CN105515978B - Realize the method and device of distributed routing, physical host access - Google Patents

Abstract

Present invention is disclosed a kind of method and devices for realizing distributed routing, physical host access, distributed routing agent is installed on openstack network nodes and calculate node, flow forwarding is controlled by issuing multilevel flow table, special MAC is distributed for the virtual gateway of each network, openstack is the MAC Address started with fa for virtual gateway MAC distribution, special MAC is started with ea, and field is identical thereafter.When local and distal end VM are in different segment different server, flow did and message source MAC is rewritten into special MAC after distributed route querying, to mark the flow for doing distributed routing, the flow that need to carry out cross-server communication is drained into hardware switch and is forwarded.The present invention is based on OpenFlow multilevel flow tables to realize distributed routing, avoids single node performance bottleneck, realizes physical host plug and play, forwarding performance bottleneck when breaking through extensive VM using soft or hard combination.

Description

Realize the method and device of distributed routing, physical host access

Technical field

The present invention relates to network communication field more particularly to a kind of methods for realizing distributed routing, physical host access And device.

Background technology

With the continuous development of current network virtualization technology, software defined network（Software Defined Network, SDN）The application scale being combined with cloud computing expands constantly, pipes of the OpenStack as virtual cloud host One of platform, attention rate increasingly increase.Increasing along with the deployment scale of fictitious host computer, OpenStack is as pipe The bottleneck of platform is also increasingly prominent, such as forwarding performance, single node failure, and virtual network and physical network mutually merge Demand.To solve the above problems, each manufacturer provides a variety of solutions, below with the sides DVR OpenStack Neutron Illustrate for case and OpenStack DragonFlow schemes.

（1）OpenStack Neutron DVR program analysis

On OpenStack existing network frameworks, for virtual cloud host（Virtual Machine, VM）Cross-network segment Communication requirement, either East and West direction（East-West, E-W）Flow or north-south（North-South, N-S）Flow all need It will be around virtual router（Virtual Router, VRouter）On, in this way, in the case where VM is largely disposed, network node （Network Node）On forwarding performance will drastically decline, while the failure rate of single node will cause network serious shadow It rings, although OpenStack supports high availability cluster (High Available, HA) function of network node, with This mode of increase of scale is unfavorable for extending.

Since OpenStack Juno versions are issued, a kind of distributed routing has been provided for the above situation （Distributed Virtual Routing, DVR）Solution, will original virtual flow-line only on the network node Device is distributed to be deployed in calculate node（Compute Node）On, i.e., by L3 proxy servers（L3 Agent）It is deployed in each In calculate node, it is intended that reduce the influence caused by single node failure, single node forwarding performance is avoided to decline problem.It realizes East and West direction flow is completely distributed by DVR virtual routers, as north-south flow, for be assigned with Floating IP address ( Floating IP) it is completely distributed by DVR virtual routers, for the unallocated still detour network section to Floating IP address The virtual router of point realizes shared verification.Vxlan patterns are only supported in wherein East and West direction flow forwarding at present.

Here, DVR virtual routers rise in linux NameSpaces（Namespace）In, that is to say, that it is saved in each calculating A linux NameSpace will be played on point, flows all in this way are required for away the protocol stack of linux NameSpaces, occupy one Part resource causes to waste to performance, and realizes technical sophistication, is unfavorable for being safeguarded in production environment.

（2）OpenStack DragonFlow program analysis

Since the technology that OpenStack Neutron DVR are realized is excessively complicated, and brings and unnecessary additionally open Pin, DragonFlow schemes are suggested, and purport solves, in the case where being not necessarily to establish linux NameSpaces in calculate node, to lead to The form of OpenFlow flow table is crossed, realizes the complete distribution of East and West direction flow.The program will dispose on the network node DragonFlow L3 controllers, while DragonFlow L2 proxy servers, DragonFlow L3 controls are disposed in calculate node Device processed passes through open API（AEST API）It calls Ryu controllers to carry out flow table to each node to issue, flow table issues Using passive type, both first packet data message can on be sent on DragonFlow L3 controllers, then the rule of flow table issuance are determined by it Then, the program does not have an impact north-south flow.

Here, in the case that on a large scale, data message is largely sent on DragonFlow L3 controllers, due to DragonFlow L3 controllers do not support high availability cluster scheme, such DragonFlow L3 controllers that will become and turn The bottleneck of volatility.

In conclusion analyzing according to prior art, OpenStack Neutron DVR and OpenStack DragonFlow can solve the complete distributed requirement of East and West direction flow, but what OpenStack Neutron DVR were used Be the mode of linux NameSpaces, will produce the waste of resource and performance, and OpenStack DragonFlow will produce it is single The performance bottleneck of DragonFlow L3 controllers, therefore, a problem to be solved is：It avoids using excessively complexity Technology solves the performance bottleneck of single component while realizing East and West direction flow distribution formula.

As the scale that VM is disposed is increasing, for the tunnel established on single node（Tunnel）Also therewith increasingly More, incident is that forwarding performance is worse and worse on server.Therefore, second problem to be solved is：Break through big rule Forwarding performance bottleneck on server, realizes the forwarding of data traffic high-performance in the case of mould deployment fictitious host computer.

Two above scheme is all not directed to the scheme of virtual network and physical network rapid fusion, therefore, third need Solve the problems, such as be：Realize physical host plug and play so that physical network and virtual network facilitate extension to merge.

Invention content

The purpose of the present invention is to provide a kind of method and devices for realizing distributed routing, physical host access.

One of for achieving the above object, an embodiment of the present invention provides a kind of method for realizing distributed routing, Distributed routing agent is installed on the network node and calculate node of openstack, is controlled by issuing multilevel flow table Forward-path, the multilevel flow table include tenant's identification table, two-layer retransmitting table and three-layer routing table, the method includes the steps：

S1：Local tenant identifies that table identification local VM and distal end VM enters step S2 if identifying successfully, if identification is lost It loses, then dropping packets；

S2：Message is sent into local two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC then enters step S3, if purpose MAC is the MAC of VM, enters step S4；If purpose MAC is broadcast or multicast, right It answers in network and is broadcasted；

S3：The message is sent into local three-layer routing table, judges that the VM and local VM belonging to the destination IP of message is It is no on same server, if same server, purpose MAC is rewritten into distal end MAC, enters step S5, if different clothes Business device, is rewritten into special MAC by source MAC, purpose MAC is rewritten into the MAC of distal end VM, and special MAC is generated by gateway MAC, into Enter step S6；

S4：The VM and local VM belonging to the purpose MAC of message is judged whether on same server, if same service Device then enters step S7, if different server, then enters step S8；

S5：It is matched using the purpose IP address of message, if successful match, receives the message, if it fails to match, Then abandon the message；

S6：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC is entered step if identifying successfully S9 abandons the message if recognition failures；

S7：It is matched using the purpose MAC of message, if successful match, receives the message, if it fails to match, Abandon the message；

S8：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC is entered step if identifying successfully S10 abandons the message if recognition failures；

S9：The message is sent into distal end three-layer routing table, is matched using the IP address of message, if matching at Work(then receives the message, if it fails to match, abandons the message；

S10：The message is sent into distal end two-layer retransmitting table, is matched using message purpose MAC, if matching at Work(then receives the message, if it fails to match, abandons the message.

As being further improved for an embodiment of the present invention, the parameter of matching and identification process further include network ID and/ Or vlan, wherein the network ID of two-layer retransmitting table is the local ident that distributed routing agent is the distribution of each network, for every From two laminar flow amounts in heterogeneous networks, it is each virtual router point that the network ID of three layer retransmitting tables, which is distributed routing agent, The local ident matched, the three laminar flow amounts for being isolated in heterogeneous networks.

As being further improved for an embodiment of the present invention, step S1 is specifically included：

Local tenant identifies the port information and source MAC of table matching local VM messages, if port information and source MAC are matched The ID that local distributed routing agent is network distribution is tagged on message, S2 is entered step, if port information by success And/or it fails to match by source MAC, then abandons the message.

As being further improved for an embodiment of the present invention, when local VM and distal end VM is located at different server and service When device corresponds to different interchangers, step " sending the message to distal end VM " specifically includes：The message is by the first interchanger Upper united mouth the upper united mouth of second switch is sent to by tunnel style.

As being further improved for an embodiment of the present invention, when local VM is created successfully under first interchanger When, the mapping relation information of tunnel configuration information and VNI and vlan are issued to the upper united mouth of first interchanger, it is described Vlan is that tenant corresponding local vlan, the vlan are set when message needs are sent to from server network interface card on interchanger It sets.

One of for achieving the above object, an embodiment of the present invention provides a kind of device for realizing distributed routing, Including the distributed routing agent being installed on the network node and calculate node of openstack, by issuing multilevel flow table Control forward-path, the multilevel flow table includes tenant's identification table, two-layer retransmitting table and three-layer routing table, the distribution road It is used for by proxy server：

S1：Local tenant identifies that table identification local VM and distal end VM enters step S2 if identifying successfully, if identification is lost It loses, then dropping packets；

S2：Message is sent into local two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC then enters step S3, if purpose MAC is the MAC of VM, enters step S4；If purpose MAC is broadcast or multicast, right It answers in network and is broadcasted；

S3：The message is sent into local three-layer routing table, judges that the VM and local VM belonging to the destination IP of message is It is no on same server, if same server, purpose MAC is rewritten into distal end MAC, enters step S5, if different clothes Business device, is rewritten into special MAC by source MAC, purpose MAC is rewritten into the MAC of distal end VM, and special MAC is generated by gateway MAC, into Enter step S6；

S4：The VM and local VM belonging to the purpose MAC of message is judged whether on same server, if same service Device then enters step S7, if different server, then enters step S8；

S5：It is matched using the purpose IP address of message, if successful match, receives the message, if it fails to match, Then abandon the message；

S6：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC is entered step if identifying successfully S9 abandons the message if recognition failures；

S7：It is matched using the purpose MAC of message, if successful match, receives the message, if it fails to match, Abandon the message；

S8：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC is entered step if identifying successfully S10 abandons the message if recognition failures；

S9：The message is sent into distal end three-layer routing table, is matched using the IP address of message, if matching at Work(then receives the message, if it fails to match, abandons the message；

S10：The message is sent into distal end two-layer retransmitting table, is matched using message purpose MAC, if matching at Work(then receives the message, if it fails to match, abandons the message.

One of for achieving the above object, an embodiment of the present invention provides a kind of side realizing physical host access Method is equipped with distributed routing agent on the network node and calculate node of openstack, by issue multilevel flow table come Forward-path is controlled, the multilevel flow table includes tenant's identification table, two-layer retransmitting table and three-layer routing table, and the method includes steps Suddenly：

s1：Tenant identifies that table identification local VM enters step s2 if identifying successfully, if recognition failures, abandons report Text；

s2：Message is sent into two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC, S3 is entered step, if purpose MAC is not gateway MAC, the two-layer retransmitting table of wildcard in the network is matched, enters step s4；

s3：The message is sent into three-layer routing table, message is sent to virtual router by matching default route, by virtual Router sends the MAC of ARP message request physical hosts, enters step s4, if it fails to match, abandons the message；

s4：The message is sent on the interchanger accessed to physical host, the interchanger is by identifying that VNI maps cost Ground vlan recycles purpose MAC to be matched, if successful match, receives the message, realizes physical host access, if With failure, then the message is abandoned.

As being further improved for an embodiment of the present invention, the message passes through tunnel by the upper united mouth of the first interchanger It send to the upper united mouth of second switch, first interchanger is connected with virtual network service, the second switch and object It manages host or virtual router is connected.

As being further improved for an embodiment of the present invention, when local VM is created successfully under first interchanger When, the mapping relation information of tunnel configuration information and VNI and vlan are issued to the upper united mouth of first interchanger.

One of for achieving the above object, an embodiment of the present invention provides a kind of dress for realizing physical host access It sets, including the distributed routing agent being installed in network node and calculate node, the network node and calculating section Point controls forward-path, the multilevel flow table includes that tenant knows positioned at the server of openstack by issuing multilevel flow table Other table, two-layer retransmitting table and three-layer routing table, the distribution routing agent are used for：

s1：Tenant identifies that table identification local VM enters step s2 if identifying successfully, if recognition failures, abandons report Text；

s2：Message is sent into two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC, S3 is entered step, if purpose MAC is not gateway MAC, the two-layer retransmitting table of wildcard in the network is matched, enters step s4；

s3：The message is sent into three-layer routing table, message is sent to virtual router by matching default route, by virtual Router sends the MAC of ARP message request physical hosts, enters step s4, if it fails to match, abandons the message；

s4：The message is sent on the interchanger accessed to physical host, the interchanger is by identifying that VNI maps cost Ground vlan recycles purpose MAC to be matched, if successful match, receives the message, realizes physical host access, if With failure, then the message is abandoned.

Compared with prior art, the beneficial effects of the present invention are：The present invention is based on the realizations point of OpenFlow multilevel flow tables Cloth is route, and is both provided with distributed routing agent in calculate node of the invention and network node, is avoided single node Performance bottleneck, solves the distributed routing function of East and West direction flow, and the present invention also realizes physical host plug and play so that object Reason network and virtual network facilitate extension to merge, and break through extensive portion using the method that software and hardware forwarding chip be combined with each other Forwarding performance bottleneck on server, realizes the forwarding of data traffic high-performance in the case of administration's fictitious host computer.

Description of the drawings

Fig. 1 is the schematic network structure of an embodiment of the present invention；

Fig. 2 is the method flow diagram of the distributed routing of realization of an embodiment of the present invention；

Fig. 3 is an example block diagram of the method for the distributed routing of realization of an embodiment of the present invention；

Fig. 4 is the network structure of another embodiment of the present invention；

Fig. 5 is the method flow diagram for realizing physical host access of an embodiment of the present invention.

Specific implementation mode

Below with reference to specific implementation mode shown in the drawings, the present invention will be described in detail.But these embodiments are simultaneously The present invention is not limited, structure that those skilled in the art are made according to these embodiments, method or functionally Transformation is included within the scope of protection of the present invention.

As shown in Figure 1, for the network structure of an embodiment of the present invention, the network includes mainly that Neutron is inserted Part（Tor Plugin）3, cloud manager（Cloud Manager）5a, interchanger cloud proxy server（Cloud Agent）6a, distribution Formula routing agent（DVR Agent）8a.

Driving one of of the plug-in unit 3 as ML2 plug-in units 2, is installed in control node（Controller Node）On, master It is to establish connection by Json-rpc4 and cloud manager 5a to act on, and enables cloud manager 5a to OpenStack Neutron Database（Datebase, DB）Data inquired, while OpenStack Neutron databases（Datebase, DB）Hair Also it can notify that cloud manager 5a, synchronous data include mainly tenant's information when changing（tenant）/ the network information （network）/ subnet information（subnet）/ route-map（router）/ port information（port）.

Managers of the cloud manager 5a as core supervisor 5, is installed in control node.Cloud manager 5a is substantially The centralized manager of one miniature interchanger and server only has the function of message transparent transmission.Cloud manager 5a passes through Socket11 and interchanger cloud proxy server 6a, distributed routing agent 8a establish connection, to be collected by Json-rpc4 To the data of Neutron databases, it is assembled into specific format packet and is sent to interchanger cloud proxy server 6a, distributed route agent Device 8a, while the unified configuration management of a little global properties can be done on cloud manager 5a.

Specifically, when network is Overlay networks, OpenStack cloud managements platform creates in the Overlay networks One VM, cloud manager 5a are got after the information of the VM by searching for Neutron databases, obtain the network belonging to the VM Information can be obtained by the VNI, VNI that OpenStack cloud managements platform is distributed for the Overlay networks according to the network information It can be used as the identifier of the Overlay networks.Cloud manager 5a is that the VM distributes local vlan（Interchanger and network distribution one A local vlan, that is to say, that the same network possible local vlan on different interchangers are inconsistent）, should There are mapping relations, cloud manager 5a this mapping relations are distributed to interchanger cloud and are acted on behalf of between local vlan and the VNI Device 6a and distributed routing agent 8a.

When network is Vlan networks, OpenStack cloud managements platform creates a VM, cloud management in the Vlan networks Device 5a is got after the information of the VM by searching for Neutron databases, is obtained the network information belonging to the VM, is believed according to network Breath can be obtained by the vlan information that OpenStack cloud managements platform is distributed for the VM, and cloud manager 5a divides vlan information Issue interchanger cloud proxy server 6a and distributed routing agent 8a.

Succedaneums of the interchanger cloud proxy server 6a as interchanger 6, is installed on interchanger 6, interchanger cloud proxy server 6a is responsible for the configuration distributing function of respective switch 6.Interchanger 6 can pass through the server 8 of the Lldp protocol discovery second lines of a couplet Interface.

When network is Overlay networks, OpenStack cloud managements platform creates a VM in the Overlay networks, Interchanger cloud proxy server 6a gets the mapping of the VNI and vlan of network where VM on the interchanger 6 by cloud manager 5a Relationship, when VM is created successfully on the server 8 of 6 times extensions of the interchanger, to photos and sending messages 10 under the upper united mouth of interchanger 6, packet The mapping relation information for including tunnel configuration information and VNI and Vlan, issuing the vlan to the second line of a couplet mouth of interchanger 6 allows to pass through Configuration information.

When network is Vlan networks, OpenStack cloud managements platform creates a VM, interchanger in the Vlan networks Cloud proxy server 6a gets the vlan information of the network where VM on the interchanger 6 by cloud manager 5a, when VM is in the exchange When creating successfully on the servers 8 of the extension of machine 6 times, to the second line of a couplet mouth of interchanger 6 issue the vlan allow by configuration information. Upper united mouth be uniformly configured to allow for all vlan by configuration information.

Succedaneums of the distributed routing agent 8a as server 8, is installed on calculate node and network node, point Cloth routing agent 8a is responsible for the function of flow table and control flow forwarding on each node.

Specifically, the forwarding flow table issued in network node and calculate node is all route by the distribution on each node What proxy server 8a was calculated and managed, in order to substitute the complexity of linux NameSpaces, distributed routing agent 8a is used The mode of multilevel flow table realizes the distribution of East and West direction flow, since the function of multilevel flow table is distributed on each node, to The performance bottleneck of single node can be avoided.Distributed routing agent 8a is adopted after the data for receiving cloud manager 5a The flow of node is managed with the active mode for issuing flow table.

As shown in Fig. 2, the method for the distributed routing of realization for an embodiment of the present invention, the network section of openstack Distributed routing agent 8a is installed in point and calculate node, forward-path is controlled by issuing multilevel flow table, it is described more Grade flow table includes tenant's identification table, two-layer retransmitting table and three-layer routing table, the method includes the steps：

S1：Local tenant identifies that table identification local VM and distal end VM enters step S2 if identifying successfully, if identification is lost It loses, then abandons；

S2：Message is sent into local two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC then enters step S3, if purpose MAC is the MAC of VM, enters step S4；If purpose MAC is broadcast or multicast, right It answers in network and is broadcasted；

S3：The message is sent into local three-layer routing table, judges that the VM and local VM belonging to the destination IP of message is It is no on same server, if same server, purpose MAC is rewritten into distal end MAC, enters step S5, if different clothes Business device, is rewritten into special MAC by source MAC, purpose MAC is rewritten into the MAC of distal end VM, and special MAC is generated by gateway MAC, into Enter step S6；

S4：The VM and local VM belonging to the purpose MAC of message is judged whether on same server, if same service Device then enters step S7, if different server, then enters step S8；

S5：It is matched using the purpose IP address of message, if successful match, receives the message, if it fails to match, Then abandon the message；

S6：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC is entered step if identifying successfully S9 abandons the message if recognition failures；

S7：It is matched using the purpose MAC of message, if successful match, receives the message, if it fails to match, Abandon the message；

S8：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC is entered step if identifying successfully S10 abandons the message if recognition failures；

S9：The message is sent into distal end three-layer routing table, is matched using the IP address of message, if matching at Work(then receives the message, if it fails to match, abandons the message；

S10：The message is sent into distal end two-layer retransmitting table, is matched using message purpose MAC, if matching at Work(then receives the message, if it fails to match, abandons the message.

It should be noted that above-mentioned steps are only the exemplary steps of present embodiment, sequentially it is not limited, it can be according to reality Depending on situation.

In the present embodiment, distributed routing agent 8a is that the gateway of each network distributes a special MAC, Be with fa to the range of gateway MAC distribution in OpenStack cloud management platforms be the one section of MAC Address started, it is here, special MAC is started with ea, and field is identical thereafter.When local VM and distal end VM is in different segment, i.e., flow needs to be crossed over to change at this time Machine forwards, and source MAC is rewritten into special MAC using multilevel flow table, the mistake by virtual router is simulated with this by present embodiment Journey avoids single node performance bottleneck in this way, reducing the burden of virtual router, solves the distribution of East and West direction flow Formula routing function；In addition, gateway MAC is globally visible, so after the special MAC for recognizing ea beginnings, can easily identify out The data traffic of different segment.

In the present embodiment, step S1 is specifically included：Local tenant identifies the port information of table matching local VM messages And source MAC marks the ID that local distributed routing agent is network distribution if port information and the equal successful match of source MAC Remember on message, enter step S2, if it fails to match by port information and/or source MAC, abandons the message.Here, Zu Hushi Other table is identified using the double-point information of port information and source MAC, can prevent MAC from cheating.

In the present embodiment, continue to join Fig. 1, tunnel is configured between the upper united mouth of multiple switch 6, in Overlay Under network scenarios, OpenStack cloud managements platform can distribute a VNI when each network creation for it, which can be with It is used as identifier in tunnel.When local VM and distal end VM is located at different server and server corresponds to different interchangers When, the original message of local VM carries vlan and is sent out from 8 network interface card of server, and the original message sent out from 8 network interface card of server is sent On to interchanger 6 connected to it, according to the mapping relations of vlan and VNI encapsulation is encrypted simultaneously in original message by interchanger 6 Packaged tunnel packet is sent to by tunnel on another interchanger 6, another reflecting by vlan and VNI of interchanger 6 The relationship of penetrating, which is decrypted, obtains original message.Here, on the one hand, pass through the mapping relations of vlan and VNI and the setting in tunnel The encrypting and decrypting process for realizing message transmission, improves the reliability and encapsulation of transmit process；On the other hand, the number of VNI It measures huge, avoids the quantitative limitations of vlan；In another aspect, interchanger 6 and tunnel are combined, core is forwarded using software and hardware Forwarding performance bottleneck on server, realizes the high property of data traffic in the case of the method breakthrough large scale deployment VM that piece be combined with each other It can forwarding.

In the present embodiment, the parameter of matching and identification process further includes network ID and/or Vlan etc., can be according to reality Depending on the flow table form of border.

Illustrate the method for the distributed routing of present invention realization with specific example below.

Multilevel flow table structure is divided into：First order table=0：Table, second level table=1 are identified for tenant：For handling The NORMAL tables of Flat networks, third level table=2：Forwarding table for handling physical machine access, fourth stage table=7：With Two-layer retransmitting table in processing virtual network, level V table=8：For handling three layer retransmitting tables in virtual network, the Six grades of table=9：For handling the broadcast table in virtual network.Group flow tables are for the support to broadcast.

The method that distributed routing is realized under four kinds of application scenarios is introduced under Overlay network modes below.

（1）Application scenarios analysis 1：Same network segment is communicated with VM in server.It specifically includes：

For local VM, tenant identifies that table carries out unique identification using in_port+src_mac, can prevent MAC from taking advantage of It deceives, specific flow table form is：

"table=0,priority=1000,dl_vlan=0xffff,in_port=ofport,dl_src=vm_mac, actions=mod_vlan_vid:vid,write_metadata:meta_id,goto_table:7"

Here, meta_id is network ID that the network distributes by distributed routing agent 8a.

The flow of the local VM recognized is sent local two-layer retransmitting table table=7 by tenant's identification table.

In the local two-layer retransmitting table of table=7, the processing for ARP messages：Because being same network segment, purpose MAC is broadcast address, and purpose IP address is the IP address of the distal end VM communicated, and specific flow table form is：

"table=7,priority=100,dl_dst=ff:ff:ff:ff:ff:ff,actions=goto_table:9"

The broadcast traffic recognized is sent to broadcast table table=9 by two-layer retransmitting table, and broadcast table is carried out only using meta_id One identification, the meta_id is by the network ID that distributed routing agent 8a is that the network distributes, so broadcast traffic is limited In a network, specific flow table form is：

"table=9,priority=100, metadata=meta_id,actions=group: meta_id "

"group_id= meta_id,type=all,bucket=strip_vlan,output:ofport”

In the local two-layer retransmitting table of table=7, the processing for data message：For in same network segment with server 8 The flow forwarding of interior VM carries out unique identification using meta_id+vlan+dst_mac, which is distributed road The network ID distributed for the network by proxy server 8a, can be to being isolated without the flow of the network segment.Specifically flow table form is：

"table=7,priority=1000,metadata=meta_id,dl_vlan=vid,dl_dst=vm_mac, actions=strip_vlan,output: ofport "

（2）Application scenarios analysis 2：VM is communicated in same network segment different server.It specifically includes：

For local VM, tenant identifies that table carries out unique identification using in_port+src_mac, can prevent MAC from taking advantage of It deceives, specific flow table form is：

"table=0,priority=1000,dl_vlan=0xffff,in_port=ofport,dl_src=vm_mac, actions=mod_vlan_vid:vid,write_metadata:meta_id,goto_table:7"

Here, meta_id is network ID that the network distributes by distributed routing agent 8a.

The flow of the local VM recognized is sent local two-layer retransmitting table table=7 by tenant's identification table.

In the local two-layer retransmitting table of table=7, the processing for ARP messages：Because being same network segment, purpose MAC is broadcast address, and purpose IP address is the IP address of the distal end VM communicated, and specific flow table form is：

"table=7,priority=100,dl_dst=ff:ff:ff:ff:ff:ff,actions=goto_table:9"

The broadcast traffic recognized is sent to broadcast table table=9 by two-layer retransmitting table, and broadcast table is carried out only using meta_id One identification, the meta_id by the network ID that distributed routing agent 8a is that the network distributes, broadcasting packet carry vlan from 8 network interface card of server is sent out, and the message seen off from 8 network interface card of server is sent on interchanger 6, on interchanger 6 according to vlan and Message is encapsulated from 6 upper united mouth of interchanger and is sent to distal end by the mapping relations of tunnel VNI, i.e., message is passed through by an interchanger 6 It send to another interchanger 6 in tunnel.Specifically flow table form is：

"table=9,priority=100, metadata=meta_id,actions=group: meta_id "

"group_id= meta_id,type=all, bucket= output:external”

In the local two-layer retransmitting table of table=7, the processing for data message：For in same network segment different server The flow forwarding of VM unique identification is carried out using meta_id+vlan+dst_mac, which is distributed route The network ID that proxy server 8a is distributed for the network, can be to being isolated without the flow of the network segment.Specifically flow table form is：

"table=7,priority=1000,metadata= meta_id,dl_vlan= vid,dl_dst= vm_mac, actions=output: external "

For the VM of distal end, due to being located at different server 8, tenant identifies that table is carried out using vlan+src_mac Unique identification, specific flow table form are：

"table=0,priority=1000,dl_vlan=vid,dl_src=vm_mac,actions=write_ metadata:meta_id,goto_table:7"

Here, it is the network ID that the network is distributed that meta_id, which is distal end distribution routing agent 8a,.

When message reaches the two stage forwarding tables of distal end VM（table=7）When middle, the purpose MAC progress in message is utilized Match, if successful match, receive the message, if it fails to match, abandons the message.

（3）Application scenarios analysis 3：Different segment is communicated with VM in server.It specifically includes：

For local VM, tenant identifies that table carries out unique identification using in_port+src_mac, can prevent MAC from taking advantage of It deceives, specific flow table form is：

"table=0,priority=1000,dl_vlan=0xffff,in_port=ofport,dl_src=vm_mac, actions=mod_vlan_vid:vid,write_metadata:meta_id,goto_table:7"

Here, meta_id is network ID that the network distributes by distributed routing agent 8a.

The flow of the local VM recognized is sent local two-layer retransmitting table table=7 by tenant's identification table.

In the local two-layer retransmitting table of table=7, the processing for ARP messages：Because being different segment, purpose MAC is broadcast address, and purpose IP address is the network segment gateway（Gateway）IP address, to gateway carry out ARP proxy after, ARP Flow will no longer detour virtual router（VRouter）.Specifically flow table form is：

"table=7,priority=500,metadata=meta_id, dl_type=0x0806,nw_dst= gateway_ip,

actions=strip_vlan,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_ field:gateway_mac->dl_src,set_field:2->arp_op,move:NXM_NX_ARP_SHA[]->NXM_NX_ ARP_THA[],set_field: gateway_mac ->arp_sha, move:NXM_OF_ARP_SPA[]->NXM_OF_ ARP_TPA[],set_field: gateway_ip ->arp_spa,in_port"

Here, meta_id is network ID that the network distributes by distributed routing agent 8a.

In the local two-layer retransmitting table of table=7, the processing for data message：For different segment in server The flow forwarding of VM unique identification is carried out using meta_id+vlan+gw_mac.Specifically flow table form is：

"table=7,priority=2000,metadata=meta_id,ip,dl_vlan=vid,dl_dst= gateway_mac,actions=write_metadata:meta_id,goto_table:8"

Here, meta_id can be written over, which is that distributed routing agent 8a is router where the VM The network ID distributed.

The local VM recognized needs are done the flow routeing and send three local layer retransmitting table table=8 by two-layer retransmitting table.

Unique identification is carried out using meta_id+dst_ip with the flow forwarding of the VM in server for different segment, The meta_id be the VM by distributed routing agent 8a where the network ID that distributes of router.Specifically flow table form is：

"table=8,priority=1000,metadata=meta_id,ip,nw_dst=dst_ip,vlan_vid= 0x1000/0x1000,actions=strip_vlan,set_field:vm_mac->dl_dst,output: ofport "

（4）Application scenarios analysis 4：VM is communicated in different segment different server.It specifically includes：

For local VM, tenant identifies that table carries out unique identification using in_port+src_mac, can prevent MAC from taking advantage of It deceives, specific flow table form is：

"table=0,priority=1000,dl_vlan=0xffff,in_port=ofport,dl_src=vm_mac, actions=mod_vlan_vid:vid,write_metadata:meta_id,goto_table:7"

Here, meta_id is network ID that the network distributes by distributed routing agent 8a.

The flow of the local VM recognized is sent local two-layer retransmitting table table=7 by tenant's identification table.

In the local two-layer retransmitting table of table=7, the processing for ARP messages：Because being different segment, purpose MAC is broadcast address, and purpose IP address is the network segment gateway（Gateway）IP address, to gateway carry out ARP proxy after, ARP Flow will no longer detour virtual router（VRouter）.Specifically flow table form is：

"table=7,priority=500,metadata=meta_id, dl_type=0x0806,nw_dst= gateway_ip,

actions=strip_vlan,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_ field:gateway_mac->dl_src,set_field:2->arp_op,move:NXM_NX_ARP_SHA[]->NXM_NX_ ARP_THA[],set_field:gateway_mac->arp_sha, move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_ TPA[],set_field: gateway_ip ->arp_spa,in_port"

Here, meta_id is network ID that the network distributes by distributed routing agent 8a.

In the local two-layer retransmitting table of table=7, the processing for data message：For different segment different server The flow forwarding of interior VM carries out unique identification using meta_id+vlan+gw_mac.Specifically flow table form is：

"table=7,priority=2000,metadata=meta_id,ip,dl_vlan=vid,dl_dst= gateway_mac,actions=write_metadata:meta_id,goto_table:8"

Here meta_id can be written over, which is the router institute where distributed routing agent 8a is the VM The network ID of distribution.

The local VM recognized needs are done the flow routeing and send three local layer retransmitting table table=8 by two-layer retransmitting table.

The flow of VM in different segment different server is forwarded and is uniquely known using meta_id+dst_ip Not, the network ID that distributes of router where which is the VM by distributed routing agent 8a.Specific flow table form For： "table=8,priority=1000,metadata=meta_id,ip,nw_dst=dst_ip,vlan_vid=0x1000/ 0x1000,actions=set_field:router_mac->dl_src,set_field:vm_mac->dl_dst,mod_ vlan_vid:vid,output:external"

For the VM of distal end, tenant identifies that table carries out unique identification, specific flow table shape using vlan+src_mac Formula is：

"table=0,priority=1000,dl_vlan=vid,dl_src=router_mac,actions=write_ metadata:meta_id,goto_table:8"

Here, the network ID that distributes of router where which is the VM by distributed routing agent 8a.

When message reaches the three-level forwarding table of distal end VM（table=8）When middle, carried out using the purpose IP address in message Matching, if successful match, receives the message, if it fails to match, abandons the message.Here, when the source MAC of being matched to is Special MAC（dl_src=router_mac）When, judge that message had done distributed routing at this time, purpose MAC, which has occurred and that, to be changed Become, is matched at this time into three layer retransmitting tables using purpose IP address.

Wherein ofport is VM carries in open virtual switch（OpenvSwitch）On port numbers, vm_mac VM MAC Address, vid is the VM belonging networks corresponding Local vlan, and gateway_mac is VM gateway MAC address, table= Meta_id in 0 is that each network distributes ID number for isolation network flow by distributed routing agent 8a, table= Meta_id in 8 is that each router is distributed for being isolated not in same virtual router by distributed routing agent 8a Flow.Router_mac is the special MAC Address that distributed routing agent 8a is each VM gateways distribution, and external is The network interface card of server.

Specifically, as shown in figure 3, one for VM communications in different segment different server in application scenarios analysis 4 is specific Example.Two servers 8 are separately connected two different interchangers 6, and for convenience of description, the connection of first server 8 first exchanges Machine 6, second server 8 ' connect second switch 6 ', and the IP address of local VM is 1.1.1.1 in first server 8, and second takes The IP address of distal end VM is 2.2.2.2 in business device 8 ', i.e., local VM and distal end VM is in different segment at this time.When local VM needs When sending message to distal end VM, entrained information learns the port information of local VM in query message（First server 8 and The communication port of one exchanger 6）For Port_mac:1.1.1（Source MAC）, Port_ip:1.1.1.1 tenant's identification table is identified as After work(, distributed routing agent 8a recognizes distal end VM and local VM and is located at different segment, that is, recognizes Dst_ip: 2.2.2.2, source MAC is rewritten by special MAC, i.e. Src_mac by multilevel flow table at this time:Route1_mac, in this way, just simulating The process of virtual router need to be passed through when the transmission of different segment message, first server 8 is by revised message by the first clothes Business 8 gateway of device is sent in corresponding first interchanger 6, and the first interchanger 6 is sent to second by tunnel after encapsulating message and handed over Change planes 6 ', second switch 6 ' send message into its lower second server 8 ' hung after decrypting, point in second server 8 ' The multilevel flow table of cloth routing agent 8a ', which is matched to when source MAC is special MAC, judges that message at this time has done inflow-rate of water turbine Distribution, purpose MAC have changed, and need the matching for carrying out IP address, are then carried out in three layer retransmitting tables of multilevel flow table IP address matches, if successful match, receives message, if it fails to match, dropping packets.Above description is with first server 8 In message be sent to for second server 8 ', certainly, in other embodiments, can be also sent to by second server 8 ' One server 8, it is similar, source MAC can be rewritten into special MAC, i.e. Src_mac using multilevel flow table at this time:Route2_mac, So can analogue flow rate it is distributed, other steps can refer to above description, and details are not described herein.

An embodiment of the present invention also provides a kind of device realized distribution and route, including is installed on openstack's Distributed routing agent 8a on network node and calculate node, forward-path is controlled by issuing multilevel flow table, described Multilevel flow table includes tenant's identification table, two-layer retransmitting table and three-layer routing table, and the distribution routing agent 8a is used for：

S1：Local tenant identifies that table identification local VM and distal end VM enters step S2 if identifying successfully, if identification is lost It loses, then abandons；

S2：Message is sent into local two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC then enters step S3, if purpose MAC is the MAC of VM, enters step S4；If purpose MAC is broadcast or multicast, right It answers in network and is broadcasted；

S3：The message is sent into local three-layer routing table, judges that the VM and local VM belonging to the destination IP of message is It is no on same server, if same server, purpose MAC is rewritten into distal end MAC, enters step S5, if different clothes Business device, is rewritten into special MAC by source MAC, purpose MAC is rewritten into the MAC of distal end VM, and special MAC is generated by gateway MAC, into Enter step S6；

S4：The VM and local VM belonging to the purpose MAC of message is judged whether on same server, if same service Device then enters step S7, if different server, then enters step S8；

S5：It is matched using the purpose IP address of message, if successful match, receives the message, if it fails to match, Then abandon the message；

S6：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC is entered step if identifying successfully S9 abandons the message if recognition failures；

S7：It is matched using the purpose MAC of message, if successful match, receives the message, if it fails to match, Abandon the message；

S8：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC is entered step if identifying successfully S10 abandons the message if recognition failures；

S9：The message is sent into distal end three-layer routing table, is matched using the IP address of message, if matching at Work(then receives the message, if it fails to match, abandons the message；

S10：The message is sent into distal end two-layer retransmitting table, is matched using message purpose MAC, if matching at Work(then receives the message, if it fails to match, abandons the message.

In the present embodiment, distributed routing agent 8a is that the gateway of each network distributes a special MAC, Be with fa to the range of gateway MAC distribution in OpenStack cloud management platforms be the one section of MAC Address started, it is here, special MAC is started with ea, and field is identical thereafter.When local VM and distal end VM is in different segment, i.e., flow needs to be crossed over to change at this time Machine forwards, and source MAC is rewritten into special MAC using multilevel flow table, the mistake by virtual router is simulated with this by present embodiment Journey avoids single node performance bottleneck in this way, reducing the burden of virtual router, solves the distribution of East and West direction flow Formula routing function；In addition, gateway MAC is globally visible, so after the special MAC for recognizing ea beginnings, can easily identify out The data traffic of different segment.

Other explanations of the device of the distributed routing of realization of present embodiment can refer to above-mentioned realization distribution routing Explanation in method, details are not described herein.

Join Fig. 4, for the network structure of another embodiment of the present invention, Fig. 4 is similar with the network structure in Fig. 1, identical Component use identical label, the function of same parts can refer to preceding description, and details are not described herein.It further include object in Fig. 4 Reason interchanger 7 and physical host 9, physical host 9 be connected under physical switches 7, physical switches 7 can with other interchangers 6 into Row interaction.

Virtual network and the combination of the actual situation of physical network are the problem of trouble, OpenStack cloud management platforms all the time The fictitious host computer managed can not get any information of physical network, while also can not just establish tunnel automatically and complete to lead to Letter.Present embodiment is realized a kind of reliable and convenient by the function of the realization method combination physical switches of multilevel flow table Physical network tunnel access method.Tunnel is configured between interchanger 6 and the upper united mouth of physical switches 7, in Overlay Under network scenarios, OpenStack cloud managements platform can distribute a VNI when each network creation for it, which can To be used as identifier in tunnel.

In conjunction with Fig. 5, in the method for realizing physical host access of an embodiment of the present invention, the network of openstack Distributed routing agent 8a is installed on node and calculate node, forward-path is controlled by issuing multilevel flow table, it is described Multilevel flow table includes tenant's identification table, two-layer retransmitting table and three-layer routing table, the method includes the steps：

s1：Tenant identifies that table identification local VM enters step s2 if identifying successfully, if recognition failures, abandons；

s2：Message is sent into two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC, S3 is entered step, if purpose MAC is not gateway MAC, the two-layer retransmitting table of wildcard in the network is matched, enters step s4；

s3：The message is sent into three-layer routing table, message is sent to virtual router by matching default route, by virtual Router sends the MAC of ARP message request physical hosts, enters step s4, if it fails to match, abandons the message；

s4：The message is sent on the interchanger accessed to physical host, the interchanger is by identifying that VNI maps cost Ground vlan recycles purpose MAC to be matched, if successful match, receives the message, realizes physical host access, if With failure, then the message is abandoned.

It should be noted that above-mentioned steps are only the exemplary steps of present embodiment, sequentially it is not limited, it can be according to reality Depending on situation.

In the present embodiment, it by being respectively provided with distributed routing agent 8a in network node and calculate node, utilizes 9 plug and play of physical host may be implemented so that physical network and virtual network side in distributed routing agent 8a multilevel flow tables Just extension fusion.

Here, it should be noted that in step s2, due to being not aware that physical network in the virtual network of openstack In the MAC Address and IP address of any one physical host match wildcard in the network so in two-layer retransmitting table Two-layer retransmitting table.In step s3, due to being not aware that any one physics master in physical network in the virtual network of openstack The MAC Address and IP address of machine can not carry out accurate route querying by multilevel flow table, so matching default route will be reported Text is sent to virtual router.

Other explanations of the method for the realization physical host access of present embodiment can refer to the distributed routing of aforementioned realization Method explanation, such as can also be connected etc., be illustrated no longer superfluous by tunnel between physical switches 7 and interchanger 6 It states.

Illustrate the method for physical host access of the present invention with specific example below.

Multilevel flow table structure is divided into：First order table=0：Table, second level table=1 are identified for tenant：For handling The NORMAL tables of Flat networks, third level table=2：Forwarding table for handling physical machine access, fourth stage table=7：With Two-layer retransmitting table in processing virtual network, level V table=8：For handling three layer retransmitting tables in virtual network, the Six grades of table=9：For handling the broadcast table in virtual network.Group flow tables are for the support to broadcast.

The method that distributed routing is realized under two kinds of application scenarios is introduced under Overlay network modes below.

（1）Application scenarios analysis 1：Same network segment physical host and Virtual Server Communication.It specifically includes：

For local VM, tenant identifies that table carries out unique identification using in_port+src_mac, can prevent MAC from taking advantage of It deceives, specific flow table form is：

"table=0,priority=1000,dl_vlan=0xffff,in_port=ofport,dl_src=vm_mac, actions=mod_vlan_vid:vid,write_metadata:meta_id,goto_table:7"

The flow of the local VM recognized is sent local two-layer retransmitting table table=7 by tenant's identification table.

In the local two-layer retransmitting table of table=7, the processing for ARP messages：Because being same network segment, purpose MAC is broadcast address, and purpose IP address is the IP address for needing to carry out communication physical machine, and specific flow table form is：

"table=7,priority=100,dl_dst=ff:ff:ff:ff:ff:ff,actions=goto_table:9"

The broadcast traffic recognized is sent to broadcast table table=9 by two-layer retransmitting table, and broadcast table is carried out only using meta_id One identification, message carry vlan and are sent out from 8 network interface card of server.The message seen off from 8 network interface card of server is sent to interchanger 6 On, according to the mapping relations of vlan and tunnel VNI on interchanger 6, it is encapsulated into distal end from upper united mouth by message, i.e., message is by exchanging Machine 6 is sent by tunnel to physical switches 7, and message is encapsulated into physical network at this time（Including physical switches 7 and physical host 9）On.Specifically flow table form is：

"table=9,priority=100, metadata=meta_id,actions=group: meta_id "

"group_id= meta_id,type=all, bucket= output:external”

In the local two-layer retransmitting table of table=7, the processing for data message：For in same network segment different server The flow forwarding of VM unique identification is carried out using meta_id+vlan, can be to being isolated without the flow of the network segment.Clothes The message seen off of business 8 network interface card of device is sent on interchanger 6, according to the mapping relations of vlan and tunnel VNI on interchanger 6, from Message is encapsulated into distal end by upper united mouth, i.e., message is sent by tunnel to physical switches 7 by interchanger 6, and message encapsulates at this time To physical network（Including physical switches 7 and physical host 9）On.Specifically flow table form is：

"table=7,priority=10,metadata= meta_id, dl_vlan=vid, actions=output: external "

Physical switches 7 parse the mapping relations found after VNI with the vlan of physical host 9, by message from second line of a couplet mouth It is sent back on physical host 9, for the physical host 9 of distal end, VM corresponds to VM's because can not get in physical host 9 MAC Address（Because may still dispose multiple VM in physical host 9 at this time）, virtual network renting the processing of the message postbacked Family identifies that table will use vlan to carry out unique identification, and specific flow table form is： "table=0,priority=10,dl_vlan= vid,actions=write_metadata:meta_id,goto_table:2"

"table=2,priority=10,dl_vlan= vid, actions=goto_table:7"

Here, meta_id is network ID that the network distributes by distributed routing agent 8a.

When message reaches two stage forwarding tables（table=7）It when middle, is matched using the purpose MAC in message, if matching Success, then receive the message, if it fails to match, abandon the message.

(2) application scenarios analysis 2：Different segment physical host and Virtual Server Communication.It specifically includes：

For local VM, tenant identifies that table carries out unique identification using in_port+src_mac, can prevent MAC from taking advantage of It deceives, specific flow table form is：

"table=0,priority=1000,dl_vlan=0xffff,in_port=ofport,dl_src=vm_mac, actions=mod_vlan_vid:vid,write_metadata:meta_id,goto_table:7"

The flow of the local VM recognized is sent local two-layer retransmitting table table=7 by tenant's identification table.

In the local two-layer retransmitting table of table=7, the processing for ARP messages：Because being different segment, purpose MAC is broadcast address, and purpose IP address is the network segment gateway（Gateway）IP address, to gateway carry out ARP proxy after, ARP Flow will no longer detour virtual router（VRouter）.Specifically flow table form is：

"table=7,priority=500,metadata=meta_id,dl_type=0x0806,nw_dst=gateway_ ip,actions=strip_vlan,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field: gateway_mac->dl_src,set_field:2->arp_op,move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_ THA[],set_field:gateway_mac->arp_sha,move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA [],set_field: gateway_ip ->arp_spa,in_port"

In the local two-layer retransmitting table of table=7, the processing for data message：For different segment different server The flow forwarding of interior VM carries out unique identification using meta_id+vlan+gw_mac.Specifically flow table form is：

"table=7,priority=2000,metadata=meta_id,ip,dl_vlan=vid,dl_dst= gateway_mac,actions=write_metadata:meta_id,goto_table:8"

The local VM recognized needs are done the flow routeing and send three local layer retransmitting table table=8 by two-layer retransmitting table.

The flow of VM in different segment different server is forwarded and is uniquely known using meta_id+dst_ip Not.Since the IP address of physical host 9 is equally sightless for virtual network, so message is sent to virtual flow-line Device, specific flow table form are：

"table=8,priority=500,metadata=meta_id,dl_dst=gateway_mac,ip,vlan_vid =0x1000/0x1000,actions=strip_vlan,output: external/ ofport”

Here, by virtual server（VRouter）The MAC Address for sending ARP message requests physical host 9, to report Text is sent to physical switches 7, and physical switches 7 parse the mapping relations found after VNI with the vlan of physical host 9, will report Text is sent back to from second line of a couplet mouth on physical host 9.That is, the virtual network of cross-network segment is combined needs with the actual situation of physical network Detour virtual server（VRouter）.

For the physical host 9 of distal end, VM is because the MAC Address for corresponding to VM in physical host 9 can not be got（Cause May still to dispose multiple VM in physical host 9 at this time）, so tenant identifies that table carries out unique identification using vlan, it is specific to flow Sheet form is：

"table=0,priority=10,dl_vlan=vid,actions=write_metadata:meta_id, goto_table:2"

"table=2,priority=500,metadata=meta_id,dl_src=gateway_mac,ip,vlan_vid =0x1000/0x1000,actions=strip_vlan,output: goto_table7"

Here, meta_id is network ID that the network distributes by distributed routing agent 8a.

When message reaches two stage forwarding tables（table=7）It when middle, is matched using the purpose MAC in message, if matching Success, then receive the message, if it fails to match, abandon the message.

Wherein ofport is port numbers of the VM carries on open virtual switch (OpenvSwitch), vm_mac VM MAC Address, vid is the VM belonging networks corresponding Local vlan, and gateway_mac is VM gateway MAC address, table= Meta_id in 0 is that each network distributes ID number for isolation network flow by distributed routing agent 8a, table= Meta_id in 7 is that each router is distributed for being isolated not in same virtual router by distributed routing agent 8a Flow.Router_mac is the special MAC Address that distributed routing agent 8a is each VM gateways distribution, and external is The network interface card of server.

An embodiment of the present invention also provides a kind of device realized physical host and accessed, including is installed on openstack Server network node and the distributed routing agent 8a in calculate node, by issue multilevel flow table control forwarding Path, the multilevel flow table include tenant's identification table, two-layer retransmitting table and three-layer routing table, the distribution routing agent 8a For：

s1：Tenant identifies that table identification local VM enters step s2 if identifying successfully, if recognition failures, abandons；

s2：Message is sent into two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC, S3 is entered step, if purpose MAC is not gateway MAC, the two-layer retransmitting table of wildcard in the network is matched, enters step s4；

s3：The message is sent into three-layer routing table, message is sent to virtual router by matching default route, by virtual Router sends the MAC of ARP message request physical hosts, enters step s4, if it fails to match, abandons the message；

s4：The message is sent on the interchanger accessed to physical host, the interchanger is by identifying that VNI maps cost Ground vlan recycles purpose MAC to be matched, if successful match, receives the message, realizes physical host access, if With failure, then the message is abandoned.

In the present embodiment, it by being respectively provided with distributed routing agent 8a in network node and calculate node, utilizes Distributed routing agent 8a multilevel flow tables, may be implemented physical host plug and play so that physical network and virtual network side Just extension fusion.

Other explanations of the device of the realization physical host access of present embodiment can refer to above-mentioned realization physical host and connect Explanation in the method entered, details are not described herein.

In conclusion distributed routing agent is installed on the network node and calculate node of openstack of the present invention, By logical operation, openvswitch is controlled, multilevel flow table control flow forwarding is issued to it, the present invention is each network Virtual gateway distributes special MAC, and openstack is with the MAC Address that fa is beginning, spy to the virtual gateway MAC ranges distributed Different MAC is started with ea, and field is identical thereafter.When local VM and distal end VM is in different segment different server, multistage is utilized The source MAC of VM is rewritten into the special MAC that the network is distributed, to be used for by flow table after flow did distributed route querying Label did the flow of distributed routing, and distributed routing agent can will need the flow for carrying out cross-server communication to drain into Hardware forwarding is carried out in hardware switch.The present invention is based on OpenFlow multilevel flow tables to realize distributed routing, avoids single Joint behavior bottleneck, solves the distributed routing function of East and West direction flow, realizes physical host plug and play, using software and The method that hardware forwarding chip be combined with each other breaks through server forwarding performance bottleneck in the case of large scale deployment VM, realizes data Flow high-performance forwards.

It should be appreciated that although this specification is described in terms of embodiments, but not each embodiment only includes one A independent technical solution, this description of the specification is merely for the sake of clarity, and those skilled in the art should will say As a whole, the technical solution in each embodiment may also be suitably combined to form those skilled in the art can for bright book With the other embodiment of understanding.

The series of detailed descriptions listed above only for the present invention feasible embodiment specifically Bright, they are all without departing from equivalent implementations made by technical spirit of the present invention not to limit the scope of the invention Or change should all be included in the protection scope of the present invention.

Claims (10)

1. a kind of method for realizing distributed routing, it is characterised in that installed on the network node and calculate node of openstack Be distributed formula routing agent, forward-path controlled by issuing multilevel flow table, the multilevel flow table include tenant's identification table, Two-layer retransmitting table and three-layer routing table, the method includes the steps：

S1：Local tenant identifies that table identification local VM and distal end VM enters step S2 if identifying successfully, if recognition failures, Dropping packets；

S2：Message is sent into local two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC, S3 is entered step, if purpose MAC is the MAC of VM, enters step S4；If purpose MAC is broadcast or multicast, in corresponding network Inside broadcasted；

S3：The message is sent into local three-layer routing table, judge VM belonging to the destination IP of message and local VM whether On same server, if same server, purpose MAC is rewritten into distal end MAC, enters step S5, if different server, Source MAC is rewritten into special MAC, purpose MAC is rewritten into the MAC of distal end VM, special MAC is generated by gateway MAC, entered step S6；

S4：The VM and local VM belonging to the purpose MAC of message is judged whether on same server, if same server, then S7 is entered step, if different server, then enters step S8；

S5：It is matched using the purpose IP address of message, if successful match, receives the message, if it fails to match, lose Abandon the message；

S6：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC enters step S9 if identifying successfully, If recognition failures, the message is abandoned；

S7：It is matched using the purpose MAC of message, if successful match, receives the message, if it fails to match, abandon The message；

S8：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC enters step S10 if identifying successfully, If recognition failures, the message is abandoned；

S9：The message is sent into distal end three-layer routing table, is matched using the IP address of message, if successful match, The message is received, if it fails to match, abandons the message；

S10：The message is sent into distal end two-layer retransmitting table, is matched using message purpose MAC, if successful match, The message is received, if it fails to match, abandons the message.

2. the method according to claim 1 for realizing distributed routing, which is characterized in that the parameter of matching and identification process Further include network ID and/or vlan, wherein the network ID of two-layer retransmitting table is that distributed routing agent is each network distribution Local ident, the network ID of the two laminar flow amounts for being isolated in heterogeneous networks, three layer retransmitting tables is that distributed routing agent is The local ident of each virtual router distribution, the three laminar flow amounts for being isolated in heterogeneous networks.

3. the method according to claim 1 for realizing distributed routing, it is characterised in that step S1 is specifically included：

Local tenant identifies the port information and source MAC of table matching local VM messages, if port information and source MAC are matched into The ID that local distributed routing agent is network distribution is tagged on message, S2 is entered step, if port information by work( And/or it fails to match by source MAC, then abandons the message.

4. the method according to claim 1 for realizing distributed routing, which is characterized in that when local VM and distal end VM are located at When different server and server correspond to different interchangers, step " sending the message to distal end VM " specifically includes：It is described Message is sent to the upper united mouth of second switch by the upper united mouth of the first interchanger by tunnel style.

5. the method according to claim 4 for realizing distributed routing, which is characterized in that when local VM is handed in described first It changes planes lower when creating successfully, the mapping of tunnel configuration information and VNI and vlan is issued to the upper united mouth of first interchanger Relation information, the vlan are that tenant corresponding local vlan, the vlan need to be sent to friendship from server network interface card in message It is set when changing planes upper.

6. a kind of device for realizing distributed routing, it is characterised in that including：

The distributed routing agent being installed on the network node and calculate node of openstack, by issuing multilevel flow table Control forward-path, the multilevel flow table includes tenant's identification table, two-layer retransmitting table and three-layer routing table, the distribution road It is used for by proxy server：

S1：Local tenant identifies that table identification local VM and distal end VM enters step S2 if identifying successfully, if recognition failures, Dropping packets；

S2：Message is sent into local two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC, S3 is entered step, if purpose MAC is the MAC of VM, enters step S4；If purpose MAC is broadcast or multicast, in corresponding network Inside broadcasted；

S3：The message is sent into local three-layer routing table, judge VM belonging to the destination IP of message and local VM whether On same server, if same server, purpose MAC is rewritten into distal end MAC, enters step S5, if different server, Source MAC is rewritten into special MAC, purpose MAC is rewritten into the MAC of distal end VM, special MAC is generated by gateway MAC, entered step S6；

S4：The VM and local VM belonging to the purpose MAC of message is judged whether on same server, if same server, then S7 is entered step, if different server, then enters step S8；

S5：It is matched using the purpose IP address of message, if successful match, receives the message, if it fails to match, lose Abandon the message；

S6：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC enters step S9 if identifying successfully, If recognition failures, the message is abandoned；

S7：It is matched using the purpose MAC of message, if successful match, receives the message, if it fails to match, abandon The message；

S8：The message is sent to distal end VM, distal end tenant identifies that table identification source MAC enters step S10 if identifying successfully, If recognition failures, the message is abandoned；

S9：The message is sent into distal end three-layer routing table, is matched using the IP address of message, if successful match, The message is received, if it fails to match, abandons the message；

S10：The message is sent into distal end two-layer retransmitting table, is matched using message purpose MAC, if successful match, The message is received, if it fails to match, abandons the message.

7. a kind of method for realizing physical host access, it is characterised in that pacify on the network node and calculate node of openstack Equipped with distributed routing agent, forward-path is controlled by issuing multilevel flow table, the multilevel flow table includes tenant's identification Table, two-layer retransmitting table and three-layer routing table, the method includes the steps：

s1：Tenant identifies that table identification local VM enters step s2 if identifying successfully, if recognition failures, dropping packets；

s2：Message is sent into two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC, is entered Step s3 matches the two-layer retransmitting table of wildcard in the network, enters step s4 if purpose MAC is not gateway MAC；

s3：The message is sent into three-layer routing table, message is sent to virtual router by matching default route, by virtual flow-line Device sends the MAC of ARP message request physical hosts, enters step s4, if it fails to match, abandons the message；

s4：The message is sent on the interchanger accessed to physical host, the interchanger is by identifying that VNI is mapped to local Vlan recycles purpose MAC to be matched, if successful match, receives the message, realizes physical host access, if matching Failure, then abandon the message.

8. the method according to claim 7 for realizing physical host access, which is characterized in that the message is exchanged by first The upper united mouth of machine is sent by tunnel to the upper united mouth of second switch, and first interchanger is connected with virtual network service, The second switch is connected with physical host or virtual router.

9. the method according to claim 8 for realizing physical host access, which is characterized in that when local VM is in described first When creating successfully under interchanger, reflecting for tunnel configuration information and VNI and vlan is issued to the upper united mouth of first interchanger Penetrate relation information.

10. a kind of device for realizing physical host access, it is characterised in that including：It is installed in network node and calculate node Distributed routing agent, the network node and the calculate node are located at the server of openstack, by issuing multistage Flow table controls forward-path, and the multilevel flow table includes tenant's identification table, two-layer retransmitting table and three-layer routing table, the distribution Formula routing agent is used for：

s1：Tenant identifies that table identification local VM enters step s2 if identifying successfully, if recognition failures, dropping packets；

s2：Message is sent into two-layer retransmitting table, the purpose MAC of the message is read, if purpose MAC is gateway MAC, is entered Step s3 matches the two-layer retransmitting table of wildcard in the network, enters step s4 if purpose MAC is not gateway MAC；

s3：The message is sent into three-layer routing table, message is sent to virtual router by matching default route, by virtual flow-line Device sends the MAC of ARP message request physical hosts, enters step s4, if it fails to match, abandons the message；

s4：The message is sent on the interchanger accessed to physical host, the interchanger is by identifying that VNI is mapped to local Vlan recycles purpose MAC to be matched, if successful match, receives the message, realizes physical host access, if matching Failure, then abandon the message.