CN114760254B - Virtual network system and method for realizing data packet forwarding processing by virtual network system - Google Patents
Virtual network system and method for realizing data packet forwarding processing by virtual network system Download PDFInfo
- Publication number
- CN114760254B CN114760254B CN202210400141.7A CN202210400141A CN114760254B CN 114760254 B CN114760254 B CN 114760254B CN 202210400141 A CN202210400141 A CN 202210400141A CN 114760254 B CN114760254 B CN 114760254B
- Authority
- CN
- China
- Prior art keywords
- bridge
- local
- virtual
- data packet
- distributed switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The invention discloses a virtual network system and a method for realizing data packet forwarding processing by the virtual network system, wherein the virtual network system comprises a plurality of virtual distributed switches, each virtual distributed switch is provided with an OVS bridge chain-based modular openflow pipeline structure, and an OVS instance distributed on a plurality of physical nodes forms a logic forwarding unit. The invention puts part of functions related to virtual network device management into a specific bridge, and the network function is designed without considering the device management function and the change thereof.
Description
Technical Field
The invention relates to a virtual network system and a method for realizing data packet forwarding processing by the virtual network system, and belongs to the technical field of virtual machine networks.
Background
Software Defined Network (SDN) is a Network architecture model that uses control and forwarding separately, and is completely Defined by Software and implements Network forwarding, and is widely used in the construction of current data center virtual networks. When the SDN is built, a Virtual Switch (VS) implemented by software needs to be deployed on a physical server node as a core component, where an OVS (Open VS) is a Virtual Switch which is most representative and is most widely used. The OVS uses the OpenFlow protocol as a standard protocol for interaction between the control plane and the data plane, and the control plane implements various functions of the data plane, such as forwarding, distributed firewall, and the like, by programming OpenFlow Pipeline.
As shown in fig. 1, an OpenFlow Pipeline is composed of a series of Flow tables (Flow tables, group tables, meter tables), each Flow Table is connected with another Flow Table through a certain control logic, and any Flow Table is composed of a series of Flow entries including a matching field and a corresponding executable action. Existing architectures typically use a single OpenFlow Pipeline to implement business logic.
The existing virtual network implementation architecture is mainly divided into the following two categories:
1) The method is characterized in that high-level network functions such as a distributed firewall, distributed routing and dhcp are realized based on frames such as a linux network name space, an ip route and a netfilter, and the network functions realized on the kernel are bonded through a plurality of specific bridge devices (OVS bridge and linux bridge) to form a complete virtual network function, wherein the most representative realization is Openstack.
2) Based on the software definition programmable capability of the virtual switch, a specific south-north protocol is used for realizing various complete network functions, the most representative realization is OVN, an OVS is used as a software switch, openFlow is used as a south control protocol, and ovsdb is used as a north control protocol, so that a complete network function stack is constructed.
In the Openstack architecture, functions such as security group, dhcp, routing, floating IP and the like are all realized by combining linux kernel components such as network namespaces (network namespaces), iptables, iproute and the like, and multiple bridges are used for connecting network functions realized based on the linux kernels. The bridge itself is not the main carrier for network function implementation, and only implements forwarding related functions, which are mainly used as a glue connection between network functions. The structure enables various network functions in Openstack to realize modularization to a certain degree, but a large number of functions depend on iptables, and the performance is obviously reduced along with the increase of the network scale; the use of common bridging between different modules also introduces additional performance penalties. Meanwhile, in order to maintain multiple network functions, proxy nodes with specific functions need to be maintained for each network node, so that the operation and maintenance are complex.
In the OVN architecture, by constructing a single OpenFlow Pipeline in a single OVS bridge: all functions are implemented in the Pipeline, different network functions are implemented through specific logic table entries, a unified virtual network view is provided for a user, and the unified virtual network view is implemented by fully utilizing an efficient OVS data plane, but because a specific network function has no modularized definition mode, changing/adding/deleting the network functions in OpenFlow Pipeline requires changing the whole OpenFlow Pipeline, so that the whole OpenFlow Pipeline needs to be deeply understood, and meanwhile, changing operation may also require adjusting the whole OpenFlow Pipeline logic table entries, and the function change cannot be performed in a modularized mode. Meanwhile, there is a coupling between virtual device management and network function implementation (all management is performed in bridge unit), and the design and implementation of the network function need to consider both the device management function and its modification.
Disclosure of Invention
The object of the present invention is to solve the drawbacks mentioned in the background art.
In order to achieve the above object, in a first aspect, the present invention provides a virtual network system, including a plurality of virtual distributed switches, where each virtual distributed switch is composed of a logical forwarding unit composed of OVS instances distributed on a plurality of physical nodes;
the OVS instance on each physical node comprises a plurality of OVS bridges with different functions, and the OVS bridges are connected through an OVS Patch Port;
each OVS bridge comprises a Local-bridge Local bridge, an NF-bridge, a Cls-bridge classified bridge and an Uplink-bridge Uplink bridge;
the Local-bridge Local bridge is used for directly redirecting the traffic sent from the Local to the NF-bridge directly connected with the Local bridge upstream; the system is also used for forwarding the data packet received from the NF-bridge directly connected with the upstream to the corresponding local port through L2;
the NF-bridge is connected with a downstream Local-bridge Local bridge and an upstream Cls-bridge classification bridge; the NF-bridge is used for constructing a preset specific network and is also used for supporting the addition, deletion or change of the preset specific network in a hot plug virtual OVS bridge mode;
the Cls-bridge classification bridge is connected with a downstream NF-bridge and an upstream Uplink-bridge Uplink bridge; the Cls-bridge classified network bridge is used for classifying data packets sent to local or other non-local nodes locally and shunting the data packets;
and the Uplink-bridge Uplink bridge is used for directly connecting with a physical interface of the corresponding virtual distributed switch.
Further, virtual network devices are connected to the Local-bridge and the Uplink-bridge, respectively, so as to implement isolation of virtual network device management and network functions.
Further, the preset specific network at least comprises a distributed firewall network and a service chain network.
The invention provides a method for realizing data packet forwarding processing of a virtual network system, which comprises the steps of determining whether two virtual machines of a source virtual machine VM11 and a target virtual machine VM12 are linked on the same virtual distributed switch, and if the two virtual machines are linked on the same virtual distributed switch, executing a data packet sending process between the two virtual machines VM11 and VM12 on the same virtual distributed switch:
step S100, the Local-bridge Local bridge sends the data packet sent from the Local port to an upstream NF-bridge;
s101, an upstream NF-bridge carries out NF processing on a data packet, and finally sends the data packet after the NF processing to a Cls-bridge classification bridge;
step S103, the Cls-bridge classified bridge acquires a destination address of the target virtual machine VM12 and determines the destination address of the target virtual machine VM 12; sending the data packet back to the NF-bridge directly connected with the Cls-bridge classified bridge to the downstream, processing the data packet by NF, and finally sending the data packet to a Local-bridge Local bridge;
step S104, the Local-bridge Local bridge parses the Local port of the target VM12 corresponding to the destination address, and forwards the data packet to the Local port of the corresponding target VM 12.
Further, the method for implementing packet forwarding processing in a virtual network system further includes determining whether two virtual machines, i.e., the source virtual machine VM11 and the target virtual machine VM21, are linked on the same virtual distributed switch, and if it is determined that the two virtual machines are linked on different virtual distributed switches, executing a packet sending process between the two different virtual machines VM11 and VM21 on the virtual distributed switch on the source virtual machine VM11 and the virtual distributed switch on the target virtual machine VM 21:
step S201, a Local-bridge Local bridge of a source virtual distributed switch corresponding to a source virtual machine VM11 sends a data packet sent from a Local port to an upstream NF-bridge of the source virtual distributed switch for processing;
step S202, an upstream NF-bridge of the source virtual distributed switch carries out NF processing on the data packet and finally sends the data packet to a Cls-bridge classification bridge of the source virtual distributed switch;
step S203, the Cls-bridge classified bridge of the source virtual distributed switch sends the data packet to the Uplink-bridge Uplink bridge of the source virtual distributed switch according to the destination address;
step S204, the Uplink-bridge Uplink bridge of the source virtual distributed switch forwards the data packet according to the built-in forwarding logic of the OVS, and the data packet is sent to a physical network from an Uplink port;
step S205, the Uplink-bridge Uplink bridge of the target virtual distributed switch at the opposite terminal receives the data packet from the physical network, and forwards the data packet according to the OVS built-in forwarding logic, and sends the data packet to the Cls-bridge classified bridge of the target virtual distributed switch at the opposite terminal from the Uplink port;
step S206, the Cls-bridge classified bridge of the target virtual distributed switch of the opposite terminal searches a forwarding table and forwards the data packet to the NF-bridge of the target virtual distributed switch of the downstream direct-connected opposite terminal;
step S207, the target virtual distributed switch NF-bridge of the opposite terminal is processed, and the Local-bridge Local bridge of the target virtual distributed switch of the opposite terminal is finally sent;
step S208, the Local-bridge Local bridge of the target virtual distributed switch of the opposite end searches the forwarding table, and sends the data packet to the Local port of the target virtual machine VM 12.
Further, the method for implementing packet forwarding processing in the virtual network system further includes whether packet transmission from the local port to the remote port is performed for the two virtual machines, i.e., the source virtual machine VM11 and the target virtual machine VM21, and if the determination result is yes, a packet transmission process between the two virtual machines, i.e., the source virtual machine VM11 and the target virtual machine VM21, is executed:
step S301, the Local-bridge Local bridge of the source virtual distributed switch corresponding to the source virtual machine VM11 sends the data packet sent from the Local port to the upstream NF-bridge of the virtual distributed switch for processing;
step S302, the upstream NF-bridge carries out NF processing on the data packet and finally sends the data packet to the Cls-bridge of the source virtual distributed switch;
step S303, the Cls-bridge classified bridge of the source virtual distributed switch sends the data packet to the Uplink-bridge Uplink bridge of the source virtual distributed switch according to the destination address;
step S304, the Uplink-bridge Uplink bridge of the source virtual distributed switch forwards the data packet according to the built-in forwarding logic of the OVS, and the data packet is sent to a physical network from an Uplink port;
step S305, the Uplink-bridge Uplink bridge of the target virtual distributed switch of the remote port receives the data packet from the physical network, and the data packet is forwarded according to the built-in forwarding logic of the OVS, and is sent to the Cls-bridge classified bridge of the target virtual distributed switch of the remote port from the Uplink port;
step S306, the Cls-bridge classified bridge of the target virtual distributed switch of the remote port searches a forwarding table and forwards the data packet to the NF-bridge of the target virtual distributed switch directly connected with the remote port at the downstream;
step S307, the processed data is sent to the Local-bridge Local bridge of the target virtual distributed switch of the remote port finally through the NF-bridge of the target virtual distributed switch of the remote port;
step S308, the Local-bridge Local bridge of the target virtual distributed switch of the remote port searches the forwarding table, and sends the data packet to the Local port of the target virtual machine VM 12.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a virtual network system, which comprises a plurality of virtual distributed switches, wherein each virtual distributed switch is composed of a logic forwarding unit consisting of OVS instances distributed on a plurality of physical nodes; the OVS instance on each physical node comprises a plurality of OVS bridges with different functions, and the OVS bridges are connected by an OVS Patch Port; each OVS bridge comprises a Local-bridge Local bridge, an NF-bridge, a Cls-bridge classified bridge and an Uplink-bridge Uplink bridge;
the Local-bridge Local bridge is used for directly redirecting the traffic sent from the Local to the NF-bridge directly connected with the Local bridge upstream; the system is also used for forwarding the data packet received from the NF-bridge directly connected with the upstream to the corresponding local port through L2;
the NF-bridge is connected with a downstream Local-bridge Local bridge and an upstream Cls-bridge classification bridge; the NF-bridge is used for constructing a preset specific network and is also used for supporting the addition, deletion or change of the preset specific network in a hot plug virtual OVS bridge mode;
the Cls-bridge classification bridge is connected with a downstream NF-bridge and an upstream Uplink-bridge Uplink bridge; the Cls-bridge classified network bridge is used for classifying data packets sent to local or other non-local nodes locally and shunting the data packets;
and the Uplink-bridge Uplink bridge is used for directly connecting with a physical interface of the corresponding virtual distributed switch.
By analyzing the technical scheme, the method comprises the following steps: dividing functions of virtual equipment such as a port of a local virtual machine and the like into a local-bridge local network bridge, simultaneously dividing functions of a physical port connected with an upper link into an Uplink-bridge Uplink network bridge, and simultaneously adding a Cls-bridge classification network bridge to perform flow classification forwarding according to the flow direction; therefore, the virtual network configuration management and the network function are decoupled, and the multi-virtual network function and the update decoupling are realized.
The virtual network system realizes specific network functions (such as a distributed firewall, a service chain and the like) by adding NF-bridge with specific functions; partial functions related to virtual network device management are placed in a specific bridge device, and the network function is designed without considering the device management function and the change of the device management function.
Drawings
FIG. 1 is a prior art system diagram of OpenFlow Pipeline;
FIG. 2 is a system diagram of one embodiment of a virtual network system of the present invention;
FIG. 3 is a schematic diagram of a Local-bridge in one embodiment of the virtual network system of the present invention;
FIG. 4 is a schematic diagram of a Cls-bridge in one embodiment of the virtual network system of the present invention;
FIG. 5 is a schematic diagram of an Uplink bridge in an embodiment of the virtual network system of the present invention;
FIG. 6 is a flow chart of packet forwarding with Local to Local in the same volume vds in an embodiment of the virtual network system construction method of the present invention;
FIG. 7 is a flow chart of packet forwarding with Local to Local at differential vds in an embodiment of the virtual network system construction method of the present invention;
fig. 8 is a flow chart of packet forwarding with Local to remote being in differential vds in an embodiment of the virtual network system construction method of the present invention.
Description of the preferred embodiment
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
The technical solution of the present invention is further explained with reference to the accompanying drawings and the specific embodiments.
As shown in fig. 2, an embodiment of the virtual network system of the present invention includes a plurality of virtual distributed switches VDS, each of the virtual distributed switches VDS1, VDS2, etc. has a modular openflow pipeline structure based on OVS bridge, and each of the virtual distributed switches is a logical forwarding unit formed by OVS instances distributed on a plurality of physical nodes.
As shown in fig. 2, in an embodiment, each of the virtual distributed switches VDS1, VDS2, etc. forms the OVS bridge chain of the OVS bridges having a plurality of different functions, and the OVS bridges are connected by an OVS Patch Port.
As shown in FIG. 2, in one embodiment, the plurality of OVS bridges with different functions comprises a Local-bridge, an NF-bridge, a Cls-bridge and an Uplink-bridge which are connected in sequence; and respectively connecting the virtual network equipment to the Local-bridge and the Uplink-bridge so as to realize the isolation of the virtual network equipment management and the network function. In the technical scheme of the application, the virtual network configuration is carried out in a mode of being compatible with the existing virtual network port/uplink port management mechanism, the configuration management logic of the part is not required to be modified completely, and meanwhile, other types of network functions can be added in a mode of adding NF-bridge into the bridge chain.
By analyzing the technical scheme, the method comprises the following steps: dividing functions of virtual equipment such as a port of a local virtual machine and the like into a local-bridge local network bridge, simultaneously dividing functions of a physical port connected with an upper link into an Uplink-bridge Uplink network bridge, and simultaneously adding a Cls-bridge classification network bridge to perform flow classification forwarding according to the flow direction; therefore, the virtual network configuration management and the network function are decoupled, and the multi-virtual network function and the update decoupling are realized. The main tasks of the virtual network configuration management are as follows: 1) Managing a virtual machine port; 2) And managing the uplink ports. According to the technical scheme, the two types of ports are respectively connected to the Local-bridge and the uplink bridge, so that the virtual network configuration management work only needs to be carried out on the two bridges, and the specific network function of the middle NF-bridge is not concerned at all. The virtual network system realizes specific network functions (such as a distributed firewall, a service chain and the like) by adding NF-bridge with specific functions; partial functions related to virtual network device management are placed in a specific bridge device, and the network functions are designed without considering the device management functions and changes thereof.
The invention provides a virtual network system, which comprises a plurality of virtual distributed switches, wherein each virtual distributed switch is composed of a logic forwarding unit consisting of OVS instances distributed on a plurality of physical nodes;
the OVS instance (OVS virtual machine instance on the physical node) on each physical node comprises a plurality of OVS bridges with different functions, and the OVS bridges are connected by an OVS Patch Port;
each OVS bridge comprises a Local-bridge Local bridge, an NF-bridge, a Cls-bridge classified bridge and an Uplink-bridge Uplink bridge;
the Local-bridge Local bridge is used for directly redirecting the traffic sent from the Local to the NF-bridge directly connected with the Local bridge upstream; the system is also used for forwarding the data packet received from the NF-bridge directly connected with the upstream to the corresponding local port through L2;
the NF-bridge is connected with the downstream Local-bridge Local bridge and the upstream Cls-bridge classification bridge; the NF-bridge is used for constructing a preset specific network and is also used for supporting the addition, deletion or change of the preset specific network in a hot-plug virtual OVS bridge mode;
the Cls-bridge classification bridge is connected with a downstream NF-bridge and an upstream Uplink-bridge Uplink bridge; the Cls-bridge classified network bridge is used for classifying data packets sent to local or other non-local nodes locally and shunting the data packets;
and the Uplink-bridge Uplink bridge is used for directly connecting with a physical interface of the corresponding virtual distributed switch.
As shown in fig. 2, in one embodiment, any virtual distributed switch VDS corresponds to a Local-bridge on a single node, and is used to connect all vms connected to the VDS on the node to other upstream functional bridges, and send data packets addressed to the Local vm to the corresponding Local port; the NF-bridge is used for realizing the preset specific network function, and the preset specific network function at least comprises a distributed firewall and a service chain; the Cls-bridge is used for classifying and shunting the traffic which is locally sent to the local and is locally sent to other nodes; any VDS corresponds to one NF-bridge on a single node, and is used for connecting all vm connected to the VDS on the node to a physical uplink port corresponding to the VDS and sending data packets sent to different VDSs outside and locally to the uplink port for further processing.
For the flow sent from the local port, after the flow is processed by the function ovs bridge such as NF-bridge, the flow needs to be sent to the port corresponding to the VDS for further processing. Local-bridge is responsible for: 1) Directly redirecting the flow sent from the local to the NF-bridge directly connected with the upstream; 2) And forwarding the data packet received from the NF-bridge directly connected to the upstream to the corresponding local port through L2.
For the flow from the uplink, the uplink bridge is firstly forwarded to the traffic classification bridge through the ovs default forwarding logic, and then after being processed by a series of functional ovs bridges such as NF-bridge and the like, the Local-bridge which needs to be sent to the VDS corresponding to the uplink is further processed. the traffic classification bridge is responsible for 1) sending the data packets which are sent from the local and are sent to other local vm back to the downstream policy bridge directly connected with the local classification bridge for further processing; 2) Sending a data packet which is sent from the local and is sent to vm on other nodes to an upstream uplink port; 3) And directly sending the data packet sent from the uplink port to the NF-bridge directly connected with the data packet at the downstream.
For any host node:
a. each VDS corresponds to a Local-bridge, an Uplink-bridge (e.g., local-bridge1 & & Uplink-bridge 1), a series of NF-bridges, and a Cls-bridge (also known as a Traffic classification bridge).
b. Only Local-bridge is directly connected to endpoint (virtual machine, etc.) of the corresponding VDS, and is responsible for:
i. sending the data packet sent to the endpoint on the VDS to the corresponding port;
redirecting the data packet sent from the endpoint on the local VDS to other bridge (realizing other functions).
c. Only the Uplink-bridge is directly connected to the physical interface (standby or binding) of its corresponding VDS.
NF-bridge only links downstream Local-bridge as well as upstream Cls-bridge (or other NF-bridge).
Traffic classification bridge links downstream NF-bridge and upstream Uplink-bridge.
As shown in FIG. 3, the Local-bridge Local bridge operates on the following principle:
table 0 (i.e., #0 in FIG. 3) executes the logic: a vlan input table;
1. data packet sent from local port: 1) Performing vlan processing according to the local port virtual network configuration information (from ovsdb); 2) And L2 learning is carried out, and the L2 forwarding table entry corresponding to the local port is learned.
2. Data packets sent from the upstream NF-bridge to the local: 1) Directly searching the learned local L2 forwarding table, and if the search is successful, forwarding the local forwarding table to a corresponding local port according to the table search result; 2) And if the table lookup fails, flooding.
3. From the other ports: and other illegal data packets are discarded.
Table 5 (i.e., #5 in FIG. 3) executes the logic: a sparned L2 table;
1. and matching the Table entry of the local port L2 forwarding Table learned by Table 5, and forwarding the Table entry to the port corresponding to the Table entry.
2. Unicast message, the destination address is not in the learned list item: 1) For a data packet with a source L2 address and a destination L2 address both being Local ports, the data packet is forwarded back to a Local-bridge after being processed by a network function on an upstream NF-bridge, and a real flooding port needs to be determined according to an L2 source address of the data packet, namely the flooding packet is not sent to a port corresponding to a source mac address; 2) And for other types of data packets, sending the data packets to all ports except the input port according to the general flooding flow.
3. And broadcasting the message.
Table 10 (i.e., #10 in FIG. 3) executes the logic: an L2 learning table;
1. the local port L2 learns the table, and generates an L2 forwarding table (table 5 entry) for the packet whose destination address is the local port address.
Table 15 (i.e., #15 in FIG. 3) executes the logic: a local output table;
1. and directly forwarding the data packet sent out from the local port to the upstream direct connection NF-bridge.
The principle of operation of NF-bridge bridges is as follows:
the bridge is OpenFlow Pipeline corresponding to the customized network function service logic, and is specific depending on the service. In the system, a plurality of NF-bridges can be customized according to requirements to realize a plurality of network functions, and OVS Patch port connection is also used among the NF-bridges.
And after the processing of each NF-bridge is finished, directly determining a destination port according to the direction of a data packet: 1) A data packet from the downstream (Local-bridge direction) is sent to the NF directly-connected upstream bridge (NF-bridge or Cls-bridge); 2) Packets from upstream (Uplink-bridge direction) are sent to the NF directly connected downstream bridge (NF-bridge or Local-bridge).
As shown in FIG. 4, the Cls-bridge class bridge operates on the following principle:
table 0 (i.e., #0 in FIG. 4) executes the logic: an L2 learning table;
1. a packet from the Uplink-bridge, 1) perform L2 learning; 2) And sending the NF-bridge directly connected with the downstream to perform network function processing. 2. Data packets sent from the directly connected downstream NF-bridge: 1) L2 learning is carried out; 2) And searching a forwarding table and forwarding.
Table 1 (i.e., #1 in FIG. 4) executes the logic: an L2 forwarding table;
1. broadcast packets, and unknown unicast packets, marked as flooding.
2. The search of the forwarding table is successful: and marking according to the forwarding table look-up result.
Table 2 (i.e., #2 in FIG. 4) executes the logic: cls (classfier) forwarding table;
1. and forwarding/flooding according to the table look-up result mark.
2. Illegal marking results: it is directly discarded.
As shown in fig. 5, the Uplink-bridge operates according to the following principle:
table 0 (i.e., #0 in FIG. 5) executes logic; 1. OVS default L2 forwarding logic is used.
The following illustrates the packet forwarding process:
as shown in fig. 6, the flow of Local to Local (same vds) is as follows according to the sequence of the U-shaped lines (from VM11 to VM 12) in the figure and the numerical sequence marked in the figure: the two virtual machines VM11 and VM12 belong to the same virtual distributed switch.
The method comprises the steps that whether two virtual machines, namely a source virtual machine VM11 and a target virtual machine VM12, are linked on the same virtual distributed switch, and if the two virtual machines are determined to be linked on the same virtual distributed switch, a data packet sending process between the two virtual machines VM11 and VM12 on the same virtual distributed switch is executed:
step S100, the Local-bridge Local bridge sends the data packet sent from the Local port to an upstream NF-bridge;
s101, an upstream NF-bridge carries out NF processing on a data packet, and finally sends the data packet after the NF processing to a Cls-bridge classification bridge;
step S103, the Cls-bridge classified bridge acquires a destination address of the target virtual machine VM12 and determines the destination address of the target virtual machine VM 12; sending the data packet back to the NF-bridge directly connected with the Cls-bridge classified bridge to the downstream, processing the data packet by NF, and finally sending the data packet to a Local-bridge Local bridge;
step S104, the Local-bridge Local bridge parses the Local port of the target VM12 corresponding to the destination address, and forwards the data packet to the Local port of the corresponding target VM 12.
As shown in fig. 7, the flow of Local to Local (differential vds) is as follows according to the sequence of two lines (the data transmission path starts from VM11 and ends at VM 21) in the figure and the numerical sequence marked in the figure: the two virtual machines VM11 and VM21 belong to different virtual distributed switches.
Further, the method for implementing packet forwarding processing in a virtual network system further includes determining whether two virtual machines, i.e., the source virtual machine VM11 and the target virtual machine VM21, are linked on the same virtual distributed switch, and if it is determined that the two virtual machines are linked on different virtual distributed switches on the same virtual distributed switch, executing a packet sending process between the two different virtual machines VM11 and VM21 on the virtual distributed switch on the source virtual machine VM11 and the virtual distributed switch on the target virtual machine VM 21:
step S201, a Local-bridge Local bridge of a source virtual distributed switch corresponding to a source virtual machine VM11 sends a data packet sent from a Local port to an upstream NF-bridge of the source virtual distributed switch for processing;
step S202, an upstream NF-bridge of the source virtual distributed switch carries out NF processing on the data packet and finally sends the data packet to a Cls-bridge classification bridge of the source virtual distributed switch;
step S203, the Cls-bridge classified bridge of the source virtual distributed switch sends the data packet to the Uplink-bridge Uplink bridge of the source virtual distributed switch according to the destination address;
step S204, an Uplink-bridge Uplink bridge of the source virtual distributed switch forwards the data packet according to built-in forwarding logic of the OVS, and the data packet is sent to a physical network from an Uplink port;
step S205, the Uplink-bridge Uplink bridge of the target virtual distributed switch at the opposite terminal receives the data packet from the physical network, and the data packet is forwarded according to the built-in forwarding logic of the OVS, and is sent to the Cls-bridge classified bridge of the target virtual distributed switch at the opposite terminal from the Uplink port;
step S206, the Cls-bridge classified bridge of the target virtual distributed switch of the opposite terminal searches a forwarding table and forwards the data packet to the NF-bridge of the target virtual distributed switch of the downstream direct connection opposite terminal;
step S207, the target virtual distributed switch NF-bridge of the opposite terminal is processed, and the Local-bridge Local bridge of the target virtual distributed switch of the opposite terminal is finally sent;
step S208, the Local-bridge Local bridge of the target virtual distributed switch of the opposite end searches the forwarding table, and sends the data packet to the Local port of the target virtual machine VM 12.
As shown in fig. 8, further, the method for implementing packet forwarding processing by a virtual network system further includes whether packet transmission from a local port to a remote port is performed for two virtual machines, namely, the source virtual machine VM11 and the target virtual machine VM21, and if the determination result is yes, a packet transmission process between the two virtual machines, namely, the source virtual machine VM11 and the target virtual machine VM21, is executed: the flow of Local to remote (same vds OR differential vds) is as follows:
step S301, the Local-bridge Local bridge of the source virtual distributed switch corresponding to the source virtual machine VM11 sends the data packet sent from the Local port to the upstream NF-bridge of the virtual distributed switch for processing;
step S302, the upstream NF-bridge carries out NF processing on the data packet and finally sends the data packet to the Cls-bridge of the source virtual distributed switch;
step S303, the Cls-bridge classified bridge of the source virtual distributed switch sends the data packet to the Uplink-bridge Uplink bridge of the source virtual distributed switch according to the destination address;
step S304, the Uplink-bridge Uplink bridge of the source virtual distributed switch forwards the data packet according to the built-in forwarding logic of the OVS, and the data packet is sent to a physical network from an Uplink port;
step S305, the Uplink-bridge Uplink bridge of the target virtual distributed switch of the remote port receives the data packet from the physical network, and the data packet is forwarded according to the built-in forwarding logic of the OVS, and is sent to the Cls-bridge classified bridge of the target virtual distributed switch of the remote port from the Uplink port;
step S306, the Cls-bridge classified bridge of the target virtual distributed switch of the remote port searches a forwarding table and forwards the data packet to the NF-bridge of the target virtual distributed switch directly connected with the remote port at the downstream;
step S307, the target virtual distributed switch NF-bridge of the remote port is processed, and finally the Local-bridge Local bridge of the target virtual distributed switch of the remote port is sent to;
step S308, the Local-bridge Local bridge of the target virtual distributed switch of the remote port searches the forwarding table, and sends the data packet to the Local port of the target virtual machine VM 12.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (6)
1. A virtual network system is characterized by comprising a plurality of virtual distributed switches, wherein each virtual distributed switch is composed of a logic forwarding unit composed of OVS instances distributed on a plurality of physical nodes;
the OVS instance on each physical node comprises a plurality of OVS bridges with different functions, and the OVS bridges are connected through an OVS Patch Port;
each OVS bridge comprises a Local-bridge Local bridge, an NF-bridge, a Cls-bridge classified bridge and an Uplink-bridge Uplink bridge;
the Local-bridge Local bridge is used for directly redirecting the traffic sent out locally to the NF-bridge directly connected with the Local-bridge upstream; the system is also used for forwarding the data packet received from the NF-bridge directly connected with the upstream to the corresponding local port through L2;
the NF-bridge is connected with a downstream Local-bridge Local bridge and an upstream Cls-bridge classification bridge; the NF-bridge is used for constructing a preset specific network, and is also used for supporting the addition, deletion or change of the preset specific network in a hot plug virtual OVS bridge mode;
the Cls-bridge classification bridge is connected with a downstream NF-bridge and an upstream Uplink-bridge Uplink bridge; the Cls-bridge classification bridge is used for classifying data packets sent to local or other non-local nodes locally and shunting;
and the Uplink-bridge Uplink bridge is used for directly connecting with a physical interface of the corresponding virtual distributed switch.
2. The virtual network system of claim 1, wherein virtual network devices are connected to the Local-bridge Local bridge and Uplink-bridge upstream bridge, respectively, to achieve isolation of virtual network device management from network functions.
3. The virtual network system of claim 2, wherein the predetermined specific network comprises at least a distributed firewall network and a service chaining network.
4. A method for implementing packet forwarding processing by using the virtual network system according to claim 3, wherein the method for implementing packet forwarding processing by using the virtual network system includes determining whether two virtual machines, namely, a source virtual machine VM11 and a target virtual machine VM12, are linked on a same virtual distributed switch, and if it is determined that the two virtual machines are linked on the same virtual distributed switch, executing a packet sending process between the two virtual machines VM11 and VM12 on the same virtual distributed switch:
step S100, the Local-bridge Local bridge sends a data packet sent from a Local port to an upstream NF-bridge;
s101, an upstream NF-bridge forwards a data packet, and finally sends the data packet after forwarding to a Cls-bridge classified bridge;
step S103, the Cls-bridge classified bridge acquires a destination address of the target virtual machine VM12 and determines the destination address of the target virtual machine VM 12; sending the data packet back to the NF-bridge directly connected with the Cls-bridge classified bridge to the downstream, forwarding and processing the data packet, and finally sending the data packet to a Local-bridge Local bridge;
step S104, the Local-bridge Local bridge parses the Local port of the target VM12 corresponding to the destination address, and forwards the data packet to the Local port of the corresponding target VM 12.
5. The method for implementing packet forwarding processing in a virtual network system according to claim 4, further comprising determining whether two virtual machines, namely, the source virtual machine VM11 and the target virtual machine VM21, are linked on a same virtual distributed switch, and if it is determined that the two virtual machines are linked on different virtual distributed switches, performing a packet sending process between the two different virtual machines VM11 and VM21 on the virtual distributed switch on the source virtual machine VM11 and the virtual distributed switch on the target virtual machine VM 21:
step S201, a Local-bridge Local bridge of a source virtual distributed switch corresponding to a source virtual machine VM11 sends a data packet sent from a Local port to an upstream NF-bridge of the source virtual distributed switch for processing;
step S202, the upstream NF-bridge of the source virtual distributed switch forwards the data packet, and finally sends the data packet to the Cls-bridge classification bridge of the source virtual distributed switch;
step S203, the Cls-bridge classified network bridge of the source virtual distributed switch sends the data packet to the Uplink-bridge Uplink network bridge of the source virtual distributed switch according to the destination address;
step S204, the Uplink-bridge Uplink bridge of the source virtual distributed switch forwards the data packet according to the built-in forwarding logic of the OVS, and the data packet is sent to a physical network from an Uplink port;
step S205, the Uplink-bridge Uplink bridge of the target virtual distributed switch at the opposite terminal receives the data packet from the physical network, and the data packet is forwarded according to the built-in forwarding logic of the OVS, and is sent to the Cls-bridge classified bridge of the target virtual distributed switch at the opposite terminal from the Uplink port;
step S206, the Cls-bridge classified bridge of the target virtual distributed switch of the opposite terminal searches a forwarding table and forwards the data packet to the NF-bridge of the target virtual distributed switch of the downstream direct-connected opposite terminal;
step S207, the data is processed by the NF-bridge of the target virtual distributed switch of the opposite terminal and finally sent to the Local-bridge Local bridge of the target virtual distributed switch of the opposite terminal;
step S208, the Local-bridge Local bridge of the target virtual distributed switch of the opposite end searches the forwarding table, and sends the data packet to the Local port of the target virtual machine VM 12.
6. The method for implementing packet forwarding processing in a virtual network system according to claim 5, further comprising determining whether packet transmission from the local port to the remote port is performed for the two virtual machines, that is, the source virtual machine VM11 and the target virtual machine VM21, and if yes, executing a packet transmission process between the two virtual machines, that is, the source virtual machine VM11 and the target virtual machine VM 21:
step S301, a Local-bridge Local bridge of a source virtual distributed switch corresponding to a source virtual machine VM11 sends a data packet sent from a Local port to an upstream NF-bridge of the virtual distributed switch for processing;
step S302, the upstream NF-bridge carries out forwarding processing on the data packet and finally sends the data packet to the Cls-bridge of the source virtual distributed switch;
step S303, the Cls-bridge classified bridge of the source virtual distributed switch sends the data packet to the Uplink-bridge Uplink bridge of the source virtual distributed switch according to the destination address;
step S304, the Uplink-bridge Uplink bridge of the source virtual distributed switch forwards the data packet according to the built-in forwarding logic of the OVS, and the data packet is sent to a physical network from an Uplink port;
step S305, the Uplink-bridge Uplink bridge of the target virtual distributed switch of the remote port receives the data packet from the physical network, and the data packet is forwarded according to the built-in forwarding logic of the OVS, and is sent to the Cls-bridge classified bridge of the target virtual distributed switch of the remote port from the Uplink port;
step S306, the Cls-bridge classified bridge of the target virtual distributed switch of the remote port searches a forwarding table and forwards the data packet to the NF-bridge of the target virtual distributed switch of the downstream direct-connected remote port;
step S307, the processed data is sent to the Local-bridge Local bridge of the target virtual distributed switch of the remote port finally through the NF-bridge of the target virtual distributed switch of the remote port;
step S308, the Local-bridge Local bridge of the target virtual distributed switch of the remote port searches the forwarding table, and sends the data packet to the Local port of the target virtual machine VM 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210400141.7A CN114760254B (en) | 2022-04-15 | 2022-04-15 | Virtual network system and method for realizing data packet forwarding processing by virtual network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210400141.7A CN114760254B (en) | 2022-04-15 | 2022-04-15 | Virtual network system and method for realizing data packet forwarding processing by virtual network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114760254A CN114760254A (en) | 2022-07-15 |
| CN114760254B true CN114760254B (en) | 2023-04-07 |
Family
ID=82330593
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210400141.7A Active CN114760254B (en) | 2022-04-15 | 2022-04-15 | Virtual network system and method for realizing data packet forwarding processing by virtual network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114760254B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115225708B (en) * | 2022-07-28 | 2023-08-08 | 天翼云科技有限公司 | Message forwarding method computer equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108599999A (en) * | 2018-04-10 | 2018-09-28 | 西安工业大学 | The network of OVS and Linux bridge is disposed in a kind of SDN new networks |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10020960B2 (en) * | 2014-09-30 | 2018-07-10 | Nicira, Inc. | Virtual distributed bridging |
| US10397108B2 (en) * | 2016-01-25 | 2019-08-27 | Futurewei Technologies, Inc. | Service function chaining across multiple subnetworks |
| CN108123818B (en) * | 2016-11-30 | 2020-10-09 | 江南大学 | Simulation method for flexible and extensible fusion of virtual and actual networks |
| CN109428815B (en) * | 2017-08-28 | 2021-10-01 | 华为技术有限公司 | Method and device for processing message |
| CN108494657B (en) * | 2018-04-08 | 2020-08-28 | 苏州云杉世纪网络科技有限公司 | OpenStack cloud platform virtual probe mirroring method based on Open vSwitch |
| CN114124697A (en) * | 2021-11-26 | 2022-03-01 | 苏州浪潮智能科技有限公司 | Network switching method, network switching device and storage medium |
| CN114172802B (en) * | 2021-12-01 | 2024-04-26 | 百果园技术(新加坡)有限公司 | Container network configuration method, device, computing node, master node and storage medium |
-
2022
- 2022-04-15 CN CN202210400141.7A patent/CN114760254B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108599999A (en) * | 2018-04-10 | 2018-09-28 | 西安工业大学 | The network of OVS and Linux bridge is disposed in a kind of SDN new networks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114760254A (en) | 2022-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10122615B2 (en) | Delayed updating of forwarding databases for multicast transmissions over telecommunications networks | |
| US7796593B1 (en) | Router using internal flood groups for flooding VPLS traffic | |
| US9929940B2 (en) | Update of MAC routes in EVPN single-active topology | |
| CN109474627B (en) | Virtual tenant network isolation method and system based on SDN | |
| US8842674B2 (en) | Communication system, communication device, controller, and method and program for controlling forwarding path of packet flow | |
| US6839348B2 (en) | System and method for distributing multicasts in virtual local area networks | |
| US20160212048A1 (en) | Openflow service chain data packet routing using tables | |
| JP2539167B2 (en) | Multicast method and system | |
| US20170339109A1 (en) | Method for controlling transmission security of industrial communications flow based on sdn architecture | |
| CN102957616B (en) | In the method and system of ASIC repeating TRILL network message | |
| CN101702679B (en) | Message processing method and exchange apparatus based on virtual local area network | |
| CN100531138C (en) | Operator's boundary notes, virtual special LAN service communication method and system | |
| CN111064763B (en) | Method and network device for forwarding packet | |
| EP2883123B1 (en) | Forwarding packet in stacking system | |
| CN112804112B (en) | Multi-cloud access method in SD-WAN (secure digital-Wide area network) network environment | |
| CN107615710A (en) | Direct reply action in SDN switch | |
| CN114760254B (en) | Virtual network system and method for realizing data packet forwarding processing by virtual network system | |
| Saha et al. | Topology discovery, loop finding and alternative path solution in POX controller | |
| CN113965470B (en) | Aviation information network experiment simulation system | |
| CN114422415B (en) | Egress node processing flow in segmented routing | |
| CN111654558B (en) | ARP interaction and intranet flow forwarding method, device and equipment | |
| Cisco | VPNSC: MPLS Solution Command Reference | |
| CN114338119A (en) | Network isolation method and system and proxy equipment | |
| CN102368735B (en) | Virtual private LAN service (VPLS) message processing method and equipment thereof | |
| KR102023901B1 (en) | Method, apparatus and computer program for routing packets of software defined network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |