A method for assigning source ports of a Linux system in a load balancing device

Abstract

The application discloses a source port allocation method for a Linux system in a load balancing device and relates to the technical field of network port allocation. According to the application, the allocation and regulation of the source port are controlled, so that the message quintuples (including a source IP, a source port, a protocol type, a destination IP and a destination port) of a health check module and a SNAT (source address conversion) module of the load balancing device are not completely same, the message conflict problem of the two modules is effectively solved, and the problems of the abnormal forwarding of the load balancing device and the result oscillation of the health check module are avoided.

Description

Technical Field

[0001] This invention relates to the field of network port allocation technology, and in particular to a method for allocating source ports of a Linux system in a load balancing device. Background Technology

[0002] Health checks and SNAT (Source Address Translation) are essential functions of load balancer devices, and the health check module must be enabled when the load balancer is operating. The health check module refers to the load balancer periodically sending requests to backend servers to test their operational status and determine their availability. SNAT refers to a technique where the load balancer changes the source IP and source port of packets when forwarding them to backend servers. Both the source IP of health check module packets and SNAT packets can use the IP address of the service interface, therefore, the source IP addresses of these two types of packets may be the same. When the service port of the backend server and the port detected by the health check module are the same (the destination address and destination port of the packet are the same), a packet collision will occur if the source ports of these two packets are also the same. A packet collision occurs when the five-tuple of the packets is identical (source IP, source port, protocol type, destination IP, destination port).

[0003] Load balancing devices are typically based on Linux systems. The health check module's packet sending and receiving functions also rely on Linux; that is, the source port of the packets is determined by the Linux system. However, the source port of SNAT packets is not determined by the Linux system, but by the forwarding system (a process on the Linux system, implemented programmatically). In Linux, the range of usable source ports can be specified by modifying the system parameter ` / proc / sys / net / ipv4 / ip_local_port_range`. In the forwarding system, the range of source ports usable by the SNAT module is implemented programmatically. When both the health check module and SNAT are enabled on a load balancing device, to avoid conflicting packets, the range of source ports usable by both needs to be properly planned to prevent conflicts.

[0004] In existing TCP / IP technologies, the port range is typically set to <1, 65534> (i.e., from 1 to 65534), where <1, 1024> are reserved system ports, and the actual usable ports are <1025, 65534>. Without an SNAT module configured, the available source port range for the health check module is <1025, 65534>, ensuring the maximum number of health check modules can be used. When the SNAT module is configured, the source port range is redefined. The SNAT module uses a range of <1025, X>, and the source port range used by the health check module then becomes...<X+1,65534> Where X is a pre-planned value, which may vary between manufacturers.

[0005] Without the SNAT module configured, the health check module can use all available ports, assuming that some of these ports {P1, P2...Pn} are already in use. If some of the ports {P1, P2...Pn} are...<X+1,65534> If the SNAT module is configured, it may also use these ports, which can lead to packet conflicts, causing abnormal forwarding of services by the load balancer and fluctuations in the health check module results. Summary of the Invention

[0006] To address the aforementioned problems in the existing technology, this invention provides a method for allocating source ports of a Linux system in a load balancing device.

[0007] To achieve the above objectives, the present invention provides the following solution:

[0008] A method for allocating source ports of a Linux system in a load balancing device includes:

[0009] Initial values ​​based on the specifications of the health check module;

[0010] The first source port range is set based on the initial value; the first source port range is the range of source ports that the health check module can use.

[0011] Based on the first source port range, determine whether the remaining source ports meet the source port quantity requirements of the SANT module.

[0012] When the remaining source ports meet the source port quantity requirements of the SANT module, the source port range of the Linux system is determined based on the initial value.

[0013] If the remaining source ports do not meet the source port quantity requirements of the SANT module, the initial value is adjusted, and the process returns to "set the first source port range based on the initial value".

[0014] Preferably, the initial value is adjusted by adjusting the specifications of the health check module or the SANT module.

[0015] Preferably, the initial value is adjusted by adjusting the specifications of the health check module and the SANT module.

[0016] Preferably, the initial value is X:

[0017] X = 30000, or X = 40000.

[0018] Preferably, the range of the first source port is <1025, X>.

[0019] Preferably, the source port range of the SANT module is:<X+1,65534> .

[0020] According to specific embodiments provided by the present invention, the present invention discloses the following technical effects:

[0021] The source port allocation method for Linux systems in load balancing devices provided by this invention, through the allocation and control of source ports, ensures that the packet 5-tuples (including source IP, source port, protocol type, destination IP, and destination port) of the health check module and SNAT (source address translation) module of the load balancing device are not completely identical, thereby effectively solving the problem of packet conflict between the two modules and thus avoiding the problems of abnormal forwarding services and fluctuating results of the health check module in the load balancing device. Attached Figure Description

[0022] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0023] Figure 1 A flowchart illustrating the Linux system source port allocation method in the load balancing device provided by this invention. Detailed Implementation

[0024] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0025] The purpose of this invention is to provide a method for allocating source ports of a Linux system in a load balancing device, which can effectively solve the problem of packet conflict between the two modules mentioned above, and thus avoid the problems of abnormal forwarding services and fluctuating results of the health check module in the load balancing device.

[0026] To make the above-mentioned objects, features and advantages of the present invention more apparent and understandable, the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0027] Example 1

[0028] like Figure 1 As shown, the Linux system source port allocation method in the load balancing device provided by the present invention includes:

[0029] Step 100: Set initial values ​​for the specifications of the health check module.

[0030] Step 101: Set the first source port range based on the initial values. The first source port range is the range of source ports that the health check module can use.

[0031] Step 102: Determine whether the remaining source ports meet the source port quantity requirements of the SANT module based on the first source port range.

[0032] Step 103: When the remaining source ports meet the source port quantity requirements of the SANT module, the source port range of the Linux system is determined based on the initial value.

[0033] This step primarily involves configuring program code. For example, when the program starts, it uses the following system call to set the available source port range for the Linux system. Then, the SNAT program code is modified to set its available port range as follows.<X+1,65534> .

[0034] The program code is: "echo "1025X">

[0035] / proc / sys / net / ipv4 / ip_local_port_range”

[0036] Step 104: When the remaining source ports do not meet the source port quantity requirements of the SANT module, adjust the initial value and return to execute "Set the first source port range based on the initial value". In this invention, the purpose of adjusting the initial value can be achieved by adjusting one or both of the specifications of the health check module and the SANT module.

[0037] Example 2

[0038] In this embodiment, the source port range used by the health check module is pre-set to <1025, X>, and the source port range used by the SNAT module is...<X+1,65534> The initial value X is determined based on the requirements of the SNAT module and the health check module for the source port.

[0039] Based on this, the process of allocating source ports of the Linux system in a load balancing device provided in this embodiment is as follows:

[0040] Step 200: Determine the specifications of the health check module, that is, the maximum number of health checks that each interface IP address (source IP) needs to support (how many backend servers one IP address can probe at the same time). Assuming the health check specification is M, then X = 1024 + M.

[0041] Step 201: The range of source ports that the health check module can use is tentatively set to <1025, X>. Based on this, confirm the remaining number of source ports.<X+1,65534> And determine whether the remaining number of source ports is sufficient to meet the source port requirement W of the SNAT module.

[0042] Step 202: If<X+1,65534> If the source port number requirement of the SNAT module is met, i.e. (65534-X)≥W, then steps 204 and 205 are executed sequentially.

[0043] Step 203: If<X+1,65534> If the SNAT module requirements are not met, the specification of the number of source ports required by SNAT or health checks needs to be adjusted according to product requirements, and the initial value X needs to be adjusted accordingly.

[0044] Step 204: After determining the initial value X, set the program code so that when the program starts, it sets the range of available source ports of the Linux system through the system call "echo "1025X"> / proc / sys / net / ipv4 / ip_local_port_range".

[0045] Step 205: Modify the SNAT program code to set its available port range.<X+1,65534> .

[0046] After the above steps, the health check module and the SNAT module will not generate conflicting messages, thus effectively avoiding fluctuations in health check results and anomalies in forwarding services.

[0047] Example 3

[0048] This embodiment provides a load balancing device that applies the Linux system source port allocation method in the load balancing device provided in Embodiment 1 above. In this load balancing device, the health check specification is 10000, and its SNAT module specification requirement is 10000. Based on the health check specification, X is set to 11024, determining that the range of source ports usable for the health check is <1025, 11024>. It is confirmed that the remaining source ports <11025, 65534> can meet the SNAT module specification requirements. The program code is configured to set the available source port range of the Linux system through the system call "echo "1025 11024" > / proc / sys / net / ipv4 / ip_local_port_range" when the program starts, modifying SNAT, and setting its available port range to <11025, 65534>.

[0049] After the above steps, the health check and SNAT modules will not generate conflicting packets, thus effectively avoiding fluctuations in health check results and anomalies in forwarding services.

[0050] Example 4

[0051] This embodiment provides another load balancing device that applies the Linux system source port allocation method in the load balancing device provided in Embodiment 1 above. In this load balancing device, the health check specification is 31476, and the SNAT module specification requirement is 34000. Based on the health check specification, X is set to 32500, and the range of source ports that the health check can use is determined to be <1025, 32500>. However, the remaining source ports <32501, 65534> cannot meet the SNAT module specification requirements. According to product requirements, the health check specification is adjusted to 30001, the SNAT specification is adjusted to 30002, and X is adjusted to 31025. The program code is set so that when the program starts, it sets the available source port range of the Linux system through the system call "echo "1025 31025" > / proc / sys / net / ipv4 / ip_local_port_range", and the SNAT program code is modified to set its available port range to <31026, 65534>.

[0052] After the above steps, the health check and SNAT module will not generate conflict messages.

[0053] In addition, in this invention, besides the initial value X given above, the initial value X can also be set to 3000 or 4000, but it is not limited to this. In actual application, the initial value X is determined according to the SNAT specification and the health check specification.

[0054] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on the differences from other embodiments. The same or similar parts between the various embodiments can be referred to each other.

[0055] This document uses specific examples to illustrate the principles and implementation methods of the present invention. The descriptions of the above embodiments are only for the purpose of helping to understand the method and core ideas of the present invention. Furthermore, those skilled in the art will recognize that, based on the ideas of the present invention, there will be changes in the specific implementation methods and application scope. Therefore, the content of this specification should not be construed as a limitation of the present invention.

Claims

1. A method for allocating source ports of a Linux system in a load balancing device, characterized in that, include: The initial value is set based on the specifications of the health check module; wherein, the initial value is adjusted by adjusting the specifications of the health check module or the SNAT module. The first source port range is set based on the initial value; the first source port range is the range of source ports that the health check module can use. Based on the first source port range, determine whether the remaining source ports meet the source port quantity requirements of the SNAT module. When the remaining source ports meet the source port quantity requirements of the SNAT module, the source port range of the Linux system is determined based on the initial value. If the remaining source ports do not meet the source port quantity requirements of the SNAT module, the initial value is adjusted, and the process returns to "set the first source port range based on the initial value".

2. The Linux system source port allocation method in the load balancing device according to claim 1, characterized in that, The initial value is adjusted by modifying the specifications of the health check module and the SNAT module.

3. The Linux system source port allocation method in the load balancing device according to claim 1, characterized in that, The initial value is X: X=30000, or X=40000.

4. The Linux system source port allocation method in the load balancing device according to claim 3, characterized in that, The first source port range is <1025, X>.

5. The Linux system source port allocation method in the load balancing device according to claim 3, characterized in that, The source port range of the SNAT module is<X+1,65534> .

Images