CN116962490B - Hot migration method, first network element, service equipment, communication system and storage medium - Google Patents

Abstract

The application discloses a thermomigration method, a first network element, service equipment, a communication system and a storage medium. The first network element receives first mapping information sent by the second network element, the first mapping information indicates the corresponding relation between a first address, a first port, a second address, a second port, a first protocol and a third address, a third port, a fourth address, a fourth port and a first protocol, the first network element and the second network element are configured with different address segments, the third address belongs to the address segment of the second network element, the first network element sends first indication information to the service equipment, the first indication information is used for indicating the service equipment to set a quintuple of a first response message corresponding to the first application program as a fourth address, a fourth port, a fifth address, a fifth port and the first protocol, and then the fifth address belongs to the address segment of the first network element. The scheme of the application can ensure that the flow of the same session connection is not interrupted when migrating between network devices, thereby improving the user experience.

Description

Thermomigration method, first network element, service device, communication system and storage medium

Technical Field

The present application relates to the field of communications technologies, and in particular, to a thermomigration method, a first network element, a service device, a communication system, and a storage medium.

Background

The virtual private cloud (virtualprivate cloud, VPC) is an isolated, private virtual network environment that users apply for on the cloud, users can freely configure the network segments of the VPC, and deploy their own services (traffic) within the VPC. There may be a network segment overlap between different VPCs, and in order to achieve service interview between different VPCs without changing the VPC network segment configuration, network address translation (network address translation, NAT) technology may be currently used to implement network address translation between VPCs, so as to achieve accessibility of services in one VPC in other VPCs.

For example, as shown in fig. 1, VPC1 and VPC2 are two different VPCs, and a certain service device 200 in VPC2 is deployed with a certain application (application) for providing a certain service (such as a database service, a web service, etc.), an IP address of the service device 200 in VPC2 is IP4, and a corresponding port of the application in the service device 200 is z. Assuming that the service provided by the application program in VPC2 is mapped by the set of IP2: y in VPC1 and the set of IP address+port ", a certain process X in a certain terminal device 100 in VPC1 wants to access the application program in VPC2, then a request message is sent to the outside, and four tuples (i.e., source IP address, source port, destination IP address and destination port) of the request message are IP1: x→ip2: y, and the protocol type of the request message is TCP protocol for convenience of description. Wherein IP1 is the IP address of the terminal device 100 in VPC1, and X is the port number corresponding to process X in the terminal device 100. Then, the network device 300 replaces the quadruple of the request message with IP3:w→ip4:z based on NAT technology, and sends the quadruple to the service device 200, thereby implementing the service of accessing VPC2 in VPC 1. Where IP3 is one address in the address pool configured by the network device 300, IP3: w is used to map process X in VPC1 in VPC 2.

For reasons of equipment upgrade maintenance or bandwidth resource shortage, the traffic of the service access process may need to be migrated from the network device 300 to another network device to perform corresponding processing such as network address conversion and forwarding, so how to ensure that the service access is not interrupted to improve the user experience becomes a problem to be solved.

Disclosure of Invention

The application provides a thermomigration method, a first network element, service equipment, a communication system and a storage medium, which can ensure that the flow connected with the same session is not interrupted during migration among network equipment, thereby improving user experience.

In a first aspect, the present application provides a method of thermomigration. The first network element receives first mapping information sent by a second network element, wherein the first mapping information indicates the corresponding relation between a first address, a first port, a second address, a second port, a first protocol, a third address, a third port, a fourth address, a fourth port and a first protocol, the first network element and the second network element are configured with different address segments, the third address belongs to the address segment of the second network element, the fourth address and the fourth port correspond to a first application program on a service device, the first network element sends first indication information to the service device, the first indication information is used for indicating the service device to set a five-tuple of a first response message corresponding to the first application program as a fourth address, a fourth port, a fifth address, a fifth port and a first protocol, and the five-tuple sequentially comprises a source IP address, a source port, a destination IP address, a destination port and a protocol type, the fifth address belongs to the address segment configured by the first network element, and the first network element receives the first response message sent by the service device, and replaces the first response message with the first response message, the first response message is replaced by the first address, the second response message, and the first response message is obtained.

It should be noted that, in the embodiment of the present application, the five-tuple includes a source IP address, a source port, a destination IP address, a destination port, and a protocol type, and has a precedence relationship. The five-tuple of a certain message is a tuple formed by extracting five information of a source IP address, a source port, a destination IP address, a destination port and a protocol type in the message and arranging the five information according to the current sequence, but the five information is not represented by the fact that the five information is originally arranged in the message according to the sequence.

In this embodiment, the first address-first port in the first mapping information corresponds to a certain process (denoted as process X) on a certain terminal device, and the fourth address-fourth port corresponds to a certain application program (i.e., a first application program, abbreviated as APP 1) on a certain service device, where APP1 is used to provide a certain service, and is not limited herein. The second address-second port is a set of "IP address+port numbers" configured to map the fourth address-fourth port, and the third address-third port is a set of "IP address+port numbers" selected by the second network element to map the first address-first address. The five-tuple is that the messages of the first address-first port-second address-second port-first protocol correspond to the same session connection.

When the first mapping information is migrated from the second network element to the first network element, the first network element sends first indication information to the service device corresponding to the fourth address and the fourth port in the first mapping information, so as to indicate the service device to set the quintuple of the first response message corresponding to the APP1 as the fourth address, the fourth port, the fifth address and the fifth port, and then send the quintuple to the first network element. Because the fifth address is an IP address in the address pool configured by the first network element, the first response message corresponding to the APP1 may be forwarded to the first network element (not forwarded to the second network element), and then the first network element may process the first response message based on the first mapping information to obtain the second response message. Because the destination IP address and the destination port in the second response message are the first address and the first port, the second response message can be forwarded to the node (the source node requesting to access APP 1) corresponding to the first address and the first port, so that the traffic connected with the same session is ensured not to be interrupted after migration (i.e. traffic thermal migration is realized), and the user experience is improved.

Based on the first aspect, in a possible implementation manner, before the first network element receives the first mapping information sent by the second network element, the second network element may replace the quintuple of the received first message with the third address, the third port, the fourth address, the fourth port and the first protocol according to the first mapping information, so as to obtain a replaced message, and then send the replaced message to the service device. The five-tuple of the first message includes a first address, a first port, a second address, a second port, and a first protocol. Before the first network element receives the first mapping information sent by the second network element, the second network element can replace the quintuple of the response message sent by the service device with the second address, the second port, the first address, the first port and the first protocol according to the first mapping information, so as to obtain a replaced response message, and then send the replaced response message. The five-tuple of the response message comprises a fourth address, a fourth port, a third address, a third port and a first protocol.

That is, before the first mapping information is migrated from the second network element to the first network element, the second network element is responsible for processing (including operations such as NAT address translation and message forwarding) the message related to the first mapping information, so as to implement access of the node corresponding to the first address and the first port to APP1 in the service device.

Based on the first aspect, in a possible implementation manner, the first network element receives a second message, and a quintuple of the second message includes a first address, a first port, a second address, a second port, and a first protocol. And then, the first network element replaces the quadruple of the second message with a third address, a third port, a fourth address and a fourth port according to the first mapping information to obtain a third message, wherein the third message comprises the first indication information. Then, the first network element sends a third message to the service device.

In this scheme, the five-tuple of the second packet includes a first address, a first port, a second address, a second port, and a first protocol, where the node corresponding to the "first address and the first port" requests access to the "second address+the second port". When the first network element receives the second message, the first network element finds that the second message belongs to the flow of the session connection corresponding to the first address-first port-second address-second port-first protocol, therefore, the first network element can replace the quadruple of the second message with the third address, the third port, the fourth address and the fourth port based on the first mapping information to obtain a third message, and the first indication information is added in the third message. Then, the first indication information is sent to the service device along with the third message, so that the service device can execute corresponding operations based on the first indication information carried by the third message, that is, set the five-tuple of the corresponding first response message to the fourth address, the fourth port, the fifth address, the fifth port and the first protocol for the APP1 based on the first indication information, and then send the first response message to the first network element.

Based on the first aspect, in a possible implementation manner, the third message includes a first optional field, the information in the first optional field includes a fifth address and a fifth port, and the first indication information includes the information in the first optional field.

That is, the first optional field may be added in the third message, and part or all of the first indication information may be written in the first optional field. For example, the first indication information may include a third address, a third port, a fifth address and a fifth port, which may all be written in the first optional field, or only the fifth address and the fifth port (i.e. a new set of "IP addresses+ports") in the first indication information may be written in the first optional field, where the third address and the third port in the first indication information are located in the source IP address and the source port field in the header of the third packet.

Based on the first aspect, in a possible implementation manner, before the first network element sends the third message to the service device, the first network element may record a first replacement state between the third address-third port and the fifth address-fifth port. Then, when the first network element receives the first response message sent by the service device, the first network element can change the recorded first replacement state into a second replacement state, replace the quintuple of the first response message with the second address, the second port, the first address, the first port and the first protocol, obtain a second response message, and send the second response message. And then the first network element receives a fourth message, replaces the quintuple of the fourth message with a fifth address, a fifth port, a fourth address, a fourth port and a first protocol according to the recorded second replacement state to obtain a fifth message, and sends the fifth message to the service equipment. The five-tuple of the fourth message includes a first address, a first port, a second address, a second port, and a first protocol.

In this scheme, the first network element sends a third message carrying the first indication information to the service device to negotiate with the service device, and locally records a first replacement state between the third address-third port and the fifth address-fifth port, which indicates that the first network element wants to perform the replacement, but is still in negotiation, and has not yet obtained a confirmation from the service device as to whether the replacement can be allowed to be performed (for compatibility with the service device that does not support NAT replacement, negotiation is required). Then, when the first network element receives the first response message sent by the service device, it is confirmed that the quintuple of the first response message includes the fourth address, the fourth port, the fifth address, the fifth port and the first protocol, which indicates that the service device supports executing the replacement, at this time, the first network element can change the recorded first replacement state into the second replacement state, which indicates that the first network element has successfully negotiated with the service device, and the service device allows/supports executing the replacement operation between the third address-the third port and the fifth address-the fifth port. Then, when the first network element receives the fourth message, confirming that the quintuple of the fourth message is the first address, the first port, the second address, the second port and the first protocol, and replacing the quintuple of the fourth message with the fifth address, the fifth port, the fourth address, the fourth port and the first protocol according to the first mapping information and the second replacing state, so as to obtain a fifth message, and further sending the fifth message to the service equipment. It should be understood that, if in the first replacement state, the first network element only performs the corresponding replacement on the fourth packet based on the first mapping information, and does not replace the fourth packet with the fifth address+the fifth port.

Based on the first aspect, in a possible implementation manner, the fifth message includes second indication information, where the second indication information is used to instruct the service device to replace a source IP address and a source port in the fifth message with a third address and a third port respectively and send the source IP address and the source port to the first application program, or the second indication information is used to instruct the service device to send application layer information in the fifth message to the first application program.

Based on the first aspect, in a possible implementation manner, the fifth message includes a second optional field, information in the second optional field includes a third address and the third port, and the second indication information includes information in the second optional field.

In this solution, the fifth packet may include a second optional field, where information in the second optional field includes a third address and a third port (i.e., the old set of "IP addresses+ports"), so that when the service device receives the fifth packet, the service device may directly replace the source IP address and the source port in the fifth packet based on the information in the second optional field in the fifth packet, and may further send application layer information in the fifth packet to APP1.

Based on the first aspect, in a possible implementation manner, the first network element receives the second message, and replaces the quadruple of the second message with the fifth address, the fifth port, the fourth address and the fourth port to obtain a sixth message. The five-tuple of the second message includes a first address, a first port, a second address, a second port, and a first protocol, and the sixth message includes first indication information, where the first indication information is further used to instruct the service device to replace a source IP address and a source port in the sixth message with a third address and a third port respectively and send the source IP address and the source port to the first application program, or the first indication information is further used to instruct the service device to send application layer information in the sixth message to the first application program. And the first network element sends the sixth message to the service equipment.

In this scheme, when the first network element receives the first mapping information sent by the second network element, the first network element discovers that the second message belongs to the traffic of the session connection corresponding to the first address-first port-second address-second port-first protocol, so that the first network element can select one IP address from the address pool configured by itself as the fifth address, and select one port as the fifth port, and then replace the "third address+third address" in the first mapping information with the "fifth address+fifth port", so as to replace the five-tuple of the second message with the fifth address, the fifth port, the fourth address, the fourth port, the first protocol, and then obtain a sixth message, and add the first indication information in the sixth message. Then, the first indication information is sent to the service device along with the sixth message, so that the service device can execute corresponding operations based on the first indication information carried by the third message. It should be understood that, in this solution, the first network element and the service device do not negotiate (omits the negotiation procedure and improves efficiency) whether the replacement between the third address-third port and the fifth address-fifth port is possible, and the first network element defaults that the service device supports executing the replacement, so that the first network element directly replaces the source IP address+the source port with the "fifth address+the fifth port" to obtain the sixth message after receiving the second message, and carries the first indication information in the sixth message, so as to inform the service device that the first network element executes the corresponding replacement for the sixth network element, and the service device can send the application layer information of the sixth message to APP1 after executing the reverse replacement procedure for the sixth message based on the first indication information, thereby ensuring that service access is not interrupted.

Based on the first aspect, in a possible implementation manner, the sixth message includes a second optional field, the information in the second optional field includes a third address and a third port, and the first indication information includes the information in the second optional field.

Based on the first aspect, in a possible implementation, the first address and the fourth address belong to a first private network and a second private network, respectively, and there is a network segment overlap (address collision) of the first private network and the second private network.

That is, the scheme can be used for service interview between different private networks with overlapped network segments. The private network may be a virtual private cloud (virtual private cloud, VPC) or other type of autonomous network, without specific limitation herein.

In a second aspect, the application also provides a thermomigration method. The service device receives first indication information sent by a first network element, wherein the service device comprises a first application program, and a quintuple corresponding to the first application program comprises a third address, a third port, a fourth address, a fourth port and a first protocol. And the service equipment sets a quintuple of a first response message corresponding to the first application program as a fourth address-a fourth port-a fifth address-a fifth port-a first protocol according to the first indication information, wherein the quintuple of the first response message comprises a fourth address, a fourth port, a third address, a third port and the first protocol, the quintuple sequentially comprises a source IP address, a source port, a destination IP address, a destination port and a protocol type, the first network element and the second network element are configured with different address segments, and the third address and the fifth address respectively belong to the address segment of the first network element and the address segment of the second network element. And then, the service equipment sends a first response message to the first network element.

That is, under the condition that the service device receives the first indication information from the first network element, the service device sets the five-tuple in the first response message corresponding to the APP1 as a fourth address-fourth port-fifth address-fifth port-first protocol and sends the first protocol, and the fifth address belongs to the address pool of the first network element, so that the first response message can be forwarded to the first network element, and further the first network element can perform corresponding NAT processing on the first response message to obtain a second response message, and further the second response message can be forwarded to corresponding terminal equipment, thereby ensuring that the flow of the same session connection is not interrupted.

Based on the second aspect, in a possible implementation manner, before the service device receives the first indication information sent by the first network element, the method further includes that the service device receives a replaced message sent by the second network element, and sends the replaced message or application layer information in the replaced message to the first application program, wherein a quintuple of the replaced message includes a third address, a third port, a fourth address, a fourth port and a first protocol, and the service device sends a response message corresponding to the first application program to the second network element, wherein the quintuple of the response message includes the fourth address, the fourth port, the third address, the third port and the first protocol.

Based on the second aspect, in a possible implementation manner, the service device receives a third message sent by the first network element, where a five-tuple of the third message includes a third address, a third port, a fourth address, a fourth port, and a first protocol, and the third message includes the first indication information.

That is, the first indication information may be brought to the first network element along with the third packet sent by the first network element, and then the service device may replace the five-tuple of the first response packet corresponding to the APP1 with the fourth address-fourth port-fifth address-fifth port-first protocol according to the requirement of the first indication information in the third packet, and then send the first packet to the first network element.

Based on the second aspect, in a possible implementation manner, the third message includes a first optional field, the information in the first optional field includes a fifth address and a fifth port, and the first indication information includes the information in the first optional field.

Based on the second aspect, in a possible implementation manner, after the service device receives the third packet sent by the first network element, the service device receives a fifth packet sent by the first network element, a five-tuple of the fifth packet includes the fifth address, the fifth port, the fourth address, the fourth port and the first protocol, and then the service device replaces a source IP address and a source port in the fifth packet with the third address and the third port respectively and sends the third address and the third port to the first application program. Or the service equipment sends the application layer information in the fifth message to the first application program.

Based on the second aspect, in a possible implementation manner, the fifth packet includes second indication information, and the service device may replace the source IP address and the source port in the fifth packet with a third address and a third port according to the second indication information in the fifth packet and send the replaced source IP address and the source port to the first application program. That is, the second indication information in the fifth message may directly trigger the service device to perform the above-mentioned replacement. Or the service device may send the application layer information in the fifth message to the first application program according to the second indication information.

Based on the second aspect, in a possible implementation manner, the fifth message includes a second optional field, the information in the second optional field includes a third address and a third port, and the second indication information includes the information in the second optional field.

Based on the second aspect, in a possible implementation manner, the service device receives a sixth packet sent by the first network element, where a five-tuple of the sixth packet includes a fifth address, a fifth port, a fourth address, a fourth port, and a first protocol, and the sixth packet includes the first indication information. Then, the service device replaces the source IP address and the source port in the sixth message with the third address and the third port respectively according to the first indication information and then sends the third address and the third port to the first application program, or the service device sends the application layer information in the sixth message to the first application program according to the first indication information.

Based on the second aspect, in a possible implementation manner, the sixth message includes a second optional field, the information in the second optional field includes a third address and a third port, and the second indication information includes the information in the second optional field.

Based on the second aspect, in a possible implementation, the first address and the fourth address belong to a first private network and a second private network, respectively, and there is a network segment overlap (address collision) between the first private network and the second private network.

In a third aspect, the present application further provides a first network element (i.e. a network device), including a transceiver module and a processing module. The device comprises a first network element, a transceiver module, a first instruction information and a second instruction information, wherein the first instruction information is used for indicating the corresponding relation between a first address, a first port, a second address, a second port, a first protocol, a third address, a third port, a fourth address, a fourth port and a first protocol, the first network element and the second network element are configured with different address segments, the third address belongs to the address segment of the second network element, the fourth address and the fourth port correspond to a first application program on a service device, the transceiver module is also used for sending the first instruction information to the service device, the first instruction information is used for indicating the service device to set a five-tuple of a first response message corresponding to the first application program as a fourth address, the fourth port, the fifth address, the fifth port and the first protocol, the five-tuple sequentially comprises a source IP address, a source port, a destination IP address, a destination port and a protocol type, the fifth address belongs to the address segment configured by the first network element, the transceiver module is also used for receiving the first response message sent by the service device, the first response message is used for processing the service device, and the first response message is also used for sending the first response message to the first response message, the first response message is obtained by the first response message, the first response message is sent by the first response message and the first response message is obtained by the first response module. The first network element may further include further modules, which are not limited herein. The first network element in the third aspect is specifically configured to perform the method of any of the embodiments in the first aspect, and may be referred to the foregoing description, which is not repeated here.

In a fourth aspect, the present application also provides another first network element comprising a processor and a memory, the processor being arranged to execute instructions stored in the memory to cause the first network element to perform a method as in any of the embodiments of the first aspect.

In a fifth aspect, the present application further provides a service device, including a transceiver module and a processing module. The device comprises a first network element, a receiving and transmitting module, a processing module and a transmitting module, wherein the first indication information is transmitted by the first network element, the five-tuple corresponding to a first application program on the service device comprises a third address, a third port, a fourth address, a fourth port and a first protocol, the processing module is used for setting the five-tuple of a first response message corresponding to the first application program as a fourth address-fourth port-fifth address-fifth port-first protocol message according to the first indication information, the five-tuple sequentially comprises a source IP address, a source port, a destination IP address, a destination port and a protocol type, the first network element and the second network element are configured with different address segments, the fifth address and the third address respectively belong to the address segment of the first network element and the address segment of the second network element, and the receiving and transmitting module is also used for transmitting the first response message to the first network element. The service device may further comprise further modules, which are not limited herein. The service device in the fifth aspect is specifically configured to perform the method of any implementation manner of the first aspect, which is described in the foregoing description and is not repeated here.

In a sixth aspect, the present application also provides a service device comprising a processor and a memory, the processor being operable to execute instructions stored in the memory to cause the service device to perform a method as in any of the embodiments of the second aspect.

In a seventh aspect, the present application further provides a communication system comprising the first network element of any one of the embodiments of the third or fourth aspect, the second network element, and the service device of any one of the embodiments of the fifth or sixth aspect.

In an eighth aspect, the application also provides a computer readable storage medium comprising computer program instructions which, when executed by a computing device, perform a method as in any of the embodiments of the first or second aspects.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the description of the embodiments will be briefly described below.

Fig. 1 is a schematic diagram of implementing service interview between different VPCs based on NAT technology provided in an embodiment of the present application;

fig. 2 is a schematic diagram of an application scenario provided in an embodiment of the present application;

fig. 3 is a schematic structural diagram of a service device according to an embodiment of the present application;

FIG. 4 is a schematic diagram of a scenario after migration of a NAT instance according to an embodiment of the present application;

FIG. 5 is a flow chart of interactions prior to traffic migration provided in an embodiment of the present application;

FIG. 6 is an interactive flow chart of a method of thermal migration provided in an embodiment of the present application;

FIG. 7 is an interactive flow chart of another method of thermal migration provided in an embodiment of the present application;

FIG. 8 is a schematic illustration of a process before and after thermal migration provided in an embodiment of the present application;

fig. 9 is a schematic structural diagram of a first network element according to an embodiment of the present application;

Fig. 10 is a schematic structural diagram of another service device according to an embodiment of the present application.

Detailed Description

Referring to fig. 2, fig. 2 is a schematic view of an application scenario provided in an embodiment of the present application, including a terminal device 100, a service device 200, and a network device 300, which are described below.

The terminal device 100 may be a personal computer (such as a notebook computer, a desktop computer, etc.), a server, a mobile device, etc., which is not particularly limited in the embodiment of the present application.

The service device 200 has one or more application programs (APP) deployed thereon, corresponding to different ports on the service device 200. Each application (or called service software) is configured to provide a corresponding service, such as a database service, a web service, an object storage service, a load balancing service, a data backup service, and the like, and the kind of the service is not specifically limited in the embodiments of the present application. The service device 200 may be a server, a network device, etc., and the embodiment of the present application is not limited in particular.

Alternatively, the service device 200 where one terminal device 100 and the service that it needs to access are located may be located in different private networks, or may be located in the same private network. The private network may be a virtual private cloud (virtualprivate cloud, VPC) or other type of autonomous/proprietary network, and embodiments of the present application are not particularly limited. The VPC is an on-cloud private network constructed based on a cloud data center, and can construct an isolated and private virtual network environment for cloud service equipment (such as a virtual machine), a cloud container, a cloud database and other on-cloud virtual instance resources of tenants on the cloud data center, and different VPCs are logically isolated. The tenant can make some tenant configuration for its VPC on the console, for example, the tenant can customize the VPC network segment, divide the VPC into sub-networks as required, configure the routing forwarding rule, the bandwidth packet, and the like, and can also ensure the network security by configuring access control rules such as security group rules, network access control list (access control list, ACL) rules, and the like.

The network device 300 may be a device such as a router, a switch, a firewall, a gateway, or a server, or may be a cluster formed by a plurality of devices, and embodiments of the present application are not limited in detail. The network device 300 is configured with a corresponding pool of IP addresses (which may include one or more address segments) for providing NAT functions and message forwarding functions to assist the terminal device 100 in enabling access to services deployed on the service device 200.

Specifically, one or more NAT service instances (hereinafter, simply referred to as instances) may be deployed on network device 300, each instance being assigned a respective network segment. Alternatively, different instances on the same network device 300 may be assigned different segments in the IP address pool of the network device 300, i.e., each instance is assigned a segment (or portal) separately, and the assigned segments between the different instances do not overlap. Or multiple instances on the same network device 300 may be assigned the same network segment in the IP address pool of that network device 300, i.e., multiple instances share a network segment (or portal).

For each NAT instance, it is associated with two pairs of "IP address + port (number)". A first pair of "IP address + ports" may be used to determine a certain application (for providing a certain service) on a certain service device 200, while a second pair of "IP address + ports" is used to map the first pair of "IP address + ports" such that accessing the second pair of "IP address + ports" is equivalent to accessing the first pair of "IP address + ports". The NAT instance is configured to perform corresponding source address translation (source network address translation, SNAT) and destination address translation (destination network address translation, DNAT) on a message with a destination address and a destination port being the second pair of "IP address and port", thereby implementing access to the application program corresponding to the first pair of "IP address and port". The source address conversion is to replace the source IP address and the source port in the message with one IP address and a certain port in the network segment allocated by the example, and the destination address conversion is to replace the destination address and the destination port in the message with the first pair of IP address and port.

For example, as shown in fig. 2, it is assumed that an application program for providing a database service is deployed on the service device n (i.e., a certain service device 200). The IP address of service device n in the VPC where it is located is mIPn, and the corresponding port number of the application program in service device n is portz, mIPn + portz is used to determine the application program on service device n. A plurality of instances (instance 1 to instance n) are deployed on a certain network device 1 (i.e. a certain network device 300), and the plurality of instances share a certain IP address field (denoted by natx) in the IP address pool configured by the network device 1.

For instance n, it corresponds to "mIPn + portz" and "vIPn + portw", where the pair of IP addresses and ports "mIPn + portz" are used to determine the application in service device n, and the pair of IP addresses and ports "vIP1+ portx" are used to map "mIPn + portz", i.e. the terminal device 100 accesses the application by accessing "vIPn + portw".

Assuming that a process in the terminal device n of fig. 2 needs to access the application program in the service device n, then the source IP address and the source port of the request message are respectively set as the IP address of the terminal device n and the port number corresponding to the process in the terminal device n, the destination IP address and the destination port in the request message are respectively set as the vppn and the portw, and then the terminal device n sends the request message. Since vIPn belongs to the address pool of the network device 1, the request packet will come to the network device 1 through the network forwarding.

The instance n in the network device 1 replaces the source IP address and the source port in the request message with a certain address and a certain port in the address field natx allocated by the instance n (i.e. SNAT function), that is, a new set of "IP addresses and ports" is used to map the above-mentioned processes in the terminal device n, and meanwhile, replaces the destination IP address and the destination port in the request message with "mIPn + portz" (i.e. DNAT function), and then sends the message obtained after the above-mentioned operations to the service device n.

As shown in fig. 3, fig. 3 is a schematic structural diagram of a service device 200 according to an embodiment of the present application, which includes a kernel (kernel) and an Application (APP) for providing a certain service. The kernel includes a protocol stack (including a TCP/IP protocol stack) and may further include a NAT module, where the NAT module may be implemented based on eBPF (extented Berkeley PACKET FILTER) technology, and eBPF is a technology that can run a user-written program in the Linux kernel without modifying the kernel code or loading the kernel module. When the network card of the service device n receives the message, the message flows into a protocol stack in the kernel, and then flows to the APP for processing, so that the process in the terminal device n1 accesses the application program of the service device 200. Or the NAT module may be disposed in the APP, instead of being disposed in the kernel of the service device 200, and when the network card of the service device 200 receives the packet, the kernel may be bypassed based on technologies such as direct memory access (Direct Memory Access, DMA), data plane Development Kit (DATA PLANE Development Kit, DPDK), etc., the packet does not flow through the kernel, and all processing of the packet is completed by the APP.

Similarly, when other processes (located in the terminal device n or other terminal devices) need to access the application program of the service device n, a message of "vIPn + portw" may be sent to the outside, and then the instance n performs a similar replacement operation on the message (selecting a new set of "IP address+port" from the address field natx to map the process, which is different from the mapping of the "IP address+port" of the previous process), so that the message may be sent to the service device n, and further, the access to the application program of the service device n is achieved.

When the network device 300 where the NAT instance is located cannot meet its bandwidth increase requirement, or for reasons such as device upgrade maintenance, the NAT instance needs to be migrated to other network devices 300. For example, as shown in fig. 4, the network device 1 in fig. 4 cannot meet the bandwidth increase requirement of the instance n, so the instance n needs to be migrated to the other network device 300 (the other instance sharing the address segment natx with the instance n does not need to be migrated together, the operation and maintenance are simple, and the network planning is simplified), and the migration to the network device 2 is assumed to be selected. With the foregoing example taken in, when instance n is migrated from network device 1 to network device 2 to instance n ', instance n ' corresponds to the two sets of "IP address+ports" of "mIPn + portz" and "vIPn + portw", the function of instance n ' is substantially identical to the function before instance n, but address field natx configured before instance n is not migrated to network device 2 together, and instance n ' is allocated to instance n ' with some address field (denoted naty) in the IP address pool of network device 2, and executes the corresponding SNAT and DNAT functions based on address field naty.

That is, when an instance migrates from one network device to another, the address segment assigned by the instance in the first network device does not migrate with the instance to the second network device, the instance assigns a corresponding address segment based on the network device in which it resides, and thus the instance is weakly correlated with its assigned address segment.

Based on the description of the application scenario, the interaction flow before the flow thermal migration is introduced first.

It should be noted that, in the embodiment of the present application, the five-tuple includes a source IP address, a source port, a destination IP address, a destination port, and a protocol type, and has a precedence relationship. The five-tuple of a certain message is a tuple formed by extracting five information of a source IP address, a source port, a destination IP address, a destination port and a protocol type in the message and arranging the five information according to the current sequence, but the five information is not represented that the five information is arranged in the message according to the sequence.

Fig. 5 is an interactive flow chart before flow migration, which is provided by the embodiment of the application, and includes steps S501 to S508.

S501, terminal equipment 100 sends a first message of accessing APP1 to a second network element.

The five-tuple of the first packet includes a first address, a first port, a second address, a second port, and a first protocol (such as TCP protocol), where the first address+the first port is used to determine a certain session (socket) of a certain process (denoted as process X) in a certain terminal device 100. The first address may be an IP address of the terminal device 100, and the first port may be a port number corresponding to the process X on the terminal device 100. The IP address of a certain service device 200 is a fourth address, and the port to which a certain application program (i.e., a first application program, abbreviated as APP 1) on the service device 200 is bound is a fourth port, so that the fourth address+the fourth port can be used to determine the APP1 (or referred to as the first application program) on the service device 200.

APP1 is an application (or service software) deployed on the service device 200, for providing a specific service, and the type of the service is not specifically limited in the embodiment of the present application. The second address+the second port is a set of "IP addresses+ports" set in the second network element for mapping the fourth address+the fourth port, and the terminal device 100 accesses the second address+the second port equivalently to access APP1 (specifically, refer to the description below) corresponding to the fourth address+the fourth port.

S502, the second network element processes the first message according to the first mapping information to obtain a replaced message.

Specifically, the first mapping information indicates a correspondence relationship between the first address-first port-second address-second port-first protocol (denoted as five-tuple a) and the third address-third port-fourth address-fourth port-first protocol (denoted as five-tuple B). That is, the first mapping information indicates the correspondence between two different sets of five-tuple. When the second network element receives the first message sent by the terminal device 100, it confirms that the quintuple in the first message is the quintuple a, and replaces the quintuple in the first message with the quintuple B according to the first mapping information, so as to obtain a replaced message.

In this embodiment, the first address-first port in the first mapping information corresponds to a socket in the process X on the terminal device 100, and the fourth address-fourth port corresponds to APP1 on the service device 200. The second address+the second port is a set of "IP address+port number" configured to map the fourth address+the fourth port, and the third address-the third port is a set of "IP address+port number" selected by the second network element to map the first address+the first address. It should be understood that the messages of the five-tuple as the first address-first port-second address-second port-first protocol correspond to the same session connection.

S503, the second network element sends the replaced message to the service equipment 200.

As can be seen from the foregoing description, the destination IP address and the destination port of the replaced packet obtained in step S502 are the fourth address (the IP address of the service device 200) and the fourth port, respectively, and the replaced packet is routed to the service device 200 based on the destination IP address.

S504, the kernel of the service equipment 200 sends the replaced message to the APP1.

Optionally, after the replaced message is forwarded by the network, the message may be received by a physical network card on the service device 200, where the physical network card sends the message to the kernel, and the protocol stack in the kernel sends the message to the APP1, so that the source IP address and the source port of the message received by the APP1 are a third address and a third port, respectively.

Optionally, after receiving the above-mentioned replaced packet sent by the second network element, the network card of the service device 200 may flow the packet to APP1 for processing, without going through the kernel.

Optionally, the kernel of the service device 200 does not send the replaced packet to APP1, but sends the application layer information (i.e. the transport layer load) in the replaced packet to APP1. For example, the kernel determines a corresponding socket according to the five-tuple (i.e. the third address-third port-fourth address-fourth port-first protocol) of the replaced packet, and then invokes the interface of the operating system to send the application layer information in the replaced packet to the socket, and then the socket sends the application layer information to the APP1.

S505, APP1 in the service device 200 sends response information to the kernel.

Optionally, the APP1 generates response information for the transport layer load in step S504, and then sends the response information to a socket corresponding to the APP1 (the corresponding five-tuple is a third address-third port-fourth address-fourth port-first protocol), and the socket flows the response information to the kernel. The kernel adds the message header to the response information to obtain a response message, and then the network card of the service device 200 sends the response message to the second network element. Wherein, the five-tuple in the message header includes a fourth address-fourth port-third address-third port-first protocol.

S506, the service equipment 200 generates a response message according to the response information and sends the response message to the second network element.

Optionally, after the APP1 receives the replaced packet in step S504, the content in the replaced packet may be processed to generate a corresponding response packet (without going through the kernel), and then the response packet is streamed to the network card. The five-tuple of the response message is a fourth address, a fourth port, a third address, a third port, and a first protocol, and then the network card of the service device 200 may send the response message to the second network element.

S507, the second network element processes the response message according to the first mapping information to obtain a replaced response message.

Specifically, as can be seen from the foregoing description, the first mapping information indicates a correspondence between the first address-first port-second address-second port-first protocol and the third address-third port-fourth address-fourth port-first protocol. When the second network element receives the response message sent by the service device 200, it confirms that the quintuple of the response message includes the fourth address, the fourth port, the third address, the third port and the first protocol, and then the quintuple of the response message can be replaced by the second address, the second port, the first address, the first port and the first protocol according to the first mapping information, so as to obtain a replaced response message, and then the replaced response message is sent to the terminal device 100 corresponding to the first address.

S508, the second network element sends the replaced response message to the terminal equipment 100.

The five-tuple of the replaced response message comprises a second address, a second port, a first address, a first port and a first protocol. The application layer information of the replaced response message is finally sent to the process X for processing, so that the process X in the terminal device 100 accesses the APP1 in the service device 200.

Based on the description of fig. 5, a first embodiment of the thermomigration method provided by the present application is described below.

Referring to fig. 6, fig. 6 is an interactive flowchart of a thermal migration method according to an embodiment of the present application, including steps S601 to S616.

S601, the second network element sends first mapping information to the first network element.

For the first mapping information, reference may be made to the description in step S501, which is not repeated here. The first network element and the second network element are configured with different address fields, the third address belongs to the address field configured by the second network element, and the fifth address belongs to the address field configured by the first network element.

Alternatively, the terminal device 100 and the service device 200 in fig. 6 may be located in different private networks (e.g. VPCs), and there may be network segment overlapping between the different private networks. Or the terminal device 100 and the service device 200 in fig. 6 may be located in the same private network.

S602, the terminal equipment 100 sends a second message of the access APP1 to the first network element.

The five-tuple of the second message includes a first address, a first port, a second address, a second port, and a first protocol.

It should be understood that the first packet in step S501 has the same five-tuple as the second packet in step S602, and belongs to the traffic of the same session connection (the service access of a socket in process X to APP 1).

S603, the first network element processes the second message according to the first mapping information to obtain a third message containing first indication information, and records a first replacement state between the fifth address-fifth port and the third address-third port.

The first indication information is used to instruct the service device 200 to set the quintuple of the first response message corresponding to the first application program as a fourth address-fourth port-fifth address-fifth port-first protocol and send the quintuple to the first network element. The fifth address is a certain IP address in the address field configured by the first network element. The first replacement state is used to indicate whether the replacement is allowed between the fifth address-fifth port and the third address-third port, which requires negotiation with the service device 200, has not yet been acknowledged by the service device 200, i.e. is currently in the negotiation.

Optionally, the third message includes a first optional field, the information in the first optional field includes a fifth address and a fifth port, and the first indication information includes the information in the first optional field. That is, the first optional field may be added in the third message, and part or all of the first indication information may be written in the first optional field. For example, the first indication information may include a third address, a third port, a fifth address and a fifth port, which may all be written in the first optional field, or only the fifth address and the fifth port (i.e. a new set of "IP addresses+ports") in the first indication information may be written in the first optional field, where the third address and the third port in the first indication information are located in the source IP address and the source port field in the header of the third packet.

Alternatively, the first optional field may be an option field in a transmission control protocol (transmission control protocol, TCP).

S604, the first network element sends a third message to the service equipment 200.

S605. the service device 200 records a replacement relationship between the fifth address-fifth port and the third address-third port.

Specifically, when the network card on the service device 200 receives the third packet, the third packet arrives at the kernel, and then, according to the first indication information in the third packet, the replacement relationship between the fifth address-fifth port and the third address-third port can be recorded in the service device 200 for packet backhaul.

S606, the kernel of the service equipment 200 sends a third message to the APP 1.

It should be understood that the source IP address and the source port of the third packet received by the APP1 are the third address and the third port, respectively, and the destination address and the destination port of the backhaul packet (i.e. the first response packet in step S607) generated by the subsequent APP1 for the third packet are set to the third address and the third port.

Optionally, after receiving the third message sent by the first network element, the network card of the service device 200 may flow the third message to the APP1 for processing, without going through the kernel. APP1 may include a NAT module, where the NAT module may record, in the service device 200, the first indication information carried in the third packet.

Alternatively, the core of the service device 200 does not send the complete third message to APP1, but sends the application layer information (i.e. the transport layer load) in the third message to APP1. For example, the kernel determines a corresponding socket according to the five-tuple (i.e. third address-third port-fourth address-fourth port-first protocol) of the third message, and then invokes the interface of the operating system to send the application layer information of the third message to the socket, and then the socket sends the application layer information to the APP1.

Regarding the sequence between the steps S605 and S606, the embodiment of the present application is not specifically limited, for example, S605 and S606 may be performed sequentially, or S606 and S605 may be performed sequentially, and both may also be performed in parallel.

S607, APP1 of service device 200 sends response information to the kernel.

S608, the kernel of the service equipment 200 generates a first response message according to the recorded replacement relation and response information.

The first response message corresponds to APP1.

Optionally, the kernel of the service device 200 includes a NAT module (based on eBPF), which may set the five-tuple of the first response message to the fourth address, the fourth port, the fifth address, the fifth port, and the first protocol based on the replacement relationship recorded in step S608, and then send the first response message to the first network element. The application layer information of the first response message comprises the response information.

Optionally, APP1 in the service device 200 may include a NAT module, and the NAT module may generate the first response message based on the replacement relationship and the response information recorded in step S608. And then the APP1 flows the first response message to the network card (without passing through the kernel), and the network card sends the first response message to the second network element.

Optionally, the APP1 generates application layer response information for the transport layer load in S606, and then sends the application layer response information to a socket (corresponding to the quintuple is a third address-third port-fourth address-fourth port-first protocol) corresponding to the APP1, and the socket flows the application layer response information to the kernel. And the kernel adds a message header to the application layer response information according to the replacement relation recorded in the step S608 to obtain a second response message. Wherein, the five-tuple in the header includes a fourth address-fourth port-fifth address-fifth port-first protocol.

S609, the service equipment 200 sends a first response message to the first network element.

S610, the first network element changes the recorded first replacement state into a second replacement state, and processes the first response message according to the second replacement state to obtain a second response message.

As can be seen from step S603, the first replacement state is used to indicate whether the replacement is allowed between the fifth address-fifth port and the third address-third port and is still being negotiated with the service device 200, and is not confirmed by the service device 200, i.e. is currently still being negotiated. When the first network element receives the first response message, the first response message is found that the quintuple of the first response message includes the fifth address, the fifth port, the fourth address, the fourth port and the first protocol, which indicates that the first response message is generated by the service device 200 according to the first indication information sent by the first network element before. The first network element confirmation service apparatus 200 allows the replacement between the fifth address-fifth port and the third address-third port to be performed at this time, thereby changing the previously recorded first replacement state to the second replacement state. The second replacement state is used to indicate that the replacement is allowed between the fifth address-fifth port and the third address-third port, and has been successfully negotiated with the service device 200.

It should be understood that, when the service device 200 in step S605 records the first indication information, it indicates that it supports performing corresponding processing according to the first indication information in step S608, the first response message obtained by the processing will be sent to the first network element, and further the first network element in step S610 may determine, according to the received first response message, that the service device 200 supports performing the above-mentioned replacement. If the service device 200 does not support the execution of the above replacement, the service device 200 in step S605 may not record the first indication information, and further the service device 200 may not set the five-tuple of the first response message to the fourth address-fourth port-fifth address-fifth port-first protocol, but may set the fourth address-fourth port-third address-third port-first protocol in step S608. Because the destination IP address in the first response packet is the third address, and the third address belongs to the address field configured by the second network element, the first response packet is forwarded to the second network element for processing, and is not forwarded to the first network element.

S611. the first network element sends a second response message to the terminal device 100.

S612, the terminal equipment 100 sends a fourth message of the access APP1 to the first network element.

The five-tuple of the fourth message includes a first address, a first port, a second address, a second port, and a first protocol. As can be seen from steps S501 and S602, the first message, the second message and the fourth message have the same five-tuple, the first address and the first port correspond to a socket, the second address and the second port in the process X in the terminal device 100, and are used for mapping the APP1 in the service device 200, and the fourth message, like the first message and the second message, belongs to the service access flow of the process X to the APP 1.

S613, the first network element processes the fourth message according to the first mapping information and the second replacement state to obtain a fifth message.

Specifically, according to the first mapping information and the second replacement state, the first network element replaces the source IP address and the source port in the fourth message with a fifth address and a fifth port respectively, and replaces the destination IP address and the destination port in the fourth message with a fourth address and a fourth port respectively, so as to obtain a fifth message.

Optionally, the fifth message includes a second optional field, and the information in the second optional field includes the third address and the third port, so that the service device 200 in step S615 may perform corresponding replacement directly based on the information in the second optional field in the fifth message, which is helpful for improving the processing speed.

S614. the first network element sends a fifth message to the service device 200.

S615, the kernel of the service equipment 200 processes the fifth message to obtain a sixth message.

The five-tuple of the sixth message includes a third address, a third port, a fourth address, a fourth port, and a first protocol.

In one embodiment, the kernel of the service device 200 may replace the source IP address and the source port in the fifth packet with the third address and the third port according to the replacement relationship recorded in step S605, so as to obtain the sixth packet.

In another embodiment, the information of the second optional field in the fifth packet includes the third address and the third port, and the service device 200 may directly replace the source IP address and the source port in the fifth packet with the third address and the third port, respectively, according to the information of the second optional field, so as to obtain the sixth packet. Compared with the previous embodiment, the present embodiment does not need to search for the replacement relationship recorded before, but directly performs the corresponding replacement based on the content carried in the fifth message, which is helpful for improving the processing speed of the service device 200 side.

S616, the kernel of the service device 200 sends a sixth message to the APP 1.

Optionally, after obtaining the fifth message, the kernel may determine a corresponding socket according to the five-tuple of the fifth message (i.e. the fifth address-fifth port-fourth address-fourth port-first protocol), and then call the interface of the operating system to send the transport layer load (i.e. the application layer information) of the fifth message to the socket, and then send the application layer information to APP1.

A second embodiment of the thermomigration method provided by the present application is described below.

Referring to fig. 7, fig. 7 is an interaction flow chart of a thermal migration method according to an embodiment of the present application, including steps S701 to S707.

S701, the second network element sends first mapping information to the first network element. Correspondingly, the first network element receives the first mapping information sent by the second network element.

Wherein the first mapping information indicates a correspondence between the first address-first port-second address-second port-first protocol and the third address-third port-fourth address-fourth port-first protocol. The second network element and the first network element are configured with different address segments. The third address belongs to the address field of the second network element, and the fourth address and the fourth port correspond to the first application program (APP 1) deployed on the service device 200.

Optionally, the first address and the fourth address belong to a first private network and a second private network, respectively, and there is a network segment overlap (address collision) between the first private network and the second private network. The private network may be a VPC or other autonomous network, and embodiments of the present application are not particularly limited.

It should be noted that, before step S701, the second network element may replace the quintuple in the received first packet with the third address, the third port, the fourth address, the fourth port, and the first protocol according to the first mapping information, obtain a replaced packet, and then send the replaced packet to the service device 200. Correspondingly, the service device 200 receives the replaced message sent by the second network element, and then sends the message to the APP1. The five-tuple of the first message includes a first address, a first port, a second address, a second port, and a first protocol. See, for example, the description of fig. 5, which is not repeated here.

Before step S701, the service device 200 may further send a response packet generated by the APP1 to the second network element, where the five-tuple of the response packet includes the fourth address, the fourth port, the third address, the third port, and the first protocol. Correspondingly, the second network element can replace the quintuple in the response message with the second address, the second port, the first address, the first port and the first protocol according to the first mapping information and send the quintuple. See, for example, the description of fig. 5, which is not repeated here.

S702, the first network element sends first indication information to the service equipment 200. Accordingly, the service device 200 receives the first indication information sent by the first network element.

The first indication information is used to instruct the service device 200 to set the quintuple of the first response message corresponding to the first application program as a fourth address-fourth port-fifth address-fifth port-first protocol and send the quintuple to the first network element.

Specifically, when the first network element receives the first mapping information, it is known how the second network element has previously processed the related message based on the first mapping information (see description of fig. 5). Since the third address in the first mapping information belongs to the second network element, in order to ensure that the traffic of the same session (i.e. that a socket in the process X in the terminal device 100 accesses APP1 in the service device 200) is not interrupted, the first network element needs to select an IP address (i.e. the fifth address) from the address field configured by itself, and select a port (i.e. the fifth port), and then instruct the service device 200 to replace the destination IP address+destination port in the first response message (for the response process X) generated by APP1 from the third address+third port to the fifth address+fifth port by sending the first instruction information to the service device 200.

With respect to the specific content and the representation form of the first indication information, embodiments of the present application are not particularly limited. For example, the first network element may send the first indication information to the service device 200 separately, or may carry the first indication information in a packet that needs to be forwarded to the service device 200.

In a first embodiment, the first network element receives a second packet, where a five-tuple of the second packet includes a first address, a first port, a second address, a second port, and a first protocol. Then, the first network element replaces the quintuple in the second message with a third address, a third port, a fourth address, a fourth port and a first protocol according to the first mapping information, so as to obtain a third message, and the third message carries first indication information. Then the first network element sends the third message to the service device 200, and when the service device 200 receives the third message sent by the first network element, the first indication information may be recorded. That is, when the first network element receives the second message, the corresponding replacement may be completed according to the requirement of the first mapping information to obtain the third message, and the first indication information is carried in the third message, so that the first indication information may be sent to the service device 200 along with the third message, without separately sending the first indication information to the service device 200.

Optionally, the first indication information includes information of a first optional field in the third packet, and the information in the first optional field includes a fifth address and a fifth port. For example, the first indication information may include information of the first optional field in the third message, and further includes a source IP address and a source port (i.e., a third address and a third port) in the third message, where the first indication information may indicate a replacement relationship between the third address-third port and the fifth address-fifth port, and may further be used to instruct the service device 200 to execute corresponding replacement. For another example, the first indication information may be located in the first optional field in the third packet, that is, the first optional field in the third packet may include the third address, the third port, the fifth address, and the fifth port, so that the first indication information may be used to instruct the service device 200 to perform the corresponding replacement.

Optionally, before the first network element sends the third message to the service device 200, the first network element may record a first replacement state between the third address-third port and the fifth address-fifth port. For the first replacement state, reference is made to the description in step S603, and details are omitted here.

In a second embodiment, the first network element receives the second message, replaces the five-tuple in the second message with the fifth address, the fifth port, the fourth address, the fourth port and the first protocol to obtain a sixth message, and then sends the sixth message to the service device 200. The five-tuple of the second message includes a first address, a first port, a second address, a second port, and a first protocol. The sixth message includes first indication information, where the first indication information is used to instruct the service device 200 to set a quintuple of the first response message corresponding to the APP1 to a fourth address-fourth port-fifth address-fifth port-first protocol, and then send the quintuple to the first network element. The first indication information is further used for indicating the service device 200 to replace the source IP address and the source port in the sixth packet with the third address and the third port respectively, and then send the third address and the third port to the APP1. Or the first indication information is further used for indicating the service device 200 to send the application layer information in the sixth message to the APP1.

Optionally, the first indication information includes information of a second optional field in the sixth message, and the information in the second optional field includes a third address and a third port. For example, the first indication information may include information of the second optional field in the sixth packet, and further includes a source IP address and a source port (i.e., a fifth address and a fifth port) in the sixth packet, where the first indication information may indicate a replacement relationship between the third address-third port and the fifth address-fifth port, and may further be used to instruct the service device 200 to execute a corresponding replacement process. For another example, the second indication information may be located in the second optional field of the sixth packet, that is, the second optional field of the sixth packet may include the third address, the third port, the fifth address, and the fifth port, so that the above-mentioned function of the first indication information may be performed.

S703, APP1 in service device 200 sends response information to the kernel.

The APP1 may send response information to an associated socket (corresponding five-tuple is a third address-third port-fourth address-fourth port-first protocol), and then the socket sends the response information to the kernel.

S704, the kernel in the service equipment 200 generates a first response message according to the first indication information and the response information.

The first response message corresponds to the APP1, the five-tuple of the first response message includes a fourth address, a fourth port, a fifth address, a fifth port, and a first protocol, and the application layer information of the first response message includes the response information. That is, when the kernel of the service device 200 receives the response information sent by the APP1, the five-tuple of the first response message may be set to the fourth address, the fourth port, the fifth address, the fifth port, and the first protocol according to the requirement of the first indication information, so as to send the first response message to the first network element.

Corresponding to the first embodiment in step S702, when the service device 200 receives the third packet sent by the first network element, the first indication information in the third packet may be recorded. The first message includes first indication information, and the five-tuple of the first message includes a first address, a first port, a second address, a second port, and a first protocol. Then, the service device 200 may set the quintuple of the first response packet corresponding to APP1 to the fourth address, the fourth port, the fifth address, the fifth port, and the first protocol based on the recorded first indication information in step S704.

Corresponding to the second embodiment in step S702, when the service device 200 receives the sixth packet sent by the first network element (the sixth packet includes the first indication information), the source IP address and the source port in the sixth packet may be replaced with the third address and the third port respectively according to the first indication information and then sent to the APP1, or the application layer information in the sixth packet may be sent to the APP1 according to the first indication information. The service device 200 may further set, in step S704, a quintuple of the first response packet corresponding to the APP1 to a fourth address, a fourth port, a fifth address, a fifth port, and a first protocol according to the first indication information in the sixth packet.

Optionally, APP1 in the service device 200 may include a NAT module, and the NAT module may set the five-tuple of the first response packet to the fourth address, the fourth port, the fifth address, the fifth port, and the first protocol based on the first indication information obtained in step S702. And then the APP1 flows the first response message to the network card (without passing through the kernel), and the network card sends the first response message to the first network element.

Optionally, steps S703 and S704 may be that APP1 sends response information to the associated socket (the corresponding five-tuple is the third address-third port-fourth address-fourth port-first protocol), and the socket flows the response information to the kernel. The kernel adds a message header to the response information according to the indication information in step S702, thereby obtaining a first response message. Wherein, the five-tuple in the header includes a fourth address-fourth port-fifth address-fifth port-first protocol, and the application layer information of the first response message includes the response information.

S705. the service device 200 sends a first response message to the first network element.

S706, the first network element processes the first response message to obtain a second response message.

Specifically, when the first network element receives the first response message, the quintuple in the first response message may be replaced by the second address, the second port, the first address, the first port and the first protocol according to the recorded replacement relationship between the fifth address and the fifth port and the third address and the third port and the first mapping information, so as to obtain the second response message. It may be understood that the destination IP address and the destination port in the second response packet are a first address and a first port, where the first address is used to determine the terminal device 100, and the first address+the first port is used to determine a socket in the process X in the terminal device 100, so that the second response packet may be forwarded from the first network element to the terminal device 100, and further, application layer information of the second response packet may be sent to the process X.

In some embodiments, in the case that the first replacement state is recorded in step S702, step S706 may be that the first network element changes the recorded first replacement state to the second replacement state, and replaces the quintuple in the first response message with the second address, the second port, the first address, the first port, and the first protocol, and then sends the first response message (may be sent to the terminal device 100). When the first network element receives the fourth message, the quintuple in the fourth message can be replaced by a fifth address, a fifth port, a fourth address, a fourth port and a first protocol according to the locally recorded second replacement state to obtain a fifth message, and then the fifth message is sent to the service device 200. Correspondingly, the service device 200 receives the fifth message sent by the first network element, replaces the source IP address and the source port in the fifth message with the third address and the third port respectively according to the first indication information, and sends the third address and the third port to the APP1, or the service device 200 sends the application layer information in the fifth message to the APP1 according to the first indication information.

The five-tuple of the fourth message includes a first address, a first port, a second address, a second port, and a first protocol. For details of this embodiment, reference may be made to the description of step S613, which is not repeated here.

Optionally, the fifth packet includes second instruction information, where the second instruction information is used to instruct the service device 200 to replace a source IP address and a source port in the fifth packet with a third address and a third port respectively, and send the source IP address and the source port to the APP1. Therefore, when the service device 200 receives the fifth packet, it may replace the source IP address and the source port in the fifth packet with the third address and the third port according to the second indication information, and then send the third port to the APP1. Or the service device 200 may send the application layer information in the fifth message to APP1 according to the second indication information.

S707, the first network element sends a second response message to the terminal device 100.

The destination IP address and the destination port of the second response message are a first address and a first port, respectively, where the first address+the first port are used to determine a socket in the process X on the terminal device 100, so that the process X can finally receive the content of the second response message.

In summary, according to the embodiment of the present application, through the negotiation coordination between the first network element and the service device 200, the thermal migration of the traffic corresponding to the same session can be implemented, so as to further improve the user experience.

The thermal migration method of the embodiment of fig. 7 is illustrated in conjunction with fig. 8.

Referring to fig. 8, fig. 8 is a schematic diagram illustrating a process before and after thermal migration according to an embodiment of the present application.

For convenience of description, the first address, the second address, the third address, the fourth address, and the fifth address in the foregoing are denoted by IP1, IP2, IP3, IP4, and IP5, respectively, and the first port, the second port, the third port, the fourth port, and the fifth port in the foregoing are denoted by port1, port2, port3, port4, and port5, respectively, and the first protocol is (a protocol number of) the TCP protocol.

(1) Before the first mapping information is migrated from the second network element to the first network element, i.e. step (4)

Before the first mapping information has not been migrated from the second network element to the first network element, or before the NAT instance associated with the first mapping information has not been migrated from the second network element to the first network element, the process X in the terminal device 100 accesses the APP1 in the service device 200 may refer to steps (1) - (3) in fig. 8. The NAT instance associated with the first mapping information refers to a NAT instance that performs corresponding packet processing based on the first mapping information.

Specifically, as shown in fig. 8, the IP address of the terminal device 100 is IP1, a process (denoted as process X) in the terminal device 100 corresponds to port1, and IP1+ port1 may be used to determine a socket in the process X in the terminal device 100. The IP address of the service device 200 is IP4, the port corresponding to an application program (for providing a service, denoted APP 1) in the service device 200 is port4, and IP4+ port4 can be used to determine APP1 in the service device 200.

When process X in terminal device 100 needs to access APP1 in service device 200, terminal device 100 sends a first message to the second network element (i.e., step (1)). The five-tuple of the first packet sequentially includes IP1, port1, IP2, port2, and TCP protocol, "IP2+port2" is a set of IP addresses+ports set in the second network element for mapping "IP4+port4", and the terminal device 100 is equivalent to accessing APP1 corresponding to "IP4+port4" by accessing "IP 2+port2". The first message is forwarded to the second network element based on the destination IP address of the first message. Next, the second network element replaces the quintuple of the first message with IP3, port3, IP4, port4, and TCP protocol based on the first mapping information, obtains a replaced message, and then sends the replaced message to the service device 200 (i.e. step (2)). Wherein "IP3+ port3" is a set of new IP addresses + ports selected by the second network element for mapping "IP1+ port1", IP3 belonging to the address pool of the second network element. The second network element makes "IP1+ port1" access "IP2+ port2" equivalent to "IP3+ port3" access "IP4+ port4" by performing the above-described substitution. Then, the kernel of the service device 200 receives the replaced packet, and sends the application layer information in the replaced packet to APP1 (i.e., step (3)).

(2) After the first mapping information is migrated from the second network element to the first network element

In a first possible scenario (involving step (5) -step (11)), after the first mapping information is migrated from the second network element to the first network element (i.e. step (4)), the first network element will be responsible for performing the corresponding NAT function and forwarding function between the service access procedure between procedure X in the terminal device 100 and APP1 in the service device 200.

As shown in fig. 8, the first network element receives a packet sent by the terminal device 100 (i.e. step (5)), where the five-tuple of the packet includes IP1, port1, IP2, port2, and TCP protocol. It can be understood that the message has the same five-tuple as the message sent by the terminal device 100 in step (1) to the second network element, and corresponds to the same session connection. Then, the first network element replaces the five-tuple of the message with IP3, port3, IP4, port4 and TCP according to the first mapping information migrated by the second network element, and carries IP5 and port5 in the first optional field in the message to obtain a new message. Wherein "IP3+ port3" is a set of IP addresses + ports previously selected by the second network element for mapping "IP1+ port1", IP3 belongs to the address pool within the second network element, and "IP5+ port5" is a set of new IP addresses + ports selected by the first network element for mapping "IP1+ port1", IP5 belongs to the address pool of the first network element. That is, the first network element now expects to replace "IP3+ port3" in the first mapping information with "IP5+ port 5". Then, the first network element sends the new message obtained after the above operation to the service device 200 corresponding to the destination address (i.e., IP 4) (step (6)), and records the first replacement state between "IP3+port3" and "IP5+port5" locally. The first replacement state indicates whether the replacement between the two sets of "IP address+port" is possible or not, and is still in negotiation, and has not been confirmed by the service apparatus 200.

When the service device 200 receives the message in step (6), the message flows to the kernel, and the NAT module in the kernel confirms that the received message includes the first optional field, and then triggers the service device 200 to perform a recording operation, and records the mapping relationship between the content in the first optional field (i.e., IP 5+port5) and the source IP address and the source port (i.e., IP 3+port3) in the message. The protocol stack in the core of the service device 200 sends the application layer information in the message to APP1 (i.e. step (7)). The APP1 transmits the response information obtained after the application layer information processing to the kernel (i.e., step (8)). The kernel generates a first response message according to the mapping relation and the response information recorded by the NAT module, wherein the application layer information (namely the transmission layer load) in the first response message comprises the response information, and the quintuple of the first response message is IP4, port4, IP5, port5 and TCP protocol. Subsequently, the service device 200 sends a first response message to the first network element (step (9)).

The first network element confirms that the quintuple of the first response message received from the service device 200 includes IP4, port4, IP5, port5, and TCP protocol, and in combination with the first replacement state between "IP3+ port3" and "IP5+ port5" recorded locally before, confirms that the service device 200 supports the above replacement, and the first response message is the result after the replacement. Thus, the first network element may change the locally recorded first replacement state to a second replacement state, which indicates that the negotiation has been completed, and may replace "IP3+ port3" with "IP5+ port 5". The first network element replaces the quintuple of the first response message received from step ⑨ with IP2, port2, IP1, port1, and TCP protocol to obtain a second response message, and then sends the second response message to the terminal device 100.

Subsequently, the terminal device 100 sends a message with five tuples of IP1, port1, IP2, port2, and TCP protocol to the first network element (i.e., step (5)). The first network element replaces the quintuple of the message with the IP5, port5, IP4, port4, and TCP according to the first mapping information and the recorded second replacement state, and then sends the message obtained after the processing to the service device 200 (i.e., step (10)). Optionally, the second optional field in the above-mentioned packet includes IP3 and port3.

When the service device 200 receives the message in step (10), if the message does not have the second optional field, the service device 200 may replace the source IP address+source port in the message with IP3+port3 according to the mapping relationship recorded locally and send the message to APP1 (i.e. step (11)), or send the application layer information in the message to APP1. If the message includes the second optional field, the service device 200 does not need to search the mapping relation recorded before, and can directly trigger to replace the source IP address+source port in the message with IP3+port3 according to the second optional field in the message, thereby helping to increase the processing speed, and then send the message obtained after replacement or the application layer information in the message obtained after replacement to

In a second possible scenario (involving step (5), step (10) and step (11)), after the migration of the first mapping information from the second network element to the first network element (i.e. step (4)), it is the responsibility of the first network element to perform the respective NAT function and forwarding function during the service access procedure between process X in the terminal device 100 and APP1 in the service device 200.

The first network element receives a message from the terminal device 100 (i.e. step (5)), and the five-tuple of the message sequentially includes IP1, port1, IP2, port2, and TCP protocol. The first network element can know from the first mapping information that the second network element maps "IP1+ port1" with "IP3+ port3", and in order for the backhaul message of APP1 to be sent to the first network element, the first network element needs to map "IP1+ port1" with a new set of IP addresses + ports. Thus, the first network element selects a certain IP address (i.e., IP 5) from its own configured address pool, while selecting a port (i.e., port 5), i.e., the first network element selects to map "IP1+ port1" with "IP5+ port 5". At this time, the first network element may replace the quintuple in the packet sent in step (5) with IP5, port5, IP4, port4, and TCP protocol, and add a second optional field in the packet, where the content of the second optional field is IP3 and port3, and then send the obtained packet to the service device 200 (i.e. step (10)).

When the service device 200 receives the message in the step (10), the message flows to the kernel, and the NAT module in the kernel confirms that the received message contains the second optional field, so that the service device 200 is triggered to record that the relationship between "IP5+port5" and "IP3+port3" is a replacement relationship, and the source IP address and the source port in the message are replaced with IP3 and port3 respectively and then sent to APP1 (i.e. step (11)), or step (11) may send the application layer information in the message to APP1. The processing procedure of the backhaul (APP 1 to process X) can be referred to in the first scheme in the description of step (8) and step (9), and will not be repeated here.

Referring to fig. 9, fig. 9 is a schematic structural diagram of a first network element according to an embodiment of the present application, which includes a transceiver module 901 and a processing module 902.

The transceiver module 901 is configured to receive first mapping information sent by a second network element, where the first mapping information indicates a correspondence between a first address, a first port, a second address, a second port, a first protocol, and a third address, a third port, a fourth address, a fourth port, and a first protocol, the first network element and the second network element are configured with different address segments, the third address belongs to the address segment of the second network element, and the fourth address and the fourth port correspond to a first application program on the service device 200.

The transceiver module 901 is further configured to send first indication information to the service device 200, where the first indication information is used to instruct the service device to set a five-tuple of a first response packet corresponding to the first application program as a fourth address-fourth port-fifth address-fifth port-first protocol, and send the first protocol to the first network element, where the fifth address belongs to an address field configured by the first network element.

The transceiver module 901 is further configured to receive a first response message sent by the service device 200.

The processing module 902 is configured to replace the five-tuple of the first response message with the second address, the second port, the first address, the first port, and the first protocol to obtain a second response message.

The transceiver module 901 is further configured to send a second response message.

Optionally, the transceiver module 901 is configured to receive a second packet, where a five-tuple of the second packet includes a first address, a first port, a second address, a second port, and a first protocol. The processing module 902 is configured to replace the five-tuple of the second packet with a third address, a third port, a fourth address, a fourth port, and a first protocol according to the first mapping information to obtain a third packet, where the third packet includes the first indication information. The transceiver module 901 is configured to send a third message to the service device 200.

Optionally, the third message includes a first optional field, the information in the first optional field includes a fifth address and a fifth port, and the first indication information includes the information in the first optional field.

Optionally, the processing module 902 is further configured to record a first replacement state between the third address-third port and the fifth address-fifth port. The processing module 902 is specifically configured to replace the quintuple of the second response message with the second address, the second port, the first address, the first port, and the first protocol to obtain the second response message, and change the recorded first replacement state to the second replacement state. The transceiver module 901 is configured to send a second response message and receive a fourth message. The processing module 902 is configured to replace a quintuple in the fourth packet with a fifth address, a fifth port, a fourth address, a fourth port, and a first protocol according to the recorded second replacement state to obtain a fifth packet, where the quintuple in the fourth packet includes the first address, the first port, the second address, the second port, and the first protocol. The transceiver module 901 is configured to send a fifth message to the service device 200.

Optionally, the fifth message includes second indication information, where the second indication information is used to instruct the service device 200 to replace a source IP address and a source port in the fifth message with a third address and a third port respectively, and send the third address and the third port to the first application program. Or the second indication information is used to instruct the service device 200 to send the application layer information in the fifth packet to the first application program.

Optionally, the fifth message includes a second optional field, the information in the second optional field includes a third address and a third port, and the second indication information includes the information in the second optional field.

Optionally, the transceiver module 901 is configured to receive a second packet, the processing module 902 is configured to replace a quintuple of the second packet with a fifth address, a fifth port, a fourth address, a fourth port, and a first protocol to obtain a sixth packet, where the quintuple of the second packet includes a first address, a first port, a second address, a second port, and the first protocol, the sixth packet includes first indication information, and the first indication information is further used to instruct the service device 200 to replace a source IP address and a source port in the sixth packet with a third address and a third port respectively and then send the source IP address and the source port to the first application, or the first indication information is further used to instruct the service device 200 to send application layer information in the sixth packet to the first application. The transceiver module 901 is configured to send a sixth message to the service device 200.

Optionally, the sixth message includes a second optional field, the information in the second optional field includes a third address and a third port, and the first indication information includes the information in the second optional field.

Optionally, the first address and the fourth address belong to a first private network and a second private network, respectively, and there is a network segment overlap (address collision) between the first private network and the second private network. The private network may be a VPC or other autonomous network, and embodiments of the present application are not particularly limited.

The first network element of fig. 9 is specifically configured to perform the method (step) on the first network element side in the embodiments of fig. 6, fig. 7, or fig. 8, and reference may be made to the foregoing description, which is not repeated herein.

The embodiment of the application also provides another first network element which comprises a processor and a memory. The processor is configured to execute the instructions stored in the memory, so that the first network element performs the method (step) on the first network element side in the embodiment of fig. 6, fig. 7 or fig. 8.

Referring to fig. 10, fig. 10 is a schematic structural diagram of a service device 200 according to an embodiment of the present application, including a transceiver module 1001 and a processing module 1002.

The transceiver module 1001 is configured to receive first indication information sent by a first network element, where a quintuple corresponding to a first application on the service device 200 includes a third address, a third port, a fourth address, a fourth port, and a first protocol.

The processing module 1002 is configured to set, according to the first indication information, a five-tuple of a first response packet corresponding to the first application program as a fourth address-fourth port-fifth address-fifth port-first protocol, where the first network element and the second network element are configured with different address segments, and the fifth address and the third address respectively belong to the address segment of the first network element and the address segment of the second network element.

The transceiver module 1001 is further configured to send a first response packet to the first network element.

Optionally, before the service device 200 receives the first indication information sent by the first network element, the transceiver module 1001 is further configured to receive a replaced packet sent by the second network element or application layer information in the replaced packet, and send the replaced packet to the first application program, where a five-tuple of the replaced packet includes a third address, a third port, a fourth address, a fourth port, and a first protocol. The transceiver module 1001 is further configured to send a response message corresponding to the first application to the second network element, where a quintuple of the response message includes a fourth address, a fourth port, a third address, a third port, and a first protocol.

Optionally, the transceiver module 1001 is configured to receive a third packet sent by the first network element, where a quintuple of the third packet includes a third address, a third port, a fourth address, a fourth port, and a first protocol, and the third packet includes first indication information.

Optionally, the third message includes a first optional field, the information in the first optional field includes a fifth address and a fifth port, and the first indication information includes the information in the first optional field.

Optionally, after the service device 200 receives the third packet sent by the first network element, the transceiver module 1001 is further configured to receive a fifth packet sent by the first network element, where a five-tuple of the fifth packet includes a fifth address, a fifth port, a fourth address, a fourth port, and a first protocol. The processing module 1002 is configured to replace the source IP address and the source port in the fifth packet with a third address and a third port, respectively, and send the third address and the third port to the first application program. Or the processing module 1002 is further configured to send the application layer information in the fifth packet to the first application program.

Optionally, the fifth packet includes second instruction information, and the processing module 1002 replaces the source IP address and the source port in the fifth packet with the third address and the third port according to the second instruction information, and then sends the third address and the third port to the first application program. Or the processing module 1002 is configured to send the application layer information in the fifth packet to the first application program according to the second instruction information.

Optionally, the fifth message includes a second optional field, the information in the second optional field includes a third address and a third port, and the second indication information includes the information in the second optional field.

Optionally, the transceiver module 1001 is configured to receive a sixth packet sent by the first network element, where a five-tuple of the sixth packet includes a fifth address, a fifth port, a fourth address, a fourth port, and a first protocol, and the sixth packet includes the first indication information. The processing module 1002 is configured to replace the source IP address and the source port in the sixth packet with a third address and a third port respectively according to the first indication information, and send the third address and the third port to the first application program. Or the processing module 1002 is configured to send the application layer information in the sixth packet to the first application program according to the first indication information.

Optionally, the sixth message includes a second optional field, the information in the second optional field includes a third address and a third port, and the second indication information includes the information in the second optional field.

Optionally, the first address and the fourth address belong to a first private network and a second private network, respectively, and there is a network segment overlap (address collision) between the first private network and the second private network. The private network may be a VPC or other autonomous network, and embodiments of the present application are not particularly limited.

The service device 200 of fig. 10 is specifically configured to perform the method (step) on the service device 200 side in the embodiment of fig. 6,7 or 8, and reference may be made to the foregoing description, which is not repeated here.

The embodiment of the application also provides another service device 200, which comprises a processor and a memory. The processor is configured to execute the instructions stored in the memory, so that the service device 200 performs the method (step) on the service device 200 side in the embodiment of fig. 6, 7 or 8.

The embodiment of the application also provides a communication system, which comprises the first network element, the second network element and the service equipment 200. The method (step) of the first network element for the first network element side in the embodiments of fig. 6, fig. 7 or fig. 8, the service device 200 for executing the method (step) of the service device 200 side in the embodiments of fig. 6, fig. 7 or fig. 8, and the method (step) of the second network element side in the embodiments of fig. 5 to fig. 8, may be specifically referred to the foregoing description and will not be repeated here.

Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a random-access memory (random access memory, RAM), or the like.

The above disclosure is only a preferred embodiment of the present application, and it should be understood that the scope of the application is not limited thereto, and those skilled in the art will appreciate that all or part of the procedures described above can be performed according to the equivalent changes of the claims, and still fall within the scope of the present application.

Claims (26)

1. A thermal migration method, characterized in that the method comprises: The first network element receives first mapping information sent by the second network element, wherein the first mapping information indicates a correspondence between a first address-first port-second address-second port-first protocol and a third address-third port-fourth address-fourth port-first protocol, the first network element and the second network element are configured with different address segments, the third address belongs to the address segment of the second network element, and the fourth address and the fourth port correspond to a first application on a service device; The first network element sends first indication information to the service device, wherein the first indication information is used to instruct the service device to set the quintuple of the first response message corresponding to the first application to the fourth address-the fourth port-the fifth address-the fifth port-the first protocol and then send it to the first network element, the quintuple includes the source IP address, the source port, the destination IP address, the destination port, and the protocol type in sequence, the first indication information includes the third address, the third port, the fifth address and the fifth port, and the fifth address belongs to the address segment configured by the first network element; The first network element receives the first response message sent by the service device, replaces the five-tuple of the first response message with the second address, the second port, the first address, the first port, and the first protocol to obtain a second response message, and sends the second response message. 2. The method according to claim 1, characterized in that before the first network element receives the first mapping information sent by the second network element, the method further comprises: The second network element replaces the five-tuple of the received first message with the third address, the third port, the fourth address, the fourth port, and the first protocol according to the first mapping information to obtain a replaced message, and sends the replaced message to the service device, wherein the five-tuple of the first message includes the first address, the first port, the second address, the second port, and the first protocol; The second network element replaces the five-tuple of the response message sent by the service device with the second address, the second port, the first address, the first port, and the first protocol according to the first mapping information, thereby obtaining a replaced response message, and sends the replaced response message, wherein the five-tuple of the response message includes the fourth address, the fourth port, the third address, the third port, and the first protocol. 3. The method according to claim 1, wherein the first network element sends the first indication information to the service device, comprising: The first network element receives a second message, wherein a quintuple of the second message includes the first address, the first port, the second address, the second port, and the first protocol; The first network element replaces the quintuple of the second message with the third address, the third port, the fourth address, the fourth port, and the first protocol according to the first mapping information to obtain a third message, wherein the third message includes the first indication information; The first network element sends the third message to the service device. 4. The method according to claim 3 is characterized in that the third message includes a first optional field, the information in the first optional field includes the fifth address and the fifth port, and the first indication information includes the information in the first optional field. 5. The method according to claim 3 or 4, characterized in that, before the first network element sends the third message to the service device, the method further comprises: The first network element records a first replacement state between the third address-the third port and the fifth address-the fifth port; The step of replacing the five-tuple of the first response message with the second address, the first address, the second port, the first port, and the first protocol to obtain a second response message, and sending the second response message includes: The first network element replaces the five-tuple of the first response message with the second address, the second port, the first address, the first port, and the first protocol to obtain the second response message, changes the first replacement state recorded to the second replacement state, and sends the second response message; The first network element receives a fourth message, and replaces the quintuple of the fourth message with the fifth address, the fifth port, the fourth address, the fourth port, and the first protocol according to the recorded second replacement state to obtain a fifth message, wherein the quintuple of the fourth message includes the first address, the first port, the second address, the second port, and the first protocol; The first network element sends the fifth message to the service device. 6. The method according to claim 5 is characterized in that the fifth message includes second indication information, wherein the second indication information is used to instruct the service device to replace the source IP address and source port in the fifth message with the third address and the third port respectively and then send it to the first application, or the second indication information is used to instruct the service device to send the application layer information in the fifth message to the first application. 7. The method according to claim 6 is characterized in that the fifth message includes a second optional field, the information in the second optional field includes the third address and the third port, and the second indication information includes the information in the second optional field. 8. The method according to claim 1, wherein the first network element sends the first indication information to the service device, comprising: The first network element receives the second message, and replaces the quintuple of the second message with the fifth address, the fifth port, the fourth address, the fourth port, and the first protocol to obtain a sixth message, wherein the quintuple of the second message includes the first address, the first port, the second address, the second port, and the first protocol, and the sixth message includes the first indication information, and the first indication information is further used to instruct the service device to replace the source IP address and the source port in the sixth message with the third address and the third port respectively, and then send it to the first application, or the first indication information is further used to instruct the service device to send the application layer information in the sixth message to the first application; The first network element sends the sixth message to the service device. 9. The method according to claim 8, characterized in that the sixth message includes a second optional field, the information in the second optional field includes the third address and the third port, and the first indication information includes the information in the second optional field. 10. The method according to any one of claims 1, 2, 3, 4, 8, and 9, characterized in that the first address and the fourth address belong to a first private network and a second private network respectively, and there is an overlapping network segment between the first private network and the second private network. 11. A thermal migration method, characterized in that the method comprises: The service device receives first indication information sent by the first network element, wherein the service device includes a first application, the quintuple corresponding to the first application includes a third address, a third port, a fourth address, a fourth port, and a first protocol, and the first indication information includes the third address, the third port, a fifth address, and a fifth port; The service device sets the quintuple of the first response message corresponding to the first application to the fourth address-the fourth port-the fifth address-the fifth port-the first protocol according to the first indication information, wherein the quintuple includes the source IP address, the source port, the destination IP address, the destination port, and the protocol type in sequence, the first network element and the second network element are configured with different address segments, and the fifth address and the third address belong to the address segment of the first network element and the address segment of the second network element, respectively; The service device sends the first response message to the first network element. 12. The method according to claim 11, characterized in that before the service device receives the first indication information sent by the first network element, the method further comprises: The service device receives the replaced message sent by the second network element, and sends the replaced message or application layer information in the replaced message to the first application program, wherein the quintuple of the replaced message includes the third address, the third port, the fourth address, the fourth port, and the first protocol; The service device sends a response message corresponding to the first application to the second network element, wherein the quintuple of the response message includes the fourth address, the fourth port, the third address, the third port, and the first protocol. 13. The method according to claim 11, wherein the service device receives the first indication information sent by the first network element, comprising: The service device receives a third message sent by the first network element, wherein the quintuple of the third message includes the third address, the third port, the fourth address, the fourth port, and the first protocol, and the third message contains the first indication information. 14. The method according to claim 13, characterized in that the third message includes a first optional field, the information in the first optional field includes the fifth address and the fifth port, and the first indication information includes the information in the first optional field. 15. The method according to claim 13 or 14, characterized in that after the service device receives the third message sent by the first network element, the method further comprises: The service device receives a fifth message sent by the first network element, wherein a quintuple of the fifth message includes the fifth address, the fifth port, the fourth address, the fourth port, and the first protocol; The service device replaces the source IP address and source port in the fifth message with the third address and the third port respectively and sends the message to the first application, or the service device sends the application layer information in the fifth message to the first application. 16. The method according to claim 15, wherein the fifth message includes second indication information, and the service device replaces the source IP address and the source port in the fifth message with the third address and the third port respectively and then sends the message to the first application, comprising: The service device replaces the source IP address and source port in the fifth message with the third address and the third port according to the second indication information and sends the result to the first application. Alternatively, the service device sends the application layer information in the fifth message to the first application according to the second indication information. 17. The method according to claim 16, characterized in that the fifth message includes a second optional field, the information in the second optional field includes the third address and the third port, and the second indication information includes the information in the second optional field. 18. The method according to claim 11, wherein the service device receives the first indication information sent by the first network element, comprising: The service device receives a sixth message sent by the first network element, wherein the quintuple of the sixth message includes a fifth address, a fifth port, a fourth address, a fourth port, and the first protocol, and the sixth message includes the first indication information; The service device replaces the source IP address and source port in the sixth message with the third address and the third port respectively according to the first indication information, and then sends it to the first application, or the service device sends the application layer information in the sixth message to the first application according to the first indication information. 19. The method according to claim 18, characterized in that the sixth message includes a second optional field, the information in the second optional field includes the third address and the third port, and the second indication information includes the information in the second optional field. 20. The method according to any one of claims 11, 12, 13, 14, 18, and 19, characterized in that the first address and the fourth address belong to a first private network and a second private network respectively, and there is an overlapping network segment between the first private network and the second private network. 21. A first network element, comprising a transceiver module and a processing module, The transceiver module is used to receive first mapping information sent by the second network element, wherein the first mapping information indicates a correspondence between a first address-first port-second address-second port-first protocol and a third address-third port-fourth address-fourth port-first protocol, the first network element and the second network element are configured with different address segments, the third address belongs to the address segment of the second network element, and the fourth address and the fourth port correspond to a first application on a service device; The transceiver module is further used to send first indication information to the service device, wherein the first indication information is used to instruct the service device to set the quintuple of the first response message corresponding to the first application to the fourth address-the fourth port-the fifth address-the fifth port-the first protocol and then send it to the first network element, the quintuple includes the source IP address, the source port, the destination IP address, the destination port, and the protocol type in sequence, the first indication information includes the third address, the third port, the fifth address and the fifth port, and the fifth address belongs to the address segment configured by the first network element; The transceiver module is further configured to receive the first response message sent by the service device; The processing module is used to replace the quintuple of the first response message with the second address, the second port, the first address, the first port, and the first protocol to obtain a second response message; The transceiver module is further used to send the second response message. 22. A first network element, comprising a processor and a memory, wherein the processor is configured to execute instructions stored in the memory so that the first network element executes the method according to any one of claims 1 to 10. 23. A service device, comprising a transceiver module and a processing module, The transceiver module is configured to receive first indication information sent by a first network element, wherein the quintuple corresponding to the first application on the service device includes a third address, a third port, a fourth address, a fourth port, and a first protocol, and the first indication information includes the third address, the third port, a fifth address, and a fifth port; The processing module is used to set the quintuple of the first response message corresponding to the first application to the fourth address-the fourth port-the fifth address-the fifth port-the first protocol according to the first indication information, wherein the quintuple includes the source IP address, the source port, the destination IP address, the destination port, and the protocol type in sequence, the first network element and the second network element are configured with different address segments, and the fifth address and the third address belong to the address segment of the first network element and the address segment of the second network element respectively; The transceiver module is further used to send the first response message to the first network element. 24. A service device, comprising a processor and a memory, wherein the processor is used to execute instructions stored in the memory, so that the service device executes the method according to any one of claims 11 to 20. 25. A communication system, characterized by comprising the first network element and the second network element according to any one of claims 1-10 or 21-22, and the service equipment according to any one of claims 11-20 or 23-24. 26. A computer-readable storage medium, characterized in that it includes computer program instructions, and when the computer program instructions are executed by a computing device, the computing device executes the method according to any one of claims 1-10 or 11-20.