WO2021073565A1

WO2021073565A1 - Service providing method and system

Info

Publication number: WO2021073565A1
Application number: PCT/CN2020/121093
Authority: WO
Inventors: 伍孝敏
Original assignee: 华为技术有限公司
Priority date: 2019-10-15
Filing date: 2020-10-15
Publication date: 2021-04-22
Also published as: CN112671628A; CN112671628B

Abstract

Disclosed is a service providing method, belonging to the technical field of communications. The method comprises: a transparent acceleration gateway receiving a first overlay message sent by a remote acceleration gateway, wherein the first overlay message encapsulates a first service request message, a source IP address of the first service request message is an IP address of a client, a destination IP address is an IP address of a public network associated with a virtual machine, and the first overlay message carries an IP address of the remote acceleration gateway; the transparent acceleration gateway decapsulating the first overlay message to obtain a first service request message, encapsulating the first service request message to produce a second overlay message, sending the second overlay message to a virtual forwarding device, and the transparent acceleration gateway establishing a correspondence between the IP address of the remote acceleration gateway and the IP address of the client; and the virtual forwarding device decapsulating the second overlay message to obtain the first service request message, and sending the first service request message to the virtual machine. The present application realizes source address transparent transmission of a service request message.

Description

业务服务提供方法及***Business service providing method and system

技术领域Technical field

本申请涉及通信技术领域，特别涉及一种业务服务提供方法及***。This application relates to the field of communication technology, and in particular to a method and system for providing business services.

背景技术Background technique

随着云计算技术的快速发展，已有越来越多的用户使用云服务。用户可以通过客户端访问云服务提供端，以请求云服务提供端向客户端提供云服务，云服务提供端可根据客户端的请求向客户端提供云服务。With the rapid development of cloud computing technology, more and more users have used cloud services. The user can access the cloud service provider through the client to request the cloud service provider to provide cloud services to the client, and the cloud service provider can provide cloud services to the client according to the client's request.

相关技术中，客户端请求云服务提供端提供云服务的过程为：客户端向远端加速网关发送业务请求报文，远端加速网关在接收到该业务请求报文后，先对该业务请求报文进行源/目的网络地址转换(full network address translation，FullNAT)，即对该业务请求报文的源地址和目的地址均执行地址转换操作，然后将地址转换后的业务请求报文通过全球骨干网发送至云服务提供端，以通过该业务请求报文请求云服务提供端向客户端提供云服务。云服务提供端向客户端提供该业务请求报文所请求的云服务的过程为：云服务提供端将针对该业务请求报文的业务响应报文通过全球骨干网发送至远端加速网关，远端加速网关在接收到该业务响应报文后，先对该业务响应报文进行源/目的网络地址转换，再将地址转换后的业务响应报文发送至客户端，以使客户端使用业务请求报文所请求的云服务。In related technologies, the process of a client requesting a cloud service provider to provide cloud services is as follows: the client sends a service request message to the remote acceleration gateway, and the remote acceleration gateway first requests the service after receiving the service request message The message performs source/destination network address translation (full network address translation, FullNAT), that is, the source address and destination address of the service request message are translated, and then the service request message after the address translation is passed through the global backbone The network is sent to the cloud service provider to request the cloud service provider to provide cloud services to the client through the business request message. The process for the cloud service provider to provide the cloud service requested by the service request message to the client is as follows: the cloud service provider sends a service response message for the service request message to the remote acceleration gateway through the global backbone network. After receiving the service response message, the end acceleration gateway first performs source/destination network address conversion on the service response message, and then sends the service response message after the address conversion to the client, so that the client can use the service request The cloud service requested by the message.

但是，在客户端请求云服务提供端提供云服务的过程中，由于远端加速网关对业务请求报文的源地址执行了转换操作，导致云服务提供端较难获知业务请求报文的源地址。However, when the client requests the cloud service provider to provide cloud services, it is difficult for the cloud service provider to know the source address of the service request message because the remote acceleration gateway performs a conversion operation on the source address of the service request message .

发明内容Summary of the invention

本申请提供了一种业务服务提供方法及***，可以解决目前的虚拟机较难获知请求报文的源地址的问题。The present application provides a business service providing method and system, which can solve the problem that it is difficult for current virtual machines to know the source address of the request message.

第一方面，提供了一种业务服务提供方法，该业务服务提供方法应用于业务服务提供***，该业务服务提供***包括透明加速网关、虚拟转发设备和虚拟机，该虚拟机用于向客户端提供业务服务，该方法包括：透明加速网关接收远端加速网关发送的第一叠加报文，第一叠加报文封装有第一业务请求报文，第一业务请求报文的源互联网协议IP地址是客户端的IP地址，目的IP地址是虚拟机关联的公网IP地址，第一叠加报文携带有远端加速网关的IP地址；透明加速网关对第一叠加报文解封装以获取第一业务请求报文，对第一业务请求报文进行封装以产生第二叠加报文，将第二叠加报文发送至虚拟转发设备，透明加速网关建立远端加速网关的IP地址以及客户端的IP地址的对应关系；虚拟转发设备对第二叠加报文解封装以获取第一业务请求报文，将第一业务请求报文发送至虚拟机。In the first aspect, a business service provision method is provided. The business service provision method is applied to a business service provision system. The business service provision system includes a transparent acceleration gateway, a virtual forwarding device, and a virtual machine. To provide business services, the method includes: the transparent acceleration gateway receives a first superimposed message sent by a remote acceleration gateway, the first superimposed message encapsulates a first service request message, and the source Internet Protocol IP address of the first service request message Is the client's IP address, the destination IP address is the public network IP address associated with the virtual machine, the first overlay message carries the IP address of the remote acceleration gateway; the transparent acceleration gateway decapsulates the first overlay message to obtain the first service Request message, encapsulate the first service request message to generate a second overlay message, send the second overlay message to the virtual forwarding device, and the transparent acceleration gateway establishes the IP address of the remote acceleration gateway and the IP address of the client Correspondence: the virtual forwarding device decapsulates the second overlay message to obtain the first service request message, and sends the first service request message to the virtual machine.

在本申请实施例提供的业务服务提供方法中，由于在将业务请求报文发送至虚拟机的过程中，没有对业务请求报文的源IP地址进行地址转换，发送至虚拟机的业务请求报文的源IP地址仍为客户端的IP地址，使得虚拟机能够获知其接收到的业务请求报文的源IP地址，实现了业务请求报文的源地址透传，因此，能够便于虚拟机根据该源IP地址进行实现统计分析等功能。In the service provision method provided by the embodiment of the present application, since the source IP address of the service request message is not translated during the process of sending the service request message to the virtual machine, the service request message sent to the virtual machine is not translated. The source IP address of the message is still the client's IP address, so that the virtual machine can learn the source IP address of the service request message it receives, and the source address of the service request message is transparently transmitted. The source IP address performs statistical analysis and other functions.

其中，虚拟机也可以为容器等能够提供业务服务的其他***或设备。Among them, the virtual machine can also be other systems or devices that can provide business services, such as containers.

在一种可实现方式中，虚拟转发设备为虚拟交换机，虚拟机关联的公网IP地址为与虚拟机绑定的公网IP地址。In an implementation manner, the virtual forwarding device is a virtual switch, and the public network IP address associated with the virtual machine is a public network IP address bound to the virtual machine.

在另一种可实现方式中，虚拟转发设备为负载均衡器，负载均衡器为虚拟机提供负载均衡服务，虚拟机关联的公网IP地址为与负载均衡器绑定的公网IP地址。In another possible implementation manner, the virtual forwarding device is a load balancer, the load balancer provides a load balancing service for the virtual machine, and the public network IP address associated with the virtual machine is the public network IP address bound to the load balancer.

在又一种可实现方式中，虚拟转发设备为IPV6网关，虚拟机关联的公网IP地址为虚拟机的公网IPV6地址。In another achievable manner, the virtual forwarding device is an IPV6 gateway, and the public IP address associated with the virtual machine is the public IPV6 address of the virtual machine.

在再一种可实现方式中，虚拟转发设备为VPN网关，虚拟机关联的公网IP地址为与VPN网关绑定的公网IP地址。In another achievable manner, the virtual forwarding device is a VPN gateway, and the public network IP address associated with the virtual machine is a public network IP address bound to the VPN gateway.

在还一种可实现方式中，当虚拟转发设备为NAT网关时，虚拟机关联的公网IP地址为与NAT网关绑定的公网IP地址。In another achievable manner, when the virtual forwarding device is a NAT gateway, the public network IP address associated with the virtual machine is the public network IP address bound to the NAT gateway.

其中，透明加速网关建立远端加速网关的IP地址以及客户端的IP地址的对应关系，可以包括：透明加速网关获取第一叠加报文携带的远端加速网关的IP地址；透明加速网关获取第一业务请求报文的源地址，其中，第一业务请求报文的源地址是客户端的IP地址；透明加速网关记录远端加速网关的IP地址以及客户端的IP地址的对应关系。Wherein, the transparent acceleration gateway establishing the correspondence between the IP address of the remote acceleration gateway and the IP address of the client may include: the transparent acceleration gateway obtains the IP address of the remote acceleration gateway carried in the first overlay message; the transparent acceleration gateway obtains the first The source address of the service request message, where the source address of the first service request message is the IP address of the client; the transparent acceleration gateway records the correspondence between the IP address of the remote acceleration gateway and the IP address of the client.

通过透明加速网关记录该客户端的IP地址与第一叠加报文携带的远端加速网关的IP地址的对应关系，能够在回源时，通过查询该对应关系，确定将业务响应报文发送至该客户端的远端加速网关，以确保回源过程。The transparent acceleration gateway records the corresponding relationship between the client's IP address and the remote acceleration gateway's IP address carried in the first superimposed packet, and when returning to the source, the corresponding relationship can be inquired to determine that the service response packet is sent to this The remote end of the client accelerates the gateway to ensure the process of returning to the source.

需要说明的是，该对应关系也可以是客户端的IP地址与包括第一业务请求报文的源IP地址在内的二元组、三元组、四元组或五元组的对应关系。It should be noted that the corresponding relationship may also be the corresponding relationship between the IP address of the client and the two-tuple, three-tuple, four-tuple, or five-tuple including the source IP address of the first service request message.

并且，该对应关系还可以是客户端的IP地址、网络标识符与包括第一业务请求报文的源IP地址在内的二元组、三元组、四元组或五元组的对应关系。该网络标识符是指传输封装有第一业务请求报文的叠加报文时，所使用的叠加网络的网络标识符。In addition, the corresponding relationship may also be the corresponding relationship between the client's IP address, the network identifier, and the two-tuple, three-tuple, four-tuple, or five-tuple including the source IP address of the first service request message. The network identifier refers to the network identifier of the overlay network used when the overlay message encapsulated with the first service request message is transmitted.

由于在使用叠加网络传输封装有第一业务请求报文的叠加报文时，需要根据网络标识符确定需要使用的叠加网络，并采用该网络标识符指示的叠加网络传输叠加报文，并且，在相关技术中，该网络标识符需要人工手动设置，因此，在本申请实施例中，通过根据传输第一业务请求报文时所使用的叠加网络的网络标识符进行地址学习，可以根据该地址学习建立的对应关系，使得能够自动化地确定用于发送目的IP地址为该第一业务请求报文的源IP地址的叠加报文的叠加网络的网络标识符，即实现该网络标识符的自动化配置，能够减小该网络标识符配置过程中的人工干预，提高了该叠加报文的发送效率和准确性。Because when using the overlay network to transmit the overlay message encapsulated with the first service request message, it is necessary to determine the overlay network to be used according to the network identifier, and use the overlay network indicated by the network identifier to transmit the overlay message, and In the related art, the network identifier needs to be manually set manually. Therefore, in the embodiment of the present application, by performing address learning according to the network identifier of the overlay network used when transmitting the first service request message, the address learning can be performed The established correspondence makes it possible to automatically determine the network identifier of the overlay network used to send the overlay message whose destination IP address is the source IP address of the first service request message, that is, to realize the automatic configuration of the network identifier, The manual intervention in the configuration process of the network identifier can be reduced, and the transmission efficiency and accuracy of the superimposed message can be improved.

可选的，在虚拟转发设备将第一业务请求报文发送至虚拟机之后，方法还包括：虚拟转发设备接收虚拟机根据第一业务请求报文发送的第一业务响应报文，对第一业务响应报文进行封装以产生第三叠加报文，将第三叠加报文发送至透明加速网关，第一业务响应报文的源地址是虚拟机关联的公网IP地址，目的地址是客户端的IP地址；透明加速网关对第三叠加报文解封装以获取第一业务响应报文，根据第一业务响应报文的目的IP地址，从对应关系获取远端加速网关的IP地址，对第一业务响应报文进行封装以产生第四叠加报文，根据远端加速网关的IP地址将第四叠加报文发送至远端加速网关。Optionally, after the virtual forwarding device sends the first service request message to the virtual machine, the method further includes: the virtual forwarding device receives the first service response message sent by the virtual machine according to the first service request message, and responds to the first service request message. The service response message is encapsulated to generate a third overlay message, and the third overlay message is sent to the transparent acceleration gateway. The source address of the first service response message is the public IP address associated with the virtual machine, and the destination address is the client's IP address; the transparent acceleration gateway decapsulates the third overlay message to obtain the first service response message, and obtains the IP address of the remote acceleration gateway from the corresponding relationship according to the destination IP address of the first service response message. The service response message is encapsulated to generate a fourth superimposed message, and the fourth superimposed message is sent to the remote acceleration gateway according to the IP address of the remote acceleration gateway.

该过程为虚拟机从根据业务请求报文发出业务响应报文直至发送至客户端的下行过程，在该下行过程中，通过透明加速网关在上行过程中记录远端加速网关的加速IP地址以及客户端的IP地址的对应关系，在下行过程中查询该对应关系得到远端加速网关的隧道端点IP地址，使得透明加速网关能够根据该远端加速网关的隧道端点IP地址，将第四叠加报文发送至远端加速网关，以通过远端加速网关将针对第一业务请求报文的第一业务响应报文发送至客户端，实现第一业务响应报文的回源。This process is the downlink process from the virtual machine sending the service response message according to the service request message to sending it to the client. In the downlink process, the transparent acceleration gateway records the acceleration IP address of the remote acceleration gateway and the client's acceleration during the uplink process. The corresponding relationship of the IP address, the corresponding relationship is queried in the downlink process to obtain the tunnel endpoint IP address of the remote acceleration gateway, so that the transparent acceleration gateway can send the fourth superimposed packet to the tunnel endpoint IP address of the remote acceleration gateway The remote acceleration gateway sends the first service response message for the first service request message to the client through the remote acceleration gateway, so as to realize the return of the first service response message to the source.

第二方面，提供了一种业务服务提供***，该业务服务提供***包括透明加速网关、虚拟转发设备和虚拟机，该虚拟机用于向客户端提供业务服务。透明加速网关用于接收远端加速网关发送的第一叠加报文，第一叠加报文封装有第一业务请求报文，第一业务请求报文的源互联网协议IP地址是客户端的IP地址，目的IP地址是虚拟机关联的公网IP地址，所述第一叠加报文携带有所述远端加速网关的IP地址；透明加速网关用于对第一叠加报文解封装以获取第一业务请求报文，对第一业务请求报文进行封装以产生第二叠加报文，将第二叠加报文发送至虚拟转发设备，透明加速网关建立远端加速网关的IP地址以及客户端的IP地址的对应关系；虚拟转发设备用于对第二叠加报文解封装以获取第一业务请求报文，将第一业务请求报文发送至虚拟机。In a second aspect, a business service provision system is provided. The business service provision system includes a transparent acceleration gateway, a virtual forwarding device, and a virtual machine, and the virtual machine is used to provide business services to clients. The transparent acceleration gateway is used to receive the first superimposed message sent by the remote acceleration gateway. The first superimposed message encapsulates the first service request message. The source Internet Protocol IP address of the first service request message is the IP address of the client. The destination IP address is the public network IP address associated with the virtual machine, and the first overlay message carries the IP address of the remote acceleration gateway; the transparent acceleration gateway is used to decapsulate the first overlay message to obtain the first service Request message, encapsulate the first service request message to generate a second overlay message, send the second overlay message to the virtual forwarding device, and the transparent acceleration gateway establishes the IP address of the remote acceleration gateway and the IP address of the client Correspondence; the virtual forwarding device is used to decapsulate the second overlay message to obtain the first service request message, and send the first service request message to the virtual machine.

可选的，透明加速网关还用于获取第一叠加报文携带的远端加速网关的IP地址；透明加速网关还用于获取第一业务请求报文的源地址，其中，第一业务请求报文的源地址是客户端的IP地址；透明加速网关还用于记录远端加速网关的IP地址以及客户端的IP地址的对应关系。Optionally, the transparent acceleration gateway is also used to obtain the IP address of the remote acceleration gateway carried in the first superimposed packet; the transparent acceleration gateway is also used to obtain the source address of the first service request packet, where the first service request packet The source address of the text is the IP address of the client; the transparent acceleration gateway is also used to record the correspondence between the IP address of the remote acceleration gateway and the IP address of the client.

可选的，虚拟转发设备还用于接收虚拟机根据第一业务请求报文发送的第一业务响应报文，对第一业务响应报文进行封装以产生第三叠加报文，将第三叠加报文发送至透明加速网关，第一业务响应报文的源地址是虚拟机关联的公网IP地址，目的地址是客户端的IP地址；透明加速网关还用于对第三叠加报文解封装以获取第一业务响应报文，根据第一业务响应报文的目的IP地址，从对应关系获取远端加速网关的IP地址，对第一业务响应报文进行封装以产生第四叠加报文，根据远端加速网关的IP地址将第四叠加报文发送至远端加速网关。Optionally, the virtual forwarding device is further configured to receive the first service response message sent by the virtual machine according to the first service request message, encapsulate the first service response message to generate a third superimposed message, and superimpose the third superimposed message. The message is sent to the transparent acceleration gateway, the source address of the first service response message is the public network IP address associated with the virtual machine, and the destination address is the IP address of the client; the transparent acceleration gateway is also used to decapsulate the third overlay message to Obtain the first service response message, obtain the IP address of the remote acceleration gateway from the corresponding relationship according to the destination IP address of the first service response message, and encapsulate the first service response message to generate a fourth overlay message, according to The IP address of the remote acceleration gateway sends the fourth overlay message to the remote acceleration gateway.

第三方面，提供了一种第一计算机设备，透明加速网关可以部署在该第一计算机设备中，该第一计算机设备包括第一处理器和第一存储器；第一存储器中存储有计算机程序；第一处理器执行计算机程序时，第一计算机设备实现如本申请实施例中业务服务提供方法中透明加速网关所实现的功能。In a third aspect, a first computer device is provided, and a transparent acceleration gateway can be deployed in the first computer device. The first computer device includes a first processor and a first memory; the first memory stores a computer program; When the first processor executes the computer program, the first computer device implements the functions implemented by the transparent acceleration gateway in the business service providing method in the embodiment of the present application.

第四方面，提供了一种第二计算机设备，虚拟转发设备和虚拟机可以部署在该第二计算机设备中，第二计算机设备包括第二处理器和第二存储器；第二存储器中存储有计算机程序；第二处理器执行计算机程序时，第二计算机设备实现如本申请实施例中业务服务提供方法中虚拟转发设备所实现的功能。In a fourth aspect, a second computer device is provided, a virtual forwarding device and a virtual machine can be deployed in the second computer device, the second computer device includes a second processor and a second memory; the second memory stores a computer Program; when the second processor executes the computer program, the second computer device implements the functions implemented by the virtual forwarding device in the business service providing method in the embodiment of the present application.

第五方面，提供了一种第三计算机设备，远端加速网关可以部署在该第三计算机设备中，第三计算机设备包括第三处理器和第三存储器；第三存储器中存储有计算机程序；第三处理器执行计算机程序时，第三计算机设备实现如本申请实施例中业务服务提供方法中远端加速网关所实现的功能。In a fifth aspect, a third computer device is provided, and a remote acceleration gateway can be deployed in the third computer device. The third computer device includes a third processor and a third memory; the third memory stores a computer program; When the third processor executes the computer program, the third computer device implements the functions implemented by the remote acceleration gateway in the business service providing method in the embodiment of the present application.

第六方面，提供了一种第一存储介质，当第一存储介质中的指令被处理器执行时，实现如本申请实施例中业务服务提供方法中透明加速网关所实现的功能。In a sixth aspect, a first storage medium is provided. When the instructions in the first storage medium are executed by the processor, the functions implemented by the transparent acceleration gateway in the business service provision method in the embodiment of the present application are realized.

第七方面，提供了一种第二存储介质，当第二存储介质中的指令被处理器执行时，实现如本申请实施例中业务服务提供方法中虚拟转发设备所实现的功能。In a seventh aspect, a second storage medium is provided. When the instructions in the second storage medium are executed by the processor, the functions implemented by the virtual forwarding device in the business service providing method in the embodiment of the present application are realized.

第八方面，提供了一种第三存储介质，当第三存储介质中的指令被处理器执行时，实现如本申请实施例中业务服务提供方法中远端加速网关所实现的功能。In an eighth aspect, a third storage medium is provided. When the instructions in the third storage medium are executed by the processor, the functions implemented by the remote acceleration gateway in the business service providing method in the embodiment of the present application are realized.

第九方面，提供了一种包含指令的第一计算机程序产品，当第一计算机程序产品在计算机上运行时，使得计算机执行本申请实施例中业务服务提供方法中透明加速网关所实现的功能。In a ninth aspect, a first computer program product containing instructions is provided. When the first computer program product runs on a computer, the computer executes the functions implemented by the transparent acceleration gateway in the business service providing method in the embodiments of the present application.

第十方面，提供了一种包含指令的第二计算机程序产品，当第二计算机程序产品在计算机上运行时，使得计算机执行本申请实施例中业务服务提供方法中虚拟转发设备所实现的功能。In a tenth aspect, a second computer program product containing instructions is provided. When the second computer program product runs on a computer, the computer executes the functions implemented by the virtual forwarding device in the business service providing method in the embodiments of the present application.

第十一方面，提供了一种包含指令的第三计算机程序产品，当第三计算机程序产品在计算机上运行时，使得计算机执行本申请实施例中业务服务提供方法中远端加速网关所实现的功能。In an eleventh aspect, a third computer program product containing instructions is provided. When the third computer program product runs on a computer, the computer executes the functions implemented by the remote acceleration gateway in the business service providing method in the embodiments of this application. Features.

附图说明Description of the drawings

图1是本申请实施例提供的一种业务服务提供方法涉及的应用场景的示意图；FIG. 1 is a schematic diagram of an application scenario involved in a method for providing a business service provided by an embodiment of the present application;

图2是本申请实施例提供的另一种业务服务提供方法涉及的应用场景的示意图；Figure 2 is a schematic diagram of an application scenario involved in another business service provision method provided by an embodiment of the present application;

图3是本申请实施例提供的又一种业务服务提供方法涉及的应用场景的示意图；FIG. 3 is a schematic diagram of an application scenario involved in another method for providing a business service provided by an embodiment of the present application;

图4是本申请实施例提供的一种业务服务提供方法的流程图；FIG. 4 is a flowchart of a method for providing business services provided by an embodiment of the present application;

图5是本申请实施例提供的一种VXLAN报文的结构示意图；FIG. 5 is a schematic diagram of the structure of a VXLAN message provided by an embodiment of the present application;

图6是本申请实施例提供的一种填充头部的结构示意图；FIG. 6 is a schematic structural diagram of a filling head provided by an embodiment of the present application;

图7是本申请实施例提供的另一种VXLAN报文的结构示意图；FIG. 7 is a schematic structural diagram of another VXLAN message provided by an embodiment of the present application;

图8是本申请实施例提供的又一种VXLAN报文的结构示意图；FIG. 8 is a schematic structural diagram of another VXLAN message provided by an embodiment of the present application;

图9是本申请实施例提供的一种可变长度选项字段的结构示意图；FIG. 9 is a schematic structural diagram of a variable length option field provided by an embodiment of the present application;

图10是本申请实施例提供的另一种业务服务提供方法的流程图；FIG. 10 is a flowchart of another business service providing method provided by an embodiment of the present application;

图11是本申请实施例提供的一种第一计算机设备的结构示意图；FIG. 11 is a schematic structural diagram of a first computer device provided by an embodiment of the present application;

图12是本申请实施例提供的一种第二计算机设备的结构示意图；FIG. 12 is a schematic structural diagram of a second computer device provided by an embodiment of the present application;

图13是本申请实施例提供的一种第三计算机设备的结构示意图。FIG. 13 is a schematic structural diagram of a third computer device provided by an embodiment of the present application.

具体实施方式Detailed ways

为使本申请的目的、技术方案和优点更加清楚，下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the objectives, technical solutions, and advantages of the present application clearer, the implementation manners of the present application will be further described in detail below with reference to the accompanying drawings.

为便于理解，下面先对本申请实施例中涉及的名词进行解释。To facilitate understanding, the terms involved in the embodiments of the present application will be explained below.

叠加网络(也称重叠网，overlay network)是一种运行在一个或多个已存在网络之上的虚拟网络，其能够提供特定的附加功能。叠加网络将待传输报文进行封装得到叠加报文，通过叠加网络的隧道传输叠加报文，并在叠加报文传输到隧道端点后，由隧道的端点对叠加报文进行解封装，并将封装在叠加报文内层的待传输报文发送给虚拟机等实例，实现该待传输报文的传输。An overlay network (also called an overlay network) is a virtual network that runs on one or more existing networks and can provide specific additional functions. The overlay network encapsulates the message to be transmitted to obtain the overlay message, transmits the overlay message through the tunnel of the overlay network, and after the overlay message is transmitted to the tunnel endpoint, the tunnel endpoint decapsulates the overlay message and encapsulates it The message to be transmitted in the inner layer of the superimposed message is sent to the virtual machine and other instances to realize the transmission of the message to be transmitted.

虚拟可扩展局域网(virtual extensible local area network，VXLAN)是一种叠加网络。VXLAN将待传输报文封装在用户数据协议(user datagram protocol，UDP)报文中，并在封装有待传输报文的UDP报文外层添加物理网络的互联网协议(internet protocol，IP)地址和媒体访问控制(media access control，MAC)地址，得到VXLAN报文，将待传输报文作为VXLAN报文的净荷数据在二层网络和三层网络中进行传输，并在VXLAN报文到达隧道端点后，由隧道端点对VXLAN报文解封装得到待传输报文，然后将待传输报文发送给虚拟机等实例。VXLAN是一种将二层报文封装到三层网络中，为分散的用户提供的一种二层互联的方法，其能够为不同的租户提供业务隔离。随着虚拟化技术的迅速发展，VXLAN技术得到了广泛的应用。A virtual extensible local area network (VXLAN) is a kind of overlay network. VXLAN encapsulates the message to be transmitted in a user datagram protocol (UDP) message, and adds the Internet protocol (IP) address and media of the physical network to the outer layer of the UDP message that encapsulates the message to be transmitted Access control (media access control, MAC) address, get the VXLAN message, and use the message to be transmitted as the payload data of the VXLAN message to be transmitted in the Layer 2 network and the Layer 3 network, and after the VXLAN message reaches the tunnel endpoint , The tunnel endpoint decapsulates the VXLAN message to obtain the message to be transmitted, and then sends the message to be transmitted to instances such as virtual machines. VXLAN is a layer 2 interconnection method that encapsulates layer 2 packets into a layer 3 network and provides distributed users with a layer 2 interconnection method, which can provide business isolation for different tenants. With the rapid development of virtualization technology, VXLAN technology has been widely used.

骨干网(backbone network)是用来连接多个区域或地区的高速网络。每个骨干网中至少有一个和其他骨干网进行互联互通的连接点。不同的网络供应商通常都拥有自己的骨干网，用以连接其位于不同区域的网络。对云运营商而言，为了更好的服务用户，通常也会建立自己的全球骨干网。The backbone network is a high-speed network used to connect multiple regions or regions. Each backbone network has at least one connection point for interconnection with other backbone networks. Different network providers usually have their own backbone networks to connect their networks in different regions. For cloud operators, in order to better serve users, they usually build their own global backbone networks.

网络服务提供点(也称入网点或局端，point of presence，POP)，在计算机网络中，POP位于企业网络的边缘外侧，是访问企业网络内部的进入点，外界提供的服务通过POP进入，这些服务包括因特网接入，广域连接以及电话服务等。在企业中，POP提供通往外部服务和站点的链路，POP可以直接连接到一家或多家互联网服务提供商(internet service provider，ISP)，这样内部用户便可以通过这些链路来访问因特网。企业的远程站点也通过POP连接在一起，这些远程站点之间的广域链路由服务商建立。对于ISP来说，POP是一个将互联网从一个地方接到其他地方的入网点。Network service provision point (also called point of presence, POP), in a computer network, POP is located outside the edge of the corporate network and is the entry point for accessing the corporate network. Services provided by the outside world enter through POP. These services include Internet access, wide area connections, and telephone services. In enterprises, POPs provide links to external services and sites. POPs can be directly connected to one or more Internet service providers (ISPs), so that internal users can access the Internet through these links. The remote sites of the enterprise are also connected together through POP, and the wide area link between these remote sites is established by the service provider. For ISPs, POP is a point of entry that connects the Internet from one place to another.

加速网关(也称加速器)，部署在云运营商POP，使得因特网用户可以就近接入云运营商骨干网，通过云运营商骨干网到达后端服务。在本申请实施例中，部署在POP点的加速网关可以采用任播传输的方式或单播传输的方式发送报文。The acceleration gateway (also called accelerator) is deployed in the cloud operator POP, so that Internet users can access the cloud operator's backbone network nearby, and reach the back-end service through the cloud operator's backbone network. In the embodiment of the present application, the acceleration gateway deployed at the POP point may use anycast transmission mode or unicast transmission mode to send the message.

任播传输(也称泛播传输或选播传输，anycast)，在本申请实施例中指云运营商的不同POP点的加速网关对因特网采用anycast方式发布相同的加速IP，使得不同地域的因特网用户可以就近到达云运营商的某一POP。Anycast transmission (also called anycast transmission or anycast transmission, anycast), in this embodiment of the application refers to the acceleration gateways of different POP points of cloud operators to publish the same acceleration IP in anycast mode to the Internet, so that Internet users in different regions A certain POP of the cloud operator can be reached nearby.

单播传输(unicast)，是通过在客户机与服务器之间建立一个单独的数据通道，使得从一台服务器送出的每个数据包只能传送给一个客户机的传输方式。Unicast transmission (unicast) is a transmission method in which a separate data channel is established between the client and the server, so that each data packet sent from a server can only be transmitted to one client.

网络地址转换(network address translation，NAT)技术，是指通过替换IP报文头部的地址信息，对需要发送的报文的目的IP地址和源IP地址中的至少一个进行地址转换的技术。NAT技术可以包括：目的网络地址转换(destination network address translation，DNAT)技术、源网络地址转换(source network address translation，SNAT)技术，及源/目的网络地址转换(full network address translation，FullNAT)。DNAT指对报文的目的IP地址进行地址转换。SNAT指对报文的源IP地址进行地址转换。FullNAT指对报文的目的IP地址和源IP地址均进行地址转换。Network address translation (NAT) technology refers to a technology that performs address translation on at least one of the destination IP address and source IP address of a message to be sent by replacing the address information in the header of an IP message. NAT technology may include: destination network address translation (DNAT) technology, source network address translation (SNAT) technology, and source/destination network address translation (full network address translation, FullNAT). DNAT refers to the address translation of the destination IP address of the message. SNAT refers to address translation of the source IP address of a message. FullNAT means to perform address translation on both the destination IP address and the source IP address of the message.

边界网关(border gateway)本申请中边界网关指在一个区域(reigon)的边界区域，通过边界网关将对应的公网报文发给EIP绑定的对应实例网关，如弹性负载均衡器，虚拟交换机等。Border gateway (border gateway) In this application, the border gateway refers to the border area of a region (reigon), and the corresponding public network message is sent to the corresponding instance gateway bound to EIP through the border gateway, such as elastic load balancer, virtual switch Wait.

弹性网络互连协议(Elastic Internet Protocol，EIP)地址，指用于私网中的计算机设备访问公网的IP地址。The Elastic Internet Protocol (EIP) address refers to the IP address used by the computer equipment in the private network to access the public network.

弹性负载均衡器(Elastic Load Balance，ELB)，是指将访问业务的报文自动分发到多个计算机设备上的设备，以扩展对外的服务的能力，避免单个节点殷负载较大导致的性能下降或节点崩溃，消除单点故障。Elastic Load Balance (ELB) refers to a device that automatically distributes business access messages to multiple computer devices to expand the ability of external services and avoid performance degradation caused by a large load on a single node Or the node crashes, eliminating the single point of failure.

虚拟交换机(也称虚拟网络交换机，Virtual switch,vSwitch)运行在虚拟化平台上，通过软件方式为虚拟机(virtual machine，VM)提供二层网络接入和部分三层网络功能。vSwitch通过物理主机上的物理网卡作为上行链路与外界网络进行连接。A virtual switch (also called a virtual network switch, Virtual switch, vSwitch) runs on a virtualization platform, and provides layer 2 network access and part of layer 3 network functions for virtual machines (VM) through software. The vSwitch connects to the external network through the physical network card on the physical host as an uplink.

虚拟机(virtual machine，VM)：指通过虚拟化技术模拟得到的具有完整硬件***功能的、运行在一个完全隔离环境中的完整的计算机***。虚拟机的部分指令子集可以在宿主(host)机中处理，其它部分指令可以以仿真的方式执行。用户可以通过租用虚拟机的形式购买云服务。作为一种虚拟机的可能的实现方式，本申请实施例中的虚拟机可以为弹性云服务器(Elastic Compute Service，ECS)。Virtual machine (VM): refers to a complete computer system with complete hardware system functions that is simulated through virtualization technology and runs in a completely isolated environment. Part of a subset of instructions of the virtual machine can be processed in the host machine, and other parts of the instructions can be executed in an emulated manner. Users can purchase cloud services in the form of renting virtual machines. As a possible implementation of a virtual machine, the virtual machine in the embodiment of the present application may be an elastic cloud server (Elastic Compute Service, ECS).

弹性云服务器是一种可随时自助获取、可弹性伸缩的云服务器。ECS可以免去采购IT硬件的前期准备，并像使用水、电、天然气等公共资源一样便捷、高效地使用服务器，实现计算资源的即开即用和弹性伸缩。弹性伸缩是指可以根据业务需要配置CPU、内存和带宽等服务器资源。An elastic cloud server is a cloud server that can be obtained at any time and can be elastically scaled. ECS can eliminate the pre-preparation of purchasing IT hardware, and use servers as convenient and efficient as using public resources such as water, electricity, natural gas, etc., and realize the out-of-the-box and elastic scaling of computing resources. Elastic scaling means that server resources such as CPU, memory, and bandwidth can be configured according to business needs.

虚拟专用网络(virtual private network，VPN)，指在公用网络(即公网)上建立专用网络，进行加密通讯。Virtual private network (virtual private network, VPN) refers to the establishment of a private network on a public network (ie, public network) for encrypted communication.

互联网协议第6版(internet protocol version 6，IPv6)，是互联网工程任务组(IETF)设计的用于替代互联网协议第4版(internet protocol version 4，IPv4)的下一代IP协议。Internet Protocol Version 6 (IPv6) is the next-generation IP protocol designed by the Internet Engineering Task Force (IETF) to replace Internet Protocol Version 4 (IPv4).

需要说明的是，本申请实施例所涉及网关可以采用虚拟机部署，也可以采用物理服务器部署，本申请实施例对其不做具体限定。It should be noted that the gateway involved in the embodiment of the present application may be deployed in a virtual machine or a physical server, which is not specifically limited in the embodiment of the present application.

本申请实施例提供了一种业务服务提供方法，通过远端加速网关对客户端发送的业务请求报文进行目的地址转换，对目的地址转换后的业务请求报文进行封装，并将经过封装的业务请求报文发送至虚拟机所在的透明加速网关，然后通过透明加速网关将经过封装的业务请求报文发送至虚拟转发设备，再通过该虚拟转发设备将该业务请求报文发送至虚拟机，相较于相关技术，由于在将业务请求报文发送至虚拟机的过程中，没有对业务请求报文的源地址进行地址转换，发送至虚拟机的业务请求报文的源地址仍为客户端的地址，使得虚拟机能够获知其接收到的业务请求报文的源IP地址，实现了业务请求报文的源地址透传，因此，能够便于虚拟机根据该源地址实现统计分析等功能。The embodiment of the application provides a method for providing a service service. The service request message sent by the client is converted to the destination address through the remote acceleration gateway, and the service request message after the destination address conversion is encapsulated, and the encapsulated service request message is encapsulated. The service request message is sent to the transparent acceleration gateway where the virtual machine is located, and then the encapsulated service request message is sent to the virtual forwarding device through the transparent acceleration gateway, and the service request message is sent to the virtual machine through the virtual forwarding device. Compared with related technologies, since the source address of the service request message is not translated during the process of sending the service request message to the virtual machine, the source address of the service request message sent to the virtual machine is still the client's source address. The address enables the virtual machine to learn the source IP address of the service request message it receives, and realizes the transparent transmission of the source address of the service request message. Therefore, it is convenient for the virtual machine to implement functions such as statistical analysis based on the source address.

图1为本申请实施例提供的一种业务服务提供方法涉及的应用场景的示意图。如图1所示，该应用场景包括：客户端10、远端加速网关20和业务服务提供***。该业务服务提供***可以包括：透明加速网关30、虚拟转发设备和虚拟机50。其中，虚拟机50用于向客户端10提供业务服务。并且，在该业务服务提供方法涉及的应用场景中，可以部署有一个或多个透明加速网关，例如，在该应用场景中可不部署有多个透明加速网关，部署在该应用场景中的多个虚拟转发设备分别与不同的透明加速网关连接。该图1为应用场景中部署有一个透明加速网关的示意图。FIG. 1 is a schematic diagram of an application scenario involved in a method for providing a business service provided by an embodiment of the application. As shown in Figure 1, the application scenario includes: a client 10, a remote acceleration gateway 20, and a business service providing system. The business service providing system may include: a transparent acceleration gateway 30, a virtual forwarding device, and a virtual machine 50. Among them, the virtual machine 50 is used to provide business services to the client 10. In addition, in the application scenario involved in the business service providing method, one or more transparent acceleration gateways may be deployed. For example, multiple transparent acceleration gateways may not be deployed in the application scenario, and multiple transparent acceleration gateways may be deployed in the application scenario. The virtual forwarding devices are respectively connected to different transparent acceleration gateways. Figure 1 is a schematic diagram of a transparent acceleration gateway deployed in an application scenario.

可选的，远端加速网关20和业务服务提供***之间可以通过全球骨干网、数据中心网络(data center network，DCN)或数据中心的边界网络连接，本申请实施例对其不做具体限定。并且，用于连接远端加速网关20和业务服务提供***之间的网络的边缘外侧可以部署有POP，远端加速网关20可以部署在该POP处。Optionally, the remote acceleration gateway 20 and the business service providing system may be connected through a global backbone network, a data center network (DCN), or a data center boundary network, which is not specifically limited in the embodiment of the application . In addition, a POP may be deployed outside the edge of the network used to connect the remote acceleration gateway 20 and the business service providing system, and the remote acceleration gateway 20 may be deployed at the POP.

在一种可能的实现方式中，该虚拟转发设备可以为虚拟交换机。其中，图1为虚拟转发设备为虚拟交换机的示意图，如图1所示，该业务服务提供***可以包括：透明加速网关30、虚拟交换机40和虚拟机50。In a possible implementation manner, the virtual forwarding device may be a virtual switch. 1 is a schematic diagram of the virtual forwarding device being a virtual switch. As shown in FIG. 1, the business service providing system may include: a transparent acceleration gateway 30, a virtual switch 40, and a virtual machine 50.

在该图1所示的应用场景中，远端加速网关20可以与业务服务提供***中的透明加速网关30通信，透明加速网关30可以与虚拟交换机40通信，虚拟交换机40可以接收透明加速网关30发送的报文，并将该报文发送至虚拟机50，或者，虚拟交换机40可以将该虚拟机50发送的报文发送至透明加速网关30。In the application scenario shown in FIG. 1, the remote acceleration gateway 20 can communicate with the transparent acceleration gateway 30 in the business service providing system, the transparent acceleration gateway 30 can communicate with the virtual switch 40, and the virtual switch 40 can receive the transparent acceleration gateway 30. And send the message to the virtual machine 50, or the virtual switch 40 may send the message sent by the virtual machine 50 to the transparent acceleration gateway 30.

需要说明的是，该虚拟机50也可以为容器等能够提供业务服务的其他***或设备，本申请实施例对其不作具体限定。It should be noted that the virtual machine 50 may also be another system or device capable of providing business services, such as a container, which is not specifically limited in the embodiment of the present application.

在另一种可能的实现方式中，该虚拟转发设备可以为弹性负载均衡器。图2为虚拟转发设备为弹性负载均衡器的示意图，如图2所示，该业务服务提供***可以包括：透明加速网关30、弹性负载均衡器60和多个虚拟机50。In another possible implementation manner, the virtual forwarding device may be an elastic load balancer. FIG. 2 is a schematic diagram of a virtual forwarding device as an elastic load balancer. As shown in FIG. 2, the business service providing system may include: a transparent acceleration gateway 30, an elastic load balancer 60 and multiple virtual machines 50.

在该图2所示的应用场景中，远端加速网关20可以与业务服务提供***中的透明加速网关30通信，透明加速网关30可以与弹性负载均衡器60通信，弹性负载均衡器60可以将接收到的业务分发至多个虚拟机50，或者，弹性负载均衡器60可以将该虚拟机50发送的报文发送至透明加速网关30。In the application scenario shown in FIG. 2, the remote acceleration gateway 20 can communicate with the transparent acceleration gateway 30 in the business service providing system, the transparent acceleration gateway 30 can communicate with the elastic load balancer 60, and the elastic load balancer 60 can connect The received service is distributed to multiple virtual machines 50, or the elastic load balancer 60 may send the message sent by the virtual machine 50 to the transparent acceleration gateway 30.

在又一种可能的实现方式中，该虚拟转发设备还可以为：NAT网关、VPN网关或与使用IPv6协议进行传输的网关(下文将其称为IPV6网关)等，本申请实施例对其不做具体限定。In another possible implementation manner, the virtual forwarding device may also be: a NAT gateway, a VPN gateway, or a gateway that uses the IPv6 protocol for transmission (hereinafter referred to as an IPV6 gateway), etc. This embodiment of the application is not Make specific restrictions.

在一种可能的实现场景中，在透明加速网关和虚拟转发设备之间还可以部署有至少一个其他网关，此时，透明加速网关可以通过该至少一个其他网关与该虚拟转发设备通信。示例的，对应于图1所示的应用场景，如图3所示，该业务服务***还可以包括：部署在透明加速网关30和虚拟转发设备之间的一个其他网关70，透明加速网关30通过该其他网关70与虚拟交换机40通信。In a possible implementation scenario, at least one other gateway may be deployed between the transparent acceleration gateway and the virtual forwarding device. In this case, the transparent acceleration gateway may communicate with the virtual forwarding device through the at least one other gateway. For example, corresponding to the application scenario shown in FIG. 1, as shown in FIG. 3, the business service system may further include: one other gateway 70 deployed between the transparent acceleration gateway 30 and the virtual forwarding device, and the transparent acceleration gateway 30 passes through This other gateway 70 communicates with the virtual switch 40.

作为另一种示例，在部署在透明加速网关和虚拟转发设备之间的至少一个其他网关中，其中一个其他网关可以为边界网关。As another example, among at least one other gateway deployed between the transparent acceleration gateway and the virtual forwarding device, one of the other gateways may be a border gateway.

下面对本申请实施例提供的业务服务提供方法的实现过程进行说明。在对该业务服务提供方法的实现过程进行说明时，以远端加速网关和业务服务提供***之间通过全球骨干网连接为例进行说明。并且，该业务服务提供方法包括从客户端发出业务请求报文直至发送至虚拟机的上行过程，及虚拟机从根据业务请求报文发出业务响应报文直至发送至客户端的下行过程，下面分别对该业务服务提供方法的上行过程和下行过程进行说明。The following describes the implementation process of the business service providing method provided by the embodiment of the present application. In the description of the implementation process of the business service provision method, the connection between the remote acceleration gateway and the business service provision system through the global backbone network is taken as an example for description. In addition, the service provision method includes the uplink process from the client sending the service request message to the virtual machine, and the virtual machine from sending the service response message according to the service request message to the downlink process from sending it to the client, respectively. The uplink process and downlink process of the business service provision method are described.

如图4所示，该业务服务提供方法的上行过程可以包括以下步骤：As shown in Figure 4, the uplink process of the business service providing method may include the following steps:

步骤401、远端加速网关接收客户端发送的第二业务请求报文，第二业务请求报文的源IP地址是客户端的IP地址，目的IP地址是远端加速网关的加速IP地址。Step 401: The remote acceleration gateway receives a second service request message sent by the client. The source IP address of the second service request message is the IP address of the client, and the destination IP address is the acceleration IP address of the remote acceleration gateway.

可以预先将用户能够访问的远端加速网关的IP地址(为便于区分，本文中将该用户能够访问的远端加速网关的IP地址称为远端加速网关的加速IP地址)与虚拟机关联的公网IP绑定，使得客户端可以通过访问该远端加速网关的加速IP地址实现对该虚拟机的访问。在客户端需要虚拟机向其提供业务服务时，可以向远端加速网关发送第二业务请求报文，以通过该第二业务请求报文请求虚拟机向客户端提供业务服务。该第二业务请求报文的目的IP地址为远端加速网关的加速IP地址，该第二业务请求报文的源IP地址为客户端的IP地址。The IP address of the remote acceleration gateway that the user can access can be pre-associated with the virtual machine (for easy distinction, the IP address of the remote acceleration gateway that the user can access is referred to as the acceleration IP address of the remote acceleration gateway in this article) and the virtual machine The public network IP binding allows the client to access the virtual machine by accessing the acceleration IP address of the remote acceleration gateway. When the client needs the virtual machine to provide business services to it, a second service request message can be sent to the remote acceleration gateway to request the virtual machine to provide business services to the client through the second business request message. The destination IP address of the second service request message is the acceleration IP address of the remote acceleration gateway, and the source IP address of the second service request message is the IP address of the client.

在客户端发出该第二业务请求报文后，网络可依据该第二业务请求报文的目的IP地址对该第二业务请求报文进行路由，并将该第二业务请求报文发送至远端加速网关，并通过远端加速网关将该第二业务请求报文发送至与其加速IP地址绑定的虚拟机关联的公网IP所指向的虚拟机(为便于描述，下文均简称为虚拟机)，进而实现该客户端对该虚拟机的访问。After the client sends the second service request message, the network can route the second service request message according to the destination IP address of the second service request message, and send the second service request message to the remote End acceleration gateway, and send the second service request message to the virtual machine pointed to by the public network IP associated with the virtual machine bound to its acceleration IP address through the remote acceleration gateway (for ease of description, the following are abbreviated as virtual machine ), so as to realize the client's access to the virtual machine.

例如，在云服务场景中，客户端可以向远端加速网关发送第二业务请求报文，以通过该远端加速网关访问数据中心中的虚拟机，以请求虚拟机向该客户端提供数据中心中的资源。此时，该第二业务请求报文的目的IP地址为远端加速网关的加速IP地址，该第二业务请求报文的源IP地址为客户端的IP地址，该第二业务请求报文的源端口为客户端端口。For example, in a cloud service scenario, the client can send a second service request message to the remote acceleration gateway to access the virtual machine in the data center through the remote acceleration gateway to request the virtual machine to provide the client with the data center Resources in. At this time, the destination IP address of the second service request message is the acceleration IP address of the remote acceleration gateway, the source IP address of the second service request message is the IP address of the client, and the source of the second service request message The port is the client port.

步骤402、远端加速网关对第二业务请求报文进行目的地址转换，以产生第一业务请求报文，其中，第一业务请求报文的源IP地址是客户端的IP地址，目的IP地址是虚拟机关联的公网IP地址。Step 402: The remote acceleration gateway performs destination address conversion on the second service request message to generate a first service request message, where the source IP address of the first service request message is the client's IP address, and the destination IP address is The public IP address associated with the virtual machine.

通过将远端加速网关的加速IP地址与虚拟机关联的公网IP地址绑定，使得客户端可以通过访问该远端加速网关实现对该虚拟机的访问，因此，当远端加速网关接收到业务请求报文时，可以确定该业务请求报文是请求虚拟机向客户端提供业务服务的。相应的，在远端加速网关接收到第二业务请求报文时，可以对该第二业务请求报文进行目的地址转换，以产生第一业务请求报文，且该第一业务请求报文的源IP地址是客户端的IP地址，目的IP地址是虚拟机关联的公网IP地址。需要说明的是，在该目的地址转换前后，第一业务请求报文的源端口相较于第二业务请求报文的源端口未发生变化，仍为客户端端口。By binding the acceleration IP address of the remote acceleration gateway with the public network IP address associated with the virtual machine, the client can access the virtual machine by accessing the remote acceleration gateway. Therefore, when the remote acceleration gateway receives In the service request message, it can be determined that the service request message requests the virtual machine to provide business services to the client. Correspondingly, when the remote acceleration gateway receives the second service request message, it can perform destination address conversion on the second service request message to generate the first service request message, and the value of the first service request message The source IP address is the IP address of the client, and the destination IP address is the public IP address associated with the virtual machine. It should be noted that before and after the destination address conversion, the source port of the first service request message has not changed compared with the source port of the second service request message, and is still the client port.

其中，远端加速网关对接收到的业务请求报文进行目的地址转换时的转换策略，可以根据远端加速网关的加速IP地址与虚拟机关联的公网IP的绑定关系确定。例如，当远端加速网关的加速IP地址与虚拟机1关联的公网IP绑定时，远端加速网关可以将接收到的业务请求报文的目的IP地址转换为虚拟机1关联的公网IP地址。当远端加速网关的加速IP地址与虚拟机2关联的公网IP绑定时，远端加速网关可以将接收到的业务请求报文的目的IP地址转换为虚拟机2关联的公网IP地址。Wherein, the conversion strategy when the remote acceleration gateway performs destination address conversion on the received service request message can be determined according to the binding relationship between the acceleration IP address of the remote acceleration gateway and the public network IP associated with the virtual machine. For example, when the acceleration IP address of the remote acceleration gateway is bound to the public network IP associated with virtual machine 1, the remote acceleration gateway can convert the destination IP address of the received service request message to the public network associated with virtual machine 1. IP address. When the acceleration IP address of the remote acceleration gateway is bound to the public network IP associated with virtual machine 2, the remote acceleration gateway can convert the destination IP address of the received service request message to the public network IP address associated with virtual machine 2 .

并且，远端加速网关的加速IP地址也可以与多个虚拟机所关联的公网IP地址绑定。此时，客户端发送的业务请求报文中会携带用于指示不同虚拟机所关联的公网IP地址的指示信息，当远端加速网关接收到客户端发送的业务请求报文时，会根据该业务请求报文携带的用于指示不同虚拟机所关联的公网IP地址的指示信息，将业务请求报文的目的IP地址转换为该指示信息所指示的虚拟机所关联的公网IP地址。In addition, the acceleration IP address of the remote acceleration gateway can also be bound to the public network IP addresses associated with multiple virtual machines. At this time, the service request message sent by the client will carry indication information used to indicate the public network IP addresses associated with different virtual machines. When the remote acceleration gateway receives the service request message sent by the client, it will follow The service request message carries the indication information used to indicate the public network IP addresses associated with different virtual machines, and converts the destination IP address of the service request message to the public network IP address associated with the virtual machine indicated by the indication information .

需要说明的是，虚拟机关联的公网IP地址是指能够将报文发送至该虚拟机的设备的公网IP地址。例如，当虚拟转发设备为虚拟交换机时，虚拟机关联的公网IP地址为与虚拟机绑定的公网IP地址。此时，当报文的目的IP地址为虚拟机绑定的公网IP地址时，能够通过虚拟交换机将报文发送至该公网IP地址所指示的虚拟机。当虚拟转发设备为负载均衡器时，虚拟机关联的公网IP地址为与负载均衡器绑定的公网IP地址。此时，当报文的目的IP地址为负载均衡器绑定的公网IP地址时，能够将报文发送至该公网IP地址所指示的负载均衡器，并通过负载均衡器提供的负载均衡服务将报文发送至能够提供服务的虚拟机。当虚拟转发设备为IPV6网关时，虚拟机关联的公网IP地址为虚拟机的公网IPV6地址。此时，当报文的目的IP地址为虚拟机的公网IPV6地址时，能够通过IPV6网关将报文发送至该公网IPV6地址所指示的虚拟机。当虚拟转发设备为VPN网关时，虚拟机关联的公网IP地址为与VPN网关绑定的公网IP地址。此时，当报文的目的IP地址为与VPN网关绑定的公网IP地址时，能够将该报文发送至VPN网关，并通过该VPN网关将报文发送至报文所指示的虚拟机。当虚拟转发设备为NAT网关时，虚拟机关联的公网IP地址为与NAT网关绑定的公网IP地址。此时，当报文的目的IP地址为与NAT网关绑定的公网IP地址时，能够将该报文发送至NAT网关，并通过该NAT网关将报文发送至对应的虚拟机。It should be noted that the public IP address associated with the virtual machine refers to the public IP address of the device capable of sending packets to the virtual machine. For example, when the virtual forwarding device is a virtual switch, the public network IP address associated with the virtual machine is the public network IP address bound to the virtual machine. At this time, when the destination IP address of the message is the public network IP address bound to the virtual machine, the message can be sent to the virtual machine indicated by the public network IP address through the virtual switch. When the virtual forwarding device is a load balancer, the public IP address associated with the virtual machine is the public IP address bound to the load balancer. At this time, when the destination IP address of the message is the public IP address bound to the load balancer, the message can be sent to the load balancer indicated by the public IP address, and the load balancer provided by the load balancer The service sends the message to the virtual machine that can provide the service. When the virtual forwarding device is an IPV6 gateway, the public IP address associated with the virtual machine is the public IPV6 address of the virtual machine. At this time, when the destination IP address of the message is the public IPV6 address of the virtual machine, the message can be sent to the virtual machine indicated by the public IPV6 address through the IPV6 gateway. When the virtual forwarding device is a VPN gateway, the public IP address associated with the virtual machine is the public IP address bound to the VPN gateway. At this time, when the destination IP address of the message is the public IP address bound to the VPN gateway, the message can be sent to the VPN gateway, and the message can be sent to the virtual machine indicated by the message through the VPN gateway . When the virtual forwarding device is a NAT gateway, the public IP address associated with the virtual machine is the public IP address bound to the NAT gateway. At this time, when the destination IP address of the message is the public IP address bound to the NAT gateway, the message can be sent to the NAT gateway, and the message can be sent to the corresponding virtual machine through the NAT gateway.

步骤403、远端加速网关根据指向虚拟机关联的公网IP地址的路由信息，确定虚拟机所在的透明加速网关。Step 403: The remote acceleration gateway determines the transparent acceleration gateway where the virtual machine is located according to the routing information pointing to the public network IP address associated with the virtual machine.

将远端加速网关的加速IP地址与虚拟机关联的公网IP绑定的过程中，也确定了远端加速网关与虚拟机之间发送报文时的路由信息，该路由信息用于指示远端加速网关与虚拟机之间发送报文的路径。远端加速网关可以通过查询指向虚拟机关联的公网IP地址的路由信息，确定该远端加速网关将第一业务请求报文发送至虚拟机的过程中需要经过的中间设备，并将该远端加速网关接收到的第一业务请求报文发送至路径中在逻辑上距离远端加速网关最近的中间设备(即下一跳设备)，以通过该下一跳设备将该第一业务请求报文转发至虚拟机。In the process of binding the acceleration IP address of the remote acceleration gateway to the public network IP associated with the virtual machine, the routing information when sending packets between the remote acceleration gateway and the virtual machine is also determined, and the routing information is used to indicate the remote The path for sending packets between the end acceleration gateway and the virtual machine. The remote acceleration gateway can query the routing information pointing to the public IP address associated with the virtual machine to determine the intermediate device that the remote acceleration gateway needs to pass through in the process of sending the first service request message to the virtual machine, and send the remote acceleration gateway to the virtual machine. The first service request message received by the end acceleration gateway is sent to the intermediate device (that is, the next hop device) that is logically closest to the remote acceleration gateway in the path, so that the first service request message is reported by the next hop device. The document is forwarded to the virtual machine.

示例的，假设在图1所示的业务服务提供***中，通过远端加速网关将第一业务请求报文发送至虚拟机需要经过的设备依次为：远端加速网关、透明加速网关、虚拟转发设备和虚拟机，即通过远端加速网关将第一业务请求报文发送至虚拟机的路由路径为：远端加速网关--透明加速网关--虚拟转发设备--虚拟机，则根据用于反映该路由路径的路由信息，可以确定远端加速网关将第一业务请求报文发送至虚拟机的下一跳设备为透明加速网关。此时，该透明加速网关可称为该虚拟机所在的透明加速网关。For example, suppose that in the business service providing system shown in Figure 1, the devices that need to pass through the remote acceleration gateway to send the first service request message to the virtual machine are: remote acceleration gateway, transparent acceleration gateway, and virtual forwarding. Devices and virtual machines, that is, the routing path for sending the first service request message to the virtual machine through the remote acceleration gateway is: remote acceleration gateway--transparent acceleration gateway--virtual forwarding device--virtual machine. Reflecting the routing information of the routing path, it can be determined that the next hop device that the remote acceleration gateway sends the first service request message to the virtual machine is the transparent acceleration gateway. At this time, the transparent acceleration gateway may be referred to as the transparent acceleration gateway where the virtual machine is located.

步骤404、远端加速网关根据虚拟机所在的透明加速网关的IP地址，对第一业务请求报文进行封装，以产生第一叠加报文，其中，第一叠加报文携带有远端加速网关的隧道端点IP地址。Step 404: The remote acceleration gateway encapsulates the first service request message according to the IP address of the transparent acceleration gateway where the virtual machine is located to generate a first overlay message, where the first overlay message carries the remote acceleration gateway The IP address of the tunnel endpoint.

当远端加速网关将第一业务请求报文发送至虚拟机的下一跳设备为透明加速网关时，用于传输该第一叠加报文的隧道的端点分别为远端加速网关和透明加速网关。在对第一业务请求报文进行封装时，可以根据包括该远端加速网关的地址和透明加速网关的地址的第一隧道信息，对第一业务请求报文进行封装，以产生第一叠加报文。该第一叠加报文的外层目的IP地址是透明加速网关的IP地址，外层源IP地址是远端加速网关的隧道端点IP地址，内层目的IP地址为虚拟机关联的公网IP地址，内层源IP地址为客户端的IP地址。When the remote acceleration gateway sends the first service request message to the virtual machine, the next hop device is the transparent acceleration gateway, the endpoints of the tunnel used to transmit the first overlay message are the remote acceleration gateway and the transparent acceleration gateway, respectively . When the first service request message is encapsulated, the first service request message may be encapsulated according to the first tunnel information including the address of the remote acceleration gateway and the address of the transparent acceleration gateway to generate a first overlay report Text. The outer destination IP address of the first overlay message is the IP address of the transparent acceleration gateway, the outer source IP address is the tunnel endpoint IP address of the remote acceleration gateway, and the inner destination IP address is the public network IP address associated with the virtual machine , The inner source IP address is the client's IP address.

其中，远端加速网关根据第一隧道信息，对第一业务请求报文进行封装，产生第一叠加报文的实现方式包括：对第一业务请求报文增加第一隧道头部，并将第一隧道信息填充在该第一隧道头部中，得到包括第一隧道头部和第一业务请求报文的第一叠加报文。该第一隧道信息包括：远端加速网关的隧道端点IP地址，边界网关的IP地址，及该远端加速网关和透明加速网关所使用的隧道的标识。在一种可实现方式中，该第一叠加报文可以为VXLAN报文或其他类型的叠加报文。示例的，当该第一叠加报文为VXLAN报文时，第一隧道信息包括：远端加速网关的VXLAN隧道端点(VXLAN tunnel end points，VTEP)IP地址，透明加速网关的VTEP IP地址，及该远端加速网关和透明加速网关所使用的VXLAN隧道的标识。Wherein, the remote acceleration gateway encapsulates the first service request message according to the first tunnel information, and the implementation manner of generating the first superimposed message includes: adding a first tunnel header to the first service request message and adding the first tunnel header to the first service request message A tunnel information is filled in the first tunnel header to obtain a first superimposed message including the first tunnel header and the first service request message. The first tunnel information includes: the tunnel endpoint IP address of the remote acceleration gateway, the IP address of the border gateway, and the identifier of the tunnel used by the remote acceleration gateway and the transparent acceleration gateway. In an implementation manner, the first superimposed message may be a VXLAN message or another type of superimposed message. For example, when the first superimposed message is a VXLAN message, the first tunnel information includes: the VXLAN tunnel end points (VTEP) IP address of the remote acceleration gateway, the VTEP IP address of the transparent acceleration gateway, and The identifier of the VXLAN tunnel used by the remote acceleration gateway and the transparent acceleration gateway.

需要说明的是，由于在本申请实施例提供的业务服务的提供方法中，透明加速网关、虚拟转发设备和其他网关在传输叠加报文时，其传输的叠加报文的外层地址均是用于指示隧道端点的，因此，本文中提到的透明加速网关的IP地址均为透明加速网关的隧道端点IP地址，虚拟转发设备的IP地址均为虚拟转发设备的隧道端点IP地址，其他网关的IP地址均为其他网关的隧道端点IP地址，本申请实施例不做区分。It should be noted that in the method for providing business services provided by the embodiments of this application, when the transparent acceleration gateway, virtual forwarding device, and other gateways transmit superimposed messages, the outer addresses of the superimposed messages transmitted by them are all used To indicate the tunnel endpoint, therefore, the IP address of the transparent acceleration gateway mentioned in this article is the tunnel endpoint IP address of the transparent acceleration gateway, and the IP address of the virtual forwarding device is the tunnel endpoint IP address of the virtual forwarding device. The IP addresses are all tunnel endpoint IP addresses of other gateways, and this embodiment of the application does not make a distinction.

其中，由于第一叠加报文的外层报文的外层源IP地址为远端加速网关的隧道端点IP地址，因此，可以认为该第一叠加报文携带了远端加速网关的隧道端点IP地址。远端加速网关的隧道端点IP地址是远端加速网关的IP地址中用于指示隧道端点的IP地址。Among them, since the outer source IP address of the outer layer of the first overlay message is the tunnel endpoint IP address of the remote acceleration gateway, it can be considered that the first overlay message carries the tunnel endpoint IP of the remote acceleration gateway. address. The tunnel endpoint IP address of the remote acceleration gateway is the IP address used to indicate the tunnel endpoint in the IP address of the remote acceleration gateway.

可选的，第一叠加报文携带远端加速网关的隧道端点IP地址的实现方式可以有多种。例如，可以将该远端加速网关的隧道端点IP地址作为第一叠加报文的外层报文的外层源IP地址，以实现该远端加速网关的隧道端点IP地址的携带。或者，在第一叠加报文的第一隧道头部中的扩展字段中携带该远端加速网关的隧道端点IP地址，以实现该远端加速网关的隧道端点IP地址的携带。Optionally, there may be multiple implementation manners for carrying the tunnel endpoint IP address of the remote acceleration gateway in the first superimposed message. For example, the tunnel endpoint IP address of the remote acceleration gateway may be used as the outer source IP address of the outer packet of the first overlay message, so as to implement the carrying of the tunnel endpoint IP address of the remote acceleration gateway. Alternatively, the tunnel endpoint IP address of the remote acceleration gateway is carried in the extension field in the first tunnel header of the first superimposed message, so as to carry the tunnel endpoint IP address of the remote acceleration gateway.

下面以第一叠加报文为VXLAN报文，使用的VXLAN协议分别为VXLAN通用协议扩展(generic protocol extension，gpe)协议(即VXLAN gpe协议)和VXLAN通用网络虚拟封装(generic network virtualization encapsulation，geneve)协议(即VXLAN nvo3-geneve协议)为例，对在第一叠加报文的第一隧道头部中的扩展字段中携带该远端加速网关的VXLAN IP地址的实现方式进行说明。In the following, the first superimposed packet is a VXLAN packet, and the VXLAN protocols used are VXLAN generic protocol extension (gpe) protocol (ie VXLAN gpe protocol) and VXLAN generic network virtualization encapsulation (geneve) The protocol (that is, the VXLAN nvo3-geneve protocol) is taken as an example to describe the implementation of carrying the VXLAN IP address of the remote acceleration gateway in the extension field in the first tunnel header of the first superimposed message.

当使用的VXLAN协议为VXLAN gpe协议时，VXLAN报文中的第一隧道头部为gpe头部，且该gpe头部携带有填充头部(shim header)。如图5所示，VXLAN报文包括以下几部分内容：第一业务请求报文、携带有填充头部的gpe头部、UDP头部、外层IP头部和外层MAC头部。其中，在第一业务请求报文外部封装了携带有填充头部的gpe头部使得第一业务请求报文作为VXLAN报文进行传输。携带有填充头部的gpe头部和第一业务请求报文外封装了UDP头部，使得携带有填充头部的gpe头部和第一业务请求报文作为UDP的数据进行传输。UDP头部外封装了外层IP头部。在外层IP头部外封装了外层MAC头部。其中，可以在填充头部中携带远端加速网关的VXLAN IP地址。When the VXLAN protocol used is the VXLAN gpe protocol, the first tunnel header in the VXLAN message is a gpe header, and the gpe header carries a shim header. As shown in Figure 5, the VXLAN message includes the following parts: the first service request message, the gpe header carrying the padding header, the UDP header, the outer IP header, and the outer MAC header. Wherein, the gpe header carrying the padding header is encapsulated outside the first service request message so that the first service request message is transmitted as a VXLAN message. The gpe header carrying the padding header and the first service request message are encapsulated with a UDP header, so that the gpe header carrying the padding header and the first service request message are transmitted as UDP data. The UDP header encapsulates the outer IP header. The outer MAC header is encapsulated outside the outer IP header. Among them, the VXLAN IP address of the remote acceleration gateway can be carried in the padding header.

外层MAC头部包括目的MAC地址字段、源MAC地址字段、VLAN类型字段、VLAN标签字段和以太网类型字段。The outer MAC header includes a destination MAC address field, a source MAC address field, a VLAN type field, a VLAN tag field, and an Ethernet type field.

外层IP头部包括IP头部的杂项数据(misc data)字段、协议字段(protocol)、头部校验和字段(header checksum)、外层目的IP地址字段和外层源IP地址字段。其中，外层源IP地址字段中携带的外层源IP地址为作为源端的VTEP IP地址，外层目的IP地址字段中携带的外层目的IP地址为作为目的端的VTEP IP地址。The outer IP header includes the misc data field, protocol field, header checksum field, outer destination IP address field, and outer source IP address field of the IP header. The outer source IP address carried in the outer source IP address field is the VTEP IP address as the source, and the outer destination IP address carried in the outer destination IP address field is the VTEP IP address as the destination.

UDP头部包括UDP源端口字段、UDP目的端口(也称VXLAN端口)字段、UDP长度字段和校验和字段。The UDP header includes a UDP source port field, a UDP destination port (also called a VXLAN port) field, a UDP length field, and a checksum field.

gpe头部包括VXLAN标志字段、保留字段1、下一协议字段(next protocol)、VXLAN网络标识符(VXLAN network identifier，VNI)字段和保留字段2。在一种可实现方式中，可以使用第一叠加报文的VXLAN gpe头部的下一协议字段指示VXLAN报文是否携带了远端加速网关的VTEP IP地址。例如，当该下一协议字段被设置为OxE1时，表示携带了远端加速网关的VTEP IP地址。此时，可以在第一叠加报文的填充头部(shim header)中携带远端加速网关的VTEP IP地址。The gpe header includes a VXLAN flag field, a reserved field 1, a next protocol field (next protocol), a VXLAN network identifier (VXLAN network identifier, VNI) field, and a reserved field 2. In an implementation manner, the next protocol field of the VXLAN gpe header of the first superimposed message may be used to indicate whether the VXLAN message carries the VTEP IP address of the remote acceleration gateway. For example, when the next protocol field is set to OxE1, it means that it carries the VTEP IP address of the remote acceleration gateway. At this time, the VTEP IP address of the remote acceleration gateway may be carried in the shim header of the first superimposed message.

如图6所示，该填充头部可以为8字节，其包括：8比特的类型字段(type)、8比特的长度字段(length)、8比特的保留字段3(reserved3)、8比特的下一协议字段(next protocol)和32比特的协议特殊字段(Protocol specific field)。其中，协议特殊字段中携带的内容即为远端加速网关的VTEP IP地址。并且，可以对填充头部中的类型字段进行设置，以指示接收到报文的网关需要执行的操作。例如，当类型字段被设置为X1时，表示接收到的报文的网关需要建立地址之间的对应关系(即进行地址学习)。当类型字段被设置为Y1时，表示接收到的报文的网关依据该扩展字段直接进行转发。其中，该X1和Y1的取值可以根据应用需求确定，例如，X1的取值为1，Y1的取值为2。As shown in Figure 6, the padding header may be 8 bytes, which includes: 8-bit type field (type), 8-bit length field (length), 8-bit reserved field 3 (reserved3), 8-bit The next protocol field (next protocol) and a 32-bit protocol specific field (Protocol specific field). Among them, the content carried in the protocol special field is the VTEP IP address of the remote acceleration gateway. In addition, the type field in the padding header can be set to indicate the operation that the gateway that receives the message needs to perform. For example, when the type field is set to X1, it means that the gateway of the received message needs to establish a correspondence between addresses (that is, address learning). When the type field is set to Y1, it means that the gateway of the received message directly forwards it according to the extension field. Wherein, the values of X1 and Y1 can be determined according to application requirements, for example, the value of X1 is 1, and the value of Y1 is 2.

当使用的VXLAN协议为VXLAN nvo3-geneve协议时，VXLAN头部可以为geneve头部。图7所示，geneve头部与gpe头部不同的是，geneve头部没有携带有填充头部，且该geneve头部包括可变长度选项字段(variable length options)。如图8所示，该geneve头部包括：2比特的版本号字段(ver)、6比特的可选项长度字段(Opt Len)、1比特的操作管理维护(operation administration and maintenance，OAM)帧字段(O)、1比特的关键选项标志字段(C)、6比特的保留字段4(reserved4)、16比特的协议类型字段(protocol type)、24比特的VNI字段、8比特的保留字段5(reserved5)和32比特的可变长度选项字段(variable length options)。在一种可实现方式中，可以在第一叠加报文的可变长度选项字段中携带了远端加速网关的VTEP IP地址。When the VXLAN protocol used is the VXLAN nvo3-geneve protocol, the VXLAN header can be the geneve header. As shown in Figure 7, the difference between the geneve header and the gpe header is that the geneve header does not carry a padding header, and the geneve header includes a variable length options field (variable length options). As shown in Figure 8, the geneve header includes: a 2-bit version number field (ver), a 6-bit optional length field (Opt Len), and a 1-bit operation administration and maintenance (OAM) frame field. (O), 1-bit key option flag field (C), 6-bit reserved field 4 (reserved4), 16-bit protocol type field (protocol type), 24-bit VNI field, 8-bit reserved field 5 (reserved5) ) And a 32-bit variable length options field (variable length options). In an implementation manner, the VTEP IP address of the remote acceleration gateway may be carried in the variable length option field of the first superimposed message.

如图9所示，该可变长度选项字段为8字节，其包括：16比特的可选类型字段(option class)、8比特的类型字段(type)、3个均为1比特的保留字段6(reserved6)、5比特的长度字段(length)和32比特的可变选项数据字段(variable option data)。其中，可变选项数据字段中携带的内容即为远端加速网关的VTEP IP地址。并且，当该可变长度选项字段中的类型字段被设置为X2时，表示接收到的报文的网关需要建立地址之间的对应关系(即进行地址学习)。当该可变长度选项字段中的类型字段被设置为Y2时，表示接收到的报文的网关依据该扩展字段直接进行转发。其中，该X2和Y2的取值可以根据应用需求确定，例如，X2的取值为1，Y2的取值为2。As shown in Figure 9, the variable-length option field is 8 bytes, which includes: a 16-bit option class field, an 8-bit type field (type), and three 1-bit reserved fields. 6 (reserved6), a 5-bit length field (length), and a 32-bit variable option data field (variable option data). Among them, the content carried in the variable option data field is the VTEP IP address of the remote acceleration gateway. Moreover, when the type field in the variable length option field is set to X2, it means that the gateway of the received message needs to establish a correspondence between addresses (that is, perform address learning). When the type field in the variable length option field is set to Y2, it means that the gateway of the received message directly forwards it according to the extension field. Wherein, the values of X2 and Y2 can be determined according to application requirements, for example, the value of X2 is 1, and the value of Y2 is 2.

需要说明的是，除了通过VXLAN gpe协议和VXLAN nvo3-geneve协议的扩展字段携带远端加速网关的隧道端点IP地址，还可以采用其他的扩展方式，使得在第一叠加报文的第一隧道头部中(或第一隧道头部的扩展字段中)携带该远端加速网关的隧道端点IP地址，且该携带的远端加速网关的隧道端点IP地址既能够适用于IPV4又能够适用于IPV6，本申请实施例对其不做具体限定。It should be noted that, in addition to carrying the tunnel endpoint IP address of the remote acceleration gateway through the extension fields of the VXLAN gpe protocol and the VXLAN nvo3-geneve protocol, other extension methods can also be used to make the first tunnel header of the first superimposed packet The part (or the extension field of the first tunnel header) carries the tunnel endpoint IP address of the remote acceleration gateway, and the carried tunnel endpoint IP address of the remote acceleration gateway can be applicable to both IPV4 and IPV6, The embodiments of this application do not specifically limit it.

步骤405、远端加速网关将第一叠加报文发送至虚拟机所在的透明加速网关。Step 405: The remote acceleration gateway sends the first overlay message to the transparent acceleration gateway where the virtual machine is located.

在远端加速网关获取第一叠加报文后，该远端加速网关可以通过远端加速网关与虚拟机所在的透明加速网关之间的连接网络，将该第一叠加报文发送至虚拟机所在的透明加速网关。其中，远端加速网关与虚拟机所在的透明加速网关之间的连接网络可以为全球骨干网、数据中心网络或数据中心的边界网络等。After the remote acceleration gateway obtains the first overlay message, the remote acceleration gateway can send the first overlay message to the virtual machine through the connection network between the remote acceleration gateway and the transparent acceleration gateway where the virtual machine is located. The transparent acceleration gateway. Among them, the connection network between the remote acceleration gateway and the transparent acceleration gateway where the virtual machine is located may be a global backbone network, a data center network, or a data center boundary network, etc.

步骤406、透明加速网关对第一叠加报文解封装以获取第一业务请求报文和第一叠加报文携带的远端加速网关的隧道端点IP地址。Step 406: The transparent acceleration gateway decapsulates the first overlay message to obtain the first service request message and the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message.

透明加速网关接收到第一叠加报文后，透明加速网关可对该第一叠加报文进行解封装，以得到位于第一叠加报文内层的第一业务请求报文，及第一叠加报文携带的远端加速网关的隧道端点IP地址，以便于在接收到针对第一业务请求报文的业务响应报文后，根据该远端加速网关的隧道端点IP地址将该业务响应报文发送至该远端加速网关，使得该远端加速网关将该业务响应报文发送至客户端。其中，对第一叠加报文解封装的实现方式可以包括：剥离第一叠加报文中的第一隧道信息。After the transparent acceleration gateway receives the first overlay message, the transparent acceleration gateway may decapsulate the first overlay message to obtain the first service request message located in the inner layer of the first overlay message, and the first overlay message The tunnel endpoint IP address of the remote acceleration gateway carried in the text, so that after receiving the service response message for the first service request message, the service response message is sent according to the tunnel endpoint IP address of the remote acceleration gateway To the remote acceleration gateway, so that the remote acceleration gateway sends the service response message to the client. Wherein, the implementation manner of decapsulating the first superimposed message may include: stripping the first tunnel information in the first superimposed message.

步骤407、透明加速网关获取第一业务请求报文的源IP地址，并记录远端加速网关的隧道端点IP地址以及第一业务请求报文的源IP地址的对应关系。Step 407: The transparent acceleration gateway obtains the source IP address of the first service request message, and records the correspondence between the tunnel endpoint IP address of the remote acceleration gateway and the source IP address of the first service request message.

透明加速网关在获取第一业务请求报文后，还可以根据该第一业务请求报文进行地址学习，以确定在向客户端发送针对第一业务请求报文的业务响应报文时，应该将该业务响应报文发送至哪个远端加速网关，并通过该远端加速网关将该业务响应报文发送至客户端，实现该业务响应报文的回源。After obtaining the first service request message, the transparent acceleration gateway may also perform address learning according to the first service request message to determine that when sending a service response message for the first service request message to the client, it should The remote acceleration gateway to which the service response message is sent, and the service response message is sent to the client through the remote acceleration gateway, so that the service response message is returned to the source.

其中，由于第一叠加报文携带的远端加速网关的隧道端点IP地址，是用于指示在向客户端发送针对第一业务请求报文的业务响应报文时，将该业务响应报文发送至客户端的远端加速网关，因此，可以获取该第一请求报文的源IP地址，即获取客户端的IP地址，然后，建立并记录该客户端的IP地址与第一叠加报文携带的远端加速网关的隧道端点IP地址的对应关系，以便于在回源时，能够通过查询该对应关系，确定将业务响应报文发送至该客户端的远端加速网关。Wherein, since the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message is used to instruct the client to send the service response message for the first service request message when the service response message is sent to the client To the remote acceleration gateway of the client, it can obtain the source IP address of the first request message, that is, obtain the IP address of the client, and then establish and record the client's IP address and the remote end carried in the first superimposed message The corresponding relationship between the IP address of the tunnel endpoint of the acceleration gateway, so that when returning to the source, the corresponding relationship can be inquired to determine the remote acceleration gateway that sends the service response message to the client.

需要说明的是，在进行地址学习时，也可以根据包括第一业务请求报文的源IP地址在内的二元组、三元组、四元组或五元组进行学习，本申请实施例对其不做具体限定。例如，当二元组为第一业务请求报文的源IP地址和目的IP地址时，可以分别获取第一业务请求报文的源IP地址和目的IP地址，并获取第一叠加报文携带的远端加速网关的隧道端点IP地址，然后，建立并记录该第一业务请求报文的源IP地址、第一业务请求报文的目的IP地址和第一叠加报文携带的远端加速网关的隧道端点IP地址之间的对应关系。当五元组为第一业务请求报文的源IP地址、目的IP地址、源端口、目的端口和所采用的传输层协议时，可以分别获取该第一业务请求报文的源IP地址、目的IP地址、源端口、目的端口和所采用的传输层协议，并获取第一叠加报文携带的远端加速网关的隧道端点IP地址，然后，建立并记录该第一业务请求报文的源IP地址、目的IP地址、源端口、目的端口、传输层协议和第一叠加报文携带的远端加速网关的隧道端点IP地址的对应关系。It should be noted that when address learning is performed, learning can also be performed according to the 2-tuple, triple-tuple, quad-tuple, or quintuple including the source IP address of the first service request message. The embodiment of the present application There is no specific restriction on it. For example, when the two-tuple is the source IP address and the destination IP address of the first service request message, the source IP address and destination IP address of the first service request message can be obtained respectively, and the information carried in the first superimposed message can be obtained. The tunnel endpoint IP address of the remote acceleration gateway, and then establish and record the source IP address of the first service request packet, the destination IP address of the first service request packet, and the remote acceleration gateway's IP address carried in the first superimposed packet Correspondence between the IP addresses of the tunnel endpoints. When the quintuple is the source IP address, destination IP address, source port, destination port, and transport layer protocol of the first service request message, the source IP address and destination of the first service request message can be obtained respectively IP address, source port, destination port, and transport layer protocol used, and obtain the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message, and then establish and record the source IP of the first service request message The corresponding relationship between the address, the destination IP address, the source port, the destination port, the transport layer protocol, and the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message.

还需要说明的是，还可以根据在传输封装有第一业务请求报文的叠加报文时，所使用的叠加网络的网络标识符，以及包括第一业务请求报文的源IP地址在内的一元组、二元组、三元组、四元组或五元组，进行地址学习。例如，透明加速网关根据叠加网络的网络标识符和第一业务请求报文的源IP地址进行地址学习时，透明加速网关可以获取传输第一业务请求报文时所使用的叠加网络的网络标识符，获取第一业务请求报文的源IP地址，并获取第一叠加报文携带的远端加速网关的隧道端点IP地址，并建立和记录该叠加网络的网络标识符、第一业务请求报文的源IP地址和远端加速网关的隧道端点IP地址的对应关系。其中，当使用VXLAN传输第一业务请求报文时，该叠加网络的网络标识符为VNI。It should also be noted that it can also be based on the network identifier of the overlay network used when transmitting the overlay message encapsulated with the first service request message, and the network identifier including the source IP address of the first service request message. One-tuple, two-tuple, three-tuple, four-tuple or five-tuple, for address learning. For example, when the transparent acceleration gateway performs address learning based on the network identifier of the overlay network and the source IP address of the first service request message, the transparent acceleration gateway can obtain the network identifier of the overlay network used when transmitting the first service request message. , Obtain the source IP address of the first service request message, and obtain the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message, and establish and record the network identifier of the overlay network and the first service request message The corresponding relationship between the source IP address of the remote acceleration gateway and the tunnel endpoint IP address of the remote acceleration gateway. Wherein, when VXLAN is used to transmit the first service request message, the network identifier of the overlay network is VNI.

由于在使用叠加网络传输封装有第一业务请求报文的叠加报文时，需要根据网络标识符确定需要使用的叠加网络，并采用该网络标识符指示的叠加网络传输叠加报文，并且，在相关技术中，该网络标识符需要人工手动设置，但是，在本申请实施例中，通过根据传输第一业务请求报文时所使用的叠加网络的网络标识符进行地址学习，可以根据该地址学习建立的对应关系，使得能够自动化地确定用于发送目的IP地址为该第一业务请求报文的源IP地址的叠加报文的叠加网络的网络标识符，即实现该网络标识符的自动化配置，能够减小该网络标识符配置过程中的人工干预，提高了该叠加报文的发送效率和准确性。Because when using the overlay network to transmit the overlay message encapsulated with the first service request message, it is necessary to determine the overlay network to be used according to the network identifier, and use the overlay network indicated by the network identifier to transmit the overlay message, and In the related art, the network identifier needs to be manually set manually. However, in the embodiment of the present application, the address learning can be performed based on the network identifier of the overlay network used when transmitting the first service request message. The established correspondence makes it possible to automatically determine the network identifier of the overlay network used to send the overlay message whose destination IP address is the source IP address of the first service request message, that is, to realize the automatic configuration of the network identifier, The manual intervention in the configuration process of the network identifier can be reduced, and the transmission efficiency and accuracy of the superimposed message can be improved.

步骤408、透明加速网关根据指向虚拟机关联的公网IP地址的路由信息，确定用于将第一业务请求报文发送至虚拟机的虚拟转发设备。Step 408: The transparent acceleration gateway determines a virtual forwarding device for sending the first service request message to the virtual machine according to the routing information pointing to the public network IP address associated with the virtual machine.

该步骤408的实现过程可以相应参考步骤403的实现过程。For the implementation process of this step 408, please refer to the implementation process of step 403 accordingly.

步骤409、透明加速网关根据虚拟转发设备的IP地址，对第一业务请求报文进行封装以产生第二叠加报文。Step 409: The transparent acceleration gateway encapsulates the first service request message according to the IP address of the virtual forwarding device to generate a second overlay message.

该透明加速网关对第一业务请求进行封装以产生第二叠加报文的实现过程，请相应参考远端加速网关对第一业务请求报文进行封装以产生第一叠加报文的实现过程。其中，可以采用第二隧道信息对第一业务请求报文进行封装，以产生第二叠加报文。该第二隧道信息包括：透明加速网关的IP地址、虚拟转发设备的IP地址，及该透明加速网关和虚拟转发设备所使用的隧道的标识。该第二叠加报文的外层目的IP地址是虚拟转发设备的IP地址，外层源IP地址是透明加速网关的IP地址，内层目的IP地址为虚拟机关联的公网IP地址，内层源IP地址为客户端的IP地址，且该第二叠加报文携带有远端加速网关的隧道端点IP地址。For the implementation process of the transparent acceleration gateway encapsulating the first service request to generate the second overlay message, please refer to the implementation process of the remote acceleration gateway encapsulating the first service request message to generate the first overlay message accordingly. Wherein, the second tunnel information may be used to encapsulate the first service request message to generate the second superimposed message. The second tunnel information includes: the IP address of the transparent acceleration gateway, the IP address of the virtual forwarding device, and the identifier of the tunnel used by the transparent acceleration gateway and the virtual forwarding device. The outer destination IP address of the second overlay message is the IP address of the virtual forwarding device, the outer source IP address is the IP address of the transparent acceleration gateway, and the inner destination IP address is the public network IP address associated with the virtual machine. The source IP address is the IP address of the client, and the second overlay message carries the tunnel endpoint IP address of the remote acceleration gateway.

步骤410、透明加速网关将第二叠加报文发送至虚拟转发设备。Step 410: The transparent acceleration gateway sends the second overlay message to the virtual forwarding device.

需要说明的是，上述步骤408至步骤410是虚拟转发设备为透明加速网关向虚拟机关联的公网IP地址发送报文是的下一跳设备时，透明加速网关将第一业务请求报文发送至虚拟转发设备的过程说明。在另一种场景中，透明加速网关和虚拟转发设备之间还可以部署有至少一个其他网关，此时，透明加速网关发出的第二叠加报文可以按照该透明加速网关和虚拟转发设备之间的路由，通过该至少一个其他网关逐跳发送至该虚拟转发设备。并且，第一业务请求报文在逐跳发送过程中也是以叠加报文的形式发送的，也即是，当封装有第一业务请求报文的叠加报文到达一个其他网关后，该其他网关也需要先对该封装有第一业务请求报文的叠加报文进行解封装得到第一业务请求报文，再对该第一业务请求报文进行封装，得到封装有该第一业务请求报文的叠加报文，再将该叠加报文发送至作为下一跳设备的网关，直至将第一业务请求报文发送至虚拟转发设备。其中，在逐跳传输叠加报文的过程中，由于用于传输叠加报文的隧道端点会发生变化，因此，对第一业务请求报文进行封装时采用的隧道信息会相应改变。It should be noted that the above steps 408 to 410 are that when the virtual forwarding device is the next-hop device that the transparent acceleration gateway sends a message to the public network IP address associated with the virtual machine, the transparent acceleration gateway sends the first service request message Description of the process to the virtual forwarding device. In another scenario, at least one other gateway may be deployed between the transparent acceleration gateway and the virtual forwarding device. In this case, the second overlay message sent by the transparent acceleration gateway can be based on the relationship between the transparent acceleration gateway and the virtual forwarding device. The route is sent to the virtual forwarding device hop by hop through the at least one other gateway. In addition, the first service request message is also sent in the form of a superimposed message in the hop-by-hop transmission process, that is, when the superimposed message encapsulating the first service request message reaches one other gateway, the other gateway It is also necessary to first decapsulate the superimposed message encapsulating the first service request message to obtain the first service request message, and then encapsulate the first service request message to obtain the first service request message encapsulated And then send the superimposed message to the gateway as the next-hop device until the first service request message is sent to the virtual forwarding device. Wherein, during the hop-by-hop transmission of the overlay message, since the tunnel endpoint used to transmit the overlay message will change, the tunnel information used when encapsulating the first service request message will change accordingly.

示例的，当透明加速网关与虚拟转发设备之间还部署有一个其他网关时，该透明加速网关将第一业务请求报文发送至虚拟转发设备的过程为：透明加速网关将根据该其他网关的IP地址和该透明加速网关的IP地址封装得到的叠加报文发送至该其他网关，该其他网关在接收到该叠加报文后，对该叠加报文进行解封装得到第一业务请求报文，并根据虚拟转发设备的IP地址和该其他网关的的IP地址，对该第一业务请求报文进行封装产生叠加报文，再将该叠加报文发送至虚拟转发设备。For example, when another gateway is deployed between the transparent acceleration gateway and the virtual forwarding device, the transparent acceleration gateway sends the first service request message to the virtual forwarding device as follows: The overlay message obtained by encapsulating the IP address and the IP address of the transparent acceleration gateway is sent to the other gateway. After receiving the overlay message, the other gateway decapsulates the overlay message to obtain the first service request message, According to the IP address of the virtual forwarding device and the IP address of the other gateway, the first service request message is encapsulated to generate an overlay message, and then the overlay message is sent to the virtual forwarding device.

步骤411、虚拟转发设备对第二叠加报文解封装以获取第一业务请求报文。Step 411: The virtual forwarding device decapsulates the second overlay message to obtain the first service request message.

步骤412、虚拟转发设备对第一业务请求报文进行目的地址转换以产生第三业务请求报文，将第三业务请求报文发送至虚拟机。Step 412: The virtual forwarding device performs destination address conversion on the first service request message to generate a third service request message, and sends the third service request message to the virtual machine.

由于在公网中传输报文时，报文中携带的目的IP地址和源IP地址均为公网IP，而虚拟机位于私网侧，会接收目的IP地址为该虚拟机自身的私网IP地址的报文，因此，在虚拟转发设备向虚拟机发送第一业务请求报文之前，还可以对该第一业务请求报文进行目的地址转换，将该第一业务请求报文的目的地址由虚拟机关联的公网IP地址转换为虚拟机的私网IP地址，并将目的地址转换后的第一业务请求报文(即第三业务请求报文)发送至该虚拟机，以便于虚拟机根据该第三业务请求报文向客户端发送业务响应报文，实现对该客户端提供业务服务的目的。其中，在该目的地址转换前后，第三业务请求报文相较于第一业务请求报文的源端口未发生变化，均为客户端端口。Since the destination IP address and source IP address carried in the message are both public IP addresses when the message is transmitted on the public network, and the virtual machine is located on the private network side, it will receive the destination IP address as the virtual machine's own private network IP Therefore, before the virtual forwarding device sends the first service request packet to the virtual machine, it can also perform destination address conversion on the first service request packet, and change the destination address of the first service request packet from The public IP address associated with the virtual machine is converted to the private IP address of the virtual machine, and the first service request message (that is, the third service request message) after the destination address conversion is sent to the virtual machine to facilitate the virtual machine Send a service response message to the client according to the third service request message, so as to achieve the purpose of providing business services to the client. Among them, before and after the destination address conversion, the source port of the third service request message has not changed compared with the source port of the first service request message, and it is the client port.

需要说明的是，虚拟转发设备和虚拟机之间还可以设置有至少一个网关，此时，可以按照路由将该一业务请求报文发送至虚拟机。并且，对第一业务请求报文进行目的地址转换操作，可以由虚拟转发设备和该至少一个网关中的任一个执行。It should be noted that at least one gateway may also be set between the virtual forwarding device and the virtual machine. In this case, the service request message may be sent to the virtual machine according to the route. Moreover, performing a destination address translation operation on the first service request message may be performed by any one of the virtual forwarding device and the at least one gateway.

在本申请实施例提供的业务服务提供方法中，通过远端加速网关对客户端发送的业务请求报文进行目的地址转换，对目的地址转换后的业务请求报文进行封装，并将经过封装的业务请求报文发送至虚拟机所在的透明加速网关，然后通过透明加速网关将经过封装的业务请求报文发送至虚拟转发设备，再通过该虚拟转发设备将该业务请求报文发送至虚拟机，相较于相关技术，由于在将业务请求报文发送至虚拟机的过程中，没有对业务请求报文的源IP地址进行地址转换，发送至虚拟机的业务请求报文的源IP地址仍为客户端的IP地址，使得虚拟机能够获知其接收到的业务请求报文的源IP地址，实现了业务请求报文的源地址透传，因此，能够便于虚拟机根据该源IP地址进行实现统计分析等功能。In the service provision method provided by the embodiment of the present application, the service request message sent by the client is converted to the destination address through the remote acceleration gateway, the service request message after the destination address conversion is encapsulated, and the encapsulated service request message is encapsulated. The service request message is sent to the transparent acceleration gateway where the virtual machine is located, and then the encapsulated service request message is sent to the virtual forwarding device through the transparent acceleration gateway, and the service request message is sent to the virtual machine through the virtual forwarding device. Compared with related technologies, since the source IP address of the service request message is not translated during the process of sending the service request message to the virtual machine, the source IP address of the service request message sent to the virtual machine is still The client's IP address enables the virtual machine to know the source IP address of the service request message it receives, and realizes the transparent transmission of the source address of the service request message. Therefore, it is convenient for the virtual machine to perform statistical analysis based on the source IP address. And other functions.

如图10所示，该业务服务提供方法的下行过程可以包括以下步骤：As shown in Figure 10, the downlink process of the business service provision method may include the following steps:

步骤501、虚拟转发设备接收虚拟机根据第一业务请求报文发送的第三业务响应报文，该第三业务响应报文的源IP地址是虚拟机的私网IP地址，目的IP地址是客户端的IP地址。Step 501: The virtual forwarding device receives a third service response message sent by the virtual machine according to the first service request message. The source IP address of the third service response message is the private network IP address of the virtual machine, and the destination IP address is the client. IP address of the end.

虚拟机接收到第一业务请求报文后，可以根据第一业务请求报文发送的第一业务响应报文生成第三业务响应报文，并向虚拟转发设备发送该第三业务响应报文，以通过该虚拟转发设备将该第三业务响应报文发送至客户端，为客户端提供业务服务。After receiving the first service request message, the virtual machine may generate a third service response message according to the first service response message sent by the first service request message, and send the third service response message to the virtual forwarding device, The third service response message is sent to the client through the virtual forwarding device to provide business services for the client.

并且，当虚拟转发设备和虚拟机直接连接时，该虚拟转发设备接收到的第三业务响应报文为虚拟机发送的第三业务响应报文。当虚拟转发设备和虚拟机之间设置有至少一个网关时，虚拟机将第三业务响应报文发送至虚拟转发设备的过程是通过路由实现的，且虚拟转发设备接收到的第三业务响应报文，为路由路径中作为该虚拟转发设备的上一跳设备转发的第三业务响应报文。Moreover, when the virtual forwarding device and the virtual machine are directly connected, the third service response message received by the virtual forwarding device is the third service response message sent by the virtual machine. When at least one gateway is set between the virtual forwarding device and the virtual machine, the process of the virtual machine sending the third service response message to the virtual forwarding device is implemented through routing, and the third service response message received by the virtual forwarding device The message is the third service response message forwarded by the previous hop device of the virtual forwarding device in the routing path.

步骤502、虚拟转发设备对第三业务响应报文进行源地址转换，以产生第一业务响应报文。Step 502: The virtual forwarding device performs source address translation on the third service response message to generate the first service response message.

由于在公网中传输报文时，报文中携带的目的IP地址和源IP地址均为公网IP，而虚拟机位于私网侧，为使虚拟机的IP地址不被暴露在公网中，在虚拟转发设备向透明加速网关发送第三业务响应报文之前，还可以对该第三业务响应报文进行源地址转换，将该第三业务响应报文的源IP地址由虚拟机的私网IP地址转换为虚拟机关联的公网IP地址，得到第一业务响应报文，以便于将第一业务响应报文发送至透明加速网关。其中，第一业务响应报文的源IP地址是虚拟机关联的公网IP地址，目的IP地址是客户端的IP地址。其中，在源地址转换前后，第一业务响应报文的目的端口相较于第三业务响应报文的目的端口未发生变化，均为客户端端口。Since when a message is transmitted on the public network, the destination IP address and source IP address carried in the message are both public IP addresses, and the virtual machine is located on the private network side, so that the IP address of the virtual machine is not exposed to the public network Before the virtual forwarding device sends the third service response message to the transparent acceleration gateway, it can also perform source address translation on the third service response message, and assign the source IP address of the third service response message to the virtual machine’s private The network IP address is converted to the public network IP address associated with the virtual machine, and the first service response message is obtained, so that the first service response message can be sent to the transparent acceleration gateway. The source IP address of the first service response message is the public network IP address associated with the virtual machine, and the destination IP address is the IP address of the client. Among them, before and after the source address conversion, the destination port of the first service response message has not changed compared with the destination port of the third service response message, and both are client ports.

需要说明的是，当虚拟转发设备和虚拟机之间设置有至少一个网关时，对第三业务响应报文进行源地址转换的操作，可以由虚拟转发设备和该至少一个网关中的任一个执行。It should be noted that when at least one gateway is set between the virtual forwarding device and the virtual machine, the operation of performing source address translation on the third service response message can be performed by any one of the virtual forwarding device and the at least one gateway. .

步骤503、虚拟转发设备根据指向客户端的IP地址的路由信息，确定用于将第一业务响应报文发送至客户端的透明加速网关。Step 503: The virtual forwarding device determines a transparent acceleration gateway for sending the first service response message to the client according to the routing information directed to the IP address of the client.

该步骤503的实现过程请相应参考步骤403的实现过程。For the implementation process of step 503, please refer to the implementation process of step 403 accordingly.

步骤504、虚拟转发设备根据透明加速网关的IP地址，对第一业务响应报文进行封装以产生第三叠加报文。Step 504: The virtual forwarding device encapsulates the first service response message according to the IP address of the transparent acceleration gateway to generate a third overlay message.

该步骤504的实现过程请相应参考步骤404的实现过程。其中，对第一业务响应报文进行封装以产生第三叠加报文时采用的第三隧道信息包括：虚拟转发设备的IP地址，透明加速网关的IP地址，及该虚拟转发设备和透明加速网关所使用的隧道的标识。该第三叠加报文的外层目的IP地址为透明加速网关的IP地址，外层源IP地址为虚拟转发设备的IP地址，内层目的IP地址为客户端的IP地址，内层源IP地址为虚拟机关联的公网IP地址。For the implementation process of step 504, please refer to the implementation process of step 404 accordingly. Wherein, the third tunnel information used when encapsulating the first service response message to generate the third overlay message includes: the IP address of the virtual forwarding device, the IP address of the transparent acceleration gateway, and the virtual forwarding device and the transparent acceleration gateway The identifier of the tunnel used. The outer destination IP address of the third overlay message is the IP address of the transparent acceleration gateway, the outer source IP address is the IP address of the virtual forwarding device, the inner destination IP address is the client's IP address, and the inner source IP address is The public IP address associated with the virtual machine.

步骤505、虚拟转发设备将第三叠加报文发送至透明加速网关。Step 505: The virtual forwarding device sends the third overlay message to the transparent acceleration gateway.

需要说明的是，上述步骤503至步骤505是透明加速网关为虚拟转发设备向客户端发送报文是的下一跳设备时，虚拟转发设备将第一业务请求报文发送至透明加速网关的过程说明。在另一种场景中，透明加速网关和虚拟转发设备之间还可以部署有至少一个其他网关，此时，虚拟转发设备发出的第三叠加报文可以按照该透明加速网关和虚拟转发设备之间的路由，通过该至少一个其他网关逐跳发送至该透明加速网关。并且，第一业务响应报文在逐跳发送过程中也是以叠加报文的形式发送的，也即是，当封装有第一业务响应报文的叠加报文到达一个其他网关后，该其他网关也需要先对该封装有第一业务响应报文的叠加报文进行解封装得到第一业务响应报文，再对该第一业务响应报文进行封装，得到封装有该第一业务响应报文的叠加报文，再将该叠加报文发送至作为下一跳设备的网关，直至将第一业务请求报文发送至透明加速网关。其中，在逐跳传输叠加报文的过程中，由于用于传输叠加报文的隧道端点会发生变化，因此，对第一业务响应报文进行封装时采用的隧道信息会相应改变。It should be noted that the above steps 503 to 505 are the process in which the virtual forwarding device sends the first service request message to the transparent acceleration gateway when the transparent acceleration gateway is the next hop device for the virtual forwarding device to send a message to the client. Description. In another scenario, at least one other gateway may be deployed between the transparent acceleration gateway and the virtual forwarding device. At this time, the third overlay packet sent by the virtual forwarding device can be based on the transparent acceleration gateway and the virtual forwarding device. The route is sent to the transparent acceleration gateway hop by hop through the at least one other gateway. In addition, the first service response message is also sent in the form of a superimposed message during the hop-by-hop transmission process, that is, when the superimposed message encapsulating the first service response message reaches another gateway, the other gateway It is also necessary to first decapsulate the superimposed message encapsulating the first service response message to obtain the first service response message, and then encapsulate the first service response message to obtain the first service response message encapsulated And then send the superimposed message to the gateway as the next-hop device until the first service request message is sent to the transparent acceleration gateway. Wherein, in the process of transmitting the superimposed message hop by hop, because the end point of the tunnel used to transmit the superimposed message will change, the tunnel information used when encapsulating the first service response message will change accordingly.

示例的，当透明加速网关与虚拟转发设备之间还部署有一个其他网关时，该虚拟转发设备将第一业务响应报文发送至透明加速网关的过程为：虚拟转发设备将根据该其他网关的IP地址和虚拟转发设备IP地址封装得到的叠加报文发送至该其他网关，该其他网关在接收到该叠加报文后，对该叠加报文进行解封装得到第一业务响应报文，并根据透明加速网关的IP地址和该其他网关的IP地址，对该第一业务响应报文进行封装产生叠加报文，再将该叠加报文发送至透明加速网关。For example, when another gateway is deployed between the transparent acceleration gateway and the virtual forwarding device, the virtual forwarding device sends the first service response message to the transparent acceleration gateway: The superimposed message obtained by encapsulating the IP address and the virtual forwarding device IP address is sent to the other gateway. After receiving the superimposed message, the other gateway decapsulates the superimposed message to obtain the first service response message, and according to The IP address of the transparent acceleration gateway and the IP address of the other gateways encapsulate the first service response message to generate an overlay message, and then send the overlay message to the transparent acceleration gateway.

步骤506、透明加速网关在接收到第三叠加报文后，对第三叠加报文进行解封装以获取第一业务响应报文，及获取第一业务响应报文的目的IP地址。Step 506: After receiving the third overlay message, the transparent acceleration gateway decapsulates the third overlay message to obtain the first service response message and obtain the destination IP address of the first service response message.

该第一业务响应报文的目的IP地址为客户端的IP地址。The destination IP address of the first service response message is the IP address of the client.

该步骤506的实现过程请相应参考步骤406的实现过程。For the implementation process of step 506, please refer to the implementation process of step 406 accordingly.

步骤507、透明加速网关根据第一业务响应报文的目的IP地址，从远端加速网关的隧道端点IP地址以及第一业务请求报文的源IP地址的对应关系，获取远端加速网关的隧道端点IP地址。Step 507: The transparent acceleration gateway obtains the tunnel of the remote acceleration gateway from the corresponding relationship between the tunnel endpoint IP address of the remote acceleration gateway and the source IP address of the first service request packet according to the destination IP address of the first service response packet Endpoint IP address.

为了保证能够将第一业务响应报文发送至客户端，需要确定用于将该第一业务响应报文发送至客户端的远端加速网关。此时，可以根据第一业务响应报文的目的IP地址，查询在上行过程中记录的远端加速网关的隧道端点IP地址以及第一业务请求报文的源IP地址的对应关系，得到用于将该第一业务响应报文发送至客户端的远端加速网关的隧道端点IP地址。In order to ensure that the first service response message can be sent to the client, a remote acceleration gateway for sending the first service response message to the client needs to be determined. At this time, according to the destination IP address of the first service response message, the corresponding relationship between the tunnel endpoint IP address of the remote acceleration gateway recorded in the uplink process and the source IP address of the first service request message can be queried to obtain Send the first service response message to the tunnel endpoint IP address of the remote acceleration gateway of the client.

步骤508、透明加速网关根据远端加速网关的隧道端点IP地址，对第一业务响应报文进行封装以产生第四叠加报文。Step 508: The transparent acceleration gateway encapsulates the first service response message according to the tunnel endpoint IP address of the remote acceleration gateway to generate a fourth overlay message.

透明加速网关在获取远端加速网关的隧道端点IP地址后，可以直接根据该远端加速网关的隧道端点IP地址对第一业务响应报文进行封装。其中，对第一业务响应报文进行封装以产生第四叠加报文时采用的第四隧道信息包括：远端加速网关的隧道端点IP地址，透明加速网关的IP地址，及该远端加速网关和透明加速网关所使用的隧道的标识。该第四叠加报文的外层目的IP地址为远端加速网关的隧道端点IP地址，外层源IP地址为透明加速网关的IP地址，内层目的IP地址为客户端的IP地址，内层源IP地址为虚拟机关联的公网IP地址。After the transparent acceleration gateway obtains the tunnel endpoint IP address of the remote acceleration gateway, it can directly encapsulate the first service response message according to the tunnel endpoint IP address of the remote acceleration gateway. Wherein, the fourth tunnel information used when encapsulating the first service response message to generate the fourth overlay message includes: the tunnel endpoint IP address of the remote acceleration gateway, the IP address of the transparent acceleration gateway, and the remote acceleration gateway And the identification of the tunnel used by the transparent acceleration gateway. The outer destination IP address of the fourth overlay message is the tunnel endpoint IP address of the remote acceleration gateway, the outer source IP address is the IP address of the transparent acceleration gateway, the inner destination IP address is the IP address of the client, and the inner source IP address is the IP address of the transparent acceleration gateway. The IP address is the public IP address associated with the virtual machine.

步骤509、透明加速网关根据远端加速网关的隧道端点IP地址将第四叠加报文发送至远端加速网关。Step 509: The transparent acceleration gateway sends the fourth overlay message to the remote acceleration gateway according to the tunnel endpoint IP address of the remote acceleration gateway.

步骤510、远端加速网关对第四叠加报文进行解封装以获取第一业务响应报文。Step 510: The remote acceleration gateway decapsulates the fourth overlay message to obtain the first service response message.

步骤511、远端加速网关对第一业务响应报文进行源IP地址转换以产生第二业务响应报文，将第二业务响应报文发送至客户端。Step 511: The remote acceleration gateway performs source IP address conversion on the first service response message to generate a second service response message, and sends the second service response message to the client.

由于客户端通过远端加速网关与公网中的设备进行通信，根据通信协议，该客户端能够接收的报文的源IP地址应该为远端加速网关的加速IP地址，因此，为使客户端接收第一业务响应报文，远端加速网关需要对第一业务响应报文进行源IP地址转换，将该第一业务响应报文的源IP地址由虚拟机的私网IP地址转换为远端加速网关的加速IP地址，得到第二业务响应报文，并将该第二业务响应报文发送至客户端，以便于客户端使用通过该第二业务响应提供的业务服务。即第二业务响应报文的源IP地址是远端加速网关的加速IP地址，目的IP地址是客户端的IP地址。其中，在源地址转换前后，第二业务响应报文的目的端口相较于第一业务响应报文的目的端口未发生变化，均为客户端端口。Since the client communicates with devices on the public network through the remote acceleration gateway, according to the communication protocol, the source IP address of the packet that the client can receive should be the acceleration IP address of the remote acceleration gateway. Therefore, in order to enable the client After receiving the first service response message, the remote acceleration gateway needs to convert the source IP address of the first service response message, and convert the source IP address of the first service response message from the private network IP address of the virtual machine to the remote end The acceleration IP address of the acceleration gateway obtains the second service response message, and sends the second service response message to the client, so that the client can use the service provided by the second service response. That is, the source IP address of the second service response message is the acceleration IP address of the remote acceleration gateway, and the destination IP address is the IP address of the client. Wherein, before and after the source address conversion, the destination port of the second service response message has not changed compared with the destination port of the first service response message, and both are client ports.

在本申请实施例中，通过透明加速网关在上行过程中记录远端加速网关的加速IP地址以及客户端的IP地址的对应关系，在下行过程中查询该对应关系得到远端加速网关的隧道端点IP地址，使得透明加速网关能够根据该远端加速网关的隧道端点IP地址，将第四叠加报文发送至远端加速网关，以通过远端加速网关将针对第一业务请求报文的第一业务响应报文发送至客户端，实现第一业务响应报文的回源。In the embodiment of the present application, the transparent acceleration gateway records the correspondence between the acceleration IP address of the remote acceleration gateway and the IP address of the client during the uplink process, and queries the correspondence during the downlink process to obtain the tunnel endpoint IP of the remote acceleration gateway. Address, so that the transparent acceleration gateway can send the fourth superimposed message to the remote acceleration gateway according to the tunnel endpoint IP address of the remote acceleration gateway, so that the first service of the first service request message can be transferred to the remote acceleration gateway through the remote acceleration gateway The response message is sent to the client to realize the return to the source of the first service response message.

本申请实施例还提供了一种业务服务提供***，如图1或图2所示，该业务服务提供***包括透明加速网关、虚拟转发设备和虚拟机，虚拟机用于向客户端提供业务服务。或者，如图3所示，该业务服务提供***还可以包括：部署在透明加速网关和虚拟转发设备之间的至少一个其他网关。The embodiment of the present application also provides a business service providing system, as shown in Figure 1 or Figure 2, the business service providing system includes a transparent acceleration gateway, a virtual forwarding device, and a virtual machine. The virtual machine is used to provide business services to clients. . Or, as shown in FIG. 3, the business service providing system may further include: at least one other gateway deployed between the transparent acceleration gateway and the virtual forwarding device.

其中，透明加速网关用于接收远端加速网关发送的第一叠加报文，对第一叠加报文解封装以获取第一业务请求报文，对第一业务请求报文进行封装以产生第二叠加报文，将第二叠加报文发送至虚拟转发设备，透明加速网关建立远端加速网关的IP地址以及客户端的IP地址的对应关系，第一叠加报文封装有第一业务请求报文，第一业务请求报文的源互联网协议IP地址是客户端的IP地址，目的IP地址是虚拟机关联的公网IP地址；Among them, the transparent acceleration gateway is used to receive the first superimposed message sent by the remote acceleration gateway, decapsulate the first superimposed message to obtain the first service request message, and encapsulate the first service request message to generate the second Overlay message, send the second overlay message to the virtual forwarding device, the transparent acceleration gateway establishes the correspondence between the IP address of the remote acceleration gateway and the IP address of the client, the first overlay message encapsulates the first service request message, The source Internet Protocol IP address of the first service request message is the client's IP address, and the destination IP address is the public network IP address associated with the virtual machine;

虚拟转发设备用于对第二叠加报文解封装以获取第一业务请求报文，将第一业务请求报文发送至虚拟机。The virtual forwarding device is configured to decapsulate the second overlay message to obtain the first service request message, and send the first service request message to the virtual machine.

其中，透明加速网关还用于获取第一叠加报文携带的远端加速网关的IP地址，获取第一业务请求报文的源地址，记录远端加速网关的IP地址以及客户端的IP地址的对应关系，其中，第一业务请求报文的源地址是客户端的IP地址于。Among them, the transparent acceleration gateway is also used to obtain the IP address of the remote acceleration gateway carried in the first overlay message, obtain the source address of the first service request message, and record the correspondence between the IP address of the remote acceleration gateway and the IP address of the client Relationship, where the source address of the first service request message is the IP address of the client.

可选的，虚拟转发设备还用于接收虚拟机根据第一业务请求报文发送的第一业务响应报文，对第一业务响应报文进行封装以产生第三叠加报文，将第三叠加报文发送至透明加速网关，第一业务响应报文的源地址是虚拟机关联的公网IP地址，目的地址是客户端的IP地址；Optionally, the virtual forwarding device is further configured to receive the first service response message sent by the virtual machine according to the first service request message, encapsulate the first service response message to generate a third superimposed message, and superimpose the third superimposed message. The message is sent to the transparent acceleration gateway, the source address of the first service response message is the public network IP address associated with the virtual machine, and the destination address is the IP address of the client;

相应的，透明加速网关还用于对第三叠加报文解封装以获取第一业务响应报文，根据第一业务响应报文的目的IP地址，从对应关系获取远端加速网关的IP地址，对第一业务响应报文进行封装以产生第四叠加报文，根据远端加速网关的IP地址将第四叠加报文发送至远端加速网关。Correspondingly, the transparent acceleration gateway is also used to decapsulate the third overlay message to obtain the first service response message, and obtain the IP address of the remote acceleration gateway from the corresponding relationship according to the destination IP address of the first service response message. The first service response message is encapsulated to generate a fourth superimposed message, and the fourth superimposed message is sent to the remote acceleration gateway according to the IP address of the remote acceleration gateway.

所属领域的技术人员可以清楚地了解到，为描述的方便和简洁，该业务服务提供***中各设备的具体工作过程，可以参考前述方法实施例中的对应设备的描述，在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and concise description, the specific working process of each device in the business service providing system can refer to the description of the corresponding device in the foregoing method embodiment, which will not be repeated here.

本申请实施例提供了一种第一计算机设备，透明加速网关可以部署在该第一计算机设备中。图11示例性的提供了第一计算机设备的一种可能的架构图。如图11所示，该第一计算机设备可以包括第一处理器601、第一存储器602、第一通信接口603和第一总线604。在第一计算机设备中，第一处理器601的数量可以是一个或多个，图11仅示意了其中一个第一处理器601。可选的，第一处理器601可以是中央处理器(Central Processing Unit，CPU)。若第一计算机设备具有多个第一处理器601，多个第一处理器601的类型可以不同，或者可以相同。可选的，第一计算机设备的多个第一处理器还可以集成为多核处理器。The embodiment of the present application provides a first computer device, and the transparent acceleration gateway can be deployed in the first computer device. FIG. 11 exemplarily provides a possible architecture diagram of the first computer device. As shown in FIG. 11, the first computer device may include a first processor 601, a first memory 602, a first communication interface 603, and a first bus 604. In the first computer device, the number of first processors 601 may be one or more, and FIG. 11 only illustrates one of the first processors 601. Optionally, the first processor 601 may be a central processing unit (Central Processing Unit, CPU). If the first computer device has multiple first processors 601, the types of the multiple first processors 601 may be different or may be the same. Optionally, multiple first processors of the first computer device may also be integrated into a multi-core processor.

第一存储器602存储计算机指令和数据，第一存储器602可以存储实现本申请提供的业务服务提供方法中透明加速网关的功能所需的计算机指令和数据。第一存储器602可以是以下存储介质的任一种或任一种组合：非易失性存储器(如只读存储器(Read-Only Memory，ROM)、固态硬盘(Solid State Disk，SSD)、硬盘(Hard Disk Drive，HDD)、光盘等、易失性存储器。The first memory 602 stores computer instructions and data, and the first memory 602 can store computer instructions and data required to realize the function of the transparent acceleration gateway in the business service providing method provided by the present application. The first memory 602 may be any one or any combination of the following storage media: non-volatile memory (such as Read-Only Memory (ROM), Solid State Disk (SSD)), and hard disk (Read-Only Memory, ROM). Hard Disk Drive, HDD), optical discs, etc., volatile memory.

第一通信接口603可以是以下器件的任一种或任一种组合：网络接口(如以太网接口)、无线网卡等具有网络接入功能的器件。The first communication interface 603 may be any one or any combination of the following devices: a network interface (such as an Ethernet interface), a wireless network card, and other devices with a network access function.

第一通信接口603用于第一计算机设备与其他节点或者其他计算机设备进行数据通信。The first communication interface 603 is used for data communication between the first computer device and other nodes or other computer devices.

图11还示例性地绘制出第一总线604。第一总线604可以将第一处理器601与第一存储器602、第一通信接口603连接。这样，通过第一总线604，第一处理器601可以访问第一存储器602，还可以利用第一通信接口603与其他节点或者其他计算机设备进行数据交互。FIG. 11 also illustrates the first bus 604 exemplarily. The first bus 604 can connect the first processor 601 with the first memory 602 and the first communication interface 603. In this way, through the first bus 604, the first processor 601 can access the first memory 602, and can also use the first communication interface 603 to perform data interaction with other nodes or other computer devices.

在本申请中，第一计算机设备执行第一存储器602中的计算机指令，可以实现本申请提供的业务服务提供方法中透明加速网关的功能。例如，第一计算机设备执行第一存储器602中的计算机指令，可以执行透明加速网关执行的以下步骤：透明加速网关接收远端加速网关发送的第一叠加报文，透明加速网关对第一叠加报文解封装以获取第一业务请求报文，对第一业务请求报文进行封装以产生第二叠加报文，将第二叠加报文发送至虚拟转发设备。并且，第一计算机设备执行第一存储器602中的计算机指令，执行透明加速网关执行的步骤的实现过程可以相应参考上述方法实施例中对应的描述。In this application, the first computer device executes the computer instructions in the first memory 602 to realize the function of the transparent acceleration gateway in the business service provision method provided in this application. For example, when the first computer device executes the computer instructions in the first memory 602, the following steps executed by the transparent acceleration gateway can be executed: the transparent acceleration gateway receives the first overlay message sent by the remote acceleration gateway, and the transparent acceleration gateway reports the first overlay message to the remote acceleration gateway. Decapsulate the text to obtain the first service request message, encapsulate the first service request message to generate a second overlay message, and send the second overlay message to the virtual forwarding device. In addition, the first computer device executes the computer instructions in the first memory 602, and the implementation process of the steps executed by the transparent acceleration gateway can be referred to the corresponding description in the foregoing method embodiment.

本申请实施例提供了一种第二计算机设备，虚拟转发设备和虚拟机可以部署在该第二计算机设备中。图12示例性的提供了第二计算机设备的一种可能的架构图。如图12所示，该第二计算机设备可以包括第二处理器701、第二存储器702、第二通信接口703和第二总线704。在第二计算机设备中，第二处理器701的数量可以是一个或多个，图12仅示意了其中一个第二处理器701。可选的，第二处理器701可以是中央处理器。若第二计算机设备具有多个第二处理器701，多个第二处理器701的类型可以不同，或者可以相同。可选的，第二计算机设备的多个第二处理器还可以集成为多核处理器。The embodiment of the present application provides a second computer device, and a virtual forwarding device and a virtual machine can be deployed in the second computer device. Fig. 12 exemplarily provides a possible architecture diagram of the second computer device. As shown in FIG. 12, the second computer device may include a second processor 701, a second memory 702, a second communication interface 703, and a second bus 704. In the second computer device, the number of the second processors 701 may be one or more, and FIG. 12 only illustrates one of the second processors 701. Optionally, the second processor 701 may be a central processing unit. If the second computer device has multiple second processors 701, the types of the multiple second processors 701 may be different or may be the same. Optionally, multiple second processors of the second computer device may also be integrated into a multi-core processor.

第二存储器702存储计算机指令和数据，第二存储器702可以存储实现本申请提供的业务服务提供方法中虚拟转发设备和虚拟机的功能所需的计算机指令和数据。第二存储器702可以是以下存储介质的任一种或任一种组合：非易失性存储器(如只读存储器、固态硬盘、硬盘、光盘等)、易失性存储器。The second memory 702 stores computer instructions and data, and the second memory 702 can store computer instructions and data required to implement the functions of the virtual forwarding device and virtual machine in the business service providing method provided by this application. The second memory 702 may be any one or any combination of the following storage media: non-volatile memory (such as read-only memory, solid-state hard disk, hard disk, optical disk, etc.), volatile memory.

第二通信接口703可以是以下器件的任一种或任一种组合：网络接口(如以太网接口)、无线网卡等具有网络接入功能的器件。The second communication interface 703 may be any one or any combination of the following devices: a network interface (such as an Ethernet interface), a wireless network card, and other devices with a network access function.

第二通信接口703用于第二计算机设备与其他节点或者其他计算机设备进行数据通信。The second communication interface 703 is used for data communication between the second computer device and other nodes or other computer devices.

图12还示例性地绘制出第二总线704。第二总线704可以将第二处理器701与第二存储器702、第二通信接口703连接。这样，通过第二总线704，第二处理器701可以访问第二存储器702，还可以利用第二通信接口703与其他节点或者其他计算机设备进行数据交互。FIG. 12 also exemplarily plots the second bus 704. The second bus 704 can connect the second processor 701 with the second memory 702 and the second communication interface 703. In this way, through the second bus 704, the second processor 701 can access the second memory 702, and can also use the second communication interface 703 to perform data interaction with other nodes or other computer devices.

在本申请中，第二计算机设备执行第二存储器702中的计算机指令，可以实现本申请提供的业务服务提供方法中虚拟转发设备和虚拟机的功能。例如，第二计算机设备执行第二存储器702中的计算机指令，可以执行虚拟转发设备执行的以下步骤：虚拟转发设备对第二叠加报文解封装以获取第一业务请求报文，将第一业务请求报文发送至虚拟机。并且，第二计算机设备执行第二存储器702中的计算机指令，执行虚拟转发设备执行的步骤的实现过程可以相应参考上述方法实施例中对应的描述。In this application, the second computer device executes the computer instructions in the second memory 702 to realize the functions of the virtual forwarding device and the virtual machine in the business service providing method provided in this application. For example, the second computer device executes the computer instructions in the second memory 702 to execute the following steps performed by the virtual forwarding device: the virtual forwarding device decapsulates the second overlay packet to obtain the first service request packet, and transfers the first service request packet to the first service request packet. The request message is sent to the virtual machine. In addition, the second computer device executes the computer instructions in the second memory 702, and the implementation process of the steps executed by the virtual forwarding device may refer to the corresponding description in the foregoing method embodiment.

本申请实施例提供了一种第三计算机设备，远端加速网关可以部署在该第三计算机设备中。图13示例性的提供了第三计算机设备的一种可能的架构图。如图13所示，该第三计算机设备可以包括第三处理器801、第三存储器802、第三通信接口803和第三总线804。在第三计算机设备中，第三处理器801的数量可以是一个或多个，图13仅示意了其中一个第三处理器801。可选的，第三处理器801可以是中央处理器。若第三计算机设备具有多个第三处理器801，多个第三处理器801的类型可以不同，或者可以相同。可选的，第三计算机设备的多个第三处理器还可以集成为多核处理器。The embodiment of the present application provides a third computer device, and the remote acceleration gateway can be deployed in the third computer device. FIG. 13 exemplarily provides a possible architecture diagram of the third computer device. As shown in FIG. 13, the third computer device may include a third processor 801, a third memory 802, a third communication interface 803, and a third bus 804. In the third computer device, the number of third processors 801 may be one or more, and FIG. 13 only illustrates one of the third processors 801. Optionally, the third processor 801 may be a central processing unit. If the third computer device has multiple third processors 801, the types of the multiple third processors 801 may be different or may be the same. Optionally, multiple third processors of the third computer device may also be integrated into a multi-core processor.

第三存储器802存储计算机指令和数据，第三存储器802可以存储实现本申请提供的业务服务提供方法中远端加速网关的功能所需的计算机指令和数据。第三存储器802可以是以下存储介质的任一种或任一种组合：非易失性存储器(如只读存储器、固态硬盘、硬盘、光盘等)、易失性存储器。The third memory 802 stores computer instructions and data, and the third memory 802 can store computer instructions and data required to realize the function of the remote acceleration gateway in the service provision method provided by the present application. The third memory 802 may be any one or any combination of the following storage media: non-volatile memory (such as read-only memory, solid-state hard disk, hard disk, optical disk, etc.), volatile memory.

第三通信接口803可以是以下器件的任一种或任一种组合：网络接口(如以太网接口)、无线网卡等具有网络接入功能的器件。The third communication interface 803 may be any one or any combination of the following devices: a network interface (such as an Ethernet interface), a wireless network card, and other devices with a network access function.

第三通信接口803用于第三计算机设备与其他节点或者其他计算机设备进行数据通信。The third communication interface 803 is used for data communication between the third computer device and other nodes or other computer devices.

图13还示例性地绘制出第三总线804。第三总线804可以将第三处理器801与第三存储器802、第三通信接口803连接。这样，通过第三总线804，第三处理器801可以访问第三存储器802，还可以利用第三通信接口803与其他节点或者其他计算机设备进行数据交互。FIG. 13 also exemplarily plots the third bus 804. The third bus 804 may connect the third processor 801 with the third memory 802 and the third communication interface 803. In this way, through the third bus 804, the third processor 801 can access the third memory 802, and can also use the third communication interface 803 to perform data interaction with other nodes or other computer devices.

在本申请中，第三计算机设备执行第三存储器802中的计算机指令，可以实现本申请提供的业务服务提供方法中远端加速网关的功能。例如，第三计算机设备执行第三存储器802中的计算机指令，可以执行远端加速网关执行的以下步骤：远端加速网关接收客户端发送的第二业务请求报文；远端加速网关对第二业务请求报文进行目的地址转换以产生第一业务请求报文；远端加速网关对第一业务请求报文进行封装，以产生第一叠加报文；远端加速网关将第一叠加报文发送至虚拟机所在的透明加速网关。并且，第三计算机设备执行第三存储器802中的计算机指令，执行远端加速网关执行的步骤的实现过程可以相应参考上述方法实施例中对应的描述。In this application, the third computer device executes the computer instructions in the third memory 802, which can realize the function of the remote acceleration gateway in the business service providing method provided in this application. For example, when the third computer device executes the computer instructions in the third memory 802, the following steps executed by the remote acceleration gateway can be executed: the remote acceleration gateway receives the second service request message sent by the client; the remote acceleration gateway responds to the second The service request message performs destination address conversion to generate the first service request message; the remote acceleration gateway encapsulates the first service request message to generate the first overlay message; the remote acceleration gateway sends the first overlay message To the transparent acceleration gateway where the virtual machine is located. In addition, the third computer device executes the computer instructions in the third memory 802 and executes the steps executed by the remote acceleration gateway. For the implementation process, please refer to the corresponding description in the foregoing method embodiment.

本申请实施例还提供了一种第一存储介质，该第一存储介质为非易失性计算机可读存储介质，当第一存储介质中的指令被处理器执行时，实现如本申请实施例中业务服务提供方法中透明加速网关所实现的功能。The embodiment of the present application also provides a first storage medium, which is a non-volatile computer-readable storage medium. When the instructions in the first storage medium are executed by the processor, the implementation is as in the embodiment of the present application. The functions implemented by the transparent acceleration gateway in the medium business service provision method.

本申请实施例还提供了一种第二存储介质，该第二存储介质为非易失性计算机可读存储介质，当第二存储介质中的指令被处理器执行时，实现如本申请实施例中业务服务提供方法中虚拟转发设备所实现的功能。The embodiment of the present application also provides a second storage medium. The second storage medium is a non-volatile computer-readable storage medium. When the instructions in the second storage medium are executed by the processor, the implementation is as in the embodiment of the present application. The function implemented by the virtual forwarding device in the medium business service provision method.

本申请实施例还提供了一种第三存储介质，该第三存储介质为非易失性计算机可读存储介质，当第三存储介质中的指令被处理器执行时，实现如本申请实施例中业务服务提供方法中远端加速网关所实现的功能。The embodiment of the present application also provides a third storage medium, which is a non-volatile computer-readable storage medium. When the instructions in the third storage medium are executed by the processor, the implementation is as in the embodiment of the present application. The function implemented by the remote acceleration gateway in the medium business service provision method.

本申请实施例还提供了一种包含指令的第一计算机程序产品，当第一计算机程序产品在计算机上运行时，使得计算机执行本申请实施例中业务服务提供方法中透明加速网关所实现的功能。The embodiment of the present application also provides a first computer program product containing instructions. When the first computer program product runs on a computer, the computer executes the functions implemented by the transparent acceleration gateway in the business service providing method in the embodiment of the present application. .

本申请实施例还提供了一种包含指令的第二计算机程序产品，当第二计算机程序产品在计算机上运行时，使得计算机执行本申请实施例中业务服务提供方法中虚拟转发设备所实现的功能。The embodiment of the present application also provides a second computer program product containing instructions. When the second computer program product runs on a computer, the computer executes the functions implemented by the virtual forwarding device in the business service providing method in the embodiment of the present application. .

本申请实施例还提供了一种包含指令的第三计算机程序产品，当第三计算机程序产品在计算机上运行时，使得计算机执行本申请实施例中业务服务提供方法中远端加速网关所实现的功能。The embodiment of the present application also provides a third computer program product containing instructions. When the third computer program product runs on the computer, the computer executes the implementation of the remote acceleration gateway in the business service providing method in the embodiment of the present application. Features.

本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成，也可以通过程序来指令相关的硬件完成，所述的程序可以存储于一种计算机可读存储介质中，上述提到的存储介质可以是只读存储器，磁盘或光盘等。A person of ordinary skill in the art can understand that all or part of the steps in the above embodiments can be implemented by hardware, or by a program to instruct relevant hardware. The program can be stored in a computer-readable storage medium. The storage medium mentioned can be a read-only memory, a magnetic disk or an optical disk, etc.

在本申请实施例中，术语“第一”、“第二”和“第三”仅用于描述目的，而不能理解为指示或暗示相对重要性。术语“至少一个”是指一个或多个，术语“多个”指两个或两个以上，除非另有明确的限定。In the embodiments of the present application, the terms "first", "second" and "third" are only used for descriptive purposes, and cannot be understood as indicating or implying relative importance. The term "at least one" refers to one or more, and the term "plurality" refers to two or more, unless expressly defined otherwise.

本申请中术语“和/或”，仅仅是一种描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B这三种情况。另外，本文中字符“/”，一般表示前后关联对象是一种“或”的关系。The term "and/or" in this application is merely an association relationship describing associated objects, which means that there can be three types of relationships. For example, A and/or B can mean that there is A alone, and both A and B exist. There are three cases of B. In addition, the character "/" in this text generally indicates that the associated objects before and after are in an "or" relationship.

以上所述仅为本申请的可选实施例，并不用以限制本申请，凡在本申请的构思和原则之内，所作的任何修改、等同替换、改进等，均应包含在本申请的保护范围之内。The above are only optional embodiments of this application and are not intended to limit this application. Any modification, equivalent replacement, improvement, etc. made within the concept and principle of this application shall be included in the protection of this application. Within range.

Claims

一种业务服务提供方法，其特征在于，所述业务服务提供方法应用于业务服务提供***，所述业务服务提供***包括透明加速网关、虚拟转发设备和虚拟机，所述虚拟机用于向客户端提供业务服务，所述方法包括：A business service provision method, characterized in that the business service provision method is applied to a business service provision system, the business service provision system includes a transparent acceleration gateway, a virtual forwarding device, and a virtual machine, and the virtual machine is used to provide customers Provides business services at the end, and the method includes:

所述透明加速网关接收远端加速网关发送的第一叠加报文，所述第一叠加报文封装有第一业务请求报文，所述第一业务请求报文的源互联网协议IP地址是客户端的IP地址，目的IP地址是所述虚拟机关联的公网IP地址，所述第一叠加报文携带有所述远端加速网关的IP地址；The transparent acceleration gateway receives a first superimposed message sent by a remote acceleration gateway, the first superimposed message encapsulates a first service request message, and the source Internet Protocol IP address of the first service request message is the client The IP address of the remote end, the destination IP address is the public network IP address associated with the virtual machine, and the first overlay message carries the IP address of the remote acceleration gateway;

所述透明加速网关对所述第一叠加报文解封装以获取所述第一业务请求报文，对所述第一业务请求报文进行封装以产生第二叠加报文，将所述第二叠加报文发送至所述虚拟转发设备，所述透明加速网关建立所述远端加速网关的IP地址以及所述客户端的IP地址的对应关系；The transparent acceleration gateway decapsulates the first overlay message to obtain the first service request message, encapsulates the first service request message to generate a second overlay message, and converts the second overlay message to The superimposed message is sent to the virtual forwarding device, and the transparent acceleration gateway establishes a correspondence between the IP address of the remote acceleration gateway and the IP address of the client;

所述虚拟转发设备对所述第二叠加报文解封装以获取所述第一业务请求报文，将所述第一业务请求报文发送至所述虚拟机。The virtual forwarding device decapsulates the second overlay message to obtain the first service request message, and sends the first service request message to the virtual machine.
根据权利要求1所述的方法，其特征在于，所述虚拟转发设备为虚拟交换机，所述虚拟机关联的公网IP地址为与所述虚拟机绑定的公网IP地址。The method according to claim 1, wherein the virtual forwarding device is a virtual switch, and the public network IP address associated with the virtual machine is a public network IP address bound to the virtual machine.
根据权利要求1所述的方法，其特征在于，所述虚拟转发设备为负载均衡器，所述负载均衡器为所述虚拟机提供负载均衡服务，所述虚拟机关联的公网IP地址为与所述负载均衡器绑定的公网IP地址。The method according to claim 1, wherein the virtual forwarding device is a load balancer, the load balancer provides load balancing services for the virtual machine, and the public network IP address associated with the virtual machine is The public network IP address bound to the load balancer.
根据权利要求1至3任一项所述的方法，其特征在于，所述透明加速网关建立所述远端加速网关的IP地址以及所述客户端的IP地址的对应关系，包括：The method according to any one of claims 1 to 3, wherein the transparent acceleration gateway establishing the correspondence between the IP address of the remote acceleration gateway and the IP address of the client includes:

所述透明加速网关获取所述第一叠加报文携带的所述远端加速网关的IP地址；Acquiring, by the transparent acceleration gateway, the IP address of the remote acceleration gateway carried in the first superimposed message;

所述透明加速网关获取所述第一业务请求报文的源地址，其中，所述第一业务请求报文的源地址是所述客户端的IP地址；Acquiring, by the transparent acceleration gateway, the source address of the first service request message, where the source address of the first service request message is the IP address of the client;

所述透明加速网关记录所述远端加速网关的IP地址以及客户端的IP地址的对应关系。The transparent acceleration gateway records the correspondence between the IP address of the remote acceleration gateway and the IP address of the client.
根据权利要求4所述的方法，其特征在于，The method of claim 4, wherein:

在所述虚拟转发设备将所述第一业务请求报文发送至所述虚拟机之后，所述方法还包括：After the virtual forwarding device sends the first service request message to the virtual machine, the method further includes:

所述虚拟转发设备接收所述虚拟机根据所述第一业务请求报文发送的第一业务响应报文，对所述第一业务响应报文进行封装以产生第三叠加报文，将所述第三叠加报文发送至所述透明加速网关，所述第一业务响应报文的源地址是所述虚拟机关联的公网IP地址，目的地址是所述客户端的IP地址；The virtual forwarding device receives the first service response message sent by the virtual machine according to the first service request message, encapsulates the first service response message to generate a third superimposed message, and converts the The third overlay message is sent to the transparent acceleration gateway, the source address of the first service response message is the public network IP address associated with the virtual machine, and the destination address is the IP address of the client;

所述透明加速网关对所述第三叠加报文解封装以获取所述第一业务响应报文，根据所述第一业务响应报文的目的IP地址，从所述对应关系获取所述远端加速网关的IP地址，对所述第一业务响应报文进行封装以产生第四叠加报文，根据所述远端加速网关的IP地址将所述第四叠加报文发送至所述远端加速网关。The transparent acceleration gateway decapsulates the third overlay message to obtain the first service response message, and obtains the remote end from the corresponding relationship according to the destination IP address of the first service response message The IP address of the acceleration gateway, encapsulates the first service response message to generate a fourth superimposed message, and sends the fourth superimposed message to the remote acceleration according to the IP address of the remote acceleration gateway Gateway.
一种业务服务提供***，其特征在于，所述业务服务提供***包括透明加速网关、虚拟转发设备和虚拟机，所述虚拟机用于向客户端提供业务服务；A business service providing system, wherein the business service providing system includes a transparent acceleration gateway, a virtual forwarding device, and a virtual machine, and the virtual machine is used to provide business services to clients;

所述透明加速网关用于接收远端加速网关发送的第一叠加报文，所述第一叠加报文封装有第一业务请求报文，所述第一业务请求报文的源互联网协议IP地址是客户端的IP地址，目的IP地址是所述虚拟机关联的公网IP地址，所述第一叠加报文携带有所述远端加速网关的IP地址；The transparent acceleration gateway is configured to receive a first superimposed message sent by a remote acceleration gateway, the first superimposed message encapsulating a first service request message, and the source Internet Protocol IP address of the first service request message Is the IP address of the client, the destination IP address is the public network IP address associated with the virtual machine, and the first overlay message carries the IP address of the remote acceleration gateway;

所述透明加速网关用于对所述第一叠加报文解封装以获取所述第一业务请求报文，对所述第一业务请求报文进行封装以产生第二叠加报文，将所述第二叠加报文发送至所述虚拟转发设备，所述透明加速网关建立所述远端加速网关的IP地址以及所述客户端的IP地址的对应关系；The transparent acceleration gateway is configured to decapsulate the first overlay message to obtain the first service request message, encapsulate the first service request message to generate a second overlay message, and convert the The second overlay message is sent to the virtual forwarding device, and the transparent acceleration gateway establishes a correspondence between the IP address of the remote acceleration gateway and the IP address of the client;

所述虚拟转发设备用于对所述第二叠加报文解封装以获取所述第一业务请求报文，将所述第一业务请求报文发送至所述虚拟机。The virtual forwarding device is configured to decapsulate the second overlay message to obtain the first service request message, and send the first service request message to the virtual machine.
根据权利要求6所述的***，其特征在于，所述虚拟转发设备为虚拟交换机，所述虚拟机关联的公网IP地址为与所述虚拟机绑定的公网IP地址。The system according to claim 6, wherein the virtual forwarding device is a virtual switch, and the public network IP address associated with the virtual machine is a public network IP address bound to the virtual machine.
根据权利要求6所述的***，其特征在于，所述虚拟转发设备为负载均衡器，所述负载均衡器为所述虚拟机提供负载均衡服务，所述虚拟机关联的公网IP地址为与所述负载均衡器绑定的公网IP地址。The system according to claim 6, wherein the virtual forwarding device is a load balancer, the load balancer provides load balancing services for the virtual machine, and the public network IP address associated with the virtual machine is The public network IP address bound to the load balancer.
根据权利要求6至8任一项所述的***，其特征在于，The system according to any one of claims 6 to 8, wherein:

所述透明加速网关还用于获取所述第一叠加报文携带的所述远端加速网关的IP地址；The transparent acceleration gateway is further configured to obtain the IP address of the remote acceleration gateway carried in the first superimposed message;

所述透明加速网关还用于获取所述第一业务请求报文的源地址，其中，所述第一业务请求报文的源地址是所述客户端的IP地址；The transparent acceleration gateway is further configured to obtain the source address of the first service request message, where the source address of the first service request message is the IP address of the client;

所述透明加速网关还用于记录所述远端加速网关的IP地址以及客户端的IP地址的对应关系。The transparent acceleration gateway is also used to record the correspondence between the IP address of the remote acceleration gateway and the IP address of the client.
根据权利要求9所述的***，其特征在于，The system according to claim 9, wherein:

所述虚拟转发设备还用于接收所述虚拟机根据所述第一业务请求报文发送的第一业务响应报文，对所述第一业务响应报文进行封装以产生第三叠加报文，将所述第三叠加报文发送至所述透明加速网关，所述第一业务响应报文的源地址是所述虚拟机关联的公网IP地址，目的地址是所述客户端的IP地址；The virtual forwarding device is further configured to receive a first service response message sent by the virtual machine according to the first service request message, and encapsulate the first service response message to generate a third overlay message, Sending the third overlay message to the transparent acceleration gateway, the source address of the first service response message is the public network IP address associated with the virtual machine, and the destination address is the IP address of the client;

所述透明加速网关还用于对所述第三叠加报文解封装以获取所述第一业务响应报文，根据所述第一业务响应报文的目的IP地址，从所述对应关系获取所述远端加速网关的IP地址，对所述第一业务响应报文进行封装以产生第四叠加报文，根据所述远端加速网关的IP地址将所述第四叠加报文发送至所述远端加速网关。The transparent acceleration gateway is further configured to decapsulate the third superimposed message to obtain the first service response message, and obtain all data from the corresponding relationship according to the destination IP address of the first service response message. The IP address of the remote acceleration gateway encapsulates the first service response message to generate a fourth overlay message, and sends the fourth overlay message to the remote acceleration gateway according to the IP address of the remote acceleration gateway Remote acceleration gateway.