CN117675708A

CN117675708A - Multicast traffic processing method and device and electronic equipment

Info

Publication number: CN117675708A
Application number: CN202311484695.0A
Authority: CN
Inventors: 刘立京; 陈升; 陈龙; 程振东
Original assignee: 21VIANET GROUP Inc
Current assignee: 21VIANET GROUP Inc
Priority date: 2023-11-08
Filing date: 2023-11-08
Publication date: 2024-03-08

Abstract

The application discloses a multicast traffic processing method and device and electronic equipment, relates to the technical field of communication, and is used for relieving network congestion caused by multicast. The scheme provided by the application comprises the following steps: acquiring a flow message; setting a dyeing mark bit of a virtual switch register corresponding to a flow message in a multicast mode as a preset value; determining a processing strategy for key value matching of the flow message based on a flow table, wherein the key value comprises a value of a dyeing mark bit, the flow table comprises a plurality of flow table items, and the flow table items comprise matching fields for executing matching with the key value and processing strategies corresponding to the matching fields; and executing the operation corresponding to the processing strategy on the flow message.

Description

Multicast traffic processing method and device and electronic equipment

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for processing multicast traffic, and an electronic device.

Background

In the field of communication technology, multicasting is a network communication mode, which can be used to transmit data between multiple hosts, thereby improving network performance and scalability. However, handling multicast data tends to create a large amount of traffic in the network, thereby causing network congestion. In addition, multicast mode presents security issues in untrusted networks.

How to alleviate network congestion caused by multicast is a technical problem to be solved by the present application.

Disclosure of Invention

The embodiment of the application aims to provide a multicast traffic processing method and device and electronic equipment, which are used for relieving network congestion caused by multicast.

In a first aspect, a multicast traffic processing method is provided, applied to a virtual switch, including:

acquiring a flow message;

setting a dyeing mark bit of a virtual switch register corresponding to a flow message in a multicast mode as a preset value;

determining a processing strategy for key value matching of the flow message based on a flow table, wherein the key value comprises the value of the dyeing mark bit, the flow table comprises a plurality of flow table items, and the flow table items comprise a matching field for executing matching with the key value and the processing strategy corresponding to the matching field;

and executing the operation corresponding to the processing strategy on the flow message.

In a second aspect, there is provided a multicast traffic processing apparatus applied to a virtual switch, including:

the acquisition module acquires the flow message;

the dyeing module sets a dyeing mark bit of a virtual switch register corresponding to the flow message in the multicast mode as a preset value;

the determining module determines a processing strategy matched with a key value of the flow message based on a flow table, wherein the key value comprises a value of the dyeing mark bit, the flow table comprises a plurality of flow table items, and the flow table items comprise a matching field used for executing matching with the key value and the processing strategy corresponding to the matching field;

and the execution module is used for executing the operation corresponding to the processing strategy on the flow message.

In a third aspect, there is provided an electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the method as in the first aspect when executed by the processor.

In a fourth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method as in the first aspect.

In the embodiment of the application, by acquiring a flow message, setting a dyeing flag bit of a virtual switch register corresponding to the flow message in a multicast mode to be a preset value, then determining a processing strategy for key value matching of the flow message based on a flow table, wherein the key value comprises a value of the dyeing flag bit, the flow table comprises a plurality of flow table entries, the flow table entries comprise matching fields for matching with the key value and processing strategies corresponding to the matching fields, and finally executing operations corresponding to the processing strategies on the flow message. The method and the device mark the multicast type flow messages by presetting the dyeing zone bit, so that the multicast type flow messages can be distinguished from other types of flow messages in the flow table process, and the multicast type flow messages can be processed in a targeted manner. In addition, the method has small influence on other types of traffic messages except the multicast type, and can relieve network congestion caused by processing the multicast traffic.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:

fig. 1 is one of flow diagrams of a multicast traffic processing method according to an embodiment of the present application;

FIG. 2 is a second flow chart of a multicast traffic processing method according to an embodiment of the present application;

FIG. 3 is a third flow chart of a multicast traffic processing method according to an embodiment of the present application;

FIG. 4 is a flow chart of a multicast traffic processing method according to an embodiment of the present application;

FIG. 5 is a flow chart of a multicast traffic processing method according to one embodiment of the present application;

FIG. 6 is a flowchart of a multicast traffic processing method according to an embodiment of the present application;

FIG. 7 is a flow chart of a multicast traffic processing method according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a multicast traffic processing apparatus according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application. The reference numerals in the present application are only used to distinguish the steps in the scheme, and are not used to limit the execution sequence of the steps, and the specific execution sequence controls the description in the specification.

In the field of communication technology, data security can be improved through a security group. The security group is a network security mechanism that can be used to control network traffic between virtual machines to protect the virtual machines from malicious attacks. The security groups may define inbound and outbound rules to control network traffic between virtual machines. In addition, the security group may provide firewall functionality for preventing unauthorized access. In addition, the security group may isolate the virtual machines in separate networks to prevent traffic between the virtual machines from interfering with other network traffic.

Although the application of the security group can improve the security of data transmission, if the security group function is applied in the multicast mode, more performance resources are often required to be consumed, so that the overall load is higher. If the security group function is dynamically opened and closed according to actual needs, a technician is required to make a decision based on experience, the technician is dependent on the experience of the technician and the labor cost is required, and the whole system may be unstable.

In order to solve the problems in the prior art, an embodiment of the present application provides a multicast traffic processing method, which is applied to a virtual switch. The virtual switch may be, for example, an Open VSwitch (OVS), which may provide high performance network connectivity in a virtualized environment.

As shown in fig. 1, the scheme includes the following steps:

s11: and obtaining a flow message.

In this example, the flow message may be obtained through a flow interface. For example, the service network card is bound to the OVS bridge, and the virtual machine network card sends the traffic to the kernel module datapath of OVS through the bound interface, so as to execute the multi-level flow table through the data path datapath.

In practical application, if the security group function needs to be started for multicast traffic, the security group function can be realized by using an OVS multi-stage flow table. And (3) realizing the matching and the skip of the flow Table by setting the Table, and further executing the actions of discarding drop, forwarding, uploading the controller and the like according to the result obtained by the matching. In this step, the traffic message may be obtained through the Table0 traffic entry, so that the obtained traffic message may be subjected to subsequent operations according to the sequence of the flow Table.

S12: and setting the dyeing marking bit of the virtual switch register corresponding to the flow message in the multicast mode as a preset value.

In this step, dyeing is performed on the multicast-mode traffic message. Firstly, whether the traffic message is in a multicast mode is judged, specifically, the judgment can be realized according to the destination address of the multicast traffic. If the destination address of the multicast traffic belongs to a specific multicast address segment, the traffic message is determined to be in a multicast mode. Besides the destination address, whether the flow message is in a multicast mode can be judged according to the characteristics of network protocol, port number and the like.

The virtual switch register often contains a plurality of bits, and in this scheme, a certain bit is preset to be a dyeing flag bit. For example, when the register contains 16 bits in total of 0-15, 2 bits are preset as the dye flag bits. In this step, the 2 bits of the virtual switch register corresponding to the multicast mode flow message are set to a preset value, so as to implement the dyeing marking of the multicast flow. The default value of the dyeing flag bit may be, for example, 0, and the preset value may be, for example, 1.

S13: and determining a processing strategy for key value matching of the flow message based on a flow table, wherein the key value comprises the value of the dyeing mark bit, the flow table comprises a plurality of flow table items, and the flow table items comprise a matching field for executing matching with the key value and the processing strategy corresponding to the matching field.

In this step, different processing strategies can be implemented on different messages through a Flow Table (Flow Table), for example, the function of realizing a security group on multicast traffic. A flow table is a data structure in a network switching device for storing and managing forwarding rules for network traffic. In practical applications, the OVS flow table may be a multi-stage flow table. The process of the flow table is a process of querying the flow table for matching the corresponding processing policy according to the key value, for example, the process of the flow table may be:

Table 0→Table 15→Table 30→Table 60→Table 75→Table 90→Table 100→NORMAL

in the flow Table process of this example, table0 is a flow entry, table15 is used for packet statistics, table30 is used for outbound security group rules, table60 is used for NAT (Network Address Translation ) functions, table70 is used for protocol packets, data packets, table90 is used for packet statistics, and Table100 is used for inbound security group rules. Normal forwards the message, for example, to other servers or virtual machines within the server. Through the multi-level flow table, the corresponding processing strategy can be matched based on the key value. In this example, the processing policy may include, in particular, security group rules, NAT functions, and the like.

In the process of the flow table, matching is performed based on the key value of the flow message. The key value of the flow message may be determined according to the characteristics of the flow message, where the key value includes the value of the dyeing flag bit. The value of the dyeing mark bit is used for representing whether the corresponding flow message is the flow message of the multicast mode or not, and then the flow table is executed by the key value corresponding to the dyeing mark bit, which is beneficial to executing specific processing operation on the flow message of the multicast mode, such as starting a safety group function on the multicast flow, thereby improving the safety of the multicast flow.

In addition to the values of the dye flag bits described above, parsing of the flow message may be performed to extract various key features to construct key values for matching the processing policy. For example, physical layer information, MAC (Medium Access Control, media access control) layer information, network layer information, transport layer information, etc. of the traffic message may be acquired. The extraction content and the generation mode of the key value can be preset according to the actual requirement.

The Flow table may include a plurality of Flow entries (Flow Entry), where the Flow entries include a matching field and a corresponding processing policy. The processing strategy comprises an operation instruction action for execution. The match field is used to describe the attributes to be matched, such as source IP (Internet Protocol ) address, destination IP address, source port number, destination port number, etc. The operation instructions define actions that should be performed when matching to the flow entry, such as forwarding to a designated port, dropping, etc.

The flow table can realize classification processing of the flows, and can realize flexible processing forwarding and network control of the flows by determining matched actions based on key values corresponding to attribute features of different flows. By configuring the flow entries, functions such as routing per target IP address, implementing access control lists (Access Control List, ACL), load balancing, etc. can be implemented. For example, a flow entry may include 6 fields. The method comprises the following steps of: match Field (Match Field), priority (Priority), counter, instruction (instruction), timeout time (timeout), and cookie. In practical application, the contents of the stream table item and each field thereof can be flexibly configured according to practical requirements.

S14: and executing the operation corresponding to the processing strategy on the flow message.

Through the flow table process in the embodiment of the application, the processing strategy of flow message matching can be determined. Wherein the key value includes a value of a coloring flag bit, so that a specific processing operation can be performed with respect to a traffic message of a multicast mode through the flow table. The method can be beneficial to realizing the control of multicast traffic forwarding, and can control the multicast traffic according to the demands of users, thereby avoiding the performance and congestion problems caused by the multicast traffic. On one hand, the scheme can distinguish multicast traffic from other traffic through the flag bit. On the other hand, the scheme can independently control the multicast flow through the flow table, and particularly can improve the multicast security and realize the security group function.

Alternatively, if the corresponding processing policy is not matched in the flow table process, the forwarding flow processing may be performed according to the normal flow.

Based on the scheme provided in the foregoing embodiment, optionally, as shown in fig. 2, in step S13, determining, based on a flow table, a processing policy for matching a key value of the flow packet includes:

s21: and executing matching on matching fields in a kernel-mode flow table of the kernel space based on the key value.

In practical applications, the OVS corresponds to a datapath, which includes a flow table. And firstly acquiring message header information in a datapath, then generating a key value (key value) of a matched flow table item according to the message header information, and then carrying out kernel-mode flow table matching based on the key value. And in the process of the kernel-mode flow table, using the key value to execute matching inquiry on the flow table item in the kernel-mode flow table, if the matching field of the flow table item is corresponding to the key value, determining that the flow table item is matched with the message, and further generating a processing strategy according to the action in the flow table item.

S22: if the kernel state matching result exists in the kernel state flow table, determining the kernel state matching result as a processing strategy of key value matching of the flow message.

In this example, the memory space accessible by the system includes kernel space and user space. For a process, the process is in kernel mode when running in kernel space and in user mode when running in user space. The kernel space is an area accessed by the system kernel, and compared with the user space, the flow table efficiency of the kernel space is higher. If the corresponding flow table item can be matched in the kernel state flow table, the operation can be directly executed according to the matched flow table item, and the overall efficiency of multicast flow processing is improved.

Based on the scheme provided in the foregoing embodiment, optionally, as shown in fig. 3, after step S21, that is, after performing matching on the matching field in the kernel-mode flow table in the kernel space based on the key value, the method further includes:

s31: and if the kernel-mode matching result does not exist in the kernel-mode flow table, matching the matching field in the user-mode flow table of the user space based on the key value.

Based on the kernel mode flow table, if the kernel mode matching result is not queried, the kernel mode matching result can be continuously uploaded to a user space to execute the kernel mode flow table, wherein the user space is a memory space different from the kernel space. Similar to the flow of the kernel mode flow table, the key value is used to execute the matching inquiry to the flow table item in the user mode flow table in the process of the user mode flow table, if the matching field of the flow table item is corresponding to the key value, the flow table item is determined to be matched with the message, and then the processing strategy is generated according to the action in the flow table item.

S32: if the user state matching result exists in the user state flow table, determining the user state matching result as a processing strategy of key value matching of the flow message.

In this example, under the condition that there is no kernel mode matching result in the kernel mode flow table, user mode flow table matching is further executed in the user space, so that processing strategies corresponding to the flow messages can be queried in different memory spaces, and the matching degree of the queried processing strategies and the flow messages is improved.

The following describes an implementation of the present embodiment in conjunction with an embodiment.

Based on the OVS scene, after the flow message reaches the network card equipment, the network card gives the received message to a port bound by the network card for processing by a data packet receiving function defined in the OVS. In the datapath, firstly acquiring message header information, then generating key values of the matched flow table items according to the message header information, carrying out kernel-mode flow table matching by using the key values, and executing corresponding operations if a matching result exists. If the kernel mode is not matched with the result, the result is uploaded to the user space to continuously match the stream table of the user mode, and if the matching result exists, the corresponding operation is executed.

Based on the solution provided in the foregoing embodiment, optionally, as shown in fig. 4, if there is a user state matching result in the user state flow table, the method further includes:

s41: and generating a kernel-mode flow table item based on the key value and the matched user-mode matching result.

In the embodiment of the application, under the condition that the matching result exists in the user state flow table and the matching result does not exist in the kernel state flow table, the kernel state flow table is updated based on the matching result, so that similar flow messages can be efficiently matched to the kernel state matching result in the kernel state flow table in the subsequent processing process, and the multicast flow processing efficiency is improved.

Specifically, a kernel-mode flow table entry is generated based on the key value and the matched user-mode matching result, and the kernel-mode flow table entry comprises a matching field and a corresponding processing strategy.

S42: and updating the kernel-state flow table based on the kernel-state flow table entry.

In this step, the kernel-mode flow table entry generated in the above step is added to the kernel-mode flow table. If the similar flow messages are acquired later, the corresponding kernel state matching result can be matched in the process of the kernel state flow table, so that the matched processing strategy is directly determined, the user state flow table is not required to be executed again in the user space, and the multicast flow processing efficiency is effectively improved.

Based on the scheme provided in the foregoing embodiment, optionally, as shown in fig. 5, before step S13, that is, before determining, based on the flow table, a processing policy that the key values of the flow packet match, the method further includes:

s51: and acquiring the message header information of the flow message.

In this step, header information is obtained from datapath corresponding to OVS, where the header information may include physical layer information, MAC layer information, network layer information, transport layer information, etc. Examples include specifically input port numbers, source MAC addresses, destination MAC addresses, network layer protocol types, etc.

S52: and determining the key value of the flow message according to the message header information.

In practical application, the key value of the flow message can be determined by calling a preset function, and different key values can be generated by calling different preset functions.

Based on the scheme provided in the foregoing embodiment, optionally, as shown in fig. 6, before the step S12, that is, before setting the dyeing flag bit of the virtual switch register corresponding to the traffic packet in the multicast mode to a preset value, the method further includes:

s61: and executing validity check on the Internet protocol address and/or the media access control address of the flow message.

In this step, whether the traffic message is the platform legal traffic can be determined through validity verification, and specifically, the IP address and/or the MAC address of the data message can be verified.

S62: after the validity check is passed, determining the flow message of which the target address belongs to a preset multicast address segment as the flow message of a multicast mode.

And if the validity check passes, the flow message belongs to the legal flow of the platform, and the analysis is continuously carried out on the message in the step. If the traffic message is identified as the multicast mode according to the destination address of the traffic message, the multicast traffic message is dyed, and the dyeing flag bit of the corresponding OVS register is set to a preset value to identify that the traffic message is in the multicast mode.

Optionally, the key value further includes output interface information and/or protocol information of the flow message. Based on the characteristic information, the flow messages can be further classified, so that more targeted processing strategies are executed for the flow messages classified in detail.

A multicast traffic processing method according to the present application will be described with reference to fig. 7 in conjunction with an embodiment.

Based on the OVS scene, firstly, the virtual machine network card sends data, and the OVS network bridge bound by the network card receives the sent data packet and processes the message. Then, by analyzing the message, the forwarding code of the OVS judges the type of the message, if the message is a multicast message, the dyeing is executed, and the message is marked in a corresponding register, specifically, the dyeing marking bit can be set to a preset value. Then, the table flow table in the matched OVS flow table, i.e. the security group scheme, is forwarded. And executing matching according to key values such as the interface information, the protocol, the register identification and the like through the flow table so as to determine a processing strategy corresponding to the flow message. Wherein, the dyeing mark bit can identify whether the flow message is multicast flow. If the corresponding processing strategy can be matched through the flow table, corresponding operations, such as drop or forwarding, are executed according to the matched processing strategy. If the corresponding processing strategy is not matched in the flow table, the processing is executed according to the normal flow. Optionally, more multi-level flow tables can be set according to actual requirements, and matching can be performed with other tables, so that the processing strategy can be more accurately and comprehensively determined.

In order to solve the problems in the prior art, an embodiment of the present application further provides a multicast traffic processing apparatus 80, as shown in fig. 8, applied to a virtual switch, including:

an obtaining module 81 for obtaining a flow message;

the dyeing module 82 sets a dyeing flag bit of a virtual switch register corresponding to the flow message in the multicast mode to a preset value;

a determining module 83, configured to determine a processing policy for matching a key value of the flow packet based on a flow table, where the key value includes a value of the staining flag bit, and the flow table includes a plurality of flow entries, and the flow entries include a matching field for performing matching with the key value and a processing policy corresponding to the matching field;

and an execution module 84, configured to execute an operation corresponding to the processing policy on the flow packet.

According to the device provided by the embodiment of the application, the traffic message is obtained, then the dyeing mark bit of the virtual switch register corresponding to the traffic message in the multicast mode is set to be a preset value, then the processing strategy of key value matching of the traffic message is determined based on the flow table, wherein the key value comprises the value of the dyeing mark bit, the flow table comprises a plurality of flow table items, the flow table items comprise matching fields for matching with the key value and the processing strategy corresponding to the matching fields, and finally the operation corresponding to the processing strategy is executed on the traffic message. The method and the device mark the multicast type flow messages by presetting the dyeing zone bit, so that the multicast type flow messages can be distinguished from other types of flow messages in the flow table process, and the multicast type flow messages can be processed in a targeted manner. In addition, the method has small influence on other types of traffic messages except the multicast type, and can relieve network congestion caused by processing the multicast traffic.

The above modules in the apparatus provided in the embodiments of the present application may further implement the method steps provided in the method embodiments described above. Alternatively, the apparatus provided in the embodiments of the present application may further include other modules besides the foregoing modules, so as to implement the method steps provided in the embodiments of the foregoing method. The device provided by the embodiment of the application can achieve the technical effects achieved by the embodiment of the method.

Preferably, the embodiment of the present application further provides an electronic device, including a processor, a memory, and a computer program stored in the memory and capable of running on the processor, where the computer program when executed by the processor implements each process of the embodiment of the multicast traffic processing method, and the same technical effects can be achieved, and for avoiding repetition, a description is omitted herein.

The embodiment of the present application further provides a computer readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements each process of the foregoing embodiment of a multicast traffic processing method, and the same technical effects can be achieved, so that repetition is avoided, and no further description is given here. Wherein the computer readable storage medium is selected from Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims

1. A method for processing multicast traffic, applied to a virtual switch, comprising:

acquiring a flow message;

2. The method of claim 1, wherein determining a processing policy for key value matching of the traffic message based on a flow table comprises:

performing matching on matching fields in a kernel-mode flow table of the kernel space based on the key value;

if the kernel state matching result exists in the kernel state flow table, determining the kernel state matching result as a processing strategy of key value matching of the flow message.

3. The method of claim 2, wherein after performing matching on the matching fields in the kernel-mode flow table of the kernel space based on the key value, further comprising:

if the kernel-mode matching result does not exist in the kernel-mode flow table, matching is performed on matching fields in a user-mode flow table of the user space based on the key value;

if the user state matching result exists in the user state flow table, determining the user state matching result as a processing strategy of key value matching of the flow message.

4. The method of claim 3, wherein if there is a user state match result in the user state flow table, the method further comprises:

generating a kernel-mode flow table item based on the key value and the matched user-mode matching result;

and updating the kernel-state flow table based on the kernel-state flow table entry.

5. The method of any of claims 1-4, further comprising, prior to determining a processing policy for a key-value match for the traffic message based on a flow table:

acquiring message header information of the flow message;

and determining the key value of the flow message according to the message header information.

6. The method according to any one of claims 1 to 4, further comprising, before setting a dyeing flag bit of a virtual switch register corresponding to a traffic message in a multicast mode to a preset value:

performing validity check on the internet protocol address and/or the media access control address of the flow message;

after the validity check is passed, determining the flow message of which the target address belongs to a preset multicast address segment as the flow message of a multicast mode.

7. The method according to any of claims 1-4, wherein the key value further comprises egress interface information and/or protocol information of the traffic message.

8. A multicast traffic handling apparatus for use in a virtual switch, comprising:

the acquisition module acquires the flow message;

9. An electronic device, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor, performs the steps of the method according to any one of claims 1 to 7.

10. A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements the steps of the method according to any one of claims 1 to 7.