CN103873374B - Packet processing method and apparatus in virtualized system - Google Patents

Packet processing method and apparatus in virtualized system Download PDF

Info

Publication number
CN103873374B
CN103873374B CN 201410118957 CN201410118957A CN103873374B CN 103873374 B CN103873374 B CN 103873374B CN 201410118957 CN201410118957 CN 201410118957 CN 201410118957 A CN201410118957 A CN 201410118957A CN 103873374 B CN103873374 B CN 103873374B
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
vlan
packet
untag
corresponding
physical
Prior art date
Application number
CN 201410118957
Other languages
Chinese (zh)
Other versions
CN103873374A (en )
Inventor
刘新民
Original Assignee
新华三技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本申请公开了一种虚拟化系统中的报文处理方法及装置,其中,该方法中包括:vSwitch接收到VM通过该VM对应的一VF发来的UNTAG数据报文,其中,该UNTAG数据报文中没有携带该VM的VLAN ID;vSwitch根据该VF查找到对应的标记VLAN,将查找到的标记VLAN的VLAN ID添加到该UNTAG数据报文中,得到802.1Q报文;其中,VF与标记VLAN一一对应;vSwitch将携带有标记VLAN的VLAN ID的802.1Q报文发送给本物理服务器直连的接入交换机。 The present application discloses a packet processing method and apparatus in virtualized system, wherein the method comprises: vSwitch received via a VM VF sent UNTAG data corresponding to the VM packet, wherein the packet data UNTAG do not carry the VLAN ID of the VM; VF to the vSwitch lookup based on the corresponding VLAN tag, adding the searched VLAN ID of VLAN tag to the packet data UNTAG give 802.1Q packet; wherein, the tag VF VLAN correspondence; the vSwitch carrying the VLAN ID tag of 802.1Q VLAN packet to a physical server is directly connected to the present access switch. 本申请中可以使用普通网卡,即通用的SR‑IOV NIC作为PE,节省了成本,而且,互通性好,可以广泛应用。 This application can be used in an ordinary NIC, i.e., the SR-IOV NIC general as PE, cost savings, and, good interoperability, can be widely applied.

Description

虚拟化系统中的报文处理方法及装置 Packet processing method and apparatus in virtualized system

技术领域 FIELD

[0001] 本申请涉及虚拟化技术领域,特别涉及一种虚拟化系统中的报文处理方法及装置。 [0001] The present application relates to virtualization technology, and particularly relates to a message processing method and apparatus in virtualized system.

背景技术 Background technique

[0002] PE (Port Extender,端口扩展器)技术是通过PE为CB (Control Bridge,控制桥)提供端口扩展的作用,使得网络实现多级的扩展。 [0002] PE (Port Extender, port expander) technique is to provide a port expansion effect by PE is CB (Control Bridge, Bridge control), such that the multi-level network expansion.

[0003] 在现有的PE技术中,主要有802 . IQbg定义的Multichannel (多通道)/S-Channel (服务商通道)模式的PE、802 · IBR定义的PE以及Cisco (思科)VN-TAG (Virtual Network-TAG,虚拟网络标签)私有技术定义的PE。 [0003] In the prior art a PE, there are 802. PE IQbg defined Multichannel (multi-channel) / S-Channel (channel service providers) mode, 802 · IBR defined PE and the Cisco (Cisco) VN-TAG (virtual network-tAG, a virtual network tag) proprietary technical definition of PE. 下面对这三种方案分别加以介绍。 Below these three schemes to be introduced.

[0004] 1、802 · IQbg定义的Multichannel/S-Channel模式的PE [0004] PE Multichannel / S-Channel Mode defined 1,802 · IQbg

[0005] 在这种方案中,CB-PE架构中主要包括:物理服务器及其直连的物理交换机,该物理服务器中包括:虚拟机(VirtuaI Machine,VM)、与VM连接的VEB (Virtual Ethernet Bridge,虚拟以太网网桥)和/或VEPA(Virtual Ethernet Port Aggregator,虚拟以太网端口聚合器)、与VEB和/或VEPA连接的S-component (S组件);该物理交换机中包括:S-component。 [0005] In this embodiment, CB-PE architecture including: a physical server and its directly-connected physical switch, the physical servers comprises: a virtual machine (VirtuaI Machine, VM), and VEB (Virtual Ethernet VM connected Bridge, virtual Ethernet bridge) and / or VEPA (virtual Ethernet port aggregator, virtual Ethernet port aggregator), S-component (S component) is connected to VEB and / or of VEPA; the physical switch comprises: S- component. 物理服务器中的S-component与物理交换机中的S-component之间通过S-Channe 1连接。 S-Channe 1 connection between the S-component physical server S-component of the physical switch. 其中,物理交换机作为CB,物理服务器中的S-component+VEB或VEPA作为PE。 Wherein, as a physical switch CB, S-component physical server or VEPA + VEB as PE.

[0006] 在该种方案中,S-Channel转发的数据报文不是普通的数据报文,而是一种QinQ (堆叠VLAN (Stacked VLAN)或双层VLAN①oubIe VLAN))封装的数据报文,S卩,在这种数据报文中,在802. IQ中定义标准以太网报文的基础上又增加了1层VLAN标签。 [0006] In this kind of embodiment, S-Channel forwarded data packet is not an ordinary data packet, the QinQ but a (stacked VLAN (Stacked VLAN) or double VLAN①oubIe VLAN)) encapsulated data packet, S Jie, in which the data packets, based on criteria defined in the 802. IQ Ethernet packet on an added layer VLAN tag. 因此,存在以下问题:(1)要求PE支持QinQ数据报文的封装和转发,普通的网卡不能作为PE使用;(2)能够作为PE的网卡必须在硬件上支持QinQ封装和进行Tunnel (隧道)的终结功能,造价比较昂贵。 Accordingly, the following problems: (1) requires PE-QinQ data packet encapsulation and forwarding, Common card can not be used as a PE; (2) can be supported QinQ encapsulation hardware as the card PE and conduct Tunnel (tunnel) the termination function, cost is relatively expensive.

[0007] 2、802 .IBR 定义的PE [0007] 2,802 .IBR defined PE

[0008] 这种方案是一种硬件扩展。 [0008] This embodiment is a hardware extension. CB-PE架构中主要包括:扩展桥(Extended Bridge)和终端(End Station,也称为主机或服务器),扩展桥中包括:CB和外部PE (External Bridge PE),CB通过CB内部的内部PEdnternal Bridge PE)与外部PE连接,外部PE可以连接多个终端或外部PE。 CB-PE architecture mainly includes: expansion bridge (Extended Bridge) and the terminal (End Station, also referred to as a host or server), the expansion bridge comprising: CB and an outer PE (External Bridge PE), CB CB PEdnternal inside by an internal Bridge PE) PE is connected with an external, may be connected to a plurality of external terminals PE PE or external. 在该架构中,CB是CB-PE架构中唯一具备网络交换功能的设备,而PE并不具备独立网络功能。 In this architecture, CB CB-PE architecture is the only device provided with switching functions the network, but does not have PE network independent functions.

[0009] 在该种方案中,传输的数据报文在802. IQ中定义标准以太网报文的基础上又增加了一个6字节E-TAG字段,因此,存在以下问题:(1)要求PE支持包含有E-TAG字段的数据报文的封装和转发,普通的网卡不能作为PE使用;(2)能够作为TO的网卡必须在硬件上支持E-TAG封装和进行Tunnel的终结功能,造价比较昂贵。 [0009] In this kind of embodiment, the data packet transmission on the basis of criteria defined in the 802. IQ Ethernet packet on the addition of a 6-byte field E-TAG, therefore, the following problems: (1) requirements PE-backed with data packets E-TAG field of the encapsulating and forwarding, Common card can not be used as a PE; (2) can be used as tO NIC must support the E-TAG encapsulation and for termination function Tunnel in hardware, cost more expensive.

[0010] 3、Cisco VN-TAG私有技术定义的PE [0010] 3, Cisco VN-TAG proprietary technology defined PE

[0011] 这种方案是一种硬件扩展。 [0011] This embodiment is a hardware extension. CB-PE架构中主要包括:物理交换机和物理服务器,每一个服务器上有一个NIC(网络接口卡),一个交换机连接多个NIC。 CB-PE architecture include: physical switches and physical server, a NIC (Network Interface Card) on each server, a switch connecting the plurality of NIC. 其中,物理交换机作为CB,NI C作为PE。 Wherein, as a physical switch CB, NI C as PE.

[0012] 在该种方案中,传输的数据报文在802. IQ中定义标准以太网报文的基础上又增加了一个4字节VN-TAG字段,因此,存在以下问题:(1)要求PE支持包含有VN-TAG字段的数据报文的封装和转发,普通的网卡不能作为PE使用;(2)能够作为PE的网卡必须在硬件上支持VN-TAG封装和进行Tunnel的终结功能,造价比较昂贵。 [0012] In this kind of embodiment, the data packet transmission on the basis of criteria defined in the 802. IQ Ethernet packet on the addition of a 4-byte field VN-TAG, therefore, the following problems: (1) requirements PE-backed with data packets VN-TAG field of the encapsulating and forwarding, Common card can not be used as a PE; (2) can be supported VN-TAG packaged on the hardware as the card PE and perform termination function Tunnel, the cost more expensive.

[0013] 综上,现有技术的PE实现方案中,由于传输的数据报文都是特殊修改的数据报文, 即,在802. IQ中定义的报文基础上又增加了特殊字段,例如,增加了一层VLAN标签的QinQ报文、增加了E-TAG字段的数据报文、增加了VN-TAG字段的数据报文,因此,都不能使用普通网卡作为PE,而需要使用特殊的硬件网卡作为PE,不仅造价高昂,而且,互通性差,不能广泛应用。 [0013] In summary, PE implementations the prior art, since the data packets are transmitted to modify particular data packet, i.e., the base 802. IQ packet defined on the addition of special fields, e.g. , increasing the packet a VLAN QinQ tag, increased E-tAG packet data fields, increasing the VN-tAG packet data fields, and therefore, the card can not be used as an ordinary PE, and requires special hardware NIC as PE, is not only very expensive, but, poor interoperability can not be widely used.

发明内容 SUMMARY

[0014] 本申请提供了一种虚拟化系统中的报文处理方法及装置,旨在解决现有技术中存在的需要使用特殊的硬件网卡作为PE,从而造价高昂,互通性差,不能广泛应用的问题。 [0014] The present application provides a message processing method and apparatus in virtualized system, to solve the prior art requires the use of special hardware card as PE, so that high cost, interoperability difference, not widely problem.

[0015] 本申请的技术方案如下: [0015] aspect of the present application is as follows:

[0016] 一方面,提供了一种虚拟化系统中的报文处理方法,该虚拟化系统中包括:物理服务器及其直连的物理的接入交换机;物理服务器中包括:SR-IOV NIC和至少一个VM,SR-IOV NIC中包括vSwitch和至少一个NIC的VF,VM通过VF连接至vSwitch;该方法包括: [0016] In one aspect, there is provided a packet processing method of a virtualization system, the virtualization system comprising: a physical direct physical server and its access switch; physical server comprising: SR-IOV NIC and at least one VM, SR-IOV NIC includes at least one vSwitch and the NIC VF, VM is connected to the vSwitch through the VF; the method comprising:

[0017] vSwitCh接收到VM通过该VM对应的一VF发来的UNTAG数据报文,其中,该UNTAG数据报文中没有携带该VM的VLAN ID; [0017] vSwitCh received by the VM corresponding VM VF sent UNTAG a data packet, wherein the packet data UNTAG the VM does not carry the VLAN ID;

[0018] vSwitch根据该VF查找到对应的标记VLAN,将查找到的标记VLAN的VLAN ID添加到该UNTAG数据报文中,得到802. IQ报文;其中,VF与标记VLAN——对应; [0018] vSwitch based on the VF finds the corresponding VLAN tag, the VLAN tag added to the look of the UNTAG VLAN ID to the data packet, to give 802. IQ packet; wherein, VLAN-- VF corresponding to the mark;

[0019] vSwitch将携带有标记VLAN的VLAN ID的802. IQ报文发送给本物理服务器直连的接入交换机。 [0019] vSwitch carrying the VLAN ID of VLAN tag 802. IQ packet to the physical servers directly connected to the present access switches.

[0020] 另一方面,还提供了一种虚拟化系统中的报文处理方法,该虚拟化系统中包括:物理服务器及其直连的物理的接入交换机;接入交换机用于连接物理服务器的物理端口上包括至少一个VPort;接入交换机还与其它物理交换机直连,接入交换机用于连接其它物理交换机的物理端口上包括至少一个vPort;该方法包括: [0020] On the other hand, also provides a packet processing method of a virtualization system, the virtualization system comprising: a physical direct physical server and its access switch; physical access switch to connect the server the at least one physical port includes the vPort; access switch further directly connected with other physical switches, access switches connected to the other physical switch comprises at least one physical port vPort; the method comprising:

[0021] 接入交换机接收到特定报文;其中,接收到的特定报文是直连的物理服务器或其它物理交换机发来的802. IQ报文,或是直连的其它物理交换机发来的隧道报文; [0021] The access switch receiving a particular message; wherein the specific message is received directly connected to the physical servers or other physical switch 802. IQ sent packets, or other physical switches directly connected sent tunnel packet;

[0022] 当该特定报文是802. IQ报文时,接入交换机去除该802. IQ报文中携带的VLAN ID 得至IjUNTAG数据报文,根据该VLAN ID查找到对应的vPort,根据该vPort查找到对应的VNI; 当该特定报文是隧道报文时,接入交换机去除该隧道报文中的overlay隧道的源IP地址和目的IP地址、VNI和VLAN ID,得到UNTAG数据报文; [0022] When the specific message is 802. IQ packet, removing the access switch 802. IQ packet VLAN ID carried in the data packets have to IjUNTAG, finds the corresponding vPort based on the VLAN ID, according to this vPort finds the corresponding VNI; when the particular packet is a tunnel packet, the access source IP address and remove the switch destination IP address, and VLAN ID overlay VNI tunnel the tunnel packet, the data packet to obtain UNTAG;

[0023] 若得到的UNTAG数据报文是单播报文,则接入交换机根据该VNI和该UNTAG数据报文的目的MAC地址,从本地的MAC转发表中查找到一个出接口信息;根据该出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到该UNTAG数据报文中发送出去; [0023] If the data packet obtained UNTAG unicast packet, the access switch based on the destination MAC address and the VNI UNTAG data packets from the local lookup table to a MAC forwarding the interface information; the basis of the obtaining interface information corresponding to the VLAN, the VLAN corresponding to the VLAN ID is added to the UNTAG sent the data packet;

[0024] 其中,对应VLAN是标记VLAN或业务VLAN。 [0024] wherein, the corresponding VLAN is the VLAN tag VLAN or business.

[0025] 又一方面,还提供了一种虚拟化系统中的报文处理装置,该虚拟化系统中包括:物理服务器及其直连的物理的接入交换机;物理服务器中包括:SR-IOV NIC和至少一个VM, SR-IOV NIC中包括vSwitch和至少一个NIC的VF,VM通过VF连接至vSwitch;该装置应用于vSwitch中,该装置包括: [0025] In yet another aspect, also provides a packet processing apparatus in the virtual system, the virtualization system comprising: a physical direct physical server and its access switch; physical server comprising: SR-IOV and at least one NIC VM, SR-IOV NIC includes at least one vSwitch and the NIC VF, VM is connected to the vSwitch through the VF; vSwitch applied to the apparatus, the apparatus comprising:

[0026] 接收模块,用于接收VM通过该VM对应的一VF发来的UNTAG数据报文,其中,该UNTAG 数据报文中没有携带该VM的VLAN ID; [0026] a receiving module, for receiving the VM corresponding VM by a VF UNTAG sent data packet, wherein the packet data UNTAG the VM does not carry the VLAN ID;

[0027] 查找模块,用于在接收模块接收到VM通过该VM对应的一VF发来的UNTAG数据报文之后,根据该VF查找到对应的标记VLAN; After [0027] searching module, configured to receiving module receives the VM corresponding VM by a VF UNTAG sent data packets, finds the corresponding VLAN tag based on the VF;

[0028] 处理模块,用于将查找模块查找到的标记VLAN的VLAN ID添加到接收模块接收到的UNTAG数据报文中,得到802. IQ报文;其中,VF与标记VLAN——对应; [0028] Processing module, the searching module is used to find the VLAN ID of the VLAN tag added to the receiving module receives the data packets UNTAG give 802. IQ packet; wherein, the VF VLAN-- corresponding to the mark;

[0029] 发送模块,用于将处理模块得到的携带有标记VLAN的VLAN ID的802. IQ报文,发送给本物理服务器直连的接入交换机。 [0029] transmitting means for carrying the VLAN ID of VLAN tag 802. IQ packets obtained by the processing module, sent to the server directly connected to this physical access switches.

[0030] 又一方面,还提供了一种虚拟化系统中的报文处理装置,该虚拟化系统中包括:物理服务器及其直连的物理的接入交换机;接入交换机用于连接物理服务器的物理端口上包括至少一个VPort;接入交换机还与其它物理交换机直连,接入交换机用于连接其它物理交换机的物理端口上包括至少一个vPort;该装置应用于接入交换机中,该装置包括: [0030] In yet another aspect, also provides a packet processing apparatus in the virtual system, the virtualization system comprising: a physical direct physical server and its access switch; physical access switch to connect the server the at least one physical port includes the vPort; access switch further directly connected with other physical switches, access switches to another physical port on the physical connection comprises at least one switch vPort; means applied to the access switch, the apparatus comprising :

[0031] 接收模块,用于接收特定报文;其中,接收到的特定报文是直连的物理服务器或其它物理交换机发来的802. IQ报文,或是直连的其它物理交换机发来的隧道报文; [0031] a receiving module, configured to receive a specific message; wherein the specific message is received direct physical server or other physical switches sent 802. IQ packet, or other physical switches directly connected sent the tunnel packet;

[0032] 去除模块,用于当接收模块接收到的特定报文是802. IQ报文时,去除该802. IQ报文中携带的VLAN ID得到UNTAG数据报文;还用于当接收模块接收到的特定报文是隧道报文时,去除该隧道报文中的overlay隧道的源IP地址和目的IP地址、VNI和VLAN ID,得到UNTAG 数据报文; [0032] When removing module, the receiving module configured to, when a particular message is received 802. IQ packet, removing the 802. IQ packet carried VLAN ID obtained UNTAG data packet; receiving module further configured to, when receiving the particular packet is a tunnel packet, removing the source IP address and destination IP address, and VLAN ID overlay VNI tunnel packet of the tunnel to give UNTAG data packet;

[0033] 查找模块,用于当接收模块接收到的特定报文是802. IQ报文时,根据该802. IQ报文中携带的VLAN ID查找到对应的vPort,根据该vPort查找到对应的VNI;还用于若去除模块得到的UNTAG数据报文是单播报文,则根据该VNI和该UNTAG数据报文的目的MAC地址,从本地的MAC转发表中查找到一个出接口信息; [0033] The searching module, the receiving module configured to, when a particular message is received 802. IQ packet, finds the corresponding vPort according to the 802. IQ VLAN ID carried in the message, finds the corresponding basis of the vPort VNI; UNTAG further configured to remove a data packet if the module is obtained unicast packet according to the destination MAC address and the VNI UNTAG the data packets from the local lookup table to a MAC forwarding the interface information;

[0034] 添加发送模块,用于若去除模块得到的UNTAG数据报文是单播报文,则根据查找模块从MAC转发表中查找到的出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到去除模块得到的UNTAG数据报文中发送出去; [0034] adding a sending module, configured to, if the data packet is removed UNTAG module obtained unicast packet, obtaining the VLAN according to the search module searches the MAC forwarding table to the interface information, add the VLAN ID of the VLAN to remove packets sent UNTAG module obtained;

[0035] 其中,对应VLAN是标记VLAN或业务VLAN。 [0035] wherein, the corresponding VLAN is the VLAN tag VLAN or business.

[0036] 本申请的以上技术方案中,提供了一种新的虚拟化系统,该系统中包括:物理服务器和接入交换机。 [0036] The present disclosure above aspect, there is provided a new virtualization system, the system comprising: an access server and a physical switch. 物理服务器中包括:至少一个VM和采用SR-IOV技术的网卡,称为SR-IOV NIC,该SR-IOV NIC中包括L2vSwitch和多个VF;其中,VF与标记VLAN——对应;VM中安装有VF驱动,VM对应于至少一个VF。 Physical server comprising: at least one VM and SR-IOV NIC using the technology known as SR-IOV the NIC, the NIC in the SR-IOV L2vSwitch and comprises a plurality of the VF; wherein, the VF corresponding to the mark VLAN--; VM installed there VF drive, VM corresponding to the at least one VF. 接入交换机用于连接物理服务器(具体为连接SR-IOV NIC) 的物理端口上包括多个虚拟端口vPort,这些vPort与标记VLAN--对应;而且,接入交换机还与其它物理交换机直连,接入交换机用于连接其它物理交换机的物理端口上包括多个vPort,这些vPort与该其它物理交换机上的业务VLAN——对应;另外,交换机上还配置有多个VNI,vPort与VNI具有绑定关系。 Comprising a plurality of virtual ports on physical ports vPort access switch for connecting a physical server (specifically connected SR-IOV NIC), which vPort corresponding to the mark VLAN--; Further, the access switch is also directly connected with other physical switches, for connecting the access switch comprises a plurality of physical ports on vPort other physical switches, which corresponds to the service VLAN-- vPort on the other physical switch; in addition, further switches are arranged on a plurality of VNI, and VNI has a binding vPort relationship.

[0037] 在上述系统中,利用网卡虚拟化SR-IOV技术,将SR-IOV NIC作为PE,将接入交换机作为CB,构成了接入交换机+SR-IOV NIC组成的CB-PE架构。 [0037] In the above system, the use of SR-IOV NIC virtualization technology, the SR-IOV the NIC as PE, the access switch as CB, CB-PE constituting the access switch architecture + SR-IOV NIC thereof.

[0038] VM发出的不携带VLAN ID的UNTAG数据报文,会通过一VF到达L2vSwitch, L2vSwitch接收到该UNTAG数据报文后,根据该VF查找到对应的标记VLAN,将查找到的标记VLAN的VLAN ID添加到该UNTAG数据报文中,得到802. IQ报文,最后将该802. IQ报文发送给接入交换机。 [0038] does not carry a VLAN ID UNTAG packets VM sent, it arrives after L2vSwitch, L2vSwitch receiving the UNTAG data packet, to find the basis of the VF to a corresponding tagged VLAN, the found tagged VLAN by a VF UNTAG VLAN ID is added to the data packet, to give 802. IQ packet, the last transmission 802. IQ packet to the access switch. 从而,作为PE的SR-IOV NIC发出的报文是标准的802. IQ报文,没有增加任何特殊字段。 Thus, the packet as SR-IOV NIC PE standard is issued 802. IQ packet, without adding any special fields. 同样,作为CB的接入交换机发给作为PE的SR-IOV NIC的报文也是标准的802. IQ报文。 Similarly, as the access switch CB is sent to the PE as SR-IOV NIC is the standard message 802. IQ packet. 从而,PE收发的报文是标准的802. IQ报文,可以使用普通网卡,即通用的SR-IOV NIC作为PE,节省了成本,而且,互通性好,可以广泛应用。 Thus, PE and received message is a standard packet 802. IQ, ordinary card may be used, i.e. common SR-IOV NIC as PE, cost savings, and, good interoperability, can be widely applied.

附图说明 BRIEF DESCRIPTION

[0039] 图1是本申请一实施例的虚拟化系统的结构示意图; [0039] FIG. 1 is a schematic view of the present application virtualization system according to an embodiment;

[0040] 图2是本申请一实施例的缺省配置过程的流程图; [0040] FIG 2 is a flowchart of the present application example of the default configuration of an embodiment;

[0041] 图3是本申请一实施例的针对实际业务的配置过程的流程图; [0041] FIG. 3 is a flowchart of the configuration procedure for the actual business application to an embodiment of the present;

[0042] 图4是本申请一实施例的VM发出的报文的处理流程图; [0042] FIG. 4 is a process flow diagram of the present application packets sent to an embodiment of the VM embodiment;

[0043] 图5是本申请一实施例的接入交换机接收到普通交换机发来的报文时的处理流程图; [0043] FIG. 5 is an embodiment of the present application embodiment of an access switch receiving a processing flowchart when the common packet sent by the switch;

[0044] 图6是本申请一实施例的物理服务器接收到接入交换机发来的报文时的处理流程图; [0044] FIG 6 is a flowchart of processing according to the present application example of the physical server receives an access message sent by the switch to an embodiment;

[0045] 图7是本申请另一实施例的虚拟化系统中的物理服务器的简化示意图; [0045] FIG. 7 is a simplified schematic diagram of the present application virtualization system according to the physical server to another embodiment;

[0046] 图8是本申请另一实施例的虚拟化系统中接入交换机连接如图7所示的物理服务器和普通交换机的示意图; [0046] FIG. 8 of the present application is a virtualization system according to the schematic physical server access switch 7 and normal switch shown in FIG connected to another embodiment;

[0047] 图9是本申请又一实施例的应用于SR-IOV NIC中的vSwitch中的报文处理装置的结构示意图; [0047] FIG. 9 is a schematic view of the present application means the structure of a packet processing SR-IOV NIC vSwitch applied in still another embodiment;

[0048] 图10是本申请又一实施例的应用于接入交换机中的报文处理装置的结构示意图。 [0048] FIG. 10 is a schematic view of the present application packet processing apparatus applicable to an access switch in another embodiment.

具体实施方式 detailed description

[0049] 为了解决现有技术中存在的需要使用特殊的硬件网卡作为PE,从而造价高昂,互通性差,不能广泛应用的问题,本申请实施例中提供了一种虚拟化系统中的报文处理方法及装置。 Problems [0049] In order to solve the prior art requires the use of special hardware card as PE, so that high cost, interoperability difference can not be widely used in the embodiment is provided for a virtual packet processing system in the embodiment of the present application method and apparatus.

[0050] 本申请实施例应用于如图1所示的虚拟化系统中,该虚拟化系统形成了CB-I3E架构。 [0050] Example embodiments of the present application is applied to the virtualization system shown in FIG. 1, the virtualization system is formed CB-I3E architecture. 在该系统中主要包括:物理服务器及其直连的物理的接入交换机。 In this system includes: a physical server and its direct physical access switch. 下面对物理服务器和接入交换机的结构加以介绍。 The following description of the physical servers, and be access switch structure.

[0051] 1、物理服务器 [0051] 1, the physical server

[0052] 物理服务器上安装有普通的SR-IOV(Single Root IO Virtualization,单根IO虚拟化)网络接口卡(Network Interface Card,NIC),而且在物理服务器上运行虚拟化软件层Hypervisor ,Hypervisor也可称为虚拟机管理软件(VMM) ,Hypervisor例如可以是VMffare ESXi (VMware公司出品的ESXI虚拟机软件),也可以是KVM (Kernel-based Virtual Machine,基于内核的虚拟机)等。 Mounted on the [0052] physical server has Common SR-IOV (Single Root IO Virtualization, a single IO Virtualization) network interface card (Network Interface Card, NIC), and running virtualization software layer Hypervisor on a physical server, Hypervisor also software can be called a virtual machine management (VMM), Hypervisor for example, can be VMffare ESXi (VMware company produced ESXI virtual machine software), it can also be a KVM (kernel-based virtual machine, kernel-based virtual machine) and so on. 另外,在物理服务器上还包括:多个虚拟机(Virtual Machine,VM)。 Further, on a physical server further comprising: a plurality of virtual machines (Virtual Machine, VM).

[0053] 对VM、Hypervisor和SR-IOV NIC说明如下: [0053] The VM, Hypervisor and SR-IOV NIC follows:

[0054] (1)作为PE的SR-IOV NIC [0054] (1) as a SR-IOV NIC PE

[0055] SR-IOV NIC就是采用了SR-IOV技术的网络接口卡,SR-IOV NIC连接物理服务器外部的接入交换机。 [0055] SR-IOV NIC using the SR-IOV is a network interface card technology, SR-IOV NIC physical connection to an external server access switch.

[0056] 其中,SR-IOV技术是一种不需要虚拟化软件模拟就可以共享l/0(lnput/0utput, 输入/输出)设备的I/O端口的物理功能的方法。 [0056] wherein, SR-IOV virtualization technology is a software simulation does not need to l / 0 (lnput / 0utput, input / output) device I O port method physical function / can be shared. 这个过程创造了一系列I/O设备物理端口的虚拟功能。 This process created a series of I / O virtual function of a physical port device. 每个虚拟功能都被直接分配到一个虚拟机,因此实现了接近本机的性能。 Each virtual functions are assigned directly to a virtual machine, thus achieving a near-native performance. 总的来说,SR-IOV实现了将PCI (Peripheral Component Interconnection,外设组件互连标准)功能分配到多个虚拟接口以在虚拟化环境中共享一个PCI设备的资源。 In general, SR-IOV implements a PCI device to share the resources in a virtual environment interface PCI (Peripheral Component Interconnection, Peripheral Component Interconnect) assigned to a plurality of virtual functions. SR-IOV能够让网络传输绕过虚拟化软件模拟层,直接分配到虚拟机。 SR-IOV enables network traffic to bypass analog virtualization software layer, directly assigned to the virtual machine. 这样就降低了虚拟化软件模拟层中的I/O开销。 This reduces I / O overhead of virtualization software emulation layer. SR-IOV技术的目标是在绕过虚拟机参与数据迀移过程中实施标准化,为每个虚拟机提供独立内存空间、中断和Direct Memory Access (DMA)流。 Target SR-IOV technology involved in the virtual machine is in bypass Gan shift data standardization process, separate memory space for each virtual machine, interrupts, and Direct Memory Access (DMA) stream. SR-IOV架构的设计允许一个1/0 设备支持多个虚拟功能,同时将每个功能的硬件成本降至最低。 SR-IOV architecture is designed to allow a 1/0 devices support multiple virtual functions, while the hardware cost of each function to a minimum. SR-IOV引入了两个新的功能类型: SR-IOV introduces two new types of functions:

[0057] >_物理功能(Physical Functions,PFs):这是一些支持SR-I0V扩展功能的PCIe功能,被用于配置和管理SR-IOV功能特性; [0057]> _ physical functions (Physical Functions, PFs): These are supporting extensions of SR-I0V PCIe functions, is used to configure and manage the SR-IOV characteristic function;

[0058] >虚拟功能(Virtual Functions,VFs):这是一些“精简”的PCIe功能,包括数据迀移必需的资源,以及经过谨慎精简的配置资源集。 [0058]> virtual function (Virtual Functions, VFs): This is some "streamlining" of PCIe functions, including data Gan shift necessary resources, and through careful allocation of resources streamlined set.

[0059] 由此,SR-IOV NIC中包括:PF和多个VF,其中,PF用于对SR-IOV NIC进行管理和配置。 [0059] Thus, SR-IOV NIC comprises: PF and a plurality of VF, wherein, PF SR-IOV NIC for management and configuration. 在实际实施过程中,一个SR-IOV NIC中的VF的最大数量是4094,每一个VF具有一个唯一的ID (标识),例如,编号。 In the actual implementation, an SR-IOV NIC the maximum number is 4094 VF, VF each having a unique ID (identification), e.g., numbers.

[0060] 另外,在SR-IOV NIC中集成了一个L2(二层)功能的VSwitch (虚拟交换机),该L2vSwitch具备基本的二层交换功能。 [0060] Further, an integrated L2 VSwitch (Layer) function (virtual switch) in a SR-IOV NIC, the L2vSwitch with basic L2 switching. VF与该L2vSwitch直连,VF相当于该L2vSwitch上的端□ 〇 Direct VF, VF corresponding to the edge on the square □ L2vSwitch the L2vSwitch

[0061] (2) Hypervisor [0061] (2) Hypervisor

[0062] Hypervi sor 中包括:vSwi tch和PCI管理器,另外,Hypervi sor上安装有SR-IOV NIC 的驱动程序:PF驱动。 [0062] Hypervi sor comprises: vSwi tch PCI manager and, in addition, the driver is installed on the SR-IOV NIC Hypervi sor: PF drive.

[0063] 其中,该vSwitch在本申请实施例中不参与报文的转发处理流程;PCI管理器用于对SR-IOV NIC中的PCI总线进行配置和管理。 [0063] wherein, in the present application vSwitch forwarding is not involved in the processing flow of packets embodiment; PCI manager for the SR-IOV NIC to configure and manage the PCI bus.

[0064] (3) VM [0064] (3) VM

[0065] VM是指通过软件模拟+硬件辅助虚拟化的具有完整硬件系统功能的、运行在一个完全隔离环境中的完整计算机系统。 [0065] VM + means software simulation of hardware assisted virtualization function with a complete hardware system, a complete computer system running a completely isolated environment through. 通过VM软件,可以在一台物理计算机上模拟出另一台或多台虚拟的计算机(即VM),这些VM完全就像真正的计算机那样进行工作,例如:可以安装操作系统、安装应用程序、访问网络资源等。 By VM software can be simulated on a single physical computer another or more virtual computers (ie VM), VM exactly like these to work as a real computer, for example: You can install the operating system, installed applications, access to network resources. 从用户的角度来看,VM只是运行在用户的物理计算机上的一个应用程序,但是对于在VM中运行的应用程序而言,该应用程序就像是在真正的计算机中进行工作。 From the user's point of view, VM just to run an application on a physical computer user, but for applications running in the VM, the application is like to work in a real computer.

[0066] VM运行在Hypervisor上。 [0066] VM running on the Hypervisor. 每一个VM将SR-IOV NIC中的VF识别为普通的PCIe (Peripheral Component Interface Express,快速外设组件互连标准)设备,因此,通过在每一个VM上安装VF驱动,每一个VM可以直接挂接到对应的VF上,从而旁路了Hypervi sor中的vSwitch,即,VM会将报文直接发送给对应的VF,而不会发送给Hypervisor中的vSwitch。 Identifying each VM VF SR-IOV NIC is in a normal PCIe (Peripheral Component Interface Express, a Peripheral Component Interconnect) devices, and therefore, by mounting on each of a VF drive VM, each VM can be directly linked to to the corresponding VF, thereby bypassing the Hypervi sor vSwitch, i.e., VM packets will be sent directly to the corresponding VF, it is not sent to the Hypervisor vSwitch. [0067] 在实际实施过程中,每一个VM具有一个唯一的ID(标识),例如,编号。 [0067] In an actual implementation, each VM having a unique ID (identification), e.g., numbers.

[0068] 2、作为CB的接入交换机 [0068] 2, the access switch as CB

[0069] 接入交换机支持虚拟化网络技术,以VNI (Virtual Network Identity,虚拟化网络标识)标识虚拟化网络。 [0069] Access network switch supports virtualization technology to VNI (Virtual Network Identity, virtual network identifier) ​​to identify the virtual network. 其中,VNI是在交换机中针对网络的一种标识,可以是VLAN (Virtual Local Area Network,虚拟局域网)信息,也可以是VPN(Virtual Private Network,虚拟专用网)信息,并且VLAN可以映射到VNI,VPN也可以映射到VNIJNI占用的长度可以是12个比特,也可以是24个比特,视交换机的支持能力而定。 Which, VNI is in the switch for a way to identify the network, which can be VLAN (Virtual Local Area Network, VLAN) information, may also be a VPN (Virtual Private Network, virtual private network) information, and VLAN can be mapped to VNI, VPN can be mapped to VNIJNI occupied length may be 12 bits, or 24 bits, depending on the ability to support the switch may be.

[0070] 接入交换机上的一部分物理端口连接物理服务器,一部分物理端口连接网络中的其它物理交换机(称为普通交换机),其中,接入交换机上的一个物理端口连接一个物理服务器的SR-IOV NIC,或连接一个普通交换机。 [0070] a portion of a physical port on the physical server access switch, a part of the physical port connected to the other physical switch network (referred to as a common switch), wherein a physical port on a physical server access switch SR-IOV NIC, or connected to a common switch.

[0071] 在接入交换机用于连接SR-IOV NIC的一个物理端口上,可以配置多个虚拟端口vPort,该物理端口上的vPort总数与对端的SR-IOV NIC上的VF总数相同。 [0071] In the access switch for connecting a physical port on SR-IOV NIC may configure multiple virtual ports vPort, the total number of the total number VF vPort end of the SR-IOV NIC on the same physical port. 即,该物理端口上的vPort总数等于该物理端口连接的SR-IOV NIC上的VF总数。 That is, the total number of vPort equals the total number of the physical port on the VF SR-IOV NIC physical port.

[0072] 基于如图1所示的系统架构,本申请实施例中的方法包括以下部分: [0072] Based on system architecture shown in FIG. 1, application of the present embodiment, the method comprises the following parts:

[0073] (1)系统配置过程 [0073] (1) System configuration

[0074] 系统配置过程可以包括:缺省配置过程和针对实际业务的配置过程。 [0074] The system configuration procedure may comprise: a default configuration procedures and processes for actual business. 其中,缺省配置是指在部署本申请实施例的虚拟化系统时,所有物理服务器和接入交换机都需要进行的相同的配置,即,所有物理服务器都需要进行步骤S102和步骤S104的配置,所有接入交换机都需要进行步骤S106-步骤SllO的配置;缺省配置主要是配置VF、标记VLAN、与接入交换机用于连接物理服务器的物理端口上的vPort之间的映射关系的配置,缺省配置与实际业务数据流的业务属性无关。 Wherein, referring to the same default configuration when deployed configuration of the present application virtualization system in this embodiment, all of the physical servers and the access switch is required, i.e., all the physical servers require configuration steps S102 and S104, and All access switches need to be disposed of step S106- step SllO; default configuration the VF is mainly configured, the VLAN tag, the configuration of the mapping relationship between the physical port vPort physical server access switch for missing Province configuration has nothing to do with the actual business service attribute data stream. 而针对实际业务的配置涉及到实际应用场景中用户的业务数据流的业务属性,如VNI对于不同用户是不一样的。 Configured for actual business practice related to the service attributes of the scene the user service data stream, such as a VNI for different users is not the same.

[0075] 如图2所示,在缺省配置过程中,包括以下步骤: [0075] 2, in the default configuration, comprising the steps of:

[0076] 步骤S102,在SR-IOV NIC中的L2vSwitch上建立VM与VF之间的对应关系; [0076] step S102, a correspondence relationship between a VM and VF on the NIC L2vSwitch SR-IOV;

[0077] 其中,允许一个VM对应于一个或多个VF,但不允许一个VF对应于多个VM。 [0077] wherein, allows a VM corresponding to one or more of VF, VF but not corresponding to a plurality of VM.

[0078] 步骤S104,在SR-IOV NIC中的L2vSwitch上配置VF与标记VLAN之间的——对应关系; [0078] Step S104, the VF and disposed between the VLAN tag in the SR-IOV NIC on L2vSwitch - correspondence relationship;

[0079] 具体的,每一个VF对应于一个标记VLAN,此处,标记VLAN区别于普通的业务VLAN, 而是为了标记报文是通过哪一个VF发来的,标记VLAN实际上表示了VF的编号。 [0079] Specifically, each of VF corresponding to a tag VLAN, where, different from the common service VLAN tag VLAN, but to mark by which a message is sent to the VF, VF tag VLAN actually expressed in Numbering.

[0080] 例如,SR-IOV NIC中VF总数N=64,此时,VFl对应于标记VLANl,VF2对应于标记VLAN2,…,VF64对应于标记VLAN64。 [0080] For example, SR-IOV NIC VF in the total number N = 64, this time, VFl corresponding to a marker VLANl, VF2 corresponding to a marker VLAN2, ..., VF64 corresponding to a marker VLAN64.

[0081] 在实际实施过程中,VF与标记VLAN之间的——对应关系是在L2vSwitch连接VM的逻辑进入点配置。 [0081] In the actual implementation process, the VF between the tag VLAN - correspondence is connected to the VM entry point logic disposed L2vSwitch. 本申请实施例中要求标记VLAN在L2vSwi tch上只有两个接口,一个是连接VM的VF,另一个是SR-IOV NIC连接接入交换机的上行物理端口,S卩,从VF入时,从上行物理端口出,从上行物理端口入时,从VF出。 This application claims the tag VLAN embodiment L2vSwi tch on only two interfaces, a VF is connected to the VM, and the other is the uplink physical port, S Jie SR-IOV NIC connected to the access switch from the VF-fitting, from the ascending a physical port, from the uplink physical port-fitting, out from VF. 这样,来自一个VM且要发往同一物理服务器内的另一个VM且非属于同一虚拟局域网(VLAN)或者虚拟专用网(VPN)的数据报文进入到L2vSwitch后,L2vSwitch是不会直接转发给该另一个VM的。 After this, from one VM to another VM and to be sent within the same physical server and not belonging to the same virtual local area network (VLAN) or a virtual private network (VPN) data packets into L2vSwitch, L2vSwitch is not forwarded directly to the another VM.

[0082] 步骤S106,在接入交换机用于连接SR-IOV NIC的物理端口上配置与VF总数相同的虚拟端口vPort; [0082] step S106, the access switch for connecting the SR-IOV NIC physical port configured in the same total number of virtual ports VF vPort;

[0083] 假设,物理服务器上的SR-IOV NIC中的VF总数为N,则在接入交换机用于连接SR- IOV NIC的物理端口上配置N个vPortο [0083] Suppose the total number of VF SR-IOV NIC on the physical server is N, then the access switch for connecting the upper SR- IOV NIC physical port configuration of N vPortο

[0084] 步骤S108,在接入交换机用于连接SR-IOV NIC的物理端口上建立vPort与标记VLAN之间的——对应关系; [0084] Step S108, the access switch for establishing between the connection vPort and VLAN tag SR-IOV NIC physical port - the corresponding relationship;

[0085] 例如,N=64,此时,标记VLANl对应于虚拟端口vPl,标记VLAN2对应于vP2,…,标记VLAN64 对应于vPort64。 [0085] For example, N = 64, this time, labeled VLANl VPL corresponding to the virtual port, numerals corresponding to the VP2 VLAN2, ..., corresponding to the numerals VLAN64 vPort64.

[0086] 这样,一旦SR-IOV NIC和接入交换机开始工作,VF与vPort便——对应。 [0086] Thus, once the SR-IOV NIC access switch and start working, and the VF will vPort - corresponds.

[0087] 步骤Sl 10,在接入交换机用于连接SR-IOV NIC的物理端口上使能VLAN TRUNK (虚拟局域网中继)功能。 [0087] Step Sl 10, the access switch for enabling VLAN TRUNK (virtual local area network repeater) functions on the SR-IOV NIC physical port connection.

[0088] S卩,进入接入交换机的报文都携带802. IQ VLAN TAG,且该802. IQVLAN TAG是标记VLAN,而非业务VLAN。 [0088] S Jie, packets into the access switch carries 802. IQ VLAN TAG, and that the VLAN tag 802. IQVLAN TAG is, rather than service VLAN.

[0089] 针对实际业务的配置主要用于配置业务网络,涉及到实际应用场景中用户的业务数据流的业务属性。 [0089] configured for actual business services used to configure the network, service attribute relates to the practical application scenarios user service data stream. 如果接入交换机是传统交换机,则针对实际业务的配置可以应用于例如VLAN的二层网络。 If the access switch is a conventional switch, the actual service configuration can be applied, for example a layer 2 network VLAN. 如图3所示,在针对实际业务的配置过程中,包括以下步骤: As shown in FIG. 3, the actual service configuration, comprising the steps of:

[0090] 步骤S202,在接入交换机上配置多个不同的VNI,来表示不同的虚拟化网络; [0090] step S202, a plurality of different access switches on the VNI to represent different virtual network;

[0091] 其中,VNI是交换机的全局概念。 [0091] wherein, VNI concept is a global switch. 因此,需要在接入交换机上配置VNI,而非在接入交换机的物理端口上配置。 Therefore, VNI arranged on the access switch, rather than on the physical interface of the switch.

[0092] 步骤S204,在接入交换机用于连接物理服务器的物理端口上,将该物理端口上的每一个虚拟端口(vPort)绑定到对应的VNI; [0092] step S204, on the access switch port physically connected to the physical server, each of the virtual port (vPort) on the physical port corresponding to the VNI;

[0093] 步骤S206,在接入交换机用于连接普通交换机的物理端口上配置多个虚拟端口vPort,每一个vPort对应于该普通交换机上的一个业务VLAN; [0093] step S206, the access switch for connecting a plurality of virtual ports on physical ports vPort ordinary switch, each corresponding to a service VLAN vPort on the common switch;

[0094] 此处的业务VLAN就是普通业务的VLAN。 [0094] business here VLAN is VLAN ordinary business.

[0095] 步骤S208,在步骤S206中的物理端口上配置每一个vPort与一个VNI绑定;从而,最终使得该普通交换机上的业务VLAN与接入交换机上的VNI——对应。 [0095] step S208, and a configuration of each vPort VNI bound in step S206 the physical port; thereby, eventually making VNI-- VLAN corresponding to the service access switch on the ordinary switch.

[0096] 通过步骤S108和步骤S204,在接入交换机用于连接SR-IOV NIC的物理端口上保存有标记VLAN、vPort、与VNI之间的对应关系;通过步骤S206和步骤S208,在接入交换机用于连接普通交换机的物理端口上保存有业务VLAN、vPort、与VNI之间的对应关系。 [0096] By step S108 and step S204, the access switches for the SR-IOV NIC physical port connected to a corresponding relationship between the stored tag VLAN, vPort, and VNI; at step S206 and step S208, the access common physical port on the switch to connect the switch with a stored correspondence relationship between the service VLAN, vPort, and VNI.

[0097] (2)报文处理过程 [0097] (2) The message processing procedure

[0098] 在报文处理过程中,包括以下部分: [0098] In processing packets, comprising the following parts:

[0099] 1)从VM发出的报文 [0099] 1) packets sent from the VM

[0100] 如图4所示,从VM发出的报文处理流程包括以下步骤: [0100] As shown, the processes packets sent from the VM comprises the step 4:

[0101] 步骤S302, VM通过本VM对应的一VF将UNTAG (不带标签)数据报文发送给SR-IOV NIC的L2vSwitch;之后执行步骤S304; [0101] Step S302, VM will be transmitted in UNTAG by a VF (without labels) data packet to the SR-IOV NIC VM corresponding to the present L2vSwitch; performed after the step S304,;

[0102] VM发出的UNTAG数据报文中不携带802. IQ VLAN TAG,S卩,不携带本VM的VLAN ID。 [0102] UNTAG VM data packets sent does not carry the 802. IQ VLAN TAG, S Jie, the VM is not carrying the VLAN ID.

[0103] 步骤S304,SR-I0V NIC的L2vSwitch通过一VF接收到UNTAG数据报文后,查找到与该VF对应的标记VLAN,将查找到的标记VLAN的VLANID添加到该UNTAG数据报文中,并将得到的802. IQ报文通过连接接入交换机的物理端口发送出去;之后执行步骤S306; [0103] step S304, the after SR-I0V NIC is L2vSwitch received UNTAG data packets through a VF, found corresponding to the VF tag VLAN, the found untagged VLAN VLANID added to the UNTAG data packet, and the resulting transmission packets 802. IQ access switch is connected via physical port out; after performing step S306;

[0104] 具体的,将查找到的标记VLAN的VLAN ID携带在802. IQ中定义的VLAN TAG字段中, 将该VLAN TAG字段添加到该UNTAG数据报文中。 [0104] Specifically, the searched VLAN ID of the VLAN tag carried in the TAG field 802. IQ VLAN defined in the TAG field to add the VLAN UNTAG the data packet. 此时,从SR-IOV NIC出来的报文是标准的802 . IQ报文,但是该802. IQ报文中的VLAN TAG并不代表正常的VLAN (即普通业务VLAN)含义,而是标记了VF的ID,报文带上VF的ID,是为了接入交换机能够区分处理。 At this time, out of the SR-IOV NIC standard message is 802. IQ packets, but the 802. IQ VLAN TAG packet the VLAN do not represent normal (i.e., ordinary service VLAN) meanings, but marked VF's ID, message ID VF band is able to access switch distinguishing process.

[0105] 步骤S306,接入交换机从连接物理服务器的SR-IOV NIC的物理端口(记为Portl) 上接收到802 . IQ报文后,去除该802 . IQ报文中携带的标记VLAN的VLAN ID,S卩,去除VLAN TAG字段,得到UNTAG数据报文,根据该标记VLAN的VLAN ID查找到该物理端口Portl上的对应vPort,并根据查找到的vPort查找到对应的VNI;之后执行步骤S308; [0105] step S306, the access switch from the connected physical server SR-IOV NIC physical port (referred to as Portl) after receiving 802. IQ packet, the removed 802. IQ packet carries a VLAN tag VLAN ID, S Jie, removing VLAN the tAG field, to give UNTAG data packets, finds the corresponding vPort on the physical port Portl the VLAN ID of the tag VLAN and finds the corresponding VNI according to the searched vPort; after step S308 ;

[0106] 其中,查找到的vPort就是该802. IQ报文的入vPort。 [0106] where to find the vPort is the 802. IQ packet into vPort.

[0107] 经过步骤S306后,得到的UNTAG数据报文中已经不存在VLAN TAG字段。 [0107] After step S306, UNTAG data packet has not obtained VLAN TAG field exists.

[0108] 步骤S308,接入交换机判断该UNTAG数据报文是否是单播报文或组播报文,若是单播报文或组播报文,则执行步骤S310,若是广播报文或目的MAC地址未知的单播报文,则执行步骤S312; [0108] step S308, the access switch determines whether the packet data UNTAG be unicast or multicast packets, if a unicast packet or a multicast packet, is performed step S310, the broadcast packet if the destination MAC address is unknown or unicast packet, step S312 is executed;

[0109] 具体的,若该UNTAG数据报文中的目的MAC(Media Access Control,媒体访问控制)地址是单播MAC地址或组播MAC地址,且根据该目的MAC地址可以从本地的如表1所示的MAC转发表中查找到相同的MAC地址,则执行步骤S310;若该UNTAG数据报文中的目的MAC地址是广播MAC地址,则执行步骤S312;若该UNTAG数据报文中的目的MAC地址是单播MAC地址, 且根据该目的MAC地址从如表1所示的MAC转发表中查找不到相同的MAC地址,则执行步骤S312; [0109] Specifically, if the destination MAC (Media Access Control, media access control) address is a unicast MAC address or a multicast MAC address, and the data packets UNTAG based on the destination MAC address can be locally Table 1 MAC forwarding table as shown in the same MAC address is found, step S310 is executed; if the destination MAC address UNTAG data packet is a broadcast MAC address, step S312 is executed; if the destination MAC data packets UNTAG address is a unicast MAC address and the MAC forwarding table according to the destination MAC address as shown in table 1 in the same MAC address lookup not, step S312 is executed;

[0110] 步骤S310,根据查找到的VNI和该UNTAG数据报文的目的MAC地址,从如表1所示的MAC转发表中查找到至少一个出接口信息;之后执行步骤S314; [0110] step S310, the destination MAC address lookup according to the VNI and UNTAG packet data, MAC shown in Table 1 from the forwarding table to find at least one of the interface information; after performing step S314;

[0111] 表1 [0111] TABLE 1

Figure CN103873374BD00151

[0113] 在如表1所示的MAC转发表中的每一个出接口信息可以是vport的端口ID,也可以是over lay (交叠)隧道的隧道ID或其它。 [0113] In each of the interface information as shown in Table 1 MAC forwarding table may be vport the Port ID, as may be over lay (overlapping) or other tunnel ID of the tunnel. 例如,over lay隧道可以是VXLAN (Virtual Extensible VLAN,虚拟可扩展VLAN)隧道或NVGRE (Network Virtualization using Generic Routing Encapsulation,使用GRE的网络虚拟化)隧道。 For example, over lay tunnel may be VXLAN (Virtual Extensible VLAN, scalable virtual VLAN) tunneling or NVGRE (Network Virtualization using Generic Routing Encapsulation, GRE using network virtualization) tunnel.

[0114] 每一个出接口信息由类型参数和ID组成,该类型参数表示出接口类型是vPort、 overlay隧道或其它,例如,当类型参数是Typel时,表示该出接口是vPort,当类型参数是Type2时,表示该出接口是overlay隧道。 [0114] Each of the parameters and interface information from the ID type composition, the interface type is a type parameter shows vPort, overlay tunnels or other, e.g., when the type of the parameter is Typel indicates that it is outgoing interface vPort, when the type of the parameter is Type2, it means that the interface is the overlay tunnel. 例如,当一个出接口信息是Typel+5时,表示该出接口是vPort5。 For example, when the interface information is a Typel + 5, it indicates that the interface is a vPort5.

[0115] 其中,当该UNTAG数据报文是单播报文时,查找到的出接口信息只有一个,该出接口信息可以是vPort的端口ID,也可以是overlay隧道的隧道ID或其它;当该UNTAG数据报文是组播报文时,查找到的出接口信息有多个,每一个出接口信息可以是vPort的端口ID,也可以是overlay隧道的隧道ID或其它。 [0115] wherein, when the UNTAG data packet is a unicast packet, find the outbound interface information is only one, the outbound interface information can be a port ID vPort may be a tunnel ID overlay tunnels or other; when the UNTAG data packet is a multicast packet to find out information about a plurality of interfaces, each of the interface information may be vPort the port ID, as may be the tunnel or tunnel ID overlay other.

[0116] 步骤S312,接入交换机根据查找到的VNI,从本地的如表2所示的广播转发表中查找到至少一个出接口信息;之后执行步骤S314; [0116] step S312, the access switch according to the obtained VNI, from the broadcast forwarding table lookup as shown in Table 2 as local to at least one exit interface information; after performing step S314;

[0117] 表2 [0117] TABLE 2

Figure CN103873374BD00152

[0119]在如表2所示的广播转发表中的每一个出接口信息可以是vport的端口ID,也可以_ 是overlay隧道的隧道ID或其它。 [0119] Each of the interface information in the broadcast forwarding table shown in Table 2 may be vport port ID, or may be a tunnel ID overlay _ tunnel or other. 例如,overlay隧道可以是VXLAN隧道或NVGRE隧道。 For example, overlay tunnels may be VXLAN tunnel or NVGRE tunnel.

[0120] 每一个出接口信息由类型参数和ID组成,该类型参数表示出接口类型是vPort、 overlay隧道或其它,例如,当类型参数是Typel时,表示该出接口是vPort,当类型参数是Type2时,表示该出接口是overlay隧道。 [0120] Each of the parameters and interface information from the ID type composition, the interface type is a type parameter shows vPort, overlay tunnels or other, e.g., when the type of the parameter is Typel indicates that it is outgoing interface vPort, when the type of the parameter is Type2, it means that the interface is the overlay tunnel. 例如,当一个出接口信息是Typel+5时,表示该出接口是vPort5。 For example, when the interface information is a Typel + 5, it indicates that the interface is a vPort5.

[0121] 在步骤S312中查找到的至少一个出接口信息是除该802. IQ报文的入vPort以外的其它vPort的端口ID和所有overlay隧道的隧道ID,也可以是所有vPort的端口ID和所有over lay隧道的隧道ID。 [0121] found in step S312 that at least one is other than the interface information 802. IQ packet into vPort port ID and the tunnel ID of the other vPort all overlay tunnels may be a port ID and all vPort All over lay tunnel ID of the tunnel.

[0122] 步骤S314,针对查找到的每一个出接口信息,判断该出接口信息是否是vport的端口ID,若是vport的端口ID,则执行步骤S316,若是over lay隧道的隧道ID,则执行步骤S318, 若既不是vport的端口ID也不是over lay隧道的隧道ID,则执行步骤S322; [0122] step S314, the for the found each outbound interface information, determines whether the outbound interface information is the port ID vport and if vport port ID, then perform step S316, the if over lay tunnel tunnel ID, then step S318, if neither ID is not vport port tunnel ID over lay tunnel, step S322 is executed;

[0123] 当该UNTAG数据报文是组播报文、广播报文或目的MAC地址未知的单播报文时,会针对每一个出接口信息对该UNTAG数据报文进行复制,因此,后续步骤S316和步骤S320中被添加的UNTAG数据报文是复制的UNTAG数据报文,步骤S322中被丢弃的UNTAG数据报文是复制的UNTAG数据报文。 [0123] When the UNTAG data packet is a multicast packet, a broadcast packet or an unknown destination MAC address of the unicast packet, the UNTAG will copy data packets for each of the interface information, and therefore, the subsequent step S316 and step S320 is added to the data packet is UNTAG UNTAG copied data packets, discarded in step S322 the data packet is UNTAG UNTAG replicated data packets.

[0124] 步骤S316,根据该vport的端口ID查找到对应VLAN,将该对应VLAN的VLAN ID添加到该UNTAG数据报文中,将得到的携带有该对应VLAN的VLAN ID的802. IQ报文,通过该vport 所在的物理端口发送出去;其中,该对应VLAN是标记VLAN或业务VLAN;结束本流程; [0124] step S316, the port ID according to the lookup vport to the VLAN, the VLAN corresponding to the VLAN ID is added to the data packet UNTAG, obtained carries the VLAN corresponding to the VLAN ID of the packet 802. IQ , through the physical port is located vport transmitted; wherein the VLAN is the VLAN tag or VLAN service; the process ends;

[0125] 其中,当该对应VLAN是标记VLAN时,将携带有标记VLAN的VLAN ID的802. IQ报文, 通过该vport所在的物理端口发送给直连的物理服务器; [0125] wherein, when the VLAN is the VLAN tag, which carries a VLAN ID of VLAN tag 802. IQ packet, the server transmits to the physical direct vport by the physical port is located;

[0126] 当该对应VLAN是业务VLAN时,将携带有业务VLAN的VLAN ID的802. IQ报文,通过该vport所在的物理端口发送给直连的普通交换机。 [0126] When the service VLAN is the VLAN, the VLAN ID which carries the 802. IQ VLAN traffic packets sent through the physical port is located vport directly connected to the normal switch.

[0127] 具体的,将该对应VLAN的VLAN ID携带在802. IQ中定义的VLANTAG字段中,将该VLAN TAG字段添加到该UNTAG数据报文中。 [0127] Specifically, the VLAN corresponding to the VLAN ID carried in field 802. IQ VLANTAG defined in the TAG field to add the VLAN UNTAG the data packet. 此时,接入交换机发送给普通交换机或物理服务器的报文是标准的802. IQ报文,并且发送给普通交换机的802. IQ报文中的VLAN TAG就是正常的普通业务的VLAN的VLAN ID。 In this case, the access switch or switches to a common physical server is a standard packet 802. IQ packets, and the TAG VLAN is normally sent to the common ordinary service switch 802. IQ packet VLAN ID in the VLAN .

[0128] 步骤S318,若该出接口信息是overlay隧道的隧道ID,则根据该隧道ID查找到对应的隧道信息, [0128] step S318, the outbound interface information if the tunnel is a tunnel ID overlay, to find the information corresponding to the tunnel based on the tunnel ID, users

[0129] 其中,该隧道信息中包括:该overlay隧道的源IP地址和目的IP地址,该overlay隧道对应的出vport;之后执行步骤S320; [0129] wherein the tunnel information comprising: a source IP address and destination IP address of the tunnel overlay, the overlay corresponding to a tunnel VPort; after performing step S320;

[0130] 步骤S320,根据该出vport查找到对应的业务VLAN,将该overlay隧道的源IP地址和目的IP地址、步骤S306中查找到的VNI和该业务VLAN的VLAN ID添加到该UNTAG数据报文中,将得到的隧道报文通过该出vport所在的物理端口发送给直连的普通交换机;结束本流程; [0130] step S320, the vport to find out based on the corresponding service VLAN, add find the source IP address and destination IP address of the tunnel overlay, VNI to step S306 and the service VLAN of the VLAN ID to the data packet UNTAG hereinafter, the obtained tunnel packet switch through which a common physical port where vport directly connected to the transmission; the process ends;

[0131] 步骤S322,丢弃该UNTAG数据报文;结束本流程。 [0131] step S322, the discarded data packets UNTAG; the process ends.

[0132] 2)发往VM的报文 [0132] 2) the packets destined for the VM

[0133] 如图5所示,发往VM的报文具体处理流程包括以下步骤: [0133] As shown in FIG 5, packets addressed to VM specific processing comprises the following steps:

[0134] 步骤S402,接入交换机从连接普通交换机的物理端口(记为Port2)上接收到特定报文;之后执行步骤S404; [0134] step S402, the access switch from the ordinary switch connected to the physical port (referred to as Port2) received on the specific message; S404, after performing step;

[0135] 其中,步骤S402中接收到的特定报文可能是802. IQ报文,也可能是隧道报文。 [0135] wherein, in step S402 the received specific message may be 802. IQ packet, it may be a tunnel packet.

[0136] 步骤S404,判断该特定报文是否是隧道报文,若是802. IQ报文,则执行步骤S406, 若是隧道报文,则执行步骤S408; [0136] step S404, the determination whether the particular packet is a tunnel packet, if the packet 802. IQ is performed step S406, if the tunnel packet, proceed to step S408;

[0137] 步骤S406,接入交换机去除该802. IQ报文中携带的业务VLAN的VLANID, [0137] step S406, the access switch is removed VLANID packet 802. IQ VLAN traffic is carried,

[0138] SP,去除VLAN TAG字段,得到UNTAG数据报文;根据该业务VLAN的VLAN ID查找到物理端口Port2上的对应vPort,根据该vPort查找到对应的VNI;之后执行步骤S410; [0138] SP, remove the TAG field VLAN give UNTAG data packets; vPort find the corresponding physical port on the Port2 The VLAN ID is the VLAN traffic, finds the corresponding VNI based on the vPort; after performing step S410;

[0139] 其中,查找到的vPort就是该802. IQ报文的入vPort。 [0139] where to find the vPort is the 802. IQ packet into vPort.

[0140] 经过步骤S406后,得到的UNTAG数据报文中已经不存在VLAN TAG字段。 [0140] After step S406, UNTAG data packet has not obtained VLAN TAG field exists.

[0141] 步骤S408,接入交换机去除该隧道报文中的over lay隧道的源IP地址和目的IP地址、VNI和业务VLAN的VLAN ID,得到UNTAG数据报文; [0141] step S408, the removal of the access source IP address and switch the destination IP address, VLAN ID VNI service VLAN packets and tunnels the tunnel over lay give UNTAG data packet;

[0142] 其中,根据该业务VLAN的VLAN ID查找到的vPort就是该隧道报文的入vPort,之后执行步骤S410。 [0142] wherein, according to find the service VLAN ID is the VLAN vPort into the tunnel packet vPort, after performing step S410.

[0143] 经过步骤S408后,得到的UNTAG数据报文中已经不存在VLAN TAG字段。 [0143] After step S408, UNTAG data packet has not obtained VLAN TAG field exists.

[0144] 步骤S410,接入交换机判断该UNTAG数据报文是否是单播报文或者组播报文,若是单播报文或组播报文,则执行步骤S412,若是广播报文或目的MAC地址未知的单播报文,则执行步骤S414; [0144] step S410, the access switch determines whether the packet data UNTAG be unicast or multicast packets, if a unicast packet or a multicast packet, is performed step S412, the broadcast packet if the destination MAC address is unknown or unicast packet, step S414 is executed;

[0145] 具体的,若该UNTAG数据报文中的目的MAC地址是单播MAC地址或组播MAC地址,且根据该目的MAC地址可以从如表1所示的MAC转发表中查找到相同的MAC地址,则执行步骤S412;若该UNTAG数据报文中的目的MAC地址是广播MAC地址,则执行步骤S414;若该UNTAG数据报文中的目的MAC地址是单播MAC地址,且根据该目的MAC地址从如表1所示的MAC转发表中查找不到相同的MAC地址,则执行步骤S414。 [0145] Specifically, if the destination MAC address of the UNTAG data packet is unicast or a multicast MAC address MAC address and the MAC address forwarding table can be found from the same MAC as shown in Table 1 for this purpose MAC address, the step S412 executed; if the destination MAC address of the UNTAG data message is a broadcast MAC address, execute step S414; if the destination MAC address of the UNTAG data packet is a unicast MAC address, and according to the object MAC address forwarding table to find not the same MAC address from the MAC as shown in table 1, the step S414.

[0146] 步骤S412,根据该VNI和该UNTAG数据报文的目的MAC地址,从如表1所示的MAC转发表中查找到至少一个出接口信息;之后执行步骤S416; [0146] step S412, the VNI and the UNTAG based on the data packet destination MAC address as the MAC forwarding table shown in Table 1 to find at least one of the interface information; after performing step S416;

[0147] 其中,该VNI是步骤S406中查找到的VNI或是步骤S408中得到的VNI。 [0147] wherein, the VNI is found in step S406 or step S408 VNI in VNI obtained.

[0148] 当该UNTAG数据报文是单播报文时,查找到的出接口信息只有一个,该出接口信息可以是vPort的端口ID,也可以是overlay隧道的隧道ID或其它;当该UNTAG数据报文是组播报文时,查找到的出接口信息有多个,每一个出接口信息可以是vPor t的端口ID,也可以是overlay隧道的隧道ID或其它。 [0148] When the UNTAG data packet is a unicast packet, find the outbound interface information is only one, the outbound interface information can be a port ID vPort may be a tunnel ID overlay tunnels or other; when the UNTAG data packet is a multicast packet, to find out information about a plurality of interfaces, each of the interface information may be vPor t the port ID, as may be the tunnel or the tunnel ID overlay other.

[0149] 步骤S414,根据该VNI,从如表2所示的广播转发表中查找到至少一个出接口信息; 之后执行步骤S416; [0149] step S414, the based on the VNI, issued to find out at least one interface information from the broadcast switch as shown in Table 2; After step S416;

[0150] 步骤S416,针对查找到的每一个出接口信息,判断该出接口信息是否是vport的端口ID,若是vport的端口ID,则执行步骤S418,若是over lay隧道的隧道ID,则执行步骤S420, 若既不是vport的端口ID也不是overlay隧道的隧道ID,则执行步骤S424; [0150] step S416, the for the found each outbound interface information, determines whether the outbound interface information is the port ID vport and if vport port ID, the step S418 executed, if over lay tunnel tunnel ID, then step S420, if neither vport port ID is not overlay the tunnel ID of the tunnel, step S424 is executed;

[0151] 当该UNTAG数据报文是组播报文、广播报文或目的MAC地址未知的单播报文时,会针对每一个出接口信息对该UNTAG数据报文进行复制,因此,后续步骤S418和步骤S422中被添加的UNTAG数据报文是复制的UNTAG数据报文。 [0151] When the UNTAG data packet is a multicast packet, a broadcast packet or an unknown destination MAC address of the unicast packet, the UNTAG will copy data packets for each of the interface information, and therefore, the subsequent step S418 and step S422 is added to the data packet is UNTAG UNTAG replicated data packets.

[0152] 步骤S418,根据该vport的端口ID查找到对应VLAN,将该对应VLAN的VLAN ID添加到该UNTAG数据报文中,将得到的携带有该对应VLAN的VLAN ID的802. IQ报文,通过该vport 所在的物理端口发送出去;其中,该对应VLAN是标记VLAN或业务VLAN;结束本流程; [0152] Step S418, to find the port ID according to the corresponding vport VLAN, the VLAN corresponding to the VLAN ID is added to the data packet UNTAG, obtained carries the VLAN ID of the VLAN packet 802. IQ , through the physical port is located vport transmitted; wherein the VLAN is the VLAN tag or VLAN service; the process ends;

[0153] 其中,当该对应VLAN是标记VLAN时,将携带有标记VLAN的VLAN ID的802. IQ报文, 通过该vport所在的物理端口发送给直连的物理服务器; [0153] wherein, when the VLAN is the VLAN tag, which carries a VLAN ID of VLAN tag 802. IQ packet, the server transmits to the physical direct vport by the physical port is located;

[0154] 当该对应VLAN是业务VLAN时,将携带有业务VLAN的VLAN ID的802. IQ报文,通过该vport所在的物理端口发送给直连的普通交换机。 [0154] When the service VLAN is the VLAN, the VLAN ID which carries the 802. IQ VLAN traffic packets sent through the physical port is located vport directly connected to the normal switch.

[0155] 具体的,将该对应VLAN的VLAN ID携带在802. IQ中定义的VLANTAG字段中,将该VLAN TAG字段添加到该UNTAG数据报文中。 [0155] Specifically, the VLAN corresponding to the VLAN ID carried in field 802. IQ VLANTAG defined in the TAG field to add the VLAN UNTAG the data packet. 此时,接入交换机发送给普通交换机或物理服务器的报文是标准的802. IQ报文,并且发送给普通交换机的802. IQ报文中的VLAN TAG就是正常的普通业务的VLAN的VLAN ID。 In this case, the access switch or switches to a common physical server is a standard packet 802. IQ packets, and the TAG VLAN is normally sent to the common ordinary service switch 802. IQ packet VLAN ID in the VLAN .

[0156] 步骤S420,若该出接口信息是overlay隧道的隧道ID,则根据该隧道ID查找到对应的隧道信息,其中,该隧道信息中包括:该over lay隧道的源IP地址和目的IP地址,该overlay隧道对应的出vport;之后执行步骤S422; [0156] step S420, the if the outbound interface information is a tunnel ID overlay tunnel, then find the tunnel information corresponding to the basis of the tunnel ID, where the tunnel information includes: the source IP address and destination IP address over lay tunnel the overlay corresponding to a tunnel VPort; after performing step S422;

[0157] 步骤S422,根据该出vport查找到对应的业务VLAN,将该overlay隧道的源IP地址和目的IP地址、该VNI和该业务VLAN的VLAN ID添加到该UNTAG数据报文中,将得到的隧道报文通过该出vport所在的物理端口发送给直连的普通交换机;结束本流程; [0157] Step S422, based on the look out vport to the corresponding service VLAN, the source IP address and destination IP address of the tunnel overlay, VNI, and add the service VLAN of the VLAN ID of the data packet to the UNTAG and the resulting the tunnel packets vport the physical port where the switches are directly connected to a common; and the process ends;

[0158] 步骤S424,丢弃该UNTAG数据报文;结束本流程。 [0158] Step S424, UNTAG discards the data packet; the process ends.

[0159] 在步骤S418中,当对应VLAN是标记VLAN时,接入交换机会将携带有标记VLAN的VLAN ID的802. IQ报文,通过该vport所在的物理端口发送给直连的物理服务器,因此,物理服务器会接收到接入交换机发来的802. IQ报文。 [0159] In step S418, when the VLAN is tagged VLAN, the switch will carry the access packets 802. IQ VLAN ID of the VLAN tag is transmitted directly connected to the physical server through a physical port where the vport, Thus, the physical server receives the incoming access switch 802. IQ packet. 此时,物理服务器会执行以下步骤: At this time, the physical server performs the following steps:

[0160] 步骤S502,物理服务器上的SR-IOV NIC中的L2vSwitch接收到接入交换机发来的802 . IQ报文后,去除该802 . IQ报文中的标记VLAN的VLAN ID,即,去除该802 . IQ报文中的VLAN TAG字段,得到UNTAG数据报文,根据该标记VLAN的VLAN ID查找到对应的VF的ID; After [0160] Step S502, SR-IOV NIC physical server L2vSwitch receiving the access switch 802 is sent. IQ packets, removing the 802. IQ tag VLAN packets of its VLAN ID, i.e., removed the 802 IQ VLAN packets in the tAG field, to give UNTAG data packets, to find the ID of the corresponding VF according to the VLAN ID of VLAN tag;

[0161] 经过步骤S502之后,得到UNTAG数据报文中不存在VLAN TAG字段。 [0161] After step S502, the field does not exist to give UNTAG VLAN TAG packet data.

[0162] 步骤S504,L2vSwitch将该UNTAG数据报文通过查找到的VF发送给与该VF对应的VM;结束本流程。 [0162] Step S504, L2vSwitch UNTAG the data packets sent to a VF corresponding to the VM by looking to VF; the process ends.

[0163] 另外,本申请实施例中的MAC地址学习过程,采用现有技术的源MAC地址学习方法即可,其中,对于组播地址的学习按照现有组播协议或采用静态配置方法。 [0163] In addition, MAC address learning process in the embodiment of the present application, the use of the prior art method may be the source MAC address learning, wherein, for learning the multicast address according to the prior multicast protocol or static configuration method. 最终,可以将学习到的MAC地址、VNI与出接口信息之间的对应关系,配置到如表1所示的MAC转发表中,用于指导报文转发。 Finally, you may be correspondence between the learned MAC address, the VNI and interface information, to configure as shown in Table 1 MAC forwarding table, used to forward packets. 可以采用静态配置的方式,配置如表2所示的广播MC地址表。 Static configuration may be employed, as shown in Table broadcast MC address configuration shown in Table 2.

[0164] 本申请实施例中,提供了一种新的虚拟化系统,该系统中包括:物理服务器和接入交换机。 [0164] Example embodiments of the present application, a new virtual system, the system comprising: an access server and a physical switch. 物理服务器中包括:至少一个VM和采用SR-IOV技术的网卡,称为SR-IOV NIC,该SR-IOV NIC中包括L2vSwitch和多个VF;其中,VF与标记VLAN——对应;VM中安装有VF驱动,VM 对应于至少一个VF。 Physical server comprising: at least one VM and SR-IOV NIC using the technology known as SR-IOV the NIC, the NIC in the SR-IOV L2vSwitch and comprises a plurality of the VF; wherein, the VF corresponding to the mark VLAN--; VM installed there VF drive, VM corresponding to the at least one VF. 接入交换机用于连接物理服务器(具体为连接SR-IOV NIC)的物理端口上包括多个虚拟端口vPort,这些vPort与标记VLAN--对应;而且,接入交换机还与其它物理交换机(即普通交换机)直连,接入交换机用于连接其它物理交换机的物理端口上包括多个vPort,这些vPort与该其它物理交换机上的业务VLAN——对应;另外,交换机上还配置有多个VNI,vPort与VNI具有绑定关系。 VPort comprising a plurality of virtual ports, and these marks VLAN-- vPort physical port corresponding to the access switch for connecting a physical server (specifically connected SR-IOV NIC); and, with other physical access switch further switches (i.e., Normal switch) directly connected to the access switch connection comprises a plurality of physical ports on vPort other physical switches, such vPort VLAN-- service corresponding to the physical switch on the other; in addition, is also configured with a plurality of switch VNI, vPort and VNI has a binding relationship.

[0165] 在上述系统中,利用网卡虚拟化SR-IOV技术,将SR-IOV NIC作为PE,将接入交换机作为CB,构成了接入交换机+SR-IOV NIC组成的CB-PE架构。 [0165] In the above system, the use of SR-IOV NIC virtualization technology, the SR-IOV the NIC as PE, the access switch as CB, CB-PE constituting the access switch architecture + SR-IOV NIC thereof.

[0166] VM发出的不携带VLAN ID的UNTAG数据报文,会通过一VF到达L2vSwitch, L2vSwitch接收到该UNTAG数据报文后,根据该VF查找到对应的标记VLAN,将查找到的标记VLAN的VLAN ID添加到该UNTAG数据报文中,得到802. IQ报文,最后将该802. IQ报文发送给接入交换机。 [0166] does not carry a VLAN ID UNTAG packets VM sent, it arrives after L2vSwitch, L2vSwitch receiving the UNTAG data packet, to find the basis of the VF to a corresponding tagged VLAN, the found tagged VLAN by a VF UNTAG VLAN ID is added to the data packet, to give 802. IQ packet, the last transmission 802. IQ packet to the access switch. 从而,作为PE的SR-IOV NIC发出的报文是标准的802. IQ报文,没有增加任何特殊字段。 Thus, the packet as SR-IOV NIC PE standard is issued 802. IQ packet, without adding any special fields. 同样,作为CB的接入交换机发给作为PE的SR-IOV NIC的报文也是标准的802. IQ报文。 Similarly, as the access switch CB is sent to the PE as SR-IOV NIC is the standard message 802. IQ packet. 从而,PE收发的报文是标准的802. IQ报文,可以使用普通网卡,即通用的SR-IOV NIC作为PE,节省了成本,而且,互通性好,可以广泛应用。 Thus, PE and received message is a standard packet 802. IQ, ordinary card may be used, i.e. common SR-IOV NIC as PE, cost savings, and, good interoperability, can be widely applied.

[0167] 另外,接入交换机用于连接SR-IOV NIC的物理端口上的vPort与标记VLAN——对应,而标记VLAN与VF——对应,从而,SR-IOV NIC中的VF作为接入交换机在物理服务器内部的扩展虚拟端口,且每一个VF都对应到接入交换机的一个虚拟端口,这样,所有VM的数据流都会被引导到接入交换机上进行转发处理。 [0167] Further, the access switch for connecting vPort VLAN-- the mark corresponding to the SR-IOV NIC physical port, the VLAN tag corresponding to the VF--, thereby, the SR-IOV NIC VF as access switch extended physical internal server virtual ports, and each of VF corresponds to a virtual interface of the switch, so that all VM data stream will be directed to the access switch forwarding process. 由于VM上安装有VF驱动,并与至少一个VF对应, 因此每一个VM旁路了Hypervisor中的vSwitch,直接连接至SR-IOV NIC中的VF,从而实现了物理网络与VM的间接连接。 Since VF driver is mounted, and with at least one corresponding to VF, thus bypassing the Hypervisor each VM in the vSwitch, directly connected to the SR-IOV NIC VF, thereby achieving indirect connection to the physical network on the VM VM.

[0168] 使用本申请实施例,可以使得虚拟化环境下的IO性能充分利用网卡硬件能力,极大改善了虚拟化吞吐。 [0168] Example embodiments of the present application use can be made IO performance in virtualized environments full advantage of the hardware card capacity virtualization greatly improved throughput.

[0169] 下面以如图7和图8所示的虚拟化系统为例,说明系统配置过程。 [0169] FIG. 7 below to the virtualization system shown in Figure 8 and an example to describe the system configuration.

[0170] 如图7和图8所示,接入交换机SWl上的3个物理端口Pl〜P3分别连接一个物理服务器的SR-IOV NIC,还有一个物理端口P4连接网络中的一个普通交换机SW2。 [0170] FIG 7 and FIG, 3 Pl~P3 physical ports on the switch SWl are connected to access a physical server SR-IOV NIC 8, there is a physical network port P4 is connected to a common switch SW2 . 每一个物理服务器中包括:分别编号为VMl〜VM64的64个VM、Hypervisor和SR-IOV NIC,SR-I0V NIC中包括64个VF,在Hypervisor中认为存在64个虚拟网卡,而VM可以看见64个PCIe设备,这64个VF分别编号为VFl 〜VF64。 Each physical server includes: respectively numbered 64 VMl~VM64 VM, Hypervisor and SR-IOV NIC, SR-I0V NIC 64 includes the VF, the Hypervisor in that there is virtual card 64, and 64 can be seen VM a PCIe devices, which are respectively numbered 64 VF VFl ~VF64. SW2上设置有3 个VLAN 业务:VLANl 0、VLAN2000、VLANl 00。 Setting the SW2 have three VLAN service: VLANl 0, VLAN2000, VLANl 00.

[0171] 假设,业务要求如下: [0171] Suppose, service requirements are as follows:

[0172] Pl接入的VFl-VPl、VF2-VP2数据流进入到普通业务VLANlO; [0172] Pl access VFl-VPl, VF2-VP2 ordinary traffic streams of data into VLANlO;

[0173] Pl接入的VF64-VP64数据流进入到普通业务VLAN2000; [0173] VF64-VP64 Pl access data stream into ordinary service VLAN 2000;

[0174] P2接入的VFl-VPl、VF3-VP3数据流进入到普通业务VLANlO; [0174] P2 access VFl-VPl, VF3-VP3 streams of data into common service VLANlO;

[0175] P2接入的VF64-VP64数据流进入到普通业务VLAN2000; [0175] VF64-VP64 P2 access data stream into ordinary service VLAN 2000;

[0176] P2接入的VF2-VP2数据流进入到普通业务VLANl 00; [0176] VF2-VP2 P2 access data stream into a normal traffic VLANl 00;

[0177] P3接入的VFl-VPl数据流进入到普通业务VLANlO; [0177] P3 access VFl-VPl ordinary traffic streams of data into VLANlO;

[0178] P3接入的VF2-VP2数据流进入到普通业务VLAN2000; [0178] P3 access VF2-VP2 streams of data into common service VLAN 2000;

[0179] P3接入的VF3-VP3、VF64-VP64数据流进入到普通业务VLAN100。 [0179] P3 access VF3-VP3, VF64-VP64 ordinary traffic streams of data into VLAN100.

[0180] 其中,VFl-VPl表示从VFl发出进入到VPl,其它类同。 [0180] wherein, VFl-VPl into VPl from represents the VFl, other similar.

[0181] 在缺省配置过程中,包括以下步骤:在每一个物理服务器上,建立VM与VF之间的对应关系,具体的,VMl与VFl对应,VM2与VF2对应,以此类推;在SR-IOV NIC中的L2vSwitch上配置VF与标记VLAN之间的——对应关系,具体的,VFl对应于标记VLANl,VF2对应于标记VLAN2,以此类推。 [0181] In the default configuration process, comprising the steps of: on each physical server, establishing a correspondence between the VM and the VF, specifically, VMl VFl corresponds with, the corresponding VF2 and VM2, and so on; in SR configuration of L2vSwitch -IOV NIC VF between the tag VLAN - correspondence between a specific, corresponding to a marker VFl VLANl, VF2 numerals corresponding to VLAN2, and so on. 在接入交换机SWl上,分别在Pl〜P3上配置64个虚拟端口vPort,分别编号为vPl〜vP64;在Pl〜P3中的每一个物理端口上,建立vPort与标记VLAN之间的——对应关系,具体的,vPl对应于标记VLANl,vP2对应于标记VLAN2,以此类推;在Pl〜P3上使能VLAN TRUNK功能。 On the access switch SWl, 64 are disposed on Pl~P3 vPort virtual ports, respectively numbered vPl~vP64; Pl~P3 on each of the physical port, the vPort established between the tag VLAN - corresponding to relationship, specifically, corresponding to a marker VPL VLANl, vP2 numerals corresponding to VLAN2, and so on; enable VLAN TRUNK function on Pl~P3.

[0182] 之后,针对实际业务的配置过程如下: After the [0182] configuration process for an actual service as follows:

[0183] 在SWl 上配置3 个VNI: VNII、VNI2 和VNI3; [0183] 3 arranged in VNI SWl: VNII, VNI2 and VNI3;

[0184] 分别在Pl、P2和P3上,将每一个vPort绑定到对应的VNI,具体如下:在Pl上,将VPl 和VP2绑定到VNIl,VP64绑定到VNI2;在P2上,将VPl和VP3绑定到VNII,VP2绑定到VNI3,VP64 绑定到VNI2;在P3上,将VPl绑定到VNII,VP2绑定到VNI2,VP3和VP64绑定到VNI3。 [0184] respectively in the Pl, P2 and P3, each corresponding to a bound vPort VNI, as follows: In Pl, bind to the VPl and VP2 VNIl, VP64 binding to VNI2; in P2, will bind to VPl and VP3 VNII, VP2 bound to VNI3, VP64 binding to VNI2; on P3, to bind to the VPl VNII, VP2 bound to VNI2, VP3 and bound to the VP64 VNI3.

[0185] 配置P4 上的每一个vPor t分别对应于VLANl 0,VLANl 00和VLAN2000; [0185] disposed on each vPor t P4 correspond to VLANl 0, VLANl 00 and VLAN 2000;

[0186] 配置P4上每一个vPort与对应的VNI绑定,使得普通业务VLAN与VNI——对应;具体的,VNIl 与VLANlO 绑定,VNI2 与VLAN2000 绑定,VNI3 与VLANl 00 绑定。 [0186] P4 disposed on each of the corresponding VNI vPort binding, so that ordinary service VLAN corresponding to the VNI--; Specifically, VNIl and VLANlO bound, VNI2 and VLAN2000 bound, VNI3 with VLANl 00 binding.

[0187] 本申请另一实施例中提供了一种可以应用上述方法的虚拟化系统中的报文处理装置。 [0187] The present application example provides a message processing system virtualization apparatus of the above method may be applied to another embodiment.

[0188] 如图9所示,虚拟化系统中的报文处理装置可以应用于物理服务器的SR-IOV NIC 中的vSwi tch中,该装置中包括以下模块:接收模块501、查找模块502、处理模块503和发送模块504,其中: [0188] As shown, the packet processing device virtualization system may be applied to physical server 9 NIC in vSwi tch SR-IOV, the apparatus comprises the following modules: a receiving module 501, a searching module 502, the process module 503 and a sending module 504, wherein:

[0189] 接收模块501,用于接收VM通过该VM对应的一VF发来的UNTAG数据报文,其中,该UNTAG数据报文中没有携带该VM的VLAN ID; [0189] The receiving module 501, for receiving the VM corresponding VM by a VF UNTAG sent data packet, wherein the packet data UNTAG the VM does not carry the VLAN ID;

[0190] 查找模块502,用于在接收模块501接收到VM通过该VM对应的一VF发来的UNTAG数据报文之后,根据该VF查找到对应的标记VLAN; After [0190] searching module 502, module for receiving 501 receives the VM corresponding to the VM through a VF UNTAG sent packets, finds the corresponding VLAN tag based on the VF;

[0191] 处理模块503,用于将查找模块502查找到的标记VLAN的VLAN ID添加到接收模块501接收到的UNTAG数据报文中,得到802. IQ报文;其中,VF与标记VLAN——对应; [0191] The processing module 503, configured to add the lookup module 502 to find the VLAN ID of the VLAN tag to the receiving module 501 receives the data packet UNTAG give 802. IQ packet; wherein, labeled with the VF VLAN-- correspond;

[0192] 发送模块504,用于将处理模块503得到的携带有标记VLAN的VLAN ID的802. IQ报文,发送给本物理服务器直连的接入交换机。 [0192] The sending module 504 is configured to carry a VLAN ID of VLAN tag 802. IQ packet processing module 503 obtained is sent to the server directly connected to this physical access switches.

[0193] 另外,接收模块501,还用于接收本物理服务器直连的接入交换机发来的802. IQ报文,其中,该802.1Q报文中携带有标记VLAN的VLAN ID; [0193] Further, the receiving module 501 is further configured to receive this physical server directly connected to access switches sent 802. IQ packet, wherein the packet carries a 802.1Q VLAN ID of VLAN tag;

[0194] 处理模块503,还用于在接收模块501接收到本物理服务器直连的接入交换机发来的802. IQ报文之后,去除该802. IQ报文中携带的标记VLAN的VLANID,得到UNTAG数据报文; [0194] The processing module 503, the receiving module is further configured to present the physical server 501 receives the sent after the switch 802. IQ packet direct access, removing the VLANID 802. IQ packet carries a VLAN tag, UNTAG obtained data packet;

[0195] 查找模块502,还用于根据接收模块501接收到的802. IQ报文中的标记VLAN的VLAN ID查找到对应的VF的ID; [0195] searching module 502 is further configured VLAN ID of VLAN tag 802. IQ packets received according to the receiving module 501 finds the corresponding VF's ID;

[0196] 发送模块504,还用于将处理模块503得到的UNTAG数据报文,通过查找模块502查找到的ID所指示的VF发送给与该VF对应的VM。 [0196] The sending module 504 is further configured UNTAG data packets obtained processing module 503, VF 502 found by the searching module ID indicated sent to a VF corresponding to the VM.

[0197] 其中,一个VM对应于至少一个VF,一个VF对应于一个VM。 [0197] wherein at least one VM corresponding to a VF, a VF corresponding to a VM.

[0198] 本申请又一实施例中提供了一种可以应用上述方法的虚拟化系统中的报文处理装置。 [0198] The present application further embodiment provides a packet processing apparatus virtualization system may be applied in the above-described method.

[0199] 如图10所示,该虚拟化系统中的报文处理装置应用于接入交换机中,该装置中包括以下模块:接收模块601、去除模块602、查找模块603和添加发送模块604,其中: [0199] As shown, the packet processing apparatus is applied to virtualized system access switch 10, the apparatus comprises the following modules: a receiving module 601, removing module 602, a searching module 603 and transmission module 604 is added, among them:

[0200] 接收模块601,用于接收特定报文;其中,接收到的特定报文是直连的物理服务器或其它物理交换机发来的802. IQ报文,或是直连的其它物理交换机发来的隧道报文; [0200] a receiving module 601, configured to receive a specific message; wherein the specific message is received direct physical server or other physical switches sent 802. IQ packet, or other physical switches directly connected fat to the tunnel packet;

[0201] 去除模块602,用于当接收模块601接收到的特定报文是802. IQ报文时,去除该802. IQ报文中携带的VLAN ID得到UNTAG数据报文;还用于当接收模块601接收到的特定报文是隧道报文时,去除该隧道报文中的overlay隧道的源IP地址和目的IP地址、VNI和VLAN ID,得到UNTAG数据报文; [0201] removing module 602, a receiving module when a particular message is received 601 802. IQ packet, the packet is removed in the 802. IQ VLAN ID carried in the data packet obtained UNTAG; further configured to, when receiving specific message module 601 receives the packet is a tunnel, removing the source IP address and destination IP address, and VLAN ID overlay VNI tunnel packet of the tunnel to give UNTAG data packet;

[0202] 查找模块603,用于当接收模块601接收到的特定报文是802. IQ报文时,根据该802. IQ报文中携带的VLAN ID查找到对应的vPort,根据该vPort查找到对应的VNI;还用于若去除模块602得到的UNTAG数据报文是单播报文,则根据该VNI和该UNTAG数据报文的目的MAC地址,从本地的MAC转发表中查找到一个出接口信息; [0202] searching module 603, module 601 when receiving a specific message is received 802. IQ packet, finds the corresponding vPort 802. The VLAN ID carried in the IQ packet, based on the found vPort corresponding VNI; UNTAG also be used if the data packet removing module 602 is obtained unicast packet according to the destination MAC address and the VNI UNTAG the data packets from the local lookup MAC forwarding outbound interface information into a ;

[0203] 添加发送模块604,用于若去除模块602得到的UNTAG数据报文是单播报文,则根据查找模块603从MAC转发表中查找到的出接口信息获取对应VLAN,将该对应VLAN的VLAN ID 添加到去除模块604得到的UNTAG数据报文中发送出去;其中,对应VLAN是标记VLAN或业务VLAN0 [0203] Add a sending module 604, configured to, if the data packet UNTAG removing module 602 is obtained unicast packet according to the forwarding table lookup module 603 to find out the MAC interface information acquired from the VLAN, the VLAN corresponding to the UNTAG VLAN ID is added to the data packet removing module 604 obtained in transmitted; wherein the VLAN is the VLAN tag or business VLAN0

[0204] 另外,该装置中还包括:复制模块,其中: [0204] Further, the apparatus further comprising: a replication module, wherein:

[0205] 查找模块,还用于若去除模块得到的UNTAG数据报文是组播报文,则根据该VNI和该UNTAG数据报文的目的MAC地址,从MAC转发表中查找到至少一个出接口信息; [0205] lookup module is further configured to, if the data packet UNTAG removing module is obtained multicast packet, then, from the MAC forwarding table lookup according to the destination MAC address and the VNI UNTAG packet data interface to at least one of the information;

[0206] 复制模块,用于若去除模块得到的UNTAG数据报文是组播报文,则针对查找模块从MAC转发表中查找到的每一个出接口信息,对该UNTAG数据报文进行复制; [0206] a copy module for removal if the data packet UNTAG module is obtained multicast packet, the lookup module for forwarding to find out each interface information from the MAC, the data packet replication UNTAG;

[0207] 添加发送模块,还用于若去除模块得到的UNTAG数据报文是组播报文,则根据查找模块从MAC转发表中查找到的每一个出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到复制模块得到的复制的UNTAG数据报文中发送出去。 [0207] adding and sending module is further configured to, if the module is removed UNTAG packets multicast packet is obtained, obtaining the VLAN according to the search module searches the MAC forwarding table to each of the interface information corresponding to the VLAN the VLAN ID is added to the data packet replication UNTAG replication module obtained transmitted.

[0208] 另外,该装置中还包括:复制模块,其中: [0208] Further, the apparatus further comprising: a replication module, wherein:

[0209] 查找模块,还用于若去除模块得到的UNTAG数据报文是广播报文或目的MAC地址未知的单播报文,则根据该VNI,从本地的广播转发表中查找到至少一个出接口信息; [0209] lookup module is further configured to, if the module is removed UNTAG packets are broadcast packets obtained unknown destination MAC addresses or unicast packets, then find from local broadcast forwarding table according to at least one exit interface to the VNI information;

[0210] 复制模块,用于若去除模块得到的UNTAG数据报文是广播报文或目的MAC地址未知的单播报文,则针对查找模块从广播转发表中查找到的每一个出接口信息,对该UNTAG数据报文进行复制; [0210] a copy module for removal if the module UNTAG packets are broadcast packets obtained unknown destination MAC addresses or a single multicast packet, the lookup module for forwarding to find out each interface information from the broadcast, for the UNTAG packet data replication;

[0211] 添加发送模块,还用于若去除模块得到的UNTAG数据报文是广播报文或目的MAC地址未知的单播报文,则根据查找模块从广播转发表中查找到的每一个出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到复制的UNTAG数据报文中发送出去。 [0211] adding and sending module is further configured to, if the module is removed UNTAG packets are broadcast packets obtained unknown destination MAC addresses or unicast packets, to then search from the broadcast forwarding table lookup module according to each of the interface information obtaining the VLAN, the VLAN corresponding to the VLAN ID is added to the replicated data packets UNTAG sent.

[0212] 其中,接入交换机用于连接物理服务器的物理端口上的vPort与标记VLAN—一对应;接入交换机用于连接该其它物理交换机的物理端口上的vPort与该其它物理交换机上的业务VLAN—一对应;则,当接收模块接收到的特定报文是物理服务器发来的802. IQ报文时,该802. IQ报文中携带的VLAN ID是标记VLAN的VLAN ID;当接收模块接收到的特定报文是其它物理交换机发来的802. IQ报文时,该802. IQ报文中携带的VLAN ID是业务VLAN的VLAN ID;当接收模块接收到的特定报文是其它物理交换机发来的隧道报文时,该隧道报文中携带的VLAN ID是业务VLAN的VLAN ID。 [0212] wherein, vPort with the markings on the physical port for connecting the access switch to a corresponding physical server VLAN-; vPort access switch for connecting a physical port on the other physical switch operations with the other physical switch corresponding to a VLAN-; then, when a particular message received by the receiving module is sent to the physical server 802. IQ packet, the 802. IQ packet carrying the VLAN ID of VLAN tag VLAN ID; when receiving module special message received other physical switches is sent 802. IQ packet, the 802. IQ packet carrying the VLAN ID of VLAN ID service VLAN; when a particular message is received by the receiving module other physical when the switch incoming tunnel packets, packet carried in the tunnel VLAN ID is a service VLAN of VLAN ID.

[0213] 其中,添加发送模块包括:VLAN查找单元、添加单元和发送单元,其中: [0213] wherein the transmitting module is added purpose: VLAN search unit, add unit and a sending unit, wherein:

[0214] VLAN查找单元,用于若查找模块查找到的一出接口信息是vPort的端口ID,则根据该vport的端口ID查找到对应VLAN; [0214] VLAN searching unit configured to, if the searching module to find an interface information is vPort port ID, then finds the corresponding port according to the VLAN ID of the vport;

[0215] 添加单元,用于将VLAN查找单元查找到的对应VLAN的VLAN ID,添加到UNTAG数据报文中,得到携带有该对应VLAN的VLAN ID的802. IQ报文; [0215] adding unit for the VLAN search unit found the VLAN corresponding to the VLAN ID, UNTAG added to the data packet, to obtain carries the VLAN ID of the VLAN 802. IQ packet;

[0216] 发送单元,用于将添加单元得到的802. IQ报文,通过该vport所在的物理端口发送出去;其中,该对应VLAN是标记VLAN或业务VLAN; [0216] transmitting unit for adding unit 802. IQ packet obtained through the physical port is located vport transmitted; wherein the VLAN is the VLAN tag or VLAN service;

[0217] 其中,当VLAN查找单元查找到的对应VLAN是标记VLAN时,发送单元将携带有标记VLAN的VLAN ID的802. IQ报文,通过该vport所在的物理端口发送给直连的物理服务器; [0217] wherein, when the searching unit VLAN of the VLAN is to find the tag VLAN, the transmitting unit carrying the VLAN ID of VLAN tag 802. IQ packet, the server directly connected to the physical transmission by the physical port is located vport ;

[0218] 当VLAN查找单元查找到的对应VLAN是业务VLAN时,发送单元将携带有业务VLAN的VLAN ID的802. IQ报文,通过该vport所在的物理端口发送给直连的其它物理交换机。 [0218] When the VLAN searching unit to find a service VLAN of the VLAN, the transmitting unit carrying packets 802. IQ VLAN with a VLAN ID of the service, it is sent to other physical switches are directly connected through the physical port is located vport.

[0219] 另外,VLAN查找单元,还用于若查找模块查找到的一出接口信息是交叠overlay隧道的隧道ID,则根据该隧道ID查找到对应的隧道信息,其中,该隧道信息中包括:该overlay 隧道的源IP地址和目的IP地址,以及该overlay隧道对应的出vport;还用于根据该出vport 查找到对应的业务VLAN; [0219] Further, VLAN search unit, if the searching module is further configured to find a tunnel interface information overlay is overlapped tunnel ID, then find the information corresponding to the tunnel based on the tunnel ID, where the tunnel information comprises : source IP address and destination IP address of the tunnel overlay, and an overlay tunnel corresponding vport; further configured to find out based on the corresponding service vport the VLAN;

[0220] 添加单元,还用于将VLAN查找单元查找到的隧道信息中包括的overlay隧道的源IP地址和目的IP地址、该VNI和该业务VLAN的VLAN ID添加到UNTAG数据报文中,得到隧道报文; [0220] adding unit is further configured to add the VLAN tunnel found searching unit information includes the source IP address and destination IP address of the overlay of the tunnel, the VNI and the VLAN ID of the service VLAN UNTAG data packet, to give tunnel packet;

[0221] 发送单元,还用于将添加单元得到的隧道报文,通过该出vport所在的物理端口发送给直连的其它物理交换机。 [0221] transmitting unit is further configured to add units derived tunnel packet is sent to the other physical switches are directly connected by the port where the physical vport.

[0222] 另外,该装置中还包括:建立模块、配置模块和绑定模块,其中: [0222] Further, the apparatus further comprising: a setup module, the configuration module and a binding module, wherein:

[0223] 建立模块,用于在接入交换机用于连接物理服务器的物理端口上建立vPort与标记VLAN之间的一一对应关系;还用于在接入交换机用于连接其它物理交换机的物理端口上建立vPort与该其它物理交换机上的业务VLAN之间的——对应关系; [0223] establishing module for establishing a mapping relationship between the VLAN tag vPort and physical access to the switch port physical server; for further physical port for connecting the access switch to other physical switch vPort established between the service VLAN on switch and the other physical - corresponding relationship;

[0224] 配置模块,用于在接入交换机上配置至少一个VNI; [0224] The configuration module configured to configure at least one access switch in VNI;

[0225] 绑定模块,用于在接入交换机用于连接物理服务器的物理端口上将每一个vPort 绑定到对应的VNI;还用于在接入交换机用于连接其它物理交换机的物理端口上将每一个vPort与一个VNI绑定。 [0225] Binding module configured to access a physical port on the switch connected to each of the physical server corresponding to the bound vPort VNI; also used to access the physical port connected to the switch for the other physical switch each of vPort bound to a VNI.

[0226] 综上,本申请以上实施例可以达到以下技术效果: [0226] In summary, the foregoing embodiment of the present application can achieve the following technical effects:

[0227] 本申请实施例中,提供了一种新的虚拟化系统,该系统中包括:物理服务器和接入交换机。 [0227] Example embodiments of the present application, a new virtual system, the system comprising: an access server and a physical switch. 物理服务器中包括:至少一个VM和采用SR-IOV技术的网卡,称为SR-IOV NIC,该SR-IOV NIC中包括L2vSwitch和多个VF;其中,VF与标记VLAN——对应;VM中安装有VF驱动,VM 对应于至少一个VF。 Physical server comprising: at least one VM and SR-IOV NIC using the technology known as SR-IOV the NIC, the NIC in the SR-IOV L2vSwitch and comprises a plurality of the VF; wherein, the VF corresponding to the mark VLAN--; VM installed there VF drive, VM corresponding to the at least one VF. 接入交换机用于连接物理服务器(具体为连接SR-IOV NIC)的物理端口上包括多个虚拟端口vPort,这些vPort与标记VLAN--对应;而且,接入交换机还与其它物理交换机直连,接入交换机用于连接其它物理交换机的物理端口上包括多个vPort,这些vPort与该其它物理交换机上的业务VLAN——对应;另外,交换机上还配置有多个VNI, vPort与VNI具有绑定关系。 Comprising a plurality of virtual ports on physical ports vPort access switch for connecting a physical server (specifically connected SR-IOV NIC), which vPort corresponding to the mark VLAN--; Further, the access switch is also directly connected with other physical switches, for connecting the access switch comprises a plurality of physical ports on vPort other physical switches, which corresponds to the service VLAN-- vPort on the other physical switch; in addition, further switches are arranged on a plurality of VNI, and VNI has a binding vPort relationship.

[0228] 在上述系统中,利用网卡虚拟化SR-IOV技术,将SR-IOV NIC作为PE,将接入交换机作为CB,构成了接入交换机+SR-IOV NIC组成的CB-PE架构。 [0228] In the above system, the use of SR-IOV NIC virtualization technology, the SR-IOV the NIC as PE, the access switch as CB, CB-PE constituting the access switch architecture + SR-IOV NIC thereof.

[0229] VM发出的不携带VLAN ID的UNTAG数据报文,会通过一VF到达L2vSwitch, L2vSwitch接收到该UNTAG数据报文后,根据该VF查找到对应的标记VLAN,将查找到的标记VLAN的VLAN ID添加到该UNTAG数据报文中,得到802. IQ报文,最后将该802. IQ报文发送给接入交换机。 [0229] does not carry a VLAN ID UNTAG packets VM sent, it arrives after L2vSwitch, L2vSwitch receiving the UNTAG data packet, to find the basis of the VF to a corresponding tagged VLAN, the found tagged VLAN by a VF UNTAG VLAN ID is added to the data packet, to give 802. IQ packet, the last transmission 802. IQ packet to the access switch. 从而,作为PE的SR-IOV NIC发出的报文是标准的802. IQ报文,没有增加任何特殊字段。 Thus, the packet as SR-IOV NIC PE standard is issued 802. IQ packet, without adding any special fields. 同样,作为CB的接入交换机发给作为PE的SR-IOV NIC的报文也是标准的802. IQ报文。 Similarly, as the access switch CB is sent to the PE as SR-IOV NIC is the standard message 802. IQ packet. 从而,PE收发的报文是标准的802. IQ报文,可以使用普通网卡,即通用的SR-IOV NIC作为PE,节省了成本,而且,互通性好,可以广泛应用。 Thus, PE and received message is a standard packet 802. IQ, ordinary card may be used, i.e. common SR-IOV NIC as PE, cost savings, and, good interoperability, can be widely applied.

[0230] 另外,接入交换机用于连接SR-IOV NIC的物理端口上的vPort与标记VLAN——对应,而标记VLAN与VF——对应,从而,SR-IOV NIC中的VF作为接入交换机在物理服务器内部的扩展虚拟端口,且每一个VF都对应到接入交换机的一个虚拟端口,这样,所有VM的数据流都会被引导到接入交换机上进行转发处理。 [0230] Further, the access switch for connecting vPort VLAN-- the mark corresponding to the SR-IOV NIC physical port, the VLAN tag corresponding to the VF--, thereby, the SR-IOV NIC VF as access switch extended physical internal server virtual ports, and each of VF corresponds to a virtual interface of the switch, so that all VM data stream will be directed to the access switch forwarding process. 由于VM上安装有VF驱动,并与至少一个VF对应, 因此每一个VM旁路了Hypervisor中的vSwitch,直接连接至SR-IOV NIC中的VF,从而实现了物理网络与VM的间接连接。 Since VF driver is mounted, and with at least one corresponding to VF, thus bypassing the Hypervisor each VM in the vSwitch, directly connected to the SR-IOV NIC VF, thereby achieving indirect connection to the physical network on the VM VM.

[0231] 使用本申请实施例,可以使得虚拟化环境下的IO性能充分利用网卡硬件能力,极大改善了虚拟化吞吐。 [0231] Example embodiments of the present application use can be made IO performance in virtualized environments full advantage of the hardware card capacity virtualization greatly improved throughput.

[0232] 以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。 [0232] The foregoing is only preferred embodiments of the present application only, not intended to limit the present application, within the spirit and principle of the present application, made any modifications, equivalent replacements and improvements should be included within the scope of protection of the present application.

Claims (19)

  1. 1. 一种虚拟化系统中的报文处理方法,其特征在于,所述虚拟化系统中包括:物理服务器及其直连的物理的接入交换机;所述物理服务器中包括:单根输入输出虚拟化SR-IOV网络接口卡NIC和至少一个虚拟机VM,所述SR-IOV NIC中包括虚拟交换机vSwitch和至少一个NIC的虚拟功能VF,VM通过VF连接至vSwitch;所述接入交换机用于连接所述物理服务器的物理端口上包括至少一个虚拟端口vPort;所述方法包括: vSwitch接收到VM通过该VM对应的一VF发来的不带标签UNTAG数据报文,其中,该UNTAG 数据报文中没有携带该VM的虚拟局域网VLAN标识ID; vSwitch根据该VF查找到对应的标记VLAN,将查找到的标记VLAN的VLAN ID添加到该UNTAG数据报文中,得到802. IQ报文;其中,VF与标记VLAN——对应; vSwitch将携带有标记VLAN的VLAN ID的802. IQ报文发送给本物理服务器直连的接入交换机;以使接入交换机去除该802. IQ 1. A message processing method in a virtualization system, characterized in that, the virtualization system comprising: a physical direct physical server and its access switch; said physical server including: a single input and output SR-IOV virtual network interface card NIC and the at least one virtual machine VM, the SR-IOV NIC and vSwitch virtual switch includes at least one virtual NIC function VF, VM is connected to the vSwitch through the VF; for the access switch connecting said physical server including at least one physical port vPort virtual port; said method comprising: vSwitch received via a VM VF sent untagged UNTAG data corresponding to the VM packet, wherein the packet data UNTAG the VM does not carry a VLAN identifier ID; vSwitch based on the VF finds the corresponding VLAN tag, the VLAN tag added to the look of the UNTAG VLAN ID to the data packet, to give 802. IQ packet; wherein, VF corresponding to the mark VLAN--; the vSwitch carrying the VLAN tag 802. IQ VLAN ID of the packet to a physical server is directly connected to the present access switch; removed to allow access switch 802. IQ 文中携带的虚拟局域网VLAN标识ID得到不带标签UNTAG数据报文,根据该VLAN ID查找到对应的vPort,根据该vPort查找到对应的虚拟化网络标识VNI;若得到的UNTAG数据报文是单播报文,则所述接入交换机根据该VNI和该UNTAG 数据报文的目的媒体访问控制MAC地址,从本地的MAC转发表中查找到一个出接口信息;根据该出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到该UNTAG数据报文中发送出去; 其中,所述对应VLAN是标记VLAN或业务VLAN。 Message contains a virtual LAN (VLAN) identification (ID) to obtain the untagged UNTAG data packets, finds the corresponding vPort based on the VLAN ID, find the corresponding virtual network identifier VNI According to this vPort; UNTAG data packet if the obtained single broadcast text, then the access switch to the medium access control according to the purpose and the VNI UNTAG packet data MAC address lookup from the local MAC forwarding to the outbound interface is described; corresponding to a VLAN based on the interface information, the VLAN ID of the VLAN UNTAG added to the data packet transmitted; wherein the VLAN is the VLAN tag or VLAN service.
  2. 2. 根据权利要求1所述的方法,其特征在于,还包括: vSwitch接收到本物理服务器直连的接入交换机发来的802. IQ报文,其中,该802. IQ报文中携带有标记VLAN的VLAN ID; vSwitch去除该802. IQ报文中携带的标记VLAN的VLAN ID,得到UNTAG数据报文; vSwitch根据该标记VLAN的VLAN ID查找到对应的VF的ID,将该UNTAG数据报文通过该ID所指示的VF发送给与该VF对应的VM。 2. The method according to claim 1, characterized in that, further comprising: vSwitch received this physical server directly connected to the access switch 802. IQ sent packet, which carries the 802. IQ packet has VLAN tag of VLAN ID; removing the vSwitch 802. IQ VLAN ID of the packet carries a VLAN tag to obtain the data packet UNTAG; the vSwitch finds the corresponding VF, VLAN ID according to the ID of the VLAN tag, the data packets UNTAG sending give the corresponding VF VF by the VM ID indicated. 3 ·根据权利要求1或2所述的方法,其特征在于,一个VM对应于至少一个VF,一个VF对应于一个VM。 3. The method of claim 1 or claim 2, wherein the at least one VM corresponding to a VF, a VF corresponding to a VM.
  3. 4. 一种虚拟化系统中的报文处理方法,其特征在于,所述虚拟化系统中包括:物理服务器及其直连的物理的接入交换机;所述物理服务器中包括:单根输入输出虚拟化SR-IOV网络接口卡NIC和至少一个虚拟机VM,所述SR-IOV NIC中包括虚拟交换机vSwitch和至少一个NIC的虚拟功能VF,VM通过VF连接至vSwitch;所述接入交换机用于连接所述物理服务器的物理端口上包括至少一个虚拟端口vPort;所述方法包括: 所述接入交换机接收到802. IQ报文时,所述接入交换机去除该802. IQ报文中携带的虚拟局域网VLAN标识ID得到不带标签UNTAG数据报文,根据该VLAN ID查找到对应的vPort,根据该vPor t查找到对应的虚拟化网络标识VNI; 若得到的UNTAG数据报文是单播报文,则所述接入交换机根据该VNI和该UNTAG数据报文的目的媒体访问控制MAC地址,从本地的MAC转发表中查找到一个出接口信息;根据该出接口 4. A packet processing method of a virtualized system, characterized in that, the virtualization system comprising: a physical direct physical server and its access switch; said physical server including: a single input and output SR-IOV virtual network interface card NIC and the at least one virtual machine VM, the SR-IOV NIC and vSwitch virtual switch includes at least one virtual NIC function VF, VM is connected to the vSwitch through the VF; for the access switch connecting said physical server including at least one physical port vPort virtual port; said method comprising: when the access switch 802. IQ packet is received, the access switch 802. IQ packet removed carried a VLAN tag ID obtained without labels UNTAG data packets, finds the corresponding vPort based on the VLAN ID, according to this vPor t find a corresponding virtual network identifier VNI; if UNTAG packets obtained unicast packet, the MAC address of the access switch control access to the medium according to the purpose and the VNI UNTAG data packets from the local lookup table to a MAC forwarding the interface information; based on the outgoing interface 息获取对应VLAN,将该对应VLAN的VLAN ID添加到该UNTAG数据报文中发送出去; 其中,所述对应VLAN是标记VLAN或业务VLAN; 所述接入交换机接收到的802. IQ报文是vSwitch经过处理后发送给本物理服务器直连的接入交换机得到的;所述vSwitch的处理过程为:vSwitch接收到VM通过该VM对应的一VF 发来的不带标签UNTAG数据报文,其中,该UNTAG数据报文中没有携带该VM的虚拟局域网VLAN标识ID;vSwitch根据该VF查找到对应的标记VLAN,将查找到的标记VLAN的VLAN ID添加到该UNTAG数据报文中,得到802. IQ报文;其中,VF与标记VLAN——对应;vSwitch将携带有标记VLAN的VLAN ID的802. IQ报文发送给本物理服务器直连的接入交换机。 Obtaining the VLAN information, the VLAN corresponding to the VLAN ID is added to the data packet UNTAG sent; wherein the VLAN is the VLAN tag or VLAN service; received by the access switch 802. IQ packet is vSwitch transmission after treatment according to the physical server directly connected to access switches obtained; the process is vSwitch: vSwitch received via a VM VF UNTAG packets sent without tags corresponding to the VM, wherein the data packet UNTAG the VM does not carry a VLAN identifier ID; vSwitch the VLAN ID is added to the VF finds the corresponding VLAN tag, the VLAN tag to find the UNTAG to the data packet, to give 802. IQ packet; wherein, VF VLAN-- corresponding to the mark; the vSwitch carrying the VLAN ID of VLAN tag 802. IQ packet to the physical servers directly connected to the present access switches.
  4. 5. 根据权利要求4所述的方法,其特征在于,还包括: 若得到的UNTAG数据报文是组播报文,则所述接入交换机根据该VNI和该UNTAG数据报文的目的MAC地址,从所述MAC转发表中查找到至少一个出接口信息;针对每一个出接口信息,对该UNTAG数据报文进行复制,根据该出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到复制的UNTAG数据报文中发送出去。 The method according to claim 4, characterized in that, further comprising: if the data packet UNTAG multicast packets is obtained, then the access switch according to the destination MAC address and the VNI of the data packet UNTAG Find from the MAC forwarding table to at least one of the interface information; information for each of the interfaces, the data packet replication UNTAG, acquired based on the outgoing interface of the VLAN information, the VLAN corresponding to the VLAN ID is added to UNTAG copy of the data messages to be sent out.
  5. 6. 根据权利要求4所述的方法,其特征在于,还包括: 若得到的UNTAG数据报文是广播报文或目的MAC地址未知的单播报文,则所述接入交换机根据该VNI,从本地的广播转发表中查找到至少一个出接口信息;针对每一个出接口信息,对该UNTAG数据报文进行复制,根据该出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到复制的UNTAG数据报文中发送出去。 6. The method according to claim 4, characterized in that, further comprising: UNTAG data packet if the broadcast packet is obtained or destination MAC address is unknown unicast packets, the access switch according to the VNI, from local broadcast forwarding table to find at least one of the interface information; information for each of the interfaces, the data packet replication UNTAG, the interface information corresponding to the VLAN acquired according to the VLAN corresponding to the VLAN ID is added to the copied UNTAG data messages to be sent out.
  6. 7. 根据权利要求4-6中任一项所述的方法,其特征在于,所述接入交换机用于连接物理服务器的物理端口上的vPort与标记VLAN——对应;所述接入交换机用于连接其它物理交换机的物理端口上的vPort与该其它物理交换机上的业务VLAN——对应; 当特定报文是物理服务器发来的802. IQ报文时,该802. IQ报文中携带的VLAN ID是标记VLAN的VLAN ID; 当该特定报文是其它物理交换机发来的802 . IQ报文时,该802 . IQ报文中携带的VLAN ID是业务VLAN的VLAN ID; 当该特定报文是其它物理交换机发来的隧道报文时,该隧道报文中携带的VLAN ID是业务VLAN的VLAN ID。 7. A method according to any one of claims 4-6, characterized in that, the access switch for vPort VLAN-- the mark corresponding to the physical port connected to a physical server; the access switch with is connected to the physical port of the other physical switches corresponding to VLAN-- vPort business on the other physical switch; when a particular message is sent to the physical server 802. IQ packet, the 802. IQ packet carries the the VLAN ID is untagged VLAN VLAN ID; when the particular message is another physical switch sent 802 IQ packet, the 802 IQ packet carries a VLAN ID is the service VLAN of the VLAN ID;.. when the particular message when other physical packet switch is sent to a tunnel packet, the tunnel packet to the VLAN ID carried in the service VLAN VLAN ID.
  7. 8. 根据权利要求7所述的方法,其特征在于,根据该出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到UNTAG数据报文中发送出去的方法包括: 若该出接口信息是vPort的端口ID,则根据该vPort的端口ID查找到对应VLAN,将该对应VLAN的VLAN ID添加到该UNTAG数据报文中,将得到的携带有该对应VLAN的VLAN ID的802.1Q报文,通过该vPort所在的物理端口发送出去;其中,该对应VLAN是标记VLAN或业务VLAN; 当该对应VLAN是标记VLAN时,将携带有标记VLAN的VLAN ID的802 . IQ报文,通过该vPort所在的物理端口发送给直连的物理服务器; 当该对应VLAN是业务VLAN时,将携带有业务VLAN的VLAN ID的802 . IQ报文,通过该vPort所在的物理端口发送给直连的其它物理交换机。 8. The method according to claim 7, characterized in that, based on the acquired outgoing interface of the VLAN information, the VLAN corresponding to the VLAN ID is added to the method of UNTAG sent the data packet comprises: if the outbound interface information is vPort port ID, the port ID is searched according to the corresponding vPort VLAN, the VLAN corresponding to the VLAN ID is added to the data packet UNTAG, obtained carries the correspondence 802.1Q VLAN ID of the VLAN packet, sent through the physical port of the vPort located out; wherein the the VLAN is tagged VLAN or service VLAN; when the the VLAN is tagged VLAN, carrying the 802 IQ packet the VLAN ID tagged VLAN through which vPort located. the physical port to physical server directly connected; when the correspondence VLAN is the service VLAN, carrying the 802 IQ packet VLAN ID of the service VLAN of physical port through which vPort located to a directly connected to the other physical switch. .
  8. 9. 根据权利要求8所述的方法,其特征在于,根据该出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到UNTAG数据报文中发送出去的方法还包括: 若该出接口信息是交叠overlay隧道的隧道ID,则根据该隧道ID查找到对应的隧道信息,其中,该隧道信息中包括:该over lay隧道的源IP地址和目的IP地址,以及该over lay隧道对应的出vPort; 根据该出vPort查找到对应的业务VLAN,将该overlay隧道的源IP地址和目的IP地址、 该VNI和该业务VLAN的VLAN ID添加到该UNTAG数据报文中,将得到的隧道报文通过该出vPort所在的物理端口发送给直连的其它物理交换机。 9. The method according to claim 8, wherein the obtaining the VLAN based on the interface information, the VLAN corresponding to the VLAN ID is added to the method of UNTAG sent the data packet further comprises: if the outbound interface information overlay overlapping tunnel is a tunnel ID, then find the information corresponding to the tunnel based on the tunnel ID, where the tunnel information includes: the source IP address and destination IP address of the tunnel over lay, and the corresponding tunnel over lay vPort; vPort to find out based on the corresponding service VLAN, the source IP address and destination IP address of the tunnel overlay, VNI, and add the service VLAN of the VLAN ID to the UNTAG data packet, the tunnel packet resulting other physical port to a switch through which a direct physical vPort located.
  9. 10. 根据权利要求7所述的方法,其特征在于,还包括: 在所述接入交换机用于连接物理服务器的物理端口上建立vPort与标记VLAN之间的一一对应关系; 在所述接入交换机上配置至少一个VNI; 在所述接入交换机用于连接物理服务器的物理端口上将每一个vPort绑定到对应的VNI ; 在所述接入交换机用于连接其它物理交换机的物理端口上建立vPort与该其它物理交换机上的业务VLAN之间的——对应关系;在该物理端口上将每一个vPort与一个VNI绑定。 10. The method according to claim 7, characterized in that, further comprising: establishing a mapping relationship between the VLAN tag vPort and the access switch in the physical port connected to a physical server; in the ground at least one switch disposed on the VNI; physical port on the access switch for connecting each physical server corresponding to the bound vPort VNI; in the access switch port physically connected to the other physical switch vPort established between the service VLAN on switch and the other physical - corresponding relationship; each with a VNI vPort physically bound to the port.
  10. 11. 一种虚拟化系统中的报文处理装置,其特征在于,所述虚拟化系统中包括:物理服务器及其直连的物理的接入交换机;所述物理服务器中包括:单根输入输出虚拟化SR-IOV 网络接口卡NIC和至少一个虚拟机VM,所述SR-IOV NIC中包括虚拟交换机vSwitch和至少一个NIC的虚拟功能VF,VM通过VF连接至vSwitch;所述接入交换机用于连接所述物理服务器的物理端口上包括至少一个虚拟端口vPort;所述vSwitch包括: 接收模块,用于接收VM通过该VM对应的一VF发来的不带标签UNTAG数据报文,其中,该UNTAG数据报文中没有携带该VM的虚拟局域网VLAN标识ID; 查找模块,用于在所述接收模块接收到VM通过该VM对应的一VF发来的UNTAG数据报文之后,根据该VF查找到对应的标记VLAN; 处理模块,用于将所述查找模块查找到的标记VLAN的VLAN ID添加到所述接收模块接收到的UNTAG数据报文中,得到802. IQ报文;其 11. An apparatus for processing packets virtualized system, characterized in that, the virtualization system comprising: a physical direct physical server and its access switch; said physical server including: a single input and output SR-IOV virtual network interface card NIC and the at least one virtual machine VM, the SR-IOV NIC and vSwitch virtual switch includes at least one virtual NIC function VF, VM is connected to the vSwitch through the VF; for the access switch connecting said physical server including at least one physical port vPort virtual port; the vSwitch comprising: receiving means for receiving a VM through VF sent untagged UNTAG packets corresponding to the VM, wherein the UNTAG data packets of the VM does not carry a VLAN identifier ID; after the searching module, the receiving module for receiving a VM through VF UNTAG sent data packets corresponding to the VM, based on the VF finds the corresponding VLAN tag; processing module, configured to find the lookup module VLAN ID to the VLAN tag added to UNTAG data packets received by the receiving module, to give 802. IQ packet; which 中,VF与标记VLAN——对应; 发送模块,用于将所述处理模块得到的携带有标记VLAN的VLAN ID的802. IQ报文,发送给本物理服务器直连的接入交换机;以使接入交换机去除该802. IQ报文中携带的虚拟局域网VLAN标识ID得到不带标签UNTAG数据报文,根据该VLAN ID查找到对应的vPort,根据该vPort查找到对应的虚拟化网络标识VNI;若得到的UNTAG数据报文是单播报文,则所述接入交换机根据该VNI和该UNTAG数据报文的目的媒体访问控制MAC地址,从本地的MAC转发表中查找到一个出接口信息;根据该出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到该UNTAG数据报文中发送出去; 其中,所述对应VLAN是标记VLAN或业务VLAN。 In, the VF corresponding to the mark VLAN--; transmitting means for carrying the VLAN ID of VLAN tag 802. IQ packet obtained by the processing module, sent to the server directly connected with the present physical access switch; such that removing the access switch 802. IQ packet carries a VLAN identifier ID is obtained UNTAG packets without labels, finds the corresponding vPort based on the VLAN ID, according to this vPort find a corresponding virtual network identifier VNI; If the data packet obtained UNTAG unicast packet, the access control (MAC) address of the switch according to the purpose of the media access UNTAG the VNI and data packets from the local lookup table to a MAC forwarding the interface information; the the interface to the VLAN corresponding to information acquisition, the VLAN corresponding to the VLAN ID is added to the data packet UNTAG sent; wherein the VLAN is the VLAN tag or VLAN service.
  11. 12. 根据权利要求11所述的装置,其特征在于, 所述接收模块,还用于接收本物理服务器直连的接入交换机发来的802. IQ报文,其中, 该802. IQ报文中携带有标记VLAN的VLAN ID; 所述处理模块,还用于在所述接收模块接收到本物理服务器直连的接入交换机发来的802. IQ报文之后,去除该802. IQ报文中携带的标记VLAN的VLANID,得到UNTAG数据报文; 所述查找模块,还用于根据所述接收模块接收到的802. IQ报文中的标记VLAN的VLAN ID查找到对应的VF的ID; 所述发送模块,还用于将所述处理模块得到的UNTAG数据报文,通过所述查找模块查找到的ID所指示的VF发送给与该VF对应的VM。 12. The apparatus according to claim 11, wherein the receiving module is further configured to receive this physical server directly connected to access switches sent 802. IQ packet, wherein the packet 802. IQ carries a VLAN tag of VLAN ID; after the processing module is further configured to receive this physical server directly connected to access switch sent the 802. IQ packet receiving module 802. IQ packet removed the VLAN tag carried in the VLANID, UNTAG obtain data packet; said searching module is further configured to find the received packets 802. IQ VLAN tag of VLAN ID corresponding to the ID of VF by the receiving module; the sending module is further configured UNTAG packet data obtained by the processing module, lookup module looks VF to the ID indicated by the VF sent to a corresponding VM.
  12. 13. 根据权利要求11或12所述的装置,其特征在于,一个VM对应于至少一个VF,一个VF 对应于一个VM。 13. The apparatus according to claim 11 or claim 12, wherein the at least one VM corresponding to a VF, a VF corresponding to a VM.
  13. 14. 一种虚拟化系统中的报文处理装置,其特征在于,所述虚拟化系统中包括:物理服务器及其直连的物理的接入交换机;所述物理服务器中包括:单根输入输出虚拟化SR-IOV 网络接口卡NIC和至少一个虚拟机VM,所述SR-I0VNIC中包括虚拟交换机vSwitch和至少一个NIC的虚拟功能VF,VM通过VF连接至vSwitch;所述接入交换机用于连接所述物理服务器的物理端口上包括至少一个虚拟端口vPort;所述接入交换机包括: 接收模块,用于接收特定报文;其中,接收到的特定报文是直连的物理服务器或其它物理交换机发来的802. IQ报文,或是直连的其它物理交换机发来的隧道报文; 去除模块,用于当所述接收模块接收到的特定报文是802. IQ报文时,去除该802. IQ报文中携带的虚拟局域网VLAN标识ID得到UNTAG数据报文;还用于当所述接收模块接收到的特定报文是隧道报文时,去除该隧道报文中 14. A message processing apparatus of the virtualized system, characterized in that, the virtualization system comprising: a physical direct physical server and its access switch; said physical server including: a single input and output SR-IOV virtual network interface card NIC and the at least one virtual machine VM, including in the SR-I0VNIC vSwitch virtual switch and at least one virtual NIC function VF, VM is connected to the vSwitch through the VF; for connecting the access switch the physical port on the physical server includes at least one virtual port vPort; the access switch comprising: a receiving module, configured to receive a specific message; wherein the specific message received physical server is directly connected to the switch or other physical sent the 802. IQ packet, or other physical switches directly connected to the tunnel packet sent; when removing module, the receiving module configured to, when the particular message is received 802. IQ packet, removing the 802. IQ packet carries a VLAN identifier ID is obtained UNTAG data packet; receiving module is further configured to, when the special message received is a tunnel packet, the tunnel packet is removed 的交叠overlay隧道的源因特网协议IP地址和目的IP地址、VNI和VLAN ID,得到UNTAG数据报文; 查找模块,用于当所述接收模块接收到的特定报文是802. IQ报文时,根据该802. IQ报文中携带的VLAN ID查找到对应的vPort,根据该vPort查找到对应的虚拟化网络标识VNI; 还用于若所述去除模块得到的UNTAG数据报文是单播报文,则根据该VNI和该UNTAG数据报文的目的媒体访问控制MAC地址,从本地的MAC转发表中查找到一个出接口信息; 添加发送模块,用于若所述去除模块得到的UNTAG数据报文是单播报文,则根据所述查找模块从所述MAC转发表中查找到的出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到所述去除模块得到的UNTAG数据报文中发送出去; 其中,所述对应VLAN是标记VLAN或业务VLAN; 所述接入交换机接收到的802. IQ报文是vSwitch经过处理后发送给本物理服务器直连的接入交换 Overlay overlapping internet protocol tunnel source IP address and destination IP address, VNI, and VLAN ID, the data packet to obtain UNTAG; searching module, the receiving module configured to, when the particular message is received 802. IQ packet time Find 802. the VLAN ID carried in the IQ packet to the corresponding vPort, find the corresponding virtual network identifier based on the VNI vPort; for further removing UNTAG if the data packet block is a unicast packet obtained , the medium access control according to the purpose of the VNI and the data packet UNTAG MAC address from the local MAC lookup in a forwarding an interface information; adding and sending module, configured to UNTAG datagram if the text block obtained by removing the a unicast packet, then according to the lookup module from the MAC forwarding table to find an interface information obtaining the VLAN, the VLAN corresponding to the VLAN ID is added to remove the data packets sent UNTAG module obtained ; wherein the VLAN is the VLAN tag or VLAN service; received by the access switch 802. IQ packet is transmitted to the vSwitch after treatment present a physical server is directly connected to the access switch 得到的;所述vSwitch的处理过程为:vSwitch接收到VM通过该VM对应的一VF 发来的不带标签UNTAG数据报文,其中,该UNTAG数据报文中没有携带该VM的虚拟局域网VLAN标识ID;vSwitch根据该VF查找到对应的标记VLAN,将查找到的标记VLAN的VLAN ID添加到该UNTAG数据报文中,得到802. IQ报文;其中,VF与标记VLAN——对应;vSwitch将携带有标记VLAN的VLAN ID的802. IQ报文发送给本物理服务器直连的接入交换机得到的。 Obtained; the process is vSwitch: vSwitch received via a VM VF sent untagged UNTAG packet data corresponding to the VM, wherein the UNTAG data packet does not carry a VLAN identifier for the VM ID; vSwitch based on the VF finds the corresponding VLAN tag, the VLAN tag added to the look of the UNTAG VLAN ID to the data packet, to give 802. IQ packet; wherein, VLAN-- VF corresponding to the mark; the vSwitch will carries a VLAN ID of VLAN tag 802. IQ packet to the physical servers directly connected to the present access switch obtained.
  14. 15. 根据权利要求14所述的装置,其特征在于,还包括:复制模块,其中: 所述查找模块,还用于若所述去除模块得到的UNTAG数据报文是组播报文,则根据该VNI和该UNTAG数据报文的目的MAC地址,从所述MAC转发表中查找到至少一个出接口信息; 所述复制模块,用于若所述去除模块得到的UNTAG数据报文是组播报文,则针对所述查找模块从所述MC转发表中查找到的每一个出接口信息,对该UNTAG数据报文进行复制; 所述添加发送模块,还用于若所述去除模块得到的UNTAG数据报文是组播报文,则根据所述查找模块从所述MAC转发表中查找到的每一个出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到所述复制模块得到的复制的UNTAG数据报文中发送出去。 15. The apparatus according to claim 14, characterized in that, further comprising: a replication module, wherein: the searching module is further configured to, if the data packet UNTAG removing module multicast packet is obtained, in accordance with the the VNI UNTAG and destination MAC addresses of the data packets from the MAC forwarding table to find at least one of the interface information; the copy module configured to, if the data packet UNTAG removing module is obtained multicast Wen, the module for rotation from the lookup table to find the MC to each of the interface information, the copy UNTAG data packet; transmitting said adding module is further configured UNTAG obtained if the module is removed data packet is a multicast packet, the module according to the lookup from the MAC forwarding table to find the interface to each of the VLAN information acquisition, add the VLAN ID of the VLAN to copy the copy module obtained the UNTAG data messages to be sent out.
  15. 16. 根据权利要求14所述的装置,其特征在于,还包括:复制模块,其中: 所述查找模块,还用于若所述去除模块得到的UNTAG数据报文是广播报文或目的MAC地址未知的单播报文,则根据该VNI,从本地的广播转发表中查找到至少一个出接口信息; 所述复制模块,用于若所述去除模块得到的UNTAG数据报文是广播报文或目的MAC地址未知的单播报文,则针对所述查找模块从所述广播转发表中查找到的每一个出接口信息, 对该UNTAG数据报文进行复制; 所述添加发送模块,还用于若所述去除模块得到的UNTAG数据报文是广播报文或目的MAC地址未知的单播报文,则根据所述查找模块从所述广播转发表中查找到的每一个出接口信息获取对应VLAN,将该对应VLAN的VLAN ID添加到复制的UNTAG数据报文中发送出去。 16. Apparatus according to claim 14, characterized in that, further comprising: a replication module, wherein: the searching module is further configured to, if the data packet UNTAG removing module is obtained or broadcast packet destination MAC address unknown unicast packets, then according to the VNI, Find local broadcast forwarding to the at least one exit interface information; the copy module configured to, if the data packet UNTAG removing module is obtained broadcast packet or object MAC address is unknown unicast packets is found from the broadcast forwarding table for each of the modules to find the interface information, the data packet replication UNTAG; adding the sending module is further configured to, if the removing said data packets UNTAG module is obtained broadcast packet or an unknown destination MAC address unicast packet, the lookup module according to the lookup table from the broadcast forwarding to an interface to each of the VLAN corresponding to information acquisition, the VLAN ID of the VLAN to the replication of data packets UNTAG sent.
  16. 17. 根据权利要求14-16中任一项所述的装置,其特征在于,所述接入交换机用于连接物理服务器的物理端口上的vPort与标记VLAN——对应;所述接入交换机用于连接该其它物理交换机的物理端口上的vPort与该其它物理交换机上的业务VLAN——对应; 当所述接收模块接收到的特定报文是物理服务器发来的802. IQ报文时,该802. IQ报文中携带的VLAN ID是标记VLAN的VLAN ID;当所述接收模块接收到的特定报文是其它物理交换机发来的802. IQ报文时,该802. IQ报文中携带的VLAN ID是业务VLAN的VLAN ID;当所述接收模块接收到的特定报文是其它物理交换机发来的隧道报文时,该隧道报文中携带的VLAN ID是业务VLAN的VLAN ID。 17. The apparatus as claimed in any one of claims 14-16, wherein said access switch for vPort VLAN-- the mark corresponding to the physical port connected to a physical server; the access switch with vPort connection to the service VLAN-- corresponding to the other physical switches on the other physical port of the physical switch; when a specific message to the receiving module is sent to the physical server 802. IQ packet, the 802. IQ packet carries a VLAN ID is the VLAN ID of VLAN tag; when a particular message received by the receiving module is sent to the other physical switch 802. IQ packet, the packet 802. IQ carries service VLAN is the VLAN ID of VLAN ID; when a particular message received by the receiving module is sent to the other physical switch when the tunnel packet, the tunnel packet to the VLAN ID carried in the service VLAN VLAN ID.
  17. 18. 根据权利要求17所述的装置,其特征在于,所述添加发送模块包括: VLAN查找单元,用于若所述查找模块查找到的一出接口信息是vPort的端口ID,则根据该vPort的端口ID查找到对应VLAN; 添加单元,用于将所述VLAN查找单元查找到的对应VLAN的VLAN ID,添加到UNTAG数据报文中,得到携带有该对应VLAN的VLAN ID的802. IQ报文; 发送单元,用于将所述添加单元得到的802. IQ报文,通过该vPort所在的物理端口发送出去;其中,该对应VLAN是标记VLAN或业务VLAN; 当所述VLAN查找单元查找到的对应VLAN是标记VLAN时,所述发送单元将携带有标记VLAN的VLAN ID的802. IQ报文,通过该vPort所在的物理端口发送给直连的物理服务器; 当所述VLAN查找单元查找到的对应VLAN是业务VLAN时,所述发送单元将携带有业务VLAN的VLAN ID的802. IQ报文,通过该vPort所在的物理端口发送给直连的其它物理交换机。 18. The apparatus according to claim 17, wherein said adding and sending module purpose: VLAN searching unit, the searching module is used if the searched port is an interface information vPort ID, then according to this vPort finds the corresponding port VLAN ID; adding unit for the VLAN lookup unit searches the VLAN ID corresponding to the VLAN, UNTAG added to the data packet, to obtain carries the VLAN corresponding to the VLAN ID of the packet 802. IQ ; a sending unit, configured to add the unit 802. IQ packet obtained by the physical port is located vPort transmitted; wherein the VLAN is the VLAN tag or VLAN service; when the unit searches to find VLAN the VLAN is the VLAN tag, the transmission unit carries a VLAN ID of VLAN tag 802. IQ packet, the server directly connected to the physical transmission by the physical port is located vPort; when the unit searches to find VLAN VLAN is the VLAN corresponding to the service, said transmitting unit carrying packets 802. IQ VLAN ID of the VLAN traffic, through the physical port is located vPort sent to other physical switches are directly connected.
  18. 19. 根据权利要求18所述的装置,其特征在于, 所述VLAN查找单元,还用于若所述查找模块查找到的一出接口信息是交叠overlay隧道的隧道ID,则根据该隧道ID查找到对应的隧道信息,其中,该隧道信息中包括:该overlay 隧道的源IP地址和目的IP地址,以及该overlay隧道对应的出vPort;还用于根据该出vPort 查找到对应的业务VLAN; 所述添加单元,还用于将所述VLAN查找单元查找到的隧道信息中包括的over lay隧道的源IP地址和目的IP地址、该VNI和该业务VLAN的VLAN ID添加到UNTAG数据报文中,得到隧道报文; 所述发送单元,还用于将所述添加单元得到的隧道报文,通过该出vPort所在的物理端口发送给直连的其它物理交换机。 19. The apparatus according to claim 18, wherein said VLAN searching unit, the searching module is further configured to find if the interface information is an overlay overlapping tunnel ID of the tunnel, the tunnel ID in accordance with the find the information corresponding to the tunnel, wherein the tunnel information comprising: a source IP address and destination IP address of the tunnel overlay, and an overlay tunnel corresponding vPort; further configured to find the corresponding service VLAN based on the vPort; said adding unit is further configured to add the source IP address and destination IP address of the lookup unit searches the VLAN information included in the tunnel over lay tunnel, VNI, and the service VLAN of the VLAN ID to the data packet UNTAG to obtain a tunnel packet; and the sending unit is further configured to add the obtained packet tunneling unit, sent to other physical switches are directly connected by the port where the physical vPort.
  19. 20. 根据权利要求17所述的装置,其特征在于,还包括: 建立模块,用于在所述接入交换机用于连接物理服务器的物理端口上建立vPort与标记VLAN之间的一一对应关系;还用于在所述接入交换机用于连接其它物理交换机的物理端口上建立vPort与该其它物理交换机上的业务VLAN之间的——对应关系; 配置模块,用于在所述接入交换机上配置至少一个VNI; 绑定模块,用于在所述接入交换机用于连接物理服务器的物理端口上将每一个vPort 绑定到对应的VNI;还用于在所述接入交换机用于连接其它物理交换机的物理端口上将每一个vPort与一个VNI绑定D 20. The apparatus according to claim 17, characterized in that, further comprising: establishing means for establishing the access switch to one correspondence between the tag VLAN vPort physical port physical server ; for the access switch further for establishing a service VLAN vPort between the switch and the other physical port physically connected to the other physical switch - a correspondence relationship; configuration module in the access switch at least one configuration VNI; binding means for physically connecting the access switch for each physical port of the server corresponding to the bound vPort VNI; it is also used for connecting the access switch physical ports on each of the other physical switch vPort D with a binding VNI
CN 201410118957 2014-03-27 2014-03-27 Packet processing method and apparatus in virtualized system CN103873374B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201410118957 CN103873374B (en) 2014-03-27 2014-03-27 Packet processing method and apparatus in virtualized system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201410118957 CN103873374B (en) 2014-03-27 2014-03-27 Packet processing method and apparatus in virtualized system

Publications (2)

Publication Number Publication Date
CN103873374A true CN103873374A (en) 2014-06-18
CN103873374B true CN103873374B (en) 2017-08-11

Family

ID=50911513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201410118957 CN103873374B (en) 2014-03-27 2014-03-27 Packet processing method and apparatus in virtualized system

Country Status (1)

Country Link
CN (1) CN103873374B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104092595B (en) * 2014-07-21 2017-10-27 新华三技术有限公司 Based packet processing method and apparatus in virtualized system of 802.1br
CN104243608B (en) * 2014-09-29 2018-02-06 华为技术有限公司 A method of communication, cloud management server and virtual switch
US9984028B2 (en) 2014-10-31 2018-05-29 Arris Enterprises Llc Redundancy for port extender chains
CN106664242A (en) * 2015-07-03 2017-05-10 华为技术有限公司 Network configuration method, network system and device
CN105245456A (en) * 2015-10-20 2016-01-13 浪潮(北京)电子信息产业有限公司 Method and system for unloading SDN virtual network function in cloud server
CN107580077A (en) * 2016-07-04 2018-01-12 南京中兴新软件有限责任公司 A public network IP distribution method and apparatus and a virtualized data center system
CA2991208A1 (en) * 2016-11-09 2018-05-09 Zhou Yu Packet processing method in cloud computing system, host, and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101809943A (en) * 2007-09-24 2010-08-18 英特尔公司 Method and system for virtual port communications
WO2011078861A1 (en) * 2009-12-23 2011-06-30 Intel Corporation A computer platform providing hardware support for virtual inline appliances and virtual machines
CN102549977A (en) * 2009-09-24 2012-07-04 日本电气株式会社 Identification system for inter-virtual-server communication and identification method for inter-virtual-server communication
CN102790792A (en) * 2011-05-19 2012-11-21 株式会社日立制作所 Method and apparatus of connectivity discovery between network switch and server based on vlan identifiers
CN103201721A (en) * 2012-08-29 2013-07-10 华为技术有限公司 Virtual machine thermal migration system and method
CN103444135A (en) * 2011-06-02 2013-12-11 惠普发展公司,有限责任合伙企业 Network virtualization

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101809943A (en) * 2007-09-24 2010-08-18 英特尔公司 Method and system for virtual port communications
CN102549977A (en) * 2009-09-24 2012-07-04 日本电气株式会社 Identification system for inter-virtual-server communication and identification method for inter-virtual-server communication
WO2011078861A1 (en) * 2009-12-23 2011-06-30 Intel Corporation A computer platform providing hardware support for virtual inline appliances and virtual machines
CN102790792A (en) * 2011-05-19 2012-11-21 株式会社日立制作所 Method and apparatus of connectivity discovery between network switch and server based on vlan identifiers
CN103444135A (en) * 2011-06-02 2013-12-11 惠普发展公司,有限责任合伙企业 Network virtualization
CN103201721A (en) * 2012-08-29 2013-07-10 华为技术有限公司 Virtual machine thermal migration system and method

Also Published As

Publication number Publication date Type
CN103873374A (en) 2014-06-18 application

Similar Documents

Publication Publication Date Title
US7660306B1 (en) Virtualizing the operation of intelligent network interface circuitry
US8194674B1 (en) System and method for aggregating communications and for translating between overlapping internal network addresses and unique external network addresses
US20060245438A1 (en) Metro ethernet network with scaled broadcast and service instance domains
US20090083445A1 (en) Method and system for virtual port communications
US8824485B2 (en) Efficient software-based private VLAN solution for distributed virtual switches
US20110299533A1 (en) Internal virtual network identifier and internal policy identifier
US20130322446A1 (en) Virtual ethernet port aggregation (vepa)-enabled multi-tenant overlay network
US20110090911A1 (en) Method and apparatus for transparent cloud computing with a virtualized network infrastructure
US7983257B2 (en) Hardware switch for hypervisors and blade servers
US20130142201A1 (en) Connecting on-premise networks with public clouds
US20140092907A1 (en) Method and system for virtual and physical network integration
US20110299531A1 (en) Flooding packets on a per-virtual-network basis
US20090213859A1 (en) Shared l2 bridging domains for l3 virtual networks
US20130346583A1 (en) Network virtualization
US20110261826A1 (en) Forwarding Data Frames With a Distributed Fiber Channel Forwarder
US9356866B1 (en) Receive packet steering for virtual networks
US20140201733A1 (en) Scalable network overlay virtualization using conventional virtual switches
WO2014031781A1 (en) Global vlans for fabric switches
US20140050091A1 (en) Load balancing overlay network traffic using a teamed set of network interface cards
US20140321459A1 (en) Architecture for agentless service insertion
JP2007219873A (en) Switch and network bridge device
US20130322453A1 (en) Routing vlan tagged packets to far end addresses of virtual forwarding instances using separate administrations
US20140192804A1 (en) Systems and methods for providing multicast routing in an overlay network
US20130044629A1 (en) Virtual network overlays and methods of forming thereof
US20130136123A1 (en) Method and apparatus for implementing a flexible virtual local area network

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
CB02
GR01