-detecting IP address conflict

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant