WO2021083269A1

WO2021083269A1 - Network traffic rate limiting method and device, central control equipment and gateways

Info

Publication number: WO2021083269A1
Application number: PCT/CN2020/124795
Authority: WO
Inventors: 李澍桐
Original assignee: Beijing Kingsoft Cloud Network Technology Co Ltd; Beijing Kingsoft Cloud Technology Co Ltd
Current assignee: Beijing Kingsoft Cloud Network Technology Co Ltd; Beijing Kingsoft Cloud Technology Co Ltd
Priority date: 2019-10-29
Filing date: 2020-10-29
Publication date: 2021-05-06
Anticipated expiration: 2022-04-29
Also published as: CN112751691B; CN112751691A

Abstract

The present application provides a network traffic rate limiting method and device, a central control equipment and gateways. The method comprises: the central control equipment receiving a traffic warning sent by a first gateway in a rate limiting gateway cluster, acquiring the real-time bandwidth of a target service on various gateways of the rate limiting gateway cluster, and according to the current bandwidth quota of the target service on the first gateway and the real-time bandwidth on the various gateways as well as a pre-stored total bandwidth quota of the target service, updating the bandwidth quota of the target service on the various gateways of the rate limiting gateway cluster. In the method, upon the real-time bandwidth of a target service on any gateway of the rate limiting gateway cluster exceeds a specified bandwidth, a traffic warning is sent to the central control equipment in time, and the central control equipment re-allocates the bandwidth quota of each gateway according to the real-time bandwidth of the target service on the various gateways and the total bandwidth quota of the target service, so that the bandwidth quota of the various gateways matches the real-time bandwidth of the target service on the various gateways; thus, the method is more accurate in rate limiting of the target service.

Description

Speed limiting method, device, central control equipment and gateway of network traffic

本申请要求于2019年10月29日提交中国专利局、申请号为201911048394.7、发明名称为“网络流量的限速方法、装置、中控设备和网关”的中国专利申请的优先权，其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on October 29, 2019, the application number is 201911048394.7, and the invention title is "Network Traffic Rate Limiting Methods, Devices, Central Control Equipment, and Gateways". The entire contents of the Chinese patent application Incorporated in this application by reference.

Technical field

本申请涉及信息技术领域，尤其是涉及一种网络流量的限速方法、装置、中控设备和网关。This application relates to the field of information technology, and in particular to a method, device, central control device, and gateway for limiting network traffic.

Background technique

相关技术中，中控程序对限速网关集群中的限速网关统一分配配额带宽，在某个时间段内，限速网关按照被分配的配额带宽进行限速。在限速过程中，限速网关集群通常还会以租户业务为粒度进行限速，以使租户业务占用的带宽与租户购买的带宽相匹配。租户业务产生的网络流量通常会散列至一个或多个限速网关进行限速，该一个或多个限速网关中会分配有针对租户业务的配额带宽，并以该配额带宽进行限速，该一个或多个限速网关中的该租户业务的配额带宽的总和为该租户购买的带宽。In related technologies, the central control program uniformly allocates quota bandwidth to the speed-limiting gateways in the speed-limiting gateway cluster, and within a certain period of time, the speed-limiting gateway performs speed limit according to the allocated quota bandwidth. During the speed limit process, the speed limit gateway cluster usually also performs speed limit based on the tenant business granularity, so that the bandwidth occupied by the tenant business matches the bandwidth purchased by the tenant. The network traffic generated by the tenant business is usually hashed to one or more speed-limiting gateways for speed-limiting. The one or more speed-limiting gateways will be allocated a quota bandwidth for the tenant business, and the quota bandwidth will be used for speed limitation. The sum of the quota bandwidth of the tenant service in the one or more rate limiting gateways is the bandwidth purchased by the tenant.

但是如果租户业务某一时刻产生突发网络流量，如果某个限速网关的配额带宽与散列至该网关的流量相差较大，限速网关难以及时调整配额带宽以响应该突发网络流量，导致限速网关集群对租户业务的限速带宽与租户购买的带宽不匹配，带宽限速准确性较差。However, if a tenant’s business generates a burst of network traffic at a certain moment, if the quota bandwidth of a certain rate-limiting gateway is quite different from the traffic hashed to the gateway, it is difficult for the rate-limiting gateway to adjust the quota bandwidth in time to respond to the bursty network traffic. As a result, the rate limiting bandwidth of the rate limiting gateway cluster for tenant services does not match the bandwidth purchased by the tenant, and the accuracy of the bandwidth rate limiting is poor.

发明内容Summary of the invention

本申请的目的在于提供一种网络流量的限速方法、装置、中控设备和网关，当出现突发网络流量时，限速网关可以及时调整配额带宽，以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。The purpose of this application is to provide a method, device, central control device, and gateway for network traffic rate limiting. When a burst of network traffic occurs, the rate limiting gateway can adjust the quota bandwidth in time so that the quota bandwidth of each gateway is consistent with the target service. The real-time bandwidth of each gateway is matched, so that the traffic speed limit of the target business is more accurate.

第一方面，本申请提供的一种网络流量的限速方法，应用于中控设备，所述方法包括：接收限速网关集群中第一网关发送的流量告警；其中，所述流量告警用于指示：预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例；基于所述流量告警获取所述目标业务在所述限速网关集群中各个网关的实时带宽；根据所述目标业务在所述第一网关的当前配额带宽、所述目标业务在所述各个网关的实时带宽，以及预存的所述目标业务的配额总带宽，更新所述目标业务在所述限速网关集群中各个网关的配额带宽。In the first aspect, a method for speed limiting network traffic provided by this application is applied to a central control device. The method includes: receiving a traffic alarm sent by a first gateway in a speed limiting gateway cluster; wherein, the traffic alarm is used for Indication: the preset real-time bandwidth of the target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth; obtain the real-time bandwidth of the target service at each gateway in the rate-limiting gateway cluster based on the traffic alarm; according to the target service The current quota bandwidth of the first gateway, the real-time bandwidth of the target service in the respective gateways, and the pre-stored total bandwidth of the quota of the target service, update each of the target service in the rate-limiting gateway cluster The quota bandwidth of the gateway.

第二方面，本申请提供的一种网络流量的限速方法，应用于网关，所述网关被配置为能够接收对目标业务的请求报文和/或发送所述目标业务发出的响应报文，所述网关基于存储的配额带宽对所述目标业务的流量进行限速，所述方法包括：在检测到目标业务的实时带宽超出当前配额带宽的预定比例时，生成流量告警；将所述流量告警发送至与所述网关通信连接的中控设备；接收所述中控设备返回的更新后的配额带宽，并按照更新后的配额带宽对所述目标业务的流量进行限速。In the second aspect, the method for limiting the rate of network traffic provided by the present application is applied to a gateway, and the gateway is configured to be able to receive a request message for a target service and/or send a response message sent by the target service, The gateway limits the rate of traffic of the target service based on the stored quota bandwidth, and the method includes: generating a traffic alarm when detecting that the real-time bandwidth of the target service exceeds a predetermined proportion of the current quota bandwidth; and alarming the traffic Send to the central control device that is in communication with the gateway; receive the updated quota bandwidth returned by the central control device, and limit the rate of the target service traffic according to the updated quota bandwidth.

第三方面，本申请提供的一种网络流量的限速装置，应用于中控设备，所述装置包括：第一接收模块，设置为接收限速网关集群中第一网关发送的流量告警；其中，所述流量告警用于指示：预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例；第一获取模块，设置为基于所述流量告警获取所述目标业务在所述限速网关集群中各个网关的实时带宽；更新模块，设置为根据所述目标业务在所述第一网关的当前配额带宽、所述目标业务在所述各个网关的实时带宽，以及预存的所述目标业务的配额总带宽，更新所述目标业务在所述限速网关集群中各个网关的配额带宽。In a third aspect, a network traffic rate limiting device provided by the present application is applied to a central control device, and the device includes: a first receiving module configured to receive traffic alarms sent by the first gateway in the rate limiting gateway cluster; wherein The traffic alarm is used to indicate: the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth; the first obtaining module is configured to obtain the target service at the rate limit based on the traffic alarm. The real-time bandwidth of each gateway in the gateway cluster; the update module is set to be based on the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at the respective gateways, and the pre-stored target service To update the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster.

第四方面，本申请提供的一种网络流量的限速装置，设置于网关，所述网关被配置为能够接收对目标业务的请求报文和/或发送所述目标业务发出的响应报文，所述网关基于存储的配额带宽对所述目标业务的流量进行限速，所述装置包括：生成模块，设置为在检测到目标业务的实时带宽超出当前配额带宽的预定比例时，生成流量告警；发送模块，设置为将所述流量告警发送至与所述网关通信连接的中控设备；第二接收模块，设置为接收所述中控设备返回的更新后的配额带宽，并按照更新后的配额带宽对所述目标业务的流量进行限速。In a fourth aspect, a network traffic rate limiting device provided by the present application is set in a gateway, and the gateway is configured to be able to receive request messages for target services and/or send response messages sent by the target services, The gateway limits the rate of traffic of the target service based on the stored quota bandwidth, and the device includes: a generating module configured to generate a traffic alarm when detecting that the real-time bandwidth of the target service exceeds a predetermined proportion of the current quota bandwidth; The sending module is set to send the traffic alarm to the central control device that is in communication with the gateway; the second receiving module is set to receive the updated quota bandwidth returned by the central control device and follow the updated quota The bandwidth limits the rate of the traffic of the target service.

第五方面，本申请提供的一种中控设备，包括处理器和存储器，所述存储器存储有能够被所述处理器执行的机器可执行指令，所述处理器执行所述机器可执行指令以实现上述第一方面所述的网络流量的限速方法。In a fifth aspect, a central control device provided by the present application includes a processor and a memory, and the memory stores machine-executable instructions that can be executed by the processor, and the processor executes the machine-executable instructions to The method for limiting the rate of network traffic described in the first aspect above is implemented.

第六方面，本申请提供的一种网关，包括处理器和存储器，所述存储器存储有能够被所述处理器执行的机器可执行指令，所述处理器执行所述机器可执行指令以实现上述第二方面所述的网络流量的限速方法。In a sixth aspect, a gateway provided by the present application includes a processor and a memory, the memory stores machine-executable instructions that can be executed by the processor, and the processor executes the machine-executable instructions to implement the foregoing The method for limiting the rate of network traffic described in the second aspect.

第七方面，本申请提供的一种计算机可读存储介质，该计算机可读存储介质内存储有计算机程序，所述计算机程序被处理器执行时实现上述任一种网络流量的限速方法。In a seventh aspect, the present application provides a computer-readable storage medium that stores a computer program in the computer-readable storage medium, and when the computer program is executed by a processor, it implements any one of the foregoing network traffic rate limiting methods.

第八方面，本申请提供的一种包含指令的计算机程序产品，当其在计算机上运行时，使得计算机执行上述任一种网络流量的限速方法。In an eighth aspect, the present application provides a computer program product containing instructions, which when running on a computer, causes the computer to execute any of the above-mentioned methods for limiting the rate of network traffic.

第九方面，本申请提供的一种可执行程序代码，所述可执行程序代码设置为被运行以执行上述任一种网络流量的限速方法。In a ninth aspect, the present application provides an executable program code, the executable program code is set to be executed to execute any one of the foregoing network traffic rate limiting methods.

本申请提供的网络流量的限速方法、装置、中控设备和网关，首先，接收限速网关集群中第一网关发送的流量告警，该流量告警指示预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例，然后，基于该流量告警获取该目标业务在该限速网关集群中各个网关的实时带宽；最后，根据该目标业务在该第一网关的当前配额带宽、该目标业务在各个网关的实时带宽，以及预存的该目标业务的配额总带宽，更新该目标业务在该限速网关集群中各个网关的配额带宽，以通过各个网关按照调整后的配额带宽对目标业务的流量进行限速。该方法中，限速网关集群中的任一网关的目标业务的实时带宽超出指定带宽后，及时向中控设备发送流量告警，中控设备根据各个网关对目标业务的实时带宽和该目标业务的配额总带宽，重新分配各个网关的配额带宽，以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。The network traffic rate limiting method, device, central control device and gateway provided in this application firstly receive a traffic alarm sent by the first gateway in the rate limiting gateway cluster, and the traffic alarm indicates the real-time bandwidth of the preset target service at the first gateway Exceeding the predetermined ratio of the current quota bandwidth, then, based on the traffic alarm, obtain the real-time bandwidth of each gateway of the target service in the rate-limiting gateway cluster; finally, according to the current quota bandwidth of the target service in the first gateway, the target service The real-time bandwidth of each gateway and the pre-stored total bandwidth of the target service quota, update the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster, so that the traffic of the target service can be adjusted by each gateway according to the adjusted quota bandwidth Carry out speed limit. In this method, after the real-time bandwidth of the target service of any gateway in the speed-limiting gateway cluster exceeds the specified bandwidth, it sends traffic alarms to the central control device in time, and the central control device sends traffic alarms to the central control device according to the real-time bandwidth of each gateway to the target business and the target business’s real-time bandwidth. Quota total bandwidth, redistribute the quota bandwidth of each gateway, so that the quota bandwidth of each gateway matches the real-time bandwidth of the target service at each gateway, so as to limit the traffic rate of the target service more accurately.

Description of the drawings

为了更清楚地说明本申请实施例和相关技术的技术方案，下面对实施例和相关技术中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本申请的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions of the embodiments of the present application and related technologies, the following briefly introduces the drawings that need to be used in the embodiments and related technologies. Obviously, the drawings in the following description are only of the present application. For some embodiments, those of ordinary skill in the art can obtain other drawings based on these drawings without creative work.

图1为本申请实施例提供的一种限速网关集群拓扑架构的示意图；FIG. 1 is a schematic diagram of a speed-limiting gateway cluster topology structure provided by an embodiment of the application;

图2为本申请实施例提供的一种网络流量的限速方法的流程图；2 is a flowchart of a method for limiting network traffic rate according to an embodiment of this application;

图3为本申请实施例提供的一种限速网关集群的整体架构示意图；FIG. 3 is a schematic diagram of the overall architecture of a speed-limiting gateway cluster provided by an embodiment of this application;

图4为本申请实施例提供的另一种网络流量的限速方法的流程图；4 is a flowchart of another method for limiting network traffic rate according to an embodiment of this application;

图5为本申请实施例提供的另一种网络流量的限速方法的流程图；FIG. 5 is a flowchart of another method for limiting network traffic rate according to an embodiment of this application;

图6为本申请实施例提供的第一网关、中控设备和其他网关的交互示意图；FIG. 6 is a schematic diagram of interaction between a first gateway, a central control device, and other gateways according to an embodiment of the application;

图7为本申请实施例提供的限速网关集群中的流量示意图；FIG. 7 is a schematic diagram of traffic in a rate-limiting gateway cluster provided by an embodiment of the application;

图8为本申请实施例提供的另一种网络流量的限速方法的流程图；FIG. 8 is a flowchart of another method for limiting network traffic rate according to an embodiment of this application;

图9为本申请实施例提供的另一种网络流量的限速方法的流程图；FIG. 9 is a flowchart of another method for limiting network traffic rate according to an embodiment of this application;

图10为本申请实施例提供的另一种网络流量的限速方法的流程图；FIG. 10 is a flowchart of another method for limiting network traffic rate according to an embodiment of this application;

图11为本申请实施例提供的一种网络流量的限速装置的结构示意图；FIG. 11 is a schematic structural diagram of a device for limiting network traffic according to an embodiment of this application;

图12为本申请实施例提供的另一种网络流量的限速装置的结构示意图；FIG. 12 is a schematic structural diagram of another device for limiting network traffic according to an embodiment of this application;

图13为本申请实施例提供的一种中控设备或网关示意图。FIG. 13 is a schematic diagram of a central control device or gateway provided by an embodiment of this application.

Detailed ways

为使本申请的目的、技术方案、及优点更加清楚明白，以下参照附图并举实施例，对本申请进一步详细说明。显然，所描述的实施例仅仅是本申请一部分实施例，而不是全部的实施例。基于本申请中的实施例，本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例，都属于本申请保护的范围。In order to make the purpose, technical solutions, and advantages of the present application clearer, the following further describes the present application in detail with reference to the accompanying drawings and embodiments. Obviously, the described embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by a person of ordinary skill in the art without creative work shall fall within the protection scope of this application.

下面将结合实施例对本申请的技术方案进行清楚、完整地描述，显然，所描述的实施例是本申请一部分实施例，而不是全部的实施例。基于本申请中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本申请保护的范围。The technical solutions of the present application will be clearly and completely described below in conjunction with the embodiments. Obviously, the described embodiments are a part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.

在当前云计算网络架构中，限速是一项通用功能，其在保证服务质量(Quality of Service，简称QoS)的同时，还对租户的网络流量进行计费。限速功能通常以软件形式部署在网关上，通过集中式部署，以集群方式工作。In the current cloud computing network architecture, rate limiting is a general function. While ensuring the quality of service (QoS), it also charges tenants' network traffic. The speed limit function is usually deployed on the gateway in the form of software, and works in a cluster through centralized deployment.

参见图1所示的一种限速网关集群拓扑架构的示意图。该拓扑架构包括流量传控节点(Traffic Transaction，简称TC)、互联网数据中心机房(Internet Data Center，简称IDC)和公网。同一个区域(Region)的多个机房中的设备均通过该区域的流量传控节点与公网连接。一个流量传控节点包括限速服务网关(Serving GateWay，简称sgw)集群、多个上联交换机和多个下联交换机。当限速服务网关集群用于限速时，也可以称为限速网关集群，限速网关集群可以用sgw集群来表示，单个网关可以用sgw来表示，每个网关均连接在上联交换机和下联交换机之间，所有进出互联网数据中心机房的数据报文(即流量)都要经过限速网关集群。上联交换机和下联交换机会根据接收到的数据报文中的五元组将流量散列至限速网关集群，从而保障集群整体流量的负载均衡。其中，上述五元组通常是指数据报文的源IP地址、源端口、目的IP地址、目的端口和传输层协议。See Figure 1 for a schematic diagram of a speed-limiting gateway cluster topology. The topology structure includes a traffic control node (Traffic Transaction, TC), an Internet Data Center (Internet Data Center, IDC), and a public network. The devices in multiple computer rooms in the same region are all connected to the public network through the traffic control node in the region. A flow control node includes a speed-limited service gateway (Serving GateWay, sgw for short) cluster, multiple uplink switches and multiple downlink switches. When a speed-limiting service gateway cluster is used for speed-limiting, it can also be called a speed-limiting gateway cluster. The speed-limiting gateway cluster can be represented by sgw cluster, and a single gateway can be represented by sgw. Each gateway is connected to the uplink switch and Between the downstream switches, all data packets (that is, traffic) entering and leaving the Internet data center computer room must pass through the rate-limiting gateway cluster. The uplink switch and the downlink switch will hash the traffic to the speed-limiting gateway cluster according to the five-tuple in the received data message, so as to ensure the load balance of the overall traffic of the cluster. Among them, the above five-tuple usually refers to the source IP address, source port, destination IP address, destination port, and transport layer protocol of the data message.

购买了云计算服务的租户可通过云计算服务提供商的控制台创建业务，并为其业务配置一个弹性网络地址(elastic internet protocol，简称eip)或一个弹性网络地址组(eip group)，在弹性网络地址组中，多个弹性网络地址共享一网络总带宽。对于某个业务的弹性网络地址或弹性网络地址组，为保证负载均衡性，该业务的出、入向流量会散列至多个限速网关进行限速处理，故需在集群内各个限速网关间做限速的协同处理，以保证集群各个限速网关限速总和不超过租户所购买带宽。Tenants who have purchased cloud computing services can create services through the console of the cloud computing service provider and configure an elastic internet protocol (eip) or an elastic network address group (eip group) for their services. In the network address group, multiple flexible network addresses share a total network bandwidth. For the elastic network address or elastic network address group of a certain business, in order to ensure load balance, the outbound and inbound traffic of the business will be hashed to multiple speed-limiting gateways for speed-limiting processing, so each speed-limiting gateway in the cluster is required The speed limit is coordinated to ensure that the total speed limit of each speed limit gateway in the cluster does not exceed the bandwidth purchased by the tenant.

相关的限速网关集群通过中控(central control，简称cctl)程序来统一协调带宽配额分配策略。其中，中控程序部署在中控设备上，其方式为每隔一定时间T(例如，T为5秒)，由中控设备通过中控程序向限速网关集群中的每个限速网关收集、重分配、推送所有带宽包。该方案主要存在以下问题：The related rate-limiting gateway cluster uses a central control (cctl) program to coordinate the bandwidth quota allocation strategy. Among them, the central control program is deployed on the central control device in a manner that every certain time T (for example, T is 5 seconds), the central control device collects data from each speed-limiting gateway in the speed-limiting gateway cluster through the central control program , Redistribute and push all bandwidth packages. The program mainly has the following problems:

问题一：中控程序带宽分配策略本身存在问题，导致租户流量超过所购限额，进而对双方(指的是租户和云服务提供商)造成不利及纠纷。具体体现为：限速网关丢弃报文的前提是当前可用令牌为0或当前分配带宽为0。若限速网关分配带宽为0，则在周期T内，对于该带宽组所有到来报文均采取丢弃策略，这样会导致短时间会极大损伤租户网络传输效率。因此，中控程序为避免中控设备冷启动情况下限速网关分配带宽为0，采取的策略为：设置单个限速网关分配带宽阈值下限为：该业务的总带宽/集群内限速网关数量(记为N)。此策略虽保证单个限速网关最低带宽下限，避免损伤租户网络传输效率，却易导致总体分配带宽超过该业务的总带宽，从而使得租户流量超过所购限额，超出部分的费用会对双方造成不利及纠纷。Problem 1: There is a problem with the bandwidth allocation strategy of the central control program, which causes the tenant's traffic to exceed the purchased limit, which causes disadvantages and disputes for both parties (referring to the tenant and the cloud service provider). Specifically, the premise that the rate-limiting gateway discards the packet is that the current available token is 0 or the current allocated bandwidth is 0. If the bandwidth allocated by the rate-limiting gateway is 0, then within the period T, all incoming packets of the bandwidth group are discarded, which will cause a short period of time that will greatly damage the transmission efficiency of the tenant network. Therefore, in order to avoid the speed-limiting gateway's allocated bandwidth of 0 when the central control device is cold-started, the central control program adopts the strategy: set a single speed-limiting gateway to allocate bandwidth threshold lower limit as: the total bandwidth of the service/the number of speed-limiting gateways in the cluster (Denoted as N). Although this strategy guarantees the lower limit of the minimum bandwidth of a single rate-limiting gateway to avoid damaging the tenant’s network transmission efficiency, it easily causes the overall allocated bandwidth to exceed the total bandwidth of the service, causing the tenant’s traffic to exceed the purchased limit, and the excess fee will be harmful to both parties And disputes.

问题二：在中控程序更新周期内，每个限速网关带宽配额为固定值，当出现突发性的流量时，限速网关不能根据流量实时情况动态的调整带宽配额，灵活性不佳。具体体现为：由于中控程序每隔时间T更新每个限速网关带宽配额，因此在周期T内，每个限速网关按照已分配带宽进行固定限速，如果在该周期内某租户出现突发性的网络流量，则会导致在该周期内散列至集群上的流量与当前集群分配带宽出入较大，造成限速不准。Problem 2: During the update cycle of the central control program, the bandwidth quota of each rate-limiting gateway is a fixed value. When sudden traffic occurs, the rate-limiting gateway cannot dynamically adjust the bandwidth quota according to the real-time traffic situation, which is not flexible. Specifically, the central control program updates the bandwidth quota of each rate-limiting gateway every time T. Therefore, during the period T, each rate-limiting gateway performs a fixed rate limit based on the allocated bandwidth. If a tenant has a sudden change in the period, Spontaneous network traffic will result in a large discrepancy between the traffic hashed to the cluster in this period and the bandwidth allocated by the current cluster, resulting in inaccurate speed limits.

问题三：随着出网带宽加大，限速网关集群会横向扩容，增加服务器数量；同时，随着租户增多、带宽组配置增多，集群的整体配置量也将增大。相关的中控程序周期性刷新带宽配额的方法，会面临着单次处理时延增大，每次拉取全量配置时延增大、管控流量所占用的带外资源增大的问题，因此，这种集群限速方式，在面向未来的扩展中不具有适用性。Problem 3: As the network bandwidth increases, the speed-limiting gateway cluster will expand horizontally and increase the number of servers; at the same time, as the number of tenants increases and the bandwidth group configuration increases, the overall configuration of the cluster will also increase. The related central control program periodically refreshes the bandwidth quota method, which will face the increase of single processing delay, the increase of the delay of each pull of the full configuration, and the increase of out-of-band resources occupied by the control traffic. Therefore, This cluster speed limiting method is not applicable in future-oriented expansion.

基于上述，本申请实施例首先提供一种网络流量的限速方法、装置、中控设备和网关，该技术可以应用于中控设备的网络流量限速，也可以应用于网关设备的网络流量限速中。Based on the foregoing, the embodiments of the present application first provide a method, device, central control device, and gateway for network traffic rate limiting. This technology can be applied to the network traffic rate limiting of central control devices and can also be applied to the network traffic limiting of gateway devices. Speed in.

首先，参见图2所示的一种网络流量的限速方法的流程图，该方法可以应用于中控设备；该中控设备可以是限速网关集群中的某一台网关，也可以是独立于限速网关集群中的网关以外的一台设备，上述图1中以该中控设备是独立于限速网关集群中的网关以外的一台设备为例进行说明；该方法包括以下步骤：First, refer to the flow chart of a method for speed limiting network traffic shown in Figure 2. This method can be applied to a central control device; the central control device can be a certain gateway in a speed limiting gateway cluster, or it can be an independent gateway. For a device other than the gateway in the rate-limiting gateway cluster, the above-mentioned Figure 1 takes the central control device as an example of a device other than the gateway in the rate-limiting gateway cluster for illustration; the method includes the following steps:

步骤S202，接收限速网关集群中第一网关发送的流量告警；其中，该流量告警用于指示：预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例。Step S202: Receive a traffic alarm sent by a first gateway in the rate-limiting gateway cluster; where the traffic alarm is used to indicate that the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth.

上述目标业务可以理解为由目标租户指定的运行在IDC机房服务器集群中的一个或多个程序的集合。例如：A公司购买了云计算提供商B公司的服务，并将其开发的一款应用程序C部署在B公司的服务器集群中，其中，应用程序C包括C1、C2、C3共3个子程序，该应用程序C购买的总带宽为M。此案例中，目标租户为A，目标业务为C。The above-mentioned target business can be understood as a collection of one or more programs running in the IDC computer room server cluster designated by the target tenant. For example: Company A purchases the services of cloud computing provider Company B, and deploys an application C developed by it in the server cluster of Company B. Among them, application C includes 3 sub-programs C1, C2, and C3. The total bandwidth purchased by the application C is M. In this case, the target tenant is A and the target business is C.

租户可以通过控制台创建目标业务，该控制台对应的设备可以与中控设备通信连接；租户为每个目标业务申请一个弹性网络地址或一个弹性网络地址组，并为该目标业务购买一定量带宽；然后，该目标业务的数据即可以实现与公网间的交互，在限速网关集群中，会以租户的目标业务为粒度进行限速。不同的目标业务之间，限速逻辑相对独立、互不影响。Tenants can create target services through the console, and the device corresponding to the console can communicate with the central control device; the tenant applies for an elastic network address or an elastic network address group for each target business, and purchases a certain amount of bandwidth for the target business ; Then, the data of the target business can realize the interaction with the public network. In the speed-limiting gateway cluster, the target business of the tenant will be used as the granularity for speed limiting. Between different target businesses, the speed limit logic is relatively independent and does not affect each other.

对于任一目标业务，为保证流量最大化负载均衡，通常会将该目标业务的流量散列至限速网关集群中，限速网关集群中的多个网关中会分配有针对该目标业务的配额带宽，并以该配额带宽进行限速，多个网关中的该目标业务的配额带宽的总和即为所购买的该目标业务的带宽总额；每个网关中还会设定针对该目标业务的实时带宽超出当前配额带宽的预定比例，该预定比例可以根据租户需求进行设定，如90％。可以理解，当相应的网关中针对该目标业务的配额带宽为零时，则指定带宽为零。For any target business, in order to ensure maximum traffic load balance, the traffic of the target business is usually hashed into a rate-limiting gateway cluster. Multiple gateways in the rate-limiting gateway cluster will be allocated quotas for the target business. Bandwidth, and the quota bandwidth is used to limit the rate. The sum of the quota bandwidth of the target service in multiple gateways is the total bandwidth of the target service purchased; each gateway will also set the real-time bandwidth for the target service The bandwidth exceeds the preset ratio of the current quota bandwidth, and the preset ratio can be set according to tenant needs, such as 90%. It can be understood that when the quota bandwidth for the target service in the corresponding gateway is zero, the designated bandwidth is zero.

上述第一网关可以是限速网关集群中的任一限速网关，当散列至集群中第一网关中的针对该目标业务的实时带宽超出当前配额带宽预定比例时，该第一网关生成上述流量告警，并发送至中控设备，其中，该流量告警至少可以包括第一网关的编号、目标业务的编号、目标业务在第一网关的配额带宽，以及流量告警生成时该目标业务在该第一网关的实时带宽；上述第一网关的编号可以理解为，限速网关集群中通常包括多个网关，为便于区分管理，为每个网关所设置的不同的编号；上述目标业务的编号可以理解为，为了对不同的目标业务进行区分管理，为不同的目标业务所设置的不同的编号；上述目标业务在第一网关的配额带宽可以理解为，租户为目标业务所购买带宽散列至限速网关集群中的多个网关，其中在第一网关所分配的带宽，即为目标业务在第一网关的配额带宽；上述目标业务在该第一网关的实时带宽可以理解为，该目标业务在第一网关中的实际流量所对应的带宽。The foregoing first gateway may be any rate-limiting gateway in the rate-limiting gateway cluster. When the real-time bandwidth for the target service hashed to the first gateway in the cluster exceeds a predetermined ratio of the current quota bandwidth, the first gateway generates the foregoing The traffic alarm is sent to the central control device, where the traffic alarm can include at least the number of the first gateway, the number of the target service, the quota bandwidth of the target service at the first gateway, and the target service at the time when the traffic alarm is generated. The real-time bandwidth of a gateway; the number of the above-mentioned first gateway can be understood as that the speed-limiting gateway cluster usually includes multiple gateways. For the convenience of distinguishing management, a different number is set for each gateway; the number of the above-mentioned target service can be understood In order to differentiate and manage different target services, different numbers are set for different target services; the above-mentioned target service’s quota bandwidth at the first gateway can be understood as the bandwidth purchased by the tenant for the target service is hashed to the speed limit For multiple gateways in the gateway cluster, the bandwidth allocated at the first gateway is the quota bandwidth of the target service at the first gateway; the real-time bandwidth of the target service at the first gateway can be understood as the target service at the first gateway. A bandwidth corresponding to the actual traffic in the gateway.

步骤S204，基于上述流量告警获取上述目标业务在上述限速网关集群中各个网关的实时带宽。Step S204: Obtain the real-time bandwidth of each gateway of the above-mentioned target service in the above-mentioned speed-limiting gateway cluster based on the above-mentioned traffic alarm.

当中控设备接收到上述第一网关所发送的流量告警信息后，为了实现限速网关集群中各个网关针对该目标业务的重新配额，该中控设备发送指令以获取该目标业务在限速网关集群中其他网关的实时带宽。After the central control device receives the traffic alarm information sent by the first gateway, in order to realize the re-quota of each gateway in the rate-limiting gateway cluster for the target service, the central control device sends an instruction to obtain the target service in the rate-limiting gateway cluster. Real-time bandwidth of other gateways in the

步骤S206，根据上述目标业务在上述第一网关的当前配额带宽、该目标业务在上述各个网关的实时带宽，以及预存的该目标业务的配额总带宽，更新该目标业务在上述限速网关集群中各个网关的配额带宽。Step S206: According to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at each gateway, and the pre-stored total bandwidth of the target service quota, update the target service in the rate-limiting gateway cluster Quota bandwidth of each gateway.

其中，可以通过判断第一网关中的目标业务的当前配额带宽来确定第一网关是不是冷启动。具体地，当第一网关中的目标业务的当前配额带宽大于零，则第一网关为非冷启动状态；当第一网关中的目标业务的当前配额带宽等于零，则第一网关为冷启动状态。上述判断结果通常会影响后续目标业务在各个网关的配额带宽。上述目标业务在各个网关的实时带宽可以用于计算针对目标业务的实时总带宽，同时也会影响后续目标业务在各个网关的配额带宽。Wherein, whether the first gateway is cold-started can be determined by judging the current quota bandwidth of the target service in the first gateway. Specifically, when the current quota bandwidth of the target service in the first gateway is greater than zero, the first gateway is in a non-cold start state; when the current quota bandwidth of the target service in the first gateway is equal to zero, the first gateway is in a cold start state . The above judgment result usually affects the subsequent target service quota bandwidth at each gateway. The real-time bandwidth of the aforementioned target service at each gateway can be used to calculate the total real-time bandwidth for the target service, and at the same time, it will also affect the subsequent quota bandwidth of the target service at each gateway.

上述目标业务的配额总带宽即租户为该目标业务所购买的带宽，将该目标业务的配额总带宽与实时总带宽进行比较，以判断对目标业务的实时总带宽是否超额，该判断结果也可能影响后续目标业务在各个网关的配额带宽。中控设备根据接收到的限速网关集群中各个网关的实时带宽，可以按照一定的计算规则，调整限速网关集群中各个网关的配额带宽，并反馈给各个网关，各个网关根据接收到的调整后的配额带宽对目标业务的流量进行限速。The total quota bandwidth of the target service mentioned above is the bandwidth purchased by the tenant for the target service. The total quota bandwidth of the target service is compared with the total real-time bandwidth to determine whether the total real-time bandwidth of the target service exceeds the limit. This judgment result is also possible Affect the subsequent target service quota bandwidth at each gateway. According to the received real-time bandwidth of each gateway in the speed-limiting gateway cluster, the central control device can adjust the quota bandwidth of each gateway in the speed-limiting gateway cluster according to certain calculation rules, and feed it back to each gateway, and each gateway adjusts according to the received The latter quota bandwidth limits the rate of target service traffic.

本申请实施例提供的一种网络流量的限速方法，首先接收限速网关集群中第一网关发送的流量告警，该流量告警指示预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例，然后，基于该流量告警获取该目标业务在该限速网关集群中各个网关的实时带宽；最后，根据该目标业务在该第一网关的当前配额带宽、该目标业务在各个网关的实时带宽，以及预存的该目标业务的配额总带宽，更新该目标业务在该限速网关集群中各个网关的配额带宽，以通过各个网关按照调整后的配额带宽对目标业务的流量进行限速。该方法中，限速网关集群中的任一网关的目标业务的实时带宽超出指定带宽后，及时向中控设备发送流量告警，中控设备根据各个网关对目标业务的实时带宽和该目标业务的配额总带宽，重新分配各个网关的配额带宽，以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。According to an embodiment of this application, a method for limiting network traffic is first received a traffic alarm sent by a first gateway in a rate-limiting gateway cluster. The traffic alarm indicates that the real-time bandwidth of the preset target service at the first gateway exceeds the current quota bandwidth. Then, obtain the real-time bandwidth of each gateway of the target service in the rate-limiting gateway cluster based on the traffic alarm; finally, according to the current quota bandwidth of the target service in the first gateway, and the real-time bandwidth of the target service in each gateway Bandwidth, and the pre-stored total bandwidth of the target service quota, update the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster, so as to limit the target service traffic through each gateway according to the adjusted quota bandwidth. In this method, after the real-time bandwidth of the target service of any gateway in the speed-limiting gateway cluster exceeds the specified bandwidth, it sends traffic alarms to the central control device in time, and the central control device sends traffic alarms to the central control device according to the real-time bandwidth of each gateway to the target business and the target business’s real-time bandwidth. Quota total bandwidth, redistribute the quota bandwidth of each gateway, so that the quota bandwidth of each gateway matches the real-time bandwidth of the target service at each gateway, so as to limit the traffic rate of the target service more accurately.

本申请实施例还提供另一种网络流量的限速方法，该方法在上述实施例所述方法的基础上实现；该方法重点描述基于流量告警获取目标业务在限速网关集群中各个网关的实时带宽的具体实现过程。The embodiment of the present application also provides another method for limiting the rate of network traffic, which is implemented on the basis of the method described in the above embodiment; this method focuses on the real-time acquisition of target services in the rate limiting gateway cluster based on traffic alarms. The specific implementation process of bandwidth.

为了便于理解整体限速网关集群限速逻辑，提供了如图3所示的一种限速网关集群的整体架构；该整体架构为C/S(Client/Server，客户端/服务器)模式，运行在集群中每个网关上的客户端程序(也可以称为sgwagent程序)与中控设备中运行的中控程序中的服务器程序通信，设置为接收控制面消息；该客户端程序还与部署在每台网关上的sgw数据面程序(包括图3中的监控程序、配置程序和处理程序)通信对其进行配置。图3中的中控程序(包括服务器程序和计算程序)也可以部署在限速网关集群中的某一台网关上，也可以部署独立于限速网关集群的网关以外的一台服务器上。上述部署在网关上的sgw数据面程序包含四部分(例如四种线程)，分别为：处理业务限速逻辑的处理程序(其可以采用多线程并发的形式)，周期性为处理程序更新配额的配置程序，监控所有业务实时阈值超限的监控程序以及与中控程序带外管控通信的客户端程序；其中，处理程序可以用handler表示，配置程序可以用alloctor表示，监控程序可以用monitor表示，客户端程序可以用client表示。上述中控设备中与运行的中控程序通常包含两部分，分别为与网关带外管控通信的服务器程序以及负责计算配额的计算程序，其中，服务器程序可以用server表示，计算程序可以用calculator表示。In order to facilitate the understanding of the overall speed-limiting gateway cluster speed-limiting logic, an overall structure of the speed-limiting gateway cluster as shown in Figure 3 is provided; the overall structure is C/S (Client/Server, client/server) mode, running The client program (also called sgwagent program) on each gateway in the cluster communicates with the server program in the central control program running in the central control device, and is set to receive control plane messages; the client program is also deployed in The sgw data plane program on each gateway (including the monitoring program, configuration program and processing program in Figure 3) communicates to configure it. The central control program (including server program and calculation program) in Figure 3 can also be deployed on a certain gateway in the rate-limiting gateway cluster, or deployed on a server other than the gateway of the rate-limiting gateway cluster. The above-mentioned sgw data plane program deployed on the gateway contains four parts (for example, four threads), namely: a processing program for processing business speed limit logic (which can be in the form of multi-thread concurrency), and a periodic update quota for the processing program The configuration program monitors all business real-time threshold monitoring programs that exceed the limit and the client program that communicates with the central control program out-of-band management and control; among them, the processing program can be represented by handler, the configuration program can be represented by alloctor, and the monitoring program can be represented by monitor. The client program can be represented by client. The above-mentioned central control device and the running central control program usually consist of two parts: the server program that communicates with the gateway out-of-band management and control and the calculation program responsible for calculating quotas. Among them, the server program can be represented by server, and the calculation program can be represented by calculator. .

基于上述限速网关集群，如图4所示，该网络流量的限速方法包括如下步骤：Based on the above-mentioned speed-limiting gateway cluster, as shown in Figure 4, the method for speed-limiting network traffic includes the following steps:

步骤S402，接收限速网关集群中第一网关发送的流量告警；其中，该流量告警用于指示：预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例。Step S402: Receive a traffic alarm sent by the first gateway in the rate-limiting gateway cluster; where the traffic alarm is used to indicate that the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth.

为方便描述，目标业务用字母X表示，当租户通过控制台创建一个目标业务X，并为该目标业务购买带宽总额为M bps的带宽后，该控制台对应的服务器与安装有中控程序的中控设备进行通信，将目标业务及其带宽信息发送给该中控设备并进行存储，当租户变更总带宽时，也可以通过控制台对中控设备中所存储的带宽信息进行更新，该中控设备通过所安装的中控程序与限速网关集群中的每个网关进行通信，每个网关上均设置有sgwagent程序，设置为接收控制端或中控程序发送的命令，以实现一对一配置相应的sgw网关数据面程序；为方便描述，限速网关集群中的网关总台数用N来表示，每个网关上的配额带宽可以表示为Qix，其中，i∈{1..N}，表示不同网关的编号，各个网关均按照Qix对目标业务X中弹性网络地址数据包进行限速。For the convenience of description, the target business is represented by the letter X. When a tenant creates a target business X through the console and purchases a total bandwidth of Mbps for the target business, the console corresponding to the server and the central control program installed The central control device communicates and sends the target service and its bandwidth information to the central control device and stores it. When the tenant changes the total bandwidth, the bandwidth information stored in the central control device can also be updated through the console. The control device communicates with each gateway in the speed-limiting gateway cluster through the installed central control program, and each gateway is provided with the sgwagent program, which is set to receive commands sent by the control terminal or central control program to achieve one-to-one Configure the corresponding sgw gateway data plane program; for the convenience of description, the total number of gateways in the speed-limiting gateway cluster is represented by N, and the quota bandwidth on each gateway can be represented as Qix, where i∈{1..N}, Represents the numbers of different gateways, and each gateway limits the rate of the elastic network address data packets in the target service X according to Qix.

为了防止网关出现实际带宽达到配额带宽Qix时立即丢包的状况，需要提前进行反馈处理，故需要初始化一预定比例threshold％，该预定比例可以根据经验进行设定，如设定为90％，如果目标业务在第一网关中的配额带宽大于零，则需要设定一预定比例，以确保该目标业务在第一网关的实时带宽超出当前配额带宽预定比例时，第一网关可以发出流量告警；如果目标业务在第一网关中的配额带宽等于零，则无论预定比例设定为多少，只要该目标业务在第一网关的实时带宽大于零，第一网关都会发出流量告警。In order to prevent the gateway from losing packets immediately when the actual bandwidth reaches the quota bandwidth Qix, feedback processing needs to be performed in advance, so a predetermined ratio threshold% needs to be initialized. The predetermined ratio can be set based on experience, such as 90%. If the quota bandwidth of the target service in the first gateway is greater than zero, a predetermined ratio needs to be set to ensure that when the real-time bandwidth of the target service at the first gateway exceeds the predetermined ratio of the current quota bandwidth, the first gateway can issue a traffic alarm; if The quota bandwidth of the target service in the first gateway is equal to zero, and no matter what the predetermined ratio is set to, as long as the real-time bandwidth of the target service in the first gateway is greater than zero, the first gateway will issue a traffic alarm.

在某一时刻T1，第一网关sgw(i)的monitor监控到X所对应的实时带宽Rix值超过Qix*threshold％，即生成流量告警，并通过C/S端上报至中控设备，该流量告警也可以称为report信息，包括该网关的编号i(i∈{1..N})、目标业务X、目标业务X在该网关的配额带宽以及目标业务X在该网关的实时带宽，即[i,X,Qix,Rix]，也可以用[sgw_id,eip_group_id,alloc_quota,real_bandwidth]来表示，其中，sgw_id表示网关的编号，eip_group_id表示弹性网络地址组的编号，也就是目标业务的编号，alloc_quota表示配置程序中的配额带宽，也就是目标业务在该网关的配额带宽，real_bandwidth表示目标业务在该网关的实时带宽。At a certain time T1, the monitor of the first gateway sgw(i) monitors that the real-time bandwidth Rix value corresponding to X exceeds Qix*threshold%, that is, a traffic alarm is generated and reported to the central control device through the C/S end. The alarm can also be called report information, including the gateway number i(i∈{1..N}), target service X, target service X’s quota bandwidth at the gateway, and target service X’s real-time bandwidth at the gateway, namely [i,X,Qix,Rix], can also be represented by [sgw_id,eip_group_id,alloc_quota,real_bandwidth], where sgw_id represents the number of the gateway, eip_group_id represents the number of the flexible network address group, which is the number of the target business, alloc_quota Indicates the quota bandwidth in the configuration program, that is, the quota bandwidth of the target service at the gateway, and real_bandwidth indicates the real-time bandwidth of the target service at the gateway.

步骤S404，在收到上述流量告警后，从该流量告警中提取上述目标业务的编号。Step S404, after receiving the above-mentioned traffic alarm, extract the number of the above-mentioned target service from the traffic alarm.

由于上述流量告警中已包含目标业务的编号，中控设备通过中控程序可以从接收到的上述流量告警中提取目标业务的编号X。Since the above-mentioned traffic alarm already contains the number of the target service, the central control device can extract the number X of the target service from the received above-mentioned traffic alarm through the central control program.

步骤S406，基于上述目标业务的编号向限速网关集群中，除第一网关以外的网关发送对该目标业务的实时带宽的请求信息。In step S406, based on the serial number of the target service, the request information for the real-time bandwidth of the target service is sent to gateways other than the first gateway in the rate-limiting gateway cluster.

中控设备接收到上述流量告警后，通过中控程序向限速网关集群中除第一网关之外的其他网关sgw(j)(j∈N&j≠i)发送对目标业务的编号对应的目标业务的实时带宽的请求信息，该请求信息也可以称为request信息，信息包括目标业务标识X(X表示上述目标业务的编号)，以收集目标业务X的实时带宽。After receiving the above traffic alarm, the central control device sends the target service corresponding to the number of the target service to other gateways sgw(j) (j∈N&j≠i) in the speed-limiting gateway cluster except the first gateway through the central control program The request information of the real-time bandwidth, which may also be called request information, includes the target service identifier X (X represents the number of the aforementioned target service) to collect the real-time bandwidth of the target service X.

步骤S408，接收除第一网关以外的网关返回的对该目标业务的实时带宽。Step S408: Receive real-time bandwidth for the target service returned by gateways other than the first gateway.

除第一网关之外的其他各个网关在接收到上述请求信息后，由网关中的监控程序读出X的实时带宽Rx，通过网关中的客户端程序与中控设备中的服务器程序之间的通信，将封装应答信息(reply信息)发回至中控设备，该信息包括X的实时带宽Rx。After each gateway except the first gateway receives the above request information, the monitoring program in the gateway reads the real-time bandwidth Rx of X, and through the communication between the client program in the gateway and the server program in the central control device Communication, the package response information (reply information) is sent back to the central control device, and the information includes X's real-time bandwidth Rx.

步骤S410，根据上述目标业务在上述第一网关的当前配额带宽、该目标业务在各个网关的实时带宽，以及预存的该目标业务的配额总带宽，更新该目标业务在上述限速网关集群中各个网关的配额带宽。Step S410: According to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at each gateway, and the pre-stored total bandwidth of the target service quota, update the target service in each of the above-mentioned rate-limiting gateway clusters. The quota bandwidth of the gateway.

本申请实施例提供的另一种网络流量的限速方法，详细描述了基于流量告警获取目标业务在限速网关集群中各个网关的实时带宽的过程，包括从第一网关发送的流量告警中提取目标业务的编号；基于该编号向限速网关集群中，除第一网关以外的网关发送对目标业务的实时带宽的请求信息；接收除第一网关以外的网关返回的对目标业务的实时带宽，最后根据该目标业务在该第一网关的当前配额带宽、该目标业务在各个网关的实时带宽，以及预存的该目标业务的配额总带宽，更新该目标业务在限速网关集群中各个网关的配额带宽，以通过各个网关按照调整后的配额带宽对目标业务的流量进行限速。该方法中，限速网关集群中的任一网关的目标业务的实时带宽超出指定带宽后，及时向中控设备发送流量告警，中控设备根据各个网关对目标业务的实时带宽和该目标业务的配额总带宽，重新分配各个网关的配额带宽，以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。Another method for limiting the rate of network traffic provided by the embodiment of the present application describes in detail the process of obtaining the real-time bandwidth of each gateway of the target service in the rate limiting gateway cluster based on the traffic alarm, including extracting from the traffic alarm sent by the first gateway The number of the target service; based on the number, send request information for the real-time bandwidth of the target service to gateways other than the first gateway in the rate-limiting gateway cluster; receive the real-time bandwidth of the target service returned by the gateways other than the first gateway, Finally, according to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at each gateway, and the pre-stored total bandwidth of the target service quota, update the quota of the target service at each gateway in the rate-limiting gateway cluster Bandwidth, to limit the target service traffic through each gateway according to the adjusted quota bandwidth. In this method, after the real-time bandwidth of the target service of any gateway in the speed-limiting gateway cluster exceeds the specified bandwidth, it sends traffic alarms to the central control device in time, and the central control device sends traffic alarms to the central control device according to the real-time bandwidth of each gateway to the target business and the target business’s real-time bandwidth. Quota total bandwidth, redistribute the quota bandwidth of each gateway, so that the quota bandwidth of each gateway matches the real-time bandwidth of the target service at each gateway, so as to limit the traffic rate of the target service more accurately.

本申请实施例还提供另一种网络流量的限速方法，该方法在上述实施例所述方法的基础上实现；该方法重点描述根据目标业务在第一网关的当前配额带宽、目标业务在各个网关的实时带宽，以及预存的目标业务的配额总带宽，更新目标业务在限速网关集群中各个网关的配额带宽的具体实现过程，如图5所示，该方法包括如下步骤：The embodiment of the present application also provides another method for limiting the rate of network traffic, which is implemented on the basis of the method described in the above embodiment; the method focuses on describing the current quota bandwidth of the target service at the first gateway, and the target service at each The real-time bandwidth of the gateway, as well as the total bandwidth of the pre-stored target service quota, and the specific implementation process of updating the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster, as shown in Figure 5, the method includes the following steps:

步骤S502，接收限速网关集群中第一网关发送的流量告警；其中，该流量告警用于指示：预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例。Step S502: Receive a traffic alarm sent by the first gateway in the rate-limiting gateway cluster; where the traffic alarm is used to indicate that the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth.

步骤S504，基于上述流量告警获取上述目标业务在上述限速网关集群中各个网关的配额带宽。Step S504: Obtain the quota bandwidth of each gateway of the above-mentioned target service in the above-mentioned rate-limiting gateway cluster based on the above-mentioned traffic alarm.

参考上述实施例，上述流量告警中可以包括目标业务在上述限速网关集群中各个网关的配额带宽，S504中可以从上述流量告警中获取上述目标业务在上述限速网关集群中各个网关的配额带宽。With reference to the above-mentioned embodiment, the above-mentioned traffic alarm may include the quota bandwidth of each gateway of the target service in the above-mentioned speed-limiting gateway cluster. In S504, the quota bandwidth of each gateway of the above-mentioned target service in the above-mentioned speed-limiting gateway cluster can be obtained from the above-mentioned traffic alarm. .

当中控设备接收到上述第一网关所发送的流量告警信息后，为了实现限速网关集群中各个网关针对该目标业务的重新配额，该中控设备发送指令以获取该目标业务在限速网关集群中其他网关的配额带宽。After the central control device receives the traffic alarm information sent by the first gateway, in order to realize the re-quota of each gateway in the rate-limiting gateway cluster for the target service, the central control device sends an instruction to obtain the target service in the rate-limiting gateway cluster. The bandwidth of other gateways in the quota.

步骤S506，基于上述流量告警获取上述目标业务在上述限速网关集群中各个网关的实时带宽。Step S506: Acquire the real-time bandwidth of each gateway of the above-mentioned target service in the above-mentioned speed-limiting gateway cluster based on the above-mentioned traffic alarm.

参考上述实施例，上述流量告警中可以包括上述目标业务的编号，中控设备通过中控程序可以从接收到的上述流量告警中提取目标业务的编号X。中控设备通过中控程序向限速网关集群中除第一网关之外的其他网关发送对目标业务的编号对应的目标业务的实时带宽的请求信息。With reference to the foregoing embodiment, the foregoing traffic alarm may include the serial number of the foregoing target service, and the central control device may extract the serial number X of the target service from the received foregoing traffic alert through the central control program. The central control device sends the request information for the real-time bandwidth of the target service corresponding to the number of the target service to other gateways in the rate-limiting gateway cluster except the first gateway through the central control program.

除第一网关之外的其他各个网关在接收到上述请求信息后，由网关中的监控程序读出X的实时带宽Rx，通过网关中的客户端程序与中控设备中的服务器程序之间的通信，将封装应答信息(reply信息)发回至中控设备，该信息包括X的实时带宽Rx。这样，中控设备便获取到了上述限速网关集群中各个网关的实时带宽。After each gateway except the first gateway receives the above request information, the monitoring program in the gateway reads the real-time bandwidth Rx of X, and through the communication between the client program in the gateway and the server program in the central control device Communication, the package response information (reply information) is sent back to the central control device, and the information includes X's real-time bandwidth Rx. In this way, the central control device obtains the real-time bandwidth of each gateway in the above-mentioned speed-limiting gateway cluster.

步骤S508，从第一网关发送的流量告警中提取上述目标业务在该第一网关的配额带宽。Step S508: Extract the quota bandwidth of the target service at the first gateway from the traffic alarm sent by the first gateway.

由于上述流量告警中已包含目标业务在第一网关的配额带宽，中控设备通过中控程序可以从接收到的上述流量告警中提取目标业务X在第一网关sgw(i)的配额带宽Qix。Since the traffic alarm already includes the quota bandwidth of the target service at the first gateway, the central control device can extract the quota bandwidth Qix of the target service X at the first gateway sgw(i) from the received traffic alarm through the central control program.

步骤S510，判断提取出的配额带宽是否大于零；进而根据配额带宽的判断结果、目标业务在各个网关的实时带宽、以及目标业务的配额总带宽，调整各个网关对目标业务的配额带宽；如果提取出的配额带宽大于零，执行步骤S512；如果提取出的第一网关对目标业务的配额带宽等于零，执行步骤S524。Step S510: Determine whether the extracted quota bandwidth is greater than zero; then adjust the quota bandwidth of each gateway for the target service according to the result of the quota bandwidth judgment, the real-time bandwidth of the target service at each gateway, and the total quota bandwidth of the target service; If the extracted quota bandwidth is greater than zero, step S512 is executed; if the extracted quota bandwidth of the first gateway for the target service is equal to zero, step S524 is executed.

如果提取出的目标业务X在第一网关的配额带宽Qix等于零，表示该第一网关处于冷启动状态，该冷启动状态是指目标业务X在第一网关的当前配额带宽为零，对于“突发”到来的流量，相关方法中，即使目标业务X在集群中的实时带宽小于配额总带宽，该网关也将采取全部丢弃的策略，因而会造成租户业务数据的丢失。为了避免冷启动时租户业务数据丢失的问题，本实施例中当有目标任务X的业务流量到来时，立即向中控设备发送流量告警，并同时不采取丢包策略。If the extracted quota bandwidth Qix of the target service X at the first gateway is equal to zero, it means that the first gateway is in a cold start state. The cold start state means that the current quota bandwidth of the target service X at the first gateway is zero. In the related method, even if the real-time bandwidth of the target service X in the cluster is less than the total bandwidth of the quota, the gateway will adopt a strategy of discarding all incoming traffic, which will cause the loss of tenant business data. In order to avoid the problem of tenant business data loss during cold start, in this embodiment, when the business traffic of the target task X arrives, a traffic alarm is sent to the central control device immediately, and the packet loss strategy is not adopted at the same time.

步骤S512，计算上述目标业务在各个网关的配额带宽的总和，得到限速网关集群对目标业务的配额总带宽。Step S512: Calculate the sum of the quota bandwidth of the target service in each gateway to obtain the total bandwidth of the quota of the target service by the rate-limiting gateway cluster.

除第一网关之外的其他各个网关在接收到中控设备所发出的请求信息后，由各网关中的监控程序读出目标业务X的配额带宽Qxi，通过网关中的客户端程序与中控设备中的服务器程序之间的通信，将封装应答信息(reply信息)发回至中控设备，该信息包括目标业务X的配额带宽Qxi。中控设备可以从应答信息中提取各个网关中对目标业务的配额带宽Qxi。然后，再计算目标业务X在各个网关的配额带宽的总和，得到限速网关集群对目标业务X的配额总带宽，在实际实现时，可以用ΣQxi来表示，其中，i∈{1..N}。After each gateway except the first gateway receives the request information sent by the central control device, the monitoring program in each gateway reads the quota bandwidth Qxi of the target service X, and the client program in the gateway communicates with the central control device. In the communication between the server programs in the device, the package response information (reply information) is sent back to the central control device, and the information includes the quota bandwidth Qxi of the target service X. The central control device can extract the quota bandwidth Qxi of each gateway for the target service from the response information. Then, calculate the sum of the quota bandwidth of the target service X at each gateway to obtain the total quota bandwidth of the rate-limiting gateway cluster for the target service X. In actual implementation, it can be expressed by ΣQxi, where i∈{1..N }.

步骤S514，判断计算得到的配额总带宽是否大于预先存储在中控设备中的目标业务的配额总带宽；进而根据配额总带宽的判断结果，调整目标业务在限速网关集群中各个网关的的配额带宽；如果计算得到的配额总带宽等于或小于存储的配额总带宽，执行步骤S516；如果计算得到的配额总带宽大于存储的配额总带宽，执行步骤S520。Step S514: Determine whether the calculated total quota bandwidth is greater than the total quota bandwidth of the target service pre-stored in the central control device; and then adjust the quota of the target service in each gateway in the rate-limiting gateway cluster according to the judgment result of the total quota bandwidth Bandwidth; if the calculated total quota bandwidth is equal to or less than the stored quota total bandwidth, step S516 is executed; if the calculated total quota bandwidth is greater than the stored quota total bandwidth, step S520 is executed.

预先存储在中控设备中的目标业务的配额总带宽即为租户为目标业务X所购买的带宽总额M bps，为方便描述，可以用Mx来表示，将上述步骤中所计算的ΣQxi与Mx进行比较，如果ΣQxi等于Mx，说明在上一轮接收到流量告警后的配额调整过程是按照Mx来调整并限速的；如果ΣQxi小于Mx，说明在上一轮接收到流量告警后的配额调整过程减少了配额总带宽，因此，此轮调整需要按照正常的Mx进行分配；如果ΣQxi大于Mx，说明在上一轮接收到流量告警后的配额调整过程透支过配额带宽，此轮调整需要减少配额总带宽作为补偿。The total bandwidth of the target business quota pre-stored in the central control device is the total bandwidth Mbps purchased by the tenant for the target business X. For the convenience of description, it can be expressed by Mx, and the ΣQxi calculated in the above step is calculated as Mx. In comparison, if ΣQxi is equal to Mx, it means that the quota adjustment process after receiving the traffic alarm in the last round is adjusted and the rate is limited according to Mx; if ΣQxi is less than Mx, it means the quota adjustment process after receiving the traffic alarm in the previous round The total bandwidth of the quota is reduced. Therefore, this round of adjustment needs to be allocated according to the normal Mx; if ΣQxi is greater than Mx, it means that the quota adjustment process after the previous round of traffic alarms has overdrawn the quota bandwidth. This round of adjustment needs to reduce the total quota Bandwidth is used as compensation.

需要说明的是，上一轮接收到流量告警后，如果计算得到的实时带宽不超出配额总带宽，则上一轮的配额调整过程是按照Mx来进行限速；如果判断第一网关为非冷启动状态，且实时带宽超出配额总带宽，则上一轮的配额调整过程会减少配额总带宽；如果判断第一网关为冷启动状态，且实时带宽超出配额总带宽，则上一轮的配额调整过程会透支配额带宽。It should be noted that after receiving the traffic alarm in the last round, if the calculated real-time bandwidth does not exceed the total bandwidth of the quota, the quota adjustment process in the previous round is to limit the rate according to Mx; if the first gateway is judged to be non-cold Started state, and the real-time bandwidth exceeds the total quota bandwidth, the last round of quota adjustment process will reduce the total quota bandwidth; if it is judged that the first gateway is in the cold start state, and the real-time bandwidth exceeds the total quota bandwidth, the last round of quota adjustment The quota bandwidth will be overdrawn during the process.

步骤S516，计算上述目标业务在各个网关的实时带宽的总和，得到该目标业务在限速网关集群的实时总带宽。Step S516: Calculate the sum of the real-time bandwidth of the aforementioned target service at each gateway, and obtain the real-time total bandwidth of the target service at the rate-limiting gateway cluster.

计算各个网关对目标业务的实时带宽的总和，得到限速网关集群对目标业务X的实时总带宽，在实际实现时，该实时总带宽可以用Tx来表示，则Tx＝ΣRix,i∈{1..N}，其中Rix为限速网关集群中编号为i的网关对目标业务的实时带宽。Calculate the sum of the real-time bandwidth of each gateway to the target service to obtain the real-time total bandwidth of the rate-limiting gateway cluster to the target service X. In actual implementation, the real-time total bandwidth can be expressed by Tx, then Tx=ΣRix,i∈{1 ..N}, where Rix is the real-time bandwidth of the gateway numbered i in the rate-limiting gateway cluster to the target service.

步骤S518，针对限速网关集群中的每个网关，将上述目标业务在当前网关的配额带宽调整为：该目标业务在该当前网关的实时带宽与该目标业务的实时总带宽的比值，乘以存储的配额总带宽。执行步骤S530。Step S518: For each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service at the current gateway to: the ratio of the real-time bandwidth of the target service at the current gateway to the total real-time bandwidth of the target service, multiplied by The total bandwidth of the storage quota. Step S530 is executed.

中控设备接收到所有网关的应答信息后，由中控程序中的计算程序重新计算限速网关集群配额，通过中控设备中的服务器程序与网关中的客户端程序之间的通信，将封装响应信息(response信息)，即每个网关的对应计算结果逐个发回至各个网关，信息包括网关的编号i(i∈{1..N})、目标业务X、该网关对目标业务X的重新计算后的配额带宽，即[i,X,Qix(new)]。After the central control device receives the response information of all the gateways, the calculation program in the central control program recalculates the rate-limiting gateway cluster quota, and the communication between the server program in the central control device and the client program in the gateway will encapsulate Response information (response information), that is, the corresponding calculation results of each gateway are sent back to each gateway one by one. The information includes the gateway number i (i∈{1..N}), the target service X, and the gateway's response to the target service X The recalculated quota bandwidth, namely [i,X,Qix(new)].

具体调整方式如下：针对限速网关集群中的每个网关，目标业务X在当前网关中的配额带宽调整为Qix(new)＝Mx*(Rix/Tx),i∈{1..N}，其中，Qix(new)表示编号为i的网关的新带宽配额，Rix为目标业务X在限速网关集群中编号为i的网关中的实时带宽，Tx为目标业务的实时总带宽。Mx为目标业务的配额总带宽。The specific adjustment method is as follows: For each gateway in the rate-limiting gateway cluster, the quota bandwidth of the target service X in the current gateway is adjusted to Qix(new)=Mx*(Rix/Tx), i∈{1..N}, Among them, Qix (new) represents the new bandwidth quota of the gateway numbered i, Rix is the real-time bandwidth of the target service X in the gateway numbered i in the rate-limiting gateway cluster, and Tx is the real-time total bandwidth of the target service. Mx is the quota total bandwidth of the target service.

上述公式Qix(new)＝Mx*(Rix/Tx)也可以理解为，每个网关的配额带宽是按实时带宽占比而分配的。例如：针对目标业务X，存储在中控设备中的配额总带宽为Mx＝300Mbps，限速网关集群中包括三台网关，编号分别为1、2、3，三台网关的配额带宽均为100Mbps，threshold％均设为90％，在某一时刻T，编号为1的网关的对目标业务的实时带宽为R1x＝100Mbps，超过了该网关对目标业务的指定带宽，即100*90％＝90Mbps，此时生成流量告警，编号为2和3的网关对目标业务的实时带宽均为R2x＝R3x＝50Mbps，则实时总带宽为Tx＝100+50+50＝200Mbps，该实时总带宽小于Mx，此轮调整需要按照正常的Mx进行分配，按照上述计算方式，经中控程序重新计算后，将编号为1的网关对目标业务X的配额带宽调整为Q1x(new)＝300*(100/200)＝150Mbps；将编号为2和3的网关对目标业务X的配额带宽均调整为Q2x(new)＝Q3x(new)＝300*(50/200)＝75Mbps，调整后的配额总带宽＝150+75+75＝300Mbps，与Mx相同。The above formula Qix(new)=Mx*(Rix/Tx) can also be understood as the quota bandwidth of each gateway is allocated according to the real-time bandwidth ratio. For example: for target service X, the total bandwidth of the quota stored in the central control device is Mx=300Mbps, and the speed-limiting gateway cluster includes three gateways, numbered 1, 2, and 3 respectively, and the quota bandwidth of the three gateways is 100Mbps. , The threshold% is set to 90%. At a certain time T, the real-time bandwidth of the gateway numbered 1 for the target service is R1x=100Mbps, which exceeds the specified bandwidth of the gateway for the target service, that is, 100*90%=90Mbps , The traffic alarm is generated at this time, the real-time bandwidth of the gateways numbered 2 and 3 for the target service are both R2x=R3x=50Mbps, then the total real-time bandwidth is Tx=100+50+50=200Mbps, the total real-time bandwidth is less than Mx, This round of adjustment needs to be allocated according to the normal Mx. According to the above calculation method, after the central control program recalculates, adjust the quota bandwidth of the gateway number 1 to the target service X to Q1x(new)=300*(100/200 )=150Mbps; adjust the quota bandwidth of the gateways numbered 2 and 3 to the target service X to Q2x(new)=Q3x(new)=300*(50/200)=75Mbps, the adjusted total bandwidth of the quota=150 +75+75=300Mbps, which is the same as Mx.

各个网关在收到响应消息后，由各个网关中的配置程序更新至相应网关中的各个处理程序。此后一段时间内，若X的Rix未到达阈值Qix(new)*threshold％，则由配置程序周期性按Qix(new)进行配额限速。After each gateway receives the response message, the configuration program in each gateway is updated to each processing program in the corresponding gateway. After a period of time, if the Rix of X does not reach the threshold Qix(new)*threshold%, the configuration program will periodically limit the quota rate according to Qix(new).

上述步骤S516和S518说明的是，当上述计算得到的配额总带宽等于或小于存储的配额总带宽时，配额带宽的调整方式；下述继续说明当计算得到的配额总带宽大于预先存储在中控设备中的目标业务的配额总带宽时，配额带宽的调整方式。The above steps S516 and S518 illustrate the method of adjusting the quota bandwidth when the calculated total quota bandwidth is equal to or less than the total bandwidth of the stored quota; the following continues to describe when the calculated total bandwidth of the quota is greater than the pre-stored in the central control The adjustment method of the quota bandwidth when the total bandwidth of the target service quota in the device is used.

步骤S520，计算上述目标业务在各个网关的实时带宽的总和，得到该目标业务在限速网关集群的实时总带宽。Step S520: Calculate the sum of the real-time bandwidth of the above-mentioned target service at each gateway, and obtain the real-time total bandwidth of the target service at the rate-limiting gateway cluster.

计算目标业务在各个网关的实时带宽的总和，得到限速网关集群对目标业务X的实时总带宽，该实时总带宽可以用Tx来表示，则Tx＝ΣRix,i∈{1..N}，其中Rix为限速网关集群中编号为i的网关对目标业务的实时带宽。Calculate the sum of the real-time bandwidth of the target service at each gateway to obtain the real-time total bandwidth of the rate-limiting gateway cluster to the target service X. The total real-time bandwidth can be expressed by Tx, then Tx=ΣRix,i∈{1..N}, Among them, Rix is the real-time bandwidth of the gateway numbered i in the rate-limiting gateway cluster to the target service.

步骤S522，针对限速网关集群中的每个网关，将上述目标业务在当前网关的配额带宽调整为：存储的配额总带宽的二倍与该目标业务的实时总带宽的差值，乘以，该目标业务在当前网关的实时带宽与该目标业务的实时总带宽的比值。执行步骤S530。Step S522: For each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service at the current gateway to: the difference between twice the stored quota total bandwidth and the real-time total bandwidth of the target service, multiplied by, The ratio of the real-time bandwidth of the target service at the current gateway to the total real-time bandwidth of the target service. Step S530 is executed.

针对限速网关集群中的每台网关，将目标业务X在当前网关中的配额带宽调整为：Qix(new)＝(2Mx-Tx)*(Rix/Tx)，其中，Qix(new)表示编号为i的网关的新带宽配额；Rix为目标业务在限速网关集群中编号为i的网关中的实时带宽，Tx为目标业务的实时总带宽。Mx为目标业务的配额总带宽。For each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service X in the current gateway to: Qix(new)=(2Mx-Tx)*(Rix/Tx), where Qix(new) represents the number Is the new bandwidth quota of the gateway of i; Rix is the real-time bandwidth of the target service in the gateway numbered i in the rate-limiting gateway cluster, and Tx is the real-time total bandwidth of the target service. Mx is the quota total bandwidth of the target service.

按照上述公式计算的各个网关的新配额加和后所得到的总带宽会少于Mx，所减少的额数与上一周期中超额的额数相同，相当于用该周期的带宽额数补偿了上一周期所超的带宽额数。The total bandwidth obtained by adding up the new quotas of each gateway calculated according to the above formula will be less than Mx. The reduced amount is the same as the excess amount in the previous period, which is equivalent to using the bandwidth amount of the period to compensate The amount of bandwidth exceeded in the previous period.

作为示例，针对目标业务X，存储在中控设备中的配额总带宽为Mx＝300Mbps，限速网关集群中包括三台网关，编号分别为1、2、3，三台网关的配额带宽分别为0Mbps、150Mbps和150Mbps，threshold％均设为90％，在T时刻，三台网关的实时带宽分别为50Mbps、130Mbps和130Mbps，此时，编号为1的网关对目标业务的实时带宽超过了该网关对目标业务的指定带宽，即0Mbps，此时生成流量告警，在T时刻的实时总带宽为Tx＝50+130+130＝310Mbps，该实时总带宽大于Mx，所超额度为10Mbps，此轮调整需要减少配额总带宽作为补偿，按照上述计算方式，经中控程序重新计算后，将编号为1的网关对目标业务X的配额带宽调整为Q1x(new)＝(2*300-310)*(50/310)＝46.77Mbps；将编号为2和3的网关对目标业务X的配额带宽均调整为Q2x(new)＝Q3x(new)＝(2*300-310)*(130/310)＝121.61Mbps；调整后的配额总带宽＝289.99Mbps≈290Mbps，少于Mx，所减少的额数为10Mbps，与上一周期中超额的额数相同，即用该周期的带宽额数补偿了上一周期所超的带宽额数。As an example, for the target service X, the total bandwidth of the quota stored in the central control device is Mx=300Mbps, and the speed-limiting gateway cluster includes three gateways, numbered 1, 2, 3, and the quota bandwidths of the three gateways are respectively 0Mbps, 150Mbps and 150Mbps, the threshold% are all set to 90%. At time T, the real-time bandwidth of the three gateways are 50Mbps, 130Mbps and 130Mbps respectively. At this time, the real-time bandwidth of the gateway numbered 1 for the target service exceeds the gateway. For the designated bandwidth of the target service, that is, 0Mbps, a traffic alarm is generated at this time. The total real-time bandwidth at time T is Tx=50+130+130=310Mbps, the total real-time bandwidth is greater than Mx, and the excess is 10Mbps. This round of adjustment It is necessary to reduce the total bandwidth of the quota as compensation. According to the above calculation method, after the central control program recalculates, adjust the quota bandwidth of the gateway number 1 to the target service X to Q1x(new)=(2*300-310)*( 50/310)=46.77Mbps; adjust the quota bandwidth of the gateways numbered 2 and 3 to target service X to Q2x(new)=Q3x(new)=(2*300-310)*(130/310)= 121.61Mbps; the adjusted total bandwidth of the quota = 289.99Mbps≈290Mbps, which is less than Mx, and the reduced amount is 10Mbps, which is the same as the excess amount in the previous cycle, that is, the bandwidth amount of this cycle is used to compensate the previous The amount of bandwidth exceeded by the period.

上述步骤S512至步骤S522说明的是，当从第一网关发送的流量告警中提取出的第一网关对目标业务配额带宽大于零时，配额带宽的调整方式；下述继续说明当从第一网关发送的流量告警中提取出的目标业务在第一网关的配额带宽等于零时，配额带宽的调整方式。The above steps S512 to S522 illustrate that when the quota bandwidth of the target service for the first gateway extracted from the traffic alarm sent by the first gateway is greater than zero, the quota bandwidth adjustment method; The adjustment method of the quota bandwidth of the target service extracted from the sent traffic alarm when the quota bandwidth of the first gateway is equal to zero.

步骤S524，计算上述目标业务在各个网关的实时带宽的总和，得到限速网关集群对目标业务的实时总带宽。Step S524: Calculate the sum of the real-time bandwidth of the above-mentioned target service at each gateway, and obtain the real-time total bandwidth of the speed-limiting gateway cluster for the target service.

计算目标业务在各个网关的的实时带宽的总和，得到限速网关集群对目标业务X的实时总带宽，该实时总带宽可以用Tx来表示，则Tx＝ΣRix,i∈{1..N}，其中Rix为目标业务在限速网关集群中编号为i的网关的实时带宽。Calculate the sum of the real-time bandwidth of the target service at each gateway to obtain the real-time total bandwidth of the rate-limiting gateway cluster to the target service X. The total real-time bandwidth can be expressed by Tx, then Tx=ΣRix,i∈{1..N} , Where Rix is the real-time bandwidth of the gateway numbered i in the rate-limiting gateway cluster for the target service.

步骤S526，判断实时总带宽是否大于预先存储在中控设备中的目标业务的配额总带宽；如果大于，执行步骤S528；如果不大于，执行步骤S516。Step S526: It is judged whether the total real-time bandwidth is greater than the total quota bandwidth of the target service pre-stored in the central control device; if it is greater, step S528 is executed; if it is not greater, step S516 is executed.

步骤S528，针对限速网关集群中的每个网关，将上述目标业务在当前网关的配额带宽调整为：目标业务在当前网关的实时带宽。In step S528, for each gateway in the rate-limiting gateway cluster, the quota bandwidth of the target service at the current gateway is adjusted to: the real-time bandwidth of the target service at the current gateway.

当Tx＞Mx时，则按照各个网关的实时带宽调整各个网关的配额带宽，在本流量告警对应的调整周期内，各个网关的配额总带宽是超额的；但是，能保证租户的突发流量能够顺利通过。When Tx>Mx, adjust the quota bandwidth of each gateway according to the real-time bandwidth of each gateway. During the adjustment period corresponding to this traffic alarm, the total quota bandwidth of each gateway is excessive; however, it can ensure that the tenant's burst traffic can be successfully passed.

但是，在下一流量告警对应的调整周期内，比较Tx和Mx时，就会出现各个网关的配额总带宽超额的情况，此时会按照步骤S522中的公式调整网关的配额带宽，即减少配额总带宽，以对上一周期超额的带宽进行补偿，通过该透支方法，保证对于目标业务X的系统实时总带宽总是保持在Mx；对于配额0的冷启动处理采取透支下一时期配额方式，保证限速带宽在总体时间分布上保持为Mx。考虑到整体正向反馈过程较快完成(例如可以在秒内完成)，瞬时冷处理超额概率极低、影响很小。However, in the adjustment period corresponding to the next traffic alarm, when comparing Tx and Mx, the total quota bandwidth of each gateway will exceed the quota. At this time, the quota bandwidth of the gateway will be adjusted according to the formula in step S522, that is, the total quota bandwidth will be reduced. Bandwidth is used to compensate for the excess bandwidth in the previous period. Through this overdraft method, the real-time total bandwidth of the system for the target business X is always maintained at Mx; the cold start processing of quota 0 adopts the method of overdrafting the quota for the next period to ensure The rate-limiting bandwidth remains Mx in the overall time distribution. Considering that the overall positive feedback process is completed quickly (for example, it can be completed within a second), the instantaneous cold processing excess probability is extremely low and the impact is small.

步骤S530，通过各个网关按照调整后的配额带宽对目标业务的流量进行限速。In step S530, the rate of the target service traffic is limited by each gateway according to the adjusted quota bandwidth.

下面对采用上述网络流量的限速方法时的响应时间进行说明，如图6所示的第一网关、中控设备和其他网关的交互示意图；该交互过程包括如下步骤1-4：The following describes the response time when the above-mentioned network traffic rate limiting method is adopted, as shown in Figure 6 for the interaction diagram of the first gateway, the central control device and other gateways; the interaction process includes the following steps 1-4:

步骤1：某一时刻T1，在限速网关集群中，当目标业务在第一网关中的的实时带宽超出指定带宽时，第一网关向中控设备发送流量告警(也可以称为report信息)；Step 1: At a certain time T1, in the rate-limiting gateway cluster, when the real-time bandwidth of the target service in the first gateway exceeds the specified bandwidth, the first gateway sends a traffic alarm (also called report information) to the central control device ；

步骤2：中控设备接收到上述流量告警后，通过中控程序向限速网关集群中除第一网关之外的其他网关发送对目标业务X的实时带宽和配额带宽的请求信息(也可以称为request信息)。Step 2: After receiving the above traffic alarm, the central control device sends request information for the real-time bandwidth and quota bandwidth of the target service X to other gateways in the rate-limiting gateway cluster except the first gateway through the central control program. For request information).

步骤3：其他网关在接收到中控设备所发出的请求信息后，由各网关中的监控程序读出X的配额带宽Qx，通过网关中的客户端程序与中控设备中的服务器程序之间的通信，将封装应答信息(也可以称为reply信息)发回至中控设备。Step 3: After other gateways receive the request information sent by the central control device, the monitoring program in each gateway reads the quota bandwidth Qx of X, and passes between the client program in the gateway and the server program in the central control device In the communication, the package response message (also called reply message) is sent back to the central control device.

步骤4：中控设备接收到所有网关的应答信息后，由中控程序中的计算程序重新计算限速网关集群配额，通过中控设备中的服务器程序与网关中的客户端程序之间的通信，将封装响应信息(也可以称为response信息)，即每个网关的对应计算结果逐个发回至各个网关。Step 4: After the central control device receives the response information of all the gateways, the calculation program in the central control program recalculates the rate-limiting gateway cluster quota, through the communication between the server program in the central control device and the client program in the gateway , The encapsulated response information (also called response information), that is, the corresponding calculation result of each gateway is sent back to each gateway one by one.

其中，图6中所标注的各个步骤的时延和即为单次正向反馈响应时延。其中计算时延、更新时延均为若干步计算机指令，其时延可忽略不计；处理时延1、处理时延2中，均包含远程通信时延。图7所示为限速网关集群中的流量示意图；其中，限速网关集群中的各个网关与上联交换机和下联交换机之间通过的是租户的业务流量；网关与管理交换机及中控设备之间通过带外管理网口进行通信，该带外管理网口通信方式采用与业务数据信息不同的物理通道传送管理控制信息，两者相互独立，互不影响，因而网关与中控设备之间的通信时延亦可忽略不计。Among them, the sum of the time delays of each step marked in FIG. 6 is the single positive feedback response time delay. Among them, calculation delay and update delay are several steps of computer instructions, and the delay can be ignored; processing delay 1 and processing delay 2 all include remote communication delay. Figure 7 shows a schematic diagram of the traffic in the rate-limiting gateway cluster; among them, the business traffic of the tenant passes between each gateway in the rate-limiting gateway cluster and the uplink switch and the downlink switch; the gateway, the management switch and the central control equipment The communication is carried out through the out-of-band management network port. The communication method of the out-of-band management network port uses a physical channel different from the business data information to transmit management control information. The two are independent of each other and do not affect each other. Therefore, the communication between the gateway and the central control device The communication delay can also be ignored.

对比而言，下面给出相关技术中的网络流量的限速方法，为应对冷启动，在中控设备周期性配额分配过程中，保证每个网关配额最低为M*(1/N)。以集群含有5台网关为例，若某时刻Ri为[M,0,0,0,0]，则分配结果为[M,M/5,M/5,M/5,M/5]，总带宽达到M*(9/5)，超配至180％。意味着在其下一个周期内将以180％配额进行限速，直接造成不良后果。随着出网带宽加大，限速网关集群会横向扩容，增加服务器数量；同时，随着租户增多、带宽组配置增多，集群的整体配置量也将增大。原本中控设备周期性刷新配额方法，会面临着单次处理时延增大，每次拉取全量配置时延增大、管控流量所占用的带外资源增大。这种集群限速方式，在面向未来的扩展中不具有适用性。In contrast, the following provides a method for limiting network traffic in related technologies. In order to cope with a cold start, during the periodical quota allocation process of the central control device, the minimum quota for each gateway is guaranteed to be M*(1/N). Taking the cluster containing 5 gateways as an example, if Ri is [M,0,0,0,0] at a certain moment, the allocation result is [M,M/5,M/5,M/5,M/5], The total bandwidth reaches M*(9/5), which is over-provisioned to 180%. This means that in its next cycle, the rate will be limited by 180% of the quota, which will directly cause adverse consequences. As the network bandwidth increases, the speed-limiting gateway cluster will expand horizontally and increase the number of servers; at the same time, as the number of tenants and bandwidth group configurations increase, the overall configuration of the cluster will also increase. The original method of periodically refreshing quotas for central control equipment will face an increase in single processing delay, each time the full configuration is pulled, the delay will increase, and the out-of-band resources occupied by the control traffic will increase. This cluster speed limiting method is not applicable in future-oriented expansion.

而上述实施例中的方法，根据不同的条件，提出了三种不同的调整方式：在非冷启动的情况下，如果实时带宽超出配额总带宽，则此周期将减少配额总带宽，以补偿上一周期所超额的带宽；如果实时带宽不超出配额总带宽，则将配额总带宽根据实时带宽的占比进行分配，保证调整后的配额带宽与实时带宽匹配。在冷启动的情况下，如果实时带宽超出配额总带宽，则先透支下一周期的带宽配额，保证流量可以顺利通过；在下一流量告警周期时，再减少带宽配额以补偿上一周期的超额带宽；如果实时带宽不大于配额总带宽，则将配额总带宽根据实时带宽的占比进行分配，保证调整后的配额带宽与实时带宽匹配。The method in the above embodiment proposes three different adjustment methods according to different conditions: In the case of non-cold start, if the real-time bandwidth exceeds the total bandwidth of the quota, the total bandwidth of the quota will be reduced in this period to compensate for the increase. Excess bandwidth in one period; if the real-time bandwidth does not exceed the total quota bandwidth, the total quota bandwidth is allocated according to the proportion of the real-time bandwidth to ensure that the adjusted quota bandwidth matches the real-time bandwidth. In the case of cold start, if the real-time bandwidth exceeds the total bandwidth of the quota, the bandwidth quota for the next period will be overdrawn to ensure that the traffic can pass through; in the next traffic alarm period, the bandwidth quota will be reduced to compensate for the excess bandwidth in the previous period ; If the real-time bandwidth is not greater than the total quota bandwidth, the total quota bandwidth is allocated according to the proportion of the real-time bandwidth to ensure that the adjusted quota bandwidth matches the real-time bandwidth.

作为示例，针对目标业务X，存储在中控设备中的配额总带宽为Mx＝300Mbps，限速网关集群中包括三台网关，编号分别为1、2、3，三台网关的配额带宽分别为0Mbps、150Mbps和150Mbps，threshold％均设为90％，在T时刻，三台网关的实时带宽分别为0Mbps、135Mbps和135Mbps，此时，目标业务X在编号为2和3的网关的实时带宽达到了该网关对目标业务的指定带宽，即150*90％＝135Mbps，此时生成流量告警，在T时刻的实时总带宽为Tx＝0+135+135＝270Mbps，该实时总带宽小于Mx，此轮调整需要按照正常的Mx进行分配，按照上述步骤S516的计算方式，经中控程序重新计算后，将目标业务X在编号为1的网关的配额带宽调整为Q1x(new)＝300*(0/270)＝0Mbps；将目标业务X在编号为2和3的网关的配额带宽均调整为Q2x(new)＝Q3x(new)＝300*(135/270)＝150Mbps，调整后的配额总带宽＝0+150+150＝300Mbps，与Mx相同。As an example, for the target service X, the total bandwidth of the quota stored in the central control device is Mx=300Mbps, and the speed-limiting gateway cluster includes three gateways, numbered 1, 2, 3, and the quota bandwidths of the three gateways are respectively 0Mbps, 150Mbps and 150Mbps, the threshold% is set to 90%. At time T, the real-time bandwidth of the three gateways are 0Mbps, 135Mbps and 135Mbps respectively. At this time, the real-time bandwidth of the target service X in the gateways numbered 2 and 3 reaches The designated bandwidth of the gateway for the target service is 150*90%=135Mbps. At this time, a traffic alarm is generated. The total real-time bandwidth at time T is Tx=0+135+135=270Mbps, and the total real-time bandwidth is less than Mx. The round adjustment needs to be allocated according to the normal Mx. According to the calculation method of the above step S516, after the central control program recalculates, the quota bandwidth of the target service X at the gateway number 1 is adjusted to Q1x(new)=300*(0 /270) = 0Mbps; adjust the quota bandwidth of the target service X at the gateways numbered 2 and 3 to Q2x(new)=Q3x(new)=300*(135/270)=150Mbps, the adjusted total bandwidth of the quota =0+150+150=300Mbps, which is the same as Mx.

本申请实施例提供的另一种网络流量的限速方法，详细描述了根据目标业务在限速网关集群中各个网关的带宽，调整目标业务在各个网关的配额带宽的步骤，根据不同的条件，提供了相应的调整配额带宽的具体计算方法。该方法可以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。Another method for limiting the rate of network traffic provided by the embodiment of this application describes in detail the steps of adjusting the quota bandwidth of the target service in each gateway according to the bandwidth of the target service in each gateway in the rate limiting gateway cluster. According to different conditions, Provides the corresponding calculation method for adjusting the quota bandwidth. This method can match the quota bandwidth of each gateway with the real-time bandwidth of the target service at each gateway, so that the flow rate limit of the target service is more accurate.

本申请实施例还提供另一种网络流量的限速方法，该方法重点说明在创建目标业务后，对该目标业务的配额带宽的初始分配过程；如图8所示，该方法包括如下步骤：The embodiment of the present application also provides another method for limiting the rate of network traffic. The method focuses on the initial allocation process of the quota bandwidth for the target service after the target service is created; as shown in FIG. 8, the method includes the following steps:

步骤S802，根据目标业务的配额总带宽，为限速网关集群中的各个网关设置对目标业务的初始的配额带宽；其中，该初始的配额带宽等于目标业务的配额总带宽与限速网关集群中的各个网关总数的比值。Step S802: Set an initial quota bandwidth for the target service for each gateway in the rate-limiting gateway cluster according to the total quota bandwidth of the target service; where the initial quota bandwidth is equal to the total quota bandwidth of the target service and the rate-limiting gateway cluster. The ratio of the total number of gateways.

为方便描述，限速网关集群限速网关集群中网关的总台数用N来表示，通过每个网关上所部署的sgwagent程序，对目标业务X在相应的网关上的配额进行初始化，该初始化配额为均分值M/N bps。For the convenience of description, the total number of gateways in the speed-limiting gateway cluster is denoted by N. Through the sgwagent program deployed on each gateway, the quota of the target service X on the corresponding gateway is initialized. The initial quota is It is the average score M/N bps.

步骤S804，接收限速网关集群中第一网关发送的流量告警；其中，该流量告警用于指示：预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例。Step S804: Receive a traffic alarm sent by the first gateway in the rate-limiting gateway cluster; where the traffic alarm is used to indicate that the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth.

步骤S806，基于上述流量告警获取上述目标业务在限速网关集群中各个网关的实时带宽。Step S806: Obtain the real-time bandwidth of each gateway of the above-mentioned target service in the rate-limiting gateway cluster based on the above-mentioned traffic alarm.

步骤S808，根据上述目标业务在上述第一网关的当前配额带宽、该目标业务在各个网关的实时带宽，以及预存的该目标业务的配额总带宽，更新该目标业务在限速网关集群中各个网关的配额带宽，以通过各个网关按照调整后的配额带宽对目标业务的流量进行限速。Step S808, according to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at each gateway, and the pre-stored total quota bandwidth of the target service, update each gateway of the target service in the rate-limiting gateway cluster The quota bandwidth is used to limit the traffic of the target service through each gateway according to the adjusted quota bandwidth.

本申请实施例提供的一种网络流量的限速方法，当租户创建新的目标业务，并为该目标业务购买带宽后，首先根据所购买的带宽及限速网关集群中网关的数量，为各个网关设置初始带宽配额，以使各个网关可以按照该初始带宽配额对目标业务中的弹性网络地址数据包进行限速，当接收到集群中第一网关发送的流量告警后，根据各个网关的带宽信息，调整各个网关对目标业务的配额带宽，以通过各个网关按照调整后的配额带宽对目标业务的流量进行限速。该方法中，限速网关集群中的任一网关的目标业务的实时带宽超出指定带宽后，及时反馈上报，根据该网关的反馈信息以及其他各个网关对该目标业务的相关信息，调整各个网关对目标业务的配额带宽，当出现突发网络流量时，通过该过程可以及时调整配额带宽，进而提高限速网关对带宽限速的准确性。According to the method for limiting the network traffic rate provided by the embodiment of this application, when a tenant creates a new target service and purchases bandwidth for the target service, firstly, according to the purchased bandwidth and the number of gateways in the rate limiting gateway cluster, The gateway sets the initial bandwidth quota so that each gateway can limit the rate of elastic network address data packets in the target service according to the initial bandwidth quota. After receiving the traffic alarm sent by the first gateway in the cluster, according to the bandwidth information of each gateway , Adjust the quota bandwidth of each gateway for the target service, so that the traffic of the target service is limited by each gateway according to the adjusted quota bandwidth. In this method, after the real-time bandwidth of the target service of any gateway in the rate-limiting gateway cluster exceeds the specified bandwidth, it is reported back in time, and each gateway pair is adjusted according to the feedback information of the gateway and the relevant information of the target service of the other gateways. The quota bandwidth of the target service. When there is a sudden network traffic, the quota bandwidth can be adjusted in time through this process, thereby improving the accuracy of the bandwidth speed limit of the rate limiting gateway.

本申请实施例还提供另一种网络流量的限速方法，该方法可以应用于网关，该网关被配置为能够接收对目标业务的请求报文和/或发送该目标业务发出的响应报文，该网关基于存储的配额带宽对该目标业务的流量进行限速；如图9所示；该方法包括如下步骤：The embodiment of the present application also provides another method for limiting the rate of network traffic, which can be applied to a gateway configured to receive a request message for a target service and/or send a response message sent by the target service, The gateway limits the target service traffic based on the stored quota bandwidth; as shown in Figure 9; the method includes the following steps:

步骤S902，在检测到目标业务的实时带宽超出当前配额带宽的预定比例时，生成流量告警。Step S902: When it is detected that the real-time bandwidth of the target service exceeds a predetermined proportion of the current quota bandwidth, a traffic alarm is generated.

目标业务的流量可以为出向流量，即从互联网数据中心机房发向公网，也可以是入向流量，即从公网发向互联网数据中心机房；具体的，当为出向流量时，目标业务流量从互联网数据中心机房通过下联交换机散列至限速网关集群，经集群限速后，再通过上联交换机发向公网；当为入向流量时，目标业务流量从公网通过上联交换机散列至限速网关集群，经集群限速后，再通过下联交换机发向互联网数据中心机房。The traffic of the target business can be outbound traffic, that is, sent from the Internet data center computer room to the public network, or inbound traffic, that is, sent from the public network to the Internet data center computer room; specifically, when it is outbound traffic, the target business traffic Hash from the Internet data center computer room through the downstream switch to the speed-limiting gateway cluster. After the cluster rate is limited, it is sent to the public network through the upstream switch; when it is inbound traffic, the target business traffic is scattered from the public network through the upstream switch Listed to the speed limit gateway cluster, after the cluster speed limit, and then sent to the Internet data center computer room through the downstream switch.

当检测目标业务的流量对应的实时带宽超出当前配额带宽的预定比例时，生成流量告警。When the real-time bandwidth corresponding to the traffic of the detected target service exceeds the predetermined ratio of the current quota bandwidth, a traffic alarm is generated.

步骤S904，将上述流量告警发送至与上述网关通信连接的中控设备。Step S904: Send the above-mentioned traffic alarm to the central control device in communication connection with the above-mentioned gateway.

步骤S906，接收上述中控设备返回的更新后的配额带宽，并按照更新后的配额带宽对上述目标业务的流量进行限速。Step S906: Receive the updated quota bandwidth returned by the above-mentioned central control device, and limit the rate of the traffic of the above-mentioned target service according to the updated quota bandwidth.

其中，针对网关基于存储的配额带宽对该目标业务的流量进行限速的过程，可以采用以下步骤90-步骤91来实现：Among them, for the process that the gateway limits the rate of the target service traffic based on the stored quota bandwidth, the following steps 90-91 can be used to implement:

步骤90，如果配额宽带不为零，则在目标业务的实时带宽超出当前配额带宽的之后的时间段内，丢弃接收到的报文。Step 90: If the quota bandwidth is not zero, discard the received message within a time period after the real-time bandwidth of the target service exceeds the current quota bandwidth.

如果目标业务在指定网关中的配额带宽不为零，当该目标业务的实时带宽超出该目标业务在该指定网关中的配额带宽时，在该周期内，该指定网关会丢弃所接收到的报文，以对目标业务进行限速，控制网络传输效率。If the quota bandwidth of the target service in the designated gateway is not zero, when the real-time bandwidth of the target service exceeds the quota bandwidth of the target service in the designated gateway, the designated gateway will discard the received report during the period. In order to limit the speed of the target business and control the efficiency of network transmission.

步骤91，如果配额带宽为零，则在目标业务的实时带宽超出当前配额带宽的之后的时间段内，不丢弃接收到的报文。Step 91: If the quota bandwidth is zero, the received message is not discarded in the time period after the real-time bandwidth of the target service exceeds the current quota bandwidth.

如果目标业务在指定网关中的配额带宽为零，当该目标业务的实时带宽超出该目标业务在该指定网关中的配额带宽时，在该周期内，该指定网关不会丢弃所接收到的报文，让目标业务的实时带宽对应的报文全部通过，并在下一轮的配额调整过程中，对超出的带宽进行补偿。If the quota bandwidth of the target service in the designated gateway is zero, when the real-time bandwidth of the target service exceeds the quota bandwidth of the target service in the designated gateway, the designated gateway will not discard the received report during the period. It allows all packets corresponding to the real-time bandwidth of the target service to pass, and compensates for the excess bandwidth during the next round of quota adjustment.

本申请实施例提供的一种网络流量的限速方法，当检测目标业务的流量对应的实时带宽是否超出当前配额带宽的预定比例时，生成流量告警，并将该流量告警发送至与网关通信连接的中控设备；接收中控设备返回的更新后的配额带宽，并按照更新后的配额带宽对目标业务的流量进行限速。该方法中，限速网关集群中的任一网关的目标业务的实时带宽超出指定带宽后，及时向中控设备发送流量告警，中控设备根据各个网关对目标业务的实时带宽和该目标业务的配额总带宽，重新分配各个网关的配额带宽，以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。An embodiment of the present application provides a method for limiting the rate of network traffic. When it is detected whether the real-time bandwidth corresponding to the traffic of the target service exceeds a predetermined ratio of the current quota bandwidth, a traffic alarm is generated, and the traffic alarm is sent to the communication connection with the gateway The central control device; receives the updated quota bandwidth returned by the central control device, and limits the traffic of the target service according to the updated quota bandwidth. In this method, after the real-time bandwidth of the target service of any gateway in the speed-limiting gateway cluster exceeds the specified bandwidth, it sends traffic alarms to the central control device in time, and the central control device sends traffic alarms to the central control device according to the real-time bandwidth of each gateway to the target business and the target business’s real-time bandwidth. Quota total bandwidth, redistribute the quota bandwidth of each gateway, so that the quota bandwidth of each gateway matches the real-time bandwidth of the target service at each gateway, so as to limit the traffic rate of the target service more accurately.

本申请实施例还提供另一种网络流量的限速方法，该方法重点说明中控设备获取目标业务的实时带宽的过程，如图10所示，该方法包括如下步骤：The embodiment of the present application also provides another method for limiting the rate of network traffic. The method focuses on the process of obtaining the real-time bandwidth of the target service by the central control device. As shown in FIG. 10, the method includes the following steps:

步骤S1002，在检测到目标业务的实时带宽超出当前配额带宽的预定比例时，生成流量告警。In step S1002, when it is detected that the real-time bandwidth of the target service exceeds a predetermined proportion of the current quota bandwidth, a traffic alarm is generated.

在实际实现时，可以初始化一预定比例threshold％，该预定比例可以根据经验进行设定，如设定为90％，如果目标业务在网关中的配额带宽大于零，则需要设定一预定比例，以确保该目标业务在网关的实时带宽超出当前配额带宽预定比例时，网关可以发出流量告警；如果目标业务在网关中的配额带宽等于零，则无论预定比例设定为多少，只要该目标业务在网关的实时带宽大于零，网关都会发出流量告警。。In actual implementation, a predetermined ratio threshold% can be initialized. The predetermined ratio can be set based on experience, such as 90%. If the quota bandwidth of the target service in the gateway is greater than zero, a predetermined ratio needs to be set. In order to ensure that the real-time bandwidth of the target service at the gateway exceeds the preset ratio of the current quota bandwidth, the gateway can issue a traffic alarm; if the quota bandwidth of the target service in the gateway is equal to zero, no matter what the preset ratio is set, as long as the target service is in the gateway If the real-time bandwidth is greater than zero, the gateway will issue a traffic alarm. .

步骤S1004，将上述流量告警发送至与上述网关通信连接的中控设备。步骤S1006，接收上述中控设备返回的更新后的配额带宽，并按照更新后的配额带宽对所述目标业务的流量进行限速。Step S1004: Send the above-mentioned traffic alarm to the central control device in communication connection with the above-mentioned gateway. Step S1006: Receive the updated quota bandwidth returned by the above-mentioned central control device, and limit the rate of the target service traffic according to the updated quota bandwidth.

步骤S1008，如果接收到中控设备发送的对目标业务的实时带宽的请求信息，向中控设备返回对目标业务的实时带宽。Step S1008: If the request information for the real-time bandwidth of the target service sent by the central control device is received, the real-time bandwidth of the target service is returned to the central control device.

当中控设备接收到网关的流量告警信息后，通常还需要限速网关集群中的其他网关对该目标业务的实时带宽信息，因而中控设备会通过中控程序向限速网关集群中除第一网关之外的其他网关发送对目标业务X的实时带宽的请求信息，该信息包括目标业务标识X，以收集目标业务X的实时带宽。After the central control device receives the traffic alarm information of the gateway, it usually needs the real-time bandwidth information of other gateways in the speed-limiting gateway cluster for the target service. Therefore, the central control device will remove the first one from the speed-limiting gateway cluster through the central control program. Gateways other than the gateway send request information for the real-time bandwidth of the target service X, and the information includes the target service identifier X to collect the real-time bandwidth of the target service X.

当限速网关集群内的其他各个网关接收到上述请求信息后，由网关中的监控程序读出X的实时带宽Rx，通过网关中的客户端程序与中控设备中的服务器程序之间的通信，将封装应答信息发回至中控设备，信息包括Rx。When the other gateways in the speed-limiting gateway cluster receive the above request information, the monitoring program in the gateway reads the real-time bandwidth Rx of X, and through the communication between the client program in the gateway and the server program in the central control device , Send the package response information back to the central control device, the information includes Rx.

本申请实施例提供的一种网络流量的限速方法，当检测目标业务的流量对应的实时带宽是否超出当前配额带宽的预定比例时，生成流量告警，并将该流量告警发送至与网关通信连接的中控设备；当接收到中控设备发送的对目标业务的实时带宽的请求信息时，向中控设备返回对目标业务的实时带宽，以通过中控设备调整该网关对目标业务的配额带宽；并按照调整后的配额带宽对目标业务的流量进行限速。该方法中，限速网关集群中的任一网关的目标业务的实时带宽超出指定带宽后，及时向中控设备发送流量告警，中控设备根据各个网关对目标业务的实时带宽和该目标业务的配额总带宽，重新分配各个网关的配额带宽，以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。An embodiment of the present application provides a method for limiting the rate of network traffic. When it is detected whether the real-time bandwidth corresponding to the traffic of the target service exceeds a predetermined ratio of the current quota bandwidth, a traffic alarm is generated, and the traffic alarm is sent to the communication connection with the gateway The central control device; when receiving the request information for the real-time bandwidth of the target service sent by the central control device, the real-time bandwidth of the target service is returned to the central control device to adjust the gateway’s quota bandwidth for the target service through the central control device ; And according to the adjusted quota bandwidth to limit the target business traffic. In this method, after the real-time bandwidth of the target service of any gateway in the speed-limiting gateway cluster exceeds the specified bandwidth, it sends traffic alarms to the central control device in time, and the central control device sends traffic alarms to the central control device according to the real-time bandwidth of each gateway to the target business and the target business’s real-time bandwidth. Quota total bandwidth, redistribute the quota bandwidth of each gateway, so that the quota bandwidth of each gateway matches the real-time bandwidth of the target service at each gateway, so as to limit the traffic rate of the target service more accurately.

对应于上述方法实施例，参见图11所示的一种网络流量的限速装置的结构示意图，该装置设置于中控设备，该装置包括：第一接收模块110，设置为接收限速网关集群中第一网关发送的流量告警；其中，流量告警用于指示：预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例；第一获取模块111，设置为基于流量告警获取目标业务在限速网关集群中各个网关的实时带宽；更新模块112，设置为根据目标业务在第一网关的当前配额带宽、目标业务在各个网关的实时带宽，以及预存的目标业务的配额总带宽，更新目标业务在限速网关集群中各个网关的配额带宽。Corresponding to the above method embodiment, refer to the schematic structural diagram of a network traffic rate limiting device shown in FIG. 11. The device is set in the central control device, and the device includes: a first receiving module 110 configured to receive the rate limiting gateway cluster The traffic alarm sent by the first gateway in the first gateway; where the traffic alarm is used to indicate: the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth; the first obtaining module 111 is set to obtain the target service based on the traffic alarm The real-time bandwidth of each gateway in the rate-limiting gateway cluster; the update module 112 is set to update according to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at each gateway, and the pre-stored total bandwidth of the target service quota The target service is the quota bandwidth of each gateway in the rate-limiting gateway cluster.

上述网络流量的限速装置，首先接收限速网关集群中第一网关发送的流量告警，该流量告警指示预设目标业务在第一网关的实时带宽超出当前配额带宽的预定比例，然后，基于该流量告警获取该目标业务在该限速网关集群中各个网关的实时带宽；最后，根据该目标业务在该第一网关的当前配额带宽、该目标业务在各个网关的实时带宽，以及预存的该目标业务的配额总带宽，更新该目标业务在该限速网关集群中各个网关的配额带宽，以通过各个网关按照调整后的配额带宽对目标业务的流量进行限速。该方式中，限速网关集群中的任一网关的目标业务的实时带宽超出指定带宽后，及时向中控设备发送流量告警，中控设备根据各个网关对目标业务的实时带宽和该目标业务的配额总带宽，重新分配各个网关的配额带宽，以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。The above-mentioned network traffic rate limiting device first receives a traffic alarm sent by the first gateway in the rate limiting gateway cluster. The traffic alarm indicates that the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined proportion of the current quota bandwidth, and then, based on the Traffic alarms obtain the real-time bandwidth of each gateway of the target service in the rate-limiting gateway cluster; finally, according to the current quota bandwidth of the target service in the first gateway, the real-time bandwidth of the target service in each gateway, and the pre-stored target The total quota bandwidth of the service is updated to update the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster, so as to limit the traffic of the target service through each gateway according to the adjusted quota bandwidth. In this method, after the real-time bandwidth of the target service of any gateway in the rate-limiting gateway cluster exceeds the specified bandwidth, it sends traffic alarms to the central control device in time. The central control device sends traffic alarms to the central control device according to the real-time bandwidth of each gateway to the target business and the target business’s real-time bandwidth. Quota total bandwidth, redistribute the quota bandwidth of each gateway, so that the quota bandwidth of each gateway matches the real-time bandwidth of the target service at each gateway, so as to limit the traffic rate of the target service more accurately.

进一步的，流量告警至少包括：第一网关的编号、目标业务的编号、目标业务在第一网关的配额带宽，以及流量告警生成时目标业务在第一网关的实时带宽。Further, the traffic alarm includes at least: the number of the first gateway, the number of the target service, the quota bandwidth of the target service at the first gateway, and the real-time bandwidth of the target service at the first gateway when the traffic alarm is generated.

进一步的，第一获取模块111还设置为：在收到流量告警后，从流量告警中提取目标业务的编号；基于目标业务的编号向限速网关集群中，除第一网关以外的网关发送对目标业务的实时带宽的请求信息；接收除第一网关以外的网关返回的对目标业务的实时带宽。Further, the first obtaining module 111 is further configured to: after receiving the traffic alarm, extract the target service number from the traffic alarm; based on the target service number, send the pair to the rate-limiting gateway cluster, except for the first gateway. Real-time bandwidth request information of the target service; receiving the real-time bandwidth of the target service returned by gateways other than the first gateway.

进一步的，更新模块112还设置为：从第一网关发送的流量告警中提取目标业务在第一网关的配额带宽；判断提取出的配额带宽是否大于零；根据配额带宽的判断结果、目标业务在各个网关的实时带宽、以及目标业务的配额总带宽，调整各个网关对目标业务的配额带宽。Further, the update module 112 is further configured to: extract the quota bandwidth of the target service at the first gateway from the traffic alarm sent by the first gateway; determine whether the extracted quota bandwidth is greater than zero; according to the result of the quota bandwidth judgment, the target service is The real-time bandwidth of each gateway and the total bandwidth of the quota of the target service are adjusted to adjust the bandwidth of each gateway's quota of the target service.

进一步的，该装置还包括：第二获取模块(图中未示出)，设置为基于流量告警获取目标业务在限速网关集群中各个网关的配额带宽；Further, the device further includes: a second obtaining module (not shown in the figure), configured to obtain the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster based on the traffic alarm;

上述更新模块112还设置为：如果目标业务在第一网关的配额带宽大于零，计算目标业务在各个网关的配额带宽的总和，得到限速网关集群对目标业务的配额总带宽；判断计算得到的配额总带宽是否大于预先存储在中控设备中的目标业务的配额总带宽；根据配额总带宽的判断结果，调整目标业务在限速网关集群中各个网关的的配额带宽。The above-mentioned update module 112 is also set to: if the quota bandwidth of the target service at the first gateway is greater than zero, calculate the sum of the quota bandwidth of the target service at each gateway to obtain the total quota bandwidth of the target service by the rate-limiting gateway cluster; Whether the total quota bandwidth is greater than the total quota bandwidth of the target service pre-stored in the central control device; according to the judgment result of the total quota bandwidth, adjust the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster.

进一步的，上述更新模块112还设置为：如果计算得到的配额总带宽等于或小于存储的配额总带宽，计算目标业务在各个网关的实时带宽的总和，得到目标业务在限速网关集群的实时总带宽；针对限速网关集群中的每个网关，将目标业务在当前网关的配额带宽调整为：目标业务在当前网关的实时带宽与目标业务的实时总带宽的比值，乘以存储的配额总带宽。Further, the above-mentioned update module 112 is further configured to: if the calculated total quota bandwidth is equal to or less than the stored quota total bandwidth, calculate the total real-time bandwidth of the target service at each gateway to obtain the real-time total bandwidth of the target service at the rate-limiting gateway cluster. Bandwidth; For each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service at the current gateway to: the ratio of the real-time bandwidth of the target service at the current gateway to the total real-time bandwidth of the target service, multiplied by the total bandwidth of the storage quota .

进一步的，上述更新模块112还设置为：如果计算得到的配额总带宽大于存储的配额总带宽，计算目标业务在各个网关的实时带宽的总和，得到目标业务在限速网关集群的实时总带宽；针对限速网关集群中的每个网关，将目标业务在当前网关的配额带宽调整为：存储的配额总带宽的二倍与目标业务的实时总带宽的差值，乘以，目标业务在当前网关的实时带宽与目标业务的实时总带宽的比值。Further, the above-mentioned update module 112 is further configured to: if the calculated total bandwidth of the quota is greater than the total bandwidth of the stored quota, calculate the sum of the real-time bandwidth of the target service at each gateway to obtain the real-time total bandwidth of the target service at the rate-limiting gateway cluster; For each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service at the current gateway to: the difference between twice the total bandwidth of the stored quota and the real-time total bandwidth of the target service, multiplied by the target service at the current gateway The ratio of the real-time bandwidth of the target service to the total real-time bandwidth of the target service.

进一步的，上述更新模块112还设置为：如果目标业务在第一网关的配额带宽等于零，计算目标业务在各个网关的实时带宽的总和，得到限速网关集群对目标业务的实时总带宽；判断实时总带宽是否大于预先存储在中控设备中的目标业务的配额总带宽；如果大于，针对限速网关集群中的每个网关，将目标业务在当前网关的配额带宽调整为：目标业务在当前网关的实时带宽。Further, the above-mentioned update module 112 is also set to: if the quota bandwidth of the target service at the first gateway is equal to zero, calculate the sum of the real-time bandwidth of the target service at each gateway to obtain the real-time total bandwidth of the speed-limiting gateway cluster for the target service; Whether the total bandwidth is greater than the total quota bandwidth of the target service pre-stored in the central control device; if it is greater, for each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service at the current gateway to: the target service at the current gateway Real-time bandwidth.

进一步的，上述装置还包括：设置模块(图中未示出)，设置为根据目标业务的配额总带宽，为限速网关集群中的各个网关设置对目标业务的初始的配额带宽；其中，初始的配额带宽等于目标业务的配额总带宽与限速网关集群中的各个网关总数的比值。Further, the above-mentioned device further includes: a setting module (not shown in the figure), which is set to set the initial quota bandwidth for the target service for each gateway in the rate-limiting gateway cluster according to the total quota bandwidth of the target service; The quota bandwidth of is equal to the ratio of the total quota bandwidth of the target service to the total number of gateways in the rate-limiting gateway cluster.

参见图12所示的另一种网络流量的限速装置的结构示意图，该装置设置于网关，该网关被配置为能够接收对目标业务的请求报文和/或发送目标业务发出的响应报文，该网关基于存储的配额带宽对目标业务的流量进行限速，该装置包括：生成模块120，设置为在检测到目标业务的实时带宽超出当前配额带宽的预定比例时，生成流量告警；发送模块121，设置为将流量告警发送至与网关通信连接的中控设备；第二接收模块122，设置为接收中控设备返回的更新后的配额带宽，并按照更新后的配额带宽对目标业务的流量进行限速。Refer to the schematic structural diagram of another network traffic rate limiting device shown in FIG. 12. The device is set in a gateway, and the gateway is configured to receive request messages for target services and/or send response messages from target services. The gateway limits the traffic of the target service based on the stored quota bandwidth. The device includes: a generating module 120 configured to generate a traffic alarm when it detects that the real-time bandwidth of the target service exceeds a predetermined ratio of the current quota bandwidth; a sending module 121. Set to send traffic alarms to the central control device in communication with the gateway; the second receiving module 122 is set to receive the updated quota bandwidth returned by the central control device, and the traffic of the target service according to the updated quota bandwidth Carry out speed limit.

上述网络流量的限速装置，当检测目标业务的流量对应的实时带宽是否超出当前配额带宽的预定比例时，生成流量告警，并将该流量告警发送至与网关通信连接的中控设备；接收中控设备返回的更新后的配额带宽，并按照更新后的配额带宽对目标业务的流量进行限速。该装置中，限速网关集群中的任一网关的目标业务的实时带宽超出指定带宽后，及时向中控设备发送流量告警，中控设备根据各个网关对目标业务的实时带宽和该目标业务的配额总带宽，重新分配各个网关的配额带宽，以使各个网关的配额带宽与目标业务在各个网关的实时带宽相匹配，从而对目标业务的流量限速更加准确。The above-mentioned network traffic rate limiting device, when detecting whether the real-time bandwidth corresponding to the target service traffic exceeds a predetermined proportion of the current quota bandwidth, generates a traffic alarm, and sends the traffic alarm to the central control device communicating with the gateway; receiving Control the updated quota bandwidth returned by the device, and limit the target service traffic according to the updated quota bandwidth. In this device, after the real-time bandwidth of the target service of any gateway in the speed-limiting gateway cluster exceeds the specified bandwidth, it sends traffic alarms to the central control device in time. The central control device sends traffic alarms to the central control device according to the real-time bandwidth of each gateway to the target business and the target business’s real-time bandwidth. Quota total bandwidth, redistribute the quota bandwidth of each gateway, so that the quota bandwidth of each gateway matches the real-time bandwidth of the target service at each gateway, so as to limit the traffic rate of the target service more accurately.

进一步的，该网关还设置为：如果配额宽带不为零，则在目标业务的实时带宽超出当前配额带宽的之后的时间段内，丢弃接收到的报文；如果配额带宽为零，则在目标业务的实时带宽超出当前配额带宽的之后的时间段内，不丢弃接收到的报文。Further, the gateway is also set to: if the quota bandwidth is not zero, the received message will be discarded within the time period after the real-time bandwidth of the target service exceeds the current quota bandwidth; if the quota bandwidth is zero, the target In the time period after the real-time bandwidth of the service exceeds the current quota bandwidth, the received packets are not discarded.

进一步的，上述装置还包括：返回模块(图中未示出)，设置为如果接收到中控设备发送的对目标业务的实时带宽的请求信息，向中控设备返回对目标业务的实时带宽。Further, the above-mentioned device further includes: a return module (not shown in the figure), configured to return the real-time bandwidth of the target service to the central control device if it receives request information for the real-time bandwidth of the target service sent by the central control device.

本申请实施例还提供了一种中控设备和网关，参见图13所示，该中控设备或网关包括处理器130和存储器131，该存储器131存储有能够被处理器130执行的机器可执行指令，该处理器130执行机器可执行指令以实现上述网络流量的限速方法。The embodiment of the present application also provides a central control device and a gateway. As shown in FIG. 13, the central control device or gateway includes a processor 130 and a memory 131. The memory 131 stores a machine executable that can be executed by the processor 130. Instruction, the processor 130 executes machine-executable instructions to implement the above-mentioned network traffic rate limiting method.

进一步地，图13所示的中控设备或网关还包括总线132和通信接口133，处理器130、通信接口133和存储器131通过总线132连接。Further, the central control device or gateway shown in FIG. 13 further includes a bus 132 and a communication interface 133, and the processor 130, the communication interface 133 and the memory 131 are connected through the bus 132.

其中，存储器131可能包含高速随机存取存储器(RAM，Random Access Memory)，也可能还包括非不稳定的存储器(non-volatile memory)，例如至少一个磁盘存储器。通过至少一个通信接口133(可以是有线或者无线)实现该系统网元与至少一个其他网元之间的通信连接，可以使用互联网，广域网，本地网，城域网等。总线132可以是ISA总线、PCI总线或EISA总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示，图13中仅用一个双向箭头表示，但并不表示仅有一根总线或一种类型的总线。The memory 131 may include a high-speed random access memory (RAM, Random Access Memory), and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory. The communication connection between the system network element and at least one other network element is realized through at least one communication interface 133 (which may be wired or wireless), and the Internet, a wide area network, a local network, a metropolitan area network, etc. may be used. The bus 132 may be an ISA bus, a PCI bus, an EISA bus, or the like. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of presentation, only one bidirectional arrow is used in FIG. 13, but it does not mean that there is only one bus or one type of bus.

处理器130可能是一种集成电路芯片，具有信号的处理能力。在实现过程中，上述方法的各步骤可以通过处理器130中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器130可以是通用处理器，包括中央处理器(Central Processing Unit，简称CPU)、网络处理器(Network Processor，简称NP)等；还可以是数字信号处理器(Digital Signal Processor，简称DSP)、专用集成电路(Application Specific Integrated Circuit，简称ASIC)、现场可编程门阵列(Field-Programmable Gate Array，简称FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成，或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器，闪存、只读存储器，可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器131，处理器130读取存储器131中的信息，结合其硬件完成前述实施例的方法的步骤。The processor 130 may be an integrated circuit chip with signal processing capability. In the implementation process, the steps of the foregoing method may be completed by an integrated logic circuit of hardware in the processor 130 or instructions in the form of software. The aforementioned processor 130 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; it may also be a Digital Signal Processor (DSP for short). ), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components. The methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers. The storage medium is located in the memory 131, and the processor 130 reads the information in the memory 131, and completes the steps of the method of the foregoing embodiment in combination with its hardware.

在本申请提供的又一实施例中，还提供了一种计算机可读存储介质，该计算机可读存储介质内存储有计算机程序，所述计算机程序被处理器执行时实现上述任一种网络流量的限速方法。In yet another embodiment provided by the present application, a computer-readable storage medium is also provided. The computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, it realizes any of the above-mentioned network traffic. The speed limit method.

在本申请提供的又一实施例中，还提供了一种包含指令的计算机程序产品，当其在计算机上运行时，使得计算机执行上述实施例中任一种网络流量的限速方法。In another embodiment provided by the present application, a computer program product containing instructions is also provided, which when running on a computer, causes the computer to execute any one of the network traffic rate limiting methods in the foregoing embodiments.

在本申请提供的又一实施例中，还提供了一种可执行程序代码，所述可执行程序代码设置为被运行以执行上述实施例中任一种网络流量的限速方法。In another embodiment provided in this application, an executable program code is also provided, and the executable program code is configured to be executed to execute any one of the network traffic rate limiting methods in the foregoing embodiments.

在上述实施例中，可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时，可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时，全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中，或者从一个计算机可读存储介质向另一个计算机可读存储介质传输，例如，所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质，(例如，软盘、硬盘、磁带)、光介质(例如，DVD)、或者半导体介质(例如固态硬盘Solid State Disk(SSD))等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented by software, it can be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website site, computer, server or data center via wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center integrated with one or more available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).

需要说明的是，在本文中，诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来，而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且，术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply one of these entities or operations. There is any such actual relationship or order between. Moreover, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements not only includes those elements, but also includes those that are not explicitly listed Other elements of, or also include elements inherent to this process, method, article or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, article, or equipment that includes the element.

本说明书中的各个实施例均采用相关的方式描述，各个实施例之间相同相似的部分互相参见即可，每个实施例重点说明的都是与其他实施例的不同之处。尤其，对于装置实施例、设备实施例、计算机可读存储介质实施例、以及计算机程序产品实施例而言，由于其基本相似于方法实施例，所以描述的比较简单，相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a related manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the device embodiments, device embodiments, computer readable storage medium embodiments, and computer program product embodiments, since they are basically similar to the method embodiments, the descriptions are relatively simple, and for relevant details, please refer to the method embodiments. Part of the instructions can be.

以上所述仅为本申请的较佳实施例，并非用于限定本申请的保护范围。凡在本申请的精神和原则之内所作的任何修改、等同替换、改进等，均包含在本申请的保护范围内。The foregoing descriptions are only preferred embodiments of the present application, and are not used to limit the protection scope of the present application. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application are all included in the protection scope of this application.

最后应说明的是：以上各实施例仅用以说明本申请的技术方案，而非对其限制；尽管参照前述各实施例对本申请进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分或者全部技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the application, not to limit them; although the application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or equivalently replace some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present application. range.

Claims

A method for limiting the rate of network traffic, which is applied to a central control device, and the method includes:

Receiving a traffic alarm sent by the first gateway in the rate-limiting gateway cluster; wherein the traffic alarm is used to indicate that the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth;

Acquiring the real-time bandwidth of each gateway of the target service in the rate-limiting gateway cluster based on the traffic alarm;

According to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at the respective gateways, and the pre-stored total quota bandwidth of the target service, update the target service at the limit The quota bandwidth of each gateway in the fast gateway cluster.

The method according to claim 1, wherein the traffic alarm includes at least: the number of the first gateway, the number of the target service, the quota bandwidth of the target service at the first gateway, and the The real-time bandwidth of the target service at the first gateway when the traffic alarm is generated.

The method according to claim 1, wherein the obtaining the real-time bandwidth of each gateway of the target service in the rate-limiting gateway cluster based on the traffic alarm comprises:

After receiving the traffic alarm, extract the number of the target service from the traffic alarm;

Sending, based on the serial number of the target service, request information for the real-time bandwidth of the target service to gateways other than the first gateway in the rate-limiting gateway cluster;

Receiving the real-time bandwidth for the target service returned by a gateway other than the first gateway.

The method according to claim 1, wherein according to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at the respective gateways, and the total quota of the target service pre-stored Bandwidth, the step of updating the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster includes:

Extracting the quota bandwidth of the target service at the first gateway from the traffic alarm sent by the first gateway;

Judging whether the extracted quota bandwidth is greater than zero;

Adjust the quota bandwidth of each gateway for the target service according to the judgment result of the quota bandwidth, the real-time bandwidth of the target service at the respective gateways, and the total quota bandwidth of the target service.

The method according to claim 4, wherein after the step of receiving the traffic alarm sent by the first gateway in the rate-limiting gateway cluster, the method further comprises: acquiring the target service in the rate-limiting gateway based on the traffic alarm Quota bandwidth of each gateway in the cluster;

According to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at the respective gateways, and the pre-stored total quota bandwidth of the target service, update the target service at all The steps to describe the quota bandwidth of each gateway in the rate-limiting gateway cluster include:

If the quota bandwidth of the target service at the first gateway is greater than zero, calculate the sum of the quota bandwidth of the target service at the respective gateways to obtain the total quota bandwidth of the target service by the rate-limiting gateway cluster;

Judging whether the calculated total quota bandwidth is greater than the total quota bandwidth of the target service pre-stored in the central control device;

According to the judgment result of the total quota bandwidth, adjust the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster.

The method according to claim 5, wherein the step of adjusting the quota bandwidth of each gateway of the target service in the rate limiting gateway cluster according to the judgment result of the total bandwidth of the quota comprises:

If the calculated total bandwidth of the quota is equal to or less than the total bandwidth of the stored quota, calculate the total real-time bandwidth of the target service at the respective gateways to obtain the total real-time bandwidth of the target service at the rate-limiting gateway cluster;

For each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service at the current gateway to: the ratio of the real-time bandwidth of the target service at the current gateway to the total real-time bandwidth of the target service , Multiplied by the total bandwidth of the storage quota.

If the calculated total bandwidth of the quota is greater than the total bandwidth of the stored quota, calculate the sum of the real-time bandwidth of the target service at the respective gateways to obtain the real-time total bandwidth of the target service at the rate-limiting gateway cluster;

For each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service at the current gateway to: the difference between twice the stored quota total bandwidth and the real-time total bandwidth of the target service, Multiplied by the ratio of the real-time bandwidth of the target service at the current gateway to the total real-time bandwidth of the target service.

The method according to claim 4, wherein according to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at the respective gateways, and the total quota of the target service pre-stored Bandwidth, the step of updating the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster includes:

If the quota bandwidth of the target service at the first gateway is equal to zero, calculate the sum of the real-time bandwidth of the target service at the respective gateways to obtain the total real-time bandwidth of the rate-limiting gateway cluster for the target service;

Judging whether the total real-time bandwidth is greater than the total quota bandwidth of the target service pre-stored in the central control device;

If it is greater than, for each gateway in the rate-limiting gateway cluster, adjust the quota bandwidth of the target service at the current gateway to: the real-time bandwidth of the target service at the current gateway.

The method according to claim 1, wherein before receiving the traffic alarm sent by the first gateway in the rate-limiting gateway cluster, the method comprises:

According to the total quota bandwidth of the target service, an initial quota bandwidth for the target service is set for each gateway in the rate-limiting gateway cluster; wherein the initial quota bandwidth is equal to the total quota bandwidth of the target service The ratio to the total number of gateways in the rate-limiting gateway cluster.

A method for limiting the rate of network traffic, wherein, applied to a gateway, the gateway is configured to be able to receive a request message for a target service and/or send a response message sent by the target service, and the gateway is based on stored The quota bandwidth limits the rate of the target service traffic, and the method includes:

When it is detected that the real-time bandwidth of the target service exceeds the predetermined ratio of the current quota bandwidth, a traffic alarm is generated;

Sending the traffic alarm to a central control device communicatively connected with the gateway;

Receive the updated quota bandwidth returned by the central control device, and limit the rate of the target service traffic according to the updated quota bandwidth.

The method according to claim 10, wherein the gateway restricting the rate of the target service traffic based on the stored quota bandwidth comprises:

If the quota bandwidth is not zero, discard the received message within a time period after the real-time bandwidth of the target service exceeds the current quota bandwidth;

If the quota bandwidth is zero, the received message is not discarded in the time period after the real-time bandwidth of the target service exceeds the current quota bandwidth.

The method according to claim 10, wherein the method further comprises:

If the request information for the real-time bandwidth of the target service sent by the central control device is received, the real-time bandwidth of the target service is returned to the central control device.

A device for limiting the rate of network traffic, which is applied to a central control device, and the device includes:

The first receiving module is configured to receive the traffic alarm sent by the first gateway in the rate-limiting gateway cluster; wherein the traffic alarm is used to indicate that the real-time bandwidth of the preset target service at the first gateway exceeds a predetermined ratio of the current quota bandwidth;

The first obtaining module is configured to obtain the real-time bandwidth of each gateway of the target service in the rate-limiting gateway cluster based on the traffic alarm;

An update module, configured to update the target according to the current quota bandwidth of the target service at the first gateway, the real-time bandwidth of the target service at the respective gateways, and the pre-stored total quota bandwidth of the target service The quota bandwidth of each gateway of the service in the rate-limiting gateway cluster.

The apparatus according to claim 13, wherein the traffic alarm includes at least: the number of the first gateway, the number of the target service, the quota bandwidth of the target service at the first gateway, and the The real-time bandwidth of the target service at the first gateway when the traffic alarm is generated.

The device according to claim 13, wherein the first acquiring module is further configured to:

The device according to claim 13, wherein the update module is further configured to:

Judging whether the extracted quota bandwidth is greater than zero;

The device according to claim 16, wherein the device further comprises: a second obtaining module configured to obtain the quota bandwidth of each gateway of the target service in the rate-limiting gateway cluster based on the traffic alarm;

The update module is also set to:

The device according to claim 17, wherein the update module is further configured to:

If the calculated total bandwidth of the quota is equal to or less than the total bandwidth of the stored quota,

Calculating the sum of the real-time bandwidth of the target service in the respective gateways to obtain the total real-time bandwidth of the target service in the rate-limiting gateway cluster;

The device according to claim 16, wherein the update module is further configured to:

The device according to claim 13, wherein the device further comprises:

The setting module is configured to set the initial quota bandwidth for the target service for each gateway in the rate-limiting gateway cluster according to the total quota bandwidth of the target service; wherein, the initial quota bandwidth is equal to the target The ratio of the total bandwidth of the business quota to the total number of gateways in the rate-limiting gateway cluster.

A device for limiting network traffic, wherein the gateway is set at a gateway, the gateway is configured to be able to receive a request message for a target service and/or send a response message sent by the target service, and the gateway is based on stored The quota bandwidth limits the rate of the target service traffic, and the device includes:

The generating module is set to generate a traffic alarm when it is detected that the real-time bandwidth of the target service exceeds a predetermined proportion of the current quota bandwidth;

A sending module, configured to send the traffic alarm to a central control device that is in communication with the gateway;

The second receiving module is configured to receive the updated quota bandwidth returned by the central control device, and limit the rate of the target service traffic according to the updated quota bandwidth.

The device according to claim 22, wherein the gateway is further configured to:

The device according to claim 22, wherein the device further comprises: a return module configured to send the request information for the real-time bandwidth of the target service to the central control device if it receives the request information for the real-time bandwidth of the target service sent by the central control device Returns the real-time bandwidth of the target service.

A central control device, comprising a processor and a memory, the memory stores machine executable instructions that can be executed by the processor, and the processor executes the machine executable instructions to implement claims 1 to 9 Any one of the methods for limiting the rate of network traffic.

A gateway, comprising a processor and a memory, the memory stores machine executable instructions that can be executed by the processor, and the processor executes the machine executable instructions to implement any one of claims 10 to 12 The method of limiting the rate of network traffic described in the item.

A computer-readable storage medium, wherein a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the method steps according to any one of claims 1-12 are realized.

An executable program code, the executable program code being set to be executed to execute the method steps of any one of claims 1-12.