WO2013174096A1 - Method, device and system for migration of cloud computing virtual machine - Google Patents

Method, device and system for migration of cloud computing virtual machine Download PDF

Info

Publication number
WO2013174096A1
WO2013174096A1 PCT/CN2012/083270 CN2012083270W WO2013174096A1 WO 2013174096 A1 WO2013174096 A1 WO 2013174096A1 CN 2012083270 W CN2012083270 W CN 2012083270W WO 2013174096 A1 WO2013174096 A1 WO 2013174096A1
Authority
WO
WIPO (PCT)
Prior art keywords
cgr
migration
message
mpls vpn
data center
Prior art date
Application number
PCT/CN2012/083270
Other languages
French (fr)
Chinese (zh)
Inventor
李广鹏
于德雷
刘颖
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2013174096A1 publication Critical patent/WO2013174096A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, device, and system for cloud computing virtual machine migration.
  • BACKGROUND With the increasing scale of the cloud computing market, the network connection capability of cloud service providers has gradually become a bottleneck for further expansion of cloud services.
  • Network operators began to explore the business model of packaging and selling cloud resources and network resources, especially MPLS (Multi-Protocol Label Switching) VPN (Virtual Private Network) resources.
  • MPLS Multi-Protocol Label Switching
  • VPN Virtual Private Network
  • the management parameters are generally used to solve the exchange of configuration parameters, such as: management and maintenance of the VPN by the network side VPN controller.
  • configuration parameters such as: management and maintenance of the VPN by the network side VPN controller.
  • the cloud manager and the VPN controller first establish two data center spaces.
  • the Layer 2 VPN connection is then used for cloud computing virtual machine migration using cloud computing virtual machine LAN migration technology.
  • Enable cloud managers to cross data by managing and maintaining VPNs between data centers Heart creates and maintains a VPC (Virtual Private Cloud).
  • VPC Virtual Private Cloud
  • Embodiments of the present invention provide a method, a device, and a system for migrating a cloud computing virtual machine.
  • the network side does not need to configure the VPN through the management plane, and the traffic destined for the cloud computing virtual machine can be directly reached after the migration. data center.
  • a method for cloud computing virtual machine migration including:
  • the first cloud data center egress gateway router CGR constructs a multi-protocol label switching virtual private network MPLS VPN site migration message; the packet contains a parameter indicating the location of the data center where the second cloud data center egress gateway CGR is located;
  • a second PE that is connected to the second CGR, and sends a control packet indicating the migration of the MPLS VPN site to the second PE; after receiving the control packet, the second PE sends the second CGR to the second CGR.
  • a method for cloud computing virtual machine migration including:
  • the first carrier edge router PE receives the first cloud data center exit gateway router
  • the first PE finds a second carrier edge router PE connected to the second CGR according to the parameter indicating the location of the data center where the second CGR is located in the packet migrated by the MPLS VPN site;
  • the first PE constructs a control packet for the MPLS VPN site to be migrated, and sends the control packet to the second PE, so that after the second PE receives the control packet, Sending, to the second CGR, a message indicating that the MPLS VPN site is migrated, so that the MPLS VPN site in the data center where the first CGR is located is moved to the data center where the second CGR is located;
  • the packet migrated by the MPLS VPN site includes the following parameters: a migration ID indicating the migration process and state of the cloud computing virtual machine; and
  • a method for cloud computing virtual machine migration including:
  • the second carrier edge router PE receives the control information of the multi-protocol label switching virtual private network MPLS VPN site migration sent by the first PE, where the control packet is that the first PE receives the first cloud data.
  • the MPLS VPN site migrates the packet sent by the CGR sent by the central egress gateway router, the MPLS VPN site migrates the packet with the parameter indicating the location of the data center where the second C GR is located.
  • the second PE constructs a message indicating that the MPL S VPN site is migrated, and sends the message to the second CGR, so that the MPLS VPN site in the data center where the first CGR is located is in the data center where the second CGR is located. Move in;
  • the control packet includes the following parameters:
  • a method for cloud computing virtual machine migration including:
  • the second cloud data center exit gateway router CGR receives the second carrier edge route The message sent by the PE to indicate the multi-protocol label switching virtual private network MPLS VPN site migration; wherein the message is generated after the second PE receives the control packet sent by the first PE and indicates the migration of the MPLS VPN site; After receiving the MPLS VPN site migration message sent by the first CGR, the first PE sends the control message indicating the migration of the MPLS VPN site to the second PE;
  • the second cloud data center egress gateway router CGR performs the migration of the MPLS VPN site in the data center where the first CGR is located.
  • a first cloud data center egress gateway router CGR including: a generating unit, configured to construct a packet of a multi-protocol label switching virtual private network MPLS VPN site migration; the packet includes a second CGR indication The parameters of the location of the data center;
  • a sending unit configured to send, to the first carrier edge router PE, the packet that is configured by the generating unit, so that the first PE, after receiving the packet, according to the indication in the packet
  • the parameter of the location of the data center where the second CGR is located finds the second PE connected to the second CGR, and sends a control packet indicating the migration of the MPLS VPN site to the second PE; the second PE receives After the control packet, the message indicating the migration of the MPLS VPN site is sent to the second CGR, so that the MPLS VPN site moves to the data center where the second CGR is located.
  • a first carrier edge router PE including:
  • the receiving unit is configured to receive the MPLS VPN site migration of the multi-protocol label switching virtual private network sent by the first cloud data center egress gateway router CGR; the foregoing parameter includes the following parameters:
  • a processing unit configured to find a second carrier edge router PE connected to the second CGR according to the parameter indicating a location of the data center where the second CGR is located;
  • a generating unit configured to construct a control report indicating the number of migrations of the MPLS VPN site Text
  • a sending unit configured to send the control packet configured by the generating unit to the second carrier edge router PE, so that the second PE sends the control packet to the second CGR after receiving the control packet And the message indicating that the MPLS VPN site is migrated, so that the MPLS VPN site in the data center where the first CGR is located is moved to the data center where the second CGR is located.
  • a second carrier edge router PE including:
  • a receiving unit configured to receive, by the first carrier edge router PE, a control packet indicating that the multi-protocol label switching virtual private network MPLS VPN site migrates, where the control packet is that the first PE receives the first cloud
  • the MPLS VPN site migration packet includes a parameter indicating a location of the data center where the second CGR is located; the control packet includes The following parameters:
  • a generating unit configured to send a message indicating the migration of the MPLS VPN site
  • a sending unit configured to send, by using the generating unit, a message indicating the migration of the MPLS VPN site to the second CGR, to perform the first CGR
  • the MPLS VPN site of the data center moves to the data center where the second CGR is located.
  • a second cloud data center egress gateway router CGR including: a receiving unit, configured to receive, by the second carrier edge router PE, a message indicating that the multi-protocol label switching virtual private network MPLS VPN site migrates; The message is generated after the second PE receives the control packet that is sent by the first PE and indicates the migration of the MPLS VPN site; the first PE receives the packet that is migrated by the MPLS VPN site sent by the first CGR. And sending, to the second PE, a control packet indicating the migration of the MPLS VPN site; And a processing unit, configured to perform, according to the message indicating the migration of the MPLS VPN site, received by the receiving unit, the MOL S VPN site of the data center where the first CGR is located.
  • a network for cloud computing virtual machine migration including:
  • the first cloud data center egress gateway router CGR, the first operator edge router PE, the second operator edge router PE, and the second cloud data center egress gateway router CGR are connected to The first cloud data center egress gateway router CGR, the first operator edge router PE, the second operator edge router PE, and the second cloud data center egress gateway router CGR.
  • the first CGR sends the MPLS VPN site migration message to the first PE, and then the first PE sends the control message to the second PE.
  • the message sent by the second PE to the second CGR carries the parameter indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and the network side PE participates.
  • the traffic to the virtual machine can go directly to the migrated data center after the migration is completed. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation.
  • FIG. 1 is a schematic diagram of a network environment architecture of a cloud computing virtual machine MPLS VPN site migration according to an embodiment of the present invention
  • FIG. 2 is a block diagram 1 of a flow chart of a method for migrating a cloud computing virtual machine according to an embodiment of the present invention
  • FIG. 3 is a schematic block diagram 2 of a method for migrating a cloud computing virtual machine according to another embodiment of the present invention.
  • FIG. 4 is a schematic block diagram 3 of a method for migrating a cloud computing virtual machine according to another embodiment of the present invention.
  • FIG. 5 is a flow chart of a method for migrating a cloud computing virtual machine according to another embodiment of the present invention. Schematic diagram block four;
  • FIG. 6 is a schematic block diagram 5 of a method for migrating a cloud computing virtual machine MPLS VPN site according to another embodiment of the present invention.
  • FIG. 7 is a format of a parameter indicating a MPLS VPN site migration in a path attribute of a BGP Update packet according to an embodiment of the present disclosure
  • FIG. 8 is a schematic structural block diagram of a first CGR according to an embodiment of the present invention
  • FIG. 9 is a schematic structural block diagram of a first PE according to an embodiment of the present invention
  • FIG. 10 is a schematic block diagram of another structure of a first PE according to an embodiment of the present invention
  • FIG. 11 is a schematic structural block diagram of a second PE according to an embodiment of the present invention
  • FIG. 12 is a schematic block diagram of another structure of a second PE according to an embodiment of the present invention
  • FIG. 13 is a schematic block diagram of a second CGR according to an embodiment of the present invention
  • FIG. 15 is a schematic structural diagram of a network of a cloud computing virtual machine migration according to an embodiment of the present invention.
  • the network architecture of this embodiment is exemplarily shown in FIG. 1.
  • Routers 11 are connected, and the first PE 12 and the second PE 13 can be directly or indirectly connected (connected through the backbone network when indirectly connected), and the second PE 13 is connected to the second CGR 14.
  • the VCE (Virtual Customer Edge) 111 and the VCE 141 are respectively configured on the first CGR 11 and the second CGR 14, and are respectively connected to the sub-interfaces of the first PE 12 and the second PE 13 respectively.
  • BGP logical link A
  • the first CGR 11 constructs a packet that is migrated by the MPLS VPN site.
  • the packet migrated by the MPLS VPN site includes a parameter indicating a location of the data center where the second CGR 14 is located.
  • the MPLS VPN site migration may include the following parameters: a Migration ID indicating the migration process and status of the cloud computing virtual machine; and
  • the above parameters may be encapsulated in the path attribute of the BGP Update (boundary gateway protocol update).
  • the format may be:
  • the first byte 0x90 is fixed
  • the second byte indicates the type of the attribute of the parameter
  • the third and fourth bytes indicate the byte length occupied by the parameter, the 5th to the 20th words.
  • the section stores the Migration ID
  • the 21st to 24th bytes store the Destination DC location
  • the 25th byte stores the Clear Flag
  • the 26th and 27th bytes store the AS number of the second CGR
  • the remaining words Section stores the current VPN Name
  • the first CGR 11 sends the packet migrated by the MPLS VPN site to the first PE 12, so that the first PE 12 receives the packet migrated by the MPLS VPN site, according to the packet migrated by the MPLS VPN site.
  • the parameter indicating the location of the data center where the second CGR 14 is located finds the second PE 13 connected to the second CGR 14, and sends a control message indicating the migration of the MPLS VPN site to the second PE 13; the second PE 13 receives the control After the message, a message indicating the migration of the MPLS VPN site is sent to the second CGR 14 to move the MPLS VPN site to the data center where the second CGR 14 is located.
  • the first C GR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE
  • the message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. In addition, during the entire migration process, the network side and the cloud service provider did not send their own device configuration information to the other party, thus ensuring the security of the business information of the two types of operators.
  • the first PE 12 receives the packet of the MPLS VPN site migration sent by the first CGR 11.
  • the MPLS VPN site migration packet may include the following parameters: a Migration ID indicating the migration process and status of the cloud computing virtual machine; and a current VPN Name;
  • the Clear Flag in the MPLS VPN site migration received by the first PE 12 indicates that the connection between the first PE and the first CGR 11 is revoked
  • the VPN routing table setting of the first PE is started. The timer, after the specified time arrives, the first PE revokes the connection with the first CGR 11.
  • the first PE 12 finds the second PE 13 connected to the second CGR 14 according to the parameter indicating the location of the data center where the second CGR 14 is located in the packet migrated by the MPLS VPN site.
  • the searching process in the 202 may be: the first PE 12 obtains the IP address of the second PE 13 according to the parameter query indicating the Destination DC location of the second CGR 14 in the packet migrated by the MPLS VPN site, and the Next to the second PE 13 Interface name. Further, the first PE 12 may obtain the RD/RT (route specifier/route target) of the first PE 12 and the VPN peer of the first PE 12 according to the VPN Name in the packet migrated by the MPLS VPN site. Net peer address list).
  • RD/RT route specifier/route target
  • the first PE 12 constructs a control packet indicating the migration of the MPLS VPN site, and sends the control packet to the second PE 13.
  • the second PE 13 sends the control packet to the second CGR 14 after receiving the control packet.
  • control packet of the first PE 12 that indicates the migration of the MPLS VPN site may include the following parameters:
  • VPN peer of the first PE 12
  • the first CGR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE are sent to the second
  • the message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
  • the second PE 13 receives the control packet that is sent by the first PE 12 and indicates the migration of the MPLS VPN site.
  • the control packet is that the first PE 12 receives the first CGR.
  • the MPLS VPN site migrates the packet with the parameter indicating the location of the data center where the second CGR 14 is located.
  • control packet received by the second PE 13 may include the following parameters: a Migration ID indicating the migration process and status of the cloud computing virtual machine; and a lower port name of the second PE 13;
  • VPN peer on the first PE 11;
  • the second PE 13 may determine, according to the RD/RT in the control packet indicating the first PE 11, whether the second PE 13 configures the VPN routing forwarding table of the MPLS VPN station.
  • the second PE 13 does not configure the VPN routing forwarding table of the MPLS VPN site, a VPN routing forwarding table needs to be created.
  • the second PE 13 applies for a site network segment to the network database connected to the second PE 13 according to the VPN name, and obtains the sub-interface number of the second PE 13 and the used Vlan lD (virtual local area network ID).
  • the second PE 13 also configures the VPN routing forwarding table instance, binds to the sub-interface of the second PE 13 and configures the BGP protocol (Border Gateway Protocol).
  • the second PE 13 If the second PE 13 has configured the VPN routing forwarding table of the MPLS VPN site, the second PE 13 obtains the Vlan ID of the interface bound to the VPN routing forwarding table according to the VPN routing forwarding table.
  • the second PE 13 constructs a message indicating an MPLS VPN site migration.
  • the MPLS VPN site migration message constructed by the second PE 13 may include the following parameters:
  • Transit IP Section applied by the second PE 13 to the network database (transit IP address) a segment); wherein the transit IP address segment is obtained from the network segment of the site;
  • the message indicating the MPLS VPN site migration configured by the second PE 13 may include the following parameters:
  • a Migration ID indicating the migration process and status of the cloud computing virtual machine
  • the message constructed by the second PE 13 does not include the Transit IP Section and the second PE 13 applied by the second PE 13 to the network database.
  • the second PE 13 sends, to the second CGR 14, a message indicating that the MPLS VPN site is migrated by the second PE 13; and the data of the MPLS VPN site of the data center where the first CGR 11 is located to the second CGR 14 is performed.
  • the first CGR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE are sent to the second
  • the message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
  • the second CGR 14 receives the message that is sent by the second PE 13 and indicates the migration of the MPLS VPN site.
  • the message is generated by the second PE 13 after receiving the control packet that is sent by the first PE 12 and indicating the migration of the MPLS VPN site.
  • the first PE 12 receives the message of the migration of the MPL S VPN site sent by the first CGR 11, and sends a control message indicating the migration of the MPLS VPN site to the second PE 13.
  • the message that the second CGR 14 receives the MPLS VPN site migration sent by the second PE 13 may include the following parameters:
  • a Migration ID indicating the migration process and status of the cloud computing virtual machine
  • the second CGR 14 needs to create a VCE (Virtual User Edge Router) 141 and configure the BGP protocol.
  • VCE Virtual User Edge Router
  • the message indicating the MPLS VPN site migration sent by the second PE 13 received by the second CGR 14 may also include the following parameters:
  • a Migration ID indicating the migration process and status of the cloud computing virtual machine
  • the second CGR 14 may determine that the second PE 13 is configured.
  • the VPN routing forwarding table for the MPLS VPN site may be
  • the second CGR 14 obtains the local VCE 141 according to the Migration ID and the Vlan ID.
  • the MPLS VPN site in the data center where the first CGR 11 is located is moved to the data center where the second CGR 14 is located.
  • the first C GR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE
  • the message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation.
  • a method for migrating a cloud computing virtual machine according to another embodiment of the present invention is as shown in FIG. 1 .
  • the application scenario assumes that: all virtual machine resources in a subnet in the data center where the first CGR 11 is located need to be migrated to the second CGR 14 is located in the data center.
  • the network side needs to save some information, including information identifying the location of the data center network access point and information about the IP address segment available on the MPLS VPN cloud side site.
  • This information is allocated when the data center requests to access the MPLS network, and then stored in a network database accessible by the network device.
  • the network database table is defined as Table 1:
  • VCE virtual user network
  • VCE connection PE interface needs to be configured (VCE port IP address
  • the method for migrating a cloud computing virtual machine MPLS VPN site includes:
  • the first CGR 11 constructs a BGP Update packet that is migrated by the MPLS VPN site, and the parameter indicating the migration of the MPLS VPN site is encapsulated into the path attribute of the BGP Update packet by extending the BGP Update packet.
  • the BGP Update message may include the following parameters indicating the MPLS VPN site migration: a Migration ID indicating the current cloud computing virtual machine migration process and status, a current VPN Name, indicating a Destination DC location of the second CGR 14, Indicates to cancel the Clear Flag of the first CGR 11 and the PE-12, indicating the AS number of the second CGR 14.
  • the migration ID is generated by the cloud side, and uniquely identifies a virtual machine migration process and its status.
  • the migration ID needs to be carried when responding to the cloud side.
  • the VPN Name is obtained from the network operator when the user applies for VPN. It can uniquely identify the VPN that the user applies for.
  • the Destination DC location is determined based on the destination data center of the virtual machine resource migration.
  • the Clear Flag identifies whether the first PE 12 needs to clear the VPN routing forwarding table of the VPN.
  • the format of the parameter in the path attribute of the BGP Update packet is as shown in FIG. 7.
  • the first byte 0x90 is a fixed format
  • the second byte indicates the type of the attribute of the parameter. 4 bytes indicate the byte length occupied by the parameter, 5-20 bytes store the Migration ID, 21-24 bytes store the Destination DC location, the 25th byte stores the Clear Flag, and the 26th byte stores the The AS number of the second CGR, and the remaining bytes store the VPN Name.
  • the first PE 12 starts the timer set in the VPN routing forwarding table of the first PE 12, and after the specified time arrives, the first PE is revoked and A CGR 11 connection.
  • the first PE 12 After receiving the BGP Update packet, the first PE 12 is configured according to BGP Update.
  • the parameter indicating the location of the data center where the second CGR is located in the packet finds the second PE 13 connected to the second CGR 14, and sends the control packet of the MPLS VPN site migration to the second PE 13.
  • the process of the first PE 12 to find the second PE 13 may include: after the first PE 12 identifies that the packet is a BGP Update packet, according to the BGP
  • the above parameters in the path attribute of the Update message internally generate a query request. Then, the first PE 12 queries the IP address of the second PE 13 and the lower interface name of the second PE 13 by using the information in the above table 1 in the network database according to the parameter indicating the Destination DC location of the second CGR 14. .
  • the first PE 12 may further query, according to the VPN Name, the RD/RT and the VPN peer on the first PE 12.
  • the first PE 12 constructs a control packet sent to the second PE 13.
  • the information of the control packet may include: a Migration ID indicating the current cloud computing virtual machine migration process and status, a lower connection port name of the second PE 13, The current VPN Name, the RD/RT on the first PE 12, the VPN peer on the first PE 12, and the AS Number indicating the second CGR 14.
  • the second PE 13 receives the control packet, and determines, by using the RD/RT on the first PE 12 carried in the control packet, whether the second PE 13 configures a VPN routing forwarding table of the MPLS VPN site. If the second PE 13 does not configure the VPN routing forwarding table of the MPLS VPN site, go to 504; if the second PE 13 has configured the VPN routing forwarding table of the MPLS VPN site, go to 506.
  • the second PE 13 creates a VPN routing forwarding table.
  • the second PE 13 applies for a site network segment to the network database connected to the second PE 13 according to the VPN Name in the control packet, and then takes two addresses from the network segment of the site, such as the PE shown in Table 2.
  • IP Downside and VCE IP Upside configure the PE IP Downside to the lower interface of the second PE, and write the PE IP Downside and the VCE IP Upside into the message indicating the MPLS VPN site migration of the second PE 13 to
  • the second CGR is used to perform the related configuration of the VCE 141 when receiving the message; and the sub-interface number of the second PE 13 and the used Vlan ID are also obtained.
  • the second PE 13 constructs a message indicating the migration of the MPLS VPN site, and may include the following parameters: a Migration ID indicating the current cloud computing virtual machine migration process and status, and Vlan The ID, the Transit IP section applied by the second PE 13 to the network database, the AS Number of the domain in which the second PE 13 is located, and the message is sent to the second CGR 14 connected to the second PE 13.
  • the information of the Transit IP section includes the above PE IP Downside and VCE IP Upside.
  • the second PE 13 configures the VPN routing forwarding table instance and binds to the sub-interface of the lower interface, and configures the BGP protocol.
  • the second CGR 14 receives the message indicating the MPLS VPN site migration sent by the second PE 13, creates a VCE 141, configures the BGP protocol, and migrates the MPLS VPN site of the data center where the first CGR 11 corresponding to the Migration ID is located. Enter the VCE 141.
  • the second PE 13 obtains the Vlan ID of the interface to which the VPN routing forwarding table is bound according to the VPN routing forwarding table, and constructs a message indicating the migration of the MPLS VPN site, which may include the following parameters: indicating the cloud computing virtual machine migration process. And the status of the Migration ID, Vlan ID; but the message does not include the Transit IP Section that the second PE 13 applies to the network database and the AS Number of the domain where the second PE 13 is located. Further, the second PE 13 sends a message indicating the migration of the MPLS VPN site to the second CGR 14 connected to the second PE 13.
  • the second CGR 14 After receiving the foregoing message indicating the MPLS VPN site migration sent by the second PE 13, the second CGR 14 obtains the local VCE 141 according to the Migration ID and the Vlan ID, and the MPLS of the data center where the first CGR 11 corresponding to the Migration ID is located. The VPN site moves into VCE 141.
  • the first CGR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE are sent to the second
  • the message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation.
  • the MPLS Update packet is configured as the BGP Update packet
  • the parameter indicating the MPLS VPN site migration is encapsulated in the path attribute of the BGP Update packet
  • the present invention is not limited thereto, and may be other messages, and may also encapsulate information indicating parameters of the MPLS VPN site migration in other attributes.
  • all the virtual machine resources in a subnet in the data center where the first CGR is located need to be migrated to the data center where the second CGR is located, but the embodiment is not limited thereto, and may be the second CGR. All the virtual machine resources in a subnet in the data center need to be migrated to the data center where the first CGR is located. That is, the first CGR can perform all actions of the second CGR, and the second CGR can also perform all actions of the first CGR.
  • the first PE may perform all actions of the second PE, and the second PE may also perform all actions of the first PE.
  • the first cloud data center egress gateway router (CGR) 60 provided by the embodiment of the present invention can be applied to the foregoing method embodiment, and all operations of the first CGR 11 in the foregoing method embodiment can be performed. For details, refer to the foregoing embodiment. I will not repeat them here.
  • the first CGR 60 provided by the embodiment of the present invention includes: a generating unit 601, configured to construct an MPLS VPN site migration document; and the parameter includes a parameter indicating a location of a data center where the second CGR is located.
  • the sending unit 602 is configured to send, to the first PE, the packet that is migrated by the MPLS VPN site configured by the generating unit 601, so that the first PE, after receiving the packet migrated by the MPLS VPN site, migrates according to the MPLS VPN site.
  • the parameter indicating the location of the data center where the second CGR is located in the packet finds the second PE connected to the second CGR, and sends a control packet indicating the migration of the MPLS VPN site to the second PE. After receiving the control text, the second PE receives the control packet. And sending a message indicating that the MPLS VPN site is migrated to the second CGR, so that the MPLS VPN site moves to the data center where the second CGR is located.
  • the first CGR provided by the embodiment of the present invention sends an MPLS VPN site-migrated packet to the first PE, and then the control packet sent by the first PE to the second PE and the second PE sends a message to the second CGR.
  • the MPL S VPN site migration parameters enable the network operator's PE to provide the MPLS VPN site dynamic migration service for the cloud service provider's data center, and since the network-side PE participates in the migration process, after the migration is completed, the migration to the The virtual machine's traffic can go directly to the migrated data center. No network required The configuration of the VPN through the management plane can improve the efficiency of VPN operations.
  • the first carrier edge router PE 70 provided by the embodiment of the present invention can be applied to the foregoing method embodiments, and all the operations of the first PE 12 in the foregoing method embodiment can be performed.
  • All the operations of the first PE 12 in the foregoing method embodiment can be performed.
  • Narration refer to the foregoing embodiment, and Narration.
  • the first PE 70 provided by the embodiment of the present invention includes:
  • the receiving unit 701 is configured to receive the MPLS VPN site migration packet sent by the first CGR, and the MPLS VPN site migration packet; the MPLS VPN site migration packet includes the following parameters:
  • the processing unit 702 finds the second PE connected to the second CGR according to the parameter indicating the location of the data center where the second CGR is located, and provides the information to the generating unit 703.
  • the generating unit 703 is configured to construct a control packet indicating the migration of the MPLS VPN site.
  • the sending unit 704 is configured to send the control packet configured by the generating unit 703 to the second PE, so that after receiving the control packet, the second PE sends a message indicating the migration of the MPLS VPN site to the second CGR, so as to perform The MPLS VPN site in the data center where the first CGR is located is moved to the data center where the second CGR is located.
  • the receiving unit 701 in the first PE 70 further includes:
  • the BGP module 7001 is configured to: after receiving the packet of the MPLS VPN site that is sent by the first CGR, the receiving unit 701 identifies the packet as a BGP Update packet, and preprocesses the BGP Update packet and sends the packet to the migration module 7002. .
  • the processing unit 702 in the first PE 70 further includes:
  • the migration module 7002 After receiving the pre-processed BGP Update message sent by the BGP module 7001, the migration module 7002 sends a query request to the query module 7003, and receives the query result returned by the query module 7003.
  • the query module 7003 according to the query request sent by the migration module 7002, in the database
  • the second PE connected to the second CGR is found according to the parameter indicating the location of the data center where the second CGR is located, and the query result is sent to the migration module 7002.
  • the first PE provided by the embodiment of the present invention receives the packet migrated by the MPLS VPN site sent by the first CGR, and then the control packet sent by the first PE to the second PE and the message sent by the second PE to the second CGR are both Carrying the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, after the migration is completed, the migration is completed.
  • the virtual machine's traffic can go directly to the migrated data center. It is not necessary to configure the VPN through the management plane on the network side, which can improve the efficiency of VPN operations.
  • the second carrier edge router PE 80 provided by the embodiment of the present invention can be applied to the foregoing method embodiment, and all operations of the second PE 13 in the foregoing method embodiment can be performed.
  • All operations of the second PE 13 in the foregoing method embodiment can be performed.
  • Narration refer to the foregoing embodiment, where Narration.
  • the second PE 80 provided by the embodiment of the present invention includes:
  • the receiving unit 801 is configured to receive, by the first PE, a control packet that is sent by the MPLS VPN station, where the first PE receives the MPLS VPN site migration message sent by the first CGR, where The packet migrated by the MPLS VPN site includes a parameter indicating a location of the data center where the second CGR is located.
  • the control packet includes the following parameters:
  • the generating unit 802 is configured to construct a message indicating the migration of the MPLS VPN site.
  • the sending unit 803 is configured to send, to the second CGR, a message indicating that the MPLS VPN site is migrated by the generating unit 802, so that the MPLS VPN site of the data center where the first CGR is located is moved to the data center where the second CGR is located.
  • the generating unit 802 in the second PE 80 further includes:
  • the determining module 8001 is configured to determine whether the second PE is configured with a VPN routing forwarding table of the MPLS VPN site to be migrated.
  • the configuration module 8002 is configured to: when the determining module 8001 determines that the second PE does not configure the VPN routing forwarding table of the MPLS VPN site to be migrated, the receiving unit 801 receives the indication that the first PE sends the MPLS VPN site migration. After the control packet is configured, the VPN routing forwarding table of the MPLS VPN site to be migrated is created, and the VPN routing forwarding table instance is configured, and is bound to the sub-interface of the lower interface to configure the BGP protocol.
  • the sending unit 803 is further configured to send, to the second CGR, configuration parameters of the VPN routing forwarding table of the MPLS VPN site to be migrated created by the configuration module 8002.
  • the second PE provided by the embodiment of the present invention receives the control packet indicating the MPLS VPN site migration sent by the first PE, and then the second PE sends a message indicating the migration of the MPLS VPN site to the second CGR, so that the network operator's PE is obtained.
  • the dynamic migration service of the MPLS VPN site can be provided for the data center of the cloud service provider, and since the network side PE participates in the migration process, after the migration is completed, the traffic to the virtual machine can directly reach the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
  • the second cloud data center egress gateway router CGR 90 provided by the embodiment of the present invention can be applied to the foregoing method embodiment, and all operations of the second CGR 14 in the foregoing method embodiment can be performed. For details, refer to the foregoing embodiment, where No longer.
  • the second CGR 90 provided by the embodiment of the present invention includes: a receiving unit 901, configured to receive, by the second PE, a message indicating that the MPLS VPN site is migrated; where the message is received by the second PE.
  • the first PE receives the MPLS VPN site migration packet sent by the first CGR, and then sends a control packet indicating the MPLS VPN site migration to the second PE.
  • the processing unit 902 is configured to perform the migration of the MPLS VPN site of the data center where the first CGR is located according to the message that is sent by the second PE that is received by the receiving unit 901 to indicate the migration of the MPLS VPN site.
  • the processing unit 902 in the second CGR 90 further includes:
  • the determining module 9001 is configured to determine whether the second PE connected to the second CGR 90 is configured with a VPN routing forwarding table of the MPLS VPN site to be migrated.
  • the configuration module 9002 is configured to: when the determining module 9001 determines that the second PE does not configure the VPN routing forwarding table of the MPLS VPN site to be migrated, the receiving unit 901 receives the indication that the second PE sends the MPLS VPN site migration. After the message is created, the VCE 141 is created and the BGP protocol is configured; in order to perform the migration of the MPLS VPN site in the data center where the first CGR is located.
  • the second CGR provided by the embodiment of the present invention receives the message indicating the MPLS VPN site migration sent by the second PE, so that the network operator can provide the cloud service provider with the dynamic migration service of the MPLS VPN site. And because the network side participates in the migration process, after the migration is completed, the traffic destined for the virtual machine can directly reach the new data center, and the network side is not required to configure the VPN through the management plane, which can improve the efficiency of the VPN operation; During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
  • the cloud migration virtual machine migration network mentioned in the embodiment of the present invention, as shown in FIG. 15, includes:
  • the first CGR 60, the first PE 70, the second PE 80, and the second CGR 90 are provided in the above device embodiments.
  • first CGR 60 The structures of the first CGR 60, the first PE 70, the second PE 80, and the second CGR 90 have been described in the foregoing embodiments, and are not described herein again.
  • the first CGR 60, the first PE 70, the second PE 80, and the second CGR 90 may be applied to the foregoing method embodiment, and the first CGR 11, the first PE 12, and the first
  • the operations of the second PE 13 and the second CGR 14 please refer to the above embodiments, and details are not described herein again.
  • the first C GR sends the MPLS VPN site migration message to the first PE, and then the control packet sent by the first PE to the second PE and the second PE
  • the message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can be the cloud service provider.
  • the data center provides the dynamic migration service of the MPLS VPN site, and since the network-side PE participates in the migration process, after the migration is completed, the traffic to the virtual machine can directly reach the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a method, device and system for the migration of a cloud computing virtual machine, which relate to the field of communications, and can allow the traffic heading to a virtual machine after migration to directly arrive at a new data centre without a network side needing to configure a VPN via a management plane. The virtual machine migration method includes: a first CGR constructing a message of MPLS VPN site migration, which contains a parameter indicating the position of a data centre where a second CGR is located, and transmitting same to a first PE; after receiving the message, according to the parameter indicating the position of the data centre where the second CGR is located, the first PE finding a second PE connected to the second CGR, and transmitting to the second PE a control message indicating the MPLS VPN site migration; and after receiving the control message, the second PE transmitting to the second CGR a message indicating the MPLS VPN site migration, so as to migrate an MPLS VPN site into the second CGR. The embodiments of the present invention are applied to a communication network.

Description

一种云计算虚拟机迁移的方法、 设备及系统  Method, device and system for cloud computing virtual machine migration
技术领域 本发明涉及通信领域, 尤其涉及一种云计算虚拟机迁移的方法、 设备及系统。 背景技术 随着云计算市场规模的日趋扩大,云服务提供商的网络连接能力 渐渐成为云服务进一步扩展的瓶颈。网络运营商开始探索将云资源和 网络资源, 特别是 MPLS ( Multiprotocol Label Switching, 多协议标 签交换) VPN ( Virtual Private Network, 虚拟专用网络) 资源打包出 售的业务模式。然而云资源的组织、管理和运营都是近乎全自动化的, 而 MPLS VPN的运营方式则略显落后。 The present invention relates to the field of communications, and in particular, to a method, device, and system for cloud computing virtual machine migration. BACKGROUND With the increasing scale of the cloud computing market, the network connection capability of cloud service providers has gradually become a bottleneck for further expansion of cloud services. Network operators began to explore the business model of packaging and selling cloud resources and network resources, especially MPLS (Multi-Protocol Label Switching) VPN (Virtual Private Network) resources. However, the organization, management, and operation of cloud resources are almost fully automated, while the operation of MPLS VPNs is slightly behind.
虽然, 有的厂商提出了 MPLS VPN动态开通、 站点自动接入和 撤销的技术, 但是仍不能适应云计算虚拟机动态迁移的特性; 也有的 运营商提出了通过搭建数据中心间的 VPLS ( Virtual Private Lan Service , 虚拟专用局域网业务)来完成云计算虚拟机的迁移工作, 但 是这种方法并没有考虑到网络服务商和第三方云服务商协作的运营 模式。  Although some manufacturers have proposed the technology of MPLS VPN dynamic provisioning, automatic site access and revocation, but still can not adapt to the dynamic migration characteristics of cloud computing virtual machines; some operators have proposed to build VPLS between data centers (Virtual Private Lan Service, virtual private LAN service) to complete the migration of cloud computing virtual machines, but this method does not take into account the operating mode of network service providers and third-party cloud service providers.
在企业用户通过 MPLS IP VPN来连接第三方云服务提供商的资 源时, 如何保证运营商网络和云服务商基础设施之间的信息安全, 同 时能够完成云计算虚拟机的跨数据中心迁移成为亟待解决的一个问 题。  When an enterprise user connects to a third-party cloud service provider through MPLS IP VPN, how to ensure information security between the carrier network and the cloud service provider infrastructure, and complete the cross-data center migration of the cloud computing virtual machine becomes urgent A problem solved.
目前一般通过管理面来解决配置参数的交换, 如: 通过网络侧 VPN控制者对 VPN进行管理与维护, 云计算虚拟机进行迁移时, 通 过云管理者和 VPN控制者首先建立两个数据中心间的 2层 VPN连 接, 然后使用云计算虚拟机局域网迁移技术进行云计算虚拟机迁移。 通过管理和维护数据中心之间的 VPN, 使得云管理者能够跨数据中 心创建和维护 VPC ( Virtual Private Cloud, 虚拟私有云) 。 At present, the management parameters are generally used to solve the exchange of configuration parameters, such as: management and maintenance of the VPN by the network side VPN controller. When the cloud computing virtual machine is migrated, the cloud manager and the VPN controller first establish two data center spaces. The Layer 2 VPN connection is then used for cloud computing virtual machine migration using cloud computing virtual machine LAN migration technology. Enable cloud managers to cross data by managing and maintaining VPNs between data centers Heart creates and maintains a VPC (Virtual Private Cloud).
该技术虽然能够完成云计算虚拟机的跨广域网的迁移过程, 但 是, 需要网络侧通过管理面进行 VPN的配置, 且迁移前后, 云计算 虚拟机 MPLS VPN站点的接入点位置没有变化, 去往迁移云计算虚 拟机的流量需要经过原数据中心然后再到达迁入的数据中心,增加了 数据包传输延迟。 发明内容 本发明的实施例提供一种云计算虚拟机迁移的方法、 设备及系 统, 无需网络侧通过管理面进行 VPN的配置, 能够使迁移后去往该 云计算虚拟机的流量直接到达新的数据中心。  Although the technology can complete the migration process of the cloud computing virtual machine across the WAN, the network side needs to configure the VPN through the management plane, and the location of the access point of the cloud computing virtual machine MPLS VPN site does not change before and after the migration. The migration of cloud computing virtual machine traffic needs to go through the original data center and then to the migrated data center, increasing the packet transmission delay. SUMMARY OF THE INVENTION Embodiments of the present invention provide a method, a device, and a system for migrating a cloud computing virtual machine. The network side does not need to configure the VPN through the management plane, and the traffic destined for the cloud computing virtual machine can be directly reached after the migration. data center.
为达到上述目的, 本发明的实施例釆用如下技术方案:  In order to achieve the above object, embodiments of the present invention use the following technical solutions:
一方面, 提供一种云计算虚拟机迁移的方法, 包括:  In one aspect, a method for cloud computing virtual machine migration is provided, including:
第一云数据中心出口网关路由器 CGR构造多协议标签交换虚拟 专用网 MPLS VPN站点迁移的报文; 所述报文中含有指示第二云数 据中心出口网关 CGR所在数据中心的位置的参数;  The first cloud data center egress gateway router CGR constructs a multi-protocol label switching virtual private network MPLS VPN site migration message; the packet contains a parameter indicating the location of the data center where the second cloud data center egress gateway CGR is located;
所述第一 CGR向第一运营商边缘路由器 PE发送所述报文; 以 使得所述第一 PE在接收到所述报文后, 根据所述指示第二 CGR所 在数据中心的位置的参数找到与所述第二 CGR连接的第二 PE,并向 所述第二 PE发送指示 MPLS VPN站点迁移的控制报文; 所述第二 PE接收到所述控制报文后, 向所述第二 CGR发送指示所述 MPLS VPN 站点迁移的消息, 以便进行所述 MPLS VPN 站点向所述第二 CGR所在的数据中心迁入。  Sending, by the first CGR, the packet to the first carrier edge router PE, so that the first PE, after receiving the packet, finds according to the parameter indicating the location of the data center where the second CGR is located. a second PE that is connected to the second CGR, and sends a control packet indicating the migration of the MPLS VPN site to the second PE; after receiving the control packet, the second PE sends the second CGR to the second CGR. Sending a message indicating the migration of the MPLS VPN site, so that the MPLS VPN site moves to the data center where the second CGR is located.
一方面, 提供一种云计算虚拟机迁移的方法, 包括:  In one aspect, a method for cloud computing virtual machine migration is provided, including:
第一运营商边缘路由器 PE接收第一云数据中心出口网关路由器 The first carrier edge router PE receives the first cloud data center exit gateway router
CGR 发送的多协议标签交换虚拟专用网 MPLS VPN 站点迁移的才艮 文; Multi-protocol label switching virtual private network sent by CGR MPLS VPN site migration talent;
所述第一 PE根据所述 MPLS VPN站点迁移的报文中指示第二 CGR所在数据中心的位置的参数找到与所述第二 CGR连接的第二运 营商边缘路由器 PE; 所述第一 PE构造指示所述 MPLS VPN站点迁移的控制^艮文,并 向所述第二 PE发送所述控制报文; 以使得所述第二 PE在接收到所 述控制报文后, 向所述第二 CGR发送指示所述 MPLS VPN站点迁移 的消息, 以便进行所述第一 CGR所在数据中心的所述 MPLS VPN站 点向所述第二 CGR所在的数据中心迁入; The first PE finds a second carrier edge router PE connected to the second CGR according to the parameter indicating the location of the data center where the second CGR is located in the packet migrated by the MPLS VPN site; The first PE constructs a control packet for the MPLS VPN site to be migrated, and sends the control packet to the second PE, so that after the second PE receives the control packet, Sending, to the second CGR, a message indicating that the MPLS VPN site is migrated, so that the MPLS VPN site in the data center where the first CGR is located is moved to the data center where the second CGR is located;
其中, 所述 MPLS VPN站点迁移的报文中包括以下参数: 指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和  The packet migrated by the MPLS VPN site includes the following parameters: a migration ID indicating the migration process and state of the cloud computing virtual machine; and
当前虚拟专用网名称; 和  Current virtual private network name; and
指示第二 CGR所在数据中心的位置; 和  Indicate the location of the data center where the second CGR is located; and
指示撤销与所述第一 CGR连接的清除标志; 和  Instructing to revoke a clear flag associated with the first CGR; and
指示第二 CGR的自治系统号。  Indicates the autonomous system number of the second CGR.
一方面, 提供一种云计算虚拟机迁移的方法, 包括:  In one aspect, a method for cloud computing virtual machine migration is provided, including:
第二运营商边缘路由器 PE接收第一 PE发送的指示多协议标签 交换虚拟专用网 MPLS VPN站点迁移的控制 4艮文; 其中, 所述控制 报文为所述第一 PE接收到第一云数据中心出口网关路由器 CGR发 送的 MPLS VPN站点迁移的报文后生成的, 所述 MPLS VPN站点迁 移的报文中含有指示第二 C GR所在数据中心的位置的参数;  The second carrier edge router PE receives the control information of the multi-protocol label switching virtual private network MPLS VPN site migration sent by the first PE, where the control packet is that the first PE receives the first cloud data. After the MPLS VPN site migrates the packet sent by the CGR sent by the central egress gateway router, the MPLS VPN site migrates the packet with the parameter indicating the location of the data center where the second C GR is located.
所述第二 PE构造指示所述 MPL S VPN站点迁移的消息,并向第 二 CGR发送, 以便进行所述第一 CGR所在数据中心的所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入;  The second PE constructs a message indicating that the MPL S VPN site is migrated, and sends the message to the second CGR, so that the MPLS VPN site in the data center where the first CGR is located is in the data center where the second CGR is located. Move in;
其中, 所述控制报文中包括以下参数:  The control packet includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和  Indicates the migration ID of the cloud computing virtual machine migration process and status; and
所述第二 PE的下连接口名称; 和  The name of the lower port of the second PE; and
当前虚拟专用网名称; 和  Current virtual private network name; and
所述第一 PE上的路由区分符 /路由目标; 和  a route specifier/route target on the first PE; and
所述第一 PE上的虚拟专用网对端地址列表; 和  a virtual private network peer address list on the first PE; and
指示所述第二 CGR的自治系统号。  Indicates the autonomous system number of the second CGR.
一方面, 提供一种云计算虚拟机迁移的方法, 包括:  In one aspect, a method for cloud computing virtual machine migration is provided, including:
第二云数据中心出口网关路由器 CGR接收第二运营商边缘路由 器 PE发送的指示多协议标签交换虚拟专用网 MPLS VPN站点迁移的 消息;其中,所述消息为第二 PE接收到第一 PE发送的指示所述 MPLS VPN站点迁移的控制报文后生成的; 所述第一 PE接收到第一 CGR 发送的 MPLS VPN站点迁移的^艮文后向所述第二 PE发送所述指示所 述 MPLS VPN站点迁移的控制 艮文; The second cloud data center exit gateway router CGR receives the second carrier edge route The message sent by the PE to indicate the multi-protocol label switching virtual private network MPLS VPN site migration; wherein the message is generated after the second PE receives the control packet sent by the first PE and indicates the migration of the MPLS VPN site; After receiving the MPLS VPN site migration message sent by the first CGR, the first PE sends the control message indicating the migration of the MPLS VPN site to the second PE;
第二云数据中心出口网关路由器 CGR进行所述第一 CGR所在 数据中心的所述 MPLS VPN站点的迁入。  The second cloud data center egress gateway router CGR performs the migration of the MPLS VPN site in the data center where the first CGR is located.
一方面, 提供一种第一云数据中心出口网关路由器 CGR, 包括: 生成单元, 用于构造多协议标签交换虚拟专用网 MPLS VPN站 点迁移的报文; 所述报文中含有指示第二 CGR所在数据中心的位置 的参数;  In one aspect, a first cloud data center egress gateway router CGR is provided, including: a generating unit, configured to construct a packet of a multi-protocol label switching virtual private network MPLS VPN site migration; the packet includes a second CGR indication The parameters of the location of the data center;
发送单元, 用于向第一运营商边缘路由器 PE发送所述生成单元 构造的所述报文; 以使得所述第一 PE在接收到所述报文后, 根据所 述报文中所述指示第二 CGR所在数据中心的位置的参数找到与所述 第二 CGR连接的第二 PE,并向所述第二 PE发送指示所述 MPLS VPN 站点迁移的控制报文; 所述第二 PE接收到所述控制报文后, 向所述 第二 CGR发送指示所述 MPLS VPN站点迁移的消息, 以便进行所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入。  a sending unit, configured to send, to the first carrier edge router PE, the packet that is configured by the generating unit, so that the first PE, after receiving the packet, according to the indication in the packet The parameter of the location of the data center where the second CGR is located finds the second PE connected to the second CGR, and sends a control packet indicating the migration of the MPLS VPN site to the second PE; the second PE receives After the control packet, the message indicating the migration of the MPLS VPN site is sent to the second CGR, so that the MPLS VPN site moves to the data center where the second CGR is located.
一方面, 提供一种第一运营商边缘路由器 PE, 包括:  In one aspect, a first carrier edge router PE is provided, including:
接收单元, 用于接收第一云数据中心出口网关路由器 CGR发送 的多协议标签交换虚拟专用网 MPLS VPN站点迁移的 4艮文; 所述才艮 文中包括以下参数:  The receiving unit is configured to receive the MPLS VPN site migration of the multi-protocol label switching virtual private network sent by the first cloud data center egress gateway router CGR; the foregoing parameter includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和  Indicates the migration ID of the cloud computing virtual machine migration process and status; and
当前虚拟专用网名称; 和  Current virtual private network name; and
指示第二 CGR所在数据中心的位置; 和  Indicate the location of the data center where the second CGR is located; and
指示撤销与所述第一 CGR连接的清除标志; 和  Instructing to revoke a clear flag associated with the first CGR; and
指示第二 CGR的自治系统号;  Indicates the autonomous system number of the second CGR;
处理单元, 用于根据所述指示第二 CGR所在数据中心的位置的 参数找到与所述第二 CGR连接的第二运营商边缘路由器 PE;  a processing unit, configured to find a second carrier edge router PE connected to the second CGR according to the parameter indicating a location of the data center where the second CGR is located;
生成单元, 用于构造指示所述 MPLS VPN站点迁移数的控制报 文; a generating unit, configured to construct a control report indicating the number of migrations of the MPLS VPN site Text
发送单元, 用于向第二运营商边缘路由器 PE发送所述生成单元 构造的所述控制报文;以使得所述第二 PE在接收到所述控制报文后, 向所述第二 CGR发送指示所述 MPLS VPN站点迁移的消息, 以便进 行所述第一 CGR所在数据中心的所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入。  a sending unit, configured to send the control packet configured by the generating unit to the second carrier edge router PE, so that the second PE sends the control packet to the second CGR after receiving the control packet And the message indicating that the MPLS VPN site is migrated, so that the MPLS VPN site in the data center where the first CGR is located is moved to the data center where the second CGR is located.
一方面, 提供一种第二运营商边缘路由器 PE, 包括:  In one aspect, a second carrier edge router PE is provided, including:
接收单元, 用于接收第一运营商边缘路由器 PE发送的指示多协 议标签交换虚拟专用网 MPLS VPN站点迁移的控制报文; 其中, 所 述控制报文为所述第一 PE 接收到第一云数据中心出口网关路由器 CGR发送的所述 MPLS VPN站点迁移的 文后生成的, 所述 MPLS VPN站点迁移的报文中含有指示第二 CGR所在数据中心的位置的参 数; 所述控制报文中包含以下参数:  a receiving unit, configured to receive, by the first carrier edge router PE, a control packet indicating that the multi-protocol label switching virtual private network MPLS VPN site migrates, where the control packet is that the first PE receives the first cloud After the data center egress gateway router CGR sends the MPLS VPN site to be migrated, the MPLS VPN site migration packet includes a parameter indicating a location of the data center where the second CGR is located; the control packet includes The following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和  Indicates the migration ID of the cloud computing virtual machine migration process and status; and
所述第二 PE的下连接口名称; 和  The name of the lower port of the second PE; and
当前虚拟专用网名称; 和  Current virtual private network name; and
所述第一 PE上的路由区分符 /路由目标; 和  a route specifier/route target on the first PE; and
所述第一 PE上的虚拟专用网对端地址列表; 和  a virtual private network peer address list on the first PE; and
指示所述第二 CGR的自治系统号。  Indicates the autonomous system number of the second CGR.
生成单元, 用于构造指示所述 MPLS VPN站点迁移的消息; 发送单元, 用于向第二 CGR发送所述生成单元构造的指示所述 MPLS VPN站点迁移的消息; 以便进行所述第一 CGR所在数据中心 的所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入。  a generating unit, configured to send a message indicating the migration of the MPLS VPN site, and a sending unit, configured to send, by using the generating unit, a message indicating the migration of the MPLS VPN site to the second CGR, to perform the first CGR The MPLS VPN site of the data center moves to the data center where the second CGR is located.
一方面, 提供一种第二云数据中心出口网关路由器 CGR, 包括: 接收单元, 用于接收第二运营商边缘路由器 PE发送的指示多协 议标签交换虚拟专用网 MPLS VPN站点迁移的消息; 其中, 所述消 息为第二 PE接收到第一 PE发送的指示所述 MPLS VPN站点迁移的 控制报文后生成的;所述第一 PE接收到第一 CGR发送的所述 MPLS VPN站点迁移的报文后向所述第二 PE发送指示所述 MPLS VPN站 点迁移的控制报文; 处理单元,用于根据所述接收单元接收到的所述指示所述 MPLS VPN站点迁移的消息,进行所述第一 CGR所在数据中心的所述 MPL S VPN站点的迁入。 In one aspect, a second cloud data center egress gateway router CGR is provided, including: a receiving unit, configured to receive, by the second carrier edge router PE, a message indicating that the multi-protocol label switching virtual private network MPLS VPN site migrates; The message is generated after the second PE receives the control packet that is sent by the first PE and indicates the migration of the MPLS VPN site; the first PE receives the packet that is migrated by the MPLS VPN site sent by the first CGR. And sending, to the second PE, a control packet indicating the migration of the MPLS VPN site; And a processing unit, configured to perform, according to the message indicating the migration of the MPLS VPN site, received by the receiving unit, the MOL S VPN site of the data center where the first CGR is located.
一方面, 提供一种云计算虚拟机迁移的网络, 包括:  In one aspect, a network for cloud computing virtual machine migration is provided, including:
上述的第一云数据中心出口网关路由器 CGR、 上述的第一运营 商边缘路由器 PE、 上述的第二运营商边缘路由器 PE、 及上述的第二 云数据中心出口网关路由器 CGR。  The first cloud data center egress gateway router CGR, the first operator edge router PE, the second operator edge router PE, and the second cloud data center egress gateway router CGR.
本发明实施例提供的云计算虚拟机迁移的方法、设备及系统, 第 一 CGR向第一 PE发送 MPLS VPN站点迁移的报文, 之后第一 PE 向第二 PE发送的控制 ^艮文和第二 PE向第二 CGR发送的消息中都携 带指示该 MPLS VPN站点迁移的参数,使得网络运营商的 PE能够为 云服务商的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由 于网络侧 PE参与了迁移过程, 在迁移完成后, 去往该虚拟机的流量 可直接到达迁移后的数据中心。 不需要网络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 附图说明 为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对 实施例描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述中 的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不 付出创造性劳动的前提下, 还可以根据这些附图获得其他的附图。  The method, device, and system for the cloud computing virtual machine migration provided by the embodiment of the present invention, the first CGR sends the MPLS VPN site migration message to the first PE, and then the first PE sends the control message to the second PE. The message sent by the second PE to the second CGR carries the parameter indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and the network side PE participates. After the migration process, the traffic to the virtual machine can go directly to the migrated data center after the migration is completed. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments will be briefly described below. Obviously, the drawings in the following description are merely Some embodiments of the present invention may also be used to obtain other drawings based on these drawings without departing from the prior art.
图 1为本发明实施例提供的云计算虚拟机 MPLS VPN站点迁移 网络环境架构示意图;  1 is a schematic diagram of a network environment architecture of a cloud computing virtual machine MPLS VPN site migration according to an embodiment of the present invention;
图 2 为本发明实施例提供的云计算虚拟机迁移的方法的流程示 意框图一;  2 is a block diagram 1 of a flow chart of a method for migrating a cloud computing virtual machine according to an embodiment of the present invention;
图 3 为本发明另一实施例提供的云计算虚拟机迁移的方法的流 程示意框图二;  3 is a schematic block diagram 2 of a method for migrating a cloud computing virtual machine according to another embodiment of the present invention;
图 4 为本发明又一实施例提供的云计算虚拟机迁移的方法的流 程示意框图三;  4 is a schematic block diagram 3 of a method for migrating a cloud computing virtual machine according to another embodiment of the present invention;
图 5 为本发明又一实施例提供的云计算虚拟机迁移的方法的流 程示意框图四; FIG. 5 is a flow chart of a method for migrating a cloud computing virtual machine according to another embodiment of the present invention; Schematic diagram block four;
图 6为本发明另一实施例提供的云计算虚拟机 MPLS VPN站点 迁移的方法的流程示意框图五;  6 is a schematic block diagram 5 of a method for migrating a cloud computing virtual machine MPLS VPN site according to another embodiment of the present invention;
图 7为本发明实施例提供的指示 MPLS VPN站点迁移的参数在 BGP Update报文的路径属性中的格式;  FIG. 7 is a format of a parameter indicating a MPLS VPN site migration in a path attribute of a BGP Update packet according to an embodiment of the present disclosure;
图 8为本发明实施例提供的第一 CGR的结构示意框图; 图 9为本发明实施例提供的第一 PE的结构示意框图;  FIG. 8 is a schematic structural block diagram of a first CGR according to an embodiment of the present invention; FIG. 9 is a schematic structural block diagram of a first PE according to an embodiment of the present invention;
图 10为本发明实施例提供的第一 PE的另一结构示意框图; 图 11为本发明实施例提供的第二 PE的结构示意框图;  FIG. 10 is a schematic block diagram of another structure of a first PE according to an embodiment of the present invention; FIG. 11 is a schematic structural block diagram of a second PE according to an embodiment of the present invention;
图 12为本发明实施例提供的第二 P E的另一结构示意框图; 图 13为本发明实施例提供的第二 CGR的结构示意框图; 图 14为本发明实施例提供的第二 CGR的另一结构示意框图; 图 15为本发明实施例提供的云计算虚拟机迁移的网络的部分结 构示意图。 具体实施方式 下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进 行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例, 而不是全部的实施例。基于本发明中的实施例, 本领域普通技术人员在没 有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的 范围。  FIG. 12 is a schematic block diagram of another structure of a second PE according to an embodiment of the present invention; FIG. 13 is a schematic block diagram of a second CGR according to an embodiment of the present invention; FIG. FIG. 15 is a schematic structural diagram of a network of a cloud computing virtual machine migration according to an embodiment of the present invention. The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本实施例的网络架构, 示例性的, 可以如图 1 所示, 第一 PE ( Provider Edge , 运营商边缘路由器) 12与第一 CGR (云数据中心 出口网关路由器,对应的英文表述是 Cloud Gateway Router ) 11相连, 第一 PE 12与第二 PE 13之间可直接或间接相连(间接相连时通过骨 干网连接) , 第二 PE 13与第二 CGR 14相连。 其中, 第一 CGR 11、 第二 CGR 14上可以分别运行 VCE ( Virtual Customer Edge, 虚拟用 户边缘路由器) 111和 VCE141 , 且分别各自对应连接到第一 PE 12、 第二 PE 13的子接口, 形成逻辑链路, 该逻辑链路上运行边界网关协 议 (BGP ) 路由协议以交换路由信息。 The network architecture of this embodiment is exemplarily shown in FIG. 1. The first PE (Provider Edge, Carrier Edge Router) 12 and the first CGR (Cloud Data Center Egress Gateway Router, the corresponding English expression is Cloud Gateway. Routers 11 are connected, and the first PE 12 and the second PE 13 can be directly or indirectly connected (connected through the backbone network when indirectly connected), and the second PE 13 is connected to the second CGR 14. The VCE (Virtual Customer Edge) 111 and the VCE 141 are respectively configured on the first CGR 11 and the second CGR 14, and are respectively connected to the sub-interfaces of the first PE 12 and the second PE 13 respectively. Logical link, running the border gateway protocol on the logical link A (BGP) routing protocol to exchange routing information.
本发明实施例提供的云计算虚拟机迁移的方法, 如图 2所述, 该方法 包括:  The method for migrating a cloud computing virtual machine provided by the embodiment of the present invention, as described in FIG. 2, the method includes:
101、 第一 CGR 11构造 MPLS VPN站点迁移的报文; 该 MPLS VPN站点迁移的报文中含有指示第二 CGR 14所在数据中心的位置 的参数。  101. The first CGR 11 constructs a packet that is migrated by the MPLS VPN site. The packet migrated by the MPLS VPN site includes a parameter indicating a location of the data center where the second CGR 14 is located.
举例来说, 该 MPLS VPN站点迁移的 艮文中可以包括以下参数: 指示本次云计算虚拟机迁移过程及状态的 Migration ID (迁移 ID ) ; 和  For example, the MPLS VPN site migration may include the following parameters: a Migration ID indicating the migration process and status of the cloud computing virtual machine; and
当前 VPN Name (虚拟专用网名称) ; 和  Current VPN Name; and
指示第二 CGR的 Destination DC location (所在数据中心位置); 和  Indicates the Destination DC location of the second CGR; and
指示撤销与第一 PE连接的 Clear Flag (清除标志 ) ; 和  Instructing to revoke the Clear Flag connected to the first PE; and
指示第二 CGR的 AS Number ( 自治系统号) 等。  Indicates the AS number (autonomous system number) of the second CGR, and so on.
更进一步地, 上述参数可以被封装在 BGP Update (边界网关协 议更新) 4艮文的路径属性中, 示例性的, 其格式可以为:  Further, the above parameters may be encapsulated in the path attribute of the BGP Update (boundary gateway protocol update). For example, the format may be:
如图 7所示, 第 1字节 0x90为固定, 第 2字节指示所述参数的 属性的类型, 第 3 和第 4 字节指示所述参数占用的字节长度, 第 5 至第 20 字节存储所述 Migration ID , 第 21 至第 24 字节存储所述 Destination DC location, 第 25字节存储所述 Clear Flag, 第 26和第 27 字节存储所述第二 CGR的 AS Number, 其余字节存储所述当前 VPN Name„  As shown in FIG. 7, the first byte 0x90 is fixed, the second byte indicates the type of the attribute of the parameter, and the third and fourth bytes indicate the byte length occupied by the parameter, the 5th to the 20th words. The section stores the Migration ID, the 21st to 24th bytes store the Destination DC location, the 25th byte stores the Clear Flag, the 26th and 27th bytes store the AS number of the second CGR, and the remaining words Section stores the current VPN Name
102、 第一 CGR 11向第一 PE 12发送上述 MPLS VPN站点迁移 的报文; 以使得第一 PE 12在接收到该 MPLS VPN站点迁移的报文 后, 根据该 MPLS VPN站点迁移的报文中指示第二 CGR 14所在数 据中心的位置的参数找到与第二 CGR 14连接的第二 PE 13 , 并向第 二 PE 13发送指示 MPLS VPN站点迁移的控制报文; 第二 PE 13接 收到该控制报文后, 向第二 CGR 14发送指示 MPLS VPN站点迁移 的消息, 以便进行 MPLS VPN站点向第二 CGR 14所在的数据中心 迁入。 本发明实施例提供的云计算虚拟机迁移的方法, 第一 C GR向第 一 PE发送 MPLS VPN站点迁移的报文, 之后第一 PE向第二 PE发 送的控制报文和第二 PE 向第二 CGR 发送的消息中都携带指示该 MPLS VPN站点迁移的参数, 使得网络运营商的 PE能够为云服务商 的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在迁移完成后, 去往该虚拟机的流量可直接到 达迁移后的数据中心。不需要网络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 此外, 在整个迁移过程中, 网络侧和云 服务商都没有将自己的设备配置信息发送给对方,因而保证了两类运 营商的商业信息的安全性。 The first CGR 11 sends the packet migrated by the MPLS VPN site to the first PE 12, so that the first PE 12 receives the packet migrated by the MPLS VPN site, according to the packet migrated by the MPLS VPN site. The parameter indicating the location of the data center where the second CGR 14 is located finds the second PE 13 connected to the second CGR 14, and sends a control message indicating the migration of the MPLS VPN site to the second PE 13; the second PE 13 receives the control After the message, a message indicating the migration of the MPLS VPN site is sent to the second CGR 14 to move the MPLS VPN site to the data center where the second CGR 14 is located. The method for migrating a cloud computing virtual machine provided by the embodiment of the present invention, the first C GR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE The message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. In addition, during the entire migration process, the network side and the cloud service provider did not send their own device configuration information to the other party, thus ensuring the security of the business information of the two types of operators.
本发明另一实施例提供的云计算虚拟机迁移的方法, 如图 3所述, 该 方法包括:  A method for migrating a cloud computing virtual machine according to another embodiment of the present invention, as described in FIG. 3, the method includes:
201、 第一 PE 12接收第一 CGR 11发送的 MPLS VPN站点迁移 的报文。  201. The first PE 12 receives the packet of the MPLS VPN site migration sent by the first CGR 11.
举例来说,该 MPLS VPN站点迁移的报文中可以包括以下参数: 指示本次云计算虚拟机迁移过程及状态的 Migration ID; 和 当前 VPN Name; 和  For example, the MPLS VPN site migration packet may include the following parameters: a Migration ID indicating the migration process and status of the cloud computing virtual machine; and a current VPN Name;
指示第二 CGR的 Destination DC location; 和  a Destination DC location indicating the second CGR; and
指示撤销与所述第一 CGR连接的 Clear Flag; 和  Instructing to revoke a Clear Flag connected to the first CGR; and
指示第二 CGR的 AS Number。  Indicates the AS Number of the second CGR.
其中, 若第一 PE 12接收到的该 MPLS VPN站点迁移的 4艮文中 的 Clear Flag指示撤销所述第一 PE与第一 CGR 11的连接, 则启动 所述第一 PE的 VPN路由表设置的定时器, 在规定时间到达后, 所 述第一 PE撤销与所述第一 CGR 11的连接。  If the Clear Flag in the MPLS VPN site migration received by the first PE 12 indicates that the connection between the first PE and the first CGR 11 is revoked, the VPN routing table setting of the first PE is started. The timer, after the specified time arrives, the first PE revokes the connection with the first CGR 11.
202、 第一 PE 12根据所述 MPLS VPN站点迁移的报文中指示第 二 CGR 14所在数据中心的位置的参数找到与第二 CGR 14连接的第 二 PE 13。  The first PE 12 finds the second PE 13 connected to the second CGR 14 according to the parameter indicating the location of the data center where the second CGR 14 is located in the packet migrated by the MPLS VPN site.
举例来说, 所述 202中的查找过程可以是: 第一 PE 12根据上述 MPLS VPN站点迁移的报文中指示第二 CGR 14 的 Destination DC location的参数查询得到第二 PE 13的 IP地址和该第二 PE 13的下连 接口名称。 并进一步地, 第一 PE 12可以根据上述 MPLS VPN站点 迁移的报文中的 VPN Name得到第一 PE 12的 RD/RT (路由区分符 / 路由目标) 、 第一 PE 12的 VPN peer (虚拟专用网对端地址列表) 。 For example, the searching process in the 202 may be: the first PE 12 obtains the IP address of the second PE 13 according to the parameter query indicating the Destination DC location of the second CGR 14 in the packet migrated by the MPLS VPN site, and the Next to the second PE 13 Interface name. Further, the first PE 12 may obtain the RD/RT (route specifier/route target) of the first PE 12 and the VPN peer of the first PE 12 according to the VPN Name in the packet migrated by the MPLS VPN site. Net peer address list).
203、 第一 PE 12构造指示 MPLS VPN站点迁移的控制报文, 并 向第二 PE 13发送该控制报文; 以使得第二 PE 13在接收到该控制报 文后, 向第二 CGR 14发送指示 MPLS VPN站点迁移的消息, 以便 进行第一 CGR 11所在数据中心的 MPLS VPN站点向第二 CGR 14所 在的数据中心迁入。  203. The first PE 12 constructs a control packet indicating the migration of the MPLS VPN site, and sends the control packet to the second PE 13. The second PE 13 sends the control packet to the second CGR 14 after receiving the control packet. A message indicating the migration of the MPLS VPN site, so that the MPLS VPN site of the data center where the first CGR 11 is located migrates to the data center where the second CGR 14 is located.
举例来说, 第一 PE 12构造的指示 MPLS VPN站点迁移的控制 报文中可以包括如下参数:  For example, the control packet of the first PE 12 that indicates the migration of the MPLS VPN site may include the following parameters:
指示本次云计算虚拟机迁移过程及状态的 Migration ID; 和 第二 PE 13的下连接口名称; 和  a Migration ID indicating the migration process and status of the cloud computing virtual machine; and a lower port name of the second PE 13;
当前 VPN Name; 和  Current VPN Name; and
第一 PE 12的 RD/RT; 和  RD/RT of the first PE 12; and
第一 PE 12的 VPN peer; 和  VPN peer of the first PE 12; and
指示第二 CGR 14的 AS Number等。  Indicates the AS Number of the second CGR 14, and the like.
本发明实施例提供的云计算虚拟机迁移的方法, 第一 CGR向第 一 PE发送 MPLS VPN站点迁移的报文, 之后第一 PE向第二 PE发 送的控制报文和第二 PE 向第二 CGR 发送的消息中都携带指示该 MPLS VPN站点迁移的参数, 使得网络运营商的 PE能够为云服务商 的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在迁移完成后, 去往该虚拟机的流量可直接到 达迁移后的数据中心。不需要网络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 在整个迁移过程中, 网络侧和云服务商 都没有将自己的设备配置信息发送给对方,保证了两类运营商的商业 信息的安全性。  The method for migrating a cloud computing virtual machine provided by the embodiment of the present invention, the first CGR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE are sent to the second The message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
本发明又一实施例提供的云计算虚拟机迁移的方法, 如图 4 所 述, 该方法包括:  A method for migrating a cloud computing virtual machine according to another embodiment of the present invention, as described in FIG. 4, the method includes:
301、 第二 PE 13接收第一 PE 12发送的指示 MPLS VPN站点迁 移的控制报文; 其中, 该控制报文为第一 PE 12接收到第一 CGR 11 发送的 MPLS VPN站点迁移的报文后生成的, 所述 MPLS VPN站点 迁移的报文中含有指示第二 CGR 14所在数据中心的位置的参数。 301. The second PE 13 receives the control packet that is sent by the first PE 12 and indicates the migration of the MPLS VPN site. The control packet is that the first PE 12 receives the first CGR. After the MPLS VPN site migrates the packet, the MPLS VPN site migrates the packet with the parameter indicating the location of the data center where the second CGR 14 is located.
举例来说, 第二 PE 13接收到的控制报文中可以包括以下参数: 指示本次云计算虚拟机迁移过程及状态的 Migration ID; 和 第二 PE 13的下连接口名称; 和  For example, the control packet received by the second PE 13 may include the following parameters: a Migration ID indicating the migration process and status of the cloud computing virtual machine; and a lower port name of the second PE 13;
当前 VPN Name; 和  Current VPN Name; and
第一 PE 11上的 RD/RT; 和  RD/RT on the first PE 11; and
第一 PE 11上的 VPN peer; 和  VPN peer on the first PE 11; and
指示第二 CGR 14的 AS Number 0 Indicates AS Number 0 of the second CGR 14
可选地, 第二 PE 13可以根据该控制报文中的指示第一 PE 11上 的 RD/RT判断第二 PE 13是否配置该 MPLS VPN站点的 VPN路由 转发表。  Optionally, the second PE 13 may determine, according to the RD/RT in the control packet indicating the first PE 11, whether the second PE 13 configures the VPN routing forwarding table of the MPLS VPN station.
若第二 PE 13没有配置该 MPLS VPN站点的 VPN路由转发表, 则需创建 VPN路由转发表。 第二 PE 13根据上述 VPN Name向与第 二 PE 13连接的网络数据库申请一个站点网段, 并得到第二 PE 13下 连口的子接口号和使用的 Vlan lD (虚拟局域网 ID ) , 在向第二 CGR 14发送 MPLS VPN站点迁移的消息后,第二 PE 13还配置 VPN路由 转发表实例, 绑定到第二 PE 13下连口的子接口, 并配置 BGP协议 (边界网关协议) 。  If the second PE 13 does not configure the VPN routing forwarding table of the MPLS VPN site, a VPN routing forwarding table needs to be created. The second PE 13 applies for a site network segment to the network database connected to the second PE 13 according to the VPN name, and obtains the sub-interface number of the second PE 13 and the used Vlan lD (virtual local area network ID). After the second CGR 14 sends the MPLS VPN site migration message, the second PE 13 also configures the VPN routing forwarding table instance, binds to the sub-interface of the second PE 13 and configures the BGP protocol (Border Gateway Protocol).
若第二 PE 13 已配置了该 MPLS VPN站点的 VPN路由转发表, 则第二 PE 13根据该 VPN路由转发表得到绑定了该 VPN路由转发表 的接口的 Vlan ID。  If the second PE 13 has configured the VPN routing forwarding table of the MPLS VPN site, the second PE 13 obtains the Vlan ID of the interface bound to the VPN routing forwarding table according to the VPN routing forwarding table.
302、 第二 PE 13构造指示 MPLS VPN站点迁移的消息。  302. The second PE 13 constructs a message indicating an MPLS VPN site migration.
举例来说, 当第二 PE 13没有配置该 MPLS VPN站点的 VPN路 由转发表, 则第二 PE 13构造的 MPLS VPN站点迁移的消息中可以 包括以下参数:  For example, when the second PE 13 does not configure the VPN routing table of the MPLS VPN site, the MPLS VPN site migration message constructed by the second PE 13 may include the following parameters:
指示本次云计算虚拟机迁移过程及状态的 Migration ID; 和 Vlan ID; 和  a Migration ID indicating the migration process and status of the cloud computing virtual machine; and Vlan ID; and
第二 PE 13向网络数据库申请的 Transit IP Section (过境 IP地址 段) ; 其中, 所述过境 IP地址段从所述站点网段内得到; Transit IP Section applied by the second PE 13 to the network database (transit IP address) a segment); wherein the transit IP address segment is obtained from the network segment of the site;
第二 PE 13所在域的 AS Number等。  The AS number of the domain where the second PE 13 is located.
又举例来说 , 若第二 PE 13 已经配置该 MPLS VPN站点的 VPN 路由转发表, 则第二 PE 13构造的指示 MPLS VPN站点迁移的消息 中可以包括以下参数:  For example, if the second PE 13 has configured the VPN routing forwarding table of the MPLS VPN site, the message indicating the MPLS VPN site migration configured by the second PE 13 may include the following parameters:
指示本次云计算虚拟机迁移过程及状态的 Migration ID; 和 a Migration ID indicating the migration process and status of the cloud computing virtual machine; and
Vlan ID。 Vlan ID.
需要说明的是,若第二 PE 13已经配置该 MPLS VPN站点的 VPN 路由转发表, 则第二 PE 13构造的消息中不包含第二 PE 13向网络数 据库申请的 Transit IP Section和第二 PE 13所在域的 AS Number。  It should be noted that, if the second PE 13 has configured the VPN routing forwarding table of the MPLS VPN site, the message constructed by the second PE 13 does not include the Transit IP Section and the second PE 13 applied by the second PE 13 to the network database. The AS number of the domain.
303、 第二 PE 13向第二 CGR 14发送所述第二 PE 13构造的指 示 MPLS VPN站点迁移的消息; 以便进行第一 CGR 11所在数据中 心的该 MPLS VPN站点向第二 CGR 14所在的数据中心迁入。  303. The second PE 13 sends, to the second CGR 14, a message indicating that the MPLS VPN site is migrated by the second PE 13; and the data of the MPLS VPN site of the data center where the first CGR 11 is located to the second CGR 14 is performed. The center moved in.
本发明实施例提供的云计算虚拟机迁移的方法, 第一 CGR向第 一 PE发送 MPLS VPN站点迁移的报文, 之后第一 PE向第二 PE发 送的控制报文和第二 PE 向第二 CGR 发送的消息中都携带指示该 MPLS VPN站点迁移的参数, 使得网络运营商的 PE能够为云服务商 的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在迁移完成后, 去往该虚拟机的流量可直接到 达迁移后的数据中心。不需要网络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 在整个迁移过程中, 网络侧和云服务商 都没有将自己的设备配置信息发送给对方,保证了两类运营商的商业 信息的安全性。  The method for migrating a cloud computing virtual machine provided by the embodiment of the present invention, the first CGR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE are sent to the second The message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
本发明又一实施例提供的云计算虚拟机迁移的方法, 如图 5 所 述, 该方法包括:  A method for migrating a cloud computing virtual machine according to another embodiment of the present invention, as described in FIG. 5, the method includes:
401、 第二 CGR 14接收第二 PE 13发送的指示 MPLS VPN站点 迁移的消息; 其中, 该消息为第二 PE 13接收到第一 PE 12发送的指 示 MPLS VPN站点迁移的控制报文后生成的; 第一 PE 12接收到第 一 CGR 11发送的 MPL S VPN站点迁移的 4艮文后向第二 PE 13发送指 示 MPLS VPN站点迁移的控制 艮文。 举例来说, 第二 CGR 14接收到第二 PE 13发送的指示 MPLS VPN站点迁移的消息中可以包括以下参数: 401. The second CGR 14 receives the message that is sent by the second PE 13 and indicates the migration of the MPLS VPN site. The message is generated by the second PE 13 after receiving the control packet that is sent by the first PE 12 and indicating the migration of the MPLS VPN site. The first PE 12 receives the message of the migration of the MPL S VPN site sent by the first CGR 11, and sends a control message indicating the migration of the MPLS VPN site to the second PE 13. For example, the message that the second CGR 14 receives the MPLS VPN site migration sent by the second PE 13 may include the following parameters:
指示本次云计算虚拟机迁移过程及状态的 Migration ID;  a Migration ID indicating the migration process and status of the cloud computing virtual machine;
Vlan ID;  Vlan ID;
第二 PE 13向网络数据库申请的 Transit IP Section;  Transit IP Section applied by the second PE 13 to the network database;
第二 PE 13所在域的 AS Number。  The AS number of the domain where the second PE 13 is located.
可选地, 第二 CGR 14需创建 VCE (虚拟用户边缘路由器 ) 141 , 配置 BGP协议。  Optionally, the second CGR 14 needs to create a VCE (Virtual User Edge Router) 141 and configure the BGP protocol.
又举例来说,第二 CGR 14接收到的第二 PE 13发送的指示 MPLS VPN站点迁移的消息中也可以包括以下参数:  For example, the message indicating the MPLS VPN site migration sent by the second PE 13 received by the second CGR 14 may also include the following parameters:
指示本次云计算虚拟机迁移过程及状态的 Migration ID;  a Migration ID indicating the migration process and status of the cloud computing virtual machine;
Vlan ID。  Vlan ID.
当第二 CGR14接收到 PE13发送的消息中不包括第二 PE 13向 网络数据库申请的 Transit IP Section 和第二 PE 13 所在域的 AS Number时,则第二 CGR14可判断第二 PE 13 已配置了该 MPLS VPN 站点的 VPN路由转发表。  When the second CGR 14 receives the message sent by the PE 13 and does not include the Transit IP Section applied by the second PE 13 to the network database and the AS Number of the domain where the second PE 13 is located, the second CGR 14 may determine that the second PE 13 is configured. The VPN routing forwarding table for the MPLS VPN site.
可选地, 第二 CGR 14根据上述 Migration ID、 Vlan ID得到本地 VCE 141。  Optionally, the second CGR 14 obtains the local VCE 141 according to the Migration ID and the Vlan ID.
402、 第一 CGR 11所在数据中心的所述 MPLS VPN站点向第二 CGR 14所在数据中心迁入。  402. The MPLS VPN site in the data center where the first CGR 11 is located is moved to the data center where the second CGR 14 is located.
本发明实施例提供的云计算虚拟机迁移的方法, 第一 C GR向第 一 PE发送 MPLS VPN站点迁移的报文, 之后第一 PE向第二 PE发 送的控制报文和第二 PE 向第二 CGR 发送的消息中都携带指示该 MPLS VPN站点迁移的参数, 使得网络运营商的 PE能够为云服务商 的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在迁移完成后, 去往该虚拟机的流量可直接到 达迁移后的数据中心。不需要网络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 在整个迁移过程中, 网络侧和云服务商 都没有将自己的设备配置信息发送给对方,保证了两类运营商的商业 信息的安全性。 本发明另一实施例提供的云计算虚拟机迁移的方法, 参照图 1 , 其应 用场景假设为: 第一 CGR 11所在的数据中心中的某子网内的所有虚 拟机资源需要迁移到第二 CGR 14所在的数据中心中。 网络侧需要保 存一些信息,包括标识数据中心网络接入点位置的信息和 MPLS VPN 云侧站点可用的 IP地址段的信息等。 The method for migrating a cloud computing virtual machine provided by the embodiment of the present invention, the first C GR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE The message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators. A method for migrating a cloud computing virtual machine according to another embodiment of the present invention is as shown in FIG. 1 . The application scenario assumes that: all virtual machine resources in a subnet in the data center where the first CGR 11 is located need to be migrated to the second CGR 14 is located in the data center. The network side needs to save some information, including information identifying the location of the data center network access point and information about the IP address segment available on the MPLS VPN cloud side site.
示例' )·生的:  Example ')· born:
1、 标识数据中心网络接入点位置的信息  1. Information identifying the location of the data center network access point
该信息在数据中心申请接入 MPLS 网络时进行分配, 之后存储 在网络设备可以访问的网络数据库中。 该网络数据库表定义如表 1 :  This information is allocated when the data center requests to access the MPLS network, and then stored in a network database accessible by the network device. The network database table is defined as Table 1:
Figure imgf000016_0001
Figure imgf000016_0001
表 1  Table 1
2、 用户 MPLS VPN云侧站点可用的 IP地址段  2. User IP address segment available on the MPLS VPN cloud side site
该信息由用户在申请 VPN时注册得到, 在网络数据库中定义如 字段名称 数据类型 描述 This information is registered by the user when applying for VPN, and is defined in the network database as field name. Data type Description
VPN ID Integer VPN ID Integer
主键。 唯一标识一个 VPN Primary key. Uniquely identifies a VPN
(虚拟专用网 ID ) (整数) (Virtual Private Network ID) (integer)
PE IP Downside PE连接 VCE (虚拟用户网络  PE IP Downside PE connection VCE (virtual user network
IP Address  IP Address
( PE下连口 IP地 边缘设备) 子接口需要配置  (PE sub-interface IP ground edge device) Sub-interface needs to be configured
( IP地址 )  (IP address)
址) 的 IP地址  IP address)
VCE IP Upside  VCE IP Upside
IP Address VCE连接 PE接口需要配置 ( VCE上连口 IP地  IP address VCE connection PE interface needs to be configured (VCE port IP address
( IP地址 ) 的 IP地址  IP address of (IP address)
址) Net Mask Integer 仅需要两个可用的过境 IP地site) Net Mask Integer requires only two available transit IP locations
(网络掩码) (整数) 址网段, 掩码长度一般为 30 该过境 IP地址网段是否已经(netmask) (integer) The network segment of the address, the mask length is generally 30. Is the transit IP address segment already?
Be Used Integer Be Used Integer
被使用, 0表示未被使用, 1 Used, 0 means not used, 1
(被使用) (整数) (used) (integer)
表示被使用  Indicates that it is used
表 2  Table 2
如图 6所示, 本发明实施例提供的云计算虚拟机 MPLS VPN站点 迁移的方法包括:  As shown in FIG. 6, the method for migrating a cloud computing virtual machine MPLS VPN site provided by the embodiment of the present invention includes:
501、第一 CGR 11构造 MPLS VPN站点迁移的 BGP Update报文, 通过扩展该 BGP Update报文,将指示该 MPLS VPN站点迁移的参数 封装到该 BGP Update报文的路径属性中。举例来说,所述 BGP Update 报文可以包括如下指示 MPLS VPN站点迁移的参数: 指示本次云计 算虚拟机迁移过程及状态的 Migration ID、 当前 VPN Name, 指示第 二 CGR 14的 Destination DC location, 指示撤销第一 CGR 11与第 ― PE 12连接的 Clear Flag, 指示第二 CGR 14的 AS number。  501. The first CGR 11 constructs a BGP Update packet that is migrated by the MPLS VPN site, and the parameter indicating the migration of the MPLS VPN site is encapsulated into the path attribute of the BGP Update packet by extending the BGP Update packet. For example, the BGP Update message may include the following parameters indicating the MPLS VPN site migration: a Migration ID indicating the current cloud computing virtual machine migration process and status, a current VPN Name, indicating a Destination DC location of the second CGR 14, Indicates to cancel the Clear Flag of the first CGR 11 and the PE-12, indicating the AS number of the second CGR 14.
可选地, Migration ID由云侧生成, 唯一标识一个虚拟机迁移过 程及其状态, 当网络侧完成站点迁移后, 向云侧回应消息时需要携带 该 Migration ID。 VPN Name是用户在申请 VPN时从网络运营商处获 得的, 可以唯一标识用户申请的 VPN。 Destination DC location则根 据虚拟机资源迁移的目的数据中心确定。 Clear Flag标识是否需要第 一 PE 12清除该 VPN的 VPN路由转发表。  Optionally, the migration ID is generated by the cloud side, and uniquely identifies a virtual machine migration process and its status. When the network side completes the site migration, the migration ID needs to be carried when responding to the cloud side. The VPN Name is obtained from the network operator when the user applies for VPN. It can uniquely identify the VPN that the user applies for. The Destination DC location is determined based on the destination data center of the virtual machine resource migration. The Clear Flag identifies whether the first PE 12 needs to clear the VPN routing forwarding table of the VPN.
可选地, 上述参数在 BGP Update报文的路径属性中的格式, 可 以如图 7所示, 第 1字节 0x90为固定格式, 第 2字节指示所述参数 的属性的类型, 第 3、 4字节指示所述参数占用的字节长度, 第 5-20 字节存储 Migration ID, 第 21-24字节存储 Destination DC location, 第 25字节存储 Clear Flag,第 26-27字节存储第二 CGR的 AS number, 其余字节存储 VPN Name。  Optionally, the format of the parameter in the path attribute of the BGP Update packet is as shown in FIG. 7. The first byte 0x90 is a fixed format, and the second byte indicates the type of the attribute of the parameter. 4 bytes indicate the byte length occupied by the parameter, 5-20 bytes store the Migration ID, 21-24 bytes store the Destination DC location, the 25th byte stores the Clear Flag, and the 26th byte stores the The AS number of the second CGR, and the remaining bytes store the VPN Name.
其中, 示例性的, 假设第 25字节指示的 Clear Flag为 1 , 则第一 PE 12启动第一 PE 12的 VPN路由转发表设置的定时器,在规定时间 到达后, 第一 PE撤销与第一 CGR 11的连接。  For example, if the Clear Flag indicated by the 25th byte is 1, the first PE 12 starts the timer set in the VPN routing forwarding table of the first PE 12, and after the specified time arrives, the first PE is revoked and A CGR 11 connection.
502、 第一 PE 12接收该 BGP Update报文后, 根据 BGP Update 报文中指示第二 CGR 所在数据中心的位置的参数找到与第二 CGR 14连接的第二 PE 13 , 并向第二 PE 13发送 MPLS VPN站点迁 移的控制报文。 502. After receiving the BGP Update packet, the first PE 12 is configured according to BGP Update. The parameter indicating the location of the data center where the second CGR is located in the packet finds the second PE 13 connected to the second CGR 14, and sends the control packet of the MPLS VPN site migration to the second PE 13.
示例性的, 第一 PE 12查找到第二 PE 13的过程可以包括: 第一 PE 12识别出该报文为 BGP Update报文后, 根据该 BGP For example, the process of the first PE 12 to find the second PE 13 may include: after the first PE 12 identifies that the packet is a BGP Update packet, according to the BGP
Update 报文的路径属性中的上述参数内部生成查询请求。 之后, 第 ― PE 12根据指示第二 CGR 14的 Destination DC location的参数,在 网络数据库中由上述表 1中的信息, 查询得到第二 PE 13的 IP地址 和第二 PE 13的下连接口名称。 The above parameters in the path attribute of the Update message internally generate a query request. Then, the first PE 12 queries the IP address of the second PE 13 and the lower interface name of the second PE 13 by using the information in the above table 1 in the network database according to the parameter indicating the Destination DC location of the second CGR 14. .
可选地, 第一 PE 12根据 VPN Name还可以查询得到第一 PE 12 上的 RD/ RT和 VPN peer。  Optionally, the first PE 12 may further query, according to the VPN Name, the RD/RT and the VPN peer on the first PE 12.
第一 PE 12构造发往第二 PE 13的控制报文,该控制报文的信息 可以包括: 指示本次云计算虚拟机迁移过程及状态的 Migration ID、 第二 PE 13的下连接口名称、当前 VPN Name、第一 PE 12上的 RD/RT、 第一 PE 12上的 VPN peer、 指示第二 CGR 14的 AS Number。  The first PE 12 constructs a control packet sent to the second PE 13. The information of the control packet may include: a Migration ID indicating the current cloud computing virtual machine migration process and status, a lower connection port name of the second PE 13, The current VPN Name, the RD/RT on the first PE 12, the VPN peer on the first PE 12, and the AS Number indicating the second CGR 14.
503、 第二 PE 13接收到上述控制报文, 通过该控制报文中携带 的第一 PE 12上的 RD/ RT判断第二 PE 13有没有配置 MPLS VPN站 点的 VPN路由转发表。 若第二 PE 13没有配置该 MPLS VPN站点的 VPN路由转发表, 则转到 504; 若第二 PE 13 已经配置该 MPLS VPN 站点的 VPN路由转发表, 则转到 506。  503. The second PE 13 receives the control packet, and determines, by using the RD/RT on the first PE 12 carried in the control packet, whether the second PE 13 configures a VPN routing forwarding table of the MPLS VPN site. If the second PE 13 does not configure the VPN routing forwarding table of the MPLS VPN site, go to 504; if the second PE 13 has configured the VPN routing forwarding table of the MPLS VPN site, go to 506.
504、 第二 PE 13创建 VPN路由转发表。  504. The second PE 13 creates a VPN routing forwarding table.
第二 PE 13根据上述控制报文中的 VPN Name向与第二 PE 13 连接的网络数据库申请一个站点网段,此时从该站点网段中取出两个 地址, 如表 2中所示的 PE IP Downside和 VCE IP Upside , 将其中的 PE IP Downside配置到第二 PE的下连接口, 并将 PE IP Downside和 VCE IP Upside写入第二 PE 13构造的指示 MPLS VPN站点迁移的消 息中, 以使得第二 CGR在接到该消息时, 用来进行 VCE 141的相关 配置; 还得到第二 PE 13下连口的子接口号和使用的 Vlan ID。  The second PE 13 applies for a site network segment to the network database connected to the second PE 13 according to the VPN Name in the control packet, and then takes two addresses from the network segment of the site, such as the PE shown in Table 2. IP Downside and VCE IP Upside, configure the PE IP Downside to the lower interface of the second PE, and write the PE IP Downside and the VCE IP Upside into the message indicating the MPLS VPN site migration of the second PE 13 to The second CGR is used to perform the related configuration of the VCE 141 when receiving the message; and the sub-interface number of the second PE 13 and the used Vlan ID are also obtained.
第二 PE 13构造指示 MPLS VPN站点迁移的消息, 可以包括如 下参数:指示本次云计算虚拟机迁移过程及状态的 Migration ID、 Vlan ID、 第二 PE 13向网络数据库申请的 Transit IP section, 第二 PE 13 所在域的 AS Number, 并将该消息发送到与第二 PE 13相连的第二 CGR 14。 其中 Transit IP section的信息即包含有上述 PE IP Downside 和 VCE IP Upside。 The second PE 13 constructs a message indicating the migration of the MPLS VPN site, and may include the following parameters: a Migration ID indicating the current cloud computing virtual machine migration process and status, and Vlan The ID, the Transit IP section applied by the second PE 13 to the network database, the AS Number of the domain in which the second PE 13 is located, and the message is sent to the second CGR 14 connected to the second PE 13. The information of the Transit IP section includes the above PE IP Downside and VCE IP Upside.
之后, 第二 PE 13配置该 VPN路由转发表实例并绑定到下连口 的子接口, 配置 BGP协议。  Then, the second PE 13 configures the VPN routing forwarding table instance and binds to the sub-interface of the lower interface, and configures the BGP protocol.
505、第二 CGR 14接收到第二 PE 13发送的上述指示 MPLS VPN 站点迁移的消息后, 创建 VCE 141 , 配置 BGP协议, 并将 Migration ID对应的第一 CGR 11所在数据中心的 MPLS VPN站点迁入该 VCE 141。  505. The second CGR 14 receives the message indicating the MPLS VPN site migration sent by the second PE 13, creates a VCE 141, configures the BGP protocol, and migrates the MPLS VPN site of the data center where the first CGR 11 corresponding to the Migration ID is located. Enter the VCE 141.
506、 第二 PE 13根据该 VPN路由转发表得到绑定了该 VPN路 由转发表的接口的 Vlan ID, 构造指示 MPLS VPN站点迁移的消息, 可以包括如下参数: 指示本次云计算虚拟机迁移过程及状态的 Migration ID、 Vlan ID; 但该消息中不包含第二 PE 13向网络数据库 申请的 Transit IP Section和第二 PE 13所在域的 AS Number。 进一步 地, 第二 PE 13将该指示 MPLS VPN站点迁移的消息发送到与第二 PE 13相连的第二 CGR 14。  506. The second PE 13 obtains the Vlan ID of the interface to which the VPN routing forwarding table is bound according to the VPN routing forwarding table, and constructs a message indicating the migration of the MPLS VPN site, which may include the following parameters: indicating the cloud computing virtual machine migration process. And the status of the Migration ID, Vlan ID; but the message does not include the Transit IP Section that the second PE 13 applies to the network database and the AS Number of the domain where the second PE 13 is located. Further, the second PE 13 sends a message indicating the migration of the MPLS VPN site to the second CGR 14 connected to the second PE 13.
507、第二 CGR 14接收到第二 PE 13发送的上述指示 MPLS VPN 站点迁移的消息后 , 根据 Migration ID、 Vlan ID得到本地 VCE 141 , 并将 Migration ID对应的第一 CGR 11所在数据中心的 MPLS VPN站 点迁入 VCE 141。  507. After receiving the foregoing message indicating the MPLS VPN site migration sent by the second PE 13, the second CGR 14 obtains the local VCE 141 according to the Migration ID and the Vlan ID, and the MPLS of the data center where the first CGR 11 corresponding to the Migration ID is located. The VPN site moves into VCE 141.
本发明实施例提供的云计算虚拟机迁移的方法, 第一 CGR向第 一 PE发送 MPLS VPN站点迁移的报文, 之后第一 PE向第二 PE发 送的控制报文和第二 PE 向第二 CGR 发送的消息中都携带指示该 MPLS VPN站点迁移的参数, 使得网络运营商的 PE能够为云服务商 的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在迁移完成后, 去往该虚拟机的流量可直接到 达迁移后的数据中心。不需要网络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 在整个迁移过程中, 网络侧和云服务商 都没有将自己的设备配置信息发送给对方,保证了两类运营商的商业 信息的安全性。 需要说明的是, 本实施例以第一 CGR构造 MPLS VPN站点迁移 的报文为 BGP Update报文为例,并将指示 MPLS VPN站点迁移的参 数封装在 BGP Update报文的路径属性中,但在本发明中并不限于此, 可以为其他报文, 也可以将指示该 MPLS VPN站点迁移的参数的信 息封装在其他属性中。 The method for migrating a cloud computing virtual machine provided by the embodiment of the present invention, the first CGR sends a packet migrated by the MPLS VPN site to the first PE, and then the control packet sent by the first PE to the second PE and the second PE are sent to the second The message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, After the migration is complete, traffic to the virtual machine can go directly to the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators. It should be noted that, in this embodiment, the MPLS Update packet is configured as the BGP Update packet, and the parameter indicating the MPLS VPN site migration is encapsulated in the path attribute of the BGP Update packet, but The present invention is not limited thereto, and may be other messages, and may also encapsulate information indicating parameters of the MPLS VPN site migration in other attributes.
本实施例为第一 CGR 所在的数据中心中的某子网内的所有虚拟 机资源需要迁移到第二 CGR所在的数据中心中, 但本实施例不仅限 于此, 也可以是第二 CGR所在的数据中心中的某子网内的所有虚拟 机资源需要迁移到第一 CGR所在的数据中心中,即第一 CGR可以执 行第二 CGR的所有动作, 第二 CGR也可以执行第一 CGR的所有动 作, 第一 PE可以执行第二 PE的所有动作, 第二 PE也可以执行第一 PE的所有动作。  In this embodiment, all the virtual machine resources in a subnet in the data center where the first CGR is located need to be migrated to the data center where the second CGR is located, but the embodiment is not limited thereto, and may be the second CGR. All the virtual machine resources in a subnet in the data center need to be migrated to the data center where the first CGR is located. That is, the first CGR can perform all actions of the second CGR, and the second CGR can also perform all actions of the first CGR. The first PE may perform all actions of the second PE, and the second PE may also perform all actions of the first PE.
本发明实施例提供的第一云数据中心出口网关路由器 (CGR ) 60 , 能够应用在上述方法实施例中, 可以执行上述方法实施例中第一 CGR 11的所有操作, 详细请见上述实施例, 在此不再赘述。  The first cloud data center egress gateway router (CGR) 60 provided by the embodiment of the present invention can be applied to the foregoing method embodiment, and all operations of the first CGR 11 in the foregoing method embodiment can be performed. For details, refer to the foregoing embodiment. I will not repeat them here.
如图 8所示, 本发明实施例提供的第一 CGR 60 , 包括: 生成单元 601 , 用于构造 MPLS VPN站点迁移的 文; 该 4艮文 中包括指示第二 CGR所在数据中心的位置的参数。  As shown in FIG. 8, the first CGR 60 provided by the embodiment of the present invention includes: a generating unit 601, configured to construct an MPLS VPN site migration document; and the parameter includes a parameter indicating a location of a data center where the second CGR is located.
发送单元 602 , 用于向第一 PE 发送上述生成单元 601 构造的 MPLS VPN站点迁移的报文; 以使得第一 PE在接收到该 MPLS VPN 站点迁移的报文后, 根据该 MPLS VPN站点迁移的报文中指示第二 CGR所在数据中心的位置的参数找到与第二 CGR连接的第二 PE, 并向第二 PE发送指示 MPLS VPN站点迁移的控制报文; 第二 PE接 收到该控制 文后, 向第二 CGR发送指示 MPLS VPN站点迁移的消 息, 以便进行该 MPLS VPN站点向第二 CGR所在的数据中心迁入。  The sending unit 602 is configured to send, to the first PE, the packet that is migrated by the MPLS VPN site configured by the generating unit 601, so that the first PE, after receiving the packet migrated by the MPLS VPN site, migrates according to the MPLS VPN site. The parameter indicating the location of the data center where the second CGR is located in the packet finds the second PE connected to the second CGR, and sends a control packet indicating the migration of the MPLS VPN site to the second PE. After receiving the control text, the second PE receives the control packet. And sending a message indicating that the MPLS VPN site is migrated to the second CGR, so that the MPLS VPN site moves to the data center where the second CGR is located.
本发明实施例提供的第一 CGR向第一 PE发送 MPLS VPN站点 迁移的报文,之后第一 PE向第二 PE发送的控制报文和第二 PE向第 二 CGR发送的消息中都携带指示该 MPL S VPN站点迁移的参数, 使 得网络运营商的 PE能够为云服务商的数据中心提供 MPLS VPN站点 的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在迁移完成 后, 去往该虚拟机的流量可直接到达迁移后的数据中心。 不需要网络 侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 The first CGR provided by the embodiment of the present invention sends an MPLS VPN site-migrated packet to the first PE, and then the control packet sent by the first PE to the second PE and the second PE sends a message to the second CGR. The MPL S VPN site migration parameters enable the network operator's PE to provide the MPLS VPN site dynamic migration service for the cloud service provider's data center, and since the network-side PE participates in the migration process, after the migration is completed, the migration to the The virtual machine's traffic can go directly to the migrated data center. No network required The configuration of the VPN through the management plane can improve the efficiency of VPN operations.
本发明实施例提供的第一运营商边缘路由器 PE 70 , 能够应用在 上述方法实施例中,可以执行上述方法实施例中第一 PE 12的所有操 作, 详细请见上述实施例, 在此不再赘述。  The first carrier edge router PE 70 provided by the embodiment of the present invention can be applied to the foregoing method embodiments, and all the operations of the first PE 12 in the foregoing method embodiment can be performed. For details, refer to the foregoing embodiment, and Narration.
如图 9所示, 本发明实施例提供的第一 PE 70 , 包括:  As shown in FIG. 9, the first PE 70 provided by the embodiment of the present invention includes:
接收单元 701 , 用于接收第一 CGR发送的 MPLS VPN站点迁移 的报文; 该 MPLS VPN站点迁移的报文; 该 MPLS VPN站点迁移的 报文中包括以下参数:  The receiving unit 701 is configured to receive the MPLS VPN site migration packet sent by the first CGR, and the MPLS VPN site migration packet; the MPLS VPN site migration packet includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和  Indicates the migration ID of the cloud computing virtual machine migration process and status; and
当前虚拟专用网名称; 和  Current virtual private network name; and
指示第二 CGR所在数据中心的位置; 和  Indicate the location of the data center where the second CGR is located; and
指示撤销与所述第一 CGR连接的清除标志; 和  Instructing to revoke a clear flag associated with the first CGR; and
指示第二 CGR的自治系统号;  Indicates the autonomous system number of the second CGR;
处理单元 702 , 根据指示第二 CGR所在数据中心的位置的参数 找到与第二 CGR连接的第二 PE, 并将该信息提供给生成单元 703。  The processing unit 702 finds the second PE connected to the second CGR according to the parameter indicating the location of the data center where the second CGR is located, and provides the information to the generating unit 703.
生成单元 703 , 用于构造指示 MPLS VPN站点迁移的控制报文。 发送单元 704 , 用于向第二 PE发送上述生成单元 703构造的控 制报文; 以使得第二 PE在接收到该控制报文后, 向第二 CGR发送 指示 MPLS VPN站点迁移的消息, 以便进行第一 CGR所在数据中心 的该 MPLS VPN站点向第二 CGR所在的数据中心迁入。  The generating unit 703 is configured to construct a control packet indicating the migration of the MPLS VPN site. The sending unit 704 is configured to send the control packet configured by the generating unit 703 to the second PE, so that after receiving the control packet, the second PE sends a message indicating the migration of the MPLS VPN site to the second CGR, so as to perform The MPLS VPN site in the data center where the first CGR is located is moved to the data center where the second CGR is located.
可选地, 如图 10所述, 该第一 PE 70中的接收单元 701还包括: Optionally, as shown in FIG. 10, the receiving unit 701 in the first PE 70 further includes:
BGP模块 7001 , 用于在接收单元 701接收到第一 CGR发送的 MPLS VPN站点迁移的报文后, 识别出该报文为 BGP Update报文, 将 BGP Update报文预处理后发送到迁移模块 7002。 The BGP module 7001 is configured to: after receiving the packet of the MPLS VPN site that is sent by the first CGR, the receiving unit 701 identifies the packet as a BGP Update packet, and preprocesses the BGP Update packet and sends the packet to the migration module 7002. .
该第一 PE 70中的处理单元 702还包括:  The processing unit 702 in the first PE 70 further includes:
迁移模块 7002 , 接收到 BGP模块 7001发送的经过预处理后的 BGP Update报文后, 向查询模块 7003发出查询请求; 并接收查询模 块 7003返回的查询结果。  After receiving the pre-processed BGP Update message sent by the BGP module 7001, the migration module 7002 sends a query request to the query module 7003, and receives the query result returned by the query module 7003.
查询模块 7003 , 根据迁移模块 7002发出的查询请求, 在数据库 中, 根据指示第二 CGR所在数据中心的位置的参数找到与第二 CGR 连接的第二 PE, 将查询结果发送给所述迁移模块 7002。 The query module 7003, according to the query request sent by the migration module 7002, in the database The second PE connected to the second CGR is found according to the parameter indicating the location of the data center where the second CGR is located, and the query result is sent to the migration module 7002.
本发明实施例提供的第一 PE,接收第一 CGR发送的 MPLS VPN 站点迁移的报文, 之后第一 PE向第二 PE发送的控制报文和第二 PE 向第二 CGR发送的消息中都携带指示该 MPLS VPN站点迁移的参 数, 使得网络运营商的 PE 能够为云服务商的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在 迁移完成后, 去往该虚拟机的流量可直接到达迁移后的数据中心。 不 需要网络侧通过管理面来进行 VPN的配置,可以提高 VPN操作的效 率。  The first PE provided by the embodiment of the present invention receives the packet migrated by the MPLS VPN site sent by the first CGR, and then the control packet sent by the first PE to the second PE and the message sent by the second PE to the second CGR are both Carrying the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can provide the dynamic migration service of the MPLS VPN site to the data center of the cloud service provider, and since the network side PE participates in the migration process, after the migration is completed, the migration is completed. The virtual machine's traffic can go directly to the migrated data center. It is not necessary to configure the VPN through the management plane on the network side, which can improve the efficiency of VPN operations.
本发明实施例提供的第二运营商边缘路由器 PE 80 , 能够应用在 上述方法实施例中,可以执行上述方法实施例中第二 PE 13的所有操 作, 详细请见上述实施例, 在此不再赘述。  The second carrier edge router PE 80 provided by the embodiment of the present invention can be applied to the foregoing method embodiment, and all operations of the second PE 13 in the foregoing method embodiment can be performed. For details, refer to the foregoing embodiment, where Narration.
如图 11所示, 本发明实施例提供的第二 PE 80包括:  As shown in FIG. 11, the second PE 80 provided by the embodiment of the present invention includes:
接收单元 801 , 用于接收第一 PE发送的指示 MPLS VPN站点迁 移的控制报文; 其中, 该控制报文为第一 PE接收到第一 CGR发送 的 MPLS VPN站点迁移的报文后生成的, 该 MPLS VPN站点迁移的 报文中含有指示第二 CGR所在数据中心的位置的参数; 所述控制报 文中包含以下参数:  The receiving unit 801 is configured to receive, by the first PE, a control packet that is sent by the MPLS VPN station, where the first PE receives the MPLS VPN site migration message sent by the first CGR, where The packet migrated by the MPLS VPN site includes a parameter indicating a location of the data center where the second CGR is located. The control packet includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和  Indicates the migration ID of the cloud computing virtual machine migration process and status; and
所述第二 PE的下连接口名称; 和  The name of the lower port of the second PE; and
当前虚拟专用网名称; 和  Current virtual private network name; and
所述第一 PE上的路由区分符 /路由目标; 和  a route specifier/route target on the first PE; and
所述第一 PE上的虚拟专用网对端地址列表; 和  a virtual private network peer address list on the first PE; and
指示所述第二 CGR的自治系统号。  Indicates the autonomous system number of the second CGR.
生成单元 802 , 用于构造指示 MPLS VPN站点迁移的消息。  The generating unit 802 is configured to construct a message indicating the migration of the MPLS VPN site.
发送单元 803 , 用于向第二 CGR发送上述生成单元 802构造的 指示 MPLS VPN站点迁移的消息; 以便进行第一 CGR所在数据中心 的 MPLS VPN站点向第二 CGR所在的数据中心迁入。  The sending unit 803 is configured to send, to the second CGR, a message indicating that the MPLS VPN site is migrated by the generating unit 802, so that the MPLS VPN site of the data center where the first CGR is located is moved to the data center where the second CGR is located.
可选地, 如图 12所述, 该第二 PE 80中的生成单元 802还包括: 判断模块 8001 , 用于判断第二 PE 是否配置有待迁移的 MPLS VPN站点的 VPN路由转发表。 Optionally, as shown in FIG. 12, the generating unit 802 in the second PE 80 further includes: The determining module 8001 is configured to determine whether the second PE is configured with a VPN routing forwarding table of the MPLS VPN site to be migrated.
配置模块 8002 , 用于在所述判断模块 8001确定第二 PE没有配 置待迁移的 MPLS VPN站点的 VPN路由转发表的情况下, 在上述接 收单元 801接收到第一 PE发送的指示 MPLS VPN站点迁移的控制报 文后, 创建待迁移的 MPLS VPN站点的 VPN路由转发表, 并配置 VPN路由转发表实例, 绑定到下连口的子接口, 配置 BGP协议。  The configuration module 8002 is configured to: when the determining module 8001 determines that the second PE does not configure the VPN routing forwarding table of the MPLS VPN site to be migrated, the receiving unit 801 receives the indication that the first PE sends the MPLS VPN site migration. After the control packet is configured, the VPN routing forwarding table of the MPLS VPN site to be migrated is created, and the VPN routing forwarding table instance is configured, and is bound to the sub-interface of the lower interface to configure the BGP protocol.
此时,所述发送单元 803 ,还用于向第二 CGR发送配置模块 8002 创建的待迁移的 MPLS VPN站点的 VPN路由转发表的配置参数。  At this time, the sending unit 803 is further configured to send, to the second CGR, configuration parameters of the VPN routing forwarding table of the MPLS VPN site to be migrated created by the configuration module 8002.
本发明实施例提供的第二 PE, 接收第一 PE发送的指示 MPLS VPN 站点迁移的控制报文, 之后第二 PE 向第二 CGR 发送指示该 MPLS VPN站点迁移的消息, 使得网络运营商的 PE能够为云服务商 的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在迁移完成后, 去往该虚拟机的流量可直接到 达迁移后的数据中心。不需要网络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 在整个迁移过程中, 网络侧和云服务商 都没有将自己的设备配置信息发送给对方,保证了两类运营商的商业 信息的安全性。  The second PE provided by the embodiment of the present invention receives the control packet indicating the MPLS VPN site migration sent by the first PE, and then the second PE sends a message indicating the migration of the MPLS VPN site to the second CGR, so that the network operator's PE is obtained. The dynamic migration service of the MPLS VPN site can be provided for the data center of the cloud service provider, and since the network side PE participates in the migration process, after the migration is completed, the traffic to the virtual machine can directly reach the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
本发明实施例提供的第二云数据中心出口网关路由器 CGR 90 , 能够应用在上述方法实施例中, 可以执行上述方法实施例中第二 CGR 14的所有操作, 详细请见上述实施例, 在此不再赘述。  The second cloud data center egress gateway router CGR 90 provided by the embodiment of the present invention can be applied to the foregoing method embodiment, and all operations of the second CGR 14 in the foregoing method embodiment can be performed. For details, refer to the foregoing embodiment, where No longer.
如图 13所示, 本发明实施例提供的第二 CGR 90 , 包括: 接收单元 901 , 用于接收第二 PE发送的指示 MPLS VPN站点迁 移的消息; 其中,该消息为第二 PE接收到第一 PE发送的指示 MPLS VPN站点迁移的控制报文后生成的; 第一 PE接收到第一 CGR发送 的 MPLS VPN站点迁移的报文后向第二 PE发送指示 MPLS VPN站 点迁移的控制报文。  As shown in FIG. 13, the second CGR 90 provided by the embodiment of the present invention includes: a receiving unit 901, configured to receive, by the second PE, a message indicating that the MPLS VPN site is migrated; where the message is received by the second PE. After the PE sends a control packet indicating the MPLS VPN site migration, the first PE receives the MPLS VPN site migration packet sent by the first CGR, and then sends a control packet indicating the MPLS VPN site migration to the second PE.
处理单元 902 , 用于根据接收单元 901接收到的第二 PE发送的 指示该 MPLS VPN站点迁移的消息, 进行第一 CGR所在数据中心的 MPLS VPN站点的迁入。 可选地, 如图 14所述, 该第二 CGR 90中的处理单元 902还包 括: The processing unit 902 is configured to perform the migration of the MPLS VPN site of the data center where the first CGR is located according to the message that is sent by the second PE that is received by the receiving unit 901 to indicate the migration of the MPLS VPN site. Optionally, as shown in FIG. 14, the processing unit 902 in the second CGR 90 further includes:
判断模块 9001 , 用于判断与第二 CGR 90相连的第二 PE是否配 置待迁移的 MPLS VPN站点的 VPN路由转发表。  The determining module 9001 is configured to determine whether the second PE connected to the second CGR 90 is configured with a VPN routing forwarding table of the MPLS VPN site to be migrated.
配置模块 9002 , 用于所述判断模块 9001确定所述第二 PE没有 配置待迁移的 MPLS VPN站点的 VPN路由转发表的情况下, 在接收 单元 901接收到第二 PE发送的指示 MPLS VPN站点迁移的消息后, 创建 VCE 141 , 并配置 BGP协议; 以便进行第一 CGR所在数据中心 的该 MPLS VPN站点的迁入。  The configuration module 9002 is configured to: when the determining module 9001 determines that the second PE does not configure the VPN routing forwarding table of the MPLS VPN site to be migrated, the receiving unit 901 receives the indication that the second PE sends the MPLS VPN site migration. After the message is created, the VCE 141 is created and the BGP protocol is configured; in order to perform the migration of the MPLS VPN site in the data center where the first CGR is located.
本发明实施例提供的第二 CGR,接收第二 PE发送的指示 MPLS VPN 站点迁移的消息, 使得网络运营商能够为云服务商提供 MPLS VPN 站点的动态迁移服务。 并且由于网络侧参与了迁移过程, 在迁 移完成后, 去往该虚拟机的流量可直接到达新的数据中心, 不需要网 络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率; 在 整个迁移过程中,网络侧和云服务商都没有将自己的设备配置信息发 送给对方, 保证了两类运营商的商业信息的安全性。  The second CGR provided by the embodiment of the present invention receives the message indicating the MPLS VPN site migration sent by the second PE, so that the network operator can provide the cloud service provider with the dynamic migration service of the MPLS VPN site. And because the network side participates in the migration process, after the migration is completed, the traffic destined for the virtual machine can directly reach the new data center, and the network side is not required to configure the VPN through the management plane, which can improve the efficiency of the VPN operation; During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
本发明实施例提的云计算虚拟机迁移的网络, 如图 15所示, 包 括:  The cloud migration virtual machine migration network mentioned in the embodiment of the present invention, as shown in FIG. 15, includes:
上述装置实施例中提供的第一 CGR 60、 第一 PE 70、 第二 PE 80 以及第二 CGR 90。  The first CGR 60, the first PE 70, the second PE 80, and the second CGR 90 are provided in the above device embodiments.
且第一 CGR 60、 第一 PE 70、 第二 PE 80以及第二 CGR 90的结 构已在上述实施例中有过说明, 在此不再赘述。  The structures of the first CGR 60, the first PE 70, the second PE 80, and the second CGR 90 have been described in the foregoing embodiments, and are not described herein again.
同时, 该上述第一 CGR 60、 第一 PE 70、 第二 PE 80以及第二 CGR 90可以应用在上述方法实施例中, 可以执行上述方法实施例中 第一 CGR 11、第一 PE 12、第二 PE 13 以及第二 CGR 14的所有操作, 详细请见上述实施例, 在此不再赘述。  The first CGR 60, the first PE 70, the second PE 80, and the second CGR 90 may be applied to the foregoing method embodiment, and the first CGR 11, the first PE 12, and the first For details of the operations of the second PE 13 and the second CGR 14, please refer to the above embodiments, and details are not described herein again.
本发明实施例提供的云计算虚拟机迁移的网络, 第一 C GR向第 一 PE发送 MPLS VPN站点迁移的报文, 之后第一 PE向第二 PE发 送的控制报文和第二 PE 向第二 CGR 发送的消息中都携带指示该 MPLS VPN站点迁移的参数, 使得网络运营商的 PE能够为云服务商 的数据中心提供 MPLS VPN站点的动态迁移服务, 并且由于网络侧 PE参与了迁移过程, 在迁移完成后, 去往该虚拟机的流量可直接到 达迁移后的数据中心。不需要网络侧通过管理面来进行 VPN的配置, 可以提高 VPN操作的效率。 在整个迁移过程中, 网络侧和云服务商 都没有将自己的设备配置信息发送给对方,保证了两类运营商的商业 信息的安全性。 The network that the cloud computing virtual machine migrates in the embodiment of the present invention, the first C GR sends the MPLS VPN site migration message to the first PE, and then the control packet sent by the first PE to the second PE and the second PE The message sent by the CGR carries the parameters indicating the migration of the MPLS VPN site, so that the PE of the network operator can be the cloud service provider. The data center provides the dynamic migration service of the MPLS VPN site, and since the network-side PE participates in the migration process, after the migration is completed, the traffic to the virtual machine can directly reach the migrated data center. It is not necessary for the network side to configure the VPN through the management plane, which can improve the efficiency of the VPN operation. During the entire migration process, the network side and the cloud service provider did not send their own device configuration information to each other, which ensured the security of the business information of the two types of operators.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并 不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范 围内, 可轻易想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应以所述权利要求的保护范围为准。  The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

权利要求 Rights request
1、 一种云计算虚拟机迁移的方法, 其特征在于, 包括: 第一云数据中心出口网关路由器 CGR构造多协议标签交换虚拟 专用网 MPLS VPN站点迁移的报文; 所述 MPLS VPN站点迁移的报 文中含有指示第二云数据中心出口网关 CGR所在数据中心的位置的 参数; 1. A method for migrating cloud computing virtual machines, characterized by comprising: the first cloud data center egress gateway router CGR constructs a multi-protocol label switching virtual private network MPLS VPN site migration message; the MPLS VPN site migration message The message contains parameters indicating the location of the data center where the egress gateway CGR of the second cloud data center is located;
所述第一 CGR 向第一运营商边缘路由器 PE 发送所述 MPLS VPN站点迁移的报文; 以使得所述第一 PE在接收到所述 MPLS VPN 站点迁移的报文后, 根据所述指示第二 CGR所在数据中心的位置的 参数找到与所述第二 CGR连接的第二 PE, 并向所述第二 PE发送指 示 MPLS VPN站点迁移的控制报文;所述第二 PE接收到所述控制报 文后, 向所述第二 CGR发送指示所述 MPLS VPN站点迁移的消息, 以便进行所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁 入。 The first CGR sends the MPLS VPN site migration message to the first operator edge router PE; so that after receiving the MPLS VPN site migration message, the first PE performs the first migration according to the instruction. Find the second PE connected to the second CGR based on the location parameters of the data center where the second CGR is located, and send a control message indicating MPLS VPN site migration to the second PE; the second PE receives the control message After receiving the message, a message instructing migration of the MPLS VPN site is sent to the second CGR so that the MPLS VPN site can be migrated to the data center where the second CGR is located.
2、 根据权利要求 1所述的方法, 其特征在于, 所述 MPLS VPN 站点迁移的报文中还包括以下参数: 2. The method according to claim 1, characterized in that the MPLS VPN site migration message also includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 Migration ID indicating the migration process and status of this cloud computing virtual machine; and
当前虚拟专用网名称; 和 Current VPN name; and
指示撤销与所述第一 PE连接的清除标志; 和 a clear flag indicating withdrawal of the connection with said first PE; and
指示第二 CGR的自治系统号。 Indicates the autonomous system number of the second CGR.
3、 根据权利要求 2所述的方法, 其特征在于, 所述 MPLS VPN 站点迁移的报文中的参数被封装在边界网关协议更新报文的路径属 性中, 格式为: 3. The method according to claim 2, characterized in that the parameters in the MPLS VPN site migration message are encapsulated in the path attribute of the Border Gateway Protocol update message, and the format is:
第 1字节 0x90为固定, 第 2字节指示所述参数的属性的类型, 第 3和第 4字节指示所述参数占用的字节长度, 第 5至第 20字节存 储所述迁移 ID, 第 21至第 24字节存储所述指示第二 CGR所在数据 中心的位置, 第 25字节存储所述清除标志, 第 26和第 27字节存储 所述第二 CGR的自治系统号, 其余字节存储所述当前虚拟专用网名 称。 The first byte 0x90 is fixed, the second byte indicates the type of attribute of the parameter, the third and fourth bytes indicate the length of bytes occupied by the parameter, and the fifth to 20th bytes store the migration ID. , the 21st to 24th bytes store the location indicating the data center where the second CGR is located, the 25th byte stores the clear flag, the 26th and 27th bytes store the autonomous system number of the second CGR, and the rest Bytes store the current VPN name.
4、 一种云计算虚拟机迁移的方法, 其特征在于, 包括: 第一运营商边缘路由器 PE接收第一云数据中心出口网关路由器 CGR 发送的多协议标签交换虚拟专用网 MPLS VPN 站点迁移的才艮 文; 4. A method for migrating cloud computing virtual machines, characterized by including: the first operator edge router PE receiving the first cloud data center egress gateway router Multi-protocol label switching virtual private network MPLS VPN site migration document sent by CGR;
所述第一 PE根据所述 MPLS VPN站点迁移的报文中指示第二 CGR所在数据中心的位置的参数找到与所述第二 CGR连接的第二运 营商边缘路由器 PE; The first PE finds the second operator edge router PE connected to the second CGR based on the parameter indicating the location of the data center where the second CGR is located in the MPLS VPN site migration message;
所述第一 PE构造指示所述 MPLS VPN站点迁移的控制^艮文,并 向所述第二 PE发送所述控制报文; 以使得所述第二 PE在接收到所 述控制报文后, 向所述第二 CGR发送指示所述 MPLS VPN站点迁移 的消息, 以便进行所述第一 CGR所在数据中心的所述 MPLS VPN站 点向所述第二 CGR所在的数据中心迁入; The first PE constructs a control message instructing the MPLS VPN site migration, and sends the control message to the second PE; so that after receiving the control message, the second PE Send a message instructing the migration of the MPLS VPN site to the second CGR, so that the MPLS VPN site in the data center where the first CGR is located can migrate to the data center where the second CGR is located;
其中, 所述 MPLS VPN站点迁移的报文中包括以下参数: 指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 The MPLS VPN site migration message includes the following parameters: a migration ID indicating the migration process and status of the cloud computing virtual machine; and
当前虚拟专用网名称; 和 Current VPN name; and
指示第二 CGR所在数据中心的位置; 和 Indicates the location of the data center where the second CGR is located; and
指示撤销与所述第一 CGR连接的清除标志; 和 a clear flag indicating withdrawal of the connection with said first CGR; and
指示第二 CGR的自治系统号。 Indicates the autonomous system number of the second CGR.
5、 根据权利要求 4所述的方法, 其特征在于, 还包括: 若接收到的所述 MPLS VPN站点迁移的报文中的清除标志指示 撤销与所述第一 CGR的连接, 则启动所述第一 PE的 VPN路由表设 置的定时器, 当定时器超时时, 所述第一 PE撤销与所述第一 CGR 的连接。 5. The method according to claim 4, further comprising: if the clear flag in the received MPLS VPN site migration message indicates that the connection with the first CGR is revoked, initiating the A timer is set in the VPN routing table of the first PE. When the timer expires, the first PE cancels the connection with the first CGR.
6、 根据权利要求 4所述方法, 其特征在于, 所述第一 PE根据 所述指示第二 CGR所在数据中心的位置的参数找到与所述第二 CGR 连接的第二 PE包括: 6. The method according to claim 4, characterized in that, the first PE finding the second PE connected to the second CGR based on the parameter indicating the location of the data center where the second CGR is located includes:
所述第一 PE根据所述指示第二 CGR所在数据中心的位置的参 数,查询得到所述第二 PE的 IP地址和所述第二 PE的下连接口名称。 The first PE queries to obtain the IP address of the second PE and the name of the downstream port of the second PE based on the parameter indicating the location of the data center where the second CGR is located.
7、 根据权利要求 6 所述的方法, 其特征在于, 所述指示所述 MPLS VPN站点迁移的控制报文中包括以下参数: 7. The method according to claim 6, characterized in that the control message instructing migration of the MPLS VPN site includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 Migration ID indicating the migration process and status of this cloud computing virtual machine; and
所述第二 PE的下连接口名称; 和 The name of the downstream port of the second PE; and
当前虚拟专用网名称; 和 Current VPN name; and
所述第一 PE的路由区分符 /路由目标; 和 所述第一 PE的虚拟专用网对端地址列表; 和 The route discriminator/route target of the first PE; and The virtual private network peer address list of the first PE; and
指示第二 CGR的自治系统号; Indicates the autonomous system number of the second CGR;
其中, 所述第一 PE的路由区分符 /路由目标和所述第一 PE的虚 拟专用网对端地址列表是根据所述当前虚拟专用网名称得到。 Wherein, the route discriminator/route target of the first PE and the virtual private network peer address list of the first PE are obtained based on the current virtual private network name.
8、 一种云计算虚拟机迁移的方法, 其特征在于, 包括: 第二运营商边缘路由器 PE接收第一 PE发送的指示多协议标签 交换虚拟专用网 MPLS VPN站点迁移的控制 4艮文; 其中, 所述控制 报文为所述第一 PE接收到第一云数据中心出口网关路由器 CGR发 送的 MPLS VPN站点迁移的报文后生成的, 所述 MPLS VPN站点迁 移的报文中含有指示第二 C GR所在数据中心的位置的参数; 8. A method for migrating a cloud computing virtual machine, characterized by including: the second operator edge router PE receiving a control message sent by the first PE indicating multi-protocol label switching virtual private network MPLS VPN site migration; wherein , the control message is generated after the first PE receives the MPLS VPN site migration message sent by the first cloud data center egress gateway router CGR, and the MPLS VPN site migration message contains instructions for the second C Parameters of the location of the data center where GR is located;
所述第二 PE构造指示所述 MPL S VPN站点迁移的消息,并向第 二 CGR发送, 以便进行所述第一 CGR所在数据中心的所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入; The second PE constructs a message instructing the migration of the MPLS VPN site and sends it to the second CGR so that the MPLS VPN site in the data center where the first CGR is located moves to the data center where the second CGR is located. move in;
其中, 所述控制报文中包括以下参数: Wherein, the control message includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 Migration ID indicating the migration process and status of this cloud computing virtual machine; and
所述第二 PE的下连接口名称; 和 The name of the downstream port of the second PE; and
当前虚拟专用网名称; 和 Current VPN name; and
所述第一 PE上的路由区分符 /路由目标; 和 the route discriminator/route target on the first PE; and
所述第一 PE上的虚拟专用网对端地址列表; 和 A list of virtual private network peer addresses on the first PE; and
指示所述第二 CGR的自治系统号。 Indicates the autonomous system number of the second CGR.
9、 根据权利要求 8所述的方法, 其特征在于, 所述第二 PE接 收到所述控制报文后, 还包括: 9. The method according to claim 8, characterized in that, after the second PE receives the control message, it further includes:
若根据所述第一 PE上的路由区分符 /路由目标确定所述第二 PE 没有配置所述 MPLS VPN站点的 VPN路由转发表, 则创建 VPN路 由转发表; If it is determined that the second PE is not configured with the VPN routing and forwarding table of the MPLS VPN site based on the route distinguisher/route target on the first PE, create a VPN routing and forwarding table;
根据所述虚拟专用网名称向所述第二 PE连接的网络数据库申请 一个站点网段, 并得到所述第二 PE的下连口的子接口号和使用的虚 拟局域网 ID。 Apply for a site network segment from the network database connected to the second PE according to the virtual private network name, and obtain the sub-interface number of the downstream port of the second PE and the virtual LAN ID used.
10、 根据权利要求 9 所述的方法, 其特征在于, 所述指示所述 MPLS VPN站点迁移的消息中包括以下参数: 10. The method according to claim 9, characterized in that the message indicating the migration of the MPLS VPN site includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 Migration ID indicating the migration process and status of this cloud computing virtual machine; and
虚拟局 i或网 ID; 和 所述第二 PE向所述网络数据库申请的过境 IP地址段; 其中, 所述过境 IP地址段从所述站点网段内得到; 和 Virtual office or network ID; and The transit IP address segment applied by the second PE to the network database; wherein, the transit IP address segment is obtained from the site network segment; and
所述第二 PE所在域的自治系统号。 The autonomous system number of the domain where the second PE is located.
11、 根据权利要求 10所述的方法, 其特征在于, 所述向所述第 二 CGR发送指示所述 MPLS VPN站点迁移的消息后, 还包括: 11. The method according to claim 10, wherein after sending the message indicating the MPLS VPN site migration to the second CGR, the method further includes:
配置 VPN路由转发表实例, 绑定到所述第二 PE的下连口的子 接口, 并配置边界网关协议。 Configure a VPN routing forwarding table instance, bind it to the sub-interface of the downstream port of the second PE, and configure a border gateway protocol.
12、 根据权利要求 8所述的方法, 其特征在于, 所述第二 PE接 收到所述控制报文后, 还包括: 12. The method according to claim 8, characterized in that, after the second PE receives the control message, it further includes:
若根据所述路由区分符 /路由目标确定所述第二 PE 已经配置有 所述 MPLS VPN站点的 VPN路由转发表, 则根据所述 VPN路由转 发表得到绑定了所述 VPN路由转发表的接口的虚拟局域网 ID。 If it is determined based on the route distinguisher/routing target that the second PE has been configured with the VPN routing and forwarding table of the MPLS VPN site, then the interface bound to the VPN routing and forwarding table is obtained based on the VPN routing and forwarding table. The virtual LAN ID.
13、 根据权利要求 12所述的方法, 其特征在于, 所述指示所述 MPLS VPN站点迁移的消息中包括以下参数: 13. The method according to claim 12, wherein the message indicating migration of the MPLS VPN site includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 Migration ID indicating the migration process and status of this cloud computing virtual machine; and
虚拟局域网 ID;不包含所述第二 PE向所述网络数据库申请的过 境 IP地址段和所述第二 PE所在域的自治系统号。 Virtual LAN ID; does not include the transit IP address segment applied by the second PE to the network database and the autonomous system number of the domain where the second PE is located.
14、 一种云计算虚拟机迁移的方法, 其特征在于, 包括: 第二云数据中心出口网关路由器 CGR接收第二运营商边缘路由 器 PE发送的指示多协议标签交换虚拟专用网 MPLS VPN站点迁移的 消息;其中,所述消息为第二 PE接收到第一 PE发送的指示所述 MPLS VPN站点迁移的控制报文后生成的; 所述第一 PE接收到第一 CGR 发送的 MPLS VPN站点迁移的^艮文后向所述第二 PE发送所述指示所 述 MPLS VPN站点迁移的控制 艮文; 14. A method for migrating a cloud computing virtual machine, characterized by comprising: the second cloud data center egress gateway router CGR receiving an instruction sent by the second operator edge router PE to migrate the multi-protocol label switching virtual private network MPLS VPN site message; wherein the message is generated after the second PE receives a control message sent by the first PE indicating the migration of the MPLS VPN site; the first PE receives the MPLS VPN site migration message sent by the first CGR. After sending the control message indicating migration of the MPLS VPN site to the second PE;
第二云数据中心出口网关路由器 CGR进行所述第一 CGR所在数 据中心的所述 MPLS VPN站点的迁入。 The second cloud data center egress gateway router CGR moves in the MPLS VPN site of the data center where the first CGR is located.
15、 根据权利要求 14所述的方法, 其特征在于, 所述第二 CGR 进行所述第一 CGR所在数据中心的所述 MPLS VPN站点的迁入包 括: 15. The method according to claim 14, wherein the second CGR's migration of the MPLS VPN site in the data center where the first CGR is located includes:
当所述第二 CGR接收到第二 PE发送的所述消息中包括以下参 数: When the second CGR receives the message sent by the second PE, the following parameters are included:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 虚拟局 i或网 ID; 和 The migration ID indicating the migration process and status of this cloud computing virtual machine; and Virtual office or network ID; and
第二 PE向网络数据库申请的过境 IP地址段; 和 The transit IP address segment applied by the second PE to the network database; and
第二 PE所在域的自治系统号时; The autonomous system number of the domain where the second PE is located;
创建虚拟用户边缘路由器 VCE; 配置边界网关协议; Create a virtual customer edge router VCE; configure the border gateway protocol;
并将所述迁移 ID 对应的所述第一 CGR 所在数据中心的所述 MPLS VPN站点迁入所述 VCE。 And migrate the MPLS VPN site in the data center where the first CGR corresponding to the migration ID is located into the VCE.
16、 根据权利要求 14所述的方法, 其特征在于, 所述第二 CGR 进行所述第一 CGR所在数据中心的所述 MPLS VPN站点的迁入包 括: 16. The method according to claim 14, wherein the second CGR's migration of the MPLS VPN site in the data center where the first CGR is located includes:
当所述第二 CGR接收到第二 PE发送的所述消息中包括以下参 数: When the second CGR receives the message sent by the second PE, the following parameters are included:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 Migration ID indicating the migration process and status of this cloud computing virtual machine; and
虚拟局域网 ID;但不包含所述第二 PE向所述网络数据库申请的 过境 IP地址段和所述第二 PE所在域的自治系统号时; Virtual LAN ID; but does not include the transit IP address segment applied by the second PE to the network database and the autonomous system number of the domain where the second PE is located;
根据所述迁移 ID、 所述虚拟局域网 ID得到本地 VCE; Obtain the local VCE according to the migration ID and the virtual LAN ID;
并将所述迁移 ID 对应的所述第一 CGR 所在数据中心的所述 MPLS VPN站点迁入所述本地 VCE。 And migrate the MPLS VPN site in the data center where the first CGR corresponding to the migration ID is located to the local VCE.
17、 一种第一云数据中心出口网关路由器 CGR, 其特征在于, 包括: 17. A first cloud data center egress gateway router CGR, which is characterized by including:
生成单元, 用于构造多协议标签交换虚拟专用网 MPLS VPN站 点迁移的报文; 所述报文中含有指示第二 CGR所在数据中心的位置 的参数; A generation unit configured to construct a multi-protocol label switching virtual private network MPLS VPN site migration message; the message contains parameters indicating the location of the data center where the second CGR is located;
发送单元, 用于向第一运营商边缘路由器 PE发送所述生成单元 构造的所述 MPLS VPN站点迁移的报文;以使得所述第一 PE在接收 到所述 MPLS VPN站点迁移的报文后, 根据所述 MPLS VPN站点迁 移的报文中所述指示第二 CGR所在数据中心的位置的参数找到与所 述第二 CGR连接的第二 PE, 并向所述第二 PE发送指示所述 MPLS VPN站点迁移的控制报文; 所述第二 PE接收到所述控制报文后, 向 所述第二 CGR发送指示所述 MPLS VPN站点迁移的消息, 以便进行 所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入。 A sending unit, configured to send the MPLS VPN site migration message constructed by the generating unit to the first operator edge router PE; so that the first PE will receive the MPLS VPN site migration message after receiving the MPLS VPN site migration message. , find the second PE connected to the second CGR according to the parameter indicating the location of the data center where the second CGR is located in the MPLS VPN site migration message, and send the MPLS indication to the second PE A control message for VPN site migration; after receiving the control message, the second PE sends a message instructing the migration of the MPLS VPN site to the second CGR so that the MPLS VPN site can migrate to the third CGR. The data center where the second CGR is located is moved in.
18、 一种第一运营商边缘路由器 PE, 其特征在于, 包括: 接收单元, 用于接收第一云数据中心出口网关路由器 CGR发送 的多协议标签交换虚拟专用网 MPLS VPN 站点迁移的 4艮文; 所述 MPLS VPN站点迁移的报文中包括以下参数: 18. A first operator edge router PE, characterized in that it includes: a receiving unit, configured to receive the CGR sent by the first cloud data center egress gateway router The multi-protocol label switching virtual private network MPLS VPN site migration message; The MPLS VPN site migration message includes the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 Migration ID indicating the migration process and status of this cloud computing virtual machine; and
当前虚拟专用网名称; 和 Current VPN name; and
指示第二 CGR所在数据中心的位置; 和 Indicates the location of the data center where the second CGR is located; and
指示撤销与所述第一 CGR连接的清除标志; 和 a clear flag indicating withdrawal of the connection with said first CGR; and
指示第二 CGR的自治系统号; Indicates the autonomous system number of the second CGR;
处理单元, 用于根据所述指示第二 CGR所在数据中心的位置的 参数找到与所述第二 CGR连接的第二运营商边缘路由器 PE; A processing unit configured to find the second operator edge router PE connected to the second CGR according to the parameter indicating the location of the data center where the second CGR is located;
生成单元,用于构造指示所述 MPLS VPN站点迁移的控制 4艮文; 发送单元, 用于向第二运营商边缘路由器 PE发送所述生成单元 构造的所述控制报文;以使得所述第二 PE在接收到所述控制报文后, 向所述第二 CGR发送指示所述 MPLS VPN站点迁移的消息, 以便进 行所述第一 CGR所在数据中心的所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入。 A generating unit, configured to construct a control message indicating migration of the MPLS VPN site; A sending unit, configured to send the control message constructed by the generating unit to the second operator edge router PE; so that the first After receiving the control message, the second PE sends a message instructing the migration of the MPLS VPN site to the second CGR, so that the MPLS VPN site in the data center where the first CGR is located moves to the second CGR. The data center where CGR is located is moved in.
19、 根据权利要求 18所述的第一运营商边缘路由器 PE, 其特征 在于, 19. The first operator edge router PE according to claim 18, characterized in that,
所述接收单元包括: BGP 模块, 用于在所述接收单元接收到第 一 CGR发送的所述 MPLS VPN站点迁移的报文后, 识别出所述报文 为 BGP Update报文, 将所述 BGP Update报文预处理后发送到迁移 模块; The receiving unit includes: a BGP module, configured to, after the receiving unit receives the MPLS VPN site migration message sent by the first CGR, identify the message as a BGP Update message, and convert the BGP The Update message is pre-processed and sent to the migration module;
所述处理单元包括: 迁移模块, 接收所述 BGP模块发送的经过 预处理后的所述 BGP Update报文后, 向查询模块发出查询请求; 接 收所述查询模块返回的查询结果; 查询模块, 根据所述迁移模块发出 的查询请求, 在数据库中, 根据所述指示第二 CGR所在数据中心的 位置的参数找到与所述第二 CGR连接的第二 PE ,将查询结果发送给 所述迁移模块。 The processing unit includes: a migration module, which sends a query request to the query module after receiving the preprocessed BGP Update message sent by the BGP module; receives the query result returned by the query module; the query module, according to In the query request issued by the migration module, in the database, the second PE connected to the second CGR is found according to the parameter indicating the location of the data center where the second CGR is located, and the query result is sent to the migration module.
20、 一种第二运营商边缘路由器 PE, 其特征在于, 包括: 接收单元, 用于接收第一运营商边缘路由器 PE发送的指示多协 议标签交换虚拟专用网 MPLS VPN站点迁移的控制报文; 其中, 所 述控制报文为所述第一 PE 接收到第一云数据中心出口网关路由器 CGR发送的所述 MPLS VPN站点迁移的 文后生成的, 所述 MPLS VPN站点迁移的报文中含有指示第二 CGR所在数据中心的位置的参 数; 所述控制报文中包含以下参数: 20. A second operator edge router PE, characterized in that it includes: a receiving unit, configured to receive a control message sent by the first operator edge router PE indicating multi-protocol label switching virtual private network MPLS VPN site migration; Wherein, the control message is generated after the first PE receives the MPLS VPN site migration message sent by the first cloud data center egress gateway router CGR, and the MPLS The VPN site migration message contains parameters indicating the location of the data center where the second CGR is located; the control message contains the following parameters:
指示本次云计算虚拟机迁移过程及状态的迁移 ID; 和 Migration ID indicating the migration process and status of this cloud computing virtual machine; and
所述第二 PE的下连接口名称; 和 The name of the downstream port of the second PE; and
当前虚拟专用网名称; 和 Current VPN name; and
所述第一 PE上的路由区分符 /路由目标; 和 the route discriminator/route target on the first PE; and
所述第一 PE上的虚拟专用网对端地址列表; 和 A list of virtual private network peer addresses on the first PE; and
指示所述第二 CGR的自治系统号。 Indicates the autonomous system number of the second CGR.
生成单元, 用于构造指示所述 MPLS VPN站点迁移的消息; 发送单元, 用于向第二 CGR发送所述生成单元构造的指示所述 MPLS VPN站点迁移的消息; 以便进行所述第一 CGR所在数据中心 的所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入。 A generating unit, configured to construct a message indicating the migration of the MPLS VPN site; A sending unit, configured to send the message indicating the migration of the MPLS VPN site constructed by the generating unit to the second CGR; in order to carry out the process where the first CGR is located The MPLS VPN site in the data center moves to the data center where the second CGR is located.
21、 根据权利要求 20所述的第二运营商边缘路由器 PE, 其特征 在于, 21. The second operator edge router PE according to claim 20, characterized in that,
所述生成单元包括: The generating unit includes:
判断模块, 用于判断所述第二 PE 是否配置有待迁移的 MPLS VPN站点的 VPN路由转发表; A judgment module, used to judge whether the second PE is configured with the VPN routing forwarding table of the MPLS VPN site to be migrated;
配置模块, 用于在所述判断模块确定所述第二 PE没有配置所述 待迁移的 MPLS VPN站点的 VPN路由转发表的情况下, 在所述接收 单元接收到所述第一 PE发送的指示所述 MPL S VPN站点迁移的控制 报文后, 创建所述待迁移的 MPLS VPN站点的 VPN路由转发表, 并 配置 VPN路由转发表实例, 绑定到下连口的子接口, 配置边界网关 协议。 A configuration module configured to: when the judgment module determines that the second PE does not configure the VPN routing and forwarding table of the MPLS VPN site to be migrated, when the receiving unit receives the instruction sent by the first PE After receiving the control packet for the MPL S VPN site migration, create a VPN routing and forwarding table for the MPLS VPN site to be migrated, configure a VPN routing and forwarding table instance, bind it to the sub-interface of the downstream port, and configure the border gateway protocol .
所述发送单元, 还用于向第二 CGR 发送所述配置模块创建的 VPN路由转发表的配置参数; 以便进行所述第一 CGR所在数据中心 的所述 MPLS VPN站点向所述第二 CGR所在的数据中心迁入。 The sending unit is also configured to send the configuration parameters of the VPN routing and forwarding table created by the configuration module to the second CGR; so that the MPLS VPN site in the data center where the first CGR is located sends a message to the second CGR. data center moved into.
22、 一种第二云数据中心出口网关路由器 CGR, 其特征在于, 包括: 22. A second cloud data center egress gateway router CGR, characterized by including:
接收单元, 用于接收第二运营商边缘路由器 PE发送的指示多协 议标签交换虚拟专用网 MPLS VPN站点迁移的消息; 其中, 所述消 息为第二 PE接收到第一 PE发送的指示所述 MPLS VPN站点迁移的 控制报文后生成的;所述第一 PE接收到第一 CGR发送的所述 MPLS VPN站点迁移的报文后向所述第二 PE发送指示所述 MPLS VPN站 点迁移的控制报文; The receiving unit is configured to receive a message sent by the second operator edge router PE indicating the migration of the multi-protocol label switching virtual private network MPLS VPN site; wherein, the message is that the second PE receives the message sent by the first PE indicating the MPLS Generated after VPN site migration control message; the first PE receives the MPLS sent by the first CGR After the VPN site migration message is sent to the second PE, a control message indicating the MPLS VPN site migration is sent;
处理单元,用于根据所述接收单元接收到的所述指示所述 MPLS VPN站点迁移的消息,进行所述第一 CGR所在数据中心的所述 MPL S VPN站点的迁入。 A processing unit, configured to migrate the MPLS VPN site in the data center where the first CGR is located based on the message received by the receiving unit indicating migration of the MPLS VPN site.
23、 根据权利要求 22 所述的第二云数据中心出口网关路由器 CGR, 其特征在于, 23. The second cloud data center egress gateway router CGR according to claim 22, characterized in that,
所述处理单元包括: The processing unit includes:
判断模块, 用于判断与所述第二 CGR相连的所述第二 PE是否 配置所述待迁移的 MPLS VPN站点的 VPN路由转发表; A judgment module, configured to judge whether the second PE connected to the second CGR is configured with the VPN routing forwarding table of the MPLS VPN site to be migrated;
配置模块, 用于所述判断模块确定所述第二 PE没有配置所述待 迁移的 MPLS VPN站点的 VPN路由转发表的情况下, 在所述接收单 元接收到所述第二 PE发送的指示所述 MPLS VPN站点迁移的消息 后, 创建虚拟用户边缘路由器 VCE, 并配置边界网关协议; 以便进 行所述第一 CGR所在数据中心的所述 MPLS VPN站点的迁入。 Configuration module, used when the judgment module determines that the second PE does not configure the VPN routing and forwarding table of the MPLS VPN site to be migrated, when the receiving unit receives the instruction sent by the second PE. After receiving the MPLS VPN site migration message, create a virtual customer edge router VCE, and configure a border gateway protocol; in order to migrate the MPLS VPN site in the data center where the first CGR is located.
24、 一种云计算虚拟机迁移的网络, 其特征在于, 包括: 权利要求 17所述的第一云数据中心出口网关路由器 CGR; 24. A network for cloud computing virtual machine migration, characterized in that it includes: the first cloud data center egress gateway router CGR described in claim 17;
权利要求 18或 19任一所述的第一运营商边缘路由器 PE; The first operator edge router PE according to either claim 18 or 19;
权利要求 20或 21任一所述的第二运营商边缘路由器 PE; The second operator edge router PE according to either claim 20 or 21;
以及权利要求 22或 23任一所述的第二云数据中心出口网关路由 器 CGR。 And the second cloud data center egress gateway router CGR described in either claim 22 or 23.
PCT/CN2012/083270 2012-05-25 2012-10-22 Method, device and system for migration of cloud computing virtual machine WO2013174096A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210166799.2A CN103428252B (en) 2012-05-25 2012-05-25 A kind of method, equipment and the system of cloud computing virtual machine (vm) migration
CN201210166799.2 2012-05-25

Publications (1)

Publication Number Publication Date
WO2013174096A1 true WO2013174096A1 (en) 2013-11-28

Family

ID=49623053

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/083270 WO2013174096A1 (en) 2012-05-25 2012-10-22 Method, device and system for migration of cloud computing virtual machine

Country Status (2)

Country Link
CN (1) CN103428252B (en)
WO (1) WO2013174096A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017214883A1 (en) * 2016-06-15 2017-12-21 Alibaba Group Holding Limited Network system and method for cross region virtual private network peering
US10367655B2 (en) 2016-01-25 2019-07-30 Alibaba Group Holding Limited Network system and method for connecting a private network with a virtual private network
US10484471B2 (en) 2014-05-12 2019-11-19 Netapp, Inc. Bridging clouds

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103795650B (en) * 2014-01-27 2018-02-06 新华三技术有限公司 A kind of moving method of configuration information, method to set up and its equipment
CN105704045B (en) 2014-11-26 2019-05-28 华为技术有限公司 The method of virtual machine location information synchronizing, gateway and system between data center's gateway

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164184A (en) * 2011-04-22 2011-08-24 广州杰赛科技股份有限公司 Computer entity access and management method for cloud computing network and cloud computing network
CN102170474A (en) * 2011-04-22 2011-08-31 广州杰赛科技股份有限公司 Method and system for dynamic scheduling of virtual resources in cloud computing network
CN102292698A (en) * 2009-02-04 2011-12-21 思杰系统有限公司 Methods and systems for automated management of virtual resources in a cloud computing environment
US20120054731A1 (en) * 2010-08-24 2012-03-01 International Business Machines Corporation Method, System and Computer Programs to Assist Migration to a Cloud Computing Environment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195871B (en) * 2011-01-07 2014-02-19 北京华为数字技术有限公司 Method for controlling service traffic forwarding path in multi-protocol label switch (MPLS) virtual private network (VPN)
CN102387061B (en) * 2011-10-21 2014-05-07 华为技术有限公司 Method, device and system for accessing VPC (virtual private cloud) to VPN (virtual private network)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102292698A (en) * 2009-02-04 2011-12-21 思杰系统有限公司 Methods and systems for automated management of virtual resources in a cloud computing environment
US20120054731A1 (en) * 2010-08-24 2012-03-01 International Business Machines Corporation Method, System and Computer Programs to Assist Migration to a Cloud Computing Environment
CN102164184A (en) * 2011-04-22 2011-08-24 广州杰赛科技股份有限公司 Computer entity access and management method for cloud computing network and cloud computing network
CN102170474A (en) * 2011-04-22 2011-08-31 广州杰赛科技股份有限公司 Method and system for dynamic scheduling of virtual resources in cloud computing network

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10484471B2 (en) 2014-05-12 2019-11-19 Netapp, Inc. Bridging clouds
US11070619B2 (en) 2014-05-12 2021-07-20 Netapp, Inc. Routing messages between cloud service providers
EP3175590B1 (en) * 2014-05-12 2021-08-11 NetApp, Inc. Bridging clouds
US11375016B2 (en) 2014-05-12 2022-06-28 Netapp, Inc. Routing messages between cloud service providers
US11659035B2 (en) 2014-05-12 2023-05-23 Netapp, Inc. Routing messages between cloud service providers
US11863625B2 (en) 2014-05-12 2024-01-02 Netapp, Inc. Routing messages between cloud service providers
US10367655B2 (en) 2016-01-25 2019-07-30 Alibaba Group Holding Limited Network system and method for connecting a private network with a virtual private network
WO2017214883A1 (en) * 2016-06-15 2017-12-21 Alibaba Group Holding Limited Network system and method for cross region virtual private network peering

Also Published As

Publication number Publication date
CN103428252B (en) 2017-10-10
CN103428252A (en) 2013-12-04

Similar Documents

Publication Publication Date Title
US10412019B2 (en) Path computation element central controllers (PCECCs) for network services
JP5986692B2 (en) Network function virtualization for network devices
US20130185446A1 (en) Method and device for connecting to virtual private network across domains
WO2014000292A1 (en) Migration method, serving control gateway and system for virtual machine across data centres
WO2014194711A1 (en) Packet processing method, device label processing method, and device
WO2009015594A1 (en) A method, system and device for configuring the operations, administrator and maintenance property
JP5679343B2 (en) Cloud system, gateway device, communication control method, and communication control program
US10708083B2 (en) Traffic engineering service mapping
WO2022110535A1 (en) Packet sending method, device, and system
WO2014180199A1 (en) Network establishment method and control device
WO2011009331A1 (en) Routing label distribution method and apparatus in virtual private network
WO2013174096A1 (en) Method, device and system for migration of cloud computing virtual machine
WO2013139270A1 (en) Method, device, and system for implementing layer3 virtual private network
CN104468162A (en) Method and system for network management, virtual network entity, and network device
US20230345273A1 (en) Fault processing method, control plane network element, steering decision-making network element, and related device
CN114172865B (en) IPv6 dual stack implementation method under cloud network
JP5913732B2 (en) Pseudowire groups in packet switched networks
US20200344158A1 (en) Virtual port group
CN115002029A (en) Traffic forwarding method, device, equipment and storage medium
WO2022193897A1 (en) Service deployment method, apparatus, and system
WO2023088411A1 (en) Method and apparatus for sending instruction, and method and apparatus for sending information
CN116896563B (en) Cloud private line opening method, device, system and storage medium
Muñoz et al. End-to-end service provisioning across MPLS and IP/WDM domains
WO2014082430A1 (en) Packet control method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12877556

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12877556

Country of ref document: EP

Kind code of ref document: A1