Method for implementing bond scenario NAT ALG processing based on DPDK
By managing physical network interface cards (NICs) through the VPP process in the edge computing gateway and utilizing the KNI channel mechanism of DPDK, the problem of NAT ALG processing in bond scenarios is solved, achieving high-performance and highly reliable packet processing.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- INSPUR COMM TECH CO LTD
- Filing Date
- 2023-08-29
- Publication Date
- 2026-06-23
AI Technical Summary
In the bond scenario, the edge computing gateway cannot effectively handle NAT ALG because the bond interface does not have a corresponding KNI interface, which prevents data packets from being sent to the kernel for ALG processing.
The VPP process of the edge computing gateway manages physical network cards, generates network interfaces, and uses the KNI channel mechanism of DPDK to create a KNI channel for each physical network card, establishes the correspondence between network interfaces and virtual network ports, and realizes NAT ALG processing of data packets of the bond interface in the kernel.
It implements NAT ALG functionality in bond mode to ensure normal communication of related applications and achieves high-performance, high-reliability business data processing in VPP's bond mode.
Smart Images

Figure CN117201448B_ABST
Abstract
Description
Technical Field
[0001] This invention discloses a method for implementing NAT ALG processing in bond scenarios based on DPDK, which relates to the field of gateway communication technology, specifically a method for implementing NAT ALG processing in bond scenarios based on DPDK. Background Technology
[0002] In NAT scenarios, edge computing gateways handle data packets from protocols such as FTP, SIP, and H.323, requiring ALG (Alternating Generation) processing. This ALG processing is implemented in the kernel. The edge computing gateway's VPP (Virtual Processing Program) process uses the DPDK driver to manage physical network interface cards (NICs) and creates a KNI (Knowledge, Technology, and Environment) channel for each NIC to facilitate interaction between the VPP's data packets and the kernel. When a regular physical gateway receives a data packet and determines that it requires ALG processing, it uses the corresponding KNI channel of that NIC to send the packet to the kernel for ALG processing. After ALG processing, the packet is then sent back to the VPP process via the KNI channel of the outgoing interface for further processing.
[0003] Clearly, natalg works fine for general scenarios with a single network interface. However, it doesn't support natalg in bond scenarios because the bond interface is newly created, and no corresponding KNI interface was created when the bond interface was created. When the physical network card is aggregated by the bond interface, the data packets received from the bond interface cannot be sent to the kernel, and natalg processing is also impossible. Summary of the Invention
[0004] This invention addresses the problems of existing technologies by providing a method for implementing NAT ALG processing in bond scenarios based on DPDK, thereby enabling VPP to perform NAT ALG functionality in bond mode.
[0005] The specific solution proposed in this invention is as follows:
[0006] This invention provides a method for implementing NAT ALG processing in bond scenarios based on DPDK. It manages physical network interface cards (NICs) through the VPP process of the edge computing gateway, generates network interfaces corresponding to each NIC, and creates a KNI channel for each NIC based on DPDK's KNI channel mechanism, corresponding to the respective network interface.
[0007] Create virtual network ports in the kernel of the edge computing gateway corresponding to the number of physical network cards, and establish the correspondence between network interfaces, KNI channels, and virtual network ports.
[0008] The VPP process creates bond interfaces, groups network interfaces, and then aggregates network interfaces according to these groups using different bond interfaces.
[0009] Data packets received through one bond interface are sent to the kernel via the Kni channel of the network interface aggregated by that bond interface. The kernel receives the data packets using the corresponding virtual interface and performs NAT ALG processing. The kernel then forwards the returned data packets to the virtual interface corresponding to the network interface aggregated by another bond interface. The returned data packets are then sent to the network interface aggregated by the other bond interface via the Kni channel of the virtual interface corresponding to the network interface aggregated by that other bond interface. Finally, the VPP process forwards the returned data packets using the other bond interface, thus completing the NAT ALG processing in the bond scenario.
[0010] Furthermore, in the method for implementing NAT ALG processing in bond scenarios based on DPDK, before the physical network interface card is managed by the VPP process of the edge computing gateway, the rte_kni.ko module is compiled and inserted into the kernel of the edge computing gateway.
[0011] Furthermore, the method for implementing NAT ALG processing in bond scenarios based on DPDK includes, before receiving data packets through the bond interface, configuring the IP address of the bond interface, wherein one bond interface and the corresponding virtual interface in the kernel that receives data packets are configured to have the same IP address, and the virtual interface corresponding to the network interface aggregated by another bond interface that receives returned data packets in the kernel and another bond interface are configured to have the same IP address.
[0012] Furthermore, in the method for implementing NAT ALG processing in bond scenarios based on DPDK, for FTP protocol data packets, the corresponding FTP protocol module is loaded in the kernel of the edge computing gateway, the NAT ALG processing rules of the FTP application are configured using the iptables command, and the NAT ALG processing of FTP protocol data packets is performed according to the NAT ALG processing rules of the FTP application.
[0013] For SIP protocol packets, the corresponding SIP protocol module is loaded into the kernel of the edge computing gateway. The iptables command is used to configure the NAT ALG processing rules for SIP applications, and the NAT ALG processing of SIP protocol packets is performed according to the NAT ALG processing rules of SIP applications.
[0014] For H.323 protocol packets, the corresponding H.323 protocol module is loaded into the kernel of the edge computing gateway. The NAT ALG processing rules for H.323 applications are configured using the iptables command, and NAT ALG processing of H.323 protocol packets is performed according to the NAT ALG processing rules for H.323 applications.
[0015] This invention also provides an apparatus for implementing NAT ALG processing in bond scenarios based on DPDK, including a VPP management module and a NAT ALG processing module.
[0016] The VPP management module manages physical network interface cards (NICs) through the VPP process of the edge computing gateway, generates network interfaces corresponding to each NIC, and creates a KNI channel for each NIC based on the DPDK's KNI channel mechanism, corresponding to the respective network interface.
[0017] Create virtual network ports in the kernel of the edge computing gateway corresponding to the number of physical network cards, and establish the correspondence between network interfaces, KNI channels, and virtual network ports.
[0018] Create bond interfaces through the VPP process, group network interfaces, and aggregate network interfaces according to the grouping based on different bond interfaces;
[0019] The NAT ALG processing module receives data packets through a bond interface and sends them to the kernel via the Kni channel of the network interface aggregated by the bond interface. The kernel receives the data packets using the corresponding virtual interface and performs NAT ALG processing. The kernel then forwards the returned data packets to the virtual interface corresponding to the network interface aggregated by another bond interface. The returned data packets are then sent to the network interface aggregated by the other bond interface via the Kni channel of the virtual interface corresponding to the network interface aggregated by the other bond interface. Finally, the VPP process forwards the returned data packets using the other bond interface, thus completing the NAT ALG processing in the bond scenario.
[0020] Furthermore, in the device for implementing bond scenario NAT ALG processing based on DPDK, before the VPP management module manages the physical network card through the VPP process of the edge computing gateway, the rte_kni.ko module is compiled and inserted into the kernel of the edge computing gateway.
[0021] Furthermore, in the device for implementing NAT ALG processing in bond scenarios based on DPDK, before the NAT ALG processing module receives data packets through the bond interface, the following steps are taken: configuring the IP address of the bond interface, wherein one bond interface and the corresponding virtual interface in the kernel that receives data packets are configured to have the same IP address, and the virtual interface corresponding to the network interface aggregated by another bond interface that receives returned data packets in the kernel and another bond interface are configured to have the same IP address.
[0022] Furthermore, in the device for implementing NAT ALG processing in bond scenarios based on DPDK, the NAT ALG processing module loads the corresponding FTP protocol module in the kernel of the edge computing gateway for FTP protocol data packets, configures the NAT ALG processing rules for the FTP application using iptables commands, and performs NAT ALG processing on FTP protocol data packets according to the NAT ALG processing rules for the FTP application.
[0023] For SIP protocol packets, the corresponding SIP protocol module is loaded into the kernel of the edge computing gateway. The iptables command is used to configure the NAT ALG processing rules for SIP applications, and the NAT ALG processing of SIP protocol packets is performed according to the NAT ALG processing rules of SIP applications.
[0024] For H.323 protocol packets, the corresponding H.323 protocol module is loaded into the kernel of the edge computing gateway. The NAT ALG processing rules for H.323 applications are configured using the iptables command, and NAT ALG processing of H.323 protocol packets is performed according to the NAT ALG processing rules for H.323 applications.
[0025] The advantages of this invention are:
[0026] This invention provides a method for implementing NAT ALG processing in bond scenarios based on DPDK. Utilizing VPP in conjunction with DPDK's KNI mechanism, control connection packets are imported into the Linux kernel for ALG processing in bond mode, while business data can be processed within VPP. This achieves ALG processing, ensuring normal communication for related applications, and subsequent business data access can also be handled with high performance and reliability in VPP's bond mode. Attached Figure Description
[0027] Figure 1 This is a schematic diagram of the method flow of the present invention.
[0028] Figure 2 This is a schematic diagram of the application framework of the method of the present invention. Detailed Implementation
[0029] The present invention will be further described below with reference to the accompanying drawings and specific embodiments, so that those skilled in the art can better understand and implement the present invention. However, the embodiments described are not intended to limit the present invention.
[0030] Bond aggregation mode, as a solution for achieving high reliability and redundancy of network interfaces, is widely used in current network scenarios, especially on gateway devices. Bond offers a wide range of usage modes to suit various network applications. Bond has the following seven modes: 1) Load balancing, 2) Primary / backup mode, 3) XOR strategy, 4) Broadcast strategy, 5) Dynamic link aggregation, 6) Adapter transmission load balancing, and 7) Adapter adaptive load balancing. All seven Bond modes must support natalg processing.
[0031] This invention provides a method for implementing NAT ALG processing in bond scenarios based on DPDK. It manages physical network interface cards (NICs) through the VPP process of the edge computing gateway, generates network interfaces corresponding to each NIC, and creates a KNI channel for each NIC based on DPDK's KNI channel mechanism, corresponding to the respective network interface.
[0032] Create virtual network ports in the kernel of the edge computing gateway corresponding to the number of physical network cards, and establish the correspondence between network interfaces, KNI channels, and virtual network ports.
[0033] The VPP process creates bond interfaces, groups network interfaces, and then aggregates network interfaces according to these groups using different bond interfaces.
[0034] Data packets received through one bond interface are sent to the kernel via the Kni channel of the network interface aggregated by that bond interface. The kernel receives the data packets using the corresponding virtual interface and performs NAT ALG processing. The kernel then forwards the returned data packets to the virtual interface corresponding to the network interface aggregated by another bond interface. The returned data packets are then sent to the network interface aggregated by the other bond interface via the Kni channel of the virtual interface corresponding to the network interface aggregated by that other bond interface. Finally, the VPP process forwards the returned data packets using the other bond interface, thus completing the NAT ALG processing in the bond scenario.
[0035] The VPP mentioned in this invention is a high-performance packet processing network framework based on DPDK. VPP supports the bond interface and NAT translation, but it does not support natALG processing in bond mode. The kernel fully supports NATALG functionality, but VPP, being a user-space process, cannot interact with the kernel. VPP introduces DPDK's KNI mechanism and establishes a mapping between network interfaces and kernel virtual interfaces, further enabling data interaction between VPP and the kernel. Packets received by VPP from the bond interface are sent to the kernel for ALG processing, and then the packets are sent back to VPP, thus implementing NATALG functionality in bond mode.
[0036] In specific applications, in some embodiments of the method of the present invention, the process for performing NAT ALG processing of bond scenarios based on DPDK can be referred to as follows:
[0037] Step 1: Manage physical network cards through the VPP process of the edge computing gateway, generate network interfaces corresponding to the physical network cards, and create a kni channel for each physical network card based on the Dpdk kni channel mechanism, which corresponds to the corresponding network interface.
[0038] Furthermore, before managing the physical network interface card through the VPP process of the edge computing gateway in step 1, the rte_kni.ko module is compiled and inserted into the kernel of the edge computing gateway.
[0039] Step 2: Create virtual network ports in the kernel of the edge computing gateway corresponding to the number of physical network cards, and establish the correspondence between network interfaces, KNI channels and virtual network ports.
[0040] Step 3: Create bond interfaces through the VPP process, group the network interfaces, and aggregate the network interfaces according to the grouping using different bond interfaces.
[0041] Step 4: The data packets received through one bond interface are sent to the kernel via the Kni channel of the network interface aggregated by the bond interface. The kernel receives the data packets using the corresponding virtual interface and performs NAT ALG processing. The kernel forwards the returned data packets to the virtual interface corresponding to the network interface aggregated by another bond interface. The returned data packets are then sent to the network interface aggregated by the other bond interface via the Kni channel of the virtual interface corresponding to the network interface aggregated by the other bond interface. The VPP process then forwards the returned data packets using the other bond interface, thus completing the NAT ALG processing in the bond scenario.
[0042] Furthermore, before receiving data packets through the bond interface, the following steps are included: configuring the IP address of the bond interface, wherein one bond interface and the corresponding virtual interface in the kernel that receives data packets are configured to have the same IP address, and the virtual interface corresponding to the network interface aggregated by another bond interface that receives returned data packets in the kernel and another bond interface are configured to have the same IP address.
[0043] Furthermore, in step 4, for FTP protocol data packets, the corresponding FTP protocol module is loaded into the kernel of the edge computing gateway, the NAT ALG processing rules for the FTP application are configured using the iptables command, and the NAT ALG processing of FTP protocol data packets is performed according to the NAT ALG processing rules of the FTP application.
[0044] For SIP protocol packets, the corresponding SIP protocol module is loaded into the kernel of the edge computing gateway. The iptables command is used to configure the NAT ALG processing rules for SIP applications, and the NAT ALG processing of SIP protocol packets is performed according to the NAT ALG processing rules of SIP applications.
[0045] For H.323 protocol packets, the corresponding H.323 protocol module is loaded into the kernel of the edge computing gateway. The NAT ALG processing rules for H.323 applications are configured using the iptables command, and NAT ALG processing of H.323 protocol packets is performed according to the NAT ALG processing rules for H.323 applications.
[0046] Based on the above embodiments, the process can be referred to Figure 2 :
[0047] Step 1: Manage physical network cards through the VPP process of the edge computing gateway, generate network interfaces corresponding to the physical network cards, and create a kni channel for each physical network card based on the Dpdk kni channel mechanism, which corresponds to the corresponding network interface.
[0048] Furthermore, before the physical network interface card is managed by the VPP process of the edge computing gateway in step 1, the kni channel mechanism of Dpdk is implemented in the rte_kni module of the Dpdk framework code. Therefore, the rte_kni.ko module is compiled and inserted into the kernel of the edge computing gateway.
[0049] After the VPP process runs, it creates a KNI channel for each physical network interface card (NIC). Assuming VPP manages four physical NICs, after starting, it generates four network interfaces: Eth_VIP1, Eth_VIP2, Eth_APP1, and Eth_APP2. Simultaneously, it creates four KNI channels: kni1, kni2, kni3, and kni4.
[0050] Step 2: Create virtual network ports corresponding to the number of physical network cards in the kernel of the edge computing gateway, and establish the mapping relationship between network interfaces, KNI channels, and virtual network ports. Specifically, four virtual network ports, megw_eth0, megw_eth1, megw_eth2, and megw_eth3, are also created in the Linux kernel. The mapping relationship for these four groups is as follows:<Eth_VIP1-kni1-megw_eth0> ,<Eth_VIP2-kni2-megw_eth1> ,<Eth_APP1-kni3-megw_eth2> ,<Eth_APP2-kni4-megw_eth3> .
[0051] Step 3: Create bond interfaces through the VPP process to group network interfaces, and then aggregate network interfaces according to their groups using different bond interfaces. Specifically, create two bond interfaces in VPP, each aggregating one or more physical network interfaces. Assume VPP creates two aggregation interfaces, bond1 and bond2. Bond1 aggregates network interfaces Eth_VIP1 and Eth_VIP2, and bond2 aggregates network interfaces Eth_APP1 and Eth_APP2.
[0052] Step 4: NAT ALG processing of data packets. For example, for uplink data packets from an edge computing gateway, packets received on the bond1 interface are sent to the kernel via the kni1 channel corresponding to the Eth_VIP1 interface. The kernel virtual interface megw_eth0 receives the data packets from kni1 and performs NAT ALG processing. Then, the kernel forwards the returned data packets to megw_eth2, which sends the data packets back to the vpp via the kni3 channel corresponding to megw_eth2. In the vpp process, Eth_APP1 receives the data packets from kni3 and sends them out from bond2. Similarly, downlink data packets received by the edge computing gateway from bond2 can be processed via the reverse path.
[0053] Since bond1 and bond2 operate at network layer 3, IP addresses need to be configured for both. Simultaneously, the kernel virtual interface megw_eth0 should be configured with the same IP address as bond1, and the kernel virtual interface megw_eth2 should be configured with the same IP address as bond2. ARP information learned by the bond1 interface should be synchronized to the kernel virtual interface megw_eth0, and ARP information learned by the bond2 interface should be synchronized to the kernel virtual interface megw_eth2.
[0054] Furthermore, for the FTP protocol, the ip_conntrack_ftp module and the ip_nat_ftp module are loaded in the Linux kernel. The ip_conntrack_ftp module is used to maintain data links under the FTP protocol, and the ip_nat_ftp module is used to maintain IP address translation relationships under the FTP protocol. At the same time, the iptables command is used to configure the NAT ALG processing rules for the FTP application, and the NAT ALG processing of FTP protocol packets is performed according to the NAT ALG processing rules of the FTP application.
[0055] For the SIP protocol, the ip_conntrack_sip module and the ip_nat_sip module are loaded in the Linux kernel. The ip_conntrack_sip module is used to maintain data links under the SIP protocol, and the ip_nat_sip module is used to maintain IP address translation relationships under the SIP protocol. At the same time, the iptables command is used to configure the NAT ALG processing rules for SIP applications, and the NAT ALG processing of SIP protocol packets is performed according to the NAT ALG processing rules of SIP applications.
[0056] For the H.323 protocol, the ip_conntrack_h323 module and the ip_nat_h323 module are loaded in the Linux kernel. The ip_conntrack_h323 module is used to maintain data links under the H.323 protocol, and the ip_nat_h323 module is used to maintain IP address translation relationships under the H.323 protocol. At the same time, the iptables command is used to configure the NAT ALG processing rules for H.323, and the NAT ALG processing of H.323 protocol packets is performed according to the NAT ALG processing rules applied to H.323.
[0057] Data packets on fixed ports (21, 1720, 5060) can be sent to the corresponding helper kernel module for alg processing.
[0058] Based on the above embodiments, in bond mode, FTP / H323 / SIP control connection packets are imported into the Linux kernel for ALG processing, while business data is processed in VPP. This achieves ALG processing, ensuring that FTP / H323 / SIP protocol-related applications can communicate normally, and subsequent business data access can also be processed with high performance and high reliability in VPP's bond mode.
[0059] This invention also provides an apparatus for implementing NAT ALG processing in bond scenarios based on DPDK, including a VPP management module and a NAT ALG processing module.
[0060] The VPP management module manages physical network interface cards (NICs) through the VPP process of the edge computing gateway, generates network interfaces corresponding to each NIC, and creates a KNI channel for each NIC based on the DPDK's KNI channel mechanism, corresponding to the respective network interface.
[0061] Create virtual network ports in the kernel of the edge computing gateway corresponding to the number of physical network cards, and establish the correspondence between network interfaces, KNI channels, and virtual network ports.
[0062] Create bond interfaces through the VPP process, group network interfaces, and aggregate network interfaces according to the grouping based on different bond interfaces;
[0063] The NAT ALG processing module receives data packets through a bond interface and sends them to the kernel via the Kni channel of the network interface aggregated by the bond interface. The kernel receives the data packets using the corresponding virtual interface and performs NAT ALG processing. The kernel then forwards the returned data packets to the virtual interface corresponding to the network interface aggregated by another bond interface. The returned data packets are then sent to the network interface aggregated by the other bond interface via the Kni channel of the virtual interface corresponding to the network interface aggregated by the other bond interface. Finally, the VPP process forwards the returned data packets using the other bond interface, thus completing the NAT ALG processing in the bond scenario.
[0064] The information interaction and execution process between the modules in the above-mentioned device are based on the same concept as the method embodiment of the present invention, and the specific details can be found in the description of the method embodiment of the present invention, and will not be repeated here.
[0065] Similarly, the device of this invention utilizes VPP combined with the KNI mechanism of DPDK to import control connection data packets into the Linux kernel for ALG processing in bond mode, while service data can be processed in VPP. This achieves ALG processing, ensuring that related applications can access communication normally, and subsequent service data access can also be processed with high performance and high reliability in VPP's bond mode.
[0066] It should be noted that not all steps and modules in the above process and device structure diagrams are mandatory; some steps or modules can be omitted as needed. The execution order of each step is not fixed and can be adjusted as required. The system structure described in the above embodiments can be a physical structure or a logical structure. That is, some modules may be implemented by the same physical entity, or some modules may be implemented by multiple physical entities, or they may be jointly implemented by certain components in multiple independent devices.
[0067] The above-described embodiments are merely preferred embodiments provided to fully illustrate the present invention, and the scope of protection of the present invention is not limited thereto. Equivalent substitutions or modifications made by those skilled in the art based on the present invention are all within the scope of protection of the present invention. The scope of protection of the present invention is defined by the claims.
Claims
1. A method for implementing NAT ALG processing in bond scenarios based on DPDK, characterized by managing physical network interface cards (NICs) through the VPP process of the edge computing gateway, generating network interfaces corresponding to the physical NICs, and creating a KNI channel for each physical NIC based on DPDK's KNI channel mechanism, each corresponding to a specific network interface. Create virtual interfaces corresponding to the number of physical network interface cards (NICs) in the kernel of the edge computing gateway, and establish the correspondence between network interfaces, KNI channels, and virtual interfaces. The VPP process creates bond interfaces, groups network interfaces, and then aggregates network interfaces according to these groups using different bond interfaces. Data packets received through one bond interface are sent to the kernel via the Kni channel of the network interface aggregated by that bond interface. The kernel receives the data packets using the corresponding virtual interface and performs NAT ALG processing. The kernel then forwards the returned data packets to the virtual interface corresponding to the network interface aggregated by another bond interface. The returned data packets are then sent to the network interface aggregated by the other bond interface via the Kni channel of the virtual interface corresponding to the network interface aggregated by that other bond interface. Finally, the VPP process forwards the returned data packets using the other bond interface, thus completing the NAT ALG processing in the bond scenario.
2. The method for implementing NAT ALG processing in bond scenarios based on DPDK according to claim 1 is characterized in that, before the physical network card is managed by the VPP process of the edge computing gateway, the rte_kni.ko module is compiled and inserted into the kernel of the edge computing gateway.
3. The method for implementing NAT ALG processing in bond scenarios based on DPDK according to claim 1, characterized in that: Before receiving data packets through the bond interface, the process includes: configuring the IP address of the bond interface, wherein one bond interface and the corresponding virtual interface in the kernel that receives data packets are configured to have the same IP address, and the virtual interface corresponding to the network interface aggregated by another bond interface that receives returned data packets in the kernel and another bond interface are configured to have the same IP address.
4. The method for implementing NAT ALG processing in bond scenarios based on DPDK according to claim 1, characterized in that: For FTP protocol packets, the corresponding FTP protocol module is loaded into the kernel of the edge computing gateway. The iptables command is used to configure the NAT ALG processing rules for the FTP application, and the NAT ALG processing of FTP protocol packets is performed according to the NAT ALG processing rules of the FTP application. For SIP protocol packets, the corresponding SIP protocol module is loaded into the kernel of the edge computing gateway. The iptables command is used to configure the NAT ALG processing rules for SIP applications, and the NAT ALG processing of SIP protocol packets is performed according to the NAT ALG processing rules of SIP applications. For H.323 protocol packets, the corresponding H.323 protocol module is loaded into the kernel of the edge computing gateway. The NAT ALG processing rules for H.323 applications are configured using the iptables command, and NAT ALG processing of H.323 protocol packets is performed according to the NAT ALG processing rules for H.323 applications.
5. A device for implementing NAT ALG processing in bond scenes based on DPDK, characterized by: Includes a VPP management module and a NAT ALG processing module. The VPP management module manages physical network interface cards (NICs) through the VPP process of the edge computing gateway, generates network interfaces corresponding to each NIC, and creates a KNI channel for each NIC based on the DPDK's KNI channel mechanism, corresponding to the respective network interface. Create virtual interfaces corresponding to the number of physical network interface cards (NICs) in the kernel of the edge computing gateway, and establish the correspondence between network interfaces, KNI channels, and virtual interfaces. Create bond interfaces through the VPP process, group network interfaces, and aggregate network interfaces according to the grouping based on different bond interfaces; The NAT ALG processing module receives data packets through a bond interface and sends them to the kernel via the Kni channel of the network interface aggregated by the bond interface. The kernel receives the data packets using the corresponding virtual interface and performs NAT ALG processing. The kernel then forwards the returned data packets to the virtual interface corresponding to the network interface aggregated by another bond interface. The returned data packets are then sent to the network interface aggregated by the other bond interface via the Kni channel of the virtual interface corresponding to the network interface aggregated by the other bond interface. Finally, the VPP process forwards the returned data packets using the other bond interface, thus completing the NAT ALG processing in the bond scenario.
6. The apparatus for implementing bond scene NAT ALG processing based on DPDK according to claim 5, characterized in that VPP Before the management module manages the physical network interface card through the VPP process of the edge computing gateway, it compiles the rte_kni.ko module and inserts the rte_kni.ko module into the kernel of the edge computing gateway.
7. The apparatus for implementing NAT ALG processing in bond scenarios based on DPDK according to claim 5, characterized in that NAT... Before the ALG processing module receives data packets through the bond interface, it includes: configuring the IP address of the bond interface, wherein one bond interface and the corresponding virtual interface in the kernel that receives data packets are configured to have the same IP address, and the virtual interface corresponding to the network interface aggregated by another bond interface that receives returned data packets in the kernel and another bond interface are configured to have the same IP address.
8. The apparatus for implementing bond scene NAT ALG processing based on DPDK according to claim 5, characterized in that NAT The ALG processing module targets FTP protocol packets. It loads the corresponding FTP protocol module into the kernel of the edge computing gateway, uses iptables commands to configure NAT ALG processing rules for FTP applications, and performs NAT ALG processing on FTP protocol packets according to the NAT ALG processing rules of FTP applications. For SIP protocol packets, the corresponding SIP protocol module is loaded into the kernel of the edge computing gateway. The iptables command is used to configure the NAT ALG processing rules for SIP applications, and the NAT ALG processing of SIP protocol packets is performed according to the NAT ALG processing rules of SIP applications. For H.323 protocol packets, the corresponding H.323 protocol module is loaded into the kernel of the edge computing gateway. The NAT ALG processing rules for H.323 applications are configured using the iptables command, and NAT ALG processing of H.323 protocol packets is performed according to the NAT ALG processing rules for H.323 applications.