CN103795622B - Message forwarding method and device using same - Google Patents
Message forwarding method and device using same Download PDFInfo
- Publication number
- CN103795622B CN103795622B CN201410029683.3A CN201410029683A CN103795622B CN 103795622 B CN103795622 B CN 103795622B CN 201410029683 A CN201410029683 A CN 201410029683A CN 103795622 B CN103795622 B CN 103795622B
- Authority
- CN
- China
- Prior art keywords
- message
- stream rule
- service processing
- processing board
- interface plate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a message forwarding method and a device using the same. The method includes the steps that when a first virtual switch receives a message, the first virtual switch inquires a first type stream rule stored by the first virtual switch according to the message, and when the corresponding first type stream rule is matched, the message is forwarded to a corresponding service processing plate according to the first type stream rule; when the service processing plate receives the message and carries out service layer processing on the message, the service processing plate inquires a second type stream rule stored by the service processing plate according to the message undergoing service layer processing, and when the corresponding second type stream rule is matched, and the message which undergoes service layer processing is forwarded from an external port corresponding to the second type stream rule. According to the message forwarding method and the device using the message forwarding method, message forwarding efficiency of virtual equipment on a virtual platform is improved.
Description
Technical field
The present invention relates to communication technical field, more particularly, to a kind of message forwarding method and its device.
Background technology
With the rise of Intel Virtualization Technology, numerous network equipment commercial cities are proposed the network equipment based on virtual platform, such as
Virtual router, virtual switch, virtual firewall etc..How to improve message on virtual platform for the virtual unit and forward effect
Rate becomes the problem that each manufacturer needs to solve.
In a distributed manner as a example virtual router, in prior art, for distributed virtual router, there is I/O plate
With FW plate, I/O plate is responsible for transceiving data, shunting(Stream is evenly distributed to each FW plate), FW plate be responsible for process and E-Packet.
All streams all must arrive first entrance I/O plate, then finds an exit I/O plate through FW plate, and stream needs to send through 8 times could be complete
Become repeating process, its schematic diagram can be as shown in Figure 1;Wherein, Hypervisor is virtual platform(As VMware(Virtual
Machine))One providing can realize the level of abstraction of operating system and application program and the isolation of bottom hardware computing resource.Its energy
Effectively mitigate the traditional dependence to hardware device and driving for the software.Virtual switch can be created by Hypervisor,
Divide network, the network connection relation between planning virtual unit.
During realizing the present invention, inventor finds at least there is problems with prior art:
In prior art, message forward efficiency on virtual platform for the virtual unit is relatively low.
Content of the invention
The invention provides a kind of message forwarding method and its device, in order to improve report on virtual platform for the virtual unit
Civilian forward efficiency.
In order to reach object above, embodiments provide a kind of message forwarding method, be applied to connect including first
Oralia, service processing board, second interface plate, the first virtual switch, the second virtual switch, and the 3rd virtual switch
Virtual unit, described first interface plate is used for receiving external data by the first virtual switch, and described second interface plate is used for
Data after described service processing board is processed by the 3rd virtual switch forwards to outside, and described second virtual switch is used
Internal data between described first interface plate, second interface plate and service processing board forwards, and the method includes:
When the first virtual switch receives message, described first virtual switch inquires about itself storage according to this message
First kind stream rule, and when matching corresponding first kind stream rule, according to this first kind stream rule, this is reported
Literary composition is transmitted to corresponding service processing board;
When service processing board receives message, and this message is carried out after operation layer process, described service processing board according to
The described message through operation layer process inquires about the Second Type stream rule of itself storage, and ought match corresponding Second Type
During stream rule, this message processing through operation layer is forwarded from this corresponding external port of Second Type stream rule.
Wherein, the method also includes:
When described first virtual switch does not match corresponding first kind stream rule according to the message receiving, institute
State the first virtual switch and forward the packet to first interface plate, this message is encapsulated as by internal report by described first interface plate
Literary composition, and corresponding service processing board is transmitted to by inner port;
The service processing board receiving described built-in message obtains the outer of the first interface plate carrying in described built-in message
The MAC address of portion's mouth, and determine with two layers of the external port of described first interface plate up to this Business Processing
The MAC Address of the first external port of plate;
This service processing board is according to the heading of the original message carrying in described built-in message and described first external port
MAC Address, generate corresponding first kind stream rule, comprise for original described in unique mark in this first kind stream rule
The identification information of the corresponding data flow of message, and the MAC Address of described first external port;
This first kind stream rule is sent to the described first virtual friendship by described first external port by this service processing board
Change planes, so that described first virtual switch stores this first kind stream rule.
Wherein, this first kind stream rule is sent to described first by described first external port by described service processing board
During virtual switch, described service processing board sends the time-out of this first kind stream rule simultaneously to described first virtual switch
Time, so that described first virtual switch, in this first kind stream rule time-out, deletes this first kind of itself storage
Stream rule.
Wherein, the method also includes:
When described service processing board does not match corresponding Second Type stream according to the described message through operation layer process
When regular, the message after the described process through operation layer is encapsulated as built-in message by described service processing board, and passes through inner port
It is transmitted to corresponding second interface plate;
The second interface plate receiving described built-in message obtains the outer of the second interface plate carrying in described built-in message
The MAC address of portion's mouth, and determine with two layers of the external port of this second interface plate up to described Business Processing
The MAC Address of the second external port of plate;
This second interface plate is according to the message after the described process through operation layer carrying in described built-in message and described
The MAC Address of the second external port, generates corresponding Second Type stream rule, comprises to mark for unique in this Second Type stream rule
Know the identification information of the corresponding data flow of message after the described process through operation layer, and the MAC ground of described second external port
Location;
This Second Type stream rule is sent to described service processing board by this second interface plate, so that described service processing board
Store this Second Type stream rule.
Wherein, when this Second Type stream rule is sent to described service processing board by described second interface plate, described second
Interface board sends the time-out time of this Second Type stream rule simultaneously to described service processing board, so that described service processing board exists
During this Second Type stream rule time-out, delete this Second Type stream rule of itself storage.
The embodiment of the present invention additionally provides a kind of virtual unit, including first interface plate, service processing board, second interface
Plate, the first virtual switch, the second virtual switch, and the 3rd virtual switch, wherein, described first interface plate is used for leading to
Cross the first virtual switch and receive external data, described second interface plate is used at described business by the 3rd virtual switch
Data after reason plate is processed forwards to outside, described second virtual switch be used for described first interface plate, second interface plate and
Internal data between service processing board forwards,
Described first virtual switch is used for, and inquires about the first kind of itself storage according to this message when receiving message
Stream rule, and when matching corresponding first kind stream rule, according to this first kind stream rule, this first message is forwarded
To corresponding service processing board;
Described service processing board is used for, and when receiving message, and this message is carried out after operation layer process, according to described warp
The message crossing operation layer process inquires about the Second Type stream rule of itself storage, and regular when matching corresponding Second Type stream
When, this message processing through operation layer is forwarded from this corresponding external port of Second Type stream rule.
Wherein, described first virtual switch is additionally operable to, when the message that basis receives does not match the corresponding first kind
During type stream rule, forward the packet to first interface plate, this message is encapsulated as by built-in message by described first interface plate, and
Corresponding service processing board is transmitted to by inner port;
Described service processing board is additionally operable to, and when receiving described built-in message, carries in the described built-in message of acquisition
The MAC address of the external port of first interface plate, and determine can with two layers of the external port of described first interface plate
The MAC Address of the first external port of the described service processing board reaching;Report according to the original message carrying in described built-in message
Civilian head and the MAC Address of described first external port, generate corresponding first kind stream rule, comprise in this first kind stream rule
For the identification information of the corresponding data flow of original message described in unique mark, and the MAC Address of described first external port;Will
This first kind stream rule is sent to described first virtual switch by described first external port, so that described first virtual friendship
This first kind stream of storage of changing planes is regular.
Wherein, described service processing board is additionally operable to, and this first kind stream rule is being sent by described first external port
During to described first virtual switch, simultaneously to described first virtual switch send this first kind stream rule overtime when
Between, so that described first virtual switch, in this first kind stream rule time-out, deletes this first kind stream of itself storage
Rule.
Wherein, described service processing board is additionally operable to, when not matching correspondence according to the described message through operation layer process
Second Type stream rule when, the message after the described process through operation layer is encapsulated as built-in message, and is turned by inner port
Issue corresponding second interface plate;
Described second interface plate is used for, and when receiving described built-in message, obtains the carrying in described built-in message
The MAC address of the external port of two interface boards, and determine with two layers of the external port of described second interface plate up to
The second external port of described service processing board MAC Address;According to carry in described built-in message described through operation layer
Message after process and the MAC Address of described second external port, generate corresponding Second Type stream rule, and this Second Type stream is advised
The identification information for the corresponding data flow of message after operation layer process described in unique mark is comprised in then, and described
The MAC Address of the second external port;This Second Type stream rule is sent to described service processing board, so that described service processing board
Store this Second Type stream rule.
Wherein, described second interface plate is additionally operable to, when this Second Type stream rule is sent to described service processing board,
Send the time-out time of this Second Type stream rule to described service processing board simultaneously so that described service processing board this second
During type stream rule time-out, delete this Second Type stream rule of itself storage.
In the above embodiment of the present invention, when the first virtual switch receives message, this first virtual switch according to
This message inquires about the first kind stream rule of itself storage, and when matching corresponding first kind stream rule, according to this
This first message is transmitted to corresponding service processing board by one type stream rule;When service processing board receives message, and to this
After message carries out Business Processing, service processing board inquires about the Second Type of itself storage according to the message that this is processed through operation layer
Stream rule, and when matching corresponding Second Type stream rule, the message that this is processed through operation layer is from this Second Type
Flow regular corresponding external port to forward, improve message forward efficiency on virtual platform for the virtual unit.
Brief description
Fig. 1 is the schematic diagram of the general forwarding process of virtual router of the prior art;
Fig. 2 is a kind of schematic flow sheet of message forwarding method provided in an embodiment of the present invention;
Fig. 3 is a kind of schematic diagram of virtual router message forwarding method provided in an embodiment of the present invention;
Fig. 4 is a kind of structural representation of virtual unit provided in an embodiment of the present invention.
Specific embodiment
For above-mentioned problem of the prior art, embodiments provide the technical scheme that a kind of message forwards, application
In inclusion first interface plate, service processing board, second interface plate, the first virtual switch, the second virtual switch, and the 3rd
The virtual unit of virtual switch, this first interface plate is used for receiving external data, second interface by the first virtual switch
Data after plate is used for processing service processing board by the 3rd virtual switch forwards to outside, and the second virtual switch is used for
Internal data between first interface plate, second interface plate and service processing board forwards.In this technical scheme, when first is virtual
When switch receives message, this first virtual switch inquires about the first kind stream rule of itself storage according to this message, and
When matching corresponding first kind stream rule, this first message is transmitted to by corresponding industry according to this first kind stream rule
Business process plate;When service processing board receives message, and this message is carried out after Business Processing, service processing board is according to this process
The message that operation layer is processed inquires about the Second Type stream rule of itself storage, and regular when matching corresponding Second Type stream
When, this message processing through operation layer is forwarded from this corresponding external port of Second Type stream rule, improves virtual unit
Message forward efficiency on virtual platform.
Below in conjunction with the accompanying drawing in embodiments of the invention, the technical scheme in embodiments of the invention is carried out clearly
Chu, complete description are it is clear that the embodiments described below are only a part of embodiment of the present invention, rather than whole realities
Apply example.Based on the embodiment in the present invention, those of ordinary skill in the art are obtained under the premise of not paying creative work
Every other embodiment, broadly fall into embodiments of the invention protection scope.
As shown in Fig. 2 be a kind of schematic flow sheet of message forwarding method provided in an embodiment of the present invention, can include with
Lower step:
Step 201, when the first virtual switch receives message, the first virtual switch inquires about itself according to this message
The first kind stream rule of storage, and when matching corresponding first kind stream rule, will according to this first kind stream rule
This first message is transmitted to corresponding service processing board.
Specifically, in embodiments of the present invention, when the first virtual switch receives message, the first virtual switch needs
First to inquire about the first kind stream rule of itself storage according to this message, be mated with this message with determining itself whether to be stored with
First kind stream rule.
When the first virtual switch matches corresponding the according to this message in first kind stream that itself stores rule
During one type stream rule, the first virtual switch forwards the packet to corresponding Business Processing according to this first kind stream rule
Plate, that is, in this case, this message does not need to be transmitted to service processing board through first interface plate again, but can be empty by first
Intend switch and service processing board is directly forwarded to by the external port of service processing board.
When the first virtual switch do not matched in first kind stream that itself stores rule according to this message corresponding
During first kind stream rule, the first virtual switch then needs for this message to be first transmitted to first interface plate, by first interface plate
This message is encapsulated as built-in message, and this built-in message is transmitted to corresponding service processing board by inner port.
The service processing board receiving this built-in message can obtain the outer of the first interface plate carrying in this built-in message
The MAC of portion's mouth(Media Access Control.Media access control)Address, and determine the external port with this first interface plate
Two layers up to this service processing board the first external port MAC Address, after the MAC Address getting this first external port,
Service processing board can be according to the MAC of the heading of the original message carrying in the built-in message receiving and this first external port
Address, generates corresponding first kind stream rule, includes for this original message of unique mark in this first kind stream rule
The identification information of corresponding data flow, and the MAC Address of this first external port.Service processing board generates first kind stream rule
Afterwards, this first kind stream rule is sent to the first virtual switch by the first external port.
After first virtual switch receives this first kind stream rule, store this first kind stream rule, and when after
The message with this first kind stream rule match is received in afterflow journey(The identification information comprising in this first kind stream rule
The subsequent packet of corresponding data flow)When, directly service processing board is transmitted to by this first external port, forwards effect to improve
Rate.
Preferably, in embodiments of the present invention, service processing board is generating first kind stream rule, and by this first kind
When type stream rule is sent to the first virtual switch by the first external port, service processing board can be simultaneously to the first virtual switch
Machine sends the time-out time of this first kind stream rule, so that the first virtual switch is in this first kind stream rule time-out,
Delete this first kind stream rule of itself storage.
Step 202, receive message when service processing board, and this message is carried out after operation layer process, this Business Processing
Plate inquires about the Second Type stream rule of itself storage according to the message that this is processed through operation layer, and ought match corresponding second
During type stream rule, this message processing through operation layer is forwarded from this corresponding external port of Second Type stream rule.
Specifically, in embodiments of the present invention, when service processing board receives message, this service processing board is first to this report
Literary composition carries out operation layer process, and after the completion of operation layer is processed, inquires about itself storage according to the message that this is processed through operation layer
Second Type stream rule, to determine the Second Type stream that mates of message processing with this that itself whether is stored with through operation layer
Rule.
When service processing board according to this through message that operation layer is processed regular in Second Type stream that itself store in
When being fitted on corresponding Second Type stream rule, the message that this is processed through operation layer by this service processing board is from this Second Type stream
The corresponding external port of rule forwards, and that is, in this case, the message that this is processed through operation layer does not need again through second interface
Plate forwards to outside, but can be forwarded by the external port portion of directing out by service processing board.
When service processing board according to this through message that operation layer is processed regular in Second Type stream that itself store in not
When matching corresponding Second Type stream rule, by this, the message after operation layer process is encapsulated as inside to this service processing board
Message, and corresponding second interface plate is transmitted to by inner port.
The second interface plate receiving this built-in message obtains the external port of the second interface plate carrying in this built-in message
MAC Address, and determine with two layers of the external port of this second interface plate up to service processing board the second external port MAC ground
Location.After the MAC Address determining this second external port, this second interface plate can be according to the above-mentioned warp carrying in this built-in message
Cross the MAC Address of the message after operation layer is processed and this second external port, generate corresponding Second Type stream rule, this Equations of The Second Kind
The identification information for this corresponding data flow of message after operation layer process of unique mark is comprised in type stream rule, and
The MAC Address of this second external port.After second interface plate generates Second Type stream rule, this Second Type stream rule is sent to
Corresponding service processing board.
After service processing board receives this Second Type stream rule, store this Second Type stream rule, and when after afterflow
The message with this Second Type stream rule match is received in journey(The identification information comprising in this Second Type stream rule corresponds to
Data flow subsequent packet)When, directly pass through the second external port and forward to outside, improve forward efficiency further.
Preferably, in embodiments of the present invention, second interface plate is generating Second Type stream rule, and by this Equations of The Second Kind
When type stream rule is sent to service processing board, this second interface plate can send this Second Type stream rule to service processing board simultaneously
Time-out time then, so that service processing board, in this Second Type stream rule time-out, deletes this Second Type of itself storage
Stream rule.
In order that those skilled in the art more fully understand technical scheme provided in an embodiment of the present invention, with reference to concrete
Application scenarios technical scheme provided in an embodiment of the present invention is described.
In this embodiment, so that virtual unit is for distributed virtual router as a example, the knot of this distributed virtual router
Structure schematic diagram may refer to Fig. 1.Wherein, VM1I/O plate shown in Fig. 1(First I/O plate)It is first interface plate, VM2FW plate is
Service processing board, VM3I/O plate(2nd I/O plate)For second interface plate;VSwitch1, vSwitch2, vSwitch3 are respectively
One virtual switch, the second virtual switch, the 3rd virtual switch, Physical NIC1 and Physical NIC2 are physics
Network interface card.
In this embodiment, the flow process that message forwards can be divided into data flow first packet flow process, and after same data flow
Continuous message flow process, is described separately below:
1st, data flow first packet flow process
a), the first virtual switch receive message from physical network card Physical NIC1, if this message is data
Stream first packet, then the first virtual switch will be regular less than the first kind stream of coupling for inquiry according to this message(VSwitch stream rule
Then), now, the first virtual machine switch, according to existing handling process, forwards the packet to an I/O plate;
b), after an I/O plate receives this message, according to forwarding strategy(Forwarding strategy can be the stream ginseng to this message
Number, such as source IP address, purpose IP address, source MAC, target MAC (Media Access Control) address etc., carry out HASH(Hash)Calculate)Find correspondence
FW plate(It is the VM2FW plate shown in Fig. 1 in this embodiment), this message is encapsulated as built-in message(This built-in message
Form can be:Add two layers of built-in message head before former message, target MAC (Media Access Control) address is the corresponding inner port of FW plate
MAC Address, source MAC is the MAC Address of the inner port of an I/O plate, the proprietary protocol that protocol number uses for built-in message
Number, protocol contents are the MAC Address of the external port that an I/O plate receives this message), and this built-in message is passed through an I/
The inner port of O plate is sent to corresponding FW plate via the second virtual switch;
c), after FW plate receives this built-in message, this message is parsed, gets the external port of an I/O plate
MAC Address, and the MAC Address of the external port according to an I/O plate, search and an I/O plate two layers of external port up to
The external port of FW plate(First external port)MAC Address, by the original message carrying in this built-in message(I.e. the first virtual switch
The message that machine receives)Generate corresponding vSwitch stream rule with the MAC Address of the first external port of the FW plate finding
Then, comprise the identification information for the corresponding data flow of this original message of unique mark in this vSwitch stream rule(As this data
The source IP address of stream, purpose IP address, source MAC, purpose IP address, the five-tuple of protocol number composition, but it is not limited to this,
Similarly hereinafter), and the MAC Address of the first external port of FW plate.This vSwitch rule is sent out by FW plate by the first external port of FW plate
Send corresponding virtual switch(I.e. the first virtual switch).Then message is removed after built-in message head, transfer at operation layer
Reason.Because this message is data flow first packet, therefore, FW plate will inquire about less than coupling the according to the message processing through operation layer
Two type stream rules(FW stream rule), now, after operation layer has been processed, the message processing through operation layer is sealed by FW plate again
Fill as built-in message(The form of built-in message can be to add two layers of built-in message before the message that operation layer is processed
Head, target MAC (Media Access Control) address is the MAC Address of the corresponding inner port of the 2nd I/O plate, and source MAC is the MAC of the inner port of FW plate
Address, the proprietary protocol number that protocol number uses for built-in message, protocol contents are the outgoing interface information of I/O plate), empty by second
Intend switch and be sent to the 2nd I/O plate;
c), after the 2nd I/O plate receives this built-in message, message is parsed, gets the outgoing interface of the 2nd I/O plate
(External port)Information, and two layers of the outgoing interface of the outgoing interface information searching according to the 2nd I/O plate and the 2nd I/O plate up to
The external port of FW plate(Second external port)MAC Address, by carry in this built-in message through operation layer process message and
The MAC Address of the second external port of the FW plate finding, generates a corresponding FW stream rule, comprise in this FW stream rule for
The identification information of the corresponding data flow of the above-mentioned message through operation layer process of unique mark, and the second external port of FW plate
MAC Address.This FW stream rule is sent to FW plate by inner port by the 2nd I/O plate, then removes the built-in message receiving
Built-in message head, and the message obtaining is passed through the outgoing interface parsing, via the 3rd virtual switch from Physical NIC2
Send.
2nd, same data flow subsequent packet flow process
a), the first virtual switch receive the message of Physical NIC1, itself storage is inquired about according to this message
VSwitch stream rule, the subsequent packet being above-mentioned data flow due to this message, therefore, the first virtual switch can be according to this
Message matches corresponding vSwitch stream rule it is possible to flow rule according to this vSwitch, this message is directly passed through FW plate
The first external port be sent to FW plate;
b), FW plate receive first virtual switch forward message after, analytic message, then this message is given business
Layer is processed, when operation layer has processed and needed to forward this through the message that operation layer is processed, according to this through operation layer process
Message inquires about the FW stream rule of itself storage, the subsequent packet being above-mentioned data flow due to this message, and therefore, FW can be according to this
The message processing through operation layer matches corresponding FW stream rule and will process through operation layer it is possible to flow rule according to this FW
Message directly pass through the second external port and forward to outside.
Through above-mentioned flow processing, in this embodiment, the schematic diagram that message forwards can be as shown in Figure 3.
By above description, in technical scheme provided in an embodiment of the present invention, when the first virtual switch receives
During to message, this first virtual switch inquires about the first kind stream rule of itself storage according to this message, and right when matching
During the first kind stream rule answered, this first message is transmitted to by corresponding service processing board according to this first kind stream rule;
When service processing board receives message, and this message is carried out after Business Processing, service processing board is according to this at operation layer
The message of reason inquires about the Second Type stream rule of itself storage, and when matching corresponding Second Type stream rule, by this warp
The message crossing operation layer process forwards from this corresponding external port of Second Type stream rule, improves virtual unit in virtual platform
On message forward efficiency.
As shown in figure 4, being a kind of structural representation of virtual unit provided in an embodiment of the present invention, this virtual unit includes
First interface plate 41, service processing board 42, second interface plate 43, the first virtual switch 44, the second virtual switch 45, and
3rd virtual switch 46, wherein, described first interface plate 41 is used for receiving external data, institute by the first virtual switch 44
State second interface plate 43 to turn to outside for the data after processing described service processing board 42 by the 3rd virtual switch 46
Send out, described second virtual switch 45 is used between described first interface plate 41, second interface plate 43 and service processing board 42
Internal data forwards, wherein:
Described first virtual switch 44 is used for, and inquires about the first kind of itself storage according to this message when receiving message
Type stream rule, and when matching corresponding first kind stream rule, according to this first kind stream rule, this first message is turned
Issue corresponding service processing board;
Described service processing board 42 is used for, and when receiving message, and this message is carried out after operation layer process, according to described
The message processing through operation layer inquires about the Second Type stream rule of itself storage, and advises when matching corresponding Second Type stream
When then, this message processing through operation layer is forwarded from this corresponding external port of Second Type stream rule.
Wherein, described first virtual switch 44 is additionally operable to, when the message that basis receives does not match corresponding first
During type stream rule, forward the packet to first interface plate, this message be encapsulated as by built-in message by described first interface plate,
And corresponding service processing board is transmitted to by inner port;
Described service processing board 42 is additionally operable to, and when receiving described built-in message, obtains in described built-in message and carries
The external port of first interface plate MAC address, and determine two layers of the external port with described first interface plate
Up to described service processing board the first external port MAC Address;According to the original message carrying in described built-in message
Heading and the MAC Address of described first external port, generate corresponding first kind stream rule, wrap in this first kind stream rule
Containing the identification information for the corresponding data flow of original message described in unique mark, and the MAC Address of described first external port;
This first kind stream rule is sent to described first virtual switch by described first external port, so that described first is virtual
Switch stores this first kind stream rule.
Wherein, described service processing board 42 is additionally operable to, and this first kind stream rule is being sent out by described first external port
When giving described first virtual switch, simultaneously to described first virtual switch send this first kind stream rule overtime when
Between, so that described first virtual switch, in this first kind stream rule time-out, deletes this first kind stream of itself storage
Rule.
Wherein, described service processing board 42 is additionally operable to, right when not matched according to the described message through operation layer process
During the Second Type stream rule answered, the message after the described process through operation layer is encapsulated as built-in message, and passes through inner port
It is transmitted to corresponding second interface plate;
Described second interface plate 43 is used for, and when receiving described built-in message, carries in the described built-in message of acquisition
The MAC address of the external port of second interface plate, and determine can with two layers of the external port of described second interface plate
The MAC Address of the second external port of the described service processing board reaching;According to carry in described built-in message described through business
Message after layer process and the MAC Address of described second external port, generate corresponding Second Type stream rule, this Second Type stream
The identification information for the corresponding data flow of message after operation layer process described in unique mark, Yi Jisuo is comprised in rule
State the MAC Address of the second external port;This Second Type stream rule is sent to described service processing board, so that described Business Processing
Plate stores this Second Type stream rule.
Wherein, described second interface plate 43 is additionally operable to, and this Second Type stream rule is being sent to described service processing board
When, send the time-out time of this Second Type stream rule to described service processing board, so that described service processing board is at this simultaneously
During Second Type stream rule time-out, delete this Second Type stream rule of itself storage.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can be by
Software adds the mode of necessary general hardware platform to realize naturally it is also possible to pass through hardware, but the former is more in many cases
Good embodiment.Based on such understanding, technical scheme substantially contributes to prior art in other words
Partly can be embodied in the form of software product, this computer software product is stored in a storage medium, if including
Dry instruction is with so that a station terminal equipment(Can be mobile phone, personal computer, server, or network equipment etc.)Execute basis
Invent the method described in each embodiment.
The above is only the preferred embodiment of the present invention it is noted that ordinary skill people for the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
Depending on protection scope of the present invention.
Claims (10)
1. a kind of message forwarding method, is applied to including first interface plate, service processing board, second interface plate, the first virtual friendship
Change planes, the second virtual switch, and the virtual unit of the 3rd virtual switch, described first interface plate is used for empty by first
Intend switch and receive external data, described second interface plate is used for processing described service processing board by the 3rd virtual switch
Data afterwards forwards to outside, and described second virtual switch is used for described first interface plate, second interface plate and Business Processing
Internal data between plate forwards it is characterised in that the method includes:
When the first virtual switch receives message, described first virtual switch inquires about the of itself storage according to this message
One type stream rule, and when matching corresponding first kind stream rule, according to this first kind stream rule, this message is turned
Issue corresponding service processing board;
When service processing board receives message, and this message is carried out after operation layer process, described service processing board is according to described
The message processing through operation layer inquires about the Second Type stream rule of itself storage, and advises when matching corresponding Second Type stream
When then, this message processing through operation layer is forwarded from this corresponding external port of Second Type stream rule.
2. the method for claim 1 is it is characterised in that the method also includes:
When described first virtual switch does not match corresponding first kind stream rule according to the message receiving, described the
One virtual switch forwards the packet to first interface plate, by described first interface plate, this message is encapsulated as built-in message,
And corresponding service processing board is transmitted to by inner port;
The service processing board receiving described built-in message obtains the external port of the first interface plate carrying in described built-in message
MAC address, and determine with two layers of the external port of described first interface plate up to this service processing board
The MAC Address of the first external port;
The heading according to the original message carrying in described built-in message for this service processing board and the MAC of described first external port
Address, generates corresponding first kind stream rule, comprises for original message described in unique mark in this first kind stream rule
The identification information of corresponding data flow, and the MAC Address of described first external port;
This first kind stream rule is sent to described first virtual switch by described first external port by this service processing board,
So that described first virtual switch stores this first kind stream rule.
3. method as claimed in claim 2 is it is characterised in that this first kind stream rule is passed through institute by described service processing board
When stating the first external port and being sent to described first virtual switch, described service processing board is simultaneously to described first virtual switch
Send the time-out time of this first kind stream rule, so that described first virtual switch is in this first kind stream rule time-out
When, delete this first kind stream rule of itself storage.
4. the method for claim 1 is it is characterised in that the method also includes:
When described service processing board does not match corresponding Second Type stream rule according to the described message through operation layer process
When, the message after the described process through operation layer is encapsulated as built-in message by described service processing board, and is forwarded by inner port
To corresponding second interface plate;
The second interface plate receiving described built-in message obtains the external port of the second interface plate carrying in described built-in message
MAC address, and determine with two layers of the external port of this second interface plate up to described service processing board
The MAC Address of the second external port;
This second interface plate is according to the message and described second after the described process through operation layer carrying in described built-in message
The MAC Address of external port, generates corresponding Second Type stream rule, comprises for unique mark institute in this Second Type stream rule
State the identification information of the corresponding data flow of message after operation layer is processed, and the MAC Address of described second external port;
This Second Type stream rule is sent to described service processing board by this second interface plate, so that the storage of described service processing board
This Second Type stream rule.
5. method as claimed in claim 4 is it is characterised in that this Second Type stream rule is sent to by described second interface plate
During described service processing board, described second interface plate sends the time-out of this Second Type stream rule simultaneously to described service processing board
Time, so that described service processing board, in this Second Type stream rule time-out, deletes this Second Type stream rule of itself storage
Then.
6. a kind of virtual unit, including first interface plate, service processing board, second interface plate, the first virtual switch, the second void
Intend switch, and the 3rd virtual switch, wherein, described first interface plate is used for receiving outside by the first virtual switch
Data, described second interface plate is used for the data after described service processing board is processed by the 3rd virtual switch and turns to outside
Send out, described second virtual switch is used for the internal data between described first interface plate, second interface plate and service processing board
Forward it is characterised in that
Described first virtual switch is used for, and inquires about the first kind stream rule of itself storage according to this message when receiving message
Then, and when matching corresponding first kind stream rule, forwarded the packet to corresponding according to this first kind stream rule
Service processing board;
Described service processing board is used for, and when receiving message, and this message is carried out after operation layer process, according to described through industry
The message that business layer is processed inquires about the Second Type stream rule of itself storage, and when matching corresponding Second Type stream rule,
This message processing through operation layer is forwarded from this corresponding external port of Second Type stream rule.
7. virtual unit as claimed in claim 6 it is characterised in that
Described first virtual switch is additionally operable to, regular when not matching corresponding first kind stream according to the message receiving
When, forward the packet to first interface plate, this message is encapsulated as by built-in message by described first interface plate, and by inside
Mouth is transmitted to corresponding service processing board;
Described service processing board is additionally operable to, and when receiving described built-in message, obtains first carrying in described built-in message
The MAC address of the external port of interface board, and determine with two layers of the external port of described first interface plate up to
The MAC Address of the first external port of described service processing board;Heading according to the original message carrying in described built-in message
With the MAC Address of described first external port, generate corresponding first kind stream rule, comprise in this first kind stream rule for
The identification information of the corresponding data flow of original message described in unique mark, and the MAC Address of described first external port;By this
One type stream rule is sent to described first virtual switch by described first external port, so that described first virtual switch
Store this first kind stream rule.
8. virtual unit as claimed in claim 7 it is characterised in that
Described service processing board is additionally operable to, and this first kind stream rule is being sent to described first by described first external port
During virtual switch, send the time-out time of this first kind stream rule to described first virtual switch simultaneously, so that described
First virtual switch, in this first kind stream rule time-out, deletes this first kind stream rule of itself storage.
9. virtual unit as claimed in claim 6 it is characterised in that
Described service processing board is additionally operable to, when not matching corresponding Second Type according to the described message through operation layer process
During stream rule, the message after the described process through operation layer is encapsulated as built-in message, and is transmitted to by inner port corresponding
Second interface plate;
Described second interface plate is used for, and when receiving described built-in message, obtains second carrying in described built-in message and connects
The MAC address of the external port of oralia, and determine with two layers of the external port of described second interface plate up to institute
State the MAC Address of the second external port of service processing board;According to carry in described built-in message described through operation layer process
Message afterwards and the MAC Address of described second external port, generate corresponding Second Type stream rule, in this Second Type stream rule
Comprise the identification information for the corresponding data flow of message after operation layer process described in unique mark, and described second
The MAC Address of external port;This Second Type stream rule is sent to described service processing board, so that the storage of described service processing board
This Second Type stream rule.
10. virtual unit as claimed in claim 9 it is characterised in that
Described second interface plate is additionally operable to, when this Second Type stream rule is sent to described service processing board, simultaneously to institute
State the time-out time that service processing board sends this Second Type stream rule, so that described service processing board is advised in this Second Type stream
Then during time-out, delete this Second Type stream rule of itself storage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410029683.3A CN103795622B (en) | 2014-01-22 | 2014-01-22 | Message forwarding method and device using same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410029683.3A CN103795622B (en) | 2014-01-22 | 2014-01-22 | Message forwarding method and device using same |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103795622A CN103795622A (en) | 2014-05-14 |
| CN103795622B true CN103795622B (en) | 2017-02-15 |
Family
ID=50670938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410029683.3A Active CN103795622B (en) | 2014-01-22 | 2014-01-22 | Message forwarding method and device using same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103795622B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10250529B2 (en) * | 2014-07-21 | 2019-04-02 | Big Switch Networks, Inc. | Systems and methods for performing logical network forwarding using a controller |
| CN104601467B (en) * | 2014-12-31 | 2018-03-13 | 华为技术有限公司 | A kind of method and apparatus for sending message |
| CN107147574B (en) * | 2016-03-01 | 2020-09-01 | 深信服科技股份有限公司 | Message forwarding method and system based on distributed virtual router |
| CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
| CN110011941B (en) * | 2019-03-18 | 2022-01-28 | 新华三信息安全技术有限公司 | Message forwarding method and device |
| CN110311868B (en) * | 2019-07-08 | 2021-09-21 | 新华三信息安全技术有限公司 | Service processing method, device, member equipment and machine-readable storage medium |
| CN111698177B (en) * | 2020-04-23 | 2022-10-21 | 新华三技术有限公司 | Message processing method and device |
| CN114079634B (en) * | 2020-08-21 | 2024-03-12 | 深圳市中兴微电子技术有限公司 | Message forwarding method and device and computer readable storage medium |
| CN113194020B (en) * | 2021-05-24 | 2022-09-09 | 臻乐尔科技服务(上海)有限公司 | Virtual network interaction method and virtual network architecture |
| CN113992592B (en) * | 2021-10-27 | 2023-11-17 | 锐捷网络股份有限公司 | Message forwarding method and device, port drainage system and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480410A (en) * | 2010-11-22 | 2012-05-30 | 杭州华三通信技术有限公司 | Single board for centralized business processing and virtualized resource dividing method |
| CN102752219A (en) * | 2012-07-18 | 2012-10-24 | 杭州华三通信技术有限公司 | Method for implementing virtual device (VD) interconnection and switching equipment |
| CN102946354A (en) * | 2012-11-15 | 2013-02-27 | 华为技术有限公司 | Message forwarding method and device and network equipment thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9525647B2 (en) * | 2010-07-06 | 2016-12-20 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
-
2014
- 2014-01-22 CN CN201410029683.3A patent/CN103795622B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480410A (en) * | 2010-11-22 | 2012-05-30 | 杭州华三通信技术有限公司 | Single board for centralized business processing and virtualized resource dividing method |
| CN102752219A (en) * | 2012-07-18 | 2012-10-24 | 杭州华三通信技术有限公司 | Method for implementing virtual device (VD) interconnection and switching equipment |
| CN102946354A (en) * | 2012-11-15 | 2013-02-27 | 华为技术有限公司 | Message forwarding method and device and network equipment thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103795622A (en) | 2014-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103795622B (en) | Message forwarding method and device using same | |
| US11929945B2 (en) | Managing network traffic in virtual switches based on logical port identifiers | |
| US9602307B2 (en) | Tagging virtual overlay packets in a virtual networking system | |
| CN104243265B (en) | A kind of gateway control method, apparatus and system based on virtual machine (vm) migration | |
| CN105681075B (en) | Network Management System based on mixing cloud platform | |
| CN104601432A (en) | Method and device for transmitting message | |
| CN105634956B (en) | A kind of message forwarding method, device and system | |
| CN109561108A (en) | Policy-based container network resource isolation control method | |
| CN105379206B (en) | Message processing method, forwarding device and message handling system in network | |
| CN104038401A (en) | Interoperability for distributed overlay virtual environments | |
| CN104780088A (en) | Service message transmission method and equipment | |
| CN105122936A (en) | Service allocation method and related device | |
| CN105282003B (en) | Establish the method and system and tunnel control device and virtual switch in tunnel | |
| CN104202351B (en) | Distributed virtual safety device and the repeater system based on stream using virtual machine | |
| CN106385354B (en) | Message forwarding method and device | |
| CN108270813A (en) | A kind of isomery multi-protocol stack method, apparatus and system | |
| CN1946061B (en) | Method and device for fast processing message | |
| CN104410541A (en) | Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch | |
| CN105162702A (en) | AC current guide method and device | |
| CN104811382A (en) | Data packet processing method and device | |
| CN104994022B (en) | A kind of method and business board of message transmissions | |
| CN109936492A (en) | A kind of methods, devices and systems by tunnel transmission message | |
| CN104683428A (en) | Network service processing method and device | |
| CN106506515A (en) | A kind of authentication method and device | |
| CN103905510A (en) | Processing method and background server for data package |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |