WO2014094218A1 - Switch configuration method and cluster management device base on virtual networking - Google Patents

Switch configuration method and cluster management device base on virtual networking Download PDF

Info

Publication number
WO2014094218A1
WO2014094218A1 PCT/CN2012/086810 CN2012086810W WO2014094218A1 WO 2014094218 A1 WO2014094218 A1 WO 2014094218A1 CN 2012086810 W CN2012086810 W CN 2012086810W WO 2014094218 A1 WO2014094218 A1 WO 2014094218A1
Authority
WO
WIPO (PCT)
Prior art keywords
correspondence
server
virtual
cluster
physical port
Prior art date
Application number
PCT/CN2012/086810
Other languages
French (fr)
Chinese (zh)
Inventor
吴向阳
张亚军
段莹涛
和江涛
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2012/086810 priority Critical patent/WO2014094218A1/en
Priority to CN201280003260.3A priority patent/CN103563304B/en
Publication of WO2014094218A1 publication Critical patent/WO2014094218A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements

Definitions

  • the present invention relates to the field of IT technologies, and in particular, to a virtual network-based switch configuration method and a cluster management device. Background technique
  • FIG. 1 shows a structure diagram of a data center based on virtual networking.
  • one data center includes two physical machine clusters clusterl and cluster2;
  • cluster clusterl contains two servers hostl and host2 (each of which Running multiple virtual machine VMs in one host), and cluterl uses two virtual local area networks vlan (10, 20);
  • cluster cluster2 contains several server hosts ( hostl , hostx ), and cluster2 uses two virtual local area networks vlan ( 30, 80).
  • access switch SW1 needs to support Hostl and Host2 in clusterl and HostX in cluster2, you need to configure the physical port on access switch SW1 to allow vlan (10, 20, 30, 80) corresponding to clusterl and cluster2 to pass. ;
  • the switch when the virtual LAN is configured for the physical port of the switch, in some cases, the switch is configured with additional information.
  • the server hostx only uses vlan (30), but on the access switch swl. It is configured according to the vlan (30, 80) used by cluster2, so that the access switch swl needs additional configuration to allow vlan (80) to pass, resulting in unnecessary network traffic; Introducing additional security risks
  • the present invention provides a virtual network-based switch configuration method and a cluster management device, which can avoid unnecessary virtual networking configuration problems on the switch.
  • a first aspect of the present invention provides a virtual network-based switch configuration method, which may include:
  • Each of the physical machine clusters includes at least one server, and at least one virtual machine is created on each of the servers, and the virtual machines in each of the servers correspond to at least one virtual local area network;
  • the first correspondence between the physical port of the access switch and the server is obtained, including:
  • the obtaining a sixth correspondence between the server and the virtual local area network includes:
  • the method further includes: E: record the determined seventh correspondence between the physical port of the access switch and the virtual local area network.
  • the method further includes:
  • the cluster relationship data includes at least a third correspondence between the server and a communication address, a fourth correspondence between the server and the virtual machine, and the virtual machine The fifth correspondence with the virtual local area network.
  • the method further includes:
  • the method further includes:
  • the steps A to D are performed to update the virtual local area network through which the physical port of the access switch is allowed to pass.
  • the step D includes: Comparing the determined seventh correspondence between the physical port of the switch and the virtual local area network and the seventh correspondence between the recorded physical port and the virtual local area network to find difference data; Add a virtual local area network that allows access to the physical port of the switch, or delete an unnecessary virtual local area network for the physical port of the switch.
  • a second aspect of the present invention provides a cluster management device, which may include:
  • a first acquiring module configured to acquire a first correspondence between a physical port of the access switch and the server;
  • the access switch is located in a data center, where the data center includes multiple physical machine clusters, and each physical entity
  • the machine cluster is configured with one access switch, each physical machine cluster includes at least one server, and at least one virtual machine is created on each server, and the virtual machine in each server corresponds to at least one virtual local area network. ;
  • a second obtaining block configured to acquire a sixth correspondence between the server and the virtual local area network
  • a determining module configured to be configured according to the first corresponding relationship acquired by the first acquiring module and acquired by the second acquiring module a sixth correspondence, determining a physical port of the access switch and the virtual office The seventh correspondence between the domain networks;
  • a configuration module configured to configure, according to the virtual local area network corresponding to each physical port indicated in the seventh correspondence relationship determined by the determining module, a virtual local area network that is allowed to pass through for the physical port of the access switch.
  • the first acquiring module includes: a first recording module, configured to record the access switch when communication data passes through the access switch for communication a second correspondence between the physical port and the communication address;
  • a first query module configured to query cluster relationship data, and obtain a third correspondence between the server and the communication address
  • the first association processing module is configured to perform association processing on the second correspondence relationship and the third correspondence relationship based on the communication address, to obtain a first correspondence relationship between the physical port on the access switch and the server.
  • the second obtaining module includes: a second query module, configured to query cluster relationship data, obtain a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual office i or the network;
  • a second association processing module configured to perform association processing on the fourth corresponding relationship and the fifth correspondence relationship that are obtained by the virtual machine, to obtain a sixth correspondence between the server and the virtual local area network.
  • the cluster management device further includes: a second recording module, configured to record, by the determining module, a physical port of the access switch and the virtual local area network The seventh correspondence between the two.
  • the cluster management device further includes:
  • a creating module configured to establish and store the cluster relationship data in the cluster management device, where the cluster relationship data includes at least a third correspondence between the server and a communication address, and a fourth correspondence between the server and the virtual machine. And a fifth correspondence between the virtual machine and the virtual local area network.
  • the cluster management device further includes:
  • An update module configured to update a second correspondence between a physical port on the access switch and a communication address, and update the cluster management device when the server is added or removed from the physical machine cluster
  • the first obtaining module is specifically configured to obtain an access switch obtained by using the second correspondence between the physical port and the communication address on the access switch that is updated by the update module and the cluster relationship data stored in the cluster management device. The first correspondence between the physical port and the server;
  • the second obtaining module acquires a sixth correspondence between the server and the virtual local area network according to the cluster relationship data stored in the cluster management device after the update module is updated.
  • the cluster management device further includes:
  • a comparison module configured to perform a seventh correspondence between the physical port of the switch and the virtual local area network determined by the determining module, and a seventh correspondence between the physical port recorded by the second recording module and the virtual local area network Compare and find the difference data;
  • an adjusting module configured to dynamically add a virtual local area network that is allowed to pass through the physical port of the switch according to the difference data, or delete an unnecessary virtual local area network for the physical port of the switch.
  • a third aspect of the present invention provides a cluster management device, including: a processor, a memory, a bus, and a communication interface; the memory is configured to store a computer execution instruction, and the processor is connected to the memory through the bus When the cluster management device is running, the processor executes the computer execution instruction stored by the memory, and communicates with a device external to the cluster management device through the communication interface, so that the cluster management The apparatus performs the virtual networking based switch configuration method of any one of claims 1-8.
  • the fourth aspect of the present invention provides a computer readable medium, which may include a computer-executed instruction, when the processor of the computer executes the computer-executed instruction, the computer performs the virtual networking described in the embodiment of the present invention. Switch configuration method.
  • obtaining a first correspondence between a physical port of the access switch and the server acquiring a sixth correspondence between the server and the virtual local area network; a first correspondence relationship and a sixth correspondence relationship, determining a seventh correspondence between the physical port of the access switch and the virtual local area network; and corresponding to each physical port indicated in the seventh correspondence relationship
  • the virtual local area network is configured to allow the physical port of the access switch to pass through the virtual local area network. Therefore, the embodiment of the present invention can reduce the range of the virtual local area network allowed by the physical port on the switch, and avoid configuration on the switch. Unnecessary network traffic and reduced security risks.
  • FIG. 1 is a schematic diagram of a networking structure of a data center based on a virtual networking
  • FIG. 2 is a schematic flow chart of a second embodiment of a virtual network-based switch configuration method according to the present invention.
  • FIG. 3 is a schematic flow chart of a second embodiment of a virtual network-based switch configuration method according to the present invention.
  • FIG. 4 is a schematic structural diagram of a first embodiment of a cluster management device according to the present invention.
  • FIG. 5 is a schematic structural diagram of an embodiment of the first obtaining module in FIG.
  • FIG. 6 is a schematic structural diagram of an embodiment of a second acquisition module in FIG. 4;
  • FIG. 7 is a schematic structural diagram of a second embodiment of a cluster management device according to the present invention.
  • FIG. 8 is a schematic structural diagram of an embodiment of a first obtaining module in FIG. 7;
  • FIG. 9 is a schematic structural diagram of an embodiment of a second acquisition module in FIG. 7;
  • FIG. 10 is a schematic structural diagram of a third embodiment of a cluster management device according to the present invention. Specific embodiment
  • FIG. 2 is a schematic flow chart of a first embodiment of a virtual network-based switch configuration method according to the present invention. As shown in FIG. 2, it may include:
  • Step S110 Obtain a first correspondence between a physical port of the access switch and the server.
  • the embodiment of the present invention is applied to a data center, where the data center includes multiple physical machine clusters, each The physical machine cluster includes at least one server host and one access switch, and each of the servers creates at least one virtual machine VM, and the virtual machines in each server correspond to at least one virtual local area network Vlan, The virtual machine in each server communicates through the at least one access switch, where the access switch includes multiple physical ports, and each physical port corresponds to one server;
  • the obtaining the first correspondence between the physical port of the access switch and the server may be in two ways:
  • each physical machine cluster is configured with one access switch configured by the administrator through the maintenance platform
  • the first physical port between the access switch and the server is obtained through the maintenance platform.
  • the access switch records the access switch when the packet communicates through its own port. a second correspondence between the physical port and the communication address, and reporting the second correspondence to the cluster management device,
  • the access switch may use a Layer 2 (Media Access Control (MAC)) address or a Layer 3 address (IP address) for "3 ⁇ 4 text exchange. Therefore, the communication address in step S110 may be MAC. Address and/or IP address.
  • the access switch can learn and store the second correspondence between the physical port of the access switch and the communication address when performing packet exchange with the server.
  • the MAC address is used as an example.
  • the correspondence between the physical port and the communication address can be recorded as: port-MAC. Referring to FIG. 1 and taking the switch SW1 (subsequent access switch for short) as an example, each of SW1 can be obtained in step S110. Correspondence between physical port and MAC).
  • cluster relationship data can be established in the cluster management device of the data center.
  • the cluster relationship data includes a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network.
  • the correspondences included in the cluster relationship data may include: the server and the communication address
  • the third correspondence between the server and the communication address can be obtained by querying the cluster data.
  • the third correspondence between the server and the communication address can be recorded as: server-MAC, combined with FIG.
  • the server hostx as an example, the correspondence relationship of the hostx-MAC can be obtained in step S110.
  • step S110 based on the second correspondence between the MAC and the "port-MAC” and the third correspondence of "hostx-MAC", the first "port-hostx" is obtained. Correspondence relationship.
  • the cluster relationship data may change, for example, adding a server or reducing a server.
  • the switch and the cluster management device dynamically update the physical port and the communication address according to the change of the cluster.
  • the second correspondence between the updated physical port and the communication address may be obtained in step S110, or the first correspondence between the dynamically updated physical port and the server.
  • Step S1 obtaining a sixth correspondence between the server and the virtual local area network; specifically, querying the cluster relationship data, obtaining a fourth correspondence between the server and the virtual machine, and between the virtual machine and the virtual local area network a fifth correspondence relationship, and a fourth correspondence between the queried server and the virtual machine and a fifth correspondence between the virtual machine and the virtual local area network, and obtaining a relationship between the server and the virtual local area network Six correspondence.
  • the cluster relationship data updated in the cluster management device can be queried to the fourth between the server and the virtual machine.
  • the correspondence between hostx and the virtual machine can be queried in step S111, which can be recorded as: hostx-virtual machine) and the fifth correspondence between the virtual machine and the virtual local area network (in combination with FIG. 1 , Step S111 can query the correspondence between the virtual machine and the virtual local area network Vlan (30), which can be recorded as: virtual machine-Vlan (30).
  • step S111 based on the fourth correspondence between the virtual machine pair "hostx-virtual machine” and the fifth correspondence relationship of the "virtual machine-Vlan(30)", "hostx-Vlan” is obtained. 30)" The sixth correspondence.
  • Step S112 determining, according to the first correspondence between the physical port of the access switch and the server, and the sixth correspondence between the server and the virtual local area network, determining a physical port between the access switch and the virtual local area network.
  • the seventh correspondence determining, according to the first correspondence between the physical port of the access switch and the server, and the sixth correspondence between the server and the virtual local area network, determining a physical port between the access switch and the virtual local area network.
  • step S112 based on the server hostx's first correspondence of "port-hostx” and the sixth correspondence of "hostx-Vlan (30),", the "port-” is obtained.
  • the seventh correspondence of Vlan ( 30 ) is obtained.
  • Step S113 Configure a virtual local area network that is allowed to pass through for the physical port of the access switch according to the virtual local area network corresponding to each physical port indicated in the seventh correspondence.
  • the physical port of the switch can be configured to allow the virtual local area network to pass according to the seventh correspondence of "port-Vlan (30)". Therefore, after the method of the embodiment of the present invention is used, the granularity of the virtual machine configured on the switch SW1 is reduced from the physical machine cluster to the server granularity, that is, only the vlan (30) required by the server hostx can be configured, and the other is not required to be configured. Vlan (80) that is not needed, thereby reducing the physical side of the switch compared to the prior art The range of virtual LANs allowed by the port avoids unnecessary network traffic and reduces security risks on the switch.
  • FIG. 3 is a schematic flow chart of a second embodiment of a virtual network-based switch configuration method according to the present invention. As shown in FIG. 3, it may include:
  • Step S210 Dynamically update a second correspondence between the physical port on the access switch and the communication address when the server is added or decreased in the cluster, and update the stored cluster relationship data.
  • the embodiment of the present invention is applied to a data center, where the data center includes a plurality of physical machine clusters, each physical machine cluster includes at least one server host, and at least one is created on each of the servers.
  • Each of the virtual machine VMs corresponds to at least one virtual local area network vlan
  • each of the physical machine clusters is configured with an access switch SW, and the virtual machines in each of the servers are connected through the at least one Incoming to the switch for communication, the access switch includes multiple physical ports, and each physical port corresponds to one server;
  • cluster relationship data can be established in the cluster management device of the data center.
  • the cluster relationship data includes a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network.
  • the correspondences included in the cluster relationship data may include: the server and the communication address
  • the access switch records the physical port on the access switch when the packet communicates through its own port.
  • a second correspondence between the communication addresses, and the second correspondence may be reported to the cluster management device.
  • the access switch may use a Layer 2 (Media Access Control (MAC)) address or a Layer 3 address (IP address) for exchange of texts. Therefore, the communication address of the present invention may be a MAC address and / or IP address.
  • the access switch can learn and store the second correspondence between the physical port of the access switch and the communication address when the packet exchanges with the server (using the MAC address as an example, The correspondence between the physical port and the communication address is recorded as: port-MAC. Referring to FIG. 1, with the switch SW1 (subsequent access switch referred to as the switch) as an example, the correspondence between the physical port and the MAC can be recorded on the SW1 in step S210. ).
  • the cluster relationship data may change, for example, adding a server or reducing the server.
  • the switch and the cluster management device will dynamically change according to the change of the cluster.
  • the first between the physical port and the communication address on the access switch may be obtained by querying the switch or the cluster management device.
  • the correspondence between the physical port and the communication address is as follows: port-MAC, in combination with FIG. 1, and switch SW1 (subsequent access switch referred to as switch), for example, in step S211.
  • the third correspondence between the server and the communication address can be obtained by querying the cluster data.
  • the third correspondence between the server and the communication address can be recorded as: server-MAC, combined with FIG. 1, with server hostx
  • the correspondence relationship of the hostx-MAC can be obtained in step S211.
  • the first correspondence of "port-hostx” is obtained.
  • Step S212 Acquire a sixth correspondence between the server and the virtual local area network.
  • the fourth correspondence between the server and the virtual machine stored in the cluster relationship data, and the fifth correspondence between the virtual machine and the virtual local area network, and the fourth between the queried server and the virtual machine may be queried.
  • Corresponding relationship and a fifth correspondence between the virtual machine and the virtual local area network are processed to obtain a sixth correspondence between the server and the virtual local area network.
  • the fourth correspondence between the server and the virtual machine may be queried (in combination with FIG. 1 , the correspondence between the hostx and the virtual machine may be queried in step S212, and the record may be: hostx-virtual And a fifth correspondence between the virtual machine and the virtual local area network (in conjunction with FIG. 1 , the correspondence between the virtual machine and the virtual local area network Vlan ( 30 ) can be queried in step S212, and can be recorded as: virtual machine-Vlan (30) )).
  • step S212 based on the fourth correspondence between the virtual machine pair "hostx-virtual machine” and the fifth correspondence relationship of the "virtual machine-Vlan(30)", "hostx-Vlan” is obtained. 30)" The sixth correspondence.
  • Step S213 determining, according to the first correspondence between the physical port of the access switch and the server, and the sixth correspondence between the server and the virtual local area network, determining a physical port between the access switch and the virtual local area network.
  • the seventh correspondence determining, according to the first correspondence between the physical port of the access switch and the server, and the sixth correspondence between the server and the virtual local area network, determining a physical port between the access switch and the virtual local area network.
  • step S213 based on the server hostx's first correspondence of "port-hostx” and the sixth correspondence of "hostx-Vlan (30),", the "port” is obtained.
  • the seventh correspondence of Vlan (30) is obtained.
  • Step S214 Compare the seventh correspondence between the physical port and the virtual local area network with the seventh correspondence between the recorded physical port and the virtual local area network, and find the difference data.
  • Step S215 Dynamically add a virtual local area network that is allowed to pass through the physical port of the switch according to the difference data, or delete an unnecessary virtual local area network for a physical port of the switch.
  • the switch needs to be configured at time A, and the server is added or decreased in the cluster in the data center at time B.
  • the cluster relationship data stored in the cluster management device needs to be dynamically updated, and the seventh correspondence between the updated physical port of the access switch and the virtual local area network needs to be re-acquired by the method of the embodiment of the present invention.
  • the cluster relationship data of the time A may be saved in the cluster relationship device, and the embodiment of the present invention may only partially update the configuration of the switch according to the changed cluster relationship data. Therefore, the switch does not need to be completely reconfigured.
  • step S214 the seventh correspondence between the physical port and the virtual local area network and the seventh correspondence between the last recorded physical port and the virtual local area network are performed in step S214. Compare and find the difference data. Then, in step S215, a virtual local area network allowed to pass through the physical port of the switch may be dynamically added according to the difference data, or an unnecessary virtual local area network may be deleted for the physical port of the switch.
  • the seventh correspondence between the physical port of the switch and the virtual local area network may be:
  • the corresponding relationship between the physical port of host2 and the virtual LAN is: "Port-Vlan (10, 20)”.
  • the corresponding relationship between the physical port of host1 and the virtual LAN on switch SW1 is: "Port-Vlan (10, 20)”.
  • the switch Prior to this, the switch still stores the corresponding relationship of hostl, which is:
  • the corresponding relationship between the physical port corresponding to host2 on the switch SW1 and the virtual local area network is: "port-Vlan (10, 20)", on the switch SW1
  • Correspondence between the physical port of the hostx and the virtual LAN is: “Port-Vlan(30)”.
  • the corresponding relationship between the physical port of host1 and the virtual LAN on switch SW1 is: "Port-Vlan (10, 20)", then , in step S213, the determined “port-Vlan (10, 20)” and the stored “port-Vlan (10, 20)” and “Port - Vlan ( 30 )” is compared to get the difference data of "Port - Vlan ( 30 )".
  • step S215 the physical port of the switch SW1 deletes the unnecessary virtual local area network Vlan (30).
  • the virtual local area network when the physical port of the switch is configured, the virtual local area network may be added or deleted in combination with the historical data, instead of all being configured according to the re-acquired seventh correspondence relationship. It avoids redundant configuration operations and further saves resources.
  • Embodiments of the present invention accordingly provide a related embodiment of a cluster management device that can be used to implement the virtual network-based switch configuration method of the present invention.
  • the cluster management device of the present invention will be described below by way of an embodiment.
  • FIG. 4 is a schematic structural diagram of a first embodiment of a cluster management device according to the present invention.
  • the cluster management device of the present invention may include: a first obtaining module 41, a second obtaining module 42, a determining module 43, and a configuration module 44, wherein:
  • the first obtaining module 41 is configured to acquire a first correspondence between a physical port of the access switch and the server;
  • the embodiment of the present invention is applied to a data center, where the data center includes a plurality of physical machine clusters, each physical machine cluster includes at least one server host, and at least one is created on each of the servers.
  • Each of the virtual machine VMs corresponds to at least one virtual local area network vlan
  • each of the physical machine clusters is configured with an access switch SW, and the virtual machines in each of the servers are connected through the at least one
  • the ingress switch communicates
  • the access switch includes multiple physical ports, and each physical port corresponds to one server.
  • the obtaining the first correspondence between the physical port of the access switch and the server may be in two ways:
  • the first corresponding relationship between the physical port of the access switch and the server is obtained by the maintenance platform, if each physical machine cluster is configured with one access switch configured by a person through the maintenance platform;
  • the access switch records the access switch when the packet communicates through its own port. a second correspondence between the physical port and the communication address, and reporting the second correspondence to the cluster management device, so that the cluster management device can access the communication data through the access
  • the second correspondence between the physical port on the access switch and the communication address is recorded.
  • cluster relationship data can be established in the cluster management device of the data center.
  • the cluster relationship data includes a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network.
  • the cluster management device of the embodiment of the present invention may further include a creation module (not shown) for establishing and storing the cluster relationship data in the cluster management device.
  • the first obtaining module 41 may include: a first recording module 411, a first query module 412, and a first association processing module 413, where:
  • the first recording module 411 is configured to record a second correspondence between the physical port on the access switch and the communication address when communication data is communicated through the access switch.
  • the access switch may use a Layer 2 (Media Access Control (MAC)) address or a Layer 3 address (IP address) for message exchange. Therefore, the communication address recorded in the first recording module 411 is used. Can be a MAC address and / or an IP address.
  • the access switch can learn and store the second correspondence between the physical port of the access switch and the communication address when the packet exchanges with the server (using the MAC address as an example, The correspondence between the physical port and the communication address is recorded as: port-MAC. Referring to FIG. 1, the switch SW1 (the subsequent access switch is referred to as the switch) is taken as an example. In step S110, the correspondence between the physical ports and the MAC on the SW1 can be obtained. And sending the stored second correspondence to the cluster management device for recording.
  • MAC Media Access Control
  • IP address Layer 3 address
  • the first query module 412 is configured to query the cluster relationship data to obtain a third correspondence between the server and the communication address.
  • the third correspondence between the server and the communication address can be recorded as: server-MAC, in combination with FIG. 1, taking the server hostx as an example, the first query module 412 can obtain the hostx-MAC by querying the cluster relationship data. Correspondence).
  • the first association processing module 413 is configured to perform a correlation process on the second correspondence between the physical port and the communication address on the access switch and the third correspondence between the server and the communication address based on the communication address, to obtain the connection.
  • the cluster relationship data may change, for example, adding a server or reducing a server.
  • the switch and the cluster management device dynamically update the physical port and the communication address according to the change of the cluster.
  • the cluster management device of the embodiment of the present invention may further include: an update module (not shown), configured to dynamically update cluster relationship data stored in the cluster management device when a server is added or decreased in the cluster, and according to The updated cluster relationship data acquires a seventh correspondence between the updated physical port of the access switch and the virtual local area network.
  • the second obtaining block 42 is configured to obtain a sixth correspondence between the server and the virtual local area network.
  • the fourth correspondence between the server and the virtual machine may be obtained by querying the cluster relationship data, and the The fifth correspondence between the virtual machine and the virtual local area network, and the fourth correspondence between the queried server and the virtual machine and the fifth correspondence between the virtual machine and the virtual local area network are processed to obtain the server and a sixth correspondence between the virtual local area networks.
  • the second obtaining module 42 may include: a second query module 421 and a second association module 422, where:
  • the second query module 421 is configured to query the cluster relationship data, obtain a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual local area network;
  • the second association processing module 422 is configured to perform association processing on the fourth correspondence between the server and the virtual machine that is queried, and the fifth correspondence between the virtual machine and the virtual local area network, to obtain the server and the virtual local area network.
  • the sixth correspondence between the two is configured to perform association processing on the fourth correspondence between the server and the virtual machine that is queried, and the fifth correspondence between the virtual machine and the virtual local area network, to obtain the server and the virtual local area network. The sixth correspondence between the two.
  • the cluster relationship data updated in the cluster management device can be queried to the fourth between the server and the virtual machine.
  • the second query module 421 can query the correspondence between the hostx and the virtual machine, which can be recorded as: hostx-virtual machine) and the fifth correspondence between the virtual machine and the virtual local area network (in combination with FIG. 1)
  • the second query module 421 can query the correspondence between the virtual machine and the virtual local area network Vlan (30), and can be recorded as: virtual machine-Vlan (30).
  • the second association module 422 can perform association processing with the fifth correspondence relationship of the virtual machine-Vlan (30) based on the fourth correspondence relationship of the virtual machine to the "hostx-virtual machine", and obtain the "hostx-" The sixth correspondence of Vlan ( 30 )".
  • the determining module 43 is configured to: according to the first correspondence between the physical port of the access switch acquired by the first obtaining module 41 and the server, and the sixth between the server and the virtual local area network acquired by the second obtaining module 42 Corresponding relationship, determining a seventh correspondence between the physical port of the access switch and the virtual local area network;
  • the determining module 43 performs association processing based on the first correspondence between the port xhost and the sixth correspondence of "hostx-Vlan (30)" by the server hostx, and then obtains "port-Vlan ( 30)" The seventh correspondence.
  • the cluster management device of the embodiment of the present invention may record, by using a second recording module (not shown), a seventh correspondence between the physical port of the access switch determined by the determining module 43 and the virtual local area network. Relationship, in order to subsequently use the seventh correspondence of the record.
  • the configuration module 44 is configured to configure, according to the virtual local area network corresponding to each physical port indicated in the seventh correspondence relationship determined by the determining module 43 , a virtual local area network that is allowed to pass through for the physical port of the access switch.
  • the configuration module 44 can configure the virtual local area network that the switch is allowed to pass through according to the seventh correspondence of "port - Vlan (30)". Therefore, after the method of the embodiment of the present invention is used, the granularity of the virtual machine configured on the switch SW1 is reduced from the physical machine cluster to the server granularity, that is, only the vlan (30) required by the server hostx can be configured, and the other is not required to be configured.
  • the vlan (80) that is not needed is used, thereby reducing the range of the virtual local area network that the physical port on the switch is allowed to pass, and avoiding unnecessary network traffic and reducing security risks on the switch.
  • FIG. 7 is a schematic structural diagram of a second embodiment of a cluster management device according to the present invention.
  • the cluster management device of the present invention may include: a creation module 51, an update module 52, a first acquisition module 53, a second acquisition module 54, a determination module 55, a second recording module 56, a comparison module 57, and an adjustment.
  • Module 58 wherein:
  • a creating module 51 configured to establish and store cluster relationship data in the cluster management device, where the cluster relationship data includes at least a third correspondence between the server and a communication address, and a fourth correspondence between the server and the virtual machine. And a fifth correspondence between the virtual machine and the virtual local area network.
  • the embodiment of the present invention is applied to a data center, where the data center includes a plurality of physical machine clusters, each physical machine cluster includes at least one server host, and each server Creating at least one virtual machine VM, each of the servers corresponding to at least one virtual a local area network vlan, where each physical machine cluster cluster is configured with one access switch SW, and the virtual machines in each server communicate through the at least one access switch, where the access switch includes multiple physical Port, each physical port corresponds to one server. Then, when the data center is created, cluster relationship data can be established in the cluster management device of the data center.
  • the cluster relationship data includes a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network.
  • a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network For example, what are the servers included in the physical machine cluster, which virtual machines are included in the server, which virtual local networks are used by the virtual machine, and which communication addresses are used by the server for communication, etc.; the correspondences included in the cluster relationship data may include: the server and the communication address The third correspondence, the fourth correspondence between the server and the virtual machine, and the fifth correspondence between the virtual machine and the virtual local area network, and the like.
  • the access switch records the physical port on the access switch when the packet communicates through its own port.
  • a second correspondence between the communication addresses, and the second correspondence may be reported to the cluster management device.
  • the access switch may use a Layer 2 (Media Access Control (MAC)) address or a Layer 3 address (IP address) for exchange of texts. Therefore, the communication address of the present invention may be a MAC address and / or IP address.
  • MAC Media Access Control
  • IP address Layer 3 address
  • the access switch can learn and store the second correspondence between the physical port of the access switch and the communication address when the packet exchanges with the server (using the MAC address as an example,
  • the correspondence between the physical port and the MAC address is recorded as follows: Port-MAC, in combination with Figure 1, with switch SW1 (subsequent access switch referred to as switch) as an example, the corresponding relationship between each physical port and MAC can be recorded on SW1.
  • the cluster relationship data may change, for example, adding a server or reducing the server.
  • the update module 52 is configured to dynamically update the physical port and the communication address on the access switch when the server is added or decreased in the cluster. a second correspondence between the two, and updating the cluster relationship data stored in the cluster management device;
  • the first obtaining module 53 is configured to obtain a first correspondence between the physical port of the access switch and the server;
  • the first acquiring module 53 is specifically configured to: according to the second correspondence between the physical port and the communication address on the access switch that is updated by the update module 52, and the cluster relationship data stored in the cluster management device. The first correspondence between the physical port of the access switch and the server.
  • the first obtaining module 53 may include: a first recording module 531, a first query module 532, and a first association processing module 533, wherein: the first recording module 531 is configured to record, on the access switch, when communication data passes through the access switch for communication The second correspondence between the physical port and the communication address.
  • the access switch may use a Layer 2 (Media Access Control (MAO) address or a Layer 3 address (IP address) for message exchange. Therefore, the communication address recorded in the first recording module 531 may be The MAC address and/or the IP address.
  • the access switch can learn and store the second between the physical port of the access switch and the communication address when performing packet exchange with the server. Correspondence relationship (taking the MAC address as an example, the correspondence between the physical port and the communication address can be recorded as: port-MAC, in combination with FIG. 1, with the switch SW1 (subsequent access switch referred to as the switch) as an example, the access switch can obtain The corresponding relationship between each physical port and the MAC on the SW1, and the stored second correspondence is sent to the cluster management device for recording.
  • MEO Media Access Control
  • IP address Layer 3 address
  • the first query module 532 is configured to query cluster relationship data, and obtain a third correspondence between the server and the communication address.
  • the third correspondence between the server and the communication address can be recorded as: server-MAC.
  • the first query module 532 can obtain the hostx-MAC by querying the cluster relationship data. Correspondence).
  • the first association processing module 533 is configured to perform a correlation process on the second correspondence between the physical port and the communication address on the access switch and the third correspondence between the server and the communication address based on the communication address, to obtain the connection.
  • the first "port-hostx” can be obtained. Correspondence relationship.
  • the second acquisition module 54 is configured to obtain a sixth correspondence between the server and the virtual local area network.
  • the second obtaining module 54 is specifically updated according to the update module 52.
  • the stored cluster relationship data acquires a sixth correspondence between the server and the virtual local area network.
  • the second obtaining module 54 may include: a second query module 541 and a second association module 542, where:
  • the second query module 541 is configured to query the cluster relationship data, obtain a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual local area network;
  • the second association processing module 542 is configured to perform association processing on the fourth correspondence between the server and the virtual machine that is queried, and the fifth correspondence between the virtual machine and the virtual local area network, to obtain the server and the virtual local area network.
  • the sixth correspondence between the two is configured to query the cluster relationship data, obtain a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual local area network.
  • the cluster relationship data updated in the cluster management device can be queried to the fourth between the server and the virtual machine.
  • the second query module 541 can query the correspondence between the hostx and the virtual machine, which can be recorded as: hostx-virtual machine) and the fifth correspondence between the virtual machine and the virtual local area network (in combination with FIG. 1)
  • the second query module 541 can query the correspondence between the virtual machine and the virtual local area network Vlan (30), and can be recorded as: virtual machine-Vlan (30).
  • the second association module 542 can perform association processing with the fifth correspondence relationship of the virtual machine-Vlan (30) based on the fourth correspondence relationship of the virtual machine to the "hostx-virtual machine", and obtain "hostx-" The sixth correspondence of Vlan ( 30 )".
  • a determining module 55 configured to: according to the first correspondence between the physical port of the access switch acquired by the first obtaining module 53 and the server, and the sixth between the server and the virtual local area network acquired by the second obtaining module 54 Corresponding relationship, determining a seventh correspondence between the physical port of the access switch and the virtual local area network;
  • the determination module 55 performs association processing based on the first correspondence of the server hostx to "port-hostx” and the sixth correspondence of "hostx-Vlan (30)", thereby obtaining "port-Vlan ( 30)" The seventh correspondence.
  • the second recording module 56 is configured to record a seventh correspondence between the physical port of the access switch and the virtual local area network, so as to use the seventh corresponding relationship of the record.
  • the switch needs to be configured at time A, and the server is added or decreased in the cluster in the data center at time B.
  • the cluster relationship data stored in the cluster management device needs to be dynamically updated, and the seventh correspondence between the updated physical port of the access switch and the virtual local area network needs to be re-acquired by the method of the embodiment of the present invention.
  • the cluster relationship data of the time A may be saved in the cluster relationship device, and the embodiment of the present invention may only partially update the configuration of the switch according to the changed cluster relationship data.
  • the cluster management device of the embodiment of the present invention further includes: a comparison module 57, configured to use the physical port and the virtual office of the switch determined by the determining module The seventh correspondence between the domain networks is compared with the seventh correspondence between the physical port recorded by the second recording module and the virtual local area network, and the difference data is found;
  • the adjusting module 58 is configured to dynamically add a virtual local area network that is allowed to pass through the physical port of the switch according to the difference data, or delete an unnecessary virtual local area network for the physical port of the switch.
  • the seventh correspondence between the physical port of the switch determined by the determining module 55 and the virtual local area network may be: physical port corresponding to the host 2 on the switch SW1
  • the corresponding relationship of the virtual local area network is: "Port - Vlan
  • the adjustment module 58 can delete the unneeded virtual local area network VLAN (30) for the physical port of the switch SW1.
  • the virtual local area network when the physical port of the switch is configured, the virtual local area network may be added or deleted in combination with the historical data, instead of all being configured according to the re-acquired seventh correspondence relationship. It avoids redundant configuration operations and further saves resources.
  • FIG. 10 is a schematic structural diagram of a third embodiment of a cluster management device according to the present invention.
  • the cluster management device of the embodiment of the present invention may also be configured by a physical module such as a processor 101, a memory 102, a bus 103, and a communication interface 104, where the memory 102 is configured to store a computer execution instruction.
  • the processor 101 is connected to the memory 102 via the bus, and when the cluster management device is running, the processor 101 executes the computer execution instruction stored by the memory 102, and passes through the communication interface 104. Communicating with the device outside the cluster management device, so that the cluster management device performs the virtual network-based switch configuration method described in the embodiments of the present invention.
  • the present invention further provides a computer storage medium, wherein the computer storage medium
  • the program may be stored with a program, and some or all of the steps in the embodiments of the virtual network-based switch configuration method provided by the present invention may be included in the execution of the program.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
  • ROM read-only memory
  • RAM random access memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to the field of communications, and especially relates to a switch configuration method and a cluster management device base on virtual networking, wherein the method includes: A: obtaining a first correspondence between the physical port of an access switch and a server; B: obtaining a sixth correspondence between the server and a Virtual Local Area Network (VLAN); C: according to the obtained first correspondence and sixth correspondence, determining a seventh correspondence between the physical port of the access switch and the VLAN; D: according to the VLAN corresponding to each physical port indicated in the seventh correspondence, configuring admitted VLAN for the physical port of the access switch. With the embodiments of the present invention, unnecessary network traffic configured on the switch is avoided, and safety hidden trouble is avoided.

Description

基于虚拟组网的交换机配置方法及集群管理设备 技术领域  Virtual network-based switch configuration method and cluster management device
本发明涉及 IT技术领域, 特别涉及一种基于虚拟组网的交换机配置方法及 集群管理设备。 背景技术  The present invention relates to the field of IT technologies, and in particular, to a virtual network-based switch configuration method and a cluster management device. Background technique
在虚拟组网环境下, 最终用户有申请一个独立网络平面, 以实现自己的虚 拟机(VM )及虚拟应用与其他用户隔离的需求。 当前, 在虚拟化层, 通过虚拟 局域网 (vlan )进行虚拟机的区隔。 图 1示出了基于虚拟组网的一个数据中心的 结构图, 如图 1所示, 一个数据中心中包括两个物理机集群 clusterl和 cluster2; 集群 clusterl中包含两个服务器 hostl和 host2(其中每一个 host中运行多个虚拟 机 VM ), 并且 cluterl使用了两个虚拟局域网 vlan ( 10, 20 ); 集群 cluster2中 包含若干个服务器 host ( hostl , hostx ), 且 cluster2使用了两个虚拟局域网 vlan ( 30, 80 )。  In a virtual networking environment, end users have an independent network plane to implement their own virtual machines (VMs) and the need to isolate virtual applications from other users. Currently, at the virtualization layer, virtual machines are separated by virtual local area networks (vlans). Figure 1 shows a structure diagram of a data center based on virtual networking. As shown in Figure 1, one data center includes two physical machine clusters clusterl and cluster2; cluster clusterl contains two servers hostl and host2 (each of which Running multiple virtual machine VMs in one host), and cluterl uses two virtual local area networks vlan (10, 20); cluster cluster2 contains several server hosts ( hostl , hostx ), and cluster2 uses two virtual local area networks vlan ( 30, 80).
从图 1中可知, 为了使得 clusterl内的服务器间能互通以及 clusterl内的服 务器能与数据中心外的其他设备互通,以及使得 cluster2内的服务器间能互通以 及 cluster2内的服务器能与数据中心外设备互通,现有技术提出如下的一种交换 机配置方式:  As can be seen from Figure 1, in order to enable inter-server communication in clusterl and the servers in clusterl to communicate with other devices outside the data center, and to enable inter-server communication in cluster2 and servers in cluster2 to be connected to data center equipment. Interworking, the prior art proposes a switch configuration as follows:
由于接入交换机 SW1 需要支持 clusterl 中的 Hostl 和 Host2, 以及支持 cluster2 中的 HostX, 因此需要配置接入交换机 SW1 上的物理端口允许对应于 clusterl和 cluster2的 vlan ( 10, 20, 30, 80 )通过;  Because access switch SW1 needs to support Hostl and Host2 in clusterl and HostX in cluster2, you need to configure the physical port on access switch SW1 to allow vlan (10, 20, 30, 80) corresponding to clusterl and cluster2 to pass. ;
由于接入交换机 SW2需要支持 cluster2中的 Host5、 6... , 因此需要配置接 入交换机 SW2上的物理端口允许对应于 cluster2的 vlan ( 30, 80 )通过;  Since the access switch SW2 needs to support Host5, 6... in cluster2, it is necessary to configure the physical port on the access switch SW2 to allow the vlan (30, 80) corresponding to cluster2 to pass;
在汇聚交换机 SW 上配置对应接入交换机 SW1 的物理端口允许 vlan(10,20,30,80)通过。  Configure the physical port of the access switch SW1 on the aggregation switch SW to allow vlan (10, 20, 30, 80) to pass.
由上可知, 现有技术在为交换机的物理端口配置虚拟局域网时, 在某些情 况下使得交换机配置了额外的信息, 比如, 服务器 hostx只是用了 vlan ( 30 ), 但在接入交换机 swl上确按 cluster2所使用 vlan ( 30, 80 )进行配置, 使得接入 交换机 swl上需要额外配置允许 vlan ( 80 )通过, 导致不必要的网络流量; 也 引入额外的安全隐患 发明内容 As can be seen from the above, when the virtual LAN is configured for the physical port of the switch, in some cases, the switch is configured with additional information. For example, the server hostx only uses vlan (30), but on the access switch swl. It is configured according to the vlan (30, 80) used by cluster2, so that the access switch swl needs additional configuration to allow vlan (80) to pass, resulting in unnecessary network traffic; Introducing additional security risks
鉴于此, 本发明提供一种基于虚拟组网的交换机配置方法及集群管理设备, 可避免交换机上不必要的虚拟组网配置问题。  In view of this, the present invention provides a virtual network-based switch configuration method and a cluster management device, which can avoid unnecessary virtual networking configuration problems on the switch.
本发明第一方面提供一种基于虚拟组网的交换机配置方法, 其可包括: A first aspect of the present invention provides a virtual network-based switch configuration method, which may include:
A: 获取接入交换机的物理端口与服务器之间的第一对应关系, 所述接入交 换机位于数据中心中, 所述数据中心包括多个物理机集群, 所述每个物理机集 群对应配置一台所述接入交换机, 每个物理机集群包括至少一台服务器, 所述 每台服务器上创建至少一台虚拟机, 所述每台服务器内的虚拟机对应至少一个 虚拟局域网; A: obtaining a first correspondence between the physical port of the access switch and the server, where the access switch is located in the data center, the data center includes multiple physical machine clusters, and each physical machine cluster is configured correspondingly. Each of the physical machine clusters includes at least one server, and at least one virtual machine is created on each of the servers, and the virtual machines in each of the servers correspond to at least one virtual local area network;
B: 获取所述服务器与虚拟局域网之间的第六对应关系;  B: obtaining a sixth correspondence between the server and the virtual local area network;
C: 根据获取的所述第一对应关系以及所述第六对应关系, 确定所述接入交 换机的物理端口与所述虚拟局域网间的第七对应关系;  C: determining, according to the obtained first correspondence and the sixth correspondence, a seventh correspondence between the physical port of the access switch and the virtual local area network;
D: 根据所述第七对应关系中指示的每个物理端口对应的虚拟局域网, 为所 述接入交换机的物理端口配置允许通过的虚拟局域网。  D: Configure, according to the virtual local area network corresponding to each physical port indicated in the seventh correspondence, a virtual local area network that allows the physical port of the access switch to pass.
结合第一方面, 在第一种可能的实现方式中, 获取接入交换机的物理端口 与服务器之间的第一对应关系, 包括:  With reference to the first aspect, in a first possible implementation, the first correspondence between the physical port of the access switch and the server is obtained, including:
当通信数据经过所述接入交换机进行通信时, 记录所述接入交换机上的物 理端口与通信地址之间的第二对应关系;  Recording, by the access switch, the second correspondence between the physical port and the communication address on the access switch;
查询集群关系数据, 获得所述服务器与所述通信地址的第三对应关系; 基于所述通信地址对所述第二对应关系以及第三对应关系进行关联处理, 得到所述接入交换机上的物理端口与所述服务器之间的第一对应关系。  Querying the cluster relationship data, obtaining a third correspondence between the server and the communication address; performing association processing on the second correspondence relationship and the third correspondence relationship based on the communication address, to obtain physics on the access switch The first correspondence between the port and the server.
结合第一方面, 在第二种可能的实现方式中, 所述获取所述服务器与所述 虚拟局域网之间的第六对应关系, 包括:  With reference to the first aspect, in a second possible implementation, the obtaining a sixth correspondence between the server and the virtual local area network includes:
查询集群关系数据, 获得所述服务器与虚拟机间的第四对应关系, 以及所 述虚拟机与虚拟局域网间的第五对应关系;  Querying cluster relationship data, obtaining a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual local area network;
基于所述虚拟机对查询到的所述第四对应关系以及所述第五对应关系进行 关联处理, 获得所述服务器与虚拟局域网之间的第六对应关系。  Performing association processing on the fourth corresponding relationship and the fifth corresponding relationship that are obtained by the virtual machine to obtain a sixth correspondence between the server and the virtual local area network.
结合第一方面, 在第三种可能的实现方式中, 所述方法还包括: E: 记录确定的所述接入交换机的物理端口与所述虚拟局域网间的第七对应 关系。 With reference to the first aspect, in a third possible implementation, the method further includes: E: record the determined seventh correspondence between the physical port of the access switch and the virtual local area network.
结合第一方面至第一方面的第三种可能的实现方式中的任一种, 在第四种 可能的实现方式中, 所述方法还包括:  With reference to the first aspect to any one of the third possible implementation manners of the first aspect, in a fourth possible implementation, the method further includes:
在集群管理设备中建立并存储所述集群关系数据, 所述集群关系数据至少 包括所述服务器与通信地址的第三对应关系、 所述服务器与虚拟机的第四对应 关系, 以及所述虚拟机与虚拟局域网的第五对应关系。  Establishing and storing the cluster relationship data in the cluster management device, where the cluster relationship data includes at least a third correspondence between the server and a communication address, a fourth correspondence between the server and the virtual machine, and the virtual machine The fifth correspondence with the virtual local area network.
结合第一方面的第四种可能的实现方式中的任一种, 在第五种可能的实现 方式中, 所述方法还包括:  With reference to any one of the fourth possible implementation manners of the first aspect, in a fifth possible implementation manner, the method further includes:
当所述物理机集群中新增或者减少服务器时, 更新所述接入交换机上的物 理端口与通信地址之间的第二对应关系, 以及更新存储的所述集群关系数据。  When a server is added or decremented in the physical machine cluster, a second correspondence between the physical port and the communication address on the access switch is updated, and the stored cluster relationship data is updated.
结合第一方面的第五种可能的实现方式中的任一种, 在第六种可能的实现 方式中, 所述方法还包括:  With reference to any one of the fifth possible implementation manners of the first aspect, in a sixth possible implementation, the method further includes:
在所述第二对应关系或所述集群关系数据更新之后, 返回执行所述步骤 A 至 D, 以更新所述接入交换机的物理端口允许通过的虚拟局域网。  After the second correspondence or the cluster relationship data is updated, the steps A to D are performed to update the virtual local area network through which the physical port of the access switch is allowed to pass.
结合第一方面的第六种可能的实现方式中的任一种, 在第七种可能的实现 方式中, 在所述第二对应关系或所述集群关系数据更新之后, 所述步骤 D包括: 将所述确定的所述交换机的物理端口与虚拟局域网之间的第七对应关系与 记录的物理端口与虚拟局域网之间的第七对应关系进行比较, 找出差异数据; 根据所述差异数据动态为所述交换机的物理端口新增允许通过的虚拟局域 网, 或者为所述交换机的物理端口删除不需要的虚拟局域网。  With reference to any one of the sixth possible implementation manners of the first aspect, in a seventh possible implementation, after the second correspondence or the cluster relationship data is updated, the step D includes: Comparing the determined seventh correspondence between the physical port of the switch and the virtual local area network and the seventh correspondence between the recorded physical port and the virtual local area network to find difference data; Add a virtual local area network that allows access to the physical port of the switch, or delete an unnecessary virtual local area network for the physical port of the switch.
本发明第二方面提供一种集群管理设备, 其可包括:  A second aspect of the present invention provides a cluster management device, which may include:
第一获取模块, 用于获取接入交换机的物理端口与服务器之间的第一对应 关系; 所述接入交换机位于数据中心中, 所述数据中心包括多个物理机集群, 所述每个物理机集群对应配置一台所述接入交换机, 每个物理机集群包括至少 一台服务器, 所述每台服务器上创建至少一台虚拟机, 所述每台服务器内的虚 拟机对应至少一个虚拟局域网;  a first acquiring module, configured to acquire a first correspondence between a physical port of the access switch and the server; the access switch is located in a data center, where the data center includes multiple physical machine clusters, and each physical entity The machine cluster is configured with one access switch, each physical machine cluster includes at least one server, and at least one virtual machine is created on each server, and the virtual machine in each server corresponds to at least one virtual local area network. ;
第二获 莫块, 用于获取所述服务器与虚拟局域网之间的第六对应关系; 确定模块, 用于根据所述第一获取模块获取的第一对应关系以及所述第二 获取模块获取的第六对应关系, 确定所述接入交换机的物理端口与所述虚拟局 域网间的第七对应关系; a second obtaining block, configured to acquire a sixth correspondence between the server and the virtual local area network; a determining module, configured to be configured according to the first corresponding relationship acquired by the first acquiring module and acquired by the second acquiring module a sixth correspondence, determining a physical port of the access switch and the virtual office The seventh correspondence between the domain networks;
配置模块, 用于根据所述确定模块所确定的第七对应关系中指示的每个物 理端口对应的虚拟局域网, 为所述接入交换机的物理端口配置允许通过的虚拟 局域网。  And a configuration module, configured to configure, according to the virtual local area network corresponding to each physical port indicated in the seventh correspondence relationship determined by the determining module, a virtual local area network that is allowed to pass through for the physical port of the access switch.
结合第二方面, 在第一种可能的实现方式中, 所述第一获取模块包括: 第一记录模块, 用于在有通信数据经过所述接入交换机进行通信时, 记录 所述接入交换机上的物理端口与通信地址之间的第二对应关系;  With reference to the second aspect, in a first possible implementation, the first acquiring module includes: a first recording module, configured to record the access switch when communication data passes through the access switch for communication a second correspondence between the physical port and the communication address;
第一查询模块, 用于查询集群关系数据, 获得所述服务器与所述通信地址 的第三对应关系;  a first query module, configured to query cluster relationship data, and obtain a third correspondence between the server and the communication address;
第一关联处理模块, 用于基于所述通信地址对所述第二对应关系以及第三 对应关系进行关联处理, 得到所述接入交换机上的物理端口与服务器之间的第 一对应关系。  The first association processing module is configured to perform association processing on the second correspondence relationship and the third correspondence relationship based on the communication address, to obtain a first correspondence relationship between the physical port on the access switch and the server.
结合第二方面, 在第二种可能的实现方式中, 所述第二获取模块包括: 第二查询模块, 用于查询集群关系数据, 获得所述服务器与虚拟机间的第 四对应关系, 以及所述虚拟机与虚拟局 i或网间的第五对应关系;  With reference to the second aspect, in a second possible implementation, the second obtaining module includes: a second query module, configured to query cluster relationship data, obtain a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual office i or the network;
第二关联处理模块, 用于基于所述虚拟机对查询到的所述第四对应关系以 及所述第五对应关系进行关联处理, 获得所述服务器与虚拟局域网之间的第六 对应关系。  And a second association processing module, configured to perform association processing on the fourth corresponding relationship and the fifth correspondence relationship that are obtained by the virtual machine, to obtain a sixth correspondence between the server and the virtual local area network.
结合第二方面, 在第三种可能的实现方式中, 该集群管理设备还包括: 第二记录模块, 用于记录所述确定模块所确定的所述接入交换机的物理端 口与所述虚拟局域网间的第七对应关系。  With reference to the second aspect, in a third possible implementation, the cluster management device further includes: a second recording module, configured to record, by the determining module, a physical port of the access switch and the virtual local area network The seventh correspondence between the two.
结合第二方面至第二方面的第三可能的实现方式中的任一种, 在第四种可 能的实现方式中, 所述集群管理设备还包括:  With reference to any one of the second aspect to the third possible implementation manner of the second aspect, in a fourth possible implementation, the cluster management device further includes:
创建模块, 用于在集群管理设备中建立并存储所述集群关系数据, 所述集 群关系数据至少包括所述服务器与通信地址的第三对应关系、 所述服务器与虚 拟机的第四对应关系, 以及所述虚拟机与虚拟局域网的第五对应关系。  a creating module, configured to establish and store the cluster relationship data in the cluster management device, where the cluster relationship data includes at least a third correspondence between the server and a communication address, and a fourth correspondence between the server and the virtual machine. And a fifth correspondence between the virtual machine and the virtual local area network.
结合第二方面的第四种可能的实现方式中的任一种, 在第五种可能的实现 方式中, 所述集群管理设备还包括:  With the fourth possible implementation of the second aspect, in a fifth possible implementation, the cluster management device further includes:
更新模块, 用于当所述物理机集群中新增或者减少服务器时, 更新接入交 换机上的物理端口与通信地址之间的第二对应关系, 以及更新所述集群管理设 则所述第一获取模块具体根据所述更新模块更新后的接入交换机上的物理 端口与通信地址之间的第二对应关系和所述集群管理设备中存储的集群关系数 据获取的接入交换机的物理端口与服务器间的第一对应关系; An update module, configured to update a second correspondence between a physical port on the access switch and a communication address, and update the cluster management device when the server is added or removed from the physical machine cluster The first obtaining module is specifically configured to obtain an access switch obtained by using the second correspondence between the physical port and the communication address on the access switch that is updated by the update module and the cluster relationship data stored in the cluster management device. The first correspondence between the physical port and the server;
所述第二获取模块具体根据所述更新模块更新后所述集群管理设备中存储 的集群关系数据获取所述服务器与虚拟局域网间的第六对应关系。  The second obtaining module acquires a sixth correspondence between the server and the virtual local area network according to the cluster relationship data stored in the cluster management device after the update module is updated.
结合第二方面的第五种可能的实现方式中的任一种, 在第六种可能的实现 方式中, 所述集群管理设备还包括:  With the fifth possible implementation of the second aspect, in a sixth possible implementation, the cluster management device further includes:
比较模块, 用于将所述确定模块确定的所述交换机的物理端口与虚拟局域 网之间的第七对应关系与所述第二记录模块记录的物理端口与虚拟局域网之间 的第七对应关系进行比较, 找出差异数据;  a comparison module, configured to perform a seventh correspondence between the physical port of the switch and the virtual local area network determined by the determining module, and a seventh correspondence between the physical port recorded by the second recording module and the virtual local area network Compare and find the difference data;
调整模块, 用于根据所述差异数据动态为所述交换机的物理端口新增允许 通过的虚拟局域网, 或者为所述交换机的物理端口删除不需要的虚拟局域网。  And an adjusting module, configured to dynamically add a virtual local area network that is allowed to pass through the physical port of the switch according to the difference data, or delete an unnecessary virtual local area network for the physical port of the switch.
本发明第三方面提供一种集群管理设备, 其特征在于, 包括处理器、 存储 器、 总线和通信接口; 所述存储器用于存储计算机执行指令, 所述处理器与所 述存储器通过所述总线连接, 当所述集群管理设备运行时, 所述处理器执行所 述存储器存储的所述计算机执行指令, 并通过所述通信接口与所述集群管理设 备外部的设备进行通信, 以使所述集群管理设备执行如权利要求 1-8中任一所 述的基于虚拟组网的交换机配置方法。  A third aspect of the present invention provides a cluster management device, including: a processor, a memory, a bus, and a communication interface; the memory is configured to store a computer execution instruction, and the processor is connected to the memory through the bus When the cluster management device is running, the processor executes the computer execution instruction stored by the memory, and communicates with a device external to the cluster management device through the communication interface, so that the cluster management The apparatus performs the virtual networking based switch configuration method of any one of claims 1-8.
本发明第四方面提供一种计算机可读介质, 其可包括计算机执行指令, 以 供计算机的处理器执行所述计算机执行指令时, 所述计算机执行本发明实施例 中所述的基于虚拟组网的交换机配置方法。  The fourth aspect of the present invention provides a computer readable medium, which may include a computer-executed instruction, when the processor of the computer executes the computer-executed instruction, the computer performs the virtual networking described in the embodiment of the present invention. Switch configuration method.
由上可见, 在本发明的一些可行的实施方式中获取接入交换机的物理端口 与服务器之间的第一对应关系; 获取所述服务器与虚拟局域网之间的第六对应 关系; 根据获取的所述第一对应关系以及所述第六对应关系, 确定所述接入交 换机的物理端口与所述虚拟局域网间的第七对应关系; 根据所述第七对应关系 中指示的每个物理端口对应的虚拟局域网, 为所述接入交换机的物理端口配置 允许通过的虚拟局域网, 因此, 本发明实施例相对于现有技术能缩小交换机上 的物理端口允许通过的虚拟局域网的范围, 避免了交换机上配置不必要的网络 流量和降低了安全隐患。 附图说明 It can be seen that, in some possible implementation manners of the present invention, obtaining a first correspondence between a physical port of the access switch and the server; acquiring a sixth correspondence between the server and the virtual local area network; a first correspondence relationship and a sixth correspondence relationship, determining a seventh correspondence between the physical port of the access switch and the virtual local area network; and corresponding to each physical port indicated in the seventh correspondence relationship The virtual local area network is configured to allow the physical port of the access switch to pass through the virtual local area network. Therefore, the embodiment of the present invention can reduce the range of the virtual local area network allowed by the physical port on the switch, and avoid configuration on the switch. Unnecessary network traffic and reduced security risks. DRAWINGS
图 1为基于虚拟组网的一个数据中心的组网结构示意图;  FIG. 1 is a schematic diagram of a networking structure of a data center based on a virtual networking;
图 2 为本发明的基于虚拟组网的交换机配置方法的第二实施例的流程示意 图;  2 is a schematic flow chart of a second embodiment of a virtual network-based switch configuration method according to the present invention;
图 3 为本发明的基于虚拟组网的交换机配置方法的第二实施例的流程示意 图;  3 is a schematic flow chart of a second embodiment of a virtual network-based switch configuration method according to the present invention;
图 4为本发明的集群管理设备的第一实施例的结构组成示意图;  4 is a schematic structural diagram of a first embodiment of a cluster management device according to the present invention;
图 5为图 4中的第一获取模块的一实施例的结构组成示意图  FIG. 5 is a schematic structural diagram of an embodiment of the first obtaining module in FIG.
图 6为图 4中的第二获取模块的一实施例的结构组成示意图;  6 is a schematic structural diagram of an embodiment of a second acquisition module in FIG. 4;
图 7为本发明的集群管理设备的第二实施例的结构组成示意图;  7 is a schematic structural diagram of a second embodiment of a cluster management device according to the present invention;
图 8为图 7中的第一获取模块的一实施例的结构组成示意图;  8 is a schematic structural diagram of an embodiment of a first obtaining module in FIG. 7;
图 9为图 7中的第二获取模块的一实施例的结构组成示意图;  9 is a schematic structural diagram of an embodiment of a second acquisition module in FIG. 7;
图 10为本发明的集群管理设备的第三实施例的结构组成示意图。 具体实施例  FIG. 10 is a schematic structural diagram of a third embodiment of a cluster management device according to the present invention. Specific embodiment
下面通过具体的实施例对本发明进行详细说明。  The invention will now be described in detail by way of specific examples.
图 2 为本发明的基于虚拟组网的交换机配置方法的第一实施例的流程示意 图。 如图 2所示, 其可包括:  2 is a schematic flow chart of a first embodiment of a virtual network-based switch configuration method according to the present invention. As shown in FIG. 2, it may include:
步骤 S110, 获取接入交换机的物理端口与服务器之间的第一对应关系; 具体地, 结合图 1 , 本发明实施例应用于数据中心中, 所述数据中心包括多 个物理机集群 cluster, 每个物理机集群包括至少一台服务器 host和配置一台接 入交换机,所述每台服务器上创建至少一台虚拟机 VM, 所述每台服务器内的虚 拟机对应至少一个虚拟局域网 Vlan, 所述每台服务器内的虚拟机通过所述至少 一台接入交换机进行通信, 所述接入交换机包括多个物理端口, 每个物理端口 对应服务于一台服务器;  Step S110: Obtain a first correspondence between a physical port of the access switch and the server. Specifically, in conjunction with FIG. 1, the embodiment of the present invention is applied to a data center, where the data center includes multiple physical machine clusters, each The physical machine cluster includes at least one server host and one access switch, and each of the servers creates at least one virtual machine VM, and the virtual machines in each server correspond to at least one virtual local area network Vlan, The virtual machine in each server communicates through the at least one access switch, where the access switch includes multiple physical ports, and each physical port corresponds to one server;
具体实现中, 所述获取接入交换机的物理端口与服务器间的第一对应关系 可以有两种方式:  In a specific implementation, the obtaining the first correspondence between the physical port of the access switch and the server may be in two ways:
其一, 若每个物理机集群对应配置一台接入交换机由管理员通过维护平台 配置, 则通过所述维护平台获取所述接入交换机的物理端口与服务器间的第一 对应关系; For example, if each physical machine cluster is configured with one access switch configured by the administrator through the maintenance platform, the first physical port between the access switch and the server is obtained through the maintenance platform. Correspondence relationship
其二, 若每个物理机集群对应配置的一台接入交换机是在通信的时候自动 配置的, 则所述接入交换机在报文通过自身端口进行通信的时候, 记录所述接 入交换机上的物理端口与通信地址之间的第二对应关系, 并可上报所述第二对 应关系给集群管理设备,  Second, if an access switch corresponding to each physical machine cluster is automatically configured during communication, the access switch records the access switch when the packet communicates through its own port. a second correspondence between the physical port and the communication address, and reporting the second correspondence to the cluster management device,
具体实现中,接入交换机可釆用二层(介质访问控制( Media Access Control, MAC ) )地址或三层地址(IP地址)进行 "¾文交换, 因此, 步骤 S110中的通信 地址可为 MAC地址和 /或 IP地址。 在虚拟组网中, 接入交换机可在与服务器进 行报文交互时, 学习并存储所述接入交换机的物理端口与所述通信地址间的第 二对应关系 (以 MAC地址为例, 可将物理端口与通信地址的对应关系记录为: 端口 -MAC, 结合图 1 , 以交换机 SW1 (后续接入交换机简称交换机)为例, 则 在步骤 S110可获得 SW1上的各物理端口与 MAC的对应关系)。  In a specific implementation, the access switch may use a Layer 2 (Media Access Control (MAC)) address or a Layer 3 address (IP address) for "3⁄4 text exchange. Therefore, the communication address in step S110 may be MAC. Address and/or IP address. In the virtual network, the access switch can learn and store the second correspondence between the physical port of the access switch and the communication address when performing packet exchange with the server. The MAC address is used as an example. The correspondence between the physical port and the communication address can be recorded as: port-MAC. Referring to FIG. 1 and taking the switch SW1 (subsequent access switch for short) as an example, each of SW1 can be obtained in step S110. Correspondence between physical port and MAC).
另外, 当数据中心创建时, 可在数据中心的集群管理设备中建立集群关系 数据。 所述集群关系数据包括物理机集群、 服务器、 虚拟机、 虚拟局域网间的 对应关系。 比如, 物理机集群包括的服务器有哪些, 服务器中包括哪些虚拟机, 虚拟机对应哪些虚拟局域网, 服务器使用哪些通信地址进行通信等等; 集群关 系数据中包含的对应关系可以包括: 服务器与通信地址的第三对应关系、 服务 器与虚拟机的第四对应关系以及虚拟机与虚拟局域网的第五对应关系等等。  In addition, when the data center is created, cluster relationship data can be established in the cluster management device of the data center. The cluster relationship data includes a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network. For example, what are the servers included in the physical machine cluster, which virtual machines are included in the server, which virtual local networks are used by the virtual machine, and which communication addresses are used by the server for communication, etc.; the correspondences included in the cluster relationship data may include: the server and the communication address The third correspondence, the fourth correspondence between the server and the virtual machine, and the fifth correspondence between the virtual machine and the virtual local area network, and the like.
因此, 在步骤 S110中可通过查询集群数据获得服务器与通信地址间的第三 对应关系 (以 MAC地址为例, 可将服务器与通信地址的第三对应关系记录为: 服务器 -MAC,结合图 1 ,以服务器 hostx为例,则在步骤 S110可获得 hostx-MAC 的对应关系)。  Therefore, in the step S110, the third correspondence between the server and the communication address can be obtained by querying the cluster data. Taking the MAC address as an example, the third correspondence between the server and the communication address can be recorded as: server-MAC, combined with FIG. Taking the server hostx as an example, the correspondence relationship of the hostx-MAC can be obtained in step S110.
由此, 在步骤 S110, 基于 MAC 对 "端口 -MAC" 的第二对应关系, 与 "hostx-MAC" 的第三对应关系进行关联 (join )处理, 就可得到 "端口 -hostx" 的第一对应关系。  Thus, in step S110, based on the second correspondence between the MAC and the "port-MAC" and the third correspondence of "hostx-MAC", the first "port-hostx" is obtained. Correspondence relationship.
在一些可行的实施方式中, 集群关系数据可能会发生变化, 比如, 新增服 务器或者减少服务器, 此时, 交换机以及集群管理设备中将根据集群发生的变 化动态更新物理端口与通信地址间的第二对应关系, 以及动态更新的集群关系 数据。 则, 在步骤 S110中获得的则可能是更新后的物理端口与通信地址间的第 二对应关系, 或者是动态更新后的物理端口与服务器间的第一对应关系。 步骤 Sil l , 获取所述服务器与虚拟局域网之间的第六对应关系; 具体地, 可以查询集群关系数据, 获取服务器与虚拟机间的第四对应关系, 以及所述虚拟机与虚拟局域网间的第五对应关系, 并对查询到的服务器与虚拟 机间的第四对应关系以及所述虚拟机与虚拟局域网间的第五对应关系进行关联 处理, 得到所述服务器与所述虚拟局域网间的第六对应关系。 In some feasible implementation manners, the cluster relationship data may change, for example, adding a server or reducing a server. At this time, the switch and the cluster management device dynamically update the physical port and the communication address according to the change of the cluster. Two correspondences, and dynamically updated cluster relationship data. Then, the second correspondence between the updated physical port and the communication address may be obtained in step S110, or the first correspondence between the dynamically updated physical port and the server. Step S1: obtaining a sixth correspondence between the server and the virtual local area network; specifically, querying the cluster relationship data, obtaining a fourth correspondence between the server and the virtual machine, and between the virtual machine and the virtual local area network a fifth correspondence relationship, and a fourth correspondence between the queried server and the virtual machine and a fifth correspondence between the virtual machine and the virtual local area network, and obtaining a relationship between the server and the virtual local area network Six correspondence.
具体实现中, 基于集群创建时在集群管理设备中建立所述集群关系数据或 者在集群组网变化时, 集群管理设备中更新的集群关系数据, 均可查询到服务 器与虚拟机间的第四对应关系(结合图 1 ,在步骤 S111可查询到 hostx与虚拟机 的对应关系, 可记录为: hostx-虚拟机) 以及所述虚拟机与虚拟局域网间的第五 对应关系 (结合图 1 , 在步骤 S111可查询到虚拟机与虚拟局域网 Vlan ( 30 ) 的 对应关系, 可记录为: 虚拟机 -Vlan ( 30 ) )。  In a specific implementation, when the cluster relationship data is established in the cluster management device when the cluster is created, or when the cluster networking changes, the cluster relationship data updated in the cluster management device can be queried to the fourth between the server and the virtual machine. Corresponding relationship (in conjunction with FIG. 1, the correspondence between hostx and the virtual machine can be queried in step S111, which can be recorded as: hostx-virtual machine) and the fifth correspondence between the virtual machine and the virtual local area network (in combination with FIG. 1 , Step S111 can query the correspondence between the virtual machine and the virtual local area network Vlan (30), which can be recorded as: virtual machine-Vlan (30).
由此, 在步骤 S111 , 基于虚拟机对 "hostx-虚拟机" 的第四对应关系, 与 "虚拟机 -Vlan( 30 )"的第五对应关系进行关联处理,就可得到 "hostx- Vlan( 30 )" 的第六对应关系。  Thus, in step S111, based on the fourth correspondence between the virtual machine pair "hostx-virtual machine" and the fifth correspondence relationship of the "virtual machine-Vlan(30)", "hostx-Vlan" is obtained. 30)" The sixth correspondence.
步骤 S112, 根据获取的接入交换机的物理端口与服务器间的第一对应关系 以及所述服务器与虚拟局域网间的第六对应关系, 确定所述接入交换机的物理 端口与所述虚拟局域网间的第七对应关系。  Step S112, determining, according to the first correspondence between the physical port of the access switch and the server, and the sixth correspondence between the server and the virtual local area network, determining a physical port between the access switch and the virtual local area network. The seventh correspondence.
基于服务器对所述交换机的物理端口与服务器间的第一对应关系以及所述 服务器与所述虚拟局域网间的第六对应关系进行关联处理, 得到所述物理端口 与所述虚拟局域网间的第七对应关系。  Correlating a first correspondence between the physical port of the switch and the server and a sixth correspondence between the server and the virtual local area network, and obtaining a seventh between the physical port and the virtual local area network Correspondence relationship.
仍结合图前面的例子, 在步骤 S112, 基于服务器 hostx对 "端口 -hostx" 的 第一对应关系以及 " hostx- Vlan ( 30 ),, 的第六对应关系进行关联处理, 即可得 到 "端口 - Vlan ( 30 )" 的第七对应关系。  Still in conjunction with the previous example of the figure, in step S112, based on the server hostx's first correspondence of "port-hostx" and the sixth correspondence of "hostx-Vlan (30),", the "port-" is obtained. The seventh correspondence of Vlan ( 30 )".
步骤 S113 , 根据所述第七对应关系中指示的每个物理端口对应的虚拟局域 网, 为所述接入交换机的物理端口配置允许通过的虚拟局域网。  Step S113: Configure a virtual local area network that is allowed to pass through for the physical port of the access switch according to the virtual local area network corresponding to each physical port indicated in the seventh correspondence.
仍结合图前面的例子, 在步骤 S113 , 可按照 "端口 - Vlan ( 30 )" 的第七对 应关系为交换机的物理端口配置允许通过的虚拟局域网。 由此可知, 通过本发 明实施例的方法之后, 交换机 SW1上配置虚拟机的粒度由物理机集群缩小到服 务器粒度, 即可以只配置服务器 hostx需要使用的 vlan ( 30 ), 而不需要配置另 一个不需要使用的 vlan ( 80 ), 由此, 相对于现有技术能缩小交换机上的物理端 口允许通过的虚拟局域网的范围, 避免了交换机上配置不必要的网络流量和降 低了安全隐患。 Still referring to the previous example of the figure, in step S113, the physical port of the switch can be configured to allow the virtual local area network to pass according to the seventh correspondence of "port-Vlan (30)". Therefore, after the method of the embodiment of the present invention is used, the granularity of the virtual machine configured on the switch SW1 is reduced from the physical machine cluster to the server granularity, that is, only the vlan (30) required by the server hostx can be configured, and the other is not required to be configured. Vlan (80) that is not needed, thereby reducing the physical side of the switch compared to the prior art The range of virtual LANs allowed by the port avoids unnecessary network traffic and reduces security risks on the switch.
图 3 为本发明的基于虚拟组网的交换机配置方法的第二实施例的流程示意 图。 如图 3所示, 其可包括:  FIG. 3 is a schematic flow chart of a second embodiment of a virtual network-based switch configuration method according to the present invention. As shown in FIG. 3, it may include:
步骤 S210, 当集群中新增或者减少服务器时动态更新接入交换机上的物理 端口与通信地址之间的第二对应关系, 以及更新存储的集群关系数据。  Step S210: Dynamically update a second correspondence between the physical port on the access switch and the communication address when the server is added or decreased in the cluster, and update the stored cluster relationship data.
具体地, 结合图 1 , 本发明实施例应用于数据中心中, 所述数据中心包括多 个物理机集群 cluster,每个物理机集群包括至少一台服务器 host, 所述每台服务 器上创建至少一台虚拟机 VM, 所述每台服务器对应至少一个虚拟局域网 vlan, 所述每个物理机集群 cluster对应配置一台接入交换机 SW,所述每台服务器内的 虚拟机通过所述至少一台接入交换机进行通信, 所述接入交换机包括多个物理 端口, 每个物理端口对应服务于一台服务器;  Specifically, with reference to FIG. 1, the embodiment of the present invention is applied to a data center, where the data center includes a plurality of physical machine clusters, each physical machine cluster includes at least one server host, and at least one is created on each of the servers. Each of the virtual machine VMs corresponds to at least one virtual local area network vlan, and each of the physical machine clusters is configured with an access switch SW, and the virtual machines in each of the servers are connected through the at least one Incoming to the switch for communication, the access switch includes multiple physical ports, and each physical port corresponds to one server;
当数据中心创建时, 可在数据中心的集群管理设备中建立集群关系数据。 所述集群关系数据包括物理机集群、 服务器、 虚拟机、 虚拟局域网间的对应关 系。 比如, 物理机集群包括的服务器有哪些, 服务器中包括哪些虚拟机, 虚拟 机对应哪些虚拟局域网, 服务器使用哪些通信地址进行通信等等; 集群关系数 据中包含的对应关系可以包括: 服务器与通信地址的第三对应关系、 服务器与 虚拟机的第四对应关系以及虚拟机与虚拟局域网的第五对应关系等等。  When the data center is created, cluster relationship data can be established in the cluster management device of the data center. The cluster relationship data includes a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network. For example, what are the servers included in the physical machine cluster, which virtual machines are included in the server, which virtual local networks are used by the virtual machine, and which communication addresses are used by the server for communication, etc.; the correspondences included in the cluster relationship data may include: the server and the communication address The third correspondence, the fourth correspondence between the server and the virtual machine, and the fifth correspondence between the virtual machine and the virtual local area network, and the like.
若每个物理机集群对应配置的一台接入交换机是在通信的时候自动配置 的, 则接入交换机在报文通过自身端口进行通信的时候, 会记录所述接入交换 机上的物理端口与通信地址之间的第二对应关系, 并可上报所述第二对应关系 给集群管理设备。 具体实现中, 接入交换机可釆用二层(介质访问控制 (Media Access Control, MAC ) )地址或三层地址( IP地址)进行艮文交换, 因此, 本 发明的通信地址可为 MAC地址和 /或 IP地址。 在虚拟组网中, 接入交换机可在 与服务器进行报文交互时, 学习并存储所述接入交换机的物理端口与所述通信 地址间的第二对应关系(以 MAC地址为例, 可将物理端口与通信地址的对应关 系记录为: 端口 -MAC, 结合图 1 , 以交换机 SW1 (后续接入交换机简称交换机) 为例, 则在步骤 S210可在 SW1上记录各物理端口与 MAC的对应关系)。  If an access switch configured for each physical machine cluster is automatically configured during communication, the access switch records the physical port on the access switch when the packet communicates through its own port. A second correspondence between the communication addresses, and the second correspondence may be reported to the cluster management device. In a specific implementation, the access switch may use a Layer 2 (Media Access Control (MAC)) address or a Layer 3 address (IP address) for exchange of texts. Therefore, the communication address of the present invention may be a MAC address and / or IP address. In the virtual networking, the access switch can learn and store the second correspondence between the physical port of the access switch and the communication address when the packet exchanges with the server (using the MAC address as an example, The correspondence between the physical port and the communication address is recorded as: port-MAC. Referring to FIG. 1, with the switch SW1 (subsequent access switch referred to as the switch) as an example, the correspondence between the physical port and the MAC can be recorded on the SW1 in step S210. ).
此后, 集群关系数据可能会发生变化, 比如, 新增服务器或者减少服务器, 此时, 则在步骤 S210交换机以及集群管理设备中将根据集群发生的变化动态更 新物理端口与通信地址间的第二对应关系, 以及动态更新的集群关系数据。 步骤 S211 , 获取接入交换机的物理端口与服务器间的第一对应关系; 在一些可行的实施方式中, 可通过查询交换机或集群管理设备获取接入交 换机上的物理端口与通信地址之间的第二对应关系(以 MAC地址为例, 可将物 理端口与通信地址的对应关系记录为:端口 -MAC,结合图 1 , 以交换机 SW1 (后 续接入交换机简称交换机) 为例, 则在步骤 S211可获取 SW1上记录的各物理 端口与 MAC的对应关系)。 以及, 可通过查询集群数据获得服务器与通信地址 间的第三对应关系(以 MAC地址为例, 可将服务器与通信地址的第三对应关系 记录为: 服务器 -MAC, 结合图 1 , 以服务器 hostx为例, 则在步骤 S211可获得 hostx-MAC的对应关系)。 并且, 基于 MAC对 "端口 -MAC" 的第二对应关系, 与 "hostx-MAC"的第三对应关系进行关联(join )处理, 就可得到 "端口 -hostx" 的第一对应关系。 After that, the cluster relationship data may change, for example, adding a server or reducing the server. At this time, in the step S210, the switch and the cluster management device will dynamically change according to the change of the cluster. The second correspondence between the new physical port and the communication address, and the dynamically updated cluster relationship data. Step S211: Obtain a first correspondence between the physical port of the access switch and the server. In some feasible implementation manners, the first between the physical port and the communication address on the access switch may be obtained by querying the switch or the cluster management device. The correspondence between the physical port and the communication address is as follows: port-MAC, in combination with FIG. 1, and switch SW1 (subsequent access switch referred to as switch), for example, in step S211. Obtain the correspondence between each physical port and MAC recorded on SW1). And, the third correspondence between the server and the communication address can be obtained by querying the cluster data. Taking the MAC address as an example, the third correspondence between the server and the communication address can be recorded as: server-MAC, combined with FIG. 1, with server hostx For example, the correspondence relationship of the hostx-MAC can be obtained in step S211. Moreover, based on the second correspondence between the MAC and the "port-MAC" and the third correspondence of "hostx-MAC", the first correspondence of "port-hostx" is obtained.
步骤 S212, 获取所述服务器与虚拟局域网间的第六对应关系;  Step S212: Acquire a sixth correspondence between the server and the virtual local area network.
具体地, 可以查询集群关系数据中存储的服务器与虚拟机间的第四对应关 系, 以及所述虚拟机与虚拟局域网间的第五对应关系, 并对查询到的服务器与 虚拟机间的第四对应关系以及所述虚拟机与虚拟局域网间的第五对应关系进行 关联处理, 得到所述服务器与所述虚拟局域网间的第六对应关系。  Specifically, the fourth correspondence between the server and the virtual machine stored in the cluster relationship data, and the fifth correspondence between the virtual machine and the virtual local area network, and the fourth between the queried server and the virtual machine may be queried. Corresponding relationship and a fifth correspondence between the virtual machine and the virtual local area network are processed to obtain a sixth correspondence between the server and the virtual local area network.
具体实现中, 基于更新的集群关系数据, 可查询到服务器与虚拟机间的第 四对应关系 (结合图 1 , 在步骤 S212可查询到 hostx与虚拟机的对应关系, 可 记录为: hostx-虚拟机) 以及所述虚拟机与虚拟局域网间的第五对应关系 (结合 图 1 , 在步骤 S212可查询到虚拟机与虚拟局域网 Vlan ( 30 ) 的对应关系, 可记 录为: 虚拟机 -Vlan ( 30 ) )。  In a specific implementation, based on the updated cluster relationship data, the fourth correspondence between the server and the virtual machine may be queried (in combination with FIG. 1 , the correspondence between the hostx and the virtual machine may be queried in step S212, and the record may be: hostx-virtual And a fifth correspondence between the virtual machine and the virtual local area network (in conjunction with FIG. 1 , the correspondence between the virtual machine and the virtual local area network Vlan ( 30 ) can be queried in step S212, and can be recorded as: virtual machine-Vlan (30) )).
由此, 在步骤 S212, 基于虚拟机对 "hostx-虚拟机" 的第四对应关系, 与 "虚拟机 -Vlan( 30 )"的第五对应关系进行关联处理,就可得到 "hostx- Vlan( 30 )" 的第六对应关系。  Thus, in step S212, based on the fourth correspondence between the virtual machine pair "hostx-virtual machine" and the fifth correspondence relationship of the "virtual machine-Vlan(30)", "hostx-Vlan" is obtained. 30)" The sixth correspondence.
步骤 S213 , 根据获取的接入交换机的物理端口与服务器间的第一对应关系 以及所述服务器与虚拟局域网间的第六对应关系, 确定所述接入交换机的物理 端口与所述虚拟局域网间的第七对应关系。  Step S213, determining, according to the first correspondence between the physical port of the access switch and the server, and the sixth correspondence between the server and the virtual local area network, determining a physical port between the access switch and the virtual local area network. The seventh correspondence.
基于服务器对所述交换机的物理端口与服务器间的第一对应关系以及所述 服务器与所述虚拟局域网间的第六对应关系进行关联处理, 得到所述物理端口 与所述虚拟局域网间的第七对应关系。 Correlating the first correspondence between the physical port of the switch and the server and the sixth correspondence between the server and the virtual local area network to obtain the physical port a seventh correspondence relationship with the virtual local area network.
仍结合图前面的例子, 在步骤 S213, 基于服务器 hostx对 "端口 -hostx" 的 第一对应关系以及 " hostx-Vlan (30),, 的第六对应关系进行关联处理, 即可得 到 "端口 - Vlan (30)" 的第七对应关系。  Still in conjunction with the previous example of the figure, in step S213, based on the server hostx's first correspondence of "port-hostx" and the sixth correspondence of "hostx-Vlan (30),", the "port" is obtained. The seventh correspondence of Vlan (30)".
步骤 S214, 将物理端口与所述虚拟局域网间的第七对应关系与记录的物理 端口与虚拟局域网之间的第七对应关系进行比较, 找出差异数据。  Step S214: Compare the seventh correspondence between the physical port and the virtual local area network with the seventh correspondence between the recorded physical port and the virtual local area network, and find the difference data.
步骤 S215, 根据所述差异数据动态为所述交换机的物理端口新增允许通过 的虚拟局域网, 或者为所述交换机的物理端口删除不需要的虚拟局域网。  Step S215: Dynamically add a virtual local area network that is allowed to pass through the physical port of the switch according to the difference data, or delete an unnecessary virtual local area network for a physical port of the switch.
在一些可行的实施方式中, 可能存在需要多次基于虚拟组网对交换机进行 配置, 比如, 在时刻 A需要对交换机进行配置, 而在时刻 B数据中心中的集群 中新增或者减少服务器, 则在时刻 B需动态更新所述集群管理设备中存储的集 群关系数据, 并需要通过本发明实施例的方法重新获取更新的所述接入交换机 的物理端口与所述虚拟局域网间的第七对应关系。 但, 在时刻 B之前, 集群关 系设备中可能已经保存有时刻 A的集群关系数据, 则在此基础上, 本发明实施 例可仅需根据改变了的集群关系数据来对交换机的配置进行部分更新, 而不需 要全部重新对交换机进行配置, 因此, 在步骤 S214将物理端口与所述虚拟局域 网间的第七对应关系与所述上一次记录的物理端口与虚拟局域网之间的第七对 应关系进行比较, 找出差异数据。 则在步骤 S215即可根据所述差异数据动态为 所述交换机的物理端口新增允许通过的虚拟局域网, 或者为所述交换机的物理 端口删除不需要的虚拟局域网。  In some feasible implementation manners, there may be multiple configurations of the switch based on the virtual networking. For example, the switch needs to be configured at time A, and the server is added or decreased in the cluster in the data center at time B. At time B, the cluster relationship data stored in the cluster management device needs to be dynamically updated, and the seventh correspondence between the updated physical port of the access switch and the virtual local area network needs to be re-acquired by the method of the embodiment of the present invention. . However, before the time B, the cluster relationship data of the time A may be saved in the cluster relationship device, and the embodiment of the present invention may only partially update the configuration of the switch according to the changed cluster relationship data. Therefore, the switch does not need to be completely reconfigured. Therefore, the seventh correspondence between the physical port and the virtual local area network and the seventh correspondence between the last recorded physical port and the virtual local area network are performed in step S214. Compare and find the difference data. Then, in step S215, a virtual local area network allowed to pass through the physical port of the switch may be dynamically added according to the difference data, or an unnecessary virtual local area network may be deleted for the physical port of the switch.
仍结合图 1及前面的例子, 当服务器 hostx退出集群 cluster2之后, 经过步 骤 S210-S213 的处理之后, 确定出的交换机的物理端口与虚拟局域网之间的第 七对应关系可为: 交换机 SW1上对应 host2的物理端口与虚拟局域网的对应关 系为: "端口 -Vlan ( 10, 20)", 交换机 SW1上对应 hostl 的物理端口与虚拟局 域网的对应关系为: "端口 - Vlan ( 10, 20)"。 而在此之前, 交换机中存储的仍 是包括 hostl的对应关系,其为: 交换机 SW1上对应 host2的物理端口与虚拟局 域网的对应关系为: "端口 -Vlan ( 10, 20)", 交换机 SW1上对应 hostx的物理 端口与虚拟局域网的对应关系为: "端口 - Vlan(30)", 交换机 SW1上对应 hostl 的物理端口与虚拟局域网的对应关系为: "端口 - Vlan ( 10, 20)", 则, 在步骤 S213, 将确定出的 "端口 -Vlan ( 10, 20)" 与存储的 "端口 -Vlan ( 10, 20)" 和 "端口 - Vlan ( 30 )" 进行比较, 可得到 "端口 - Vlan ( 30 )" 的差异数据。 Still referring to FIG. 1 and the previous example, after the server hostx exits the cluster cluster2, after the processing of steps S210-S213, the seventh correspondence between the physical port of the switch and the virtual local area network may be: The corresponding relationship between the physical port of host2 and the virtual LAN is: "Port-Vlan (10, 20)". The corresponding relationship between the physical port of host1 and the virtual LAN on switch SW1 is: "Port-Vlan (10, 20)". Prior to this, the switch still stores the corresponding relationship of hostl, which is: The corresponding relationship between the physical port corresponding to host2 on the switch SW1 and the virtual local area network is: "port-Vlan (10, 20)", on the switch SW1 Correspondence between the physical port of the hostx and the virtual LAN is: "Port-Vlan(30)". The corresponding relationship between the physical port of host1 and the virtual LAN on switch SW1 is: "Port-Vlan (10, 20)", then , in step S213, the determined "port-Vlan (10, 20)" and the stored "port-Vlan (10, 20)" and "Port - Vlan ( 30 )" is compared to get the difference data of "Port - Vlan ( 30 )".
经过 S214的处理可知, 交换机 SW1的物理端口不再需要虚拟局域网 Vlan ( 30 ), 因此, 在步骤 S215 , 所述交换机 SW1的物理端口删除不需要的虚拟局 域网 Vlan ( 30 )。  After the processing of S214, the physical port of the switch SW1 no longer needs the virtual local area network Vlan (30). Therefore, in step S215, the physical port of the switch SW1 deletes the unnecessary virtual local area network Vlan (30).
由上可知, 在本发明的一些实施例中, 在对交换机的物理端口进行配置时, 可结合历史数据进行虚拟局域网的新增或者删除, 而不是全部按照重新获取的 第七对应关系进行配置, 其可避免重复的配置操作, 进一步节省资源。  It can be seen that, in some embodiments of the present invention, when the physical port of the switch is configured, the virtual local area network may be added or deleted in combination with the historical data, instead of all being configured according to the re-acquired seventh correspondence relationship. It avoids redundant configuration operations and further saves resources.
本发明实施例相应地提供了可用于实施本发明的基于虚拟组网的交换机配 置方法的集群管理设备的相关实施例, 下面通过实施例对本发明的集群管理设 备进行说明。  Embodiments of the present invention accordingly provide a related embodiment of a cluster management device that can be used to implement the virtual network-based switch configuration method of the present invention. The cluster management device of the present invention will be described below by way of an embodiment.
图 4为本发明的集群管理设备的第一实施例的结构组成示意图。 如图 4所 示, 本发明的集群管理设备可包括: 第一获取模块 41、 第二获取模块 42、 确定 模块 43以及配置模块 44 , 其中:  FIG. 4 is a schematic structural diagram of a first embodiment of a cluster management device according to the present invention. As shown in FIG. 4, the cluster management device of the present invention may include: a first obtaining module 41, a second obtaining module 42, a determining module 43, and a configuration module 44, wherein:
第一获取模块 41 , 用于获取接入交换机的物理端口与服务器间的第一对应 关系;  The first obtaining module 41 is configured to acquire a first correspondence between a physical port of the access switch and the server;
具体地, 结合图 1 , 本发明实施例应用于数据中心中, 所述数据中心包括多 个物理机集群 cluster,每个物理机集群包括至少一台服务器 host, 所述每台服务 器上创建至少一台虚拟机 VM, 所述每台服务器对应至少一个虚拟局域网 vlan, 所述每个物理机集群 cluster对应配置一台接入交换机 SW,所述每台服务器内的 虚拟机通过所述至少一台接入交换机进行通信, 所述接入交换机包括多个物理 端口, 每个物理端口对应服务于一台服务器。  Specifically, with reference to FIG. 1, the embodiment of the present invention is applied to a data center, where the data center includes a plurality of physical machine clusters, each physical machine cluster includes at least one server host, and at least one is created on each of the servers. Each of the virtual machine VMs corresponds to at least one virtual local area network vlan, and each of the physical machine clusters is configured with an access switch SW, and the virtual machines in each of the servers are connected through the at least one The ingress switch communicates, and the access switch includes multiple physical ports, and each physical port corresponds to one server.
具体实现中, 所述获取接入交换机的物理端口与服务器间的第一对应关系 可以有两种方式:  In a specific implementation, the obtaining the first correspondence between the physical port of the access switch and the server may be in two ways:
其一, 若每个物理机集群对应配置一台接入交换机由人通过维护平台配置, 则通过所述维护平台获取所述接入交换机的物理端口与服务器间的第一对应关 系;  The first corresponding relationship between the physical port of the access switch and the server is obtained by the maintenance platform, if each physical machine cluster is configured with one access switch configured by a person through the maintenance platform;
其二, 若每个物理机集群对应配置的一台接入交换机是在通信的时候自动 配置的, 则所述接入交换机在报文通过自身端口进行通信的时候, 记录所述接 入交换机上的物理端口与通信地址之间的第二对应关系, 并可上报所述第二对 应关系给集群管理设备, 由此所述集群管理设备可在有通信数据经过所述接入 交换机进行通信时, 记录所述接入交换机上的物理端口与通信地址之间的第二 对应关系。 另外, 当数据中心创建时, 可在数据中心的集群管理设备中建立集 群关系数据。 所述集群关系数据包括物理机集群、 服务器、 虚拟机、 虚拟局域 网间的对应关系。 比如, 物理机集群包括的服务器有哪些, 服务器中包括哪些 虚拟机, 虚拟机对应哪些虚拟局域网, 服务器使用哪些通信地址进行通信等等; 集群关系数据中包含的对应关系可以包括: 服务器与通信地址的第三对应关系、 服务器与虚拟机的第四对应关系以及虚拟机与虚拟局域网的第五对应关系等 等。 此时, 本发明实施例的集群管理设备还可包括创建模块(未图示), 用于在 所述集群管理设备中建立并存储上述的集群关系数据。 Second, if an access switch corresponding to each physical machine cluster is automatically configured during communication, the access switch records the access switch when the packet communicates through its own port. a second correspondence between the physical port and the communication address, and reporting the second correspondence to the cluster management device, so that the cluster management device can access the communication data through the access When the switch performs communication, the second correspondence between the physical port on the access switch and the communication address is recorded. In addition, when the data center is created, cluster relationship data can be established in the cluster management device of the data center. The cluster relationship data includes a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network. For example, what are the servers included in the physical machine cluster, which virtual machines are included in the server, which virtual local networks are used by the virtual machine, and which communication addresses are used by the server for communication, etc.; the correspondences included in the cluster relationship data may include: the server and the communication address The third correspondence, the fourth correspondence between the server and the virtual machine, and the fifth correspondence between the virtual machine and the virtual local area network, and the like. At this time, the cluster management device of the embodiment of the present invention may further include a creation module (not shown) for establishing and storing the cluster relationship data in the cluster management device.
进一步, 参考图 5, 在一些可行的实施方式中, 第一获取模块 41可包括: 第一记录模块 411、 第一查询模块 412以及第一关联处理模块 413 , 其中:  Further, referring to FIG. 5, in some possible implementations, the first obtaining module 41 may include: a first recording module 411, a first query module 412, and a first association processing module 413, where:
第一记录模块 411 , 用于在有通信数据经过所述接入交换机进行通信时, 记 录所述接入交换机上的物理端口与通信地址之间的第二对应关系。  The first recording module 411 is configured to record a second correspondence between the physical port on the access switch and the communication address when communication data is communicated through the access switch.
具体实现中,接入交换机可釆用二层(介质访问控制( Media Access Control, MAC ) )地址或三层地址(IP 地址)进行报文交换, 因此, 第一记录模块 411 中记录的通信地址可为 MAC地址和 /或 IP地址。 在虚拟组网中, 接入交换机可 在与服务器进行报文交互时, 学习并存储所述接入交换机的物理端口与所述通 信地址间的第二对应关系(以 MAC地址为例, 可将物理端口与通信地址的对应 关系记录为: 端口 -MAC, 结合图 1 , 以交换机 SW1 (后续接入交换机简称交换 机) 为例, 则在步骤 S110可获得 SW1上的各物理端口与 MAC的对应关系), 并将存储的第二对应关系发送给集群管理设备进行记录。  In a specific implementation, the access switch may use a Layer 2 (Media Access Control (MAC)) address or a Layer 3 address (IP address) for message exchange. Therefore, the communication address recorded in the first recording module 411 is used. Can be a MAC address and / or an IP address. In the virtual networking, the access switch can learn and store the second correspondence between the physical port of the access switch and the communication address when the packet exchanges with the server (using the MAC address as an example, The correspondence between the physical port and the communication address is recorded as: port-MAC. Referring to FIG. 1, the switch SW1 (the subsequent access switch is referred to as the switch) is taken as an example. In step S110, the correspondence between the physical ports and the MAC on the SW1 can be obtained. And sending the stored second correspondence to the cluster management device for recording.
第一查询模块 412, 用于查询集群关系数据, 获得服务器与通信地址的第三 对应关系。  The first query module 412 is configured to query the cluster relationship data to obtain a third correspondence between the server and the communication address.
以 MAC地址为例, 可将服务器与通信地址的第三对应关系记录为: 服务器 -MAC, 结合图 1 , 以服务器 hostx为例, 则第一查询模块 412通过查询集群关 系数据可获得 hostx-MAC的对应关系)。  Taking the MAC address as an example, the third correspondence between the server and the communication address can be recorded as: server-MAC, in combination with FIG. 1, taking the server hostx as an example, the first query module 412 can obtain the hostx-MAC by querying the cluster relationship data. Correspondence).
第一关联处理模块 413 ,用于基于通信地址对所述接入交换机上的物理端口 与通信地址间的第二对应关系以及服务器与通信地址间的第三对应关系进行关 联处理, 得到所述接入交换机上的物理端口与服务器间的第一对应关系。  The first association processing module 413 is configured to perform a correlation process on the second correspondence between the physical port and the communication address on the access switch and the third correspondence between the server and the communication address based on the communication address, to obtain the connection. The first correspondence between the physical port on the switch and the server.
以 MAC地址为例, 基于 MAC地址对 "端口 -MAC" 的第二对应关系, 与 "hostx-MAC" 的第三对应关系进行关联 ( join )处理, 就可得到 "端口 -hostx" 的第一对应关系。 Taking the MAC address as an example, based on the second correspondence between the MAC address and the "port-MAC", The third correspondence of "hostx-MAC" is processed by join, and the first correspondence of "port-hostx" is obtained.
在一些可行的实施方式中, 集群关系数据可能会发生变化, 比如, 新增服 务器或者减少服务器, 此时, 交换机以及集群管理设备中将根据集群发生的变 化动态更新物理端口与通信地址间的第二对应关系, 以及动态更新的集群关系 数据。 此时, 本发明实施例的集群管理设备还可包括: 更新模块(未图示), 用 于当集群中新增或者减少服务器时动态更新所述集群管理设备中存储的集群关 系数据, 并根据更新后的集群关系数据获取更新的所述接入交换机的物理端口 与所述虚拟局域网间的第七对应关系。  In some feasible implementation manners, the cluster relationship data may change, for example, adding a server or reducing a server. At this time, the switch and the cluster management device dynamically update the physical port and the communication address according to the change of the cluster. Two correspondences, and dynamically updated cluster relationship data. In this case, the cluster management device of the embodiment of the present invention may further include: an update module (not shown), configured to dynamically update cluster relationship data stored in the cluster management device when a server is added or decreased in the cluster, and according to The updated cluster relationship data acquires a seventh correspondence between the updated physical port of the access switch and the virtual local area network.
第二获耳 莫块 42,用于获取所述服务器与虚拟局域网之间的第六对应关系; 具体地, 可通过查询集群关系数据, 获取服务器与虚拟机间的第四对应关 系, 以及所述虚拟机与虚拟局域网间的第五对应关系, 并对查询到的服务器与 虚拟机间的第四对应关系以及所述虚拟机与虚拟局域网间的第五对应关系进行 关联处理, 得到所述服务器与所述虚拟局域网间的第六对应关系。  The second obtaining block 42 is configured to obtain a sixth correspondence between the server and the virtual local area network. Specifically, the fourth correspondence between the server and the virtual machine may be obtained by querying the cluster relationship data, and the The fifth correspondence between the virtual machine and the virtual local area network, and the fourth correspondence between the queried server and the virtual machine and the fifth correspondence between the virtual machine and the virtual local area network are processed to obtain the server and a sixth correspondence between the virtual local area networks.
进一步, 参考图 6, 在一些可行的实施方式中, 第二获取模块 42可包括: 第二查询模块 421和第二关联模块 422, 其中:  Further, referring to FIG. 6, in some feasible implementation manners, the second obtaining module 42 may include: a second query module 421 and a second association module 422, where:
第二查询模块 421 , 用于查询集群关系数据, 获得所述服务器与虚拟机间的 第四对应关系, 以及所述虚拟机与虚拟局域网间的第五对应关系;  The second query module 421 is configured to query the cluster relationship data, obtain a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual local area network;
第二关联处理模块 422,用于对查询到的所述服务器与虚拟机间的第四对应 关系以及所述虚拟机与虚拟局域网间的第五对应关系进行关联处理, 获得所述 服务器与虚拟局域网间的第六对应关系。  The second association processing module 422 is configured to perform association processing on the fourth correspondence between the server and the virtual machine that is queried, and the fifth correspondence between the virtual machine and the virtual local area network, to obtain the server and the virtual local area network. The sixth correspondence between the two.
具体实现中, 基于集群创建时在集群管理设备中建立所述集群关系数据或 者在集群组网变化时, 集群管理设备中更新的集群关系数据, 均可查询到服务 器与虚拟机间的第四对应关系 (结合图 1 , 第二查询模块 421可查询到 hostx与 虚拟机的对应关系, 可记录为: hostx-虚拟机 ) 以及所述虚拟机与虚拟局域网间 的第五对应关系 (结合图 1 , 第二查询模块 421 可查询到虚拟机与虚拟局域网 Vlan ( 30 ) 的对应关系, 可记录为: 虚拟机 -Vlan ( 30 ) )。  In a specific implementation, when the cluster relationship data is established in the cluster management device when the cluster is created, or when the cluster networking changes, the cluster relationship data updated in the cluster management device can be queried to the fourth between the server and the virtual machine. Corresponding relationship (in conjunction with FIG. 1, the second query module 421 can query the correspondence between the hostx and the virtual machine, which can be recorded as: hostx-virtual machine) and the fifth correspondence between the virtual machine and the virtual local area network (in combination with FIG. 1) The second query module 421 can query the correspondence between the virtual machine and the virtual local area network Vlan (30), and can be recorded as: virtual machine-Vlan (30).
由此, 第二关联模块 422可基于虚拟机对 "hostx-虚拟机" 的第四对应关 系,与 "虚拟机 -Vlan ( 30 )"的第五对应关系进行关联处理,就可得到 "hostx-Vlan ( 30 )" 的第六对应关系。 确定模块 43 ,用于根据所述第一获取模块 41获取的接入交换机的物理端口 与服务器间的第一对应关系以及所述第二获耳 莫块 42获取的服务器与虚拟局域 网间的第六对应关系, 确定所述接入交换机的物理端口与所述虚拟局域网间的 第七对应关系; Therefore, the second association module 422 can perform association processing with the fifth correspondence relationship of the virtual machine-Vlan (30) based on the fourth correspondence relationship of the virtual machine to the "hostx-virtual machine", and obtain the "hostx-" The sixth correspondence of Vlan ( 30 )". The determining module 43 is configured to: according to the first correspondence between the physical port of the access switch acquired by the first obtaining module 41 and the server, and the sixth between the server and the virtual local area network acquired by the second obtaining module 42 Corresponding relationship, determining a seventh correspondence between the physical port of the access switch and the virtual local area network;
仍结合图前面的例子, 确定模块 43基于服务器 hostx对 "端口 -hostx" 的第 一对应关系以及 "hostx- Vlan ( 30 )" 的第六对应关系进行关联处理, 即可得到 "端口 - Vlan ( 30 )" 的第七对应关系。  Still in conjunction with the previous example of the figure, the determining module 43 performs association processing based on the first correspondence between the port xhost and the sixth correspondence of "hostx-Vlan (30)" by the server hostx, and then obtains "port-Vlan ( 30)" The seventh correspondence.
具体实现中, 本发明实施例的集群管理设备可通过第二记录模块(未图示) 记录所述确定模块 43所确定的所述接入交换机的物理端口与所述虚拟局域网间 的第七对应关系, 以便后续对记录的第七对应关系的使用。  In a specific implementation, the cluster management device of the embodiment of the present invention may record, by using a second recording module (not shown), a seventh correspondence between the physical port of the access switch determined by the determining module 43 and the virtual local area network. Relationship, in order to subsequently use the seventh correspondence of the record.
配置模块 44,用于根据所述确定模块 43所确定的所述第七对应关系中指示 的每个物理端口对应的虚拟局域网, 为所述接入交换机的物理端口配置允许通 过的虚拟局域网。  The configuration module 44 is configured to configure, according to the virtual local area network corresponding to each physical port indicated in the seventh correspondence relationship determined by the determining module 43 , a virtual local area network that is allowed to pass through for the physical port of the access switch.
仍结合图前面的例子, 配置模块 44可按照 "端口 - Vlan ( 30 )" 的第七对应 关系为交换机的物理端口配置允许通过的虚拟局域网。 由此可知, 通过本发明 实施例的方法之后, 交换机 SW1上配置虚拟机的粒度由物理机集群缩小到服务 器粒度, 即可以只配置服务器 hostx需要使用的 vlan ( 30 ), 而不需要配置另一 个不需要使用的 vlan ( 80 ), 由此, 相对于现有技术能缩小交换机上的物理端口 允许通过的虚拟局域网的范围, 避免了交换机上配置不必要的网络流量和降低 了安全隐患。  Still in conjunction with the previous example of the figure, the configuration module 44 can configure the virtual local area network that the switch is allowed to pass through according to the seventh correspondence of "port - Vlan (30)". Therefore, after the method of the embodiment of the present invention is used, the granularity of the virtual machine configured on the switch SW1 is reduced from the physical machine cluster to the server granularity, that is, only the vlan (30) required by the server hostx can be configured, and the other is not required to be configured. The vlan (80) that is not needed is used, thereby reducing the range of the virtual local area network that the physical port on the switch is allowed to pass, and avoiding unnecessary network traffic and reducing security risks on the switch.
图 7为本发明的集群管理设备的第二实施例的结构组成示意图。 如图 7所 示, 本发明的集群管理设备可包括: 创建模块 51、 更新模块 52、 第一获取模块 53、 第二获取模块 54、 确定模块 55、 第二记录模块 56、 比较模块 57以及调整 模块 58, 其中:  FIG. 7 is a schematic structural diagram of a second embodiment of a cluster management device according to the present invention. As shown in FIG. 7, the cluster management device of the present invention may include: a creation module 51, an update module 52, a first acquisition module 53, a second acquisition module 54, a determination module 55, a second recording module 56, a comparison module 57, and an adjustment. Module 58, wherein:
创建模块 51 , 用于在所述集群管理设备中建立并存储集群关系数据, 所述 集群关系数据至少包括所述服务器与通信地址的第三对应关系、 所述服务器与 虚拟机的第四对应关系, 以及所述虚拟机与虚拟局域网的第五对应关系。  a creating module 51, configured to establish and store cluster relationship data in the cluster management device, where the cluster relationship data includes at least a third correspondence between the server and a communication address, and a fourth correspondence between the server and the virtual machine. And a fifth correspondence between the virtual machine and the virtual local area network.
具体实现中, 具体地, 结合图 1 , 本发明实施例应用于数据中心中, 所述数 据中心包括多个物理机集群 cluster, 每个物理机集群包括至少一台服务器 host, 所述每台服务器上创建至少一台虚拟机 VM,所述每台服务器对应至少一个虚拟 局域网 vlan,所述每个物理机集群 cluster对应配置一台接入交换机 SW,所述每 台服务器内的虚拟机通过所述至少一台接入交换机进行通信, 所述接入交换机 包括多个物理端口, 每个物理端口对应服务于一台服务器。 则当数据中心创建 时, 可在数据中心的集群管理设备中建立集群关系数据。 所述集群关系数据包 括物理机集群、 服务器、 虚拟机、 虚拟局域网间的对应关系。 比如, 物理机集 群包括的服务器有哪些, 服务器中包括哪些虚拟机, 虚拟机对应哪些虚拟局域 网, 服务器使用哪些通信地址进行通信等等; 集群关系数据中包含的对应关系 可以包括: 服务器与通信地址的第三对应关系、 服务器与虚拟机的第四对应关 系以及虚拟机与虚拟局域网的第五对应关系等等。 In a specific implementation, specifically, in conjunction with FIG. 1, the embodiment of the present invention is applied to a data center, where the data center includes a plurality of physical machine clusters, each physical machine cluster includes at least one server host, and each server Creating at least one virtual machine VM, each of the servers corresponding to at least one virtual a local area network vlan, where each physical machine cluster cluster is configured with one access switch SW, and the virtual machines in each server communicate through the at least one access switch, where the access switch includes multiple physical Port, each physical port corresponds to one server. Then, when the data center is created, cluster relationship data can be established in the cluster management device of the data center. The cluster relationship data includes a correspondence between a physical machine cluster, a server, a virtual machine, and a virtual local area network. For example, what are the servers included in the physical machine cluster, which virtual machines are included in the server, which virtual local networks are used by the virtual machine, and which communication addresses are used by the server for communication, etc.; the correspondences included in the cluster relationship data may include: the server and the communication address The third correspondence, the fourth correspondence between the server and the virtual machine, and the fifth correspondence between the virtual machine and the virtual local area network, and the like.
若每个物理机集群对应配置的一台接入交换机是在通信的时候自动配置 的, 则接入交换机在报文通过自身端口进行通信的时候, 会记录所述接入交换 机上的物理端口与通信地址之间的第二对应关系, 并可上报所述第二对应关系 给集群管理设备。 具体实现中, 接入交换机可釆用二层(介质访问控制 (Media Access Control, MAC ) )地址或三层地址( IP地址)进行艮文交换, 因此, 本 发明的通信地址可为 MAC地址和 /或 IP地址。 在虚拟组网中, 接入交换机可在 与服务器进行报文交互时, 学习并存储所述接入交换机的物理端口与所述通信 地址间的第二对应关系(以 MAC地址为例, 可将物理端口与通信地址的对应关 系记录为: 端口 -MAC, 结合图 1 , 以交换机 SW1 (后续接入交换机简称交换机) 为例, 则可在 SW1上记录各物理端口与 MAC的对应关系)。  If an access switch configured for each physical machine cluster is automatically configured during communication, the access switch records the physical port on the access switch when the packet communicates through its own port. A second correspondence between the communication addresses, and the second correspondence may be reported to the cluster management device. In a specific implementation, the access switch may use a Layer 2 (Media Access Control (MAC)) address or a Layer 3 address (IP address) for exchange of texts. Therefore, the communication address of the present invention may be a MAC address and / or IP address. In the virtual networking, the access switch can learn and store the second correspondence between the physical port of the access switch and the communication address when the packet exchanges with the server (using the MAC address as an example, The correspondence between the physical port and the MAC address is recorded as follows: Port-MAC, in combination with Figure 1, with switch SW1 (subsequent access switch referred to as switch) as an example, the corresponding relationship between each physical port and MAC can be recorded on SW1.
此后, 集群关系数据可能会发生变化, 比如, 新增服务器或者减少服务器, 此时, 则更新模块 52, 用于当集群中新增或者减少服务器时动态更新接入交换 机上的物理端口与通信地址之间的第二对应关系, 以及更新所述集群管理设备 中存储的集群关系数据;  Thereafter, the cluster relationship data may change, for example, adding a server or reducing the server. At this time, the update module 52 is configured to dynamically update the physical port and the communication address on the access switch when the server is added or decreased in the cluster. a second correspondence between the two, and updating the cluster relationship data stored in the cluster management device;
第一获耳 莫块 53 , 用于获取接入交换机的物理端口与服务器间的第一对应 关系;  The first obtaining module 53 is configured to obtain a first correspondence between the physical port of the access switch and the server;
具体实现中, 所述第一获取模块 53具体根据所述更新模块 52更新后的接 入交换机上的物理端口与通信地址之间的第二对应关系和所述集群管理设备中 存储的集群关系数据获取的接入交换机的物理端口与服务器间的第一对应关 系。  In a specific implementation, the first acquiring module 53 is specifically configured to: according to the second correspondence between the physical port and the communication address on the access switch that is updated by the update module 52, and the cluster relationship data stored in the cluster management device. The first correspondence between the physical port of the access switch and the server.
进一步, 参考图 8, 在一些可行的实施方式中, 第一获取模块 53可包括: 第一记录模块 531、 第一查询模块 532以及第一关联处理模块 533 , 其中: 第一记录模块 531 , 用于在有通信数据经过所述接入交换机进行通信时, 记 录所述接入交换机上的物理端口与通信地址之间的第二对应关系。 Further, referring to FIG. 8, in some possible implementation manners, the first obtaining module 53 may include: a first recording module 531, a first query module 532, and a first association processing module 533, wherein: the first recording module 531 is configured to record, on the access switch, when communication data passes through the access switch for communication The second correspondence between the physical port and the communication address.
具体实现中,接入交换机可釆用二层(介质访问控制( Media Access Control, MAO )地址或三层地址(IP 地址)进行报文交换, 因此, 第一记录模块 531 中记录的通信地址可为 MAC地址和 /或 IP地址。 在虚拟组网发生变化时, 接入 交换机可在与服务器进行报文交互时, 学习并存储所述接入交换机的物理端口 与所述通信地址间的第二对应关系(以 MAC地址为例, 可将物理端口与通信地 址的对应关系记录为: 端口 -MAC, 结合图 1 , 以交换机 SW1 (后续接入交换机 简称交换机) 为例, 则接入交换机可获得 SW1上的各物理端口与 MAC的对应 关系), 并将存储的第二对应关系发送给集群管理设备进行记录。  In a specific implementation, the access switch may use a Layer 2 (Media Access Control (MAO) address or a Layer 3 address (IP address) for message exchange. Therefore, the communication address recorded in the first recording module 531 may be The MAC address and/or the IP address. When the virtual networking changes, the access switch can learn and store the second between the physical port of the access switch and the communication address when performing packet exchange with the server. Correspondence relationship (taking the MAC address as an example, the correspondence between the physical port and the communication address can be recorded as: port-MAC, in combination with FIG. 1, with the switch SW1 (subsequent access switch referred to as the switch) as an example, the access switch can obtain The corresponding relationship between each physical port and the MAC on the SW1, and the stored second correspondence is sent to the cluster management device for recording.
第一查询模块 532, 用于查询集群关系数据, 获得服务器与通信地址的第三 对应关系。  The first query module 532 is configured to query cluster relationship data, and obtain a third correspondence between the server and the communication address.
以 MAC地址为例, 可将服务器与通信地址的第三对应关系记录为: 服务器 -MAC, 结合图 1 , 以服务器 hostx为例, 则第一查询模块 532通过查询集群关 系数据可获得 hostx-MAC的对应关系)。  Taking the MAC address as an example, the third correspondence between the server and the communication address can be recorded as: server-MAC. Referring to FIG. 1, taking the server hostx as an example, the first query module 532 can obtain the hostx-MAC by querying the cluster relationship data. Correspondence).
第一关联处理模块 533 ,用于基于通信地址对所述接入交换机上的物理端口 与通信地址间的第二对应关系以及服务器与通信地址间的第三对应关系进行关 联处理, 得到所述接入交换机上的物理端口与服务器间的第一对应关系。  The first association processing module 533 is configured to perform a correlation process on the second correspondence between the physical port and the communication address on the access switch and the third correspondence between the server and the communication address based on the communication address, to obtain the connection. The first correspondence between the physical port on the switch and the server.
以 MAC地址为例, 基于 MAC地址对 "端口 -MAC" 的第二对应关系, 与 "hostx-MAC" 的第三对应关系进行关联 (join )处理, 就可得到 "端口 -hostx" 的第一对应关系。  Taking the MAC address as an example, based on the second correspondence between the MAC address and the "port-MAC" and the third correspondence of "hostx-MAC", the first "port-hostx" can be obtained. Correspondence relationship.
第二获耳 莫块 54, 用于获取所述服务器与虚拟局域网间的第六对应关系; 具体实现中, 所述第二获取模块 54具体根据所述更新模块 52更新后所述 集群管理设备中存储的集群关系数据获取所述服务器与虚拟局域网间的第六对 应关系.  The second acquisition module 54 is configured to obtain a sixth correspondence between the server and the virtual local area network. In a specific implementation, the second obtaining module 54 is specifically updated according to the update module 52. The stored cluster relationship data acquires a sixth correspondence between the server and the virtual local area network.
进一步, 参考图 9, 在一些可行的实施方式中, 第二获取模块 54可包括: 第二查询模块 541和第二关联模块 542, 其中:  Further, referring to FIG. 9, in some possible implementation manners, the second obtaining module 54 may include: a second query module 541 and a second association module 542, where:
第二查询模块 541 , 用于查询集群关系数据, 获得所述服务器与虚拟机间的 第四对应关系, 以及所述虚拟机与虚拟局域网间的第五对应关系; 第二关联处理模块 542,用于对查询到的所述服务器与虚拟机间的第四对应 关系以及所述虚拟机与虚拟局域网间的第五对应关系进行关联处理, 获得所述 服务器与虚拟局域网间的第六对应关系。 The second query module 541 is configured to query the cluster relationship data, obtain a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual local area network; The second association processing module 542 is configured to perform association processing on the fourth correspondence between the server and the virtual machine that is queried, and the fifth correspondence between the virtual machine and the virtual local area network, to obtain the server and the virtual local area network. The sixth correspondence between the two.
具体实现中, 基于集群创建时在集群管理设备中建立所述集群关系数据或 者在集群组网变化时, 集群管理设备中更新的集群关系数据, 均可查询到服务 器与虚拟机间的第四对应关系 (结合图 1 , 第二查询模块 541可查询到 hostx与 虚拟机的对应关系, 可记录为: hostx-虚拟机 ) 以及所述虚拟机与虚拟局域网间 的第五对应关系 (结合图 1 , 第二查询模块 541 可查询到虚拟机与虚拟局域网 Vlan ( 30 ) 的对应关系, 可记录为: 虚拟机 -Vlan ( 30 ) )。  In a specific implementation, when the cluster relationship data is established in the cluster management device when the cluster is created, or when the cluster networking changes, the cluster relationship data updated in the cluster management device can be queried to the fourth between the server and the virtual machine. Corresponding relationship (in conjunction with FIG. 1, the second query module 541 can query the correspondence between the hostx and the virtual machine, which can be recorded as: hostx-virtual machine) and the fifth correspondence between the virtual machine and the virtual local area network (in combination with FIG. 1) The second query module 541 can query the correspondence between the virtual machine and the virtual local area network Vlan (30), and can be recorded as: virtual machine-Vlan (30).
由此, 第二关联模块 542可基于虚拟机对 "hostx-虚拟机" 的第四对应关 系,与 "虚拟机 -Vlan ( 30 )"的第五对应关系进行关联处理,就可得到 "hostx-Vlan ( 30 )" 的第六对应关系。  Therefore, the second association module 542 can perform association processing with the fifth correspondence relationship of the virtual machine-Vlan (30) based on the fourth correspondence relationship of the virtual machine to the "hostx-virtual machine", and obtain "hostx-" The sixth correspondence of Vlan ( 30 )".
确定模块 55 ,用于根据所述第一获取模块 53获取的接入交换机的物理端口 与服务器间的第一对应关系以及所述第二获耳 莫块 54获取的服务器与虚拟局域 网间的第六对应关系, 确定所述接入交换机的物理端口与所述虚拟局域网间的 第七对应关系;  a determining module 55, configured to: according to the first correspondence between the physical port of the access switch acquired by the first obtaining module 53 and the server, and the sixth between the server and the virtual local area network acquired by the second obtaining module 54 Corresponding relationship, determining a seventh correspondence between the physical port of the access switch and the virtual local area network;
仍结合图前面的例子, 确定模块 55基于服务器 hostx对 "端口 -hostx" 的第 一对应关系以及 "hostx-Vlan ( 30 )" 的第六对应关系进行关联处理, 即可得到 "端口 - Vlan ( 30 )" 的第七对应关系。  Still in conjunction with the previous example of the figure, the determination module 55 performs association processing based on the first correspondence of the server hostx to "port-hostx" and the sixth correspondence of "hostx-Vlan (30)", thereby obtaining "port-Vlan ( 30)" The seventh correspondence.
第二记录模块 56用于记录所述接入交换机的物理端口与所述虚拟局域网间 的第七对应关系, 以便后续对记录的第七对应关系的使用。  The second recording module 56 is configured to record a seventh correspondence between the physical port of the access switch and the virtual local area network, so as to use the seventh corresponding relationship of the record.
在一些可行的实施方式中, 可能存在需要多次基于虚拟组网对交换机进行 配置, 比如, 在时刻 A需要对交换机进行配置, 而在时刻 B数据中心中的集群 中新增或者减少服务器, 则在时刻 B需动态更新所述集群管理设备中存储的集 群关系数据, 并需要通过本发明实施例的方法重新获取更新的所述接入交换机 的物理端口与所述虚拟局域网间的第七对应关系。 但, 在时刻 B之前, 集群关 系设备中可能已经保存有时刻 A的集群关系数据, 则在此基础上, 本发明实施 例可仅需根据改变了的集群关系数据来对交换机的配置进行部分更新, 而不需 要全部重新对交换机进行配置, 因此, 本发明实施例的集群管理设备还包括: 比较模块 57, 用于将所述确定模块确定的所述交换机的物理端口与虚拟局 域网之间的第七对应关系与所述第二记录模块记录的物理端口与虚拟局域网之 间的第七对应关系进行比较, 找出差异数据; In some feasible implementation manners, there may be multiple configurations of the switch based on the virtual networking. For example, the switch needs to be configured at time A, and the server is added or decreased in the cluster in the data center at time B. At time B, the cluster relationship data stored in the cluster management device needs to be dynamically updated, and the seventh correspondence between the updated physical port of the access switch and the virtual local area network needs to be re-acquired by the method of the embodiment of the present invention. . However, before the time B, the cluster relationship data of the time A may be saved in the cluster relationship device, and the embodiment of the present invention may only partially update the configuration of the switch according to the changed cluster relationship data. The cluster management device of the embodiment of the present invention further includes: a comparison module 57, configured to use the physical port and the virtual office of the switch determined by the determining module The seventh correspondence between the domain networks is compared with the seventh correspondence between the physical port recorded by the second recording module and the virtual local area network, and the difference data is found;
调整模块 58, 用于根据所述差异数据动态为所述交换机的物理端口新增允 许通过的虚拟局域网, 或者为所述交换机的物理端口删除不需要的虚拟局域网。  The adjusting module 58 is configured to dynamically add a virtual local area network that is allowed to pass through the physical port of the switch according to the difference data, or delete an unnecessary virtual local area network for the physical port of the switch.
仍结合图 1及前面的例子, 当服务器 hostx退出集群 cluster2之后, 经过确 定模块 55确定出的交换机的物理端口与虚拟局域网之间的第七对应关系可为: 交换机 SW1上对应 host2的物理端口与虚拟局域网的对应关系为: "端口 - Vlan Still referring to FIG. 1 and the previous example, after the server hostx exits the cluster cluster 2, the seventh correspondence between the physical port of the switch determined by the determining module 55 and the virtual local area network may be: physical port corresponding to the host 2 on the switch SW1 The corresponding relationship of the virtual local area network is: "Port - Vlan
( 10, 20 )" , 交换机 SW1上对应 hostl的物理端口与虚拟局域网的对应关系为:( 10, 20 )" , the corresponding relationship between the physical port corresponding to hostl and the virtual local area network on switch SW1 is:
"端口 - Vlan ( 10, 20 )"。 而在此之前, 交换机中记录的仍是包括 hostl的对应 关系, 其为: 交换机 SW1上对应 host2的物理端口与虚拟局域网的对应关系为:"Port - Vlan (10, 20)". Prior to this, the correspondence between the physical port and the virtual LAN corresponding to host2 on the switch SW1 is as follows:
"端口 -Vlan ( 10, 20 )" , 交换机 SW1上对应 hostx的物理端口与虚拟局域网的 对应关系为: "端口 - Vlan ( 30 )" , 交换机 SW1上对应 hostl的物理端口与虚拟 局域网的对应关系为: "端口 - Vlan ( 10, 20 )" , 则, 比较模块 58将确定出的 "端 口 - Vlan ( 10, 20 )" 与存储的 "端口 -Vlan ( 10, 20 )" 和 "端口 - Vlan ( 30 )" 进 行比较, 可得到 "端口 - Vlan ( 30 )" 的差异数据。 "Port-Vlan (10, 20)", the corresponding relationship between the physical port of the switch and the virtual LAN on the switch SW1 is: "port-Vlan (30)", the correspondence between the physical port of hostl and the virtual local area network on the switch SW1 To: "Port-Vlan (10, 20)", then, compare module 58 will determine the "port-Vlan (10, 20)" and the stored "port-Vlan (10, 20)" and "port-Vlan" ( 30 )" For comparison, you can get the difference data of "Port - Vlan ( 30 )".
由于集群发生变化后, 交换机 SW1 的物理端口不再需要虚拟局域网 Vlan After the cluster changes, the physical port of switch SW1 no longer needs virtual LAN Vlan
( 30 ), 因此, 调整模块 58可为所述交换机 SW1的物理端口删除不需要的虚拟 局域网 Vlan ( 30 )。 (30), therefore, the adjustment module 58 can delete the unneeded virtual local area network VLAN (30) for the physical port of the switch SW1.
由上可知, 在本发明的一些实施例中, 在对交换机的物理端口进行配置时, 可结合历史数据进行虚拟局域网的新增或者删除, 而不是全部按照重新获取的 第七对应关系进行配置, 其可避免重复的配置操作, 进一步节省资源。  It can be seen that, in some embodiments of the present invention, when the physical port of the switch is configured, the virtual local area network may be added or deleted in combination with the historical data, instead of all being configured according to the re-acquired seventh correspondence relationship. It avoids redundant configuration operations and further saves resources.
图 10 为本发明的集群管理设备的第三实施例的结构组成示意图。 如图 10 可知,具体实现中,本发明实施例的集群管理设备还可处理器 101、存储器 102、 总线 103和通信接口 104等物理模块构成, 其中, 所述存储器 102用于存储计 算机执行指令, 所述处理器 101与所述存储器 102通过所述总线连接, 当所述 集群管理设备运行时, 所述处理器 101执行所述存储器 102存储的所述计算机 执行指令,并通过所述通信接口 104与所述集群管理设备外部的设备进行通信, 以使所述集群管理设备执行本发明各实施例所述的基于虚拟组网的交换机配 置方法。  FIG. 10 is a schematic structural diagram of a third embodiment of a cluster management device according to the present invention. As shown in FIG. 10, in a specific implementation, the cluster management device of the embodiment of the present invention may also be configured by a physical module such as a processor 101, a memory 102, a bus 103, and a communication interface 104, where the memory 102 is configured to store a computer execution instruction. The processor 101 is connected to the memory 102 via the bus, and when the cluster management device is running, the processor 101 executes the computer execution instruction stored by the memory 102, and passes through the communication interface 104. Communicating with the device outside the cluster management device, so that the cluster management device performs the virtual network-based switch configuration method described in the embodiments of the present invention.
具体实现中, 本发明还提供一种计算机存储介质, 其中, 该计算机存储介 质可存储有程序, 给程序执行时可包括本发明提供的基于虚拟组网的交换机配 置方法的各实施例中的部分或全部步骤。 所述的存储介质可为磁碟、 光盘、 只 读存储记忆体(Read-Only Memory, ROM )或随机存储记忆体( Random Access Memory, RAM )等。 明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权利要求及 其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。 In a specific implementation, the present invention further provides a computer storage medium, wherein the computer storage medium The program may be stored with a program, and some or all of the steps in the embodiments of the virtual network-based switch configuration method provided by the present invention may be included in the execution of the program. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM). The spirit and scope of the Ming. Thus, it is intended that the present invention cover the modifications and the modifications of the invention

Claims

权 利 要 求 Rights request
1、 一种基于虚拟组网的交换机配置方法, 其特征在于, 包括: 1. A switch configuration method based on virtual networking, which is characterized by including:
A: 获取接入交换机的物理端口与服务器之间的第一对应关系, 所述接入交 换机位于数据中心中, 所述数据中心包括多个物理机集群, 所述每个物理机集 群对应配置一台所述接入交换机, 每个物理机集群包括至少一台服务器, 所述 每台服务器上创建至少一台虚拟机, 所述每台服务器内的虚拟机对应至少一个 虚拟局域网; A: Obtain the first correspondence between the physical port of the access switch and the server. The access switch is located in the data center. The data center includes multiple physical machine clusters. Each physical machine cluster is configured with a corresponding configuration. The access switch is provided, each physical machine cluster includes at least one server, at least one virtual machine is created on each server, and the virtual machine in each server corresponds to at least one virtual local area network;
B: 获取所述服务器与虚拟局域网之间的第六对应关系; B: Obtain the sixth correspondence between the server and the virtual local area network;
C: 根据获取的所述第一对应关系以及所述第六对应关系, 确定所述接入交 换机的物理端口与所述虚拟局域网间的第七对应关系; C: Determine the seventh correspondence between the physical port of the access switch and the virtual local area network according to the obtained first correspondence and the sixth correspondence;
D: 根据所述第七对应关系中指示的每个物理端口对应的虚拟局域网, 为所 述接入交换机的物理端口配置允许通过的虚拟局域网。 D: Configure a virtual LAN that is allowed to pass for the physical port of the access switch according to the virtual LAN corresponding to each physical port indicated in the seventh correspondence relationship.
2、 如权利要求 1所述的基于虚拟组网的交换机配置方法, 其特征在于, 获 取接入交换机的物理端口与服务器之间的第一对应关系, 包括: 2. The switch configuration method based on virtual networking as claimed in claim 1, characterized in that obtaining the first correspondence between the physical port of the access switch and the server includes:
当通信数据经过所述接入交换机进行通信时, 记录所述接入交换机上的物 理端口与通信地址之间的第二对应关系; When communication data is communicated through the access switch, record the second correspondence between the physical port and the communication address on the access switch;
查询集群关系数据, 获得所述服务器与所述通信地址的第三对应关系; 基于所述通信地址对所述第二对应关系以及第三对应关系进行关联处理, 得到所述接入交换机上的物理端口与所述服务器之间的第一对应关系。 Query the cluster relationship data to obtain the third correspondence between the server and the communication address; perform correlation processing on the second correspondence and the third correspondence based on the communication address to obtain the physical data on the access switch. The first correspondence between the port and the server.
3、 如权利要求 1所述的基于虚拟组网的交换机配置方法, 其特征在于, 所 述获取所述服务器与所述虚拟局域网之间的第六对应关系, 包括: 3. The switch configuration method based on virtual networking according to claim 1, wherein the obtaining the sixth correspondence between the server and the virtual local area network includes:
查询集群关系数据, 获得所述服务器与虚拟机间的第四对应关系, 以及所 述虚拟机与虚拟局域网间的第五对应关系; Query cluster relationship data to obtain the fourth correspondence between the server and the virtual machine, and the fifth correspondence between the virtual machine and the virtual LAN;
基于所述虚拟机对查询到的所述第四对应关系以及所述第五对应关系进行 关联处理, 获得所述服务器与虚拟局域网之间的第六对应关系。 The virtual machine performs correlation processing on the queried fourth correspondence relationship and the fifth correspondence relationship to obtain a sixth correspondence relationship between the server and the virtual local area network.
4、 如权利要求 1所述的基于虚拟组网的交换机配置方法, 其特征在于, 所 述方法还包括: 4. The switch configuration method based on virtual networking according to claim 1, characterized in that: The above methods also include:
E: 记录确定的所述接入交换机的物理端口与所述虚拟局域网间的第七对应 关系。 E: Record the determined seventh correspondence between the physical port of the access switch and the virtual LAN.
5、 如权利要求 1-4任一项所述的基于虚拟组网的交换机配置方法, 其特征 在于, 所述方法还包括: 5. The switch configuration method based on virtual networking according to any one of claims 1 to 4, characterized in that the method further includes:
在集群管理设备中建立并存储所述集群关系数据, 所述集群关系数据至少 包括所述服务器与通信地址的第三对应关系、 所述服务器与虚拟机的第四对应 关系, 以及所述虚拟机与虚拟局域网的第五对应关系。 The cluster relationship data is established and stored in the cluster management device. The cluster relationship data includes at least a third correspondence between the server and the communication address, a fourth correspondence between the server and the virtual machine, and the virtual machine. Fifth correspondence with virtual LAN.
6、 如权利要求 5所述的基于虚拟组网的交换机配置方法, 其特征在于, 所 述方法还包括: 6. The switch configuration method based on virtual networking as claimed in claim 5, characterized in that the method further includes:
当所述物理机集群中新增或者减少服务器时, 更新所述接入交换机上的物 理端口与通信地址之间的第二对应关系, 以及更新存储的所述集群关系数据。 When a server is added or removed from the physical machine cluster, the second correspondence relationship between the physical port and the communication address on the access switch is updated, and the stored cluster relationship data is updated.
7、 如权利要求 6中所述的基于虚拟组网的交换机配置方法, 其特征在于, 所述方法还包括: 7. The switch configuration method based on virtual networking as claimed in claim 6, characterized in that the method further includes:
在所述第二对应关系或所述集群关系数据更新之后, 返回执行所述步骤 A 至 D, 以更新所述接入交换机的物理端口允许通过的虚拟局域网。 After the second corresponding relationship or the cluster relationship data is updated, return to steps A to D to update the virtual local area network that the physical port of the access switch allows to pass through.
8、 如权利要求 7所述的基于虚拟组网的交换机配置方法, 其特征在于, 在 所述第二对应关系或所述集群关系数据更新之后, 所述步骤 D包括: 8. The switch configuration method based on virtual networking according to claim 7, characterized in that, after the second corresponding relationship or the cluster relationship data is updated, the step D includes:
将所述确定的所述交换机的物理端口与虚拟局域网之间的第七对应关系与 记录的物理端口与虚拟局域网之间的第七对应关系进行比较, 找出差异数据; 根据所述差异数据动态为所述交换机的物理端口新增允许通过的虚拟局域 网, 或者为所述交换机的物理端口删除不需要的虚拟局域网。 Compare the determined seventh correspondence between the physical port of the switch and the virtual LAN with the recorded seventh correspondence between the physical port and the virtual LAN, and find out the difference data; dynamically according to the difference data Add a virtual local area network that is allowed to pass through to the physical port of the switch, or delete unnecessary virtual local area networks from the physical port of the switch.
9、 一种集群管理设备, 其特征在于, 包括: 9. A cluster management device, characterized by including:
第一获取模块, 用于获取接入交换机的物理端口与服务器之间的第一对应 关系; 所述接入交换机位于数据中心中, 所述数据中心包括多个物理机集群, 所述每个物理机集群对应配置一台所述接入交换机, 每个物理机集群包括至少 一台服务器, 所述每台服务器上创建至少一台虚拟机, 所述每台服务器内的虚 拟机对应至少一个虚拟局域网; The first acquisition module is used to obtain the first correspondence between the physical port of the access switch and the server; the access switch is located in a data center, and the data center includes multiple physical machine clusters, Each physical machine cluster is configured with one access switch, each physical machine cluster includes at least one server, at least one virtual machine is created on each server, and the virtual machine in each server Corresponds to at least one virtual LAN;
第二获 莫块, 用于获取所述服务器与虚拟局域网之间的第六对应关系; 确定模块, 用于根据所述第一获取模块获取的第一对应关系以及所述第二 获取模块获取的第六对应关系, 确定所述接入交换机的物理端口与所述虚拟局 域网间的第七对应关系; The second acquisition module is used to acquire the sixth correspondence relationship between the server and the virtual local area network; the determination module is used to obtain the first correspondence relationship according to the first acquisition module and the second acquisition module. The sixth correspondence relationship is to determine the seventh correspondence relationship between the physical port of the access switch and the virtual local area network;
配置模块, 用于根据所述确定模块所确定的第七对应关系中指示的每个物 理端口对应的虚拟局域网, 为所述接入交换机的物理端口配置允许通过的虚拟 局域网。 A configuration module configured to configure a virtual LAN that is allowed to pass for the physical port of the access switch according to the virtual LAN corresponding to each physical port indicated in the seventh correspondence relationship determined by the determination module.
10、 如权利要求 9所述的集群管理设备, 其特征在于, 所述第一获取模块 包括: 10. The cluster management device according to claim 9, wherein the first acquisition module includes:
第一记录模块, 用于在有通信数据经过所述接入交换机进行通信时, 记录 所述接入交换机上的物理端口与通信地址之间的第二对应关系; The first recording module is used to record the second correspondence between the physical port on the access switch and the communication address when communication data is communicated through the access switch;
第一查询模块, 用于查询集群关系数据, 获得所述服务器与所述通信地址 的第三对应关系; The first query module is used to query cluster relationship data and obtain the third corresponding relationship between the server and the communication address;
第一关联处理模块, 用于基于所述通信地址对所述第二对应关系以及第三 对应关系进行关联处理, 得到所述接入交换机上的物理端口与服务器之间的第 一对应关系。 A first association processing module, configured to perform association processing on the second correspondence relationship and the third correspondence relationship based on the communication address, to obtain the first correspondence relationship between the physical port on the access switch and the server.
11、 如权利要求 9 所述的集群管理设备, 其特征在于, 所述第二获取模块 包括: 11. The cluster management device according to claim 9, wherein the second acquisition module includes:
第二查询模块, 用于查询集群关系数据, 获得所述服务器与虚拟机间的第 四对应关系, 以及所述虚拟机与虚拟局 i或网间的第五对应关系; The second query module is used to query cluster relationship data to obtain the fourth correspondence between the server and the virtual machine, and the fifth correspondence between the virtual machine and the virtual office or network;
第二关联处理模块, 用于基于所述虚拟机对查询到的所述第四对应关系以 及所述第五对应关系进行关联处理, 获得所述服务器与虚拟局域网之间的第六 对应关系。 The second correlation processing module is configured to perform correlation processing on the queried fourth correspondence relationship and the fifth correspondence relationship based on the virtual machine, and obtain the sixth correspondence relationship between the server and the virtual local area network.
12、 如权利要求 9所述的集群管理设备, 其特征在于, 还包括: 第二记录模块, 用于记录所述确定模块所确定的所述接入交换机的物理端 口与所述虚拟局域网间的第七对应关系。 12. The cluster management device according to claim 9, further comprising: The second recording module is configured to record the seventh correspondence between the physical port of the access switch and the virtual local area network determined by the determination module.
13、 如权利要求 9-12中任一项所述的集群管理设备, 其特征在于, 还包括: 创建模块, 用于在集群管理设备中建立并存储所述集群关系数据, 所述集 群关系数据至少包括所述服务器与通信地址的第三对应关系、 所述服务器与虚 拟机的第四对应关系, 以及所述虚拟机与虚拟局域网的第五对应关系。 13. The cluster management device according to any one of claims 9 to 12, further comprising: a creation module, configured to establish and store the cluster relationship data in the cluster management device, the cluster relationship data This includes at least a third correspondence between the server and the communication address, a fourth correspondence between the server and the virtual machine, and a fifth correspondence between the virtual machine and the virtual local area network.
14、 如权利要求 13所述的集群管理设备, 其特征在于, 还包括: 14. The cluster management device according to claim 13, further comprising:
更新模块, 用于当所述物理机集群中新增或者减少服务器时, 更新接入交 换机上的物理端口与通信地址之间的第二对应关系, 以及更新所述集群管理设 备中存储的集群关系数据; An update module, configured to update the second correspondence between the physical port and the communication address on the access switch when a server is added or removed from the physical machine cluster, and update the cluster relationship stored in the cluster management device. data;
则所述第一获取模块具体根据所述更新模块更新后的接入交换机上的物理 端口与通信地址之间的第二对应关系和所述集群管理设备中存储的集群关系数 据获取的接入交换机的物理端口与服务器间的第一对应关系; Then the first acquisition module obtains the access switch specifically based on the second correspondence between the physical port and the communication address on the access switch updated by the update module and the cluster relationship data stored in the cluster management device. The first correspondence between the physical port and the server;
所述第二获取模块具体根据所述更新模块更新后所述集群管理设备中存储 的集群关系数据获取所述服务器与虚拟局域网间的第六对应关系。 The second acquisition module specifically acquires the sixth corresponding relationship between the server and the virtual local area network based on the cluster relationship data stored in the cluster management device after the update module.
15、 如权利要求 14所述的集群管理设备, 其特征在于, 还包括: 15. The cluster management device according to claim 14, further comprising:
比较模块, 用于将所述确定模块确定的所述交换机的物理端口与虚拟局域 网之间的第七对应关系与所述第二记录模块记录的物理端口与虚拟局域网之间 的第七对应关系进行比较, 找出差异数据; A comparison module, configured to compare the seventh correspondence between the physical port of the switch and the virtual LAN determined by the determination module and the seventh correspondence between the physical port and the virtual LAN recorded by the second recording module. Compare and find out the difference data;
调整模块, 用于根据所述差异数据动态为所述交换机的物理端口新增允许 通过的虚拟局域网, 或者为所述交换机的物理端口删除不需要的虚拟局域网。 The adjustment module is configured to dynamically add a virtual local area network that is allowed to pass through the physical port of the switch according to the difference data, or delete unnecessary virtual local area networks from the physical port of the switch.
16、 一种集群管理设备, 其特征在于, 包括处理器、 存储器、 总线和通信 接口; 所述存储器用于存储计算机执行指令, 所述处理器与所述存储器通过所 述总线连接, 当所述集群管理设备运行时, 所述处理器执行所述存储器存储的 所述计算机执行指令, 并通过所述通信接口与所述集群管理设备外部的设备进 行通信, 以使所述集群管理设备执行如权利要求 1-8中任一所述的基于虚拟组 网的交换机配置方法。 16. A cluster management device, characterized in that it includes a processor, a memory, a bus and a communication interface; the memory is used to store computer execution instructions, the processor and the memory are connected through the bus, when the When the cluster management device is running, the processor executes the computer execution instructions stored in the memory, and communicates with a device external to the cluster management device through the communication interface, so that the cluster management device executes the instructions as specified. Based on virtual groups as described in any one of requirements 1-8 Network switch configuration method.
17、 一种计算机可读介质, 其特征在于, 包括计算机执行指令, 以供计算 机的处理器执行所述计算机执行指令时, 所述计算机执行如权利要求 1-8中任 一所述的基于虚拟组网的交换机配置方法。 17. A computer-readable medium, characterized in that it includes computer execution instructions, so that when the computer processor executes the computer execution instructions, the computer executes the virtualization-based method as described in any one of claims 1-8. Network switch configuration method.
PCT/CN2012/086810 2012-12-18 2012-12-18 Switch configuration method and cluster management device base on virtual networking WO2014094218A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2012/086810 WO2014094218A1 (en) 2012-12-18 2012-12-18 Switch configuration method and cluster management device base on virtual networking
CN201280003260.3A CN103563304B (en) 2012-12-18 2012-12-18 Exchange configuration method based on virtual networking and cluster management device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/086810 WO2014094218A1 (en) 2012-12-18 2012-12-18 Switch configuration method and cluster management device base on virtual networking

Publications (1)

Publication Number Publication Date
WO2014094218A1 true WO2014094218A1 (en) 2014-06-26

Family

ID=50015677

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/086810 WO2014094218A1 (en) 2012-12-18 2012-12-18 Switch configuration method and cluster management device base on virtual networking

Country Status (2)

Country Link
CN (1) CN103563304B (en)
WO (1) WO2014094218A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114301656A (en) * 2021-12-23 2022-04-08 北京赛宁网安科技有限公司 Virtual-real combination system and method for network attack and defense platform

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6591844B2 (en) * 2015-09-29 2019-10-16 APRESIA Systems株式会社 Relay device and relay system
CN107135284B (en) * 2017-05-05 2020-08-28 携程旅游信息技术(上海)有限公司 Query method and system for terminal equipment in enterprise system
CN108259391B (en) * 2017-06-29 2021-03-23 新华三技术有限公司 Port configuration method and device
CN110912725A (en) * 2018-09-18 2020-03-24 北京邮电大学 Configuration method and configuration device of OpenFlow virtual switch
CN110740609A (en) * 2019-10-25 2020-01-31 上海中通吉网络技术有限公司 Server information processing method and device for internet data center and controller
CN112398738B (en) * 2020-11-05 2022-06-28 竞技世界(北京)网络技术有限公司 Method and device for acquiring connection relation, equipment and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1835467A (en) * 2006-04-14 2006-09-20 杭州华为三康技术有限公司 Network appiliance and method of realizing service sharing
CN101222497A (en) * 2007-01-11 2008-07-16 国际商业机器公司 System and method for virtualized resource configuration
CN101404619A (en) * 2008-11-17 2009-04-08 杭州华三通信技术有限公司 Method for implementing server load balancing and a three-layer switchboard
CN102055667A (en) * 2009-11-04 2011-05-11 丛林网络公司 Methods and apparatus for configuring a virtual network switch
CN102546813A (en) * 2012-03-15 2012-07-04 北京神州数码思特奇信息技术股份有限公司 High-performance cluster computing system based on x86PC framework

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1835467A (en) * 2006-04-14 2006-09-20 杭州华为三康技术有限公司 Network appiliance and method of realizing service sharing
CN101222497A (en) * 2007-01-11 2008-07-16 国际商业机器公司 System and method for virtualized resource configuration
CN101404619A (en) * 2008-11-17 2009-04-08 杭州华三通信技术有限公司 Method for implementing server load balancing and a three-layer switchboard
CN102055667A (en) * 2009-11-04 2011-05-11 丛林网络公司 Methods and apparatus for configuring a virtual network switch
CN102546813A (en) * 2012-03-15 2012-07-04 北京神州数码思特奇信息技术股份有限公司 High-performance cluster computing system based on x86PC framework

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114301656A (en) * 2021-12-23 2022-04-08 北京赛宁网安科技有限公司 Virtual-real combination system and method for network attack and defense platform
CN114301656B (en) * 2021-12-23 2023-10-27 北京赛宁网安科技有限公司 Virtual-real combination system and method for network attack and defense platform

Also Published As

Publication number Publication date
CN103563304B (en) 2016-05-25
CN103563304A (en) 2014-02-05

Similar Documents

Publication Publication Date Title
WO2014094218A1 (en) Switch configuration method and cluster management device base on virtual networking
US11963242B2 (en) Communication method and apparatus
WO2018028606A1 (en) Forwarding policy configuration
JP6884818B2 (en) VXLAN implementation methods, network devices, and communication systems
CN106464534B (en) Sheet for provisioning and managing customer premises equipment devices
EP3461072B1 (en) Access control in a vxlan
EP2728470B1 (en) Method and apparatus for configuring network policy of virtual networks
WO2019047855A1 (en) Backup method and apparatus for bras having separated forwarding plane and control plane
JP2003204348A (en) Storage device supporting vlan (virtual lan)
US9832136B1 (en) Streaming software to multiple virtual machines in different subnets
WO2014154040A1 (en) Access control method, device and system
JP2012244621A (en) Method and device for finding connection between network switch and server using vlan ids
WO2013173973A1 (en) Network communication method and device
WO2015014187A1 (en) Data forwarding method and apparatus that support multiple tenants
WO2014134919A1 (en) Method for communication control among servers in same lessee and network device
EP2218214B1 (en) Network location service
WO2019029310A1 (en) Network management method and system
US20150244824A1 (en) Control Method, Control Device, and Processor in Software Defined Network
WO2018050041A1 (en) Parameter configuration method, device, and system
WO2017107871A1 (en) Access control method and network device
JP2019057905A (en) Role-based automatic configuration system and method for ethernet(r) switches
WO2011140919A1 (en) Method, device, server and system for accessing service wholesale network
JP2004362009A (en) File server system
US10439877B2 (en) Systems and methods for enabling wide area multicast domain name system
JP4202286B2 (en) VPN connection control method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12890348

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12890348

Country of ref document: EP

Kind code of ref document: A1