CN118233379A - Data transmission method, apparatus, device, storage medium and program product - Google Patents
Data transmission method, apparatus, device, storage medium and program product Download PDFInfo
- Publication number
- CN118233379A CN118233379A CN202410535599.2A CN202410535599A CN118233379A CN 118233379 A CN118233379 A CN 118233379A CN 202410535599 A CN202410535599 A CN 202410535599A CN 118233379 A CN118233379 A CN 118233379A
- Authority
- CN
- China
- Prior art keywords
- data packet
- address
- source
- virtual
- mac address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 124
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000006854 communication Effects 0.000 claims description 85
- 238000004891 communication Methods 0.000 claims description 85
- 238000013507 mapping Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 7
- 206010047289 Ventricular extrasystoles Diseases 0.000 abstract description 11
- 238000005129 volume perturbation calorimetry Methods 0.000 abstract description 11
- 230000008569 process Effects 0.000 description 18
- 230000004069 differentiation Effects 0.000 description 9
- 238000006243 chemical reaction Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 238000002955 isolation Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000013519 translation Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000011084 recovery Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000005641 tunneling Effects 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 230000005012 migration Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003252 repetitive effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a data transmission method, a device, equipment, a storage medium and a program product, and relates to the technical field of computers, wherein the method applied to gateway equipment comprises the following steps: receiving a first data packet sent by a first Virtual Private Cloud (VPC), wherein the first data packet carries a source IP address and a source MAC address of the first VPC; determining a bottom transmission path corresponding to the first data packet based on next hop information of the first data packet; creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address, and transmitting the first data packet to the VTEP; under the condition that the first data packet is transmitted to the VTEP, rewriting a virtual IP address of the gateway equipment so as to update the source MAC address and the source IP address in the first data packet and obtain an updated second data packet; forwarding the second data packet to a second VPC. The application solves the problem of poor flexibility in the data transmission process between VPCs.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data transmission method, apparatus, device, storage medium, and program product.
Background
In the related art, peer-to-peer connection (Peering Connection, PC) is used as a high-bandwidth and high-quality on-cloud resource interworking service, and can implement routing interworking between two virtual private clouds (Virtual Private Cloud, VPC). The peer-to-peer connection can realize the VPC interconnection of the same or different users between the same region or cross regions by configuring the routing strategies at the two ends. However, the network device in the peer-to-peer connection requires a specific network device configuration to operate normally, and the peer-to-peer connection service has a strong dependence on a specific network environment, which results in a problem of poor flexibility in the data transmission process between VPCs.
Disclosure of Invention
The embodiment of the application provides a data transmission method, a device, equipment, a storage medium and a program product, which are used for solving the problem of poor flexibility in data transmission between VPCs.
In order to solve the technical problems, the application is realized as follows:
In a first aspect, an embodiment of the present application provides a data transmission method, applied to a gateway device, where the method includes:
receiving a first data packet sent by a first Virtual Private Cloud (VPC), wherein the first data packet carries a source IP address and a source MAC address of the first VPC;
determining a bottom transmission path corresponding to the first data packet based on next hop information of the first data packet;
Creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address, and transmitting the first data packet to the VTEP;
Under the condition that the first data packet is transmitted to the VTEP, rewriting a virtual IP address of the gateway equipment so as to update the source MAC address and the source IP address in the first data packet and obtain an updated second data packet;
Forwarding the second data packet to a second VPC.
Optionally, before determining the bottom layer transmission path corresponding to the first data packet based on the next hop information of the first data packet, the method further includes:
and transmitting the first data packet to a switch in the gateway equipment, and analyzing the first data packet through the switch to obtain the next hop information.
Optionally, the parsing, by the switch, the first data packet to obtain the next hop information includes:
the first data packet is subjected to decapsulation operation through the switch, and a source Virtual Network Identifier (VNI) carried in the first data packet is obtained;
Mapping the source VNI to a corresponding broadcast domain and virtual route forwarding VRF in the gateway device;
And under the condition that the broadcast domain and the VRF corresponding to the first data packet are determined, determining the next hop information of the first data packet based on a preset forwarding information table.
Optionally, the mapping the source VNI to a corresponding broadcast domain and virtual route forwarding VRF in the gateway device includes:
acquiring a port number corresponding to a port of the first data packet entering the gateway equipment;
According to the port number, matching to obtain a corresponding virtual local area network identifier pre-configured in the gateway equipment;
Based on the virtual local area network identifier, determining a broadcast domain and a VRF corresponding to the first data packet;
And mapping the source VNI to a broadcast domain and VRF corresponding to the first data packet.
Optionally, the determining, based on the next hop information of the first data packet, the bottom layer transmission path corresponding to the first data packet includes:
determining a corresponding tunnel based on the next hop information;
and positioning a bottom transmission path corresponding to the first data packet according to the tunnel information of the tunnel.
Optionally, the first data packet further carries a destination MAC address of the first data packet, and the method further includes:
Checking whether the target MAC address is matched with a target router MAC address RMAC in the gateway equipment or not to obtain a matching result;
Determining a network communication mode based on the matching result, wherein the network communication mode comprises two-layer communication or three-layer communication;
the transmitting the first data packet to the VTEP includes:
and transmitting the first data packet to the VTEP of the bottom transmission path according to the network communication mode.
Optionally, the determining a network communication mode based on the matching result includes:
determining that the network communication mode is two-layer communication under the condition that the matching result indicates that the target MAC address is matched with the target router MAC address;
And under the condition that the matching result indicates that the target MAC address is not matched with the target router MAC address, determining that the network communication mode is three-layer communication.
In a second aspect, an embodiment of the present application provides a data transmission apparatus, applied to a gateway device, where the apparatus includes:
The receiving module is used for receiving a first data packet sent by a first Virtual Private Cloud (VPC), wherein the first data packet carries a source IP address and a source MAC address of the first VPC;
the determining module is used for determining a bottom transmission path corresponding to the first data packet based on the next hop information of the first data packet;
The transmission module is used for creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address and transmitting the first data packet to the VTEP;
The rewriting module is configured to rewrite a virtual IP address of the gateway device to update the source MAC address and the source IP address in the first data packet to obtain an updated second data packet when the first data packet is transmitted to the VTEP;
and the forwarding module is used for forwarding the second data packet to a second VPC.
In a third aspect, an embodiment of the present application provides a data transmission apparatus, including a processor and a transceiver, where the transceiver is configured to:
receiving a first data packet sent by a first Virtual Private Cloud (VPC), wherein the first data packet carries a source IP address and a source MAC address of the first VPC;
The processor is configured to:
determining a bottom transmission path corresponding to the first data packet based on next hop information of the first data packet;
The transceiver is used for:
Creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address, and transmitting the first data packet to the VTEP;
The processor is configured to:
Under the condition that the first data packet is transmitted to the VTEP, rewriting a virtual IP address of the gateway equipment so as to update the source MAC address and the source IP address in the first data packet and obtain an updated second data packet;
The transceiver is used for:
Forwarding the second data packet to a second VPC.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory, and a program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the data transmission method described in the first aspect.
In a fifth aspect, an embodiment of the present application provides a computer readable storage medium, where a computer program is stored, where the computer program is executed by a processor to implement the steps of the data transmission method described in the first aspect.
In a sixth aspect, there is provided a computer program product comprising computer instructions which, when executed by a processor, implement the steps of the data transmission method according to the first aspect.
In the embodiment of the application, the gateway equipment is arranged between the VPCs, receives the first data packet sent by the first VPC, and obtains the real bottom transmission path by obtaining the next hop information of the first data packet. And newly adding a hit virtual extended local area network tunnel endpoint VTEP according to the virtual IP address of the gateway equipment at the exit position of the bottom transmission path, and rewriting according to the virtual IP address of the gateway equipment at the exit position of the bottom transmission path to update the source MAC address and the source IP address so as to obtain an updated second data packet. The second data packet is then forwarded to the second VPC, enabling data transfer communication between the first VPC and the second VPC. In the embodiment of the application, the mobility of the virtual machine in the cloud is realized by adopting the virtual IP mechanism, and the virtual IP address is rewritten at the outlet position by additionally arranging the VTEP at the inlet position of the bottom transmission path, so that the flexibility of flexibly adjusting the address capacity and enhancing the service can be realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
Fig. 1 is a diagram of an architecture for data forwarding between virtual private clouds in an embodiment of the present application;
Fig. 2 is a flowchart of a data transmission method according to an embodiment of the present application;
FIG. 3 is a flow chart of a process of performing network address translation in a gateway device according to an embodiment of the present application;
FIG. 4 is a flow chart of a process for virtual IP address overwriting of a gateway device in an embodiment of the application;
FIG. 5 is a schematic diagram of writing data to a chip in an embodiment of the application;
Fig. 6 is a schematic structural diagram of a data transmission device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a data transmission device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order to make the embodiments of the present application more clear, the following description will be given to the related technical knowledge related to the embodiments of the present application:
Cloud Computing (Cloud Computing) is an internet-based Computing approach by which shared hardware and software resources and information can be provided to computers and other devices on demand. According to the relationship between the cloud computing provider and the user as a division standard, the cloud computing is divided into three types, namely public cloud, private cloud and hybrid cloud. Public cloud generally refers to a cloud which is provided by a third party provider for tenants and can be used through a network (Internet), the public cloud is free or low in cost, the core attribute of the public cloud is shared resource service, and service based on network remote access can be deployed for tenants in the public cloud. Private clouds are built for single tenant use, thus providing the most effective control over data, security, and quality of service.
In general, public clouds are deployed in an underlying physical (underly) network, which is an underlying carrier network of a public cloud data center and is a base network of an internet data center (INTERNET DATACENTER, IDC); private clouds are deployed in overlay (overlay) networks, where isolation of tenant networks is typically achieved through tunneling techniques. The mode characteristics and the application of the hybrid cloud integrate the characteristics of public cloud and private cloud. Hybrid clouds are typically implemented by setting up a virtual private network (Virtual Private Network, VPN) or an internet private connection between a virtual private cloud (Virtual Private Cloud, VPC) and the private cloud. The VPC is used for providing a virtual network environment of a private cloud environment for tenants in a public cloud environment, hosts and services in the VPC network have the same attribute as the private cloud, the VPC network can realize the isolation of different tenants at a network layer, and the VPN is a technology for providing the private network in a public network in a tunnel encapsulation mode and is used for network security access from the private cloud to the public cloud in a mixed cloud scene. The existing hybrid cloud system comprises a VPC network, a gateway server, at least one private cloud server and at least one public cloud server, wherein at least one virtual machine is deployed in the VPC network. Virtual machines in the VPC network cannot access the public cloud server because they do not have a legitimate internet protocol (Internet Protocol, IP) address.
Based on the above, communication between the virtual machine and the public cloud server is generally achieved through the gateway server. The gateway server performs network address conversion (Network Address Translation, NAT) on the data packet sent by the virtual machine in the VPC network, and sends the converted data packet to the public cloud server, so that data transmission between the virtual machine and the public cloud server is realized. In order to ensure security of data transmitted to the public cloud server, an Access control list (Access ControlList, ACL) mechanism is generally deployed at the public cloud server portal. ACL is a network security mechanism for providing network security protection in the form of a black and white list based on protocol, port and IP address. And the public cloud service determines whether to send the response data packet of the converted first data packet to the gateway server or discard the converted first data packet according to the source IP address and the ACL mechanism of the received converted data packet, and when determining that the source IP address of the converted data packet is in an IP address white list, the public cloud server sends the response data packet to the gateway server.
In particular, the setting of virtual internet protocol (Internet Protocol, IP) addresses is a solution for providing high availability, load balancing, and failover. The virtual IP address is an IP address that does not belong to the actual physical device, and is implemented by network devices and technologies. Virtual IP addresses play an important role in several ways:
(1) High availability: in an environment with multiple servers or devices, the virtual IP address can be used as a single entry point, and when one of the actual devices fails, the virtual IP address can be quickly switched to other devices which work normally, so that the continuity and high availability of the service are realized;
(2) Load balancing: virtual IP addresses are also used in a load balancing environment, where multiple servers share the same virtual IP address. When a user request reaches a virtual IP address, the load balancing equipment distributes the request to different servers according to a preset algorithm so as to balance the load of the servers and improve the system performance and response speed;
(3) Failover: in the failover scheme, the virtual IP address can be used for rapidly switching the service to the standby server when the main server fails, so that the service interruption time can be reduced to the greatest extent, and the reliability of the system is improved;
(4) Disaster recovery: the virtual IP address may also be used in a disaster recovery environment to implement a disaster recovery solution across geographic locations. When the main data center fails, the virtual IP address can be switched to the standby data center, so that the continuity of the service is ensured;
(5) IP migration: in some cases, the virtual IP address may be migrated in real time for maintenance, upgrades, etc., while not affecting the normal operation of the service.
It should be noted that, the embodiment of the present application is applied to a gateway device, which may be a programmable gateway disposed between two VPCs, and has flexible programming capability and a custom function, and may perform various operations, such as routing, filtering, conversion, etc., according to specific network traffic demands. The gateway device in the present application may be other gateways capable of performing functions such as network address translation, routing, and virtual IP address rewriting, for example, a network address translation (Network Address Translation, NAT) gateway. The embodiment of the application is not limited to the specific type of gateway equipment, and can be set according to actual conditions. The following embodiments of the application are described in terms of a programmable gateway.
It will be appreciated that as shown in fig. 1, communication between VPCs is achieved by providing a programmable gateway between computing nodes (e.g., a first computing node and a second computing node in the figure) of two virtual private clouds (Virtual Private Cloud, VPCs) to establish a network connection between the two VPCs. Through the programmable gateway, when data are transmitted between different VPCs, the data are transmitted through the same internal network, and the highly integrated network communication experience effect is achieved.
The programmable gateway allocates a virtual IP address for each programmable gateway instance for high availability at the instance level, i.e. after device expansion, the programmable gateway instance level migration can be achieved. The programmable gateway can be applied to a plurality of technical fields, for example, can be applied to the technical field of traffic, and realizes real-time communication and safety coordination between vehicles, thereby improving the communication efficiency and safety of a traffic system. As another example, it may also be applied in the field of smart medical technology to determine efficient interconnection and data transfer between medical devices.
Referring to fig. 2, fig. 2 is a flowchart of a data transmission method according to an embodiment of the present application. As shown in fig. 2, the data transmission method applied to the gateway device includes the steps of:
Step 101, a first data packet sent by a first virtual private cloud VPC is received, where the first data packet carries a source IP address and a source MAC address of the first VPC.
It should be noted that, the first data packet in the first VPC may further extend forwarding operations based on the existing three-layer forwarding, and transmit the encapsulated data packet to the gateway device, so that the gateway device may perform decapsulation operations on the data packet packets, so as to perform various operations on inner layer information of the first data packet, such as routing, conversion, and so on.
It should be noted that the first packet may carry a source IP Address and a source Media Access Control (MAC) Address of the first VPC. The source IP address identifies the sender of the first data packet, i.e., the IP address of the first VPC, so that the receiver (such as the second VPC or other data transmission object of the first VPC) may determine the source of the data packet through the source IP address, and reply or record the information of the sender. The source MAC address is an address in the data link layer that is used to uniquely identify the network device in the local area network. In a local area network, a network device such as a router or a switch can determine the sender of a data packet through a source MAC address, so as to correctly forward the data packet to a receiver. In addition, the first data packet may further carry contents such as a destination IP address, a destination MAC address, a protocol type, a port number, a data payload, a timestamp, and the like.
Step 102, determining a bottom transmission path corresponding to the first data packet based on the next hop information of the first data packet.
Notably, in virtualized networks, packets may need to traverse multiple virtual network devices and tunnels to reach a destination. Each virtual network device processes and forwards the data packet according to the VNI and VRF information of the data packet, so as to ensure that the data packet is correctly transmitted in the virtual network. Tunneling may facilitate secure data transmission across different networks. Through tunneling information, the system can encapsulate a data packet in another data packet and tunnel to the destination. During the transmission process, the tunnel information will instruct how to package and decapsulate the data packet correctly, so as to ensure that the data packet can reach the destination safely.
In a specific embodiment of the present application, when the network device receives the data packet, routing and forwarding are performed according to the destination IP address information in the data packet. Specifically, the gateway device may determine, according to the lookup routing forwarding table, next hop information of the first data packet in a matching manner. And then, the first data packet is sent to a corresponding network interface or a next router according to the next hop information. Specifically, once it is determined that the next hop of the packet is directed to a tunnel, the system will find the actual underlying transmission path, i.e., the actual data transmission path in the underlying network, based on this tunnel. The system then performs a decapsulation operation on the data packet to extract the inner layer information for subsequent traffic handling and routing.
It can be seen that determining the underlying transmission path based on the next hop information of the first data packet may enable more efficient routing and data transmission.
And 103, creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address, and transmitting the first data packet to the VTEP.
In the above step, after the first packet enters the gateway device, a correct virtual tunnel endpoint needs to be determined to ensure that the first packet can enter the decapsulation logic correctly. Therefore, after the bottom transmission path is obtained based on the processing flow, the inner layer information of the first data packet can be subjected to unpacking operation to complete matching of incoming information, meanwhile, an entry interface and an exit interface of a tunnel are determined, a virtual extended local area network (Virtual Extensible Local Area Network, VXLAN) tunnel endpoint (VXLAN Tunnel Endpoint, VTEP) can be created at the entry position of the tunnel, the safety of data transmission can be enhanced by using the VTEP, the entry into unpacking logic is ensured, and the privacy and the integrity of data in the transmission process are protected.
And 104, under the condition that the first data packet is transmitted to the VTEP, rewriting the virtual IP address of the gateway device to update the source MAC address and the source IP address in the first data packet, and obtaining an updated second data packet.
In a specific embodiment of the present application, in the case that the first data packet is transmitted to the VTEP, that is, to the exit position of the underlying transmission path, the virtual IP address may be rewritten at the exit, and the source MAC address in the first data packet may be updated according to the virtual IP address, so that the virtual IP address may be rewritten to update the source IP address. Thus, the process accurately guides the transmission and information processing of the first data packet, ensures the efficient completion of the encapsulation and rewriting operation, provides necessary guarantee for smooth network communication, and can ensure the correctness of the source MAC address and the source IP address of the data packet in the transmission process and avoid information leakage or data loss. Therefore, the embodiment of the application can improve the efficiency and the safety of data transmission and ensure the reliable transmission of the data among different virtual private clouds.
Step 105, forwarding the second data packet to a second VPC.
In a specific embodiment, the application establishes communication between VPCs through the programmable gateway, and provides greater flexibility, mobility and adaptability for application programs and services, so that the application programs and services can be easily migrated and deployed in different environments. In addition, the embodiment of the application also realizes the mobility of the virtual machine in the cloud by adopting a virtual IP mechanism, and plays the roles of flexibly adjusting the address capacity and enhancing the flexibility and reliability of the service by additionally arranging the VTEP at the inlet position of the bottom transmission path and rewriting the virtual IP address at the outlet position.
Optionally, before determining the bottom layer transmission path corresponding to the first data packet based on the next hop information of the first data packet, the method further includes:
and transmitting the first data packet to a switch in the gateway equipment, and analyzing the first data packet through the switch to obtain the next hop information.
In some embodiments, the first data packet is sent to a switch in the gateway device, and the encapsulated first data packet may be sent to the switch for decapsulation operation, so as to obtain the first data including the carried related data information, for example, a source virtual extended local area network (Virtual Extensible Local Area Network, VXLAN) network identifier (VXLAN Network Identifier, VNI) and the like. The switch analyzes the first data packet, so that information such as a source VNI can be extracted, and corresponding next-hop information, i.e., information indicating to which destination address the data packet should be transmitted, can be matched according to the source VNI. Therefore, after the next hop information is obtained, the gateway equipment can more accurately determine the transmission path of the data packet, ensure that the data packet is transmitted according to the correct route, and further optimize the efficiency and accuracy of data transmission.
It should be noted that the next hop information may indicate the next router or device in the network to which the first data packet should be forwarded. When a first packet arrives at one router, the packet will be sent to the next router until the destination is reached, based on the next hop information that the routing table matches.
Therefore, the embodiment of the application can enhance the reliability and efficiency of the whole data transmission process, ensure that the data packet can be smoothly transmitted between different networks, and reduce possible transmission errors and delays.
Optionally, the parsing, by the switch, the first data packet to obtain the next hop information includes:
the first data packet is subjected to decapsulation operation through the switch, and a source Virtual Network Identifier (VNI) carried in the first data packet is obtained;
Mapping the source VNI to a corresponding broadcast domain and virtual route forwarding VRF in the gateway device;
And under the condition that the broadcast domain and the VRF corresponding to the first data packet are determined, determining the next hop information of the first data packet based on a preset forwarding information table.
In a specific embodiment, the switch may perform a decapsulation operation on the first data packet to obtain a source VNI carried in the data packet. In the network, different virtual networks may be distinguished by different VNIs, so that isolation and management between the virtual networks are achieved. Mapping the source VNI to a corresponding Broadcast Domain (BD) and Virtual Route Forwarding (VRF) in the gateway device, so as to implement association with the corresponding BD and VRF, and ensure that data can be correctly directed between different Broadcast domains and virtual routes, thereby effectively managing and controlling data flow in the network.
Further, after determining the broadcast domain and VRF corresponding to the first packet, next hop information of the first packet may be determined according to a preset forwarding information table (Forwarding Information Base, FIB). The FIB table may be preconfigured in the gateway device, and contains the corresponding next destination information under each BD and VRF, including the pointed-to next tunnel information. Thus, the underlying transmission path of the real underlying network (underlay) can be located by the next tunnel information.
Through the steps, the switch can more accurately analyze the first data packet and determine the next-hop information according to the source VNI mapping and forwarding information table, so that the data packet is ensured to be transmitted according to a correct path, and the efficiency and accuracy of network transmission are improved.
Optionally, the first data packet carries a port number corresponding to a port entering the gateway device, and mapping the source VNI to a corresponding broadcast domain and virtual route forwarding VRF in the gateway device includes:
According to the port number, matching to obtain a corresponding virtual local area network identifier pre-configured in the gateway equipment;
Based on the virtual local area network identifier, determining a broadcast domain and a VRF corresponding to the first data packet;
And mapping the source VNI to a broadcast domain and VRF corresponding to the first data packet.
In still other embodiments, when the first data packet enters the gateway device, the gateway device may acquire a port number carried in the first data packet, and the first data packet may find a port corresponding to the gateway device according to the port number, and access the gateway device from the port. And then, matching the port number with each virtual local area network identifier pre-configured in the gateway equipment, and judging whether the virtual local area network identifier matched with the port number exists or not. When the port number is determined to have the corresponding matched virtual local area network identifier, the virtual network to which the first data packet belongs can be determined through the virtual local area network identifier. Further, by means of the known vlan id, the gateway device may determine, among the specific BD and VRF to which the first data packet should be transmitted, the BD and VRF corresponding to the first data packet.
In this way, after determining the BD and VRF to which the first data packet corresponds, efficient transmission of the data packet may be achieved by mapping the source VNI to the determined BD and VRF, so that the first data packet may be correctly routed to the destination location in the gateway device. Through the above embodiment, the gateway device can accurately analyze and route the first data packet according to the information such as the port number, the virtual local area network identifier, the broadcast domain, the VRF and the like, so as to ensure that the data packet is transmitted according to a correct path, and realize smooth and efficient transmission of network communication.
Optionally, the determining, based on the next hop information of the first data packet, the bottom layer transmission path corresponding to the first data packet includes:
determining a corresponding tunnel based on the next hop information;
and positioning a bottom transmission path corresponding to the first data packet according to the tunnel information of the tunnel.
In some embodiments, when the gateway device receives the first data packet and parses out the next hop information, the gateway device may determine from this information which tunnel should be used to transmit the data packet. The next hop information may include the IP address, MAC address, etc. of the destination device, which may help point to the next tunnel of the first packet. Once the next tunnel is determined, the gateway device may locate the underlying transport path of the data packet based on the information of the tunnel. In addition, the tunnel information may further include a start point, an end point, a transmission protocol, an encryption mode, etc. of the next tunnel, and through these information, it may be helpful to ensure that the first data packet is transmitted according to the expected path.
Through the steps, the gateway device can select a proper tunnel according to the next hop information of the first data packet, and determine the bottom transmission path of the data packet according to the tunnel information. Therefore, the data packet can be ensured to be transmitted according to a correct path and mode, and the efficiency and the safety of network transmission are improved.
Optionally, the first data packet further carries a destination MAC address of the first data packet, and the method further includes:
Checking whether the target MAC address is matched with a target router MAC address RMAC in the gateway equipment or not to obtain a matching result;
Determining a network communication mode based on the matching result, wherein the network communication mode comprises two-layer communication or three-layer communication;
the transmitting the first data packet to the VTEP includes:
and transmitting the first data packet to the VTEP of the bottom transmission path according to the network communication mode.
In a specific embodiment of the present application, the gateway device may determine, by checking whether the destination MAC address in the first data packet matches the destination MAC address configured in the gateway device, a network communication manner between the VPC and the gateway device, and other VPCs according to the matching result. If the matching is successful, the target equipment is directly connected to the gateway equipment, and two-layer communication can be performed; if the matching fails, it indicates that the target device is not in the same LAN, and three layers of communication are needed. And determining whether the two-layer communication or the three-layer communication mode is used for transmitting the data packet according to the matching result of the target MAC address and the RMAC. And transmitting the first data packet to the VTEP on the bottom transmission path according to the determined network communication mode. If the communication is two-layer communication, the data packet can be directly transmitted to the VTEP where the target equipment is located; in the case of three-layer communication, the data packet needs to be routed and forwarded through a router and other devices.
Through the steps, the gateway equipment can determine the network communication mode according to the matching result of the target MAC address and the target MAC address, and transmit the first data packet to the VTEP according to the corresponding communication mode, so that the data packet can reach the target equipment according to a correct path, and the network communication and transmission process can be managed more effectively.
Optionally, the determining a network communication mode based on the matching result includes:
determining that the network communication mode is two-layer communication under the condition that the matching result indicates that the target MAC address is matched with the target router MAC address;
And under the condition that the matching result indicates that the target MAC address is not matched with the target router MAC address, determining that the network communication mode is three-layer communication.
In some embodiments, the decision to use a two-layer or three-layer network communication scheme may be made by checking whether the destination MAC (Destination Mac) address of the first VPC matches the destination router MAC address of the gateway device. In this way, the most suitable network path for data packet transmission can be selected based on the obtained matching result to achieve an efficient data transmission and communication strategy.
Further, when the matching result shows that the target MAC address is consistent with the target router MAC address, the network communication mode that can be selected is two-layer communication. In this case, the first packet will be transmitted directly through the two-layer switch within the local area network without going through the routing function of the router. When the MAC address of the target router is not matched with the target MAC address in the first data packet, the network communication mode is three-layer communication. In this case, the first VPC may send the first data packet to the gateway device, and the router as a default gateway device will receive the first data packet and route forward according to the target IP address. The first data packet is transmitted through the router among different networks by the router function of the router, and finally reaches the target router corresponding to the second VPC.
The method for determining the communication mode according to the matching result of the target MAC address and the target router MAC address is beneficial to the gateway equipment to correctly select the communication path in the data packet transmission process, and improves the efficiency and the safety of network communication.
In yet another embodiment of the present application, as shown in fig. 5, the data information may be written into the hardware chip, specifically by a writing module (which may be an Agent module) into a first database in the database container, such as a database (Configuration Database, config_db) for storing switch configuration information. Subsequently, a process (e.g., process a, which may also be named "peermgr") may be introduced in the service (SWITCH STATE SERVICE, SWSS) container for managing switch state information for subscribing to the tables of the newly written database. Thus, according to the written information, including virtual IP information, speed limit policy configuration, source VNI, and the like, different adjustments can be made according to different information contents. This information is employed for interaction with a client (server) in an automated deployment tool (syncd container) for subsequent operations. And the client and the server are connected, so that efficient transmission of data is realized. In this embodiment, the server further interacts with the user space (user space) of the client and finally starts the driving operation, successfully writes the data into the kernel space (KERNEL SPACE) of the chip, and sends the next-hop information (ASIC forward tables) to the data plane (ASIC DATAPLANE) of the asic. Application-SPECIFIC INTEGRATED Circuit (ASIC) Application specific integrated circuits.
In the above embodiment of the present application, by integrating multiple processes of data writing, data is transmitted from data to data writing to a database, and then to cooperation of different processes, and finally, hardware chip writing and communication connection with a hardware chip are realized. It can be seen that with this hierarchical structure, data can be efficiently transferred and a write operation of chip operation can be realized.
In a specific embodiment of the present application, as shown in fig. 3, fig. 3 is a process flow chart of performing network address conversion in a gateway device in an embodiment of the present application, where the following steps are applied to the gateway device, and specifically, the conversion of a network address may be implemented by the following steps:
step 111, receiving a first data packet sent by a first virtual private cloud VPC, and analyzing a message field of the first data packet;
step 112, setting BD and VRF corresponding to the first data packet according to the inlet port index of the gateway device;
In the steps, the data can be ensured to be correctly and directionally transferred between different broadcast domains and virtual routes, so that the data flow in the network is effectively managed and controlled.
Step 113, determining whether VXLAN hits, e.g., checks to see if the destination MAC address and identifier of the first packet matches the configuration of the current gateway device;
It can be appreciated that the above steps may enable the gateway device to route the first data packet to the correct virtual network according to the configured rule by determining whether the VXLAN data packet hits, so as to implement isolation between different virtual networks. Specific security policies, such as access control, traffic filtering, etc., may also be implemented based on the hit of the first packet. The method can also be used as a basis for monitoring and managing the flow in the virtual network by a network manager, so that the normal operation and the performance optimization of the network are ensured.
Step 114, in case of VXLAN hit, determining Vtep if it is hit, e.g. checking in the gateway device if the destination MAC address and identifier of the first packet match the current VTEP configuration; otherwise, ending the flow;
Step 115, under the condition of Vtep hit, analyzing the bottom layer transmission path, mapping the source VNI of the first data packet to the corresponding BD and VRF in the gateway device, and then executing step 117;
Step 116, under the condition of Vtep hit, receiving a first data packet sent by the first virtual private cloud VPC, analyzing a message field of the first data packet, and then executing step 117;
117, checking whether the target MAC address of the first data packet is matched with the target router MAC address in the gateway equipment under the condition of Vtep hit, obtaining a matching result, and determining a network communication mode based on the matching result; otherwise, in the case of Vtep miss, the flow ends;
It should be noted that, the determining process of the network communication method in the above step is determined based on the matching result of the target MAC address, so as to be helpful to select the most suitable network communication path to implement effective data transmission and communication policy.
Step 118, determining the next hop information according to vrf and the destination IP address;
step 119, setting a corresponding tunnel according to the index of the next hop information, and acquiring a bottom layer transmission path (underly) and a physical output port according to the tunnel index;
Step 120, writing the internal Ethernet and IP header information into the newly added external packet header, and removing the internal Ethernet packet header, the internal IP and the vxlan header;
step 121, setting BD, tunnel ID, tunnel type, and rewriting outer mac address;
Step 122, setting a source MAC address index according to the set BD, and rewriting a time-to-live (ttl) of the internet protocol version 4 (IPV 4) of the first packet and a Source MAC Address (SMAC) of the first packet;
Step 123, assigning the processed mac header to an inner mac header by matching tunnel types of tunnels, and sequentially encapsulating an external IPV4 header, a vxlan header, and a user datagram protocol (User datagram protocol, udp) header;
In the above step, the length of the first data packet may be rewritten, so that the first data packet is forwarded by the underly.
Step 124, rewriting the target mac address of the underley according to the underley route, and rewriting the index of the source mac address according to the BD;
Step 125, rewriting the outer layer tunnel (src_ip) address into the virtual IP address (VIP) of the gateway device, and rewriting the destination IP address of the tunnel;
Step 126, rewriting the external source mac address according to the index of the target mac address of the rewritten underley.
It should be noted that, in the above alternative embodiments, reference may be made to the related description in the embodiment shown in fig. 2, and in order to avoid repetitive description, this embodiment is not repeated.
Referring to fig. 4, fig. 4 is a flowchart of a process for rewriting a virtual IP address of a gateway device according to an embodiment of the present application, where the embodiment in the flowchart may be applied to the gateway device, and specifically includes the following steps:
Step 131, receiving a first data packet sent by a first virtual private cloud VPC, and analyzing a message field of the first data packet;
step 132, setting BD, VRF and target router MAC addresses corresponding to the first data packet according to the inlet port index of the gateway device;
step 133, checking whether the target MAC address of the first data packet is matched with the target router MAC address in the gateway equipment, obtaining a matching result, and determining a network communication mode according to the matching result;
step 134, decapsulating the first data packet;
step 135, analyzing the first data packet to obtain a bottom transmission path corresponding to the first data packet, and mapping the source VNI of the first data packet to the BD and the VRF corresponding to the gateway device;
step 136, modifying the internal file (ig_md.lkp) information in the gateway equipment according to the internal IP header information of the gateway equipment;
step 137, judging whether the inner mac address hits or not;
Step 138, determining the next hop information of the first data packet based on a preset forwarding information table under the condition that whether the inner mac address hits or not and the broadcast domain and the VRF corresponding to the first data packet are determined; otherwise, ending the flow;
step 139, determining a corresponding tunnel based on the next hop information; positioning a bottom layer transmission path (underlay) corresponding to the first data packet and a destination mac address and a physical output port of the bottom layer transmission path (underlay) according to the tunnel information of the tunnel;
Step 140, writing the internal Ethernet and IP header information into the newly added external packet header, and removing the internal Ethernet packet header, the internal IP and the vxlan header;
Step 141, rewriting the target MAC address of the overlay (overlay) network packet, and setting BD and VNI;
Step 142, setting a source MAC address index according to the set BD;
step 143, rewriting the source MAC address according to the virtual IP address (VIP) and the source MAC address index of the gateway device;
step 144, packaging the outer layer header, and rewriting the target MAC address of the underley according to the underley route;
step 145, modifying the tunnel (src_ip) address according to the tunnel type, and rewriting the src_ip address according to the VIP.
It can be understood that the above embodiments accurately exemplify the transmission and information processing processes of the data packet, ensure the efficient completion of the decapsulation and the rewriting operations, and provide necessary guarantee for the smooth implementation of network communication.
It should be further noted that, in the above alternative embodiments, reference may be made to the related description in the embodiment shown in fig. 2, and this embodiment will not be repeated for the sake of avoiding repeated description.
It should be noted that in a computer network, traffic differentiation refers to classifying or separating data streams transmitted by the network according to different standards or characteristics so as to manage, control and optimize the data streams. Traffic differentiation may be used to implement different network policies, quality of service (Quality of Service, qoS), and security measures. The embodiment of the application can be applied to the following flow distinguishing mode, helps to manage, optimize and ensure the safety of the network, and helps a network manager to better understand, analyze and cope with different types of network flows.
Specifically, the flow rate distinguishing manner may include the following manners:
Application layer traffic differentiation: classification is based on traffic of the application or protocol. For example, web traffic, video streams, voice over IP (Voice over Internet Protocol, voIP) traffic, etc. are differentiated to provide appropriate optimization and bandwidth allocation for different types of traffic;
Protocol layer traffic differentiation: classification is based on transport protocols such as transmission control protocol (Transmission Control Protocol, TCP), user datagram protocol (User Datagram Protocol, UDP). This may be used to distinguish between different protocol traffic in order to apply different policies to different protocols;
source/destination address traffic differentiation: traffic is classified based on either the source IP address or the destination IP address. This may be used to enable network segmentation, traffic isolation, and traffic control for a particular source or destination;
Port traffic differentiation: classifying traffic based on source ports or destination ports, commonly used to identify and manage traffic for a particular application or service;
Time traffic differentiation: classifying the flow according to different time periods, for example, controlling the flow differently in the peak period and the low peak period according to the time periods;
mass flow differentiation: classifying traffic based on its characteristics (e.g., latency, bandwidth requirements) to provide different quality of service guarantees for different traffic;
safety traffic differentiation: normal traffic is distinguished from potentially malicious traffic (e.g., distributed denial of Service (DDoS) attacks, malicious code propagation, etc.) in order to take appropriate security measures.
In yet another embodiment of the present application, as shown in fig. 6, there is further provided a data transmission apparatus 200, applied to a gateway device, the apparatus including:
A receiving module 201, configured to receive a first data packet sent by a first VPC, where the first data packet carries a source IP address and a source MAC address of the first VPC;
A first determining module 202, configured to determine a bottom layer transmission path corresponding to the first data packet based on next hop information of the first data packet;
The transmission module is used for creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address and transmitting the first data packet to the VTEP;
The rewriting module is configured to rewrite a virtual IP address of the gateway device to update the source MAC address and the source IP address in the first data packet to obtain an updated second data packet when the first data packet is transmitted to the VTEP;
and the forwarding module is used for forwarding the second data packet to a second VPC.
Optionally, before determining the bottom layer transmission path corresponding to the first data packet based on the next hop information of the first data packet, the apparatus further includes:
And the acquisition module is used for transmitting the first data packet to a switch in the gateway equipment, and analyzing the first data packet through the switch to acquire the next hop information.
Optionally, the acquiring module includes:
a first obtaining sub-module, configured to perform a decapsulation operation on the first data packet by using the switch, to obtain a source virtual network identifier VNI carried in the first data packet;
A mapping sub-module, configured to map the source VNI to a corresponding broadcast domain and virtual route forwarding VRF in the gateway device;
and the first determining submodule is used for determining the next hop information of the first data packet based on a preset forwarding information table under the condition of determining the broadcast domain and the VRF corresponding to the first data packet.
Optionally, the first data packet carries a port number corresponding to a port entering the gateway device, and the mapping submodule includes:
the matching unit is used for matching to obtain a corresponding virtual local area network identifier pre-configured in the gateway equipment according to the port number;
A first determining unit, configured to determine, based on the virtual local area network identifier, a broadcast domain and a VRF corresponding to the first data packet;
and the mapping unit is used for mapping the source VNI to the broadcast domain and the VRF corresponding to the first data packet.
Optionally, the determining module includes:
a second determining submodule, configured to determine a corresponding tunnel based on the next hop information;
And the positioning sub-module is used for positioning the bottom transmission path corresponding to the first data packet according to the tunnel information of the tunnel.
Optionally, the first data packet further carries a destination MAC address of the first data packet, and the apparatus further includes:
The matching module is used for checking whether the target MAC address is matched with the target router MAC address RMAC in the gateway equipment or not to obtain a matching result;
The second determining module is used for determining a network communication mode based on the matching result, wherein the network communication mode comprises two-layer communication or three-layer communication;
The transmission module includes:
And the transmission sub-module is used for transmitting the first data packet to the VTEP of the bottom transmission path according to the network communication mode.
Optionally, the second determining module includes:
The second determining unit is used for determining that the network communication mode is two-layer communication under the condition that the matching result indicates that the target MAC address is matched with the target router MAC address;
and the third determining unit is used for determining that the network communication mode is three-layer communication under the condition that the matching result indicates that the target MAC address is not matched with the target router MAC address.
Note that, as a device-side implementation manner corresponding to the embodiment shown in fig. 1, reference may be made to the description of the embodiment shown in fig. 1, and in order to avoid repetitive description, the description of this embodiment is omitted.
As shown in fig. 7, the embodiment of the application further provides a data transmission device. Since the principle of the data transmission device for solving the problem is similar to that of the data transmission method in the embodiment of the present application, the implementation of the data transmission device can refer to the implementation of the method, and the repetition is omitted. As shown in fig. 7, the data transmission device of the embodiment of the present application includes:
the processor 600, configured to read the program in the memory 620, performs the following procedures:
Receiving a first data packet sent by a first virtual private cloud VPC through a transceiver 610, where the first data packet carries a source IP address and a source MAC address of the first VPC;
determining a bottom transmission path corresponding to the first data packet based on next hop information of the first data packet;
Creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address, and transmitting the first data packet to the VTEP through a transceiver 610;
Under the condition that the first data packet is transmitted to the VTEP, rewriting a virtual IP address of the gateway equipment so as to update the source MAC address and the source IP address in the first data packet and obtain an updated second data packet;
forwarding the second data packet to a second VPC through transceiver 610;
a transceiver 610 for receiving and transmitting data under the control of the processor 600.
Wherein in fig. 7, a bus architecture may comprise any number of interconnected buses and bridges, and in particular one or more processors represented by the processor 600 and various circuits of the memory represented by the memory 620, linked together. The bus architecture may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are well known in the art and, therefore, will not be described further herein. The bus interface provides an interface. Transceiver 610 may be a number of elements, including a transmitter and a receiver, providing a means for communicating with various other apparatus over a transmission medium. The user interface 630 may also be an interface capable of interfacing with an inscribed desired device for different user devices, including but not limited to a keypad, display, speaker, microphone, joystick, etc.
The processor 600 is responsible for managing the bus architecture and general processing, and the memory 620 may store data used by the processor 600 in performing operations.
Optionally, the processor 600 is further configured to read from the memory 520, and perform the following steps:
and transmitting the first data packet to a switch in the gateway equipment, and analyzing the first data packet through the switch to obtain the next hop information.
Optionally, the processor 600 is further configured to read from the memory 520, and perform the following steps:
the first data packet is subjected to decapsulation operation through the switch, and a source Virtual Network Identifier (VNI) carried in the first data packet is obtained;
Mapping the source VNI to a corresponding broadcast domain and virtual route forwarding VRF in the gateway device;
And under the condition that the broadcast domain and the VRF corresponding to the first data packet are determined, determining the next hop information of the first data packet based on a preset forwarding information table.
Optionally, the first data packet carries a port number corresponding to a port entering the gateway device;
the processor 600 is further configured to read from the memory 520, and perform the following steps:
According to the port number, matching to obtain a corresponding virtual local area network identifier pre-configured in the gateway equipment;
Based on the virtual local area network identifier, determining a broadcast domain and a VRF corresponding to the first data packet;
And mapping the source VNI to a broadcast domain and VRF corresponding to the first data packet.
Optionally, the processor 600 is further configured to read from the memory 520, and perform the following steps:
determining a corresponding tunnel based on the next hop information;
and positioning a bottom transmission path corresponding to the first data packet according to the tunnel information of the tunnel.
Optionally, the processor 600 is further configured to read from the memory 520, and perform the following steps:
Checking whether the target MAC address is matched with a target router MAC address RMAC in the gateway equipment or not to obtain a matching result;
Determining a network communication mode based on the matching result, wherein the network communication mode comprises two-layer communication or three-layer communication;
the transmitting the first data packet to the VTEP includes:
The first data packet is transmitted to the VTEP of the underlying transmission path via transceiver 610 in the network communication mode.
Optionally, the processor 600 is further configured to read from the memory 520, and perform the following steps:
determining that the network communication mode is two-layer communication under the condition that the matching result indicates that the target MAC address is matched with the target router MAC address;
And under the condition that the matching result indicates that the target MAC address is not matched with the target router MAC address, determining that the network communication mode is three-layer communication.
The data transmission device provided by the embodiment of the present application may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein.
The embodiment of the application also provides an electronic device, which comprises a processor, a memory, and a program or an instruction stored in the memory and capable of running on the processor, wherein the program or the instruction realizes each process of the embodiment of the data transmission method shown in fig. 1 when being executed by the processor, and can achieve the same technical effect, and the repetition is avoided, so that the description is omitted.
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the processes of the above-mentioned data transmission method embodiment, and can achieve the same technical effects, and in order to avoid repetition, the description is omitted here. Wherein the computer readable storage medium is selected from Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk.
The embodiment of the present application further provides a computer program product, which includes computer instructions, where the computer instructions, when executed by a processor, implement each process of the embodiment of the method shown in fig. 1 and achieve the same technical effects, and in order to avoid repetition, are not described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present application.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are to be protected by the present application.
Claims (12)
1. A data transmission method, applied to a gateway device, the method comprising:
receiving a first data packet sent by a first Virtual Private Cloud (VPC), wherein the first data packet carries a source IP address and a source MAC address of the first VPC;
determining a bottom transmission path corresponding to the first data packet based on next hop information of the first data packet;
Creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address, and transmitting the first data packet to the VTEP;
Under the condition that the first data packet is transmitted to the VTEP, rewriting a virtual IP address of the gateway equipment so as to update the source MAC address and the source IP address in the first data packet and obtain an updated second data packet;
Forwarding the second data packet to a second VPC.
2. The method of claim 1, wherein before determining the underlying transmission path corresponding to the first data packet based on the next hop information of the first data packet, the method further comprises:
and transmitting the first data packet to a switch in the gateway equipment, and analyzing the first data packet through the switch to obtain the next hop information.
3. The method of claim 2, wherein the parsing, by the switch, the first data packet to obtain the next hop information comprises:
the first data packet is subjected to decapsulation operation through the switch, and a source Virtual Network Identifier (VNI) carried in the first data packet is obtained;
Mapping the source VNI to a corresponding broadcast domain and virtual route forwarding VRF in the gateway device;
And under the condition that the broadcast domain and the VRF corresponding to the first data packet are determined, determining the next hop information of the first data packet based on a preset forwarding information table.
4. A method according to claim 3, wherein the first data packet carries a port number corresponding to a port into the gateway device, and the mapping the source VNI to a corresponding broadcast domain and virtual route forwarding VRF in the gateway device comprises:
According to the port number, matching to obtain a corresponding virtual local area network identifier pre-configured in the gateway equipment;
Based on the virtual local area network identifier, determining a broadcast domain and a VRF corresponding to the first data packet;
And mapping the source VNI to a broadcast domain and VRF corresponding to the first data packet.
5. The method according to any one of claims 1 to 4, wherein the determining an underlying transmission path corresponding to the first data packet based on next hop information of the first data packet includes:
determining a corresponding tunnel based on the next hop information;
and positioning a bottom transmission path corresponding to the first data packet according to the tunnel information of the tunnel.
6. The method of claim 1, wherein the first data packet further carries a destination MAC address of the first data packet, the method further comprising:
Checking whether the target MAC address is matched with a target router MAC address RMAC in the gateway equipment or not to obtain a matching result;
Determining a network communication mode based on the matching result, wherein the network communication mode comprises two-layer communication or three-layer communication;
the transmitting the first data packet to the VTEP includes:
and transmitting the first data packet to the VTEP of the bottom transmission path according to the network communication mode.
7. The method of claim 6, wherein determining a network communication mode based on the matching result comprises:
determining that the network communication mode is two-layer communication under the condition that the matching result indicates that the target MAC address is matched with the target router MAC address;
And under the condition that the matching result indicates that the target MAC address is not matched with the target router MAC address, determining that the network communication mode is three-layer communication.
8. A data transmission apparatus for use with a gateway device, the apparatus comprising:
The receiving module is used for receiving a first data packet sent by a first Virtual Private Cloud (VPC), wherein the first data packet carries a source IP address and a source MAC address of the first VPC;
the determining module is used for determining a bottom transmission path corresponding to the first data packet based on the next hop information of the first data packet;
The transmission module is used for creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address and transmitting the first data packet to the VTEP;
The rewriting module is configured to rewrite a virtual IP address of the gateway device to update the source MAC address and the source IP address in the first data packet to obtain an updated second data packet when the first data packet is transmitted to the VTEP;
and the forwarding module is used for forwarding the second data packet to a second VPC.
9. A data transmission device comprising a processor and a transceiver, the transceiver configured to:
receiving a first data packet sent by a first Virtual Private Cloud (VPC), wherein the first data packet carries a source IP address and a source MAC address of the first VPC;
The processor is configured to:
determining a bottom transmission path corresponding to the first data packet based on next hop information of the first data packet;
The transceiver is used for:
Creating a virtual extended local area network tunnel endpoint (VTEP) of the bottom layer transmission path according to the source IP address, and transmitting the first data packet to the VTEP;
The processor is configured to:
Under the condition that the first data packet is transmitted to the VTEP, rewriting a virtual IP address of gateway equipment to update the source MAC address and the source IP address in the first data packet, and obtaining an updated second data packet;
The transceiver is used for:
Forwarding the second data packet to a second VPC.
10. An electronic device, comprising: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the data transmission method according to any one of claims 1 to 7.
11. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the data transmission method according to any of claims 1 to 7.
12. A computer program product comprising computer instructions which, when executed by a processor, implement the steps of the data transmission method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410535599.2A CN118233379A (en) | 2024-04-30 | 2024-04-30 | Data transmission method, apparatus, device, storage medium and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410535599.2A CN118233379A (en) | 2024-04-30 | 2024-04-30 | Data transmission method, apparatus, device, storage medium and program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118233379A true CN118233379A (en) | 2024-06-21 |
Family
ID=91499541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410535599.2A Pending CN118233379A (en) | 2024-04-30 | 2024-04-30 | Data transmission method, apparatus, device, storage medium and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118233379A (en) |
-
2024
- 2024-04-30 CN CN202410535599.2A patent/CN118233379A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10862732B2 (en) | Enhanced network virtualization using metadata in encapsulation header | |
| US10237230B2 (en) | Method and system for inspecting network traffic between end points of a zone | |
| US11671367B1 (en) | Methods and apparatus for improving load balancing in overlay networks | |
| CN107770066B (en) | Cross-host, cross-VLAN and cross-cluster Docker container diversion method | |
| US9967185B1 (en) | Interface for extending service capabilities of a network device | |
| US8725898B1 (en) | Scalable port address translations | |
| US7738457B2 (en) | Method and system for virtual routing using containers | |
| CN111130981B (en) | Proxy response method and device for MAC address | |
| CN111937358B (en) | Multiple VRF generic device internet protocol addresses for fabric edge devices | |
| US20150135178A1 (en) | Modifying virtual machine communications | |
| CN112671628A (en) | Business service providing method and system | |
| US20220239629A1 (en) | Business service providing method and system, and remote acceleration gateway | |
| CN112511431B (en) | Routing flow fusion method for virtual network simulation | |
| CN115442184B (en) | Access system and method, access server, system and storage medium | |
| CN116418632A (en) | Message processing method, device, equipment and machine-readable storage medium | |
| Ranjbar et al. | Domain isolation in a multi-tenant software-defined network | |
| CN116762320A (en) | Traffic flow based mapping cache flushing for supporting device and dynamic policy updating thereof | |
| US11818035B2 (en) | Augmented routing of data | |
| CN116488958A (en) | Gateway processing method, virtual access gateway, virtual service gateway and related equipment | |
| CN115834291B (en) | Distributed intranet service data acquisition method, device, equipment and storage medium | |
| CN113596192B (en) | Communication method, device, equipment and medium based on gatekeeper networking | |
| US20150100625A1 (en) | Data Transmission System | |
| CN115834472A (en) | Message processing method, forwarding strategy obtaining method and device | |
| CN113542441B (en) | Communication processing method and device | |
| CN118233379A (en) | Data transmission method, apparatus, device, storage medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |