CN116708355A

CN116708355A - Communication method and cloud computing service platform

Info

Publication number: CN116708355A
Application number: CN202310934109.1A
Authority: CN
Inventors: 邵建波
Original assignee: China United Network Communications Group Co Ltd; Unicom Digital Technology Co Ltd; Unicom Cloud Data Co Ltd
Current assignee: China United Network Communications Group Co Ltd; Unicom Digital Technology Co Ltd; Unicom Cloud Data Co Ltd
Priority date: 2023-07-27
Filing date: 2023-07-27
Publication date: 2023-09-05

Abstract

In the communication method and the cloud computing service platform provided by the application, the cloud computing service platform comprises: the system comprises a core device, at least one network server and at least one computing server; the network server comprises a CPU, network forwarding equipment and an address processing network bridge, and the method comprises the following steps: the core equipment transmits the processing request sent by the external gateway and the computing server corresponding to the core equipment to the corresponding network forwarding equipment; the network forwarding equipment forwards the address conversion request to an address processing network bridge when the processing request is the address conversion request; and forwarding the processing request to the CPU when the processing request is not an address translation request; and the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding equipment. The application can improve the address conversion processing efficiency, thereby reducing the communication delay.

Description

Communication method and cloud computing service platform

Technical Field

The present application relates to the field of communications, and in particular, to a communication method and a cloud computing service platform.

Background

The cloud computing service platform may create a virtual shared resource pool that provides computing, data storage, and network services over the internet. The cloud computing service platform comprises a network server and a computing server, wherein the computing server uses a virtualization technology to create a plurality of virtual machines on a single server so as to be capable of running separate operating systems and application programs for different clients on one physical server. When the virtual machine in the cloud computing service platform communicates with external network equipment outside the platform, the external network equipment cannot identify the IP address of the virtual machine, so that address conversion processing is required to be carried out on communication data during communication.

In the related art, a CPU of a web server is called through a namespace on an operating system of the web server, and the CPU performs address conversion processing based on a naming rule of the namespace, so as to implement communication between a virtual machine and external network equipment.

However, address conversion processing in the related art is inefficient, resulting in a higher communication delay.

Disclosure of Invention

The application provides a communication method and a cloud computing service platform, which are used for solving the technical problem of higher communication delay caused by lower address conversion processing efficiency in the related technology.

In a first aspect, the present application provides a communication method applied to a cloud computing service platform, where the cloud computing service platform includes: the system comprises a core device, at least one network server and at least one computing server; each computing server corresponds to a network server, the computing server comprises at least one virtual machine, the network server comprises a CPU, network forwarding equipment and an address processing network bridge, and the method comprises the following steps: the core equipment transmits a processing request sent by an external gateway and a computing server corresponding to the core equipment to corresponding network forwarding equipment; the network forwarding equipment receives a processing request, and forwards the address conversion request to an address processing network bridge if the processing request is an address conversion request; if the processing request is not an address conversion request, forwarding the processing request to a CPU; the CPU executes corresponding processing according to the received processing request; and the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding equipment.

In some embodiments, the address translation request is issued by the virtual machine to the target external gateway; the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding device, including: the address processing network bridge modifies the source IP address of the communication data packet in the address conversion request from the IP address of the virtual machine to the public IP address of the network server by calling the first flow table, and modifies the destination MAC address of the communication data packet to the MAC address of the target external gateway to obtain an address conversion processing result; and the address processing network bridge returns the address conversion processing result to the network forwarding equipment so that the network forwarding equipment sends the address conversion processing result to the target external gateway through the core equipment.

In some embodiments, the address translation request is issued by the external gateway to a target virtual machine; the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding device, including: the address processing network bridge modifies the destination IP address of the communication data packet in the address conversion request from the public IP address of the network server to the IP address of the target virtual machine by calling the first flow table, and changes the destination MAC address of the communication data packet to the MAC address of the target virtual machine to obtain an address conversion processing result; and the address processing network bridge returns the address conversion processing result to the network forwarding equipment so that the network forwarding equipment sends the address conversion processing result to the target virtual machine through the core equipment.

In some embodiments, the network switching device comprises a qr port, a qg port, and a Sg port; the address processing network bridge comprises a first port corresponding to the qr port, a second port corresponding to the qg port and a third port corresponding to the Sg port.

In some embodiments, the first flow table comprises a plurality of sub-flow tables; the address processing bridge modifies the source IP address of the communication data packet in the address conversion request from the IP address of the virtual machine to the public IP address of the network server by calling the first flow table, and modifies the destination MAC address of the communication data packet to the MAC address of the target external gateway, thereby obtaining an address conversion processing result, including: receiving a communication data packet in an address conversion request through the first port, and calling a first sub-flow table to call a second sub-flow table aiming at the communication data packet with an access port being the first port and a source IP address being the internal IP address of the network server; the second sub-flow table is called, a source MAC address is modified to be the MAC address of the first port for a communication data packet with the destination MAC address being the MAC address of the port of the address processing network bridge, the destination MAC address is modified to be the MAC address of the third port, and the modified communication data packet is sent to the network forwarding equipment through the first port; the communication data packet is received through the third port, the first sub-flow table is called, and the marking value of the communication data packet is given as a first value for the communication data packet with the destination MAC address being the MAC address of the third port and the source IP address being the internal IP address of the network server by calling the first sub-flow table, and the third sub-flow table is called; when the marking value is a first value, the communication data packet is characterized as being sent by the virtual machine; the third sub-flow table is called, and a source IP address is modified from the IP address of the virtual machine to the public IP address of the network server and a source MAC address is modified to the MAC address of the address processing network bridge aiming at the communication data packet with the marked value as the first value; and modifying a destination MAC address into the MAC address of the external gateway by calling the fourth sub-flow table aiming at the communication data packet with the marking value of the first value and the source IP address of the public IP address of the network server, obtaining an address conversion processing result, and sending the address conversion processing result from the second port to the network forwarding equipment.

In some embodiments, the first flow table comprises a plurality of sub-flow tables; the address processing bridge modifies the destination IP address of the communication data packet in the address conversion request from the public IP address of the network server to the IP address of the target virtual machine by calling the first flow table, and changes the destination MAC address of the communication data packet to the MAC address of the target virtual machine, thereby obtaining an address conversion processing result, including: receiving a communication data packet in an address conversion request through the second port, calling a first sub-flow table, and calling a fifth sub-flow table by calling the first flow table, wherein the marking value of the communication data packet is given to a second value for the communication data packet of which the access port is the second port and the destination IP address is the internal IP address of the network server; when the marking value is a second value, the communication data packet is represented to be sent by the external gateway; the fifth sub-flow table is called, and a destination IP address is modified from the public IP address of the network server to the IP address of the target virtual machine for the communication data packet with the second marking value and the public IP address of the network server, and a sixth sub-flow table is called; modifying a source MAC address into the MAC address of the third port and modifying a destination address into the MAC address of the virtual machine by calling the sixth substream table aiming at the communication data packet with the marking value of the second value and the destination IP address of the virtual machine IP address; calling a seventh substream table; and calling the seventh sub-flow table, and sending the communication data packet with the destination MAC address being the MAC address of the virtual machine to the network forwarding equipment through the first port.

In a second aspect, the present application provides a cloud computing service platform, including: the system comprises a core device, at least one network server and at least one computing server; each computing server corresponds to one network server, each computing server comprises at least one virtual machine, each network server comprises a CPU, network forwarding equipment and an address processing network bridge, and the core equipment is used for transmitting processing requests sent by an external gateway and the computing server corresponding to the core equipment to the corresponding network forwarding equipment; the network forwarding device is configured to receive a processing request, and if the processing request is an address conversion request, forward the address conversion request to an address processing bridge; if the processing request is not an address conversion request, forwarding the processing request to a CPU; the CPU is used for executing corresponding processing according to the received processing request; the address processing network bridge is used for executing address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returning the address conversion processing result to the network forwarding equipment.

In some embodiments, the address translation request is issued by the virtual machine to the target external gateway; the address processing network bridge is specifically configured to modify, by invoking the first flow table, a source IP address of a communication data packet in the address conversion request from an IP address of the virtual machine to a public IP address of the network server, and modify a destination MAC address of the communication data packet to a MAC address of a target external gateway, so as to obtain an address conversion processing result; the address processing network bridge is specifically further configured to return the address conversion processing result to the network forwarding device, so that the network forwarding device sends the address conversion processing result to the target external gateway through the core device.

In the communication method and the cloud computing service platform provided by the application, the network forwarding equipment receives the processing request, and if the processing request is an address conversion request, the address conversion request is forwarded to the address processing network bridge; if the processing request is not the address conversion request, forwarding the address conversion request to the CPU; and the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding equipment. The application executes address conversion processing based on the first flow table of the local configuration of the address processing network bridge, the address processing network bridge has independent processing and operation capability and is specially used for executing the address conversion processing, compared with a CPU (central processing unit) which needs to process a large amount of processing requests, the speed of executing the address conversion processing of the address processing network bridge is faster, thus the application can improve the address conversion processing efficiency and reduce the communication delay.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.

FIG. 1 is a schematic diagram of a cloud computing platform in an example;

fig. 2 is a schematic structural diagram of a cloud computing service platform according to an embodiment of the present application;

FIG. 3 is a flow chart of a communication method according to an embodiment of the present application;

FIG. 4 is a second flow chart of a communication method according to an embodiment of the present application;

fig. 5 is a flow chart of a communication method according to an embodiment of the present application;

fig. 6 is a schematic structural diagram II of a cloud computing service platform according to an embodiment of the present application;

fig. 7 is a schematic structural diagram III of a cloud computing service platform according to an embodiment of the present application.

Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.

Detailed Description

Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.

The terms involved in the present application will be explained as follows:

OpenFlow is a network communication protocol applied to communication between a controller and a repeater in an SDN architecture. One core idea of the software defined network SDN is "forwarding and control separation", and to implement the forwarding and control separation, a communication interface standard needs to be established between the controller and the repeater, so as to allow the controller to directly access and control the forwarding plane of the repeater. OpenFlow introduces the concept of a "flow table" through which a forwarder directs the forwarding of communication packets. The controller deploys the corresponding flow table on the forwarder through the interface provided by the OpenFlow, so as to realize the control of the forwarding plane.

MAC address: known collectively as medium access control addresses (Media Access Control Address, MAC for short), also known as local area network addresses, ethernet addresses or physical addresses. The MAC address is used to uniquely identify a network card in the network, and if one or more network cards exist in a device, each network card needs and has a unique MAC address.

IP address: the internet protocol address (Internet Protocol Address, abbreviated as IP address), which is a unified address format provided by the IP address protocol, assigns a logical address to each network and each host on the internet, thereby masking the difference in physical addresses.

The application scenario and technical problems of the present application will be described in the following by way of example:

fig. 1 is a schematic structural diagram of a cloud computing platform in an example, as shown in fig. 1, where the cloud computing service platform includes a core device 30, a computing server 40 and a network server 50, and the core device 30 is connected between the computing server 40 and the network server 50. Wherein the computing server 40 includes a plurality of virtual machines 41, each virtual machine 41 configuring a separate operating system and application program for use by a user; the network server 50 includes a network forwarding device 51 and a CPU54, and the network server 50 is configured to implement traffic forwarding. The cloud computing service platform is also connected to external network devices 10 through external gateway 20. The external gateway is a router or switch that is directly connected to core device 30.

In the scenario where the virtual machine 41 communicates with the external network device 10, since the external network device 10 cannot identify the IP address of the virtual machine 41, address conversion (Source network address translation, simply referred to as SNAT) is required for the communication data in the communication process, so as to implement communication between the external network device 10 and the virtual machine 41 based on the converted address. With continued reference to fig. 1, when the virtual machine 41 transmits communication data to the external network device 10, the virtual machine 41 needs to transmit the communication data to the web server 50 through the core device 30, and the web server 50 performs address conversion processing on the communication data and then transmits the address-converted communication data to the external gateway 20 to access the external network device 10 through the external gateway 20. When the external network device 10 sends communication data to the virtual machine 41, the communication data enters the network server 50 through the external gateway 20 and the core device 30, the network server 50 performs address conversion processing on the communication data, and then sends the address-converted communication data to the corresponding virtual machine 41.

In the related art, with continued reference to fig. 1, the network server includes a network forwarding device 51 and a CPU54, a router namespace 52 (qrouter namespace, qrouter-ns for short) and a source address translation namespace 53 (source network address translation, snat-ns for short) are created on an operating system of the network server, the CPU54 is invoked by the qrouter-ns52 and the snat-ns53, and the CPU54 performs address translation processing based on a route lookup policy of the qrouter-ns53 and an IP address table Iptables of the operating system, so as to implement communication between the virtual machine 41 and the external network device 10. However, address conversion processing in the related art is inefficient, resulting in a higher communication delay.

The application provides a communication method, which aims to solve the technical problems in the prior art.

The following describes the technical scheme of the present application and how the technical scheme of the present application solves the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.

The application provides a communication method, which is applied to a cloud computing service platform, fig. 2 is a schematic structural diagram of the cloud computing service platform provided by the embodiment of the application, fig. 2 shows a part of the structure of the cloud computing service platform, other structures which are not related to the application are not shown, as shown in fig. 2, the cloud computing service platform comprises: the core device 30, at least one network server 50 and at least one computing server 40 (only one network server 50 and one computing server 40 are shown in fig. 2), wherein the core device 30 may be a central switch, and the central switch is connected to the network server 50 and the computing server 40 through corresponding access devices, respectively. Each computing server 40 corresponds to one network server 50, the computing server 40 includes at least one virtual machine 41, the network server 50 includes a CPU54, a network forwarding device 51, and an address processing bridge 55, and the network forwarding device 51 may include an integrated bridge 513, an external bridge 512, and a physical network card 511, where the core device 30 is sequentially connected to the physical network card, the external bridge, and the integrated bridge.

The address processing bridge 55 may be an Open source virtual switch (OVS for short), or may be a physical switch, supporting flow table protocol management, and may be equipped with an intelligent network card, having independent processing and operation capabilities, and capable of implementing forwarding of a received data packet or changing an address of the data packet based on a flow table.

Fig. 3 is a flow chart of a communication method according to an embodiment of the present application, as shown in fig. 3, the communication method provided in this embodiment includes:

s301, the core equipment transmits a processing request sent by an external gateway and a computing server corresponding to the core equipment to corresponding network forwarding equipment;

s302, the network forwarding equipment receives a processing request, and forwards the address conversion request to an address processing network bridge if the processing request is an address conversion request; if the processing request is not an address conversion request, forwarding the processing request to a CPU;

s303, the CPU executes corresponding processing according to the received processing request;

s304, the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding device.

In this embodiment, the core device receives a processing request sent by the external gateway, and the network forwarding device determines whether the received processing request is an address conversion request, sends the address conversion request to the address processing bridge, and sends the processing request that is not the address conversion request to the CPU.

For example, in the processing request received by the network forwarding device, if the processing request is sent by the external gateway to the virtual machine or sent by the virtual machine to the external gateway, the processing request may be determined to be an address translation request, otherwise, the processing request is determined not to be an address translation request.

The CPU executes corresponding processing according to the received processing request. The address processing network bridge executes address conversion processing based on the first flow table locally configured by the address processing network bridge according to the received address conversion request and based on the first flow table locally configured by the address processing network bridge, and returns the address conversion processing result to the network forwarding device. That is, in this embodiment, the address change requests in the communication process are all processed by the address processing network bridge, and the CPU is only used for processing other processing requests, so that on one hand, the computing resource of the CPU can be released, the processing pressure of the CPU can be relieved, and further, the speed of the CPU for processing other processing requests can be improved; on the other hand, the address processing network bridge can be provided with an intelligent network card which is good at address conversion processing, and has independent processing and operation capability.

In this embodiment, different address changing processes may be performed according to different address conversion requests, and an exemplary description will be made below.

In some examples, fig. 4 is a second flowchart of a communication method provided by the embodiment of the present application, as shown in fig. 4, where the address conversion request is sent by the virtual machine to the target external gateway; s304 includes:

s3041, the address processing network bridge modifies the source IP address of the communication data packet in the address conversion request from the IP address of the virtual machine to the public IP address of the network server by calling the first flow table, and modifies the destination MAC address of the communication data packet to the MAC address of the target external gateway to obtain an address conversion processing result;

s3042, the address processing network bridge returns the address conversion processing result to the network forwarding device, so that the network forwarding device sends the address conversion processing result to the target external gateway through the core device.

The address translation request in this example is issued by the virtual machine to the target external gateway, where the address translation request includes: the communication data packet comprises a source IP address, a target IP address, a source MAC address and a target MAC address of the data packet. It can be understood that, when the address conversion request is sent from the inside to the outside of the cloud computing service platform, the source IP address of the communication data packet is the IP address of the virtual machine, and the IP address of the virtual machine is a private IP address in the cloud computing service platform domain and cannot be identified by the external network, so that the source IP address of the communication data needs to be changed into the public IP address of the network server corresponding to the computing server where the virtual machine is located. In addition, in order to send the communication data packet out from the cloud computing service platform through the external gateway, the destination MAC address of the communication data packet needs to be changed into the MAC address of the target external gateway, so that the address-converted communication data packet, that is, the address conversion processing result, can be sent to the target external gateway based on the destination MAC address.

In this example, when there are a plurality of external gateways, an external gateway corresponding to each virtual machine may be exemplarily set, and the corresponding relationship is stored, and when the address processing bridge performs address conversion processing, the external gateway corresponding to the virtual machine is used as a target external gateway based on the corresponding relationship.

It should be further noted that, the address conversion processing result includes a communication data packet after address conversion, where the communication data packet further includes a domain name of the target external network device, the external gateway obtains an IP address of the target network device based on the domain name of the target network device, and sends the address conversion processing result to the target network device based on the IP address of the target network device, so as to implement communication between the virtual machine and the target network device.

An exemplary description of the transmission path of the address conversion request will be given below: in combination with fig. 2, the virtual machine sends a processing request, the processing request is forwarded to the network forwarding device through the core device, the network forwarding device determines that the processing request is an address conversion request and sends the address conversion request to the address processing network bridge, the address processing network bridge modifies a source IP address of a communication data packet in the address conversion request from an IP address of the virtual machine to a public IP address of the network server and modifies a destination MAC address of the communication data packet to a MAC address of the target external network gateway, so as to obtain an address conversion processing result, the address processing network bridge sends the address conversion processing result to the network server, the network server sends the address conversion processing result to the target external network device through the core device based on the destination MAC address thereof, and sends the address conversion processing result to the target external network device through the target external gateway so as to realize communication between the virtual machine and the target external network device.

In other examples, fig. 5 is a flowchart of a communication method according to an embodiment of the present application, as shown in fig. 5, where the address conversion request is sent by the external gateway to the target virtual machine; s304 includes:

s3043, the address processing network bridge modifies the destination IP address of the communication data packet in the address conversion request from the public IP address of the network server to the IP address of the target virtual machine by calling the first flow table, and changes the destination MAC address of the communication data packet to the MAC address of the target virtual machine to obtain an address conversion processing result;

s3044, the address processing network bridge returns the address conversion processing result to the network forwarding device, so that the network forwarding device sends the address conversion processing result to the target virtual machine through the core device.

The address translation request in this example is sent by the external gateway to the target virtual machine, and illustratively, the current address translation request may be sent by the target external network device in the above example based on the received address translation processing result, that is, the current address translation request may be regarded as a reply from the external network device to the request sent by the target virtual machine. The address processing network bridge converts the destination IP address of the communication data packet in the address conversion request into the IP address of the target virtual machine, converts the destination MAC address into the MAC address of the target virtual machine, obtains an address conversion processing result, sends the address conversion processing result to the network forwarding device, and sends the address conversion processing result to the target virtual machine through the core device based on the destination IP address and the destination MAC address of the address conversion processing result so as to realize communication between the external network device and the target virtual device.

As an example, the address processing bridge may store an address translation record of the communication packet in each address translation request and track each address translation request, and the address processing bridge may obtain the current address based on the address translation record and the tracking mechanism, e.g., the address processing bridge stores the IP address 10.10.10.120 of the virtual machine as the source IP address in the first address translation request, and converts the source IP address into the public IP address: 172.31.139.2, and by setting a corresponding identifier for the first address translation request, tracking the first address translation request, acquiring, based on the tracking identifier, that the second address translation request was issued by the external network device based on the first address translation request, and when performing address translation processing on the second address translation request, converting the source IP from 172.31.139.2 to 10.10.10.120 according to the address translation record.

In an example, fig. 6 is a schematic structural diagram of a second cloud computing service platform provided by the embodiment of the present application, and fig. 7 is a schematic structural diagram of a third cloud computing service platform provided by the embodiment of the present application, where, as shown in fig. 6 and fig. 7, a network conversion device 51 includes a qr port, a qg port, and a Sg port; the address processing network bridge comprises a first port corresponding to the qr port, a second port corresponding to the qg port and a third port corresponding to the Sg port. The first port may be an intp port, the second port may be an ex port, and the third port may be an sn port.

In this example, the qr port, the qg port, and the Sg port may be ports on an integrated bridge in the network forwarding device 51, where the network forwarding device is configured to forward the communication data packet when working in cooperation with the namespaces, and the ports are respectively corresponding to the ports of the two namespaces, the integrated bridge is locally configured with a second flow table, and the integrated bridge controls forwarding of the communication data packet based on the second flow table. In this embodiment, by setting three ports corresponding to the integrated bridge, the existing flow table rule of the integrated bridge may be utilized, and the port or the second flow table rule is not required to be changed for the integrated bridge, so that the universality of the integrated bridge may be improved, and meanwhile, the influence on other structures caused by the change of the scheme may be reduced.

In the following, an exemplary description will be given of a scheme in which the address processing network bridge performs address conversion processing based on the first flow table in different scenarios.

It should be noted that, in the embodiment of the present application, the first flow table defines a packet forwarding rule between ports on the bridge, and the first flow table may include a plurality of sub-flow tables, where each sub-flow table may include at least one matching condition and at least one processing rule, and the at least one matching condition and the at least one processing rule may be in one-to-one correspondence. The DVR can find out the matched target matching condition from the current called sub-stream table based on the information of the current communication data packet, and execute the processing rule corresponding to the target matching condition. If the target matching condition is not found, the communication data packet does not pass through the sub-flow table. It will be appreciated that the matching condition of the sub-flow table is used to screen out communication data packets that can pass through the sub-flow table, and the processing rule of the sub-flow table is used to determine how to process the screened communication data packets. The inventor designs a plurality of sub-stream tables based on the actual scene of the scheme, and the address processing network bridge processes the communication data packet by calling the corresponding designed sub-stream table so as to execute address conversion processing. Specific examples are as follows:

In some examples, S3041 includes:

receiving a communication data packet in an address conversion request through the first port, and calling a first sub-flow table to call a second sub-flow table aiming at the communication data packet with an access port being the first port and a source IP address being the internal IP address of the network server;

the second sub-flow table is called, a source MAC address is modified to be the MAC address of the first port for a communication data packet with the destination MAC address being the MAC address of the port of the address processing network bridge, the destination MAC address is modified to be the MAC address of the third port, and the modified communication data packet is sent to the network forwarding equipment through the first port;

the communication data packet is received through the third port, the first sub-flow table is called, and the marking value of the communication data packet is given as a first value for the communication data packet with the destination MAC address being the MAC address of the third port and the source IP address being the internal IP address of the network server by calling the first sub-flow table, and the third sub-flow table is called; when the marking value is a first value, the communication data packet is characterized as being sent by the virtual machine;

The third sub-flow table is called, and a source IP address is modified from the IP address of the virtual machine to the public IP address of the network server and a source MAC address is modified to the MAC address of the address processing network bridge aiming at the communication data packet with the marked value as the first value;

and modifying a destination MAC address into the MAC address of the external gateway by calling the fourth sub-flow table aiming at the communication data packet with the marking value of the first value and the source IP address of the public IP address of the network server, obtaining an address conversion processing result, and sending the address conversion processing result from the second port to the network forwarding equipment.

The present example illustratively describes a method of processing an address translation request issued by a virtual machine to an external gateway.

An exemplary description is made below in connection with an actual scenario: in connection with fig. 6, it should be noted that, in practical application, the MAC addresses of the ports corresponding to the network forwarding device and the address processing bridge are the same. When the address processing network bridge receives the communication data packet, the address processing network bridge will call the first sub-stream table table=1, wherein the address processing network bridge can receive one or a plurality of communication data packets. The source IP address of the communication data packet sent by the virtual machine is 10.10.10.120, the destination MAC address is the MAC address of the intp port, and the access port is the first port; the address processing network bridge finds out the target matching condition matched with the current communication data packet, specifically: aiming at the communication data packet with the access port being a first port and the source IP address being the internal IP address of the network server, the corresponding matching rule is as follows: a second substream table table=2 is called. Illustratively, the first substream table may include:

(matching condition) table=1, priority=25, ip address, in_port= "intp", dl_dst=fa:16:3e:75:90:20 (port MAC address), nw_src=10.10.10.0/24 (processing rules) actions=dec_ttl, resubmit (, 2).

The address processing bridge then determines, by invoking the second substream table table=2, and based on the target match condition for the second substream table table=2: and aiming at the communication data packet with the destination MAC address being the port of the address processing network bridge, modifying the source MAC address of the communication data packet sent by the virtual machine meeting the matching condition into the MAC address of the first port, modifying the destination MAC address into the MAC address of the third port, and sending the modified communication data packet to the network forwarding equipment through the first port. Illustratively, the second substream table may include:

(matching condition) table=2, priority=100, dl_dst=fa:16:3e:75:90:20 (processing rule) actions=mod_dl_src:fa:16:3e:75:90:20, mod_dl_dst:fa:16:3e:d7:87:bb, in_port.

Taking an example that the network forwarding device includes an integrated bridge, the integrated bridge receives a current communication data packet through a qr interface, the integrated bridge also has a corresponding second flow table, and the integrated bridge sends the communication data packet to the address processing bridge through the third port by calling the second flow table for the communication data packet of the MAC address of which the destination MAC address is the MAC address of the third port.

The address processing network bridge receives the communication data packet through the third port, calls the first sub-flow table again, and finds out a target matching condition matched with the current communication data packet based on the information of the current communication data packet, wherein the target matching condition is as follows: aiming at a communication data packet with a destination MAC address being the MAC address of the third port and a source IP address being the internal IP address of the network server, the corresponding processing rule is as follows: the marking value of the communication data packet is assigned to the first value, and the third sub-stream table is called. When the tag value reg10 is a first value, the communication data packet is characterized as being sent by the virtual machine to the target external gateway, and the corresponding tag value reg10 is a second value, and the communication data packet is characterized as being sent by the external gateway to the target virtual machine. Illustratively, the first value may be 0x1 and the second value may be 0x2. It should be noted that, the tag value reg10 may be stored in a first register corresponding to the address processing bridge, so as to implement assignment of the tag value by modifying the stored value of the first register.

Then the address processing network bridge finds out the matching target matching condition by calling the third sub-flow table and finding out the information of the current communication data, wherein the matching target matching condition is as follows: aiming at the communication data packet with the marking value as a first value and the source IP address as the public IP address of the network server, the corresponding processing rule is as follows: and modifying the destination MAC address of the communication data packet meeting the matching condition into the MAC address of the target external gateway, and sending the address conversion processing result from the second port to the network forwarding equipment.

In this example, the address processing bridge performs screening on the communication data based on the matching conditions of the multiple sub-flow tables by calling the multiple pre-designed sub-flow tables, and performs corresponding processing on the communication data packet that satisfies the matching conditions, so as to convert the source IP address of the communication data sent by the virtual machine to the external gateway into the common IP address of the network server, and convert the destination MAC address into the MAC address of the external gateway, thereby implementing communication between the virtual machine and the external gateway.

In another example, S3043 includes:

receiving a communication data packet in an address conversion request through the second port, calling a first sub-flow table, and calling a fifth sub-flow table by calling the first flow table, wherein the marking value of the communication data packet is given to a second value for the communication data packet of which the access port is the second port and the destination IP address is the internal IP address of the network server; when the marking value is a second value, the communication data packet is represented to be sent by the external gateway;

the fifth sub-flow table is called, and a destination IP address is modified from the public IP address of the network server to the IP address of the target virtual machine for the communication data packet with the second marking value and the public IP address of the network server, and a sixth sub-flow table is called;

Modifying a source MAC address into the MAC address of the third port and modifying a destination address into the MAC address of the virtual machine by calling the sixth substream table aiming at the communication data packet with the marking value of the second value and the destination IP address of the virtual machine IP address; calling a seventh substream table;

and calling the seventh sub-flow table, and sending the communication data packet with the destination MAC address being the MAC address of the virtual machine to the network forwarding equipment through the first port.

The present example illustratively describes a method of handling address translation requests issued by an external gateway to a virtual machine.

An exemplary description is made below in connection with an actual scenario: referring to fig. 7, the address processing bridge receives, through the second port, a communication packet in an address change request sent by the external gateway, the address processing bridge calls a first sub-flow table table=1, a destination IP address of the communication packet sent by the external gateway is a public IP of the network server, and based on information of the communication packet, a target matching condition is found out from the table=1, where the target matching condition is: aiming at the communication data packet with the access port being a second port and the destination IP address being the internal IP address of the network server, the corresponding processing rule is as follows: and marking the tag value reg10 of the communication data packet as a second value 0x2, and calling a fifth substream table table=5. The method of assigning the tag value can be referred to the above example. Illustratively, the first substream table may include:

(matching condition) table=1, priority=120, ip, in_port= "ex-064f5052-2a", nw_dst= 172.31.139.10 (processing rule) actions=load: 0x2- > NXM _nx_reg10[ ], resubmit (5).

Then, the address processing network bridge calls table=5, and based on the information of the current communication data packet, a target condition matched with the current communication data packet is found, wherein the target condition is as follows: aiming at a communication data packet with the marking value reg10 as a second value and the destination IP address as the public IP address of the network server, modifying the destination IP address from the public IP address of the network server to the IP address of the target virtual machine, and calling a sixth sub-stream table=5; it should be noted that, the current fifth substream table may be the same substream table as the third substream table in the above example, and the IP address of the target virtual machine corresponding to the current public IP address of the network server is obtained based on a conversion record that the IP address of the virtual machine in the third substream table is converted into the public IP address of the network server. Illustratively, the fifth substream table may include:

(matching condition) table=5, priority=100, ip, reg10=0x2, nw_dst= 172.31.139.10 (processing rule) ac options=ct (commit, table=6, nat (src)).

The address processing network bridge calls table=6, and based on the information of the current communication data packet, a target condition matched with the current communication data packet is found, wherein the target condition is as follows: for the communication data packet with the tag value reg10 as the second value and the destination IP address as the virtual machine IP address, the corresponding processing rule is as follows: modifying a source MAC address to the MAC address of the third port, and modifying a destination address to the MAC address of the virtual machine; the seventh substream table table=7 is called. The address conversion processing is finished at present, and the communication data packet after the address change is obtained, namely the address conversion processing result is obtained. Illustratively, the sixth substream table may include:

(matching conditions) table=6, priority=200, ip, reg10=0x2, nw_dst= 10.10.10.60 (processing rules) actions=mod_dl_src: fa:16:3e: d7:87:bb, mod_dl_dst:00:50:56:83: ca: bb, dec_ttl, resubmit (, 7)

The address processing bridge calls table=7, and the target matching condition is: aiming at a communication data packet with a destination MAC address being the MAC address of the virtual machine, the corresponding processing rule is as follows: and sending the data to the network forwarding equipment through the first port. Illustratively, the seventh substream table may include:

(matching conditions) table=7, priority=100, ip, dl_dst=00:50:56:83:ca:bb (processing rules) actions=output: "intp".

In this example, the address processing bridge performs screening on the communication data based on the matching conditions of the multiple sub-flow tables by calling the multiple pre-designed sub-flow tables, and performs corresponding processing on the communication data packet meeting the matching conditions, so as to convert the source IP address of the communication data sent from the external gateway to the virtual machine into the IP address of the target virtual machine, and convert the destination MAC address into the target virtual machine, thereby implementing communication between the virtual machine and the external gateway.

In the communication method provided by the application, the network forwarding equipment receives a processing request, and if the processing request is an address conversion request, the address conversion request is forwarded to an address processing network bridge; if the processing request is not the address conversion request, forwarding the address conversion request to the CPU; and the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding equipment. The application executes address conversion processing based on the first flow table of the local configuration of the address processing network bridge, the address processing network bridge has independent processing and operation capability and is specially used for executing the address conversion processing, compared with a CPU (central processing unit) which needs to process a large amount of processing requests, the speed of executing the address conversion processing of the address processing network bridge is faster, thus the application can improve the address conversion processing efficiency and reduce the communication delay.

Example two

The present application provides a cloud computing service platform, as shown in fig. 2, the cloud computing service platform includes: the core device 30, at least one network server 50 and at least one computing server 40, wherein the core device 30 may be a central switch, and the central switch is connected to the network server 50 and the computing server 40 through corresponding access devices, respectively. Each computing server 40 corresponds to one network server 50, the computing server 40 includes at least one virtual machine 41, the network server 50 includes a CPU54, a network forwarding device 51, and an address processing bridge 55, and the network forwarding device 51 may include an integrated bridge 513, an external bridge 512, and a physical network card 511, where the core device 30 is sequentially connected to the physical network card, the external bridge, and the integrated bridge.

The core device 30 is configured to transmit a processing request sent by an external gateway and a computing server corresponding to the core device to a corresponding network forwarding device; the network forwarding device 51 is configured to receive a processing request, and if the processing request is an address translation request, forward the address translation request to an address processing bridge; if the processing request is not an address translation request, forwarding the processing request to the CPU54; a CPU54 for executing a corresponding process according to the received process request; the address processing bridge 55 is configured to perform address conversion processing based on a first flow table locally configured by the address processing bridge according to the received address conversion request, and return the address conversion processing result to the network forwarding device.

In this embodiment, the CPU executes the corresponding processing according to the received processing request. The address processing network bridge executes address conversion processing based on the first flow table locally configured by the address processing network bridge according to the received address conversion request and based on the first flow table locally configured by the address processing network bridge, and returns the address conversion processing result to the network forwarding device. That is, in this embodiment, the address change requests in the communication process are all processed by the address processing network bridge, and the CPU is only used for processing other processing requests, so that on one hand, the computing resource of the CPU can be released, the processing pressure of the CPU can be relieved, and further, the speed of the CPU for processing other processing requests can be improved; on the other hand, the address processing network bridge can be provided with an intelligent network card which is good at address conversion processing, and has independent processing and operation capability.

An exemplary description of an address processing bridge is provided below.

In some examples, the address translation request is issued by the virtual machine to the target external gateway;

the address processing bridge 55 is specifically configured to modify, by invoking the first flow table, a source IP address of a communication packet in the address conversion request from an IP address of the virtual machine to a public IP address of the network server, and modify a destination MAC address of the communication packet to a MAC address of a target external gateway, so as to obtain an address conversion processing result;

the address processing bridge 55 is specifically further configured to return the address conversion processing result to the network forwarding device, so that the network forwarding device sends the address conversion processing result to the target external gateway through the core device.

In other examples, the address translation request is issued by the external gateway to a target virtual machine;

the address processing bridge 55 is specifically configured to modify, by invoking the first flow table, a destination IP address of the communication data packet in the address conversion request from a public IP address of the network server to an IP address of the target virtual machine, and change a destination MAC address of the communication data packet to a MAC address of the target virtual machine, so as to obtain an address conversion processing result;

The address processing bridge 55 is specifically further configured to return the address conversion processing result to the network forwarding device, so that the network forwarding device sends the address conversion processing result to the target virtual machine through the core device.

In one example, as shown in fig. 6 and 7, the network conversion device 51 includes qr port, qg port, and Sg port; the address processing network bridge comprises a first port corresponding to the qr port, a second port corresponding to the qg port and a third port corresponding to the Sg port. The first port may be an intp port, the second port may be an ex port, and the third port may be an sn port.

In some examples, the address processing bridge 55 is specifically configured to receive a communication data packet in the address conversion request through the first port, and call the first sub-flow table, so as to call the second sub-flow table for a communication data packet with an access port being the first port and a source IP address being an internal IP address of the network server;

the address processing bridge 55 is specifically further configured to modify, by invoking the second sub-flow table, a source MAC address into the MAC address of the first port, a destination MAC address into the MAC address of the third port, and send the modified communication packet to the network forwarding device through the first port, for a communication packet with a destination MAC address being the MAC address of the port of the address processing bridge;

The address processing bridge 55 is specifically further configured to receive the communication data packet through the third port, call the first sub-flow table, and assign a tag value of the communication data packet to a first value and call the third sub-flow table for the communication data packet with the destination MAC address being the MAC address of the third port and the source IP address being the internal IP address of the network server; when the marking value is a first value, the communication data packet is characterized as being sent by the virtual machine;

the address processing bridge 55 is specifically further configured to call a fourth sub-flow table by calling the third sub-flow table, modifying the source IP address to the public IP address of the network server from the IP address of the virtual machine, and modifying the source MAC address to the MAC address of the address processing bridge, for the communication packet with the first value of the tag value;

the address processing bridge 55 is specifically further configured to modify, by invoking the fourth substream table, the destination MAC address into the MAC address of the external gateway for the communication data packet with the tag value being the first value and the source IP address being the public IP address of the network server, to obtain an address conversion processing result, and send the address conversion processing result from the second port to the network forwarding device.

In another example, the address processing bridge 55 is specifically configured to receive, through the second port, a communication packet in the address conversion request, and call a first sub-flow table, and by calling the first flow table, for a communication packet with an access port being the second port and a destination IP address being an internal IP address of the network server, assign a flag value of the communication packet to a second value, and call a fifth sub-flow table; when the marking value is a second value, the communication data packet is represented to be sent by the external gateway;

the address processing bridge 55 is specifically further configured to modify, by invoking the fifth substream table, the destination IP address from the public IP address of the network server to the IP address of the target virtual machine for the communication data packet with the tag value being the second value and the destination IP address being the public IP address of the network server, and invoke a sixth substream table;

In the cloud computing service platform provided by the application, the network forwarding equipment receives the processing request, and if the processing request is an address conversion request, the address conversion request is forwarded to the address processing network bridge; if the processing request is not the address conversion request, forwarding the address conversion request to the CPU; and the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding equipment. The application executes address conversion processing based on the first flow table of the local configuration of the address processing network bridge, the address processing network bridge has independent processing and operation capability and is specially used for executing the address conversion processing, compared with a CPU (central processing unit) which needs to process a large amount of processing requests, the speed of executing the address conversion processing of the address processing network bridge is faster, thus the application can improve the address conversion processing efficiency and reduce the communication delay.

Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.

It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims

1. The communication method is characterized by being applied to a cloud computing service platform, wherein the cloud computing service platform comprises: the system comprises a core device, at least one network server and at least one computing server; each computing server corresponds to a network server, the computing server comprises at least one virtual machine, the network server comprises a CPU, network forwarding equipment and an address processing network bridge, and the method comprises the following steps:

The core equipment transmits a processing request sent by an external gateway and a computing server corresponding to the core equipment to corresponding network forwarding equipment;

the network forwarding equipment receives a processing request, and forwards the address conversion request to an address processing network bridge if the processing request is an address conversion request; if the processing request is not an address conversion request, forwarding the processing request to a CPU;

the CPU executes corresponding processing according to the received processing request;

and the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding equipment.

2. The method of claim 1, wherein the address translation request is issued by the virtual machine to the target external gateway; the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding device, including:

the address processing network bridge modifies the source IP address of the communication data packet in the address conversion request from the IP address of the virtual machine to the public IP address of the network server by calling the first flow table, and modifies the destination MAC address of the communication data packet to the MAC address of the target external gateway to obtain an address conversion processing result;

And the address processing network bridge returns the address conversion processing result to the network forwarding equipment so that the network forwarding equipment sends the address conversion processing result to the target external gateway through the core equipment.

3. The method of claim 1, wherein the address translation request is issued by the external gateway to a target virtual machine; the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding device, including:

the address processing network bridge modifies the destination IP address of the communication data packet in the address conversion request from the public IP address of the network server to the IP address of the target virtual machine by calling the first flow table, and changes the destination MAC address of the communication data packet to the MAC address of the target virtual machine to obtain an address conversion processing result;

and the address processing network bridge returns the address conversion processing result to the network forwarding equipment so that the network forwarding equipment sends the address conversion processing result to the target virtual machine through the core equipment.

4. A method according to claim 2 or 3, wherein the network switching device comprises qr, qg and Sg ports; the address processing network bridge comprises a first port corresponding to the qr port, a second port corresponding to the qg port and a third port corresponding to the Sg port.

5. The method of claim 4, wherein the first flow table comprises a plurality of sub-flow tables; the address processing bridge modifies the source IP address of the communication data packet in the address conversion request from the IP address of the virtual machine to the public IP address of the network server by calling the first flow table, and modifies the destination MAC address of the communication data packet to the MAC address of the target external gateway, thereby obtaining an address conversion processing result, including:

and modifying a destination MAC address into the MAC address of the target external gateway by calling the fourth sub-flow table aiming at the communication data packet with the marking value of the first value and the source IP address of the public IP address of the network server, obtaining an address conversion processing result, and sending the address conversion processing result from the second port to the network forwarding equipment.

6. The method of claim 4, wherein the first flow table comprises a plurality of sub-flow tables; the address processing bridge modifies the destination IP address of the communication data packet in the address conversion request from the public IP address of the network server to the IP address of the target virtual machine by calling the first flow table, and changes the destination MAC address of the communication data packet to the MAC address of the target virtual machine, thereby obtaining an address conversion processing result, including:

The sixth substream table is called, and for the communication data packet with the second marked value and the destination IP address being the IP address of the virtual machine, the source MAC address is modified to be the MAC address of the third port, the destination address is modified to be the MAC address of the target virtual machine, an address conversion processing result is obtained, and a seventh substream table is called;

7. A cloud computing service platform, comprising: the system comprises a core device, at least one network server and at least one computing server; each computing server corresponds to a network server, the computing server comprises at least one virtual machine, the network server comprises a CPU, a network forwarding device and an address processing network bridge,

the core device is used for transmitting the processing request sent by the external gateway and the computing server corresponding to the core device to the corresponding network forwarding device;

the network forwarding device is configured to receive a processing request, and if the processing request is an address conversion request, forward the address conversion request to an address processing bridge; if the processing request is not an address conversion request, forwarding the processing request to a CPU;

The CPU is used for executing corresponding processing according to the received processing request;

the address processing network bridge is used for executing address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returning the address conversion processing result to the network forwarding equipment.

8. The cloud computing service platform of claim 7, wherein said address translation request is issued by a virtual machine to a target external gateway;

the address processing network bridge is specifically configured to modify, by invoking the first flow table, a source IP address of a communication data packet in the address conversion request from an IP address of the virtual machine to a public IP address of the network server, and modify a destination MAC address of the communication data packet to a MAC address of a target external gateway, so as to obtain an address conversion processing result;

the address processing network bridge is specifically further configured to return the address conversion processing result to the network forwarding device, so that the network forwarding device sends the address conversion processing result to the target external gateway through the core device.

9. The cloud computing service platform of claim 7, wherein said address translation request is issued by said external gateway to a target virtual machine; the address processing network bridge executes address conversion processing based on a first flow table configured locally by the address processing network bridge according to the received address conversion request, and returns the address conversion processing result to the network forwarding device, including:

10. The cloud computing service platform of claim 8 or 9, wherein the network conversion device comprises a qr port, a qg port, and a Sg port; the address processing network bridge comprises a first port corresponding to the qr port, a second port corresponding to the qg port and a third port corresponding to the Sg port.