本申请要求于2020年4月29日提交中国专利局、申请号为202010354728.X,发明名称为“基于虚拟私有云的网关节点的配置方法、装置和介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on April 29, 2020, the application number is 202010354728.X, and the invention title is "Virtual Private Cloud-based Gateway Node Configuration Method, Device and Medium". The entire content is incorporated into this application by reference.
本申请涉及云技术领域,尤其涉及一种基于虚拟私有云的网关节点的配置方法、装置、终端和计算机可读存储介质。This application relates to the field of cloud technology, and in particular to a method, device, terminal, and computer-readable storage medium for configuring a gateway node based on a virtual private cloud.
虚拟私有云(VPC:Virtual Private Cloud)内,客户机使用的都是内部IP,当客户机需要访问外部网络时,需要通过NAT(networkaddress translation,网络地址转换)网关才能实现外部网络的访问。如果VPC网络对外提供服务比如作为WEB网站,通常使用负载均衡(网关集群)到VPC内部真实服务器上。它能够为VPC的用户提供高性能的 Internet 访问服务。通过 NAT 网关,VPC内的资源可以更加安全的访问Internet。In a virtual private cloud (VPC: Virtual Private Cloud), all clients use internal IP. When a client needs to access an external network, it needs to pass through NAT (networkAddress translation, network address translation) gateways can achieve access to external networks. If the VPC network provides external services, such as a WEB website, it usually uses load balancing (gateway cluster) to the real servers inside the VPC. It can provide high-performance Internet access services for VPC users. Through the NAT gateway, resources in the VPC can access the Internet more securely.
具体实现中,通过报文中的目标地址和端口,并且根据负载均衡设备设置的服务器选择方式,决定最终选择的内部服务器。但是,发明人意识到,如果某个服务器(即网关)宕机,那么该机器上的Session(会话控制)就会消失,用户请求切换到其他机器后因为没有Session而无法完成转发,造成用户业务中断或重连。In specific implementation, the final selected internal server is determined based on the target address and port in the message, and according to the server selection method set by the load balancing device. However, the inventor realized that if a server (ie, a gateway) goes down, the Session (session control) on the machine will disappear. After the user requests to switch to another machine, the forwarding cannot be completed because there is no Session, resulting in user services. Interrupt or reconnect.
基于此,有必要针对上述问题,提出了一种基于虚拟私有云的网关节点的配置方法、装置、终端和计算机可读存储介质。Based on this, it is necessary to address the above problems and propose a method, device, terminal, and computer-readable storage medium for configuring a gateway node based on a virtual private cloud.
一种基于虚拟私有云的网关节点的配置方法,基于包含有多个网关节点的网关集群;所述虚拟私有云包括多个VPC网络,其中,每个网关节点服务于一组VPC网络,每组VPC网络包括至少一个VPC网络;所述方法包括:通过预设的资源配置算法,确定与每一个VPC网络对应的目标网关节点,其中,每一个VPC网络对应的目标网关节点包括与该VPC网络对应的一个主网关节点和至少一个备份网关节点;分别确定每个VPC网络的主网关节点和至少一个备份网关节点对应的路由优先级;针对每一个VPC网络,基于与该VPC网络对应的一个主网关节点和至少一个备份网关节点、并根据所述路由优先级为该VPC网络内的用户提供网络访问服务;其中,每一个VPC网络对应的主网关节点实时将网络访问服务的资源数据同步至与该VPC网络对应的至少一个备份网关节点。A method for configuring a gateway node based on a virtual private cloud is based on a gateway cluster containing multiple gateway nodes; the virtual private cloud includes multiple VPC networks, wherein each gateway node serves a group of VPC networks, and each group The VPC network includes at least one VPC network; the method includes: determining a target gateway node corresponding to each VPC network through a preset resource configuration algorithm, wherein the target gateway node corresponding to each VPC network includes the target gateway node corresponding to the VPC network One main gateway node and at least one backup gateway node of each VPC network; respectively determine the routing priority corresponding to the main gateway node and at least one backup gateway node of each VPC network; for each VPC network, based on a main gateway corresponding to the VPC network Nodes and at least one backup gateway node, and provide network access services for users in the VPC network according to the routing priority; wherein, the main gateway node corresponding to each VPC network synchronizes the resource data of the network access service to the VPC network in real time. At least one backup gateway node corresponding to the VPC network.
一种基于虚拟私有云的网关节点的配置装置,基于包含有多个网关节点的网关集群;所述虚拟私有云包括多个VPC网络,其中,每个网关节点服务于一组VPC网络,每组VPC网络包括至少一个VPC网络;所述装置包括:资源配置单元,用于通过预设的资源配置算法,确定与每一个VPC网络对应的目标网关节点,其中,每一个VPC网络对应的目标网关节点包括与该VPC网络对应的一个主网关节点和至少一个备份网关节点;路由优先级确定模块,用于分别确定每个VPC网络的主网关节点和至少一个备份网关节点对应的路由优先级;网络访问模块,用于针对每一个VPC网络,基于与该VPC网络对应的一个主网关节点和至少一个备份网关节点、并根据所述路由优先级为该VPC网络内的用户提供网络访问服务;数据同步模块,用于实时将每一个VPC网络对应的主网关节点的网络访问服务的资源数据同步至与该VPC网络对应的至少一个备份网关节点。A virtual private cloud-based configuration device for gateway nodes is based on a gateway cluster containing multiple gateway nodes; the virtual private cloud includes multiple VPC networks, wherein each gateway node serves a group of VPC networks, and each group The VPC network includes at least one VPC network; the device includes: a resource configuration unit, configured to determine a target gateway node corresponding to each VPC network through a preset resource configuration algorithm, where each VPC network corresponds to a target gateway node It includes a main gateway node and at least one backup gateway node corresponding to the VPC network; a routing priority determination module for separately determining the routing priority corresponding to the main gateway node and at least one backup gateway node of each VPC network; network access Module, for each VPC network, based on a main gateway node and at least one backup gateway node corresponding to the VPC network, and provide network access services for users in the VPC network according to the routing priority; data synchronization module , Used to synchronize the resource data of the network access service of the main gateway node corresponding to each VPC network to at least one backup gateway node corresponding to the VPC network in real time.
一种终端,包括存储器和处理器,所述存储器存储有计算机程序,所述计算机程序被所述处理器执行时,使得所述处理器执行如下步骤:通过预设的资源配置算法,确定与每一个VPC网络对应的目标网关节点,其中,每一个VPC网络对应的目标网关节点包括与该VPC网络对应的一个主网关节点和至少一个备份网关节点;分别确定每个VPC网络的主网关节点和至少一个备份网关节点对应的路由优先级;针对每一个VPC网络,基于与该VPC网络对应的一个主网关节点和至少一个备份网关节点、并根据所述路由优先级为该VPC网络内的用户提供网络访问服务;其中,每一个VPC网络对应的主网关节点实时将网络访问服务的资源数据同步至与该VPC网络对应的至少一个备份网关节点。A terminal includes a memory and a processor, and the memory stores a computer program. When the computer program is executed by the processor, the processor executes the following steps: determining the relationship between each and every A target gateway node corresponding to a VPC network, where the target gateway node corresponding to each VPC network includes a main gateway node and at least one backup gateway node corresponding to the VPC network; the main gateway node and at least one backup gateway node of each VPC network are respectively determined A routing priority corresponding to a backup gateway node; for each VPC network, a network is provided for users in the VPC network based on a primary gateway node and at least one backup gateway node corresponding to the VPC network, and according to the routing priority Access service; wherein the main gateway node corresponding to each VPC network synchronizes the resource data of the network access service to at least one backup gateway node corresponding to the VPC network in real time.
一种可读存储介质,存储有计算机程序,所述计算机程序被处理器执行时,使得所述处理器执行如下步骤:通过预设的资源配置算法,确定与每一个VPC网络对应的目标网关节点,其中,每一个VPC网络对应的目标网关节点包括与该VPC网络对应的一个主网关节点和至少一个备份网关节点;分别确定每个VPC网络的主网关节点和至少一个备份网关节点对应的路由优先级;针对每一个VPC网络,基于与该VPC网络对应的一个主网关节点和至少一个备份网关节点、并根据所述路由优先级为该VPC网络内的用户提供网络访问服务;其中,每一个VPC网络对应的主网关节点实时将网络访问服务的资源数据同步至与该VPC网络对应的至少一个备份网关节点。A readable storage medium storing a computer program. When the computer program is executed by a processor, the processor executes the following steps: determining the target gateway node corresponding to each VPC network through a preset resource allocation algorithm , Wherein the target gateway node corresponding to each VPC network includes a main gateway node and at least one backup gateway node corresponding to the VPC network; respectively determine the main gateway node of each VPC network and at least one backup gateway node corresponding to the route priority Level; for each VPC network, based on a primary gateway node and at least one backup gateway node corresponding to the VPC network, and provide network access services for users in the VPC network according to the routing priority; wherein, each VPC The main gateway node corresponding to the network synchronizes the resource data of the network access service to at least one backup gateway node corresponding to the VPC network in real time.
采用本申请,使得在一个网关节点出现故障的情况下,该网关节点上的业务并不会消失,可以切换至其他备份有业务数据的网关节点,使得用户业务不中断,从而提升业务的稳定性,提升用户体验。With this application, when a gateway node fails, the service on the gateway node will not disappear, and it can be switched to other gateway nodes backed up with service data, so that the user's service is not interrupted, thereby improving the stability of the service , Improve user experience.
图1为本申请的一个实施例中一种基于虚拟私有云的网关节点的配置方法的流程示意图。FIG. 1 is a schematic flowchart of a method for configuring a gateway node based on a virtual private cloud in an embodiment of the application.
图2为本申请的一个实施例中网关节点与VPC网络之间的路由关系示意图。Figure 2 is a schematic diagram of the routing relationship between the gateway node and the VPC network in an embodiment of the application.
图3为本申请的一个实施例中多个网关节点之间进行业务数据同步的流程示意图。FIG. 3 is a schematic diagram of a flow of synchronization of service data between multiple gateway nodes in an embodiment of the application.
图4为本申请的一个实施例中网关节点与VPC网络之间的路由关系示意图。FIG. 4 is a schematic diagram of the routing relationship between the gateway node and the VPC network in an embodiment of the application.
图5为本申请的一个实施例中网关节点与VPC网络之间的路由关系示意图。FIG. 5 is a schematic diagram of the routing relationship between the gateway node and the VPC network in an embodiment of the application.
图6为本申请的一个实施例中网关节点与VPC网络之间的路由关系示意图。FIG. 6 is a schematic diagram of the routing relationship between the gateway node and the VPC network in an embodiment of the application.
图7为本申请的一个实施例中多个网关节点之间进行业务数据恢复的流程示意图。FIG. 7 is a schematic diagram of the process of restoring service data among multiple gateway nodes in an embodiment of the application.
图8为本申请的一个实施例中一种基于虚拟私有云的网关节点的配置装置的结构示意图。Fig. 8 is a schematic structural diagram of a device for configuring a gateway node based on a virtual private cloud in an embodiment of the application.
图9为本申请的一个实施例中一种基于虚拟私有云的网关节点的配置装置的结构示意图。Fig. 9 is a schematic structural diagram of a device for configuring a gateway node based on a virtual private cloud in an embodiment of the application.
图10为本申请的一个实施例的运行上述基于虚拟私有云的网关节点的配置方法的计算机设备的结构示意图。FIG. 10 is a schematic structural diagram of a computer device running the above-mentioned method for configuring a gateway node based on a virtual private cloud according to an embodiment of the application.
图11为本申请提供的可读存储介质的一实施例的结构示意图。FIG. 11 is a schematic structural diagram of an embodiment of a readable storage medium provided by this application.
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行描述。The technical solutions in the embodiments of the present application will be described below in conjunction with the drawings in the embodiments of the present application.
本申请的技术方案可应用于大数据技术领域,涉及的数据或资源可存储于数据库或数据库集群中,如存储于服务器集群中,本申请不做限定。The technical solution of the present application can be applied to the field of big data technology, and the involved data or resources can be stored in a database or a database cluster, such as stored in a server cluster, which is not limited in this application.
在本实施例中,为了解决上述虚拟私有云的客户访问外部网络过程中因为网关节点故障造成的业务数据中断或重连的问题,提出了一种基于虚拟私有云的网关节点的配置方法。In this embodiment, in order to solve the problem of service data interruption or reconnection caused by the failure of the gateway node when the virtual private cloud client accesses the external network, a method for configuring the gateway node based on the virtual private cloud is proposed.
需要说明的是,在本实施例中,上述基于虚拟私有云的网关节点的配置方法,是基于包含有多个网关节点的网关集群。其中,每一个网关节点为网关集群中的一个节点服务器,为内部服务器。进一步的,在虚拟私有云中,需要使用负载均衡到内部服务器中(即网关集群中的网关节点,为内部真实的服务器),外部网络访问时通过外部的路由设备访问内部服务器中的资源。It should be noted that, in this embodiment, the above-mentioned method for configuring a gateway node based on a virtual private cloud is based on a gateway cluster containing multiple gateway nodes. Among them, each gateway node is a node server in the gateway cluster, which is an internal server. Further, in a virtual private cloud, load balancing is required to be used in internal servers (that is, gateway nodes in a gateway cluster, which are internal real servers), and external network access is made to access resources in internal servers through external routing devices.
在本实施例中,上述基于虚拟私有云的网关节点的配置方法所基于的虚拟私有云包括多个VPC网络,多个VPC网络依托于网关集群中的多个网关节点提供外部网络访问服务。每个网关节点服务于一组VPC网络,每组VPC网络包括至少一个VPC网络。In this embodiment, the virtual private cloud on which the above virtual private cloud-based gateway node configuration method is based includes multiple VPC networks, and the multiple VPC networks rely on multiple gateway nodes in the gateway cluster to provide external network access services. Each gateway node serves a group of VPC networks, and each group of VPC networks includes at least one VPC network.
在本实施例中,为了避免在外部网络访问过程中因为网关节点故障造成的业务中断的情况,针对每一个VPC网络,除了提供一个网关节点之外,还需要提供对应的备份网关节点,以在网关节点故障的情况下,能为相应的VPC网络内的用户提供服务,避免造成相应的业务中断。In this embodiment, in order to avoid service interruption caused by gateway node failure during external network access, for each VPC network, in addition to providing a gateway node, it is also necessary to provide a corresponding backup gateway node to In the case of a gateway node failure, it can provide services to users in the corresponding VPC network, avoiding corresponding business interruption.
请参阅图1,图1是本申请提供的基于虚拟私有云的网关节点的配置方法的一个实施例的流程示意图。Please refer to FIG. 1. FIG. 1 is a schematic flowchart of an embodiment of a method for configuring a gateway node based on a virtual private cloud provided by the present application.
具体的,如图1所示,本申请提供的基于虚拟私有云的网关节点的配置方法包括步骤S102-S108。Specifically, as shown in FIG. 1, the method for configuring a gateway node based on a virtual private cloud provided by the present application includes steps S102-S108.
步骤S102:通过预设的资源配置算法,确定与每一个VPC网络对应的目标网关节点,其中,每一个VPC网络对应的目标网关节点包括与该VPC网络对应的一个主网关节点和至少一个备份网关节点。Step S102: Determine the target gateway node corresponding to each VPC network through a preset resource configuration algorithm, where the target gateway node corresponding to each VPC network includes a main gateway node and at least one backup gateway corresponding to the VPC network node.
在本实施例中,为VPC网络分配对应的网关节点的实现,是按照资源配置算法进行的,例如,按照哈希算法确定与每一个网关节点服务的VPC网络,从而使得每个网关节点服务的VPC网络之间是均衡的。In this embodiment, the implementation of assigning the corresponding gateway node to the VPC network is performed according to the resource configuration algorithm, for example, the VPC network served by each gateway node is determined according to the hash algorithm, so that each gateway node serves VPC networks are balanced.
在一个具体的实施例中,可以是通过四层负载均衡组件(L4-LB)实现,通过报文中的目标地址和端口,再通过负载均衡设备设置的服务器选择方式,确定VPC网络中的用户在进行外部网络访问的过程中的内部服务器(即网关节点)。In a specific embodiment, it can be implemented by a four-layer load balancing component (L4-LB). Through the target address and port in the message, and then through the server selection method set by the load balancing device, the user in the VPC network is determined The internal server (that is, the gateway node) in the process of external network access.
在本实施例中,一个网关节点可以服务多个VPC网络,例如,一个网关阶段服务一组VPC网络,而一组VPC网络中包括多个VPC网络。而每一个VPC网络对应的网关节点不止一个,包括了一个主网关节点和至少一个备份网关节点。In this embodiment, one gateway node can serve multiple VPC networks. For example, one gateway stage serves a group of VPC networks, and a group of VPC networks includes multiple VPC networks. Each VPC network corresponds to more than one gateway node, including a main gateway node and at least one backup gateway node.
具体实施例中,每个VPC网络均对应一个VPC ID,在确定与每一个VPC网络对应的目标网关节点的过程中,为每个网关节点配置服务的VPC ID的范围。In a specific embodiment, each VPC network corresponds to a VPC ID. In the process of determining the target gateway node corresponding to each VPC network, the range of the service VPC ID is configured for each gateway node.
在一个具体的实施例中,每个VPC网络配置2个目标网关节点,其中,2个目标网关节点中,包括了1个主网关节点,1备份网关节点。在其它实施例中,每个VPC网络还可以配置1+N个目标网关节点,其中1+N个目标网关节点中,包括了1个主网关节点和N个备份网关节点,其中N为大于1的正整数。In a specific embodiment, each VPC network is configured with two target gateway nodes. Among the two target gateway nodes, one main gateway node and one backup gateway node are included. In other embodiments, each VPC network can also be configured with 1+N target gateway nodes, where 1+N target gateway nodes include 1 primary gateway node and N backup gateway nodes, where N is greater than 1. Is a positive integer.
在本实施例中,每个VPC网路配备多个网关节点是为了在某个网关节点故障的情况下,能由其他网关节点进行代替,以保证不中断。所,在本实施例中,为了确定网关节点的服务,还需要确定每一个网关节点对应的路由优先级。In this embodiment, each VPC network is equipped with multiple gateway nodes so that when a certain gateway node fails, it can be replaced by other gateway nodes to ensure uninterrupted. Therefore, in this embodiment, in order to determine the service of the gateway node, it is also necessary to determine the routing priority corresponding to each gateway node.
步骤S104:分别确定每个VPC网络的主网关节点和至少一个备份网关节点对应的路由优先级。Step S104: Determine the routing priorities corresponding to the main gateway node and at least one backup gateway node of each VPC network respectively.
在本实施例中,VPC网络对应的多个网关节点之间的优先级不同,在确定VPC网络内,访问外部网络的路由都指向当前VPC网络对应的其中一个网关节点,该网关节点的确定是根据网关节点的路由优先级确定的。且主网关节点的路由优先级高于备份网关节点的路由优先级。根据路由优先级在可用的网关节点中确定当前VPC网络中访问外部网络的路由路径是通过哪一个网关节点。In this embodiment, the priorities of multiple gateway nodes corresponding to the VPC network are different. In determining the VPC network, the route to the external network points to one of the gateway nodes corresponding to the current VPC network. The determination of the gateway node is Determined according to the routing priority of the gateway node. And the routing priority of the main gateway node is higher than the routing priority of the backup gateway node. According to the routing priority, determine which gateway node passes through the routing path in the current VPC network to access the external network among the available gateway nodes.
在一个具体的实施例中在,在VPC网络对应的网关节点为2个(一个主网关节点,一个备选网关节点)的情况下,路由优先级为2级。在VPC网络对应的网关节点为1+N个(1个主网关节点,N个备选网关节点)的情况下,路由优先级为2个(N个备选网关节点的路由优先级相同)或者1+N个(N个备用网关节点的理由优先级均不同)。In a specific embodiment, when there are two gateway nodes (one main gateway node and one candidate gateway node) corresponding to the VPC network, the routing priority is level 2. In the case of 1+N gateway nodes corresponding to the VPC network (1 main gateway node, N candidate gateway nodes), the routing priority is 2 (N candidate gateway nodes have the same routing priority) or 1+N (the reason and priority of N backup gateway nodes are all different).
以每个VPC网络配置两个网关节点为例(一个主网关节点,一个备选网关节点),在外部网络侧,每个网关节点需要发布两优先级路由,或者在出口路由器上静态配置两优先级路由。其中,对一个VPC网络二者,主网关节点发布的路由占高优先级。Take the configuration of two gateway nodes in each VPC network as an example (one main gateway node and one alternative gateway node). On the external network side, each gateway node needs to advertise two-priority routes, or statically configure two-priority routes on the egress router. Level routing. Among them, for both of a VPC network, the route advertised by the master gateway node has a high priority.
比如:假设VPC网络1(VPC网络对应的VPC ID为VPC0001)对应的主网关节点为GW-1,备选主网关节点为GW-3,VPC网络2(VPC网络对应的VPC ID为VPC2001)对应的主网关节点为GW-3,备选网关节点为GW-1。那么主网关节点GW-1和主网关节点GW-3的路由优先级设置如下:在主网关节点GW-1上,BGP: VPC0001_VIP/32 Priority N+1,BGP: VPC0001_NAT/32Priority N+1,...,BGP: VPC2001_VIP/32 Priority N,BGP: VPC2001_NAT/32 Priority N,…,在GW-3上,BGP: VPC0001_VIP/32Priority N,BGP: VPC0001_NAT/32 Priority N,...,BGP: VPC2001_VIP/32 Priority N+1,BGP:VPC2001_NAT/32 Priority N+1。For example: suppose that the main gateway node corresponding to VPC network 1 (VPC ID corresponding to VPC network is VPC0001) is GW-1, the alternative main gateway node is GW-3, and VPC network 2 (VPC ID corresponding to VPC network is VPC2001) corresponds to The main gateway node of is GW-3, and the alternative gateway node is GW-1. Then the routing priorities of the main gateway node GW-1 and the main gateway node GW-3 are set as follows: On the main gateway node GW-1, BGP: VPC0001_VIP/32 Priority N+1, BGP: VPC0001_NAT/32Priority N+1,...,BGP: VPC2001_VIP/32 Priority N,BGP: VPC2001_NAT/32 Priority N,..., on GW-3, BGP: VPC0001_VIP/32Priority N,BGP: VPC0001_NAT/32 Priority N,...,BGP: VPC2001_VIP/32 Priority N+1,BGP:VPC2001_NAT/32 Priority N+1.
其中,BGP表示边界网关协议,NAT表示访问外部网络时使用的路由,VIP表示外部网络访问时使用的网关路由。Among them, BGP stands for Border Gateway Protocol, NAT stands for routes used when accessing external networks, and VIP stands for gateway routes used when accessing external networks.
在VPC0001内,所有访问外部网络的路由都指向VPC内缺省网关VPC0001_GW,所有访问缺省网关的报文都被封入overlay tunnel, tunnel 的远端endpoint表示为vpc0001_overlay_tunnel_endpoint,是GW-1/GW-3内的浮动IP。其中,缺省网关通常是指每台主机上的一个配置参数,参数值为接在同一个网络上的某个路由器端口的IP地址,即默认网关节点。In VPC0001, all routes to the external network point to the default gateway VPC0001_GW in the VPC, and all packets to the default gateway are enclosed in the overlay tunnel. The remote endpoint of the tunnel is represented as vpc0001_overlay_tunnel_endpoint, which is GW-1/GW-3 Floating IP within. Among them, the default gateway usually refers to a configuration parameter on each host, and the parameter value is the IP address of a router port connected to the same network, that is, the default gateway node.
VPC0001的underlay网络上增加两个优先级的路由。GW1_IP是GW1在VPC underlay 网络侧的业务网络接口地址。Two priority routes are added to the underlay network of VPC0001. GW1_IP is the service network interface address of GW1 on the VPC underlay network side.
以VPC0001为例:VPC0001: vpc0001_overlay_tunnel_endpoint next hopGW1_IP priority high,VPC0001: vpc0001_overlay_tunnel_endpointnext hop GW3_IP priority low。Take VPC0001 as an example: VPC0001: vpc0001_overlay_tunnel_endpoint next hopGW1_IP priority high, VPC0001: vpc0001_overlay_tunnel_endpointnext hop GW3_IP priority low.
具体可如图2所示。图2给出了网关集群中包含GW-1、GW-2、GW-3、GW-4这4个网关节点的情况下,以GW-1、GW-3之间互为备份网关节点为例的情况下,网关节点与VPC网络以及外部路由之间的路由关系的示意图。The details can be shown in Figure 2. Figure 2 shows the case where the gateway cluster contains four gateway nodes: GW-1, GW-2, GW-3, and GW-4, taking GW-1 and GW-3 as backup gateway nodes for each other as an example Schematic diagram of the routing relationship between the gateway node and the VPC network and external routes.
步骤S106:针对每一个VPC网络,基于与该VPC网络对应的一个主网关节点和至少一个备份网关节点、并根据所述路由优先级为该VPC网络内的用户提供网络访问服务。Step S106: For each VPC network, provide network access services for users in the VPC network based on a primary gateway node and at least one backup gateway node corresponding to the VPC network, and according to the routing priority.
VPC网络内访问外部网络资源时,只需要通过与该VPC网络对应的一个网关节点即可。在一般情况下,是通过主网关节点提供网络访问服务。但是,在主网关节点存在故障的情况下,通过备份网关节点外该VPC网络内提供网络访问服务。When accessing external network resources in the VPC network, only one gateway node corresponding to the VPC network is required. In general, the network access service is provided through the main gateway node. However, in the case of a failure of the main gateway node, the network access service is provided in the VPC network outside the backup gateway node.
具体的,针对每一个VPC网络:根据所述路由优先级在该VPC网络对应的一个主网关节点和至少一个备份网关节点中,确定路由优先级最高的网关节点作为服务网关节点;通过所述服务网关节点为VPC网络内的用户提供网络访问服务。如果路由优先级最高的网关节点存在故障,则从其他网关节点中选择服务网关节点。Specifically, for each VPC network: determine the gateway node with the highest routing priority as the serving gateway node among a primary gateway node and at least one backup gateway node corresponding to the VPC network according to the routing priority; The gateway node provides network access services for users in the VPC network. If the gateway node with the highest routing priority is faulty, the serving gateway node is selected from other gateway nodes.
即,在确定路由优先级最高的网关节点之后,判断确定的路由优先级最高的网关节点是否存在故障;若是,则则根据所述路由优先级,在所述一个主网关节点和至少一个备份网关节点中选择除该确定的路由优先级最高的网关节点之后,从其它网关节点中,确定服务网关节点。That is, after the gateway node with the highest routing priority is determined, it is determined whether the gateway node with the highest routing priority is determined to be faulty; After the nodes select the gateway node with the highest priority except for the determined route, determine the serving gateway node from the other gateway nodes.
步骤S108:每一个VPC网络对应的主网关节点实时将网络访问服务的资源数据同步至与该VPC网络对应的至少一个备份网关节点。Step S108: The main gateway node corresponding to each VPC network synchronizes the resource data of the network access service to at least one backup gateway node corresponding to the VPC network in real time.
在本实施例中,为了保证在某一个网关节点宕机或故障的情况业务不中断,网关节点需要网络访问服务对应的资源数据同步至其他的网关节点。具体实施例中,一般由主网关节点提供网络访问服务,在这个过程中,主网关节点需要将网络访问服务的资源数据同步至同一个VPC网络对应的其它备份网关节点,以使得其它备份网关节点在主网关节点宕机或故障的情况下能接替主网关节点提供网络访问服务。In this embodiment, in order to ensure that services are not interrupted when a certain gateway node is down or fails, the gateway node needs to synchronize resource data corresponding to the network access service to other gateway nodes. In specific embodiments, the main gateway node generally provides network access services. In this process, the main gateway node needs to synchronize the resource data of the network access service to other backup gateway nodes corresponding to the same VPC network, so that other backup gateway nodes When the main gateway node is down or fails, it can replace the main gateway node to provide network access services.
需要说明的是,为了保证业务不中断,在本实施例中,资源数据的同步是实时的,从而保证多个目标网关节点中的资源数据是同步的,在一个网关节点宕机或故障的情况下,其它网关节点能接替提供服务,以保证业务不会被中断。It should be noted that, in order to ensure uninterrupted business, in this embodiment, the synchronization of resource data is real-time, so as to ensure that the resource data in multiple target gateway nodes are synchronized, in the event that one gateway node is down or fails Down, other gateway nodes can take over to provide services to ensure that the business will not be interrupted.
进一步的,上述网关节点进行同步的网络访问服务的资源数据即为session对象的同步。其中,session指会话控制,Session 对象存储了特定用户会话所需的属性及配置信息。Further, the resource data of the network access service synchronized by the gateway node is the synchronization of the session object. Among them, session refers to session control, and the Session object stores the attributes and configuration information required for a specific user session.
Session对象的同步的过程可如图3所示。其中,在网关节点GW-1收到来自于外部网络的报文之后,创建对应的session对象,然后将session对象转发至需要进行备份的备份网关节点GW-3。其中,备份网关节点GW-3的确定是通过网关集群的资源分配确定的。The synchronization process of the Session object can be shown in Figure 3. Among them, after the gateway node GW-1 receives the message from the external network, it creates a corresponding session object, and then forwards the session object to the backup gateway node GW-3 that needs to be backed up. Among them, the determination of the backup gateway node GW-3 is determined by the resource allocation of the gateway cluster.
采用上述基于虚拟私有云的网关节点的配置方法之后,基于包括多个网关节点的网关集群为VPC网络提供服务时,针对每一个VPC网络,配置一个主网关节点和至少一个备份网关节点,并且为对应的网关节点配置路由优先级,然后在通过网关节点为VPC网络提供服务时,通过路由优先级确定当前提供服务的网关节点,例如主网关节点,并实时将业务数据实时同步至其他备份网关节点,使得在一个网关节点出现故障的情况下,该网关节点上的业务并不会消失,可以切换至其他备份有业务数据的网关节点,使得用户业务不中断,从而提升业务的稳定性,提升用户体验。After adopting the above-mentioned configuration method of gateway nodes based on virtual private cloud, when serving a VPC network based on a gateway cluster including multiple gateway nodes, for each VPC network, configure one main gateway node and at least one backup gateway node, and The corresponding gateway node is configured with routing priority, and then when the gateway node provides services to the VPC network, the routing priority is used to determine the current gateway node providing services, such as the main gateway node, and real-time real-time synchronization of business data to other backup gateway nodes , So that when a gateway node fails, the service on the gateway node will not disappear, and it can be switched to other gateway nodes backed up with service data, so that user services are not interrupted, thereby improving service stability and users Experience.
进一步的,在本实施例中,在上述基于虚拟私有云的网关节点的配置方法中,还包括:针对每一个网关节点,通过underlay网络构建该网关节点与underlay网络的路由器之间的内部BFD会话链接,构建网关节点与所述外部路由器之间的外部BFD会话链接。Further, in this embodiment, in the above-mentioned virtual private cloud-based gateway node configuration method, it further includes: for each gateway node, constructing an internal BFD session between the gateway node and the router of the underlay network through the underlay network Link to construct an external BFD session link between the gateway node and the external router.
在内部网络侧,网关节点通过和underlay网络的路由器建立BFD会话链接;在外部网络侧,网关节点和外部路由器建立BFD会话链接。其中,BFD会话链接为用于检测两个转发点之间故障的网络协议,通过BFD会话链接可以检测网关节点对应的用户业务是否中断。具体如图4所示,网关节点GW-1与underlay网络的路由器建立BFD会话链接,并且与外部路由器之间的BFD会话链接;在这两个BFD会话链接连通的情况下,网关节点GW-1是正常工作的,可以为VPC网络内提供网络访问服务。On the internal network side, the gateway node establishes a BFD session link with the router of the underlay network; on the external network side, the gateway node establishes a BFD session link with the external router. Among them, the BFD session link is a network protocol used to detect failures between two forwarding points. Through the BFD session link, it is possible to detect whether the user service corresponding to the gateway node is interrupted. Specifically, as shown in Figure 4, the gateway node GW-1 establishes a BFD session link with the router of the underlay network, and the BFD session link with the external router; when the two BFD session links are connected, the gateway node GW-1 It works normally and can provide network access services in the VPC network.
在本实施例中,针对每一个网关节点,通过检测该网关节点对应的内部BFD会话链接和外部BFD会话链接中的一个是否断开或者是否同时断开,就可以检测该网关节点是否发生故障。具体的,检测到内部BFD会话链接和/或外部BFD会话链接断开的情况下,确定该网关节点发生故障。如果一个网关节点发生故障,该网关节点服务的VPC网络的用户业务会中断,需要转到该VPC网络对应的其它网关节点继续为用户业务提供服务,以保证用户业务不中断。也就是说,采用underlay交换节点对BFD会话链接进行检测,在检测到BFD会话链接断开的情况下,进行路由的切换(即网关节点的切换),相对于传统技术中采用网关节点之间互相检测BFD会话链接是否断开的情况,通过借助外部设备(即underlay交换节点)来检测,简化了网关集群的部署。In this embodiment, for each gateway node, by detecting whether one of the internal BFD session link and the external BFD session link corresponding to the gateway node is disconnected or disconnected at the same time, it is possible to detect whether the gateway node fails. Specifically, when it is detected that the internal BFD session link and/or the external BFD session link is disconnected, it is determined that the gateway node is faulty. If a gateway node fails, the user services of the VPC network served by the gateway node will be interrupted, and it needs to be transferred to other gateway nodes corresponding to the VPC network to continue to provide services for user services to ensure that user services are not interrupted. That is to say, the underlay switching node is used to detect the BFD session link, and in the case of detecting that the BFD session link is disconnected, the route switch (ie, the switch of the gateway node) is performed. Compared with the traditional technology, the gateway node is used to communicate with each other. Detect whether the BFD session link is disconnected, and detect with the help of external devices (ie, underlay switching nodes), which simplifies the deployment of gateway clusters.
具体的,在网关节点发生故障的情况下,对于该发生故障的网关节点服务的一个或多个VPC网络,如果出现故障的主网关节点,则确定与该VPC网络对应的至少一个备份网关节点,通过确定的备份网关节点为该VPC网络内的用户提供网络访问服务。Specifically, in the case of a failure of a gateway node, for one or more VPC networks served by the failed gateway node, if a failed main gateway node occurs, at least one backup gateway node corresponding to the VPC network is determined, Provide network access services for users in the VPC network through the determined backup gateway node.
如图5所示,在单网关节点故障时,比如网关节点GW-1故障,两侧的交换节点会检测到BFD会话链接中断,从而VPC网络(VPC0001)的数据流会经过网关节点GW-3。因为之前已经将VPC网络(VPC0001)对应的session对象对应的数据实时同步至网关节点GW-3,网关节点GW-3可以继续为VPC网络(VPC0001)提供服务。反之,如果没有事先进行Session对象的同步,则用户业务会中断或重连;如果有进行Session对象的同步,用户业务只会有短暂丢包。As shown in Figure 5, when a single gateway node fails, for example, the gateway node GW-1 fails, the switching nodes on both sides will detect that the BFD session link is interrupted, and the data flow of the VPC network (VPC0001) will pass through the gateway node GW-3. . Because the data corresponding to the session object corresponding to the VPC network (VPC0001) has been synchronized to the gateway node GW-3 in real time, the gateway node GW-3 can continue to provide services for the VPC network (VPC0001). Conversely, if the Session object is not synchronized in advance, the user service will be interrupted or reconnected; if the Session object is synchronized, the user service will only experience short-term packet loss.
同理,如果网关节点GW-3出现故障,VPC网络-VPC2001-3000 的业务流可以通过路由自动切换到网关节点GW-1。Similarly, if the gateway node GW-3 fails, the service flow of the VPC network-VPC2001-3000 can be automatically switched to the gateway node GW-1 through routing.
进一步的,为了避免网关节点的BFD会话链接单边中断,需要对同一个网关节点上的两个BFD会话链接做联动,如网关节点GW-1上VPC网络侧的BFD会话链接中断,则外部网络侧的BFD会话链接也需要主动中断,以保证网关节点GW-1的两侧BFD会话链接都可以同时工作或同时失效。Further, in order to avoid unilateral interruption of the BFD session link of the gateway node, it is necessary to coordinate the two BFD session links on the same gateway node. For example, if the BFD session link on the VPC network side of the gateway node GW-1 is interrupted, the external network The BFD session links on the two sides also need to be actively interrupted to ensure that the BFD session links on both sides of the gateway node GW-1 can work at the same time or fail at the same time.
具体可参见图6所示,在网关节点GW-1对应的外部BFD会话链接断开之后,将网关节点GW-1对应的内部BFD会话链接也断开来,以使得网关节点GW-1的两侧BFD会话链接同时失效。For details, as shown in Figure 6, after the external BFD session link corresponding to the gateway node GW-1 is disconnected, the internal BFD session link corresponding to the gateway node GW-1 is also disconnected, so that the two connections of the gateway node GW-1 The BFD session link on the side fails at the same time.
进一步的,在发生故障的网关节点从故障中恢复之后,则需要将该网关节点服务的VPC网络对应的资源数据进行恢复,并将该网关节点进行接入,以重新提供网络访问服务。Further, after the failed gateway node recovers from the failure, it is necessary to restore the resource data corresponding to the VPC network served by the gateway node, and access the gateway node to provide network access services again.
具体的,在上述确定网关节点发生故障之后,需要持续检测该网关节点是否从故障中恢复。在发生故障的网关节点从故障中恢复时,通过网关集群对该网关节点对应的资源数据进行同步;在资源数据同步完成之后,对该网关节点的路由信息进行更新,以使该网关节点可以为该网关节点服务的VPC网络内的用户提供网络访问服务。Specifically, after it is determined that the gateway node is faulty, it is necessary to continuously detect whether the gateway node has recovered from the fault. When the failed gateway node recovers from the failure, the resource data corresponding to the gateway node is synchronized through the gateway cluster; after the resource data synchronization is completed, the routing information of the gateway node is updated so that the gateway node can be Users in the VPC network served by the gateway node provide network access services.
具体实施中,以发生故障的网关节点为GW-1为例,在网关节点GW-1从故障中恢复的情况下,如图7所示,先不可以直接接入业务;需要先启动,对网关节点GW-1进行上电处理,然后持续接收其他网关节点(例如GW-3)的Session对象同步,在Session对象同步完成之后,才对网关节点GW-1进行路由更新,以导入业务报文,使得网关节点GW-1继续提供服务。In specific implementation, taking the failed gateway node as GW-1 as an example, when the gateway node GW-1 recovers from the failure, as shown in Figure 7, the service cannot be directly accessed at first; it needs to be started first. The gateway node GW-1 performs power-on processing, and then continues to receive the session object synchronization of other gateway nodes (such as GW-3). After the session object synchronization is completed, the gateway node GW-1 is routed to update to import the service message , So that the gateway node GW-1 continues to provide services.
在一个具体的实施例中,判断网关节点GW-1是否完成Session对象的同步,是根据该网关节点GW-1上的Session对象的数量是否与其他网关节点上的Session对象的数量匹配来确定的。例如,在如图7所示的应用场景中,判断网关节点GW-1上的Session对象的数量是否大于或等于网关节点GW-3上的Session对象的数量的90%。In a specific embodiment, determining whether the gateway node GW-1 completes the synchronization of the Session object is determined based on whether the number of Session objects on the gateway node GW-1 matches the number of Session objects on other gateway nodes. . For example, in the application scenario shown in FIG. 7, it is determined whether the number of Session objects on the gateway node GW-1 is greater than or equal to 90% of the number of Session objects on the gateway node GW-3.
也就是说,在本实施例中,在网关节点从故障中恢复的情况下,先对网关节点的业务数据按照资源配置进行同步,然后再更新路由以使得该网关节点对应的路由可以被选择,以实现该网关节点的业务恢复。That is to say, in this embodiment, when the gateway node recovers from the failure, the service data of the gateway node is first synchronized according to the resource configuration, and then the route is updated so that the route corresponding to the gateway node can be selected. In order to realize the service recovery of the gateway node.
在一个实施例中,如图8所示,还提出了一种基于虚拟私有云的网关节点的配置装置。具体的,上述基于虚拟私有云的网关节点的配置装置基于包含有多个网关节点的网关集群;所述虚拟私有云包括多个VPC网络,其中,每个网关节点服务于一组VPC网络,每组VPC网络包括至少一个VPC网络。进一步的,如图8所示,上述基于虚拟私有云的网关节点的配置装置包括以下单元和/或模块。In an embodiment, as shown in FIG. 8, a device for configuring a gateway node based on a virtual private cloud is also proposed. Specifically, the aforementioned virtual private cloud-based gateway node configuration device is based on a gateway cluster containing multiple gateway nodes; the virtual private cloud includes multiple VPC networks, wherein each gateway node serves a group of VPC networks, and each The group VPC network includes at least one VPC network. Further, as shown in FIG. 8, the device for configuring the gateway node based on the virtual private cloud includes the following units and/or modules.
资源配置单元102,用于通过预设的资源配置算法,确定与每一个VPC网络对应的目标网关节点,其中,每一个VPC网络对应的目标网关节点包括与该VPC网络对应的一个主网关节点和至少一个备份网关节点。The resource configuration unit 102 is configured to determine the target gateway node corresponding to each VPC network through a preset resource configuration algorithm, where the target gateway node corresponding to each VPC network includes a main gateway node corresponding to the VPC network and At least one backup gateway node.
路由优先级确定模块104,用于分别确定每个VPC网络的主网关节点和至少一个备份网关节点对应的路由优先级。The routing priority determining module 104 is configured to determine the routing priority corresponding to the main gateway node and at least one backup gateway node of each VPC network.
网络访问模块106,用于针对每一个VPC网络,基于与该VPC网络对应的一个主网关节点和至少一个备份网关节点、并根据所述路由优先级为该VPC网络内的用户提供网络访问服务。The network access module 106 is configured to, for each VPC network, provide network access services for users in the VPC network based on a primary gateway node and at least one backup gateway node corresponding to the VPC network, and according to the routing priority.
数据同步模块108,用于实时将每一个VPC网络对应的主网关节点的网络访问服务的资源数据同步至与该VPC网络对应的至少一个备份网关节点。The data synchronization module 108 is used to synchronize the resource data of the network access service of the main gateway node corresponding to each VPC network to at least one backup gateway node corresponding to the VPC network in real time.
采用上述基于虚拟私有云的网关节点的配置装置之后,基于包括多个网关节点的网关集群为VPC网络提供服务时,针对每一个VPC网络,配置一个主网关节点和至少一个备份网关节点,并且为对应的网关节点配置路由优先级,然后在通过网关节点为VPC网络提供服务时,通过路由优先级确定当前提供服务的网关节点,例如主网关节点,并实时将业务数据实时同步至其他备份网关节点,使得在一个网关节点出现故障的情况下,该网关节点上的业务并不会消失,可以切换至其他备份有业务数据的网关节点,使得用户业务不中断,从而提升业务的稳定性,提升用户体验。After using the above virtual private cloud-based gateway node configuration device, when a gateway cluster including multiple gateway nodes is used to provide services for a VPC network, for each VPC network, configure a primary gateway node and at least one backup gateway node, and The corresponding gateway node is configured with routing priority, and then when the gateway node provides services to the VPC network, the routing priority is used to determine the current gateway node providing services, such as the main gateway node, and real-time real-time synchronization of business data to other backup gateway nodes , So that when a gateway node fails, the service on the gateway node will not disappear, and it can be switched to other gateway nodes backed up with service data, so that user services are not interrupted, thereby improving service stability and users Experience.
在其中一个实施例中,所述主网关节点的路由优先级高于所述备份网关节点对应的路由优先级。In one of the embodiments, the routing priority of the primary gateway node is higher than the routing priority corresponding to the backup gateway node.
在其中一个实施例中,网络访问模块106还用于针对每一个VPC网络,根据所述路由优先级在该VPC网络对应的一个主网关节点和至少一个备份网关节点中,确定路由优先级最高的网关节点作为服务网关节点;通过所述服务网关节点为VPC网络内的用户提供网络访问服务。In one of the embodiments, the network access module 106 is further configured to determine, for each VPC network, the one with the highest routing priority among a primary gateway node and at least one backup gateway node corresponding to the VPC network according to the routing priority. The gateway node serves as a serving gateway node; the serving gateway node provides network access services for users in the VPC network.
在其中一个实施例中,网络访问模块106还用于判断所述确定的路由优先级最高的网关节点是否存在故障;则根据所述路由优先级,在所述一个主网关节点和至少一个备份网关节点中选择除所述确定的路由优先级最高的网关节点之外的其它网关节点中,确定所述服务网关节点。In one of the embodiments, the network access module 106 is also used to determine whether the determined gateway node with the highest routing priority is faulty; then according to the routing priority, the one main gateway node and the at least one backup gateway node Among the nodes, select gateway nodes other than the determined gateway node with the highest routing priority to determine the serving gateway node.
在其中一个实施例中,网络访问模块106还用于针对每一个网关节点,通过underlay网络构建该网关节点与underlay网络的路由器之间的内部BFD会话链接,构建网关节点与所述外部路由器之间的外部BFD会话链接。In one of the embodiments, the network access module 106 is also used to construct an internal BFD session link between the gateway node and the router of the underlay network through the underlay network for each gateway node, and establish a connection between the gateway node and the external router Link to the external BFD session.
在其中一个实施例中,如图9所示,上述基于虚拟私有云的网关节点的配置装置还包括BFD会话构建模块110,用于针对每一个网关节点,通过underlay网络构建该网关节点与underlay网络的路由器之间的内部BFD会话链接,构建网关节点与所述外部路由器之间的外部BFD会话链接。In one of the embodiments, as shown in FIG. 9, the above-mentioned virtual private cloud-based gateway node configuration device further includes a BFD session construction module 110, which is used for each gateway node to construct the gateway node and the underlay network through the underlay network. The internal BFD session link between the routers is constructed to construct the external BFD session link between the gateway node and the external router.
在其中一个实施例中,网络访问模块106还用于针对每一个网关节点,检测所述内部BFD会话链接和/或外部BFD会话链接是否断开;在所述内部BFD会话链接和/或外部BFD会话链接断开的情况下,确定该网关节点发生故障;针对发生故障的网关节点服务的VPC网络,确定与该VPC网络对应的至少一个目标网关节点,通过确定的目标网关节点为该VPC网络内的用户提供网络访问服务。In one of the embodiments, the network access module 106 is further configured to detect whether the internal BFD session link and/or the external BFD session link is disconnected for each gateway node; in the internal BFD session link and/or the external BFD session link When the session link is disconnected, it is determined that the gateway node is faulty; for the VPC network served by the failed gateway node, at least one target gateway node corresponding to the VPC network is determined, and the determined target gateway node is within the VPC network Of users provide network access services.
在其中一个实施例中,如图9所示,上述基于虚拟私有云的网关节点的配置装置还包括数据恢复模块112,用于在发生故障的网关节点从故障中恢复时,通过网关集群对该网关节点对应的资源数据进行同步;在资源数据同步完成之后,对该网关节点的路由信息进行更新,以使该网关节点可以为该网关节点服务的VPC网络内的用户提供网络访问服务。In one of the embodiments, as shown in FIG. 9, the above-mentioned virtual private cloud-based gateway node configuration device further includes a data recovery module 112, which is used to perform a data recovery module 112 on the gateway node that has failed to recover from the failure through the gateway cluster. The resource data corresponding to the gateway node is synchronized; after the resource data synchronization is completed, the routing information of the gateway node is updated so that the gateway node can provide network access services for users in the VPC network served by the gateway node.
图10示出了一个实施例中计算机设备的内部结构图。该计算机设备具体可以是终端,也可以是服务器。如图10所示,该计算机设备包括通过系统总线连接的处理器、存储器和网络接口。其中,存储器包括非易失性存储介质和内存储器。该计算机设备的非易失性存储介质存储有操作系统,还可存储有计算机程序,该计算机程序被处理器执行时,可使得处理器实现基于虚拟私有云的网关节点的配置方法。该内存储器中也可储存有计算机程序,该计算机程序被处理器执行时,可使得处理器执行基于虚拟私有云的网关节点的配置方法。本领域技术人员可以理解,图10中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Fig. 10 shows an internal structure diagram of a computer device in an embodiment. The computer device may specifically be a terminal or a server. As shown in FIG. 10, the computer device includes a processor, a memory, and a network interface connected through a system bus. Among them, the memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system, and may also store a computer program. When the computer program is executed by the processor, the processor can realize the configuration method of the gateway node based on the virtual private cloud. A computer program may also be stored in the internal memory, and when the computer program is executed by the processor, the processor can execute the configuration method of the gateway node based on the virtual private cloud. Those skilled in the art can understand that the structure shown in FIG. 10 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied. The specific computer device may Including more or fewer parts than shown in the figure, or combining some parts, or having a different arrangement of parts.
在一个实施例中,提出了一种智能终端,包括存储器和处理器,所述存储器存储有计算机程序,所述计算机程序被所述处理器执行时,使得所述处理器执行以下步骤:通过预设的资源配置算法,确定与每一个VPC网络对应的目标网关节点,其中,每一个VPC网络对应的目标网关节点包括与该VPC网络对应的一个主网关节点和至少一个备份网关节点;分别确定每个VPC网络的主网关节点和至少一个备份网关节点对应的路由优先级;针对每一个VPC网络,基于与该VPC网络对应的一个主网关节点和至少一个备份网关节点、并根据所述路由优先级为该VPC网络内的用户提供网络访问服务;其中,每一个VPC网络对应的主网关节点实时将网络访问服务的资源数据同步至与该VPC网络对应的至少一个备份网关节点。In one embodiment, an intelligent terminal is proposed, which includes a memory and a processor, the memory stores a computer program, and when the computer program is executed by the processor, the processor executes the following steps: Set the resource allocation algorithm to determine the target gateway node corresponding to each VPC network, where the target gateway node corresponding to each VPC network includes a main gateway node and at least one backup gateway node corresponding to the VPC network; The routing priority corresponding to the main gateway node of a VPC network and at least one backup gateway node; for each VPC network, based on one main gateway node and at least one backup gateway node corresponding to the VPC network, and according to the routing priority Provide network access services for users in the VPC network; wherein the main gateway node corresponding to each VPC network synchronizes the resource data of the network access service to at least one backup gateway node corresponding to the VPC network in real time.
通过上述描述可知,在本实施例中终端根据用户输入的检索关键词从预设的内容数据库汇总召回匹配的至少一条召回内容,然后基于构建的用户行为图谱和预设的关联得分计算方法,计算每一条召回内容对应的关联得分,并根据关联得分对召回内容进行排序,以将排序后的召回内容作为最终的目标检索结果并输出给用户。也就是说,采用上述基于虚拟私有云的网关节点的配置方法、装置终端和计算机可读存储介质之后,可以对于根据输入的检索关键词得到的检索结果基于用户行为图谱进行进一步的排序处理,以提高检索结果排序和展示的有效性,提高了内容检索后续的转化率。It can be seen from the above description that in this embodiment, the terminal collects at least one piece of recalled content matching the recall from a preset content database according to the search keywords entered by the user, and then calculates based on the constructed user behavior graph and the preset correlation score calculation method Each piece of recalled content corresponds to the correlation score, and the recalled content is sorted according to the correlation score, so that the sorted recalled content is used as the final target retrieval result and output to the user. That is to say, after adopting the above-mentioned virtual private cloud-based gateway node configuration method, device terminal, and computer-readable storage medium, the search results obtained according to the input search keywords can be further sorted based on the user behavior graph, so as to Improve the effectiveness of search results sorting and display, and improve the subsequent conversion rate of content retrieval.
在一个实施例中,请参阅图11,给出了本申请提供的可读存储介质的一实施例的结构示意图。可读存储介质10中存储有至少一个计算机程序20,计算机程序20用于被处理器执行以实现如下的方法:通过预设的资源配置算法,确定与每一个VPC网络对应的目标网关节点,其中,每一个VPC网络对应的目标网关节点包括与该VPC网络对应的一个主网关节点和至少一个备份网关节点;分别确定每个VPC网络的主网关节点和至少一个备份网关节点对应的路由优先级;针对每一个VPC网络,基于与该VPC网络对应的一个主网关节点和至少一个备份网关节点、并根据所述路由优先级为该VPC网络内的用户提供网络访问服务;其中,每一个VPC网络对应的主网关节点实时将网络访问服务的资源数据同步至与该VPC网络对应的至少一个备份网关节点。In an embodiment, please refer to FIG. 11, which shows a schematic structural diagram of an embodiment of the readable storage medium provided by the present application. At least one computer program 20 is stored in the readable storage medium 10, and the computer program 20 is used to be executed by the processor to implement the following method: determine the target gateway node corresponding to each VPC network through a preset resource configuration algorithm, where , The target gateway node corresponding to each VPC network includes a main gateway node and at least one backup gateway node corresponding to the VPC network; respectively determine the routing priority corresponding to the main gateway node and at least one backup gateway node of each VPC network; For each VPC network, provide network access services for users in the VPC network based on a primary gateway node and at least one backup gateway node corresponding to the VPC network, and according to the routing priority; where each VPC network corresponds to The main gateway node of the VPC synchronizes the resource data of the network access service to at least one backup gateway node corresponding to the VPC network in real time.
在一个实施例中,可读存储介质20可以是终端中的存储芯片、硬盘或者是移动硬盘或者优盘、光盘等其他可读写存储的工具,还可以是服务器等等。In an embodiment, the readable storage medium 20 may be a storage chip in a terminal, a hard disk, or a mobile hard disk, or other readable and writable storage tools such as a USB flash drive, or an optical disk, and may also be a server or the like.
采用上述终端和计算机可读存储介质之后,基于包括多个网关节点的网关集群为VPC网络提供服务时,针对每一个VPC网络,配置一个主网关节点和至少一个备份网关节点,并且为对应的网关节点配置路由优先级,然后在通过网关节点为VPC网络提供服务时,通过路由优先级确定当前提供服务的网关节点,例如主网关节点,并实时将业务数据实时同步至其他备份网关节点,使得在一个网关节点出现故障的情况下,该网关节点上的业务并不会消失,可以切换至其他备份有业务数据的网关节点,使得用户业务不中断,从而提升业务的稳定性,提升用户体验。After using the above-mentioned terminal and computer-readable storage medium, when providing services for a VPC network based on a gateway cluster including multiple gateway nodes, for each VPC network, configure a primary gateway node and at least one backup gateway node, and be the corresponding gateway The node configures the routing priority, and then when the gateway node provides services to the VPC network, the routing priority determines the current gateway node providing the service, such as the main gateway node, and synchronizes the business data to other backup gateway nodes in real time in real time. In the event of a failure of a gateway node, the services on the gateway node will not disappear, and can be switched to other gateway nodes backed up with service data, so that user services are not interrupted, thereby improving service stability and user experience.
可选的,本申请涉及的存储介质如计算机可读存储介质可以是非易失性的,也可以是易失性的。Optionally, the storage medium involved in this application, such as a computer-readable storage medium, may be non-volatile or volatile.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一非易失性计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program. The program can be stored in a non-volatile computer readable storage medium. Here, when the program is executed, it may include the procedures of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database, or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments can be combined arbitrarily. In order to make the description concise, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, they should be It is considered as the range described in this specification.
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本申请专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only express several implementation manners of the present application, and their description is relatively specific and detailed, but they should not be understood as a limitation to the patent scope of the present application. It should be pointed out that for those of ordinary skill in the art, without departing from the concept of this application, several modifications and improvements can be made, and these all fall within the protection scope of this application. Therefore, the scope of protection of the patent of this application shall be subject to the appended claims.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010354728.XACN111585800B (en) | 2020-04-29 | 2020-04-29 | Virtual private cloud-based network node configuration method, device and medium |
| CN202010354728.X | 2020-04-29 |
| Publication Number | Publication Date |
|---|---|
| WO2021217872A1true WO2021217872A1 (en) | 2021-11-04 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2020/099560CeasedWO2021217872A1 (en) | 2020-04-29 | 2020-06-30 | Method and apparatus for configuring gateway node on the basis of virtual private cloud, and medium |
| Country | Link |
|---|---|
| CN (1) | CN111585800B (en) |
| WO (1) | WO2021217872A1 (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114036236A (en)* | 2021-11-16 | 2022-02-11 | 东软集团股份有限公司 | Multi-gateway cluster system |
| CN115001904A (en)* | 2022-05-30 | 2022-09-02 | 紫光建筑云科技(重庆)有限公司 | High-availability NAT gateway design method |
| US11595307B1 (en) | 2020-09-25 | 2023-02-28 | Amazon Technologies, Inc. | Customized tuple definition for hashing at a network appliance routing service |
| US11652736B2 (en) | 2020-06-30 | 2023-05-16 | Amazon Technologies, Inc. | Transmitting network traffic to a pool of redundant network appliances |
| US12034570B2 (en) | 2022-03-14 | 2024-07-09 | T-Mobile Usa, Inc. | Multi-element routing system for mobile communications |
| CN119182828A (en)* | 2024-11-25 | 2024-12-24 | 天翼云科技有限公司 | Extranet access method, device, computer equipment, readable storage medium and product |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114697266A (en)* | 2020-12-31 | 2022-07-01 | 中兴通讯股份有限公司 | Virtual machine access method, terminal and storage medium |
| CN112866077B (en)* | 2021-02-26 | 2022-06-14 | 哈尔滨工业大学(威海) | Large-scale automatic networking method, management system, equipment and storage medium for modality fusion |
| CN113098788B (en)* | 2021-03-08 | 2023-03-24 | 杭州迪普科技股份有限公司 | Method and device for releasing route |
| CN113595899A (en)* | 2021-06-30 | 2021-11-02 | 上海云轴信息科技有限公司 | Method and system for realizing multi-node point cloud routing |
| CN113765710B (en)* | 2021-08-24 | 2024-07-09 | 中国人寿保险股份有限公司上海数据中心 | Request processing system and method based on multi-activity hybrid cloud deployment |
| CN114666208B (en)* | 2022-03-30 | 2024-04-12 | 杭州中天微系统有限公司 | Gateway system, node management method, electronic device, and storage medium |
| EP4440053A4 (en)* | 2022-04-06 | 2025-01-15 | Beijing Xiaomi Mobile Software Co., Ltd. | METHOD, DEVICE AND SYSTEM FOR NETWORKING MULTIPLE GATEWAYS AS WELL AS GATEWAY DEVICE AND STORAGE MEDIUM |
| CN118869395B (en)* | 2024-07-01 | 2025-04-22 | 北京志凌海纳科技股份有限公司 | High availability implementation method and system of vpc gateway |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101488918A (en)* | 2009-01-09 | 2009-07-22 | 杭州华三通信技术有限公司 | Multi-network card server access method and system |
| US7689722B1 (en)* | 2002-10-07 | 2010-03-30 | Cisco Technology, Inc. | Methods and apparatus for virtual private network fault tolerance |
| CN108989194A (en)* | 2017-05-31 | 2018-12-11 | 微软技术许可有限责任公司 | Distributed ipsec gateway |
| CN109245984A (en)* | 2018-07-13 | 2019-01-18 | 华为技术有限公司 | A kind of message transmitting method, a kind of information processing method and its relevant device |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262409B (en)* | 2008-04-23 | 2011-01-19 | 成都市华为赛门铁克科技有限公司 | Virtual private network VPN access method and device |
| US10067780B2 (en)* | 2015-10-06 | 2018-09-04 | Cisco Technology, Inc. | Performance-based public cloud selection for a hybrid cloud environment |
| GB2551792B (en)* | 2016-06-30 | 2019-02-13 | Sophos Ltd | Elastic outbound gateway |
| JP6744985B2 (en)* | 2016-08-27 | 2020-08-19 | ニシラ, インコーポレイテッド | Extend network control system to public cloud |
| CN107948086A (en)* | 2016-10-12 | 2018-04-20 | 北京金山云网络技术有限公司 | A kind of data packet sending method, device and mixed cloud network system |
| CN109067573B (en)* | 2018-07-26 | 2020-12-29 | 新华三技术有限公司 | Traffic scheduling method and device |
| US11196591B2 (en)* | 2018-08-24 | 2021-12-07 | Vmware, Inc. | Centralized overlay gateway in public cloud |
| US10846122B2 (en)* | 2018-09-19 | 2020-11-24 | Google Llc | Resource manager integration in cloud computing environments |
| CN110995545B (en)* | 2019-12-19 | 2022-03-08 | 腾讯科技(深圳)有限公司 | Cloud network configuration testing method and device |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7689722B1 (en)* | 2002-10-07 | 2010-03-30 | Cisco Technology, Inc. | Methods and apparatus for virtual private network fault tolerance |
| CN101488918A (en)* | 2009-01-09 | 2009-07-22 | 杭州华三通信技术有限公司 | Multi-network card server access method and system |
| CN108989194A (en)* | 2017-05-31 | 2018-12-11 | 微软技术许可有限责任公司 | Distributed ipsec gateway |
| CN109245984A (en)* | 2018-07-13 | 2019-01-18 | 华为技术有限公司 | A kind of message transmitting method, a kind of information processing method and its relevant device |
| Title |
|---|
| WANG CHEN: "Design and Implementation of Peer Disaster-Tolerance System in Cross-Domain Virtual Private Cloud Interworking Scenario", CHINESE MASTER'S THESES FULL-TEXT DATABASE, 1 May 2019 (2019-05-01), pages 1 - 80, XP055862096, DOI: 10.27014/d.cnki.gdnau.2019.003229* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11652736B2 (en) | 2020-06-30 | 2023-05-16 | Amazon Technologies, Inc. | Transmitting network traffic to a pool of redundant network appliances |
| US11595307B1 (en) | 2020-09-25 | 2023-02-28 | Amazon Technologies, Inc. | Customized tuple definition for hashing at a network appliance routing service |
| CN114036236A (en)* | 2021-11-16 | 2022-02-11 | 东软集团股份有限公司 | Multi-gateway cluster system |
| US12034570B2 (en) | 2022-03-14 | 2024-07-09 | T-Mobile Usa, Inc. | Multi-element routing system for mobile communications |
| CN115001904A (en)* | 2022-05-30 | 2022-09-02 | 紫光建筑云科技(重庆)有限公司 | High-availability NAT gateway design method |
| CN119182828A (en)* | 2024-11-25 | 2024-12-24 | 天翼云科技有限公司 | Extranet access method, device, computer equipment, readable storage medium and product |
| Publication number | Publication date |
|---|---|
| CN111585800B (en) | 2022-06-28 |
| CN111585800A (en) | 2020-08-25 |
| Publication | Publication Date | Title |
|---|---|---|
| WO2021217872A1 (en) | Method and apparatus for configuring gateway node on the basis of virtual private cloud, and medium | |
| CN106549875B (en) | A session management method, device and load balancer | |
| CN107454155B (en) | Fault processing method, device and system based on load balancing cluster | |
| US8825867B2 (en) | Two level packet distribution with stateless first level packet distribution to a group of servers and stateful second level packet distribution to a server within the group | |
| US9659075B2 (en) | Providing high availability in an active/active appliance cluster | |
| US7769886B2 (en) | Application based active-active data center network using route health injection and IGP | |
| US7885180B2 (en) | Address resolution request mirroring | |
| CN110912780A (en) | High-availability cluster detection method, system and controlled terminal | |
| EP3780552B1 (en) | Message processing method in distributed device and distributed device | |
| WO2017162184A1 (en) | Method of controlling service traffic between data centers, device, and system | |
| WO2018077238A1 (en) | Switch-based load balancing system and method | |
| CN110474802B (en) | Equipment switching method and device and service system | |
| US9800549B2 (en) | Hierarchical clustering in a geographically dispersed network environment | |
| CN107682406B (en) | Method, device and system for processing service | |
| Yang et al. | Algorithms for fault-tolerant placement of stateful virtualized network functions | |
| CN113839862A (en) | Method, system, terminal and storage medium for synchronizing ARP information between MCLAG neighbors | |
| US9172598B2 (en) | Scalable reliable failover in a network | |
| CN114500340B (en) | A method and system for intelligent scheduling distributed path calculation | |
| RU2517312C2 (en) | Link state identifier conflict resolution | |
| US11303701B2 (en) | Handling failure at logical routers | |
| US10447581B2 (en) | Failure handling at logical routers according to a non-preemptive mode | |
| JP7675809B2 (en) | Method and device for switching when MLAG link fails | |
| CN115941493B (en) | Multi-activity distribution method and device for cloud scene NAT gateway cluster based on multicast | |
| CN116489075A (en) | Method executed on processing circuit, network device and storage medium | |
| CN102187627B (en) | Method and device for load sharing, broadband access server system |
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application | Ref document number:20934072 Country of ref document:EP Kind code of ref document:A1 | |
| NENP | Non-entry into the national phase | Ref country code:DE | |
| 122 | Ep: pct application non-entry in european phase | Ref document number:20934072 Country of ref document:EP Kind code of ref document:A1 |