An eBPF and federal identity driven network cross-cloud fault-tolerant method and electronic equipment

By intercepting cross-cloud requests in kernel mode and injecting identity tag headers into the extended data packet headers, and combining timestamps and retry times to calculate security redundancy time, the problems of network latency and credential expiration in traditional cross-cloud interoperability solutions are solved, achieving efficient and stable cross-cloud communication and fault tolerance.

CN122394950APending Publication Date: 2026-07-14SICHUAN HUAXI JICAI E-COMMERCE CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SICHUAN HUAXI JICAI E-COMMERCE CO LTD
Filing Date
2026-05-28
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In enterprise-level hybrid cloud architectures, traditional cross-cloud interconnection solutions suffer from computational latency caused by network address translation and the masking of real Internet Protocol addresses. Furthermore, blind retries when the network is disconnected lead to a storm of expired credentials, resulting in exhaustion of identity verification resources and a cascading effect on microservice clusters.

Method used

A cross-cloud fault tolerance method based on eBPF and federated identity is adopted. By intercepting cross-cloud network requests in kernel mode, injecting identity label headers into the extended packet headers, and calculating security redundancy time by combining timestamps and retry times, a joint circuit breaker of network state and identity state is achieved to avoid retry storms.

Benefits of technology

It achieves high efficiency and stability in cross-cloud communication, avoids verification storms caused by expired credentials, and improves the system robustness and network fault tolerance efficiency of hybrid heterogeneous cloud architecture.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394950A_ABST
    Figure CN122394950A_ABST
Patent Text Reader

Abstract

The application discloses a network cross-cloud fault-tolerant method based on eBPF and federal identity driving and electronic equipment. The method comprises the following steps: obtaining a temporary identity certificate of a micro-service instance currently sending a cross-cloud network request; intercepting the cross-cloud network request in the kernel state, matching the temporary identity certificate and a corresponding invalid timestamp according to a request feature, extending a packet header and injecting a custom identity label header containing the temporary identity certificate and the invalid timestamp, and sending a cross-cloud service message after forming the cross-cloud service message; when detecting that the cross-cloud service message is suspended due to a link timeout, calculating a safe redundancy time of the temporary identity certificate when the message is expected to arrive at a peer end; if the safe redundancy time is greater than or equal to 0, delivering according to a predetermined retry time; if the safe redundancy time is less than 0, intercepting a fuse retry action, initiating an asynchronous token refresh protocol request, and resending the message after obtaining a new invalid timestamp. The application realizes joint fusing of network state and identity state, and effectively eliminates a cross-cloud retry storm.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of cloud computing and network security underlying architecture, specifically a technical solution for handling cross-cluster network routing interoperability, microservice unified identity authentication, and link anomaly retry fault tolerance in a hybrid heterogeneous architecture of public and private clouds. Background Technology

[0002] In current enterprise-level hybrid cloud architecture deployments, private cloud clusters typically serve as the primary data center for core business data, while public cloud clusters are often used as elastic computing nodes to handle sudden traffic surges. In this typical hybrid heterogeneous network architecture, microservice modules deployed in both cloud environments require frequent remote procedure calls. Cross-cloud communication faces the dual obstacles of inconsistent network infrastructure and security / identity systems.

[0003] Traditional cross-cloud interconnection solutions often employ Virtual Private Network (VPN) technology combined with Network Address Translation (NAT) mechanisms to address network segment overlap and conflicts in different cloud environments, and hard-code access keys for both ends in the application layer code for authentication. This traditional architecture has significant technical flaws. NAT operations not only increase the computational latency of network packet processing but also obscure the real Internet Protocol (IP) address of the target microservice, making it difficult to accurately implement enterprise-level network micro-segmentation methods for the source service. In traditional architectures, the application layer's network fault tolerance module and authentication module are completely disconnected. Because cross-cloud physical links typically traverse complex public network routes, they are highly susceptible to transient physical link outages lasting several minutes. When the network is interrupted, the application layer's retry controller blindly backs up and retransmits unresponsive requests exponentially, causing a large backlog of requests in the local protocol stack. Once the cross-cloud link is restored, these backlogged retry requests flood the peer cloud gateway instantly. The temporary identity credentials attached to the original request packets often exceed their validity period during the link outage. This directly led to a large number of high-concurrency retry requests being rejected in batches by the public cloud's identity access management system, which in turn triggered an authentication storm, causing the authentication service's computing resources to be exhausted and resulting in an avalanche effect across the entire microservice cluster. Summary of the Invention

[0004] This application provides a network cross-cloud fault tolerance method and electronic device based on eBPF (Extended Berkeley Packet Filter) and federated identity-driven network, which solves the network segment conflict problem caused by IP routing in traditional cross-cloud calls, as well as the credential expiration verification storm problem caused by blind retries when the network is disconnected.

[0005] This application provides a cross-cloud fault tolerance method based on eBPF and federated identity, applied to a cross-cloud edge gateway deployed at the boundary of heterogeneous clouds. This cross-cloud edge gateway includes a federated identity broker, an eBPF data plane bridge, and an identity-aware retry controller. The method includes: obtaining the temporary identity credential of the microservice instance currently issuing the cross-cloud network request; intercepting the cross-cloud network request in kernel mode; matching the temporary identity credential and its corresponding expiration timestamp in a kernel hash table based on the request characteristics; extending the packet header and injecting a custom identity tag header containing the temporary identity credential and expiration timestamp; forming a cross-cloud service message and then tunneling and encapsulating it for transmission; when a cross-cloud network link timeout is detected causing the cross-cloud service message to be suspended, obtaining the expiration timestamp carried by the suspended cross-cloud service message; combining the next scheduled retry time and the currently estimated cross-cloud round-trip time; calculating the security redundancy time of the temporary identity credential when the message is expected to reach the other end; if the security redundancy time is greater than or equal to zero, retrying delivery according to the next scheduled retry time. If the security redundancy time is less than zero, the retry action of the cross-cloud network request is intercepted and circuit-broken. An asynchronous token refresh protocol request containing only credential exchange signaling is initiated to the peer gateway. After obtaining a new expiration timestamp and updating the kernel hash table, the suspended cross-cloud service message is released and the retry counter is reset for retransmission. By sinking the application layer's identity lifecycle data down to the network data link layer, a joint circuit breaker for network state and identity state is achieved, eliminating cross-cloud retry storms.

[0006] The process of intercepting and tunneling cross-cloud network requests in kernel mode includes: extracting the source and destination address characteristics of the cross-cloud network request; using the source and destination address characteristics as keys to query the kernel hash table and extract the corresponding temporary identity credential and expiration timestamp; calling kernel functions to allocate an additional space of a preset byte length between the network layer header and transport layer header of the cross-cloud network request; constructing a custom identity label header within the additional space and pushing the temporary identity credential and expiration timestamp into the custom identity label header; encapsulating the message with the added custom identity label header using a preset tunneling communication protocol to generate a cross-cloud service message and send it. Dynamically expanding the data packet space in kernel mode achieves an efficient data encapsulation mechanism that eliminates network address translation.

[0007] The process of constructing a custom identity header and pushing data into the additional space includes: parsing the external header of the preset tunnel communication protocol to locate the starting offset position of the internal payload; inserting an identifier byte before the starting offset position to declare the existence of the custom extension field; performing binary serialization on the temporary identity credential to generate a credential payload sequence and converting the expiration timestamp to network byte order; concatenating the credential payload sequence and the converted expiration timestamp into a combined identity data block; calculating the cyclic redundancy check (CRC) code of the combined identity data block and appending it to the end of the combined identity data block, which is then used to fill the custom extension field to form the custom identity header. Strict byte order conversion and CRC appending to the extension field ensure the integrity and parsing accuracy of the identity data during complex cross-cloud tunnel transmission.

[0008] The process of calculating the safety redundancy time by combining the next scheduled retry time and the currently estimated cross-cloud round-trip time includes: reading the absolute physical timestamp of the current system; obtaining the exponential backoff interval associated with the current retransmission count, and adding the absolute physical timestamp and the exponential backoff interval to obtain the next scheduled retry time; extracting the smoothed round-trip time metric maintained by the underlying network protocol stack as the currently estimated cross-cloud round-trip time; calculating the difference between the failure timestamp and the next scheduled retry time, and subtracting half of the currently estimated cross-cloud round-trip time and the preset network jitter tolerance time to obtain the safety redundancy time. By introducing the physical timestamp and the actual round-trip delay data maintained by the underlying protocol stack, high-precision dynamic forward-looking prediction of the validity of credentials when a request arrives at the other end is possible.

[0009] The process of obtaining the exponential backoff interval associated with the current retransmission count and extracting the smooth round-trip time metric includes: calling the system interface to extract the connection measurement state variables provided by the retransmission timer module of the underlying protocol stack; reading the historical transmission delay values ​​updated using the exponentially weighted moving average algorithm from the connection measurement state variables and assigning these historical transmission delay values ​​to the smooth round-trip time metric; constructing the base backoff interval using arithmetic shift operations based on the pre-set initial retry base parameter and the exponent representing the current retransmission round; obtaining the random time deviation value output by the pseudo-random number generator built into the underlying system, superimposing the random time deviation value onto the base backoff time to form an exponential backoff interval with time-domain random distribution characteristics, and writing this exponential backoff interval into the control register of the retransmission timer module. Introducing pseudo-random deviation into the backoff algorithm avoids instantaneous network congestion caused by a large number of backlogged requests being retransmitted concurrently at the same microsecond level.

[0010] The process of intercepting and circuit-breaking the retry action of the cross-cloud network request and initiating an asynchronous token refresh protocol request to the peer includes: calling system call interfaces to modify the state machine configuration of the socket in the underlying kernel protocol stack, preventing the transmission of suspended cross-cloud service packets triggered by the retransmission timer; constructing a state probe message containing only protocol header fields and not application layer payload data; filling the option field of the state probe message with the identifier of the temporary identity credential and the signaling flag indicating the renewal request, generating an asynchronous token refresh protocol request containing only credential exchange signaling; controlling the underlying network interface device to send the asynchronous token refresh protocol request to the peer gateway and start the corresponding signaling wait timer; directly intervening in the socket state machine at the underlying protocol stack to intercept retransmissions and constructing a low-overhead empty message for signaling interaction, reducing the occupancy rate of cross-cloud physical bandwidth during the credential renewal process.

[0011] The process of releasing and retransmitting suspended packets after obtaining a new expiration timestamp, updating the kernel hash table, and then retrieving them includes: receiving a refresh confirmation message from the peer gateway before the signaling wait timer expires; extracting the updated identity credentials and new expiration timestamp carried in the refresh confirmation message; replacing the old state entry corresponding to the identifier in the kernel hash table with the updated identity credentials and new expiration timestamp; calling a kernel hook function to release the socket from its suspended blocking state, resetting the network connection layer's congestion control window to a preset initial size, and clearing the backoff index register that maintains the current retransmission state to reset the retry counter; extracting the suspended cross-cloud service packets, rewriting the packet header using the updated identity credentials and new expiration timestamp, and re-pushing the rewritten packets back into the protocol stack's send queue to execute the network interface card output logic. By rewriting the packet header and precisely resetting the congestion control window at the kernel level, it ensures that renewed service packets can be smoothly injected into the transmission link with optimal network transmission conditions.

[0012] The process of detecting cross-cloud network link timeout anomalies causing cross-cloud service packet suspension includes: monitoring the transmission control protocol stack state machine within the cross-cloud edge gateway; capturing the underlying interrupt event triggered by the transport layer due to the lack of acknowledgment from the peer, causing the retransmission timer to time out; converting the underlying interrupt event into an application-layer-aware link timeout anomaly signal and transmitting it to the identity-aware retry controller; triggering polling scan logic for the suspended queue based on the link timeout anomaly signal; and establishing a signal transmission channel from the underlying hardware interrupt to the application-layer controller, achieving highly sensitive perception and rapid response to minor fluctuations in the cross-cloud network.

[0013] The process of obtaining temporary identity credentials for a microservice instance currently making a cross-cloud network request includes: intercepting the domain name resolution request issued by the microservice instance; extracting the target address from the domain name resolution request; and, if the target address belongs to the cross-cloud service domain, initiating an identity proxy request to the Federal Identity Authentication Center; receiving the digital authentication signature returned by the Federal Identity Authentication Center; parsing out the temporary identity credentials containing restricted access permissions and lifespan; and storing them in local memory. Through seamless interception and proxy authentication interaction at the domain name resolution level, microservices can automatically obtain legitimate cross-cloud identities without modifying their own business code.

[0014] This application also provides an electronic device, including a memory and a processor. The memory stores a computer program, which, when run by the processor, executes the aforementioned cross-cloud fault-tolerant network method based on eBPF and federated identity. The collaborative operation of the hardware processor and the computer program can efficiently and stably maintain high-concurrency communication and fault-tolerant scheduling under a cross-cloud architecture.

[0015] This application also provides a computer-readable storage medium storing a computer program that, when executed by a processor, performs the aforementioned cross-cloud fault tolerance method based on eBPF and federated identity. By codifying the fault tolerance method logic and embedding it in the storage medium, any compatible hardware platform can achieve high-concurrency communication and fault-tolerant scheduling under a cross-cloud architecture. Attached Figure Description

[0016] Figure 1 This is a flowchart of a cross-cloud fault tolerance method based on eBPF and federated identity driven by an embodiment of the present invention.

[0017] Figure 2 This is a logical structure block diagram of the electronic device provided in the embodiments of the present invention.

[0018] Explanation of reference numerals in the attached diagram: 201-Processor, 202-Memory, 203-Communication interface. Detailed Implementation

[0019] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. All other embodiments obtained by those skilled in the art based on the embodiments of this application without creative effort are within the scope of protection of this application.

[0020] This paper describes the hardware foundation, operating environment, and communication architecture of the cross-cloud edge gateway upon which this embodiment relies. Internally, the cross-cloud edge gateway interconnects three core functional modules via a high-speed system bus: a federated identity broker, an eBPF data plane bridge, and an identity-aware retry controller. The underlying operation of this cross-cloud edge gateway relies on the Linux operating system kernel network stack. To ensure system stability in high-concurrency cross-cloud packet processing scenarios, the gateway utilizes the operating system's underlying memory allocation mechanism to manage network buffer data structures, avoiding kernel crashes caused by memory fragmentation. The cross-cloud edge gateway is also equipped with a high-performance network interface card (NIC) driver module, which is responsible for zero-copy data interaction between the underlying physical electrical signals and the operating system kernel protocol stack. In terms of the macro-level cross-cloud architecture, a cloud-based identity access management system providing authentication is deployed on the public cloud. This system has a comprehensive public key certificate management and authentication issuance system, responsible for verifying and issuing cross-cloud interoperability commands. This hardware-software co-engineering architecture constitutes the physical foundation for the stable execution of the method described in this application.

[0021] Figure 1 This is a flowchart of a cross-cloud network fault tolerance method based on eBPF and federated identity driven by an embodiment of the present invention. This method resolves network retry storms through system kernel-level packet operations and an identity-constrained time scheduling algorithm. Specifically, it includes the following execution steps:

[0022] Step S101: Obtain the temporary identity credentials of the microservice instance that is currently issuing the cross-cloud network request.

[0023] The federated identity proxy is primarily deployed in the user space of the operating system. When a microservice instance within a private cloud cluster issues a cross-cloud domain name resolution request, the federated identity proxy intercepts the request and extracts the target address. If the target address is determined to belong to a cross-cloud service domain, an identity proxy request is initiated to the locally deployed federated identity authentication center. In this embodiment, the local identity authentication center is represented by a local identity authentication server within the private cloud cluster. A bidirectional transport layer secure authentication and encryption connection is established between the federated identity proxy and the local identity authentication server to ensure the security of the internal credential request link, thereby obtaining a temporary identity credential representing the microservice instance's identity, specifically X.509SVID (SPIFFE Verifiable Identity Document). The OIDC (OpenID Connect) client included within the federated identity proxy uses the obtained temporary identity credential to initiate a token exchange request to the cloud-based identity access management system of the peer cluster, receiving and parsing the temporary identity credential containing restricted access permissions and a lifespan, and storing it in local memory. This temporary identity credential is essentially a security token service credential. In this embodiment, after string truncation, the credential is presented as a short UUID (Universally Unique Identifier) ​​identifier.

[0024] Step S102: Intercept cross-cloud network requests in kernel mode, match temporary identity credentials and their corresponding expiration timestamps in the kernel hash table according to the request characteristics, extend the data packet header and inject a custom identity tag header containing temporary identity credentials and expiration timestamps, form a cross-cloud service message and then encapsulate and send it through tunnel.

[0025] The eBPF data plane bridge, acting as a programmable kernel filtering mechanism, is mounted on the traffic control entry and exit hook points of the operating system kernel's network subsystem. This allows the bridge to perform deep probing and modification of network packets in kernel mode before they leave the local network interface card (NIC). The system predefines a hash table-type kernel structure in kernel mode. The keys of this hash table are configured as the network four-tuple characteristics of the source microservice: source IP address, source port, destination IP address, and destination port. The values ​​of the hash table store the temporary identity credentials obtained by the federated identity broker and their corresponding expiration timestamps.

[0026] When a cross-cloud network request flows through the network protocol stack, the eBPF data plane bridge mounted at the bottom layer of the network protocol stack extracts the source and destination address characteristics of the cross-cloud network request. These characteristics are then used as keys to query the kernel hash table to extract the corresponding temporary identity credential and expiration timestamp. Upon successful matching, the eBPF program calls the kernel packet adjustment function to operate on the packet socket buffer, allocating an additional space of a preset length between the network layer IPv4 header and the transport layer TCP header of the cross-cloud network request. In this embodiment, the preset length of this additional space is strictly defined as a 16-byte identity tag header.

[0027] The system constructs a custom identity header within the allocated additional space and pushes the data into it. The specific process includes: parsing the external header of the preset tunnel communication protocol to locate the starting offset of the internal payload; inserting an identifier byte before the starting offset to declare the existence of the custom extension field; performing binary serialization on the extracted temporary identity credential to generate a credential payload sequence, while converting the expiration timestamp from host byte order to network byte order to adapt to cross-platform transmission; concatenating the credential payload sequence and the converted expiration timestamp into a combined identity data block; calculating the cyclic redundancy check (CRC) code of the combined identity data block and appending it to the end of the combined identity data block, which is then used to fill the custom extension field to form the custom identity header. Specifically, the custom identity header contains a 12-byte identifier and a 4-byte token lifetime check bit. The preset tunnel communication protocol is used to encapsulate the message after adding the custom identity header. In this embodiment, the underlying tunnel encapsulation mechanism is taken over by the Virtual Private Network (VPN) module, which uses a modified preset network tunnel protocol to encapsulate the data packet using the User Datagram Protocol (UDP) tunnel, generating the final cross-cloud service message and sending it. By using eBPF kernel-mode identity injection technology, identity metadata is directly pushed into the outer protocol reserved extension header, enabling zero-trust network routing interaction that is independent of IP routing addressing.

[0028] Step S103: When an abnormal cross-cloud network link timeout is detected, causing cross-cloud service packets to be suspended, an abnormal signal is captured.

[0029] The identity-aware retry controller internally includes a circular buffer built based on a time-round algorithm. This controller is logically connected between the eBPF interception layer and the virtual private network tunnel packet layer. The system monitors the transport control protocol stack state machine within the cross-cloud edge gateway to capture low-level interrupt events triggered by the transport layer's retransmission timer timing out due to lack of acknowledgment from the peer. The system translates these low-level hardware interrupt events into application-layer-aware link timeout anomaly signals and transmits them to the identity-aware retry controller. Based on these link timeout anomaly signals, a polling scan logic is triggered for the suspended queue, performing a unified queuing operation on the network packets suspended at the lower level.

[0030] Step S104: Obtain the expiration timestamp carried by the suspended cross-cloud service message, and calculate the security redundancy time of the temporary identity credential when the message is expected to arrive at the other end, in combination with the next scheduled retry time and the currently estimated cross-cloud round-trip time.

[0031] The system introduces a mandatory identity constraint model to execute network fault tolerance prediction logic. It retrieves the expiration timestamp of the temporary identity token corresponding to the currently backlogged service packets from the extended header of the suspended cross-cloud service packets, or by looking up the kernel hash table. This expiration timestamp variable is defined as T. expire Read the current system's absolute physical timestamp and define this physical timestamp variable as t. current .

[0032] The system calculates the remaining validity period of the temporary identity credential using the following formula: subtract the expiration timestamp from the current absolute physical time.

[0033]

[0034] Wherein, the TTL variable represents the remaining valid lifespan of the temporary identity credential, preferably in milliseconds; T expire The variable t represents the absolute expiration date of the credential's registration in the peer's identity access management system; current The variable represents the current physical time of the local system when this calculation is performed. In this embodiment, the lifespan of the temporary identity credential is set to 5 minutes.

[0035] Calculate the next scheduled retry time. The system call extracts the connection measurement status variable provided by the retransmission timer module of the underlying protocol stack from the system interface, and obtains the exponential backoff interval time associated with the current retransmission count based on this. The calculation logic of the exponential backoff interval time is implemented through the following formula: multiply the pre-set basic backoff delay constant by 2 raised to the power of the current retransmission count, and then add the random time deviation value:

[0036]

[0037] Among them, t retry (k) represents the backoff waiting time interval calculated for the k-th retry; a represents the pre-set basic backoff delay constant, whose typical value range can be set from 100 milliseconds to 300 milliseconds, and is preferably 200 milliseconds in this embodiment; k represents the number of times the current request has been retransmitted; R represents the random time deviation value output by the pseudo-random number generator built into the underlying system, which is used to increase the random distribution characteristics in the time domain, and its value range is preferably 0 to 50 milliseconds.

[0038] The logic for the next scheduled retry time is implemented using the following formula: the absolute physical time of the current system is added to the exponential backoff interval to obtain the scheduled time for issuing the instruction.

[0039]

[0040] Among them, t next The variable t represents the exact physical moment when the controller plans to issue a retransmission command in the future; current The variable t represents the current time. retry (k) variable represents the exponential backoff interval time.

[0041] The system extracts the smoothed round-trip time (RTT) metric maintained by the underlying network protocol stack as the current estimated cross-cloud RTT. The system reads historical transmission delay values ​​updated using an exponentially weighted moving average algorithm from the connection measurement state variables and assigns these historical transmission delay values ​​to the smoothed RTT metric. The specific statistical algorithm, filtering mechanism, and anomaly removal logic for calculating the RTT metric using the historical sliding window are as follows: The system maintains a fixed-length circular queue in the kernel to record the most recent consecutive transmission acknowledgment time differences. For each newly collected RTT sample, the system uses a standard deviation threshold filter to determine anomaly removal logic; when a single sampling deviation exceeds three times the standard deviation of the historical sliding window mean, it is judged as an anomaly caused by physical route switching and discarded. For valid samples that pass the filter, the system uses an exponentially weighted moving average algorithm to calculate the latest smoothed RTT. Through multi-level filtering and statistical algorithms, the estimated cross-cloud RTT can be ensured to accurately reflect the current physical link's throughput capacity.

[0042] The system combines the above variables to calculate the security redundancy time of the temporary identity credential when the message is expected to reach the other end. This security redundancy time is calculated using the following formula: the absolute timestamp of credential expiration minus the sum of the next scheduled retry time and the current estimated cross-cloud round-trip time.

[0043]

[0044] in, The variable T represents the security redundancy time tolerance for identity credentials when they reach the peer after completing an expected cross-cloud communication; expire The variable t represents the absolute timestamp of the voucher's expiration. next The variable represents the next scheduled retry time; RTT est The variable represents the current cross-cloud round-trip time estimate calculated by the system based on historical sliding windows. RTT in the formula... est At the macro-prediction algorithm level, it comprehensively reflects the integrated adjustment characteristics of the network's basic round-trip time and the system's tolerance time for network jitter.

[0045] Step S105: Based on the numerical range of the safety redundancy time, perform conditional branch determination and implement the state-based joint circuit breaker and asynchronous renewal mechanism.

[0046] The controller executes the predictive traffic splitting logic based on the calculated safety redundancy time:

[0047] When safety redundancy time When the timer expires, it indicates that the remaining time of the current identity token is sufficient to support the request to legally reach the peer cloud and complete authentication in the next retransmission. Under this condition, the system performs the normal exponential backoff retry message delivery, that is, writes the exponential backoff interval into the control register of the retransmission timer module, and sends the suspended cross-cloud service message according to the original plan after the timer expires.

[0048] When safety redundancy time This indicates that if the message is retried at the next scheduled time, the temporary identity credential attached to the request will have expired by the time it reaches the peer public cloud gateway, thus being forcibly rejected and triggering an authentication storm. The controller immediately intervenes, intercepting and circuit-breaking the retransmission of the cross-cloud network request message, and initiating an asynchronous token refresh protocol to obtain a new credential.

[0049] The system call interface modifies the state machine configuration of the TCP socket in the underlying kernel protocol stack, forcibly setting the socket state to a suspended and blocked state, preventing the transmission process triggered by the retransmission timer. The system constructs a state probe message containing only protocol header fields and no application layer payload data. The options field of the state probe message is filled with the identifier of the temporary identity credential and a signaling flag indicating a renewal request, thereby generating an asynchronous token refresh protocol request containing only credential exchange signaling. The system controls the underlying network interface card (NIC) device to send the asynchronous token refresh protocol request to the peer gateway via a public network backup link or while waiting for the border gateway protocol route to recover, and synchronously starts the corresponding signaling wait timer.

[0050] Before the signaling wait timer expires, a refresh confirmation message is received from the peer gateway. The system extracts the updated identity credentials and new expiration timestamp carried in the refresh confirmation message. The system replaces the old state entries corresponding to the original identifiers in the kernel hash table with the updated identity credentials and new expiration timestamp. After completing the hash table update, the system calls the kernel hook function to release the previously suspended blocking state of the socket and resets the congestion control window of the network connection layer to the preset initial size to avoid window calculation errors caused by long-term suspension. The backoff index register that maintains the current retransmission state is cleared to reset the retry counter k=0. The system extracts the suspended cross-cloud service packets, overwrites the custom identity label header of the data packets with the updated identity credentials and new expiration timestamp, and pushes the rewritten packets back into the protocol stack send queue to execute the network card output logic. Through this joint circuit breaker design of network state and identity state, the cross-cloud authentication avalanche defect caused by retransmitting expired requests after a long network outage is fundamentally solved.

[0051] The method provided in this embodiment breaks through the limitations of blind retries in traditional network layers by mapping and associating application-layer identity lifecycle data with network packet flows at the data link layer. Combined with a precise statistical algorithm for link historical transmission delays and a lightweight asynchronous token refresh mechanism, it ensures that after a physical interruption and recovery of the cross-cloud link, backlogged requests have a valid authentication status upon arrival at the target end, thus improving system robustness and network fault tolerance efficiency in hybrid heterogeneous cloud architectures.

[0052] Figure 2 This is a logical structure block diagram of the electronic device provided in an embodiment of the present invention. The electronic device can be deployed and configured as a cross-cloud edge gateway node at the aforementioned cross-cloud boundary, used to execute a network cross-cloud fault tolerance method based on eBPF and federated identity.

[0053] The electronic device includes a processor 201, a memory 202, and a communication interface 203. The processor 201, the memory 202, and the communication interface 203 communicate and are electrically connected via an internal high-speed system bus.

[0054] The memory 202 serves as a computer-readable storage medium for storing various types of data and computer programs that support the operation of electronic devices. In this embodiment, the memory 202 can be volatile memory, non-volatile memory, or a combination of both. The memory is internally divided into specific kernel-mode and user-mode runtime spaces, which are used to store and maintain the network protocol stack data structures of the operating system and the runtime context of the federated identity agent, respectively.

[0055] Processor 201 is the core control and computing unit of the electronic device, and it can be composed of a central processing unit, a network processor, an application-specific integrated circuit, or other hardware chips with instruction set execution capabilities. Processor 201 runs the computer program stored in memory 202 to call the underlying kernel interface and execute the various calculation and scheduling steps in the above method embodiments. Processor 201 is responsible for constructing and querying the kernel hash table, calling the time wheel algorithm to calculate the safety redundancy time parameter, parsing and executing filtering mathematical operations involving exponentially weighted moving averages, and dynamically modifying the underlying socket state machine based on the judgment result of the safety redundancy time to implement the state-joint circuit breaker logic.

[0056] Communication interface 203 includes a high-performance network interface card (NIC) driver module and a corresponding physical Ethernet port. Under the scheduling and control of processor 201, it is responsible for receiving and sending cross-cloud network requests between the private cloud and the public cloud, tunnel-encapsulated cross-cloud service messages, and asynchronous token refresh protocol request signaling. Communication interface 203 can support gigabit and higher-speed network throughput, ensuring that data plane traffic can still be injected into the physical communication link with low latency after undergoing eBPF header extension operations.

[0057] By leveraging the efficient operation of a specific computer program in conjunction with processor 201 and memory 202, this electronic device possesses the ability to cross heterogeneous network boundaries, automatically anticipate identity expiration risks, and execute intelligent circuit breaker renewals, thus ensuring the stability of high-concurrency cross-cloud services at the hardware level. The specific hardware model and memory capacity of the aforementioned electronic device are merely illustrative examples. Those skilled in the art can select other hardware entities with equivalent functionality to replace it based on the scale of the cloud data center and the level of network traffic. Similar alternative solutions can also achieve the method logic and fault-tolerance effects defined in this application.

[0058] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. The scope of protection of this application shall be determined by the scope of the claims.

Claims

1. A cross-cloud fault tolerance method for networks based on eBPF and federated identity, characterized in that, The method is applied to a cross-cloud edge gateway deployed at the boundary of a heterogeneous cloud, the cross-cloud edge gateway comprising a federated identity broker, an eBPF data plane bridge, and an identity-aware retry controller; the method includes: Obtain temporary identity credentials for the microservice instance currently making the cross-cloud network request; The kernel intercepts the cross-cloud network request, matches the temporary identity credential and its corresponding expiration timestamp in the kernel hash table according to the request characteristics, extends the data packet header and injects a custom identity tag header containing the temporary identity credential and expiration timestamp, forms a cross-cloud service message and then performs tunnel encapsulation and sends it. When a cross-cloud network link timeout anomaly is detected, causing the cross-cloud service message to be suspended, the expiration timestamp carried by the suspended cross-cloud service message is obtained. Combined with the next scheduled retry time and the currently estimated cross-cloud round-trip time, the security redundancy time of the temporary identity credential when the message is expected to reach the other end is calculated. If the security redundancy time is greater than or equal to 0, then the delivery will be retried according to the next predetermined retry time; If the security redundancy time is less than 0, the retry action of the cross-cloud network request is intercepted and circuit-broken. An asynchronous token refresh protocol request containing only credential exchange signaling is initiated to the peer gateway. After obtaining the new expiration timestamp and updating the kernel hash table, the suspended cross-cloud service message is released and the retry counter is reset for retransmission.

2. The cross-cloud fault tolerance method based on eBPF and federated identity as described in claim 1, characterized in that, The process of intercepting the cross-cloud network request in kernel mode, matching the temporary identity credential and its corresponding expiration timestamp in the kernel hash table based on the request characteristics, expanding the data packet header and injecting a custom identity tag header containing the temporary identity credential and expiration timestamp, forming a cross-cloud service message, and then tunneling and encapsulating it for transmission includes: Extract the source and destination address features of the cross-cloud network request; The source address and destination address features are used as keys to query the kernel hash table and extract the corresponding temporary identity credential and the expiration timestamp. The kernel function is invoked to allocate additional space of a preset byte length between the network layer header and the transport layer header of the cross-cloud network request; The custom identity tag header is constructed within the additional space, and the temporary identity credential and the expiration timestamp are pushed into the custom identity tag header; The message with the added custom identity header is encapsulated using a preset tunnel communication protocol to generate the cross-cloud service message and send it.

3. The cross-cloud fault tolerance method based on eBPF and federated identity as described in claim 2, characterized in that, The step of constructing the custom identity tag header within the additional space and pressing the temporary identity credential and the expiration timestamp into the custom identity tag header includes: The external header of the preset tunnel communication protocol is parsed to locate the starting offset position of the internal payload; Insert an identifier byte before the starting offset position to declare the existence of a custom extended field; The temporary identity credential is processed into a binary serialization sequence to generate a credential payload sequence, and the expiration timestamp is converted into network byte order; The credential payload sequence is concatenated with the converted expiration timestamp to form a joint identity data block; The cyclic redundancy check code of the combined identity data block is calculated and appended to the end of the combined identity data block, and together they are filled into the custom extension field to form the custom identity tag header.

4. The cross-cloud fault tolerance method based on eBPF and federated identity as described in claim 1, characterized in that, The calculation of the security redundancy time for the temporary identity credential when the message is expected to arrive at the peer end, by combining the next scheduled retry time and the currently estimated cross-cloud round-trip time, includes: Read the current system's absolute physical timestamp; Obtain the exponential backoff interval time associated with the current retransmission count, and add the absolute physical timestamp to the exponential backoff interval time to obtain the next predetermined retry time; Extract the smooth round-trip time metric maintained by the underlying network protocol stack as the currently estimated cross-cloud round-trip time; Calculate the difference between the failure timestamp and the next scheduled retry time, and subtract half of the currently estimated cross-cloud round-trip time and the preset network jitter tolerance time to obtain the safety redundancy time.

5. The cross-cloud fault tolerance method based on eBPF and federated identity as described in claim 4, characterized in that, Obtain the exponential backoff interval associated with the current retransmission count, and extract the smooth round-trip time metric maintained by the underlying network protocol stack, including: The system interface is called to extract the connection measurement status variables provided by the retransmission timer module of the underlying protocol stack; Read the historical transmission delay value updated using the exponentially weighted moving average algorithm from the connection measurement state variable, and assign the historical transmission delay value to the smooth round-trip time measure; For the exponential backoff interval, the basic backoff time is constructed by arithmetic shift operation based on the preset initial retry base parameter and the power exponent representing the current retransmission round. Obtain the random time deviation value output by the pseudo-random number generator built into the underlying system, superimpose the random time deviation value onto the basic backoff time to form the exponential backoff interval time with time-domain random distribution characteristics, and write the exponential backoff interval time into the control register of the retransmission timer module.

6. The cross-cloud fault tolerance method based on eBPF and federated identity as described in claim 1, characterized in that, The retry action of intercepting and circuit-breaking the cross-cloud network request, which initiates an asynchronous token refresh protocol request containing only credential exchange signaling to the peer gateway, includes: The system call interface is invoked to modify the state machine configuration of the socket in the underlying kernel protocol stack, thereby preventing the transmission process of the suspended cross-cloud service message triggered by the retransmission timer. Construct a state probe message that contains only protocol header fields and does not carry application layer payload data; The identifier of the temporary identity credential and the signaling flag indicating a renewal request are filled into the option field of the state probe message to generate the asynchronous token refresh protocol request containing only credential exchange signaling. The underlying network interface card (NIC) device is controlled to send the asynchronous token refresh protocol request to the peer gateway and start the corresponding signaling wait timer.

7. The cross-cloud fault tolerance method based on eBPF and federated identity as described in claim 6, characterized in that, After obtaining a new expiration timestamp and updating the kernel hash table, the suspended cross-cloud service message is released and the retry counter is reset for retransmission, including: Before the signaling wait timer expires, a refresh confirmation message is received from the peer gateway; Extract the updated identity credentials and the new expiration timestamp carried in the refresh confirmation message; The old state entry corresponding to the identifier in the kernel hash table is overwritten and replaced with the updated identity credential and the new expiration timestamp; The kernel hook function is called to release the socket from its suspended blocking state, the congestion control window of the network connection layer is reset to a preset initial size, and the backoff index register that maintains the current retransmission state is cleared to reset the retry counter. Extract the suspended cross-cloud service packets, overwrite the packet header using the updated identity credentials and the new expiration timestamp, and push the rewritten packets back into the protocol stack sending queue to execute the network card output logic.

8. The cross-cloud fault tolerance method based on eBPF and federated identity as described in claim 1, characterized in that, The step of obtaining the temporary identity credentials of the microservice instance currently issuing the cross-cloud network request includes: Intercept the domain name resolution request sent by the microservice instance; Extract the target address from the domain name resolution request, and when it is determined that the target address belongs to a cross-cloud service domain, initiate an identity proxy request to the Federal Identity Authentication Center; The system receives the digital authentication signature returned by the Federal Identity Authentication Center, parses out the temporary identity credential containing restricted access permissions and lifespan, and stores it in local memory.

9. An electronic device, characterized in that, include: Memory; processor; The memory stores a computer program that, when executed by the processor, performs the cross-cloud fault tolerance method based on eBPF and federated identity as described in claim 1.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, performs the cross-cloud fault tolerance method for network based on eBPF and federated identity as described in claim 1.