基於DPDK實現VPC和IDC間互聯互通的高性能網關

原創

2021-08-01 08:03

Vxlan

VIP

vPort

RS-IP

Port

172.16.25.13

10.182.10.13

172.16.25.13

10.182.10.23

101

172.16.25.13

8080

10.182.20.2

80"}}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":" 表1：服務信息表"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其中Vxlan+VIP+vPort代表VPC內的一個公共服務，用戶VPC私有網絡內的客戶端可以通過訪問VIP+vPort來使用其公共服務，客戶端感知到VIP是私有網絡內的私網IP地址，由cloud-dpvs實現私網VIP到IDC網絡地址的映射，其映射關係和後端Real-Sever對用戶無感知。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"虛擬信息表由vxlan、虛機IP、虛機MAC以及宿主機IP地址組成，表格式如表2所示："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"embedcomp","attrs":{"type":"table","data":{"content":"

Vxlan

虛擬IP

虛擬MAC

宿主機IP

172.16.25.30

fa:16:3f:5d:6c:08

10.162.10.13

172.16.25.23

fa:16:3f:5d:7c:08

10.162.10.23

101

172.16.25.30

fa:16:3f:5d:6c:81

10.192.20.2"}}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":" 表2：虛擬信息表"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在虛擬化VPC網絡中，由於用戶可以按需自定其私有IP地址，所有不同VPC內的虛機IP地址可能存在重複，故無法以IP地址來唯一確定一臺服務器或者虛機，在cloud-dpvs的實現中採用了Vxlan+虛機IP的方式來表示虛機或者服務器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"VPC內的虛機訪問VIP:vPort的流量通過OVS內流表規則引流到Vxlan隧道後流量到達cloud-dpvs網關，網關根據查詢服務信息表查詢服務掛在的後端Real-Server,然後再根據一定的調度算法把流量分發給具體的Real-Server服務器，具體路徑如下圖7所示："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/4f\/4f31edda8f3c58e0302c2271fb4d2ddc.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖7"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"流量路徑說明： "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"embedcomp","attrs":{"type":"table","data":{"content":"

1	VPC內Client發起對VIP:vPort的訪問請求
2	流量經過OVS時，會根據流表規則把流量引入Vxlan隧道進行vxlan封裝，其外層目的IP地址爲Cloud-dpvs網關的IP，外層源IP地址爲虛機所在的宿主機IP地址
3	流量到達Cloud-dpvs網關後，對隧道報文進行解封裝，提取報文的vxlanId及內層的目的IP和Port，由三者即可確定一個VPC內的公共服務
4	Cloud-dpvs根據公共服務上配置的調度算法選擇其上掛載的Real-Server服務器，然後對報文進行映射修改報文的目的IP地址和端口並對映射關係進行記錄，最終把流量引流到IDC網絡的一臺物理服務器
5	後端Real-Server對報文處理完成後，按照源流量路徑會把流量返回給Cloud-dpvs網關
6	Cloud-dpvs收到後端Real-Server返回的報文，首先查找映射關係表，獲取會話所屬的公共服務，並對報文的源目IP頭進行修改，修改後的目的IP即爲虛機IP地址
7	根據公共服務裏的VxlanId和報文的目的IP地址可以確定唯一一臺虛機，根據虛機信息表可以獲知虛機MAC地址以及虛機所在的宿主機IP
8	根據獲取虛機MAC和宿主機IP對報文進行封裝Vxlan頭操作，虛機MAC地址爲內層目的MAC，宿主機IP爲外層目的IP，源IP地址使用Cloud-dpvs的IP地址，封裝後的vxlan隧道報文經過underlay網絡的轉發，報文會到達虛機所在宿主機
9	vxlan隧道報文在虛機所在宿主機上按照OVS流表進行解封裝，並按照OVS流表的轉發規則把報文送入對應的VPC內的Client"}}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"增加VXLAN模塊"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"雲化場景下，所有來自VPC的請求都進行了VXLAN封裝。CLOUD-DPVS在轉發層實現了VXLAN模塊，用於解封VPC發來的VXLAN數據包，保證轉發給IDC中服務器的爲解封后的數據包，使得後端服務器對於VPC無感知。當後端服務器回包到達CLOUD-DPVS後，再由CLOUD-DPVS封裝好VXLAN頭部並轉發給VPC。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"CLOUD-DPVS後續工作"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前CLOUD-DPVS打通了VPC到IDC的路徑，後續將繼續實現IDC到VPC的打通。目前VXLAN模塊是在轉發層軟件實現，下一步會計劃使用智能網卡實現OFFLOAD相關工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"參考文章："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1. "},{"type":"text","text":"https:\/\/github.com\/iqiyi\/dpvs"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2."},{"type":"text","text":" https:\/\/yq.aliyun.com\/articles\/497058"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3. "},{"type":"text","text":"https:\/\/tools.ietf.org\/html\/rfc5880#section-6.8.5"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文轉載自：360技術（ID：qihoo_tech）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"原文鏈接："},{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/cAwnpEnaCOBv5NWP3dGfsA","title":"xxx","type":null},"content":[{"type":"text","text":"基於DPDK實現VPC和IDC間互聯互通的高性能網關"}]}]}]}