CN121098815B

CN121098815B - Service flow classification method, electronic equipment, storage medium and product

Info

Publication number: CN121098815B
Application number: CN202511648005.XA
Authority: CN
Inventors: 周恒�; 秦海中; 党荣泉; 董李渊
Original assignee: Inspur Jinan data Technology Co ltd
Current assignee: Inspur Jinan data Technology Co ltd
Priority date: 2025-11-11
Filing date: 2025-11-11
Publication date: 2026-02-03
Anticipated expiration: 2045-11-11
Also published as: CN121098815A

Abstract

The application discloses a service flow grading method, electronic equipment, a storage medium and a product, which relate to the technical field of computers, and the application can realize grading management of flows of different service types at a logic network level by presetting a plurality of service flow grades in a cloud platform and binding ports with the grades, and distinguish service characteristics from sources; the method combines the allocation of independent tunnel source addresses for each flow grade on a computing node, and uniformly maintains and issues encapsulation rules by a distributed controller, so that grade-based path control and differentiated processing can be realized in the tunnel establishment and flow forwarding processes, end-to-end service flow grading is realized in a virtualized environment, bandwidth guarantee capability and low-time-delay experience of high-priority service are improved, key link resources are prevented from being occupied by low-priority service, and efficient utilization and refined management and control of network resources in a cloud platform are finally realized.

Description

Service flow classification method, electronic equipment, storage medium and product

Technical Field

The present application relates to the field of computer technologies, and in particular, to a service traffic classification method, an electronic device, a storage medium, and a product.

Background

In cloud computing, virtual machines may interwork through a tunnel network. In the actual application process, the virtual machines are deployed with different services, the required network service quality is different, and the traffic forwarding priority requirements corresponding to different services are different. Some services need to be guaranteed with priority and when the network is congested, it needs to be forwarded with priority. However, based on the current cloud platform architecture, differentiated services are realized through the IP packet labels of differentiated service types, but this field is not effective when a host sends a message, and is also not effective on a physical link for a tunnel message, so that the effect of traffic classification cannot be actually achieved. The current cloud platform supports configuration security mechanism (QoS), can limit the flow bandwidth of some virtual machines, and cannot play a role in flow priority and flow isolation. Therefore, the current cloud platform cannot realize flow classification of tunnel messages corresponding to flows of different services, cannot realize flow priority sending management based on flow classification results on physical links corresponding to different tunnel IPs based on the same host, and cannot realize service flow classification.

Disclosure of Invention

The application provides a service flow classification method, electronic equipment, a storage medium and a product, which at least solve the technical problem that a cloud platform in the related art cannot classify tunnel messages according to flows of different services to realize service flow classification.

The application provides a service flow classification method, which comprises the following steps:

presetting a plurality of service flow levels in network services of a cloud platform, and binding a network port with the corresponding flow level;

At least one tunnel source address is allocated for each service flow class at the computing node;

Responding to the calculation node when reporting a tunnel source address, and establishing a corresponding relation between the tunnel source address and a traffic grade to obtain association information;

receiving the association information by a distributed controller and updating tunnel encapsulation configuration according to the association information;

when a tunnel is established based on the tunnel encapsulation configuration, a corresponding tunnel source address is selected according to the traffic flow grade of the target port, and a corresponding service type value is set based on the traffic flow grade, so that hierarchical transmission of traffic flow is realized.

The application also provides an electronic device, which comprises a memory for storing a computer program, and a processor for implementing any one of the steps of the service flow classification method when executing the computer program:

The present application also provides a computer readable storage medium having a computer program stored therein, wherein the computer program when executed by a processor implements the steps of any one of the traffic classification methods described above:

The application also provides a computer program product comprising a computer program which when executed by a processor implements the steps of any one of the above-described traffic classification methods:

The application can realize hierarchical management of traffic of different traffic types in a logic network layer by presetting a plurality of traffic levels in the cloud platform and binding ports with the levels, distinguish traffic characteristics from sources, allocate independent tunnel source addresses for each traffic level on a computing node, uniformly maintain and issue encapsulation rules by a distributed controller, and ensure that path control and differentiated processing based on the levels are realized in the tunnel establishment and traffic forwarding processes, thereby realizing end-to-end traffic classification in a virtualized environment, improving bandwidth guarantee capability and low-time-delay experience of high-priority traffic, simultaneously avoiding occupation of key link resources by low-priority traffic, and finally realizing efficient utilization and refined management and control of network resources in the cloud platform.

Drawings

For a clearer description of embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.

FIG. 1 is a diagram of an application environment of a service traffic classification method in binding different network cards to a tunnel IP according to an embodiment of the present application;

FIG. 2 is a diagram illustrating an application environment in which different priority queues are configured by a traffic classification method according to an embodiment of the present application;

FIG. 3 is a flow chart illustrating a method for classifying traffic according to an embodiment of the present application;

FIG. 4 is a block diagram illustrating a traffic classification device according to an embodiment of the present application;

fig. 5 is an internal structural view of a computer device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. Based on the embodiments of the present application, all other embodiments obtained by a person of ordinary skill in the art without making any inventive effort are within the scope of the present application.

It should be noted that in the description of the present application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "first," "second," and the like in this specification are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.

The present application will be further described in detail below with reference to the drawings and detailed description for the purpose of enabling those skilled in the art to better understand the aspects of the present application.

In cloud computing, virtual machines may interwork through a tunnel network. When the flow of the virtual machine on the same host goes out of the host, the same network card is used, the same IP is sent out, the flow of the virtual machines is not different, and the flow is the same queuing and forwarding.

In the actual application process, the virtual machines are deployed with different services, and the required network service quality is also different. Some services need to be guaranteed with priority and forwarded with priority when the network is congested. Some scenarios may require a classification of services, one class of services belonging to low priority low speed services limiting a low total bandwidth, and another class of services belonging to high priority high speed services limiting a high total bandwidth. There are also some scenarios, for example, cloud platforms based on openstack, where load balancing services are deployed, and the traffic network is required to run for load balancing management traffic, and the traffic is very low. OpenStack is an open-source cloud computing management platform project and is a combination of a series of software open-source projects. However, based on the current architecture, a service network card needs to be configured for control, which causes a resource waste, or a physical network needs to be opened to a management network and a service network, which causes a security risk.

The current cloud platform supports configuration DSCP for differentiating service types. The chinese of DSCP is called ‌ differentiated services Code Point ‌ (DIFFERENTIATED SERVICES Code Point) for differentiating different service types in a network, and differentiated services are implemented through IP packet marking. However, this field is not effective when the host sends a message, and is also not effective on the physical link for the tunnel message, so that the effect of traffic classification cannot be actually achieved.

The current cloud platform supports QoS configuration, can limit the flow bandwidth of some virtual machines, and cannot play the effects of flow priority and flow isolation. QoS is a security mechanism of a network, and is a technology for solving the problems of network delay and congestion.

Open Virtual Network (ovn) is an Open source network virtualization solution based on Open VSwitch (OVS) aimed at implementing the construction and management of Software Defined Networks (SDN) through automation rules. ovn components include components such as a southbound database, northbound database, distributed controller (ovn-controller), etc. ovn-nb are also known as northbound databases. ovn-sb are also known as southbound databases. ovn-northd are responsible for translating data in the northbound database into the southbound database according to certain logic. ovn-controller, also known as a distributed controller, is the component ovn that is responsible for controlling traffic forwarding at each compute node.

Under the current architecture based on openstack and network ovn, the flow classification of the tunnel message cannot be realized by classifying the network port flow, the priority sending management based on the flow classification result cannot be realized on the physical links corresponding to different tunnel IPs based on the same host, and the service flow classification cannot be realized.

The service flow classification method provided by the application can be applied to application environments shown in fig. 1 and 2. In this embodiment, a plurality of traffic classes are preset in the cloud platform, each network port binds different traffic classes, the host side binds different tunnel IPs for each traffic class, binds different network cards (fig. 1) to the tunnel IPs or configures different priority queues (fig. 2), or combines two modes to realize that different ports realize different traffic classes.

As shown in fig. 3, an embodiment of the present application provides a service traffic classification method, including the following steps:

step S1, presetting a plurality of service flow grades in network service of a cloud platform, and binding a network port with the corresponding flow grade;

Step S2, at least one tunnel source address is allocated for each service flow grade at a computing node;

Step S3, when the computing node reports the tunnel source address, establishing a corresponding relation between the tunnel source address and the traffic class to obtain association information;

S4, receiving the association information by the distributed controller, and updating the tunnel encapsulation configuration according to the association information;

And S5, when the tunnel is established based on the tunnel encapsulation configuration, selecting a corresponding tunnel source address according to the service traffic grade of the target port, and setting a corresponding service type value based on the traffic grade, thereby realizing the hierarchical transmission of the service traffic.

The method comprises the steps of presetting a plurality of service flow grades in a cloud platform, binding ports with the grades, realizing hierarchical management of flows of different service types on a logic network level, distinguishing service characteristics from sources, allocating independent tunnel source addresses for each flow grade on a computing node, uniformly maintaining and issuing encapsulation rules by a distributed controller, and guaranteeing that grade-based path control and differentiation processing are realized in the tunnel establishment and flow forwarding processes, thereby realizing end-to-end service flow grading under a virtualized environment, improving bandwidth guarantee capability and low-delay experience of high-priority service, simultaneously avoiding occupation of key link resources by low-priority service, and finally realizing efficient utilization and refined management and control of network resources in the cloud platform.

In this embodiment, responding to the report of the tunnel source address by the computing node, and establishing a corresponding relationship between the tunnel source address and the traffic class to obtain the association information includes:

The tunnel IP corresponding to the tunnel source address is obtained, and the format of the tunnel IP is adjusted to be [ tunnel IP: flow grade ];

The tunnel source address corresponding to each traffic class is unique, at least one tunnel source address belongs to a default traffic class, and when a single tunnel source address is configured, the tunnel source address belongs to the default traffic class by default.

The method comprises the steps of expanding the tunnel IP format into the tunnel IP flow grade, enabling each tunnel source address and the unique flow grade to form a binding relation, avoiding the chaotic condition of the same IP corresponding to a plurality of grades, enhancing the identifiability and traceability of tunnel messages, providing at least one tunnel IP with a default grade, ensuring that the flow can still be transmitted through a default path even under the condition of unconfiguration or single configuration, avoiding service interruption, improving the self-describing capacity of a system by the formatting association mode, facilitating analysis and maintenance of a distributed controller, enabling the subsequent issuing of encapsulation configuration, TOS/DSCP setting and forwarding rules to be simpler and more efficient, and improving the expandability and consistency of the whole architecture.

Specifically, when ovn distributed control reports tunnel information, the format of each computing node reporting tunnel IP is adjusted:

the original format is ip or ip1, ip 2.

Adjusted to ip or ip1: traffic_class1, ip2: traffic_class 2.

After adjustment, each IP is marked with which flow class the IP belongs to, and the middle is connected by an English colon. The plurality of IP intermediaries are connected by english commas. With multiple IPs, each traffic class cannot be repeated and there must be one IP belonging to the default class. Default traffic classification is attributed to single IP by default.

Ovn the distributed controller updates Encap information of the nodes of the southbound database according to the reported tunnel IP information.

And (3) adjusting, namely configuring a format Of a tos (Type Of Service) value configuration item ovn-encap-tos, wherein the original format is to accept a number, namely the value Of tos, and the adjusted format is that traffic_class1 is tos_v1, traffic_class2 is tos_ v2.. Namely, each flow is marked to be allocated with a corresponding tos value, the middle is connected by an English colon, and a plurality Of classifications are connected by English commas. Compatible with the old format, if only one tos value is entered, all classifications set this tos value.

In this embodiment, receiving, by the distributed controller, the association information, and updating the tunnel encapsulation configuration according to the association information includes:

And updating the tunnel encapsulation information of the computing node after the distributed controller receives the report information in the format of [ tunnel IP: traffic class ].

The method comprises the steps of receiving and analyzing the report information of the format of the tunnel IP flow grade by a distributed controller, synchronously updating the tunnel encapsulation information and the flow grade of a computing node, ensuring that the encapsulation configuration stored in a southbound database is consistent with the actual network configuration of each node, avoiding the traffic forwarding error caused by the inconsistency between the node side and the controller side, and rapidly updating the global configuration when the network topology is dynamically changed (such as node addition, tunnel IP change and flow grade adjustment), reducing manual intervention and synchronous delay, improving the automation degree of the system and the reliability of the network configuration, and ensuring that the service classification strategy falls to the ground in the whole cluster range.

When the ovn distributed controller establishes a tunnel, according to the traffic_class attribute of the tunnel to be established, if the corresponding node has the tunnel IP with the same traffic_class, setting the local_ip of the tunnel as the corresponding tunnel IP. If there is no tunnel IP of the same traffic_class, if the options of sb_global are isolate _traffic_class= Flase, a tunnel is established, but no local_ip is set, if the value is True, the tunnel is not established. When simultaneously establishing a tunnel, traffic classification and configuration according to ovn-encap-tos, tos is set

Ovn the distributed controller, when the forwarding tunnel flow table is issued for the destination port_binding Port, if there is a corresponding tunnel issuing flow table, if there is no corresponding tunnel, issues DORP flow table.

In this embodiment, when a tunnel is established based on a tunnel encapsulation configuration, selecting a corresponding tunnel source address according to a traffic class of a destination port, and setting a corresponding service type value based on the traffic class, so as to implement hierarchical transmission of traffic includes:

When the service type value is configured, establishing a corresponding relation between the service flow level and the service type value, and setting a corresponding service type value for the tunnel message of each service flow level based on the corresponding relation when the tunnel message is forwarded;

When the distributed controller establishes a tunnel for the target flow, a corresponding tunnel source address is selected according to the service flow grade of the target flow, and a corresponding service type value is set based on the flow grade, so that the hierarchical transmission of the target flow is realized.

The system can sink a grading strategy to a physical network layer while grading the logic layer, so that end-to-end data traffic can keep a consistent grading effect in the virtualization layer and the physical layer, the transmission guarantee of key business is enhanced, and meanwhile, the grading selection in combination with tunnel establishment can realize the whole-link traffic grading from a computing node, a tunnel package to physical network equipment, thereby greatly improving the service quality and the SLA satisfaction capability in a multi-tenant cloud environment.

In this embodiment, when configuring a service type value, establishing a correspondence between a service traffic class and the service type value includes:

When the service type value is configured, the configuration mode which only receives a single value is expanded into a mapping format of [ service flow level: service type value ], a plurality of mappings are separated by commas, and corresponding service type values are allocated for each service flow level;

when a service type value is entered in the configuration item, the service type value is applied to all traffic classes.

The mapping mechanism not only supports backward compatibility (is applied to all grades when a single value is input), but also can realize differentiated configuration of service types with fine granularity under complex scenes, thereby greatly improving the configurability and flexibility of the system, ensuring that the recognition and scheduling actions of the controller and each physical device on the message priority are kept consistent through the specific corresponding relation between the grade and the service type value, and avoiding strategy ambiguity, and further improving the controllability and certainty of hierarchical forwarding.

When multiple tunnel IPs are supported, there may be different network segment IPs belonging to the same traffic class, and if no settings are made, traffic may appear to be sent from an unexpected network card. The different tunnel source IP routing designs are shown in table 1.

TABLE 1

When the tunnel traffic is 10.0.1.11- >192.168.1.10, the source and destination IPs belong to different network segments, and on the node 2, the default route may go through the physical network card 0, which may cause the actual traffic to possibly go through the default traffic classification.

In order to ensure that tunnel traffic is sent out by a correct network card, the following design is adopted:

Through tunnel configuration, the sent traffic can be ensured to have correctly set the source IP.

Different network cards and routes are walked through configuring IP rule to ensure different classification tunnel source IP. The specific ip rule format is as follows, ip rule from 10.0.1.11 ipproto udp dport 6081 lookup 10 priority 29680.

Each tunnel IP needs to be configured, 10.0.1.11 is replaced by each tunnel IP, 6081 is a target port of a tunnel and can be changed according to actual conditions, 10 is a routing table, each tunnel IP is different correspondingly, priority can be set according to specific deployment conditions, and each tunnel IP can be the same.

It is also necessary to configure a routing table, for example, 10 is used as the routing table in the above example, and the gateway needs to be configured according to the specific network card. For example, ip route add 10.0.1.0/24 dev eth1;ip route add default via 10.0.1.1 dev eth1.

In this embodiment, the method further includes:

Expanding traffic class (traffic_class) attributes in a north database and a south database for identifying traffic classes corresponding to network ports and tunnels;

Expanding an isolation flow (isolate _traffic_class) parameter in a global table of a northbound database, wherein the isolation flow (isolate _traffic_class) parameter is used for controlling the interview among all service flow class ports;

And the service configuration items are expanded and encapsulated to allocate corresponding service type values for the service traffic classes so as to support corresponding priority forwarding of the service traffic classes in the physical network equipment.

The method comprises the steps of providing a north database, a south database, a network port, a tunnel, a global configuration layer, a management port, a security isolation flow parameter, a management port, a service type value, a priority forwarding, a physical network device and a physical network device, wherein the flow level attribute is expanded in the north database and the south database, the flow level can be uniformly marked on the network port, the tunnel and the global configuration layer, management complexity caused by information splitting is avoided, the isolation flow parameter is expanded, an administrator can flexibly control whether the flow ports of different levels are mutually accessed or not, so that security isolation is provided when the security isolation is needed, flexible intercommunication is supported when the security isolation is allowed, meanwhile, different service type values are allocated for each service flow level through expanding a package service configuration item, priority forwarding is supported in the physical network device, and a complete configuration closed loop from the logical database to the physical link is formed, and the flexibility and the security of the hierarchical architecture are improved through the design.

In this embodiment, when the distributed controller establishes a tunnel for the target traffic, the method further includes:

responding to the computing node with a tunnel source address with the same flow grade as the target network port, and establishing a tunnel by adopting the tunnel source address;

responding to the fact that the computing node does not have a tunnel source address with the same traffic grade as the target network port, and if the isolated traffic parameter is NO, allowing a tunnel to be established but not setting a tunnel local source address;

Responding to the fact that the computing node does not have a tunnel source address with the same traffic grade as the target network port, and if the isolated traffic parameter is yes, a tunnel is not established;

and when the tunnel is established, setting a corresponding service type value according to the service flow grade of the target flow.

The hierarchical control mode ensures that when a node lacks a tunnel source address with a corresponding grade, the system can flexibly select (completely refuses or downgrades to build the tunnel) according to an isolation strategy to avoid mixing and mistransmission of cross-grade traffic, and simultaneously, corresponding service type values are automatically configured in the tunnel building process, so that priority consistency can be ensured even under abnormal or downgrade conditions, traffic runaway is prevented, and the stability and fault tolerance of the whole hierarchical network are improved.

As shown in fig. 1 and fig. 2, in this embodiment, selecting a corresponding tunnel source address according to a traffic class of a target traffic, and setting a corresponding service type value based on the traffic class includes:

binding the tunnel source address of each service flow class to the corresponding physical network card, or

The tunnel source addresses of the business flow grades are configured in the queues of different priorities of the same physical network card, or

The method comprises the steps of respectively binding tunnel source addresses of all service traffic classes to corresponding physical network cards and configuring the tunnel source addresses of all the service traffic classes in different priority queues of the same physical network card;

And controlling the service flow of each service flow class to be sent out from the corresponding physical link according to the preset tunnel source address through the tunnel forwarding rule and the strategy routing rule, so as to realize the hierarchical transmission of the service flow.

In a first mode, different source IPs are configured on different network cards in fig. 1, and the different network cards can have different rates or connected physical environments, so as to finally realize traffic classification.

In a second mode, different source IPs are configured on the same physical network card in FIG. 2, and the flow classification can be realized by dividing the flow into different grades based on the source IPs through a kernel speed limiting tool tc.

And the third mode is a combination mode of the first mode and the second mode.

In this embodiment, after the distributed controller establishes the tunnel for the target traffic, the method further includes:

and selecting a corresponding tunnel source address according to the service flow grade of the target flow and carrying out hierarchical transmission.

In this embodiment, selecting a corresponding tunnel source address according to a traffic class of a target traffic and performing hierarchical transmission includes:

Responding to the target flow as high-priority flow, configuring an independent first source IP for the high-priority flow by a computing node at a host side, and configuring the first source IP on an independent physical network card, so that the target flow is transmitted through an independent physical link, thereby ensuring that the high-priority flow can obtain an independent bandwidth and low-delay transmission environment, and preferentially meeting the time delay and bandwidth requirements of key services;

Responding to the target flow as the medium priority flow, configuring a second source IP for the medium priority flow at a computing node of the host side, configuring the second source IP in different priority queues of the same physical network card, and performing bandwidth limitation and priority scheduling on the flow of the second source IP through a kernel speed limiting tool (such as tc), so as to ensure that the medium priority flow obtains reasonable bandwidth guarantee on a physical link, and meanwhile, the transmission performance of the high priority flow is not interfered;

And responding to the target traffic as low-priority traffic, configuring a third source IP for the low-priority traffic by a computing node at the host side, performing speed limiting and queuing scheduling on the traffic of the third source IP through a kernel tool and a queue management mechanism, placing the traffic in a low-priority queue for transmission, ensuring that the low-priority traffic does not occupy the bandwidth of the high-priority traffic when network resources are tense, scheduling according to the network idle bandwidth, and reducing the influence on other services.

For example 10.0.1.11 corresponds to high priority traffic, 10.0.0.11 corresponds to medium priority traffic, and the tunnel type is geneve.

# Create root queue (3 bins using PRIO scheduler);

tc qdisc add dev eth0 root handle 1: prio bands 3;

High priority rule # udp+source IP 10.0.1.11 +destination port 6081;

tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip src 10.0.1.11 match ip protocol 17 0xff match ip dport 6081 0xffff flowid 1:1;

in # priority rule, UDP+Source IP 10.0.0.11 +destination port 6081;

tc filter add dev eth0 parent 1: protocol ip prio 2 u32 match ip src 10.0.0.11 match ip protocol 17 0xff match ip dport 6081 0xffff flowid 1:2;

low priority rule # all other traffic;

tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match u32 0 0 flowid 1:3。

according to the two modes, a network card can be divided into a plurality of vlan sub-interfaces, the vlan sub-interfaces can be configured with priority levels and the like according to vlan configuration, the network card can be configured with bandwidth and other detail settings according to different queues, the network card can be used in a mixed mode of the first mode and the second mode, and the actual application can be adjusted according to actual requirements.

The method comprises the steps of supporting three different physical binding modes (binding different physical network cards, different priority queues of the same network card and combination of the two), flexibly selecting a flow grading realization path according to hardware resources and service requirements, realizing physical isolation by fully utilizing the differentiated bandwidth and time delay characteristics of physical links in a multi-network card scene, realizing logic isolation by dividing the priority queues in a single network card scene, reducing dependence on hardware, considering the advantages of physical link isolation and logic scheduling in a mixed scene, improving flexibility and performance, and finally ensuring that each grade of flow is transmitted according to a preset path by a tunnel forwarding rule and a strategy routing rule, thereby realizing efficient bearing and grading scheduling of multi-tenant service.

Wherein traffic classification is divided according to network level. Different traffic classifications are implemented using different networks. The network isolation can also be correspondingly formed into network split flow isolation, so that the operation and understanding are convenient.

judging whether a tunnel source address corresponding to the traffic level of the target port exists or not;

when a tunnel source address corresponding to the traffic level of the target port exists, searching the corresponding tunnel source address according to the traffic level of the target port, and setting the tunnel source address as a local source address of a tunnel;

In response to the absence of a tunnel source address corresponding to the target port traffic class, a low priority tunnel is established to transport the target traffic.

The method comprises the steps of determining whether a corresponding tunnel source address exists in a target port when a distributed controller establishes a tunnel, ensuring that the tunnel establishment is carried out by preferentially using the source address which is strictly matched with the traffic level, ensuring the hierarchical consistency of traffic, allowing the establishment of a low-priority tunnel as a fault-tolerant path when the matched source address is lacked, avoiding service interruption caused by complete discarding of traffic, ensuring the hierarchical strictness, simultaneously providing the capability of degrading and forwarding, enhancing the robustness and the usability of a system, and still maintaining the continuity of the traffic and the stability of a network architecture under the condition of limited resources or incomplete node configuration through a flexible tunnel establishment strategy.

In this embodiment, the method further includes:

in response to detecting that a tunnel source address corresponding to a service traffic class does not exist in a current computing node, marking traffic corresponding to the service traffic class as unreachable traffic and discarding the traffic;

Newly adding unreachable statistical tables in a north database and a south database for recording discarded unreachable traffic, wherein the unreachable statistical tables comprise a source logic switch, a source port, a destination logic switch, a destination port and a traffic classification level field;

Reporting the unreachable traffic and sending a traffic classification alarm in response to detecting that the unreachable traffic exists;

and deleting the flow classification alarm reported by the current computing node when the current computing node is detected to increase the service flow grade corresponding to the unreachable flow.

Specifically, when the current design is that the current node does not have a corresponding traffic classification tunnel IP and the operation of sb_global is designed and configured to be isolate _traffic_class=true, that is, different traffic classification traffic isolation strategies are performed, the situation that the virtual machine is not fluctuated can occur. And certain problems are brought to management. When the situation occurs, alarm data reporting is performed, and the fact that the port-to-port flow is not communicated is prompted, so that management and processing are facilitated.

The ovn northbound database is extended, and the table traffic_class_ Unreachable is added. Mainly comprises the following steps:

src_logical_switch: a source logical switch;

src_port, source port;

dst_logical_switch, destination logical switch;

dst_port, destination port;

traffic_class.

The function of the table is mainly that the data recorded in the table is judged that the flow classification designed by the user is not reachable, and if the corresponding flow actually appears, the data is directly discarded and no alarm is carried out. Mainly for the user himself to design that the flow is not reachable, these alarms are not needed.

The specific explanation is that the virtual machine network card 1 belongs to the logical switch ls1 and the port1, and the virtual machine network card 2 belongs to the logical switch ls2 and the port2. If the traffic of the HIGH priority sent to the virtual machine network card 2 by the virtual machine network card 1 is wanted to be configured, no alarm is given. The configured data is: src_logical_switch=ls1, src _ port=port1, src_port the number of which is =port1.

Wherein src_logical_switch, src_port may be configured to be empty, meaning that no matter the source port, no alarm is given as long as the traffic classification is directed to the corresponding destination port.

Traffic_class may also be configured to be empty, meaning that traffic classification is not differentiated and no alert is made.

Data source, user writing.

The southbound database is extended ovn, adding the table traffic_class_ Unreachable. Mainly comprises the following steps:

src_ datapath, a source logical switch, a traffic_class_Unreacable in the northbound database, src_logical_ siwtch;

src_port_binding: a source port; trafficClass Unreacable. Src_port in the northbound database;

src_channels, which corresponds to the host machine where the source port is located;

dst_ datapath, destination logical switch, traffic_class_Unreacable in northbound database. Dst_logical_ siwtch;

dst_port_binding, destination port; traffic u in the same north database class_unreachable. Dst_port_binding;

traffic_class; traffic_class_unaachable. Traffic_class in the northbound database;

alarm, whether to alarm.

The table data source 1:ovn translates data of the northbound database one-to-one according to the corresponding values according to the above explanation. The src_pass no corresponding value is set to null and alarm set False.

And the data source 2 is an ovn distributed controller, and the data is reported according to the detected flow classification unreachable. And when detecting that the node increases the traffic classification, automatically deleting the missing traffic classification alarm reported by the current node.

And 3, deleting the data when the node to which the src_port_binding belongs is not the src_mechanism any more if the data is configured with the src_mechanism, and ensuring whether the port, namely the virtual machine, is monitored again to have an alarm or not when the port is migrated.

Ovn distributed control flow unreachable reporting, namely when a tunnel flow table forwarded to is issued for the destination port_binding, if no corresponding tunnel exists, identifying the value of in_port according to src_port_binding and writing the value into the flow table, and matching the value to be direct DROP according to traffic_class_ Unreachable in a current OVN southbound database. The rest of the streaming list sends the in_port and the destination port_binding data up to the controller. The Ovn distributed control identifies in_port data, converts to port_binding, writes Ovn to the south database traffic_class_ Unreachable.

In this embodiment, the method further includes:

The method comprises the steps of configuring policy routing rules in an operating system network stack of each computing node, wherein the policy routing rules are ensured to be forwarded according to the pre-bound tunnel source address and physical network card path based on the tunnel source address, the traffic class identifier and the multi-level matching condition of a target network segment, and the policy routing rules take effect in preference to the conventional routing tables and are dynamically issued by a distributed controller when the rules are updated, so that the consistency of tunnel encapsulation configuration in a southbound database is ensured.

The method and the system can realize the precise control of the traffic paths through the policy routing rules, avoid the mixed transmission of the traffic flows of different grades due to the conflict of routing tables or default routes, ensure the strict execution of the grading policy on a data surface, and simultaneously combine the dynamic issuing policy of the distributed controller to automatically adjust the routing paths when the topology of the computing nodes or the tunnel configuration changes, ensure the consistency of network connectivity and grading isolation and improve the elasticity and the operability of the system.

In the embodiment, an independent priority queue is created on a physical network card or a virtual switch for each service flow level, and a message is mapped to a corresponding queue based on a flow classification rule, wherein the priority queue adopts at least one queue scheduling mechanism of a Hierarchical Token Bucket (HTB), priority scheduling (PRIO) or fair queuing algorithm (FQ_ CODEL) to realize flow shaping, packet loss priority control and delay optimization, and when a plurality of queue scheduling algorithms exist, cascade combination is performed according to the flow levels so as to meet the bandwidth and delay requirements of different services.

The multi-level queue is configured at the link outlet, so that high-priority service blocking caused by excessive bandwidth occupation of low-priority traffic can be effectively avoided, differentiated bandwidth allocation and delay control of different traffic levels are realized, different service characteristics can be optimized by adopting various scheduling algorithm combinations, for example, the video traffic can be preferentially allocated with bandwidth, and batch backup traffic can be scheduled in a delayed manner, so that the link utilization rate and user experience are integrally improved.

In this embodiment, a TOS field or DSCP identifier is set in the tunnel packet header, so that downstream physical network devices (including switches, routers, and firewalls) can execute differential forwarding policies based on the identifier, including priority queuing, ECN marking, rate limiting, and congestion control, where the distributed controller is responsible for maintaining a global mapping relationship between traffic levels and DSCP values, and synchronously updating to all the physical devices involved in forwarding.

The method comprises the steps of encoding a traffic grade into a TOS/DSCP field of a message header, opening a QoS cooperative link between a computing node and physical network equipment to enable a service grading strategy to take effect end to end, combining hardware scheduling capability of the physical equipment, improving overall performance of a network, ensuring that high-priority service still has low delay and high reliability when the link is congested, reducing packet loss rate and guaranteeing key service experience.

In the embodiment, the configuration mode of the service flow level supports a whole network unified mode and a node selective configuration mode, wherein in the whole network unified mode, all computing nodes synchronize the same flow level, tunnel source address and service type value, in the selective configuration mode, specific flow levels can be started only on partial nodes according to tenant, service domain or node roles, low priority paths or default tunnel forwarding is adopted for the flows of the unconfigured levels, and mode switching is centrally managed by a distributed controller and supports online dynamic adjustment.

The cloud platform system can adapt to cloud environments with different scales and different tenant demands by supporting multiple configuration modes, operation and maintenance can be simplified under a whole network unified mode, global flow strategy consistency control is facilitated, resources can be saved under a selective configuration mode, high-grade tunnels and priority queues are deployed only on key nodes or nodes where high-priority services are located, performance and cost are considered, and flexibility and expandability of the cloud platform are improved.

The scheme provides a method for realizing classified transmission of user service traffic based on different source IP. Different source IP is provided to be configured to different network cards or to the same network card, and different classified flow differential transmission is realized by setting to different queues. The method is realized by using the ip rule configuration, and different flow classification is accurately sent out from a preset network card, so that unexpected intersection of different flow classification flows is avoided. The scheme also expands tunnel traffic tos configuration, configures different tos values based on different traffic classifications, and realizes that the physical network equipment distinguishes different traffic classifications.

In the service flow grading method, a plurality of service flow grades are preset in the cloud platform, ports are bound with the grades, the grading management of the flows of different service types can be realized in a logic network layer, service characteristics are distinguished from sources, independent tunnel source addresses are allocated to the flow grades on a computing node, and a distributed controller uniformly maintains and issues packaging rules, so that grade-based path control and differentiation processing can be realized in the tunnel establishment and flow forwarding process, end-to-end service flow grading is realized in a virtualized environment, the bandwidth guarantee capability and low-time delay experience of high-priority service are improved, key link resources are prevented from being occupied by low-priority service, and the efficient utilization and fine management and control of network resources in the cloud platform are finally realized.

From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment.

In one embodiment, as shown in fig. 4, a service traffic classification device 10 is provided, which includes a traffic class preset and port binding module 1, a tunnel source address allocation module 2, a tunnel source address association module 3, an encapsulation configuration update module 4, a classification tunnel establishment and transmission module 5, and a policy forwarding and service guarantee module 6.

The traffic class presetting and port binding module 1 is used for presetting a plurality of service traffic classes in network services of the cloud platform and binding network ports with corresponding traffic classes.

The tunnel source address allocation module 2 is used for allocating at least one tunnel source address for each service traffic class at the computing node;

The tunnel source address association module 3 is used for responding to the report of the tunnel source address by the computing node, and establishing a corresponding relation between the tunnel source address and the traffic class to obtain association information;

The package configuration updating module 4 is used for receiving the association information by the distributed controller and updating the tunnel package configuration according to the association information;

The hierarchical tunnel establishment and transmission module 5 is configured to select a corresponding tunnel source address according to a traffic class of a destination port when establishing a tunnel based on tunnel encapsulation configuration, and set a corresponding service type value based on the traffic class, so as to implement hierarchical transmission of traffic.

In this embodiment, the policy forwarding and service ensuring module 6 is configured to:

In this embodiment, selecting a corresponding tunnel source address according to a traffic class of a target traffic, and setting a corresponding service type value based on the traffic class includes:

In the service flow grading device, a plurality of service flow grades are preset in the cloud platform, ports are bound with the grades, the grading management of the flows of different service types can be realized in a logic network layer, service characteristics are distinguished from sources, independent tunnel source addresses are allocated to the flow grades on a computing node, and a distributed controller uniformly maintains and issues packaging rules, so that grade-based path control and differentiation processing can be realized in the tunnel establishment and flow forwarding process, end-to-end service flow grading is realized in a virtualized environment, the bandwidth guarantee capability and low-time delay experience of high-priority service are improved, key link resources are prevented from being occupied by low-priority service, and the efficient utilization and fine management and control of network resources in the cloud platform are finally realized.

The description of the features in the embodiment corresponding to the service flow classification device may refer to the related description of the embodiment corresponding to the service flow classification method, which is not described in detail herein.

The embodiment of the application also provides an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the traffic classification method embodiments described above.

In one embodiment, the electronic device may be a server, the internal structure of which may be as shown in fig. 5. The electronic device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic device includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the electronic device is used for storing the service flow classification data. The network interface of the electronic device is used for communicating with an external terminal through a network connection. The computer program when executed by a processor implements a traffic classification method.

Embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is configured to perform, when run, the steps of any of the traffic classification method embodiments described above:

responding to the report of the tunnel source address by the computing node, and establishing a corresponding relation between the tunnel source address and the traffic class to obtain association information;

receiving the association information by the distributed controller and updating the tunnel encapsulation configuration according to the association information;

When a tunnel is established based on tunnel encapsulation configuration, a corresponding tunnel source address is selected according to the service traffic grade of the target port, and a corresponding service type value is set based on the traffic grade, so that hierarchical transmission of the service traffic is realized.

In an exemplary embodiment, the computer readable storage medium may include, but is not limited to, a U disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, etc. various media in which a computer program may be stored.

The embodiment of the present application also provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, performs the steps in any of the embodiments of the traffic classification method described above:

Embodiments of the present application also provide another computer program product comprising a non-volatile computer readable storage medium storing a computer program which, when executed by a processor, performs the steps of any of the above embodiments of a traffic classification method:

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The service flow classification method, the electronic equipment, the storage medium and the product provided by the application are described in detail. The principles and embodiments of the present application have been described herein with reference to specific examples, the description of which is intended only to facilitate an understanding of the method of the present application and its core ideas. It should be noted that it will be apparent to those skilled in the art that the present application may be modified and practiced without departing from the spirit of the present application.

Claims

1. A method for classifying traffic, comprising:

When a tunnel is established based on the tunnel encapsulation configuration, selecting a corresponding tunnel source address according to the service traffic grade of a target port, and setting a corresponding service type value based on the traffic grade, thereby realizing the hierarchical transmission of the service traffic;

When a tunnel is established based on the tunnel encapsulation configuration, selecting a corresponding tunnel source address according to a traffic class of a target port, and setting a corresponding service type value based on the traffic class, thereby realizing hierarchical transmission of traffic, including:

When configuring service type values, establishing corresponding relations between the service flow grades and the service type values, and setting corresponding service type values for tunnel messages of each service flow grade based on the corresponding relations when forwarding the tunnel messages;

When the distributed controller establishes a tunnel for a target flow, selecting a corresponding tunnel source address according to the service flow grade of the target flow, and setting a corresponding service type value based on the flow grade to realize hierarchical transmission of the target flow;

wherein the method further comprises:

expanding flow grade attributes in a north database and a south database for identifying service flow grades corresponding to network ports and tunnels;

expanding isolation flow parameters in a global table of the northbound database for controlling mutual access among the ports of each service flow class;

the method comprises the steps of distributing corresponding service type values for each service flow level by expanding an encapsulation service configuration item so as to support corresponding priority forwarding for each service flow level in physical network equipment;

and configuring policy routing rules in the network stack of the operation system of each computing node, wherein the policy routing rules comprise multistage matching conditions based on tunnel source addresses, traffic class identifiers and target network segments so as to ensure that messages of different traffic classes are forwarded according to the pre-bound tunnel source addresses and physical network card paths.

2. The traffic classification method according to claim 1, wherein said responding to the report of the tunnel source address by the computing node and establishing a correspondence between the tunnel source address and the traffic class to obtain the association information includes:

and obtaining the tunnel IP corresponding to the tunnel source address, and adjusting the format of the tunnel IP to be [ tunnel IP: flow grade ], wherein the tunnel source address corresponding to each flow grade is unique.

3. The traffic classification method according to claim 2, wherein the receiving, by the distributed controller, the association information and updating the tunnel encapsulation configuration according to the association information comprises:

and updating the tunnel encapsulation information of the computing node after receiving the report information in the format of the tunnel IP flow grade by the distributed controller.

4. The service traffic classification method according to claim 1, wherein the establishing a correspondence between the service traffic class and the service type value when configuring the service type value includes:

when a service type value is entered in a configuration item, the service type value is applied to all traffic classes.

5. The traffic classification method according to claim 1, wherein when the distributed controller establishes a tunnel for a target traffic, further comprising:

responding to the existence of a tunnel source address with the same flow grade as the target network port of the computing node, and establishing a tunnel by adopting the tunnel source address;

responding to the fact that the computing node does not have a tunnel source address with the same flow level as the target network port, and if the isolated flow parameter is yes, a tunnel is not established;

6. The traffic classification method according to claim 1, wherein selecting a corresponding tunnel source address according to the traffic class of the target traffic, and setting a corresponding service type value based on the traffic class comprises:

7. The traffic classification method according to claim 1, wherein when the distributed controller establishes a tunnel for a target traffic, further comprising:

and establishing a low-priority tunnel to transmit the target traffic in response to the absence of a tunnel source address corresponding to the target port traffic class.

8. The traffic classification method according to claim 7, further comprising, after the distributed controller establishes a tunnel for a target traffic:

9. The traffic classification method according to claim 8, wherein selecting a corresponding tunnel source address according to the traffic class of the target traffic and performing classification transmission comprises:

Responding to the target traffic as high-priority traffic, configuring a first source IP for the high-priority traffic by a computing node on a host side, and configuring the first source IP on an independent physical network card so as to enable the target traffic to be transmitted through an independent physical link;

responding to the target flow as the medium priority flow, configuring a second source IP for the medium priority flow by a computing node on the host side, and configuring the second source IP in different priority queues of the same physical network card;

And responding to the target traffic as low-priority traffic, configuring a third source IP for the low-priority traffic by a computing node on the host side, and carrying out speed limiting and queuing scheduling on the traffic of the third source IP through a kernel tool and a queue management mechanism, and placing the traffic in a low-priority queue for transmission.

10. The traffic classification method according to claim 1, characterized in that the method further comprises:

11. An electronic device, comprising:

A memory for storing a computer program;

processor for implementing the steps of the traffic classification method according to any of the claims 1 to 10 when executing said computer program.

12. A computer readable storage medium, characterized in that a computer program is stored in the computer readable storage medium, wherein the computer program, when being executed by a processor, implements the steps of the traffic classification method according to any of the claims 1 to 10.

13. A computer program product comprising a computer program which, when executed by a processor, implements the steps of the traffic classification method according to any of claims 1 to 10.