CN118631719A - Data transmission method and device, electronic device and computer-readable storage medium - Google Patents

Abstract

The present disclosure provides a data transmission method, apparatus, device, storage medium, and program product, which can be applied to the field of communication technology. The data transmission method comprises the following steps: in response to receiving a data stream to be transmitted, acquiring routing information of the data stream to be transmitted, wherein the data stream to be transmitted comprises M data packets to be transmitted with a sequential relationship, and M is a positive integer; under the condition that no information matched with the routing information exists in the data flow mapping, determining a target transmission rule according to the transmission rule mapping and the routing information; updating the data stream map according to the routing information and the target transmission rule to obtain an updated data stream map; and transmitting the M data packets to be transmitted by using the updated data stream map.

Description

Data transmission method and device, electronic device and computer-readable storage medium

Technical Field

The present disclosure relates to the field of communication technology, and more specifically, to a data transmission method, apparatus, device, storage medium and program product.

Background Art

With the development of communication technology, it is possible to configure rules based on network policies and transmit data packets in data streams according to the routing information of the data packets in the data streams to achieve network isolation.

In the process of realizing the concept of the present disclosure, the inventors found that there are at least the following problems in the related art: when transmitting data packets in a data stream, each data packet (including input and output directions) needs to be transmitted according to the routing information of the data packet, which requires more computing resources to be consumed for data transmission, resulting in low efficiency and poor performance of data transmission.

Summary of the invention

In view of this, the present disclosure provides a data transmission method, apparatus, device, storage medium and program product.

According to one aspect of the present disclosure, a data transmission method is provided, comprising: in response to receiving a data stream to be transmitted, obtaining routing information of the data stream to be transmitted, wherein the data stream to be transmitted includes M data packets to be transmitted having a sequential relationship, and M is a positive integer; in the case where there is no information matching the routing information in the data stream mapping, determining a target transmission rule according to the transmission rule mapping and the routing information; updating the data stream mapping according to the routing information and the target transmission rule to obtain an updated data stream mapping; and transmitting the M data packets to be transmitted using the updated data stream mapping.

According to an embodiment of the present disclosure, the above-mentioned transmission rule mapping includes an input rule mapping and an output rule mapping; the input rule mapping includes P input rule key-value relationships, each input rule key-value relationship includes input key information and input operation value information, and P is a positive integer; and the output rule mapping includes Q output rule key-value relationships, each output rule key-value relationship includes output key information and output operation value information, and Q is a positive integer.

According to an embodiment of the present disclosure, the above-mentioned input rule key-value relationship is constructed in the following manner: according to the network policy configuration information, the input key information and the input operation value information are determined; and according to the input key information and the input operation value information, the input rule key-value relationship is constructed; the output rule key-value relationship is constructed in the following manner: according to the network policy configuration information, the output key information and the output operation value information are determined; and according to the output key information and the output operation value information, the output rule key-value relationship is constructed.

According to an embodiment of the present disclosure, the above-mentioned data stream mapping includes S transmission rule key-value relationships, each transmission rule key-value relationship includes key information and value information, and S is a positive integer; the data transmission method also includes, in response to receiving the data stream to be transmitted, obtaining the routing information of the data stream to be transmitted: determining the socket information of the data stream to be transmitted according to the routing information, wherein the M data packets to be transmitted belonging to the same data stream to be transmitted have the same socket information; matching the socket information with the S key information to obtain a matching result; when the matching result indicates that there is target key information matching the socket information in the data stream mapping, determining the value information corresponding to the target key information as the target transmission rule; and transmitting the M data packets to be transmitted based on the target transmission rule.

According to an embodiment of the present disclosure, in the above-mentioned case where there is no information matching the routing information in the data flow mapping, determining the target transmission rule based on the transmission rule mapping and the routing information includes: matching the routing information with P input key information and Q output key information to obtain a matching result; and in response to the matching result indicating that there is target key information matching the routing information in the P input key information and the Q output key information, determining the operation value information corresponding to the target key information as the target transmission rule.

According to an embodiment of the present disclosure, the above-mentioned data flow mapping includes S transmission rule mapping relationships, each transmission rule mapping relationship includes key information and value information; according to the routing information and the target transmission rule, the data flow mapping is updated to obtain the updated data flow mapping including: determining the socket information as the key information; determining the target transmission rule as the value information; constructing the target transmission rule key-value relationship according to the key information and the value information; and using the target transmission rule key-value relationship to update the data flow mapping to obtain the updated data flow mapping.

According to an embodiment of the present disclosure, the above-mentioned use of the updated data stream mapping to transmit M data packets to be transmitted includes: in response to receiving the mth data packet to be transmitted, matching the socket information with the S key information to obtain a matching result; when the matching result indicates that there is target key information matching the socket information in the data stream mapping, determining the value information corresponding to the target key information as the target transmission rule; and transmitting the mth data packet to be transmitted based on the target transmission rule.

According to an embodiment of the present disclosure, the above-mentioned response to receiving the data stream to be transmitted, obtaining the routing information of the data stream to be transmitted includes: in response to receiving the data stream to be transmitted, using a tracking tool to obtain the routing information; the method also includes, after using the updated data stream mapping to transmit the M data packets to be transmitted: in response to the M data packets to be transmitted being transmitted, deleting the transmission rule key-value relationship corresponding to the socket information in the updated data stream mapping.

According to another aspect of the present disclosure, a data transmission device is provided, including: an acquisition module, used to acquire routing information of the data stream to be transmitted in response to receiving a data stream to be transmitted, wherein the data stream to be transmitted includes M data packets to be transmitted with a sequential relationship, and M is a positive integer; a determination module, used to determine the target transmission rule according to the transmission rule mapping and the routing information when there is no information matching the routing information in the data stream mapping; an update module, used to update the data stream mapping according to the routing information and the target transmission rule to obtain an updated data stream mapping; and a transmission module, used to transmit the M data packets to be transmitted using the updated data stream mapping.

According to another aspect of the present disclosure, an electronic device is provided, comprising: one or more processors; and a memory for storing one or more instructions, wherein when the one or more instructions are executed by the one or more processors, the one or more processors implement the method described in the present disclosure.

According to another aspect of the present disclosure, a computer-readable storage medium is provided, on which executable instructions are stored. When the executable instructions are executed by a processor, the processor implements the method described in the present disclosure.

According to another aspect of the present disclosure, a computer program product is provided. The computer program product includes computer executable instructions. When the computer executable instructions are executed, they are used to implement the method described in the present disclosure.

According to the embodiments of the present disclosure, since the target transmission rule is determined according to the transmission rule mapping and the routing information of the data stream to be transmitted, and the data stream mapping is determined according to the target transmission rule and the common routing information of all the data packets to be transmitted in the data stream to be transmitted, by utilizing the data stream mapping and based on the target transmission rule, it is possible to uniformly transmit M data packets to be transmitted according to the common routing information of all the data packets to be transmitted, without having to transmit the M data packets to be transmitted separately according to the routing information of each data packet to be transmitted, thereby reducing the computing resources consumed in the data transmission process, and thus at least partially overcoming the technical problems of low efficiency and poor performance of data transmission when transmitting data packets in the data stream in the related art, thereby facilitating improving the efficiency and performance of data transmission.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features and advantages of the present disclosure will become more apparent through the following description of the embodiments of the present disclosure with reference to the accompanying drawings, in which:

FIG. 1 schematically shows a system architecture to which a data transmission method according to an embodiment of the present disclosure can be applied.

FIG. 2 schematically shows a flow chart of a data transmission method according to an embodiment of the present disclosure.

FIG. 3 exemplarily shows an example schematic diagram of a process of obtaining a transmission rule mapping and a data flow mapping according to an embodiment of the present disclosure.

FIG. 4 exemplarily shows a schematic diagram of a data transmission process according to an embodiment of the present disclosure.

FIG. 5 exemplarily shows a data transmission architecture diagram according to an embodiment of the present disclosure.

FIG6 schematically shows a block diagram of a data transmission device according to an embodiment of the present disclosure.

FIG7 schematically shows a block diagram of an electronic device suitable for implementing a data transmission method according to an embodiment of the present disclosure.

DETAILED DESCRIPTION

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. However, it should be understood that these descriptions are exemplary only and are not intended to limit the scope of the present disclosure. In the following detailed description, for ease of explanation, many specific details are set forth to provide a comprehensive understanding of the embodiments of the present disclosure. However, it is apparent that one or more embodiments may also be implemented without these specific details. In addition, in the following description, descriptions of known structures and technologies are omitted to avoid unnecessary confusion of the concepts of the present disclosure.

The terms used herein are only for describing specific embodiments and are not intended to limit the present disclosure. The terms "include", "comprising", etc. used herein indicate the existence of the features, steps, operations and/or components, but do not exclude the existence or addition of one or more other features, steps, operations or components.

All terms (including technical and scientific terms) used herein have the meanings commonly understood by those skilled in the art, unless otherwise defined. It should be noted that the terms used herein should be interpreted as having a meaning consistent with the context of this specification, and should not be interpreted in an idealized or overly rigid manner.

When using expressions such as "at least one of A, B, and C", they should generally be interpreted according to the meaning of the expression commonly understood by technical personnel in this field (for example, "a system having at least one of A, B, and C" should include but is not limited to a system having A alone, B alone, C alone, A and B, A and C, B and C, and/or A, B, C, etc.).

In the embodiments of the present disclosure, the collection, updating, analysis, processing, use, transmission, provision, disclosure, storage, etc. of the data involved (for example, including but not limited to user personal information) are in compliance with the provisions of relevant laws and regulations, are used for legitimate purposes, and do not violate public order and good morals. In particular, necessary measures are taken for user personal information to prevent illegal access to user personal information data and maintain the security of user personal information and network security.

In the embodiments of the present disclosure, the user's authorization or consent is obtained before obtaining or collecting the user's personal information.

For example, after receiving the data stream to be transmitted, your information can be desensitized using methods including de-identification or anonymization to protect the security of your information.

With the development of the field of communication technology, network isolation can be achieved by transmitting (forwarding or discarding, etc.) data packets in a data stream based on network policy configuration rules and according to the routing information of the data packets in the data stream.

Network isolation can improve network security and privacy protection by limiting the communication between different parts of the network. As an example, network isolation can be achieved by setting network policy configuration rules and filtering and controlling data packets in the data flow based on routing information.

In the process of realizing the concept of the present disclosure, the inventors found that there are at least the following problems in the related art: when transmitting data packets in a data stream, each data packet (including input and output directions) needs to be transmitted according to the routing information of the data packet, which requires more computing resources to be consumed for data transmission, resulting in low efficiency and poor performance of data transmission.

In order to at least partially solve the technical problems existing in the related art, the present disclosure provides a data transmission method, apparatus, device, storage medium and program product.

FIG1 schematically shows a system architecture to which the data transmission method according to an embodiment of the present disclosure can be applied. It should be noted that FIG1 is only an example of a system architecture to which the embodiment of the present disclosure can be applied, in order to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiment of the present disclosure cannot be used in other devices, systems, environments or scenarios.

As shown in FIG1 , the system architecture 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is used to provide a medium for a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or optical fiber cables, etc.

The user may use at least one of the first terminal device 101, the second terminal device 102, and the third terminal device 103 to interact with the server 105 through the network 104 to receive or send messages, etc. Various communication client applications may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103, such as shopping applications, web browser applications, search applications, instant messaging tools, email clients, social platform software, etc. (only as examples).

The first terminal device 101, the second terminal device 102, and the third terminal device 103 may be various electronic devices having display screens and supporting web browsing, including but not limited to smart phones, tablet computers, laptop computers, desktop computers, and the like.

The server 105 may be a server that provides various services, such as a background management server (only as an example) that provides support for websites browsed by users using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may analyze and process the received data such as user requests, and feed back the processing results (such as web pages, information, or data obtained or generated according to user requests) to the terminal device.

It should be noted that the data transmission method provided in the embodiment of the present disclosure can generally be executed by the server 105. Accordingly, the data transmission device provided in the embodiment of the present disclosure can generally be set in the server 105. The data transmission method provided in the embodiment of the present disclosure can also be executed by a server or server cluster that is different from the server 105 and can communicate with the first terminal device 101, the second terminal device 102, the third terminal device 103 and/or the server 105. Accordingly, the data transmission device provided in the embodiment of the present disclosure can also be set in a server or server cluster that is different from the server 105 and can communicate with the first terminal device 101, the second terminal device 102, the third terminal device 103 and/or the server 105.

Alternatively, the data transmission method provided in the embodiment of the present disclosure may also be executed by the first terminal device 101, the second terminal device 102, or the third terminal device 103, or may also be executed by other terminal devices different from the first terminal device 101, the second terminal device 102, or the third terminal device 103. Accordingly, the data transmission apparatus provided in the embodiment of the present disclosure may also be provided in the first terminal device 101, the second terminal device 102, or the third terminal device 103, or may be provided in other terminal devices different from the first terminal device 101, the second terminal device 102, or the third terminal device 103.

It should be understood that the number of terminal devices, networks and servers in Figure 1 is only illustrative. Any number of terminal devices, networks and servers may be provided according to implementation requirements.

It should be noted that the sequence numbers of the operations in the following method are only used as representations of the operations for the purpose of description, and should not be regarded as representing the execution order of the operations. Unless explicitly stated, the method does not need to be executed completely in the order shown.

FIG. 2 schematically shows a flow chart of a data transmission method according to an embodiment of the present disclosure.

As shown in FIG. 2 , the data transmission method includes operations S210 to S240 .

In operation S210, in response to receiving a data stream to be transmitted, routing information of the data stream to be transmitted is obtained, wherein the data stream to be transmitted includes M data packets to be transmitted in a sequential relationship, and M is a positive integer.

In operation S220, if there is no information matching the routing information in the data flow map, a target transmission rule is determined according to the transmission rule map and the routing information.

In operation S230, the data flow mapping is updated according to the routing information and the target transmission rule to obtain an updated data flow mapping.

In operation S240, the M data packets to be transmitted are transmitted using the updated data flow mapping.

According to an embodiment of the present disclosure, the data stream to be transmitted includes M data packets to be transmitted with a sequential relationship, where M is a positive integer. The data packet to be transmitted can be understood as the basic unit for data transmission in the network, and the data stream to be transmitted can be understood as a sequence of data packets to be transmitted with common characteristics (such as routing information). The data packets to be transmitted may include data packets in the input direction and data packets in the output direction. The input direction may be understood as the direction in which the data packet enters the device or network interface, and the output direction may be understood as the direction in which the data packet leaves the device or network interface. The aforementioned sequential relationship may include the time sequence of sending data packets when transmitting the data stream.

According to one embodiment of the present disclosure, routing information can be understood as the path and related information of a data packet when it is transmitted in a network. The routing information of the data stream to be transmitted may include five-tuple information (5-tuple) of the data stream to be transmitted. The five-tuple information may include: source IP address (Source IP Address, sip), destination IP address (Destination IPAddress, dip), source port number (Source Port, sport), destination port number (Destination Port, dport) and transport protocol (Protocol, proto).

According to an embodiment of the present disclosure, the source IP address can be used to characterize the IP address of the source host that sends the data packet. The destination IP address can be used to characterize the IP address of the destination host that receives the data packet. The source port number can be used to characterize the port number used by the application on the source host that sends the data packet. The destination port number can be used to characterize the port number used by the application on the destination host that receives the data packet. The transport protocol can be used to characterize the network transport protocol used to send the data packet, such as TCP (Transmission Control Protocol), UDP (User Datagram Protocol), ICMP (Internet Control Message Protocol), etc.

According to an embodiment of the present disclosure, for the same data stream to be transmitted, the routing information corresponding to the data stream to be transmitted may include routing information common to all data packets to be transmitted in the data stream to be transmitted, so as to ensure that all data packets to be transmitted can be correctly transmitted to the target location. Exemplarily, all data packets to be transmitted in the same data stream to be transmitted may have the same five-tuple information.

According to an embodiment of the present disclosure, data flow mapping can transmit M data packets to be transmitted according to the common routing information of all data packets to be transmitted in the data flow to be transmitted. Data flow mapping can be understood as network policy configuration information based on data flow.

According to an embodiment of the present disclosure, the transmission rule mapping can transmit M data packets to be transmitted respectively according to the routing information corresponding to each data packet to be transmitted in the data stream to be transmitted. The transmission rule mapping can be understood as network policy configuration information based on data packets.

According to an embodiment of the present disclosure, the target transmission rule can be understood as a network policy (which may include forwarding or discarding) corresponding to the M data packets to be transmitted in the data stream to be transmitted, and the data packets to be transmitted in the data stream to be transmitted can be transmitted based on the target transmission rule.

According to an embodiment of the present disclosure, when there is no information matching the routing information in the data flow mapping, the target transmission rule can be determined according to the transmission rule mapping and the routing information. The M data packets to be transmitted can be transmitted respectively according to the target transmission rule.

According to an embodiment of the present disclosure, the data stream mapping can be updated according to the routing information and the target transmission rule to obtain an updated data stream mapping. Exemplarily, updating the data stream mapping can include generating and/or saving a data stream mapping that matches the routing information. After obtaining the updated data stream mapping, in response to receiving a data stream to be transmitted with the same routing information again, the updated data stream mapping can be used to uniformly transmit the M data packets to be transmitted based on the target transmission rule.

According to an embodiment of the present disclosure, when there is information matching the routing information in the data flow mapping, the target transmission rule can be determined according to the data flow mapping and the routing information. The M data packets to be transmitted can be uniformly transmitted according to the target transmission rule.

According to the embodiments of the present disclosure, since the target transmission rule is determined according to the transmission rule mapping and the routing information of the data stream to be transmitted, and the data stream mapping is determined according to the target transmission rule and the common routing information of all the data packets to be transmitted in the data stream to be transmitted, therefore, by utilizing the data stream mapping and based on the target transmission rule, it is possible to uniformly transmit M data packets to be transmitted according to the common routing information of all the data packets to be transmitted, without having to transmit the M data packets to be transmitted separately according to the routing information of each data packet to be transmitted, thereby reducing the computing resources consumed in the data transmission process, and thus at least partially overcoming the technical problems of low efficiency and poor performance of data transmission when transmitting data packets in the data stream in the related art, thereby facilitating improving the efficiency and performance of data transmission.

The data transmission method according to the embodiment of the present invention is further described below with reference to FIG. 3 to FIG. 5 .

According to an embodiment of the present disclosure, the above-mentioned transmission rule mapping includes an input rule mapping and an output rule mapping; the input rule mapping includes P input rule key-value relationships, each input rule key-value relationship includes input key information and input operation value information, and P is a positive integer; and the output rule mapping includes Q output rule key-value relationships, each output rule key-value relationship includes output key information and output operation value information, and Q is a positive integer.

According to an embodiment of the present disclosure, the transmission rule mapping can determine the target transmission rule according to the routing information (five-tuple information, 5-tuple) of the data packet to be transmitted, so that the data packet to be transmitted can be transmitted based on the target transmission rule.

According to the embodiments of the present disclosure, the input rule mapping can be understood as the network policy configuration information corresponding to the data packets to be transmitted in the input direction, and the data packets to be transmitted in the input direction can be transmitted based on the input rule key-value relationship in the input rule mapping. The input key information can be used to match the routing information of the data packets to be transmitted in the input direction, and the input value information can be understood as the network policy corresponding to the input key information.

As an example, the input key information may include routing information of a data packet to be transmitted in the input direction, such as five-tuple information. The input value information may include a processing strategy corresponding to the input key information, such as forwarding and discarding.

According to the embodiments of the present disclosure, the output rule mapping can be understood as the network policy configuration information corresponding to the data packet to be transmitted in the output direction, and the data packet to be transmitted in the output direction can be transmitted based on the output rule key-value relationship in the output rule mapping. The output key information can be used to match the routing information of the data packet to be transmitted in the output direction, and the output value information can be understood as the network policy corresponding to the output key information.

As an example, the output key information may include routing information of the data packet to be transmitted in the output direction, such as five-tuple information. The output value information may include a processing strategy corresponding to the output key information, such as forwarding and discarding.

For example, in a k8s cluster, the transmission rule map can be understood as a Policy Map implemented based on the eBPF program. The Policy Map can transmit the data packets to be transmitted according to the five-tuple information (5-tuple, including sip, sport, proto, dip and dport) of the data packets to be transmitted. The input rule map can be understood as the Ingress Policy Map in the Policy Map, and the output rule map can be understood as the Egress Policy Map in the Policy Map. The Ingress Policy Map can include P input rule key-value relationships, each of which includes input key information (key, which can include sip, sport, proto, dip and dport, that is, five-tuple information) and input key information (value, which can include allow and deny, that is, forwarding and discarding). The Egress PolicyMap may include Q output rule key-value relationships, each of which includes output key information (key, which may include sip, sport, proto, dip, and dport, i.e., five-tuple information) and output key information (value, which may include allow and deny, i.e., forward and discard).

According to an embodiment of the present disclosure, the five-tuple information of the data packet to be transmitted in the data stream to be transmitted can be matched with the input key information or the output key information, and the data packet to be transmitted can be forwarded or discarded according to the corresponding input value information or the output value information. In this way, filtering and processing can be implemented for a single data packet to be transmitted, thereby realizing fine-grained data management and data control.

According to an embodiment of the present disclosure, the above-mentioned input rule key-value relationship is constructed in the following manner: according to the network policy configuration information, the input key information and the input operation value information are determined; and according to the input key information and the input operation value information, the input rule key-value relationship is constructed; the output rule key-value relationship is constructed in the following manner: according to the network policy configuration information, the output key information and the output operation value information are determined; and according to the output key information and the output operation value information, the output rule key-value relationship is constructed.

According to an embodiment of the present disclosure, network policy configuration information can be understood as a set of rules for defining and managing traffic in a network, and the aforementioned rules can forward (allow) or discard (deny) data streams and/or data packets as needed to determine the behavior of data packets in the network. Exemplarily, the network policy configuration information may include matching rules corresponding to traffic and network policies that allow or deny specific traffic. The above-mentioned input/output key value information can be understood as a key-value pair, and the input/output key information can be used to correspond to identification and access input/output value information, and the input/output value information is correspondingly associated with the input/output key information.

According to the embodiments of the present disclosure, those skilled in the art can reasonably set the input key-value relationship and/or the output key-value relationship according to the network policy configuration information based on actual needs or application scenarios. Exemplarily, the network policy configuration information may include matching rules corresponding to traffic and network policies that allow or deny specific traffic. The input key-value relationship and the output key-value relationship can be constructed based on the aforementioned matching rules and network policies. The aforementioned traffic may include data streams and/or data packets.

As an example, a matching rule may be determined based on a specific IP address, port number, protocol type, user identity, application type, etc., and input key information and/or output key information may be determined based on the matching rule. A corresponding network policy of permission or rejection may be defined for a data flow of a specific IP address, port number, protocol type, user identity, application type, etc., and input value information and/or output value information may be determined based on the network policy.

FIG. 3 exemplarily shows an example schematic diagram of a process of obtaining a transmission rule mapping and a data flow mapping according to an embodiment of the present disclosure.

According to an embodiment of the present disclosure, in a k8s (Kubemetes) cluster, network policy configuration information may include a network policy, which may be used to define communication rules between containers so as to control and manage specific traffic, thereby helping to improve the security and reliability of the k8s cluster. As an example, a Network Policy may include matching rules and policy information.

The transmission rule mapping can include a policy map (PolicyMap, kube_policy) based on the eBPF program. PolicyMap can match according to the routing information (five-tuple information, 5-tuple) of the data packet and perform corresponding processing operations according to the preset policy rules, such as allowing or denying specific data packets, limiting bandwidth, forwarding or discarding data packets, etc. Through the PolicyMap implemented based on the eBPF program, traffic can be controlled and managed more flexibly, and refined network policy configuration can be achieved.

Exemplarily, as shown in FIG3 , the matching rules of the network policy configuration information 301 (Network Policy) may include an ingress rule (Ingress rule) corresponding to the input direction and an egress rule (Egress rule) corresponding to the output direction. The ingress rule and the egress rule may be determined based on the network policy target (Network Policy Peer) and the network policy port (Network Policy Port), and the Network Policy Peer and the Network Policy Port may match the routing information of the data flow. For example, the Network Policy Peer may include a container group selector (PodSelector), a namespace selector (Name space Selector), and an IP block (IP Block). The Network PolicyPort may include a port (Port) and a protocol (Protocol). The network policy of the Network Policy may include forwarding (allow) and discarding (deny).

Exemplarily, as shown in FIG3 , an eBPF program can be used to determine the input key-value relationship 3021 (Ingress Policy Map) and the output key-value relationship 3022 (Egress Policy Map) of the transmission rule map 302 (Policy Map) according to the ingress rule (Ingress rule) and the outbound rule (Egress rule) of the network policy configuration information 301 (NetworkPolicy). The key (i.e., input key information and output key information) of the Ingress Policy Map and the Egress Policy Map both include sip, sport, proto, dip, and dport (i.e., 5-tuple information), and the value (i.e., input value information and output value information) of the Ingress Policy Map and the Egress Policy Map both include allow (i.e., forward) and deny (i.e., discard).

According to an embodiment of the present disclosure, the above-mentioned data stream mapping may include S transmission rule key-value relationships, each transmission rule key-value relationship includes key information and value information, and S is a positive integer. According to an embodiment of the present disclosure, the data transmission method may also include, after operation S210: determining the socket information of the data stream to be transmitted according to the routing information, wherein the M data packets to be transmitted belonging to the same data stream to be transmitted have the same socket information; matching the socket information with the S key information to obtain a matching result; in the case where the matching result indicates that there is target key information matching the socket information in the data stream mapping, determining the value information corresponding to the target key information as the target transmission rule; and transmitting the M data packets to be transmitted based on the target transmission rule.

According to an embodiment of the present disclosure, socket information can be understood as an interface for transmitting data in a network, and socket information can be used to establish and manage sessions. The socket information of data can correspond to the five-tuple information of data to ensure the correct transmission of data. As an example, the socket information of the data stream to be transmitted can be determined based on the routing information of the data stream to be transmitted (e.g., five-tuple information 5-tuple,).

According to the embodiments of the present disclosure, a session can be understood as a process of interaction between two or more applications in network communication. During a session, the interacting parties can communicate, transmit data and maintain session status through socket information.

According to an embodiment of the present disclosure, a session may include one or more data streams. For the same session, the routing information corresponding to the session may include routing information common to all data streams to be transmitted in the session to ensure that all data streams to be transmitted can be correctly transmitted to the target location. Exemplarily, all data streams to be transmitted in the same session may have the same socket information. On this basis, for the same data stream to be transmitted, the M data packets to be transmitted in the data stream to be transmitted may have the same socket information.

According to an embodiment of the present disclosure, the transmission rule key-value relationship corresponding to the data flow mapping can be understood as a key-value pair, and the key information of the transmission rule key-value relationship can be used to identify and access the value information of the transmission rule key-value relationship, and the aforementioned value information is associated with the aforementioned key information. Alternatively, the transmission rule key-value relationship can include a transmission rule key-value relationship for the input direction and a transmission rule key-value relationship for the output direction.

According to an embodiment of the present disclosure, the key information of the transmission rule key-value relationship may include socket information corresponding to the routing information (five-tuple information), and the value information of the transmission rule key-value relationship may include forwarding (allow) and discarding (deny).

Exemplarily, as shown in FIG3 , in a k8s cluster, a data stream mapping 303 can be determined according to a transmission rule mapping 302. The data stream mapping 303 can be understood as a session mapping (Session Map) based on a data stream, and the Session Map can transmit the M data packets to be transmitted in the data stream to be transmitted according to the socket information (socket) of the data stream to be transmitted. The Session Map may include S transmission rule key-value relationships 3031, and each transmission rule key-value relationship 3031 includes key information (key, which may include socket, i.e., socket information) and value information (value, which may include allow and deny, i.e., forwarding and discarding).

According to an embodiment of the present disclosure, in response to receiving a data stream to be transmitted, after obtaining routing information (five-tuple information 5-tuple) of the data stream to be transmitted, the socket information (socket) of the data stream to be transmitted can be determined according to the five-tuple information (5-tuple) of the data packet to be transmitted in the data stream to be transmitted. Since the M data packets to be transmitted of the same data stream to be transmitted have the same five-tuple information (5-tuple), the M data packets to be transmitted of the same data stream to be transmitted have the same socket information (socket).

According to an embodiment of the present disclosure, the socket information can be matched with the S key information to obtain a matching result. As an example, the matching result can include target key information that matches the socket information in the data stream mapping and target key value information that does not match the socket information in the data stream mapping.

Exemplarily, in a k8s cluster, in response to receiving a data stream to be transmitted, the five-tuple information (5-tuple, including sip, sport, proto, dip and dport) of the data stream to be transmitted can be obtained first. The socket information (socket) of the data stream to be transmitted can be determined based on the aforementioned five-tuple information (5-tuple). The socket information (socket) of the data stream to be transmitted can be matched with the S key information (key, including socket) in SessionMap to obtain a matching result.

For example, in a k8s cluster, when the matching result indicates that there is target key information (key, matching the socket of the data stream to be transmitted) in SessionMap, the target value information (value, including allow or deny) corresponding to the aforementioned target key information can be determined as the target transmission rule. On this basis, the target transmission rule can be determined according to the socket information (socket) of the data stream to be transmitted, so that the M data packets to be transmitted in the data stream to be transmitted are uniformly transmitted based on the target transmission rule.

According to an embodiment of the present disclosure, in the case where there is target key information matching the socket information in the matching result characterizing the data stream mapping, the target value information corresponding to the target key information can be determined as a target transmission rule (which may include forwarding or discarding M data packets to be transmitted). On this basis, the M data packets to be transmitted can be transmitted based on the target transmission rule. Thus, it is possible to uniformly transmit the M data packets to be transmitted according to the common routing information of all data packets to be transmitted, without having to transmit the M data packets to be transmitted separately according to the routing information of each data packet to be transmitted, thereby reducing the computing resources consumed in the data transmission process, and thus at least partially overcoming the technical problems of low efficiency and poor performance of data transmission when transmitting data packets in a data stream in the related art, thereby facilitating improving the efficiency and performance of data transmission.

According to an embodiment of the present disclosure, operation S220 may include: matching routing information with P input key information and Q output key information to obtain a matching result; and in response to the matching result indicating that there is target key information in the P input key information and the Q output key information that matches the routing information, determining the operation value information corresponding to the target key information as the target transmission rule.

According to an embodiment of the present disclosure, in response to receiving a data stream to be transmitted, after obtaining routing information (five-tuple information) of the data stream to be transmitted, the socket information of the data stream to be transmitted can be determined according to the five-tuple information of the data packet to be transmitted in the data stream to be transmitted. In the case that there is no information matching the aforementioned socket information in the S transmission rule key-value relationships of the data stream mapping, the routing information (five-tuple information) can be matched with the P input key information and the Q output key information in the transmission rule mapping to obtain a matching result.

According to an embodiment of the present disclosure, in response to the above-mentioned matching result characterizing the target key information that exists in the P input key information and the Q output key information and matches the routing information, the target value information corresponding to the target key information can be determined as the target transmission rule. The target value information can be understood as the value information corresponding to the target key information.

Exemplarily, the target key information may include input key information or output key information, and the target value information may include forwarding and discarding. On this basis, the M data packets to be transmitted in the data stream to be transmitted may be transmitted according to the aforementioned target transmission rule.

Exemplarily, in a k8s cluster, in response to receiving a data stream to be transmitted, the five-tuple information (5-tuple, including sip, sport, proto, dip and dport) of the data stream to be transmitted can be obtained first. The socket information (socket) of the data stream to be transmitted can be determined based on the aforementioned five-tuple information (5-tuple). The socket information (socket) of the data stream to be transmitted can be matched with the S key information (key, including socket) in SessionMap to obtain a matching result.

Exemplarily, in a k8s cluster, when the matching result indicates that there is no target key information in SessionMap that matches the socket information (socket) of the data stream to be transmitted, the quintuple information (5-tuple) of the data stream to be transmitted can be matched with the P input key information (key, including sip, sport, proto, dip and dport) and Q output key information (key, including sip, sport, proto, dip and dport) in PolicyMap to obtain a matching result.

Exemplarily, in a k8s cluster, in response to the target key information (key, matching the 5-tuple of the data stream to be transmitted) that matches the P input key information and Q output key information in the PolicyMap in the matching result, the target value information (value, including allow or deny) corresponding to the aforementioned target key information can be determined as the target transmission rule. Based on the target transmission rule, the M data packets to be transmitted in the data stream to be transmitted can be transmitted separately.

According to an embodiment of the present disclosure, the above-mentioned data flow mapping includes S transmission rule mapping relationships, each transmission rule mapping relationship includes key information and value information; operation S230 may include: determining the socket information as key information; determining the target transmission rule as value information; constructing a target transmission rule key-value relationship based on the key information and the value information; and using the target transmission rule key-value relationship to update the data flow mapping to obtain an updated data flow mapping.

According to an embodiment of the present disclosure, when there is no information matching the routing information (socket information, socket) of the data stream to be transmitted in the S transmission rule key-value relationships of the data stream mapping, the target transmission rule corresponding to the data stream to be transmitted can be determined based on the routing information (five-tuple information, 5-tuple) of the data stream to be transmitted. After determining the target transmission rule corresponding to the data stream to be transmitted, the socket information of the data stream to be transmitted can be determined as the key information of the transmission rule key-value relationship, and the target transmission rule corresponding to the data stream to be transmitted can be determined as the value information of the transmission rule key-value relationship. On this basis, a target transmission rule key-value relationship corresponding to the data stream to be transmitted can be constructed based on the key information and value information determined based on the data stream to be transmitted. The target transmission rule key-value relationship can be used to update the data stream mapping to obtain an updated data stream mapping.

Exemplarily, in a k8s cluster, when there is no information matching the socket information (socket) of the data stream to be transmitted in the S transmission rule key-value relationships of SessionMap, the target transmission rule (including allow or deny) corresponding to the data stream to be transmitted can be determined based on the five-tuple information (5-tuple) of the data stream to be transmitted. After determining the target transmission rule corresponding to the data stream to be transmitted, the socket information (socket) of the data stream to be transmitted can be determined as the key information (key) of the transmission rule key-value relationship, and the target transmission rule (allow or deny) corresponding to the data stream to be transmitted can be determined as the value information (value) of the transmission rule key-value relationship. On this basis, a target transmission rule key-value relationship corresponding to the data stream to be transmitted can be constructed based on the aforementioned key information (key) and value information (value).

Exemplarily, in a k8s cluster, after determining the target transmission rule key-value relationship, the above-mentioned target key information and target value information can be associated and written into a map of type BPF_MAP_TYPE_SK_STORAGE, so that the SessionMap can be updated to obtain an updated SessionMap.

According to the embodiments of the present disclosure, through the above settings, the updated data stream mapping includes information that matches the routing information (socket information) of the data stream to be transmitted, so that when responding to the data stream to be transmitted with the same routing information (socket information) again, the target key information and target value information corresponding to the data stream to be transmitted in the S transmission rule key-value relationship can be determined according to the socket information, and the target value information can be determined as the target transmission rule. On this basis, the M data packets to be transmitted in the data stream to be transmitted can be uniformly transmitted based on the target transmission rule, thereby eliminating the need to transmit the M data packets to be transmitted separately according to the routing information of each data packet to be transmitted, thereby reducing the computing resources consumed in the data transmission process, and thus at least partially overcoming the technical problems of low efficiency and poor performance of data transmission when transmitting data packets in the data stream in the related art.

According to an embodiment of the present disclosure, operation S240 may include: in response to receiving the mth data packet to be transmitted, matching the socket information with S key information to obtain a matching result; in a case where the matching result represents the presence of target key information matching the socket information in the data stream mapping, determining the value information corresponding to the target key information as a target transmission rule; and transmitting the mth data packet to be transmitted based on the target transmission rule.

Exemplarily, in a k8s cluster, in response to receiving the mth data packet to be transmitted, the socket information (socket) of the data packet to be transmitted can be matched with S key information (key, including socket) in SessionMap to obtain a matching result. In the case where the matching result represents the target key information (key, matching the socket of the data stream to be transmitted) that matches the socket information (socket) of the data packet to be transmitted in SessionMap, the target value information (value, including allow or deny) corresponding to the aforementioned target key information can be determined as the target transmission rule. On this basis, the mth data packet to be transmitted can be transmitted based on the aforementioned target transmission rule.

According to an embodiment of the present disclosure, the above-mentioned response to receiving the data stream to be transmitted, obtaining the routing information of the data stream to be transmitted includes: in response to receiving the data stream to be transmitted, using a tracking tool to obtain the routing information; the method also includes, after using the updated data stream mapping to transmit the M data packets to be transmitted: in response to the M data packets to be transmitted being transmitted, deleting the transmission rule key-value relationship corresponding to the socket information in the updated data stream mapping.

According to an embodiment of the present disclosure, in response to receiving a data stream to be transmitted, a tracing tool may be used to obtain routing information of the data stream to be transmitted.

According to an embodiment of the present disclosure, a tracking tool may be used to track the status of a data stream to be transmitted, and obtain routing information (which may include quintuple information) of the data stream to be transmitted.

Exemplarily, in a k8s cluster, the tracking tool can be implemented based on a connection tracking table. The connection tracking table can store the status information of the currently active network connection, and the status information can include five-tuple information. In response to receiving a data stream to be transmitted, the routing information of the data stream to be transmitted can be determined by checking the data table to be transmitted.

According to one embodiment of the present disclosure, after all M data packets to be transmitted of the data stream to be transmitted are transmitted, the transmission rule key-value relationship corresponding to the socket information of the data stream to be transmitted in the updated data stream mapping can be deleted, thereby eliminating the need to maintain relevant information of the data stream that has completed transmission, which is beneficial to further reduce the computing resources consumed in the data transmission process and helps to improve the efficiency and performance of data transmission.

Exemplarily, in a k8s cluster, in response to the completion of transmission of all M data packets to be transmitted in a data stream to be transmitted, the transmission rule key-value relationship corresponding to the socket information (socket) of the data stream to be transmitted in the updated SessionMap can be deleted.

FIG. 4 exemplarily shows a schematic diagram of a data transmission process according to an embodiment of the present disclosure.

In response to receiving the data stream 401 to be transmitted, routing information 402 (five-tuple information) of the data stream 401 to be transmitted may be acquired, and socket information 403 of the data stream 401 to be transmitted may be determined according to the routing information 402 .

The socket information 403 may be matched with the S key information in the data stream mapping 404 to obtain a first matching result 405. When the first matching result 405 indicates that there is target key information 406 matching the socket information 403 in the data stream mapping 404, the target value information 407 corresponding to the target key information 406 may be determined as a target transmission rule 408 corresponding to the data stream 401 to be transmitted.

In the case where the first matching result 405 indicates that there is no target key information 406 matching the socket information 403 in the data stream mapping 404, the routing information 402 can be matched with the P input key information and the Q output key information in the transmission rule mapping 409 to obtain the second matching result 410. In response to the second matching result 410 indicating that there is target key information 406 matching the routing information 402 in the P input key information and the Q output key information, the target value information 407 corresponding to the target key information 406 can be determined as the target transmission rule 408 corresponding to the data stream 401 to be transmitted. On this basis, the data stream mapping 404 can be updated according to the routing information 402 and the target transmission rule 408.

After the target transmission rule 408 is determined, the M data packets to be transmitted in the data stream 401 to be transmitted may be transmitted based on the target transmission rule 408 .

FIG. 5 exemplarily shows a data transmission architecture diagram according to an embodiment of the present disclosure.

According to an embodiment of the present disclosure, transmission rule mapping and data flow mapping may be determined based on network policy configuration information.

Exemplarily, as shown in FIG5 , in a k8s cluster, a transmission rule mapping (Policy Map) can be determined according to the network policy configuration 501 information (NetworkPolicy), and a data flow mapping can be determined according to the transmission rule mapping (Policy Map). The transmission rule mapping (Policy Map) can include an input key value relationship 5021 (Ingress Policy Map) and an output key value relationship 5022 (Egress Policy Map). The data flow mapping can include a transmission rule key value relationship 503 (Session Map).

For example, in a k8s cluster, the transmission rule key-value relationship 503 (Session Map) can be mounted at the control group ingress hook point 5041 (cgroup ingress hook point) and the control group egress hook point 5042 (cgroup egress hook point), so that the data packet to be transmitted can be transmitted according to the socket information (socket) of the data packet to be transmitted.

For example, in a k8s cluster, the input key-value relationship 5021 (Ingress Policy Map) and the output key-value relationship 5022 (Egress PolicyMap) implemented based on the eBPF program 505 can be mounted at the control group ingress hook point 5041 (cgroup ingress hook point) and the control group exit hook point 5042 (cgroup egress hook point) respectively, so that the data packet to be transmitted can be transmitted according to the 5-tuple information (5-tuple) of the data packet to be transmitted.

The above are only exemplary embodiments, but are not limited thereto, and may also include other data transmission methods known in the art as long as data transmission can be achieved.

FIG6 schematically shows a block diagram of a data transmission device according to an embodiment of the present disclosure.

As shown in FIG. 6 , the data transmission device 600 may include an acquisition module 610 , a determination module 620 , an update module 630 and a transmission module 640 .

The acquisition module 610 is used to acquire routing information of the data stream to be transmitted in response to receiving the data stream to be transmitted, wherein the data stream to be transmitted includes M data packets to be transmitted in a sequential relationship, and M is a positive integer.

The determination module 620 is used to determine the target transmission rule according to the transmission rule mapping and the routing information when there is no information matching the routing information in the data flow mapping.

The updating module 630 is used to update the data flow mapping according to the routing information and the target transmission rule to obtain the updated data flow mapping.

The transmission module 640 is used to transmit the M data packets to be transmitted by using the updated data stream mapping.

According to an embodiment of the present disclosure, the data transmission device 600 may include a transmission rule mapping module and a data flow mapping module.

According to an embodiment of the present disclosure, the transmission rule mapping module may include an input rule mapping submodule and an output rule mapping submodule.

The input rule mapping submodule may include P input rule key-value relationships, each of which includes input key information and input operation value information, and P is a positive integer.

The output rule mapping submodule may include Q output rule key-value relationships, each of which includes output key information and output operation value information, and Q is a positive integer.

According to an embodiment of the present disclosure, the input rule mapping submodule may include an input rule key-value relationship building unit. The output rule mapping submodule may include an output rule key-value relationship building unit.

The input rule key-value relationship building unit can be used to determine input key information and input operation value information according to network policy configuration information; and to build an input rule key-value relationship according to the input key information and input operation value information.

The output rule key-value relationship construction unit can be used to determine the output key information and the output operation value information according to the network policy configuration information; and to construct the output rule key-value relationship according to the output key information and the output operation value information.

According to an embodiment of the present disclosure, the data flow mapping module may include a transmission rule key-value relationship submodule.

The transmission rule key-value relationship submodule may include S transmission rule key-value relationships, each transmission rule key-value relationship includes key information and value information, and S is a positive integer.

According to an embodiment of the present disclosure, the acquisition module 610 may include a socket determination submodule and a tracking tool submodule.

The socket determination submodule can be used to determine the socket information of the data stream to be transmitted according to the routing information after obtaining the routing information of the data stream to be transmitted in response to receiving the data stream to be transmitted, wherein the M data packets to be transmitted belonging to the same data stream to be transmitted have the same socket information.

The tracking tool submodule may be used to obtain routing information using a tracking tool in response to receiving a data stream to be transmitted.

According to an embodiment of the present disclosure, the determination module 620 may include a first matching submodule, a second matching submodule, and a target transmission rule determination submodule.

The first matching submodule can be used to match the socket information with the S key information to obtain a matching result when there is information matching the routing information in the data flow mapping.

The second matching submodule may be used to match the routing information with the P input key information and the Q output key information to obtain a matching result when there is no information matching the routing information in the data flow mapping.

The target transmission rule determination submodule can be used to determine the value information corresponding to the target key information as the target transmission rule when there is target key information matching the socket information in the matching result representation data stream mapping; and can be used to determine the operation value information corresponding to the target key information as the target transmission rule in response to the presence of target key information matching the routing information in the matching result representation P input key information and Q output key information.

According to an embodiment of the present disclosure, the update module 630 may include a key information determination submodule, a value information determination submodule, a target transmission rule key-value relationship construction submodule, a data flow mapping update submodule and a transmission rule key-value relationship deletion submodule.

The key information determination submodule can be used to determine the socket information as key information.

The value information determination submodule may be used to determine the target transmission rule as value information.

The target transmission rule key-value relationship construction submodule can be used to construct the target transmission rule key-value relationship according to the key information and the value information.

The data stream mapping update submodule can be used to update the data stream mapping by using the target transmission rule mapping relationship to obtain an updated data stream mapping.

The transmission rule key value relationship deletion submodule can be used to delete the transmission rule key value relationship corresponding to the socket information in the updated data flow mapping after transmitting M data packets to be transmitted using the updated data flow mapping: in response to the transmission of all M data packets to be transmitted being completed.

According to an embodiment of the present disclosure, the transmission module 640 may include a third matching submodule and a data packet transmission submodule.

The third matching submodule can be used to match the socket information with the S key information in response to receiving the mth data packet to be transmitted, to obtain a matching result.

The data packet transmission submodule can be used to transmit the mth data packet to be transmitted based on the target transmission rule.

According to the embodiments of the present invention, any one or more of the modules, submodules, units, and subunits, or at least part of the functions of any one of them can be implemented in one module. According to the embodiments of the present invention, any one or more of the modules, submodules, units, and subunits can be split into multiple modules for implementation. According to the embodiments of the present invention, any one or more of the modules, submodules, units, and subunits can be at least partially implemented as hardware circuits, such as field programmable gate arrays (FPGAs), programmable logic arrays (PLAs), systems on chips, systems on substrates, systems on packages, application specific integrated circuits (ASICs), or can be implemented by hardware or firmware in any other reasonable way of integrating or packaging the circuit, or implemented in any one of the three implementation methods of software, hardware, and firmware, or in any appropriate combination of any of them. Alternatively, according to the embodiments of the present invention, one or more of the modules, submodules, units, and subunits can be at least partially implemented as computer program modules, and when the computer program modules are run, the corresponding functions can be performed.

For example, any multiple of the acquisition module 610, the determination module 620, the update module 630, and the transmission module 640 can be combined in one module/unit/subunit for implementation, or any one of the modules/units/subunits can be split into multiple modules/units/subunits. Alternatively, at least part of the functions of one or more of these modules/units/subunits can be combined with at least part of the functions of other modules/units/subunits and implemented in one module/unit/subunit. According to an embodiment of the present disclosure, at least one of the acquisition module 610, the determination module 620, the update module 630, and the transmission module 640 can be at least partially implemented as a hardware circuit, such as a field programmable gate array (FPGA), a programmable logic array (PLA), a system on a chip, a system on a substrate, a system on a package, an application specific integrated circuit (ASIC), or can be implemented by hardware or firmware such as any other reasonable way of integrating or packaging the circuit, or by any one of the three implementation methods of software, hardware, and firmware, or by a suitable combination of any of them. Alternatively, at least one of the acquisition module 610 , the determination module 620 , the update module 630 , and the transmission module 640 may be at least partially implemented as a computer program module, and when the computer program module is executed, a corresponding function may be performed.

It should be noted that the data transmission device part in the embodiment of the present disclosure corresponds to the data transmission method part in the embodiment of the present disclosure. The description of the data transmission device part specifically refers to the data transmission method part, which will not be repeated here.

Fig. 7 schematically shows a block diagram of an electronic device suitable for implementing a data transmission method according to an embodiment of the present disclosure. The electronic device shown in Fig. 7 is only an example and should not bring any limitation to the functions and scope of use of the embodiment of the present disclosure.

As shown in FIG7 , a computer electronic device 700 according to an embodiment of the present disclosure includes a processor 701, which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 702 or a program loaded from a storage portion 709 into a random access memory (RAM) 703. The processor 701 may, for example, include a general-purpose microprocessor (e.g., a CPU), an instruction set processor and/or a related chipset and/or a special-purpose microprocessor (e.g., an application-specific integrated circuit (ASIC)), etc. The processor 701 may also include an onboard memory for caching purposes. The processor 701 may include a single processing unit or multiple processing units for performing different actions of the method flow according to an embodiment of the present disclosure.

In RAM 703, various programs and data required for the operation of electronic device 700 are stored. Processor 701, ROM 702 and RAM 703 are connected to each other via bus 704. Processor 701 performs various operations of the method flow according to the embodiment of the present disclosure by executing the program in ROM 702 and/or RAM 703. It should be noted that the program can also be stored in one or more memories other than ROM 702 and RAM 703. Processor 701 can also perform various operations of the method flow according to the embodiment of the present disclosure by executing the program stored in the one or more memories.

According to an embodiment of the present disclosure, the electronic device 700 may further include an input/output (I/O) interface 705, which is also connected to the bus 704. The electronic device 700 may further include one or more of the following components connected to the input/output (I/O) interface 705: an input portion 706 including a keyboard, a mouse, etc.; an output portion 707 including a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and a speaker, etc.; a storage portion 708 including a hard disk, etc.; and a communication portion 709 including a network interface card such as a LAN card, a modem, etc. The communication portion 709 performs communication processing via a network such as the Internet. A drive 710 is also connected to the input/output (I/O) interface 705 as needed. A removable medium 711, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is installed on the drive 710 as needed, so that a computer program read therefrom is installed into the storage portion 708 as needed.

According to an embodiment of the present disclosure, the method flow according to an embodiment of the present disclosure can be implemented as a computer software program. For example, an embodiment of the present disclosure includes a computer program product, which includes a computer program carried on a computer-readable storage medium, and the computer program contains a program code for executing the method shown in the flowchart. In such an embodiment, the computer program can be downloaded and installed from the network through the communication part 709, and/or installed from the removable medium 711. When the computer program is executed by the processor 701, the above-mentioned functions defined in the system of the embodiment of the present disclosure are executed. According to an embodiment of the present disclosure, the system, equipment, device, module, unit, etc. described above can be implemented by a computer program module.

The present disclosure also provides a computer-readable storage medium, which may be included in the device/apparatus/system described in the above embodiments; or may exist independently without being assembled into the device/apparatus/system. The above computer-readable storage medium carries one or more programs, and when the above one or more programs are executed, the method according to the embodiment of the present disclosure is implemented.

According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. For example, it may include, but is not limited to: a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination thereof. In the present disclosure, a computer-readable storage medium may be any tangible medium containing or storing a program that may be used by or in combination with an instruction execution system, apparatus, or device.

For example, according to an embodiment of the present disclosure, the computer-readable storage medium may include the ROM 702 and/or the RAM 703 described above and/or one or more memories other than the ROM 702 and the RAM 703 .

An embodiment of the present disclosure also includes a computer program product, which includes a computer program, and the computer program contains a program code for executing the method provided by the embodiment of the present disclosure. When the computer program product runs on an electronic device, the program code is used to enable the electronic device to implement the data transmission method provided by the embodiment of the present disclosure.

When the computer program is executed by the processor 701, the above functions defined in the system/device of the embodiment of the present disclosure are executed. According to the embodiment of the present disclosure, the system, device, module, unit, etc. described above can be implemented by a computer program module.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, etc. In another embodiment, the computer program may also be transmitted and distributed in the form of a signal on a network medium, and downloaded and installed through the communication part 709, and/or installed from a removable medium 711. The program code contained in the computer program may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the above.

According to an embodiment of the present disclosure, the program code for executing the computer program provided by the embodiment of the present disclosure can be written in any combination of one or more programming languages. Specifically, these computing programs can be implemented using high-level process and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, Java, C++, python, "C" language or similar programming languages. The program code can be executed entirely on the user computing device, partially on the user device, partially on the remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device can be connected to the user computing device through any type of network, including a local area network (LAN) or a wide area network (WAN), or can be connected to an external computing device (for example, using an Internet service provider to connect through the Internet).

The flowcharts and block diagrams in the accompanying drawings illustrate the possible architecture, functions and operations of the systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each box in the flowchart or block diagram may represent a module, a program segment, or a part of a code, and the above-mentioned module, program segment, or a part of the code contains one or more executable instructions for implementing the specified logical function. It should also be noted that in some alternative implementations, the functions marked in the box may also occur in an order different from that marked in the accompanying drawings. For example, two boxes represented in succession can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, depending on the functions involved. It should also be noted that each box in the block diagram or flowchart, and the combination of boxes in the block diagram or flowchart, can be implemented with a dedicated hardware-based system that performs the specified function or operation, or can be implemented with a combination of dedicated hardware and computer instructions. It can be understood by those skilled in the art that the features recorded in the various embodiments and/or claims of the present disclosure can be combined and/or combined in a variety of ways, even if such a combination or combination is not explicitly recorded in the present disclosure. In particular, without departing from the spirit and teaching of the present disclosure, the features described in the various embodiments and/or claims of the present disclosure may be combined and/or combined in a variety of ways. All of these combinations and/or combinations fall within the scope of the present disclosure.

The embodiments of the present disclosure are described above. However, these embodiments are only for illustrative purposes and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the various embodiments cannot be used in combination to advantage. The scope of the present disclosure is defined by the attached claims and their equivalents. Without departing from the scope of the present disclosure, those skilled in the art may make a variety of substitutions and modifications, which should all fall within the scope of the present disclosure.

Claims (12)

1. A data transmission method, comprising:

in response to receiving a data stream to be transmitted, acquiring routing information of the data stream to be transmitted, wherein the data stream to be transmitted comprises M data packets to be transmitted with a sequential relationship, and M is a positive integer;

Determining a target transmission rule according to the transmission rule mapping and the routing information under the condition that the information matched with the routing information does not exist in the data flow mapping;

Updating the data flow mapping according to the routing information and the target transmission rule to obtain updated data flow mapping; and

And transmitting the M data packets to be transmitted by using the updated data stream map.

2. The method of claim 1, wherein the transmission rule map comprises an input rule map and an output rule map;

the input rule mapping comprises P input rule key value relations, each input rule key value relation comprises input key information and input operation value information, and P is a positive integer; and

The output rule map comprises Q output rule key value relations, each output rule key value relation comprises output key information and output operation value information, and Q is a positive integer.

3. The method of claim 2, wherein the input rule key relationship is constructed by:

determining the input key information and the input operation value information according to network policy configuration information; and

Constructing the input rule key value relation according to the input key information and the input operation value information;

The output rule key value relation is constructed by the following steps:

Determining the output key information and the output operation value information according to the network policy configuration information; and

And constructing the output rule key value relation according to the output key information and the output operation value information.

4. A method according to any one of claims 1 to 3, wherein the data stream map comprises S transmission rule key value relationships, each transmission rule key value relationship comprising key information and value information, S being a positive integer;

the method further includes, after the obtaining, in response to receiving the data stream to be transmitted, routing information of the data stream to be transmitted:

determining socket information of data streams to be transmitted according to the routing information, wherein M data packets to be transmitted belonging to the same data stream to be transmitted have the same socket information;

Matching the socket information with the S pieces of key information to obtain a matching result;

determining value information corresponding to the target key information as the target transmission rule under the condition that the matching result characterizes that target key information matched with the socket information exists in the data flow mapping; and

And transmitting M data packets to be transmitted based on the target transmission rule.

5. The method of claim 2, wherein the determining a target transmission rule based on a transmission rule map and the routing information in the absence of information matching the routing information in a data flow map comprises:

matching the routing information with the P pieces of input key information and the Q pieces of output key information to obtain a matching result; and

And determining operation value information corresponding to the target key information as the target transmission rule in response to the matching result representing that target key information matched with the route information exists in the P input key information and the Q output key information.

6. The method of claim 5, wherein the data stream map comprises S transmission rule map relationships, each transmission rule map relationship comprising key information and value information;

and updating the data flow mapping according to the routing information and the target transmission rule, wherein the step of obtaining the updated data flow mapping comprises the following steps:

Determining the socket information as the key information;

determining the target transmission rule as the value information;

constructing a target transmission rule key-value relation according to the key information and the value information; and

And updating the data flow mapping by utilizing the target transmission rule key value relation to obtain the updated data flow mapping.

7. The method of claim 6, wherein transmitting the M data packets to be transmitted using the updated data stream map comprises:

Responding to the received mth data packet to be transmitted, and matching the socket information with S pieces of key information to obtain a matching result;

determining value information corresponding to the target key information as the target transmission rule under the condition that the matching result characterizes that target key information matched with the socket information exists in the data flow mapping; and

And transmitting the mth data packet to be transmitted based on the target transmission rule.

8. A method according to any one of claims 1 to 3, wherein the obtaining routing information of a data stream to be transmitted in response to receiving the data stream to be transmitted comprises:

acquiring the routing information by using a tracking tool in response to receiving the data stream to be transmitted;

the method further includes, after the transmitting the M data packets to be transmitted using the updated data stream map:

And deleting the transmission rule key value relation corresponding to the socket information in the updated data stream map in response to the completion of the transmission of the M data packets to be transmitted.

9. A data transmission apparatus comprising:

The device comprises an acquisition module, a transmission module and a control module, wherein the acquisition module is used for responding to a received data stream to be transmitted and acquiring routing information of the data stream to be transmitted, wherein the data stream to be transmitted comprises M data packets to be transmitted with a sequential relationship, and M is a positive integer;

The determining module is used for determining a target transmission rule according to the transmission rule mapping and the routing information when the information matched with the routing information does not exist in the data flow mapping;

The updating module is used for updating the data flow mapping according to the routing information and the target transmission rule to obtain updated data flow mapping; and

And the transmission module is used for transmitting the M data packets to be transmitted by utilizing the updated data stream mapping.

10. An electronic device, comprising:

One or more processors;

a memory for storing one or more instructions,

Wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 8.

11. A computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to implement the method of any of claims 1 to 8.

12. A computer program product comprising computer-executable instructions, the computer executable instructions, when executed, for implementing the method of any one of claims 1 to 8.