Search

KR-20260064450-A - METHOD FOR MANAGING NETWORK CONNECTION AND APPARATUS THEREOF

KR20260064450AKR 20260064450 AKR20260064450 AKR 20260064450AKR-20260064450-A

Abstract

The present invention relates to a method for managing network connections in network equipment placed between a client and a server, comprising: a step of querying network connection information stored in a BPF map at each preset map query cycle; a step of determining whether to release a network connection based on the queried network connection information and preset idle timeout information; a step of generating a reset packet to release the network connection; and a step of transmitting the generated reset packet to the client and the server.

Inventors

  • 권영운
  • 이정호
  • 오화용
  • 강효성

Assignees

  • 삼성에스디에스 주식회사

Dates

Publication Date
20260507
Application Date
20250410
Priority Date
20241031

Claims (20)

  1. Regarding the method of managing network connections in network equipment, A step of querying network connection information stored in a BPF (Berkeley Packet Filter) map at preset map lookup intervals; A step of determining whether to release the network connection based on the above-mentioned retrieved network connection information and preset idle timeout information; A step of generating a reset packet to release the above network connection; and A network connection management method comprising the step of transmitting the above-mentioned generated reset packet to a client and a server.
  2. In paragraph 1, A network connection management method characterized in that the above network equipment is middleware positioned between the client and the server to manage network connections.
  3. In paragraph 1, A network connection management method characterized by the above network connection information including at least one of client IP information, client port information, server IP information, server port information, client sequence information, server sequence information, connection information, and status information.
  4. In paragraph 1, A network connection management method characterized in that the above idle timeout information is information regarding an idle time limit set to clean up network connections that are not in use.
  5. In paragraph 1, the above determination step is, A step of determining whether a connection having a first status value exists based on the above-mentioned network connection information; and A network connection management method characterized by including a step of checking whether the idle duration of a connection having the above-mentioned first status value exceeds a preset idle timeout when the connection exists.
  6. In paragraph 5, A network connection management method characterized by the above idle duration being detected based on the current time and the last packet reception time of the corresponding connection.
  7. In paragraph 5, the above decision step is, A step of releasing the connection if the above idle duration exceeds a preset idle timeout; and A network connection management method characterized by further including the step of maintaining the connection when the above idle duration does not exceed a preset idle timeout.
  8. In paragraph 5, A network connection management method further comprising the step of updating state information related to the disconnected connection from the first state value to the second state value when the network connection is disconnected.
  9. In paragraph 1, Step of receiving a packet from a client; Upon receiving the above packet, a step of querying network connection information stored in the BPF map; and A network connection management method further comprising the step of checking whether there exists a connection identical to the connection corresponding to the received packet based on the above-mentioned network connection information.
  10. In Paragraph 9, A network connection management method further comprising the step of updating network connection information registered in the BPF map based on the received packet when there exists a connection identical to the connection corresponding to the received packet.
  11. In Clause 10, the above update step is, A network connection management method characterized by updating client sequence information, server sequence information, connection information, and status information among the above network connection information.
  12. In Paragraph 9, A network connection management method further comprising the step of generating network connection information based on the received packet and registering the generated network connection information in the BPF map when there is no connection identical to the connection corresponding to the received packet.
  13. A computer program stored on a computer-readable recording medium so that a method according to any one of claims 1 to 12 is executed on a computer.
  14. A network connection management device comprising one or more processors that execute multiple commands for performing multiple operations and one or more memories that store said multiple commands, The above plurality of operations are: An operation to query network connection information stored in the BPF (Berkeley Packet Filter) map at preset map lookup intervals; An operation to determine whether to disconnect the network connection based on the above-mentioned retrieved network connection information and preset idle timeout information; The operation of generating a reset packet to release the above network connection; and A network connection management device including the operation of transmitting the above-mentioned generated reset packet to a client and a server.
  15. In Paragraph 14, A network connection management device characterized by the above network connection information including at least one of client IP information, client port information, server IP information, server port information, client sequence information, server sequence information, connection information, and status information.
  16. In Clause 14, the above-mentioned decision operation is, An operation to check whether a connection having a first status value exists based on the above-mentioned queried network connection information; and A network connection management device characterized by including an operation to check whether the idle duration of a connection having the above-mentioned first status value exceeds a preset idle timeout when the connection exists.
  17. In Clause 16, the above-mentioned decision operation is, If the above idle duration exceeds a preset idle timeout, the action of releasing the corresponding connection; and A network connection management device characterized by further including an operation to maintain the connection when the above idle duration does not exceed a preset idle timeout.
  18. In paragraph 14, the above plurality of operations are, The operation of receiving a packet from a client; An operation to query network connection information stored in the BPF map upon receiving the above packet; and A network connection management device further comprising an operation to determine whether there exists a connection identical to the connection corresponding to the received packet based on the above-mentioned network connection information.
  19. In paragraph 18, the above plurality of operations are, A network connection management device further comprising an operation to update network connection information registered in the BPF map based on the received packet when there exists a connection identical to the connection corresponding to the received packet.
  20. In paragraph 18, the above plurality of operations are, A network connection management device further comprising the operation of generating network connection information based on the received packet and registering the generated network connection information in the BPF map when there is no connection identical to the connection corresponding to the received packet.

Description

Method for Managing Network Connection and Apparatus Thereof The present invention relates to a connection management technology in a network environment, and more specifically, to a method and apparatus for managing network connections in network equipment placed between a client and a server. A Load Balancer (LB) is a network device placed between clients and a server pool to distribute the load on the servers. The load balancer performs the function of evenly distributing network traffic and client requests to multiple servers. In order to perform TCP (Transmission Control Protocol) communication between a client, a load balancer, and a server in a network environment, a procedure to establish a network connection through a 3-way handshake process between peers is required. For example, as illustrated in FIG. 1, a network connection can be established through a 3-way handshake process between a client (10) and a load balancer (20). Additionally, a network connection can be established through a 3-way handshake process between a load balancer (20) and a server (30). Since establishing a network connection every time to perform TCP communication between peers is inefficient, the keep-alive function is used to maintain existing network connections. This keep-alive function periodically transmits specific packets; if a response is received from the peer, the network connection is maintained, and if no response is received, the connection is terminated. Through this keep-alive function, the problem of wasted network resources can be resolved by releasing the network connection when the peer is offline or unable to communicate. Meanwhile, recently, eBPF (Extended Berkeley Packet Filter) technology has been proposed, which allows programs to run within the Linux kernel. By applying this eBPF technology to load balancers, high-performance network systems capable of high-speed packet processing are being implemented. However, unlike a general load balancer (L4LB), an eBPF-based load balancer does not use the kernel's network stack for high-speed packet processing. For example, as shown in FIG. 2, a general load balancer (21) determines the server to which a packet will be delivered using header information from layer 2 (physical layer) to layer 4 (transport layer) of the network stack, and forwards the packet to the determined server. However, an eBPF-based load balancer (22) intercepts a packet through an eBPF program in the XDP (eXpress Data Path) of the Driver Space, determines the server to which the packet will be sent, and forwards the packet to the determined server. As such, eBPF-based load balancers that do not utilize the kernel's network stack cannot use the connection management features (i.e., keep-alive functions) provided by the kernel. This leads to zombie connections between peers, resulting in wasted network resources. Therefore, a solution is required to effectively manage network connections in eBPF-based load balancers. FIG. 1 is a diagram illustrating a connection established between a client/load balancer/server; FIG. 2 is a diagram illustrating the operation of a general load balancer and an eBPF-based load balancer; FIG. 3 is a diagram showing the configuration of a network connection management device according to an embodiment of the present invention; FIG. 4 is a flowchart explaining the operation process of the connection information management unit; FIG. 5 is a diagram referenced to explain the operation process of the connection information management unit; FIG. 6 is a flowchart illustrating the operation process of the connection control unit; FIGS. 7A and 7B are drawings referenced to explain the operation process of the connection control unit; FIG. 8 is a block diagram of a computing device according to an embodiment of the present invention. Hereinafter, embodiments disclosed in this specification will be described in detail with reference to the attached drawings. Identical or similar components regardless of drawing symbols will be assigned the same reference number, and redundant descriptions thereof will be omitted. The suffixes "module" and "part" for components used in the following description are assigned or used interchangeably solely for the ease of drafting the specification and do not inherently possess distinct meanings or roles. That is, the term "part" used in this invention refers to a hardware component such as software, FPGA, or ASIC, and the "part" performs certain roles. However, the meaning of "part" is not limited to software or hardware. The "part" may be configured to reside in an addressable storage medium or may be configured to run one or more processors. Accordingly, as an example, a 'part' includes components such as software components, object-oriented software components, class components, and task components, as well as processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuits, dat