CN103229489A - Virtual-machine control strategy configuration method and switch - Google Patents
Virtual-machine control strategy configuration method and switch Download PDFInfo
- Publication number
- CN103229489A CN103229489A CN2012800029600A CN201280002960A CN103229489A CN 103229489 A CN103229489 A CN 103229489A CN 2012800029600 A CN2012800029600 A CN 2012800029600A CN 201280002960 A CN201280002960 A CN 201280002960A CN 103229489 A CN103229489 A CN 103229489A
- Authority
- CN
- China
- Prior art keywords
- control strategy
- virtual machine
- mac address
- strategy
- sign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Abstract
The invention relates to a virtual-machine control strategy configuration method and a switch. The method includes: receiving a first control strategy for a virtual machine; acquiring an MAC address of the virtual machine according to a virtual-machine identification in the first control strategy; and replacing the virtual-machine identification in the first control strategy with the MAC address of the virtual machine and obtaining a second control strategy. The virtual-machine control strategy configuration method and the switch enable the configuration and management of the control strategy of the MAC address level to be realized so that the strategy control of the MAC address level is easier to be realized.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of collocation method and switch of virtual machine control strategy.
Background technology
Virtual is to realize the most important technical foundation of cloud computing, and Intel Virtualization Technology can improve the utilance of resource, and can carry out resource deployment fast, neatly according to the variation of customer service demand.Server virtualization makes separates good operation load common hardware once more, significantly reduced property server to the space take and in the consumption aspect electric power and the heat radiation, stop server and spread, but also accelerated the speed that server is provided with greatly.
Because the difference of server application scenarios and the difference of type of server, therefore to realize that server virtualization will use comprehensive virtualization software platform, and need have the multinuclear heart, high density, reliable internal memory, and I/O (Input/Output, I/O) hardware platform of throughput with extensibility.But general server virtualization technology can't be protected and implementation strategy at virtual machine level, and strategy is moved with virtual machine.
Under prior art, the virtual switch of virtual support network interface card mark VN-Tag (being used for identifying the Microsoft Loopback Adapter of virtual machine) sets up that a lot of ports is used for and the Microsoft Loopback Adapter correspondence of virtual machine, when the Microsoft Loopback Adapter of virtual machine has data to enter virtual switch, virtual switch will add VN-Tag to these data to be transmitted again, has realized other policy control of virtual machine-level.But being the realization of this scheme, the shortcoming of prior art need virtual switch, access switch even core network switches to support this technology simultaneously, therefore need upgrade to the equipment of not supporting the VNTag technology, this just makes the application of this technical scheme have limitation, and need the updating apparatus cost also high.
Summary of the invention
In view of the method for utilizing the VN-tag technology to carry out virtual machine control strategy configuration in the prior art to the equipment requirements height, the problem that cost is big, the embodiment of the invention provide a kind of collocation method and switch of virtual machine control strategy.
First aspect, the embodiment of the invention provide a kind of collocation method of virtual machine control strategy, and described method comprises:
Reception is at first control strategy of virtual machine;
According to the sign of the virtual machine in described first control strategy, obtain the MAC Address of described virtual machine;
Use the MAC Address of described virtual machine to replace described virtual machine sign in described first control strategy, obtain second control strategy.
In first kind of possible implementation, described obtaining also comprises after second control strategy: receive the address change message at described virtual machine, described address change message is carried the renewal MAC Address; Use described renewal MAC Address to replace described MAC Address in described second control strategy, obtain the 3rd control strategy.
In conjunction with first aspect, in second kind of possible implementation, described obtaining also comprises after second control strategy: receive at first of described virtual machine and upgrade control strategy, described first upgrades the described virtual machine sign that comprises described virtual machine in the control strategy; Obtain the corresponding described MAC Address of described virtual machine sign, use described MAC Address to replace the described first described virtual machine sign of upgrading in the control strategy, obtain second and upgrade control strategy; Use the described second renewal control strategy to replace described second control strategy.
In conjunction with first aspect, in the third possible implementation, describedly identify according to the virtual machine in described first control strategy, obtain before the MAC Address of described virtual machine, also comprise: receive described virtual machine sign, and N corresponding MAC Address of described virtual machine sign, wherein, N is greater than or equal to 1.
The third possible implementation in conjunction with first aspect, in the 4th kind of possible implementation, the MAC Address of the described virtual machine of described use is replaced the described virtual machine sign in described first control strategy, obtaining second control strategy is specially: the described virtual machine that uses a described N MAC Address to replace one by one in described first control strategy identifies, obtain N bar second control strategy, described N bar second control strategy is corresponding one by one with a described N MAC Address respectively.
In conjunction with first aspect, in the 5th kind of possible implementation, described obtaining also comprises after second control strategy: according to described second control strategy, to receive and be that the packet of destination address or source address is handled with described MAC Address.
The 5th kind of possible implementation in conjunction with first aspect, in the 6th kind of possible implementation, described according to described second control strategy, to receive and be that the packet of destination address or source address is handled specifically and comprised with described MAC Address: receiving with described MAC Address is the packet of destination address or source address; According to described second control strategy, transmit described packet or the described packet of refusal forwarding.
In conjunction with first aspect or first aspect first kind, second kind, the third, the 4th kind, the 5th kind, the 6th kind possible implementation, in the 7th kind of possible implementation, described first control strategy comprises at least a in the following control strategy: access control policy, resource reservation policy, the traffic prioritization strategy, the maximum stream flow delaying policy, maximum stream flow packet loss strategy, maximum stream flow shake strategy.
Second aspect, the embodiment of the invention provide a kind of switch, comprise control module, and described control module comprises the reception submodule, obtains submodule, transformant module; Described reception submodule is used to receive first control strategy at virtual machine; The described submodule that obtains is used for the virtual machine sign according to described first control strategy, obtains the MAC Address of described virtual machine; Described transformant module, the described virtual machine sign that is used for using the MAC Address of described virtual machine to replace described first control strategy obtains second control strategy.
In first kind of possible implementation, described reception submodule also is used for, and receives the address change message at described virtual machine, and described address change message is carried the renewal MAC Address; Described transformant module also is used for, and uses described renewal MAC Address to replace described MAC Address in described second control strategy, obtains the 3rd control strategy.
In conjunction with second aspect, in second kind of possible implementation, described switch also comprises the replacement submodule; Described reception submodule also is used to receive at first of described virtual machine and upgrades control strategy, and described first upgrades the described virtual machine sign that comprises described virtual machine in the control strategy; Described transformant module also is used to obtain the corresponding described MAC Address of described virtual machine sign, uses described MAC Address to replace the described first described virtual machine sign of upgrading in the control strategy, obtains second and upgrades control strategy; Described replacement submodule is used to use the described second renewal control strategy to replace described second control strategy.
In conjunction with second aspect, in the third possible implementation, described reception submodule also is used for, and receives described virtual machine sign, and N corresponding MAC Address of described virtual machine sign, and wherein, N is greater than or equal to 1.
The third possible implementation in conjunction with second aspect, in the 4th kind of possible implementation, described transformant module specifically is used for, the described virtual machine that uses a described N MAC Address to replace one by one in described first control strategy identifies, obtain N bar second control strategy, described N bar second control strategy is corresponding one by one with a described N MAC Address respectively.
In conjunction with second aspect, in the 5th kind of possible implementation, described switch also comprises Switching Module, and described Switching Module is connected with described control module; Described Switching Module is used for receiving described second control strategy from described control module, and according to described second control strategy, to receive and be that the packet of destination address or source address is transmitted or refused to transmit and handles with described MAC Address.
In conjunction with second aspect or second aspect first kind, second kind, the third, the 4th kind, the 5th kind possible implementation, in the 6th kind of possible implementation, described control strategy includes but not limited to following one or the combination of item arbitrarily: access control policy, resource reservation policy, the traffic prioritization strategy, the maximum stream flow delaying policy, maximum stream flow packet loss strategy, maximum stream flow shake strategy.
In the embodiment of the invention, switch obtains first control strategy at virtual machine from network management center; According to the sign of the virtual machine in described first control strategy, obtain the MAC Address of described virtual machine; Use the MAC Address of described virtual machine to replace described virtual machine sign in described first control strategy, obtain second control strategy.Thus, the embodiment of the invention has realized the configuration and the management of other control strategy of MAC Address level, and solved utilize the VN-tag technology to carry out virtual machine control strategy configuration in the prior art method to the equipment requirements height, the problem that cost is big, saved a large amount of Financial cost, made that other policy control of virtual machine-level is more prone to realize.
Description of drawings
The application architecture schematic diagram of the collocation method of a kind of virtual machine control strategy that Fig. 1 provides for the embodiment of the invention;
The collocation method flow chart of a kind of virtual machine control strategy that Fig. 2 provides for the embodiment of the invention;
A kind of switch schematic diagram that Fig. 3 provides for the embodiment of the invention;
Another switch schematic diagram that Fig. 4 provides for the embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.At the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The application architecture schematic diagram of the collocation method of a kind of virtual machine control strategy that Fig. 1 provides for the embodiment of the invention.As shown in Figure 1, network management center can obtain each network interface corresponding virtual MAC Address of virtual machine, and can be with the MAC Address of the virtual network port of virtual machine and the corresponding relation of virtual machine (the corresponding relation embodiment of the virtual machine sign (the virtual machine sign in the present specification refers to the ID of virtual machine) that this corresponding relation can be by virtual machine and the MAC Address of virtual machine), and send to the control module of data center's access switch at the control strategy of virtual machine, wherein this switch can be open flows OpenFlow switch; Control module is at the corresponding relation of MAC Address that receives virtual network port and virtual machine, and behind the control strategy at virtual machine, can be with the control strategy that should be converted at the control strategy of virtual machine at MAC Address; Switch is in certain MAC Address that receives self virtualizing machine or when being sent to the packet of certain MAC Address of virtual machine, according to control strategy at MAC Address, can carry out respective handling to packet, thereby realize policy control at this virtual machine.
The collocation method flow chart of a kind of virtual machine control strategy that Fig. 2 provides for the embodiment of the invention.The executive agent of this embodiment is a switch, after wherein describing switch in detail and obtaining control strategy at virtual machine from network management center, will be converted to the method at the control strategy of MAC Address at the control strategy of virtual machine.As shown in Figure 2, this embodiment may further comprise the steps:
In order to realize technical scheme of the present invention, switch comprises control module and Switching Module, and Switching Module and control module are carried out information interaction by interface.Can communicate by management interface between switch and the network management center, network management center can initiatively send each network interface corresponding virtual MAC Address of virtual machine to controller part, and at the control strategy of virtual machine.
Wherein, switch is the control strategy at virtual machine from first control strategy that network management center obtains, this control strategy bag can comprise at least a in the following control strategy: access control policy, resource reservation policy, the traffic prioritization strategy, the maximum stream flow delaying policy, maximum stream flow packet loss strategy, maximum stream flow shake strategy.
For example, the access control policy at virtual machine can be defined as the packet that refusal is sent to certain virtual machine.
Certainly, the user can upgrade the control strategy of virtual machine by network management center, and this moment, network management center can be to the control strategy after switch sends this renewal; And after virtual machine moved, the MAC Address of virtual machine also can correspondence change, and after network management center got access to this migration information, the renewal MAC Address after also can initiatively will upgrading sent to switch.
After network management center sent to switch with the virtual machine of virtual machine sign and the corresponding MAC Address of this virtual machine sign, switch can be preserved this virtual machine and identify and the virtual machine MAC Address in local data base.
Wherein, a virtual machine can have one or more network interface, the corresponding virtual mac address of each network interface, and therefore a virtual machine can have one or more virtual mac address, and switch can obtain this one or more MAC Address from network management center.
Receive first control strategy of virtual machine when network management center after, switch extracts the virtual machine sign of virtual machine from first control strategy after, can be according to this virtual machine sign, the corresponding MAC Address of inquiry in local data base.
If virtual machine has only a network interface, promptly have only a MAC Address, then will directly replace with this MAC Address at the sign of the virtual machine in first control strategy of virtual machine, can obtain second control strategy at this MAC Address.If virtual machine has a plurality of network interfaces, promptly a plurality of MAC Address MAC1, MAC2, MAC3......MACn, then the virtual machine in first control strategy sign is replaced with MAC1 after, can obtain second control strategy at the MAC1 address; After virtual machine in first control strategy sign replaced with MAC2, can obtain second control strategy at the MAC2 address; After using each MAC Address in n the MAC Address to replace virtual machine sign in first control strategy, can obtain n bar second control strategy.
For example, virtual machine 1 has only a network interface, promptly has only a MAC Address MAC1, is sent to the packet of virtual machine 1 if first control strategy is transmitted all for refusal, and then second control strategy is transmitted all for refusal and is sent to the packet of MAC1.If virtual machine has a plurality of network interfaces, a plurality of MAC Address MAC1, MAC2, MAC3......MACn are promptly arranged, if then first control strategy is transmitted all packets that are sent to virtual machine 1 for refusal then second control strategy is transmitted all for refusal and is sent to the packet of MAC1, MAC2, MAC3......MACn.
After the control module in the switch will be converted to second control strategy at MAC Address at first control strategy of virtual machine, this second control strategy can be sent to Switching Module, according to this second control strategy the packet that is derived from or is sent to this MAC Address be handled in order to Switching Module.
Particularly, when Switching Module receives and is the packet of destination address or source address with described MAC Address, can be according to the source MAC of packet or target MAC (Media Access Control) address second control strategy in the local search correspondence, thus this packet is handled accordingly.
Certainly, if Switching Module receive be the packet of destination address or source address with described MAC Address after, determine that at local search this locality does not dispose corresponding second control strategy, then control module can be issued to switch element with this second control strategy.If there is not the second corresponding control strategy in the control module, then can obtain first control strategy and the corresponding virtual machine MAC Address at virtual machine of this second control strategy correspondence from network management center, and be issued to Switching Module after this first control strategy is converted into second control strategy.
In a kind of optional implementation of the embodiment of the invention, after obtaining second control strategy, also comprise: receive the address change message at described virtual machine, described address change message is carried the renewal MAC Address; Use described renewal MAC Address to replace described MAC Address in described second control strategy, obtain the 3rd control strategy.Particularly, after virtual machine moves, the MAC Address of virtual machine also can correspondence change, after network management center gets access to this migration information, MAC Address after also can initiatively will upgrading by address change message is sent to switch, switch can use the MAC Address after the renewal to replace MAC Address in second control strategy of being preserved, to obtain the 3rd control strategy.Wherein,, then use each MAC Address in m the MAC Address to replace original MAC Address in second control strategy, can obtain m article of the 3rd control strategy if the MAC Address after upgrading has m.
Optionally, after the MAC Address after obtaining upgrading, also can obtain first control strategy from network management center according to MAC Address corresponding virtual machine sign at virtual machine, and the virtual machine that uses each MAC Address in m the MAC Address to replace in first control strategy identifies, and can obtain m bar second control strategy.
Here need to prove, because second control strategy at original MAC Address also is to be transformed from first control strategy at corresponding virtual machine sign, therefore, after the MAC Address of virtual machine is changed, just can be with second control strategy deletion at original MAC Address, can save the space on the one hand, can prevent on the other hand after the MAC Address of other virtual machines becomes this original MAC Address, corresponding other virtual machines are produced error control.
Correspondingly, after obtaining second control strategy, also comprise: receive at first of described virtual machine and upgrade control strategy, described first upgrades the described virtual machine sign that comprises described virtual machine in the control strategy; Obtain the corresponding described MAC Address of described virtual machine sign, use described MAC Address to replace the described first described virtual machine sign of upgrading in the control strategy, obtain second and upgrade control strategy; Use the described second renewal control strategy to replace described second control strategy.Particularly, if the user has upgraded control strategy at virtual machine by network management center, network management center can be to the control strategy after switch sends this renewal, after switch receives control strategy after this renewal, control strategy after this renewal can be converted to control strategy at the MAC Address of correspondence, and use the control strategy after this renewal to replace it preceding second control strategy of preserving at MAC Address, realized the configuration of Dynamic Control Strategy.
In the embodiment of the invention, switch obtains first control strategy at virtual machine from network management center; According to the sign of the virtual machine in described first control strategy, obtain the MAC Address of described virtual machine; Use the MAC Address of described virtual machine to replace described virtual machine sign in described first control strategy, obtain second control strategy.Thus, the embodiment of the invention has realized the configuration and the management of other control strategy of MAC Address level, and solved utilize the VN-tag technology to carry out virtual machine control strategy configuration in the prior art method to the equipment requirements height, the problem that cost is big, saved a large amount of Financial cost, made that other policy control of virtual machine-level is more prone to realize.
Need to prove, if the residing physical host of virtual machine network interface adaptation module (physical network card) support then to need the operating state of physical network card to be set to this mixed mode by mixed mode (Promiscuous Mode).Under mixed mode, physical network card can not carry out the modification of source MAC to the packet that sends, thereby the source MAC that can guarantee the packet that the virtual network port of virtual machine sends can not be changed; And when receiving the packet that sends to this network interface card, can not carry out filter operation to destination-mac address.If the physical network card of switch is not supported mixed mode, then need physical network card is carried out function upgrading, make physical network card in the packet of transmitting self virtualizing machine, do not revise source MAC, when receiving the packet that sends to this network interface card, can not carry out filter operation to destination-mac address.
Correspondingly, the embodiment of the invention also provides a kind of switch, and this switch can be the OpenFlow switch.A kind of switch schematic diagram that Fig. 3 provides for the embodiment of the invention, as shown in Figure 3, switch comprises control module 310, described control module 310 comprises reception submodule 311, obtains submodule 312, transformant module 313; Switch also comprises Switching Module 320.Wherein, Switching Module 320 can be connected by interface with control module 310.For example for the OpenFlow switch, control module 310 can be connected by the OpenFlow interface with Switching Module 320.Wherein,
Receive submodule 311, be used to receive first control strategy at virtual machine.
Receive submodule 312 and also be used for, receive described virtual machine sign, and N corresponding MAC Address of described virtual machine sign, wherein, N is greater than or equal to 1.
Wherein, switch is the control strategy at virtual machine from first control strategy that network management center obtains, this control strategy bag can comprise at least a in the following control strategy: access control policy, resource reservation policy, the traffic prioritization strategy, the maximum stream flow delaying policy, maximum stream flow packet loss strategy, maximum stream flow shake strategy.
For example, the access control policy at virtual machine can be defined as the packet that refusal is sent to certain virtual machine.
Obtain submodule 312, be used for virtual machine sign, obtain the MAC Address of described virtual machine according to described first control strategy.
After network management center sent to switch with the virtual machine of virtual machine sign and the corresponding MAC Address of this virtual machine sign, switch can be preserved this virtual machine and identify and the virtual machine MAC Address in local data base.
Wherein, a virtual machine can have one or more network interface, the corresponding virtual mac address of each network interface, and therefore a virtual machine can have one or more virtual mac address, and switch can obtain this one or more MAC Address from network management center.
Receive first control strategy of virtual machine when network management center after, switch extracts the virtual machine sign of virtual machine from first control strategy after, can be according to this virtual machine sign, the corresponding MAC Address of inquiry in local data base.
If virtual machine has only a network interface, promptly have only a MAC Address, then will directly replace with this MAC Address at the sign of the virtual machine in first control strategy of virtual machine, can obtain second control strategy at this MAC Address.If virtual machine has a plurality of network interfaces, promptly a plurality of MAC Address MAC1, MAC2, MAC3......MACn, then the virtual machine in first control strategy sign is replaced with MAC1 after, can obtain second control strategy at the MAC1 address; After virtual machine in first control strategy sign replaced with MAC2, can obtain second control strategy at the MAC2 address; After using each MAC Address in n the MAC Address to replace virtual machine sign in first control strategy, can obtain n bar second control strategy.
After the control module in the switch 310 will be converted to second control strategy at MAC Address at first control strategy of virtual machine, this second control strategy can be sent to Switching Module, according to this second control strategy the packet that is derived from or is sent to this MAC Address be handled in order to Switching Module 320.
Certainly, if Switching Module 320 receive be the packet of destination address or source address with described MAC Address after, determine that at local search this locality does not dispose corresponding second control strategy, then control module 310 can be issued to Switching Module 320 with this second control strategy.If there is not the second corresponding control strategy in the control module 310, then can obtain first control strategy and the corresponding virtual machine MAC Address at virtual machine of this second control strategy correspondence from network management center, and be issued to Switching Module 320 after this first control strategy is converted into second control strategy.
Preferably, when in the address of virtual machine change taking place, receive submodule 311 and also be used for, receive the address change message at described virtual machine, described address change message is carried the renewal MAC Address; Transformant module 313 also is used for, and uses described renewal MAC Address to replace described MAC Address in described second control strategy, obtains the 3rd control strategy.Particularly, after virtual machine moves, the MAC Address of virtual machine also can correspondence change, after network management center gets access to this migration information, MAC Address after also can initiatively will upgrading by address change message is sent to switch, switch can use the MAC Address after the renewal to replace MAC Address in second control strategy of being preserved, to obtain the 3rd control strategy.Wherein,, then use each MAC Address in m the MAC Address to replace original MAC Address in second control strategy, can obtain m article of the 3rd control strategy if the MAC Address after upgrading has m.
Optionally, after the MAC Address after obtaining upgrading, also can obtain first control strategy from network management center according to MAC Address corresponding virtual machine sign at virtual machine, and the virtual machine that uses each MAC Address in m the MAC Address to replace in first control strategy identifies, and can obtain m bar second control strategy.
Here need to prove, because second control strategy at original MAC Address also is to be transformed from first control strategy at corresponding virtual machine sign, therefore, after the MAC Address of virtual machine is changed, just can be with second control strategy deletion at original MAC Address, can save the space on the one hand, can prevent on the other hand after the MAC Address of other virtual machines becomes this original MAC Address, corresponding other virtual machines are produced error control.
Preferably, switch also comprises replaces submodule 314, takes place after changing at the control strategy at virtual machine, receives submodule 311, also be used to receive at first of described virtual machine and upgrade control strategy, described first upgrades the described virtual machine sign that comprises described virtual machine in the control strategy; Transformant module 313 also is used to obtain the corresponding described MAC Address of described virtual machine sign, uses described MAC Address to replace the described first described virtual machine sign of upgrading in the control strategy, obtains second and upgrades control strategy; Replace submodule 314, be used to use the described second renewal control strategy to replace described second control strategy.Particularly, if the user has upgraded control strategy at virtual machine by network management center, network management center can be to the control strategy after switch sends this renewal, after switch receives control strategy after this renewal, control strategy after this renewal can be converted to control strategy at the MAC Address of correspondence, and use the control strategy after this renewal to replace it preceding second control strategy of preserving at MAC Address, realized the configuration of Dynamic Control Strategy.
Thus, the embodiment of the invention has realized the configuration and the management of other control strategy of MAC Address level, and solved utilize the VN-tag technology to carry out virtual machine control strategy configuration in the prior art method to the equipment requirements height, the problem that cost is big, saved a large amount of Financial cost, made that other policy control of virtual machine-level is more prone to realize.
Correspondingly, the embodiment of the invention also provides a kind of switch, another switch schematic diagram that Fig. 4 provides for the embodiment of the invention.As shown in Figure 4, the switch that provides of present embodiment comprises network interface 401, processor 402 and memory 403.System bus 404 is used to connect network interface 401, processor 402 and memory 403.
When starting, these component softwares are loaded in the memory 403, are visited and carry out as giving an order by processor 402 then:
Reception is at first control strategy of virtual machine;
According to the sign of the virtual machine in described first control strategy, obtain the MAC Address of described virtual machine;
Use the MAC Address of described virtual machine to replace described virtual machine sign in described first control strategy, obtain second control strategy.
Wherein, first control strategy comprises at least a in the following control strategy: access control policy, resource reservation policy, traffic prioritization strategy, maximum stream flow delaying policy, maximum stream flow packet loss strategy, maximum stream flow shake strategy.
After network management center sent to switch with the virtual machine of virtual machine sign and the corresponding MAC Address of this virtual machine sign, switch can be preserved this virtual machine and identify and the virtual machine MAC Address in local data base.
Wherein, a virtual machine can have one or more network interface, the corresponding virtual mac address of each network interface, and therefore a virtual machine can have one or more virtual mac address, and switch can obtain this one or more MAC Address from network management center.
Receive first control strategy of virtual machine when network management center after, switch extracts the virtual machine sign of virtual machine from first control strategy after, can be according to this virtual machine sign, the corresponding MAC Address of inquiry in local data base.
Further, after obtaining second control strategy, behind the component software of described processor 402 references to storage 403, carry out the instruction of following process:
Reception is at the address change message of described virtual machine, and described address change message is carried the renewal MAC Address;
Use described renewal MAC Address to replace described MAC Address in described second control strategy, obtain the 3rd control strategy.
Particularly, after virtual machine moves, the MAC Address of virtual machine also can correspondence change, after network management center gets access to this migration information, MAC Address after also can initiatively will upgrading by address change message is sent to switch, switch can use the MAC Address after the renewal to replace MAC Address in second control strategy of being preserved, to obtain the 3rd control strategy.Wherein,, then use each MAC Address in m the MAC Address to replace original MAC Address in second control strategy, can obtain m article of the 3rd control strategy if the MAC Address after upgrading has m.
Optionally, after the MAC Address after obtaining upgrading, also can obtain first control strategy from network management center according to MAC Address corresponding virtual machine sign at virtual machine, and the virtual machine that uses each MAC Address in m the MAC Address to replace in first control strategy identifies, and can obtain m bar second control strategy.
Here need to prove, because second control strategy at original MAC Address also is to be transformed from first control strategy at corresponding virtual machine sign, therefore, after the MAC Address of virtual machine is changed, just can be with second control strategy deletion at original MAC Address, can save the space on the one hand, can prevent on the other hand after the MAC Address of other virtual machines becomes this original MAC Address, corresponding other virtual machines are produced error control.
Further, after obtaining second control strategy, behind the component software of described processor 402 references to storage 403, carry out the instruction of following process:
Reception is upgraded control strategy at first of described virtual machine, and described first upgrades the described virtual machine sign that comprises described virtual machine in the control strategy;
Obtain the corresponding described MAC Address of described virtual machine sign, use described MAC Address to replace the described first described virtual machine sign of upgrading in the control strategy, obtain second and upgrade control strategy;
Use the described second renewal control strategy to replace described second control strategy.
Particularly, if the user has upgraded control strategy at virtual machine by network management center, network management center can be to the control strategy after switch sends this renewal, after switch receives control strategy after this renewal, control strategy after this renewal can be converted to control strategy at the MAC Address of correspondence, and use the control strategy after this renewal to replace it preceding second control strategy of preserving at MAC Address, realized the configuration of Dynamic Control Strategy.
Further, identify according to the virtual machine in described first control strategy described, inquire about before the MAC Address of described virtual machine, behind the component software of described processor 402 references to storage 403, carry out the instruction of following process: receive described virtual machine sign, and N corresponding MAC Address of described virtual machine sign, wherein, N is greater than or equal to 1.
Wherein, the described virtual machine that processor 402 execution use the MAC Address of described virtual machine to replace in described first control strategy identifies, the process that obtains second control strategy is specially: the described virtual machine that uses a described N MAC Address to replace one by one in described first control strategy identifies, obtain N bar second control strategy, described N bar second control strategy is corresponding one by one with a described N MAC Address respectively.
Further, after switch receives packet by network interface 401, behind the component software of processor 402 references to storage 403, carry out the instruction of following process: according to described second control strategy, to receive and be that the packet of destination address or source address is handled with described MAC Address.Particularly, receiving with described MAC Address is the packet of destination address or source address; According to described second control strategy, transmit described packet or the described packet of refusal forwarding.
Thus, the embodiment of the invention has realized the configuration and the management of other control strategy of MAC Address level, and solved utilize the VN-tag technology to carry out virtual machine control strategy configuration in the prior art method to the equipment requirements height, the problem that cost is big, saved a large amount of Financial cost, made that other policy control of virtual machine-level is more prone to realize.
The professional should further recognize, the unit and the algorithm steps of each example of describing in conjunction with embodiment disclosed herein, can realize with electronic hardware, computer software or the combination of the two, for the interchangeability of hardware and software clearly is described, the composition and the step of each example described prevailingly according to function in the above description.These functions still are that software mode is carried out with hardware actually, depend on the application-specific and the design constraint of technical scheme.The professional and technical personnel can use distinct methods to realize described function to each specific should being used for, but this realization should not thought and exceeds scope of the present invention.
The method of describing in conjunction with embodiment disclosed herein or the step of algorithm can use the software module of hardware, processor execution, and perhaps the combination of the two is implemented.Software module can place the storage medium of any other form known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or the technical field.
Above-described embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is the specific embodiment of the present invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (15)
1. the collocation method of a virtual machine control strategy is characterized in that, described method comprises:
Reception is at first control strategy of virtual machine;
According to the sign of the virtual machine in described first control strategy, obtain the MAC Address of described virtual machine;
Use the MAC Address of described virtual machine to replace described virtual machine sign in described first control strategy, obtain second control strategy.
2. the collocation method of virtual machine control strategy according to claim 1 is characterized in that, described obtaining also comprises after second control strategy:
Reception is at the address change message of described virtual machine, and described address change message is carried the renewal MAC Address;
Use described renewal MAC Address to replace described MAC Address in described second control strategy, obtain the 3rd control strategy.
3. the collocation method of virtual machine control strategy according to claim 1 is characterized in that, described obtaining also comprises after second control strategy:
Reception is upgraded control strategy at first of described virtual machine, and described first upgrades the described virtual machine sign that comprises described virtual machine in the control strategy;
Obtain the corresponding described MAC Address of described virtual machine sign, use described MAC Address to replace the described first described virtual machine sign of upgrading in the control strategy, obtain second and upgrade control strategy;
Use the described second renewal control strategy to replace described second control strategy.
4. the collocation method of virtual machine control strategy according to claim 1, it is characterized in that, describedly identify according to the virtual machine in described first control strategy, obtain before the MAC Address of described virtual machine, also comprise: receive described virtual machine sign, and N corresponding MAC Address of described virtual machine sign, wherein, N is greater than or equal to 1.
5. the collocation method of virtual machine control strategy according to claim 4 is characterized in that, the MAC Address of the described virtual machine of described use is replaced the described virtual machine sign in described first control strategy, obtains second control strategy and is specially:
The described virtual machine that uses a described N MAC Address to replace one by one in described first control strategy identifies, and obtains N bar second control strategy, and described N bar second control strategy is corresponding one by one with a described N MAC Address respectively.
6. the collocation method of virtual machine control strategy according to claim 1, it is characterized in that, described obtaining also comprises after second control strategy: according to described second control strategy, to receive and be that the packet of destination address or source address is handled with described MAC Address.
7. the collocation method of virtual machine control strategy according to claim 6 is characterized in that, and is described according to described second control strategy, to receive and be that the packet of destination address or source address is handled specifically and comprised with described MAC Address:
Reception is the packet of destination address or source address with described MAC Address;
According to described second control strategy, transmit described packet or the described packet of refusal forwarding.
8. according to the collocation method of each described virtual machine control strategy of claim 1-7, it is characterized in that, described first control strategy comprises at least a in the following control strategy: access control policy, resource reservation policy, the traffic prioritization strategy, the maximum stream flow delaying policy, maximum stream flow packet loss strategy, maximum stream flow shake strategy.
9. a switch is characterized in that, described switch comprises control module, and described control module comprises the reception submodule, obtains submodule, transformant module;
Described reception submodule is used to receive first control strategy at virtual machine;
The described submodule that obtains is used for the virtual machine sign according to described first control strategy, obtains the MAC Address of described virtual machine;
Described transformant module, the described virtual machine sign that is used for using the MAC Address of described virtual machine to replace described first control strategy obtains second control strategy.
10. switch according to claim 9 is characterized in that, described reception submodule also is used for, and receives the address change message at described virtual machine, and described address change message is carried the renewal MAC Address;
Described transformant module also is used for, and uses described renewal MAC Address to replace described MAC Address in described second control strategy, obtains the 3rd control strategy.
11. switch according to claim 9 is characterized in that, described switch also comprises the replacement submodule;
Described reception submodule also is used to receive at first of described virtual machine and upgrades control strategy, and described first upgrades the described virtual machine sign that comprises described virtual machine in the control strategy;
Described transformant module also is used to obtain the corresponding described MAC Address of described virtual machine sign, uses described MAC Address to replace the described first described virtual machine sign of upgrading in the control strategy, obtains second and upgrades control strategy;
Described replacement submodule is used to use the described second renewal control strategy to replace described second control strategy.
12. switch according to claim 9 is characterized in that, described reception submodule also is used for, and receives described virtual machine sign, and N corresponding MAC Address of described virtual machine sign, and wherein, N is greater than or equal to 1.
13. switch according to claim 12, it is characterized in that, described transformant module specifically is used for, the described virtual machine that uses a described N MAC Address to replace one by one in described first control strategy identifies, obtain N bar second control strategy, described N bar second control strategy is corresponding one by one with a described N MAC Address respectively.
14. switch according to claim 9 is characterized in that, described switch also comprises Switching Module, and described Switching Module is connected with described control module;
Described Switching Module is used for receiving described second control strategy from described control module, and according to described second control strategy, to receive and be that the packet of destination address or source address is transmitted or refused to transmit and handles with described MAC Address.
15. according to each described switch of claim 9-14, it is characterized in that, described control strategy includes but not limited to following one or the combination of item arbitrarily: access control policy, resource reservation policy, the traffic prioritization strategy, the maximum stream flow delaying policy, maximum stream flow packet loss strategy, maximum stream flow shake strategy.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2012/087123 WO2014094287A1 (en) | 2012-12-21 | 2012-12-21 | Configuration method of virtual machine control policy and exchange |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103229489A true CN103229489A (en) | 2013-07-31 |
| CN103229489B CN103229489B (en) | 2016-05-25 |
Family
ID=48838364
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201280002960.0A Active CN103229489B (en) | 2012-12-21 | 2012-12-21 | The collocation method of virtual machine control strategy and switch |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103229489B (en) |
| WO (1) | WO2014094287A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014180363A1 (en) * | 2013-12-23 | 2014-11-13 | 中兴通讯股份有限公司 | Openflow signaling control method and device |
| WO2015024412A1 (en) * | 2013-08-23 | 2015-02-26 | 中兴通讯股份有限公司 | Stream mapping processing method and apparatus |
| CN104699522A (en) * | 2015-03-17 | 2015-06-10 | 成都艺辰德迅科技有限公司 | Virtual machine dynamic migration method |
| CN104717181A (en) * | 2013-12-13 | 2015-06-17 | 中国电信股份有限公司 | Security policy configuration system and method for virtual security gateway |
| CN105577548A (en) * | 2014-10-10 | 2016-05-11 | 杭州华三通信技术有限公司 | Software definition network message processing method and device |
| CN107566319A (en) * | 2016-06-30 | 2018-01-09 | 中央大学 | The instant transfer method of virtual machine |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3846508A1 (en) * | 2017-10-09 | 2021-07-07 | Comcast Cable Communications LLC | Policy control for ethernet packet data |
| US10855814B2 (en) | 2017-10-20 | 2020-12-01 | Comcast Cable Communications, Llc | Non-access stratum capability information |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101909054A (en) * | 2010-07-15 | 2010-12-08 | 华中科技大学 | Method for aggregating multiple network interface cards in virtualized environment |
| CN101916207A (en) * | 2010-08-28 | 2010-12-15 | 华为技术有限公司 | Energy saving method, device and system under desktop virtual environment |
| CN102136931A (en) * | 2010-09-20 | 2011-07-27 | 华为技术有限公司 | Method for configuring virtual port network strategies, network management center and related equipment |
| CN102137169A (en) * | 2011-01-30 | 2011-07-27 | 华为技术有限公司 | Method, network card and communication system for binding physical internet ports |
| CN102202049A (en) * | 2010-03-23 | 2011-09-28 | 思杰系统有限公司 | Network policy implementation for multi-virtual machine appliance |
| CN102413183A (en) * | 2011-11-22 | 2012-04-11 | 中国联合网络通信集团有限公司 | Cloud intelligence switch and processing method and system thereof |
| CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
| CN102739645A (en) * | 2012-04-23 | 2012-10-17 | 杭州华三通信技术有限公司 | Method and device for migrating virtual machine safety policy |
-
2012
- 2012-12-21 WO PCT/CN2012/087123 patent/WO2014094287A1/en active Application Filing
- 2012-12-21 CN CN201280002960.0A patent/CN103229489B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202049A (en) * | 2010-03-23 | 2011-09-28 | 思杰系统有限公司 | Network policy implementation for multi-virtual machine appliance |
| CN101909054A (en) * | 2010-07-15 | 2010-12-08 | 华中科技大学 | Method for aggregating multiple network interface cards in virtualized environment |
| CN101916207A (en) * | 2010-08-28 | 2010-12-15 | 华为技术有限公司 | Energy saving method, device and system under desktop virtual environment |
| CN102136931A (en) * | 2010-09-20 | 2011-07-27 | 华为技术有限公司 | Method for configuring virtual port network strategies, network management center and related equipment |
| CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
| CN102137169A (en) * | 2011-01-30 | 2011-07-27 | 华为技术有限公司 | Method, network card and communication system for binding physical internet ports |
| CN102413183A (en) * | 2011-11-22 | 2012-04-11 | 中国联合网络通信集团有限公司 | Cloud intelligence switch and processing method and system thereof |
| CN102739645A (en) * | 2012-04-23 | 2012-10-17 | 杭州华三通信技术有限公司 | Method and device for migrating virtual machine safety policy |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015024412A1 (en) * | 2013-08-23 | 2015-02-26 | 中兴通讯股份有限公司 | Stream mapping processing method and apparatus |
| CN104717181A (en) * | 2013-12-13 | 2015-06-17 | 中国电信股份有限公司 | Security policy configuration system and method for virtual security gateway |
| CN104717181B (en) * | 2013-12-13 | 2018-10-23 | 中国电信股份有限公司 | The security strategy of Virtual Security Gateway configures System and method for |
| WO2014180363A1 (en) * | 2013-12-23 | 2014-11-13 | 中兴通讯股份有限公司 | Openflow signaling control method and device |
| CN105577548A (en) * | 2014-10-10 | 2016-05-11 | 杭州华三通信技术有限公司 | Software definition network message processing method and device |
| CN105577548B (en) * | 2014-10-10 | 2018-10-09 | 新华三技术有限公司 | Message processing method and device in a kind of software defined network |
| US10541913B2 (en) | 2014-10-10 | 2020-01-21 | Hewlett Packard Enterprise Development Lp | Table entry in software defined network |
| CN104699522A (en) * | 2015-03-17 | 2015-06-10 | 成都艺辰德迅科技有限公司 | Virtual machine dynamic migration method |
| CN104699522B (en) * | 2015-03-17 | 2017-10-13 | 成都麦进斗科技有限公司 | A kind of dynamic migration of virtual machine method |
| CN107566319A (en) * | 2016-06-30 | 2018-01-09 | 中央大学 | The instant transfer method of virtual machine |
| CN107566319B (en) * | 2016-06-30 | 2021-01-26 | 中央大学 | Virtual machine instant transfer method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103229489B (en) | 2016-05-25 |
| WO2014094287A1 (en) | 2014-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103229489A (en) | Virtual-machine control strategy configuration method and switch | |
| US10091274B2 (en) | Method, device, and system for controlling network device auto-provisioning | |
| JP5811253B2 (en) | Network system and network management method | |
| CN103793359B (en) | Method and system for virtual port communications | |
| CN102105865B (en) | Method and system for power management in a virtual machine environment without disrupting network connectivity | |
| CN104780115B (en) | Load-balancing method and system in cloud computing environment | |
| CN109981493B (en) | Method and device for configuring virtual machine network | |
| CN102316043B (en) | Port virtualization method, switch and communication system | |
| CN102845035A (en) | Method of identifying destination in virtual environment | |
| CN107544841B (en) | Virtual machine live migration method and system | |
| CN105262685A (en) | Message processing method and message processing device | |
| CN102790777A (en) | Network interface adapter register method as well as drive equipment and server | |
| CN103795622A (en) | Message forwarding method and device using same | |
| CN103067295A (en) | Method and device and system for service transmission | |
| CN104040964A (en) | Method, device and data center network for cross-service zone communication | |
| CN101808010B (en) | Equipment management method and equipment management device and main control board | |
| CN109240796A (en) | Virtual machine information acquisition methods and device | |
| CN112491789B (en) | OpenStack framework-based virtual firewall construction method and storage medium | |
| CN113472624A (en) | Method for realizing virtual network data packet forwarding based on vDPA and application | |
| CN110061855A (en) | A kind of method for processing business, system and device | |
| CN102148715A (en) | Method and device for virtual network configuration migration | |
| CN111371608B (en) | Method, device and medium for deploying SFC service chain | |
| CN104883302A (en) | Method, device and system for forwarding data packet | |
| CN106878052B (en) | User migration method and device | |
| CN104301446B (en) | A kind of message processing method, switch device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211221 Address after: 450046 Floor 9, building 1, Zhengshang Boya Plaza, Longzihu wisdom Island, Zhengdong New Area, Zhengzhou City, Henan Province Patentee after: Super fusion Digital Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |