CN116137585B - Message forwarding method, device, computer equipment and storage medium - Google Patents

Abstract

The application discloses a message forwarding method, a message forwarding device, computer equipment and a storage medium, wherein the message forwarding method comprises the following steps: acquiring a first message sent by a user terminal; analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier; based on the first virtual network identifier and the first double-layer VLAN identifier, acquiring first pre-packaged message information, a second virtual network identifier, a public network IP address and a public network port; determining a first encapsulation message based on the first pre-encapsulation message information and the first message; NAT conversion is carried out on the first encapsulation message based on the public network IP address and the public network port so as to convert the source IP address of the first encapsulation message into the public network IP address and convert the source port into the public network port; and sending the first encapsulation message after NAT conversion to an external network server based on the second virtual network identifier. The method and the device can improve the forwarding speed of the message and reduce the forwarding cost of the message.

Description

Message forwarding method, device, computer equipment and storage medium

technical field

The present application relates to the technical field of communications, and in particular to a message forwarding method, device, computer equipment, and storage medium.

Background technique

A virtual switch (Virtual Switch, vSwitch), also known as a virtual network switch, refers to a layer 2 (and part of layer 3) network function of a physical switch that works on a layer 2 data network. Compared with a traditional physical switch, a virtual switch It has the advantages of flexible configuration, strong scalability, low cost, and high performance. However, after receiving a message, the existing virtual switch usually depackets the message layer by layer before forwarding it, and the forwarding efficiency is low.

Contents of the invention

The embodiment of the present application provides a message forwarding method, device, computer equipment, and storage medium. When forwarding a message, it is not necessary to depacketize the message layer by layer, which can increase the forwarding speed of the message and reduce the cost of the message. Forwarding costs.

On the one hand, the present application provides a message forwarding method, the message forwarding method is applied to a message forwarding device, and the message forwarding device communicates with a user terminal and an external network server respectively, and the message forwarding method includes :

Obtaining a tunnel-encapsulated first packet sent by the user terminal, where the first packet includes a first outer tunnel header and a first inner header;

Analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;

Based on the first virtual network identifier and the first double-layer VLAN identifier, obtain first pre-encapsulated message information, a second virtual network identifier, a public network IP address, and a public network port;

determining a first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet;

Perform NAT conversion on the first encapsulated packet based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated packet into the public network IP address, and convert the source IP address of the first encapsulated packet to the public network IP address, and Converting the source port of the first encapsulated message into the public network port;

Sending the NAT-translated first encapsulated packet to the external network server based on the second virtual network identifier.

In some embodiments of the present application, the message forwarding method further includes:

Obtaining a tunnel-encapsulated second message sent by the external network server, where the second message includes a second outer tunnel header and a second inner layer header;

Analyzing the second outer layer tunnel header to obtain the second virtual network identifier, and analyzing the second inner layer header to obtain a second double-layer VLAN identifier;

Based on the second virtual network identifier and the second double-layer VLAN identifier, obtain second pre-encapsulated packet information, the first virtual network identifier, private network IP address and private network port;

determining a second encapsulated packet of the second packet based on the second pre-encapsulated packet information and the second packet;

Perform NAT conversion on the second encapsulated message based on the private network IP address and the private network port, so as to convert the destination IP address of the second encapsulated message into the private network IP address, and convert the second encapsulated message to the private network IP address, Converting the destination port of the second encapsulated message into the private network port;

Sending the NAT-translated second encapsulated packet to the user terminal based on the first virtual network identifier.

In some implementations of the present application, the acquiring first pre-encapsulated message information based on the first virtual network identifier and the first double-layer VLAN identifier includes:

Determine first account information based on the first virtual network identifier and the first double-layer VLAN identifier;

Based on the first account information, first pre-encapsulated packet information is acquired.

In some embodiments of the present application, the first packet further includes an IP header, a TCP header, and packet data, and the first pre-encapsulated packet information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header, so Determining the first encapsulated message of the first message based on the first pre-encapsulated message information and the first message includes:

Obtaining an IP header, a TCP header, and packet data from the first packet;

Splicing the pre-encapsulated outer tunnel header, the pre-encapsulated inner layer header, the IP header, the TCP header, and the packet data to obtain a first encapsulated packet of the first packet .

In some embodiments of the present application, before obtaining the first pre-encapsulated packet information based on the first virtual network identifier and the first double-layer VLAN identifier, the method further includes:

Acquiring the first outer tunnel header and the first inner tunnel header;

Obtain the first account information, where the first account information includes a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information, and a dial-up identifier;

Encapsulating the first outer tunnel header based on the WAN side tunnel identifier to obtain a pre-encapsulated outer tunnel header;

Encapsulating the first inner header based on the source MAC address, the first destination MAC address, the first VLAN information and the dialing identifier to obtain a pre-encapsulated inner header.

In some embodiments of the present application, when the first message is a message encapsulated by a VXLAN tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, an outer IP header, a UDP header and VXLAN header, the first virtual network identifier is obtained by parsing the first outer layer tunnel header, including:

Obtain a VXLAN header from the first outer tunnel header;

Analyzing the VXLAN header to obtain a first virtual network identifier;

When the first message is a message encapsulated by an SRv6 tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, and an SRv6 header, and the pair of the first outer tunnel header Perform analysis to obtain the first virtual network identifier, including:

Obtain an SRv6 header from the first outer tunnel header;

The SRv6 header is parsed to obtain the first virtual network identifier.

In some embodiments of the present application, the first inner layer header includes an inner layer ETH header and an inner layer double-layer VLAN header, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier includes:

Obtain an inner layer double-layer VLAN header from the first inner layer header;

The inner double-layer VLAN header is analyzed to obtain the first double-layer VLAN identifier.

On the other hand, the present application provides a message forwarding device, the message forwarding device communicates with a user terminal and an external network server respectively, and the message forwarding device includes:

A message obtaining unit, configured to obtain a tunnel-encapsulated first message sent by the user terminal, where the first message includes a first outer tunnel header and a first inner layer header;

A message parsing unit, configured to parse the first outer tunnel header to obtain a first virtual network identifier, and parse the first inner header to obtain a first double-layer VLAN identifier;

An information acquiring unit, configured to acquire first pre-encapsulated message information, a second virtual network identifier, a public network IP address, and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier;

A packet encapsulation unit, configured to determine a first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet;

A first conversion unit, configured to perform NAT conversion on the first encapsulated message based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated message into the public network port network IP address, and converting the source port of the first encapsulated message to the public network port;

The first forwarding unit is configured to send the NAT-translated first encapsulated packet to the external network server based on the second virtual network identifier.

In some embodiments of the present application, when the first message is a message encapsulated by a VXLAN tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, an outer IP header, a UDP header and VXLAN header, the message parsing unit is specifically used for:

Obtain a VXLAN header from the first outer tunnel header;

The VXLAN header is parsed to obtain the first virtual network identifier.

In some implementations of the present application, when the first packet is a packet encapsulated by an SRv6 tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, and an SRv6 header, and the packet The text parsing unit is specifically used for:

Obtain an SRv6 header from the first outer tunnel header;

The SRv6 header is parsed to obtain the first virtual network identifier.

In some embodiments of the present application, the first inner layer header includes an inner layer ETH header and an inner layer double-layer VLAN header, and the message parsing unit is also specifically used for:

Obtain an inner layer double-layer VLAN header from the first inner layer header;

The inner double-layer VLAN header is analyzed to obtain the first double-layer VLAN identifier.

In some embodiments of the present application, the information acquisition unit is specifically used for:

Determine first account information based on the first virtual network identifier and the first double-layer VLAN identifier;

Based on the first account information, first pre-encapsulated packet information is acquired.

In some embodiments of the present application, the first packet further includes an IP header, a TCP header, and packet data, and the first pre-encapsulated packet information includes a pre-encapsulated outer tunnel header and a pre-encapsulated inner layer header, so The message encapsulation unit is specifically used for:

Obtaining an IP header, a TCP header, and packet data from the first packet;

Splicing the pre-encapsulated outer tunnel header, the pre-encapsulated inner layer header, the IP header, the TCP header, and the packet data to obtain a first encapsulated packet of the first packet .

In some embodiments of the present application, the message forwarding device further includes:

a first acquiring unit, configured to acquire the first outer tunnel header and the first inner header;

A second acquiring unit, configured to acquire the first account information, where the first account information includes a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information, and a dial-up identifier;

A first encapsulation unit, configured to encapsulate the first outer tunnel header based on the WAN-side tunnel identifier to obtain a pre-encapsulated outer tunnel header;

A second encapsulation unit, configured to encapsulate the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dial identifier, to obtain a pre-encapsulated inner layer head.

In some embodiments of the present application, the message forwarding device further includes:

A third obtaining unit, configured to obtain a tunnel-encapsulated second message sent by the external network server, where the second message includes a second outer tunnel header and a second inner layer header;

An information parsing unit, configured to parse the second outer tunnel header to obtain the second virtual network identifier, and parse the second inner header to obtain a second double-layer VLAN identifier;

A fourth acquiring unit, configured to acquire second pre-encapsulated message information, the first virtual network identifier, private network IP address and private network port based on the second virtual network identifier and the second double-layer VLAN identifier ;

A message determining unit, configured to determine a second encapsulated message of the second message based on the second pre-encapsulated message information and the second message;

The second conversion unit is configured to perform NAT conversion on the second encapsulated message based on the private network IP address and the private network port, so as to convert the destination IP address of the second encapsulated message into the private network network IP address, and converting the destination port of the second encapsulated message into the private network port;

The second forwarding unit is configured to send the NAT-translated second encapsulated packet to the user terminal based on the first virtual network identifier.

On the other hand, the present application also provides a kind of computer equipment, and described computer equipment comprises:

one or more processors;

storage; and

One or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the processor to implement the packet forwarding method described in any one of the first aspect.

In a fourth aspect, the present application also provides a computer-readable storage medium, on which a computer program is stored, and the computer program is loaded by a processor to execute the message forwarding method described in any one of the first aspect. step.

This application pre-encapsulates the first outer layer tunnel header and the first inner layer header of the first message, and after obtaining the first message, parses out the first virtual network identifier and the first double tunnel header from the first message. layer VLAN identifier, and then obtain the first pre-encapsulated packet information based on the first virtual network identifier and the first double-layer VLAN identifier, and can directly determine the first encapsulated packet of the first packet based on the first pre-encapsulated packet information, without Packets are decapsulated layer by layer to increase the speed of message forwarding and reduce the cost of message forwarding.

Description of drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can also be obtained based on these drawings without any creative effort.

FIG. 1 is a schematic diagram of a scenario of a message forwarding system provided in an embodiment of the present application;

Fig. 2 is a schematic flow chart of an embodiment of the message forwarding method provided in the embodiment of the present application;

Fig. 3 is a message structure diagram of the VXLAN tunnel encapsulation message provided in the embodiment of the present application;

Fig. 4 is a message structure diagram of the SRv6 tunnel encapsulation message provided in the embodiment of the present application;

Fig. 5 is a schematic flow chart of a specific embodiment of the message forwarding method provided in the embodiment of the present application;

FIG. 6 is a schematic structural diagram of an embodiment of a message forwarding device provided in an embodiment of the present application;

Fig. 7 is a schematic structural diagram of an embodiment of a computer device provided in the embodiment of the present application.

Detailed ways

The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without making creative efforts belong to the scope of protection of this application.

In the description of the present application, it should be understood that the terms "center", "longitudinal", "transverse", "length", "width", "thickness", "upper", "lower", "front", " The orientation or positional relationship indicated by "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc. is based on the orientation shown in the drawings Or positional relationship is only for the convenience of describing the present application and simplifying the description, but does not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and therefore should not be construed as a limitation of the present application. In addition, the terms "first", "second", and "third" are used for descriptive purposes only, and cannot be interpreted as indicating or implying relative importance or implicitly specifying the quantity of the indicated technical features. Thus, features defined as "first", "second" and "third" may explicitly or implicitly include one or more of said features. In the description of the present application, "plurality" means two or more, unless otherwise specifically defined.

In this application, the word "exemplary" is used to mean "serving as an example, illustration or illustration". Any embodiment described in this application as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. The following description is given to enable any person skilled in the art to make and use the application. In the following description, details are set forth for purposes of explanation. It should be understood that one of ordinary skill in the art would recognize that the present application may be practiced without these specific details. In other instances, well-known structures and processes are not described in detail to avoid obscuring the description of the present application with unnecessary detail. Thus, the present application is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.

It should be noted that since the methods in the embodiments of the present application are executed in computer equipment, the processing objects of each computer equipment exist in the form of data or information, such as time, which is essentially time information. It can be understood that in the subsequent embodiments If the size, quantity, location, etc. are mentioned, there are corresponding data for processing by computer equipment, and the details will not be repeated here.

Embodiments of the present application provide a message forwarding method, device, computer equipment, and storage medium, which will be described in detail below.

Please refer to FIG. 1. FIG. 1 is a schematic diagram of a scenario of a message forwarding system provided by an embodiment of the present application. The message forwarding system may include a computer device 100, a user terminal 200 and an external network server 300, and the computer device 100 and the user terminal 200 Communicatively connect with the external network server 300 respectively. A message forwarding device is integrated in the computer equipment 100, such as the computer equipment in FIG. 1 .

In the embodiment of the present application, the computer device 100 is mainly used to obtain the tunnel-encapsulated first message sent by the user terminal, the first message includes the first outer tunnel header and the first inner layer header; The first outer layer tunnel header is analyzed to obtain a first virtual network identifier, and the first inner layer header is analyzed to obtain a first double-layer VLAN identifier; based on the first virtual network identifier and the first double-layer VLAN identification, to obtain the first pre-encapsulated message information, the second virtual network identification, the public network IP address and the public network port; based on the first pre-encapsulated message information and the first message, determine the first message The first encapsulated message of the text; NAT conversion is performed on the first encapsulated message based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated message into the A public network IP address, and converting the source port of the first encapsulated message to the public network port; sending the NAT-converted first encapsulated message to the external network server based on the second virtual network identifier .

In the embodiment of the present application, the computer device 100 can be an independent server, or a server network or server cluster composed of servers, for example, the computer device 100 described in the embodiment of the present application, which includes but not limited to computers, network A host, a single web server, a collection of multiple web servers, or a cloud server composed of multiple servers. Wherein, the cloud server is composed of a large number of computers or network servers based on cloud computing (Cloud Computing).

It can be understood that the computer device 100 used in the embodiment of the present application may be a device including both receiving and transmitting hardware, that is, a device having receiving and transmitting hardware capable of performing bidirectional communication on a bidirectional communication link. Such devices may include cellular or other communication devices having a single line display or a multi-line display or a cellular or other communication device without a multi-line display. Specifically, the computer device 100 may be a desktop terminal or a mobile terminal, and the computer device 100 may also be specifically one of a mobile phone, a tablet computer, a notebook computer, and the like.

Those skilled in the art can understand that the application environment shown in Figure 1 is only an application scenario related to the solution of this application, and does not constitute a limitation on the application scenario of the solution of this application. More or fewer computer devices are shown, for example, only one computer device is shown in FIG. 1 , it can be understood that the cluster resource scheduling system may also include one or more other services, which are not specifically limited here.

In the embodiment of the present application, the user terminal 200 is a terminal located in a private network (intranet), and the user terminal 200 may be a general-purpose computer device or a dedicated computer device. In a specific implementation, the user terminal 200 may be a desktop computer, a portable computer, a network server, a PDA (Personal Digital Assistant, PDA), a mobile phone, a tablet computer, a wireless terminal device, a communication device, an embedded device, etc., and the present embodiment does not The type of the user terminal 200 is defined.

In the embodiment of the present application, the external network server 300 is a server of the external network (public network), and the external network server 300 can be an independent server, or a server network or server cluster composed of multiple servers. For example, the embodiment of the present invention The extranet server 300 described in , includes but is not limited to a computer, a web host, a single web server, a set of multiple web servers, or a cloud server composed of multiple servers. Wherein, the cloud server is composed of a large number of computers or network servers based on cloud computing (Cloud Computing).

The content of the present application will be further described below by describing the embodiments in conjunction with the accompanying drawings.

This embodiment provides a message forwarding method. The message forwarding method is applied to a message forwarding device, and the message forwarding device communicates with a user terminal and an external network server respectively, as shown in FIG. 2 . The method includes:

301. Acquire a tunnel-encapsulated first packet sent by the user terminal, where the first packet includes a first outer tunnel header and a first inner header.

The first message is the message sent by the user terminal to the external network server. The first message is a message after tunnel encapsulation using the existing tunnel technology. As shown in Figure 3, when the first message is VXLAN tunnel encapsulation For the last message, the structure of the first message includes the outer ETH header, the outer VLAN header, the outer IP header, the UDP header, the VXLAN header, the inner ETH header, and the inner double-layer VLAN header from outside to inside. , PPPOE header, inner layer IP header, TCP header, and packet data; as shown in Figure 4, when the first packet is a packet encapsulated by an SRv6 tunnel, the structure of the first packet includes the outer Layer ETH header, outer VLAN header, SRv6 header, inner ETH header, inner double VLAN header, inner IP header, TCP header and message data.

Wherein, when the first message is a message encapsulated by a VXLAN tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, an outer IP header, a UDP header and a VXLAN header of the first message, The first inner layer header includes the inner layer ETH header of the first packet, the inner layer double-layer VLAN header, and the PPPOE header; when the first packet is an SRv6 tunnel-encapsulated packet, the first outer layer tunnel header includes the first The outer ETH header, the outer VLAN header, the outer IP header, the UDP header and the VXLAN header of the message, and the first inner header includes the inner ETH header and the inner double-layer VLAN header of the first message.

302. Parse the first outer tunnel header to obtain a first virtual network identifier, and analyze the first inner tunnel header to obtain a first double-layer VLAN identifier.

The first virtual network identifier is the identifier parsed from the first outer tunnel header, the first double-layer VLAN identifier is the identifier parsed from the inner double-layer VLAN header of the first inner header, and the first virtual network identifier is and the first double-layer VLAN identifier can uniquely identify the first packet.

Among them, the first double-layer VLAN ID is QinQ ID. QinQ is also called Stacked VLAN or Double VLAN. The standard comes from IEEE 802.1ad, which encapsulates the user private network VLANTag in the public network VLAN Tag, so that the message carries two layers of VLAN Tags traverse the carrier's backbone network (public network).

The first virtual network identifier varies with the tunnel encapsulation scenarios of the first packet. For example, when the first packet is a packet encapsulated by a VXLAN tunnel, the first virtual network identifier is VNI, VNI (VxLAN Network Identifier, VxLAN The network identifier) is the virtual scalable local area network identifier (virtual network identifier) corresponding to the user-side device; when the first packet is a packet encapsulated by an SRv6 tunnel, the first virtual network identifier is a DIP6 identifier.

303. Based on the first virtual network identifier and the first double-layer VLAN identifier, obtain first pre-encapsulated packet information, a second virtual network identifier, a public network IP address, and a public network port.

The first pre-encapsulated packet information includes a pre-encapsulated first outer layer tunnel header and a pre-encapsulated first inner layer header, and the second virtual network identifier is a virtual network identifier for forwarding the first packet. The public network IP address is the public network IP address allocated when the user terminal accesses the external network server, and the public network port is the public network port allocated when the user terminal accesses the external network server.

In this embodiment, after parsing the first virtual network identifier and the first double-layer VLAN identifier from the first message, the first pre-encapsulated message information, the second The virtual network identifier, the public network IP address and the public network port, so that in subsequent steps, the message can be forwarded based on the first pre-encapsulated message information, the second virtual network identifier, the public network IP address and the public network port.

304. Determine a first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet.

The first encapsulated packet is the encapsulated first packet. Since the first pre-encapsulated packet information includes the pre-encapsulated first outer layer tunnel header and the pre-encapsulated first inner layer header, this embodiment obtains the first After the pre-encapsulated message information, the encapsulated message of the first message can be determined directly based on the first pre-encapsulated message information, without depacketizing the message layer by layer, and the message forwarding speed is fast.

305. Perform NAT conversion on the first encapsulated packet based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated packet into the public network IP address, and Converting the source port of the first encapsulated packet into the public network port.

NAT can be divided into PAT (Port Address Translation, address translation with port) and NO-PAT (NotPort Address Translation, address translation without port). Among them, in NO-PAT mode, one public network IP address can only be allocated to one private network IP address for conversion at the same time; while in PAT mode, one public network IP address can be allocated to multiple private network IP addresses at the same time. The NAT in this application refers to the PAT mode.

In this embodiment, after determining the first encapsulated message of the first message, NAT conversion is performed on the first encapsulated message based on the public network IP address and the public network port determined in step S303, and the source IP address of the first encapsulated message is Converting to a public network IP address, and converting the source port of the first encapsulated packet to a public network port.

306. Send the NAT-translated first encapsulated packet to the external network server based on the second virtual network identifier.

After performing NAT conversion on the first encapsulated message, the first encapsulated message after NAT conversion can be sent to the external network server based on the second virtual network identifier, because there is no need to unpack the message layer by layer during the message forwarding process Packet, message forwarding speed is fast, message forwarding cost is low.

In a specific implementation manner, the message forwarding method may also include the following steps 307-312, specifically as follows:

307. Obtain a tunnel-encapsulated second packet sent by the external network server, where the second packet includes a second outer tunnel header and a second inner layer header;

308. Analyze the second outer tunnel header to obtain the second virtual network identifier, and analyze the second inner header to obtain a second double-layer VLAN identifier;

309. Based on the second virtual network identifier and the second double-layer VLAN identifier, obtain second pre-encapsulated packet information, the first virtual network identifier, a private network IP address, and a private network port;

310. Determine a second encapsulated packet of the second packet based on the second pre-encapsulated packet information and the second packet;

311. Perform NAT conversion on the second encapsulated packet based on the private network IP address and the private network port, so as to convert the destination IP address of the second encapsulated packet into the private network IP address, and converting the destination port of the second encapsulated message into the private network port;

312. Send the NAT-translated second encapsulated packet to the user terminal based on the first virtual network identifier.

The second message is a message sent by the external network server to the user terminal. The second message is a message after tunnel encapsulation using the existing tunneling technology. It is similar to the first message. When the second message is a VXLAN tunnel For the encapsulated message, the structure of the second message includes the outer ETH header, outer VLAN header, outer IP header, UDP header, VXLAN header, inner ETH header, and inner double-layer VLAN from outside to inside. header, PPPOE header, inner IP header, TCP header, and packet data; when the second packet is a packet encapsulated by an SRv6 tunnel, the structure of the second packet includes the outer ETH header, outer Layer VLAN header, SRv6 header, inner ETH header, inner double VLAN header, inner IP header, TCP header and message data.

When the second packet is a packet encapsulated by a VXLAN tunnel, the second outer tunnel header includes the outer ETH header, outer VLAN header, outer IP header, UDP header, and VXLAN header of the second packet. The inner layer header includes the inner layer ETH header of the second packet, the inner layer double-layer VLAN header and the PPPOE header; when the second packet is a packet encapsulated by an SRv6 tunnel, the second outer layer tunnel header includes the second packet The outer ETH header, the outer VLAN header, the outer IP header, the UDP header and the VXLAN header, and the second inner header includes the inner ETH header and the inner double-layer VLAN header of the second message.

The second pre-encapsulated message information includes the pre-encapsulated second outer layer tunnel header and the pre-encapsulated second inner layer header, which is similar to the steps of the user terminal sending the first message to the external network server. When the external network server sends When the user terminal sends the second message, the message forwarding device obtains the tunnel-encapsulated second message sent by the external network server, analyzes the second outer tunnel header of the second message to obtain the second virtual network identifier, and Analyzing the second inner layer header of the second message to obtain a second double-layer VLAN identifier, and then obtaining the second pre-encapsulated message information and the first virtual network identifier based on the second virtual network identifier and the second double-layer VLAN identifier , private network IP address and private network port, and based on the second pre-encapsulated message information and the second message, determine the second encapsulated message of the second message, and then based on the private network IP address and private network port for the second Perform NAT conversion on the encapsulated message, convert the destination IP address of the second encapsulated message into a private network IP address, and convert the destination port of the second encapsulated message into a private network port, and finally perform NAT conversion based on the first virtual network identifier The subsequent second encapsulated packet is sent to the user terminal.

Wherein, the refinement steps in steps 307-312 are the same as the refinement steps in steps 301-306, for details, please refer to the refinement steps in steps 301-306, which will not be repeated in this application.

In a specific implementation manner, as shown in FIG. 5, when the first packet is a packet encapsulated by a VXLAN tunnel, the first outer tunnel header is analyzed in step 302 to obtain the first virtual tunnel header. The network identification may include the following steps 401-402, specifically as follows:

401. Obtain a VXLAN header from the first outer tunnel header;

402. Analyze the VXLAN header to obtain a first virtual network identifier.

When the first packet is a packet encapsulated by a VXLAN tunnel, the packet structure of the first packet is shown in Figure 3. The first outer tunnel header includes an outer ETH header, an outer VLAN header, and an outer IP header. , UDP header and VXLAN header, when parsing the first outer tunnel header, first obtain the VXLAN header from the first outer tunnel header, and then parse the VXLAN header to obtain the first virtual network identifier.

In a specific implementation manner, when the first message is a message encapsulated by an SRv6 tunnel, parsing the first outer tunnel header in step 302 to obtain a first virtual network identifier may include the following Steps 403-404 are as follows:

401. Obtain an SRv6 header from the first outer tunnel header;

402. Parse the SRv6 header to obtain a first virtual network identifier.

When the first packet is a packet encapsulated by an SRv6 tunnel, the packet structure of the first packet is shown in Figure 4. The first outer tunnel header includes an outer ETH header, an outer VLAN header, and an SRv6 header. When parsing the first outer tunnel header, first obtain the SRv6 header from the first outer tunnel header, and then parse the SRv6 header to obtain the first virtual network identifier.

In a specific implementation manner, the first inner layer header includes an inner layer ETH header and an inner layer double-layer VLAN header, as shown in FIG. 5 , the first inner layer header is analyzed in step 302 to obtain The first double-layer VLAN identification may include the following steps 405-406, specifically as follows:

405. Obtain an inner double-layer VLAN header from the first inner header;

406. Analyze the inner double-layer VLAN header to obtain a first double-layer VLAN identifier.

As shown in Figures 3 and 4, the first inner layer header includes an inner layer ETH header and an inner layer double-layer VLAN header, and the first double-layer VLAN tag is parsed from the inner double-layer VLAN header of the first inner layer header logo. Correspondingly, the step of parsing the first inner layer header specifically includes: obtaining the inner layer double-layer VLAN header from the first inner layer header, analyzing the inner layer double-layer VLAN header, and obtaining the first double-layer VLAN identifier.

In a specific implementation manner, the acquisition of the first pre-encapsulated message information based on the first virtual network identifier and the first double-layer VLAN identifier in step 303 may include the following steps 407-408, specifically as follows:

407. Determine first account information based on the first virtual network identifier and the first double-layer VLAN identifier;

408. Acquire first pre-encapsulated packet information based on the first account information.

Each virtual network identifier and double-layer VLAN identifier have corresponding account information, the first account information is the account information corresponding to the first virtual network identifier and the first double-layer VLAN identifier, and the first pre-encapsulated message information and the first account information Information correspondence. In this embodiment, when the first pre-encapsulated packet information is obtained based on the first virtual network identifier and the first double-layer VLAN identifier, the first account information is first determined based on the first virtual network identifier and the first double-layer VLAN identifier, and then based on the second Account information to obtain the first pre-encapsulated packet information.

In a specific implementation manner, the first message also includes an IP header, a TCP header and message data, and the first pre-encapsulated message information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header. Continue referring to As shown in FIG. 5, determining the first encapsulated message of the first message based on the first pre-encapsulated message information and the first message in step 304 may include the following steps 409-410, details as follows:

409. Obtain an IP header, a TCP header, and packet data from the first packet;

410. Splice the pre-encapsulated outer tunnel header, the pre-encapsulated inner layer header, the IP header, the TCP header, and the packet data to obtain a first encapsulation of the first packet message.

Continuing to refer to FIG. 3 and FIG. 4 , in addition to the first outer layer tunnel header and the first inner layer header, the first packet also includes an IP header, a TCP header and packet data. The first pre-encapsulated packet information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header, the pre-encapsulated outer layer tunnel header is the pre-encapsulated first outer layer tunnel header, and the pre-encapsulated inner layer header is the pre-encapsulated first An inner header.

When this embodiment determines the first encapsulated message based on the first pre-encapsulated message information and the first message, the IP header, TCP header and message data are first obtained from the first message, and then the pre-encapsulated outer layer tunnel header , pre-encapsulated inner layer header, IP header, TCP header and packet data are spliced to obtain the first encapsulated packet, that is, the first encapsulated packet.

In a specific implementation manner, before obtaining the first pre-encapsulated packet information based on the first virtual network identifier and the first double-layer VLAN identifier in step 303, the following steps 411-414 may be included, specifically as follows :

411. Acquire the first outer tunnel header and the first inner tunnel header;

412. Acquire the first account information, where the first account information includes a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information, and a dialup identifier;

413. Encapsulate the first outer tunnel header based on the WAN-side tunnel identifier to obtain a pre-encapsulated outer tunnel header;

414. Encapsulate the first inner header based on the source MAC address, the first destination MAC address, the first VLAN information, and the dial identifier, to obtain a pre-encapsulated inner header.

Before obtaining the first pre-encapsulated packet information, it is necessary to pre-encapsulate the first outer tunnel header and the first inner layer header. As shown in Table 1, the pre-encapsulation of the first outer tunnel header requires the WAN-side tunnel identifier (WAN-side tunnel VNI), and the pre-encapsulation of the first inner-layer header requires the source MAC address (the MAC address of the WAN-side sub-interface of the vCPE device), destination MAC address (WAN layer gateway MAC address obtained by pppoe dial-up), VLAN information and dial-up identifier (dial-up unique identifier pppoe_sid obtained by pppoe dial-up).

Table 1 Information required to encapsulate the outer tunnel header and the inner header

The first account information obtained in this embodiment includes the WAN side tunnel identifier, source MAC address, first destination MAC address, first VLAN information, and dial-up identifier, when encapsulating the first outer tunnel header and the first inner header , which is based on the WAN-side tunnel identifier to encapsulate the first outer tunnel header to obtain a pre-encapsulated outer tunnel header, and at the same time, based on the source MAC address, the first destination MAC address, the first VLAN information, and the dial identifier Encapsulation is performed to obtain a pre-encapsulated inner layer header.

Continuing to refer to Table 1, before obtaining the second pre-encapsulated packet information in step S309, the second account information needs to be obtained, and the second account information includes the LAN side tunnel identifier, the source MAC address, and the second destination MAC address (the terminal under the account MAC address of the device) and the second VLAN information, and then based on the LAN side tunnel identifier, the second outer tunnel header is encapsulated to obtain the pre-encapsulated second outer tunnel header, and at the same time based on the source MAC address, the second destination MAC address and The second VLAN information encapsulates the second inner header to obtain the pre-encapsulated second inner header.

The inventor found through research that, in the IPv4/VXLAN tunnel scenario, using the message forwarding method of the embodiment of the present application to forward the message from the user terminal to the external network server, the encapsulation time that can be saved in the outer tunnel header is: (ETH header + Layer 2 VLAN header + IPv4 header + UDP header + VXLAN header) = 14+8+20+20+8+8=58 bytes of packet encapsulation time, the encapsulation time that can be saved by the inner layer header is: ( ETH header + Layer 2 VLAN header + PPPOE header) = 14+8+8=30 bytes of packet encapsulation time. Assuming that the average length of the message is 300 bytes, the packet speed is increased = (58+30)÷300=29.33%.

In the IPv4/VXLAN tunnel scenario, using the message forwarding method of the embodiment of the present application to forward the message from the external network server to the user terminal, the encapsulation time that can be saved in the outer tunnel header is: (ETH header + Layer 2 VLAN header + IPv4 header + UDP header + VXLAN header) = 14 + 8 + 20 + 20 + 8 + 8 = 58 bytes of packet encapsulation time, the encapsulation time that can be saved by the inner header is: (ETH header + 2-layer VLAN header)=14+8=22 bytes of packet encapsulation time. Assuming that the average length of the packet is 300 bytes, the packet speed is increased = (58+22)÷300=26.67%.

In the IPv6/VXLAN tunnel scenario, using the message forwarding method of the embodiment of this application to forward the message from the user terminal to the external network server, the encapsulation time that can be saved in the outer tunnel header is: (ETH header + Layer 2 VLAN header + IPv6 header + UDP header + VXLAN header) = 14 + 8 + 40 + 20 + 8 + 8 = 78 bytes of packet encapsulation time, the encapsulation time that can be saved by the inner header is: (ETH header + 2-layer VLAN header + PPPOE header) = 14+8+8=30 bytes of packet encapsulation time. Assuming that the average length of the message is 300 bytes, the packet speed is increased = (78+30)÷300=36%.

In the IPv6/VXLAN tunnel scenario, using the message forwarding method of the embodiment of this application to forward the message from the external network server to the user terminal, the encapsulation time that can be saved in the outer tunnel header is: (ETH header + Layer 2 VLAN header + IPv6 header + UDP header + VXLAN header) = 14+8+40+20+8+8 = 78 bytes of packet encapsulation time, the encapsulation time that can be saved by the inner layer header is: (ETH header + 2-layer VLAN header) = 14+8 = 22 bytes of packet encapsulation time. Assuming that the average length of the message is 300 bytes, the packet speed is increased = (78+22)÷300=33.33%.

In the SRv6 tunnel scenario, the encapsulation time that can be saved in the outer tunnel header is: (ETH header + Layer 2 VLAN header + SRv6 header) = 14 + 8 + 40 = 62 bytes of packet encapsulation time, the inner header The encapsulation time that can be saved is: (ETH header + Layer 2 VLAN header) = 14 + 8 = 22 bytes of packet encapsulation time. Assuming that the average length of the message is 300 bytes, the packet speed is increased = (62+22)÷300=28%.

In order to better realize the message forwarding method in the embodiment of the present application, on the basis of the message forwarding method, a message forwarding device is also provided in the embodiment of the present application, as shown in FIG. 6 , the message forwarding device 700 include:

A message obtaining unit 701, configured to obtain a tunnel-encapsulated first message sent by the user terminal, where the first message includes a first outer tunnel header and a first inner layer header;

A message parsing unit 702, configured to parse the first outer tunnel header to obtain a first virtual network identifier, and parse the first inner header to obtain a first double-layer VLAN identifier;

An information acquiring unit 703, configured to acquire first pre-encapsulated packet information, a second virtual network identifier, a public network IP address, and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier;

A packet encapsulation unit 704, configured to determine a first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet;

The first conversion unit 705 is configured to perform NAT conversion on the first encapsulated message based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated message into the a public network IP address, and converting the source port of the first encapsulated message to the public network port;

The first forwarding unit 706 is configured to send the NAT-translated first encapsulated packet to the external network server based on the second virtual network identifier.

In the embodiment of the present application, the first outer layer tunnel header and the first inner layer header of the first message are pre-encapsulated, and after the first message is obtained, the first virtual network identifier is parsed from the first message and the first double-layer VLAN identifier, and then obtain the first pre-encapsulated packet information based on the first virtual network identifier and the first double-layer VLAN identifier, and can directly determine the first encapsulation of the first packet based on the first pre-encapsulated packet information There is no need to decapsulate the packet layer by layer, which improves the packet forwarding speed and reduces the packet forwarding cost.

In some embodiments of the present application, when the first message is a message encapsulated by a VXLAN tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, an outer IP header, a UDP header and VXLAN header, the message parsing unit 702 is specifically used for:

Obtain a VXLAN header from the first outer tunnel header;

The VXLAN header is parsed to obtain the first virtual network identifier.

In some implementations of the present application, when the first packet is a packet encapsulated by an SRv6 tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, and an SRv6 header, and the packet The text parsing unit 702 is specifically used for:

Obtain a VXLAN header from the first outer tunnel header;

The VXLAN header is parsed to obtain the first virtual network identifier.

In some implementations of the present application, when the first packet is a packet encapsulated by an SRv6 tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, and an SRv6 header, and the packet The text parsing unit 702 is specifically used for:

Obtain an SRv6 header from the first outer tunnel header;

The SRv6 header is parsed to obtain the first virtual network identifier.

In some implementations of the present application, the first inner header includes an inner ETH header and an inner double-layer VLAN header, and the message parsing unit 702 is specifically further configured to:

Obtain an inner layer double-layer VLAN header from the first inner layer header;

The inner double-layer VLAN header is analyzed to obtain the first double-layer VLAN identifier.

In some embodiments of the present application, the information acquiring unit 703 is specifically used to:

Determine first account information based on the first virtual network identifier and the first double-layer VLAN identifier;

Based on the first account information, first pre-encapsulated packet information is acquired.

In some embodiments of the present application, the first packet further includes an IP header, a TCP header, and packet data, and the first pre-encapsulated packet information includes a pre-encapsulated outer tunnel header and a pre-encapsulated inner layer header, so The message encapsulation unit 704 is specifically used for:

Obtaining an IP header, a TCP header, and packet data from the first packet;

Splicing the pre-encapsulated outer tunnel header, the pre-encapsulated inner layer header, the IP header, the TCP header, and the packet data to obtain a first encapsulated packet of the first packet .

In some embodiments of the present application, the message forwarding device 700 further includes:

a first acquiring unit, configured to acquire the first outer tunnel header and the first inner header;

A second acquiring unit, configured to acquire the first account information, where the first account information includes a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information, and a dial-up identifier;

A first encapsulation unit, configured to encapsulate the first outer tunnel header based on the WAN-side tunnel identifier to obtain a pre-encapsulated outer tunnel header;

A second encapsulation unit, configured to encapsulate the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dial identifier, to obtain a pre-encapsulated inner layer head.

In some embodiments of the present application, the message forwarding device 700 further includes:

A third obtaining unit, configured to obtain a tunnel-encapsulated second message sent by the external network server, where the second message includes a second outer tunnel header and a second inner layer header;

An information parsing unit, configured to parse the second outer tunnel header to obtain the second virtual network identifier, and parse the second inner header to obtain a second double-layer VLAN identifier;

A fourth acquiring unit, configured to acquire second pre-encapsulated message information, the first virtual network identifier, private network IP address and private network port based on the second virtual network identifier and the second double-layer VLAN identifier ;

A message determining unit, configured to determine a second encapsulated message of the second message based on the second pre-encapsulated message information and the second message;

The second conversion unit is configured to perform NAT conversion on the second encapsulated message based on the private network IP address and the private network port, so as to convert the destination IP address of the second encapsulated message into the private network network IP address, and converting the destination port of the second encapsulated message into the private network port;

The second forwarding unit is configured to send the NAT-translated second encapsulated packet to the user terminal based on the first virtual network identifier.

The embodiment of the present application also provides a computer device, which integrates any message forwarding device provided in the embodiment of the present application, and the computer device includes:

one or more processors;

storage; and

One or more application programs, wherein the one or more application programs are stored in the memory, and are configured to be executed by the processor as described in any one of the above message forwarding method embodiments. steps in the text forwarding method.

The embodiment of the present application further provides a computer device, which integrates any message forwarding device provided in the embodiment of the present application. As shown in Figure 7, it shows a schematic structural diagram of the computer equipment involved in the embodiment of the present application, specifically:

The computer device may include a processor 801 of one or more processing cores, a memory 802 of one or more computer-readable storage media, a power supply 803, an input unit 804 and other components. Those skilled in the art can understand that the structure of the computer device shown in FIG. 7 does not constitute a limitation on the computer device, and may include more or less components than shown in the figure, or combine some components, or arrange different components. in:

The processor 801 is the control center of the computer equipment, connects various parts of the entire computer equipment with various interfaces and lines, runs or executes the software programs and/or modules stored in the memory 802, and calls the Data, perform various functions of computer equipment and process data, so as to monitor the computer equipment as a whole. Optionally, the processor 801 may include one or more processing cores; preferably, the processor 801 may integrate an application processor and a modem processor, wherein the application processor mainly processes operating systems, user interfaces, and application programs, etc. , the modem processor mainly handles wireless communications. It can be understood that the foregoing modem processor may not be integrated into the processor 801 .

The memory 802 can be used to store software programs and modules, and the processor 801 executes various functional applications and data processing by running the software programs and modules stored in the memory 802 . The memory 802 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program (such as a sound playback function, an image playback function, etc.) required by at least one function; Data created by the use of computer equipment, etc. In addition, the memory 802 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage devices. Correspondingly, the memory 802 may further include a memory controller to provide the processor 801 with access to the memory 802 .

The computer device also includes a power supply 803 for supplying power to each component. Preferably, the power supply 803 can be logically connected to the processor 801 through the power management system, so that functions such as charging, discharging, and power consumption management can be realized through the power management system. The power supply 803 may also include one or more DC or AC power supplies, recharging systems, power failure detection circuits, power converters or inverters, power status indicators and other arbitrary components.

The computer device can also include an input unit 804, which can be used to receive input numbers or character information, and generate keyboard, mouse, joystick, optical or trackball signal input related to user settings and function control.

Although not shown, the computer device may also include a display unit, etc., which will not be repeated here. Specifically, in this embodiment, the processor 801 in the computer device loads the executable file corresponding to the process of one or more application programs into the memory 802 according to the following instructions, and the processor 801 runs the executable file stored in the The application program in memory 802, thus realizes various functions, as follows:

Obtaining a tunnel-encapsulated first packet sent by the user terminal, where the first packet includes a first outer tunnel header and a first inner header;

Analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;

Based on the first virtual network identifier and the first double-layer VLAN identifier, obtain first pre-encapsulated message information, a second virtual network identifier, a public network IP address, and a public network port;

determining a first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet;

Perform NAT conversion on the first encapsulated packet based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated packet into the public network IP address, and convert the source IP address of the first encapsulated packet to the public network IP address, and Converting the source port of the first encapsulated message into the public network port;

Sending the NAT-translated first encapsulated packet to the external network server based on the second virtual network identifier.

Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above embodiments can be completed by instructions, or by instructions controlling related hardware, and the instructions can be stored in a computer-readable storage medium, and is loaded and executed by the processor.

To this end, an embodiment of the present application provides a computer-readable storage medium, which may include: a read-only memory (ROM, Read Only Memory), a random access memory (RAM, Random Access Memory), a magnetic disk or an optical disk, etc. . A computer program is stored thereon, and the computer program is loaded by a processor to execute the steps in any one of the message forwarding methods provided in the embodiments of the present application. For example, the computer program being loaded by the processor may perform the following steps:

Obtaining a tunnel-encapsulated first packet sent by the user terminal, where the first packet includes a first outer tunnel header and a first inner header;

Analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier;

Based on the first virtual network identifier and the first double-layer VLAN identifier, obtain first pre-encapsulated message information, a second virtual network identifier, a public network IP address, and a public network port;

determining a first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet;

Perform NAT conversion on the first encapsulated packet based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated packet into the public network IP address, and convert the source IP address of the first encapsulated packet to the public network IP address, and Converting the source port of the first encapsulated message into the public network port;

Sending the NAT-translated first encapsulated packet to the external network server based on the second virtual network identifier.

In the above-mentioned embodiments, the descriptions of each embodiment have their own emphases. For the part that is not described in detail in a certain embodiment, refer to the detailed description of other embodiments above, and will not be repeated here.

During specific implementation, each of the above units or structures can be implemented as an independent entity, or can be combined arbitrarily as the same or several entities. For the specific implementation of each of the above units or structures, please refer to the previous method embodiments, here No longer.

For the specific implementation of the above operations, reference may be made to the foregoing embodiments, and details are not repeated here.

A message forwarding method, device, computer equipment, and storage medium provided by the embodiments of the present application have been introduced in detail above. In this paper, specific examples are used to illustrate the principles and implementation methods of the present application. The description of the above embodiments It is only used to help understand the method of the present application and its core idea; at the same time, for those skilled in the art, according to the idea of the present application, there will be changes in the specific implementation and application scope. In summary, this The content of the description should not be understood as limiting the application.

Claims (7)

1. A message forwarding method, characterized in that, the message forwarding method is applied to a message forwarding device, and the message forwarding device is communicated with a user terminal and an external network server respectively, and the message forwarding method includes : Obtaining the tunnel-encapsulated first message sent by the user terminal, the first message including a first outer tunnel header and a first inner layer header; the first message is a VXLAN tunnel-encapsulated message Or SRv6 tunnel-encapsulated packets; Analyzing the first outer layer tunnel header to obtain a first virtual network identifier, and analyzing the first inner layer header to obtain a first double-layer VLAN identifier; Based on the first virtual network identifier and the first double-layer VLAN identifier, obtain the first pre-encapsulated packet information, the second virtual network identifier, the public network IP address and the public network port; the first pre-encapsulated packet The information includes a pre-encapsulated outer tunnel header and a pre-encapsulated inner header, where the pre-encapsulated outer tunnel header is obtained by encapsulating the first outer tunnel header based on the WAN-side tunnel identifier; When the first message is a message encapsulated by a VXLAN tunnel, the pre-encapsulated inner layer header is based on the source MAC address, the first destination MAC address, the first VLAN information and the dial-up identifier for the first inner layer header; when the first packet is an SRv6 tunnel-encapsulated packet, the pre-encapsulated inner header is based on the source MAC address, the first destination MAC address, and the first VLAN information for the first inner layer The layer header is encapsulated to obtain; determining a first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet; Perform NAT conversion on the first encapsulated packet based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated packet into the public network IP address, and convert the source IP address of the first encapsulated packet to the public network IP address, and Converting the source port of the first encapsulated message into the public network port; sending the NAT-translated first encapsulated message to the external network server based on the second virtual network identifier; The acquiring first pre-encapsulated message information based on the first virtual network identifier and the first double-layer VLAN identifier includes: Determine first account information based on the first virtual network identifier and the first double-layer VLAN identifier; Based on the first account information, acquire first pre-encapsulated message information; The first message also includes an IP header, a TCP header and message data, and the first pre-encapsulated message information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header, and the first pre-encapsulated The message information and the first message determine the first encapsulated message of the first message, including: Obtaining an IP header, a TCP header, and packet data from the first packet; Splicing the pre-encapsulated outer tunnel header, the pre-encapsulated inner layer header, the IP header, the TCP header, and the packet data to obtain a first encapsulated packet of the first packet ; Before obtaining the first pre-encapsulated packet information based on the first virtual network identifier and the first double-layer VLAN identifier, the method further includes: Acquiring the first outer tunnel header and the first inner tunnel header; Obtain the first account information, where the first account information includes a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information, and a dial-up identifier; Encapsulating the first outer tunnel header based on the WAN side tunnel identifier to obtain a pre-encapsulated outer tunnel header; Encapsulating the first inner header based on the source MAC address, the first destination MAC address, the first VLAN information and the dialing identifier to obtain a pre-encapsulated inner header. 2. message forwarding method according to claim 1, is characterized in that, described message forwarding method also comprises: Obtaining a tunnel-encapsulated second message sent by the external network server, where the second message includes a second outer tunnel header and a second inner layer header; Analyzing the second outer layer tunnel header to obtain the second virtual network identifier, and analyzing the second inner layer header to obtain a second double-layer VLAN identifier; Based on the second virtual network identifier and the second double-layer VLAN identifier, obtain second pre-encapsulated message information, the first virtual network identifier, private network IP address and private network port; determining a second encapsulated packet of the second packet based on the second pre-encapsulated packet information and the second packet; Perform NAT conversion on the second encapsulated message based on the private network IP address and the private network port, so as to convert the destination IP address of the second encapsulated message into the private network IP address, and convert the second encapsulated message to the private network IP address, and Converting the destination port of the second encapsulated message into the private network port; Sending the NAT-translated second encapsulated packet to the user terminal based on the first virtual network identifier. 3. The message forwarding method according to claim 1, wherein when the first message is a message encapsulated by a VXLAN tunnel, the first outer tunnel header includes an outer ETH header, an outer Layer VLAN header, outer layer IP header, UDP header and VXLAN header, the first outer layer tunnel header is analyzed to obtain the first virtual network identifier, including: Obtain a VXLAN header from the first outer tunnel header; Analyzing the VXLAN header to obtain a first virtual network identifier; When the first message is a message encapsulated by an SRv6 tunnel, the first outer tunnel header includes an outer ETH header, an outer VLAN header, and an SRv6 header, and the pair of the first outer tunnel header Perform analysis to obtain the first virtual network identifier, including: Obtain an SRv6 header from the first outer tunnel header; The SRv6 header is parsed to obtain the first virtual network identifier. 4. message forwarding method according to claim 1, is characterized in that, described first inner layer header comprises inner layer ETH head and inner layer double-layer VLAN head, and described first inner layer header is analyzed Obtain the first double-layer VLAN identification, including: Obtain an inner layer double-layer VLAN header from the first inner layer header; The inner double-layer VLAN header is analyzed to obtain the first double-layer VLAN identifier. 5. A message forwarding device, characterized in that, said message forwarding device is respectively connected to a user terminal and an external network server through communication, and said message forwarding device comprises: A message obtaining unit, configured to obtain a tunnel-encapsulated first message sent by the user terminal, where the first message includes a first outer tunnel header and a first inner layer header; the first message is VXLAN tunnel-encapsulated packets or SRv6 tunnel-encapsulated packets; A message parsing unit, configured to parse the first outer tunnel header to obtain a first virtual network identifier, and parse the first inner header to obtain a first double-layer VLAN identifier; An information acquiring unit, configured to acquire first pre-encapsulated message information, a second virtual network identifier, a public network IP address, and a public network port based on the first virtual network identifier and the first double-layer VLAN identifier; The first pre-encapsulated message information includes a pre-encapsulated outer tunnel header and a pre-encapsulated inner header, where the pre-encapsulated outer tunnel header is obtained by encapsulating the first outer tunnel header based on the WAN side tunnel identifier; When the first message is a message encapsulated by a VXLAN tunnel, the pre-encapsulated inner layer header is based on the source MAC address, the first destination MAC address, the first VLAN information and the dial-up identifier for the first inner layer header; when the first packet is an SRv6 tunnel-encapsulated packet, the pre-encapsulated inner header is based on the source MAC address, the first destination MAC address, and the first VLAN information for the first inner layer The layer header is encapsulated to obtain; A packet encapsulation unit, configured to determine a first encapsulated packet of the first packet based on the first pre-encapsulated packet information and the first packet; A first conversion unit, configured to perform NAT conversion on the first encapsulated message based on the public network IP address and the public network port, so as to convert the source IP address of the first encapsulated message into the public network port network IP address, and converting the source port of the first encapsulated message into the public network port; A first forwarding unit, configured to send the NAT-translated first encapsulated packet to the external network server based on the second virtual network identifier; The information acquisition unit is specifically used for: Determine first account information based on the first virtual network identifier and the first double-layer VLAN identifier; Based on the first account information, acquire first pre-encapsulated message information; The first message also includes an IP header, a TCP header and message data, and the first pre-encapsulated message information includes a pre-encapsulated outer layer tunnel header and a pre-encapsulated inner layer header, and the message encapsulation unit is specifically used for: Obtaining an IP header, a TCP header, and packet data from the first packet; Splicing the pre-encapsulated outer tunnel header, the pre-encapsulated inner layer header, the IP header, the TCP header, and the packet data to obtain a first encapsulated packet of the first packet ; The message forwarding device also includes: a first acquiring unit, configured to acquire the first outer tunnel header and the first inner header; A second acquiring unit, configured to acquire the first account information, where the first account information includes a WAN side tunnel identifier, a source MAC address, a first destination MAC address, first VLAN information, and a dial-up identifier; A first encapsulation unit, configured to encapsulate the first outer tunnel header based on the WAN-side tunnel identifier to obtain a pre-encapsulated outer tunnel header; A second encapsulation unit, configured to encapsulate the first inner layer header based on the source MAC address, the first destination MAC address, the first VLAN information and the dial identifier, to obtain a pre-encapsulated inner layer head. 6. A computer device, characterized in that the computer device comprises: one or more processors; storage; and One or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the processor to implement the message forwarding according to any one of claims 1 to 4 method. 7. A computer-readable storage medium, wherein a computer program is stored thereon, and the computer program is loaded by a processor to execute the message forwarding method according to any one of claims 1 to 4. step.