CN104883302A

CN104883302A - Method, device and system for forwarding data packet

Info

Publication number: CN104883302A
Application number: CN201510119441.8A
Authority: CN
Inventors: 丁天虹
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2015-03-18
Filing date: 2015-03-18
Publication date: 2015-09-02
Anticipated expiration: 2035-03-18
Also published as: CN104883302B

Abstract

The invention discloses a method for forwarding data packets, which is applied to source communication ports in a physical host. The source communication ports include a virtual communication port on each VM and a physical communication port on a physical network card, each source port maintains a first data forwarding table of the corresponding communication port, and each first data forwarding table is composed of a corresponding relationship between a target communication port identifier and a media access control MAC address associated with the corresponding communication port. The method for forwarding the data packets comprises the steps of: receiving a data packet to be sent, which carries a target MAC address; finding a target communication port identifier corresponding to the target MAC address associated with one communication port from the first data forwarding table of the corresponding communication port; and directly sending the data packet to be sent to a target communication port corresponding to the target communication port identifier when the target communication port identifier corresponding to the target MAC address is found. The method, the device and the system for forwarding the data packets can increase the data packet forwarding efficiency, and reduce the burden on a virtual machine monitor.

Description

Method, Apparatus and system that a kind of packet forwards

Technical field

The present invention relates to technical field of virtualization, be specifically related to method, Apparatus and system that a kind of packet forwards.

Background technology

Intel Virtualization Technology uses widely at present, in existing Intel Virtualization Technology, a physical host can run multiple virtual machine, each virtual machine shares the hardware resource of this physical machine, but must based on same monitor of virtual machine (the Virtual Machine Monitor on this physical host for the IO access of virtual machine each on this physical host, VMM) forward, therefore, if when on this physical host, the quantity of virtual machine is very huge, all packets are all concentrated and are passed through VMM, network data flow must be caused congested, thus influential system performance.

The occupation mode of existing virtual network, all packets all must forward in VMM, by searching transmitting in VMM, find the destination interface that each packet is corresponding, thus packet be forwarded to corresponding receiving equipment by this port or be dealt into the outer net of specifying, simultaneously when port receives a new packet, record is carried out to packet information in capital, thus refreshing is transmitted, destination interface and the MAC Address of specifying are set up corresponding relation, if virtual machine quantity constantly increases, the destination host of each virtual machine access also constantly changes, will inevitably cause transmit huge, need frequent refreshing simultaneously, access is caused to transmit the time lengthening of searching destination interface, cause performance bottleneck.

Prior art transmits the up-downgoing port of all virtual machines of management in VMM by one, when virtual machine quantity increases, the volume shown will inevitably be caused sharply to increase, thus the time is searched in prolongation, and type of service complexity is various, each virtual machine can access destination addresses different in a large number, and the volume therefore shown can increase along with business complexity and increase, and causes hydraulic performance decline.

Summary of the invention

The method that a kind of packet that the embodiment of the present invention provides forwards, can make the packet of virtual machine up-downgoing need not be each through monitor of virtual machine, thus improves the efficiency that packet forwards, and alleviates the burden of monitor of virtual machine.The embodiment of the present invention additionally provides corresponding device and physical host.

A kind of method that first aspect present invention provides packet to forward, described method is applied to the sources traffic port in physical host, described physical host comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, described sources traffic port comprises the virtual communication port on each VM, and the physical communication port on described physical network card, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, described method comprises:

Receive packet to be sent, described packet to be sent carries target MAC (Media Access Control) address;

From the first data retransmission table that described communication port is safeguarded, search the object communication port corresponding with the described target MAC (Media Access Control) address that described communication port associates and identify;

Identify when finding the object communication port corresponding with described target MAC (Media Access Control) address, the object communication port corresponding directly to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port, when described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.

In conjunction with first aspect, in the implementation that the first is possible, described method also comprises:

Delete the corresponding relation that the MAC Address that meets deletion condition in the first data retransmission table that described communication port safeguard identifies with object communication port, to keep the capacity of the first data retransmission table of described communication port maintenance.

In conjunction with first aspect or the first possible implementation of first aspect, in the implementation that the second is possible, described method also comprises:

Identify when not finding the object communication port corresponding with described target MAC (Media Access Control) address, described packet to be sent is sent to described VMM, in the second data retransmission table that described packet to be sent is safeguarded from described VMM by described VMM, determine that the object communication port corresponding with described target MAC (Media Access Control) address identifies, and sending described packet to be sent to object communication port corresponding to described target MAC (Media Access Control) address, described second data retransmission table comprises the corresponding relation that each MAC Address and object communication port identify.

In conjunction with the implementation that first aspect the second is possible, in the implementation that the third is possible, described after the described packet to be sent of described VMM transmission, described method also comprises:

The corresponding relation that the described target MAC (Media Access Control) address receiving described VMM transmission identifies with corresponding object communication port;

Added to by the corresponding relation that described target MAC (Media Access Control) address and corresponding object communication port identify in described first data retransmission table, the corresponding relation that described target MAC (Media Access Control) address and corresponding object communication port identify carries the packet of described target MAC (Media Access Control) address for sending the next one.

In conjunction with the implementation that first aspect the second is possible, in the 4th kind of possible implementation, described method also comprises:

When the object communication port mark that any one MAC Address is corresponding occurs to change, the corresponding relation that identifies of object communication port after receiving any one MAC Address described that described VMM sends and upgrading;

By the corresponding relation that any one MAC Address described and the object communication port after upgrading identify, be updated in described first data retransmission table, any one MAC Address described with upgrade after the corresponding relation that identify of object communication port for send carry described in the packet of any one MAC Address to the destination interface after upgrading.

The device that second aspect present invention provides a kind of packet to forward, described device is the sources traffic port in physical host, described physical host comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, described sources traffic port comprises the virtual communication port on each VM, and the physical communication port on described physical network card, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, described device comprises:

Receiver module, for receiving packet to be sent, described packet to be sent carries target MAC (Media Access Control) address;

Search module, in the first data retransmission table from described communication port maintenance, search the object communication port corresponding with the described target MAC (Media Access Control) address that described communication port associates and identify;

Sending module, for when described in search module searches and identify to the object communication port corresponding with described target MAC (Media Access Control) address, the object communication port corresponding directly to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port, when described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.

In conjunction with second aspect, in the implementation that the first is possible, described device also comprises:

Transmit administration module, for deleting the corresponding relation that the MAC Address that meets deletion condition in the first data retransmission table that described communication port safeguard identifies with object communication port, to keep the capacity of the first data retransmission table of described communication port maintenance.

In conjunction with second aspect or the first possible implementation of second aspect, in the implementation that the second is possible,

Described sending module, also for when described in search module and do not find the object communication port corresponding with described target MAC (Media Access Control) address and identify, described packet to be sent is sent to described VMM, in the second data retransmission table that described packet to be sent is safeguarded from described VMM by described VMM, determine that the object communication port corresponding with described target MAC (Media Access Control) address identifies, and sending described packet to be sent to object communication port corresponding to described target MAC (Media Access Control) address, described second data retransmission table comprises the corresponding relation that each MAC Address and object communication port identify.

In conjunction with the implementation that second aspect the second is possible, in the implementation that the third is possible, described device also comprises: add module,

Described receiver module, the corresponding relation that the described target MAC (Media Access Control) address also sent for receiving described VMM identifies with corresponding object communication port;

Described interpolation module, add in described first data retransmission table for the described target MAC (Media Access Control) address received by described receiver module and the corresponding relation that corresponding object communication port identifies, the corresponding relation that described target MAC (Media Access Control) address and corresponding object communication port identify carries the packet of described target MAC (Media Access Control) address for sending the next one.

In conjunction with the implementation that second aspect the second is possible, in the 4th kind of possible implementation, described device also comprises: update module,

Described receiver module, when also occurring to change for the object communication port mark corresponding when any one MAC Address, the corresponding relation that identifies of object communication port after receiving any one MAC Address described that described VMM sends and upgrading;

Described update module, for any one MAC Address described in described receiver module is received with upgrade after the corresponding relation that identifies of object communication port, be updated in described first data retransmission table, any one MAC Address described with upgrade after the corresponding relation that identify of object communication port for send carry described in the packet of any one MAC Address to the destination interface after upgrading.

Third aspect present invention provides a kind of physical host, comprise multiple virtual machine VM, monitor of virtual machine VMM and physical network card, each VM comprises virtual communication port, described physical network card comprises multiple physical communication port, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms

When any one in each virtual communication port and each physical communication port is as sources traffic port, described sources traffic port is used for:

Identify when finding the object communication port corresponding with described target MAC (Media Access Control) address, the object communication port corresponding to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port, when described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.

The method that the packet that the embodiment of the present invention provides forwards, described method is applied to the sources traffic port in physical host, described physical host comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, described sources traffic port comprises the virtual communication port on each VM, and the physical communication port on described physical network card, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, described method comprises: receive packet to be sent, described packet to be sent carries target MAC (Media Access Control) address, from the first data retransmission table that described communication port is safeguarded, search the object communication port corresponding with the described target MAC (Media Access Control) address that described communication port associates and identify, identify when finding the object communication port corresponding with described target MAC (Media Access Control) address, the object communication port corresponding directly to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port, when described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.All will through VMM with the packet of virtual machine up-downgoing in prior art, determine compared with the destination interface that packet to be sent will mail to from the large table comprising the corresponding relation that each MAC Address identifies with object communication port by VMM, the method that the packet that the embodiment of the present invention provides forwards, a first data retransmission table only associated with this communication port is safeguarded in the virtual communication port of virtual machine and the physical communication port of physical network card, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, thus accelerate the speed determining object communication port, and after determining object communication port, sources traffic port directly by Packet Generation to object communication port, that is packet can walk around VMM, thus alleviate the burden of VMM, improve the efficiency that packet forwards.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 is an embodiment schematic diagram of physical host in the embodiment of the present invention;

Fig. 2 is an embodiment schematic diagram of data center in the embodiment of the present invention;

Fig. 3 is another embodiment schematic diagram of physical host in the embodiment of the present invention;

Fig. 4 is an embodiment schematic diagram of the method that in the embodiment of the present invention, packet forwards;

Fig. 5 is another embodiment schematic diagram of the method that in the embodiment of the present invention, packet forwards;

Fig. 6 is an embodiment schematic diagram of the device of data retransmission in the embodiment of the present invention;

Fig. 7 is another embodiment schematic diagram of the device of data retransmission in the embodiment of the present invention;

Fig. 8 is another embodiment schematic diagram of the device of data retransmission in the embodiment of the present invention;

Fig. 9 is another embodiment schematic diagram of the device of data retransmission in the embodiment of the present invention;

Figure 10 is another embodiment schematic diagram of physical host in the embodiment of the present invention;

Figure 11 is another embodiment schematic diagram of physical host in the embodiment of the present invention;

Figure 12 is another embodiment schematic diagram of physical host in the embodiment of the present invention.

Embodiment

A kind of method that the embodiment of the present invention provides packet to forward, can make the packet of virtual machine up-downgoing need not be each through monitor of virtual machine, thus improves the efficiency that packet forwards, and alleviates the burden of monitor of virtual machine.The embodiment of the present invention additionally provides corresponding device and physical host.Below be described in detail respectively.

The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.

To facilitate understanding of the present embodiment of the invention, first introduce during the embodiment of the present invention describes at this several elements that can introduce, as shown in Figure 1:

Virtual machine (Virtual Machine, VM):

One or the virtual computer of multiple stage can be simulated on a physical host by software virtual machine, and these virtual machines carry out work just as real computer, can installing operating system and application program on virtual machine, virtual machine is addressable network resource also.For the application program run in virtual machine, virtual machine similarly is carry out work in real computer.

Hardware layer:

The hardware platform that virtualized environment runs.Wherein, hardware layer can comprise multiple hardwares, the hardware layer of such as certain computing node can comprise processor (as CPU) and internal memory, the high speed such as network interface card, memory or low speed I/O (I/O can also be comprised, Input/Output) equipment, and there is the miscellaneous equipment of particular procedure function, as input and output memory management unit (IOMMU, Input/Output Memory Management Unit), wherein IOMMU can be used for the conversion of virtual machine physical address and Host physical address.

Monitor of virtual machine (Virtual Machine Monitor, VMM):

As management level, in order to complete management, the distribution of hardware resource; For virtual machine presents virtual hardware platform; Realize scheduling and the isolation of virtual machine.Wherein, virtual hardware platform provides various hardware resource, as provided virtual cpu, internal memory, virtual disk, Microsoft Loopback Adapter etc. to each virtual machine that it runs.It is on its virtual hardware platform prepared that virtual machine then operates in Host, the one or more virtual machine of the upper operation of Host.

Fig. 2 is an embodiment schematic diagram of data center in the embodiment of the present invention.It is cloud computing center that data center also can be understood as.Data center or cloud computing center comprise multiple physical host.

Fig. 3 is an embodiment schematic diagram of physical host in the embodiment of the present invention.Each physical host runs multiple virtual machine, as shown in Figure 3, each physical host runs 100 virtual machine (Virtual Machine, VM), each physical host runs a monitor of virtual machine (Virtual Machine Monitor, VMM), simultaneously, each physical host also comprises physical network card, certain physical network card is a part of hardware resource of hardware layer, and the method that the packet that the embodiment of the present invention provides forwards refers more particularly to physical network card.

Physical network card can comprise multiple physical communication port, each virtual machine comprises a virtual communication port, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, that is, the the first data retransmission table safeguarded in the virtual communication port of virtual machine is made up of the corresponding relation of the mark of MAC Address and object physics communication port, the corresponding relation that first data retransmission table of physical communication port maintenance is identified by the virtual communication port of MAC Address and object virtual machine forms.Certainly, in VMM, also safeguard have the second data retransmission table, described second data retransmission table comprises the corresponding relation that each MAC Address and object communication port identify.Comparatively speaking, the first data retransmission watch can be called fast table (Fast-Forward Table, FFT), and the second data retransmission watch can become slow table (Slow-Forward Table, SFT).

In the embodiment of the present invention, in packet repeating process, for the packet sent from virtual machine, path 2 as shown in Figure 3, if the virtual communication port of virtual machine directly determines the object physics communication port on physical network card from the first data retransmission table that this communication port is safeguarded, then do not need by Packet Generation to VMM, directly by Packet Generation to object physics communication port.If the virtual communication port of virtual machine does not determine physical communication port from the first data retransmission table, then packet walks the path 1 shown in Fig. 3, virtual machine by Packet Generation to VMM, then determined the mark of object physics communication port by the second data retransmission table by VMM, then by VMM by this Packet Generation to this object physics communication port.Conversely, the descending process of process of transmitting also with above-mentioned of the upstream data bag from physical network card to virtual machine is identical, and this place does not do and too much repeats.

About the repeating process of virtual machine up-downgoing packet, Fig. 4 can be consulted and understand, the first data retransmission table involved in Fig. 4 and the second data retransmission table can consult table 1 and table 2 is understood.

Table 1: the first data retransmission table

MAC Address	Object communication port identifies
		MAC0	vnic0/Nic0
MAC3	vnic3/bond0
		MAC50	vnic50/Vlan2.5

Be understandable that, table 1 is that citing is described, and the list item number of concrete table 1 can be determined according to demand.

Table 2 can be consulted for the second data retransmission table to understand.As shown in table 2:

Table 2: the second data retransmission table

MAC Address	Object communication port identifies
		MAC0	Tap0/port0
MAC1	Tap1/port1
		MAC2	Tap2/port2
MAC3	Tap3/port3
		…	…
MACN	TapN/port0
		…	…

Wherein, TapN is the communication port that VMM communicates with VM, correspond to the communication port vnicN of VMN, and port0 to port3 is the communication port that VMM communicates with physical network card, correspond to Nic0, bond0, Vlan2.5 and macvlan2 on physical network card.Wherein, N be greater than 3 positive integer.

As shown in Figure 4, physical host comprises 100 virtual machines, and virtual machine numbering is from VM0 to V99.The MAC Address of each virtual machine is respectively from MAC0 to MAC99.The virtual communication port mark of virtual machine is from vnic0 to vnic99.The virtual communication port of each virtual machine safeguards a first data retransmission table.In the embodiment of the present invention, the first data retransmission table is stored in memory device, and virtual communication port safeguards that the first data retransmission table refers to that virtual communication port is in charge of and uses this first data retransmission table.The communication port that the upper and each virtual machine of VMM communicates identifies respectively from tap0 to tap99.VMM is upper to be identified respectively from port0 to port3 with communication port that is each physical communication port communication.The mark of each physical communication port on physical network card is respectively Nic0, bond0, Vlan2.5 and macvlan2.

In each virtual communication port of port-mark from vnic0 to vnic99, and Nic0, bond0, the physical communication port of Vlan2.5 and macvlan2 safeguards the first data retransmission table of this communication port respectively, the first data retransmission table that each communication port is safeguarded only records the forwarding information relevant to the port, therefore, if the total quantity of the physical communication port of the quantity of virtual machine and physical network card is 104, the maximum list item of so each first data retransmission table is only 1/104 of the second data retransmission table, therefore, table look-up determine object communication port time, search efficiency can be improved.Especially the development of current chip has been switched to the increase of check figure from the lifting of dominant frequency, therefore, check figure increase to 500 even 1000 time, the scene that a large amount of virtual machines creates on a physical host, more can improve packet forward efficiency.

Introduce the repeating process of upstream data bag and downlink data packet below respectively:

After virtual machine VM0 produces packet A, via the virtual communication port vnic0 of virtual machine, virtual communication port vnic0 searches the first data retransmission table of self maintained, the corresponding physics communication port Nic0 of MAC0 that this packet A carries is determined by tabling look-up, therefore, packet A is directly sent to physical communication port Nic0 by virtual communication port vnic0, does not need through VMM, thus alleviate the burden of VMM, improve the efficiency that packet forwards.

Physical communication port macvlan2 receives packet B, physical communication port macvlan2 searches the first data retransmission table of self maintained, the virtual communication port vnic99 of the virtual machine that MAC99 that this packet B carries is corresponding is determined by tabling look-up, therefore, packet B is directly sent to the virtual communication port vnic99 of virtual machine by communication port vnic0, do not need through VMM, thus alleviate the burden of VMM, improve the efficiency that packet forwards.

If communication port vnic0 does not find physical communication port corresponding to MAC0 in the first data retransmission table of self maintained, then packet A is sent to VMM by communication port vnic0, from the second data retransmission table, object communication port corresponding to MAC0 is searched by VMM, find as port0, then packet A is sent to physical communication port Nic0 from communication port port0 by VMM, because not recording the corresponding relation of MAC0 and Nic0 in the first data retransmission table that communication port vnic0 safeguards, therefore VMM is after determining the corresponding relation of MAC0 and Nic0, this corresponding relation can be sent to communication port vnic0, this corresponding relation adds in the first data retransmission table of self maintained by communication port vnic0, when sending packet again to Nic0 next time, just can find this corresponding relation from the first data retransmission table, thus can VMM be got around, packet is directly sent to physical communication port Nic0.

If physical communication port macvlan2 does not find the virtual communication port of virtual machine corresponding to MAC99 in the first data retransmission table of self maintained, then packet B is sent to VMM by physical communication port macvlan2, from the second data retransmission table, object communication port corresponding to MAC99 is searched by VMM, find as tap99, then packet B is sent to the virtual communication port vnic99 of virtual machine by VMM from communication port tap99, because not recording the corresponding relation of MAC99 and vnic99 in the second data retransmission table that physical communication port macvlan2 safeguards, therefore VMM is after determining the corresponding relation of MAC99 and vnic99, this corresponding relation is sent to physical communication port macvlan2, this corresponding relation adds in the first data retransmission table of self maintained by physical communication port macvlan2, when sending packet again to vnic99 next time, just can find this corresponding relation from the first data retransmission table, thus can VMM be got around, packet is directly sent to communication port vnic99.

In order to keep the lightweight of the first data retransmission table, each virtual communication port and each physical communication port regularly can delete the corresponding relation meeting deletion condition in the data retransmission table of self maintained, meet deletion condition can be understood as be within a period of time frequency of utilization lower than preset thresholding, or, sort according to frequency of utilization, M corresponding relation before only retaining, after M, corresponding relation is all deleted.Like this, the first data retransmission table volume can be avoided excessive, affect search efficiency.

Consult Fig. 5, an embodiment of the method that the packet that the embodiment of the present invention provides forwards comprises:

101, the packet that sources traffic port accepts in physical host is to be sent, described packet to be sent carries object MAC address, wherein, described physical host comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, described sources traffic port comprises the virtual communication port on each VM, and the physical communication port on described physical network card, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms.

102, from the first data retransmission table that described communication port is safeguarded, search the object communication port corresponding with the described target MAC (Media Access Control) address that described communication port associates and identify.

103, identify when finding the object communication port corresponding with described target MAC (Media Access Control) address, the object communication port corresponding directly to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port, when described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.

Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 5, in first embodiment of the method that the packet that the embodiment of the present invention provides forwards, described method can also comprise:

Visible, in the embodiment of the present invention, delete the corresponding relation that the MAC Address that meets deletion condition identify with object communication port, the lightweight of the first data retransmission table can be kept, thus the efficiency of raising packet forwarding further.

Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 5 or first embodiment, in second embodiment that the embodiment of the present invention provides, described method can also comprise:

Visible, during the embodiment of the present invention provides, when cannot be found object communication port mark by the first data retransmission table, corresponding object communication port mark can be searched by VMM, thus ensure that each packet can be forwarded.

Alternatively, on the basis of second embodiment of the method forwarded at above-mentioned packet, in the 3rd embodiment that the embodiment of the present invention provides, described to after described VMM sends described packet to be sent, described method can also comprise:

Visible, in the embodiment of the present invention, the communication port of the target MAC (Media Access Control) address that VMM can determine by communication port and object virtual machine identifies or the corresponding relation of mark of object physics communication port adds in the first data retransmission table in time, thus makes the packet of the same hereinafter MAC Address obtain fast-forwarding.

Alternatively, on the basis of second embodiment of the method forwarded at above-mentioned packet, in the 4th embodiment that the embodiment of the present invention provides, described method can also comprise:

Visible, in the embodiment of the present invention, when the object communication port mark that MAC Address is corresponding occurs to change, if VMM is after renewal second data retransmission table, the corresponding relation that MAC Address and the object communication port after upgrading identify can be sent to each communication port, thus the corresponding relation that the object communication port after making the port comprising this MAC Address upgrade MAC Address in the first data retransmission table and upgrade identify, thus ensure the packet of any one MAC Address described in follow-up carrying can be sent to renewal fast after destination interface.

The description that the embodiment that Fig. 5 is corresponding and embodiment thereof can consult Fig. 1 to Fig. 4 part is understood, and this place does not do and too much repeats.

Consult Fig. 6, the device 20 that the packet that the embodiment of the present invention provides forwards, described device 20 is the sources traffic port in physical host, described physical host comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, described sources traffic port comprises the virtual communication port on each VM, and the physical communication port on described physical network card, it is characterized in that, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, described device 20 comprises:

Receiver module 201, for receiving packet to be sent, described packet to be sent carries target MAC (Media Access Control) address;

Search module 202, in the first data retransmission table from described communication port maintenance, search the object communication port corresponding with the described target MAC (Media Access Control) address that described communication port associates and identify;

Sending module 203, for when described in search module 202 and find the object communication port corresponding with described target MAC (Media Access Control) address and identify, the object communication port corresponding directly to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port, when described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.

The device 20 that the packet provided in the embodiment of the present invention forwards, described device 20 is the sources traffic port in physical host, described physical host comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, described sources traffic port comprises the virtual communication port on each VM, and the physical communication port on described physical network card, it is characterized in that, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, described device 20 comprises: receiver module 201 receives packet to be sent, described packet to be sent carries target MAC (Media Access Control) address, search module 202 from the first data retransmission table that described communication port is safeguarded, search the object communication port corresponding with the described target MAC (Media Access Control) address that described communication port associates and identify, sending module 203 when described in search module 202 and find the object communication port corresponding with described target MAC (Media Access Control) address and identify, the object communication port corresponding directly to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port, when described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.All will through VMM with the packet of virtual machine up-downgoing in prior art, determine compared with the destination interface that packet to be sent will mail to from the large table comprising the corresponding relation that each MAC Address identifies with object communication port by VMM, the device that the packet that the embodiment of the present invention provides forwards, a first data retransmission table only associated with this communication port is safeguarded in the virtual communication port of virtual machine and the physical communication port of physical network card, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, thus accelerate the speed determining object communication port, and after determining object communication port, sources traffic port directly by Packet Generation to object communication port, that is packet can walk around VMM, thus alleviate the burden of VMM, improve the efficiency that packet forwards.

Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 6, consult Fig. 7, in first embodiment of the device 20 of the data retransmission that the embodiment of the present invention provides, described device 20 also comprises:

Transmit administration module 204, for deleting the corresponding relation that the MAC Address that meets deletion condition in the first data retransmission table that described communication port safeguard identifies with object communication port, to keep the capacity of the first data retransmission table of described communication port maintenance.

Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 6, consult Fig. 7, in second embodiment of the device 20 of the data retransmission that the embodiment of the present invention provides,

Described sending module 203, also for when described in search module 202 and do not find the object communication port corresponding with described target MAC (Media Access Control) address and identify, described packet to be sent is sent to described VMM, in the second data retransmission table that described packet to be sent is safeguarded from described VMM by described VMM, determine that the object communication port corresponding with described target MAC (Media Access Control) address identifies, and send described packet to be sent to the object communication port that described target MAC (Media Access Control) address is corresponding, described second data retransmission table comprises the corresponding relation that each MAC Address and object communication port identify.

Alternatively, on the basis of second embodiment of the device 20 of data retransmission, consult Fig. 8, in the 3rd embodiment of the device 20 of the data retransmission that the embodiment of the present invention provides, described device 20 also comprises: add module 205,

Described receiver module 201, the corresponding relation that the described target MAC (Media Access Control) address also sent for receiving described VMM identifies with corresponding object communication port;

Described interpolation module 205, add in described first data retransmission table for the described target MAC (Media Access Control) address received by described receiver module 201 and the corresponding relation that corresponding object communication port identifies, the corresponding relation that described target MAC (Media Access Control) address and corresponding object communication port identify carries the packet of described target MAC (Media Access Control) address for sending the next one.

Alternatively, on the basis of second embodiment of the device 20 of data retransmission, consult Fig. 9, in the 4th embodiment of the device 20 of the data retransmission that the embodiment of the present invention provides, described device 20 also comprises: update module 206,

Described receiver module 201, when also occurring to change for the object communication port mark corresponding when any one MAC Address, the corresponding relation that identifies of object communication port after receiving any one MAC Address described that described VMM sends and upgrading;

Described update module 206, for any one MAC Address described in described receiver module is received with upgrade after the corresponding relation that identifies of object communication port, be updated in described first data retransmission table, any one MAC Address described with upgrade after the corresponding relation that identify of object communication port for send carry described in the packet of any one MAC Address to the destination interface after upgrading.

The description that the embodiment that Fig. 6 to Fig. 9 is corresponding and embodiment thereof can consult Fig. 1 to Fig. 5 part is understood, and this place does not do and too much repeats.

In multiple embodiments of the fault-tolerant device of above-mentioned virtual machine, should be understood that, under a kind of implementation, receiver module, sending module can be realized by I/O I/O equipment (such as network interface card), search module, add module, transmit administration module, (in other words, namely cooperatively interacted by the special instruction in processor and the memory that is coupled with described processor realize) that update module can be realized by the program in processor execute store or instruction; Under another kind of implementation, receiver module, sending module, search module, add module, transmit administration module, update module also can realize respectively by proprietary circuit, specific implementation, see prior art, repeats no more here; Under another implementation; receiver module, sending module; search module, add module, transmit administration module, update module also can by field programmable gate array (FPGA; Field-Programmable Gate Array) realize; specific implementation is see prior art; here repeat no more; the present invention includes but be not limited to aforementioned implementation; should be understood that; as long as according to the scheme that thought of the present invention realizes, all fall into the scope that the embodiment of the present invention is protected.

Present embodiments provide a kind of hardware configuration of physical host, shown in Figure 10, a kind of hardware configuration of physical host can comprise:

Transceiving device, software components and hardware device three part;

Transceiving device is the hardware circuit for completing pack receiving and transmitting;

Hardware device also can claim " hardware processing module ", or it is simpler, also can referred to as " hardware ", hardware device mainly comprises the hardware circuit realizing some specific function based on FPGA, ASIC and so on special hardware circuit (also can coordinate other support devices, as memory), its processing speed is compared general processor and is often wanted fast a lot, but function is once customization, be just difficult to change, therefore, to implement and dumb, be commonly used to process some fixing functions.It should be noted that, hardware device in actual applications, also MCU (microprocessor can be comprised, as single-chip microcomputer) or the processor such as CPU, but the major function of these processors has been not the process of large data, and be mainly used in carrying out some controls, under this application scenarios, the system of being arranged in pairs or groups by these devices is hardware device.

Software components (or also simple " software ") mainly comprise general processor (such as CPU) and some supporting devices (as the memory device such as internal memory, hard disk) thereof, treatment tool can be allowed for corresponding processing capacity by programming, when realizing with software, can according to business demand flexible configuration, but often speed is compared hardware device and is wanted slow.After software processes, the data processed can be sent by transceiving device by hardware device, the interface that also can be connected with transceiving device by is to the complete data of transceiving device transmission processing.

In the present embodiment, transceiving device is for carrying out reception and the transmission of packet in above-described embodiment, and software components or hardware device are for determining object physical port that target MAC (Media Access Control) address is corresponding, managing the first data retransmission table etc.

Other functions of hardware device and software components are discussed in the aforementioned embodiment in detail, repeat no more here.

Can be realized by I/O I/O equipment (such as network interface card) below in conjunction with accompanying drawing with regard to receiver module, sending module, search module, add module, transmit administration module, update module can be the technical scheme that can be realized by the program in processor execute store or instruction to do detailed introduction:

Figure 11 is the structural representation of the physical host 4 that the embodiment of the present invention provides.Described physical host 4 comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, each VM comprises virtual communication port, described physical network card comprises multiple physical communication port, be characterised in that, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, described physical host 4 comprises processor 410, memory 450, with I/O I/O equipment 430, described memory runs and has host virtual machine 4501, described standby end main frame runs and has standby virtual machine, memory 450 can comprise read-only memory and random access memory, and provide operational order and data to processor 410.A part for memory 450 can also comprise nonvolatile RAM (NVRAM).

In some embodiments, memory 450 stores following element, executable module or data structure, or their subset, or their superset:

Virtual machine 4501 and monitor of virtual machine 4052: wherein, virtual machine 4501 can simulate one or the virtual computer of multiple stage by software virtual machine on a physical computer, and these virtual machines carry out work just as real computer, can installing operating system and application program on virtual machine, virtual machine is addressable network resource also.For the application program run in virtual machine, virtual machine similarly is carry out work in real computer.In embodiments of the present invention, by calling the operational order (this operational order can store in an operating system) that memory 450 stores,

Described I/O equipment 430 is for receiving packet to be sent, and described packet to be sent carries target MAC (Media Access Control) address;

Described processor 410 for: from the first data retransmission table that described communication port is safeguarded, search the object communication port corresponding with the described target MAC (Media Access Control) address that described communication port associates and identify;

Described I/O equipment 430 is for identifying when finding the object communication port corresponding with described target MAC (Media Access Control) address, the object communication port corresponding directly to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port, when described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.

Visible, all will through VMM with the packet of virtual machine up-downgoing in prior art, determine compared with the destination interface that packet to be sent will mail to from the large table comprising the corresponding relation that each MAC Address identifies with object communication port by VMM, the physical host that the embodiment of the present invention provides, a first data retransmission table only associated with this communication port is safeguarded in the virtual communication port of virtual machine and the physical communication port of physical network card, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, thus accelerate the speed determining object communication port, and after determining object communication port, sources traffic port directly by Packet Generation to object communication port, that is packet can walk around VMM, thus alleviate the burden of VMM, improve the efficiency that packet forwards.

Processor 410 controls the operation of physical host 4, and processor 410 can also be called CPU (Central Processing Unit, CPU).Memory 450 can comprise read-only memory and random access memory, and provides instruction and data to processor 410.A part for memory 450 can also comprise nonvolatile RAM (NVRAM).In concrete application, each assembly of physical host 4 is coupled by bus system 420, and wherein bus system 420 is except comprising data/address bus, can also comprise power bus, control bus and status signal bus in addition etc.But for the purpose of clearly demonstrating, in the drawings various bus is all designated as bus system 420.

The method that the invention described above embodiment discloses can be applied in processor 410, or is realized by processor 410.Processor 410 may be a kind of integrated circuit (IC) chip, has the disposal ability of signal.In implementation procedure, each step of said method can be completed by the instruction of the integrated logic circuit of the hardware in processor 410 or software form.Above-mentioned processor 410 can be general processor, digital signal processor (DSP), application-specific integrated circuit (ASIC) (ASIC), ready-made programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic, discrete hardware components.Can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.The processor etc. of general processor can be microprocessor or this processor also can be any routine.Step in conjunction with the method disclosed in the embodiment of the present invention directly can be presented as that hardware decoding processor is complete, or combines complete by the hardware in decoding processor and software module.Software module can be positioned at random asccess memory, flash memory, read-only memory, in the storage medium of this area maturations such as programmable read only memory or electrically erasable programmable memory, register.This storage medium is positioned at memory 450, and processor 410 reads the information in memory 450, completes the step of said method in conjunction with its hardware.

Alternatively, processor 410 also for: delete the corresponding relation that the MAC Address that meets deletion condition in the first data retransmission table that described communication port safeguard identifies with object communication port, to keep the capacity of the first data retransmission table of described communication port maintenance.

Alternatively, I/O (I/O) equipment 430 ought not find the object communication port corresponding with described target MAC (Media Access Control) address and identifies, described packet to be sent is sent to described VMM, in the second data retransmission table that described packet to be sent is safeguarded from described VMM by described VMM, determine that the object communication port corresponding with described target MAC (Media Access Control) address identifies, and send described packet to be sent to the object communication port that described target MAC (Media Access Control) address is corresponding, described second data retransmission table comprises the corresponding relation that each MAC Address and object communication port identify.

Alternatively, the corresponding relation that the described target MAC (Media Access Control) address that I/O (I/O) equipment 430 also sends for receiving described VMM identifies with corresponding object communication port;

The corresponding relation of processor 410 also for described target MAC (Media Access Control) address and corresponding object communication port being identified adds in described first data retransmission table, and the corresponding relation that described target MAC (Media Access Control) address and corresponding object communication port identify carries the packet of described target MAC (Media Access Control) address for sending the next one.

Alternatively, when I/O (I/O) equipment 430 also occurs to change for the object communication port mark corresponding when any one MAC Address, the corresponding relation that identifies of object communication port after receiving any one MAC Address described that described VMM sends and upgrading;

The corresponding relation of processor 410 also for any one MAC Address described and the object communication port after upgrading are identified, be updated in described first data retransmission table, any one MAC Address described with upgrade after the corresponding relation that identify of object communication port for send carry described in the packet of any one MAC Address to the destination interface after upgrading.

Consult Figure 12, the physical host that the embodiment of the present invention provides, comprise multiple virtual machine VM, monitor of virtual machine VMM and physical network card, each VM comprises virtual communication port, described physical network card comprises multiple physical communication port, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms

All will through VMM with the packet of virtual machine up-downgoing in prior art, determine compared with the destination interface that packet to be sent will mail to from the large table comprising the corresponding relation that each MAC Address identifies with object communication port by VMM, the physical host that the embodiment of the present invention provides, a first data retransmission table only associated with this communication port is safeguarded in the virtual communication port of virtual machine and the physical communication port of physical network card, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, thus accelerate the speed determining object communication port, and after determining object communication port, sources traffic port directly by Packet Generation to object communication port, that is packet can walk around VMM, thus alleviate the burden of VMM, improve the efficiency that packet forwards.

One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is that the hardware (such as processor) that can carry out instruction relevant by program has come, this program can be stored in a computer-readable recording medium, and storage medium can comprise: ROM, RAM, disk or CD etc.

Method, device and system that the packet provided the embodiment of the present invention above forwards are described in detail, apply specific case herein to set forth principle of the present invention and execution mode, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims

1. the method for a packet forwarding, described method is applied to the sources traffic port in physical host, described physical host comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, described sources traffic port comprises the virtual communication port on each VM, and the physical communication port on described physical network card, it is characterized in that, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, described method comprises:

Identify when finding the object communication port corresponding with described target MAC (Media Access Control) address, the object communication port corresponding directly to described object communication port mark sends described packet to be sent, wherein, when described sources traffic port is the virtual communication port of virtual machine, physical communication port for the purpose of described object communication port; When described sources traffic port is physical communication port, the virtual communication port of virtual machine for the purpose of described object communication port.

2. method according to claim 1, is characterized in that, described method also comprises:

3. method according to claim 1 and 2, is characterized in that, described method also comprises:

4. method according to claim 3, is characterized in that, described after the described packet to be sent of described VMM transmission, described method also comprises:

5. method according to claim 3, is characterized in that, described method also comprises:

6. the device of a packet forwarding, described device is the sources traffic port in physical host, described physical host comprises multiple virtual machine VM, monitor of virtual machine VMM and physical network card, described sources traffic port comprises the virtual communication port on each VM, and the physical communication port on described physical network card, it is characterized in that, the the first data retransmission table having this communication port is safeguarded in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms, described device comprises:

7. device according to claim 6, is characterized in that, described device also comprises:

8. the device according to claim 6 or 7, is characterized in that,

9. device according to claim 8, is characterized in that, described device also comprises: add module,

10. device according to claim 8, is characterized in that, described device also comprises: update module,

11. 1 kinds of physical hosts, comprise multiple virtual machine VM, monitor of virtual machine VMM and physical network card, each VM comprises virtual communication port, described physical network card comprises multiple physical communication port, it is characterized in that, safeguard the first data retransmission table having this communication port in each virtual communication port and each physical communication port, the corresponding relation that described first data retransmission table is identified by the MAC address associated with described communication port and object communication port forms