WO2013185715A1 - Method for implementing virtual network and virtual network - Google Patents

Method for implementing virtual network and virtual network Download PDF

Info

Publication number
WO2013185715A1
WO2013185715A1 PCT/CN2013/080734 CN2013080734W WO2013185715A1 WO 2013185715 A1 WO2013185715 A1 WO 2013185715A1 CN 2013080734 W CN2013080734 W CN 2013080734W WO 2013185715 A1 WO2013185715 A1 WO 2013185715A1
Authority
WO
WIPO (PCT)
Prior art keywords
destination
data packet
identifier
subnet
controller
Prior art date
Application number
PCT/CN2013/080734
Other languages
French (fr)
Chinese (zh)
Inventor
马苏安
汪军
胡永生
梁亮
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013185715A1 publication Critical patent/WO2013185715A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/64Hybrid switching systems
    • H04L12/6418Hybrid transport

Definitions

  • the present invention relates to data exchange technology, and more particularly to a method and virtual network for implementing a virtual network.
  • the data center provides resource leasing services. For different tenants, the data center needs to provide a virtual network to implement data exchange, so that tenants can use resources in the virtual network without interfering with each other. At the same time, the development of data center services has made data centers increasingly demanding networks, requiring more bandwidth and more reliable data networks.
  • the number of tenants may be hundreds of thousands or more.
  • a virtual local area network (VLAN) is used to isolate tenants.
  • the maximum number of VLANs is 4096, which limits the number of tenants and cannot satisfy the data.
  • the center provides business needs for multi-tenancy.
  • a Layer 2 (L2, Layer 2) network is superimposed on the Internet Protocol (IP) network.
  • IP Internet Protocol
  • the Ethernet packet is encapsulated in the User Datagram Protocol (UDP) packet. Add one.
  • VXLAN Virtual Extensible LAN
  • VNI VXLAN Network Identifier
  • the UDP packet forwarding path is determined by a routing protocol; Support for a large number of tenants, multi-path support depends on the underlying IP network.
  • the original data packet 101 is sent from the source host (Host) 104 to the VXLAN Tunnel End Point (VTEP), and the VTEP encapsulates the original data packet 101 in the UDP packet to form a package.
  • the data packet 102 is appended with a VXLAN header (Header), and the VXLan Header internally contains a VNI to identify different virtual networks.
  • VNI Virtual Extensible LAN
  • the encapsulated data packet 102 is sent to the peer VTEP through the IP network 106, the VTEP is decapsulated, the original data packet 103 is restored, and then forwarded to the destination Hostl07. It can be seen that after the original data packet 101 is encapsulated into the UDP packet, the underlying IP network forwards it as a payload, cannot identify which tenant the original data packet 101 belongs to, and cannot identify the IP address and other information inside the original data packet 101. No optimization or control can be done based on this information.
  • the related technologies have the following problems: The underlying IP network and the virtual network are separated.
  • the IP network cannot identify the information encapsulated in the data packet, and cannot be optimized for the needs of the tenant. Measures or other strategies; The virtual network does not identify the forwarding mode of the packet in the underlying IP network, and cannot control the forwarding process.
  • Embodiments of the present invention provide a method and a virtual network for implementing a virtual network, which are solved by the bottom layer.
  • the IP network is separated from the virtual network.
  • the IP network cannot identify the information encapsulated in the data packet, and cannot implement optimization or other policies for the needs of the tenant; the virtual network does not recognize the data.
  • the forwarding mode of the packet in the underlying IP network cannot control the forwarding process.
  • An embodiment of the present invention provides a method for implementing a virtual network, including:
  • the controller of the virtual network acquires the transmission type, source and destination of the data packet sent by the host;
  • the controller sends the forwarding policy to each virtual access switch and intermediate switch through which the data packet is to be passed, such that the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet.
  • the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet, including:
  • the transmission type is to forward a data packet in the same subnet; the host that sends the data packet is located on the same subnet as the destination host that receives the data packet;
  • the destination identifier includes: a destination virtual network identifier of a subnet where the host that sends the data packet is determined according to the port identifier, and a destination route identifier of the destination virtual access switch.
  • the transmission type is to forward a data packet between subnets; the destination identifier includes: a destination virtual network identifier of the destination subnet, and a destination route identifier of the destination virtual access switch.
  • the transmission type is unicast
  • the step of the controller formulating the forwarding policy includes: calculating at least one optimized path between the host and the destination of the sending data packet; wherein the forwarding policy includes the at least one optimized path;
  • the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet, including: the destination virtual access switch of the destination subnet restores the second data packet to a first data packet, and The first data packet is sent to the destination host.
  • the transmission type is broadcast
  • the method further includes:
  • the controller establishes a first type of broadcast tree covering the entire subnet in each subnet;
  • the controller establishes a second type of broadcast tree in each subnet, and in each of the second type of broadcast trees, selects a virtual access switch connected to the host in the subnet as the first The root node of the second type of broadcast tree.
  • the destination identifier includes: a destination virtual network identifier of the destination subnet corresponding to the first type of broadcast tree of the destination or a destination virtual network identifier of the destination subnet corresponding to the second type of broadcast tree of the destination; the virtual access switch and
  • the performing, by the intermediate switch, the forwarding policy to the received data packet includes: the destination virtual access switch of the destination subnet restores the second data packet to a first data packet, and sends the first data packet Give the destination host.
  • the step of the controller sending the forwarding policy to each virtual access switch and the intermediate switch that the data packet is to pass through includes:
  • the controller sends the forwarding policy by using an OpenFlow protocol, where the forwarding policy is Flow table implementation; or,
  • the controller sends the forwarding policy by using a network management interface download protocol, where the forwarding policy is implemented by a network management configuration entry;
  • the controller delivers the forwarding policy by using a selected private protocol.
  • the embodiment of the invention further provides a controller, including:
  • An information obtaining unit configured to: acquire a transmission type, a source, and a destination of the data packet sent by the host;
  • a policy making unit configured to: formulate a forwarding policy according to the type of the transmission, the port identifier of the source, and the destination identifier of the destination;
  • a policy sending unit configured to: send the forwarding policy to each virtual access switch and an intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch perform the foregoing on the received data packet Forwarding strategy.
  • the policy making unit includes:
  • a first setting module configured to: when the transmission type is to forward a data packet in the same subnet, setting the destination identifier includes: determining, according to the port identifier, a destination virtuality of a subnet where the host that sends the data packet is located The network identifier, and the destination route identifier of the destination virtual access switch.
  • the policy making unit includes:
  • a second setting module configured to: when the transmission type is to forward a data packet between subnets, setting the destination identifier includes: a destination virtual network identifier of the destination subnet, and a destination route identifier of the destination virtual access switch .
  • the policy making unit includes:
  • a third setting module configured to: when the transmission type is unicast, calculate at least one optimized path between the host and the destination that sends the data packet; where the forwarding policy includes the at least one optimization path.
  • the controller further includes:
  • a broadcast tree unit configured to: establish a first type of broadcast tree covering the entire subnet in each subnet; or, establish a second type of broadcast tree in each subnet, and in each of the Two In the class broadcast tree, a virtual access switch connected to the host in the subnet is selected as the root node of the second type of broadcast tree.
  • the policy making unit further includes:
  • a fourth setting module configured to: when the transmission type is broadcast, setting the destination identifier comprises: a destination virtual network identifier of a destination subnet corresponding to the first type of broadcast tree of the destination or a second category of the destination Destination virtual network ID of the destination subnet corresponding to the broadcast tree.
  • the embodiment of the present invention further provides a virtual network, including: a virtual access switch, an intermediate switch, and the foregoing controller; wherein each virtual access switch has a route identifier and is connected to the controller; each intermediate switch is The virtual access switch is connected to the controller, and each host is located in a subnet. All hosts in the subnet are in a Layer 2 broadcast domain, and the Layer 2 broadcast domain has a virtual network identifier. ; as well as
  • a host is connected to a virtual access switch through a port that has a port identifier.
  • a virtual access switch In the virtual network,
  • the virtual access switch includes:
  • a first policy execution unit configured to: receive the received data packet as a first data packet, encapsulate the destination identifier with the first data packet to form a second data packet; and send the second data packet;
  • the intermediate switch includes:
  • a second policy execution unit configured to: receive the received data packet as a first data packet, encapsulate the destination identifier with the first data packet to form a second data packet; and send the second data packet;
  • the controller in the process of data packet forwarding, can obtain various attributes of the data packet as the destination identifier, formulate a forwarding policy according to the destination identifier, and forward the data packet more finely and flexibly, and support multi-tenancy. , multi-path forwarding and traffic load balancing; and more efficient use of network resources.
  • FIG. 1 is a schematic diagram showing the working principle of the VXLAN technology in the related art
  • FIG. 2 is a block diagram showing a system of a virtual network according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of a data packet encapsulation according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram showing a routing function between subnets according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram showing unicast in a subnet according to an embodiment of the present invention.
  • FIG. 6 is a flowchart showing an implementation of an optimal path according to an embodiment of the present invention.
  • FIG. 7 is a flowchart showing a broadcast in a subnet according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a controller according to an embodiment of the present invention.
  • SDN Software Defined Network
  • the control plane of the SDN is composed of a centralized controller (ie, Forwarding Policy Server (FPS)), and controls the behavior of the forwarding plane through a development flow (OpenFlow) protocol.
  • the control method is a flow table, and the flow table includes Match rules and behaviors that indicate behaviors that should be taken for packets that match the matching rules.
  • the forwarding plane of the SDN matches the flow entry in sequence, and executes the matching command after the match is found. If no match is found, the data packet can be forwarded to the controller and processed by the controller.
  • a tenant can have multiple subnets. Each host of the tenant belongs to a subnet.
  • the subnet serves as a Layer 2 broadcast domain.
  • Each Layer 2 broadcast domain is assigned a virtual network identifier (also known as a broadcast domain identifier (Broadcast ID). )).
  • Each host is connected to a port on a virtual access switch.
  • Each port has a unique port identifier.
  • Each Virtual Access Switch is assigned a route ID by the controller.
  • An embodiment of the present invention provides a method for implementing a virtual network, including the following steps: Step 1: The controller of the virtual network acquires the transmission type, source and destination of the data packet sent by the host.
  • Step 2 The controller formulates a forwarding policy according to the transmission type, the port identifier of the source, and the destination identifier of the destination.
  • Step 3 The controller sends the forwarding policy to each virtual access switch and the intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet.
  • the controller can acquire various attributes of the data packet, such as a Broadcast ID, a Route ID, an Ethernet packet header, an IP packet header, and a TCP (Transmission Control Protocol).
  • the protocol/UDP port number is used as the destination identifier.
  • the forwarding policy is formulated according to the destination identifier.
  • the forwarding plane forwards the data packet more finely and flexibly. It supports multi-tenancy, multi-path forwarding, and traffic load balancing, making more efficient use of the network. Resources.
  • the structure of the virtual network is shown in Figure 2.
  • the virtual network includes a forwarding plane and a control plane.
  • the forwarding plane includes a virtual access switch 202 and an intermediate switch 206; the intermediate switch 206 is not directly connected to the host 203 and is responsible for forwarding packets in the middle.
  • the host 203 accesses the virtual network through the virtual access switch 202, and the host 203 includes a physical machine and a virtual machine.
  • the control plane includes a controller 201 that interconnects the virtual access switch 202 and the intermediate switch 206, and delivers a forwarding policy to the virtual access switch 202 and the intermediate switch 206 to control the forwarding behavior of the forwarding plane; the forwarding policy includes controlling which port the data packet is from. Forward, modify the properties of the packet, etc.
  • the controller 201 is a device that constitutes a control plane, and the control logic of the entire virtual network is set on the controller 201.
  • the controller 201 responds to the network event from the forwarding plane, and delivers the forwarding policy to each virtual access switch according to the virtual network requirement.
  • 202 and intermediate switch 206 to implement control of the entire virtual network.
  • the virtual access switch 202 is a device that constitutes a forwarding plane and is responsible for connecting the host 203 to the virtual network.
  • the intermediate switch 206 is a device that constitutes a forwarding plane, and is an intermediate node of the virtual network, and is not directly Access to host 203.
  • the virtual access switch 202 and the intermediate switch 206 forward the data packet according to the forwarding policy delivered by the controller 201.
  • Each host 203 is connected to a port of a virtual access switch 202.
  • the controller 201 is connected to the interface 204 of the forwarding plane, and the forwarding policy can be delivered by using the OpenFlow protocol, the network management protocol, or the private protocol.
  • the virtual machine manager (VMM) 205 is responsible for managing the host 203, and transmits information such as the Broadcast ID, the port identifier of the port where the host 203 is located, and the route ID to the controller 201.
  • the identifier of the host 203, the port identifier of the port where the host 203 is located, the virtual network identifier of the subnet to which the host 203 belongs, and the correspondence between them are stored in the controller 201.
  • the destination identifier includes at least the destination Broadcast ID, and may also include the destination Route ID.
  • the source is the subnet where the source host that sent the packet is located;
  • the destination is the subnet where the destination host that receives the packet is located.
  • this information is provided by other systems, such as a virtualization management platform (VMP,
  • the Virtualization Management Platform is transmitted to the controller 201 through the interface 204.
  • the virtual network identifier and the route identifier are marked.
  • the forwarding plane forwards according to the routing identifier of the data packet; the forwarding plane distinguishes different virtual networks according to the virtual network identifier of the data packet. Packets can only be sent to hosts on the same virtual network.
  • the packet encapsulation mode is as shown in FIG. 3.
  • the data packet 301 sent by the source host 304 includes a layer 2 packet header and data, and is encapsulated into a data packet 302 by the virtual access switch 202.
  • the actual network label is used.
  • a 20-bit MPLS (Multi Protocol Label Switching) label is used to implement the Broadcast ID and the Route ID, and the Broadcast ID and the Route ID are encapsulated with the data packet 301 to form a data packet 302, or only the Broadcast ID and the Broadcast ID are
  • the data packet 301 is encapsulated to form a data packet 303.
  • the Broadcast ID indicates that the virtual network identifier and the Route ID are used to identify the destination virtual access switch.
  • the MPLS label serves only as a carrier of the Broadcast ID and the Route ID, and does not have the original meaning of the MPLS label.
  • 20bit Broadcast ID can Support for more than 1 million independent subnets, so it can support a large number of tenants.
  • the destination virtual access switch After receiving the data packet 302, the destination virtual access switch removes the data packet 304 of the Broadcast ID and the Route ID, restores the state of the initial data packet 301, and sends the data packet 304 to the destination host 305.
  • the broadcast packet 303 is sent to all the broadcast domains because it is not forwarded to a specific Host.
  • the interface protocol between the controller 201 and the forwarding plane There are various options for the interface protocol between the controller 201 and the forwarding plane.
  • the OpenFlow protocol can be used, and the forwarding policy can be implemented through a flow table.
  • the network management interface can also be used to download the protocol.
  • the forwarding policy is implemented by the network management configuration entry.
  • the controller 201 delivers the forwarding policy by using an OpenFlow protocol; the forwarding policy is implemented by a flow table;
  • the controller sends the forwarding policy by using a network management interface download protocol; the forwarding policy is implemented by a network management configuration entry;
  • the controller delivers the forwarding policy by using a proprietary protocol.
  • the steps of the virtual access switch 202 and the intermediate switch 206 performing the forwarding policy on the received data packet to perform the forwarding policy include:
  • the received data packet is used as a first data packet, and the destination identifier is encapsulated with the first data packet to form a second data packet;
  • the provided technical solution can forward data packets in the same subnet.
  • the transmission type is to forward a data packet in the same subnet;
  • the destination identifier includes: a destination broadcast ID of a subnet where the host that sends the data packet is found according to the port identifier, and a destination.
  • the purpose of the virtual access switch is the Route ID.
  • the controller 201 when forwarding a data packet in a virtual network, applies two destination identifiers to the data packet by using a forwarding policy: Broadcast ID and Route ID, and the process package Including the following steps:
  • Step 01 When the host sends a data packet, the controller 201 queries the database according to the port where the host is located, finds the Broadcast ID corresponding to the subnet where the host is located, and the destination route ID of the destination virtual access switch, thereby forming a forwarding policy.
  • Step 02 The controller 201 sends a forwarding policy to the virtual access switch connected to the host, and the intermediate switch, and the intermediate switch is connected to the virtual access switch or other intermediate switch.
  • Step 03 When the forwarding policy is executed, the Broadcast ID and the Route ID are sealed in the first data packet to form a second data packet. To forward a packet in the same subnet, you need to type the Broadcast ID. Otherwise, you cannot distinguish which virtual network the packet is.
  • the intermediate switch matches the destination identifier to ensure that the data packet is only sent to the destination host in the same subnet, thereby implementing the same subnet. The isolation of transport packets and the transmission of packets between subnets.
  • the provided technical solution can forward data packets between different subnets.
  • the virtual network ID of the virtual network where the destination host is located is encapsulated in the data packet to ensure that only hosts in the destination virtual network can receive the data packet.
  • the transmission type is to forward data packets between subnets
  • the destination identifier includes: the destination virtual network identifier of the destination subnet and the destination route identifier of the destination virtual access switch.
  • the destination virtual access switch is located in the destination subnet.
  • the inter-subnet routing process is similar to the unicast process in the subnet. The difference is that the inter-subnet routing replaces the MAC (Medium Access Control) address of the packet because the source MAC address is sent when the packet is sent.
  • the MAC address of the source host, the destination MAC address is the MAC address of the router; where the MAC address of the router is the MAC address of the router configured by the host (not the MAC address of the virtual access switch), and the router configured by the host is virtual, each The host configures the IP address of the router.
  • the host wants to send the data packet between the subnets, the host obtains the MAC address corresponding to the IP address of the router through the ARP (Address Resolution Protocol).
  • the controller 201 replaces the MAC address.
  • the virtual router answers this ARP request and returns the MAC address of the virtual router to the host.
  • the packet passes through the virtual access switch, the source MAC address is replaced with the router's MAC address, and the destination MAC address is replaced with the source host's MAC address. In this process, you need to set the address of a virtual router, but you do not need to set up a physical router, and only complete the routing function by replacing the MAC address.
  • the OpenFlow protocol is used as an interface protocol between the controller 201 and the forwarding plane.
  • the forwarding policy corresponds to the flow table defined in the OpenFlow protocol, and includes the following steps:
  • Step 401 The source host sends the first data packet to the source virtual access switch 202a connected thereto.
  • Step 402 The source virtual access switch 202a forwards the first data packet to the controller 201 through the Packetln message because there is no matching flow table.
  • Step 403 The controller 201 sends a flow table to the source virtual access switch 202a.
  • the flow table is configured to encapsulate the broadcast ID, the route ID, and the replacement MAC address.
  • the replacement MAC address includes: replacing the source MAC address with the MAC address of the router, and the destination MAC address. Replace with the MAC address of the source host.
  • Step 404 The controller 201 sends a flow table to the destination virtual access switch 202b, where the flow table is responsible for popping the broadcast ID and the Route ID from the received first data packet to restore the data packet, and forwarding the restored data packet to the appropriate one.
  • the destination host The controller 201 sends a flow table to the destination virtual access switch 202b, where the flow table is responsible for popping the broadcast ID and the Route ID from the received first data packet to restore the data packet, and forwarding the restored data packet to the appropriate one.
  • the destination host The controller 201 sends a flow table to the destination virtual access switch 202b, where the flow table is responsible for popping the broadcast ID and the Route ID from the received first data packet to restore the data packet, and forwarding the restored data packet to the appropriate one.
  • the destination host The destination host.
  • Step 405 The controller 201 sends the first data packet back to the source virtual access switch 202a through the PacketOut message.
  • Step 406 The source virtual access switch 202a matches the flow table mentioned in step 403, encapsulates the broadcast ID and the route ID, replaces the source MAC address with the MAC address of the router, and replaces the destination MAC address with the MAC address of the source host. Form a second data packet.
  • Step 407 The source virtual access switch 202a matches the flow table mentioned in step 403, and forwards the second data packet according to the optimal path.
  • Step 408 The intermediate switch 206 matches the flow table, and forwards the second data packet according to the optimal path.
  • Broadcast ID and Route ID recovering the first data packet from the second data packet
  • Step 410 The destination virtual access switch 202b matches the flow table and forwards the first data packet to the destination host. Unicast packets can also be forwarded in the provided technical solution.
  • the transmission type is unicast
  • the second step further includes: calculating at least one optimized path between the host and the destination of the sending data packet, where the forwarding policy includes the at least one optimized path;
  • the virtual access switch 202 and the intermediate switch 206 perform the forwarding policy on the received data packet, including: the destination virtual access switch of the destination subnet restores the second data packet to the first data packet, and The first data packet is sent to the destination host.
  • the controller 201 queries the route ID of the virtual access switch where the destination host is located, and sends a forwarding policy.
  • the route ID is encapsulated in the data packet.
  • the controller 201 calculates an optimal path between each two virtual access switches, and delivers a forwarding policy.
  • the source virtual access switch 202a forwards the Route ID in the data packet matching the policy, and forwards it along a specific path until it arrives.
  • the destination virtual access switch 202b forwards the data packet to the destination host by the destination virtual access switch 202b.
  • the controller 201 can also calculate multiple paths at the same time, so that the current data packet is forwarded according to a predefined forwarding policy, thereby implementing multipath load balancing. Different forwarding methods are determined by the controller 201, and different options can be determined at any time as needed.
  • the unicast packets in the subnet need to be labeled with the broadcast ID and the route ID.
  • the two IDs are used to identify the destination virtual access switch 202b.
  • the broadcast ID is used to uniquely identify a Layer 2 broadcast domain. Network), to ensure that hosts in the same subnet can receive this packet, and good isolation between subnets.
  • the OpenFlow protocol is used as an interface protocol between the controller 201 and the forwarding plane, and the forwarding policy corresponds to the flow table defined by the OpenFlow protocol, including the following steps:
  • Step 501 The source host sends the first data packet to the source virtual access switch 202a connected thereto.
  • Step 502 The first data packet has no matching flow table on the source virtual access switch 202a, and the source virtual access switch 202a sends a Packetln message to the controller 201.
  • the Packetln message includes the content and input port of the first data packet.
  • Step 503 The controller 201 determines, according to the content of the Packetln message, a flow table that needs to be matched, and sends a flow table to the source virtual access switch 202a, where the flow table is responsible for encapsulating the broadcast ID and the Route ID.
  • Step 504 The controller 201 sends a flow table to the destination virtual access switch 202b, where the flow table is responsible for popping the Broadcast ID and the Route ID from the first data packet, and forwarding the first data packet to the appropriate host;
  • the flow table can be downloaded when the Packetln message is received, or it can be downloaded before the host sends the packet.
  • Step 505 the controller 201 sends the first data packet back to the source virtual access switch 202a through the PacketOut message;
  • Step 506 The source virtual access switch 202a matches the data packet to the flow table, performs the behavior specified by the flow table, and encapsulates the first data packet with the Broadcast ID and the route ID to form a second data packet.
  • Step 507 The source virtual access switch 202a matches the flow table, and forwards the second data packet according to the optimal path.
  • Step 508 the intermediate switch 206 matches the flow table, and forwards the second data packet according to the optimal path.
  • Step 510 The destination virtual access switch 202b matches the flow table, and forwards the restored first data packet to the destination host.
  • Each packet is forwarded by the optimal path or by a specific policy corresponding to the tenant. For example, different routing paths can be selected according to the level to which the tenant belongs. In this process, each node in the routing path needs to be set. Flow table.
  • the forwarding policy may be sent immediately when the network topology changes, or the optimal path may be calculated first. Then, the forwarding policy is delivered. As shown in Figure 6, the process of implementing the optimal path includes the following steps:
  • Step 601 The controller 201 assigns a Route ID to each virtual access switch 202 and detects Network topology.
  • the controller 201 detects the network topology. The controller 201 instructs each port to send a Link Layer Discovery Protocol (LLDP) packet. If the LLDP packet is received on another port on the forwarding plane, then there is a link between the two ports.
  • LLDP Link Layer Discovery Protocol
  • Step 602 Calculate an optimal path between each virtual access switch 202 and other virtual access switches 202.
  • Step 603 The controller 201 sends a forwarding policy to the virtual access switch 202 and the intermediate switch 206.
  • the forwarding policy indicates that the data packet from the virtual access switch 202 to the destination virtual access switch 202b should be output, and the matching field is Route ID.
  • the broadcast data packet can also be forwarded in the provided technical solution.
  • the transmission type is broadcast
  • the method further includes:
  • the controller establishes a first type of broadcast tree covering the entire subnet in each subnet; or, the controller establishes a second type of broadcast tree in each subnet, and in each of the In the second type of broadcast tree, a virtual access switch connected to the host in the subnet is selected as the root node of the second type of broadcast tree.
  • the broadcast tree can be set up for each subnet, or you can connect Virtual Access to each host in each subnet.
  • the Switch creates multiple ports. Since the node of the broadcast tree is related to the location of the host, when the host location changes, the broadcast tree is re-established and the flow table is updated.
  • the destination identifier includes: a destination virtual network identifier of a destination subnet corresponding to the first type of broadcast tree of the destination or a destination virtual network identifier of the destination subnet corresponding to the second type of broadcast tree of the destination;
  • the virtual access switch 202 and the intermediate switch 206 perform the forwarding policy on the received data packet, including: the destination virtual access switch of the destination subnet restores the second data packet to the first data packet, and The first data packet is sent to the destination host.
  • the broadcast packets in the subnet need to be encapsulated by the MPLS standard. Signed the implementation of the Broadcast ID.
  • the OpenFlow protocol is used as an example of the interface protocol between the controller 201 and the forwarding plane.
  • the forwarding policy corresponds to the flow table defined by the OpenFlow protocol.
  • the controller 201 establishes a broadcast tree by sending the flow table to propagate the data packet according to the broadcast tree.
  • the method includes the following steps: Step 701: The source host sends the first data packet to the source virtual access switch 202a connected to the source host.
  • Step 702 The source virtual access switch 202a does not have a matching flow table, and forwards the first data packet to the controller 201 through the Packetln message.
  • Step 703 The controller 201 sends a flow table to the source virtual access switch 202a, where the flow table is responsible for encapsulating the Broadcast ID for the first data packet.
  • Step 704 The controller 201 establishes a broadcast tree according to the network topology, and sends a flow table to the intermediate switch 206 corresponding to the broadcast tree node according to the result of establishing the broadcast tree, where the flow table is responsible for forwarding the second data packet in the broadcast tree.
  • Step 705 The controller 201 sends a flow table to the destination virtual access switch 202b.
  • the flow table is responsible for popping the Broadcast ID from the second data packet and forwarding the second data packet to the appropriate destination host.
  • Step 706 the controller 201 sends the first data packet back to the source virtual access switch 202a through the PacketOut message.
  • Step 707 The source virtual access switch 202a matches the flow table, and encapsulates the first data packet with the Broadcast ID to form a second data packet.
  • Step 708 the source virtual access switch 202a matches the flow table, and forwards the second data packet according to the broadcast tree.
  • Step 710 The destination virtual access switch 202b matches the flow table, and pops the Broadcast ID from the second data packet to restore the first data packet.
  • Step 711 The destination virtual access switch 202b matches the flow table, and forwards the first data packet to the destination host.
  • An embodiment of the present invention provides a controller, as shown in FIG. 8, including:
  • the information obtaining unit 801 is configured to: acquire a transmission type, a source, and a destination of the data packet sent by the host;
  • a policy making unit 802 configured to: formulate a forwarding policy according to the type of the transmission, the port identifier of the source, and the destination identifier of the destination;
  • the policy issuance unit 803 is configured to: send the forwarding policy to each of the virtual access switches and the intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch pair the received data packet The forwarding policy is executed.
  • policy formulation unit 802 includes:
  • the first setting module 8021 is configured to: when the transmission type is to forward a data packet in the same subnet, the setting the destination identifier comprises: determining, according to the port identifier, a destination virtuality of a subnet where the host that sends the data packet is located The network identifier and the destination route identifier of the destination virtual access switch.
  • policy formulation unit 802 includes:
  • the second setting module 8022 is configured to: when the transmission type is to forward a data packet between subnets, setting the destination identifier includes: a destination virtual network identifier of the destination subnet, and a destination route of the destination virtual access switch Logo.
  • policy formulation unit 802 includes:
  • the third setting module 8023 is configured to: when the transmission type is unicast, calculate at least one optimized path between the host and the destination that sends the data packet; wherein the forwarding policy includes the at least one Optimize the path.
  • the controller further includes:
  • a broadcast tree unit 804 configured to: establish a first type of broadcast tree covering the entire subnet in each subnet; or, establish a second type of broadcast tree in each subnet, and in each of the In the second type of broadcast tree, a virtual access switch connected to the host in the subnet is selected as the root node of the second type of broadcast tree.
  • policy formulation unit 802 includes:
  • a fourth formulation module 8024 configured to: when the transmission type is broadcast, set the target The identifier includes: a destination virtual network identifier of the destination subnet corresponding to the first type of the broadcast tree of the destination or a destination virtual network identifier of the destination subnet corresponding to the second type of the broadcast tree of the destination.
  • the embodiment of the present invention provides a virtual network, as shown in FIG. 2, including: a virtual access switch 202, an intermediate switch 206, and a controller 201;
  • Each virtual access switch 202 has a routing identifier and is coupled to the controller 201;
  • Each intermediate switch is connected to the virtual access switch 202 and connected to the controller 201;
  • Each host 203 is located in a subnet, and all hosts 203 in the subnet are in a Layer 2 broadcast domain, and the Layer 2 broadcast domain has a virtual network identifier;
  • One host 203 is connected to the virtual access switch 202 through a port having a port identifier.
  • the controller includes:
  • the information obtaining unit 801 is configured to: acquire a transmission type, a source, and a destination of the data packet sent by the host;
  • the policy making unit 802 is configured to: formulate a forwarding policy according to the transmission type, the port identifier of the source, and the destination identifier of the destination;
  • the policy issuance unit 803 is configured to: send the forwarding policy to each of the virtual access switches and the intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch pair the received data packet Performing the forwarding policy;
  • a broadcast tree unit 804 configured to: establish a first type of broadcast tree covering the entire subnet in each subnet; or, establish a second type of broadcast tree in each subnet, and in each of the In the second type of broadcast tree, a virtual access switch connected to the host in the subnet is selected as the root node of the second type of broadcast tree.
  • the virtual access switch includes:
  • a first policy execution unit configured to: use the received data packet as the first data packet, The destination identifier is encapsulated with the first data packet to form a second data packet; and the second data packet is sent;
  • a second policy execution unit configured to: use the received data packet as the first data packet, and encapsulate the destination identifier with the first data packet to form a second data packet; and send the second data packet.
  • multi-tenant support, multi-path, and traffic load balancing capability are provided by applying virtual network labels and routing labels to data packets; and the data network can be more comprehensively managed and implemented more flexibly. Data forwarding strategies, even for the optimization and control of traffic for specific tenant needs.
  • the controller in the process of data packet forwarding, can obtain various attributes of the data packet as the destination identifier, formulate a forwarding policy according to the destination identifier, and forward the data packet more finely and flexibly, and support multi-tenancy. , multi-path forwarding and traffic load balancing; and more efficient use of network resources.

Abstract

A method for implementing a virtual network and a virtual network. The method comprises: a controller of the virtual network obtaining a transfer type, a source, and a destination of a data packet sent by a host; the controller formulating a forwarding strategy according to the transfer type, a port identifier of the source, and a destination identifier of the destination; and the controller sending the forwarding strategy to each virtual access switch and each intermediate switch through which the data packet is to be passed; and the virtual access switch and the intermediate switch executing the forwarding strategy on the received data packet.

Description

一种实现虚拟网络的方法和虚拟网络  Method and virtual network for realizing virtual network
技术领域 Technical field
本发明涉及数据交换技术, 特别是指一种实现虚拟网络的方法和虚拟网 络。  The present invention relates to data exchange technology, and more particularly to a method and virtual network for implementing a virtual network.
背景技术 Background technique
数据中心提供资源出租业务, 针对不同的租户, 数据中心需要提供一个 虚拟网络实现数据交换, 使租户在虚拟网络中互不干扰的使用资源。 同时, 数据中心业务的发展, 使数据中心对网络的要求日益提高, 需要更大带宽, 更可靠的数据网络。  The data center provides resource leasing services. For different tenants, the data center needs to provide a virtual network to implement data exchange, so that tenants can use resources in the virtual network without interfering with each other. At the same time, the development of data center services has made data centers increasingly demanding networks, requiring more bandwidth and more reliable data networks.
租户的数量可能达到数十万以上, 相关技术中, 一般釆用虚拟局域网 (VLAN, Virtual Local Area Network)来隔离租户, 由于 VLAN的个数最大为 4096, 因而限制了租户的数量, 不能满足数据中心为多租户提供业务的需求。 如图 1 所示, 在互联网协议 ( IP, Internet Protocol ) 网络上叠加二层(L2, Layer 2 ) 网络, 将以太网包封装在用户数据报协议(UDP, User Datagram Protocol )包中,添加一个虚拟可扩展局域网( VXLAN, Virtual extensible LAN ) 包头,包头中添加 24位的 VXLAN网络标识( VNI, VXLAN Network Identifier ) 以区分不同的虚拟网络; UDP包转发路径由路由协议来确定; 这种方式能够 支持大量租户, 多路径支持依靠下层 IP网络实现。 图 1所示的 IP网络 106 中, 原始数据包 101从源主机( Host ) 104发送到 VXLAN通道端点( VTEP, VXLAN Tunnel End Point ) 105, VTEP将原始数据包 101封装在 UDP包中形 成封装后的数据包 102, 在数据包 102中附加一个 VXLAN 包头(Header ) , 该 VXLan Header内部包含一个 VNI来标识不同的虚拟网络。 封装后的数据 包 102通过 IP网络 106发送到对端 VTEP, VTEP解封装, 还原出原始数据 包 103 , 再转发给目的 Hostl07。 可以看出, 原始数据包 101封装进 UDP包 后, 底层 IP网络将其作为载荷进行转发, 不能识别原始数据包 101属于哪个 租户, 也不能识别原始数据包 101内部的 IP地址等信息, 因而, 不能根据这 些信息做任何的优化和控制。 相关技术中存在如下问题: 底层 IP网络和虚拟网络是分离的, 当虚拟网 络的数据包在底层 IP网络中传输时, IP网络并不能识别数据包内部封装的信 息, 不能针对租户的需求实施优化措施或其他策略; 虚拟网络也不识别数据 包在底层 IP网络中的转发方式, 无法对转发过程进行控制。 The number of tenants may be hundreds of thousands or more. In the related art, a virtual local area network (VLAN) is used to isolate tenants. The maximum number of VLANs is 4096, which limits the number of tenants and cannot satisfy the data. The center provides business needs for multi-tenancy. As shown in Figure 1, a Layer 2 (L2, Layer 2) network is superimposed on the Internet Protocol (IP) network. The Ethernet packet is encapsulated in the User Datagram Protocol (UDP) packet. Add one. VXLAN (Virtual Extensible LAN) header, a 24-bit VXLAN Network Identifier (VNI, VXLAN Network Identifier) is added to the packet header to distinguish different virtual networks; the UDP packet forwarding path is determined by a routing protocol; Support for a large number of tenants, multi-path support depends on the underlying IP network. In the IP network 106 shown in FIG. 1, the original data packet 101 is sent from the source host (Host) 104 to the VXLAN Tunnel End Point (VTEP), and the VTEP encapsulates the original data packet 101 in the UDP packet to form a package. The data packet 102 is appended with a VXLAN header (Header), and the VXLan Header internally contains a VNI to identify different virtual networks. The encapsulated data packet 102 is sent to the peer VTEP through the IP network 106, the VTEP is decapsulated, the original data packet 103 is restored, and then forwarded to the destination Hostl07. It can be seen that after the original data packet 101 is encapsulated into the UDP packet, the underlying IP network forwards it as a payload, cannot identify which tenant the original data packet 101 belongs to, and cannot identify the IP address and other information inside the original data packet 101. No optimization or control can be done based on this information. The related technologies have the following problems: The underlying IP network and the virtual network are separated. When the data packets of the virtual network are transmitted in the underlying IP network, the IP network cannot identify the information encapsulated in the data packet, and cannot be optimized for the needs of the tenant. Measures or other strategies; The virtual network does not identify the forwarding mode of the packet in the underlying IP network, and cannot control the forwarding process.
发明内容 Summary of the invention
本发明实施例提供一种实现虚拟网络的方法和虚拟网络, 解决由于底层 Embodiments of the present invention provide a method and a virtual network for implementing a virtual network, which are solved by the bottom layer.
IP 网络和虚拟网络分离, 当虚拟网络的数据包在底层 IP 网络中传输时, IP 网络并不能识别数据包内部封装的信息, 不能针对租户的需求实施优化或其 他策略; 虚拟网络也不识别数据包在底层 IP网络中的转发方式, 无法对转发 过程进行控制的缺陷。 The IP network is separated from the virtual network. When the data packets of the virtual network are transmitted in the underlying IP network, the IP network cannot identify the information encapsulated in the data packet, and cannot implement optimization or other policies for the needs of the tenant; the virtual network does not recognize the data. The forwarding mode of the packet in the underlying IP network cannot control the forwarding process.
本发明的实施例提供一种实现虚拟网络的方法, 包括:  An embodiment of the present invention provides a method for implementing a virtual network, including:
所述虚拟网络的控制器获取由主机发出的数据包的传送类型, 来源地和 目的地;  The controller of the virtual network acquires the transmission type, source and destination of the data packet sent by the host;
所述控制器根据所述传送类型、 来源地的端口标识、 目的地的目的标识 制定转发策略; 以及  Determining, by the controller, a forwarding policy according to the type of the transmission, the port identifier of the source, and the destination identifier of the destination;
所述控制器将所述转发策略发送给所述数据包将要经过的各个虚拟访问 交换机和中间交换机, 以使所述虚拟访问交换机和中间交换机对接收到的数 据包执行所述转发策略。  The controller sends the forwarding policy to each virtual access switch and intermediate switch through which the data packet is to be passed, such that the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet.
所述的方法中, 所述虚拟访问交换机和所述中间交换机对接收到的数据 包执行所述转发策略包括:  In the method, the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet, including:
将接收到的数据包作为第一数据包, 将所述目的标识与所述第一数据包 封装后形成第二数据包; 以及  Receiving the received data packet as a first data packet, and packaging the destination identifier with the first data packet to form a second data packet;
发送所述第二数据包。  Sending the second data packet.
所述的方法中, 所述传送类型为在同一个子网内转发数据包; 发送数据 包的主机与接收数据包的目的主机位于同一个子网;  In the method, the transmission type is to forward a data packet in the same subnet; the host that sends the data packet is located on the same subnet as the destination host that receives the data packet;
所述目的标识包括: 根据所述端口标识确定的发送数据包的主机所在子 网的目的虚拟网络标识, 以及目的虚拟访问交换机的目的路由标识。 所述的方法中, 所述传送类型为在子网之间转发数据包; 所述目的标识包括: 目的子网的目的虚拟网络标识, 以及目的虚拟访问 交换机的目的路由标识。 The destination identifier includes: a destination virtual network identifier of a subnet where the host that sends the data packet is determined according to the port identifier, and a destination route identifier of the destination virtual access switch. In the method, the transmission type is to forward a data packet between subnets; the destination identifier includes: a destination virtual network identifier of the destination subnet, and a destination route identifier of the destination virtual access switch.
所述的方法中, 所述传送类型为单播;  In the method, the transmission type is unicast;
所述控制器制定转发策略的步骤包括: 计算出所述发送数据包的主机与 目的地之间的至少一条优化路径; 其中, 所述转发策略中包括所述至少一条 优化路径;  The step of the controller formulating the forwarding policy includes: calculating at least one optimized path between the host and the destination of the sending data packet; wherein the forwarding policy includes the at least one optimized path;
所述虚拟访问交换机和所述中间交换机对接收到的数据包执行所述转发 策略包括: 所述目的子网的目的虚拟访问交换机将所述第二数据包还原为第 一数据包, 并将所述第一数据包发给目的主机。  The virtual access switch and the intermediate switch perform the forwarding policy on the received data packet, including: the destination virtual access switch of the destination subnet restores the second data packet to a first data packet, and The first data packet is sent to the destination host.
所述的方法中, 所述传送类型为广播;  In the method, the transmission type is broadcast;
所述虚拟网络的控制器获取由主机发出的数据包的传送类型、 来源地和 目的地的步骤之前, 所述方法还包括:  Before the step of the controller of the virtual network acquiring the transmission type, the source, and the destination of the data packet sent by the host, the method further includes:
所述控制器在每一个子网中建立覆盖整个所述子网的第一类广播树; 或 者,  The controller establishes a first type of broadcast tree covering the entire subnet in each subnet; or
所述控制器在每一个子网中建立第二类广播树, 并在每一个所述第二类 广播树中, 选定所述子网中的一个与主机连接的虚拟访问交换机作为所述第 二类广播树的根节点。  The controller establishes a second type of broadcast tree in each subnet, and in each of the second type of broadcast trees, selects a virtual access switch connected to the host in the subnet as the first The root node of the second type of broadcast tree.
所述的方法中,  In the method,
所述目的标识包括: 目的地的第一类广播树对应的目的子网的目的虚拟 网络标识或者目的地的第二类广播树对应的目的子网的目的虚拟网络标识; 所述虚拟访问交换机和所述中间交换机对接收到的数据包执行所述转发 策略包括: 所述目的子网的目的虚拟访问交换机将所述第二数据包还原为第 一数据包, 并将所述第一数据包发给目的主机。  The destination identifier includes: a destination virtual network identifier of the destination subnet corresponding to the first type of broadcast tree of the destination or a destination virtual network identifier of the destination subnet corresponding to the second type of broadcast tree of the destination; the virtual access switch and The performing, by the intermediate switch, the forwarding policy to the received data packet includes: the destination virtual access switch of the destination subnet restores the second data packet to a first data packet, and sends the first data packet Give the destination host.
所述的方法中, 所述控制器将所述转发策略发送给所述数据包将要经过 的各个虚拟访问交换机和中间交换机的步骤包括:  In the method, the step of the controller sending the forwarding policy to each virtual access switch and the intermediate switch that the data packet is to pass through includes:
所述控制器釆用开放流协议下发所述转发策略; 其中, 所述转发策略由 流表实现; 或者, The controller sends the forwarding policy by using an OpenFlow protocol, where the forwarding policy is Flow table implementation; or,
所述控制器釆用网管接口下载协议下发所述转发策略; 其中, 所述转发 策略由网管配置条目实现; 或者,  The controller sends the forwarding policy by using a network management interface download protocol, where the forwarding policy is implemented by a network management configuration entry; or
所述控制器釆用选定的私有协议下发所述转发策略。  The controller delivers the forwarding policy by using a selected private protocol.
本发明实施例还提供一种控制器, 包括:  The embodiment of the invention further provides a controller, including:
信息获取单元, 其设置成: 获取由主机发出的数据包的传送类型、 来源 地和目的地;  An information obtaining unit, configured to: acquire a transmission type, a source, and a destination of the data packet sent by the host;
策略制定单元, 其设置成: 根据所述传送类型、 来源地的端口标识、 目 的地的目的标识制定转发策略; 以及  a policy making unit, configured to: formulate a forwarding policy according to the type of the transmission, the port identifier of the source, and the destination identifier of the destination;
策略下发单元, 其设置成: 将所述转发策略发送给所述数据包将要经过 的各个虚拟访问交换机和中间交换机, 以使所述虚拟访问交换机和中间交换 机对接收到的数据包执行所述转发策略。  a policy sending unit, configured to: send the forwarding policy to each virtual access switch and an intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch perform the foregoing on the received data packet Forwarding strategy.
所述的控制器中, 所述策略制定单元包括:  In the controller, the policy making unit includes:
第一制定模块, 其设置成: 当所述传送类型为在同一个子网内转发数据 包时, 设置所述目的标识包括: 根据所述端口标识确定的发送数据包的主机 所在子网的目的虚拟网络标识, 以及目的虚拟访问交换机的目的路由标识。  a first setting module, configured to: when the transmission type is to forward a data packet in the same subnet, setting the destination identifier includes: determining, according to the port identifier, a destination virtuality of a subnet where the host that sends the data packet is located The network identifier, and the destination route identifier of the destination virtual access switch.
所述的控制器中, 所述策略制定单元包括:  In the controller, the policy making unit includes:
第二制定模块, 其设置成: 当所述传送类型为在子网之间转发数据包时, 设置所述目的标识包括: 目的子网的目的虚拟网络标识, 以及目的虚拟访问 交换机的目的路由标识。  a second setting module, configured to: when the transmission type is to forward a data packet between subnets, setting the destination identifier includes: a destination virtual network identifier of the destination subnet, and a destination route identifier of the destination virtual access switch .
所述的控制器中, 所述策略制定单元包括:  In the controller, the policy making unit includes:
第三制定模块, 其设置成: 当所述传送类型为单播时, 计算出发送数据 包的主机与目的地之间的至少一条优化路径; 其中, 所述转发策略中包括所 述至少一条优化路径。  And a third setting module, configured to: when the transmission type is unicast, calculate at least one optimized path between the host and the destination that sends the data packet; where the forwarding policy includes the at least one optimization path.
所述的控制器还包括:  The controller further includes:
广播树单元, 其设置成: 在每一个子网中建立覆盖整个所述子网的第一 类广播树; 或者, 在每一个子网中建立第二类广播树, 并在每一个所述第二 类广播树中, 选定所述子网中的一个与主机有连接的虚拟访问交换机作为所 述第二类广播树的根节点。 所述的控制器中, 所述策略制定单元还包括: a broadcast tree unit, configured to: establish a first type of broadcast tree covering the entire subnet in each subnet; or, establish a second type of broadcast tree in each subnet, and in each of the Two In the class broadcast tree, a virtual access switch connected to the host in the subnet is selected as the root node of the second type of broadcast tree. In the controller, the policy making unit further includes:
第四制定模块, 其设置成: 当所述传送类型为广播时, 设置所述目的标 识包括: 目的地的第一类广播树对应的目的子网的目的虚拟网络标识或者目 的地的第二类广播树对应的目的子网的目的虚拟网络标识。  And a fourth setting module, configured to: when the transmission type is broadcast, setting the destination identifier comprises: a destination virtual network identifier of a destination subnet corresponding to the first type of broadcast tree of the destination or a second category of the destination Destination virtual network ID of the destination subnet corresponding to the broadcast tree.
本发明实施例还提供一种虚拟网络, 包括: 虚拟访问交换机、 中间交换 机和上述的控制器; 其中, 每一个虚拟访问交换机具有一个路由标识, 并与所述控制器连接; 每一个中间交换机与所述虚拟访问交换机连接, 并与所述控制器连接; 每一个主机均位于一个子网中, 所述子网内的所有主机在一个二层广播 域内, 所述二层广播域具有虚拟网络标识; 以及  The embodiment of the present invention further provides a virtual network, including: a virtual access switch, an intermediate switch, and the foregoing controller; wherein each virtual access switch has a route identifier and is connected to the controller; each intermediate switch is The virtual access switch is connected to the controller, and each host is located in a subnet. All hosts in the subnet are in a Layer 2 broadcast domain, and the Layer 2 broadcast domain has a virtual network identifier. ; as well as
一个主机与一个虚拟访问交换机通过端口连接 ,所述端口具有端口标识。 所述的虚拟网络中,  A host is connected to a virtual access switch through a port that has a port identifier. In the virtual network,
所述虚拟访问交换机包括:  The virtual access switch includes:
第一策略执行单元, 其设置成: 将接收到的数据包作为第一数据包, 将 所述目的标识与所述第一数据包封装后形成第二数据包; 发送所述第二数据 包;  a first policy execution unit, configured to: receive the received data packet as a first data packet, encapsulate the destination identifier with the first data packet to form a second data packet; and send the second data packet;
所述中间交换机包括:  The intermediate switch includes:
第二策略执行单元, 其设置成: 将接收到的数据包作为第一数据包, 将 所述目的标识与所述第一数据包封装后形成第二数据包; 发送所述第二数据 包;  a second policy execution unit, configured to: receive the received data packet as a first data packet, encapsulate the destination identifier with the first data packet to form a second data packet; and send the second data packet;
通过本发明实施例的技术方案, 在数据包转发过程中, 控制器能够获取 数据包的各种属性作为目的标识, 根据目的标识制定转发策略, 更精细和灵 活地转发数据包, 支持了多租户、 多路径转发和流量负载均衡; 且更有效地 利用了网络资源。 附图概述 According to the technical solution of the embodiment of the present invention, in the process of data packet forwarding, the controller can obtain various attributes of the data packet as the destination identifier, formulate a forwarding policy according to the destination identifier, and forward the data packet more finely and flexibly, and support multi-tenancy. , multi-path forwarding and traffic load balancing; and more efficient use of network resources. BRIEF abstract
图 1表示相关技术中 VXLAN技术的工作原理的示意图;  1 is a schematic diagram showing the working principle of the VXLAN technology in the related art;
图 2表示本发明实施例的虚拟网络的系统的架构图;  2 is a block diagram showing a system of a virtual network according to an embodiment of the present invention;
图 3表示本发明实施例的数据包封装的结构示意图;  3 is a schematic structural diagram of a data packet encapsulation according to an embodiment of the present invention;
图 4表示本发明实施例的子网间路由功能的示意图;  4 is a schematic diagram showing a routing function between subnets according to an embodiment of the present invention;
图 5表示本发明实施例的子网内单播的示意图;  FIG. 5 is a schematic diagram showing unicast in a subnet according to an embodiment of the present invention; FIG.
图 6表示本发明实施例的实现最优路径的流程图;  6 is a flowchart showing an implementation of an optimal path according to an embodiment of the present invention;
图 7表示本发明实施例的子网内广播的流程图;  FIG. 7 is a flowchart showing a broadcast in a subnet according to an embodiment of the present invention;
图 8表示本发明实施例的一种控制器的结构示意图。  FIG. 8 is a schematic structural diagram of a controller according to an embodiment of the present invention.
本发明的较佳实施方式 Preferred embodiment of the invention
下面将结合附图对本发明实施例进行详细描述。 需要说明的是, 在不冲 突的情况下, 本申请中的实施例及实施例中的特征可以相互任意组合。  The embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of non-conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
软件定义网络(SDN, Software Defined Network )技术是一种通信网络 实现方法, 其原理是控制、 转发和分离。 SDN的控制面由集中的控制器(即, 转发策略服务器 (FPS , Forwarding Policy Server ) )组成, 并通过开发流 ( OpenFlow )协议控制转发面的行为, 控制方式是下发流表, 流表包括匹配 规则和行为, 指示针对与匹配规则相匹配的数据包所应釆取的行为。 SDN的 转发面收到数据包后, 按顺序匹配流表项, 发现匹配项后执行匹配项相应的 指令; 如果未发现匹配项, 则可以将数据包转发给控制器, 由控制器处理。  Software Defined Network (SDN) technology is a communication network implementation method whose principle is control, forwarding and separation. The control plane of the SDN is composed of a centralized controller (ie, Forwarding Policy Server (FPS)), and controls the behavior of the forwarding plane through a development flow (OpenFlow) protocol. The control method is a flow table, and the flow table includes Match rules and behaviors that indicate behaviors that should be taken for packets that match the matching rules. After receiving the data packet, the forwarding plane of the SDN matches the flow entry in sequence, and executes the matching command after the match is found. If no match is found, the data packet can be forwarded to the controller and processed by the controller.
租户可以拥有多个子网, 租户的每台主机都属于某个子网, 子网作为一 个二层广播域, 每个二层广播域都分配有一个虚拟网络标识(又称为广播域 标识( Broadcast ID ) )。每台主机连接在一台虚拟访问交换机 ( Virtual Access Switch )的一个端口上 ,每个端口有一个唯一的端口标识 ,每个 Virtual Access Switch都由控制器分配一个路由标识(Route ID ) 。  A tenant can have multiple subnets. Each host of the tenant belongs to a subnet. The subnet serves as a Layer 2 broadcast domain. Each Layer 2 broadcast domain is assigned a virtual network identifier (also known as a broadcast domain identifier (Broadcast ID). )). Each host is connected to a port on a virtual access switch. Each port has a unique port identifier. Each Virtual Access Switch is assigned a route ID by the controller.
本发明实施例提供了一种实现虚拟网络的方法, 包括如下步骤: 步骤一, 虚拟网络的控制器获取由主机发出的数据包的传送类型、 来源 地和目的地。 An embodiment of the present invention provides a method for implementing a virtual network, including the following steps: Step 1: The controller of the virtual network acquires the transmission type, source and destination of the data packet sent by the host.
步骤二, 控制器根据所述传送类型、 来源地的端口标识、 以及目的地的 目的标识制定转发策略。  Step 2: The controller formulates a forwarding policy according to the transmission type, the port identifier of the source, and the destination identifier of the destination.
步骤三, 控制器将所述转发策略发送给所述数据包将要经过的各个虚拟 访问交换机和中间交换机, 以使所述虚拟访问交换机和中间交换机对接收到 的数据包执行所述转发策略。  Step 3: The controller sends the forwarding policy to each virtual access switch and the intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet.
应用本发明实施例提供的技术, 在数据包转发过程中, 控制器能够获取 数据包的各种属性,如, Broadcast ID、 Route ID、 以太网包头、 IP包头和 TCP ( Transmission Control Protocol, 传输控制协议 ) /UDP端口号等作为目的标 识, 根据目的标识制定转发策略, 由转发面更精细和灵活地转发数据包; 支 持了多租户、 多路径转发、 以及流量负载均衡, 更有效地利用了网络资源。  Applying the technology provided by the embodiment of the present invention, in the process of data packet forwarding, the controller can acquire various attributes of the data packet, such as a Broadcast ID, a Route ID, an Ethernet packet header, an IP packet header, and a TCP (Transmission Control Protocol). The protocol/UDP port number is used as the destination identifier. The forwarding policy is formulated according to the destination identifier. The forwarding plane forwards the data packet more finely and flexibly. It supports multi-tenancy, multi-path forwarding, and traffic load balancing, making more efficient use of the network. Resources.
虚拟网络的结构如图 2所示, 虚拟网络包括转发面和控制面。  The structure of the virtual network is shown in Figure 2. The virtual network includes a forwarding plane and a control plane.
转发面包括虚拟访问交换机 202和中间交换机 206; 中间交换机 206不 直接连接主机 203 , 负责中间转发数据包。 主机 203通过虚拟访问交换机 202 接入虚拟网络, 主机 203包括物理机和虚拟机。  The forwarding plane includes a virtual access switch 202 and an intermediate switch 206; the intermediate switch 206 is not directly connected to the host 203 and is responsible for forwarding packets in the middle. The host 203 accesses the virtual network through the virtual access switch 202, and the host 203 includes a physical machine and a virtual machine.
控制面包括控制器 201 , 它与虚拟访问交换机 202和中间交换机 206互 联, 向虚拟访问交换机 202和中间交换机 206下发转发策略, 以控制转发面 的转发行为; 转发策略包括控制数据包从哪个端口转发、 修改数据包的属性 等。  The control plane includes a controller 201 that interconnects the virtual access switch 202 and the intermediate switch 206, and delivers a forwarding policy to the virtual access switch 202 and the intermediate switch 206 to control the forwarding behavior of the forwarding plane; the forwarding policy includes controlling which port the data packet is from. Forward, modify the properties of the packet, etc.
下面对虚拟网络中各个器件的工作原理进行说明。  The following describes the working principle of each device in the virtual network.
控制器 201是组成控制面的设备, 整个虚拟网络的控制逻辑都在控制器 201上制定, 控制器 201对来自转发面的网络事件进行响应, 根据虚拟网络 需求下发转发策略到各个虚拟访问交换机 202和中间交换机 206上, 以实现 对整个虚拟网络的控制。  The controller 201 is a device that constitutes a control plane, and the control logic of the entire virtual network is set on the controller 201. The controller 201 responds to the network event from the forwarding plane, and delivers the forwarding policy to each virtual access switch according to the virtual network requirement. 202 and intermediate switch 206 to implement control of the entire virtual network.
虚拟访问交换机 202是组成转发面的设备, 负责将主机 203接入到虚拟 网络。  The virtual access switch 202 is a device that constitutes a forwarding plane and is responsible for connecting the host 203 to the virtual network.
中间交换机 206是组成转发面的设备, 是虚拟网络的中间节点, 不直接 接入主机 203。虚拟访问交换机 202和中间交换机 206根据控制器 201下发的 转发策略对数据包进行转发。 The intermediate switch 206 is a device that constitutes a forwarding plane, and is an intermediate node of the virtual network, and is not directly Access to host 203. The virtual access switch 202 and the intermediate switch 206 forward the data packet according to the forwarding policy delivered by the controller 201.
每个主机 203连接在一个虚拟访问交换机 202的端口上。  Each host 203 is connected to a port of a virtual access switch 202.
控制器 201与转发面的接口 204相连接,可釆用 OpenFlow协议、 网管协 议或者私有协议下发转发策略。  The controller 201 is connected to the interface 204 of the forwarding plane, and the forwarding policy can be delivered by using the OpenFlow protocol, the network management protocol, or the private protocol.
虚拟机管理器( VMM, Virtual Machine Manager ) 205负责管理主机 203 , 将主机 203包括 Broadcast ID、 主机 203所在端口的端口标识, 以及 Route ID 等的信息传送给控制器 201。  The virtual machine manager (VMM) 205 is responsible for managing the host 203, and transmits information such as the Broadcast ID, the port identifier of the port where the host 203 is located, and the route ID to the controller 201.
主机 203的标识、 主机 203所在端口的端口标识、 主机 203所属的子网 的虚拟网络标识, 以及它们之间的对应关系都存储在控制器 201中。  The identifier of the host 203, the port identifier of the port where the host 203 is located, the virtual network identifier of the subnet to which the host 203 belongs, and the correspondence between them are stored in the controller 201.
在数据包的各种属性中, 目的标识至少包括目的 Broadcast ID ,还可以包 括目的 Route ID。  Among the various attributes of the data packet, the destination identifier includes at least the destination Broadcast ID, and may also include the destination Route ID.
来源地是指发出数据包的源主机所在的子网;  The source is the subnet where the source host that sent the packet is located;
目的地是指接收数据包的目的主机所在的子网。  The destination is the subnet where the destination host that receives the packet is located.
在一个优选实施例中,这些信息由其他系统,如,虚拟化管理平台( VMP, In a preferred embodiment, this information is provided by other systems, such as a virtualization management platform (VMP,
Virtualization Management Platform ) , 通过接口 204传送给控制器 201。 The Virtualization Management Platform) is transmitted to the controller 201 through the interface 204.
数据包进入虚拟网络时, 打上虚拟网络标识和路由标识; 数据包在虚拟 网络传输过程中, 转发面根据数据包的路由标识进行转发; 转发面根据数据 包的虚拟网络标识区分不同的虚拟网络, 只能将数据包发送给同一个虚拟网 络的主机。  When the data packet enters the virtual network, the virtual network identifier and the route identifier are marked. When the data packet is transmitted in the virtual network, the forwarding plane forwards according to the routing identifier of the data packet; the forwarding plane distinguishes different virtual networks according to the virtual network identifier of the data packet. Packets can only be sent to hosts on the same virtual network.
数据包的封装方式如图 3所示, 源主机 304发出的数据包 301 , 包括二 层包头和数据, 在虚拟访问交换机 202封装为数据包 302, 这一过程中, 釆 用实际存在的网络标签, 如, 20bit MPLS ( Multiple Protocol Label Switching, 多协定标签交换 )标签来实现 Broadcast ID和 Route ID, 并将 Broadcast ID和 Route ID与数据包 301封装在一起形成数据包 302,或者只将 Broadcast ID与 数据包 301封装在一起形成数据包 303; Broadcast ID表示虚拟网络标识和 Route ID用以标识目的虚拟访问交换机;此时 MPLS标签仅作为 Broadcast ID 和 Route ID的载体, 不具有 MPLS标签原本的意义。 20bit的 Broadcast ID能 够支持超过 100万独立子网, 因此能够支持大量租户。 The packet encapsulation mode is as shown in FIG. 3. The data packet 301 sent by the source host 304 includes a layer 2 packet header and data, and is encapsulated into a data packet 302 by the virtual access switch 202. In this process, the actual network label is used. For example, a 20-bit MPLS (Multi Protocol Label Switching) label is used to implement the Broadcast ID and the Route ID, and the Broadcast ID and the Route ID are encapsulated with the data packet 301 to form a data packet 302, or only the Broadcast ID and the Broadcast ID are The data packet 301 is encapsulated to form a data packet 303. The Broadcast ID indicates that the virtual network identifier and the Route ID are used to identify the destination virtual access switch. In this case, the MPLS label serves only as a carrier of the Broadcast ID and the Route ID, and does not have the original meaning of the MPLS label. 20bit Broadcast ID can Support for more than 1 million independent subnets, so it can support a large number of tenants.
目的虚拟访问交换机接到数据包 302后, 去除 Broadcast ID和 Route ID 的数据包 304, 恢复到了初始的数据包 301的状态, 发送数据包 304给目的 主机 305。  After receiving the data packet 302, the destination virtual access switch removes the data packet 304 of the Broadcast ID and the Route ID, restores the state of the initial data packet 301, and sends the data packet 304 to the destination host 305.
广播数据包 303 由于不是转发给特定的 Host, 而是发给广播域内所有 The broadcast packet 303 is sent to all the broadcast domains because it is not forwarded to a specific Host.
Host, 所以不需要封装 Route ID, 而仅仅封装 Broadcast ID。 Host, so there is no need to encapsulate the Route ID, but only the Broadcast ID.
控制器 201与转发面之间的接口协议可有多种选择,如,可釆用 OpenFlow 协议, 转发策略通过流表实现; 也可以釆用网管接口下载协议, 转发策略由 网管配置条目实现。  There are various options for the interface protocol between the controller 201 and the forwarding plane. For example, the OpenFlow protocol can be used, and the forwarding policy can be implemented through a flow table. The network management interface can also be used to download the protocol. The forwarding policy is implemented by the network management configuration entry.
在一个优选实施例中,控制器 201釆用 OpenFlow协议下发所述转发策略; 所述转发策略由流表实现;  In a preferred embodiment, the controller 201 delivers the forwarding policy by using an OpenFlow protocol; the forwarding policy is implemented by a flow table;
或者,  Or,
所述控制器釆用网管接口下载协议下发所述转发策略; 所述转发策略由 网管配置条目实现;  The controller sends the forwarding policy by using a network management interface download protocol; the forwarding policy is implemented by a network management configuration entry;
或者,  Or,
所述控制器釆用私有协议下发所述转发策略。  The controller delivers the forwarding policy by using a proprietary protocol.
在一个优选实施例中, 所述虚拟访问交换机 202和中间交换机 206对接 收到的数据包执行所述转发策略执行所述转发策略的步骤包括:  In a preferred embodiment, the steps of the virtual access switch 202 and the intermediate switch 206 performing the forwarding policy on the received data packet to perform the forwarding policy include:
将接收到的数据包作为第一数据包, 将所述目的标识与所述第一数据包 封装后形成第二数据包;  The received data packet is used as a first data packet, and the destination identifier is encapsulated with the first data packet to form a second data packet;
发送所述第二数据包。  Sending the second data packet.
所提供的技术方案中能够在同一个子网内转发数据包。  The provided technical solution can forward data packets in the same subnet.
在一个优选实施例中, 所述传送类型为在同一个子网内转发数据包; 所述目的标识包括: 根据所述端口标识找出的发送数据包的主机所在子 网的目的 Broadcast ID, 以及目的虚拟访问交换机的目的 Route ID。  In a preferred embodiment, the transmission type is to forward a data packet in the same subnet; the destination identifier includes: a destination broadcast ID of a subnet where the host that sends the data packet is found according to the port identifier, and a destination. The purpose of the virtual access switch is the Route ID.
在一个应用场景中, 在虚拟网络中转发数据包时, 控制器 201通过下发 的转发策略为数据包打上两种目的标识: Broadcast ID和 Route ID, 该过程包 括如下步骤: In an application scenario, when forwarding a data packet in a virtual network, the controller 201 applies two destination identifiers to the data packet by using a forwarding policy: Broadcast ID and Route ID, and the process package Including the following steps:
步骤 01 , 当主机发送数据包时, 控制器 201根据主机所在端口查询数据 库,找出主机所在子网对应的 Broadcast ID, 以及目的虚拟访问交换机的目的 Route ID, 以此形成转发策略。  Step 01: When the host sends a data packet, the controller 201 queries the database according to the port where the host is located, finds the Broadcast ID corresponding to the subnet where the host is located, and the destination route ID of the destination virtual access switch, thereby forming a forwarding policy.
步骤 02, 控制器 201下发转发策略给与主机所连接的虚拟访问交换机, 以及中间交换机,中间交换机与虚拟访问交换机或者其他的中间交换机连接。  Step 02: The controller 201 sends a forwarding policy to the virtual access switch connected to the host, and the intermediate switch, and the intermediate switch is connected to the virtual access switch or other intermediate switch.
步骤 03 , 执行转发策略时将 Broadcast ID和 Route ID封转在第一数据包 中形成第二数据包。 在同一个子网内转发数据包需要打上 Broadcast ID ,否则就无法区分此数 据包是哪个虚拟网络的。 带有 Broadcast ID和 Route ID的第二数据包在子网 内传输时, 中间交换机匹配此目的标识, 保证此数据包只会发到同一子网内 的目的主机, 以此实现在同一个子网内传输数据包与在子网之间传输数据包 的隔离。  Step 03: When the forwarding policy is executed, the Broadcast ID and the Route ID are sealed in the first data packet to form a second data packet. To forward a packet in the same subnet, you need to type the Broadcast ID. Otherwise, you cannot distinguish which virtual network the packet is. When the second data packet with the broadcast ID and the route ID is transmitted in the subnet, the intermediate switch matches the destination identifier to ensure that the data packet is only sent to the destination host in the same subnet, thereby implementing the same subnet. The isolation of transport packets and the transmission of packets between subnets.
所提供的技术方案中能够在不同的子网之间转发数据包。 在数据包中封 装目的主机所在的虚拟网络的虚拟网络标识, 以保证只有目的虚拟网络内的 主机能够收到此数据包。  The provided technical solution can forward data packets between different subnets. The virtual network ID of the virtual network where the destination host is located is encapsulated in the data packet to ensure that only hosts in the destination virtual network can receive the data packet.
在一个优选实施例中, 传送类型为在子网之间转发数据包;  In a preferred embodiment, the transmission type is to forward data packets between subnets;
目的标识包括: 目的子网的目的虚拟网络标识, 以及目的虚拟访问交换 机的目的路由标识。 目的虚拟访问交换机位于目的子网内。  The destination identifier includes: the destination virtual network identifier of the destination subnet and the destination route identifier of the destination virtual access switch. The destination virtual access switch is located in the destination subnet.
子网间路由过程类似子网内单播流程, 不同的是, 子网间路由要替换数 据包的 MAC ( Medium Access Control, 媒体访问控制)地址, 这是因为, 数 据包发出时, 源 MAC地址为源主机的 MAC地址, 目的 MAC地址为路由器 的 MAC地址; 其中, 路由器的 MAC地址是主机配置的路由器的 MAC地址 (不是虚拟访问交换机的 MAC地址) , 主机配置的路由器是虚拟的, 每个 主机会配置路由器的 IP地址, 当主机要发送子网间的数据包时, 主机会通过 ARP ( Address Resolution Protocol, 地址解析协议)获取此路由器的 IP地址 对应的 MAC地址, 控制器 201此时代替虚拟的路由器应答这一 ARP请求, 给主机返回虚拟路由器的 MAC地址。 数据包经过虚拟访问交换机, 源 MAC地址替换为路由器的 MAC地址, 目的 MAC地址替换为源主机的 MAC地址。这一过程中需要设置一个虚拟路 由器的地址, 但不需设置物理路由器, 仅通过 MAC地址的替换来完成路由 功能。 The inter-subnet routing process is similar to the unicast process in the subnet. The difference is that the inter-subnet routing replaces the MAC (Medium Access Control) address of the packet because the source MAC address is sent when the packet is sent. The MAC address of the source host, the destination MAC address is the MAC address of the router; where the MAC address of the router is the MAC address of the router configured by the host (not the MAC address of the virtual access switch), and the router configured by the host is virtual, each The host configures the IP address of the router. When the host wants to send the data packet between the subnets, the host obtains the MAC address corresponding to the IP address of the router through the ARP (Address Resolution Protocol). The controller 201 replaces the MAC address. The virtual router answers this ARP request and returns the MAC address of the virtual router to the host. The packet passes through the virtual access switch, the source MAC address is replaced with the router's MAC address, and the destination MAC address is replaced with the source host's MAC address. In this process, you need to set the address of a virtual router, but you do not need to set up a physical router, and only complete the routing function by replacing the MAC address.
在一个应用场景中,如图 4所示, 以 OpenFlow协议作为控制器 201与转 发面之间的接口协议为例进行说明,转发策略对应 OpenFlow协议中所定义的 流表, 包括如下步骤:  In an application scenario, as shown in FIG. 4, the OpenFlow protocol is used as an interface protocol between the controller 201 and the forwarding plane. The forwarding policy corresponds to the flow table defined in the OpenFlow protocol, and includes the following steps:
步骤 401 ,源主机发送第一数据包给与它相连的源虚拟访问交换机 202a。 步骤 402, 源虚拟访问交换机 202a由于没有匹配的流表, 将第一数据包 通过 Packetln消息转发给控制器 201。  Step 401: The source host sends the first data packet to the source virtual access switch 202a connected thereto. Step 402: The source virtual access switch 202a forwards the first data packet to the controller 201 through the Packetln message because there is no matching flow table.
步骤 403 , 控制器 201向源虚拟访问交换机 202a下发流表, 流表负责封 装 Broadcast ID、 Route ID和替换 MAC地址,替换 MAC地址包括:将源 MAC 地址替换为路由器的 MAC地址,目的 MAC地址替换为源主机的 MAC地址。  Step 403: The controller 201 sends a flow table to the source virtual access switch 202a. The flow table is configured to encapsulate the broadcast ID, the route ID, and the replacement MAC address. The replacement MAC address includes: replacing the source MAC address with the MAC address of the router, and the destination MAC address. Replace with the MAC address of the source host.
步骤 404, 控制器 201向目的虚拟访问交换机 202b下发流表, 这些流表 负责从接收到的第一数据包中弹出 Broadcast ID和 Route ID以还原数据包, 以及转发还原后的数据包到合适的目的主机。  Step 404: The controller 201 sends a flow table to the destination virtual access switch 202b, where the flow table is responsible for popping the broadcast ID and the Route ID from the received first data packet to restore the data packet, and forwarding the restored data packet to the appropriate one. The destination host.
步骤 405 ,控制器 201将第一数据包通过 PacketOut消息发回给源虚拟访 问交换机 202a。  Step 405: The controller 201 sends the first data packet back to the source virtual access switch 202a through the PacketOut message.
步骤 406, 源虚拟访问交换机 202a匹配步骤 403中提到的流表, 给数据 包封装 Broadcast ID和 Route ID ,将源 MAC地址替换为路由器的 MAC地址, 目的 MAC地址替换为源主机的 MAC地址, 形成第二数据包。  Step 406: The source virtual access switch 202a matches the flow table mentioned in step 403, encapsulates the broadcast ID and the route ID, replaces the source MAC address with the MAC address of the router, and replaces the destination MAC address with the MAC address of the source host. Form a second data packet.
步骤 407, 源虚拟访问交换机 202a匹配步骤 403中提到的流表, 按最优 路径转发第二数据包。  Step 407: The source virtual access switch 202a matches the flow table mentioned in step 403, and forwards the second data packet according to the optimal path.
步骤 408, 中间交换机 206匹配流表, 按最优路径转发第二数据包。 步骤 409 , 目的虚拟访问交换机 202b匹配步骤 404中提到的流表, 弹出 Step 408: The intermediate switch 206 matches the flow table, and forwards the second data packet according to the optimal path. Step 409: The destination virtual access switch 202b matches the flow table mentioned in step 404, and pops up.
Broadcast ID和 Route ID , 从第二数据包中还原出第一数据包; Broadcast ID and Route ID, recovering the first data packet from the second data packet;
步骤 410, 目的虚拟访问交换机 202b匹配流表, 转发第一数据包到目的 主机。 所提供的技术方案中也能够转发单播的数据包。 Step 410: The destination virtual access switch 202b matches the flow table and forwards the first data packet to the destination host. Unicast packets can also be forwarded in the provided technical solution.
在一个优选实施例中, 传送类型为单播;  In a preferred embodiment, the transmission type is unicast;
步骤二还包括: 计算出发送数据包的主机与目的地之间的至少一条优化 路径; 其中, 所述转发策略中包括所述至少一条优化路径;  The second step further includes: calculating at least one optimized path between the host and the destination of the sending data packet, where the forwarding policy includes the at least one optimized path;
所述虚拟访问交换机 202和所述中间交换机 206对接收到的数据包执行 所述转发策略包括: 所述目的子网的目的虚拟访问交换机将所述第二数据包 还原为第一数据包, 将所述第一数据包发给目的主机。  The virtual access switch 202 and the intermediate switch 206 perform the forwarding policy on the received data packet, including: the destination virtual access switch of the destination subnet restores the second data packet to the first data packet, and The first data packet is sent to the destination host.
主机发送单播数据包时, 控制器 201查询目的主机所在虚拟访问交换机 的 Route ID, 下发转发策略, 虚拟访问交换机执行转发策略时将此 Route ID 封装在数据包中。  When the host sends a unicast data packet, the controller 201 queries the route ID of the virtual access switch where the destination host is located, and sends a forwarding policy. When the virtual access switch executes the forwarding policy, the route ID is encapsulated in the data packet.
控制器 201在每两个虚拟访问交换机之间计算最优路径, 并下发转发策 略, 源虚拟访问交换机 202a转发与策略匹配的数据包中的 Route ID , 使其沿 着特定路径转发, 直到到达目的虚拟访问交换机 202b, 由目的虚拟访问交换 机 202b将数据包转发给目的主机。  The controller 201 calculates an optimal path between each two virtual access switches, and delivers a forwarding policy. The source virtual access switch 202a forwards the Route ID in the data packet matching the policy, and forwards it along a specific path until it arrives. The destination virtual access switch 202b forwards the data packet to the destination host by the destination virtual access switch 202b.
控制器 201也可以同时计算多条路径, 让当前的数据包按预定义的转发 策略选择一条路径转发, 从而实现多路径负载均衡。 由控制器 201决定釆用 不同的转发方式, 可以根据需要随时确定不同的选择。  The controller 201 can also calculate multiple paths at the same time, so that the current data packet is forwarded according to a predefined forwarding policy, thereby implementing multipath load balancing. Different forwarding methods are determined by the controller 201, and different options can be determined at any time as needed.
子网内单播包需要打上 Broadcast ID和 Route ID,这两个标识都由 MPLS 标签实现, 其中, Route ID用于标识目的虚拟访问交换机 202b; Broadcast ID 用于唯一标识一个二层广播域(子网) , 保证同一个子网内的主机才能收到 此数据包, 良好地实现子网之间的隔离。  The unicast packets in the subnet need to be labeled with the broadcast ID and the route ID. The two IDs are used to identify the destination virtual access switch 202b. The broadcast ID is used to uniquely identify a Layer 2 broadcast domain. Network), to ensure that hosts in the same subnet can receive this packet, and good isolation between subnets.
在一个应用场景中,如图 5所示, 以 OpenFlow协议作为控制器 201与转 发面之间的接口协议进行说明,转发策略对应 OpenFlow协议定义的流表, 包 括如下步骤:  In an application scenario, as shown in FIG. 5, the OpenFlow protocol is used as an interface protocol between the controller 201 and the forwarding plane, and the forwarding policy corresponds to the flow table defined by the OpenFlow protocol, including the following steps:
步骤 501 ,源主机发送第一数据包到与它相连的源虚拟访问交换机 202a。 步骤 502, 第一数据包在源虚拟访问交换机 202a上没有匹配的流表, 源 虚拟访问交换机 202a向控制器 201发送 Packetln消息, Packetln消息包含第 一数据包的内容和输入端口。 步骤 503 , 控制器 201根据 Packetln消息的内容判断需要匹配的流表, 向源虚拟访问交换机 202a下发流表,这些流表负责封装 Broadcast ID和 Route ID; Step 501: The source host sends the first data packet to the source virtual access switch 202a connected thereto. Step 502: The first data packet has no matching flow table on the source virtual access switch 202a, and the source virtual access switch 202a sends a Packetln message to the controller 201. The Packetln message includes the content and input port of the first data packet. Step 503: The controller 201 determines, according to the content of the Packetln message, a flow table that needs to be matched, and sends a flow table to the source virtual access switch 202a, where the flow table is responsible for encapsulating the broadcast ID and the Route ID.
步骤 504, 控制器 201向目的虚拟访问交换机 202b下发流表, 这些流表 负责从第一数据包中弹出 Broadcast ID和 Route ID , 以及转发第一数据包到 合适的主机;  Step 504: The controller 201 sends a flow table to the destination virtual access switch 202b, where the flow table is responsible for popping the Broadcast ID and the Route ID from the first data packet, and forwarding the first data packet to the appropriate host;
流表可以在收到 Packetln消息时下载, 也可以选择在主机发送数据包前 下载。  The flow table can be downloaded when the Packetln message is received, or it can be downloaded before the host sends the packet.
步骤 505 ,控制器 201将第一数据包通过 PacketOut消息发回给源虚拟访 问交换机 202a;  Step 505, the controller 201 sends the first data packet back to the source virtual access switch 202a through the PacketOut message;
步骤 506, 源虚拟访问交换机 202a将此数据包匹配流表, 执行流表规定 的行为, 给第一数据包封装 Broadcast ID和 Route ID形成第二数据包;  Step 506: The source virtual access switch 202a matches the data packet to the flow table, performs the behavior specified by the flow table, and encapsulates the first data packet with the Broadcast ID and the route ID to form a second data packet.
步骤 507 , 源虚拟访问交换机 202a匹配流表, 按最优路径转发第二数据 包;  Step 507: The source virtual access switch 202a matches the flow table, and forwards the second data packet according to the optimal path.
步骤 508, 中间交换机 206匹配流表, 按最优路径转发第二数据包; 步骤 509, 目的虚拟访问交换机 202b将第二数据包匹配流表, 从第二数 据包中弹出 Broadcast ID和 Route ID , 还原出第一数据包;  Step 508, the intermediate switch 206 matches the flow table, and forwards the second data packet according to the optimal path. Step 509: The destination virtual access switch 202b matches the second data packet with the flow table, and pops the broadcast ID and the Route ID from the second data packet. Restore the first data packet;
步骤 510, 目的虚拟访问交换机 202b匹配流表, 转发还原后的第一数据 包到目的主机。  Step 510: The destination virtual access switch 202b matches the flow table, and forwards the restored first data packet to the destination host.
每个数据包都釆用最优路径转发,也可以根据租户对应的特定策略转发, 如, 可以根据租户所属的级别来选择不同路由路径, 这一过程中需要在路由 路径中的各节点上设置流表。  Each packet is forwarded by the optimal path or by a specific policy corresponding to the tenant. For example, different routing paths can be selected according to the level to which the tenant belongs. In this process, each node in the routing path needs to be set. Flow table.
各实施例中, 实现下发转发策略的最优路径的方式有多种, 可以是在网 络拓朴结构发生变化时即刻下发转发策略, 也可以先计算出最优路径, 当有 数据包发送时再下发转发策略, 如图 6所示, 实现最优路径的流程包括如下 步骤: In various embodiments, there are multiple ways to implement the optimal path for forwarding the forwarding policy. The forwarding policy may be sent immediately when the network topology changes, or the optimal path may be calculated first. Then, the forwarding policy is delivered. As shown in Figure 6, the process of implementing the optimal path includes the following steps:
步骤 601 ,控制器 201为每个虚拟访问交换机 202分配 Route ID,并探测 网络拓朴结构。 Step 601: The controller 201 assigns a Route ID to each virtual access switch 202 and detects Network topology.
当釆用 OpenFlow协议作为控制面和转发面之间的协议时, 控制器 201 探测网络拓朴结构包括: 控制器 201 指示每个端口发送链路层发现协议 ( LLDP, Link Layer Discovery Protocol ) 包, 如果在转发面的另一个端口收 到此 LLDP包, 则认为两个端口之间有一条链路。  When the OpenFlow protocol is used as the protocol between the control plane and the forwarding plane, the controller 201 detects the network topology. The controller 201 instructs each port to send a Link Layer Discovery Protocol (LLDP) packet. If the LLDP packet is received on another port on the forwarding plane, then there is a link between the two ports.
步骤 602, 计算每个虚拟访问交换机 202到其他虚拟访问交换机 202之 间的最优路径。  Step 602: Calculate an optimal path between each virtual access switch 202 and other virtual access switches 202.
步骤 603 , 控制器 201向虚拟访问交换机 202和中间交换机 206下发转 发策略, 转发策略中指示了从一个虚拟访问交换机 202到目的虚拟访问交换 机 202b的数据包应输出的所述端口, 匹配字段为 Route ID。  Step 603: The controller 201 sends a forwarding policy to the virtual access switch 202 and the intermediate switch 206. The forwarding policy indicates that the data packet from the virtual access switch 202 to the destination virtual access switch 202b should be output, and the matching field is Route ID.
所提供的技术方案中也能够转发广播数据包。  The broadcast data packet can also be forwarded in the provided technical solution.
在一个优选实施例中, 传送类型为广播;  In a preferred embodiment, the transmission type is broadcast;
步骤一之前, 所述方法还包括:  Before step 1, the method further includes:
所述控制器在每一个子网中建立覆盖整个所述子网的第一类广播树; 或者, 所述控制器在每一个子网中建立第二类广播树, 并在每一个所述 第二类广播树中, 选定所述子网中的一个与主机有连接的虚拟访问交换机作 为该第二类广播树的根节点。  The controller establishes a first type of broadcast tree covering the entire subnet in each subnet; or, the controller establishes a second type of broadcast tree in each subnet, and in each of the In the second type of broadcast tree, a virtual access switch connected to the host in the subnet is selected as the root node of the second type of broadcast tree.
建立广播树的方式有多种, 可以在发送广播包时建立广播树, 也可以预 先建立广播树; 广播树可以每个子网建立一个, 也可以以每个子网中与每个 主机相连的 Virtual Access Switch为才艮建立多个。 由于广播树的节点与主机的 位置相关, 因此主机位置变更时, 要重新建立广播树, 并更新流表。  There are several ways to establish a broadcast tree. You can set up a broadcast tree when sending broadcast packets, or you can set up a broadcast tree in advance. The broadcast tree can be set up for each subnet, or you can connect Virtual Access to each host in each subnet. The Switch creates multiple ports. Since the node of the broadcast tree is related to the location of the host, when the host location changes, the broadcast tree is re-established and the flow table is updated.
在一个优选实施例中, 目的标识包括: 目的地的第一类广播树对应的目 的子网的目的虚拟网络标识或者目的地的第二类广播树对应的目的子网的目 的虚拟网络标识;  In a preferred embodiment, the destination identifier includes: a destination virtual network identifier of a destination subnet corresponding to the first type of broadcast tree of the destination or a destination virtual network identifier of the destination subnet corresponding to the second type of broadcast tree of the destination;
所述虚拟访问交换机 202和所述中间交换机 206对接收到的数据包执行 所述转发策略包括: 所述目的子网的目的虚拟访问交换机将所述第二数据包 还原为第一数据包, 将所述第一数据包发给目的主机。  The virtual access switch 202 and the intermediate switch 206 perform the forwarding policy on the received data packet, including: the destination virtual access switch of the destination subnet restores the second data packet to the first data packet, and The first data packet is sent to the destination host.
在一个应用场景中, 如图 7所示, 子网内广播包需要封装上由 MPLS标 签实现的 Broadcast ID。 以 OpenFlow协议为控制器 201与转发面之间的接口 协议为例进行说明, 转发策略对应 OpenFlow协议定义的流表。 控制器 201 通过下发流表建立一个广播树, 使数据包按广播树传播, 包括如下步骤: 步骤 701 , 源主机发送第一数据包给与源主机相连接的源虚拟访问交换 机 202a。 In an application scenario, as shown in Figure 7, the broadcast packets in the subnet need to be encapsulated by the MPLS standard. Signed the implementation of the Broadcast ID. The OpenFlow protocol is used as an example of the interface protocol between the controller 201 and the forwarding plane. The forwarding policy corresponds to the flow table defined by the OpenFlow protocol. The controller 201 establishes a broadcast tree by sending the flow table to propagate the data packet according to the broadcast tree. The method includes the following steps: Step 701: The source host sends the first data packet to the source virtual access switch 202a connected to the source host.
步骤 702, 源虚拟访问交换机 202a没有匹配的流表, 将第一数据包通过 Packetln消息转发给控制器 201。  Step 702: The source virtual access switch 202a does not have a matching flow table, and forwards the first data packet to the controller 201 through the Packetln message.
步骤 703 , 控制器 201向源虚拟访问交换机 202a下发流表, 这些流表负 责为第一数据包封装 Broadcast ID。  Step 703: The controller 201 sends a flow table to the source virtual access switch 202a, where the flow table is responsible for encapsulating the Broadcast ID for the first data packet.
步骤 704, 控制器 201根据网络拓朴建立广播树, 根据建立广播树的结 果向广播树节点对应的中间交换机 206下发流表, 这些流表负责第二数据包 在广播树中转发。  Step 704: The controller 201 establishes a broadcast tree according to the network topology, and sends a flow table to the intermediate switch 206 corresponding to the broadcast tree node according to the result of establishing the broadcast tree, where the flow table is responsible for forwarding the second data packet in the broadcast tree.
步骤 705 , 控制器 201向目的虚拟访问交换机 202b下发流表; 这些流表 负责从第二数据包中弹出 Broadcast ID,以及转发第二数据包到合适的目的主 机。  Step 705: The controller 201 sends a flow table to the destination virtual access switch 202b. The flow table is responsible for popping the Broadcast ID from the second data packet and forwarding the second data packet to the appropriate destination host.
步骤 706,控制器 201将第一数据包通过 PacketOut消息发回给源虚拟访 问交换机 202a。  Step 706, the controller 201 sends the first data packet back to the source virtual access switch 202a through the PacketOut message.
步骤 707 , 源虚拟访问交换机 202a 匹配流表, 给第一数据包封装上 Broadcast ID形成第二数据包。  Step 707: The source virtual access switch 202a matches the flow table, and encapsulates the first data packet with the Broadcast ID to form a second data packet.
步骤 708,源虚拟访问交换机 202a匹配流表,按广播树转发第二数据包。 步骤 709, 中间交换机 206 配流表, 按广播树转发数据包; 数据包会到 达目的虚拟访问交换机 202b。  Step 708, the source virtual access switch 202a matches the flow table, and forwards the second data packet according to the broadcast tree. Step 709, the intermediate switch 206 allocates a flow table, and forwards the data packet according to the broadcast tree; the data packet arrives at the destination virtual access switch 202b.
步骤 710 , 目的虚拟访问交换机 202b 匹配流表, 从第二数据包中弹出 Broadcast ID , 还原出第一数据包。  Step 710: The destination virtual access switch 202b matches the flow table, and pops the Broadcast ID from the second data packet to restore the first data packet.
步骤 711 , 目的虚拟访问交换机 202b匹配流表, 转发第一数据包到目的 主机。 本发明实施例提供一种控制器, 如图 8所示, 包括: Step 711: The destination virtual access switch 202b matches the flow table, and forwards the first data packet to the destination host. An embodiment of the present invention provides a controller, as shown in FIG. 8, including:
信息获取单元 801 , 其设置成: 获取由主机发出的数据包的传送类型、 来源地和目的地;  The information obtaining unit 801 is configured to: acquire a transmission type, a source, and a destination of the data packet sent by the host;
策略制定单元 802, 其设置成: 根据所述传送类型、 来源地的端口标识、 以及目的地的目的标识制定转发策略; 以及  a policy making unit 802, configured to: formulate a forwarding policy according to the type of the transmission, the port identifier of the source, and the destination identifier of the destination;
策略下发单元 803 , 其设置成: 将所述转发策略发送给所述数据包将要 经过的各个所述虚拟访问交换机和中间交换机, 以使所述虚拟访问交换机和 中间交换机对接收到的数据包执行所述转发策略。  The policy issuance unit 803 is configured to: send the forwarding policy to each of the virtual access switches and the intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch pair the received data packet The forwarding policy is executed.
在一个优选实施例中, 策略制定单元 802包括:  In a preferred embodiment, policy formulation unit 802 includes:
第一制定模块 8021 , 其设置成: 当所述传送类型为同一个子网内转发数 据包时, 设置所述目的标识包括: 根据所述端口标识确定的发送数据包的主 机所在子网的目的虚拟网络标识,以及目的虚拟访问交换机的目的路由标识。  The first setting module 8021 is configured to: when the transmission type is to forward a data packet in the same subnet, the setting the destination identifier comprises: determining, according to the port identifier, a destination virtuality of a subnet where the host that sends the data packet is located The network identifier and the destination route identifier of the destination virtual access switch.
在一个优选实施例中, 策略制定单元 802包括:  In a preferred embodiment, policy formulation unit 802 includes:
第二制定模块 8022, 其设置成: 当所述传送类型为在子网之间转发数据 包时, 设置所述目的标识包括: 目的子网的目的虚拟网络标识, 以及目的虚 拟访问交换机的目的路由标识。  The second setting module 8022 is configured to: when the transmission type is to forward a data packet between subnets, setting the destination identifier includes: a destination virtual network identifier of the destination subnet, and a destination route of the destination virtual access switch Logo.
在一个优选实施例中, 策略制定单元 802包括:  In a preferred embodiment, policy formulation unit 802 includes:
第三制定模块 8023 , 其设置成: 当所述传送类型为单播时, 计算出发送 数据包的主机与目的地之间的至少一条优化路径; 其中, 所述转发策略中包 括所述至少一条优化路径。  The third setting module 8023 is configured to: when the transmission type is unicast, calculate at least one optimized path between the host and the destination that sends the data packet; wherein the forwarding policy includes the at least one Optimize the path.
在一个优选实施例中, 如图 8所示, 控制器还包括:  In a preferred embodiment, as shown in FIG. 8, the controller further includes:
广播树单元 804 , 其设置成: 在每一个子网中建立覆盖整个所述子网的 第一类广播树; 或者, 在每一个子网中建立第二类广播树, 并在每一个所述 第二类广播树中, 选定所述子网中的一个与主机有连接的虚拟访问交换机作 为该第二类广播树的根节点。  a broadcast tree unit 804, configured to: establish a first type of broadcast tree covering the entire subnet in each subnet; or, establish a second type of broadcast tree in each subnet, and in each of the In the second type of broadcast tree, a virtual access switch connected to the host in the subnet is selected as the root node of the second type of broadcast tree.
在一个优选实施例中, 策略制定单元 802包括:  In a preferred embodiment, policy formulation unit 802 includes:
第四制定模块 8024, 其设置成: 当所述传送类型为广播时, 设置所述目 的标识包括: 目的地的第一类广播树对应的目的子网的目的虚拟网络标识或 者目的地的第二类广播树对应的目的子网的目的虚拟网络标识。 a fourth formulation module 8024, configured to: when the transmission type is broadcast, set the target The identifier includes: a destination virtual network identifier of the destination subnet corresponding to the first type of the broadcast tree of the destination or a destination virtual network identifier of the destination subnet corresponding to the second type of the broadcast tree of the destination.
本发明实施例提供一种虚拟网络, 如图 2所示, 包括: 虚拟访问交换机 202、 中间交换机 206和控制器 201 ; The embodiment of the present invention provides a virtual network, as shown in FIG. 2, including: a virtual access switch 202, an intermediate switch 206, and a controller 201;
每一个虚拟访问交换机 202具有一个路由标识, 并与所述控制器 201连 接;  Each virtual access switch 202 has a routing identifier and is coupled to the controller 201;
每一个中间交换机 与虚拟访问交换机 202连接,并与所述控制器 201 连接;  Each intermediate switch is connected to the virtual access switch 202 and connected to the controller 201;
每一个主机 203均位于一个子网中, 子网内的所有主机 203在一个二层 广播域内, 二层广播域具有虚拟网络标识; 以及  Each host 203 is located in a subnet, and all hosts 203 in the subnet are in a Layer 2 broadcast domain, and the Layer 2 broadcast domain has a virtual network identifier;
一个主机 203一个与虚拟访问交换机 202通过端口连接, 端口具有端口 标识。  One host 203 is connected to the virtual access switch 202 through a port having a port identifier.
在一个优选实施例中, 如图 8所示, 控制器包括:  In a preferred embodiment, as shown in FIG. 8, the controller includes:
信息获取单元 801 , 其设置成: 获取由主机发出的数据包的传送类型、 来源地和目的地;  The information obtaining unit 801 is configured to: acquire a transmission type, a source, and a destination of the data packet sent by the host;
策略制定单元 802, 其设置成: 根据所述传送类型、 来源地的端口标识、 以及目的地的目的标识制定转发策略;  The policy making unit 802 is configured to: formulate a forwarding policy according to the transmission type, the port identifier of the source, and the destination identifier of the destination;
策略下发单元 803 , 其设置成: 将所述转发策略发送给所述数据包将要 经过的各个所述虚拟访问交换机和中间交换机, 以使所述虚拟访问交换机和 中间交换机对接收到的数据包执行所述转发策略; 以及  The policy issuance unit 803 is configured to: send the forwarding policy to each of the virtual access switches and the intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch pair the received data packet Performing the forwarding policy;
广播树单元 804 , 其设置成: 在每一个子网中建立覆盖整个所述子网的 第一类广播树; 或者, 在每一个子网中建立第二类广播树, 并在每一个所述 第二类广播树中, 选定所述子网中的一个与主机有连接的虚拟访问交换机作 为所述第二类广播树的根节点。  a broadcast tree unit 804, configured to: establish a first type of broadcast tree covering the entire subnet in each subnet; or, establish a second type of broadcast tree in each subnet, and in each of the In the second type of broadcast tree, a virtual access switch connected to the host in the subnet is selected as the root node of the second type of broadcast tree.
在一个优选实施例中, 虚拟访问交换机包括:  In a preferred embodiment, the virtual access switch includes:
第一策略执行单元, 其设置成: 将接收到的数据包作为第一数据包, 将 所述目的标识与所述第一数据包封装后形成第二数据包; 发送所述第二数据 包; a first policy execution unit, configured to: use the received data packet as the first data packet, The destination identifier is encapsulated with the first data packet to form a second data packet; and the second data packet is sent;
以及,  as well as,
中间交换机包括:  Intermediate switches include:
第二策略执行单元, 其设置成: 将接收到的数据包作为第一数据包, 将 所述目的标识与所述第一数据包封装后形成第二数据包; 发送所述第二数据 包。  And a second policy execution unit, configured to: use the received data packet as the first data packet, and encapsulate the destination identifier with the first data packet to form a second data packet; and send the second data packet.
釆用本发明实施例的方案,通过为数据包打上虚拟网络标签和路由标签, 提供多租户支持、 多路径、 以及流量负载均衡能力; 而且能够对数据网络进 行更全面地管理, 实施更灵活地数据转发策略, 甚至针对特定租户的需求实 施流量的优化和控制。  By using the solution of the embodiment of the present invention, multi-tenant support, multi-path, and traffic load balancing capability are provided by applying virtual network labels and routing labels to data packets; and the data network can be more comprehensively managed and implemented more flexibly. Data forwarding strategies, even for the optimization and control of traffic for specific tenant needs.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序 来指令相关硬件完成, 所述程序可以存储于计算机可读存储介质中, 如只读 存储器、 磁盘或光盘等。 可选地, 上述实施例的全部或部分步骤也可以使用 一个或多个集成电路来实现。 相应地, 上述实施例中的各模块 /单元可以釆用 硬件的形式实现, 也可以釆用软件功能模块的形式实现。 本发明实施例不限 制于任何特定形式的硬件和软件的结合。 One of ordinary skill in the art will appreciate that all or a portion of the above steps may be accomplished by a program instructing the associated hardware, such as a read-only memory, a magnetic disk, or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware or in the form of a software function module. Embodiments of the invention are not limited to any particular form of combination of hardware and software.
以上所述是本发明实施例的优选实施方式, 应当指出, 对于本技术领域 的普通技术人员来说, 在不脱离本发明实施例所述原理的前提下, 还可以作 出若干改进和润饰, 这些改进和润饰也应视为本发明的保护范围。  The above is a preferred embodiment of the embodiments of the present invention. It should be noted that those skilled in the art can make some improvements and refinements without departing from the principles of the embodiments of the present invention. Improvements and retouching should also be considered as protection of the present invention.
工业实用性 Industrial applicability
通过本发明实施例的技术方案, 在数据包转发过程中, 控制器能够获取 数据包的各种属性作为目的标识, 根据目的标识制定转发策略, 更精细和灵 活地转发数据包, 支持了多租户、 多路径转发和流量负载均衡; 且更有效地 利用了网络资源。  According to the technical solution of the embodiment of the present invention, in the process of data packet forwarding, the controller can obtain various attributes of the data packet as the destination identifier, formulate a forwarding policy according to the destination identifier, and forward the data packet more finely and flexibly, and support multi-tenancy. , multi-path forwarding and traffic load balancing; and more efficient use of network resources.

Claims

权 利 要 求 书 Claim
1、 一种实现虚拟网络的方法, 包括:  1. A method for implementing a virtual network, comprising:
所述虚拟网络的控制器获取由主机发出的数据包的传送类型、 来源地和 目的地;  The controller of the virtual network acquires a transmission type, a source location, and a destination of a data packet sent by the host;
所述控制器根据所述传送类型、 来源地的端口标识、 目的地的目的标识 制定转发策略; 以及  Determining, by the controller, a forwarding policy according to the type of the transmission, the port identifier of the source, and the destination identifier of the destination;
所述控制器将所述转发策略发送给所述数据包将要经过的各个虚拟访问 交换机和中间交换机, 以使所述虚拟访问交换机和中间交换机对接收到的数 据包执行所述转发策略。  The controller sends the forwarding policy to each virtual access switch and intermediate switch through which the data packet is to be passed, such that the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet.
2、 根据权利要求 1所述的方法, 其中, 所述虚拟访问交换机和所述中间 交换机对接收到的数据包执行所述转发策略包括:  2. The method according to claim 1, wherein the virtual access switch and the intermediate switch perform the forwarding policy on the received data packet, including:
将接收到的数据包作为第一数据包, 将所述目的标识与所述第一数据包 封装后形成第二数据包; 以及  Receiving the received data packet as a first data packet, and packaging the destination identifier with the first data packet to form a second data packet;
发送所述第二数据包。  Sending the second data packet.
3、 根据权利要求 2所述的方法, 其中, 所述传送类型为在同一个子网内 转发数据包; 发送数据包的主机与接收数据包的目的主机位于同一个子网; 所述目的标识包括: 根据所述端口标识确定的发送数据包的主机所在子 网的目的虚拟网络标识, 以及目的虚拟访问交换机的目的路由标识。  3. The method according to claim 2, wherein the transmission type is to forward a data packet in the same subnet; the host that sends the data packet is located on the same subnet as the destination host that receives the data packet; and the destination identifier includes: The destination virtual network identifier of the subnet where the host that sends the data packet is determined according to the port identifier, and the destination route identifier of the destination virtual access switch.
4、 根据权利要求 2所述的方法, 其中, 所述传送类型为在子网之间转发 数据包;  4. The method according to claim 2, wherein the transmission type is to forward a data packet between subnets;
所述目的标识包括: 目的子网的目的虚拟网络标识, 以及目的虚拟访问 交换机的目的路由标识。  The destination identifier includes: a destination virtual network identifier of the destination subnet, and a destination route identifier of the destination virtual access switch.
5、 根据权利要求 1所述的方法, 其中, 所述传送类型为单播; 所述控制器制定转发策略的步骤包括: 计算出所述发送数据包的主机与 目的地之间的至少一条优化路径; 其中, 所述转发策略中包括所述至少一条 优化路径;  5. The method according to claim 1, wherein the transmission type is unicast; the step of the controller formulating a forwarding policy comprises: calculating at least one optimization between a host and a destination of the sending data packet a path, where the forwarding policy includes the at least one optimized path;
所述虚拟访问交换机和所述中间交换机对接收到的数据包执行所述转发 策略包括: 所述目的子网的目的虚拟访问交换机将所述第二数据包还原为第 一数据包, 并将所述第一数据包发给目的主机。 The virtual access switch and the intermediate switch perform the forwarding on the received data packet The policy includes: the destination virtual access switch of the destination subnet restores the second data packet to a first data packet, and sends the first data packet to a destination host.
6、 根据权利要求 1所述的方法, 其中, 所述传送类型为广播; 所述虚拟网络的控制器获取由主机发出的数据包的传送类型、 来源地和 目的地的步骤之前, 所述方法还包括:  6. The method according to claim 1, wherein the transmission type is broadcast; before the step of the controller of the virtual network acquiring a transmission type, a source and a destination of a data packet sent by the host, the method Also includes:
所述控制器在每一个子网中建立覆盖整个所述子网的第一类广播树; 或 者,  The controller establishes a first type of broadcast tree covering the entire subnet in each subnet; or
所述控制器在每一个子网中建立第二类广播树, 并在每一个所述第二类 广播树中, 选定所述子网中的一个与主机连接的虚拟访问交换机作为所述第 二类广播树的根节点。  The controller establishes a second type of broadcast tree in each subnet, and in each of the second type of broadcast trees, selects a virtual access switch connected to the host in the subnet as the first The root node of the second type of broadcast tree.
7、 根据权利要求 6所述的方法, 其中,  7. The method according to claim 6, wherein
所述目的标识包括: 目的地的第一类广播树对应的目的子网的目的虚拟 网络标识或者目的地的第二类广播树对应的目的子网的目的虚拟网络标识; 所述虚拟访问交换机和所述中间交换机对接收到的数据包执行所述转发 策略包括: 所述目的子网的目的虚拟访问交换机将所述第二数据包还原为第 一数据包, 并将所述第一数据包发给目的主机。  The destination identifier includes: a destination virtual network identifier of the destination subnet corresponding to the first type of broadcast tree of the destination or a destination virtual network identifier of the destination subnet corresponding to the second type of broadcast tree of the destination; the virtual access switch and The performing, by the intermediate switch, the forwarding policy to the received data packet includes: the destination virtual access switch of the destination subnet restores the second data packet to a first data packet, and sends the first data packet Give the destination host.
8、 根据权利要求 1所述的方法, 其中, 所述控制器将所述转发策略发送 给所述数据包将要经过的各个虚拟访问交换机和中间交换机的步骤包括: 所述控制器釆用开放流协议下发所述转发策略; 其中, 所述转发策略由 流表实现; 或者,  8. The method according to claim 1, wherein the step of the controller transmitting the forwarding policy to each virtual access switch and the intermediate switch to which the data packet is to pass includes: the controller adopting an open flow The forwarding policy is delivered by the protocol; where the forwarding policy is implemented by a flow table; or
所述控制器釆用网管接口下载协议下发所述转发策略; 其中, 所述转发 策略由网管配置条目实现; 或者,  The controller sends the forwarding policy by using a network management interface download protocol, where the forwarding policy is implemented by a network management configuration entry; or
所述控制器釆用选定的私有协议下发所述转发策略。  The controller delivers the forwarding policy by using a selected private protocol.
9、 一种控制器, 包括:  9. A controller comprising:
信息获取单元, 其设置成: 获取由主机发出的数据包的传送类型、 来源 地和目的地;  An information obtaining unit, configured to: acquire a transmission type, a source, and a destination of the data packet sent by the host;
策略制定单元, 其设置成: 根据所述传送类型、 来源地的端口标识、 目 的地的目的标识制定转发策略; 以及 a policy making unit, configured to: according to the type of transmission, the port identifier of the source, the destination The destination identifier of the place to formulate a forwarding strategy;
策略下发单元, 其设置成: 将所述转发策略发送给所述数据包将要经过 的各个虚拟访问交换机和中间交换机, 以使所述虚拟访问交换机和中间交换 机对接收到的数据包执行所述转发策略。  a policy sending unit, configured to: send the forwarding policy to each virtual access switch and an intermediate switch that the data packet is to pass, so that the virtual access switch and the intermediate switch perform the foregoing on the received data packet Forwarding strategy.
10、 根据权利要求 9所述的控制器, 其中, 所述策略制定单元包括: 第一制定模块, 其设置成: 当所述传送类型为在同一个子网内转发数据 包时, 设置所述目的标识包括: 根据所述端口标识确定的发送数据包的主机 所在子网的目的虚拟网络标识, 以及目的虚拟访问交换机的目的路由标识。  The controller according to claim 9, wherein the policy making unit comprises: a first formulating module, configured to: set the purpose when the transfer type is to forward a data packet in the same subnet The identifier includes: a destination virtual network identifier of a subnet where the host that sends the data packet is determined according to the port identifier, and a destination route identifier of the destination virtual access switch.
11、 根据权利要求 9所述的控制器, 其中, 所述策略制定单元包括: 第二制定模块, 其设置成: 当所述传送类型为在子网之间转发数据包时, 设置所述目的标识包括: 目的子网的目的虚拟网络标识, 以及目的虚拟访问 交换机的目的路由标识。  The controller according to claim 9, wherein the policy making unit comprises: a second formulating module, configured to: set the purpose when the transfer type is to forward a data packet between subnets The identifier includes: a destination virtual network identifier of the destination subnet, and a destination route identifier of the destination virtual access switch.
12、 根据权利要求 9所述的控制器, 其中, 所述策略制定单元包括: 第三制定模块, 其设置成: 当所述传送类型为单播时, 计算出发送数据 包的主机与目的地之间的至少一条优化路径; 其中, 所述转发策略中包括所 述至少一条优化路径。  The controller according to claim 9, wherein the policy making unit comprises: a third formulating module, configured to: when the transfer type is unicast, calculate a host and a destination for sending a data packet At least one optimized path between the at least one optimized path;
13、 根据权利要求 9所述的控制器, 还包括:  13. The controller of claim 9, further comprising:
广播树单元, 其设置成: 在每一个子网中建立覆盖整个所述子网的第一 类广播树; 或者, 在每一个子网中建立第二类广播树, 并在每一个所述第二 类广播树中, 选定所述子网中的一个与主机有连接的虚拟访问交换机作为所 述第二类广播树的根节点。  a broadcast tree unit, configured to: establish a first type of broadcast tree covering the entire subnet in each subnet; or, establish a second type of broadcast tree in each subnet, and in each of the In the second type of broadcast tree, one of the subnets is selected to be a virtual access switch connected to the host as a root node of the second type of broadcast tree.
14、 根据权利要求 12所述的控制器, 其中, 所述策略制定单元包括: 第四制定模块, 其设置成: 当所述传送类型为广播时, 设置所述目的标 识包括: 目的地的第一类广播树对应的目的子网的目的虚拟网络标识或者目 的地的第二类广播树对应的目的子网的目的虚拟网络标识。 The controller according to claim 12, wherein the policy making unit comprises: a fourth formulating module, configured to: when the transmission type is broadcast, setting the destination identifier comprises: The destination virtual network identifier of the destination subnet corresponding to the broadcast tree or the destination virtual network identifier of the destination subnet corresponding to the second type of broadcast tree of the destination.
15、 一种虚拟网络, 包括: 虚拟访问交换机、 中间交换机和如权利要求 9-14任一项所述的控制器; 其中, 每一个虚拟访问交换机具有一个路由标识, 并与所述控制器连接; 每一个中间交换机与所述虚拟访问交换机连接, 并与所述控制器连接; 每一个主机均位于一个子网中, 所述子网内的所有主机在一个二层广播 域内, 所述二层广播域具有虚拟网络标识; 以及 A virtual network, comprising: a virtual access switch, an intermediate switch, and the controller according to any one of claims 9-14; Each virtual access switch has a routing identifier and is connected to the controller; each intermediate switch is connected to the virtual access switch and connected to the controller; each host is located in a subnet, All hosts in the subnet are in a Layer 2 broadcast domain, and the Layer 2 broadcast domain has a virtual network identifier;
一个主机与一个虚拟访问交换机通过端口连接 ,所述端口具有端口标识。 A host is connected to a virtual access switch through a port that has a port identifier.
16、 根据权利要求 15所述的虚拟网络, 其中, 16. The virtual network according to claim 15, wherein
所述虚拟访问交换机包括:  The virtual access switch includes:
第一策略执行单元, 其设置成: 将接收到的数据包作为第一数据包, 将 所述目的标识与所述第一数据包封装后形成第二数据包; 发送所述第二数据 包;  a first policy execution unit, configured to: receive the received data packet as a first data packet, encapsulate the destination identifier with the first data packet to form a second data packet; and send the second data packet;
所述中间交换机包括:  The intermediate switch includes:
第二策略执行单元, 其设置成: 将接收到的数据包作为第一数据包, 将 所述目的标识与所述第一数据包封装后形成第二数据包; 发送所述第二数据 包。  And a second policy execution unit, configured to: use the received data packet as the first data packet, and encapsulate the destination identifier with the first data packet to form a second data packet; and send the second data packet.
PCT/CN2013/080734 2012-09-18 2013-08-02 Method for implementing virtual network and virtual network WO2013185715A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210346457.9A CN102857416B (en) 2012-09-18 2012-09-18 A kind of realize the method for virtual network, controller and virtual network
CN201210346457.9 2012-09-18

Publications (1)

Publication Number Publication Date
WO2013185715A1 true WO2013185715A1 (en) 2013-12-19

Family

ID=47403620

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/080734 WO2013185715A1 (en) 2012-09-18 2013-08-02 Method for implementing virtual network and virtual network

Country Status (2)

Country Link
CN (1) CN102857416B (en)
WO (1) WO2013185715A1 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103974380A (en) * 2013-01-24 2014-08-06 杭州华三通信技术有限公司 Terminal access position keep-alive method and device
CN104219240A (en) * 2014-09-03 2014-12-17 杭州华三通信技术有限公司 Host information learning method and host information learning device
CN104410541A (en) * 2014-11-18 2015-03-11 盛科网络(苏州)有限公司 Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch
CN104980373A (en) * 2014-04-04 2015-10-14 上海宽带技术及应用工程研究中心 Control server, control server application system and control server application method
WO2015192360A1 (en) * 2014-06-19 2015-12-23 华为技术有限公司 Data packet sending method and apparatus
CN105791463A (en) * 2013-12-31 2016-07-20 华为技术有限公司 Method and device for achieving communication of virtual machine
WO2017050085A1 (en) * 2015-09-22 2017-03-30 华为技术有限公司 Method, device and system for processing packet
CN107078934A (en) * 2014-09-30 2017-08-18 Nicira股份有限公司 virtual distributed bridge module
CN108243123A (en) * 2016-12-23 2018-07-03 中兴通讯股份有限公司 Processing method, device, controller and the interchanger of broadcasting packet
US10511458B2 (en) 2014-09-30 2019-12-17 Nicira, Inc. Virtual distributed bridging
US10693783B2 (en) 2015-06-30 2020-06-23 Nicira, Inc. Intermediate logical interfaces in a virtual distributed router environment
US11029982B2 (en) 2013-10-13 2021-06-08 Nicira, Inc. Configuration of logical router
US11190443B2 (en) 2014-03-27 2021-11-30 Nicira, Inc. Address resolution using multiple designated instances of a logical router
US11252037B2 (en) 2014-09-30 2022-02-15 Nicira, Inc. Using physical location to modify behavior of a distributed virtual network element
US11336486B2 (en) 2017-11-14 2022-05-17 Nicira, Inc. Selection of managed forwarding element for bridge spanning multiple datacenters

Families Citing this family (76)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9548933B2 (en) 2012-03-05 2017-01-17 Nec Corporation Network system, switch, and methods of network configuration
CN102857416B (en) * 2012-09-18 2016-09-28 中兴通讯股份有限公司 A kind of realize the method for virtual network, controller and virtual network
CN103973568B (en) * 2013-02-05 2017-03-08 上海贝尔股份有限公司 For the method and apparatus for forwarding SDN stream on the net in MPLS core
CN104022953B (en) * 2013-02-28 2018-02-09 新华三技术有限公司 Message forwarding method and device based on open flows Openflow
CN104022960B (en) * 2013-02-28 2017-05-31 新华三技术有限公司 Method and apparatus based on OpenFlow protocol realizations PVLAN
US9143582B2 (en) 2013-03-08 2015-09-22 International Business Machines Corporation Interoperability for distributed overlay virtual environments
US9432287B2 (en) * 2013-03-12 2016-08-30 International Business Machines Corporation Virtual gateways and implicit routing in distributed overlay virtual environments
US9374241B2 (en) * 2013-03-14 2016-06-21 International Business Machines Corporation Tagging virtual overlay packets in a virtual networking system
US9112801B2 (en) 2013-03-15 2015-08-18 International Business Machines Corporation Quantized congestion notification in a virtual networking system
CN104079492B (en) * 2013-03-28 2017-10-10 华为技术有限公司 The methods, devices and systems that flow table is configured in a kind of OpenFlow networks
CN104113513B (en) * 2013-04-19 2018-01-02 华为技术有限公司 A kind of detecting host method, apparatus and system
CN104144082B (en) * 2013-05-08 2017-10-27 新华三技术有限公司 The method and controller of detection loop in double layer network
CN103580909B (en) * 2013-05-22 2018-06-19 新华三技术有限公司 A kind of hardware resource method for customizing and device
CN104253770B (en) * 2013-06-27 2017-07-14 新华三技术有限公司 Realize the method and apparatus of the distributed virtual switch system
CN104283756B (en) * 2013-07-02 2017-12-15 新华三技术有限公司 A kind of method and apparatus for realizing distributed multi-tenant virtual network
EP3021533B1 (en) * 2013-07-19 2019-01-02 Huawei Technologies Co., Ltd. Switching device, controller, and method and system for switching device configuration and packet processing
CN104348724B (en) * 2013-07-31 2019-04-26 华为技术有限公司 A kind of data forwarding method and device for supporting multi-tenant
US20150078152A1 (en) * 2013-09-13 2015-03-19 Microsoft Corporation Virtual network routing
US9350607B2 (en) 2013-09-25 2016-05-24 International Business Machines Corporation Scalable network configuration with consistent updates in software defined networks
US9112794B2 (en) * 2013-11-05 2015-08-18 International Business Machines Corporation Dynamic multipath forwarding in software defined data center networks
CN103746892B (en) * 2013-11-27 2016-01-13 北京邮电大学 A kind of SDN virtualization platform uplink signaling flow label processing method based on OpenFlow
CN103607348A (en) * 2013-11-27 2014-02-26 北京邮电大学 Virtual network flow classifying method based on OpenFlow protocol
US20160380899A1 (en) * 2013-11-28 2016-12-29 Kt Corporation Method and apparatus for dynamic traffic control in sdn environment
CN103647853B (en) * 2013-12-04 2018-07-03 华为技术有限公司 One kind sends ARP file transmitting methods, VTEP and VxLAN controllers in VxLAN
JP2016540448A (en) * 2013-12-11 2016-12-22 華為技術有限公司Huawei Technologies Co.,Ltd. Virtual extended LAN communication method, apparatus, and system
CN104735734B (en) * 2013-12-19 2019-07-30 中兴通讯股份有限公司 A kind of method of business processing, network controller and forwarding device
CN104735001B (en) * 2013-12-24 2019-11-05 中兴通讯股份有限公司 Link discovery method, apparatus and system in software defined network
CN104753751B (en) * 2013-12-27 2019-10-29 南京中兴新软件有限责任公司 A kind of method and system being dynamically determined virtual network
CN103701822A (en) * 2013-12-31 2014-04-02 曙光云计算技术有限公司 Access control method
RU2630178C1 (en) * 2013-12-31 2017-09-05 Хуавэй Текнолоджиз Ко., Лтд. Method, device, and system for package processing
CN103763367A (en) * 2014-01-17 2014-04-30 浪潮(北京)电子信息产业有限公司 Method and system for designing distributed virtual network in cloud calculating data center
CN104811382B (en) * 2014-01-28 2018-05-29 华为技术有限公司 The processing method and device of data packet
CN105637910B (en) * 2014-01-29 2019-10-18 华为技术有限公司 Downstream data processing method and device, system
CN105594180B (en) * 2014-01-29 2019-07-19 华为技术有限公司 Inter-node communication processing method and routing determine node
CN103795805B (en) * 2014-02-27 2017-08-25 中国科学技术大学苏州研究院 Distributed server load-balancing method based on SDN
CN104954281B (en) * 2014-03-31 2018-08-03 中国移动通信集团公司 Communication means, system, resource pool management system, interchanger and control device
CN103888369B (en) * 2014-04-10 2019-02-05 广州市高科通信技术股份有限公司 Ethernet communication method, system and SDN switch
CN105227462B (en) * 2014-06-11 2018-06-29 上海诺基亚贝尔股份有限公司 A kind of method and apparatus for being used to update OpenFlow flow table
CN105323077B (en) * 2014-07-01 2018-08-31 上海宽带技术及应用工程研究中心 Network broadcasting method based on Openflow technologies and system
US10250529B2 (en) * 2014-07-21 2019-04-02 Big Switch Networks, Inc. Systems and methods for performing logical network forwarding using a controller
CN105282004A (en) * 2014-07-25 2016-01-27 中兴通讯股份有限公司 Network virtualization processing method, device and system
CN104202264B (en) * 2014-07-31 2019-05-10 华为技术有限公司 Distribution method for beared resource, the apparatus and system of cloud data center network
CN105515992B (en) * 2014-09-26 2019-01-11 新华三技术有限公司 Flow entry processing method and processing device in VXLAN network
CN105577723B (en) * 2014-10-16 2019-04-05 新华三技术有限公司 Virtualize the method and apparatus that load balancing is realized in network
CN105591974B (en) * 2014-10-20 2019-02-05 华为技术有限公司 Message processing method, apparatus and system
CN104301246A (en) * 2014-10-27 2015-01-21 盛科网络(苏州)有限公司 Large-flow load balanced forwarding method and device based on SDN
CN104363170B (en) * 2014-11-25 2017-08-11 新华三技术有限公司 Forwarding data flow method and apparatus in a kind of software defined network
US9445279B2 (en) * 2014-12-05 2016-09-13 Huawei Technologies Co., Ltd. Systems and methods for placing virtual serving gateways for mobility management
CN105743790B (en) * 2014-12-08 2019-12-03 中兴通讯股份有限公司 The management method and device of flow forwarding in a kind of SDN network
AU2014414703B2 (en) 2014-12-17 2018-11-08 Huawei Cloud Computing Technologies Co., Ltd. Data forwarding method, device and system in software-defined networking
CN104518993A (en) * 2014-12-29 2015-04-15 华为技术有限公司 Allocation method, device and system for communication paths of cloud network
CN104869058B (en) * 2015-06-04 2018-10-19 北京京东尚科信息技术有限公司 A kind of data message forwarding method and device
CN106302182B (en) * 2015-06-08 2019-06-25 上海宽带技术及应用工程研究中心 Detecting host method and system based on SDN
CN104935516B (en) * 2015-06-17 2018-05-11 武汉邮电科学研究院 Communication system and method based on software defined network
CN106385365B (en) 2015-08-07 2019-09-06 新华三技术有限公司 The method and apparatus for realizing cloud platform safety based on open flows Openflow table
CN106487687B (en) * 2015-08-28 2020-02-18 电信科学技术研究院 Method and device for determining transmission path in SoftNet network
CN105245363B (en) * 2015-09-23 2019-01-25 盛科网络(苏州)有限公司 Linear protection method based on OpenFlow
CN106656717B (en) * 2015-10-28 2019-06-28 华耀(中国)科技有限公司 A method of dividing network domains
CN108028799B (en) * 2015-12-01 2020-11-06 华为技术有限公司 Service flow forwarding function deployment method, device and system
CN105656814B (en) * 2016-02-03 2019-01-01 浪潮(北京)电子信息产业有限公司 A kind of SDN network repeater system and method
CN107040441B (en) * 2016-02-04 2020-01-21 华为技术有限公司 Cross-data-center data transmission method, device and system
WO2017133020A1 (en) 2016-02-06 2017-08-10 华为技术有限公司 Method and device for policy transmission in nfv system
CN107231321B (en) * 2016-03-25 2020-06-16 华为技术有限公司 Method, equipment and network system for detecting forwarding path
CN106302466B (en) * 2016-08-17 2019-04-26 东软集团股份有限公司 A kind of management method and system of firewall
CN108234269B (en) * 2016-12-15 2021-09-21 新华三技术有限公司 Multicast message forwarding method and device
CN107786410B (en) * 2016-12-29 2020-08-28 平安科技(深圳)有限公司 VXLAN implementation method and terminal based on Ethernet encapsulation
TWI636679B (en) 2017-02-07 2018-09-21 財團法人工業技術研究院 Virtual local area network configuration system and method, and computer program product thereof
CN108880968B (en) * 2017-05-11 2021-12-07 中兴通讯股份有限公司 Method and device for realizing broadcast and multicast in software defined network and storage medium
CN107547347B (en) * 2017-07-25 2020-06-09 新华三技术有限公司 VNI-based path adjustment method and device
CN108322333B (en) * 2017-12-28 2021-03-02 广东电网有限责任公司电力调度控制中心 Virtual network function placement method based on genetic algorithm
CN108259477B (en) * 2017-12-30 2020-12-08 未鲲(上海)科技服务有限公司 Network access control method and device based on SDN and computer equipment
CN109379292A (en) * 2018-10-09 2019-02-22 郑州云海信息技术有限公司 A kind of method of multicasting, virtual switch, SDN controller and storage medium
CN109412978A (en) * 2018-10-17 2019-03-01 郑州云海信息技术有限公司 A kind of unicast method, virtual switch, SDN controller and storage medium
CN109379267B (en) * 2018-10-18 2021-07-02 郑州云海信息技术有限公司 Method and device for adding physical machine into virtual local area network
CN109587128B (en) * 2018-11-28 2021-02-09 新华三技术有限公司合肥分公司 Data acquisition method, network equipment and controller
CN112242949A (en) * 2019-07-18 2021-01-19 厦门网宿有限公司 Route distribution method and controller, information routing method and network node equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101595688A (en) * 2007-01-30 2009-12-02 微软公司 Cross over public network to connect the private virtual lan of any main frame
WO2011162215A1 (en) * 2010-06-23 2011-12-29 日本電気株式会社 Communication system, control apparatus, node control method and program
WO2012023604A1 (en) * 2010-08-20 2012-02-23 日本電気株式会社 Communication system, control apparatus, communication method and program
CN102857416A (en) * 2012-09-18 2013-01-02 中兴通讯股份有限公司 Method for implementing virtual network and virtual network

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7227838B1 (en) * 2001-12-14 2007-06-05 Cisco Technology, Inc. Enhanced internal router redundancy
CN101478803B (en) * 2009-01-21 2010-09-01 东北大学 Self-organizing QoS routing method based on ant colony algorithm
US8208377B2 (en) * 2009-03-26 2012-06-26 Force10 Networks, Inc. MAC-address based virtual route aggregation
US8532116B2 (en) * 2009-07-21 2013-09-10 Cisco Technology, Inc. Extended subnets
CN102215158B (en) * 2010-04-08 2015-04-15 杭州华三通信技术有限公司 Method for realizing VRRP (Virtual Router Redundancy Protocol) flow transmission and routing equipment
CN102546428A (en) * 2012-02-03 2012-07-04 神州数码网络(北京)有限公司 System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101595688A (en) * 2007-01-30 2009-12-02 微软公司 Cross over public network to connect the private virtual lan of any main frame
WO2011162215A1 (en) * 2010-06-23 2011-12-29 日本電気株式会社 Communication system, control apparatus, node control method and program
WO2012023604A1 (en) * 2010-08-20 2012-02-23 日本電気株式会社 Communication system, control apparatus, communication method and program
CN102857416A (en) * 2012-09-18 2013-01-02 中兴通讯股份有限公司 Method for implementing virtual network and virtual network

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103974380A (en) * 2013-01-24 2014-08-06 杭州华三通信技术有限公司 Terminal access position keep-alive method and device
CN103974380B (en) * 2013-01-24 2018-05-15 新华三技术有限公司 A kind of method and device of terminal access position keep-alive
US11029982B2 (en) 2013-10-13 2021-06-08 Nicira, Inc. Configuration of logical router
CN105791463A (en) * 2013-12-31 2016-07-20 华为技术有限公司 Method and device for achieving communication of virtual machine
CN105791463B (en) * 2013-12-31 2019-05-24 华为技术有限公司 A kind of method and apparatus for realizing virtual machine communication
US11190443B2 (en) 2014-03-27 2021-11-30 Nicira, Inc. Address resolution using multiple designated instances of a logical router
US11736394B2 (en) 2014-03-27 2023-08-22 Nicira, Inc. Address resolution using multiple designated instances of a logical router
CN104980373A (en) * 2014-04-04 2015-10-14 上海宽带技术及应用工程研究中心 Control server, control server application system and control server application method
CN104980373B (en) * 2014-04-04 2018-06-19 上海宽带技术及应用工程研究中心 A kind of system and method for controlling server and its application
US10171355B2 (en) 2014-06-19 2019-01-01 Huawei Technologies Co., Ltd. Data packet sending method and apparatus
CN105474587A (en) * 2014-06-19 2016-04-06 华为技术有限公司 Data packet sending method and apparatus
CN105474587B (en) * 2014-06-19 2019-02-12 华为技术有限公司 A kind of method and device sending data packet
WO2015192360A1 (en) * 2014-06-19 2015-12-23 华为技术有限公司 Data packet sending method and apparatus
CN104219240A (en) * 2014-09-03 2014-12-17 杭州华三通信技术有限公司 Host information learning method and host information learning device
CN104219240B (en) * 2014-09-03 2018-01-09 新华三技术有限公司 A kind of main frame learning method and device
CN107078934B (en) * 2014-09-30 2021-01-12 Nicira股份有限公司 Virtual distributed bridge module
US11483175B2 (en) 2014-09-30 2022-10-25 Nicira, Inc. Virtual distributed bridging
US10511458B2 (en) 2014-09-30 2019-12-17 Nicira, Inc. Virtual distributed bridging
US11252037B2 (en) 2014-09-30 2022-02-15 Nicira, Inc. Using physical location to modify behavior of a distributed virtual network element
CN107078934A (en) * 2014-09-30 2017-08-18 Nicira股份有限公司 virtual distributed bridge module
CN104410541A (en) * 2014-11-18 2015-03-11 盛科网络(苏州)有限公司 Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch
CN104410541B (en) * 2014-11-18 2017-09-15 盛科网络(苏州)有限公司 The method and device that VXLAN internal layer virtual machine traffics are counted in intermediary switch
US11050666B2 (en) 2015-06-30 2021-06-29 Nicira, Inc. Intermediate logical interfaces in a virtual distributed router environment
US10693783B2 (en) 2015-06-30 2020-06-23 Nicira, Inc. Intermediate logical interfaces in a virtual distributed router environment
US11799775B2 (en) 2015-06-30 2023-10-24 Nicira, Inc. Intermediate logical interfaces in a virtual distributed router environment
US11218408B2 (en) 2015-09-22 2022-01-04 Huawei Technologies Co., Ltd. Packet processing method, device, and system
US10680942B2 (en) 2015-09-22 2020-06-09 Huawei Technologies Co., Ltd. Packet processing method, device, and system
WO2017050085A1 (en) * 2015-09-22 2017-03-30 华为技术有限公司 Method, device and system for processing packet
US11909633B2 (en) 2015-09-22 2024-02-20 Huawei Technologies Co., Ltd. Packet processing method, device, and system
EP3562107A4 (en) * 2016-12-23 2020-08-05 ZTE Corporation Broadcast packet processing method and processing apparatus, controller, and switch
CN108243123A (en) * 2016-12-23 2018-07-03 中兴通讯股份有限公司 Processing method, device, controller and the interchanger of broadcasting packet
US11336486B2 (en) 2017-11-14 2022-05-17 Nicira, Inc. Selection of managed forwarding element for bridge spanning multiple datacenters

Also Published As

Publication number Publication date
CN102857416B (en) 2016-09-28
CN102857416A (en) 2013-01-02

Similar Documents

Publication Publication Date Title
WO2013185715A1 (en) Method for implementing virtual network and virtual network
US9215175B2 (en) Computer system including controller and plurality of switches and communication method in computer system
US8537816B2 (en) Multicast VPN support for IP-VPN lite
US10009267B2 (en) Method and system for controlling an underlying physical network by a software defined network
US9755853B2 (en) Methods, systems and apparatus for the control of interconnection of fibre channel over ethernet devices
US9178821B2 (en) Methods, systems and apparatus for the interconnection of fibre channel over Ethernet devices using a fibre channel over Ethernet interconnection apparatus controller
US8559433B2 (en) Methods, systems and apparatus for the servicing of fibre channel fabric login frames
US8559335B2 (en) Methods for creating virtual links between fibre channel over ethernet nodes for converged network adapters
US9071630B2 (en) Methods for the interconnection of fibre channel over ethernet devices using a trill network
US8625597B2 (en) Methods, systems and apparatus for the interconnection of fibre channel over ethernet devices
US9071629B2 (en) Methods for the interconnection of fibre channel over ethernet devices using shortest path bridging
US20200396162A1 (en) Service function chain sfc-based communication method, and apparatus
WO2012152178A1 (en) Method, system and controlling bridge for obtaining port extension topology information
TWI639325B (en) Automatically configured switch,method of automatically configuring a switch, and software defined network system with auto-deployment switches and auto-deploying method thereof
WO2017186122A1 (en) Traffic scheduling
CN112671644A (en) SDN service isolation and routing method based on MPLS

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13804184

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13804184

Country of ref document: EP

Kind code of ref document: A1