WO2021073565A1 - Procédé et système de fourniture de service - Google Patents

Procédé et système de fourniture de service Download PDF

Info

Publication number
WO2021073565A1
WO2021073565A1 PCT/CN2020/121093 CN2020121093W WO2021073565A1 WO 2021073565 A1 WO2021073565 A1 WO 2021073565A1 CN 2020121093 W CN2020121093 W CN 2020121093W WO 2021073565 A1 WO2021073565 A1 WO 2021073565A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
message
gateway
acceleration gateway
service request
Prior art date
Application number
PCT/CN2020/121093
Other languages
English (en)
Chinese (zh)
Inventor
伍孝敏
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021073565A1 publication Critical patent/WO2021073565A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • This application relates to the field of communication technology, and in particular to a method and system for providing business services.
  • the user can access the cloud service provider through the client to request the cloud service provider to provide cloud services to the client, and the cloud service provider can provide cloud services to the client according to the client's request.
  • the process of a client requesting a cloud service provider to provide cloud services is as follows: the client sends a service request message to the remote acceleration gateway, and the remote acceleration gateway first requests the service after receiving the service request message
  • the message performs source/destination network address translation (full network address translation, FullNAT), that is, the source address and destination address of the service request message are translated, and then the service request message after the address translation is passed through the global backbone
  • the network is sent to the cloud service provider to request the cloud service provider to provide cloud services to the client through the business request message.
  • the process for the cloud service provider to provide the cloud service requested by the service request message to the client is as follows: the cloud service provider sends a service response message for the service request message to the remote acceleration gateway through the global backbone network.
  • the end acceleration gateway first performs source/destination network address conversion on the service response message, and then sends the service response message after the address conversion to the client, so that the client can use the service request The cloud service requested by the message.
  • the present application provides a business service providing method and system, which can solve the problem that it is difficult for current virtual machines to know the source address of the request message.
  • a business service provision method is provided.
  • the business service provision method is applied to a business service provision system.
  • the business service provision system includes a transparent acceleration gateway, a virtual forwarding device, and a virtual machine.
  • the method includes: the transparent acceleration gateway receives a first superimposed message sent by a remote acceleration gateway, the first superimposed message encapsulates a first service request message, and the source Internet Protocol IP address of the first service request message Is the client's IP address, the destination IP address is the public network IP address associated with the virtual machine, the first overlay message carries the IP address of the remote acceleration gateway;
  • the transparent acceleration gateway decapsulates the first overlay message to obtain the first service Request message, encapsulate the first service request message to generate a second overlay message, send the second overlay message to the virtual forwarding device, and the transparent acceleration gateway establishes the IP address of the remote acceleration gateway and the IP address of the client
  • the virtual forwarding device decapsulates the second overlay message to obtain the first service request message, and sends the first service request message
  • the service request message sent to the virtual machine is not translated.
  • the source IP address of the message is still the client's IP address, so that the virtual machine can learn the source IP address of the service request message it receives, and the source address of the service request message is transparently transmitted.
  • the source IP address performs statistical analysis and other functions.
  • the virtual machine can also be other systems or devices that can provide business services, such as containers.
  • the virtual forwarding device is a virtual switch
  • the public network IP address associated with the virtual machine is a public network IP address bound to the virtual machine.
  • the virtual forwarding device is a load balancer
  • the load balancer provides a load balancing service for the virtual machine
  • the public network IP address associated with the virtual machine is the public network IP address bound to the load balancer.
  • the virtual forwarding device is an IPV6 gateway
  • the public IP address associated with the virtual machine is the public IPV6 address of the virtual machine.
  • the virtual forwarding device is a VPN gateway
  • the public network IP address associated with the virtual machine is a public network IP address bound to the VPN gateway.
  • the public network IP address associated with the virtual machine is the public network IP address bound to the NAT gateway.
  • the transparent acceleration gateway establishing the correspondence between the IP address of the remote acceleration gateway and the IP address of the client may include: the transparent acceleration gateway obtains the IP address of the remote acceleration gateway carried in the first overlay message; the transparent acceleration gateway obtains the first The source address of the service request message, where the source address of the first service request message is the IP address of the client; the transparent acceleration gateway records the correspondence between the IP address of the remote acceleration gateway and the IP address of the client.
  • the transparent acceleration gateway records the corresponding relationship between the client's IP address and the remote acceleration gateway's IP address carried in the first superimposed packet, and when returning to the source, the corresponding relationship can be inquired to determine that the service response packet is sent to this
  • the remote end of the client accelerates the gateway to ensure the process of returning to the source.
  • the corresponding relationship may also be the corresponding relationship between the IP address of the client and the two-tuple, three-tuple, four-tuple, or five-tuple including the source IP address of the first service request message.
  • the corresponding relationship may also be the corresponding relationship between the client's IP address, the network identifier, and the two-tuple, three-tuple, four-tuple, or five-tuple including the source IP address of the first service request message.
  • the network identifier refers to the network identifier of the overlay network used when the overlay message encapsulated with the first service request message is transmitted.
  • the network identifier needs to be manually set manually.
  • the address learning can be performed.
  • the established correspondence makes it possible to automatically determine the network identifier of the overlay network used to send the overlay message whose destination IP address is the source IP address of the first service request message, that is, to realize the automatic configuration of the network identifier, The manual intervention in the configuration process of the network identifier can be reduced, and the transmission efficiency and accuracy of the superimposed message can be improved.
  • the method further includes: the virtual forwarding device receives the first service response message sent by the virtual machine according to the first service request message, and responds to the first service request message.
  • the service response message is encapsulated to generate a third overlay message, and the third overlay message is sent to the transparent acceleration gateway.
  • the source address of the first service response message is the public IP address associated with the virtual machine, and the destination address is the client's IP address; the transparent acceleration gateway decapsulates the third overlay message to obtain the first service response message, and obtains the IP address of the remote acceleration gateway from the corresponding relationship according to the destination IP address of the first service response message.
  • the service response message is encapsulated to generate a fourth superimposed message, and the fourth superimposed message is sent to the remote acceleration gateway according to the IP address of the remote acceleration gateway.
  • This process is the downlink process from the virtual machine sending the service response message according to the service request message to sending it to the client.
  • the transparent acceleration gateway records the acceleration IP address of the remote acceleration gateway and the client's acceleration during the uplink process.
  • the corresponding relationship of the IP address is queried in the downlink process to obtain the tunnel endpoint IP address of the remote acceleration gateway, so that the transparent acceleration gateway can send the fourth superimposed packet to the tunnel endpoint IP address of the remote acceleration gateway
  • the remote acceleration gateway sends the first service response message for the first service request message to the client through the remote acceleration gateway, so as to realize the return of the first service response message to the source.
  • a business service provision system in a second aspect, includes a transparent acceleration gateway, a virtual forwarding device, and a virtual machine, and the virtual machine is used to provide business services to clients.
  • the transparent acceleration gateway is used to receive the first superimposed message sent by the remote acceleration gateway.
  • the first superimposed message encapsulates the first service request message.
  • the source Internet Protocol IP address of the first service request message is the IP address of the client.
  • the destination IP address is the public network IP address associated with the virtual machine, and the first overlay message carries the IP address of the remote acceleration gateway; the transparent acceleration gateway is used to decapsulate the first overlay message to obtain the first service Request message, encapsulate the first service request message to generate a second overlay message, send the second overlay message to the virtual forwarding device, and the transparent acceleration gateway establishes the IP address of the remote acceleration gateway and the IP address of the client Correspondence; the virtual forwarding device is used to decapsulate the second overlay message to obtain the first service request message, and send the first service request message to the virtual machine.
  • the virtual machine can also be other systems or devices that can provide business services, such as containers.
  • the virtual forwarding device is a virtual switch
  • the public network IP address associated with the virtual machine is a public network IP address bound to the virtual machine.
  • the virtual forwarding device is a load balancer
  • the load balancer provides a load balancing service for the virtual machine
  • the public network IP address associated with the virtual machine is the public network IP address bound to the load balancer.
  • the virtual forwarding device is an IPV6 gateway
  • the public IP address associated with the virtual machine is the public IPV6 address of the virtual machine.
  • the virtual forwarding device is a VPN gateway
  • the public network IP address associated with the virtual machine is a public network IP address bound to the VPN gateway.
  • the public network IP address associated with the virtual machine is the public network IP address bound to the NAT gateway.
  • the transparent acceleration gateway is also used to obtain the IP address of the remote acceleration gateway carried in the first superimposed packet; the transparent acceleration gateway is also used to obtain the source address of the first service request packet, where the first service request packet
  • the source address of the text is the IP address of the client; the transparent acceleration gateway is also used to record the correspondence between the IP address of the remote acceleration gateway and the IP address of the client.
  • the virtual forwarding device is further configured to receive the first service response message sent by the virtual machine according to the first service request message, encapsulate the first service response message to generate a third superimposed message, and superimpose the third superimposed message.
  • the message is sent to the transparent acceleration gateway, the source address of the first service response message is the public network IP address associated with the virtual machine, and the destination address is the IP address of the client; the transparent acceleration gateway is also used to decapsulate the third overlay message to Obtain the first service response message, obtain the IP address of the remote acceleration gateway from the corresponding relationship according to the destination IP address of the first service response message, and encapsulate the first service response message to generate a fourth overlay message, according to The IP address of the remote acceleration gateway sends the fourth overlay message to the remote acceleration gateway.
  • a first computer device in a third aspect, a first computer device is provided, and a transparent acceleration gateway can be deployed in the first computer device.
  • the first computer device includes a first processor and a first memory; the first memory stores a computer program; When the first processor executes the computer program, the first computer device implements the functions implemented by the transparent acceleration gateway in the business service providing method in the embodiment of the present application.
  • a second computer device in a fourth aspect, a virtual forwarding device and a virtual machine can be deployed in the second computer device, the second computer device includes a second processor and a second memory; the second memory stores a computer Program; when the second processor executes the computer program, the second computer device implements the functions implemented by the virtual forwarding device in the business service providing method in the embodiment of the present application.
  • a third computer device in a fifth aspect, is provided, and a remote acceleration gateway can be deployed in the third computer device.
  • the third computer device includes a third processor and a third memory; the third memory stores a computer program; When the third processor executes the computer program, the third computer device implements the functions implemented by the remote acceleration gateway in the business service providing method in the embodiment of the present application.
  • a first storage medium is provided.
  • the instructions in the first storage medium are executed by the processor, the functions implemented by the transparent acceleration gateway in the business service provision method in the embodiment of the present application are realized.
  • a second storage medium is provided.
  • the instructions in the second storage medium are executed by the processor, the functions implemented by the virtual forwarding device in the business service providing method in the embodiment of the present application are realized.
  • a third storage medium is provided.
  • the instructions in the third storage medium are executed by the processor, the functions implemented by the remote acceleration gateway in the business service providing method in the embodiment of the present application are realized.
  • a first computer program product containing instructions is provided.
  • the computer executes the functions implemented by the transparent acceleration gateway in the business service providing method in the embodiments of the present application.
  • a second computer program product containing instructions is provided.
  • the computer executes the functions implemented by the virtual forwarding device in the business service providing method in the embodiments of the present application.
  • a third computer program product containing instructions is provided.
  • the computer executes the functions implemented by the remote acceleration gateway in the business service providing method in the embodiments of this application.
  • FIG. 1 is a schematic diagram of an application scenario involved in a method for providing a business service provided by an embodiment of the present application
  • Figure 2 is a schematic diagram of an application scenario involved in another business service provision method provided by an embodiment of the present application
  • FIG. 3 is a schematic diagram of an application scenario involved in another method for providing a business service provided by an embodiment of the present application
  • FIG. 4 is a flowchart of a method for providing business services provided by an embodiment of the present application.
  • FIG. 5 is a schematic diagram of the structure of a VXLAN message provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a filling head provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of another VXLAN message provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of another VXLAN message provided by an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a variable length option field provided by an embodiment of the present application.
  • FIG. 10 is a flowchart of another business service providing method provided by an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of a first computer device provided by an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram of a second computer device provided by an embodiment of the present application.
  • FIG. 13 is a schematic structural diagram of a third computer device provided by an embodiment of the present application.
  • An overlay network (also called an overlay network) is a virtual network that runs on one or more existing networks and can provide specific additional functions.
  • the overlay network encapsulates the message to be transmitted to obtain the overlay message, transmits the overlay message through the tunnel of the overlay network, and after the overlay message is transmitted to the tunnel endpoint, the tunnel endpoint decapsulates the overlay message and encapsulates it
  • the message to be transmitted in the inner layer of the superimposed message is sent to the virtual machine and other instances to realize the transmission of the message to be transmitted.
  • VXLAN virtual extensible local area network
  • UDP user datagram protocol
  • IP Internet protocol
  • MAC media access control
  • VXLAN is a layer 2 interconnection method that encapsulates layer 2 packets into a layer 3 network and provides distributed users with a layer 2 interconnection method, which can provide business isolation for different tenants.
  • VXLAN technology has been widely used.
  • the backbone network is a high-speed network used to connect multiple regions or regions. Each backbone network has at least one connection point for interconnection with other backbone networks. Different network providers usually have their own backbone networks to connect their networks in different regions. For cloud operators, in order to better serve users, they usually build their own global backbone networks.
  • Network service provision point in a computer network, POP is located outside the edge of the corporate network and is the entry point for accessing the corporate network. Services provided by the outside world enter through POP. These services include Internet access, wide area connections, and telephone services.
  • POPs provide links to external services and sites. POPs can be directly connected to one or more Internet service providers (ISPs), so that internal users can access the Internet through these links.
  • ISPs Internet service providers
  • the remote sites of the enterprise are also connected together through POP, and the wide area link between these remote sites is established by the service provider.
  • ISPs Internet service providers
  • POP is a point of entry that connects the Internet from one place to another.
  • the acceleration gateway (also called accelerator) is deployed in the cloud operator POP, so that Internet users can access the cloud operator's backbone network nearby, and reach the back-end service through the cloud operator's backbone network.
  • the acceleration gateway deployed at the POP point may use anycast transmission mode or unicast transmission mode to send the message.
  • Anycast transmission (also called anycast transmission or anycast transmission, anycast), in this embodiment of the application refers to the acceleration gateways of different POP points of cloud operators to publish the same acceleration IP in anycast mode to the Internet, so that Internet users in different regions A certain POP of the cloud operator can be reached nearby.
  • Unicast transmission is a transmission method in which a separate data channel is established between the client and the server, so that each data packet sent from a server can only be transmitted to one client.
  • Network address translation (NAT) technology refers to a technology that performs address translation on at least one of the destination IP address and source IP address of a message to be sent by replacing the address information in the header of an IP message.
  • NAT technology may include: destination network address translation (DNAT) technology, source network address translation (SNAT) technology, and source/destination network address translation (full network address translation, FullNAT).
  • DNAT destination network address translation
  • SNAT source network address translation
  • FullNAT full network address translation
  • Border gateway refers to the border area of a region (reigon), and the corresponding public network message is sent to the corresponding instance gateway bound to EIP through the border gateway, such as elastic load balancer, virtual switch Wait.
  • the Elastic Internet Protocol (EIP) address refers to the IP address used by the computer equipment in the private network to access the public network.
  • Elastic Load Balance refers to a device that automatically distributes business access messages to multiple computer devices to expand the ability of external services and avoid performance degradation caused by a large load on a single node Or the node crashes, eliminating the single point of failure.
  • a virtual switch (also called a virtual network switch, Virtual switch, vSwitch) runs on a virtualization platform, and provides layer 2 network access and part of layer 3 network functions for virtual machines (VM) through software.
  • the vSwitch connects to the external network through the physical network card on the physical host as an uplink.
  • Virtual machine refers to a complete computer system with complete hardware system functions that is simulated through virtualization technology and runs in a completely isolated environment. Part of a subset of instructions of the virtual machine can be processed in the host machine, and other parts of the instructions can be executed in an emulated manner. Users can purchase cloud services in the form of renting virtual machines.
  • the virtual machine in the embodiment of the present application may be an elastic cloud server (Elastic Compute Service, ECS).
  • ECS Elastic Compute Service
  • An elastic cloud server is a cloud server that can be obtained at any time and can be elastically scaled.
  • ECS can eliminate the pre-preparation of purchasing IT hardware, and use servers as convenient and efficient as using public resources such as water, electricity, natural gas, etc., and realize the out-of-the-box and elastic scaling of computing resources.
  • Elastic scaling means that server resources such as CPU, memory, and bandwidth can be configured according to business needs.
  • Virtual private network refers to the establishment of a private network on a public network (ie, public network) for encrypted communication.
  • IPv6 Internet Protocol Version 6
  • IETF Internet Engineering Task Force
  • the gateway involved in the embodiment of the present application may be deployed in a virtual machine or a physical server, which is not specifically limited in the embodiment of the present application.
  • the embodiment of the application provides a method for providing a service service.
  • the service request message sent by the client is converted to the destination address through the remote acceleration gateway, and the service request message after the destination address conversion is encapsulated, and the encapsulated service request message is encapsulated.
  • the service request message is sent to the transparent acceleration gateway where the virtual machine is located, and then the encapsulated service request message is sent to the virtual forwarding device through the transparent acceleration gateway, and the service request message is sent to the virtual machine through the virtual forwarding device.
  • the source address of the service request message sent to the virtual machine is still the client's source address.
  • the address enables the virtual machine to learn the source IP address of the service request message it receives, and realizes the transparent transmission of the source address of the service request message. Therefore, it is convenient for the virtual machine to implement functions such as statistical analysis based on the source address.
  • FIG. 1 is a schematic diagram of an application scenario involved in a method for providing a business service provided by an embodiment of the application.
  • the application scenario includes: a client 10, a remote acceleration gateway 20, and a business service providing system.
  • the business service providing system may include: a transparent acceleration gateway 30, a virtual forwarding device, and a virtual machine 50.
  • the virtual machine 50 is used to provide business services to the client 10.
  • one or more transparent acceleration gateways may be deployed.
  • multiple transparent acceleration gateways may not be deployed in the application scenario, and multiple transparent acceleration gateways may be deployed in the application scenario.
  • the virtual forwarding devices are respectively connected to different transparent acceleration gateways.
  • Figure 1 is a schematic diagram of a transparent acceleration gateway deployed in an application scenario.
  • the remote acceleration gateway 20 and the business service providing system may be connected through a global backbone network, a data center network (DCN), or a data center boundary network, which is not specifically limited in the embodiment of the application .
  • a POP may be deployed outside the edge of the network used to connect the remote acceleration gateway 20 and the business service providing system, and the remote acceleration gateway 20 may be deployed at the POP.
  • the virtual forwarding device may be a virtual switch.
  • 1 is a schematic diagram of the virtual forwarding device being a virtual switch.
  • the business service providing system may include: a transparent acceleration gateway 30, a virtual switch 40, and a virtual machine 50.
  • the remote acceleration gateway 20 can communicate with the transparent acceleration gateway 30 in the business service providing system, the transparent acceleration gateway 30 can communicate with the virtual switch 40, and the virtual switch 40 can receive the transparent acceleration gateway 30. And send the message to the virtual machine 50, or the virtual switch 40 may send the message sent by the virtual machine 50 to the transparent acceleration gateway 30.
  • the virtual machine 50 may also be another system or device capable of providing business services, such as a container, which is not specifically limited in the embodiment of the present application.
  • the virtual forwarding device may be an elastic load balancer.
  • FIG. 2 is a schematic diagram of a virtual forwarding device as an elastic load balancer.
  • the business service providing system may include: a transparent acceleration gateway 30, an elastic load balancer 60 and multiple virtual machines 50.
  • the remote acceleration gateway 20 can communicate with the transparent acceleration gateway 30 in the business service providing system, the transparent acceleration gateway 30 can communicate with the elastic load balancer 60, and the elastic load balancer 60 can connect The received service is distributed to multiple virtual machines 50, or the elastic load balancer 60 may send the message sent by the virtual machine 50 to the transparent acceleration gateway 30.
  • the virtual forwarding device may also be: a NAT gateway, a VPN gateway, or a gateway that uses the IPv6 protocol for transmission (hereinafter referred to as an IPV6 gateway), etc.
  • IPV6 gateway a gateway that uses the IPv6 protocol for transmission
  • At least one other gateway may be deployed between the transparent acceleration gateway and the virtual forwarding device.
  • the transparent acceleration gateway may communicate with the virtual forwarding device through the at least one other gateway.
  • the business service system may further include: one other gateway 70 deployed between the transparent acceleration gateway 30 and the virtual forwarding device, and the transparent acceleration gateway 30 passes through This other gateway 70 communicates with the virtual switch 40.
  • one of the other gateways may be a border gateway.
  • the service provision method includes the uplink process from the client sending the service request message to the virtual machine, and the virtual machine from sending the service response message according to the service request message to the downlink process from sending it to the client, respectively.
  • the uplink process and downlink process of the business service provision method are described.
  • the uplink process of the business service providing method may include the following steps:
  • Step 401 The remote acceleration gateway receives a second service request message sent by the client.
  • the source IP address of the second service request message is the IP address of the client, and the destination IP address is the acceleration IP address of the remote acceleration gateway.
  • the IP address of the remote acceleration gateway that the user can access can be pre-associated with the virtual machine (for easy distinction, the IP address of the remote acceleration gateway that the user can access is referred to as the acceleration IP address of the remote acceleration gateway in this article) and the virtual machine
  • the public network IP binding allows the client to access the virtual machine by accessing the acceleration IP address of the remote acceleration gateway.
  • a second service request message can be sent to the remote acceleration gateway to request the virtual machine to provide business services to the client through the second business request message.
  • the destination IP address of the second service request message is the acceleration IP address of the remote acceleration gateway, and the source IP address of the second service request message is the IP address of the client.
  • the network can route the second service request message according to the destination IP address of the second service request message, and send the second service request message to the remote End acceleration gateway, and send the second service request message to the virtual machine pointed to by the public network IP associated with the virtual machine bound to its acceleration IP address through the remote acceleration gateway (for ease of description, the following are abbreviated as virtual machine ), so as to realize the client's access to the virtual machine.
  • the client can send a second service request message to the remote acceleration gateway to access the virtual machine in the data center through the remote acceleration gateway to request the virtual machine to provide the client with the data center Resources in.
  • the destination IP address of the second service request message is the acceleration IP address of the remote acceleration gateway
  • the source IP address of the second service request message is the IP address of the client
  • the source of the second service request message The port is the client port.
  • Step 402 The remote acceleration gateway performs destination address conversion on the second service request message to generate a first service request message, where the source IP address of the first service request message is the client's IP address, and the destination IP address is The public IP address associated with the virtual machine.
  • the client By binding the acceleration IP address of the remote acceleration gateway with the public network IP address associated with the virtual machine, the client can access the virtual machine by accessing the remote acceleration gateway. Therefore, when the remote acceleration gateway receives In the service request message, it can be determined that the service request message requests the virtual machine to provide business services to the client. Correspondingly, when the remote acceleration gateway receives the second service request message, it can perform destination address conversion on the second service request message to generate the first service request message, and the value of the first service request message
  • the source IP address is the IP address of the client, and the destination IP address is the public IP address associated with the virtual machine. It should be noted that before and after the destination address conversion, the source port of the first service request message has not changed compared with the source port of the second service request message, and is still the client port.
  • the conversion strategy when the remote acceleration gateway performs destination address conversion on the received service request message can be determined according to the binding relationship between the acceleration IP address of the remote acceleration gateway and the public network IP associated with the virtual machine. For example, when the acceleration IP address of the remote acceleration gateway is bound to the public network IP associated with virtual machine 1, the remote acceleration gateway can convert the destination IP address of the received service request message to the public network associated with virtual machine 1. IP address. When the acceleration IP address of the remote acceleration gateway is bound to the public network IP associated with virtual machine 2, the remote acceleration gateway can convert the destination IP address of the received service request message to the public network IP address associated with virtual machine 2 .
  • the acceleration IP address of the remote acceleration gateway can also be bound to the public network IP addresses associated with multiple virtual machines.
  • the service request message sent by the client will carry indication information used to indicate the public network IP addresses associated with different virtual machines.
  • the remote acceleration gateway receives the service request message sent by the client, it will follow The service request message carries the indication information used to indicate the public network IP addresses associated with different virtual machines, and converts the destination IP address of the service request message to the public network IP address associated with the virtual machine indicated by the indication information .
  • the public IP address associated with the virtual machine refers to the public IP address of the device capable of sending packets to the virtual machine.
  • the virtual forwarding device is a virtual switch
  • the public network IP address associated with the virtual machine is the public network IP address bound to the virtual machine.
  • the destination IP address of the message is the public network IP address bound to the virtual machine
  • the message can be sent to the virtual machine indicated by the public network IP address through the virtual switch.
  • the virtual forwarding device is a load balancer
  • the public IP address associated with the virtual machine is the public IP address bound to the load balancer.
  • the message can be sent to the load balancer indicated by the public IP address, and the load balancer provided by the load balancer The service sends the message to the virtual machine that can provide the service.
  • the virtual forwarding device is an IPV6 gateway
  • the public IP address associated with the virtual machine is the public IPV6 address of the virtual machine.
  • the message can be sent to the virtual machine indicated by the public IPV6 address through the IPV6 gateway.
  • the virtual forwarding device is a VPN gateway
  • the public IP address associated with the virtual machine is the public IP address bound to the VPN gateway.
  • the message can be sent to the VPN gateway, and the message can be sent to the virtual machine indicated by the message through the VPN gateway .
  • the virtual forwarding device is a NAT gateway
  • the public IP address associated with the virtual machine is the public IP address bound to the NAT gateway.
  • the message can be sent to the NAT gateway, and the message can be sent to the corresponding virtual machine through the NAT gateway.
  • Step 403 The remote acceleration gateway determines the transparent acceleration gateway where the virtual machine is located according to the routing information pointing to the public network IP address associated with the virtual machine.
  • the routing information when sending packets between the remote acceleration gateway and the virtual machine is also determined, and the routing information is used to indicate the remote The path for sending packets between the end acceleration gateway and the virtual machine.
  • the remote acceleration gateway can query the routing information pointing to the public IP address associated with the virtual machine to determine the intermediate device that the remote acceleration gateway needs to pass through in the process of sending the first service request message to the virtual machine, and send the remote acceleration gateway to the virtual machine.
  • the first service request message received by the end acceleration gateway is sent to the intermediate device (that is, the next hop device) that is logically closest to the remote acceleration gateway in the path, so that the first service request message is reported by the next hop device.
  • the document is forwarded to the virtual machine.
  • the devices that need to pass through the remote acceleration gateway to send the first service request message to the virtual machine are: remote acceleration gateway, transparent acceleration gateway, and virtual forwarding.
  • Devices and virtual machines, that is, the routing path for sending the first service request message to the virtual machine through the remote acceleration gateway is: remote acceleration gateway--transparent acceleration gateway--virtual forwarding device--virtual machine.
  • the transparent acceleration gateway may be referred to as the transparent acceleration gateway where the virtual machine is located.
  • Step 404 The remote acceleration gateway encapsulates the first service request message according to the IP address of the transparent acceleration gateway where the virtual machine is located to generate a first overlay message, where the first overlay message carries the remote acceleration gateway The IP address of the tunnel endpoint.
  • the next hop device is the transparent acceleration gateway
  • the endpoints of the tunnel used to transmit the first overlay message are the remote acceleration gateway and the transparent acceleration gateway, respectively .
  • the first service request message may be encapsulated according to the first tunnel information including the address of the remote acceleration gateway and the address of the transparent acceleration gateway to generate a first overlay report Text.
  • the outer destination IP address of the first overlay message is the IP address of the transparent acceleration gateway
  • the outer source IP address is the tunnel endpoint IP address of the remote acceleration gateway
  • the inner destination IP address is the public network IP address associated with the virtual machine
  • the inner source IP address is the client's IP address.
  • the remote acceleration gateway encapsulates the first service request message according to the first tunnel information
  • the implementation manner of generating the first superimposed message includes: adding a first tunnel header to the first service request message and adding the first tunnel header to the first service request message
  • a tunnel information is filled in the first tunnel header to obtain a first superimposed message including the first tunnel header and the first service request message.
  • the first tunnel information includes: the tunnel endpoint IP address of the remote acceleration gateway, the IP address of the border gateway, and the identifier of the tunnel used by the remote acceleration gateway and the transparent acceleration gateway.
  • the first superimposed message may be a VXLAN message or another type of superimposed message.
  • the first tunnel information includes: the VXLAN tunnel end points (VTEP) IP address of the remote acceleration gateway, the VTEP IP address of the transparent acceleration gateway, and The identifier of the VXLAN tunnel used by the remote acceleration gateway and the transparent acceleration gateway.
  • VTEP VXLAN tunnel end points
  • the IP address of the transparent acceleration gateway mentioned in this article is the tunnel endpoint IP address of the transparent acceleration gateway
  • the IP address of the virtual forwarding device is the tunnel endpoint IP address of the virtual forwarding device.
  • the IP addresses are all tunnel endpoint IP addresses of other gateways, and this embodiment of the application does not make a distinction.
  • the outer source IP address of the outer layer of the first overlay message is the tunnel endpoint IP address of the remote acceleration gateway, it can be considered that the first overlay message carries the tunnel endpoint IP of the remote acceleration gateway. address.
  • the tunnel endpoint IP address of the remote acceleration gateway is the IP address used to indicate the tunnel endpoint in the IP address of the remote acceleration gateway.
  • the tunnel endpoint IP address of the remote acceleration gateway may be used as the outer source IP address of the outer packet of the first overlay message, so as to implement the carrying of the tunnel endpoint IP address of the remote acceleration gateway.
  • the tunnel endpoint IP address of the remote acceleration gateway is carried in the extension field in the first tunnel header of the first superimposed message, so as to carry the tunnel endpoint IP address of the remote acceleration gateway.
  • the first superimposed packet is a VXLAN packet
  • the VXLAN protocols used are VXLAN generic protocol extension (gpe) protocol (ie VXLAN gpe protocol) and VXLAN generic network virtualization encapsulation (geneve)
  • the protocol that is, the VXLAN nvo3-geneve protocol
  • the VXLAN nvo3-geneve protocol is taken as an example to describe the implementation of carrying the VXLAN IP address of the remote acceleration gateway in the extension field in the first tunnel header of the first superimposed message.
  • the first tunnel header in the VXLAN message is a gpe header, and the gpe header carries a shim header.
  • the VXLAN message includes the following parts: the first service request message, the gpe header carrying the padding header, the UDP header, the outer IP header, and the outer MAC header.
  • the gpe header carrying the padding header is encapsulated outside the first service request message so that the first service request message is transmitted as a VXLAN message.
  • the gpe header carrying the padding header and the first service request message are encapsulated with a UDP header, so that the gpe header carrying the padding header and the first service request message are transmitted as UDP data.
  • the UDP header encapsulates the outer IP header.
  • the outer MAC header is encapsulated outside the outer IP header.
  • the VXLAN IP address of the remote acceleration gateway can be carried in the padding header.
  • the outer MAC header includes a destination MAC address field, a source MAC address field, a VLAN type field, a VLAN tag field, and an Ethernet type field.
  • the outer IP header includes the misc data field, protocol field, header checksum field, outer destination IP address field, and outer source IP address field of the IP header.
  • the outer source IP address carried in the outer source IP address field is the VTEP IP address as the source, and the outer destination IP address carried in the outer destination IP address field is the VTEP IP address as the destination.
  • the UDP header includes a UDP source port field, a UDP destination port (also called a VXLAN port) field, a UDP length field, and a checksum field.
  • the gpe header includes a VXLAN flag field, a reserved field 1, a next protocol field (next protocol), a VXLAN network identifier (VXLAN network identifier, VNI) field, and a reserved field 2.
  • the next protocol field of the VXLAN gpe header of the first superimposed message may be used to indicate whether the VXLAN message carries the VTEP IP address of the remote acceleration gateway. For example, when the next protocol field is set to OxE1, it means that it carries the VTEP IP address of the remote acceleration gateway. At this time, the VTEP IP address of the remote acceleration gateway may be carried in the shim header of the first superimposed message.
  • the padding header may be 8 bytes, which includes: 8-bit type field (type), 8-bit length field (length), 8-bit reserved field 3 (reserved3), 8-bit The next protocol field (next protocol) and a 32-bit protocol specific field (Protocol specific field).
  • the content carried in the protocol special field is the VTEP IP address of the remote acceleration gateway.
  • the type field in the padding header can be set to indicate the operation that the gateway that receives the message needs to perform. For example, when the type field is set to X1, it means that the gateway of the received message needs to establish a correspondence between addresses (that is, address learning).
  • the gateway of the received message directly forwards it according to the extension field.
  • the values of X1 and Y1 can be determined according to application requirements, for example, the value of X1 is 1, and the value of Y1 is 2.
  • the VXLAN header can be the geneve header.
  • the difference between the geneve header and the gpe header is that the geneve header does not carry a padding header, and the geneve header includes a variable length options field (variable length options).
  • the geneve header includes: a 2-bit version number field (ver), a 6-bit optional length field (Opt Len), and a 1-bit operation administration and maintenance (OAM) frame field.
  • the VTEP IP address of the remote acceleration gateway may be carried in the variable length option field of the first superimposed message.
  • variable-length option field is 8 bytes, which includes: a 16-bit option class field, an 8-bit type field (type), and three 1-bit reserved fields. 6 (reserved6), a 5-bit length field (length), and a 32-bit variable option data field (variable option data).
  • the content carried in the variable option data field is the VTEP IP address of the remote acceleration gateway.
  • the type field in the variable length option field is set to X2
  • the type field in the variable length option field is set to Y2, it means that the gateway of the received message directly forwards it according to the extension field.
  • the values of X2 and Y2 can be determined according to application requirements, for example, the value of X2 is 1, and the value of Y2 is 2.
  • the tunnel endpoint IP address of the remote acceleration gateway in addition to carrying the tunnel endpoint IP address of the remote acceleration gateway through the extension fields of the VXLAN gpe protocol and the VXLAN nvo3-geneve protocol, other extension methods can also be used to make the first tunnel header of the first superimposed packet
  • the part (or the extension field of the first tunnel header) carries the tunnel endpoint IP address of the remote acceleration gateway, and the carried tunnel endpoint IP address of the remote acceleration gateway can be applicable to both IPV4 and IPV6, The embodiments of this application do not specifically limit it.
  • Step 405 The remote acceleration gateway sends the first overlay message to the transparent acceleration gateway where the virtual machine is located.
  • the remote acceleration gateway can send the first overlay message to the virtual machine through the connection network between the remote acceleration gateway and the transparent acceleration gateway where the virtual machine is located.
  • the transparent acceleration gateway may be a global backbone network, a data center network, or a data center boundary network, etc.
  • Step 406 The transparent acceleration gateway decapsulates the first overlay message to obtain the first service request message and the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message.
  • the transparent acceleration gateway may decapsulate the first overlay message to obtain the first service request message located in the inner layer of the first overlay message, and the first overlay message
  • the tunnel endpoint IP address of the remote acceleration gateway carried in the text so that after receiving the service response message for the first service request message, the service response message is sent according to the tunnel endpoint IP address of the remote acceleration gateway To the remote acceleration gateway, so that the remote acceleration gateway sends the service response message to the client.
  • the implementation manner of decapsulating the first superimposed message may include: stripping the first tunnel information in the first superimposed message.
  • Step 407 The transparent acceleration gateway obtains the source IP address of the first service request message, and records the correspondence between the tunnel endpoint IP address of the remote acceleration gateway and the source IP address of the first service request message.
  • the transparent acceleration gateway may also perform address learning according to the first service request message to determine that when sending a service response message for the first service request message to the client, it should The remote acceleration gateway to which the service response message is sent, and the service response message is sent to the client through the remote acceleration gateway, so that the service response message is returned to the source.
  • the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message is used to instruct the client to send the service response message for the first service request message when the service response message is sent to the client
  • the remote acceleration gateway of the client can obtain the source IP address of the first request message, that is, obtain the IP address of the client, and then establish and record the client's IP address and the remote end carried in the first superimposed message
  • the corresponding relationship between the IP address of the tunnel endpoint of the acceleration gateway, so that when returning to the source, the corresponding relationship can be inquired to determine the remote acceleration gateway that sends the service response message to the client.
  • learning can also be performed according to the 2-tuple, triple-tuple, quad-tuple, or quintuple including the source IP address of the first service request message.
  • the embodiment of the present application There is no specific restriction on it.
  • the source IP address and destination IP address of the first service request message can be obtained respectively, and the information carried in the first superimposed message can be obtained.
  • the tunnel endpoint IP address of the remote acceleration gateway and then establish and record the source IP address of the first service request packet, the destination IP address of the first service request packet, and the remote acceleration gateway's IP address carried in the first superimposed packet Correspondence between the IP addresses of the tunnel endpoints.
  • the source IP address and destination of the first service request message can be obtained respectively IP address, source port, destination port, and transport layer protocol used, and obtain the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message, and then establish and record the source IP of the first service request message.
  • the transparent acceleration gateway can obtain the network identifier of the overlay network used when transmitting the overlay message encapsulated with the first service request message.
  • the source IP address of the first service request message and obtain the tunnel endpoint IP address of the remote acceleration gateway carried in the first overlay message, and establish and record the network identifier of the overlay network and the first service request message
  • the corresponding relationship between the source IP address of the remote acceleration gateway and the tunnel endpoint IP address of the remote acceleration gateway is VNI.
  • the address learning can be performed based on the network identifier of the overlay network used when transmitting the first service request message.
  • the established correspondence makes it possible to automatically determine the network identifier of the overlay network used to send the overlay message whose destination IP address is the source IP address of the first service request message, that is, to realize the automatic configuration of the network identifier,
  • the manual intervention in the configuration process of the network identifier can be reduced, and the transmission efficiency and accuracy of the superimposed message can be improved.
  • Step 408 The transparent acceleration gateway determines a virtual forwarding device for sending the first service request message to the virtual machine according to the routing information pointing to the public network IP address associated with the virtual machine.
  • Step 409 The transparent acceleration gateway encapsulates the first service request message according to the IP address of the virtual forwarding device to generate a second overlay message.
  • the second tunnel information may be used to encapsulate the first service request message to generate the second superimposed message.
  • the second tunnel information includes: the IP address of the transparent acceleration gateway, the IP address of the virtual forwarding device, and the identifier of the tunnel used by the transparent acceleration gateway and the virtual forwarding device.
  • the outer destination IP address of the second overlay message is the IP address of the virtual forwarding device
  • the outer source IP address is the IP address of the transparent acceleration gateway
  • the inner destination IP address is the public network IP address associated with the virtual machine.
  • the source IP address is the IP address of the client, and the second overlay message carries the tunnel endpoint IP address of the remote acceleration gateway.
  • Step 410 The transparent acceleration gateway sends the second overlay message to the virtual forwarding device.
  • the above steps 408 to 410 are that when the virtual forwarding device is the next-hop device that the transparent acceleration gateway sends a message to the public network IP address associated with the virtual machine, the transparent acceleration gateway sends the first service request message Description of the process to the virtual forwarding device.
  • at least one other gateway may be deployed between the transparent acceleration gateway and the virtual forwarding device.
  • the second overlay message sent by the transparent acceleration gateway can be based on the relationship between the transparent acceleration gateway and the virtual forwarding device. The route is sent to the virtual forwarding device hop by hop through the at least one other gateway.
  • the first service request message is also sent in the form of a superimposed message in the hop-by-hop transmission process, that is, when the superimposed message encapsulating the first service request message reaches one other gateway, the other gateway It is also necessary to first decapsulate the superimposed message encapsulating the first service request message to obtain the first service request message, and then encapsulate the first service request message to obtain the first service request message encapsulated And then send the superimposed message to the gateway as the next-hop device until the first service request message is sent to the virtual forwarding device.
  • the tunnel information used when encapsulating the first service request message will change accordingly.
  • the transparent acceleration gateway when another gateway is deployed between the transparent acceleration gateway and the virtual forwarding device, the transparent acceleration gateway sends the first service request message to the virtual forwarding device as follows:
  • the overlay message obtained by encapsulating the IP address and the IP address of the transparent acceleration gateway is sent to the other gateway.
  • the other gateway After receiving the overlay message, the other gateway decapsulates the overlay message to obtain the first service request message, According to the IP address of the virtual forwarding device and the IP address of the other gateway, the first service request message is encapsulated to generate an overlay message, and then the overlay message is sent to the virtual forwarding device.
  • Step 411 The virtual forwarding device decapsulates the second overlay message to obtain the first service request message.
  • Step 412 The virtual forwarding device performs destination address conversion on the first service request message to generate a third service request message, and sends the third service request message to the virtual machine.
  • the virtual forwarding device sends the first service request packet to the virtual machine, it can also perform destination address conversion on the first service request packet, and change the destination address of the first service request packet from The public IP address associated with the virtual machine is converted to the private IP address of the virtual machine, and the first service request message (that is, the third service request message) after the destination address conversion is sent to the virtual machine to facilitate the virtual machine Send a service response message to the client according to the third service request message, so as to achieve the purpose of providing business services to the client.
  • the source port of the third service request message has not changed compared with the source port of the first service request message, and it is the client port.
  • At least one gateway may also be set between the virtual forwarding device and the virtual machine.
  • the service request message may be sent to the virtual machine according to the route.
  • performing a destination address translation operation on the first service request message may be performed by any one of the virtual forwarding device and the at least one gateway.
  • the service request message sent by the client is converted to the destination address through the remote acceleration gateway, the service request message after the destination address conversion is encapsulated, and the encapsulated service request message is encapsulated.
  • the service request message is sent to the transparent acceleration gateway where the virtual machine is located, and then the encapsulated service request message is sent to the virtual forwarding device through the transparent acceleration gateway, and the service request message is sent to the virtual machine through the virtual forwarding device.
  • the source IP address of the service request message is not translated during the process of sending the service request message to the virtual machine, the source IP address of the service request message sent to the virtual machine is still
  • the client's IP address enables the virtual machine to know the source IP address of the service request message it receives, and realizes the transparent transmission of the source address of the service request message. Therefore, it is convenient for the virtual machine to perform statistical analysis based on the source IP address. And other functions.
  • the downlink process of the business service provision method may include the following steps:
  • Step 501 The virtual forwarding device receives a third service response message sent by the virtual machine according to the first service request message.
  • the source IP address of the third service response message is the private network IP address of the virtual machine, and the destination IP address is the client. IP address of the end.
  • the virtual machine may generate a third service response message according to the first service response message sent by the first service request message, and send the third service response message to the virtual forwarding device,
  • the third service response message is sent to the client through the virtual forwarding device to provide business services for the client.
  • the third service response message received by the virtual forwarding device is the third service response message sent by the virtual machine.
  • the process of the virtual machine sending the third service response message to the virtual forwarding device is implemented through routing, and the third service response message received by the virtual forwarding device The message is the third service response message forwarded by the previous hop device of the virtual forwarding device in the routing path.
  • Step 502 The virtual forwarding device performs source address translation on the third service response message to generate the first service response message.
  • the destination IP address and source IP address carried in the message are both public IP addresses, and the virtual machine is located on the private network side, so that the IP address of the virtual machine is not exposed to the public network
  • the virtual forwarding device sends the third service response message to the transparent acceleration gateway, it can also perform source address translation on the third service response message, and assign the source IP address of the third service response message to the virtual machine’s private
  • the network IP address is converted to the public network IP address associated with the virtual machine, and the first service response message is obtained, so that the first service response message can be sent to the transparent acceleration gateway.
  • the source IP address of the first service response message is the public network IP address associated with the virtual machine, and the destination IP address is the IP address of the client. Among them, before and after the source address conversion, the destination port of the first service response message has not changed compared with the destination port of the third service response message, and both are client ports.
  • the operation of performing source address translation on the third service response message can be performed by any one of the virtual forwarding device and the at least one gateway.
  • Step 503 The virtual forwarding device determines a transparent acceleration gateway for sending the first service response message to the client according to the routing information directed to the IP address of the client.
  • step 503 For the implementation process of step 503, please refer to the implementation process of step 403 accordingly.
  • Step 504 The virtual forwarding device encapsulates the first service response message according to the IP address of the transparent acceleration gateway to generate a third overlay message.
  • the third tunnel information used when encapsulating the first service response message to generate the third overlay message includes: the IP address of the virtual forwarding device, the IP address of the transparent acceleration gateway, and the virtual forwarding device and the transparent acceleration gateway The identifier of the tunnel used.
  • the outer destination IP address of the third overlay message is the IP address of the transparent acceleration gateway
  • the outer source IP address is the IP address of the virtual forwarding device
  • the inner destination IP address is the client's IP address
  • the inner source IP address is The public IP address associated with the virtual machine.
  • Step 505 The virtual forwarding device sends the third overlay message to the transparent acceleration gateway.
  • steps 503 to 505 are the process in which the virtual forwarding device sends the first service request message to the transparent acceleration gateway when the transparent acceleration gateway is the next hop device for the virtual forwarding device to send a message to the client.
  • at least one other gateway may be deployed between the transparent acceleration gateway and the virtual forwarding device.
  • the third overlay packet sent by the virtual forwarding device can be based on the transparent acceleration gateway and the virtual forwarding device. The route is sent to the transparent acceleration gateway hop by hop through the at least one other gateway.
  • the first service response message is also sent in the form of a superimposed message during the hop-by-hop transmission process, that is, when the superimposed message encapsulating the first service response message reaches another gateway, the other gateway It is also necessary to first decapsulate the superimposed message encapsulating the first service response message to obtain the first service response message, and then encapsulate the first service response message to obtain the first service response message encapsulated And then send the superimposed message to the gateway as the next-hop device until the first service request message is sent to the transparent acceleration gateway.
  • the tunnel information used when encapsulating the first service response message will change accordingly.
  • the virtual forwarding device when another gateway is deployed between the transparent acceleration gateway and the virtual forwarding device, the virtual forwarding device sends the first service response message to the transparent acceleration gateway:
  • the superimposed message obtained by encapsulating the IP address and the virtual forwarding device IP address is sent to the other gateway.
  • the other gateway After receiving the superimposed message, the other gateway decapsulates the superimposed message to obtain the first service response message, and according to The IP address of the transparent acceleration gateway and the IP address of the other gateways encapsulate the first service response message to generate an overlay message, and then send the overlay message to the transparent acceleration gateway.
  • Step 506 After receiving the third overlay message, the transparent acceleration gateway decapsulates the third overlay message to obtain the first service response message and obtain the destination IP address of the first service response message.
  • the destination IP address of the first service response message is the IP address of the client.
  • step 506 For the implementation process of step 506, please refer to the implementation process of step 406 accordingly.
  • Step 507 The transparent acceleration gateway obtains the tunnel of the remote acceleration gateway from the corresponding relationship between the tunnel endpoint IP address of the remote acceleration gateway and the source IP address of the first service request packet according to the destination IP address of the first service response packet Endpoint IP address.
  • a remote acceleration gateway for sending the first service response message to the client needs to be determined.
  • the corresponding relationship between the tunnel endpoint IP address of the remote acceleration gateway recorded in the uplink process and the source IP address of the first service request message can be queried to obtain Send the first service response message to the tunnel endpoint IP address of the remote acceleration gateway of the client.
  • Step 508 The transparent acceleration gateway encapsulates the first service response message according to the tunnel endpoint IP address of the remote acceleration gateway to generate a fourth overlay message.
  • the transparent acceleration gateway After the transparent acceleration gateway obtains the tunnel endpoint IP address of the remote acceleration gateway, it can directly encapsulate the first service response message according to the tunnel endpoint IP address of the remote acceleration gateway.
  • the fourth tunnel information used when encapsulating the first service response message to generate the fourth overlay message includes: the tunnel endpoint IP address of the remote acceleration gateway, the IP address of the transparent acceleration gateway, and the remote acceleration gateway And the identification of the tunnel used by the transparent acceleration gateway.
  • the outer destination IP address of the fourth overlay message is the tunnel endpoint IP address of the remote acceleration gateway, the outer source IP address is the IP address of the transparent acceleration gateway, the inner destination IP address is the IP address of the client, and the inner source IP address is the IP address of the transparent acceleration gateway.
  • the IP address is the public IP address associated with the virtual machine.
  • Step 509 The transparent acceleration gateway sends the fourth overlay message to the remote acceleration gateway according to the tunnel endpoint IP address of the remote acceleration gateway.
  • Step 510 The remote acceleration gateway decapsulates the fourth overlay message to obtain the first service response message.
  • Step 511 The remote acceleration gateway performs source IP address conversion on the first service response message to generate a second service response message, and sends the second service response message to the client.
  • the source IP address of the packet that the client can receive should be the acceleration IP address of the remote acceleration gateway. Therefore, in order to enable the client After receiving the first service response message, the remote acceleration gateway needs to convert the source IP address of the first service response message, and convert the source IP address of the first service response message from the private network IP address of the virtual machine to the remote end
  • the acceleration IP address of the acceleration gateway obtains the second service response message, and sends the second service response message to the client, so that the client can use the service provided by the second service response. That is, the source IP address of the second service response message is the acceleration IP address of the remote acceleration gateway, and the destination IP address is the IP address of the client.
  • the destination port of the second service response message has not changed compared with the destination port of the first service response message, and both are client ports.
  • the transparent acceleration gateway records the correspondence between the acceleration IP address of the remote acceleration gateway and the IP address of the client during the uplink process, and queries the correspondence during the downlink process to obtain the tunnel endpoint IP of the remote acceleration gateway. Address, so that the transparent acceleration gateway can send the fourth superimposed message to the remote acceleration gateway according to the tunnel endpoint IP address of the remote acceleration gateway, so that the first service of the first service request message can be transferred to the remote acceleration gateway through the remote acceleration gateway.
  • the response message is sent to the client to realize the return to the source of the first service response message.
  • the embodiment of the present application also provides a business service providing system, as shown in Figure 1 or Figure 2, the business service providing system includes a transparent acceleration gateway, a virtual forwarding device, and a virtual machine.
  • the virtual machine is used to provide business services to clients.
  • the business service providing system may further include: at least one other gateway deployed between the transparent acceleration gateway and the virtual forwarding device.
  • the transparent acceleration gateway is used to receive the first superimposed message sent by the remote acceleration gateway, decapsulate the first superimposed message to obtain the first service request message, and encapsulate the first service request message to generate the second Overlay message, send the second overlay message to the virtual forwarding device, the transparent acceleration gateway establishes the correspondence between the IP address of the remote acceleration gateway and the IP address of the client, the first overlay message encapsulates the first service request message,
  • the source Internet Protocol IP address of the first service request message is the client's IP address
  • the destination IP address is the public network IP address associated with the virtual machine;
  • the virtual forwarding device is configured to decapsulate the second overlay message to obtain the first service request message, and send the first service request message to the virtual machine.
  • the virtual machine can also be other systems or devices that can provide business services, such as containers.
  • the virtual forwarding device is a virtual switch
  • the public network IP address associated with the virtual machine is a public network IP address bound to the virtual machine.
  • the virtual forwarding device is a load balancer
  • the load balancer provides a load balancing service for the virtual machine
  • the public network IP address associated with the virtual machine is the public network IP address bound to the load balancer.
  • the virtual forwarding device is an IPV6 gateway
  • the public IP address associated with the virtual machine is the public IPV6 address of the virtual machine.
  • the virtual forwarding device is a VPN gateway
  • the public network IP address associated with the virtual machine is a public network IP address bound to the VPN gateway.
  • the public network IP address associated with the virtual machine is the public network IP address bound to the NAT gateway.
  • the transparent acceleration gateway is also used to obtain the IP address of the remote acceleration gateway carried in the first overlay message, obtain the source address of the first service request message, and record the correspondence between the IP address of the remote acceleration gateway and the IP address of the client Relationship, where the source address of the first service request message is the IP address of the client.
  • the virtual forwarding device is further configured to receive the first service response message sent by the virtual machine according to the first service request message, encapsulate the first service response message to generate a third superimposed message, and superimpose the third superimposed message.
  • the message is sent to the transparent acceleration gateway, the source address of the first service response message is the public network IP address associated with the virtual machine, and the destination address is the IP address of the client;
  • the transparent acceleration gateway is also used to decapsulate the third overlay message to obtain the first service response message, and obtain the IP address of the remote acceleration gateway from the corresponding relationship according to the destination IP address of the first service response message.
  • the first service response message is encapsulated to generate a fourth superimposed message, and the fourth superimposed message is sent to the remote acceleration gateway according to the IP address of the remote acceleration gateway.
  • FIG. 11 exemplarily provides a possible architecture diagram of the first computer device.
  • the first computer device may include a first processor 601, a first memory 602, a first communication interface 603, and a first bus 604.
  • the number of first processors 601 may be one or more, and FIG. 11 only illustrates one of the first processors 601.
  • the first processor 601 may be a central processing unit (Central Processing Unit, CPU). If the first computer device has multiple first processors 601, the types of the multiple first processors 601 may be different or may be the same. Optionally, multiple first processors of the first computer device may also be integrated into a multi-core processor.
  • CPU Central Processing Unit
  • the first memory 602 stores computer instructions and data, and the first memory 602 can store computer instructions and data required to realize the function of the transparent acceleration gateway in the business service providing method provided by the present application.
  • the first memory 602 may be any one or any combination of the following storage media: non-volatile memory (such as Read-Only Memory (ROM), Solid State Disk (SSD)), and hard disk (Read-Only Memory, ROM). Hard Disk Drive, HDD), optical discs, etc., volatile memory.
  • the first communication interface 603 may be any one or any combination of the following devices: a network interface (such as an Ethernet interface), a wireless network card, and other devices with a network access function.
  • the first communication interface 603 is used for data communication between the first computer device and other nodes or other computer devices.
  • FIG. 11 also illustrates the first bus 604 exemplarily.
  • the first bus 604 can connect the first processor 601 with the first memory 602 and the first communication interface 603. In this way, through the first bus 604, the first processor 601 can access the first memory 602, and can also use the first communication interface 603 to perform data interaction with other nodes or other computer devices.
  • the first computer device executes the computer instructions in the first memory 602 to realize the function of the transparent acceleration gateway in the business service provision method provided in this application.
  • the transparent acceleration gateway receives the first overlay message sent by the remote acceleration gateway, and the transparent acceleration gateway reports the first overlay message to the remote acceleration gateway. Decapsulate the text to obtain the first service request message, encapsulate the first service request message to generate a second overlay message, and send the second overlay message to the virtual forwarding device.
  • the first computer device executes the computer instructions in the first memory 602, and the implementation process of the steps executed by the transparent acceleration gateway can be referred to the corresponding description in the foregoing method embodiment.
  • the embodiment of the present application provides a second computer device, and a virtual forwarding device and a virtual machine can be deployed in the second computer device.
  • Fig. 12 exemplarily provides a possible architecture diagram of the second computer device.
  • the second computer device may include a second processor 701, a second memory 702, a second communication interface 703, and a second bus 704.
  • the number of the second processors 701 may be one or more, and FIG. 12 only illustrates one of the second processors 701.
  • the second processor 701 may be a central processing unit. If the second computer device has multiple second processors 701, the types of the multiple second processors 701 may be different or may be the same.
  • multiple second processors of the second computer device may also be integrated into a multi-core processor.
  • the second memory 702 stores computer instructions and data, and the second memory 702 can store computer instructions and data required to implement the functions of the virtual forwarding device and virtual machine in the business service providing method provided by this application.
  • the second memory 702 may be any one or any combination of the following storage media: non-volatile memory (such as read-only memory, solid-state hard disk, hard disk, optical disk, etc.), volatile memory.
  • the second communication interface 703 may be any one or any combination of the following devices: a network interface (such as an Ethernet interface), a wireless network card, and other devices with a network access function.
  • the second communication interface 703 is used for data communication between the second computer device and other nodes or other computer devices.
  • FIG. 12 also exemplarily plots the second bus 704.
  • the second bus 704 can connect the second processor 701 with the second memory 702 and the second communication interface 703. In this way, through the second bus 704, the second processor 701 can access the second memory 702, and can also use the second communication interface 703 to perform data interaction with other nodes or other computer devices.
  • the second computer device executes the computer instructions in the second memory 702 to realize the functions of the virtual forwarding device and the virtual machine in the business service providing method provided in this application.
  • the second computer device executes the computer instructions in the second memory 702 to execute the following steps performed by the virtual forwarding device: the virtual forwarding device decapsulates the second overlay packet to obtain the first service request packet, and transfers the first service request packet to the first service request packet. The request message is sent to the virtual machine.
  • the second computer device executes the computer instructions in the second memory 702, and the implementation process of the steps executed by the virtual forwarding device may refer to the corresponding description in the foregoing method embodiment.
  • FIG. 13 exemplarily provides a possible architecture diagram of the third computer device.
  • the third computer device may include a third processor 801, a third memory 802, a third communication interface 803, and a third bus 804.
  • the number of third processors 801 may be one or more, and FIG. 13 only illustrates one of the third processors 801.
  • the third processor 801 may be a central processing unit. If the third computer device has multiple third processors 801, the types of the multiple third processors 801 may be different or may be the same.
  • multiple third processors of the third computer device may also be integrated into a multi-core processor.
  • the third memory 802 stores computer instructions and data, and the third memory 802 can store computer instructions and data required to realize the function of the remote acceleration gateway in the service provision method provided by the present application.
  • the third memory 802 may be any one or any combination of the following storage media: non-volatile memory (such as read-only memory, solid-state hard disk, hard disk, optical disk, etc.), volatile memory.
  • the third communication interface 803 may be any one or any combination of the following devices: a network interface (such as an Ethernet interface), a wireless network card, and other devices with a network access function.
  • the third communication interface 803 is used for data communication between the third computer device and other nodes or other computer devices.
  • FIG. 13 also exemplarily plots the third bus 804.
  • the third bus 804 may connect the third processor 801 with the third memory 802 and the third communication interface 803. In this way, through the third bus 804, the third processor 801 can access the third memory 802, and can also use the third communication interface 803 to perform data interaction with other nodes or other computer devices.
  • the third computer device executes the computer instructions in the third memory 802, which can realize the function of the remote acceleration gateway in the business service providing method provided in this application.
  • the following steps executed by the remote acceleration gateway can be executed: the remote acceleration gateway receives the second service request message sent by the client; the remote acceleration gateway responds to the second The service request message performs destination address conversion to generate the first service request message; the remote acceleration gateway encapsulates the first service request message to generate the first overlay message; the remote acceleration gateway sends the first overlay message To the transparent acceleration gateway where the virtual machine is located.
  • the third computer device executes the computer instructions in the third memory 802 and executes the steps executed by the remote acceleration gateway.
  • the implementation process please refer to the corresponding description in the foregoing method embodiment.
  • the embodiment of the present application also provides a first storage medium, which is a non-volatile computer-readable storage medium.
  • a first storage medium which is a non-volatile computer-readable storage medium.
  • the embodiment of the present application also provides a second storage medium.
  • the second storage medium is a non-volatile computer-readable storage medium.
  • the instructions in the second storage medium are executed by the processor, the implementation is as in the embodiment of the present application.
  • the embodiment of the present application also provides a third storage medium, which is a non-volatile computer-readable storage medium.
  • a third storage medium which is a non-volatile computer-readable storage medium.
  • the embodiment of the present application also provides a first computer program product containing instructions.
  • the computer executes the functions implemented by the transparent acceleration gateway in the business service providing method in the embodiment of the present application. .
  • the embodiment of the present application also provides a second computer program product containing instructions.
  • the second computer program product runs on a computer, the computer executes the functions implemented by the virtual forwarding device in the business service providing method in the embodiment of the present application. .
  • the embodiment of the present application also provides a third computer program product containing instructions.
  • the third computer program product runs on the computer, the computer executes the implementation of the remote acceleration gateway in the business service providing method in the embodiment of the present application.
  • the program can be stored in a computer-readable storage medium.
  • the storage medium mentioned can be a read-only memory, a magnetic disk or an optical disk, etc.
  • the terms “first”, “second” and “third” are only used for descriptive purposes, and cannot be understood as indicating or implying relative importance.
  • the term “at least one” refers to one or more, and the term “plurality” refers to two or more, unless expressly defined otherwise.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé de fourniture de service relevant du domaine technique des communications. Le procédé comprend les étapes suivantes : une passerelle d'accélération transparente reçoit un premier message de superposition envoyé par une passerelle d'accélération à distance, le premier message de superposition encapsulant un premier message de demande de service, une adresse IP source du premier message de demande de service étant une adresse IP d'un client, une adresse IP de destination étant une adresse IP d'un réseau public associé à une machine virtuelle, et le premier message de superposition transportant une adresse IP de la passerelle d'accélération à distance ; la passerelle d'accélération transparente décapsule le premier message de superposition de sorte à obtenir un premier message de demande de service, encapsule le premier message de demande de service pour produire un second message de superposition, envoie le second message de superposition à un dispositif de transfert virtuel, et la passerelle d'accélération transparente établit une correspondance entre l'adresse IP de la passerelle d'accélération à distance et l'adresse IP du client ; et le dispositif de transfert virtuel décapsule le second message de superposition en vue d'obtenir le premier message de demande de service, et envoie le premier message de demande de service à la machine virtuelle. La présente invention réalise une transmission transparente d'adresse source d'un message de demande de service.
PCT/CN2020/121093 2019-10-15 2020-10-15 Procédé et système de fourniture de service WO2021073565A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910979745.X 2019-10-15
CN201910979745.XA CN112671628B (zh) 2019-10-15 2019-10-15 业务服务提供方法及***

Publications (1)

Publication Number Publication Date
WO2021073565A1 true WO2021073565A1 (fr) 2021-04-22

Family

ID=75400373

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/121093 WO2021073565A1 (fr) 2019-10-15 2020-10-15 Procédé et système de fourniture de service

Country Status (2)

Country Link
CN (1) CN112671628B (fr)
WO (1) WO2021073565A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844856A (zh) * 2022-04-26 2022-08-02 夏宇 网络穿透方法、装置、电子设备及存储介质
EP4033702A4 (fr) * 2019-10-15 2022-11-16 Huawei Cloud Computing Technologies Co., Ltd. Procédé et système de fourniture de service, et passerelle d'accélération à distance

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113890865A (zh) * 2021-10-21 2022-01-04 展讯通信(上海)有限公司 数据包转发方法和设备
CN114205360B (zh) * 2021-12-08 2024-04-16 京东科技信息技术有限公司 数据传输方法、装置及***
CN114039949B (zh) * 2021-12-24 2024-03-26 上海观安信息技术股份有限公司 云服务浮动ip绑定方法及***
CN114500376B (zh) * 2021-12-30 2024-04-09 网络通信与安全紫金山实验室 一种访问云资源池的方法、***、服务器及存储介质
CN115334036B (zh) * 2022-08-11 2023-07-07 安超云软件有限公司 智能控制源地址转换的方法和装置、电子设备和存储介质
CN117544424B (zh) * 2024-01-09 2024-03-15 万洲嘉智信息科技有限公司 基于泛在联接的多协议智慧园区管控平台

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140050091A1 (en) * 2012-08-17 2014-02-20 International Business Machines Corporation Load balancing overlay network traffic using a teamed set of network interface cards
CN103931140A (zh) * 2011-11-02 2014-07-16 国际商业机器公司 虚拟化网络的分布式地址解析服务
CN108781171A (zh) * 2016-02-29 2018-11-09 思科技术公司 用于在ipv6环境中用数据平面信号通知分组捕获的***和方法

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9036639B2 (en) * 2012-11-29 2015-05-19 Futurewei Technologies, Inc. System and method for VXLAN inter-domain communications
US9787499B2 (en) * 2014-09-19 2017-10-10 Amazon Technologies, Inc. Private alias endpoints for isolated virtual networks
CN104601432B (zh) * 2014-12-31 2018-03-13 新华三技术有限公司 一种报文传输方法和设备
CN106899500B (zh) * 2016-12-16 2020-06-26 新华三技术有限公司 一种跨虚拟可扩展局域网的报文处理方法及装置
US10819675B2 (en) * 2017-08-14 2020-10-27 Nicira, Inc. Managing network connectivity between cloud computing service endpoints and virtual machines
CN108768817B (zh) * 2018-05-22 2020-07-28 腾讯科技(深圳)有限公司 一种虚拟化网络组网***、数据包发送方法
CN108449282B (zh) * 2018-05-29 2021-12-21 华为技术有限公司 一种负载均衡方法及其装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103931140A (zh) * 2011-11-02 2014-07-16 国际商业机器公司 虚拟化网络的分布式地址解析服务
US20140050091A1 (en) * 2012-08-17 2014-02-20 International Business Machines Corporation Load balancing overlay network traffic using a teamed set of network interface cards
CN108781171A (zh) * 2016-02-29 2018-11-09 思科技术公司 用于在ipv6环境中用数据平面信号通知分组捕获的***和方法

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4033702A4 (fr) * 2019-10-15 2022-11-16 Huawei Cloud Computing Technologies Co., Ltd. Procédé et système de fourniture de service, et passerelle d'accélération à distance
CN114844856A (zh) * 2022-04-26 2022-08-02 夏宇 网络穿透方法、装置、电子设备及存储介质
CN114844856B (zh) * 2022-04-26 2024-03-22 夏宇 网络穿透方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
CN112671628B (zh) 2023-06-02
CN112671628A (zh) 2021-04-16

Similar Documents

Publication Publication Date Title
WO2021073565A1 (fr) Procédé et système de fourniture de service
US11671367B1 (en) Methods and apparatus for improving load balancing in overlay networks
US8396954B2 (en) Routing and service performance management in an application acceleration environment
WO2021073555A1 (fr) Procédé et système de fourniture de service, et passerelle d'accélération à distance
US8259571B1 (en) Handling overlapping IP addresses in multi-tenant architecture
US10574763B2 (en) Session-identifer based TWAMP data session provisioning in computer networks
US20220078114A1 (en) Method and Apparatus for Providing Service for Traffic Flow
US8270420B2 (en) iSCSI to FCoE gateway
WO2018059284A1 (fr) Procédé de transmission de données et équipement de réseau
US7653075B2 (en) Processing communication flows in asymmetrically routed networks
WO2014201974A1 (fr) Procédé de traitement de paquets d'acheminement de service, dispositif et système de réseau
Aazam et al. Impact of ipv4-ipv6 coexistence in cloud virtualization environment
CN109246016B (zh) 跨vxlan的报文处理方法和装置
WO2023186109A1 (fr) Procédé d'accès au nœud et système de transmission de données
US20230254183A1 (en) Generating route target values for virtual private network routes
US11818035B2 (en) Augmented routing of data
CN116488958A (zh) 网关处理方法、虚拟接入网关、虚拟业务网关及相关设备
TW202249466A (zh) 封包轉發控制協定(pfcp)會話負載平衡器運作系統及其運作方法
TW202249464A (zh) 使用網際網路協定網路於蜂巢式資料封包路由的方法
KR20180007898A (ko) 가상 사설 클라우드망에서 테넌트 내 그룹 분리 방법
CN113994639A (zh) 基于远程网络节点的l3虚拟映射的虚拟本地存在
TW202249467A (zh) 5g網路中可選擇性的導入使用者設備位址至虛擬路由轉發表
TW202249465A (zh) 使用網際網路協定網路於蜂巢式資料封包路由的裝置
CN117529709A (zh) Pfcp会话负载平衡器
CN117441377A (zh) 在5g网络中将ue地址选择性地导入vrf

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20876556

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20876556

Country of ref document: EP

Kind code of ref document: A1