CN111913782A - Method and equipment for realizing virtual machine flow mirror image based on tunnel technology - Google Patents

Method and equipment for realizing virtual machine flow mirror image based on tunnel technology Download PDF

Info

Publication number
CN111913782A
CN111913782A CN202010746289.7A CN202010746289A CN111913782A CN 111913782 A CN111913782 A CN 111913782A CN 202010746289 A CN202010746289 A CN 202010746289A CN 111913782 A CN111913782 A CN 111913782A
Authority
CN
China
Prior art keywords
port
destination
physical machine
source
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010746289.7A
Other languages
Chinese (zh)
Inventor
张鹏涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Zstack Information Technology Co ltd
Original Assignee
Shanghai Zstack Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Zstack Information Technology Co ltd filed Critical Shanghai Zstack Information Technology Co ltd
Priority to CN202010746289.7A priority Critical patent/CN111913782A/en
Publication of CN111913782A publication Critical patent/CN111913782A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application aims to provide a scheme for realizing virtual machine flow mirroring based on a tunneling technology. The scheme is that a flow control rule is configured on a virtual switch of a source physical machine, a target data packet in data flow is copied to a mirror image port of a source port, then the target data packet is sent to a target physical machine from the mirror image port of the source port through a tunnel network, and the target data packet is forwarded to a target port by using the virtual switch on the target physical machine, so that the flow mirror of the virtual machine is realized. Compared with the prior art, the method and the device have the advantages that based on the tunnel technology, the native flow Control (Traffic Control) of Linux and the virtual switch (Linux Bridge) technology, the third-party dependence is reduced, simplicity, high efficiency and convenience in application are realized, various use scenes can be flexibly adapted, and the flow observation and analysis of a user are facilitated.

Description

Method and equipment for realizing virtual machine flow mirror image based on tunnel technology
Technical Field
The application relates to the technical field of information, in particular to a technology for realizing virtual machine flow mirroring based on a tunnel technology.
Background
The traditional flow mirroring technology is usually realized based on port mirroring of a hardware switch, is troublesome in configuration and inflexible in use scene, and is difficult to perform targeted flow monitoring on massive virtual machines on a cloud platform at the same time. At present, flow mirroring of a private cloud platform is basically realized based on an Open VSwitch (virtual switch), flow tables of the OVS are relied on for drainage or port mirroring, and the scheme is not suitable for requirements of a non-OVS private cloud platform. In particular, this solution has the following drawbacks: (1) port mirroring realized based on a hardware switch is configured on the physical switch, and a use scene depending on support of hardware is not flexible enough and cannot be mirrored for east-west flow of a cloud platform; (2) the OpenStack port mirroring realized based on the OVS depends on an OVS switch, and the flow mirroring cannot be completed under the condition that the OVS cannot be met.
Disclosure of Invention
An object of the present application is to provide a method and device for implementing virtual machine traffic mirroring based on tunneling technology.
According to an aspect of the present application, a method for implementing virtual machine traffic mirroring based on tunneling technology is provided, where the method includes:
configuring a flow control rule on a virtual switch of a source physical machine, and copying a target data packet in data flow to a mirror image port of a source port, wherein the source port is a port of a virtual machine running on the source physical machine;
sending the target data packet from the mirror image port of the source port to a destination physical machine through a tunnel network;
forwarding, by the virtual switch on the destination physical machine, the target packet to a destination port, where the destination port is a port of a virtual machine running on the destination physical machine.
According to another aspect of the present application, there is also provided an apparatus for implementing virtual machine traffic mirroring based on tunneling technology, where the apparatus includes:
a first module, configured to configure a flow control rule on a virtual switch of a source physical machine, and copy a target packet in data flow to a mirror port of a source port, where the source port is a port of a virtual machine running on the source physical machine;
a second module, configured to send the destination packet from the mirror port of the source port to a destination physical machine through a tunnel network;
a third module, configured to forward, by using a virtual switch on the destination physical machine, the target packet to a destination port, where the destination port is a port of a virtual machine running on the destination physical machine.
According to yet another aspect of the present application, there is also provided a computing device, wherein the device comprises a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the device to perform the method for implementing virtual machine traffic mirroring based on tunneling.
According to yet another aspect of the present application, there is also provided a computer readable medium having stored thereon computer program instructions executable by a processor to implement the method for implementing virtual machine traffic mirroring based on tunneling.
In the scheme provided by the application, a flow control rule is firstly configured on a virtual switch of a source physical machine, a target data packet in data flow is copied to a mirror image port of a source port, then the target data packet is sent to a target physical machine from the mirror image port of the source port through a tunnel network, and the target data packet is forwarded to the target port by utilizing the virtual switch on the target physical machine, so that the flow mirror image of the virtual machine is realized. Compared with the prior art, the method and the device have the advantages that based on the tunnel technology, the native flow Control (Traffic Control) of Linux and the virtual switch (Linux Bridge) technology, the third-party dependence is reduced, simplicity, high efficiency and convenience in application are realized, various use scenes can be flexibly adapted, and the flow observation and analysis of a user are facilitated.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
fig. 1 is a flowchart of a method for implementing virtual machine traffic mirroring based on tunneling according to an embodiment of the present disclosure;
FIG. 2 is a flowchart illustrating a method for implementing port mirroring based on tunneling according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of an apparatus for implementing virtual machine traffic mirroring based on tunneling according to an embodiment of the present application.
The same or similar reference numbers in the drawings identify the same or similar elements.
Detailed Description
The present application is described in further detail below with reference to the attached figures.
In a typical configuration of the present application, the terminal, the device serving the network, and the trusted party each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, which include both non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, program means, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The embodiment of the application provides a method for realizing a virtual machine flow mirror image in a cloud platform based on a tunnel technology, wherein the flow mirror image is to copy a message passing through a current node (such as a source port) in a network to a specified observation port (such as a destination port) under the condition of not influencing original service. The user may define the mirrored port (e.g., the source port) as needed, and then connect the packet analysis device to the observation port (e.g., the destination port) to perform the traffic observation analysis.
The method is based on a tunnel technology commonly used by private cloud, and combines the Linux native flow Control (Traffic Control) and the virtual switch (Linux Bridge) technology, so that third-party dependence does not exist, and the method is simple, efficient and convenient to apply. Specifically, the basic principle of the method comprises: carrying out redirection (drainage) or copying (mirroring) when the Linux kernel packet is forwarded; the flow redirection (drainage) means that the direction of flow is changed, for example, originally, the flow from the cloud host a to the cloud host B can be redirected (drained) to the cloud host C after the flow redirection (drainage) is performed, so that the cloud host C can receive the flow of the cloud host a, but the cloud host B cannot receive the flow sent by the cloud host a; the traffic replication (mirroring) refers to replicating the same traffic to other cloud hosts, for example, the traffic from the cloud host a to the cloud host B originally is, and the traffic from the cloud host a can be replicated (mirrored) to the cloud host C through the traffic replication (mirroring), so that the cloud host B and the cloud host C can receive the traffic sent from the cloud host a at the same time.
In a practical scenario, the device performing the method may be a user equipment, a network device, or a device formed by integrating the user equipment and the network device through a network. The user equipment includes, but is not limited to, a terminal device such as a smartphone, a tablet computer, a Personal Computer (PC), and the like, and the network device includes, but is not limited to, a network host, a single network server, multiple network server sets, or a cloud computing-based computer set. Here, the Cloud is made up of a large number of hosts or web servers based on Cloud Computing (Cloud Computing), which is a type of distributed Computing, one virtual computer consisting of a collection of loosely coupled computers.
Fig. 1 is a flowchart of a method for implementing virtual machine traffic mirroring based on tunneling according to an embodiment of the present application, where the method includes step S101, step S102, and step S103.
Step S101, configuring a flow Control (Traffic Control) rule on a virtual switch (Linux Bridge) of a source physical machine, and copying a target data packet in data flow to a mirror port of a source port, where the source port is a port of a virtual machine running on the source physical machine.
The Linux Bridge is a virtual switch and is used for connecting the virtual machine and the container. A Traffic controller (Traffic Control) in a Linux operating system is used for controlling the flow of a Linux kernel, and the flow Control is mainly realized by establishing a queue at an output port.
For example, as shown in fig. 2, host1 and host2 are physical machines where a source port and a destination port are located, respectively, where host1 is the source physical machine and host2 is the destination physical machine; the VM1 and the VM2 are virtual machines running on host1 and host2 respectively, and the bond0 and the bond1 are virtual network cards formed by binding a plurality of physical network cards; vnic47.0 shown in fig. 2 is the source port, vnic25.0 is the destination port, and rec _ vnic47.0 and rec _ vnic25.0 are mirror ports of the source port and the destination port, respectively. In step S101, a Traffic Control rule is configured on the Bridge connected to the source port vnic47.0, and a target packet in the data Traffic is copied to the mirror port rec _ vnic 47.0.
In some embodiments, the target packet is a packet in the virtual switch data traffic of the source physical machine that meets a predetermined rule. The predetermined rule includes at least any one of: the target data packet conforms to a preset message type; the destination data packet conforms to a predetermined IP address classification rule.
For example, the predetermined rule may be to filter data traffic according to a packet type, or to filter data traffic by classification according to an IP address, or to filter data traffic according to other classification rules of network traffic, or to filter data traffic by combining multiple classification rules. In one embodiment, if the packet type classification according to the mirror traffic is adopted, only the TCP type packet may be mirrored, and other types of packets are not processed.
In some embodiments, the number of the source ports is one or more, and the number of the destination ports is one or more. For example, the user may define a mirrored port (e.g., the source port) as needed, and then connect the packet analysis device to an observation port (e.g., the destination port) to perform traffic observation analysis. If the number of the source ports and the number of the destination ports are both multiple, network messages on a designated mass cloud host cluster can be mirrored or guided to a specific observation device cluster according to the embodiment of the application.
And step S102, sending the target data packet from the mirror image port of the source port to a destination physical machine through a tunnel network.
For example, as shown in fig. 2, the destination packet is sent from the mirror port rec _ vnic47.0 to the destination physical machine host2 through the tunnel network. The mirror port rec _ vnic47.0 is an intermediate network virtual device created for network mirroring. The tunnel network may be implemented based on a Generic Routing Encapsulation protocol (GRE), which may be used as an ingress monitoring device for receiving source port vnic47.0 traffic.
In some embodiments, the method further comprises: and respectively creating GRE tunnel ports on the source physical machine and the destination physical machine, and configuring the tunnel network.
For example, before the step S102, the tunnel network is configured; as shown in fig. 2, the tunnel network may be configured as follows:
(1) a GRE tunnel portal rec _ vnic47.0 is created on the source physical machine host 1:
ip add add 169.254.100.143/24dev bond1
ip link add rec_vnic47.0 type gretap remote 169.254.100.150 local 169.254.100.143ttl 255key 1
ip link set rec_vnic47.0 up
(2) a GRE tunnel portal rec _ vnic25.0 is created on the destination physical machine host 2:
ip add add 169.254.100.143/24dev bond1
ip link add rec_vnic25.0 type gretap remote 169.254.100.143 local 169.254.100.150ttl 255key 1
ip link set rec_vnic25.0 up
step S103, forwarding the target packet to a destination port by using a virtual switch (Linux Bridge) on the destination physical machine, where the destination port is a port of a virtual machine running on the destination physical machine.
For example, as shown in fig. 2, the destination packet is forwarded to the destination port vnic25.0 using Bridge on the destination physical machine host 2.
In some embodiments, the method further comprises: and creating a bridge for traffic monitoring on the destination physical machine, and bridging the destination port and the mirror image port of the destination port on the bridge for traffic monitoring.
For example, as shown in fig. 2, a bridge for traffic monitoring is created on the destination physical machine host2, and the destination port vnic25.0 and the mirror port rec _ vnic25.0 are bridged thereon, which is implemented as follows:
ip link add br_monitor type bridge
ip link set dev br_monitor up
ip link set dev vnic25.0 master br_monitor
ip link set dev rec_vnic25.0 master br_monitor
in some embodiments, the step S103 includes: and forwarding the target data packet to a destination port through the network bridge for flow monitoring by using the virtual switch on the destination physical machine.
Fig. 3 is a schematic diagram of an apparatus for implementing virtual machine traffic mirroring based on tunneling according to an embodiment of the present application, where the apparatus includes a first module 301, a second module 302, and a third module 303.
A first module 301 configures a Traffic Control rule on a virtual switch (Linux Bridge) of a source physical machine, and copies a target packet in data Traffic to a mirror port of a source port, where the source port is a port of a virtual machine running on the source physical machine.
The Linux Bridge is a virtual switch and is used for connecting the virtual machine and the container. A Traffic controller (Traffic Control) in a Linux operating system is used for controlling the flow of a Linux kernel, and the flow Control is mainly realized by establishing a queue at an output port.
For example, as shown in fig. 2, host1 and host2 are physical machines where a source port and a destination port are located, respectively, where host1 is the source physical machine and host2 is the destination physical machine; the VM1 and the VM2 are virtual machines running on host1 and host2 respectively, and the bond0 and the bond1 are virtual network cards formed by binding a plurality of physical network cards; vnic47.0 shown in fig. 2 is the source port, vnic25.0 is the destination port, and rec _ vnic47.0 and rec _ vnic25.0 are mirror ports of the source port and the destination port, respectively. The first module 301 configures a Traffic Control rule on the Bridge connected to the vnic47.0 of the source port, and copies a target packet in the data Traffic to the rec _ vnic47.0 of the mirror port.
In some embodiments, the target packet is a packet in the virtual switch data traffic of the source physical machine that meets a predetermined rule. The predetermined rule includes at least any one of: the target data packet conforms to a preset message type; the destination data packet conforms to a predetermined IP address classification rule.
For example, the predetermined rule may be to filter data traffic according to a packet type, or to filter data traffic by classification according to an IP address, or to filter data traffic according to other classification rules of network traffic, or to filter data traffic by combining multiple classification rules. In one embodiment, if the packet type classification according to the mirror traffic is adopted, only the TCP type packet may be mirrored, and other types of packets are not processed.
In some embodiments, the number of the source ports is one or more, and the number of the destination ports is one or more. For example, the user may define a mirrored port (e.g., the source port) as needed, and then connect the packet analysis device to an observation port (e.g., the destination port) to perform traffic observation analysis. If the number of the source ports and the number of the destination ports are both multiple, network messages on a designated mass cloud host cluster can be mirrored or guided to a specific observation device cluster according to the embodiment of the application.
A second module 302, configured to send the destination packet from the mirror port of the source port to a destination physical machine through a tunnel network.
For example, as shown in fig. 2, the destination packet is sent from the mirror port rec _ vnic47.0 to the destination physical machine host2 through the tunnel network. The mirror port rec _ vnic47.0 is an intermediate network virtual device created for network mirroring. The tunnel network may be implemented based on a Generic Routing Encapsulation protocol (GRE), which may be used as an ingress monitoring device for receiving source port vnic47.0 traffic.
In some embodiments, the apparatus shown in fig. 3 is further configured to: and respectively creating GRE tunnel ports on the source physical machine and the destination physical machine, and configuring the tunnel network.
For example, the tunnel network is configured before the second module 302 is executed; as shown in fig. 2, the tunnel network may be configured as follows:
(1) a GRE tunnel portal rec _ vnic47.0 is created on the source physical machine host 1:
ip add add 169.254.100.143/24dev bond1
ip link add rec_vnic47.0 type gretap remote 169.254.100.150 local 169.254.100.143ttl 255key 1
ip link set rec_vnic47.0 up
(2) a GRE tunnel portal rec _ vnic25.0 is created on the destination physical machine host 2:
ip add add 169.254.100.143/24dev bond1
ip link add rec_vnic25.0 type gretap remote 169.254.100.143 local 169.254.100.150ttl 255key 1
ip link set rec_vnic25.0 up
a third module 303, configured to forward, by using a virtual switch (Linux Bridge) on the destination physical machine, the destination packet to a destination port, where the destination port is a port of a virtual machine running on the destination physical machine.
For example, as shown in fig. 2, the destination packet is forwarded to the destination port vnic25.0 using Bridge on the destination physical machine host 2.
In some embodiments, the apparatus shown in fig. 3 is further configured to: and creating a bridge for traffic monitoring on the destination physical machine, and bridging the destination port and the mirror image port of the destination port on the bridge for traffic monitoring.
For example, as shown in fig. 2, a bridge for traffic monitoring is created on the destination physical machine host2, and the destination port vnic25.0 and the mirror port rec _ vnic25.0 are bridged thereon, which is implemented as follows:
ip link add br_monitor type bridge
ip link set dev br_monitor up
ip link set dev vnic25.0 master br_monitor
ip link set dev rec_vnic25.0 master br_monitor
in some embodiments, the third module 303 forwards the destination packet to a destination port through the bridge for traffic monitoring by using a virtual switch on the destination physical machine.
With reference to fig. 2, according to the embodiment of the present application, only one Traffic Control rule needs to be configured for the VM1 running on the source physical machine host1, and only one Bridge forwarding rule needs to be configured for the destination physical machine host2, which is simple, efficient, and convenient to apply. On a mass of virtual machines (cloud hosts), the flow mirror image of the virtual machines (cloud hosts) can be realized through large-scale configuration and execution of scripts under the condition that the original service is not influenced. In the daily operation and maintenance process of the cloud host, if a certain cloud host network is found to be abnormal (such as network failure and abnormal increase of network traffic), the network bandwidth of the cloud host in a certain direction (such as a network receiving direction and a network sending direction) can be limited through QoS (quality of service), or the network bandwidth of a certain IP (Internet protocol) is limited, and then a traffic mirror image is configured to observe whether the traffic is abnormal or not, so that the reason is found, and the operation and maintenance problem is solved.
To sum up, the embodiment of the present application is based on a tunneling technology, a Linux native flow Control (Traffic Control) technology, and a Linux Bridge technology, and can implement virtual machine flow Control and port mirroring of a private cloud platform in a form of least dependency.
Because the embodiment of the application realizes the forwarding and flow control of the data packet from the Linux kernel layer, compared with the traditional OVS realization scheme, the scheme is simpler, has higher forwarding efficiency, can be flexibly and changeably suitable for the cloud host in any direction in the cloud platform to limit the flow bandwidth, and is convenient for a user to observe and analyze the flow.
Since the flow of the mirror image in the embodiment of the application goes through the independent flow tunnel network, and the tunnel network is established on the independent network card, the process of exporting the flow is independent relative to the original service network of the virtual machine, and the network bandwidth of the virtual machine is basically not affected.
In addition, some of the present application may be implemented as a computer program product, such as computer program instructions, which when executed by a computer, may invoke or provide methods and/or techniques in accordance with the present application through the operation of the computer. Program instructions which invoke the methods of the present application may be stored on a fixed or removable recording medium and/or transmitted via a data stream on a broadcast or other signal-bearing medium and/or stored within a working memory of a computer device operating in accordance with the program instructions. Herein, some embodiments of the present application provide a computing device comprising a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the device to perform the methods and/or aspects of the embodiments of the present application as described above.
Furthermore, some embodiments of the present application also provide a computer readable medium, on which computer program instructions are stored, the computer readable instructions being executable by a processor to implement the methods and/or aspects of the foregoing embodiments of the present application.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, implemented using Application Specific Integrated Circuits (ASICs), general purpose computers or any other similar hardware devices. In some embodiments, the software programs of the present application may be executed by a processor to implement the steps or functions described above. Likewise, the software programs (including associated data structures) of the present application may be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Additionally, some of the steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the apparatus claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.

Claims (10)

1. A method for realizing virtual machine traffic mirroring based on tunneling technology is provided, wherein the method comprises the following steps:
configuring a flow control rule on a virtual switch of a source physical machine, and copying a target data packet in data flow to a mirror image port of a source port, wherein the source port is a port of a virtual machine running on the source physical machine;
sending the target data packet from the mirror image port of the source port to a destination physical machine through a tunnel network;
forwarding, by the virtual switch on the destination physical machine, the target packet to a destination port, where the destination port is a port of a virtual machine running on the destination physical machine.
2. The method of claim 1, wherein the target packet is a packet in the virtual switch data traffic of the source physical machine that complies with a predetermined rule.
3. The method of claim 2, wherein the predetermined rule comprises at least any one of:
the target data packet conforms to a preset message type;
the destination data packet conforms to a predetermined IP address classification rule.
4. The method of claim 1, wherein the method further comprises:
and respectively creating GRE tunnel ports on the source physical machine and the destination physical machine, and configuring the tunnel network.
5. The method of claim 1, wherein the method further comprises:
and creating a bridge for traffic monitoring on the destination physical machine, and bridging the destination port and the mirror image port of the destination port on the bridge for traffic monitoring.
6. The method of claim 5, wherein forwarding, with the virtual switch on the destination physical machine, the destination packet to a destination port comprises:
and forwarding the target data packet to a destination port through the network bridge for flow monitoring by using the virtual switch on the destination physical machine.
7. The method of any of claims 1-6, wherein the number of source ports is one or more and the number of destination ports is one or more.
8. An apparatus for implementing virtual machine traffic mirroring based on tunneling technology, wherein the apparatus comprises:
a first module, configured to configure a flow control rule on a virtual switch of a source physical machine, and copy a target packet in data flow to a mirror port of a source port, where the source port is a port of a virtual machine running on the source physical machine;
a second module, configured to send the destination packet from the mirror port of the source port to a destination physical machine through a tunnel network;
a third module, configured to forward, by using a virtual switch on the destination physical machine, the target packet to a destination port, where the destination port is a port of a virtual machine running on the destination physical machine.
9. A computing device, wherein the device comprises a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the device to perform the method of any of claims 1 to 7.
10. A computer readable medium having stored thereon computer program instructions executable by a processor to implement the method of any one of claims 1 to 7.
CN202010746289.7A 2020-07-29 2020-07-29 Method and equipment for realizing virtual machine flow mirror image based on tunnel technology Pending CN111913782A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010746289.7A CN111913782A (en) 2020-07-29 2020-07-29 Method and equipment for realizing virtual machine flow mirror image based on tunnel technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010746289.7A CN111913782A (en) 2020-07-29 2020-07-29 Method and equipment for realizing virtual machine flow mirror image based on tunnel technology

Publications (1)

Publication Number Publication Date
CN111913782A true CN111913782A (en) 2020-11-10

Family

ID=73286815

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010746289.7A Pending CN111913782A (en) 2020-07-29 2020-07-29 Method and equipment for realizing virtual machine flow mirror image based on tunnel technology

Country Status (1)

Country Link
CN (1) CN111913782A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491744A (en) * 2020-11-13 2021-03-12 浪潮思科网络科技有限公司 Port flow mirroring method, device and medium
CN113542092A (en) * 2021-05-27 2021-10-22 贵州电网有限责任公司 Openstack-based automatic drainage method
CN114640689A (en) * 2022-03-31 2022-06-17 西安超越申泰信息科技有限公司 Proxmox VE-based network mirror image implementation method and system
CN114884905A (en) * 2022-04-18 2022-08-09 深信服科技股份有限公司 Flow mirroring method, device, equipment and computer storage medium
WO2023004992A1 (en) * 2021-07-27 2023-02-02 苏州浪潮智能科技有限公司 Traffic monitoring method and apparatus for open stack tenant network
US11722436B2 (en) 2021-08-24 2023-08-08 International Business Machines Corporation Transport control word architecture for physical port mirroring

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743734A (en) * 2016-01-22 2016-07-06 北京航空航天大学 Virtual machine mirror image flow transmission control method and virtual machine mirror image flow transmission control device
US20160294731A1 (en) * 2015-04-01 2016-10-06 Brocade Communications Systems, Inc. Techniques For Facilitating Port Mirroring In Virtual Networks
US20170118041A1 (en) * 2015-10-21 2017-04-27 Brocade Communications Systems, Inc. Distributed rule provisioning in an extended bridge
CN107431642A (en) * 2015-02-10 2017-12-01 大交换机网络股份有限公司 For controlling interchanger to capture and monitor the system and method for network traffics
CN107864061A (en) * 2017-11-15 2018-03-30 北京易讯通信息技术股份有限公司 A kind of method of virtual machine port speed constraint and mirror image in private clound

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107431642A (en) * 2015-02-10 2017-12-01 大交换机网络股份有限公司 For controlling interchanger to capture and monitor the system and method for network traffics
US20160294731A1 (en) * 2015-04-01 2016-10-06 Brocade Communications Systems, Inc. Techniques For Facilitating Port Mirroring In Virtual Networks
US20170118041A1 (en) * 2015-10-21 2017-04-27 Brocade Communications Systems, Inc. Distributed rule provisioning in an extended bridge
CN105743734A (en) * 2016-01-22 2016-07-06 北京航空航天大学 Virtual machine mirror image flow transmission control method and virtual machine mirror image flow transmission control device
CN107864061A (en) * 2017-11-15 2018-03-30 北京易讯通信息技术股份有限公司 A kind of method of virtual machine port speed constraint and mirror image in private clound

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491744A (en) * 2020-11-13 2021-03-12 浪潮思科网络科技有限公司 Port flow mirroring method, device and medium
CN112491744B (en) * 2020-11-13 2022-08-02 浪潮思科网络科技有限公司 Port flow mirroring method, device and medium
CN113542092A (en) * 2021-05-27 2021-10-22 贵州电网有限责任公司 Openstack-based automatic drainage method
WO2023004992A1 (en) * 2021-07-27 2023-02-02 苏州浪潮智能科技有限公司 Traffic monitoring method and apparatus for open stack tenant network
US11722436B2 (en) 2021-08-24 2023-08-08 International Business Machines Corporation Transport control word architecture for physical port mirroring
TWI813383B (en) * 2021-08-24 2023-08-21 美商萬國商業機器公司 Transport control word architecture for physical port mirroring
CN114640689A (en) * 2022-03-31 2022-06-17 西安超越申泰信息科技有限公司 Proxmox VE-based network mirror image implementation method and system
CN114884905A (en) * 2022-04-18 2022-08-09 深信服科技股份有限公司 Flow mirroring method, device, equipment and computer storage medium
CN114884905B (en) * 2022-04-18 2023-11-07 深信服科技股份有限公司 Traffic mirroring method, traffic mirroring device, traffic mirroring equipment and computer storage medium

Similar Documents

Publication Publication Date Title
CN111913782A (en) Method and equipment for realizing virtual machine flow mirror image based on tunnel technology
CN107925677B (en) Method and switch for offloading data object replication and service function chain management
CN112165532B (en) Node access method, device, equipment and computer readable storage medium
US10887276B1 (en) DNS-based endpoint discovery of resources in cloud edge locations embedded in telecommunications networks
CN109714238B (en) Method and equipment for realizing communication between virtual machines
TWI626537B (en) Methods and systems for analyzing record and usage in post package repair
CN113326101B (en) Thermal migration method, device and equipment based on remote direct data storage
CN113326228B (en) Message forwarding method, device and equipment based on remote direct data storage
US10855557B2 (en) Method and device for upgrading virtual switch
CN113315706B (en) Private cloud flow control method, device and system
CN111935238A (en) Cloud platform load balancing management system, method, equipment and medium
WO2019085975A1 (en) Network topology display method and network management device
CN111327651A (en) Resource downloading method, device, edge node and storage medium
CN111010340B (en) Data message forwarding control method and device and computing device
WO2018107433A1 (en) Information processing method and device
CN104852955A (en) Data processing method and system
CN113973052A (en) Cloud network system, data transmission method, computing node and storage medium
US11310154B2 (en) Enabling multicast-label-distribution-protocol (mLDP) on non-mLDP devices
CN111367609A (en) Desktop switching method based on intelligent desktop virtualization IDV framework
CN109450794B (en) Communication method and device based on SDN network
CN114827079B (en) Capacity expansion method, device and storage medium of network address translation gateway
US20220141080A1 (en) Availability-enhancing gateways for network traffic in virtualized computing environments
CN109710423B (en) Method and equipment for communication between virtual machines
CN116264538A (en) Data processing method, device, equipment and computer storage medium
WO2017173989A1 (en) Method, device, and system for distribution processing on multicast and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination