CN104184686A - Method and device for controlling broadcast traffic on edge virtual bridge link - Google Patents
Method and device for controlling broadcast traffic on edge virtual bridge link Download PDFInfo
- Publication number
- CN104184686A CN104184686A CN201410411861.9A CN201410411861A CN104184686A CN 104184686 A CN104184686 A CN 104184686A CN 201410411861 A CN201410411861 A CN 201410411861A CN 104184686 A CN104184686 A CN 104184686A
- Authority
- CN
- China
- Prior art keywords
- vlan
- channel
- switch
- service provider
- virtual switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides a method and device for controlling the broadcast traffic on an edge virtual bridge link. The method and device are applied to a Hypervisor in a server of an EVB framework. The method comprises the steps that a service provider channel state maintenance message corresponding to a virtual switch in the server is generated, wherein the message contains a VLAN ID and a state configuration identifier; the service provider channel state maintenance message is sent to a switch connected to the server through an S-channel corresponding to the virtual switch so that the switch can generate ACL table items corresponding to the S-channel according to the state configuration identifier, wherein the ACL table items are used for limiting transmission of a broadcast message corresponding to the VLAN ID to the virtual switch by the S-channel. By means of the technical scheme, the server can be used for controlling the broadcast message traffic from the switch, so that the safety is improved beneficially, and bandwidth waste is avoided.
Description
Technical field
The present invention relates to communication technical field, relate in particular to the method and apparatus of controlling broadcast traffic on the virtual bridged link in edge.
Background technology
EVB (Edge Virtual Bridging, edge is virtual bridged) technology occurs for settlement server is virtual, its core concept is by VM (virtual machine, Virtual Machine) flow (comprising the flow between each VM on same server) is all given the switch direct-connected with server and is exchanged and process, thereby make traffic policing and network control implementation of strategies become possibility, also make server internal network and outside switching network can unify to dispose and manage.
Summary of the invention
In view of this, the invention provides a kind of new technical scheme, can solve the bandwidth waste existing on EVB link and the technical problem with potential safety hazard.
For achieving the above object, the invention provides technical scheme as follows:
According to a first aspect of the invention, proposed a kind of method of controlling broadcast traffic on the virtual bridged link in edge, be applied to the virtual machine management program Hypervisor in the server of the virtual bridged EVB framework in edge, having comprised:
Generation, corresponding to service provider's channel status maintenance packet of virtual switch in described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
By the passage S-channel of service provider corresponding to described virtual switch, to the switch that is connected to described server, send described service provider channel status maintenance packet, so that described switch generates the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
According to a second aspect of the invention, proposed a kind of method of controlling broadcast traffic on the virtual bridged link in edge, be applied to the switch that is connected with the server of the virtual bridged EVB framework in edge, having comprised:
Receive service provider's channel status maintenance packet that described server sends by S-channel, in described service provider channel status maintenance packet, comprise VLAN ID and state configuration sign;
According to described state configuration sign, generate the ACL list item corresponding to described S-channel, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to virtual switch corresponding to described server.
According to a third aspect of the invention we, proposed a kind of device of controlling broadcast traffic on the virtual bridged link in edge, be applied to the virtual machine management program Hypervisor in the server of the virtual bridged EVB framework in edge, having comprised:
Message generation unit, for generating the service provider's channel status maintenance packet corresponding to virtual switch in described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
Packet sending unit, for passing through the passage S-channel of service provider corresponding to virtual switch in described server, to the switch that is connected to described server, send described service provider channel status maintenance packet, so that described switch generates the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
According to a forth aspect of the invention, proposed a kind of device of controlling broadcast traffic on the virtual bridged link in edge, be applied to the switch that is connected with the server of the virtual bridged EVB framework in edge, having comprised:
Message receiving element, the service provider's channel status maintenance packet sending by S-channel for receiving described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
List item generation unit, be used for generating the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to virtual switch corresponding to described server.
From above technical scheme, the present invention is by sending service provider's channel status maintenance packet by server to switch, can realize the control to the broadcast traffic on EVB link, avoid unnecessary broadcast traffic to cause bandwidth waste and fail safe hidden danger, thereby contribute to promote traffic transport efficiency and link security.
Accompanying drawing explanation
Fig. 1 shows according to the schematic flow diagram of the method for broadcast traffic on the control EVB link that is applied to server of an exemplary embodiment of the present invention;
Fig. 2 shows according to the schematic flow diagram of the method for broadcast traffic on the control EVB link that is applied to switch of an exemplary embodiment of the present invention;
Fig. 3 shows the schematic diagram of a typical EVB framework;
Fig. 4 shows VSI interface is found and the schematic flow diagram configuring;
Fig. 5 shows according to the structural representation of service provider's channel status maintenance packet of an exemplary embodiment of the present invention;
Fig. 6 shows the state variation schematic diagram according to the S-channel of an exemplary embodiment of the present invention;
Fig. 7 shows according to the schematic diagram of the VM migration of an exemplary embodiment of the present invention;
Fig. 8 shows according to the schematic diagram of the VM migration of another exemplary embodiment of the present invention;
Fig. 9 shows according to the schematic block diagram of the device of broadcast traffic on the control EVB link that is applied to server of an exemplary embodiment of the present invention;
Figure 10 shows according to the schematic block diagram of the device of broadcast traffic on the control EVB link that is applied to switch of an exemplary embodiment of the present invention.
Embodiment
The present invention is by sending service provider's channel status maintenance packet by server to switch, can realize the control to the broadcast traffic on EVB link, avoid unnecessary broadcast traffic to cause bandwidth waste and fail safe hidden danger, thereby contribute to promote traffic transport efficiency and link security.
For the present invention is further described, provide the following example:
Please refer to Fig. 1, Fig. 1 shows according to the method for broadcast traffic on the control EVB link of an exemplary embodiment of the present invention, is applied to the virtual machine management program Hypervisor in the server of EVB framework, comprising:
Step 102, generates the service provider's channel status maintenance packet corresponding to virtual switch in described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
Step 104, by the S-channel corresponding to described virtual switch (service provider's passage), to the switch that is connected to described server, send described service provider channel status maintenance packet, so that described switch generates the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
In the present embodiment, " restriction " to transmission broadcasting packet is construed as: according to different scenes, control the transmission of S-channel to broadcasting packet, such as avoiding transmitting all types of broadcasting packets, or avoid the broadcasting transmitting of hop type, thereby realize according to the actual requirements the effective control to broadcast traffic.
Correspondingly, Fig. 2 shows according to the method for broadcast traffic on the control EVB link that is applied to switch of an exemplary embodiment of the present invention, comprising:
Step 202, receives service provider's channel status maintenance packet that described server sends by S-channel, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
Step 204, generates the ACL list item corresponding to described S-channel according to described state configuration sign, and this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to virtual switch corresponding to described server.
From above-described embodiment, the present invention, by generating the service provider's channel status maintenance packet corresponding to virtual switch by server, has realized the state-maintenance to S-channel corresponding to this virtual switch.Wherein, switch issues ACL list item according to this service provider's channel status maintenance packet, thereby has realized the effective control to the broadcast traffic on above-mentioned S-channel.
Below by a typical EVB structure, technical scheme of the present invention is described in detail.Please refer to Fig. 3, suppose and in physical server, created VM1~VM6 totally six virtual machines, each virtual machine is by corresponding VSI (Virtual Station Interface, virtual server interface) be connected to virtual switch, such as VM1 is connected to VEB (Virtual Edge Bridge by VSI interface a, virtual edge bridge) 1, by VSI interface b, be connected to VEB2, VM5 is connected to VEPA (Virtual Edge Port Aggregator, virtual edge port polymerizer) etc. by VSI interface i; And each interface is dispensed to corresponding VLAN, such as belonging to VLAN1 (1. Fig. 1 is denoted as), VSI interface b, VSI interface a belongs to that VLAN2 (2. Fig. 1 is denoted as), VSI interface c belong to VLAN3 (3. Fig. 1 is denoted as), VSI interface d belongs to VLAN4 (4. Fig. 1 is denoted as) etc.
The switch of virtual switch and the physics that is connected with physical server carries out traffic transport by the physical link forming between the VLAN of service provider assembly 1 and the VLAN of service provider assembly 2.On the VLAN of service provider assembly 1, dispose port A, port B ... CAP (the S-channel Access Port such as port F, service provider's channel transfer port) port, be connected to respectively virtual switch VEB1~VEB5 and VEPA, and on the VLAN of service provider assembly 2, also dispose corresponding port A ', port B ' ... port F ' etc., each virtual switch is realized the traffic transport between physical server and switch by service provider's passage (being S-channel) corresponding between the VLAN of service provider assembly 1 and the VLAN of service provider assembly 2, such as the flow on VEB1 is by the S-channel transmission between port A and port A ', flow on VEPA passes through the S-channel transmission between port F and port F ' etc.
Based on above-mentioned EVB framework, physical server (being specially the Hypervisor of operation in physical server) can generate the service provider's channel status maintenance packet corresponding to virtual switches such as VEB1~VEB5 or VEPA, and by sending it to the switch being connected, thereby control the upper transmission to broadcast traffic of corresponding S-channel.Wherein, in Fig. 1 and Fig. 2, describing in Liao service provider channel status maintenance packet specifically the transmission that identifies to realize broadcast traffic by VLAN ID and state configuration controls, below in conjunction with a concrete application scenarios, the configuration mode to the VLANID in service provider's channel status maintenance packet and state configuration sign is described.
As an exemplary embodiment, the VEB5 of take in Fig. 3 is example.The VSI interface being connected with VEB5 comprises the interface h of the interface e of VM3 and the interface g of interface f, VM4 and VM5, and wherein interface e, interface g and interface h all belong to VLAN2, and interface f belongs to VLAN4.So, Hypervisor in physical server need to determine in the VLAN (being VLAN2 and VLAN4) under the VSI interface being connected with VEB5, whether have the VLAN that meets following first condition: be connected with virtual switch VEB5 and the VSI interface that belongs to this VLAN has all carried out association process by MAC Address at physical switches place." association process " herein relates between Hypervisor and switch by VDP (VSI discovery and configuration protocol, VSI finds and configuration protocol), realization is to the discovery of VSI interface and layoutprocedure, below by Fig. 4, show specific implementation flow process, comprising:
Step 402, Hypervisor sends the pre-association request message corresponding to certain VSI interface to connected switch, the VSI interface that associated certain attribute of application is X1;
In the present embodiment, specifically can comprise the information such as VLAN ID, MAC Address, VTID (VSI Type ID, VSI type identification) in attribute X1, VTID specifically comprises as contents such as the vlan list of: port license, port speed restrictions.Wherein, in attribute X1, might not comprise the attribute information of above-mentioned all types, such as may not comprising MAC Address.
Step 404, switch is searched local pre-configured VSI types of database, and by pre-association response message, informs that attribute X1 can use.
It should be noted that, " pre-association " of step 402 and step 404 do not activate corresponding VSI interface, and just triggers the attribute that switch obtains corresponding VSI interface.
Step 406, Hypervisor sends associated request message to switch, to activate by step 402 and step 404, completes the VSI interface that pre-association is processed;
Step 408, switch returns to associated response message to Hypervisor, thereby formally by corresponding VSI interface conjunctionn attribute X1, completes the association process to this VSI interface.
| VSI interface | Relating attribute information | VLAN?ID |
| e | VLAN+MAC | 2 |
| f | VLAN | 4 |
| g | VLAN+MAC | 2 |
| h | VLAN+MAC | 2 |
Table 1
Suppose that each VSI interface that VEB5 is corresponding is as shown in table 1 in the associated situation at switch place, be the VSI interface e under VLAN2, g and h have all carried out association process by MAC Address at switch place, thereby when the S-channel E-E ' corresponding to VEB5 receives unknown unicast message, the VSI interface e that the destination address of this message and E-E ' record, f, the address of g and h is all not identical, so due to interface e, g and h have all carried out association process by MAC Address, the destination address of this unknown unicast message obviously and interface e, g and h are all not identical, thereby do not need to be sent to the interface e under VLAN2, g and h, need under VLAN2, to this unknown unicast message, not broadcast, corresponding, because the VSI interface f under VLAN4 has only carried out association process by VLAN at switch place, thereby cannot determine that unknown unicast message that S-channel E-E ' receives, whether corresponding to interface f, still need to broadcast under VLAN4.
Visible, at VEB5 accordingly in the VLAN under VSI interface, because the VSI interface under VLAN2 has all carried out association process by MAC Address at switch place, meet above-mentioned first condition, thereby Hypervisor is the service provider's channel status maintenance packet generating corresponding to VEB5, the state configuration sign that the VLAN ID that this service provider's channel status maintenance packet comprises VLAN2 and this VLAN ID are corresponding.
Such as Fig. 5 shows the structure of service provider's channel status maintenance packet of an exemplary embodiment, this message can pass through LLDP (Link Layer Discovery Protocol, Link Layer Discovery Protocol) message sends, comprise the message segments such as TLV type (TLV type), TLV information string length (TLV information character string length), OUI (Organizationally unique identifier, organization unique identifier), Subtype (subtype) and VLAN ID/Status (VLAN sign/state configuration sign).Wherein, TLV type can value 127, TLV information string length can value be that 9, OUI can value 00-80-C2, and Subtype can value 0x0F.
In the above-described embodiments, because all VSI interfaces under VLAN2 corresponding to VEB5 have all completed association process by MAC Address at switch place, thereby need S-channel E-E ' the unknown unicast message receiving not to be broadcasted under VLAN2, by " VLAN ID/Status " message segment, realize corresponding S-channel state configuration.
| State | Value |
| Forwarding | 0 |
| Broadcast?forbidden | 1 |
| Unkown-unicast?forbidden | 2 |
| Idle | 3 |
Table 2
Fig. 6 shows the state variation of the S-channel of an exemplary embodiment, comprises " Forwarding (transmission) ", " Broadcast forbidden (forbid broadcast) ", " Unkown-unicast forbidden (forbidding broadcasting unknown unicast) " and " Idle (free time) " totally four kinds of states.Every kind of state is corresponding to the different values of " Status ", specifically as shown in table 2, when Status value is 0, corresponding to " Forwarding " state, shows to allow all messages of transmission; When Status value is 1, corresponding to " Broadcast forbidden " state, show to forbid transmitting all broadcasting packets; When Status value is 2, corresponding to " Unkown-unicast forbidden " state, show to forbid transmitting unknown unicast message; When Status value is 3, corresponding to " Idle " state, show in idle condition, do not carry out transmission operation.
Therefore, for all VSI interfaces under VLAN2 corresponding to above-mentioned VEB5, all by MAC Address, at switch place, completed the situation of association process, need to be " Unkown-unicast forbidden " by the state configuration that is connected to the S-channel E-E ' of VEB5, while making S-channel E-E ' receive unknown unicast message, under VLAN2, do not broadcast.Particularly, in service provider's channel status configuration message, need " VLAN ID/Status " to be set to " 2/2 ", switch is when receiving this service provider channel status configuration message, according to VLAN ID/Status=2/2, to S-channel E-E ', issue corresponding ACL (Access Control List, Access Control List (ACL)) list item, this ACL list item is used for limiting S-channel E-E ' and to the VLAN2 of VEB5, transmits corresponding broadcasting packet according to the unknown unicast message receiving, thereby avoid bandwidth waste, and help avoid the fail safe hidden danger that unknown message causes.
Simultaneously, as shown in Table 1: the VSI interface f that belongs to VLAN4 under VEB5 has only carried out association process by VLAN ID at switch place, and by MAC Address, do not carry out association process, Hypervisor arranges corresponding " VLAN ID/Status " message segment for " 4/0 " in corresponding service provider channel status configuration message, allows S-channel E-E ' to send all broadcasting packets to the VLAN4 under VEB5.
Wherein, when Hypervisor sends the service provider channel status configuration message corresponding to VEB5 to switch, can generate respectively the service provider's channel status configuration message corresponding to VLAN2 and VLAN4, to place respectively " VLAN ID/Status " message segment corresponding to VLAN2 and VLAN4; Or, also can only generate Yi Tiao service provider channel status configuration message, and " VLAN ID/Status " message segment that corresponds respectively to VLAN2 and VLAN4 is set in turn in this message.
Technical scheme of the present invention can also be applied to, under more scene, below by another exemplary embodiment, technical scheme of the present invention is described in detail.Please refer to Fig. 7 and Fig. 8, suppose that server 1 and server 2 are all connected to switch, wherein server 1 comprises virtual switch VEPA1, this VEPA1 is connected to VSI interface 1 and the VSI interface 2 on virtual machine VM1, and server 2 comprises virtual switch VEPA2, this VEPA2 is connected to VSI interface 5 and the VSI interface 6 on VSI interface 3 on VM2 and VSI interface 4, VM3.
Suppose and the VM1 on server 1 need to be migrated to server 2, as the VM1 ' in server 2, server 2 need to carry out association process to switch place by the VSI interface on VM1 ' 1 ' and VSI interface 2 '.Particularly, by flow process as shown in Figure 4, first by step 402 and step 404, to switch, carry out pre-association processing, server 2 and switch are VSI interface 1 ' and the reserved corresponding resource of VSI interface 2 ' on this VM1 ', but because VSI interface 1 ' and VSI interface 2 ' are not activated (not yet carrying out association process at switch place), obviously do not need to receive any broadcasting packet.Therefore, based on technical scheme of the present invention, the Hypervisor of server 2 obtains all VSI interfaces of being connected with VEPA2 at the association status at switch place, and in the VLAN under these VSI interfaces, judge whether to exist the VLAN meet following second condition: be connected with VEPA2 and the VSI interface that belongs to this VLAN has all been carried out pre-association processing and do not carried out association process at switch place.
As an illustrative embodiments, please refer to Fig. 7, suppose that VSI interface 1 and the VSI interface 2 on server 1 all belongs to VLAN3, VSI interface 1 ' and VSI interface 2 ' in the VM1 ' while migrating to server 2 also belong to VLAN3.Therefore under all VSI interfaces that, now VEPA2 is connected, VLAN and association process state are as shown in table 3.
| VSI interface | VLAN?ID | Association process state |
| 3 | 1 | Association process |
| 4 | 2 | Association process |
| 5 | 2 | Association process |
| 6 | 1 | Association process |
| 1’ | 3 | Pre-association is processed |
| 2’ | 3 | Pre-association is processed |
Table 3
As shown in Table 3, the interpolation of VSI interface 1 ' and VSI interface 2 ' does not cause upper VLAN1 and the VLAN2 originally of VEPA2 to change, and suppose that VSI interface 3~6 has all completed association process herein, VLAN3 meets above-mentioned second condition, and all VSI interfaces under VLAN3 all meet and at switch place, carried out pre-association and process and do not carry out association process.Now, the Hypervisor of server 2 need to send the service provider's channel status configuration message corresponding to VEPA2 to switch, and " VLAN ID/Status " value in this message is " 3/1 ", so that switch generates corresponding ACL list item, this ACL list item is connected to the S-channel of VEPA2 to the VLAN3 transmission broadcasting packet of VEPA2 for limiting, thereby helps avoid bandwidth waste.
As another illustrative embodiments, please refer to Fig. 8, suppose that VSI interface 1 and the VSI interface 2 on server 1 all belongs to VLAN2, VSI interface 1 ' and VSI interface 2 ' in the VM1 ' while migrating to server 2 also belong to VLAN2.Therefore under all VSI interfaces that, now VEPA2 is connected, VLAN and association process state are as shown in table 4.
| VSI interface | VLAN?ID | Association process state |
| 3 | 1 | Association process |
| 4 | 2 | Association process |
| 5 | 2 | Association process |
| 6 | 1 | Association process |
| 1’ | 2 | Pre-association is processed |
| 2’ | 2 | Pre-association is processed |
Table 4
As shown in Table 4, the interpolation of VSI interface 1 ' and VSI interface 2 ' causes the upper VLAN2 originally of VEPA2 to change, and the VSI interface under VLAN2 has increased VSI interface 1 ' and VSI interface 2 '.Therefore, VLAN1 and the VLAN2 under VEPA2 all do not meet above-mentioned second condition herein.
Meanwhile, herein can be in conjunction with the first condition in above-described embodiment, whether each VSI interface under the VLAN2 that judgement changes has all carried out association process by MAC Address at switch place.Such as table 5 shows an illustrative embodiments: VSI interface 4 and VSI interface 5 have all carried out association process by MAC Address at switch place, and VSI interface 1 ' and VSI interface 2 ' have also carried out association process at switch place by MAC Address, VLAN2 meets above-mentioned first condition, can be in the service provider's channel status configuration message corresponding to VEPA2, for " VLAN ID/Status " the message segment value " 2/2 " corresponding to VLAN2, make switch by issuing corresponding ACL list item, limit corresponding S-channel according to the unknown unicast message receiving and send broadcasting packet to the VLAN2 of VEPA2.Such as table 6 shows another illustrative embodiments: VSI interface 4 and VSI interface 5 have all carried out association process by MAC Address at switch place, be that VLAN2 meets first condition when originally only comprising VSI interface 4 and VSI interface 5, corresponding " VLAN ID/Status " message segment value is " 2/2 "; And VSI interface 1 ' and VSI interface 2 ' do not carry out association process at switch place by MAC Address, VLAN2 is changed to and does not meet above-mentioned first condition, corresponding " VLAN ID/Status " message segment value is " 2/0 ", allows all types of messages of transmission.
| VSI interface | Relating attribute information | VLAN?ID |
| 4 | VLAN+MAC | 2 |
| 5 | VLAN+MAC | 2 |
| 1’ | VLAN+MAC | 2 |
| 2’ | VLAN+MAC | 2 |
Table 5
| VSI interface | Relating attribute information | VLAN?ID |
| 4 | VLAN+MAC | 2 |
| 5 | VLAN+MAC | 2 |
| 1’ | VLAN | 2 |
| 2’ | VLAN | 2 |
Table 6
In above-mentioned arbitrary embodiment, the Hypervisor on server can send the service provider's channel status configuration message corresponding to virtual switch to switch at any time.Enumerate two kinds of feasible messages below and send opportunity:
As an exemplary embodiment, Hypervisor is by CDCP (S-Channel Discovery and Configuration Protocol, S passage is found and configuration protocol) configuration information of message and switch negotiation S-channel, when completing the establishment of corresponding S-channel according to negotiation result, the corresponding service provider's channel status maintenance packet of virtual switch that the S-channel that can generate and create connects, and to described switch, send this service provider's channel status maintenance packet by the described S-channel having created.
As another exemplary embodiment, when in virtual machine VM generation corresponding to virtual switch, down status changes, can there is corresponding variation in the VSI interface that VLAN under this virtual switch is corresponding, such as causing under certain VLAN, because certain only carries out the release of the VSI interface of association process by VLAN, make remaining VSI interface under this VLAN all by MAC Address, at switch place, carry out association process, thereby will there is corresponding variation in corresponding " VLAN ID/Status " message segment; Or such as under certain VLAN, originally all VSI interfaces have all been carried out association process by MAC Address at switch place, but because certain is only undertaken by VLAN the adding of VSI interface of association process, make this VLAN not meet all VSI interfaces and all by MAC Address, at switch place, carried out association process, thereby corresponding variation will be there is in corresponding " VLAN ID/Status " message segment.Therefore,, when the upper down status variation of the VM that is connected being detected, can generate the service provider's channel status maintenance packet corresponding to described virtual switch, and send the service provider's channel status maintenance packet corresponding to described virtual switch to described switch.
Corresponding to the method for broadcast traffic on above-mentioned control EVB link, the invention allows for the device of broadcast traffic on a kind of EVB of control link.
Please refer to Fig. 9, show according to the device of broadcast traffic on the control EVB link of an exemplary embodiment of the present invention, be applied to the virtual machine management program Hypervisor in the server of EVB framework, comprising:
Message generation unit, for generating the service provider's channel status maintenance packet corresponding to virtual switch in described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
Packet sending unit, for passing through the passage S-channel of service provider corresponding to virtual switch in described server, to the switch that is connected to described server, send described service provider channel status maintenance packet, so that described switch generates the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
Optionally, described message generation unit specifically for:
In VLAN under the VSI interface being connected with described virtual switch, if exist, meet the VLAN of following first condition: be connected with described virtual switch and the VSI interface that belongs to this VLAN has all carried out association process by MAC Address at described switch place, generate the service provider's channel status maintenance packet corresponding to described virtual switch, described service provider channel status maintenance packet comprises VLAN ID and state configuration sign corresponding to this VLAN ID that meets described first condition VLAN;
Wherein, described state configuration is designated the first value, so that described switch generates corresponding ACL list item, this ACL list item transmits corresponding broadcasting packet for the VLAN that limits described S-channel and meet described first condition according to the unknown unicast message receiving to described virtual switch.
Optionally, also comprise:
State acquiring unit, for obtaining the VSI interface that is connected with described virtual switch at the association status at described switch place;
Wherein, described message generation unit specifically for: in the VLAN under the VSI interface being connected with described virtual switch, if exist, meet the VLAN of following second condition: be connected with described virtual switch and the VSI interface that belongs to this VLAN has all been carried out pre-association processing and do not carried out association process at described switch place, generate and send the service provider's channel status maintenance packet corresponding to described virtual switch, described service provider channel status maintenance packet comprises VLAN ID and state configuration sign corresponding to this VLAN ID that meets described second condition VLAN;
Wherein, described state configuration is designated the second value, so that described switch generates corresponding ACL list item, this ACL list item meets the VLAN transmission broadcasting packet of described second condition for limiting described S-channel to described virtual switch.
Optionally, also comprise:
Information reconciliation unit, for passing through, S passage is found and the configuration information of configuration protocol CDCP message and described switch negotiation S-channel;
Wherein, when S-channel has created, described message generation unit generates the corresponding service provider's channel status maintenance packet of virtual switch connecting with the S-channel having created, and by the described S-channel having created, to described switch, sends this service provider's channel status maintenance packet by described packet sending unit.
Optionally, also comprise:
Change detecting unit, for detection of virtual machine VM corresponding to described virtual switch, whether upper down status occurs and change;
Wherein, when in virtual machine VM generation corresponding to described virtual switch, down status changes, described message generation unit generates the service provider's channel status maintenance packet corresponding to described virtual switch, and to described switch, sends the service provider's channel status maintenance packet corresponding to described virtual switch by described packet sending unit.
Please refer to Figure 10, show according to the device of broadcast traffic on the control EVB link of an exemplary embodiment of the present invention, be applied to the switch that is connected with the server of EVB framework, comprising:
Message receiving element, the service provider's channel status maintenance packet sending by S-channel for receiving described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
List item generation unit, be used for generating the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to virtual switch corresponding to described server.
Optionally, described list item generation unit specifically for:
Obtain the value of described state configuration sign;
When described state configuration is designated the first value, generate an ACL list item, an ACL list item transmits broadcasting packet corresponding to described VLAN ID according to the unknown unicast message receiving to described virtual switch for limiting described S-channel;
When described state configuration is designated the second value, generate the 2nd ACL list item, the 2nd ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
Therefore, the present invention is by sending service provider's channel status maintenance packet by server to switch, can realize the control to the broadcast traffic on EVB link, avoid unnecessary broadcast traffic to cause bandwidth waste and fail safe hidden danger, thereby contribute to promote traffic transport efficiency and link security.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (14)
1. a method of controlling broadcast traffic on the virtual bridged link in edge, is characterized in that, is applied to the virtual machine management program Hypervisor in the server of the virtual bridged EVB framework in edge, comprising:
Generation, corresponding to service provider's channel status maintenance packet of virtual switch in described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
By the passage S-channel of service provider corresponding to described virtual switch, to the switch that is connected to described server, send described service provider channel status maintenance packet, so that described switch generates the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
2. method according to claim 1, is characterized in that, generates the service provider's channel status maintenance packet corresponding to virtual switch in described server, specifically comprises:
In VLAN under the VSI interface being connected with described virtual switch, if exist, meet the VLAN of following first condition: be connected with described virtual switch and the VSI interface that belongs to this VLAN has all carried out association process by MAC Address at described switch place, generate the service provider's channel status maintenance packet corresponding to described virtual switch, described service provider channel status maintenance packet comprises VLAN ID and state configuration sign corresponding to this VLAN ID that meets described first condition VLAN;
Wherein, described state configuration is designated the first value, so that described switch generates corresponding ACL list item, this ACL list item transmits corresponding broadcasting packet for the VLAN that limits described S-channel and meet described first condition according to the unknown unicast message receiving to described virtual switch.
3. method according to claim 1, is characterized in that, generates the service provider's channel status maintenance packet corresponding to virtual switch in described server, specifically comprises:
Obtain the VSI interface that is connected with described virtual switch at the association status at described switch place;
In VLAN under the VSI interface being connected with described virtual switch, if exist, meet the VLAN of following second condition: be connected with described virtual switch and the VSI interface that belongs to this VLAN has all been carried out pre-association processing and do not carried out association process at described switch place, generate the service provider's channel status maintenance packet corresponding to described virtual switch, described service provider channel status maintenance packet comprises VLAN ID and state configuration sign corresponding to this VLAN ID that meets described second condition VLAN;
Wherein, described state configuration is designated the second value, so that described switch generates corresponding ACL list item, this ACL list item meets the VLAN transmission broadcasting packet of described second condition for limiting described S-channel to described virtual switch.
4. method according to claim 1, is characterized in that, also comprises:
By the configuration information of the discovery of S passage and configuration protocol CDCP message and described switch negotiation S-channel;
When S-channel has created, generate the corresponding service provider's channel status maintenance packet of virtual switch connecting with the S-channel having created, and to described switch, send this service provider's channel status maintenance packet by the described S-channel having created.
5. method according to claim 1, is characterized in that, also comprises:
When in virtual machine VM generation corresponding to described virtual switch, down status changes, generation is corresponding to service provider's channel status maintenance packet of described virtual switch, and sends the service provider's channel status maintenance packet corresponding to described virtual switch to described switch.
6. a method of controlling broadcast traffic on the virtual bridged link in edge, is characterized in that, is applied to the switch that is connected with the server of the virtual bridged EVB framework in edge, comprising:
Receive service provider's channel status maintenance packet that described server sends by S-channel, in described service provider channel status maintenance packet, comprise VLAN ID and state configuration sign;
According to described state configuration sign, generate the ACL list item corresponding to described S-channel, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to virtual switch corresponding to described server.
7. method according to claim 6, is characterized in that, according to described state configuration sign, generates the ACL list item corresponding to described S-channel, specifically comprises:
Obtain the value of described state configuration sign;
When described state configuration is designated the first value, generate an ACL list item, an ACL list item transmits broadcasting packet corresponding to described VLAN ID according to the unknown unicast message receiving to described virtual switch for limiting described S-channel;
When described state configuration is designated the second value, generate the 2nd ACL list item, the 2nd ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
8. a device of controlling broadcast traffic on the virtual bridged link in edge, is characterized in that, is applied to the virtual machine management program Hypervisor in the server of the virtual bridged EVB framework in edge, comprising:
Message generation unit, for generating the service provider's channel status maintenance packet corresponding to virtual switch in described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
Packet sending unit, for passing through the passage S-channel of service provider corresponding to virtual switch in described server, to the switch that is connected to described server, send described service provider channel status maintenance packet, so that described switch generates the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
9. device according to claim 8, is characterized in that, described message generation unit specifically for:
In VLAN under the VSI interface being connected with described virtual switch, if exist, meet the VLAN of following first condition: be connected with described virtual switch and the VSI interface that belongs to this VLAN has all carried out association process by MAC Address at described switch place, generate the service provider's channel status maintenance packet corresponding to described virtual switch, described service provider channel status maintenance packet comprises VLAN ID and state configuration sign corresponding to this VLAN ID that meets described first condition VLAN;
Wherein, described state configuration is designated the first value, so that described switch generates corresponding ACL list item, this ACL list item transmits corresponding broadcasting packet for the VLAN that limits described S-channel and meet described first condition according to the unknown unicast message receiving to described virtual switch.
10. device according to claim 8, is characterized in that, also comprises:
State acquiring unit, for obtaining the VSI interface that is connected with described virtual switch at the association status at described switch place;
Wherein, described message generation unit specifically for: in the VLAN under the VSI interface being connected with described virtual switch, if exist, meet the VLAN of following second condition: be connected with described virtual switch and the VSI interface that belongs to this VLAN has all been carried out pre-association processing and do not carried out association process at described switch place, generate and send the service provider's channel status maintenance packet corresponding to described virtual switch, described service provider channel status maintenance packet comprises VLAN ID and state configuration sign corresponding to this VLAN ID that meets described second condition VLAN;
Wherein, described state configuration is designated the second value, so that described switch generates corresponding ACL list item, this ACL list item meets the VLAN transmission broadcasting packet of described second condition for limiting described S-channel to described virtual switch.
11. devices according to claim 8, is characterized in that, also comprise:
Information reconciliation unit, for passing through, S passage is found and the configuration information of configuration protocol CDCP message and described switch negotiation S-channel;
Wherein, when S-channel has created, described message generation unit generates the corresponding service provider's channel status maintenance packet of virtual switch connecting with the S-channel having created, and by the described S-channel having created, to described switch, sends this service provider's channel status maintenance packet by described packet sending unit.
12. devices according to claim 8, is characterized in that, also comprise:
Change detecting unit, for detection of virtual machine VM corresponding to described virtual switch, whether upper down status occurs and change;
Wherein, when in virtual machine VM generation corresponding to described virtual switch, down status changes, described message generation unit generates the service provider's channel status maintenance packet corresponding to described virtual switch, and to described switch, sends the service provider's channel status maintenance packet corresponding to described virtual switch by described packet sending unit.
13. 1 kinds of devices of controlling broadcast traffic on the virtual bridged link in edge, is characterized in that, are applied to the switch that is connected with the server of the virtual bridged EVB framework in edge, comprising:
Message receiving element, the service provider's channel status maintenance packet sending by S-channel for receiving described server, comprises VLAN ID and state configuration sign in described service provider channel status maintenance packet;
List item generation unit, be used for generating the ACL list item corresponding to described S-channel according to described state configuration sign, this ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to virtual switch corresponding to described server.
14. devices according to claim 13, is characterized in that, described list item generation unit specifically for:
Obtain the value of described state configuration sign;
When described state configuration is designated the first value, generate an ACL list item, an ACL list item transmits broadcasting packet corresponding to described VLAN ID according to the unknown unicast message receiving to described virtual switch for limiting described S-channel;
When described state configuration is designated the second value, generate the 2nd ACL list item, the 2nd ACL list item transmits the broadcasting packet corresponding to described VLAN ID for limiting described S-channel to described virtual switch.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410411861.9A CN104184686B (en) | 2014-08-20 | 2014-08-20 | The method and apparatus for controlling broadcast traffic on the virtual bridged link in edge |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410411861.9A CN104184686B (en) | 2014-08-20 | 2014-08-20 | The method and apparatus for controlling broadcast traffic on the virtual bridged link in edge |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104184686A true CN104184686A (en) | 2014-12-03 |
| CN104184686B CN104184686B (en) | 2017-10-17 |
Family
ID=51965442
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410411861.9A Active CN104184686B (en) | 2014-08-20 | 2014-08-20 | The method and apparatus for controlling broadcast traffic on the virtual bridged link in edge |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104184686B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105915565A (en) * | 2016-06-30 | 2016-08-31 | 浙江宇视科技有限公司 | Authentication method, device and system |
| CN106330585A (en) * | 2015-06-29 | 2017-01-11 | 中兴通讯股份有限公司 | Flow monitoring method, device and system |
| CN107659899A (en) * | 2016-07-26 | 2018-02-02 | 华为技术有限公司 | A kind of multicast service handling method and access point |
| CN109743267A (en) * | 2019-02-28 | 2019-05-10 | 苏州浪潮智能科技有限公司 | A kind of server external communication method, apparatus and relevant device |
| CN110830371A (en) * | 2019-11-13 | 2020-02-21 | 迈普通信技术股份有限公司 | Message redirection method and device, electronic equipment and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567839A (en) * | 2003-06-24 | 2005-01-19 | 华为技术有限公司 | Port based network access control method |
| CN101106516A (en) * | 2006-07-14 | 2008-01-16 | 华为技术有限公司 | A crossed node and method for avoiding elastic packet crossed loop broadcast store |
| CN101600157A (en) * | 2009-05-22 | 2009-12-09 | 深圳华为通信技术有限公司 | The cut-in method of sub-district and device, terminal |
| US20100014526A1 (en) * | 2008-07-18 | 2010-01-21 | Emulex Design & Manufacturing Corporation | Hardware Switch for Hypervisors and Blade Servers |
-
2014
- 2014-08-20 CN CN201410411861.9A patent/CN104184686B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567839A (en) * | 2003-06-24 | 2005-01-19 | 华为技术有限公司 | Port based network access control method |
| CN101106516A (en) * | 2006-07-14 | 2008-01-16 | 华为技术有限公司 | A crossed node and method for avoiding elastic packet crossed loop broadcast store |
| US20100014526A1 (en) * | 2008-07-18 | 2010-01-21 | Emulex Design & Manufacturing Corporation | Hardware Switch for Hypervisors and Blade Servers |
| CN101600157A (en) * | 2009-05-22 | 2009-12-09 | 深圳华为通信技术有限公司 | The cut-in method of sub-district and device, terminal |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330585A (en) * | 2015-06-29 | 2017-01-11 | 中兴通讯股份有限公司 | Flow monitoring method, device and system |
| CN105915565A (en) * | 2016-06-30 | 2016-08-31 | 浙江宇视科技有限公司 | Authentication method, device and system |
| CN107659899A (en) * | 2016-07-26 | 2018-02-02 | 华为技术有限公司 | A kind of multicast service handling method and access point |
| CN107659899B (en) * | 2016-07-26 | 2020-12-08 | 华为技术有限公司 | Multicast service processing method and access point |
| CN109743267A (en) * | 2019-02-28 | 2019-05-10 | 苏州浪潮智能科技有限公司 | A kind of server external communication method, apparatus and relevant device |
| CN110830371A (en) * | 2019-11-13 | 2020-02-21 | 迈普通信技术股份有限公司 | Message redirection method and device, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104184686B (en) | 2017-10-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102255903B (en) | Safety isolation method for virtual network and physical network of cloud computing | |
| CN109660443B (en) | SDN-based physical device and virtual network communication method and system | |
| CN102739495B (en) | Network system, machine allocation device and machine allocation method | |
| CN105284080B (en) | The virtual network management method and data center systems of data center | |
| US9311196B2 (en) | Method and apparatus for managing connection path failure between data centers for cloud computing | |
| CN107276783B (en) | Method, device and system for realizing unified management and intercommunication of virtual machines | |
| CN104184686A (en) | Method and device for controlling broadcast traffic on edge virtual bridge link | |
| WO2015117401A1 (en) | Information processing method and device | |
| WO2016107453A1 (en) | Media access control address forwarding table transmission control method, apparatus, and system | |
| CN105530259A (en) | Message filtering method and equipment | |
| CN102739505B (en) | Method and system for controlling virtual channel flow in data center network | |
| WO2017215446A1 (en) | Configuration information notification method, configuration method and corresponding device for interface expansion apparatus | |
| CN104144082A (en) | Method for detecting loop in two-layer network and controller | |
| CN103905309A (en) | Method and system of data exchange between virtual machines | |
| CN104468822B (en) | A kind of media platform framework towards cloud computing | |
| EP3821589B1 (en) | Session management in a forwarding plane | |
| US10397340B2 (en) | Multicast migration | |
| CN109756419B (en) | Routing information distribution method and device and RR | |
| CN103209125B (en) | A kind of transmission method of label information and equipment | |
| CN104734953A (en) | Method and device for achieving message layer-2 isolation based on VLAN and interchanger | |
| US9465703B2 (en) | Edge virtual bridging station with primary and secondary physical network cards | |
| CN102984043A (en) | Forwarding method and forwarding device of multicast data stream | |
| WO2016086544A1 (en) | Network interface configuration method and apparatus for network device and storage medium | |
| CN105264837A (en) | Data packet transmission system, transmission method and device thereof | |
| WO2021147358A1 (en) | Network interface establishing method, apparatus, and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |