TW201904234A - Method and device for virtual network link detection - Google Patents

Method and device for virtual network link detection Download PDF

Info

Publication number
TW201904234A
TW201904234A TW107120242A TW107120242A TW201904234A TW 201904234 A TW201904234 A TW 201904234A TW 107120242 A TW107120242 A TW 107120242A TW 107120242 A TW107120242 A TW 107120242A TW 201904234 A TW201904234 A TW 201904234A
Authority
TW
Taiwan
Prior art keywords
virtual
network
machine
switch
namespace
Prior art date
Application number
TW107120242A
Other languages
Chinese (zh)
Other versions
TWI732125B (en
Inventor
袁航
周雍愷
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW201904234A publication Critical patent/TW201904234A/en
Application granted granted Critical
Publication of TWI732125B publication Critical patent/TWI732125B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines

Abstract

Provided is a virtual network link detection method, wherein a virtual network comprises a virtual switch implemented within the same physical machine and one or more virtual machines in communicative connection with the virtual switch. The method comprises: acquiring network information about each of the one or more virtual machines; creating a namespace within the physical machine; establishing a communicative connection between the namespace and the virtual switch; setting network information about the namespace according to the network information about the virtual machine to be detected in the one or more virtual machines; sending, by means of the virtual switch, a detection signal from the namespace to the virtual machine to be detected; and determining, according to the feedback on the detection signal from the virtual machine to be detected, whether a link between the virtual machine to be detected and the virtual switch is normal. In addition, further provided are a corresponding detection device and a physical machine where the virtual network link detection solution is applied.

Description

用於虛擬網路鏈路檢測的方法及裝置Method and device for virtual network link detection

本發明一般係有關虛擬網路技術,並且具體地,有關用於虛擬網路鏈路檢測的方案。The present invention relates generally to virtual network technology, and specifically, to a solution for virtual network link detection.

虛擬化技術中一個重要的概念就是虛擬機器(VM: Virtual Machine),簡單來說就是模擬出來的一台虛擬的電腦,或者說是邏輯上的一台電腦。透過軟體模擬得到的虛擬機器通常具有完整的硬體系統功能的以及運行在一個完全隔離環境中的完整電腦系統。An important concept in virtualization technology is a virtual machine (VM: Virtual Machine), which is simply a virtual computer simulated, or logically a computer. Virtual machines obtained through software simulation usually have complete hardware system functions and complete computer systems running in a completely isolated environment.

可以在物理存在的電腦上實現虛擬機器。相對於虛擬機器,實體電腦可以被稱為物理機。這些物理機為虛擬機器提供硬體環境,因此有時也被稱為“寄主”或“宿主”。可以在一台物理機上同時實現多台虛擬機器,也可以跨物理機實現虛擬機器。此外,還可以提供虛擬交換機從而將同一個物理機和/或不同物理機上的虛擬網路,這樣的虛擬網路在實際應用中可以被用來建構雲端平臺。Virtual machines can be implemented on physically existing computers. Relative to virtual machines, physical computers can be called physical machines. These physical machines provide a hardware environment for virtual machines, so they are sometimes referred to as "hosts" or "hosts." Multiple virtual machines can be implemented on one physical machine at the same time, or virtual machines can be realized across physical machines. In addition, a virtual switch can also be provided to connect a virtual network on the same physical machine and / or different physical machines. Such a virtual network can be used to construct a cloud platform in practical applications.

目前的資料中心監控系統大都是針對業務系統的流量進行監控。在傳統的資料中心裡,業務系統係部署在物理機中,只有物理鏈路會影響目前業務資料。然而,在虛擬化環境下,網路將滲透到物理機內部。當檢測到業務資料中斷時,並不能斷定問題是出現在物理機外部的物理鏈路上還是物理機內部的虛擬連結上。The current data center monitoring system mostly monitors the traffic of the business system. In traditional data centers, business systems are deployed in physical machines, and only physical links affect current business data. However, in a virtualized environment, the network will penetrate inside the physical machine. When it is detected that the service data is interrupted, it cannot be determined whether the problem occurs on the physical link outside the physical machine or the virtual link inside the physical machine.

目前業界已經有了針對物理交換機以及相關物理鏈路的監控檢測方法,但是仍然缺少對虛擬交換機和相關虛擬網路鏈路的檢測。因此,所期望的是設計一種用於虛擬網路鏈路的監控檢測方案。At present, the industry already has monitoring and detection methods for physical switches and related physical links, but there is still a lack of detection for virtual switches and related virtual network links. Therefore, it is desirable to design a monitoring and detection scheme for virtual network links.

有鑑於此,本發明提供了一種用於虛擬網路鏈路檢測的方案,可改善上述問題。In view of this, the present invention provides a solution for virtual network link detection, which can improve the above problems.

一方面,本發明提供了一種用於虛擬網路鏈路檢測的方法,所述虛擬網路包括實現在同一個物理機內的虛擬交換機以及與所述虛擬交換機通信連接的一個或多個虛擬機器,所述方法包括:(a)獲取所述一個或多個虛擬機器中的每一個虛擬機器的網路資訊;(b)在所述物理機內創建命名空間;(c)在所述命名空間與所述虛擬交換機之間建立通信連接;(d)根據所述一個或多個虛擬機器中待檢測的虛擬機器的網路資訊設置所述命名空間的網路資訊;(e)從所述命名空間透過所述虛擬交換機向所述待檢測的虛擬機器發送檢測信號;以及(f)根據所述待檢測的虛擬機器對所述檢測信號的回饋來判斷所述待檢測的虛擬機器與所述虛擬交換機之間的鏈路是否正常。In one aspect, the present invention provides a method for virtual network link detection. The virtual network includes a virtual switch implemented in the same physical machine and one or more virtual machines communicatively connected to the virtual switch The method includes: (a) acquiring network information of each of the one or more virtual machines; (b) creating a namespace in the physical machine; (c) in the namespace Establish a communication connection with the virtual switch; (d) set the network information of the namespace according to the network information of the virtual machine to be detected in the one or more virtual machines; (e) from the naming Space sends a detection signal to the virtual machine to be detected through the virtual switch; and (f) judging the virtual machine to be detected and the virtual machine based on the feedback of the virtual machine to the detection signal Whether the link between the switches is normal.

如上所述的方法,其中,步驟(a)包括獲取每一個虛擬機器的IP位址、虛擬區域網路標識以及所述虛擬交換機上與該虛擬機器上對應的交換機埠標識。The method as described above, wherein step (a) includes obtaining the IP address, virtual area network identifier of each virtual machine, and the corresponding switch port identifier on the virtual switch corresponding to the virtual machine.

如上所述的方法,其中,步驟(d)包括將所述命名空間的IP位址設置為與所述待檢測的虛擬機器處於同一個網段以及使所述命名空間被所述虛擬交換機識別為與所述待檢測的虛擬機具有相同的虛擬區域網路標識。The method as described above, wherein step (d) includes setting the IP address of the namespace to be on the same network segment as the virtual machine to be detected and making the namespace recognized by the virtual switch as It has the same virtual local area network identifier as the virtual machine to be detected.

如上所述的方法,其中,步驟(c)包括在所述虛擬交換機上為所述命名空間分配交換機埠。The method as described above, wherein step (c) includes allocating switch ports for the namespace on the virtual switch.

如上所述的方法,其中,步驟(d)包括在為所述命名空間分配的交換機埠中設置與所述待檢測的虛擬機器相同的虛擬區域網路標識。The method as described above, wherein step (d) includes setting the same virtual area network identity as the virtual machine to be detected in the switch port allocated to the namespace.

如上所述的方法,其中,所述檢測信號為PING信號。The method as described above, wherein the detection signal is a PING signal.

如上所述的方法,其還包括針對所述一個或多個虛擬機器中的每一個虛擬機器執行步驟(d)-(f)。The method as described above, further comprising performing steps (d)-(f) for each of the one or more virtual machines.

如上所述的方法,其中,所述虛擬網路構成雲端平臺,並且,步驟(a)包括從所述雲端平臺的資料庫中獲取每一個虛擬機器的網路資訊。The method as described above, wherein the virtual network constitutes a cloud platform, and step (a) includes obtaining network information of each virtual machine from a database of the cloud platform.

另一方面,本發明還提供了一種用於虛擬網路鏈路檢測的裝置,其包括記憶體、處理器以及儲存在記憶體上的電腦程式,其中,當在所述處理器上執行所述電腦程式時使所述裝置執行如上所述的方法。On the other hand, the present invention also provides a device for virtual network link detection, which includes a memory, a processor, and a computer program stored on the memory, wherein, when the processor is executed on the processor The computer program causes the device to perform the method described above.

此外,本發明還提供了一種物理機,所述物理機包括虛擬交換機以及與所述虛擬交換機通信連接的一個或多個虛擬機器,其中,所述物理機還包括如上所述的用於虛擬網路鏈路檢測的裝置。In addition, the present invention also provides a physical machine including a virtual switch and one or more virtual machines communicatively connected to the virtual switch, wherein the physical machine further includes the Road link detection device.

現在參照附圖描述本發明的示意性示例,相同的附圖標號表示相同的組件。下文描述的各示例有助於本領域技術人員透徹理解本發明,且各示例意在示例而非限制。圖中各元件、部件、模組、裝置及設備本體的圖示僅示意性表明存在這些元件、部件、模組、裝置及設備本體同時亦表明它們之間的相對關係,但並不用以限定它們的具體形狀;流程圖中各步驟的關係也不以所給出的順序為限,可根據實際應用進行調整但不脫離本發明的保護範圍。A schematic example of the present invention will now be described with reference to the drawings, where the same reference numerals denote the same components. The examples described below help those skilled in the art to thoroughly understand the present invention, and the examples are intended to be examples rather than limitations. The illustrations of various elements, components, modules, devices and equipment bodies in the figure only schematically indicate the existence of these elements, components, modules, devices and equipment bodies and also indicate the relative relationship between them, but they are not used to limit them. The specific shape of the flow chart; the relationship between the steps in the flow chart is not limited to the order given, and can be adjusted according to the actual application without departing from the scope of protection of the present invention.

如同在先前技術中所描述的那樣,本發明針對虛擬網路鏈路的檢測,其中,虛擬網路鏈路可以是本領域技術人員通常所理解的用於網路資料在一個或多個物理機內部進行傳輸的鏈路的概念。本發明所針對的虛擬網路通常包括實現在同一個物理機內的虛擬交換機以及與該虛擬交換機通信連接的一個或多個虛擬機器。As described in the prior art, the present invention is directed to the detection of a virtual network link, where the virtual network link may be generally understood by those skilled in the art for network data on one or more physical machines The concept of internally transmitted links. The virtual network targeted by the present invention generally includes a virtual switch implemented in the same physical machine and one or more virtual machines communicatively connected to the virtual switch.

虛擬交換機可以是諸如Open vSwitch(OVS)那樣的運行在虛擬化平臺上的多層虛擬交換機,為其所在物理機上的虛擬機器提供了和其他物理交換機一樣的功能,如網路隔離、QoS配置、流量監控、資料包分析。可以透過對這樣的虛擬交換機進行程式設計擴展,從而實現大規模網路的自動化配置、管理、維護,並且支援現有標準管理介面和協定。本領域技術人員能夠理解,本發明所涉及的虛擬交換機可以任何形式來實現,只要其能夠以與物理交換機同樣的功能為物理機上的虛擬機器提供網路連接。A virtual switch can be a multi-layer virtual switch such as Open vSwitch (OVS) running on a virtualization platform, which provides the virtual machine on the physical machine where it is located with the same functions as other physical switches, such as network isolation, QoS configuration, Traffic monitoring, data packet analysis. Through programming expansion of such virtual switches, it can realize the automatic configuration, management and maintenance of large-scale networks, and support the existing standard management interfaces and protocols. A person skilled in the art can understand that the virtual switch involved in the present invention can be implemented in any form, as long as it can provide network connection for the virtual machine on the physical machine with the same function as the physical switch.

目前虛擬網路的一種重要應用形態是提供雲端平臺。因此,本發明能夠被應用於對雲端平臺上的虛擬網路連結進行檢測。下面將結合雲端平臺的應用來詳細描述本發明的實現。然而,本領域技術人員能夠理解本發明可以適用於任何能夠應用虛擬網路的場景。An important application form of the virtual network is to provide a cloud platform. Therefore, the present invention can be applied to detect the virtual network connection on the cloud platform. The implementation of the present invention will be described in detail below in conjunction with the application of the cloud platform. However, those skilled in the art can understand that the present invention can be applied to any scenario where a virtual network can be applied.

圖1是根據本發明的一個實施例的用於虛擬網路鏈路檢測的方法的實施場景。系統100可以是由虛擬機器實現的雲端平臺,在該平臺上能夠應用本發明所提供的方法。在圖1所示的系統100中能夠應用本發明所提供的方法。一般地,系統100可以包括物理切換式網路10,該物理切換式網路可以是“脊-葉”(spine-leaf)架構的分散式核心網路,其可以包括脊節點102以及葉節點101。FIG. 1 is an implementation scenario of a method for virtual network link detection according to an embodiment of the present invention. The system 100 may be a cloud platform implemented by a virtual machine, on which the method provided by the present invention can be applied. The method provided by the present invention can be applied to the system 100 shown in FIG. 1. Generally, the system 100 may include a physical switched network 10, which may be a decentralized core network of "spine-leaf" architecture, which may include spine nodes 102 and leaf nodes 101 .

通常,脊節點102可以被用於連接物理交換機,而葉節點101可以被用於連接伺服器和網路設備。下面將以葉節點101作為在其中實現虛擬機器的物理機來進一步描述本發明所提供的方案。然而,本領域技術人員能夠理解圖1所示的“脊-葉”(spine-leaf)架構並不是限定性的。本發明可以適用於任何其他包含物理機的網路架構。Generally, the spine node 102 can be used to connect physical switches, and the leaf node 101 can be used to connect servers and network devices. The solution provided by the present invention will be further described below by taking the leaf node 101 as a physical machine in which a virtual machine is implemented. However, those skilled in the art can understand that the "spine-leaf" architecture shown in FIG. 1 is not limiting. The invention can be applied to any other network architecture including physical machines.

以主機20示意了葉節點101作為物理機的大體構造。在本文中,“主機”和“物理機”可以相互替換地使用,均表示能夠在其中實現虛擬機器的主體。如圖1所示,可以在主機20內實現虛擬機器203,並且透過虛擬交換機202來提供虛擬機器203之間的資料交換。The host 20 illustrates the general structure of the leaf node 101 as a physical machine. In this article, "host" and "physical machine" may be used interchangeably, and each represents a subject in which a virtual machine can be implemented. As shown in FIG. 1, the virtual machine 203 can be implemented in the host 20, and data exchange between the virtual machines 203 is provided through the virtual switch 202.

可以進一步地在主機20中設置檢測裝置201來執行本發明所提供的各種方法,從而檢測虛擬機器203之間的虛擬網路鏈路狀態。在一些示例中,檢測裝置201能夠包括記憶體、處理器以及儲存在記憶體上的電腦程式。當在處理器上執行這些電腦程式時可以使檢測裝置執行本發明所提供的各種方法。The detection device 201 may be further provided in the host 20 to execute various methods provided by the present invention, so as to detect the state of the virtual network link between the virtual machines 203. In some examples, the detection device 201 can include a memory, a processor, and a computer program stored on the memory. When these computer programs are executed on the processor, the detection device can execute various methods provided by the present invention.

在圖1所示的實施例中,檢測裝置201被整合在物理機中。相應地,可以透過共用物理機中的處理器和記憶體來實現檢測裝置201。具體而言,在一些示例中,檢測裝置201能夠以諸如代理(Agent)的機制來實現。在另一些示例中,檢測裝置201也可以單獨地被實現,例如被構造為獨立於物理機的裝置,或在獨立於物理機的處理系統中實現。In the embodiment shown in FIG. 1, the detection device 201 is integrated in the physical machine. Correspondingly, the detection device 201 can be realized by sharing the processor and the memory in the physical machine. Specifically, in some examples, the detection device 201 can be implemented by a mechanism such as an agent. In other examples, the detection device 201 may also be implemented separately, for example, configured as a device independent of the physical machine, or implemented in a processing system independent of the physical machine.

下面將結合圖2來描述檢測裝置201的操作。圖2是根據本發明的一個實施例的用於虛擬網路鏈路檢測的方法的流程圖。The operation of the detection device 201 will be described below in conjunction with FIG. 2. 2 is a flowchart of a method for virtual network link detection according to an embodiment of the present invention.

在步驟2 1中,獲取每一個虛擬機器203的網路資訊。舉例來說,虛擬機器203的網路資訊可以包括IP位址、虛擬區域網路標識vlanID以及該虛擬機器與虛擬交換機上對應的交換機埠標識。In step 21 , the network information of each virtual machine 203 is obtained. For example, the network information of the virtual machine 203 may include an IP address, a virtual local area network identifier vlanID, and corresponding switch port identifiers on the virtual machine and the virtual switch.

在系統100為雲端平臺的背景下,可以例如從雲端平臺資料庫30獲得每一台物理機內部的虛擬機器資訊。在實踐中,雲端平臺資料庫30可以包括與物理切換式網路10上所有的虛擬機器相關的資訊,例如每一台物理機內包括哪些虛擬機器、每台虛擬機器的網路資訊(如IP位址、vlanID以及其所對應的網路埠信、虛擬機器與虛擬交換機的埠映射關係及諸如此類的資訊)。In the context of the system 100 being a cloud platform, the virtual machine information inside each physical machine can be obtained from the cloud platform database 30, for example. In practice, the cloud platform database 30 may include information related to all virtual machines on the physically switched network 10, such as which virtual machines are included in each physical machine, and network information of each virtual machine (such as IP Address, vlanID and its corresponding network port information, port mapping relationship between virtual machines and virtual switches, and the like).

類似於一般的物理交換機,在物理機內部的虛擬網路建構中,每一個虛擬機器都會透過虛擬交換機上的一個埠連接到橋接器上。為了實現本發明所提供的虛擬網路檢測方法,需要獲得虛擬機器與虛擬交換機的埠映射關係。在一些示例中,該資訊能夠與其他虛擬機器的網路資訊一樣已經被儲存在例如雲端平臺資料庫30的資料庫中。Similar to the general physical switch, in the construction of the virtual network inside the physical machine, each virtual machine is connected to the bridge through a port on the virtual switch. In order to implement the virtual network detection method provided by the present invention, the port mapping relationship between the virtual machine and the virtual switch needs to be obtained. In some examples, this information can already be stored in a database such as the cloud platform database 30, like the network information of other virtual machines.

在另一些示例中,獲得虛擬機器與虛擬交換機上對應的交換機埠標識可以包括兩個方面。一方面,可以從雲端平臺資料庫獲得虛擬機器的網路埠ID,而另一方面例如透過調用虛擬交換機的控制介面來得到其所有連接虛擬機器的埠。檢測裝置201可以進而將虛擬機器的網路埠資料與虛擬交換機的埠資料進行對應,得到兩者的映射關係,以供後續進行檢測時使用。舉例來說,為了有效管理,有些虛擬交換機在進行埠命名的時候遵循一定規則。例如Openstack雲端平臺是透過固定首碼加上虛擬機器網路埠的ID截取資訊來對該虛擬交換機的網路埠進行命名。如虛擬機器的port IDf467189c-341f-42fc-8056-065255e14530,那麼該虛擬機器對應的OpenvSwitch虛擬交換機埠的命名就是qvo-f467189c-34。檢測裝置201在獲得兩方面的資訊之後可以自行建構一個映射關係表以便後續查詢使用。In some other examples, obtaining corresponding switch port identifiers on the virtual machine and the virtual switch may include two aspects. On the one hand, the network port ID of the virtual machine can be obtained from the cloud platform database, on the other hand, for example, by calling the control interface of the virtual switch to obtain all the ports connected to the virtual machine. The detection device 201 may further correspond to the network port data of the virtual machine and the port data of the virtual switch to obtain a mapping relationship between the two for use in subsequent detection. For example, for effective management, some virtual switches follow certain rules when naming ports. For example, the Openstack cloud platform names the network port of the virtual switch by using the fixed prefix and the ID interception information of the network port of the virtual machine. For example, the port IDf467189c-341f-42fc-8056-065255e14530 of the virtual machine, then the name of the OpenvSwitch virtual switch port corresponding to the virtual machine is qvo-f467189c-34. After acquiring the information in two aspects, the detection device 201 may construct a mapping relationship table for subsequent query and use.

在一些示例中,檢測裝置201能夠透過直接訪問雲端平臺資料庫30來獲取虛擬機器的網路資訊,尤其是在針對虛擬網路的檢測不那麼頻繁的情況下。In some examples, the detection device 201 can obtain the network information of the virtual machine by directly accessing the cloud platform database 30, especially when the detection of the virtual network is not so frequent.

在另一些示例中,除了實現在物理機內部的檢測裝置201之外,還可以提供實現在虛擬機器外部的另外的虛擬網路檢測平臺40。可以首先由虛擬網路檢測平臺40集中地從雲端平臺資料庫採集虛擬機器的網路資訊,並且將這些資訊儲存在其本地的資料庫中。進一步地,再由檢測裝置201從改虛擬網路檢測平臺40上取得所需要的資訊。這樣的實現對於高頻率的虛擬機器檢測(例如,秒級甚至是毫秒級)將是尤其有利的,因為這避免了檢測裝置201對雲端平臺資料庫過高頻率的訪問。In other examples, in addition to the detection device 201 implemented inside the physical machine, an additional virtual network detection platform 40 implemented outside the virtual machine may also be provided. First, the virtual network detection platform 40 can collect the network information of the virtual machine from the cloud platform database centrally and store the information in its local database. Further, the detection device 201 obtains the required information from the virtual network detection platform 40. Such an implementation will be particularly advantageous for high-frequency virtual machine detection (for example, seconds or even milliseconds), because it avoids the detection device 201 from accessing the cloud platform database to an excessively high frequency.

為了防止虛擬機器資訊發生變化,虛擬網路檢測平臺40上的資料獲取模組可以被配置為對資料進行即時更新,例如週期性地去雲端平臺資料庫中進行資訊同步。由於虛擬機器網路資訊發生改變這一事件的發生頻率不會太高,所以資訊同步的週期可以設置的較長一些。由於虛擬機器網路資訊的資料量並不是很大,而且上面也提到資訊同步的週期也比較長,所以不會對網路產生過重的負擔。In order to prevent the virtual machine information from changing, the data acquisition module on the virtual network detection platform 40 may be configured to update the data in real time, such as periodically going to the cloud platform database for information synchronization. Since the frequency of changing the virtual machine network information will not be too high, the information synchronization period can be set longer. Because the amount of data in virtual machine network information is not very large, and the cycle of information synchronization is also mentioned above, it will not place an excessive burden on the network.

在步驟2 2中,檢測裝置201將在其所在的物理機內創建命名空間。命名空間可以是本領域技術人員所理解的在虛擬機器上用於隔離網路相關資源的虛擬網路主體的概念。每一個網路命名空間可以有其自己的網路設備、IP位址、IP路由表、/proc/net目錄、埠號等等。本領技術人員能夠以任何已知或將來待開發的技術來實現這樣的命名空間。命名空間的一個例子是Linux網路命名控制項(Network namespaces)。In step 22 , the detection device 201 will create a namespace in the physical machine where it is located. The namespace may be a concept of a virtual network subject used to isolate network-related resources on a virtual machine as understood by those skilled in the art. Each network namespace can have its own network device, IP address, IP routing table, / proc / net directory, port number, etc. A person skilled in the art can implement such a namespace with any technology known or to be developed in the future. An example of a namespace is the Linux network naming control (Network namespaces).

在步驟2 3中,檢測裝置201可以被配置為使所建立的命名空間與虛擬交換機之間建立通信連接。在一些示例中,這可以包括在物理機中的虛擬交換機上為命名空間分配交換機埠,從而使得該命名空間能夠與其他虛擬機器一樣存取橋接器。具體地,可以在命名空間內創建一個網路埠,並且將該網路埠連接到虛擬交換機上。In Step 23, the detection means 201 may be configured such that the namespace established communication connection is established between the virtual switch. In some examples, this may include assigning switch ports to the namespace on the virtual switch in the physical machine, so that the namespace can access the bridge like other virtual machines. Specifically, you can create a network port in the namespace and connect the network port to the virtual switch.

在步驟2 4中,檢測裝置201可以根據具體某一個待檢測的虛擬機器203的網路資訊來進一步設置命名空間的網路資訊。在一些示例中,可以將命名空間的IP位址設置為與待檢測的虛擬機器處於同一個網段並且使該命名空間被虛擬交換機識別為與待檢測的虛擬機具有相同的虛擬區域網路標識。舉例來說,可以在為命名空間分配的交換機埠中設置與待檢測的虛擬機器相同的虛擬區域網路標識vlanID。In step 24 , the detection device 201 may further set the network information of the namespace according to the network information of a specific virtual machine 203 to be detected. In some examples, the IP address of the namespace can be set on the same network segment as the virtual machine to be detected and the namespace can be recognized by the virtual switch as having the same virtual area network identity as the virtual machine to be detected . For example, the same VLAN ID vlanID as the virtual machine to be detected can be set in the switch port allocated to the namespace.

在步驟2 5中,檢測裝置201可以從所建立的命名空間透過虛擬交換機向待檢測的虛擬機器發送檢測信號。舉例來說,所發送的檢測信號可以是PING信號。PING(Packet Internet Groper:封包網際網路探測器)是常被用於測試網路連接量的程式,其利用網路上機器IP位址的唯一性,給目標IP位址發送一個資料包,再要求對方返回一個同樣大小的資料包來確定兩台網路機器是否連接相通以及時延是多少。因此,利用PING命令就可以來檢查網路是否通暢或者網路連線速度。然而,本領域技術人員能夠理解本發明不限於PING信號的使用,其他任何能夠用於確定兩台網路機器是否連接的機制均可以在本發明的背景下採用。In step 25, the detection device 201 may transmit the virtual machine detection signal to be detected from the namespace created through a virtual switch. For example, the sent detection signal may be a PING signal. PING (Packet Internet Groper: Packet Internet Groper) is a program that is often used to test the network connection. It uses the uniqueness of the IP address of the machine on the network to send a packet to the target IP address and request The other party returns a data packet of the same size to determine whether the two network machines are connected and what the delay is. Therefore, you can use the PING command to check whether the network is smooth or the network connection speed. However, those skilled in the art can understand that the present invention is not limited to the use of the PING signal, and any other mechanism that can be used to determine whether two network machines are connected can be used in the context of the present invention.

在步驟2 6中,檢測裝置201可以根據待檢測的虛擬機器對檢測信號的回饋來判斷該虛擬機器與虛擬交換機之間的鏈路是否正常。例如,在用PING的方式與虛擬機器進行通訊的情況下,如果可以連通,則說明虛擬交換機的這個鏈路是正常的,而如果PING不通,則說明該虛擬連結有故障出現。In step 26 , the detection device 201 may determine whether the link between the virtual machine and the virtual switch is normal according to the feedback of the virtual machine to be detected on the detection signal. For example, in the case of PING to communicate with the virtual machine, if it can be connected, it means that the link of the virtual switch is normal, and if PING fails, it means that the virtual link has a fault.

在實踐中,檢測裝置201可以記錄該條鏈路的資訊,如橋接器、埠、虛擬機器等資訊,並將檢測結果上送到虛擬網路檢測平臺40中的檢測結果處理模組。由於物理機上通常設置有多於一台的虛擬機器,因此還可以採用迴圈策略對每一台虛擬機器進行檢測,保證檢測範圍覆蓋物理機內部的每條鏈路。針對每一個虛擬機器的檢測,都要對命名空間中進行重新設定,例如重新設定IP位址和vlanID。檢測裝置201可以在迴圈檢測完畢後,將檢測結果一起回饋回虛擬網路檢測平臺40。In practice, the detection device 201 can record information about the link, such as bridges, ports, and virtual machines, and send the detection results to the detection result processing module in the virtual network detection platform 40. Since more than one virtual machine is usually set on the physical machine, a loop strategy can also be used to detect each virtual machine to ensure that the detection range covers each link within the physical machine. For the detection of each virtual machine, it is necessary to reset the namespace, such as resetting the IP address and vlanID. The detection device 201 may feed back the detection results to the virtual network detection platform 40 after the loop detection is completed.

在一些示例中,檢測裝置201還可以被配置為回應於虛擬網路檢測平臺40的檢測指令來根據步驟2 1-2 6來針對虛擬網路進行檢測並且回饋檢測結果。In some examples, the detection device 201 may be further configured to respond to the detection instruction of the virtual network detection platform 40 to perform detection on the virtual network according to steps 2 1 to 2 6 and feed back the detection result.

在一些情況下,虛擬網路檢測平臺40在接收到從檢測裝置201發來的檢測結果後,可以進一步對檢測結果進行標準化封裝,然後將資料發送至網路監控系統50,如圖1所示。由此,可以將虛擬網路的檢測有效地整合到整個網路監控體系中,從而提供更完整確鑿的網路檢測結果,這將既包括物理網路也包括虛擬網路。In some cases, after receiving the detection result from the detection device 201, the virtual network detection platform 40 may further standardize the detection result and then send the data to the network monitoring system 50, as shown in FIG. 1 . As a result, the detection of the virtual network can be effectively integrated into the entire network monitoring system, thereby providing more complete and conclusive network detection results, which will include both physical and virtual networks.

本發明提出了一種用於物理機內部虛擬網路鏈路的故障檢測方案,其解決了無法對物理機內部軟體交換機和虛擬網路進行監控的問題。採用本發明所提供的方法和設備能夠有效地延伸網路監控的範圍,將監控力度從物理機外部延伸到物理機內部,使監控系統更加適用於諸如雲端網路的環境。透過本發明的方法和裝置還可以大大增強網路問題定位的精確度,從而提升運維的自動化能力以及運維效率。The invention proposes a fault detection scheme for a virtual network link inside a physical machine, which solves the problem that the software switch and the virtual network inside the physical machine cannot be monitored. The method and equipment provided by the present invention can effectively extend the scope of network monitoring and extend the monitoring effort from the outside of the physical machine to the inside of the physical machine, making the monitoring system more suitable for environments such as cloud networks. The method and device of the present invention can also greatly enhance the accuracy of network problem localization, thereby improving the operation and maintenance automation capability and operation and maintenance efficiency.

應當說明的是,以上具體實施方式僅用以說明本發明的技術方案而非對其進行限制。儘管參照上述具體實施方式對本發明進行了詳細的說明,本領域的普通技術人員應當理解,依然可以對本發明的具體實施方式進行修改或對部分技術特徵進行等同替換而不脫離本發明的實質,其均涵蓋在本發明請求保護的範圍中。It should be noted that the above specific embodiments are only used to illustrate the technical solutions of the present invention rather than limit them. Although the present invention has been described in detail with reference to the above specific embodiments, those of ordinary skill in the art should understand that the specific embodiments of the present invention can be modified or some technical features can be equivalently replaced without departing from the essence of the present invention. All are covered by the claimed scope of the present invention.

10‧‧‧物理切換式網路10‧‧‧Physical switched network

20‧‧‧主機20‧‧‧Host

30‧‧‧雲端平臺資料庫30‧‧‧ Cloud platform database

40‧‧‧虛擬網路檢測平臺40‧‧‧Virtual network detection platform

50‧‧‧網路監控系統50‧‧‧Network monitoring system

100‧‧‧系統100‧‧‧System

101‧‧‧葉節點101‧‧‧leaf node

102‧‧‧脊節點102‧‧‧ridge node

201‧‧‧檢測裝置201‧‧‧Detection device

202‧‧‧虛擬交換機202‧‧‧Virtual Switch

203‧‧‧虛擬機器203‧‧‧ virtual machine

本發明的前述和其他目標、特徵和優點根據下面對本發明的實施例的更具體的說明將是顯而易見的,這些實施例在附圖中被示意。The foregoing and other objects, features, and advantages of the present invention will be apparent from the following more detailed description of the embodiments of the present invention, which are illustrated in the accompanying drawings.

圖1是根據本發明的一個實施例的用於虛擬網路鏈路檢測的方法的實施場景。FIG. 1 is an implementation scenario of a method for virtual network link detection according to an embodiment of the present invention.

圖2是根據本發明的一個實施例的用於虛擬網路鏈路檢測的方法的流程圖。2 is a flowchart of a method for virtual network link detection according to an embodiment of the present invention.

Claims (10)

一種用於虛擬網路鏈路檢測的方法,該虛擬網路包括實現在同一個物理機內的虛擬交換機以及與該虛擬交換機通信連接的一個或多個虛擬機器,該方法包括:   (a)獲取該一個或多個虛擬機器中的每一個虛擬機器的網路資訊;   (b)在該物理機內創建命名空間;   (c)在該命名空間與該虛擬交換機之間建立通信連接;   (d)根據該一個或多個虛擬機器中待檢測的虛擬機器的網路資訊設置該命名空間的網路資訊;   (e)從該命名空間透過該虛擬交換機向該待檢測的虛擬機器發送檢測信號;以及   (f)根據該待檢測的虛擬機器對該檢測信號的回饋來判斷該待檢測的虛擬機器與該虛擬交換機之間的鏈路是否正常。A method for virtual network link detection. The virtual network includes a virtual switch implemented in the same physical machine and one or more virtual machines communicatively connected to the virtual switch. The method includes: (a) acquisition Network information of each virtual machine in the one or more virtual machines; (b) create a namespace in the physical machine; (c) establish a communication connection between the namespace and the virtual switch; (d) Setting the network information of the namespace according to the network information of the virtual machine to be detected in the one or more virtual machines; (e) sending a detection signal from the namespace to the virtual machine to be detected through the virtual switch; and (f) Determine whether the link between the virtual machine to be detected and the virtual switch is normal according to the feedback of the virtual machine to be detected from the detection signal. 如申請專利範圍第1項所述的方法,其中,步驟(a)包括獲取每一個虛擬機器的IP位址、虛擬區域網路標識以及該虛擬交換機上與該虛擬機器上對應的交換機埠標識。The method as described in item 1 of the patent application scope, wherein step (a) includes obtaining an IP address of each virtual machine, a virtual local area network identifier, and a switch port identifier corresponding to the virtual machine on the virtual switch. 如申請專利範圍第2項所述的方法,其中,步驟(d)包括將該命名空間的IP位址設置為與該待檢測的虛擬機器處於同一個網段以及使該命名空間被該虛擬交換機識別為與該待檢測的虛擬機具有相同的虛擬區域網路標識。The method as described in item 2 of the patent application scope, wherein step (d) includes setting the IP address of the namespace to be on the same network segment as the virtual machine to be detected and causing the namespace to be used by the virtual switch It is identified as having the same virtual local area network identifier as the virtual machine to be detected. 如申請專利範圍第3項所述的方法,其中,步驟(c)包括在該虛擬交換機上為該命名空間分配交換機埠。The method according to item 3 of the patent application scope, wherein step (c) includes allocating switch ports for the namespace on the virtual switch. 如申請專利範圍第4項所述的方法,其中,步驟(d)包括在為該命名空間分配的交換機埠中設置與該待檢測的虛擬機器相同的虛擬區域網路標識。The method as described in item 4 of the patent application scope, wherein step (d) includes setting the same virtual local area network identifier as the virtual machine to be detected in the switch port allocated to the namespace. 如申請專利範圍第1項所述的方法,其中,該檢測信號為PING信號。The method as described in item 1 of the patent application scope, wherein the detection signal is a PING signal. 如申請專利範圍第1項所述的方法,其還包括針對該一個或多個虛擬機器中的每一個虛擬機器執行步驟(d)-(f)。The method as described in item 1 of the patent application scope, which further includes performing steps (d)-(f) for each of the one or more virtual machines. 如申請專利範圍第1項所述的方法,其中,該虛擬網路構成雲端平臺,並且,步驟(a)包括從該雲端平臺的資料庫中獲取每一個虛擬機器的網路資訊。The method according to item 1 of the patent application scope, wherein the virtual network constitutes a cloud platform, and step (a) includes obtaining network information of each virtual machine from a database of the cloud platform. 一種用於虛擬網路鏈路檢測的裝置,其包括記憶體、處理器以及儲存在記憶體上的電腦程式,其中,當在該處理器上執行該電腦程式時使該裝置執行如申請專利範圍第1項至第8項中任一項所述的方法。A device for virtual network link detection, including a memory, a processor, and a computer program stored on the memory, wherein when the computer program is executed on the processor, the device is executed as claimed in the patent scope The method according to any one of items 1 to 8. 一種物理機,該物理機包括虛擬交換機以及與該虛擬交換機通信連接的一個或多個虛擬機器,其中,該物理機還包括如申請專利範圍第9項所述的用於虛擬網路鏈路檢測的裝置。A physical machine including a virtual switch and one or more virtual machines communicatively connected to the virtual switch, wherein the physical machine further includes a virtual network link detection as described in item 9 of the patent application scope s installation.
TW107120242A 2017-06-13 2018-06-12 Method and device for virtual network link detection TWI732125B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
??201710441855.1 2017-06-13
CN201710441855.1A CN107566152B (en) 2017-06-13 2017-06-13 Method and device for virtual network link detection
CN201710441855.1 2017-06-13

Publications (2)

Publication Number Publication Date
TW201904234A true TW201904234A (en) 2019-01-16
TWI732125B TWI732125B (en) 2021-07-01

Family

ID=60972771

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107120242A TWI732125B (en) 2017-06-13 2018-06-12 Method and device for virtual network link detection

Country Status (3)

Country Link
CN (1) CN107566152B (en)
TW (1) TWI732125B (en)
WO (1) WO2018228302A1 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566152B (en) * 2017-06-13 2020-03-31 中国银联股份有限公司 Method and device for virtual network link detection
CN108632378B (en) * 2018-05-11 2021-04-27 国云科技股份有限公司 Monitoring method for cloud platform service
CN110505110B (en) * 2018-05-18 2021-07-20 杭州海康威视数字技术股份有限公司 Network interface test method and device and multi-network-port host
CN108712308B (en) * 2018-06-06 2021-11-26 郑州云海信息技术有限公司 Method and device for detecting network equipment in virtual network
US10742686B2 (en) 2018-08-29 2020-08-11 Cisco Technology, Inc. Enforcing network endpoint policies in a cloud-based environment using a covert namespace
CN110875854B (en) * 2018-08-29 2023-04-07 阿里巴巴集团控股有限公司 Method and device for detecting connectivity of virtual machine in virtual private network and storage medium
CN110011984B (en) * 2019-03-19 2021-07-06 西安微电子技术研究所 REST and RPC-based distributed cluster system and method
CN111756629B (en) * 2019-03-26 2022-06-03 中移(苏州)软件技术有限公司 Method, device, equipment, network and medium for accessing equipment to overlay network and communication
CN110753093B (en) * 2019-09-29 2022-11-29 苏州浪潮智能科技有限公司 Method and device for managing equipment in cloud computing system
CN112887163B (en) * 2019-11-29 2022-08-05 北京金山云网络技术有限公司 Connectivity test method, connectivity test device, electronic equipment and storage medium
CN111193643A (en) * 2019-12-31 2020-05-22 苏州浪潮智能科技有限公司 Cloud server state monitoring system and method
CN113973327A (en) * 2020-07-22 2022-01-25 中国移动通信集团广东有限公司 Method and device for debugging and testing physical link of domain area network and electronic equipment
CN112152998B (en) * 2020-08-20 2022-11-15 唐山钢铁集团有限责任公司 Method for monitoring and capturing data packet across multilayer network equipment
CN112235300B (en) * 2020-10-14 2023-10-24 腾讯科技(深圳)有限公司 Cloud virtual network vulnerability detection method, system, device and electronic equipment
CN114363226B (en) * 2021-12-27 2024-03-01 北京安博通科技股份有限公司 Automatic testing method and system for equipment in complex network scene based on virtualization
CN114422296B (en) * 2022-01-05 2024-02-20 北京天一恩华科技股份有限公司 Multi-scene virtual network construction system, method, terminal and storage medium
CN115225589A (en) * 2022-07-17 2022-10-21 奕德(广州)科技有限公司 CrossPoint switching method based on virtual packet switching
CN115242688A (en) * 2022-07-27 2022-10-25 济南浪潮数据技术有限公司 Network fault detection method, device and medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8813074B2 (en) * 2011-08-05 2014-08-19 Vmware, Inc. Detecting and correcting network interruptions using network address translation
TW201512990A (en) * 2013-09-25 2015-04-01 Hope Bay Technologies Inc Method for managing topology of virtual machines and management system using for the same
CN106487633B (en) * 2016-10-11 2019-12-06 中国银联股份有限公司 method and device for monitoring abnormity of virtual machine
CN106789407A (en) * 2016-12-05 2017-05-31 国云科技股份有限公司 A kind of method that cloud platform checks virtual machine connection status
CN106603330A (en) * 2016-12-07 2017-04-26 国云科技股份有限公司 Cloud platform virtual machine connection state checking method
CN107566152B (en) * 2017-06-13 2020-03-31 中国银联股份有限公司 Method and device for virtual network link detection

Also Published As

Publication number Publication date
CN107566152A (en) 2018-01-09
TWI732125B (en) 2021-07-01
WO2018228302A1 (en) 2018-12-20
CN107566152B (en) 2020-03-31

Similar Documents

Publication Publication Date Title
TWI732125B (en) Method and device for virtual network link detection
EP3229405B1 (en) Software defined data center and scheduling and traffic-monitoring method for service cluster therein
CN106797405B (en) Distributed load balancing system, health check method and service node
JP6556875B2 (en) Software-defined data center and service cluster placement method there
US9992086B1 (en) External health checking of virtual private cloud network environments
JP5608794B2 (en) Hierarchical system, method, and computer program for managing a plurality of virtual machines
EP3430512B1 (en) Network virtualization of containers in computing systems
US8909758B2 (en) Physical server discovery and correlation
US9513970B2 (en) Optimizing handling of virtual machine mobility in data center environments
CN107113219B (en) System and method for supporting VLAN tagging in a virtual environment
CN109451084A (en) A kind of service access method and device
US9860117B2 (en) Automatically generated virtual network elements for virtualized packet networks
TWI677217B (en) Method and device for implementing packet mirroring of dynamic traffic in a cloud network environment
US9112769B1 (en) Programatically provisioning virtual networks
CN110855488B (en) Virtual machine access method and device
US11652717B2 (en) Simulation-based cross-cloud connectivity checks
CN114070723A (en) Virtual network configuration method and system of bare metal server and intelligent network card
US11743325B1 (en) Centralized load balancing of resources in cloud edge locations embedded in telecommunications networks
US10924397B2 (en) Multi-VRF and multi-service insertion on edge gateway virtual machines
US9876689B1 (en) Automatically generated virtual network elements for virtualized local area networks
US20210352004A1 (en) Multi-vrf and multi-service insertion on edge gateway virtual machines
Marttila Design and Implementation of the clusterf Load Balancer for Docker Clusters
Klepac et al. Enhancing availability of services using software-defined networking
CN116530130A (en) Proactive guarantees for virtualized services